tokenbindig, AppId, UVP

Back to 100% conformance.
TokenBinding logic readded.
AppId: prevent serialization in a nicer way.
UV flags are verified differently for conformance testing, otherwise as described in the RFC.

Author: googyi

Src/Fido2.Models/Objects/AuthenticationExtensionsClientInputs.cs

@@ -19,13 +19,8 @@ public sealed class AuthenticationExtensionsClientInputs
     /// https://www.w3.org/TR/webauthn/#sctn-appid-extension
     /// </summary>
     [JsonPropertyName("appid")]
-    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
-    public string AppID { private get; set; }
-
-    public string GetAppID()
-    {
-        return AppID;
-    }
+    [JsonIgnore(Condition = JsonIgnoreCondition.Always)]
+    public string AppID { get; set; }
 
     /// <summary>
     /// This extension enables the WebAuthn Relying Party to determine which extensions the authenticator supports.

Src/Fido2/AuthenticatorAssertionResponse.cs

@@ -61,9 +61,10 @@ public async Task<VerifyAssertionResult> VerifyAsync(
         uint storedSignatureCounter,
         IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredId,
         IMetadataService? metadataService,
+        byte[]? requestTokenBindingId,
         CancellationToken cancellationToken = default)
     {
-        BaseVerify(config.FullyQualifiedOrigins, options.Challenge);
+        BaseVerify(config.FullyQualifiedOrigins, options.Challenge, requestTokenBindingId);
 
         if (Raw.Type != PublicKeyCredentialType.PublicKey)
             throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.AssertionResponseNotPublicKey);
@@ -116,10 +117,11 @@ public async Task<VerifyAssertionResult> VerifyAsync(
         // FIDO AppID Extension:
         // If true, the AppID was used and thus, when verifying an assertion, the Relying Party MUST expect the rpIdHash to be the hash of the AppID, not the RP ID.
 
-        var rpid = Raw.ClientExtensionResults?.AppID ?? false ? options.Extensions?.GetAppID() : options.RpId;
+        var rpid = Raw.ClientExtensionResults?.AppID ?? false ? options.Extensions?.AppID : options.RpId;
 
         byte[] hashedRpId = SHA256.HashData(Encoding.UTF8.GetBytes(rpid ?? string.Empty));
         byte[] hash = SHA256.HashData(Raw.Response.ClientDataJson);
+        bool conformanceTesting = metadataService != null && metadataService.ConformanceTesting();
 
         if (!authData.RpIdHash.SequenceEqual(hashedRpId))
             throw new Fido2VerificationException(Fido2ErrorCode.InvalidRpidHash, Fido2ErrorMessages.InvalidRpidHash);
@@ -134,6 +136,15 @@ public async Task<VerifyAssertionResult> VerifyAsync(
             if (!authData.UserVerified)
                 throw new Fido2VerificationException(Fido2ErrorCode.UserVerificationRequirementNotMet, Fido2ErrorMessages.UserVerificationRequirementNotMet);
         }
+        // =====
+        // // 14. Verify that the UP bit of the flags in authData is set.
+        // if (!authData.UserPresent && (!conformanceTesting || options.UserVerification is UserVerificationRequirement.Required))
+        //     throw new Fido2VerificationException(Fido2ErrorCode.UserPresentFlagNotSet, Fido2ErrorMessages.UserPresentFlagNotSet);
+        //
+        // // 15. If the Relying Party requires user verification for this assertion, verify that the UV bit of the flags in authData is set.
+        // if (options.UserVerification is UserVerificationRequirement.Required && !authData.UserVerified)
+        //     throw new Fido2VerificationException(Fido2ErrorCode.UserVerificationRequirementNotMet, Fido2ErrorMessages.UserVerificationRequirementNotMet);
+
 
         // 16. If the credential backup state is used as part of Relying Party business logic or policy, let currentBe and currentBs be the values of the BE and BS bits, respectively, of the flags in authData.
         // Compare currentBe and currentBs with credentialRecord.BE and credentialRecord.BS and apply Relying Party policy, if any.

