Skip to content

Commit fd96489

Browse files
joelonsqljoelonsql
committed
Implement decoding of CBOR major_type_value=2 additional_type_value=25
This use case came up when testing a long email as username, which made the authData exceed 256 bytes. Also add a webauthn.raise_error() helper-function to raise an error if we run into a CBOR type which we currently can't decode.
1 parent c8fddf1 commit fd96489

File tree

3 files changed

+22
-1
lines changed

3 files changed

+22
-1
lines changed

FUNCTIONS/decode_cbor.sql

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ WITH RECURSIVE x AS (
3737
THEN substring(x.cbor,2,additional_type_value)
3838
WHEN major_type_value = 2 AND additional_type_value = 24
3939
THEN substring(x.cbor,3,get_byte(x.cbor,1))
40+
WHEN major_type_value = 2 AND additional_type_value = 25
41+
THEN substring(x.cbor,4,get_byte(x.cbor,1)*256+get_byte(x.cbor,2))
4042
END AS bytes,
4143
CASE WHEN major_type_value = 0 AND additional_type_value <= 23
4244
THEN additional_type_value
@@ -50,10 +52,16 @@ WITH RECURSIVE x AS (
5052
)) AS data_item_header(major_type_value,additional_type_value) ON TRUE
5153
JOIN LATERAL (VALUES(CASE
5254
WHEN major_type_value IN (2,3) AND additional_type_value <= 23 THEN 2+additional_type_value
53-
WHEN major_type_value = 5 THEN 2
55+
WHEN major_type_value = 5 AND additional_type_value <= 23 THEN 2
5456
WHEN major_type_value = 2 AND additional_type_value = 24 THEN 3+get_byte(x.cbor,1)
57+
WHEN major_type_value = 2 AND additional_type_value = 25 THEN 4+get_byte(x.cbor,1)*256+get_byte(x.cbor,2)
5558
WHEN major_type_value = 0 AND additional_type_value <= 23 THEN 2
5659
WHEN major_type_value = 1 AND additional_type_value <= 23 THEN 2
60+
ELSE webauthn.raise_error('Decoding of CBOR type not implemented',json_build_object(
61+
'item',item,
62+
'major_type_value',major_type_value,
63+
'additional_type_value',additional_type_value
64+
),NULL::integer)
5765
END)) AS next_item(byte_offset) ON TRUE
5866
WHERE length(x.cbor) > 0
5967
)

FUNCTIONS/raise_error.sql

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
CREATE OR REPLACE FUNCTION webauthn.raise_error(error_message text, debug json, dummy_return_value anyelement)
2+
RETURNS anyelement
3+
LANGUAGE plpgsql
4+
AS $$
5+
BEGIN
6+
RAISE '% %', error_message, debug;
7+
-- Will not return, since error will be raised,
8+
-- but necessary to be able to use the function in place
9+
-- where a value of given type is expected.
10+
RETURN dummy_return_value;
11+
END;
12+
$$;

Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ all: webauthn--1.0.sql
2323

2424
SQL_SRC = \
2525
complain_header.sql \
26+
FUNCTIONS/raise_error.sql \
2627
ENUMS/credential_type.sql \
2728
ENUMS/user_verification_requirement.sql \
2829
FUNCTIONS/base64url_decode.sql \

0 commit comments

Comments
 (0)