While testing using the self-conformance tool v1.7.14 for CTAP 2.1, I encountered the following error:
Authr-MakeCred-Resp-1 Test registration response, and “packed” attestation:
P-02 AssertionError: For ES512 x coefficient MUST be exactly 64 bytes long!: expected 66 to equal 64 at n.eval (eval at compileCode (js/sandbox.js:25:26), :6482:28)
The authenticator under test returned 66 bytes for the x and y component for ES512 (which is correct for P-521 curve) but the tool expects 64 bytes. In addition, the self-conformance tool code snippet below expects P-521/secp521r1 but its expected length is wrong.
_…
} else if(COSE_ALG_TO_FIDO_ALG_SHORT[keyStruct[COSE_KEYS.alg]] === ‘secp521r1_ecdsa_sha512_raw’ {
assert.strictEqual(keyCBORStruct[COSE_KEYS.x].byteLength, 64, ‘For ES512 x coefficient MUST be exactly 64 bytes long!’);
assert.strictEqual(keyCBORStruct[COSEKEYS.y].byteLength, 64, ‘For ES512 y coefficient MUST be exactly 64 bytes long!’);
}
…
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
1.7.14
What is the OS and the version are you running?
Windows 10 For desktop tools
For UAF mobile tools
Issue description
Based on WebAuth, https://www.w3.org/TR/webauthn-2/#sctn-alg-identifier Keys with algorithm ES512 (-36) MUST specify P-521 (3) as the crv parameter and MUST NOT use the compressed point form.
While testing using the self-conformance tool v1.7.14 for CTAP 2.1, I encountered the following error: Authr-MakeCred-Resp-1 Test registration response, and “packed” attestation: P-02 AssertionError: For ES512 x coefficient MUST be exactly 64 bytes long!: expected 66 to equal 64 at n.eval (eval at compileCode (js/sandbox.js:25:26),:6482:28)
The authenticator under test returned 66 bytes for the x and y component for ES512 (which is correct for P-521 curve) but the tool expects 64 bytes. In addition, the self-conformance tool code snippet below expects P-521/secp521r1 but its expected length is wrong. _… } else if(COSE_ALG_TO_FIDO_ALG_SHORT[keyStruct[COSE_KEYS.alg]] === ‘secp521r1_ecdsa_sha512_raw’ { assert.strictEqual(keyCBORStruct[COSE_KEYS.x].byteLength, 64, ‘For ES512 x coefficient MUST be exactly 64 bytes long!’); assert.strictEqual(keyCBORStruct[COSEKEYS.y].byteLength, 64, ‘For ES512 y coefficient MUST be exactly 64 bytes long!’); } …