Wrong signature length

[szszszsz]

Hi!

I do not see why signature field's size is set to 77 here. I could not find any reference to that number, and the CTAP spec mentions 72 as the maximum length. Moreover the expected value is in a comment. If this is not a typo, can you elaborate on the reason?

https://github.com/solokeys/ctap-types/blob/7fa0f08b1fcb0ad9ba6ab08edd8e2b138f96f6e1/src/sizes.rs#L8-L9
https://github.com/solokeys/ctap-types/blob/7fa0f08b1fcb0ad9ba6ab08edd8e2b138f96f6e1/src/ctap2/get_assertion.rs#L78-L87

Relevant CTAP specification excerpt:

• https://fidoalliance.org/specs/fido-v2.1-rd-20210309/#u2f-authenticatorGetAssertion-interoperability , point 5 states

Set 0x03 with signature field from CTAP1/U2F authentication response message. Note: An ASN.1-encoded ECDSA signature value ranges over 8–72 bytes in length. [U2FRawMsgs] incorrectly states a different length range.

Trussed has its own limits hardcoded [1][2]:

pub const MAX_SIGNATURE_LENGTH: usize = 72;
pub type Signature = Bytes<MAX_SIGNATURE_LENGTH>;

[1] - https://github.com/trussed-dev/trussed/blob/258fe26ce89cd3bb4d84f192f3fe256193946886/src/types.rs#L529
[2] - https://github.com/trussed-dev/trussed/blob/258fe26ce89cd3bb4d84f192f3fe256193946886/src/config.rs#L47

[nickray]

Maybe this was a hack for the fake TOTP "signature".