webauthn 2.0.0.beta1 → 2.3.0

data/lib/webauthn/attestation_statement/fido_u2f.rb

@@ -1,15 +1,16 @@
 # frozen_string_literal: true
 
+require "cose"
 require "openssl"
 require "webauthn/attestation_statement/base"
 require "webauthn/attestation_statement/fido_u2f/public_key"
-require "webauthn/signature_verifier"
 
 module WebAuthn
   module AttestationStatement
     class FidoU2f < Base
       VALID_ATTESTATION_CERTIFICATE_COUNT = 1
       VALID_ATTESTATION_CERTIFICATE_ALGORITHM = COSE::Algorithm.by_name("ES256")
+      VALID_ATTESTATION_CERTIFICATE_KEY_CURVE = COSE::Key::Curve.by_name("P-256")
 
       def valid?(authenticator_data, client_data_hash)
         valid_format? &&
@@ -17,19 +18,20 @@ module WebAuthn
           valid_credential_public_key?(authenticator_data.credential.public_key) &&
           valid_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) &&
           valid_signature?(authenticator_data, client_data_hash) &&
-          [WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA, [attestation_certificate]]
+          trustworthy?(attestation_certificate_key_id: attestation_certificate_key_id) &&
+          [attestation_type, attestation_trust_path]
       end
 
       private
 
       def valid_format?
-        !!(raw_attestation_certificates && signature) &&
-          raw_attestation_certificates.length == VALID_ATTESTATION_CERTIFICATE_COUNT
+        !!(raw_certificates && signature) &&
+          raw_certificates.length == VALID_ATTESTATION_CERTIFICATE_COUNT
       end
 
       def valid_certificate_public_key?
         certificate_public_key.is_a?(OpenSSL::PKey::EC) &&
-          certificate_public_key.group.curve_name == VALID_ATTESTATION_CERTIFICATE_ALGORITHM.key_curve &&
+          certificate_public_key.group.curve_name == VALID_ATTESTATION_CERTIFICATE_KEY_CURVE.pkey_name &&
           certificate_public_key.check_key
       end
 
@@ -45,10 +47,8 @@ module WebAuthn
         attested_credential_data_aaguid == WebAuthn::AuthenticatorData::AttestedCredentialData::ZEROED_AAGUID
       end
 
-      def valid_signature?(authenticator_data, client_data_hash)
-        WebAuthn::SignatureVerifier
-          .new(VALID_ATTESTATION_CERTIFICATE_ALGORITHM, certificate_public_key)
-          .verify(signature, verification_data(authenticator_data, client_data_hash))
+      def algorithm
+        VALID_ATTESTATION_CERTIFICATE_ALGORITHM.id
       end
 
       def verification_data(authenticator_data, client_data_hash)
@@ -62,6 +62,10 @@ module WebAuthn
       def public_key_u2f(cose_key_data)
         PublicKey.new(cose_key_data)
       end
+
+      def attestation_type
+        WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA
+      end
     end
   end
 end

data/lib/webauthn/attestation_statement/packed.rb

@@ -2,25 +2,21 @@
 
 require "openssl"
 require "webauthn/attestation_statement/base"
-require "webauthn/signature_verifier"
 
 module WebAuthn
   # Implements https://www.w3.org/TR/2018/CR-webauthn-20180807/#packed-attestation
-  # ECDAA attestation is unsupported.
   module AttestationStatement
     class Packed < Base
       # Follows "Verification procedure"
       def valid?(authenticator_data, client_data_hash)
-        check_unsupported_feature
-
         valid_format? &&
           valid_algorithm?(authenticator_data.credential) &&
-          valid_certificate_chain? &&
           valid_ec_public_keys?(authenticator_data.credential) &&
           meet_certificate_requirement? &&
           matching_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) &&
           valid_signature?(authenticator_data, client_data_hash) &&
-          attestation_type_and_trust_path
+          trustworthy?(aaguid: authenticator_data.aaguid) &&
+          [attestation_type, attestation_trust_path]
       end
 
       private
@@ -30,31 +26,15 @@ module WebAuthn
       end
 
       def self_attestation?
-        !raw_attestation_certificates && !raw_ecdaa_key_id
+        !raw_certificates
       end
 
