Supporting attestation formats (#530)

Jonas Hendrickx · abergs · web-flow · commit 0d38438fd844 · 2024-10-30T13:54:23.000+01:00
* Attestation Formats * Add remark * Field should be property. * Collection expression * Remove formats from assertionOptions Assertion time attestation is removed from per this PR: https://github.com/w3c/webauthn/pull/1997/files --------- Co-authored-by: Anders Åberg <anders@andersaberg.com>
diff --git a/Src/Fido2.Models/CredentialCreateOptions.cs b/Src/Fido2.Models/CredentialCreateOptions.cs
@@ -49,6 +49,15 @@ public sealed class CredentialCreateOptions
     [JsonPropertyName("attestation")]
     public AttestationConveyancePreference Attestation { get; set; } = AttestationConveyancePreference.None;
 
+    /// <summary>
+    /// This member is intended for use by Relying Parties that wish to select a preference regarding the attestation statement format used, if such an attestation is requested.
+    /// </summary>
+    /// <remarks>
+    /// This parameter is advisory and the authenticator MAY use an attestation statement not enumerated in this parameter.
+    /// </remarks>
+    [JsonPropertyName("attestationFormats")]
+    public IReadOnlyList<AttestationStatementFormatIdentifier> AttestationFormats { get; set; } = [];
+
     /// <summary>
     /// This member is intended for use by Relying Parties that wish to select the appropriate authenticators to participate in the create() operation.
     /// </summary>
diff --git a/Src/Fido2.Models/Objects/AttestationStatementFormatIdentifier.cs b/Src/Fido2.Models/Objects/AttestationStatementFormatIdentifier.cs
@@ -0,0 +1,55 @@
+﻿using System.Runtime.Serialization;
+using System.Text.Json.Serialization;
+
+namespace Fido2NetLib.Objects;
+
+/// <summary>
+/// The attestation statement format identifier in WebAuthn specifies the format of the attestation statement that is used to attest to the authenticity of a credential created by a WebAuthn authenticator.
+/// https://www.iana.org/assignments/webauthn/webauthn.xhtml
+/// </summary>
+[JsonConverter(typeof(FidoEnumConverter<AttestationStatementFormatIdentifier>))]
+public enum AttestationStatementFormatIdentifier
+{
+    /// <summary>
+    /// The "packed" attestation statement format is a WebAuthn-optimized format for attestation. It uses a very compact but still extensible encoding method. This format is implementable by authenticators with limited resources (e.g., secure elements).
+    /// </summary>
+    [EnumMember(Value = "packed")]
+    Packed,
+
+    /// <summary>
+    /// The "TPM" attestation statement format returns an attestation statement in the same format as the packed attestation statement format, although the rawData and signature fields are computed differently.
+    /// </summary>
+    [EnumMember(Value = "tpm")]
+    Tpm,
+
+    /// <summary>
+    /// Platform authenticators on versions "N", and later, may provide this proprietary "hardware attestation" statement.
+    /// </summary>
+    [EnumMember(Value = "android-key")]
+    AndroidKey,
+
+    /// <summary>
+    /// Android-based platform authenticators MAY produce an attestation statement based on the Android SafetyNet API.
+    /// </summary>
+    [EnumMember(Value = "android-safetynet")]
+    AndroidSafetyNet,
+
+    /// <summary>
+    /// Used with FIDO U2F authenticators.
+    /// </summary>
+    [EnumMember(Value = "fido-u2f")]
+    FidoU2f,
+
+    /// <summary>
+    /// Used with Apple devices' platform authenticators.
+    /// </summary>
+    [EnumMember(Value = "apple")]
+    Apple,
+
+    /// <summary>
+    /// Used to replace any authenticator-provided attestation statement when a WebAuthn Relying Party indicates it does not wish to receive attestation information.
+    /// </summary>
+    [EnumMember(Value = "none")]
+    None
+}
+
diff --git a/Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyInputs.cs b/Src/Fido2.Models/Objects/AuthenticationExtensionsDevicePublicKeyInputs.cs
@@ -3,11 +3,14 @@
 using System;
 using System.Text.Json.Serialization;
 
+/// <summary>
+///  Deprecated: DevicePublickeyKey has been deprecated but is kept around in the code base because of conformance testing tools.
+/// </summary>
 public sealed class AuthenticationExtensionsDevicePublicKeyInputs
 {
     [JsonPropertyName("attestation")]
     public string Attestation { get; set; } = "none";
 
     [JsonPropertyName("attestationFormats")]
-    public string[] AttestationFormats { get; set; } = Array.Empty<string>();
+    public IReadOnlyList<AttestationStatementFormatIdentifier> AttestationFormats { get; set; } = Array.Empty<AttestationStatementFormatIdentifier>();
 }

Original file line number	Diff line number	Diff line change
`@@ -3,11 +3,14 @@`
`3`	`3`	`using System;`
`4`	`4`	`using System.Text.Json.Serialization;`
`5`	`5`
	`6`	`+/// <summary>`
	`7`	`+/// Deprecated: DevicePublickeyKey has been deprecated but is kept around in the code base because of conformance testing tools.`
	`8`	`+/// </summary>`
`6`	`9`	`public sealed class AuthenticationExtensionsDevicePublicKeyInputs`
`7`	`10`	`{`
`8`	`11`	`[JsonPropertyName("attestation")]`
`9`	`12`	`public string Attestation { get; set; } = "none";`
`10`	`13`
`11`	`14`	`[JsonPropertyName("attestationFormats")]`
`12`		`- public string[] AttestationFormats { get; set; } = Array.Empty<string>();`
	`15`	`+ public IReadOnlyList<AttestationStatementFormatIdentifier> AttestationFormats { get; set; } = Array.Empty<AttestationStatementFormatIdentifier>();`
`13`	`16`	`}`