Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On WebAuthn attestation: "unexpected CBOR token type for a JSON value: TypeBytes" #252

Open
yaitskov opened this issue Dec 14, 2020 · 1 comment
Open

On WebAuthn attestation: "unexpected CBOR token type for a JSON value: TypeBytes" #252

yaitskov opened this issue Dec 14, 2020 · 1 comment

Comments

@yaitskov
Copy link

Hi,

I have an issue with parsing attestation fields from Android Chrome on fingerprint sign-up. cbor2commet from npm cbor-cli package handles exactly hex-encoded blob below.

Code sample:

stack ghci

import Codec.CBOR.JSON (encodeValue, decodeValue)
import Codec.CBOR.Read (deserialiseFromBytes)
import Codec.CBOR.Write (toLazyByteString, toStrictByteString)
import Data.ByteString.Base16 as HEX
import Data.ByteString.Lazy as BSL
import Prelude hiding (readFile)
:set -XOverloadedStrings
:set prompt "$ "

$ f <- BSL.readFile "cbors"

$ deserialiseFromBytes (decodeValue True) . fromStrict . fst . HEX.decode $ toStrict f
> Left (DeserialiseFailure 55 "unexpected CBOR token type for a JSON value: TypeBytes")

Stack dependencies:

dependencies:
- aeson >= 1.4.7.1
- base >= 4.7 && < 5
- base16-bytestring >= 0.1.1.7
- bytestring >= 0.10.10.1
- cborg >= 0.2.4.0
- cborg-json >= 0.2.2.0
- entropy >= 0.4.1.6
- serialise >= 0.2.3.0

The blob sample. Issue is reproduced very well:

