Assertion failure for WebAuth data with libfido2

[AdityaSharma21]

Hi,
I have integrated libfido2 library release dlls in my Windows application which is developed in c# for enrolling and authenticating the user via FIDO device.
So, After enrolling user I store the publicKey and CredentailId in database generated from FidoCredential class and then authenticate the user using the same publicKey and CredentailId using the FidoAssertion class Verify method. So, As far everthing is working fine.

As, This application also have integration over Web so on web I have used WebAuthn for the FIDO2 for Enrolling and Authenticating the user. So, the enrollment and authentication at web part also working fine.

But, When I try to authenticate the user on the windows application which uses libfido2 library by using the publicKey and CredentailId generated from WebAuthn it show me the error of FIDO2 operation failed (InvalidSignature) .
Same is also happening with the WebAuthn Assertion method that the publickey and credentialId generated from libfido2 library is unable to authenticate using the WebAuthn Assertion method and throws the error PeterO.Cbor.CBORException Message: Too many bytes.
So, Please suggest the workaround for this problem as I am stuck here as these two apps are dependent on each other and required to enroll and authenticate the user at both the ends using the publickey and credentialId generated from any of the windows or web platforms.

[LDVG]

Hi,

When I try to authenticate the user on the windows application which uses libfido2 library by using the publicKey and CredentailId generated from WebAuthn it show me the error of FIDO2 operation failed (InvalidSignature).

Am I correct in understanding that you successfully retrieve an assertion from the authenticator but fail to verify its signature? Is the public key properly encoded to a format that libfido2 understands?

[LDVG]

The aforementioned client was merely meant as a basic reference implementation.

Let's again go back to your initial problem:

1. Please show me the code you're using for attempting to verify an assertion using libfido2.
2. Please show me the raw bytes of the public key you're passing to libfido2 for assertion verification when it is failing with invalid signature.

[AdityaSharma21]

Hi,
Here is the public key bytes that I am getting after making user credentials using the fido2-net-lib library for c# webAuthN:

[165,1,2,3,38,32,1,33,88,32,41,57,27,61,218,110,162,66,242,201,232,39,23,101,124,177,178,230,91,143,189,9,145,141,8,3,208,175,136,65,48,230,34,88,32,100,239,235,13,102,201,229,191,86,193,235,155,117,81,150,136,207,235,185,184,51,55,219,121,194,222,178,178,225,54,103,40]

And the libfido2 code for assertion is :

1. Initialize Assertion:
   

2. Finalize Assertion:
   

[LDVG]

Hi,

That byte sequence corresponds to the following CBOR structure:

A5                                      # map(5)
   01                                   # unsigned(1)
   02                                   # unsigned(2)
   03                                   # unsigned(3)
   26                                   # negative(6)
   20                                   # negative(0)
   01                                   # unsigned(1)
   21                                   # negative(1)
   58 20                                # bytes(32)
      29391B3DDA6EA242F2C9E82717657CB1B2E65B8FBD09918D0803D0AF884130E6 # ")9\e=\xDAn\xA2B\xF2\xC9\xE8'\u0017e|\xB1\xB2\xE6[\x8F\xBD\t\x91\x8D\b\u0003Я\x88A0\xE6"
   22                                   # negative(2)
   58 20                                # bytes(32)
      64EFEB0D66C9E5BF56C1EB9B75519688CFEBB9B83337DB79C2DEB2B2E1366728 # "d\xEF\xEB\rf\xC9\xE5\xBFV\xC1\xEB\x9BuQ\x96\x88\xCF빸37\xDBy\xC2\u07B2\xB2\xE16g("

or, in equivalent "JSON-like" terms:

{1: 2, 3: -7, -1: 1, -2: h'29391B3DDA6EA242F2C9E82717657CB1B2E65B8FBD09918D0803D0AF884130E6', -3: h'64EFEB0D66C9E5BF56C1EB9B75519688CFEBB9B83337DB79C2DEB2B2E1366728'}

This is a COSE_Key object. This is not how public keys are represented when verifying assertions in libfido2. Please see es256_pk_new(3) and friends.

I'm assuming you're using borrrden/Fido2Net to interact with libfido2. In that project, there does not appear to be any bindings for the es256_pk_t type. Instead, according to their examples, you are expected to arrange the raw bytes in a way compatible with libfido2, i.e. the ES256 public key object passed to the Verify() method must be the concatenation of the the X and Y coordinate and nothing else. These are the values corresponding to the -2 and -3 keys in the above map.

