Closed ghislaindemael closed 4 months ago
@iirachek Is it a quick-fix, or does it require a little more time ?
The fix itself won't take long, but the publication of a new release build does. I'll look into how the workflow can be adjusted to allow for hotfix releases.
Thanks for the heads up ! I'll look to dev other aspects while waiting for the hotfix.
Algorithm identifiers were updated in the latest 1.7.19 version to match the registry, which now should lead to properly hashed messages.
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
What is your implementation class?
If you are platform authenticator vendor, please email conformance-tools@fidoalliance.org
What is the version of the tool are you using?
v1.7.17
What is the OS and the version are you running?
For desktop tools
Issue description
While building my MakeCredential Response, I have a continuous
AssertionError: The assertion signature can not be verified!: expected false to be true
, while trying to validate mysecp521r1_ecdsa_sha512_raw
signature.Fast-forward to the problem, I found that the
COSE_ALG_HASH
dictionary defined in(...\resources\app.asar\dependencies\cryptodep.js:93
does not link the proper hash algorithms, according to the IANA COSE Algorithms list.In my case, I am using a P-521 curve with a SHA512 hasher, therefore I declare using algorithm
-36
, however, the Tools hash my message with a SHA-384 hasher, thus giving non-corresponding results.