Clean up attestation, abstract it from UA, fix TPM format, add U2F format #321
Conversation
Puts all attestation info into a CBOR object which is opaque to client and only parsed by RP. Fixes #244. This also lays some of the groundwork for adding a U2F attestation format. I will clean up the TPM attestation section in a separate commit.
Refactor the attestation section to clean up exposition. Separated out signature verification (per format) from trust chaining (done at higher layer). Created a separate section for specifying key RP operations. Fixes #88. RP registration section defines binding of credentials to user accounts. Fixes #13. RP registration section also defines options in case of registering the same credential to different users. Fixes #12. Cleans up and completes defining the process for verifying assertions, which had already been largely done by @rlin1. Fixes #102. Completes drawing the distinction between assertion and attestation certificates. Fixes #118. Replace "client platform" with "client" in signature format section to avoid confusion. Fixes #209.
Fixed small wording and markdown issues. This completes the changes to make attestation opaque to UAs, which fixes #286, fixes #287, and fixes #289. It also fixes #239 by removing the homegrown algorithm identifiers and specifying the algorithm explicitly in attestation data using JWK identifiers. It also fixes #240 by encoding keys in CBOR which specifies lengths of fields.
…into vgb-u2f-attestation
Also clean up a few remaining instances of "WebAuthn Assertion" and sort the glossary alphabetically.
Clearly differentiate attestation statements and attestation objects.
|
@rlin1 - Looking at the latest changes, I wonder if we could put the CBOR field name back to just "attestation". This would be the only field with such a name, and it would save bytes on a structure that may be produced on an authenticator with limited capability. WDYT? |
This is now the only use of "attestation" so we might as well save bytes in the authenticator.
|
@vijaybh wrote:
@rlin1 replied in email here:
|
|
@vijaybh wrote:
@rlin1 replied in email here:
I agree with Rolf @rlin1 and was about to myself suggest something akin to |
|
a rendered textual diff of the spec in branch vgb-u2f-attestation at commit 0d0fcea from master at commit 6267cc1 is here: http://kingsmountain.com/doc/diff/diff-webauthn-vgb-u2f-attestation-0d0fcea--from--master-6267cc1.pdf |
|
regarding these two prior comments -- #321 (comment) and #321 (comment) -- we ( @rlin1 and I ) and @vijaybh were referring to different things. @vijaybh was referring to the now-named |
|
I fiddled with the naming of fields inside the attestation structures to make them sort-of-consistent across formats. Do let me know if you have suggestions for improvement. |
There was a problem hiding this comment.
Overall these changes seem technically solid and appear to attain the goal of having the client not need to understand or parse the attestationObject.
I have various detail-level comments throughout and found some modest mistakes that I've attempted to correct (eg calling the {{#authenticator-signature-verification}} with ClientDataHash rather than ClientDataJason).
Also I offer a much simplified {{#requesting-a-new-credential}} section by leveraging the "verifying a signature" procedure rather than duplicating it.
I also suggest we use ABNF + CDDL to describe our various binary objects rather than the simple tables we are presently using -- it will be more precise for implementors and plus all the subfields are named such that we can directly refer to them in spec prose. E.g., see #318 (comment)
HTH,
=JeffH
note: I did not complete going thru each attestation statement format subsection at a detail level. on a quick skim they looked ok but should be reviewed in detail of course.
index.bs
Outdated
| : Base64url encoding | ||
| :: The term <dfn>Base64url Encoding</dfn> refers to the base64 encoding using the URL- and filename-safe character set defined | ||
| in Section 5 of [[!RFC4648]], with all trailing '=' characters omitted (as permitted by Section 3.2) and without the | ||
| inclusion of any line breaks, whitespace, or other additional characters. This is the same encoding as used by JSON Web | ||
| Signature (JWS) [[RFC7515]]. | ||
| inclusion of any line breaks, whitespace, or other additional characters. |
There was a problem hiding this comment.
I think the deleted sentence is useful info. Perhaps it ought to be delineated as a "Note:" rather than deleted.
There was a problem hiding this comment.
It just seems random. The only places we mention base64url are related to encoding a challenge and a token binding ID in ClientData. Neither of those is in any way related to RFC 7515 at first sight. So why did we pick this RFC to call out as opposed to any other standard that uses base64url?
| See also <a>attestation format</a>, and <a>attestation type</a>. | ||
| including, for example: credential IDs, credential key pairs, signature counters, etc. <dfn>Attestation information</dfn> is | ||
| conveyed in <dfn>attestation objects</dfn>. | ||
| See also <a>attestation statement format</a>, and <a>attestation type</a>. | ||
|
|
There was a problem hiding this comment.
