[BUG] Failed to parse Cose signature

[quanvincss]

To simplify issue resolution process, please provide network logs, and or test voucher. f1d0fd00eb104ea5b97286286aefac1b.voucher.txt

What part of the spec are you testing?

• [ ] Rendezvous Server
• [x] Device Onboarding Service
• [ ] Device Implementation

What protocol are having issue with?

• [ ] TO0
• [ ] TO1
• [ ] TO2

Issue description

• The voucher is received from API /api/dot/vouchers/{uuid}.
• Verify the 5th OVEntry failed due to the odd length of the signature, it cannot be divided into 2 parts r and s with equal length or there is no clue to determine which part has a longer length.
• The failed OVEntry data:

      [
          h'a10126',
          {},
          h'84822f58200004fd9bbb225542373f8b3933c441e9d8d747f722ca631f28e541adbf7c0719822f5820108ae9affcb0c66a40126be139890073544b67f301d7b758b1a5429aca2aaed7f6830a01585b3059301306072a8648ce3d020106082a8648ce3d0301070342000465e23c98fd12d88463d4749e7fe3d3d3b2dd97797b84115240d7613183b5cc6749b658302f69e08fdf69c085aee039b4446184019e595725ad2e8e9ad3f6df37',
          h'07fe3a27f5a3edffc7aaa3c9d5e74c5e1075dfee49fb795f3ea4ac314f83c6f1b054731ab4e8c9b9aae2d86469d1cff7cbe27cb5838ad30faee8720f0e5052',
      ]

[yackermann]

I can not reproduce this issue. I am getting consistent 64byte signature output

[yackermann]

@quanvincss since the change in #8, try reeseeding DB, and running tests again.

[quanvincss]

I can not reproduce this issue. I am getting consistent 64byte signature output

Even if I do reseeding the DB, or I can't reproduce this issue "several" times, the issue still exists, with the big length of r and s, you may need to try thousands of times or even more to see. But it is possible to check and add 0 padding to r and s to their maximum size https://github.com/fido-alliance/fdo-fido-conformance-server/blob/62b74d9157cc270af551e779310f92c9eb70626c/core/shared/signing.crypto.go#L247

[yackermann]

I will add additional check when generating r/s

On Mon, 2 Oct 2023 at 5:58 PM, quanvincss @.***> wrote:

I can not reproduce this issue. I am getting consistent 64byte signature output

Even if I do reseeding the DB, or I can't reproduce this issue "several" times, the issue still exists, with the big length of r and s, you may need to try thousands of times or even more to see. But it is possible to check and add 0 padding to r and s to their maximum size

https://github.com/fido-alliance/fdo-fido-conformance-server/blob/62b74d9157cc270af551e779310f92c9eb70626c/core/shared/signing.crypto.go#L247

— Reply to this email directly, view it on GitHub https://github.com/fido-alliance/fdo-fido-conformance-server/issues/44#issuecomment-1742400933, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMPOFGWBPN4QCCEJ6QKNGLX5JCXBANCNFSM6AAAAAA5HMFJEI . You are receiving this because you were assigned.Message ID: @.*** com>

[yackermann]

I ran over 100,000 runs. All signatures validate, and no issues with the size no more!

ECDSA can be weird...

[quanvincss]

Nice!