- From: Akshay Kumar via GitHub <sysbot+gh@w3.org>
- Date: Wed, 06 Sep 2017 11:03:33 +0000
- To: public-webauthn@w3.org
@rlin1 : I have decided to remove verification part of U2F signatures out of CTAP spec and I think RP's will benefit that section here. I am putting what I had in CTAP spec and you can polish it and put it in your PR??
<section>
<h3>Verification of authenticatorMakeCredential Response</h3>
<p>
Platform forwards authenticatorMakeCredential response to RP which follows following procedure to verify it
<a href="#fig-u2f-compat-makeCredential">(Fig: Mapping: WebAuthn authenticatorMakeCredential to and from CTAP1/U2F Registration Messages)</a>:
</p>
<ol>
<li>Confirms the format of attestation statement is of "fido-u2f" type.</li>
<li>Unpack CTAP2 Authenticator Data.</li>
<li>Verify that passed <code>rp.id</code> SHA-256 hash matches with Authenticator Data’s <code>rp.id</code> Hash field.</li>
<li>Capture public key from the certificate.</li>
<li>
Convert COSE_KEY formatted credential public key to CTAP1/U2F public Key format.
<ul>
<li>
Let <code>publicKeyU2F</code> represents converted CTAP1/U2F public representation of COSE_KEY and
set first byte as 0x04 which signifies uncompressed ECC key format
</li>
<li>Extract "-2" (representing x coordinate) from COSE_KEY representation, confirm its size to be of 32 bytes and concatenate it with <code>publicKeyU2F</code></li>
<li>Extract "-3" (representing y coordinate) from COSE_KEY representation, confirm its size to be of 32 bytes and concatenate it with <code>publicKeyU2F</code></li>
</ul>
</li>
<li>Calculate SHA-256 (0x00 | SHA-256(<code>rp.id</code>) | clientDataHash | CredentialID | <code>publicKeyU2F</code>).</li>
<li>Verify attestationStatement signature using above hash and public key.</li>
</ol>
</section>
<section>
<h3>Verification of authenticatorGetAssertion response</h3>
<p>
Platform forwards authenticatorGetAssertion response to RP which follows following procedure to verify it
<a href="#fig-u2f-compat-getAssertion">(Fig: Mapping: WebAuthn authenticatorGetAssertion to and from U2F Authentication Messages)</a>:
</p>
<ol>
<li>Unpack Authenticator Data from authenticatorGetAssertion response.</li>
<li>Verify that passed <code>rp.id</code> SHA-256 hash matches with GetAssertion Authenticator Data’s <code>rp.id</code> Hash field.</li>
<li>Import credential public key got from unpacking authenticatorMakeCredential response authenticator data.</li>
<li>Calculate SHA-256 (authenticatorGetAssertion Authenticator Data bytes | clientDataHash).</li>
<li>Verify GetAssertion response attestationStatement signature using above hash and public key.</li>
<li>
RP should also check for counter increase in signature from previously
seen signatures from the same credentialID to prevent against replay attacks.
<ul>
<li> See <a href="https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-implementation-considerations-v1.2-ps-20170411.html#token-counters"> U2F implementation design considerations</a>.
</li>
</ul>
</li>
</ol>
</section>
--
GitHub Notification of comment by akshayku
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/539#issuecomment-327450132 using your GitHub account
Received on Wednesday, 6 September 2017 11:03:28 UTC