search

duo-labs / webauthn.io

The source code for webauthn.io, a demonstration of WebAuthn.
https://webauthn.io
BSD 3-Clause "New" or "Revised" License
635 stars 116 forks source link

Registration failed: premature end of stream (expected to read 1 bytes, got 0 instead) #107

Open alizarei95 opened 9 months ago

alizarei95 commented 9 months ago

Hi there, I'm developing an authenticator. When I generate create credential response, I get this error in webauthn.io : Registration failed: premature end of stream (expected to read 1 bytes, got 0 instead)

But, when I'm testing with https://webauthnsample.azurewebsites.net/ or https://webauthntest.identitystandards.io/ everything work well. What is exact problem?

MasterKale commented 9 months ago

What is exact problem?

Help me help you. Please provide any details, there's nothing here for me to begin debugging.

alizarei95 commented 9 months ago

Here is full response which webauthn gets:

REGISTRATION RESPONSE 20:10:54.611 (index):508 { "id": "6MpN9tzIRZGkout3Roum5Q", "rawId": "6MpN9tzIRZGkout3Roum5Q", "response": { "attestationObject": "o2NmbXRmcGFja2VkaGF1dGhEYXRhWJR0puqSE8mcL3SyJJKzIM9AJiqUwalQoDl_KSULYIQe8MUAAAAROaVkfhhTRGyh9qebrp9bxwAQ6MpN9tzIRZGkout3Roum5aUBAgMmIAEhWCBjfryIzwhCLOZ6AkIcU_5kHzblft9yFn0AtKB3NiqqOyJYIGZqt2I3Sd6JmXsC76BBgWKN_5_3K8BhThW7crlFe1NQZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgXBHqbGYvMjS0UxcB0c_2X3E7jX-GHgIlQ_syxg59iXYCIHEG1jeNFZGrsA-2Vt0KAUJYCCyUlezAuHZXnKvMBeioY3g1Y4FZAfIwggHuMIIBlKADAgECAgkA5pSqn2hxl74wCgYIKoZIzj0EAwIwQTEkMCIGA1UECgwbVmFuY29zeXMgRGF0YSBTZWN1cml0eSBJbmMuMRkwFwYDVQQDDBBWYW5jb3N5cyBSb290IENBMCAXDTE4MTIyMjE3MTQzNloYDzIwNjgxMjA5MTcxNDM2WjCBgDELMAkGA1UEBhMCQ0ExJDAiBgNVBAoMG1ZhbmNvc3lzIERhdGEgU2VjdXJpdHkgSW5jLjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEnMCUGA1UEAwweVmFuY29zeXMgQW5kcm9pZCBBdXRoZW50aWNhdG9yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf-qpRvI9l6DkSl0VUwaRnggahsN8QWm2C9x7K5sJmHo2qZyYS-pMJjeJM-fnMF3f2nMlosITZJhC83uDt-8pkqMzMDEwDAYDVR0TAQH_BAIwADAhBgsrBgEEAYLlHAEBBAQSBBA5pWR-GFNEbKH2p5uun1vHMAoGCCqGSM49BAMCA0gAMEUCIQDzjysauABP9632mu8CJ_7TwPBb2YhDYoHOClsGPaHbMgIgFDVHo8TeC2Lrp_wObk62e6CEd-vb-QHgbqNCa49nCFo", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiaTQwTHdoc2h5MHhyTjhDakY4N2U3d1RHdWljR2ZERG5yZ19nWnlOOU1zZ0M4YkRBZEdlVHdqUGpfRTlUb1JNNDhoY0pJdHg1b0I4RnhVSm9DU0c3elEiLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIn0", "transports": [ "internal", "hybrid" ], "publicKeyAlgorithm": -7, "publicKey": "BGN-vIjPCEIs5noCQhxT_mQfNuV-33IWfQC0oHc2Kqo7Zmq3YjdJ3omZewLvoEGBYo3_n_crwGFOFbtyuUV7U1A", "authenticatorData": "dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvDFAAAAETmlZH4YU0Rsofanm66fW8cAEOjKTfbcyEWRpKLrd0aLpuWlAQIDJiABIVggY368iM8IQizmegJCHFP-ZB825X7fchZ9ALSgdzYqqjsiWCBmardiN0neiZl7Au-gQYFijf-f9yvAYU4Vu3K5RXtTUA" }, "type": "public-key", "clientExtensionResults": {} }

MasterKale commented 9 months ago

Thank you, we're almost there.

Registration failed: premature end of stream (expected to read 1 bytes, got 0 instead)

The full stack trace you're seeing from Python will be helpful as well, try to include the Python code that causes this too if you can.

alizarei95 commented 9 months ago

Currently I can't run repo locally, can you debug without it?

MasterKale commented 9 months ago

Oh, I see, this is an issue you're having with the live website. Aright, I'll see if this is enough to work with.

alizarei95 commented 9 months ago

Is there any update here? @MasterKale

MasterKale commented 9 months ago

Is there any update here?