       def valid_format?
-        algorithm && signature && (
-          [raw_attestation_certificates, raw_ecdaa_key_id].compact.size < 2
-        )
-      end
-
-      def check_unsupported_feature
-        if raw_ecdaa_key_id
-          raise NotSupportedError, "ecdaaKeyId of the packed attestation format is not implemented yet"
-        end
-      end
-
-      def valid_certificate_chain?
-        if attestation_certificate_chain
-          attestation_certificate_chain[1..-1].all? { |c| certificate_in_use?(c) }
-        else
-          true
-        end
+        algorithm && signature
       end
 
       def valid_ec_public_keys?(credential)
-        (attestation_certificate_chain&.map(&:public_key) || [credential.public_key_object])
+        (certificates&.map(&:public_key) || [credential.public_key_object])
           .select { |pkey| pkey.is_a?(OpenSSL::PKey::EC) }
           .all? { |pkey| pkey.check_key }
       end
@@ -65,7 +45,6 @@ module WebAuthn
           subject = attestation_certificate.subject.to_a
 
           attestation_certificate.version == 2 &&
-            certificate_in_use?(attestation_certificate) &&
             subject.assoc('OU')&.at(1) == "Authenticator Attestation" &&
             attestation_certificate.extensions.find { |ext| ext.oid == 'basicConstraints' }&.value == 'CA:FALSE'
         else
@@ -73,27 +52,20 @@ module WebAuthn
         end
       end
 
-      def certificate_in_use?(certificate)
-        now = Time.now
-
-        certificate.not_before < now && now < certificate.not_after
+      def attestation_type
+        if attestation_trust_path
+          WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA # FIXME: use metadata if available
+        else
+          WebAuthn::AttestationStatement::ATTESTATION_TYPE_SELF
+        end
       end
 
       def valid_signature?(authenticator_data, client_data_hash)
-        signature_verifier = WebAuthn::SignatureVerifier.new(
-          algorithm,
+        super(
+          authenticator_data,
+          client_data_hash,
           attestation_certificate&.public_key || authenticator_data.credential.public_key_object
         )
-
-        signature_verifier.verify(signature, authenticator_data.data + client_data_hash)
-      end
-
-      def attestation_type_and_trust_path
-        if raw_attestation_certificates&.any?
-          [WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA, attestation_certificate_chain]
-        else
-          [WebAuthn::AttestationStatement::ATTESTATION_TYPE_SELF, nil]
-        end
       end
     end
   end

data/lib/webauthn/attestation_statement/tpm.rb

@@ -2,73 +2,63 @@
 
 require "cose/algorithm"
 require "openssl"
+require "tpm/key_attestation"
 require "webauthn/attestation_statement/base"
-require "webauthn/attestation_statement/tpm/cert_info"
-require "webauthn/attestation_statement/tpm/pub_area"
-require "webauthn/signature_verifier"
 
 module WebAuthn
   module AttestationStatement
     class TPM < Base
-      CERTIFICATE_V3 = 2
-      CERTIFICATE_EMPTY_NAME = OpenSSL::X509::Name.new([]).freeze
-      OID_TCG_KP_AIK_CERTIFICATE = "2.23.133.8.3"
       TPM_V2 = "2.0"
 
-      def valid?(authenticator_data, client_data_hash)
-        case attestation_type
-        when ATTESTATION_TYPE_ATTCA
-          att_to_be_signed = authenticator_data.data + client_data_hash
+      COSE_ALG_TO_TPM = {
+        "RS1" => { signature: ::TPM::ALG_RSASSA, hash: ::TPM::ALG_SHA1 },
+        "RS256" => { signature: ::TPM::ALG_RSASSA, hash: ::TPM::ALG_SHA256 },
+        "PS256" => { signature: ::TPM::ALG_RSAPSS, hash: ::TPM::ALG_SHA256 },
+        "ES256" => { signature: ::TPM::ALG_ECDSA, hash: ::TPM::ALG_SHA256 },
+      }.freeze
 
