Skip to content

Fido: Fix COSE decoding with x-only keys#3461

Open
p1gp1g wants to merge 1 commit into
microg:masterfrom
p1gp1g:fido/cose_x_only
Open

Fido: Fix COSE decoding with x-only keys#3461
p1gp1g wants to merge 1 commit into
microg:masterfrom
p1gp1g:fido/cose_x_only

Conversation

@p1gp1g

@p1gp1g p1gp1g commented May 11, 2026

Copy link
Copy Markdown
Contributor

Some EC keys uses only the x-coordinate (cf. https://datatracker.ietf.org/doc/html/rfc9053#name-elliptic-curve-keys), and used to crash while trying to GetByteString.

This fix the Cbor decoding for these keys

@peterhel

Copy link
Copy Markdown

Nice fix — the runCatching + nullable y lets x-only / OKP keys decode instead of throwing in GetByteString(). Builds clean here on current master.

One follow-up I hit while reading it: asCryptoKey() still does

ECPublicKeySpec(ECPoint(BigInteger(1, x), BigInteger(1, y)), parameterSpec)

so a key that now decodes with y == null will NPE there (BigInteger(1, null)) rather than failing cleanly at decode time. It pairs naturally with #3545, which reworks key construction for Ed25519/OKP — so either landing them together or guarding asCryptoKey() for the null-y case would close that gap. Happy to test against a real x-only assertion if useful.

@p1gp1g

p1gp1g commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

I should have push both in a single PR indeed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants