Authdata - incosistency

[pionl]

Hi,

I’ve spend few days trying to understand, why authdata I receive is missing aaguid, public key coe, credentialId. Also flags and counter are "strange". I thought I was doing something wrong or something is not implemented so I was trying to look around the code/docs/internet. Today I’ve event tried to build the c project to look around more.

After browsing the C code I’ve noticed that auth_data is encoded when parsing a reply for cred make and "modified"?

After browsing more, I’ve noticed I could use fido_cred_authdata_raw_ptr and check the difference.

After using raw data I can parse correct flags & data. In the docs I’ve not noticed that there is stated the difference. Is this desired? Is AuthData designed to follow attestation != "direct" in webauthn?

With the incorrect AuthData I’ve used I was not able to verify the signature.

Here is RAW data parsed (hex values).

Decoded AuthData
RpIdHash: 35-6C-9E-D4-A0-93-21-B9-69-5F-1E-AF-91-82-03-F1
Flags: 197 (UP: True, UV: True, AT: True, ED: True)
Counter: 148
AAGUID: BE-72-70-34-57-4A-F7-99-5C-76-09-29-E0-43-09-73
CredentialId: 4B-56-FF-D4-97-C8-47-F0-CD-90-7E-08-F9-28-F1-96-34-BD-32-04-54-22-1A-4D-A4-35-B7-E6-B5-34-A0-45-C2-98-B2-69-35-6C-9E-D4-A0-93-21-B9-69-5F-1E-AF-91-82-03-F1-B5-5F-68-9D-A6-1F-BC-96-18-4C-15-7D-DA-68-0C-81-94-00-00-00
COSE Public Key: A5-01-02-03-26-20-01-21-58-20-D6-26-76-E7-D3-4A-F4-DD-5F-8C-AE-83-B8-C3-C5-2C-F6-EC-E6-3B-73-63-7F-15-03-C6-AE-2F-86-A1-C0-0A-22-58-20-38-A0-D1-08-84-95-9C-EE-99-96-83-46-A8-61-9C-44-0D-01-46-FB-1C-4A-A2-DA-8C-72-AC-BA-F6-0C-18-CA-A1-6B-68-6D-61-63-2D-73-65-63-72-65-74-F5

fido_cred_authdata_ptr with fido_cred_authdata_len

Decoded AuthData
RpIdHash: 58-DA-35-6C-9E-D4-A0-93-21-B9-69-5F-1E-AF-91-82
Flags: 12 (UP: False, UV: True, AT: False, ED: False)
Counter: 2177171456

Thank you very much for the great work on the library. A lot of resources can be found around.
Martin.

[LDVG]

Hi,

Thanks for reaching out.

fido_cred_authdata_ptr() returns a pointer to the authenticator data encoded as a CBOR byte string, whereas fido_cred_authdata_raw_ptr() returns a pointer to the authenticator data itself.

In your example, it looks like you have not decoded the CBOR byte string before attempting to parse the authenticator data. The first two bytes of your "RpIdHash" contains a the CBOR byte string header 58 DA (CBOR major tag 2, length 218), followed by the bytes which you can see are identical to the RPID hash in the "raw" output.

Hope that helps.

[pionl]

Thank you for your answer and time, I did not understand this from the documentation at all.

Thank you for the the info. Now looking on the code where I took inspiration for building webauthn client response I totally missed / incorrecly understoodd cbor_load in the code - https://github.com/martelletto/fido2-webauthn-client/blob/afe5a259a3361706be1fa321a14088083e88a69a/cbor.c#L193C7-L193C20

have a great day