From 7b518bd40c75770db92fa0528774b65a144126de Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Thu, 15 Feb 2018 12:57:35 -0800 Subject: [PATCH 01/12] Sig Clarification --- index.bs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 08627bcea..d71b0d1d8 100644 --- a/index.bs +++ b/index.bs @@ -3048,7 +3048,9 @@ implementable by [=authenticators=] with limited resources (e.g., secure element :: A {{COSEAlgorithmIdentifier}} containing the identifier of the algorithm used to generate the attestation signature. : sig - :: A byte string containing the attestation signature. + :: A byte string containing the attestation signature in formats corresponding to algorithm present in `alg` field. For example, + - For COSEAlgorithmIdentifier -7 (ES256), signature format is as specified in [[RFC3279]]. + - For COSEAlgorithmIdentifier -257 (RS256), signature format is as specified in [[RFC8017]]. : x5c :: The elements of this array contain the attestation certificate and its certificate chain, each encoded in X.509 format. From 2aed87ceb36bd190a1b6e6907fdd031994ceae8d Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 10:54:52 -0800 Subject: [PATCH 02/12] Sig Clarification 2 --- index.bs | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index d71b0d1d8..2cc7d1509 100644 --- a/index.bs +++ b/index.bs @@ -3048,9 +3048,45 @@ implementable by [=authenticators=] with limited resources (e.g., secure element :: A {{COSEAlgorithmIdentifier}} containing the identifier of the algorithm used to generate the attestation signature. : sig - :: A byte string containing the attestation signature in formats corresponding to algorithm present in `alg` field. For example, - - For COSEAlgorithmIdentifier -7 (ES256), signature format is as specified in [[RFC3279]]. - - For COSEAlgorithmIdentifier -257 (RS256), signature format is as specified in [[RFC8017]]. + :: A byte string containing the attestation signature encoded in formats corresponding + to algorithm present in `alg` field. For Example, + - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, + R followed by S, generated with ECDSA using Curve P-256 and SHA256 as defined in + [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. R and S are encoded in big-endian format, + preserving any leading zero bytes. + ``` + Example: + 30 44 ; SEQUENCE (44 Bytes) + 02 20 ; INTEGER (20 Bytes) + | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a + | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 + 02 20 ; INTEGER (20 Bytes) + 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 + 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 + ``` + - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the + RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. + ``` + Example: + 87 38 c6 f7 7d 53 3a 7e 73 27 2e 4b 9d 45 c7 19 + af 83 e2 ce ff 75 23 9d 24 5c 05 56 9e 66 a7 c5 + d5 a3 b8 5c 6c cc bc d0 b9 04 55 bb 51 57 ba 34 + 5c 87 34 21 55 d2 ef 8b 28 9a cf ec 08 e6 8d 7d + 84 57 1b 70 1c da 45 ca 23 0a b7 10 7a 06 29 07 + 61 bd e6 55 99 4d 86 f3 f0 8d ac 10 3d 13 5b 61 + 81 2d 88 82 f8 e9 02 0e 71 58 7a f5 f7 f0 61 95 + 9d f5 d9 35 54 48 7e 1c 3c 04 dc 9a f5 5a 04 b2 + 98 59 51 11 d5 2f 38 ac 55 96 50 7f 1e 06 8c 11 + eb 77 19 03 ff b8 15 56 14 4e a7 77 be 22 90 c5 + 87 6d 34 7f 74 1b 7f 9a 63 6f e1 13 dd 4c 64 c0 + 0e d4 13 23 07 f2 a6 cf ee 79 f2 36 d8 47 76 ee + 83 14 b9 28 15 61 73 69 af 62 cd 4e 2b 1f 54 2b + 02 49 fe 60 d5 bc 00 7d 83 19 de 61 fe 7e 7b c0 + 09 24 2c 13 0b af 30 16 a5 0f 75 ef 99 5f 9b f7 + ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 + ``` + - For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the + RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function. : x5c :: The elements of this array contain the attestation certificate and its certificate chain, each encoded in X.509 format. @@ -4965,5 +5001,15 @@ for their contributions as our W3C Team Contacts. "href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", "date": "May 15, 2007" } + + "ANSI.X9-62.2005": { + "title": "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005", + "date": "November 2005" + } + + "FIPS.186-4.2013": { + "publisher": ["National Institute of Standards and Technology"], + "title": , "Digital Signature Standard (DSS), FIPS 186-4, 2013" + } } From ec492112cb72e6ffc3eb1b30f50a389b3ec7cfd8 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 13:08:39 -0800 Subject: [PATCH 