search

fido-alliance / iot-fdo-conformance-tools

FIDO Alliances Reference FDO Implementation and Conformance Testing
https://fidoalliance.org/intro-to-fido-device-onboard/
Other
5 stars 2 forks source link

[BUG] Error generating voucher #37

Closed quanvincss closed 1 year ago

quanvincss commented 1 year ago

To simplify issue resolution process, please provide network logs, and or test voucher.

2023/09/10 20:40:59 Generate vouchers. Error generating voucher f1d0fd00-8b4e-4a80-801d-8c667eb11a8d for test FIDO_TEST_VOUCHER_HEADER_BAD_PROT_VERSION. Error generating OVEntry. error generating ES256 cose signature. Could not cast privKey instance to ECDSA PrivateKey
2023/09/10 20:40:59 Responding error: Failed to generate vouchers. Internal server error. HTTP code 500

What part of the spec are you testing?

What protocol are having issue with?

Issue description

yackermann commented 1 year ago

@quanvincss try https://github.com/fido-alliance/fdo-fido-conformance-server/releases/tag/v0.5.0

you will need to reset you badger db though

quanvincss commented 1 year ago

@quanvincss try https://github.com/fido-alliance/fdo-fido-conformance-server/releases/tag/v0.5.0

you will need to reset you badger db though

I tried and it didn't work, I don't think it's badger db issue.

You generate mfgPrivateKey with DCSgType: https://github.com/fido-alliance/fdo-fido-conformance-server/blob/7e3793a69557037fe3463fba23fac34d745039df/core/device/genvoucher.go#L74

then you assign prevEntrySgType to value of DCSgType through the DeviceSgTypeOVMapping map: https://github.com/fido-alliance/fdo-fido-conformance-server/blob/7e3793a69557037fe3463fba23fac34d745039df/core/device/genvoucher.go#L144

var DeviceSgTypeOVMapping map[DeviceSgType]DeviceSgType = map[DeviceSgType]DeviceSgType{
    StSECP256R1: StSECP256R1,
    StSECP384R1: StSECP384R1,
    StRSA2048:   StSECP256R1,
    StRSA3072:   StSECP384R1,
    StEPID10:    StEPID10,
    StEPID11:    StEPID11,
}

so if DCSgType (type of mfgPrivateKey) = StRSA2048, then prevEntrySgType = StSECP256R1 and if DCSgType = StRSA3072, then prevEntrySgType = StSECP384R1.

Subsequently, the error happens here: https://github.com/fido-alliance/fdo-fido-conformance-server/blob/7e3793a69557037fe3463fba23fac34d745039df/core/shared/signing.crypto.go#L241

when the sgType (input value is prevEntrySgType) is StSECP256R1, but the privateKeyInterface (input value is mfgPrivateKey that is type of StRSA2048) cannot be converted to ecdsa.PrivateKey key.

yackermann commented 1 year ago

Resolved