diff --git a/index.bs b/index.bs index 32c64aa81..15f61436a 100644 --- a/index.bs +++ b/index.bs @@ -6560,8 +6560,11 @@ engine. setting the `extraData` parameter to the digest of |attToBeSigned| using the hash algorithm corresponding to the "alg" signature algorithm. (For the "RS256" algorithm, this would be a SHA-256 digest.) - Set the |pubArea| field to the public area of the credential public key, the |certInfo| field to the output parameter of the - same name, and the |sig| field to the signature obtained from the above procedure. + Set the |pubArea| field to the public area of the credential public key (the TPMT_PUBLIC structure), the |certInfo| field (the TPMS_ATTEST structure) + to the output parameter of the same name, and the |sig| field to the signature obtained from the above procedure. + + Note: If the |pubArea| is read from the TPM using the TPM2_ReadPublic command, that command returns a TPM2B_PUBLIC structure. TPM2B_PUBLIC + is two bytes of length followed by the TPMT_PUBLIC structure. The two bytes of length must be removed prior to putting this into the |pubArea|. : Verification procedure :: Given the [=verification procedure inputs=] |attStmt|, |authenticatorData| and |clientDataHash|, the [=verification procedure=] is @@ -6575,24 +6578,30 @@ engine. Concatenate |authenticatorData| and |clientDataHash| to form |attToBeSigned|. + Verify integrity of |certInfo| + - Verify that |x5c| is present. + - Verify that |aikCert| meets the requirements in [[#sctn-tpm-cert-requirements]]. + - If |aikCert| contains an extension with OID `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) verify that the value of this + extension matches the [=authData/attestedCredentialData/aaguid=] in |authenticatorData|. + - Verify the |sig| is a valid signature over |certInfo| using the attestation public key in |aikCert| with the + algorithm specified in |alg|. + Validate that |certInfo| is valid: + Note: |certInfo| is a TPMS_ATTEST structure. - Verify that `magic` is set to `TPM_GENERATED_VALUE`. - Verify that `type` is set to `TPM_ST_ATTEST_CERTIFY`. - Verify that `extraData` is set to the hash of |attToBeSigned| using the hash algorithm employed in "alg". - Verify that `attested` contains a `TPMS_CERTIFY_INFO` structure as specified in [[!TPMv2-Part2]] section 10.12.3, - whose `name` field contains a valid Name for |pubArea|, - as computed using the procedure specified in [[!TPMv2-Part1]] - section 16. Note that the hash algorithm is included within the attested `name` field of the TPMS_CERTIFY_INFO structure. - - Verify that |x5c| is present. - - Note that the remaining fields in the "Standard Attestation Structure" [[!TPMv2-Part1]] + whose `name` field contains a valid Name for |pubArea|, as computed using the procedure specified in [[!TPMv2-Part1]] section 16 using the nameAlg in the |pubArea|. + + Note: The TPM will always return TPMS_CERTIFY_INFO structure with the same nameAlg in the `name` as the nameAlg + in |pubArea|. + + Note: The remaining fields in the "Standard Attestation Structure" [[!TPMv2-Part1]] section 31.2, i.e., `qualifiedSigner`, `clockInfo` and `firmwareVersion` are ignored. - These fields MAY be used as an input to risk engines. + Depending on the properties of the |aikCert| key used, these fields may be obfuscated. + If valid, these MAY be used as an input to risk engines. - - Verify the |sig| is a valid signature over |certInfo| using the attestation public key in |aikCert| with the - algorithm specified in |alg|. - - Verify that |aikCert| meets the requirements in [[#sctn-tpm-cert-requirements]]. - - If |aikCert| contains an extension with OID `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) verify that the value of this - extension matches the [=authData/attestedCredentialData/aaguid=] in |authenticatorData|. - If successful, return implementation-specific values representing [=attestation type=] [=AttCA=] and [=attestation trust path=] |x5c|. @@ -6606,6 +6615,11 @@ TPM [=attestation certificate=] MUST have the following fields/extensions: - The Subject Alternative Name extension MUST be set as defined in [[!TPMv2-EK-Profile]] section 3.2.9. + Note: Previous versions of [[!TPMv2-EK-Profile]] allowed the inclusion of an optional attribute, + called HardwareModuleName, that contains the TPM serial number in the EK certificate. + HardwareModuleName SHOULD NOT be placed in in the [=attestation certificate=] + Subject Alternative Name. + - The Extended Key Usage extension MUST contain the OID `2.23.133.8.3` ("joint-iso-itu-t(2) internationalorganizations(23) 133 tcg-kp(8) tcg-kp-AIKCertificate(3)"). @@ -9439,7 +9453,7 @@ for their contributions as our W3C Team Contacts. "TPMv2-EK-Profile": { "title": "TCG EK Credential Profile for TPM Family 2.0", "publisher": "Trusted Computing Group", - "href": "https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf" + "href": "https://trustedcomputinggroup.org/wp-content/uploads/TCG-EK-Credential-Profile-V-2.5-R2_published.pdf" }, "FIDOAuthnrSecReqs": {