03/12] Clarify that ECDSA is ASN.1 DER format --- index.bs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index 2cc7d1509..39ce9f758 100644 --- a/index.bs +++ b/index.bs @@ -3051,9 +3051,8 @@ implementable by [=authenticators=] with limited resources (e.g., secure element :: A byte string containing the attestation signature encoded in formats corresponding to algorithm present in `alg` field. For Example, - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, - R followed by S, generated with ECDSA using Curve P-256 and SHA256 as defined in - [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. R and S are encoded in big-endian format, - preserving any leading zero bytes. + R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as + ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. ``` Example: 30 44 ; SEQUENCE (44 Bytes) From f13bbc3c84523753aa4539f71eb5638dfa4032b3 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 13:22:28 -0800 Subject: [PATCH 04/12] Exception for ECDSA for consistency --- index.bs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/index.bs b/index.bs index 39ce9f758..2ae5e27c0 100644 --- a/index.bs +++ b/index.bs @@ -3053,6 +3053,12 @@ implementable by [=authenticators=] with limited resources (e.g., secure element - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. + + Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 + devices will also produce signatures in same format for consistency. Otherwise, + newer attestation formats MUST be using COSE_KEY signature formats as defined in + [[IANA-COSE-ALGS-REG]]. + ``` Example: 30 44 ; SEQUENCE (44 Bytes) From 61bc8633eb2b6f8c7c27bc259afef323ec9d57f7 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 13:57:18 -0800 Subject: [PATCH 05/12] Put Signature formats in its own section --- index.bs | 89 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/index.bs b/index.bs index 2ae5e27c0..eccfa9c1a 100644 --- a/index.bs +++ b/index.bs @@ -2789,6 +2789,50 @@ the [=authenticator=] MUST: attStmtTemplate .within $$attStmtType ``` +### Signature Formats ### {#signature-attestation-types} + - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, + R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as + ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. + + Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 + devices will also produce signatures in same format for consistency. Otherwise, + newer attestation formats MUST use COSE_KEY signature formats as defined in + [[IANA-COSE-ALGS-REG]]. + + ``` + Example: + 30 44 ; SEQUENCE (44 Bytes) + 02 20 ; INTEGER (20 Bytes) + | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a + | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 + 02 20 ; INTEGER (20 Bytes) + 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 + 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 + ``` + - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the + RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. + ``` + Example: + 87 38 c6 f7 7d 53 3a 7e 73 27 2e 4b 9d 45 c7 19 + af 83 e2 ce ff 75 23 9d 24 5c 05 56 9e 66 a7 c5 + d5 a3 b8 5c 6c cc bc d0 b9 04 55 bb 51 57 ba 34 + 5c 87 34 21 55 d2 ef 8b 28 9a cf ec 08 e6 8d 7d + 84 57 1b 70 1c da 45 ca 23 0a b7 10 7a 06 29 07 + 61 bd e6 55 99 4d 86 f3 f0 8d ac 10 3d 13 5b 61 + 81 2d 88 82 f8 e9 02 0e 71 58 7a f5 f7 f0 61 95 + 9d f5 d9 35 54 48 7e 1c 3c 04 dc 9a f5 5a 04 b2 + 98 59 51 11 d5 2f 38 ac 55 96 50 7f 1e 06 8c 11 + eb 77 19 03 ff b8 15 56 14 4e a7 77 be 22 90 c5 + 87 6d 34 7f 74 1b 7f 9a 63 6f e1 13 dd 4c 64 c0 + 0e d4 13 23 07 f2 a6 cf ee 79 f2 36 d8 47 76 ee + 83 14 b9 28 15 61 73 69 af 62 cd 4e 2b 1f 54 2b + 02 49 fe 60 d5 bc 00 7d 83 19 de 61 fe 7e 7b c0 + 09 24 2c 13 0b af 30 16 a5 0f 75 ef 99 5f 9b f7 + ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 + ``` + - For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the + RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function. + # [=[RP]=] Operations # {#rp-operations} Upon successful execution of {{CredentialsContainer/create()}} or {{CredentialsContainer/get()}}, the [=[RP]=]'s script receives @@ -3048,50 +3092,7 @@ implementable by [=authenticators=] with limited resources (e.g., secure element :: A {{COSEAlgorithmIdentifier}} containing the identifier of the algorithm used to generate the attestation signature. : sig - :: A byte string containing the attestation signature encoded in