W3C home > Mailing lists > Public > public-webauthn@w3.org > January 2019

[webauthn] TPM attestation format & EdDSA & hash alg (#1148)

From: Tangui via GitHub <sysbot+gh@w3.org>
Date: Sat, 26 Jan 2019 15:50:23 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-403453849-1548517822-sysbot+gh@w3.org>
tanguilp has just created a new issue for https://github.com/w3c/webauthn:

== TPM attestation format & EdDSA & hash alg ==
In the "Verification procedure" of "8.3. TPM Attestation Statement Format", it is written:

> Verify that extraData is set to the hash of attToBeSigned using the hash algorithm employed in "alg".

What should the hash algorithm be for the ed25519 and ed448 curves? I've had a hard time trying to figure out what the hash algs are for both, and I'm very unsure about my findings but it seems to me that internally these are respectively sha256 and a flavour of sha3, or none (some ed* libs do not require a digest alg as an input, but the whole message). Besides, if they're indeed different, the "alg" field wouldn't be sufficient to determine the hash alg (value -8, name EdDSA).

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1148 using your GitHub account
Received on Saturday, 26 January 2019 15:50:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:01 UTC