[CHORE] Remove u2f dependency

- It was only used to parse old U2F data to webauthn credentials. We only used the public key and keyhandle. This functiontionality was reworked to `parseU2FRegistration`. - Tests are already present, `Test_RemigrateU2FCredentials`.
2024-04-05 14:00:36 +02:00 · 2024-04-05 14:00:36 +02:00 · 32134e3a43
commit 32134e3a43
parent 9c82789664
5 changed files with 43 additions and 16 deletions
--- a/models/migrations/v1_16/v210.go
+++ b/models/migrations/v1_16/v210.go
@ -4,18 +4,44 @@
 package v1_16 //nolint

 import (
+	"crypto/ecdh"
 	"encoding/base32"
+	"errors"
 	"fmt"
 	"strings"

 	"code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/timeutil"

-	"github.com/tstranex/u2f"
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
 )

+func parseU2FRegistration(raw []byte) (pubKey *ecdh.PublicKey, keyHandle []byte, err error) {
+	if len(raw) < 69 {
+		return nil, nil, errors.New("data is too short")
+	}
+	if raw[0] != 0x05 {
+		return nil, nil, errors.New("invalid reserved byte")
+	}
+	raw = raw[1:]
+
+	pubKey, err = ecdh.P256().NewPublicKey(raw[:65])
+	if err != nil {
+		return nil, nil, err
+	}
+	raw = raw[65:]
+
+	khLen := int(raw[0])
+	if len(raw) < khLen {
+		return nil, nil, errors.New("invalid key handle")
+	}
+	raw = raw[1:]
+	keyHandle = raw[:khLen]
+
+	return pubKey, keyHandle, nil
+}
+
 // v208 migration was completely broken
 func RemigrateU2FCredentials(x *xorm.Engine) error {
 	// Create webauthnCredential table
@ -117,12 +143,7 @@ func RemigrateU2FCredentials(x *xorm.Engine) error {
 				}
 			}
 			for _, reg := range regs {
-				parsed := new(u2f.Registration)
-				err = parsed.UnmarshalBinary(reg.Raw)
-				if err != nil {
-					continue
-				}
-				pubKey, err := parsed.PubKey.ECDH()
+				pubKey, keyHandle, err := parseU2FRegistration(reg.Raw)
 				if err != nil {
 					continue
 				}
@ -131,7 +152,7 @@ func RemigrateU2FCredentials(x *xorm.Engine) error {
 					Name:            reg.Name,
 					LowerName:       strings.ToLower(reg.Name),
 					UserID:          reg.UserID,
-					CredentialID:    base32.HexEncoding.EncodeToString(parsed.KeyHandle),
+					CredentialID:    base32.HexEncoding.EncodeToString(keyHandle),
 					PublicKey:       pubKey.Bytes(),
 					AttestationType: "fido-u2f",
 					AAGUID:          []byte{},