Therefore:

1. Decode the CBOR structure (publicKey) after base64 decoding it.
2. Extract the values for the -2 and -3 keys.
3. Concatenate these as X | Y respectively; the resulting array (keyBytes) shall be 64 bytes long.
4. Call Verify() with the result as the public key.

[AdityaSharma21]

Ok thanks will try with this approach and before that I have some queries below:

1. The values for the -2 and -3 keys i.e "29391B3DDA6EA242F2C9E82717657CB1B2E65B8FBD09918D0803D0AF884130E6" and "64EFEB0D66C9E5BF56C1EB9B75519688CFEBB9B83337DB79C2DEB2B2E1366728" is this base64, UTF8 or ASCII like from which encoding I get the bytes from this string.
   For Example if I want to assert using the same key then what I have do is to Concate the values of -2 and -3 i.e "29391B3DDA6EA242F2C9E82717657CB1B2E65B8FBD09918D0803D0AF884130E664EFEB0D66C9E5BF56C1EB9B75519688CFEBB9B83337DB79C2DEB2B2E1366728" and then convert this string to byte and pass it to the Verify() method as public key.
2. Do I need to include | as given in X | Y in concatenation.
3. Will you please suggest some reference url's from where you have decoded the CBOR structure of our public key that would be a great help.

Here is the Code for decoding the CBOR object in c#. So please suggest how can I identify which value is which like which is -2 and which is -3.

[LDVG]

1. The data is only displayed in hex for readability here. A proper CBOR decoder would give you the raw bytes directly. You must pass 64 raw bytes to libfido2 to represent a ES256 public key.
2. No, it's just a visual delimiter.
3. I used https://cbor.me/.

Here is the Code for decoding the CBOR object in c#. So please suggest how can I identify which value is which like which is -2 and which is -3.

I'm afraid I'm not familiar with the CBOR decoder you're using. The fido2-net-lib library you're using has utilities for working with the COSE key (and presumably for verifying assertions too), perhaps it makes sense to use that.

[AdityaSharma21]

Hi,
Thanks for your suggestion now I am able to assert using the public key generated from borrrden/Fido2Net](https://github.com/borrrden/Fido2Net) library with the libfido2.

Now, As per your suggestion there is no bindings for the es256_pk_t type. So, What I am going to do is to use the Verify method of libfido2 library on my windows client and web application for performing the assertion as I have added logic in Web Application to alter the public key generated from the borrrden/Fido2Net](https://github.com/borrrden/Fido2Net) library at the time of Finish Registration method so It will work with my windows desktop application which uses libfido2 library.

So, After updating the assertion method with libfido2 library on my Web Application I get the below response from navigator.credentials.get :
"id": "2vdUSbfDaazAWaGYTFnS7Vbu4VyMzG70eJhyZOAQ7ZOwTCTpWug98h-NEBwahD8AyTiv9DJl9OfkQinJYtYZWM_dNshABpUNxv_VdfVAczIl8YVS963nijS_3Hfa9hFT", "rawId":"2vdUSbfDaazAWaGYTFnS7Vbu4VyMzG70eJhyZOAQ7ZOwTCTpWug98h-NEBwahD8AyTiv9DJl9OfkQinJYtYZWM_dNshABpUNxv_VdfVAczIl8YVS963nijS_3Hfa9hFT", "response":{ "authenticatorData":"oEZkc_5aGr1I98knEzlsHcFzP74DMy0SBSiWtUEwB9EBAAAElA", "clientDataJson":"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRnA0dG0zaHZXd3E3Qzg4YVJMOHg0USIsIm9yaWdpbiI6Imh0dHBzOi8vZGV2Y3MuY2xvdWQuMmZhLmNvbSIsImNyb3NzT3JpZ2luIjpmYWxzZX0", "signature":"MEUCIEoR2f98sanTc6tMcgNz0Kfio6eUyggofUEQR8ZP3bK0AiEA7Xeqsl8Fn76fInW4ikKeWPboJag6hEF5_EhWnO3yZ9Q" }, "type":"public-key"

