Re: [webauthn] Assertion signature verification procedure defined in Section 7.2 doesn't fit for the signature generated by FIDO-U2F token.

Thanks for pointing this out. The signature generation and verification algorithms specified in WebAuthn are actually backwards compatible with U2F signatures:

- The U2F application parameter is computed and given to the authenticator by the client, as is the RP ID hash in WebAuthn. In both cases this is an opaque blob of 32 bytes that is computed outside the authenticator.
- A U2F user presence byte indicates user presence in the least significant bit and sets all other bits to 0. Since the `UP` bit of a WebAuthn flags byte is also the least significant bit, a U2F user presence byte is also a valid WebAuthn flags byte with `ED`, `AT` and `UV` all set to 0.
- The counter is the same in both U2F and WebAuthn.
- The U2F challenge parameter is also an opaque byte array computed and given by the client, as is the WebAuthn client data hash.

Perhaps we should point this out in a note on implementation considerations, but nothing technical needs to change. In particular, the RP sees no difference between signatures generated by U2F authenticators and WebAuthn authenticators.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Thursday, 22 March 2018 12:04:24 UTC