- From: Silvan Mosberger via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Apr 2022 19:11:53 +0000
- To: public-webauthn@w3.org
infinisil has just created a new issue for https://github.com/w3c/webauthn: == Unclear/underspecified signature formats == In many places, the specification doesn't declare formats of signatures clearly. This issue is a summary of the current state of the specification. ## Assertion signature Generating an assertion signature is partially specified in step 11 of [6.3.3. The _authenticatorGetAssertion_ Operation](https://w3c.github.io/webauthn/#sctn-op-get-assertion): > Let signature be the [assertion signature](https://w3c.github.io/webauthn/#assertion-signature) of the concatenation `authenticatorData || hash` using the [privateKey](https://w3c.github.io/webauthn/#public-key-credential-source-privatekey) of selectedCredential as shown in [Figure 4](https://w3c.github.io/webauthn/#fig-signature), below.  This section however doesn't specify what the "Sign" block of the signature does. Instead this can be found later in [6.5.5 Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures](https://w3c.github.io/webauthn/#sctn-signature-attestation-types), containing a rather confusing explanation: > - For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, the `sig` value MUST be encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [\[RFC3279\]](https://w3c.github.io/webauthn/#biblio-rfc3279) section 2.2.3. The title mentions assertion signatures, but `sig` usually refers to the attestation signatures, does this apply to both? And what is the COSEAlgorithmIdentifier for assertion signatures? Section 6.3.3 makes no mention of any signature algorithm. > It is RECOMMENDED that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent fixed-length byte arrays without internal structure, using the same representations as used by COSE signatures as defined in [\[RFC8152\]](https://w3c.github.io/webauthn/#biblio-rfc8152) and [\[RFC8230\]](https://w3c.github.io/webauthn/#biblio-rfc8230). > > The below signature format definitions satisfy this requirement and serve as examples for deriving the same for other signature algorithms not explicitly mentioned here: These paragraphs seems to again be specific to attestation signatures, indicating that attestation statement formats can choose the signature encoding themselves. However it doesn't say anything about assertion signatures. ## Attestation signatures Again from the above section we also don't really have anything as for attestation signatures. Let's look at individual attestation statement formats: ### [packed](https://w3c.github.io/webauthn/#sctn-packed-attestation) :x: Doesn't specify the format of the `sig` field. > If [Basic](https://w3c.github.io/webauthn/#basic) or [AttCA](https://w3c.github.io/webauthn/#attca) [attestation](https://w3c.github.io/webauthn/#attestation) is in use, the authenticator produces the sig by concatenating authenticatorData and clientDataHash, and signing the result using an [attestation private key](https://w3c.github.io/webauthn/#attestation-private-key) selected through an authenticator-specific mechanism. > If [self attestation](https://w3c.github.io/webauthn/#self-attestation) is in use, the authenticator produces sig by concatenating authenticatorData and clientDataHash, and signing the result using the credential private key. ### [tpm](https://w3c.github.io/webauthn/#sctn-tpm-attestation) :heavy_check_mark: Does specify the format: > sig: The [attestation signature](https://w3c.github.io/webauthn/#attestation-signature), in the form of a TPMT\_SIGNATURE structure as specified in [\[TPMv2-Part2\]](https://w3c.github.io/webauthn/#biblio-tpmv2-part2) section 11.3.4. > Generate a signature using the procedure specified in [\[TPMv2-Part3\]](https://w3c.github.io/webauthn/#biblio-tpmv2-part3) Section 18.2, using the attestation private key and setting the `extraData` parameter to the digest of attToBeSigned using the hash algorithm corresponding to the "alg" signature algorithm. (For the "RS256" algorithm, this would be a SHA-256 digest.) ### [android-key](https://w3c.github.io/webauthn/#sctn-android-key-attestation) :x: Doesn't specify the format > The authenticator produces sig by concatenating authenticatorData and clientDataHash, and signing the result using the credential private key. ### [android-safetynet](https://w3c.github.io/webauthn/#sctn-android-safetynet-attestation) :heavy_check_mark: Doesn't have a `sig` field, but a `response` one instead, of which the format is specified. > response: The [UTF-8 encoded](https://encoding.spec.whatwg.org/#utf-8-encode) result of the getJwsResult() call of the SafetyNet API. This value is a JWS [\[RFC7515\]](https://w3c.github.io/webauthn/#biblio-rfc7515) object (see [SafetyNet online documentation](https://developer.android.com/training/safetynet/attestation#compat-check-response)) in Compact Serialization. ### [fido-u2f](https://w3c.github.io/webauthn/#sctn-fido-u2f-attestation) :heavy_check_mark: Does specify the format > Generate a Registration Response Message as specified in [\[FIDO-U2F-Message-Formats\]](https://w3c.github.io/webauthn/#biblio-fido-u2f-message-formats) [Section 4.3](https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html#registration-response-message-success), with the application parameter set to the SHA-256 hash of the [RP ID](https://w3c.github.io/webauthn/#rp-id) that the given [credential](https://w3c.github.io/webauthn/#public-key-credential) is [scoped](https://w3c.github.io/webauthn/#scope) to, the challenge parameter set to clientDataHash, and the key handle parameter set to the [credential ID](https://w3c.github.io/webauthn/#credential-id) of the given credential. Set the raw signature part of this Registration Response Message (i.e., without the [user public key](https://w3c.github.io/webauthn/#user-public-key), key handle, and attestation certificates) as sig and set the attestation certificates of the attestation public key as x5c. ### [none](https://w3c.github.io/webauthn/#sctn-none-attestation) (has no signature) ### [apple](https://w3c.github.io/webauthn/#sctn-apple-anonymous-attestation) (has no signature) Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1721 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 25 April 2022 19:11:55 UTC