Yubico Forum
https://forum.yubico.com/

Wrong signature length of an U2F response?
https://forum.yubico.com/viewtopic.php?f=33&t=2048		 Page 1 of 1
Author:  corny [ Tue Sep 29, 2015 2:41 pm ]
Post subject:  Wrong signature length of an U2F response?
Hi,
I am implementing U2F in python.

I registered a u2f device, send a challenge and I am getting the response.

I run my unittest against the values from
https://fidoalliance.org/specs/fido-u2f ... on-example
which works out fine.

They give an example signature like:

"304402204b5f0cd17534cedd8c34ee09570ef542a353df4436030ce43d406de870b847780220267bb998fac9b7266eb60e7cb0b5eabdfd5ba9614f53c7b22272ec10047a923f"

To my understanding this is DER encoded.
which is very well explained here
http://crypto.stackexchange.com/questio ... e-to-asn-1

So after the first byte 0x32 I get 0x44, which is 68 (minus the 4 bytes markes and length) I get a raw signature length of 64 bytes.

I am using python-edcsa. Putting this into my code

Code:
    vkey = ecdsa.VerifyingKey.from_string(user_pub_key_bin,
                                          curve=ecdsa.NIST256p,
                                          hashfunc=sha256)
    vkey.verify(signature_bin_asn, input_data)


works out just fine.
Great. Now going live. I registered the blue yubikey u2f and am now doing a challenge request.
The response gives me this signature:

'3046022100ff57770dfcdf1bcb80f303459215a23577b3fcffcf48ce70c589cd5620b3524c022100daa4ed2727477b95a91185fc30aa7488a47370cf4a3551c208e6709b445bc2a4'

The second byte gives me a remaining length of 70 bytes and I end up with a raw signature length of 66 bytes.
Is this really correct?

Feeding this into python-edcsa gives me an assertion, since it expects a signature length of 64.

Thanks for any insight.

Kind regards
Cornelius
Author:  corny [ Tue Sep 29, 2015 3:02 pm ]
Post subject:  Re: Wrong signature length of an U2F response?
Bummer.

I realized, that sometimes the two values vr and vs are 33/32 or 32/33 bytes.
Sometimes 32/32 and then the signature worked.

Reading a bit deeper I realized, that it is due to the DER encoding, that a 33byte length value starts with a \0x00, which needs to bedropped, when verifying the signature.

Now everything works fine.

(if I new how to mark this thing as solved)
Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/