fido_cred_set_authdata() giving FIDO_ERR_INVALID_ARGUMENT (-7)

[gunjanai]

Hi,
I am trying to verify register credentials using libfido2. From my web browser I am calling navigator.creadentials.create() api and the response from this is a JSON which I am trying to verify using libfido2. While calling fido_cred_set_authdata(cred, attestationObject, sizeof(attestationObject)) or fido_cred_set_authdata_raw(cred, attestationObject, sizeof(attestationObject)) I am getting the error FIDO_ERR_INVALID_ARGUMENT (-7).
the attestationObject in the json is an array of integers which I have converted to unsigned char *.
Please help.

[thetechinsight]

Hello Community,

I am also getting the same issue while parsing the attestation object.

Any help would be appreciated!

Thanks!

[LDVG]

Hi,

The fido_cred_set_authdata() and fido_cred_set_authdata_raw() functions expect to be given the authenticator data (encoded as a CBOR bytestring in the case of fido_cred_set_authdata()). As the question is stated, it is unclear whether you've extracted the authenticator data from the attestation object or if you're passing the entire attestation object. You must do the former for it to work properly.

For further help, please provide a copy of the authenticator data you're passing to fido_cred_set_authdata() or fido_cred_set_authdata_raw(). It may also be helpful to provide a debug log (FIDO_DEBUG=1) of the function call.

[gunjanai]

Hi,

this is the auth data which I got when I cbor decoded attestationObject
{
"fmt": "none",
"attStmt": {},
"authData": [73, 150, 13, 229, 136, 14, 140, 104, 116, 52, 23, 15, 100, 118, 96, 91, 143, 228, 174, 185, 162, 134, 50, 199, 153, 92, 243, 186, 131, 29, 151, 99, 93, 0, 0, 0, 0, 234, 155, 141, 102, 77, 1, 29, 33, 60, 228, 182, 180, 140, 181, 117, 212, 0, 16, 16, 212, 84, 198, 242, 1, 221, 192, 238, 167, 27, 22, 230, 80, 72, 228, 165, 1, 2, 3, 38, 32, 1, 33, 88, 32, 206, 146, 75, 115, 90, 171, 130, 122, 115, 17, 18, 175, 57, 35, 60, 26, 90, 88, 29, 182, 202, 93, 228, 250, 229, 37, 48, 129, 96, 125, 117, 29, 34, 88, 32, 71, 50, 253, 237, 52, 27, 14, 117, 62, 102, 15, 234, 234, 253, 137, 40, 254, 209, 232, 135, 174, 201, 228, 56, 57, 122, 59, 246, 150, 235, 51, 68]
}

When passing authData to fido_cred_set_authdata()

This is the debug log error of the function call-
cbor_bytestring_copy: cbor type
fido_cred_set_authdata: fido_blob_decode

When passing authData to fido_cred_set_authdata_raw()

This is the debug log error of the function call-
cbor_decode_cred_authdata: fido_buf_read
fido_cred_set_authdata_raw: cbor_decode_cred_authdata

[LDVG]

Thank you.

To double check: are you passing the correct byte array length to fido_cred_set_authdata_raw() (and not e.g. sizeof() of a pointer)?

For further help, I'll need more of the debug log from the fido_cred_set_authdata_raw() call. I'm particularly interested in the hex dump it should produce just before the fido_buf_read message, but the complete log of the function call is preferred.

[gunjanai]

Thank you for your response. We were able to solve this error.
Seems like size of the authData array was not parsing correctly because of '0' values present in it.
After getting the hang of this we were able to correctly pass data in fido_cred_set_authdata_raw().