search

fido-alliance / iot-fdo-conformance-tools

FIDO Alliances Reference FDO Implementation and Conformance Testing
https://fidoalliance.org/intro-to-fido-device-onboard/
Other
5 stars 2 forks source link

[BUG] Endianness mismatch in Key exchange from Conformance Owner #25

Closed Sai-Anudeep47 closed 1 year ago

Sai-Anudeep47 commented 1 year ago

to2_endianness_logs.txt

What part of the spec are you testing?

What protocol are having issue with?

Issue description

It is observed during message 61, 'xAKeyExchange' field is sent by conformance owner is in Little Endian format due to which client is unable to decode and throwing at message 64.

Expected value - '0020' Actual value - '2000'

This is also related to #24

Resolved by changing all occurrences of "LittleEndian" to "BigEndian" in

core/shared/kex.crypto.go

Sai-Anudeep47 commented 1 year ago

@herrjemand Issue still persists when using SECP256R1 attestation type and observed the fix is provided only for SECP384R1 and is still using Little-endian for SECP256R1 at https://github.com/fido-alliance/fdo-fido-conformance-server/blob/main/core/shared/kex.crypto.go#L149

yackermann commented 1 year ago

Yes. Correct. Sorry. Addressed