+      def valid?(authenticator_data, client_data_hash)
+        attestation_type == ATTESTATION_TYPE_ATTCA &&
           ver == TPM_V2 &&
-            valid_signature? &&
-            valid_attestation_certificate? &&
-            pub_area.valid?(authenticator_data.credential.public_key) &&
-            cert_info.valid?(statement["pubArea"], OpenSSL::Digest.digest(cose_algorithm.hash, att_to_be_signed)) &&
-            matching_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) &&
-            [attestation_type, attestation_trust_path]
-        when ATTESTATION_TYPE_ECDAA
-          raise(
-            WebAuthn::AttestationStatement::Base::NotSupportedError,
-            "Attestation type ECDAA is not supported"
-          )
-        end
+          valid_key_attestation?(
+            authenticator_data.data + client_data_hash,
+            authenticator_data.credential.public_key_object,
+            authenticator_data.aaguid
+          ) &&
+          matching_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) &&
+          trustworthy?(aaguid: authenticator_data.aaguid) &&
+          [attestation_type, attestation_trust_path]
       end
 
       private
 
-      def valid_signature?
-        WebAuthn::SignatureVerifier
-          .new(algorithm, attestation_certificate.public_key)
-          .verify(signature, verification_data, rsa_pss_salt_length: :auto)
-      end
-
-      def valid_attestation_certificate?
-        extensions = attestation_certificate.extensions
-
-        attestation_certificate.version == CERTIFICATE_V3 &&
-          attestation_certificate.subject.eql?(CERTIFICATE_EMPTY_NAME) &&
-          certificate_in_use?(attestation_certificate) &&
-          extensions.find { |ext| ext.oid == 'basicConstraints' }&.value == "CA:FALSE" &&
-          extensions.find { |ext| ext.oid == "extendedKeyUsage" }&.value == OID_TCG_KP_AIK_CERTIFICATE
-      end
-
-      def certificate_in_use?(certificate)
-        now = Time.now
+      def valid_key_attestation?(certified_extra_data, key, aaguid)
+        key_attestation =
+          ::TPM::KeyAttestation.new(
+            statement["certInfo"],
+            signature,
+            statement["pubArea"],
+            certificates,
+            OpenSSL::Digest.digest(cose_algorithm.hash_function, certified_extra_data),
+            signature_algorithm: tpm_algorithm[:signature],
+            hash_algorithm: tpm_algorithm[:hash],
+            root_certificates: root_certificates(aaguid: aaguid)
+          )
 
-        certificate.not_before < now && now < certificate.not_after
+        key_attestation.valid? && key_attestation.key && key_attestation.key.to_pem == key.to_pem
       end
 
-      def verification_data
-        statement["certInfo"]
+      def valid_certificate_chain?(**_)
+        # Already performed as part of #valid_key_attestation?
+        true
       end
 
-      def cert_info
-        @cert_info ||= CertInfo.new(statement["certInfo"])
+      def default_root_certificates
+        ::TPM::KeyAttestation::ROOT_CERTIFICATES
       end
 
-      def pub_area
-        @pub_area ||= PubArea.new(statement["pubArea"])
+      def tpm_algorithm
+        COSE_ALG_TO_TPM[cose_algorithm.name] || raise("Unsupported algorithm #{cose_algorithm.name}")
       end
 
       def ver
@@ -80,18 +70,12 @@ module WebAuthn
       end
 
       def attestation_type
-        if raw_attestation_certificates && !raw_ecdaa_key_id
+        if raw_certificates
           ATTESTATION_TYPE_ATTCA
-        elsif raw_ecdaa_key_id && !raw_attestation_certificates
-          ATTESTATION_TYPE_ECDAA
         else
           raise "Attestation type invalid"
         end
       end
-
-      def attestation_trust_path
-        attestation_certificate_chain
-      end
     end
   end
 end

data/lib/webauthn/authenticator_assertion_response.rb

@@ -1,12 +1,9 @@
 # frozen_string_literal: true
 
-require "cose/algorithm"
-require "cose/key"
-require "webauthn/attestation_statement/fido_u2f/public_key"
 require "webauthn/authenticator_data"
 require "webauthn/authenticator_response"
 require "webauthn/encoder"
-require "webauthn/signature_verifier"
+require "webauthn/public_key"
 
 module WebAuthn
   class SignatureVerificationError < VerificationError; end
@@ -32,34 +29,31 @@ module WebAuthn
     attr_reader :user_handle
 
     def initialize(authenticator_data:, signature:, user_handle: nil, **options)
-      super(options)
+      super(**options)
 