a363666d7471616e64726f69642d7361666574796e65746761747453746d74a2637665726932303435313630323668726573706f6e73655914f465794a68624763694f694a53557a49314e694973496e67315979493657794a4e53556c476133704451304a496457644264306c435157644a556b464f59314e72616d527a4e5734324b304e4251554642515546775954426a643052525755704c6231704a61485a6a546b465252557843555546335557704654453142613064424d565646516d684e51315a5754586849616b466a516d644f566b4a426231524756575232596a4a6b63317054516c566a626c5a365a454e4356467059536a4a68563035735933704656453143525564424d5656465158684e53314978556c524a52553543535552475545315551575647647a423554555242654531555458684e56464634546b527359555a334d486c4e5645463454565246654531555558684f524778685455643365454e36515570435a303557516b465a56454673566c524e556b31335256465a52465a5255556c466433424557566434634670744f586c696257786f54564a5a64305a42575552575556464952586378546d497a566e566b52305a77596d6c4356324658566a4e4e556b31335256465a52465a525555744664334249596a4935626d4a48565764555258684554564a7a6430645257555257555646455258684b61475249556d786a4d3146315756633161324e744f584261517a5671596a49776432646e52576c4e5154424851314e7852314e4a596a4e4555555643515646565155453053554a45643046335a3264465330467653554a4255554e5852584a4355565248576b644f4d576c61596b34355a5768535a326c6d56304a3463576b795547526e654863774d31413356486c4b576d5a4e654770774e557733616a4648546d5651537a5649656d52795657394a5a44463551306c35516b31356548466e595870785a3352775744565863484e59567a52575a6b316f536d4a4f4d566b774f58463663584132536b51724d6c42615a47395556544672526c4a425456646d5443395664567030617a647762564a595a3064744e57704c52484a614f5535345a544130646b315a555849344f4535786431637661325a614d5764555430354a5656517756334e4d564338304e544979516c4a5865475a3365474d7a555555784b31524c5632744d51334a325a5773325632784a63586c68517a5579567a644e52464934545842475a574a3562564e4c56485a335a6b315364336c4c555578554d444e5654445232644451346555566a4f484e774e3364555155684e4c3164455a7a685262335268636d593454304a4961323576576a6b7957476c32615746574e6e525263576853543068445a6d6474626b4e596158686d567a423352566844646e46705446526955585256596b787a5579383453564a305a466872634646434f55466e54554a42515564715a32644b5755314a53554e5752454650516d644f566b68524f454a425a6a6846516b464e51304a685158644664316c45566c497762454a42643364445a316c4a5333645a516b4a5256556842643056335245465a52465a534d46524255556776516b464a64304645515752435a3035575346453052555a6e555655325245684364334e42646d49314d326376517a413363484a55646e5a33546c465254466c335348645a52465a534d477043516d6433526d39425657314f5344526961455279656a563263316c4b4f466c72516e566e4e6a4d77536939546333646151566c4a5333645a516b4a52565568425555564656305243563031445930644451334e4851564656526b4a3651554a6f614852765a456853643039704f485a694d6b353659304d3164324579613356614d6a6c32576e6b35626d524954586869656b56335333645a5355743357554a43555656495455464c523067796144426b5345453254486b3564324579613356614d6a6c32576e6b35626d4d7a53586c4d4d47525656587047554531544e57706a626c46335346465a52465a534d464a43516c6c33526b6c4a55316c59556a4261574534775447314764567049536e5a68563146315754493564453144525564424d56566b53554652595531435a33644451566c48576a52465455465253554e4e5158644851326c7a5230465255554978626d7444516c464e6430783357555257556a426d516b4e6e64307071515774765130746e53556c5a5a574649556a426a5247393254444a4f65574a444e5864684d6d7431576a4935646c70354f556857526b31345648704664566b7a536e4e4e53556c43516b465a5330743357554a43515568585a56464a5255466e5530493555564e434f476445643046495930453562486c5654446c474d30314453565657516d644a5455705356327031546b354665477436646a6b34545578355155783652546434576b394e51554642526e5a7564586b77576e644251554a425455465452454a4851576c465154646c4c7a425a556e557a64304647625664494d6a644e4d6e5a69566d4e614c32317963437330636d5a5a597938315356424b4d6a6c474e6d644453564644626b74445130466859315a4f5a566c614f454e445a6c6c6b523342434d6b647a534868315455394961324576547a5178616c646c526974365a30497851555654565670544e6e6333637a5a326545564253444a4c6169744c545552684e57394c4b7a4a4e6333683056433955545456684d5852765232394251554643596a55336333524b54554642515646455155565a64314a425357644657474