Re: [webauthn] TPM attestation verification steps inconsistent with FIDO conformance testing tool (#1925) from Monty Wiseman via GitHub on 2024-06-17 (public-webauthn@w3.org from June 2024)

From: Monty Wiseman via GitHub <sysbot+gh@w3.org>
Date: Mon, 17 Jun 2024 23:55:18 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2174646123-1718668514-sysbot+gh@w3.org>

> @sbweeden Sorry just realised that I was mentioned here:
> 
> > The FIDO conformance test tool however contains a specific test case where these algorithm identifiers are set to different values, to ensure that RPs use the algorithm identifier from the attested name in certInfo. If an RP strictly follows the process as currently defined in the WebAuthn specification, then that test case will fail.
> 
> That came from real world issue, where during the testing we had examples of TPM attestation where nameAlg did not match the other nameAlg.
> 
> Here is the direct comment from that time:
> 
> ```
>     /* 
>         So the name is concatenation of nameAlg[2byte] and hash structure[n-bytes].
> 
>         The confusion comes from the fact TPMS_CERTIFY_INFO contains name field that contains name of the TPMT_PUBLIC. But in the same time TPMT_PUBLIC contain nameAlg field that contains algorithm identifier for calculating authPolicy. There two both use nameAlg, but they can be different.
> 
>         For example:
>         TPMT_PUBLIC.nameAlg = SHA-1;
>         TPMT_PUBLIC.authPolicy = hashTPMT_PUBLIC.nameAlg
> 
>         nameAlg = SHA-256
>         TPMS_CERTIFY_INFO.name = nameAlg || hashnameAlg
>     */
> ```

Can you provide me the scenario (i.e., code) that created this case. These nameAlg values should not differ. TPMT_PUBLIC.nameAlg is passed into the TPM as part of TPM2_Create (or similar create commands). The TPM uses this to calculate the object's name internally. Once the object is created, its TPMT_PUBLIC area is integrity protected by its corresponding sensitive area in the TPM2B_PRIVATE area. The TPMT_PUBLIC.nameAlg is retained in the TPMT_PUBLIC so it can be used by both internal TPM operations and external (the software) so the exact same name (i.e., hash value) is achieved. For example, If the software doesn't know the nameAlg for an object, it looks at the TPMT_PUBLIC structure to find it (If not known, this structure can be obtained using the TPM2_ReadPublic command). The Verifier will need this to calculate the object's Name to compare against what is returned in TPMS_CERTIFY_INFO.name (BTW: this step is missing from the Verification Procedure in 8.3. If desired, I can provide a more detailed description how to sign and verify (The sign operation also doesn't specify which key is use for each parameter in the TPM2_Certify command which can lead to errors.) 

-- 
GitHub Notification of comment by mwiseman-byid
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1925#issuecomment-2174646123 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 17 June 2024 23:55:18 UTC