And its equivalent byte array format is :
"id" :[218,247,84,73,183,195,105,172,192,89,161,152,76,89,210,237,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,176,76,36,233,90,232,61,242,31,141,16,28,26,132,63,0,201,56,175,244,50,101,244,231,228,66,41,201,98,214,25,88,207,221,54,200,64,6,149,13,198,255,213,117,245,64,115,50,37,241,133,82,247,173,231,138,52,191,220,119,218,246,17,83], "rawId" :[218,247,84,73,183,195,105,172,192,89,161,152,76,89,210,237,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,176,76,36,233,90,232,61,242,31,141,16,28,26,132,63,0,201,56,175,244,50,101,244,231,228,66,41,201,98,214,25,88,207,221,54,200,64,6,149,13,198,255,213,117,245,64,115,50,37,241,133,82,247,173,231,138,52,191,220,119,218,246,17,83], "response":{ "authenticatorData":[160,70,100,115,254,90,26,189,72,247,201,39,19,57,108,29,193,115,63,190,3,51,45,18,5,40,150,181,65,48,7,209,1,0,0,4,148], "clientDataJson":[123,34,116,121,112,101,34,58,34,119,101,98,97,117,116,104,110,46,103,101,116,34,44,34,99,104,97,108,108,101,110,103,101,34,58,34,70,112,52,116,109,51,104,118,87,119,113,55,67,56,56,97,82,76,56,120,52,81,34,44,34,111,114,105,103,105,110,34,58,34,104,116,116,112,115,58,47,47,100,101,118,99,115,46,99,108,111,117,100,46,50,102,97,46,99,111,109,34,44,34,99,114,111,115,115,79,114,105,103,105,110,34,58,102,97,108,115,101,125], "signature":[48,69,2,32,74,17,217,255,124,177,169,211,115,171,76,114,3,115,208,167,226,163,167,148,202,8,40,125,65,16,71,198,79,221,178,180,2,33,0,237,119,170,178,95,5,159,190,159,34,117,184,138,66,158,88,246,232,37,168,58,132,65,121,252,72,86,156,237,242,103,212] }, "type":"public-key"

So, When I pass the auth data which is authenticatorData to the assert.SetAuthData(authData, 0) it shows me the error of Invalid Argument. So Will you please suggest that how can I alter or format the authData, Signature and clientDataJson as received from navigator.credentials.get for performing the assertion.

[LDVG]

Yes, you should only pass the clientDataJson value to fido_assert_set_cliendata().

[AdityaSharma21]

Hi,

Thanks for your suggestion now the assertion is working fine with my WebAuthn Assertion response.
And, I also tried to enroll the user using the WebAuthn navigator.credentials.create method and passed the response to the Verify() method of FidoCredential using the libfido2 library.
As, I am not getting any signature value in the response of the navigator.credentials.create. So, Will you please suggest that which value should I pass in the Signature variable to verify the enrollment response from the webAuthn.
Below is the request I am sending to the navigator.credentials.create method:

{
	"attestation":"none",
	"challenge":[61,69,90,67,107,239,236,224,202,32,93,135,22,32,9,161]
	"rp":"devcs.cloud.2fa.com",
	"pubKeyCredParams":[
						{
						  "type": "public-key",
						  "alg": -7
						},
						{
						  "type": "public-key",
						  "alg": -257
						}
	],
	"excludeCredentials": [],
	"user":{
				"id":[49],
				"name":"Aditya"
	}
}

And this is the response I am getting from the navigator.credentials.create method after touching fido token:

{

"id":[31,141,20,145,145,227,26,195,243,187,36,83,239,87,238,21,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,173,72,108,199,26,55,120,16,209,100,45,83,228,214,123,84,142,170,57,42,80,60,66,64,160,34,77,223,41,73,231,199,52,95,156,63,72,105,202,54,50,106,192,88,93,72,250,133,238,133,140,113,43,11,112,244,245,233,145,41,199,102,59,36],

"rawId":[31,141,20,145,145,227,26,195,243,187,36,83,239,87,238,21,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,173,72,108,199,26,55,120,16,209,100,45,83,228,214,123,84,142,170,57,42,80,60,66,64,160,34,77,223,41,73,231,199,52,95,156,63,72,105,202,54,50,106,192,88,93,72,250,133,238,133,140,113,43,11,112,244,245,233,145,41,199,102,59,36],