a7062314269536e413563554d7752476f794e546845526b6454556b314256537461516a464661565a46596d4a694c7a5256646b354651306c4361456872516e51784f485a53626a6c3652485a35636d5a346558566b5930685554314e734d32645559566c424c7a643556433943615567305455457752304e54635564545357497a52464646516b4e33565546424e456c43515646455355466a55554a73625751345455566e54475279636e4a4e596b4a5551335a775456687a64445572643367795247786d5957704b546b70565544527157555a71575656524f55497a574452464d6e706d4e446c7557444e4265585661526e684263553953626d4a714c7a567161316b335954687854556f77616a4535656b5a50516974785a584a345a574d77626d68744f47645a62457869555730326330745a4e3141775a58686d636a64496455737a545774514d58426c597a453064305a46565746486355523356574a485a32777662326c364d7a684757454e464b304e584f4555785555464656575a32596c465156466c695333685a616974305130357363334d77596c525462307779576a4a6b4c326f7a516e424d4d303147647a423565464e4c4c31565563586c72544849795153394e5a47684b55573134615374484b30314c556c4e7a555849324d6b4675576d46314f58453257555a7661537335515556494b3045304f46683053586c7a61457835513152564d3068304b32464c62326848626e68424e5856734d566853625846774f456832593046304d7a6c514f545647576b6447536d557764585a7365577050643046365748564e6454644e4b314258556d4d694c434a4e53556c4655327044513046365332644264306c435157644a546b466c547a42746355644f61584674516b7058624646315245464f516d64726357687261556335647a42435156467a526b4645516b314e553046335347645a52465a525555784665475249596b633561566c58654652685632523153555a4b646d497a555764524d45566e54464e43553031715256524e516b56485154465652554e6f545574534d6e6832575731476331557962473569616b565554554a4652304578565556426545314c556a4a34646c6c74526e4e564d6d7875596d70425a555a334d48684f656b457954565256643031455158644f52457068526e63776555315552586c4e564656335455524264303545536d464e52556c3451337042536b4a6e546c5a4351566c5551577857564531534e48644951566c45566c465253305634566b68694d6a6c75596b64565a315a49536a466a4d31466e56544a5765575274624770615745313452587042556b4a6e546c5a43515531555132746b56565635516b525255304634564870466432646e52576c4e5154424851314e7852314e4a596a4e4555555643515646565155453053554a45643046335a3264465330467653554a425555525252303035526a464a646b34774e587072555538354b33524f4d58424a556e5a4b656e703554315249567a5645656b5661614551795a564244626e5a5651544252617a4934526d644a51325a4c63554d355257747a517a52554d6d5a58516c6c724c3270445a6b4d7a556a4e57576b316b5579396b546a526153304e4655467053636b463652484e7053315645656c4a7962554a43536a56336457526e656d356b5355315a5930786c4c314a4852305a734e586c5052456c4c5a32704664693954536b6776565577725a4556686248524f4d54464362584e4c4b325652625531474b79744259336848546d68794e546c7854533835615777334d556b795a453434526b646d5932526b643356685a576f30596c686f6344424d59314643596d703454574e4a4e3070514d47464e4d31513053537445633246346255744763324a71656d4655546b4d3564587077526d786e54306c6e4e334a534d6a563462336c75565868324f485a4f625774784e33706b554564495747743456316b33623063356169744b61314a35516b4643617a6459636b706d6233566a516c704663555a4b536c4e51617a64595154424d5331637757544e364e5739364d6b5177597a4630536b74335345466e54554a42515564715a326446656b314a53554a4d656b4650516d644f566b68524f454a425a6a6846516b464e5130465a5758644955566c45566c497762454a435758644751566c4a5333645a516b4a52565568426430564851304e7a5230465256555a436430314454554a4a5230457856575246643056434c3364525355314257554a425a6a6844515646426430685257555257556a4250516b4a5a52555a4b616c4972527a52524e6a6772596a644851325a48536b4669623039304f554e6d4d484a4e516a6848515446565a456c3355566c4e516d4642526b7032615549785a473549516a6442595764695a5664695532464d5a43396a52316c5a645531455655644451334e4851564656526b4a3352554a4351327433536e704262454a6e5a334a435a305647516c466a6430465a575670685346497759305276646b77794f57706a4d30463159306430634578745a485a694d6d4e32576a4e4f6555317151586c435a30355753464934525574365158424e5132566e536d4642616d6870526d396b53464a3354326b34646c6b7a536e4e4d626b4a7959564d31626d49794f57354d4d6d52365932704a646c6f7a546e6c4e61545671593231336431423357555257556a426e516b526e64303571515442435a3170755a314633516b466e5358644c616b4676516d646e636b4a6e52555a4355574e4451564a5a59324