Monday, 21 October 2019

iOS FIDO2 BLE Authenticator: Invalid encoding for signature

I'm developing an iOS BLE authenticator. As of now, I can register using NONE attestation. When I try to authenticate getting "Invalid encoding for signature".

As I want to do NONE and SURROGATE, followed https://www.w3.org/TR/webauthn/ section 6.4.5. Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures. It states the following things,

For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, a signature value is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [RFC3279] section 2.2.3.

    Example:
    30 44; SEQUENCE (68 Bytes)             02 20; INTEGER (32 Bytes)
        |  3d 46 28 7b 8c 6e 8c 8c  26 1c 1b 88 f2 73 b0 9a
        |  32 a6 cf 28 09 fd 6e 30  d5 a7 9f 26 37 00 8f 54
        02 20                            ; INTEGER (32 Bytes)
        |  4e 72 23 6e a3 90 a9 a1  7b cf 5f 7a 09 d6 3a b2
        |  17 6c 92 bb 8e 36 c0 41  98 a2 7b 90 9b 6e 8f 13

My iOS encoded signature: 30450221008dec31cc36160522df4419935dd0aa6b5c198b946a90b19a47fd8927d57ceb6502201de973a69e7927e7eadace24bf7de352f38f5e0280c2364f3c108d28ec1d7fa1

Android encoded signature: 304502200ea2e7de7c97c4594148b9a0bc6bd8dcffdf3a5e4cbab2d20f186039768db75d022100e627ac5c71c082f85d5bea2afd212fddd80438e5cfebf1d3d02e149512ebc528

When I pass the android signature to Java server, it is verified successfully. But iOS always throws the following error.

at com.xxx.fido2.processor.TestSignature.main(TestSignature.java:21) . 
Caused by: java.security.SignatureException: Invalid encoding for signature . 
at sun.security.ec.ECDSASignature.decodeSignature(ECDSASignature.java:468) . 
Caused by: java.security.SignatureException: Invalid encoding for signature . 

at sun.security.ec.ECDSASignature.engineVerify(ECDSASignature.java:390) . 
... 4 more . 
Caused by: java.io.IOException: Sequence tag error . 
Caused by: java.io.IOException: Sequence tag error . 
Caused by: java.security.SignatureException: Invalid encoding for signature . 

at sun.security.ec.ECDSASignature.engineVerify(ECDSASignature.java:390) . 
... 4 more . 
Caused by: java.io.IOException: Sequence tag error . 
Caused by: java.io.IOException: Sequence tag error .

Any help would be appreciated. Thanks in advance.



from iOS FIDO2 BLE Authenticator: Invalid encoding for signature
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)