Src/Fido2/AuthenticatorAttestationResponse.cs

@@ -60,6 +60,7 @@ public async Task<RegisteredPublicKeyCredential> VerifyAsync(
         Fido2Configuration config,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
         IMetadataService? metadataService,
+        byte[]? requestTokenBindingId,
         CancellationToken cancellationToken = default)
     {
         // https://www.w3.org/TR/webauthn/#registering-a-new-credential
@@ -74,7 +75,10 @@ public async Task<RegisteredPublicKeyCredential> VerifyAsync(
 
         // 8. Verify that the value of C.challenge matches the challenge that was sent to the authenticator in the create() call.
         // 9. Verify that the value of C.origin matches the Relying Party's origin.
-        BaseVerify(config.FullyQualifiedOrigins, originalOptions.Challenge);
+        // 9.5. Verify that the value of C.tokenBinding.status matches the state of Token Binding for the TLS connection over which the attestation was obtained.
+        // If Token Binding was used on that TLS connection, also verify that C.tokenBinding.id matches the base64url encoding of the Token Binding ID for the connection.
+        // Validated in BaseVerify.
+        BaseVerify(config.FullyQualifiedOrigins, originalOptions.Challenge, requestTokenBindingId);
 
         if (Raw.Id is null || Raw.Id.Length == 0)
             throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestationResponse, Fido2ErrorMessages.AttestationResponseIdMissing);

Src/Fido2/AuthenticatorResponse.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 
@@ -48,6 +49,7 @@ protected AuthenticatorResponse(ReadOnlySpan<byte> utf8EncodedJson)
         Type = response.Type;
         Challenge = response.Challenge;
         Origin = response.Origin;
+        TokenBinding = response.TokenBinding;
     }
 
     public const int MAX_ORIGINS_TO_PRINT = 5;
@@ -62,7 +64,10 @@ protected AuthenticatorResponse(ReadOnlySpan<byte> utf8EncodedJson)
     [JsonPropertyName("origin")]
     public string Origin { get; }
 
-    protected void BaseVerify(IReadOnlySet<string> fullyQualifiedExpectedOrigins, ReadOnlySpan<byte> originalChallenge)
+    [JsonPropertyName("tokenBinding")]
+    public TokenBindingDto? TokenBinding { get; set; }
+
+    protected void BaseVerify(IReadOnlySet<string> fullyQualifiedExpectedOrigins, ReadOnlySpan<byte> originalChallenge, byte[]? requestTokenBindingId)
     {
         if (Type is not "webauthn.create" && Type is not "webauthn.get")
             throw new Fido2VerificationException(Fido2ErrorCode.InvalidAuthenticatorResponse, $"Type must be 'webauthn.create' or 'webauthn.get'. Was '{Type}'");
@@ -79,6 +84,13 @@ protected void BaseVerify(IReadOnlySet<string> fullyQualifiedExpectedOrigins, Re
         // 12. Verify that the value of C.origin matches the Relying Party's origin.
         if (!fullyQualifiedExpectedOrigins.Contains(fullyQualifiedOrigin))
             throw new Fido2VerificationException($"Fully qualified origin {fullyQualifiedOrigin} of {Origin} not equal to fully qualified original origin {string.Join(", ", fullyQualifiedExpectedOrigins.Take(MAX_ORIGINS_TO_PRINT))} ({fullyQualifiedExpectedOrigins.Count})");
+
+        // 13?. Verify that the value of C.tokenBinding.status matches the state of Token Binding for the TLS connection over which the assertion was obtained. 
+        // If Token Binding was used on that TLS connection, also verify that C.tokenBinding.id matches the base64url encoding of the Token Binding ID for the connection.
+        if (TokenBinding != null)
+        {
+            TokenBinding.Verify(requestTokenBindingId);
+        }
     }
 
