remove attestation payload in authMakeCredential()

d8447cdd · Josh Ji · 8cfdaad1 · d8447cdd · d8447cdd · d8447cdd
Commit d8447cdd authored Nov 02, 2022 by Josh Ji
4 changed files
--- a/build/javacard/applet.cap
+++ b/build/javacard/applet.cap
--- a/build/javacard/applet.exp/vku2f.jar
+++ b/build/javacard/applet.exp/vku2f.jar
--- a/build/javacard/applet.jca
+++ b/build/javacard/applet.jca
--- a/src/main/java/com/josh/vku2f/CTAP2.java
+++ b/src/main/java/com/josh/vku2f/CTAP2.java
@@ -553,47 +553,48 @@ public class CTAP2 extends Applet implements ExtendedLength {

            // Create a map with 3 things
 //            cborEncoder.startMap((short) 3);
-            cborEncoder.startMap((short) 4);
-            // Add the alg label
-            cborEncoder.encodeTextString(Utf8Strings.UTF8_ALG, (short) 0, (short) 3);
-            // Add the actual algorithm - -7 is 6 as a negative
-            cborEncoder.encodeNegativeUInt8((byte) 0x06);
-            // Add the actual signature, we should generate this
-            cborEncoder.encodeTextString(Utf8Strings.UTF8_SIG, (short) 0, (short) 3);
-
-            // Generate the signature, can't do this directly unfortunately.
-            // We sign over the client data hash and the attested data.
-            // AuthenticatorData is first. We noted down where it begins and know how long
-            // it is.
-            attestationKeyPair.update(dataBuffer, tempVars[7], (short) (tempCredential.getAttestedLen() + 37));
-            // The client data hash is next, which we use to finish off the signature.
-            tempVars[4] = attestationKeyPair.sign(authenticatorMakeCredential.dataHash, (short) 0, (short) authenticatorMakeCredential.dataHash.length, scratch, (short) 0);
-            // Create the byte string for the signature
-            cborEncoder.encodeByteString(scratch, (short) 0, tempVars[4]);
-            // Set the x509 cert now
-            cborEncoder.encodeTextString(Utf8Strings.UTF8_X5C, (short) 0, (short) 3);
-            // Supposedly we need an array here
-            cborEncoder.startArray((short) 1);
-            cborEncoder.encodeByteString(attestationKeyPair.x509cert, (short) 0, attestationKeyPair.x509len);
-
-            /**
-             *     extension
-             */
-            // add extension label
-            cborEncoder.encodeTextString(Utf8Strings.UTF8_EXTENSIONS, (short)0, (short)Utf8Strings.UTF8_EXTENSIONS.length);
-
-            // add extension element
-            cborEncoder.startArray((short)2);
-            // add HMAC
-//            cborEncoder.encodeTextString(Utf8Strings.UTF8_HMAC, (short)0, (short)Utf8Strings.UTF8_HMAC.length );
-            cborEncoder.encodeByteString(idSecret.hmac, (short)0, (short)idSecret.hmac.length);
-//            // add Cx
-//            cborEncoder.encodeTextString(Utf8Strings.UTF8_Cx, (short)0, (short)Utf8Strings.UTF8_Cx.length);
-            cborEncoder.encodeByteString(idSecret.encryptedCx, (short)0, (short)idSecret.encryptedCx.length);
-
-            /**
-             *      end extension
-             */
+//            cborEncoder.startMap((short) 4);
+            cborEncoder.startMap((short) 0);
+//            // Add the alg label
+//            cborEncoder.encodeTextString(Utf8Strings.UTF8_ALG, (short) 0, (short) 3);
+//            // Add the actual algorithm - -7 is 6 as a negative
+//            cborEncoder.encodeNegativeUInt8((byte) 0x06);
+//            // Add the actual signature, we should generate this
+//            cborEncoder.encodeTextString(Utf8Strings.UTF8_SIG, (short) 0, (short) 3);
+//
+//            // Generate the signature, can't do this directly unfortunately.
+//            // We sign over the client data hash and the attested data.
+//            // AuthenticatorData is first. We noted down where it begins and know how long
+//            // it is.
+//            attestationKeyPair.update(dataBuffer, tempVars[7], (short) (tempCredential.getAttestedLen() + 37));
+//            // The client data hash is next, which we use to finish off the signature.
+//            tempVars[4] = attestationKeyPair.sign(authenticatorMakeCredential.dataHash, (short) 0, (short) authenticatorMakeCredential.dataHash.length, scratch, (short) 0);
+//            // Create the byte string for the signature
+//            cborEncoder.encodeByteString(scratch, (short) 0, tempVars[4]);
+//            // Set the x509 cert now
+//            cborEncoder.encodeTextString(Utf8Strings.UTF8_X5C, (short) 0, (short) 3);
+//            // Supposedly we need an array here
+//            cborEncoder.startArray((short) 1);
+//            cborEncoder.encodeByteString(attestationKeyPair.x509cert, (short) 0, attestationKeyPair.x509len);
+//
+//            /**
+//             *     extension
+//             */
+//            // add extension label
+//            cborEncoder.encodeTextString(Utf8Strings.UTF8_EXTENSIONS, (short)0, (short)Utf8Strings.UTF8_EXTENSIONS.length);
+//
+//            // add extension element
+//            cborEncoder.startArray((short)2);
+//            // add HMAC
+////            cborEncoder.encodeTextString(Utf8Strings.UTF8_HMAC, (short)0, (short)Utf8Strings.UTF8_HMAC.length );
+//            cborEncoder.encodeByteString(idSecret.hmac, (short)0, (short)idSecret.hmac.length);
+////            // add Cx
+////            cborEncoder.encodeTextString(Utf8Strings.UTF8_Cx, (short)0, (short)Utf8Strings.UTF8_Cx.length);
+//            cborEncoder.encodeByteString(idSecret.encryptedCx, (short)0, (short)idSecret.encryptedCx.length);
+//
+//            /**
+//             *      end extension
+//             */