Support for Webauthn + Secp256r1

[doitian]

Thank you for your hard work. I have successfully tested the secp256r1 in the auth_libecc library. However, there is a major issue with this library as it only allows messages of 32 bytes.

As per the Webauthn specification, specifically section 6.3.3, the data to be signed must have a minimum length of 69 bytes. Although the ECC signature (DSS) requires the data to be hashed with SHA256, libecc automatically handles this hashing process. If I pass an SHA256 hash to auth_libecc, it will perform two passes of SHA256 hashing, resulting in a verification failure.

6.3.3. The authenticatorGetAssertion Operation

The message length is a part of the ckb-auth interface. The simplest workaround I can think of is to allow users to skip the SHA256 hash in libecc and pass the SHA256 hash directly.

Test Vector

message: 2b8b05e1f0303efb898fe4d6de601198c7a7b864abbe6a21c73b2e787e187c520500000000384894418ce002769e96ff7d6703fce9b5ba98b56aab181349eed402146a3e81
sha256(message): c64b87698d4442f7692ad82aaddcb4b7c345770ada374a09752489c28b118f24
signature: bedea43a55185f12b458ec3ec590986e8c798fe2636424b12855d21e94b187a874eb3704471863d915b6e2cae932ad60ddd2bd1302ebbd116fa1b3396461808d
pubkey: 3538dfd53ad93d2e0a6e7f470295dcd71057d825e1f87229e5afe2a906aa7cfc099fdfa04442dac33548b6988af8af58d2052529088f7b73ef00800f7fbcddb3

The message is a 69-byte binary that needs to be signed. It consists of 37 bytes of authenticator data and a 32-byte client data hash.

Context

I'm trying to make ckb-auth work with the signature created by JoyID, more background can be found in my post: How to Verify JoyID WebAuthn Signature

[XuJiandong]

The message length is a part of the ckb-auth interface. The simplest workaround I can think of is to allow users to skip the SHA256 hash in libecc and pass the SHA256 hash directly.

We can add a new ID: AuthAlgorithmIdSecp256R1Raw, it skips hashing internally.