Getting Error Message : "fido_assert_verify: FIDO_ERR_INVALID_SIG" Error code: -6 when trying to assert verify

[gunjanai]

Hi,

I am able to register the credentials with libfido2 and webAuthn. I am getting the public key but when using the same for assertion I am getting the following error-
"fido_assert_verify: FIDO_ERR_INVALID_SIG" Error code: -6 when trying to assert verify

I am getting following logs-

cbor_decode_assert_authdata: buf=0x7fc52c0066f0, len=37
sig_bytearray 0x7fc53c3d1e40

fido_check_flags: flags=05
fido_check_flags: up=0, uv=0
fido_get_signed_hash: cose_alg=-7
es256_verify_sig: EVP_PKEY_verify
es256_pk_verify_sig: es256_verify_sig

Error Message : "fido_assert_verify: FIDO_ERR_INVALID_SIG" Error code: -6

This is the response I am getting from webAuthn and I am able to set clientDataHash, authData and signature-
{"rawId":[1,108,-77,0,64,-62,-4,66,8,101,65,75,71,53,-49,55,32,12,-12,44,-16,62,58,-93,-69,49,-19,87,-95,-110,-11,64,-124,120,82,-33,-2,-110,94,-47,-115,-20,123,-58,-74,-123,-68,110,46,-6,22,2,-100,109,71,68,33,-60,-71,-115,57,-5,-74,-120,82],"response":{"authenticatorData":[45,117,26,64,-66,-93,-80,105,27,-40,34,51,76,-79,-71,-82,-15,-109,-19,98,100,-12,-98,-76,43,-97,11,77,123,24,-30,-107,5,0,0,0,4],"clientDataJSON":[123,34,116,121,112,101,34,58,34,119,101,98,97,117,116,104,110,46,103,101,116,34,44,34,99,104,97,108,108,101,110,103,101,34,58,34,65,65,69,67,65,119,81,70,66,103,99,73,67,81,111,76,68,65,48,79,68,120,65,82,69,104,77,85,70,82,89,88,71,66,107,97,71,120,119,100,72,104,56,103,73,83,73,106,74,67,85,109,74,121,103,112,75,105,115,115,76,83,52,118,77,68,69,121,77,122,81,49,78,106,99,52,79,84,111,55,80,68,48,45,80,48,66,66,81,107,78,69,82,85,90,72,83,69,108,75,83,48,120,78,84,107,57,81,85,86,74,84,86,70,86,87,86,49,104,90,87,108,116,99,88,86,53,102,89,71,70,105,89,50,82,108,90,109,100,111,97,87,112,114,98,71,49,117,98,51,66,120,99,110,78,48,100,88,90,51,101,72,108,54,101,51,120,57,102,110,56,34,44,34,111,114,105,103,105,110,34,58,34,97,110,100,114,111,105,100,58,97,112,107,45,107,101,121,45,104,97,115,104,58,103,120,87,111,106,79,104,52,118,80,122,45,122,86,103,99,50,97,50,102,106,108,121,88,99,53,55,121,98,100,71,106,100,80,90,109,95,104,67,50,97,100,111,34,44,34,97,110,100,114,111,105,100,80,97,99,107,97,103,101,78,97,109,101,34,58,34,105,110,46,115,105,101,109,101,110,115,46,102,105,100,111,50,99,108,105,101,110,116,95,107,111,116,108,105,110,34,125],"signature":[48,69,2,32,71,121,-44,-125,42,27,63,-127,-103,100,30,105,-76,61,-58,-1,58,-21,40,-57,-69,-98,122,-113,-9,-119,68,-98,-65,-74,77,-3,2,33,0,-115,72,15,56,-95,13,14,-77,-127,24,-39,85,23,90,120,93,-15,23,0,51,-49,-39,-11,127,-35,-120,42,-7,101,1,-81,-68]}}

The public key is in the following format-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOP6NpkmtyO6HY2eszCPXFN7itMCu
76qfx0FR/c56QGIOt9LObT1Onu9I8X0JNJFp429k/Dle/NHZRf3Pp9ct5Q==
-----END PUBLIC KEY-----

The same public key can be used for assertion via similar implementation in NodeJS.

Any help is much appreciated.

[LDVG]

Hi,

I cannot seem to decode your public key. Are you sure it's a correctly encoded, valid, public key? How are you passing it to libfido2?

$ cat public.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOP6NpkmtyO6HY2eszCPXFN7itMCu
76qfx0FR/c56QGIOt9LObT1Onu9I8X0JNJFp429k/Dle/NHZRf3Pp9ct5Q==
-----END PUBLIC KEY-----
$ openssl ec -pubin -inform PEM -text -in public.pem
read EC key
Could not read public key from public.pem
481B3CF9437F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
481B3CF9437F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
unable to load Key

[gunjanai]

Apologies there was a copying error in the public key. Here is the right public key-

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOP6NpkmtyO6HY2eszCPXFN7itMCu
76qfx0FR/c56QGIOt9LObT1OMu9I8X0JNJFp429k/Dle/NHZRf3Pp9ct5Q==
-----END PUBLIC KEY-----

[LDVG]

Yes, that works better and I can manually verify the signature over the authenticator data and client data hash. If the signature does not verify in libfido2, you're likely passing the wrong authenticator data, client data, signature, or public key.

