betrusted-io / xous-core

The Xous microkernel
Apache License 2.0
536 stars 85 forks source link

FR: Selectable virtual FIDO keys #385

Open wizzard0 opened 1 year ago

wizzard0 commented 1 year ago

(0.9.13) Allow to select which virtual FIDO key to use

Use cases:

Currently, as per the discussion from chat:

bunnie> the identity key is set up in the system basis, so it's always there no matter what secret basis is open

gsora> having your own attestation key makes your specific device stand out from the crowd gsora> citing the spec: Every U2F device has a shared 'Attestation' key pair which is present on it - this key is shared across a large number of U2F device units made by the same vendor (this is to prevent individual identifiability of the U2F device). Every public key output by the U2F device during the registration step is signed with the attestation private key.

Proposed UX: wizzard0> I see. I want a per-credential device private key then. Something like "select a virtual token to use" if it has to be chosen before the protocol starts and the website doesn't send any tokens/hashes first which could be used to detect which cred to use (which cred they are related to)

spoelstraethan commented 1 year ago

@wizzard0 I think that selection UI may violate the PDDB "zero knowledge across bases" aspect of the Precursor. If you are worried about a specific identity being seen/selected you need to unmount that basis and mount the correct one before accessing the site.

wizzard0 commented 1 year ago

@spoelstraethan No, I don't think so

1) right now there's no way to dismount the fido identity basis, as it always uses the System one, IIUC

2) same as you pick a password to autotype right now -- across what's available across all mounted pddbs, instead of trying to bruteforce them all - you would pick an identity to authenticate

spoelstraethan commented 1 year ago

Hmm, it may depend if you are talking U2F or FIDO or FIDO2, because when I don't have a secret basis (or bases) mounted their entries don't show up on the FIDO page. I haven't tested whether I can authenticate with an identity that lives in a basis without mounting it but I should try that.

That does sort of make sense that it could not present the U2F USB HID interface until you've selected the identity that you want to use with the website, basically "plugging in" the U2F only when you have presented a FIDO2 entry, not sure how that plays with the CTAP 2.1 behavior where sites may expect it to brute force, but it would avoid enumeration attacks or the limitation that some sites have of only trying like six entries before timing out and failing.