     /*

Src/Fido2/Fido2.cs

@@ -65,16 +65,18 @@ public CredentialCreateOptions RequestNewCredential(
     /// <param name="attestationResponse">The attestation response from the authenticator.</param>
     /// <param name="originalOptions">The original options that was sent to the client.</param>
     /// <param name="isCredentialIdUniqueToUser">The delegate used to validate that the CredentialID is unique to this user.</param>
+    /// <param name="requestTokenBindingId">deprecated ===</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
     /// <returns></returns>
     public async Task<RegisteredPublicKeyCredential> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
         CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
+        byte[]? requestTokenBindingId = null,
         CancellationToken cancellationToken = default)
     {
         var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
-        var credential = await parsedResponse.VerifyAsync(originalOptions, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken);
+        var credential = await parsedResponse.VerifyAsync(originalOptions, _config, isCredentialIdUniqueToUser, _metadataService, requestTokenBindingId, cancellationToken);
 
         return credential;
     }
@@ -105,6 +107,7 @@ public AssertionOptions GetAssertionOptions(
     /// <param name="storedDevicePublicKeys">The stored device public keys.</param>
     /// <param name="storedSignatureCounter">The stored value of the signature counter.</param>
     /// <param name="isUserHandleOwnerOfCredentialIdCallback">The delegate used to validate that the user handle is indeed owned of the CredentialId.</param>
+    /// <param name="requestTokenBindingId">Deprecated ===</param>
     /// <param name="cancellationToken">The <see cref="CancellationToken"/> used to propagate notifications that the operation should be canceled.</param>
     /// <returns></returns>
     public async Task<VerifyAssertionResult> MakeAssertionAsync(
@@ -114,6 +117,7 @@ public async Task<VerifyAssertionResult> MakeAssertionAsync(
         IReadOnlyList<byte[]> storedDevicePublicKeys,
         uint storedSignatureCounter,
         IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredentialIdCallback,
+        byte[]? requestTokenBindingId = null,
         CancellationToken cancellationToken = default)
     {
         var parsedResponse = AuthenticatorAssertionResponse.Parse(assertionResponse);
@@ -125,6 +129,7 @@ public async Task<VerifyAssertionResult> MakeAssertionAsync(
                                                       storedSignatureCounter,
                                                       isUserHandleOwnerOfCredentialIdCallback,
                                                       _metadataService,
+                                                      requestTokenBindingId,
                                                       cancellationToken);
 
         return result;

Src/Fido2/IFido2.cs

@@ -20,12 +20,14 @@ Task<VerifyAssertionResult> MakeAssertionAsync(
         IReadOnlyList<byte[]> storedDevicePublicKeys,
         uint storedSignatureCounter,
         IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredentialIdCallback,
+        byte[]? requestTokenBindingId = null,
         CancellationToken cancellationToken = default);
 
     Task<RegisteredPublicKeyCredential> MakeNewCredentialAsync(
         AuthenticatorAttestationRawResponse attestationResponse,
         CredentialCreateOptions originalOptions,
         IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser,
+        byte[]? requestTokenBindingId = null,
         CancellationToken cancellationToken = default);
 
     CredentialCreateOptions RequestNewCredential(

Src/Fido2/TokenBindingDto.cs

@@ -0,0 +1,37 @@
+namespace Fido2NetLib
+{
+    public class TokenBindingDto
+    {
+        /// <summary>
+        /// Either "present" or "supported". https://www.w3.org/TR/webauthn/#enumdef-tokenbindingstatus
+        /// supported: Indicates the client supports token binding, but it was not negotiated when communicating with the Relying Party.
+        /// present: Indicates token binding was used when communicating with the Relying Party. In this case, the id member MUST be present
+        /// </summary>
+        public string? Status { get; set; }
+
+        /// <summary>
+        /// This member MUST be present if status is present, and MUST a base64url encoding of the Token Binding ID that was used when communicating with the Relying Party.
+        /// </summary>
+        public string? Id { get; set; }
+
+        public void Verify(byte[]? requestTokenbinding)
+        {
+            // validation by the FIDO conformance tool (more than spec says)
+            switch (Status)
+            {
+                case "present":
+                    if (string.IsNullOrEmpty(Id))
+                        throw new Fido2VerificationException("TokenBinding status was present but Id is missing");
+                    var b64 = Base64Url.Encode(requestTokenbinding);
+                    if (Id != b64)
+                        throw new Fido2VerificationException("Tokenbinding Id does not match");
+                    break;
+                case "supported":
+                case "not-supported":
+                    break;
+                default:
+                    throw new Fido2VerificationException("Malformed tokenbinding status field");
+            }
+        }
+    }
+}