formats corresponding - to algorithm present in `alg` field. For Example, - - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, - R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as - ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. - - Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 - devices will also produce signatures in same format for consistency. Otherwise, - newer attestation formats MUST be using COSE_KEY signature formats as defined in - [[IANA-COSE-ALGS-REG]]. - - ``` - Example: - 30 44 ; SEQUENCE (44 Bytes) - 02 20 ; INTEGER (20 Bytes) - | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a - | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 - 02 20 ; INTEGER (20 Bytes) - 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 - 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 - ``` - - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the - RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. - ``` - Example: - 87 38 c6 f7 7d 53 3a 7e 73 27 2e 4b 9d 45 c7 19 - af 83 e2 ce ff 75 23 9d 24 5c 05 56 9e 66 a7 c5 - d5 a3 b8 5c 6c cc bc d0 b9 04 55 bb 51 57 ba 34 - 5c 87 34 21 55 d2 ef 8b 28 9a cf ec 08 e6 8d 7d - 84 57 1b 70 1c da 45 ca 23 0a b7 10 7a 06 29 07 - 61 bd e6 55 99 4d 86 f3 f0 8d ac 10 3d 13 5b 61 - 81 2d 88 82 f8 e9 02 0e 71 58 7a f5 f7 f0 61 95 - 9d f5 d9 35 54 48 7e 1c 3c 04 dc 9a f5 5a 04 b2 - 98 59 51 11 d5 2f 38 ac 55 96 50 7f 1e 06 8c 11 - eb 77 19 03 ff b8 15 56 14 4e a7 77 be 22 90 c5 - 87 6d 34 7f 74 1b 7f 9a 63 6f e1 13 dd 4c 64 c0 - 0e d4 13 23 07 f2 a6 cf ee 79 f2 36 d8 47 76 ee - 83 14 b9 28 15 61 73 69 af 62 cd 4e 2b 1f 54 2b - 02 49 fe 60 d5 bc 00 7d 83 19 de 61 fe 7e 7b c0 - 09 24 2c 13 0b af 30 16 a5 0f 75 ef 99 5f 9b f7 - ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 - ``` - - For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the - RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function. + :: A byte string containing the attestation signature in formats as specified in , : x5c :: The elements of this array contain the attestation certificate and its certificate chain, each encoded in X.509 format. From 861667ab466e71b0629b863653a58e9f2103bfc1 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 14:00:12 -0800 Subject: [PATCH 06/12] typo --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index eccfa9c1a..96c86fcae 100644 --- a/index.bs +++ b/index.bs @@ -3092,7 +3092,7 @@ implementable by [=authenticators=] with limited resources (e.g., secure element :: A {{COSEAlgorithmIdentifier}} containing the identifier of the algorithm used to generate the attestation signature. : sig - :: A byte string containing the attestation signature in formats as specified in , + :: A byte string containing the attestation signature. : x5c :: The elements of this array contain the attestation certificate and its certificate chain, each encoded in X.509 format. From 02f96cdb244b4633daacd512dbac47770af04f4b Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 14:53:17 -0800 Subject: [PATCH 07/12] Incorporating comments --- index.bs | 44 +++++++++++++------------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/index.bs b/index.bs index 96c86fcae..a4fbfe8fb 100644 --- a/index.bs +++ b/index.bs @@ -2789,49 +2789,31 @@ the [=authenticator=] MUST: attStmtTemplate .within $$attStmtType ``` -### Signature Formats ### {#signature-attestation-types} +### Signature Formats for Packed Attestation, FIDO U2F Attestation and Assertion Signatures ### {#signature-attestation-types} - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 - devices will also produce signatures in same format for consistency. Otherwise, - newer attestation formats MUST use COSE_KEY signature formats as defined in - [[IANA-COSE-ALGS-REG]]. + devices will also produce signatures in same format, for consistency reasons. + It is recommended that any new attestation formats defined not use ASN.1 encodings, + but instead represent signatures as equivalent fixed-length byte arrays without internal structure, + using the same representations as used by COSE signatures as defined in [[!RFC8152]] ``` Example: - 30 44 ; SEQUENCE (44 Bytes) - 02 20 ; INTEGER (20 Bytes) + 30 44 ; SEQUENCE (68 Bytes) + 02 20 ; INTEGER (32 Bytes) | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 - 02 20 ; INTEGER (20 Bytes) - 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 - 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 + 02 20 ; INTEGER (32 Bytes) + | 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 + | 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 ``` - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the - RSASSA-PKCS1-v1_5 signature scheme defined in [[RFC8017]] with SHA256 as the hash function. - ``` - Example: - 87 38 c6 f7 7d 53 3a 7e 73 27 2e 4b 9d 45 c7 19 - af 83 e2 ce ff 75 23 9d 24 5c 05 56 9e 66 a7 c5 - d5 a3 b8 5c 6c cc bc d0 b9 04 55 bb 51 57 ba 34 - 5c 87 34 21 55 d2 ef 8b 28 9a cf ec 08 e6 8d 7d - 84 57 1b 70 1c da 45 ca 23 0a b7 10 7a 06 29 07 - 61 bd e6 55 99 4d 86 f3 f0 8d ac 10 3d 13 5b 61 - 81 2d 88 82 f8 e9 02 0e 71 58 7a f5 f7 f0 61 95 - 9d f5 d9 35 54 48 7e 1c 3c 04 dc 9a f5 5a 04 b2 - 98 59 51 11 d5 2f 38 ac 55 96 50 7f 1e 06 8c 11 - eb 77 19 03 ff b8 15 56 14 4e a7 77 be 22 90 c5 - 87 6d 34 7f 74 1b 7f 9a 63 6f e1 13 dd 4c 64 c0 - 0e d4 13 23 07 f2 a6 cf ee 79 f2 36 d8 47 76 ee - 83 14 b9 28 15 61 73 69 af 62 cd 4e 2b 1f 54 2b - 02 49 fe 60 d5 bc 00 7d 83 19 de 61 fe 7e 7b c0 - 09 24 2c 13 0b af 30 16 a5 0f 75 ef 99 5f 9b f7 - ed b0 a6 36 74 0e 90 dc 52 3b 4b 7d c5 eb f8 19 - ``` - - For COSEAlgorithmIdentifier -37 (RS256), `sig` contains the signature generated using the - RSASSA-PSS signature scheme defined in [[RFC8017]] with SHA256 as the hash function. + RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA256 as the hash function. + - For COSEAlgorithmIdentifier -37 (PS256), `sig` contains the signature generated using the + RSASSA-PSS signature scheme defined in section 8.1.1 in [[RFC8017]] with SHA256 as the hash function. # [=[RP]=] Operations # {#rp-operations} From feca22b9a9c5f4b5c7a463e9592b1a4ec2b4cc3c Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 14:54:22 -0800 Subject: [PATCH 08/12] Incorporating comments-2 --- index.bs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index a4fbfe8fb..37bcb92e3 100644 --- a/index.bs +++ b/index.bs @@ -2790,9 +2790,8 @@ the [=authenticator=] MUST: ``` ### Signature Formats for Packed Attestation, FIDO U2F Attestation and Assertion Signatures ### {#signature-attestation-types} - - For COSEAlgorithmIdentifier -7 (ES256), `sig` contains a pair of 32-byte integers, - R followed by S, generated with ECDSA using Curve P-256 and SHA256 encoded as - ASN.1 DER format defined in [[ANSI.X9-62.2005]] and [[FIPS.186-4.2013]]. + - For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, + a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 devices will also produce signatures in same format, for consistency reasons. From 18f342c48afd3ea0f51b65d05d9650d2c2a60df7 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 15:09:40 -0800 Subject: [PATCH 09/12] Incorporating comments-3 --- index.bs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.bs b/index.bs index 37bcb92e3..e588cb758 100644 --- a/index.bs +++ b/index.bs @@ -2789,7 +2789,7 @@ the [=authenticator=] MUST: attStmtTemplate .within $$attStmtType ``` -### Signature Formats for Packed Attestation, FIDO U2F Attestation and Assertion Signatures ### {#signature-attestation-types} +### Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ### {#signature-attestation-types} - For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. @@ -2797,7 +2797,7 @@ the [=authenticator=] MUST: devices will also produce signatures in same format, for consistency reasons. It is recommended that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent fixed-length byte arrays without internal structure, - using the same representations as used by COSE signatures as defined in [[!RFC8152]] + using the same representations as used by COSE signatures as defined in [[!RFC8152]]. ``` Example: @@ -2810,9 +2810,9 @@ the [=authenticator=] MUST: | 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 ``` - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the - RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA256 as the hash function. + RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA-256 as the hash function. - For COSEAlgorithmIdentifier -37 (PS256), `sig` contains the signature generated using the - RSASSA-PSS signature scheme defined in section 8.1.1 in [[RFC8017]] with SHA256 as the hash function. + RSASSA-PSS signature scheme defined in section 8.1.1 in [[RFC8017]] with SHA-256 as the hash function. # [=[RP]=] Operations # {#rp-operations} From 