Comments (1)
The verification procedure is failing to verify the certificateInfo
, specifically in this step:
Verify that attested contains a TPMS_CERTIFY_INFO structure as specified in [TPMv2-Part2] section 10.12.3, whose name field contains a valid Name for pubArea, as computed using the algorithm in the nameAlg field of pubArea using the procedure specified in [TPMv2-Part1] section 16. [source]
As stated in the WebAuthn spec – and as it's implemented in tpm-key_attestation
– we are using the nameAlg
field of the pubArea
to compute the name of the public object and since, on this case, the algorithm used for generate the name
in the certInfo
is different from the algorithm identified by pubArea
's nameAlg
– and thus both nameAlg
s differ –, the computed public object name is different from certInfo
's name
and therefore the verification fails.
The issue is that the conformance tests expect the verification to succeed given that they expect the public object name to be computed using the certInfo
's nameAlg
field .
However, it's currently not clear whether or not the WebAuthn spec is correct about how to verify a TPM attestation, so we might have to wait some time until this matter is clarified.
from webauthn-ruby.
Related Issues (20)
- Support openssl 3.0 HOT 6
- Update conformance tests
- Instance based API timeline HOT 8
- Allow multiple origins HOT 2
- Support FIDO metadata service version 3 for attestations HOT 2
- Incompatibility with Ruby `3.2.0` HOT 5
- Circular require warning in verbose mode
- Sign count is always zero HOT 1
- Webauthn authentication on Windows always prompts for windows security key HOT 4
- Add base64 dependency to gemspec or inline implementation
- Verification Issue with attestation: 'direct' and YubiKey 5C NFC HOT 6
- Pass FIDO2 conformance Server-ServerAuthenticatorAttestationResponse-Resp-5 P-3 test HOT 2
- Pass FIDO2 conformance Server-ServerAuthenticatorAttestationResponse-Resp-5 F-10 test HOT 2
- Facing error when verify registration HOT 2
- warning: loading in progress, circular require considered harmful HOT 1
- Tests failing when using OpenSSL library v3 HOT 4
- base64 cleanup needed: U2fMigrator still calls Base64 methods, and a require exists
- RelyingParty#id should default to the domain of #origin HOT 3
- RelyingParty should support a list of origins HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn-ruby.