Question about the initial serialized large-blob array

Skip to first unread message

Sep 28, 2021, 12:43:02 AMSep 28
to FIDO Dev (fido-dev)

The initial serialized large-blob array is h'8076be8b528d0075f7aae98d6fa57a6d3c'. What is the response to a get request, as well as immediately after a reset? Is it " a1018076be8b528d0075f7aae98d6fa57a6d3c"? Is it a correct CBOR encoding? I don't know how to implement it.

Thanks for your help,
Best regards

nuno sung

Sep 28, 2021, 1:01:43 AMSep 28
to FIDO Dev (fido-dev),
The data type of config (0x01) is Byte String. The the response should be started with a1 01 51 80 76 ....... the 0x51 here means bytes(17)
Anyway, you should check it with first. 在 2021年9月28日 星期二下午12:43:02 [UTC+8] 的信中寫道:


Sep 29, 2021, 9:01:43 PMSep 29
to FIDO Dev (fido-dev),
Please make sure that your key is calculated in a certain way, or is bound to the certificate. Of course, the best way is to perform calculations in a specific way.

Sep 29, 2021, 9:25:28 PMSep 29
to FIDO Dev (fido-dev), goll,
Is this for largeBlobKey? 

goll 在 2021年9月30日 星期四上午9:01:43 [UTC+8] 的信中寫道:


Sep 29, 2021, 9:27:52 PMSep 29
to FIDO Dev (fido-dev),

Adam Langley

Oct 4, 2021, 4:04:06 PMOct 4
to FIDO Dev (fido-dev),
The serialized large-blob array is handled by the authenticator at three different levels of abstraction depending on the operation.

Firstly, for storage purposes and when the platform is reading it, it's an opaque bytestring. That's the level at which to interpret the initial value: it's just a magic sequence of 136 bits that you set it to after reset.

When the platform has just finished writing the serialized large-blob array, the authenticator considers it with one more level of structure: it's an opaque bytestring followed by 16 bytes of checksum. The checksum is a truncated SHA-256 hash and you can calculate most the initial value from that:

>>> contents_hex = '80'
>>> contents_hex + hashlib.sha256(bytes.fromhex(contents_hex)).hexdigest()[:32] 

Lastly, the authenticator can optionally understand it at the same level that the platform does: as a CBOR array followed by the checksum. That explains the initial value fully: 0x80 is an empty CBOR array.

I hope that helps.

Reply all
Reply to author
0 new messages