I was at a conference all week so I didn't have a chance to dig into this. I'll let you know how things go when I can.

alizarei95 commented 8 months ago

Any update? @MasterKale

MasterKale commented 8 months ago

Okay, I recreated in a simple call to verify_registration_response():

from webauthn import verify_registration_response
from webauthn.helpers import base64url_to_bytes

def verify():
    resp = verify_registration_response(
        credential="""{
            "id": "6MpN9tzIRZGkout3Roum5Q",
            "rawId": "6MpN9tzIRZGkout3Roum5Q",
            "response": {
                "attestationObject": "o2NmbXRmcGFja2VkaGF1dGhEYXRhWJR0puqSE8mcL3SyJJKzIM9AJiqUwalQoDl_KSULYIQe8MUAAAAROaVkfhhTRGyh9qebrp9bxwAQ6MpN9tzIRZGkout3Roum5aUBAgMmIAEhWCBjfryIzwhCLOZ6AkIcU_5kHzblft9yFn0AtKB3NiqqOyJYIGZqt2I3Sd6JmXsC76BBgWKN_5_3K8BhThW7crlFe1NQZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgXBHqbGYvMjS0UxcB0c_2X3E7jX-GHgIlQ_syxg59iXYCIHEG1jeNFZGrsA-2Vt0KAUJYCCyUlezAuHZXnKvMBeioY3g1Y4FZAfIwggHuMIIBlKADAgECAgkA5pSqn2hxl74wCgYIKoZIzj0EAwIwQTEkMCIGA1UECgwbVmFuY29zeXMgRGF0YSBTZWN1cml0eSBJbmMuMRkwFwYDVQQDDBBWYW5jb3N5cyBSb290IENBMCAXDTE4MTIyMjE3MTQzNloYDzIwNjgxMjA5MTcxNDM2WjCBgDELMAkGA1UEBhMCQ0ExJDAiBgNVBAoMG1ZhbmNvc3lzIERhdGEgU2VjdXJpdHkgSW5jLjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEnMCUGA1UEAwweVmFuY29zeXMgQW5kcm9pZCBBdXRoZW50aWNhdG9yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf-qpRvI9l6DkSl0VUwaRnggahsN8QWm2C9x7K5sJmHo2qZyYS-pMJjeJM-fnMF3f2nMlosITZJhC83uDt-8pkqMzMDEwDAYDVR0TAQH_BAIwADAhBgsrBgEEAYLlHAEBBAQSBBA5pWR-GFNEbKH2p5uun1vHMAoGCCqGSM49BAMCA0gAMEUCIQDzjysauABP9632mu8CJ_7TwPBb2YhDYoHOClsGPaHbMgIgFDVHo8TeC2Lrp_wObk62e6CEd-vb-QHgbqNCa49nCFo",
                "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiaTQwTHdoc2h5MHhyTjhDakY4N2U3d1RHdWljR2ZERG5yZ19nWnlOOU1zZ0M4YkRBZEdlVHdqUGpfRTlUb1JNNDhoY0pJdHg1b0I4RnhVSm9DU0c3elEiLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIn0",
                "transports": [
                "internal",
                "hybrid"
                ],
                "publicKeyAlgorithm": -7,
                "publicKey": "BGN-vIjPCEIs5noCQhxT_mQfNuV-33IWfQC0oHc2Kqo7Zmq3YjdJ3omZewLvoEGBYo3_n_crwGFOFbtyuUV7U1A",
                "authenticatorData": "dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvDFAAAAETmlZH4YU0Rsofanm66fW8cAEOjKTfbcyEWRpKLrd0aLpuWlAQIDJiABIVggY368iM8IQizmegJCHFP-ZB825X7fchZ9ALSgdzYqqjsiWCBmardiN0neiZl7Au-gQYFijf-f9yvAYU4Vu3K5RXtTUA"
            },
            "type": "public-key",
            "clientExtensionResults": {}
        }""",
        expected_challenge=base64url_to_bytes("i40Lwhshy0xrN8CjF87e7wTGuicGfDDnrg_gZyN9MsgC8bDAdGeTwjPj_E9ToRM48hcJItx5oB8FxUJoCSG7zQ"),
        expected_origin="https://webauthn.io",
        expected_rp_id="webauthn.io",
    )

    print(resp)

verify()

The error happens when attempting to read extensions in authenticator data:

Traceback (most recent call last):
  File "/Users/matt/Developer/py_webauthn/webauthn/helpers/parse_cbor.py", line 16, in parse_cbor
    to_return = cbor2.loads(data)
                ^^^^^^^^^^^^^^^^^
_cbor2.CBORDecodeEOF: premature end of stream (expected to read 1 bytes, got 0 instead)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/matt/Developer/py_webauthn/./107-end-of-stream.py", line 30, in <module>
    verify()
  File "/Users/matt/Developer/py_webauthn/./107-end-of-stream.py", line 5, in verify
    resp = verify_registration_response(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/matt/Developer/py_webauthn/webauthn/registration/verify_registration_response.py", line 153, in verify_registration_response
    attestation_object = parse_attestation_object(response.attestation_object)  # TODO: Issue #173
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/matt/Developer/py_webauthn/webauthn/helpers/parse_attestation_object.py", line 16, in parse_attestation_object
    auth_data=parse_authenticator_data(attestation_dict["authData"]),
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/matt/Developer/py_webauthn/webauthn/helpers/parse_authenticator_data.py", line 91, in parse_authenticator_data
    extension_object = parse_cbor(val[pointer:])
                       ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/matt/Developer/py_webauthn/webauthn/helpers/parse_cbor.py", line 18, in parse_cbor
    raise InvalidCBORData(
webauthn.helpers.exceptions.InvalidCBORData: Could not decode CBOR data

Investigating...