- From: philomathic_life via GitHub <sysbot+gh@w3.org>
- Date: Tue, 06 May 2025 15:38:02 +0000
- To: public-webauthn@w3.org
Unfortunately, the ESP256 self attestation test is wrong. The signature is using ES256 and _not_ ESP256: `attestationObject = h'a363666d74667061636b65646761747453746d74a263616c67266373696758473045022043e4bd627e3fd9bd97693afe46170224f2d32315d10c201224bcedadfd4dbf8e022100c912e38555682b78dabe8fa0bc7e5ca1d9a6a5eb09f3e04ccc2be5549b8d5dcd68617574684461746158a4bfabc37432958b063360d3ad6461c9c4735ae7f8edd46592a5e0f01452b2e4b5590000000073afadd5f7b1506f5634c8143fa1927a00203159ac06a08a84a3e9ce7df31b30bcdf9a5c0bea1012adfb639019f70b949b63a5010203282001215820fc174b413cfce26e45b8d9c7644eff7295ccf649ec88d6e93ef16a0763121555225820ff9848e0890d6efcda16145035e74d04d8eb088f27b213d0da5c27109d124ffb'` When we decode above, we get: `\xa3cfmtfpackedgattStmt\xa2calg&…` where non-ASCII is escaped with a leading `\x` and ASCII is left as is for readability. `&` corresponds to ASCII code point 38 (in decimal) that is the same value as CBOR -7 which is ES256. The header should instead look like: `\xa3cfmtfpackedgattStmt\xa2calg(…` where `(` corresponds to the ASCII code point 40 (in decimal) which is the same value as CBOR -9 (i.e., ESP256). I haven't checked the rest of the tests, but it wouldn't surprise me if some of them are also incorrect. -- GitHub Notification of comment by zacknewman Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2290#issuecomment-2855055945 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 6 May 2025 15:38:03 UTC