"response":
	{	"AttestationObject":[163,99,102,109,116,100,110,111,110,101,103,97,116,116,83,116,109,116,160,104,97,117,116,104,68,97,116,97,88,228,160,70,100,115,254,90,26,189,72,247,201,39,19,57,108,29,193,115,63,190,3,51,45,18,5,40,150,181,65,48,7,209,65,0,0,10,151,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,31,141,20,145,145,227,26,195,243,187,36,83,239,87,238,21,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,173,72,108,199,26,55,120,16,209,100,45,83,228,214,123,84,142,170,57,42,80,60,66,64,160,34,77,223,41,73,231,199,52,95,156,63,72,105,202,54,50,106,192,88,93,72,250,133,238,133,140,113,43,11,112,244,245,233,145,41,199,102,59,36,165,1,2,3,38,32,1,33,88,32,138,76,241,148,149,26,122,181,152,31,57,59,92,92,156,238,232,180,158,135,147,230,12,187,121,159,148,142,237,0,208,206,34,88,32,195,26,254,250,198,197,201,33,90,205,221,120,129,106,94,25,13,23,241,35,162,176,206,15,39,152,171,92,191,36,206,66],
	"clientDataJson":[123,34,116,121,112,101,34,58,34,119,101,98,97,117,116,104,110,46,99,114,101,97,116,101,34,44,34,99,104,97,108,108,101,110,103,101,34,58,34,80,85,86,97,81,50,118,118,55,79,68,75,73,70,50,72,70,105,65,74,111,81,34,44,34,111,114,105,103,105,110,34,58,34,104,116,116,112,115,58,47,47,100,101,118,99,115,46,99,108,111,117,100,46,50,102,97,46,99,111,109,34,44,34,99,114,111,115,115,79,114,105,103,105,110,34,58,102,97,108,115,101,125]
	},

"authenticatorAttachment":"cross-platform"

}

And here is the C# wrapper for the libfido2 library I have implemented in my code. So, I am just wondering that what will be the value for Signature, Format for the verification of the response:

[LDVG]

When using "attestation": "none" (and the authenticator does not perform self-attestation), no attestation information is made available, this includes the attestation signature.

[AdityaSharma21]

So, In that case Format value will be none and will leave the Signature as null. And then how we can set the value of cred.SetX509.

[LDVG]

If you do not request attestation you will not receive an attestation certificate.

[AdityaSharma21]

Hi,
I am getting the error of Invalid Argument when setting the value of cred.AuthData. The value I am passing to the cred.AuthData is the bytes of the AttestationObject that I have received from the navigator.credentials.create method in response.
Please suggest do I need to use another variable for setting the data or I am missing something.

[LDVG]

If we decode the AttestationObject, we can see that it corresponds to the CBOR structure below:

{"fmt": "none", "attStmt": {}, "authData": h'A0466473FE5A1ABD48F7C92713396C1DC1733FBE03332D12052896B5413007D14100000A970000000000000000000000000000000000601F8D149191E31AC3F3BB2453EF57EE1556EEE15C8CCC6EF478987264E010ED93AD486CC71A377810D1642D53E4D67B548EAA392A503C4240A0224DDF2949E7C7345F9C3F4869CA36326AC0585D48FA85EE858C712B0B70F4F5E99129C7663B24A50102032620012158208A4CF194951A7AB5981F393B5C5C9CEEE8B49E8793E60CBB799F948EED00D0CE225820C31AFEFAC6C5C9215ACDDD78816A5E190D17F123A2B0CE0F2798AB5CBF24CE42'}

The authData object contains the Credential ID and Credential Public Key. The raw bytes of authData can be given to libfido2 via fido_cred_set_authdata_raw().

[AdityaSharma21]

Hi,
I am still getting the issue of Invalid Argument as tried with the fido_cred_set_authdata_raw().The authData bytes after decoding the CBOR structure as below :
[160,70,100,115,254,90,26,189,72,247,201,39,19,57,108,29,193,115,63,190,3,51,45,18,5,40,150,181,65,48,7,209,65,0,0,10,151,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,96,31,141,20,145,145,227,26,195,243,187,36,83,239,87,238,21,86,238,225,92,140,204,110,244,120,152,114,100,224,16,237,147,173,72,108,199,26,55,120,16,209,100,45,83,228,214,123,84,142,170,57,42,80,60,66,64,160,34,77,223,41,73,231,199,52,95,156,63,72,105,202,54,50,106,192,88,93,72,250,133,238,133,140,113,43,11,112,244,245,233,145,41,199,102,59,36,165,1,2,3,38,32,1,33,88,32,138,76,241,148,149,26,122,181,152,31,57,59,92,92,156,238,232,180,158,135,147,230,12,187,121,159,148,142,237,0,208,206,34,88,32,195,26,254,250,198,197,201,33,90,205,221,120,129,106,94,25,13,23,241,35,162,176,206,15,39,152,171,92,191,36,206,66]

[LDVG]

Please provide libfido2 debug output.

