Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Defining new OIDs to facilitate WebAuthn interoperability with CMS #2026

Open
corrideat opened this issue Feb 16, 2024 · 1 comment
Open

Defining new OIDs to facilitate WebAuthn interoperability with CMS #2026

corrideat opened this issue Feb 16, 2024 · 1 comment
Assignees
@agl
Labels
@Risk Items that are at risk for L3 type:editorial

Comments

@corrideat
Copy link
Member

corrideat commented Feb 16, 2024
edited
Loading

This relates indirectly to #799.

Currently, WebAuthn signatures are constructed in a 'special' way, which includes a hash of the user-provided data and another parameters. Generally, this is:

dataToBeSigned <- authenticatorData || DIGEST(data).

For example reference:

From 8.3. TPM Attestation Statement Format

Let authenticatorData denote the authenticator data for the attestation, and let clientDataHash denote the hash of the serialized client data.

Concatenate authenticatorData and clientDataHash to form attToBeSigned.

From 8.2. Packed Attestation Statement Format

the authenticator produces the sig by concatenating authenticatorData and clientDataHash, and signing the result using

And so on from the rest of spec, where FIDO seems to be an exception:

From 8.6. FIDO U2F Attestation Statement Format

(0x00 || rpIdHash || clientDataHash || credentialId || publicKeyU2F)

Now, I'm currently working on interoperating with CMS (i.e., RFC 5652 or PKCS#7) and handling WebAuthn assertions is challenging because there is no 'proper' way to indicate how they should be validated, as compared with algorithms that are well-known in ASN.1. For instance, setting the algrithm to ecdsa-with-SHA256 (1.2.840.10045.4.3.2) would almost work, but the data need to be treated in a special way, as 'regular' ecdsa-with-SHA256 doesn't go over a hash of the message.

Proposed Change

This is not a change that affects WebAuthn per se, but rather a request to collaborate with IANA (or altenatively, ISO / ITU-T) to define OIDs and their respective parameters that can be used to handle WebAuthn assertions in CMS and the rest of the ASN.1 world.

For the common case of dataToBeSigned <- authenticatorData || DIGEST(data), this may or may not require a new algorithm OID to be defined (likely yes, for backwards compatibility), but it would require at least creating a new algorithm parameter to include authenticatorData, and for any other parameters needed.
@nadalin nadalin added the @Risk Items that are at risk for L3 label Feb 28, 2024
@agl
Copy link
Contributor

agl commented Feb 28, 2024

From the WG call of 2024-02-28: we agree that you would probably want some specific OIDs for this case. If you can get them assigned from a reasonably canonical arc, we would consider listing them in the spec. We don't know that the W3C itself has an arc however.

@emlun emlun mentioned this issue Feb 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@agl agl

Labels
@Risk Items that are at risk for L3 type:editorial
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@agl @corrideat @nadalin and others