问题
In WebAuthn, the authenticator data contains the variable length attested credential data followed by the extensions, if any:
The attested credential data is made variable because of the credential public key field which is a CBOR map.
In case there are extensions, how to know in advance the byte length of this field, so that I can pass this field truncated without the extensions to a CBOR library?
The CBOR library I am using doesn't seem to handle extra bytes, and I don't know CBOR enough to know if there's a trick to compute the byte length of a map from its first bytes (or any other trick).
回答1:
From what I understand there is no way to know in advance without using a CBOR decoder (or COSE Key parser) supporting "extra bytes" first, to determine where the "credential public key data" ends and where "extension data" starts.
There is an extra note discussing exactly this in the Editors Draft (not yet in the Candidate Recommendation).
Determining attested credential data's length, which is variable, involves determining credentialPublicKey’s beginning location given the preceding credentialId’s length, and then determining the credentialPublicKey’s length (see also Section 7 of [RFC8152]).
FWIW, discussed in WebAuthn spec's GitHub issue also https://github.com/w3c/webauthn/issues/1012
来源:https://stackoverflow.com/questions/54045911/webauthn-byte-length-of-the-credential-public-key