Credential compare on server "AttestationObject invalid CBOR"

Privacy & Security General
iOSseb OP
Created Dec ’22
Replies 1
Boosts 0
Views 1.2k
Participants 2

Hello developers,

I'm trying to use the following library (https://github.com/passwordless-lib/fido2-net-lib) with passkeys on iOS.

Every time I try to complete the registration I get a CBOR error from the library with the following response: "AttestationObject invalid CBOR (Declared Definite Length of CBOR Data Item Overs Available Buffer Size.)"

I already spoke to the developer of the library on GitHub (https://github.com/passwordless-lib/fido2-net-lib/issues/357)

Every time I've tried, the AttestationObject from the ASAuthorizationPlatformPublicKeyCredentialRegistration response is malformed.

A CBOR verification in a web decoder also ends with an invalid CBOR object (verification error: CBOR Decode - Unexpected data: 0x36)

When I try to verify on a site that uses passkeys, it works.

Is there a fix for this, or is Apple removing something from the AttestationObject in the ASAuthorizationPlatformPublicKeyCredentialRegistration response?

Replies  1
Boosts  0
Views  1.2k
Participants  2
Systems Engineer OP
Apple
Jan ’23

Based on the GitHub discussion, the issue is likely how you're encoding/decoding as a string. For example, the linked CyberChef page is doing incorrect work, leading to an incorrect result. If you disable the "URL Decode" and "To Hex" steps (leaving just "From Base64" and "CBOR Decode"), then the attestationObject is parsed correctly. Make sure that you're doing the correct conversion from the bytes in rawAttestationObject to the format that the library you're using expects.

0
Credential compare on server "AttestationObject invalid CBOR"
First post date Last post date
 
 
Q