webauthn
webauthn copied to clipboard
w3c
supplementalPubKeys attestation incompatible with most verification procedures
The supplementalPubKeys extension states for its attestation signing procedure:
Therefore when calculating an attestation for a supplemental public key, the inputs are:
- For
authData, substitute the concatenation of the byte string h’737570706c656d656e74616c5075624b657973206174746573746174696f6e2e00ffffffff' and the value of aaguid from the extension output.- For
hash, substitute the concatenation of the spk and nonce fields from the extension output. (The nonce MAY be empty.)
However, this is incompatible with most of the attestation verification procedures since most of them extract one or more fields from the authData argument:
packedattestation:-
(If x5c is present:) If attestnCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) verify that the value of this extension matches the
aaguidin authenticatorData.- The AAGUID does exist in its normal location in the modified
authDataargument, but theATflag is set to zero, so implementations may refuse to access it and/or reject the data structure due to unknown trailing bytes.
- The AAGUID does exist in its normal location in the modified
-
(If x5c is not present:) Validate that alg matches the algorithm of the
credentialPublicKeyin authenticatorData.
-
tpmattestation:-
Verify that the public key specified by the
parametersanduniquefields of pubArea is identical to thecredentialPublicKeyin theattestedCredentialDatain authenticatorData.
-
android-keyattestation: (Perhaps not relevant tosupplementalPubKeys?)-
Verify that the public key in the first certificate in x5c matches the
credentialPublicKeyin theattestedCredentialDatain authenticatorData.
-
android-safetynetattestation seems to be compatible.fido-u2fattestation: (probably not very relevant tosupplementalPubKeys, but still)-
Extract the claimed rpIdHash from authenticatorData, and the claimed credentialId and credentialPublicKey from authenticatorData.
attestedCredentialData.
-
appleattestation:-
Verify that the credential public key equals the Subject Public Key of credCert.
-
So existing implementations of these verification procedures may fail to verify a supplementalPubKeys attestation. The extension may need to specify modifications to the verification procedures, or adjust the extension's signing procedure to take arguments with the same structure as the original signing procedures.
