[BUG] Failure in verifying signature of message 65

[Sai-Anudeep47]

To simplify issue resolution process, please provide network logs, and or test voucher.

What part of the spec are you testing?

• [ ] Rendezvous Server
• [ ] Device Onboarding Service
• [x] Device Implementation

What protocol are having issue with?

• [ ] TO0
• [ ] TO1
• [x] TO2

Issue description

• Client fails to verify signature of COSE Payload sent in message 65 by conformance owner. Screenshot is attached for reference.

• Upon debugging, following is observed.

  • COSE Signature is generated by using current owner's private key rather than Owner2's private key (whose public key is sent in COSE payload of message 65) which is not accordance with spec as mentioned at https://tinyurl.com/cosesignmsg65

  • Code snippet on conformance owner w.r.t same is as follows and from https://github.com/fido-alliance/fdo-fido-conformance-server/blob/main/core/do/to2/listener-to2-64-ProveDevice.go#L16

    setupDevice, err := fdoshared.GenerateCoseSignature(setupDevicePayloadBytes, fdoshared.ProtectedHeader{}, 
    fdoshared.UnprotectedHeader{}, **privateKeyInst**, session.SignatureType)
    privateKeyInst, err := fdoshared.ExtractPrivateKey(session.PrivateKeyDER)

[yackermann]

@Sai-Anudeep47 yes, because we are doing credential reuse, so no change on the key.

[yackermann]

@Sai-Anudeep47 is this still an issue?

[Sai-Anudeep47]

@herrjemand We are discussing this at present, will update here accordingly.