W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2017

Re: [webauthn] Sign counter alg 507

From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
Date: Wed, 06 Sep 2017 11:03:33 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-327450132-1504695803-sysbot+gh@w3.org>
@rlin1 : I have decided to remove verification part of U2F signatures out of CTAP spec and I think RP's will benefit that section here. I am putting what I had in CTAP spec and you can polish it and put it in your PR??

    <section>
      <h3>Verification of authenticatorMakeCredential Response</h3>
      <p>
        Platform forwards authenticatorMakeCredential response to RP which follows following procedure to verify it
        <a href="#fig-u2f-compat-makeCredential">(Fig: Mapping: WebAuthn authenticatorMakeCredential to and from CTAP1/U2F Registration Messages)</a>:
      </p>
      <ol>
        <li>Confirms the format of attestation statement is of "fido-u2f" type.</li>
        <li>Unpack CTAP2 Authenticator Data.</li>
        <li>Verify that passed <code>rp.id</code> SHA-256 hash matches with Authenticator Data’s <code>rp.id</code> Hash field.</li>
        <li>Capture public key from the certificate.</li>
        <li>
          Convert COSE_KEY formatted credential public key to CTAP1/U2F public Key format.
          <ul>
            <li>
              Let <code>publicKeyU2F</code> represents converted CTAP1/U2F public representation of COSE_KEY and
              set first byte as 0x04 which signifies uncompressed ECC key format
            </li>
            <li>Extract "-2" (representing x coordinate) from COSE_KEY representation, confirm its size to be of 32 bytes and concatenate it with <code>publicKeyU2F</code></li>
            <li>Extract "-3" (representing y coordinate) from COSE_KEY representation, confirm its size to be of 32 bytes and concatenate it with <code>publicKeyU2F</code></li>
          </ul>
        </li>
        <li>Calculate SHA-256 (0x00 | SHA-256(<code>rp.id</code>) | clientDataHash | CredentialID | <code>publicKeyU2F</code>).</li>
        <li>Verify attestationStatement signature using above hash and public key.</li>
      </ol>
    </section>



    <section>
      <h3>Verification of authenticatorGetAssertion response</h3>
      <p>
        Platform forwards authenticatorGetAssertion response to RP which follows following procedure to verify it
        <a href="#fig-u2f-compat-getAssertion">(Fig: Mapping: WebAuthn authenticatorGetAssertion to and from U2F Authentication Messages)</a>:
      </p>
      <ol>
        <li>Unpack Authenticator Data from authenticatorGetAssertion response.</li>
        <li>Verify that passed <code>rp.id</code> SHA-256 hash matches with GetAssertion Authenticator Data’s <code>rp.id</code> Hash field.</li>
        <li>Import credential public key got from unpacking authenticatorMakeCredential response authenticator data.</li>
        <li>Calculate SHA-256 (authenticatorGetAssertion Authenticator Data bytes | clientDataHash).</li>
        <li>Verify GetAssertion response attestationStatement signature using above hash and public key.</li>
        <li>
          RP should also check for counter increase in signature from previously
          seen signatures from the same credentialID to prevent against replay attacks.
          <ul>
            <li> See <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-implementation-considerations-v1.2-ps-20170411.html#token-counters"> U2F implementation design considerations</a>.
            </li>
          </ul>
        </li>
      </ol>
    </section> 

-- 
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-327450132 using your GitHub account
Received on Wednesday, 6 September 2017 11:03:28 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:27 UTC