4514d10164733444376aee891fd00b990b96e23a Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Fri, 16 Feb 2018 16:54:51 -0800 Subject: [PATCH 10/12] Incorporating comments-4 --- index.bs | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/index.bs b/index.bs index e588cb758..07d40aede 100644 --- a/index.bs +++ b/index.bs @@ -2791,17 +2791,11 @@ the [=authenticator=] MUST: ### Signature Formats for Packed Attestation, FIDO U2F Attestation, and Assertion Signatures ### {#signature-attestation-types} - For COSEAlgorithmIdentifier -7 (ES256), and other ECDSA-based algorithms, - a signature is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 3.3.1. - - Note: As CTAP1/U2F devices are already producing signatures in this format, CTAP2 - devices will also produce signatures in same format, for consistency reasons. - It is recommended that any new attestation formats defined not use ASN.1 encodings, - but instead represent signatures as equivalent fixed-length byte arrays without internal structure, - using the same representations as used by COSE signatures as defined in [[!RFC8152]]. + a signature value is encoded as an ASN.1 DER Ecdsa-Sig-Value, as defined in [[RFC3279]] section 2.2.3. ``` Example: - 30 44 ; SEQUENCE (68 Bytes) + 30 44 ; SEQUENCE (68 Bytes) 02 20 ; INTEGER (32 Bytes) | 3d 46 28 7b 8c 6e 8c 8c 26 1c 1b 88 f2 73 b0 9a | 32 a6 cf 28 09 fd 6e 30 d5 a7 9f 26 37 00 8f 54 @@ -2809,10 +2803,20 @@ the [=authenticator=] MUST: | 4e 72 23 6e a3 90 a9 a1 7b cf 5f 7a 09 d6 3a b2 | 17 6c 92 bb 8e 36 c0 41 98 a2 7b 90 9b 6e 8f 13 ``` + + Note: As CTAP1/U2F devices are already producing signatures values in this format, CTAP2 + devices will also produce signatures values in same format, for consistency reasons. + It is recommended that any new attestation formats defined not use ASN.1 encodings, + but instead represent signatures as equivalent fixed-length byte arrays without internal structure, + using the same representations as used by COSE signatures as defined in [[!RFC8152]] and [[!RFC8230]]. + - For COSEAlgorithmIdentifier -257 (RS256), `sig` contains the signature generated using the RSASSA-PKCS1-v1_5 signature scheme defined in section 8.2.1 in [[RFC8017]] with SHA-256 as the hash function. + The signature is not ASN.1 wrapped. + - For COSEAlgorithmIdentifier -37 (PS256), `sig` contains the signature generated using the RSASSA-PSS signature scheme defined in section 8.1.1 in [[RFC8017]] with SHA-256 as the hash function. + The signature is not ASN.1 wrapped. # [=[RP]=] Operations # {#rp-operations} @@ -4987,16 +4991,7 @@ for their contributions as our W3C Team Contacts. "title": "EduPerson Object Class Specification (200604a)", "href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", "date": "May 15, 2007" - } - - "ANSI.X9-62.2005": { - "title": "Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005", - "date": "November 2005" - } + }, - "FIPS.186-4.2013": { - "publisher": ["National Institute of Standards and Technology"], - "title": , "Digital Signature Standard (DSS), FIPS 186-4, 2013" - } } From 4bdb54c658259502081e429fe7a1f4e7c5a64385 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Tue, 20 Feb 2018 14:52:20 -0800 Subject: [PATCH 11/12] Json comma issue --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 97d57e4a2..b6c851bce 100644 --- a/index.bs +++ b/index.bs @@ -4997,7 +4997,7 @@ for their contributions as our W3C Team Contacts. "title": "EduPerson Object Class Specification (200604a)", "href": "https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-200604.html", "date": "May 15, 2007" - }, + } } From c8c43e297120ba173f513f845135740984a680b8 Mon Sep 17 00:00:00 2001 From: Akshay Kumar Date: Tue, 20 Feb 2018 17:18:55 -0800 Subject: [PATCH 12/12] Incorporating comments - 6 --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index b6c851bce..9d9ed8660 100644 --- a/index.bs +++ b/index.bs @@ -2813,7 +2813,7 @@ the [=authenticator=] MUST: ``` Note: As CTAP1/U2F devices are already producing signatures values in this format, CTAP2 - devices will also produce signatures values in same format, for consistency reasons. + devices will also produce signatures values in the same format, for consistency reasons. It is recommended that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent fixed-length byte arrays without internal structure, using the same representations as used by COSE signatures as defined in [[!RFC8152]] and [[!RFC8230]].