From 3fb838eb5ece8dc1855e2710ba246ce2d7bcc56b Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 15:24:11 +0200 Subject: [PATCH 1/5] Move extension processing to after signature verification --- index.bs | 88 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 43 deletions(-) diff --git a/index.bs b/index.bs index 0db3e9d0a..259fb9b37 100644 --- a/index.bs +++ b/index.bs @@ -5775,7 +5775,7 @@ calling {{CredentialsContainer/create()|navigator.credentials.create()}} they se [=attestation type=] as a part of [=verification procedure|verification=]. See the "Verification procedure" subsections of [[#sctn-defined-attestation-formats]]. See also [[#sctn-attestation-privacy]]. For all [=attestation types=] defined in this section other than [=self attestation|Self=] and [=None=], [=[RP]=] [=verification procedure|verification=] is followed by -matching the [=attestation trust path|trust path=] to an acceptable root certificate per [step 24](#reg-ceremony-assess-trust) +matching the [=attestation trust path|trust path=] to an acceptable root certificate per [step 23](#reg-ceremony-assess-trust) of [[#sctn-registering-a-new-credential]]. Differentiating these [=attestation types=] becomes useful primarily as a means for determining if the [=attestation=] is acceptable under [=[RP]=] policy. @@ -5974,25 +5974,6 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o matches the {{PublicKeyCredentialParameters/alg}} attribute of one of the [=list/items=] in |pkOptions|.{{PublicKeyCredentialCreationOptions/pubKeyCredParams}}. -
  • - Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension - outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client - extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}} - and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of - |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. - In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. - - Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or - [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or - [=client extension outputs=] that were not originally specified as part of - |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such - situations, whether it be to ignore the unsolicited extensions or reject the attestation. The [=[RP]=] can make this - decision based on local policy and the extensions in use. - - Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be - prepared to handle cases where none or not all of the requested extensions were acted upon. -
    • - 1. Determine the attestation statement format by performing a USASCII case-sensitive match on |fmt| against the set of supported WebAuthn Attestation Statement Format Identifier values. An up-to-date list of registered WebAuthn Attestation Statement Format Identifier values @@ -6021,12 +6002,12 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
  • - Assess the attestation trustworthiness using the outputs of the [=verification procedure=] in [step 22](#reg-ceremony-verify-attestation), as follows: + Assess the attestation trustworthiness using the outputs of the [=verification procedure=] in [step 21](#reg-ceremony-verify-attestation), as follows: - If [=None|no attestation=] was provided, verify that [=None=] attestation is acceptable under [=[RP]=] policy. - If [=self attestation=] was used, verify that [=self attestation=] is acceptable under [=[RP]=] policy. - Otherwise, use the X.509 certificates returned as the [=attestation trust path=] from the [=verification procedure=] to verify that the attestation public key either correctly chains up to an acceptable root certificate, or is itself an acceptable certificate - (i.e., it and the root certificate obtained in [step 23](#reg-ceremony-attestation-trust-anchors) may be the same). + (i.e., it and the root certificate obtained in [step 22](#reg-ceremony-attestation-trust-anchors) may be the same).