For further assistance, please show exactly how you are calling libfido2 and with what data.

[gunjanai]

Here is the code that I am using to provide authenticator data, client data, signature and public key. The public key is stored in a pem file in the project.

To Read Public Key from pem file
EC_KEY *
read_ec_pubkey(const char *path)
{
    FILE *fp = NULL;
    EVP_PKEY *pkey = NULL;
    EC_KEY *ec = NULL;

    if ((fp = fopen(path, "r")) == NULL) {
        exitWithError("fopen(): read_ec_pubkey  ");
        goto fail;
    }

    if ((pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
        exitWithError("PEM_read_PUBKEY : read_ec_pubkey ");
        goto fail;
    }
    if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
        exitWithError("EVP_PKEY_get1_EC_KEY : read_ec_pubkey ");
        goto fail;
    }

fail:
    if (fp != NULL) {
        fclose(fp);
    }
    if (pkey != NULL) {
        EVP_PKEY_free(pkey);
    }
    return (ec);
}

EC_KEY        *ec = NULL;
    void        *pk;
    es256_pk_t    *es256_pk = NULL;

    /* credential pubkey */
        if ((ec = read_ec_pubkey(public_key_file_path)) == NULL)
            errx(1, "read_ec_pubkey");

        if ((es256_pk = es256_pk_new()) == NULL)
            errx(1, "es256_pk_new");

        if (es256_pk_from_EC_KEY(es256_pk, ec) != FIDO_OK)
            errx(1, "es256_pk_from_EC_KEY");

        pk = es256_pk;
        EC_KEY_free(ec);
        ec = NULL;

// Read Authenticator Data, cdh and signature from json
QJsonArray authenticatorData = responseJson["authenticatorData"].toArray();
QJsonArray clientDataJSON = responseJson["clientDataJSON"].toArray();
QJsonArray signature = responseJson["signature"].toArray();

/*set cdh*/
std::vector<char> cdhvector;
    std::transform(clientDataJSON.cbegin(),clientDataJSON.cend(),std::back_inserter(cdhvector),[](const QJsonValue &ref){
        return (char)ref.toInt();
    });

    const unsigned char * cdh_ptr = reinterpret_cast<const unsigned char*>(cdhvector.data());
    size_t cdh_len = cdhvector.size();

    r = fido_assert_set_clientdata_hash(assert, cdh_ptr,cdh_len);
    if (r != FIDO_OK)
        {
            exitWithError("fido_assert_set_clientdata_hash",r);
        }

/*set authenticatorData*/
std::vector<uint8_t> atObjectVector;
    const unsigned char * auth_ptr;
    size_t auth_len;
    std::transform(authenticatorData.cbegin(),authenticatorData.cend(),std::back_inserter(atObjectVector),[](const QJsonValue &ref){
        return (uint8_t)ref.toInt();
    });

    auth_len = atObjectVector.size();
    auth_ptr = static_cast<const unsigned char*>(atObjectVector.data());

    r = fido_assert_set_count(assert, 1);
    if (r != FIDO_OK)
        exitWithError("fido_assert_set_count",r);

    r = fido_assert_set_authdata_raw(assert, 0,auth_ptr,auth_len);
    if (r != FIDO_OK)
        exitWithError("fido_assert_set_authdata_raw",r);

/*set signature*/
    std::vector<uint8_t> sigVector;
    const unsigned char * sig_ptr;
    size_t sig_len;
    std::transform(signature.cbegin(),signature.cend(),std::back_inserter(sigVector),[](const QJsonValue &ref){
        return (uint8_t)ref.toInt();
    });
    sig_len = sigVector.size();
    sig_ptr = static_cast<const unsigned char*>(sigVector.data());

    r = fido_assert_set_sig(assert, 0, sig_ptr, sig_len);
    if (r != FIDO_OK)
        exitWithError("fido_assert_set_sig: ",r);

/*assert verify*/
    r = fido_assert_verify(assert, 0, algo, pk);
    if (r != FIDO_OK)
        exitWithError("fido_assert_verify",r);

[LDVG]

It looks like you're calling fido_assert_set_clientdata_hash() with the contents of the clientDataJSON as referenced above. I would assume this is incorrect, instead call fido_assert_set_clientdata() (or hash the contents of clientDataJSON before calling fido_assert_set_clientdata_hash()).

[gunjanai]

Thank you this worked!

But I would like to know the reason behind the working of this flow.
For register I used the same kind of structure but with fido_cred_set_clientdata_hash() and it worked! (did not work with fido_cred_set_clientdata())

For assertion same structure is working with fido_assert_set_clientdata() but not with fido_assert_set_clientdata_hash().

[LDVG]

Without knowing more about how you are registering a credential and what data you are passing to libfido2 when verifying the credential, it's difficult to guess. It would appear the client data passed during credential registration has already been hashed when given to libfido2 (i.e. fido_cred_set_clientdata_hash() must be used instead of fido_cred_set_clientdata()).