Use canonical CBOR key order in attestationObject

2026-03-13 11:12:26 -07:00 · 2025-12-17 23:05:27 +01:00
parent 99658af1d8
commit 137e66b98c
1 changed files with 13 additions and 13 deletions
--- a/app/src/main/java/pl/lebihan/authnkey/CredentialProviderActivity.kt
+++ b/app/src/main/java/pl/lebihan/authnkey/CredentialProviderActivity.kt
@@ -637,8 +637,8 @@ class CredentialProviderActivity : AppCompatActivity() {
        // Build attestation object (CBOR encoded)
        val attestationObject = buildAttestationObject(
            makeCredResult.fmt,
-            makeCredResult.authData,
-            makeCredResult.attStmt
+            makeCredResult.attStmt,
+            makeCredResult.authData
        )

        // Extract credential ID from authData
@@ -836,8 +836,8 @@ class CredentialProviderActivity : AppCompatActivity() {

    private fun buildAttestationObject(
        fmt: String,
-        authData: ByteArray,
-        attStmt: Map<*, *>
+        attStmt: Map<*, *>,
+        authData: ByteArray
    ): ByteArray {
        // Re-encode as CBOR
        val output = mutableListOf<Byte>()
@@ -855,6 +855,15 @@ class CredentialProviderActivity : AppCompatActivity() {
        }
        output.addAll(fmtBytes.toList())

+        // "attStmt"
+        output.add(0x67) // text string of 7 chars
+        output.addAll("attStmt".toByteArray().toList())
+        if (attStmt.isEmpty()) {
+            output.add(0xA0.toByte()) // empty map
+        } else {
+            output.addAll(encodeAttStmt(attStmt))
+        }
+
        // "authData"
        output.add(0x68) // text string of 8 chars
        output.addAll("authData".toByteArray().toList())
@@ -870,15 +879,6 @@ class CredentialProviderActivity : AppCompatActivity() {
        }
        output.addAll(authData.toList())

-        // "attStmt"
-        output.add(0x67) // text string of 7 chars
-        output.addAll("attStmt".toByteArray().toList())
-        if (attStmt.isEmpty()) {
-            output.add(0xA0.toByte()) // empty map
-        } else {
-            output.addAll(encodeAttStmt(attStmt))
-        }
-
        return output.toByteArray()
    }