signature verification failure

[Kwon-Myeongeun]

By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.

If you have privacy concerns, please email conformance-tools@fidoalliance.org

FIRST PRE CHECK

• [x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE

What protocol are you implementing?

• [] FIDO2 Server
• [ ] CTAP2.0
• [ ] CTAP2.1
• [x] UAF 1.1
• [ ] U2F 1.1
• [ ] U2F 1.2

NOTE: UAF 1.0 certification have been officially sunset. U2F 1.2 only supported version of U2F.

What is your implementation class?

• [ ] Security Key / FIDO2 / U2F authenticators
• [ ] Server
• [x] UAF Client-ASM-Authenticator combo
• [x] UAF Client
• [x] UAF ASM-Authenticator

If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org

What is the version of the tool are you using?

v1.6.2

What is the OS and the version are you running?

For desktop tools

• [ ] OSX
• [ ] Windows
• [ ] Linux

For UAF mobile tools

• [ ] iOS
• [x] Android

Issue description

When attempting to pass Authentication tests for an Android app using UAF 1.1 we are encountering a failure in signature verification. Only the error message 'DataErrorError' is displayed without any accompanying error log, making it difficult to determine the root cause of the issue.

We are generating key pair and signature Public Key Representation Formats : UAF_ALG_KEY_RSA_2048_PSS_DER Authentication Algorithms : UAF_ALG_SIGN_RSASSA_PSS_SHA256_RAW

Is there any way to check the error details?

[iirachek]

@Kwon-Myeongeun Sorry for the delay. On android, the detailed log for mobile tooling is written through LogCat. Alternatively, you may try using Chrome Remote Device to access some information.

[Kwon-Myeongeun]

@iirachek Signature verification succeeds in my test code but the test tool fails. Can you help me figure out what we are doing wrong?

Signature: val signature = Signature.getInstance("SHA256withRSA/PSS") signature.setParameter(PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1))

[iirachek]

@Kwon-Myeongeun It may be related to the value of TAG_PUB_KEY returned inside TAG_UAFV1_REG_ASSERTION. Registration is performed during the before step of the Protocol-Auth-Resp-3 test sequence and the public key is stored for later signature verification in P-3.

In that case, unexpected or invalid format of the public key returned during registration is likely the source of the DataError for this particular test.

Examples of authenticator replies to registration and authentication commands during this test may help with investigating the problem.

[Kwon-Myeongeun]

@iirachek As you mentioned, the issue stemmed from it not being in ASN.1 DER format. We sincerely appreciate your assistance and would like to convey our heartfelt gratitude.