From 5952f3496caac2da588b1c0feee30ac443a9a006 Mon Sep 17 00:00:00 2001 From: Isaiah Inuwa Date: Wed, 2 Jul 2025 13:20:33 -0500 Subject: [PATCH] Fix P-256 verification in demo client --- demo_client/webauthn.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/demo_client/webauthn.py b/demo_client/webauthn.py index 58975d4d..d8e98259 100644 --- a/demo_client/webauthn.py +++ b/demo_client/webauthn.py @@ -405,12 +405,14 @@ def _cose_verify(cose_key: bytes, signature: bytes, data: bytes): cose_crv = cred_pub_key[COSE_EC2_CRV] if cose_crv == COSE_CRV_P256: - crv = ec.SECP2561R1 + crv = ec.SECP256R1() alg = ec.ECDSA(hashes.SHA256()) else: raise Exception(f"Unsupported COSE ECDSA curve specified: {crv}") - signing_key = ec.EllipticCurvePublicNumbers(crv, x, y).public_key() + # WebAuthn uses uncompressed points only. + pub_key_bytes = bytes(b'\x04' + x + y) + signing_key = ec.EllipticCurvePublicKey.from_encoded_point(crv, pub_key_bytes) signing_key.verify(signature, data, alg) elif cose_alg == COSE_ALG_EDDSA: if kty != COSE_KTY_OKP: