Question about the initial serialized large-blob array

72 views
Skip to first unread message

czwm...@gmail.com

unread,
Sep 28, 2021, 12:43:02 AM9/28/21
to FIDO Dev (fido-dev)
Hi,

The initial serialized large-blob array is h'8076be8b528d0075f7aae98d6fa57a6d3c'. What is the response to a get request, as well as immediately after a reset? Is it " a1018076be8b528d0075f7aae98d6fa57a6d3c"? Is it a correct CBOR encoding? I don't know how to implement it.
largeblob.png

Thanks for your help,
Best regards

nuno sung

unread,
Sep 28, 2021, 1:01:43 AM9/28/21
to FIDO Dev (fido-dev), czwm...@gmail.com
The data type of config (0x01) is Byte String. The the response should be started with a1 01 51 80 76 ....... the 0x51 here means bytes(17)
Anyway, you should check it with http://cbor.me/ first.
czwm...@gmail.com 在 2021年9月28日 星期二下午12:43:02 [UTC+8] 的信中寫道:

goll

unread,
Sep 29, 2021, 9:01:43 PM9/29/21
to FIDO Dev (fido-dev), czwm...@gmail.com
Please make sure that your key is calculated in a certain way, or is bound to the certificate. Of course, the best way is to perform calculations in a specific way.

czwm...@gmail.com

unread,
Sep 29, 2021, 9:25:28 PM9/29/21
to FIDO Dev (fido-dev), goll, czwm...@gmail.com
Is this for largeBlobKey? 

goll 在 2021年9月30日 星期四上午9:01:43 [UTC+8] 的信中寫道:

goll

unread,
Sep 29, 2021, 9:27:52 PM9/29/21
to FIDO Dev (fido-dev), czwm...@gmail.com
right

Adam Langley

unread,
Oct 4, 2021, 4:04:06 PM10/4/21
to FIDO Dev (fido-dev), czwm...@gmail.com
The serialized large-blob array is handled by the authenticator at three different levels of abstraction depending on the operation.

Firstly, for storage purposes and when the platform is reading it, it's an opaque bytestring. That's the level at which to interpret the initial value: it's just a magic sequence of 136 bits that you set it to after reset.

When the platform has just finished writing the serialized large-blob array, the authenticator considers it with one more level of structure: it's an opaque bytestring followed by 16 bytes of checksum. The checksum is a truncated SHA-256 hash and you can calculate most the initial value from that:

>>> contents_hex = '80'
>>> contents_hex + hashlib.sha256(bytes.fromhex(contents_hex)).hexdigest()[:32] 
'8076be8b528d0075f7aae98d6fa57a6d3c'

Lastly, the authenticator can optionally understand it at the same level that the platform does: as a CBOR array followed by the checksum. That explains the initial value fully: 0x80 is an empty CBOR array.

I hope that helps.


AGL
Reply all
Reply to author
Forward
0 new messages