[AdityaSharma21]

Hi,
As I am using the c# wrapper for libfido2 release dll. So, I am unable to provide the debug information for this.
I can provide the data I am passing to the methods if that might help you to get the debug output at your end.

[LDVG]

The authenticator data you just posted works fine for me (see below). Please enable debug output for further help.

$ cat x.c
#undef NDEBUG
#include <assert.h>
#include <fido.h>

static const unsigned char authdata[] = {
    160, 70,  100, 115, 254, 90,  26,  189, 72,  247, 201, 39,  19,  57,  108,
    29,  193, 115, 63,  190, 3,   51,  45,  18,  5,   40,  150, 181, 65,  48,
    7,   209, 65,  0,   0,   10,  151, 0,   0,   0,   0,   0,   0,   0,   0,
    0,   0,   0,   0,   0,   0,   0,   0,   0,   96,  31,  141, 20,  145, 145,
    227, 26,  195, 243, 187, 36,  83,  239, 87,  238, 21,  86,  238, 225, 92,
    140, 204, 110, 244, 120, 152, 114, 100, 224, 16,  237, 147, 173, 72,  108,
    199, 26,  55,  120, 16,  209, 100, 45,  83,  228, 214, 123, 84,  142, 170,
    57,  42,  80,  60,  66,  64,  160, 34,  77,  223, 41,  73,  231, 199, 52,
    95,  156, 63,  72,  105, 202, 54,  50,  106, 192, 88,  93,  72,  250, 133,
    238, 133, 140, 113, 43,  11,  112, 244, 245, 233, 145, 41,  199, 102, 59,
    36,  165, 1,   2,   3,   38,  32,  1,   33,  88,  32,  138, 76,  241, 148,
    149, 26,  122, 181, 152, 31,  57,  59,  92,  92,  156, 238, 232, 180, 158,
    135, 147, 230, 12,  187, 121, 159, 148, 142, 237, 0,   208, 206, 34,  88,
    32,  195, 26,  254, 250, 198, 197, 201, 33,  90,  205, 221, 120, 129, 106,
    94,  25,  13,  23,  241, 35,  162, 176, 206, 15,  39,  152, 171, 92,  191,
    36,  206, 66
};

int main(void) {
  fido_cred_t *cred;
  int r;

  fido_init(0);

  cred = fido_cred_new();
  assert(cred != NULL);

  r = fido_cred_set_type(cred, COSE_ES256);
  assert(r == FIDO_OK);

  r = fido_cred_set_authdata_raw(cred, authdata, sizeof(authdata));
  assert(r == FIDO_OK);

  return 0;
}
$ cc x.c -lfido2 -o x && ./x
$ echo $?
0

[LDVG]

You have already received a reply above: #647 (reply in thread).

[AdityaSharma21]

Hi,

Here is my code for setting the authdata raw using the fido_cred_set_authdata_raw method. But still its showing me the error of FIDO2 operation failed (InvalidArgument)

[AdityaSharma21]

Hi,
After cleaning and rebuilding the solution I am able to successfully set the Authdata using the fido_cred_set_authdata_raw() method.
But now its showing the error FIDO2 operation failed (InvalidArgument) when calling cred.Verify().
So, Will you please check at your end that verification method is resulting into success after setting all the parameter or its showing the same issue.

[AdityaSharma21]

Hi,
Here is the debug output of the issue I am getting when calling verify() method. And, I am sorry as I was not aware of enabling the setting for getting the debug output logs.

[LDVG]

The fido_cred_verify() function is used to verify an attestation signature. As seen from the debug output, fido_cred_verify() is missing the client data (hash), the attestation certificate, and the attestation signature itself. Since you used "attestation": "none" in your navigator.credentials.create request, the authenticator/client replied with an empty attestation statement (no certificate, no signature) -- so there is nothing to verify.

See for example examples/cred.c where credential verification is skipped when the attestation format is "none".

For more information about attestation, please see https://www.w3.org/TR/webauthn-2/#sctn-attestation.

[AdityaSharma21]

So, In that case I can get public key and CredentialId directly from the instance of the cred as given in below code snippet:
For getting public key:
```
var len = (int) Native.fido_cred_pubkey_len(_native);
var ptr = Native.fido_cred_pubkey_ptr(_native);
return new ReadOnlySpan(ptr, len);

**For getting credential Id:**

var len = (int) Native.fido_cred_id_len(_native);
var ptr = Native.fido_cred_id_ptr(_native);
return new ReadOnlySpan(ptr, len);

[LDVG]

Yes.