649556a426a5345303254486b3564324579613356614d6a6c32576e6b3565567059516e5a6a4d6d7777596a4e4b4e557836515535435a32747861477470527a6c334d454a4255584e4751554650513046525255464862304572546d35754e7a68354e6e4253616d513557477852563035684e3068555a326c614c33497a556b35486132315662566c49554646784e6c4e6a64476b3555455668616e5a33556c517961566455534646794d444a6d5a584e785433464357544a46564656335a3170524b3278736447394f526e5a6f6330383564485a435130394a5958707763336458517a6c68536a6c34616e55306446644555556734546c5a564e6c6c615769395964475645553064564f566c36536e4651616c6b3463544e4e52486879656d31785a58424351325931627a687464793933536a52684d6b633265487056636a5a47596a5a554f45316a524538794d6c424d556b773264544e4e4e465236637a4e424d6b3078616a5a696557744b57576b346431644a556d5242646b744d563170314c324634516c5a69656c6c746357313361323031656b785452466331626b6c42536d4a4654454e5251317033545567314e6e517952485a7862325a34637a5a43516d4e44526b6c6156564e776548553265445a305a4442574e314e32536b4e4462334e70636c4e7453574630616938355a464e54566b525261574a6c644468784c7a6456537a52324e467056546a677759585275576e6f786557633950534a6466512e65794a756232356a5a534936496a46514b7a6c4b65545a6c635856546556683152555658646c644255445a3464565a7754337031633074425456557663326c4255554e7a4c306b394969776964476c745a584e305957317754584d694f6a45324d4463354d7a4d7a4d6a4d7a4e7a4173496d467761314268593274685a32564f5957316c496a6f69593239744c6d6476623264735a533568626d527962326c6b4c6d647463794973496d4677613052705a32567a64464e6f595449314e694936496d6870646d564c516e4e6f4d576b35656b73724f5578766346424b57484e305a7a5a4a4d456733623038774e454d35617a4578576d4a7559334d39496977695933527a55484a765a6d6c735a55316864474e6f496a7030636e566c4c434a68634774445a584a3061575a70593246305a5552705a32567a64464e6f595449314e694936577949345544467a567a42465545706a633278334e315636556e4e70574577324e486372547a557752575172556b4a4a513352686554466e4d6a524e50534a644c434a6959584e7059306c756447566e636d6c306553493664484a315a5377695a585a686248566864476c76626c5235634755694f694a4351564e4a5179784951564a45563046535256394351554e4c5255516966512e63327030475a5467486f594b5f30466657724f713737766b71687a50356b44656579754e4e736d693252436f2d5a6e7875796e41477573624f616b4e417a78615476516273434747685f63775968666471794b4d4b674c4272303968515f6d6b735f636e4b5f784f435366517a48505357524252444c476b74713857567656667841366c694432616f69526c6b664e442d5f58597873436a46756839585267446f64505555397a4d73693664736266594c654a2d516a4c6b54695a63736b6e306d526b7930636f36306a35376b59766252633649596b7347424278336b5978416434332d596473306330334a3567664e554e506e555f6b365f334c7450676d41434e7a5847614f6e6271677442515a735471614d4a456a6f664954526639354f6a69614e427a495f662d64374975756337314372794655514843664a6b37314841647358614437626f435658424568305f5f3949665168617574684461746158c5eb3bf162dcc33f1b003a3a021d46d7eb73a413df067c3afced96955e69c5c8ff4500000000b93fd961f2e6462fb12282002247de780041017b1896853ee9b121156f30c9667b86cb901caa37d847bb0caf5ff9206b3ae2700d3d9c69c86cb1c49b5493d1d0ab50c5c62712f36a045d7b39c8375558ad49cda501020326200121582038f0b074b3c70187d7c85d3edefb40472d6c6e710c5e0561a0da827982524f992258209fb4ff20e173390cac8effd2a13fc49d4ee0a76646520a6ddee1fbfb4c5b1bb7

Reading through npm:

npm install -g cbor-cli
cbor2comment -x $(cat cbors)

  a3                -- Map, 3 pairs
    63              -- String, length: 3
      666d74        -- {Key:0}, "fmt"
    71              -- String, length: 17
      616e64726f69642d7361666574796e6574 -- {Val:0}, "android-safetynet"
    67              -- String, length: 7
      61747453746d74 -- {Key:1}, "attStmt"
    a2              -- {Val:1}, Map, 2 pairs
      63            -- String, length: 3
        766572      -- {Key:0}, "ver"
      69            -- String, length: 9
        323034353136303236 -- {Val:0}, "204516026"
      68            -- String, length: 8
        726573706f6e7365 -- {Key:1}, "response"
      59            -- Bytes, length next 2 bytes
        14f4        -- Bytes, length: 5364

....
@yaitskov
Copy link
Author

Please have a look at PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yaitskov