Closed balazserdeszlogmein closed 1 month ago
Thanks @balazserdeszlogmein for the report.
The "why is there a difference" is pretty easy to answer: The project is maintained by two different teams. 😄 We do our best to compare notes and maintain compatibility - but given that we use different fundamental base libraries (including crypto, json, etc.) some differences like this do crop up.
Right - if memory serves, the 04 denotes the encoding of the elliptic curve coordinate. We'll double check the U2F spec to see what it says. I'm guessing we just missed something on the .NET side. libfido2 is a far more mature implementation, so we typically assume that they are doing the correct thing.
I'll raise this with the team and see if we can get this addressed one way or the other.
Closing old issues. Feel free to reopen if this is still important to you.
[Note: this has also been posted on the libfido2 github as an issue here.]
Hi,
I have noticed a possible compatibility issue between this library and your C library, libfido2.
I am creating (registering) a U2F credential with the libfido2 command line tool like this on a macOS operating system.
bash
then bash:
which results in a file called "cred" in the following format:
Then, we also have a credential assertion (authentication) application, written with this .NET SDK, roughly doing the following on a Windows operating system:
C#
C#
When passing the credential id (private key handle) created on macOS with
fido2-cred
, calling the lastsession.Authenticate
function throws an error, namelynew ArgumentException(ExceptionMessages.UnsupportedAlgorithm);
in line 401 of the EcdsaVerify.cs file, because at line 368 in theprivate static ECDsa ConvertPublicKey(ReadOnlyMemory<byte> encodedEccPoint)
the(encodedEccPoint.Span[0] == EncodedPointTag)
condition is not met.Based on this, what we realized after a while, is that if we base64 decode the string of the credential id (key handle), prepend a 04 byte, then base64 encode it back to a string, the above will work and the authentication is going to be successful. Why is there a difference between the U2F implementation for LibFido2 and the .NET SDK?
Let me know if anything else is needed from my side to investigate this issue.
Thanks in advance, Balazs