Credential ID changed for old credentials

[robin-nitrokey]

When calculating the credential ID for a non-discoverable credential that was generated with an older fido-authenticator version (e. g. v0.1.1-nitrokey.4 / NK3 firmware v1.4.0), the current implementation (v0.1.1-nitrokey.23 / v1.8.0-rc.1) leads to a different credential ID. This is caused by a changed serialization of FullCredential.

Input:

• RP ID "John Doe"
• KEK [0; 44]
• credential ID "A300583A71AEF80C4DA56033D66EB3266E9ACB8D84923D13F89BCBCE9FF30D8CD77ED968A436CA3D39C49999EC0F69A289CB2A65A08ABF251DEB21BB4B56014C00000000000000000000000002504DF499ABDAE80F5615C870985B74A799"

The deserialized credential is the same, but the serialized credential differs:

old: A3000201A700A1626964684A6F686E20446F6501A16269644301020302187B03F404260582014301020306F4024C000000000000000000000000
new: A3000201A700A16169684A6F686E20446F6501A161694301020302187B03F404260582014301020306F4024C000000000000000000000000

[robin-nitrokey]

This seems to be caused by https://github.com/Nitrokey/fido-authenticator/pull/59 which changed the serialization of the RP and user data.

For example, the RP with id = "John Doe":

  left: "A16169684A6F686E20446F65"
 right: "A1626964684A6F686E20446F65"

The problem is that we re-serialize the credential data for the credential ID calculation. This only occurs with credentials generated with older versions as we removed the unnecessary RP and user fields when serializing credentials in https://github.com/Nitrokey/fido-authenticator/pull/32.

Potential solutions:

• Handle both old and new RP and user formats when calculating the ID – problem: increased complexity.
• Use the credential ID from the allow list instead of calculating it again – problem: the RP can omit the allow list but still expect the credential ID to be stable.

[robin-nitrokey]

For the record, it looks like all credentials generated with v1.5.0 or older are affected as v0.1.1-nitrokey.6 is the first tag with the shorter credential IDs.