Will need to rewrite the last two sentences of the above Attestation definition depending on how the terms attestation data, attestation information, attestation object, and attestation statement shake out.
index.bs
Outdated
| @@ -386,14 +387,14 @@ This method takes the following parameters: | |||
| preferred credential that it can. | |||
|
|
|||
| - The <dfn>attestationChallenge</dfn> parameter contains a challenge intended to be used for generating the attestation | |||
| statement of the newly created credential. | |||
| object of the newly created credential. | |||
There was a problem hiding this comment.
minor nit re "attestation object of the newly created credential": I would say "the newly created credential's attestation object"
index.bs
Outdated
|
|
||
| The [RP] MAY take any of the below actions when verification of an attestation statement fails, according to its policy: | ||
| : authData |
There was a problem hiding this comment.
given that the official-as-it-gets short name for the WG and the spec is "WebAuthn", and the confusion folks often have between authentication and authorization, I would name this "authnDat"
In fact, given the key-naming practice in the JSON Web Object community of using 3-char "claim names"/"header parameter names", I'd be willing to shorten this further, e.g., "and" (for AuthN Data).
index.bs
Outdated
| 9. Using the verification process for the above attestation format, validate that the attestation | ||
| {{AuthenticationAttestation/attestation}} is valid for the given {{AuthenticationAttestation/authenticatorData}}, | ||
| {{AuthenticationAttestation/clientData}} and the above trust anchor. | ||
| : fmt |
There was a problem hiding this comment.
+1 on shortening these CBOR keys
index.bs
Outdated
| Attestation formats are identified by a string, called a <dfn>attestation format identifier</dfn>, chosen by the attestation | ||
| format author. | ||
| Attestation statement formats are identified by a string, called a <dfn>attestation format identifier</dfn>, chosen by the | ||
| author of the attestation statement format. |
There was a problem hiding this comment.
s/<dfn>attestation format identifier</dfn>/<dfn>attestation statement format identifier</dfn>/
index.bs
Outdated
| Attestation formats are identified by a string, called a <dfn>attestation format identifier</dfn>, chosen by the attestation | ||
| format author. | ||
| Attestation statement formats are identified by a string, called a <dfn>attestation format identifier</dfn>, chosen by the | ||
| author of the attestation statement format. | ||
|
|
||
| Attestation format identifiers SHOULD be registered per [[WebAuthn-Registries]] "Registries for Web Authentication (WebAuthn)". | ||
| All registered attestation format identifiers are unique amongst themselves as a matter of course. |
There was a problem hiding this comment.
s/attestation format identifiers/attestation statement format identifiers/g -- i.e. update all occurances throughout spec
index.bs
Outdated
|
|
||
| This is a WebAuthn optimized attestation statement format. It uses a very compact but still extensible encoding method. Encoding | ||
| this format can even be implemented by <a>authenticators</a> with very limited resources (e.g., secure elements). |
There was a problem hiding this comment.
suggest: This encoding format is implementable by <a>authenticators</a> with limited resources (e.g., secure elements).
index.bs
Outdated
| The <dfn>signature</dfn> element contains the attestation signature. | ||
| </div> | ||
| : x5c | ||
| :: A definite-length array of byte strings. The elements of the array contain the attestation certificate and its |
There was a problem hiding this comment.
why does this need to be a definite-length? a CBOR decoder ought to transparently be able to handle both definite- and indefinite-length arrays at run time, yes? Note that CDDL does not make any prescription as to whether arrays or maps use the definite length or indefinite length encoding. see: https://tools.ietf.org/html/draft-greevenbosch-appsawg-cbor-cddl#section-3.2
index.bs
Outdated
| If |daaKey| is present, then the attestation type is DAA. In this case: | ||
| - Verify that |alg| is "ED256" or "ED512". | ||
| - Follow the procedure in [[#authenticator-signature-verification]] to verify that |sig| is a valid signature over the given | ||
| <a>authenticatorData</a> and <a>clientDataHash</a> using DAA-Verify with |daaKey| (see [[!FIDOEcdaaAlgorithm]]). |
There was a problem hiding this comment.
in this and all the other verification procedure subsections below, need to s/clientDataHash/clientDataJSON/ because that is what is input to {{#authenticator-signature-verification}}
There was a problem hiding this comment.
See above. Will refactor signature format section to make this consistent.
Thanks to @equalsJeffH for the detailed review. Remaining items: Refactor signature format section, possibly rename fields for brevity, add CDDL/ABNF, fix U2F attestation issues.
Thanks to @equalsJeffH for spotting this.
There was a problem hiding this comment.
a couple comments on @vijaybh's in-flight work. there's also further comments in reply to Vijay that aren't "review comments" (am not sure how these two were captured as such)
index.bs
Outdated
| <tr> | ||
| <td>variable</td> | ||
| <td> | ||
| Credential public key encoded in CBOR format. This is a CBOR map comprising the following fields: |
index.bs
Outdated
| [[!RFC7518]] section 3.1. Specifically, the following values are supported: "ES256", "ES384", "ES512", "RS256", | ||
| "RS384", "RS512", "PS256", "PS384" and "PS512". | ||
|
|
||
| : (public key fields) |
Separate out verification of assertion and attestation signatures, removing redundant steps. Broke up signature format sectiona and moved the pieces to the appropriate places.
|
new diff of the changes Vijay pushed last night Sun 12-Feb 1900-ish PT.. |
Consistent naming across types, stricter specification.
|
Merging based on in-person discussion at San Francisco f2f meeting. |
…, fix TPM format, add U2F format (#321)
In addition to the bugs named in the commit messages, this also fixes #123 and fixes #238 by cleaning up the algorithm naming.