    • 1. Verify that the [=credentialId=] is ≤ 1023 bytes. Credential IDs larger than this many bytes SHOULD cause the RP to fail this [=registration ceremony=]. @@ -6079,7 +6060,27 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o -1. If the attestation statement |attStmt| successfully verified but is not trustworthy per [step 24](#reg-ceremony-assess-trust) above, + +
  • + Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension + outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client + extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}} + and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of + |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. + In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. + + Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or + [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or + [=client extension outputs=] that were not originally specified as part of + |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such + situations, whether it be to ignore the unsolicited extensions or reject the attestation. The [=[RP]=] can make this + decision based on local policy and the extensions in use. + + Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be + prepared to handle cases where none or not all of the requested extensions were acted upon. +
    • + +1. If the attestation statement |attStmt| successfully verified but is not trustworthy per [step 23](#reg-ceremony-assess-trust) above, the [=[RP]=] SHOULD fail the [=registration ceremony=]. NOTE: However, if permitted by policy, the [=[RP]=] MAY register the [=credential ID=] and credential public key but treat the @@ -6088,7 +6089,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o See [[FIDOSecRef]] and [[UAFProtocol]] for a more detailed discussion. Verification of [=attestation objects=] requires that the [=[RP]=] has a trusted method of determining acceptable trust anchors -in [step 23](#reg-ceremony-attestation-trust-anchors) above. +in [step 22](#reg-ceremony-attestation-trust-anchors) above. Also, if certificates are being used, the [=[RP]=] MUST have access to certificate status information for the intermediate CA certificates. The [=[RP]=] MUST also be able to build the attestation certificate chain if the client did not provide this chain in the attestation information. @@ -6205,25 +6206,6 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o Note: See [[#sctn-credential-backup]] for examples of how a [=[RP]=] might process the [=authData/flags/BS=] [=flag=] values. -
  • - Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension - outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client - extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}} - and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of - |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. - In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. - - Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or - [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or - [=client extension outputs=] that were not originally specified as part of - |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such - situations, whether it be to ignore the unsolicited extensions or reject the assertion. The [=[RP]=] can make this - decision based on local policy and the extensions in use. - - Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be - prepared to handle cases where none or not all of the requested extensions were acted upon. -
    • - 1. Let |hash| be the result of computing a hash over the |cData| using SHA-256. 1. Using |credentialRecord|.[$credential record/publicKey$], @@ -6265,6 +6247,26 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o the above state updates SHOULD be deferred to after those additional checks are completed successfully. + +
  • + Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension + outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client + extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}} + and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of + |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. + In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. + + Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or + [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or + [=client extension outputs=] that were not originally specified as part of + |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such + situations, whether it be to ignore the unsolicited extensions or reject the assertion. The [=[RP]=] can make this + decision based on local policy and the extensions in use. + + Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be + prepared to handle cases where none or not all of the requested extensions were acted upon. +
    • + 1. If all the above steps are successful, continue with the [=authentication ceremony=] as appropriate. Otherwise, fail the [=authentication ceremony=]. From cf7202ba2b56d041ac9cf1e773919fd15e65f8c5 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 15:24:25 +0200 Subject: [PATCH 2/5] Fix reference to step 22 in Create() --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 259fb9b37..40e678420 100644 --- a/index.bs +++ b/index.bs @@ -7570,7 +7570,7 @@ However, [=authenticators=] that do not utilize [[!FIDO-CTAP]] do not necessaril It occurs during extension processing in [step 12](#CreateCred-process-extensions) of {{PublicKeyCredential/[[Create]]()}}. The {{AuthenticationExtensionsLargeBlobOutputs}} will be abandoned if no satisfactory authenticator becomes available. - 1. If a [=create/candidate authenticator=] becomes available ([step 21](#CreateCred-async-loop) of {{PublicKeyCredential/[[Create]]()}}) then, + 1. If a [=create/candidate authenticator=] becomes available ([step 22](#CreateCred-async-loop) of {{PublicKeyCredential/[[Create]]()}}) then, before evaluating any |options|, [=iteration/continue=] (i.e. ignore the [=create/candidate authenticator=]) if the [=create/candidate authenticator=] is not capable of storing large blobs. 1. Otherwise (i.e. {{AuthenticationExtensionsLargeBlobInputs/support}} is absent or has the value {{LargeBlobSupport/preferred}}): From 1ba9322f3375d2946a50a6f354ebe954cff55417 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 15:43:18 +0200 Subject: [PATCH 3/5] Modernize extension processing step of RP ops --- index.bs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/index.bs b/index.bs index 40e678420..77809cfce 100644 --- a/index.bs +++ b/index.bs @@ -6062,12 +6062,12 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
  • - Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension - outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client - extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}} - and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of - |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. - In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. + Process the [=client extension outputs=] in |clientExtensionResults| + and the [=authenticator extension outputs=] in the [=authData/extensions=] in |authData| + as required by the [=[RP]=]. + Depending on each [=WebAuthn extensions|extension=], + processing steps may be concretely specified or it may be up to the [=[RP]=] what to do with extension outputs. + The [=[RP]=] MAY ignore any or all extension outputs. Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or @@ -6249,12 +6249,12 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
  • - Verify that the values of the [=client extension outputs=] in |clientExtensionResults| and the [=authenticator extension - outputs=] in the [=authData/extensions=] in |authData| are as expected, considering the [=client - extension input=] values that were given in |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}} - and any specific policy of the [=[RP]=] regarding unsolicited extensions, i.e., those that were not specified as part of - |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. - In the general case, the meaning of "are as expected" is specific to the [=[RP]=] and which extensions are in use. + Process the [=client extension outputs=] in |clientExtensionResults| + and the [=authenticator extension outputs=] in the [=authData/extensions=] in |authData| + as required by the [=[RP]=]. + Depending on each [=WebAuthn extensions|extension=], + processing steps may be concretely specified or it may be up to the [=[RP]=] what to do with extension outputs. + The [=[RP]=] MAY ignore any or all extension outputs. Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or From 560fe0e3567875ca6e7e12d70e69f565d5ef156b Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 15:44:21 +0200 Subject: [PATCH 4/5] Remove NOTE from normative caveats on extension processing --- index.bs | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/index.bs b/index.bs index 77809cfce..6fa358e03 100644 --- a/index.bs +++ b/index.bs @@ -6069,14 +6069,15 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o processing steps may be concretely specified or it may be up to the [=[RP]=] what to do with extension outputs. The [=[RP]=] MAY ignore any or all extension outputs. - Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or + [=Clients=] MAY set additional [=authenticator extensions=] or [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or - [=client extension outputs=] that were not originally specified as part of - |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such - situations, whether it be to ignore the unsolicited extensions or reject the attestation. The [=[RP]=] can make this + [=client extension outputs=] that were not + requested by the [=[RP]=] in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. + The [=[RP]=] MUST be prepared to handle such situations, + whether by ignoring the unsolicited extensions or by rejecting the attestation. The [=[RP]=] can make this decision based on local policy and the extensions in use. - Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be + Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be prepared to handle cases where none or not all of the requested extensions were acted upon.
    • @@ -6256,14 +6257,15 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o processing steps may be concretely specified or it may be up to the [=[RP]=] what to do with extension outputs. The [=[RP]=] MAY ignore any or all extension outputs. - Note: [=Client platforms=] MAY enact local policy that sets additional [=authenticator extensions=] or + [=Clients=] MAY set additional [=authenticator extensions=] or [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or - [=client extension outputs=] that were not originally specified as part of - |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. [=[RPS]=] MUST be prepared to handle such - situations, whether it be to ignore the unsolicited extensions or reject the assertion. The [=[RP]=] can make this + [=client extension outputs=] that were not + requested by the [=[RP]=] in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. + The [=[RP]=] MUST be prepared to handle such situations, + whether by ignoring the unsolicited extensions or by rejecting the assertion. The [=[RP]=] can make this decision based on local policy and the extensions in use. - Note: Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be + Since all extensions are OPTIONAL for both the [=client=] and the [=authenticator=], the [=[RP]=] MUST also be prepared to handle cases where none or not all of the requested extensions were acted upon. From 4866b1390a1ea511d9aa67f53d8eae5a75383939 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 20:09:43 +0200 Subject: [PATCH 5/5] Fix reference to extensions input in get() --- index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.bs b/index.bs index 6fa358e03..67f172fe7 100644 --- a/index.bs +++ b/index.bs @@ -6260,7 +6260,7 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o [=Clients=] MAY set additional [=authenticator extensions=] or [=client extensions=] and thus cause values to appear in the [=authenticator extension outputs=] or [=client extension outputs=] that were not - requested by the [=[RP]=] in |pkOptions|.{{PublicKeyCredentialCreationOptions/extensions}}. + requested by the [=[RP]=] in |pkOptions|.{{PublicKeyCredentialRequestOptions/extensions}}. The [=[RP]=] MUST be prepared to handle such situations, whether by ignoring the unsolicited extensions or by rejecting the assertion. The [=[RP]=] can make this decision based on local policy and the extensions in use.