You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
functionparseSignature(algoCOSE,signature){if(isPublicKeyAlgorithm("ES256",algoCOSE)){// this algorithm's signature comes back ASN.1 encoded, per spec:// https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-typesletder=ASN1.parseVerbose(signature);returnnewUint8Array([ ...der.children[0].value, ...der.children[1].value,]);}// also per spec, other signature algorithms SHOULD NOT come back// in ASN.1, so for those, we just pass through without any parsingreturnsignature;}
The text was updated successfully, but these errors were encountered:
Reference: https://gist.github.com/philholden/50120652bfe0498958fd5926694ba354#gistcomment-5229287
Claim is, some signatures may parse/verify incorrectly because of missing 2s-complement math on the parsed integers.
Apparent signature example:
The code that might be affected:
The text was updated successfully, but these errors were encountered: