Re: [webauthn] Device-bound key extension (#1658) from Emil Lundberg via GitHub on 2021-08-09 (public-webauthn@w3.org from August 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Mon, 09 Aug 2021 19:13:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-895473466-1628536423-sysbot+gh@w3.org>

So if I understand this correctly, a `packed` format `AttObjForDevicePublicKey` would be constructed like this?

```
AttObjForDevicePublicKey = {
  sig:     bstr,  ; result of sign((clientDataHash || userCredentialId), devicePrivateKey)
  aaguid:  bstr,  ; authenticator's AAGUID (16 bytes fixed-length)
  dpk:     bstr,  ; the Device Public Key (self-describing variable length, COSE_Key format, CBOR-encoded)).
  context: "device" / "app"

  fmt: "packed",
  attStmt: {
    alg: -7,      ; COSEAlgorithmIdentifier for attestation key pair
    sig: bstr,    ; result of sign((aaguid || dpk), attestationPrivateKey)
                  ; instead of the usual sign((authenticatorData || clientDataHash), attestationPrivateKey)
    x5c: [ attestnCert: bytes, * (caCert: bytes) ]
  }
}
```

I feel like the custom signing procedure might be a bit too confusing, being _almost_ the same as usual but not quite. It looks like this is going to require custom verification logic either way, so maybe we can move the difference around a bit? For example, here's one idea:

Instead of modifying the signing procedure arguments, run the signing procedure as usual and store the resulting attestation object and client data. In subsequent re-runs, send all of it back to the RP. So it might instead look something like this:

```
AttObjForDevicePublicKey = {
  sig:     bstr,  ; result of sign((clientDataHash || userCredentialId), devicePrivateKey)
                  ; Maybe this could also sign over attObj and/or attObjClientDataJSON.
  aaguid:  bstr,  ; authenticator's AAGUID (16 bytes fixed-length)
  dpk:     bstr,  ; the Device Public Key (self-describing variable length, COSE_Key format, CBOR-encoded)).
  context: "device" / "app"

  attObjClientDataJSON: bstr,  ; the (cached) clientDataJSON for the ceremony when dpk was created
  attObj: {                    ; the (cached) attestation object for the ceremony when dpk was created
    fmt: "packed",
    authData: bytes ;          ; the (cached) authenticator data for the ceremony when dpk was created
    attStmt: {
      alg: -7,                 ; COSEAlgorithmIdentifier for attestation key pair
      sig: bstr,               ; (cached) result of sign((authData || sha256(attObjClientDataJSON)), attestationPrivateKey)
      x5c: [ attestnCert: bytes, * (caCert: bytes) ]
    }
  }
}
```

Of course, this only moves the complexity slightly, but to me it seems a bit cleaner that the existing attestation signing and verification procedures can be used as-is as a larger unmodified "block". Composition instead of polymorphism, I guess.


-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1658#issuecomment-895473466 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 9 August 2021 19:13:46 UTC