       @authenticator_data_bytes = authenticator_data
       @signature = signature
       @user_handle = user_handle
     end
 
-    def verify(expected_challenge, expected_origin = nil, public_key:, sign_count:, user_verification: nil,
-               rp_id: nil)
+    def verify(expected_challenge, expected_origin = nil, public_key:, sign_count:, user_verification: nil, rp_id: nil)
       super(expected_challenge, expected_origin, user_verification: user_verification, rp_id: rp_id)
-      verify_item(:signature, credential_cose_key(public_key))
+      verify_item(:signature, WebAuthn::PublicKey.deserialize(public_key))
       verify_item(:sign_count, sign_count)
 
       true
     end
 
     def authenticator_data
-      @authenticator_data ||= WebAuthn::AuthenticatorData.new(authenticator_data_bytes)
+      @authenticator_data ||= WebAuthn::AuthenticatorData.deserialize(authenticator_data_bytes)
     end
 
     private
 
     attr_reader :authenticator_data_bytes, :signature
 
-    def valid_signature?(credential_cose_key)
-      WebAuthn::SignatureVerifier
-        .new(credential_cose_key.alg, credential_cose_key.to_pkey)
-        .verify(signature, authenticator_data_bytes + client_data.hash)
+    def valid_signature?(webauthn_public_key)
+      webauthn_public_key.verify(signature, authenticator_data_bytes + client_data.hash)
     end
 
     def valid_sign_count?(stored_sign_count)
@@ -71,29 +65,6 @@ module WebAuthn
       end
     end
 
-    def credential_cose_key(public_key)
-      if WebAuthn::AttestationStatement::FidoU2f::PublicKey.uncompressed_point?(public_key)
-        # Gem version v1.11.0 and lower, used to behave so that Credential#public_key
-        # returned an EC P-256 uncompressed point.
-        #
-        # Because of https://github.com/cedarcode/webauthn-ruby/issues/137 this was changed
-        # and Credential#public_key started returning the unchanged COSE_Key formatted
-        # credentialPublicKey (as in https://www.w3.org/TR/webauthn/#credentialpublickey).
-        #
-        # Given that the credential public key is expected to be stored long-term by the gem
-        # user and later be passed as the public_key argument in the
-        # AuthenticatorAssertionResponse.verify call, we then need to support the two formats.
-        COSE::Key::EC2.new(
-          alg: COSE::Algorithm.by_name("ES256").id,
-          crv: 1,
-          x: public_key[1..32],
-          y: public_key[33..-1]
-        )
-      else
-        COSE::Key.deserialize(public_key)
-      end
-    end
-
     def type
       WebAuthn::TYPES[:get]
     end

data/lib/webauthn/authenticator_attestation_response.rb

@@ -1,20 +1,23 @@
 # frozen_string_literal: true
 
 require "cbor"
+require "forwardable"
 require "uri"
 require "openssl"
 
-require "webauthn/authenticator_data"
+require "webauthn/attestation_object"
 require "webauthn/authenticator_response"
-require "webauthn/attestation_statement"
 require "webauthn/client_data"
 require "webauthn/encoder"
 
 module WebAuthn
   class AttestationStatementVerificationError < VerificationError; end
+  class AttestationTrustworthinessVerificationError < VerificationError; end
   class AttestedCredentialVerificationError < VerificationError; end
 
   class AuthenticatorAttestationResponse < AuthenticatorResponse
+    extend Forwardable
+
     def self.from_client(response)
       encoder = WebAuthn.configuration.encoder
 
@@ -27,76 +30,51 @@ module WebAuthn
     attr_reader :attestation_type, :attestation_trust_path
 
     def initialize(attestation_object:, **options)
-      super(options)
+      super(**options)
 
-      @attestation_object = attestation_object
+      @attestation_object_bytes = attestation_object
     end
 
     def verify(expected_challenge, expected_origin = nil, user_verification: nil, rp_id: nil)
       super
 
       verify_item(:attested_credential)
-      verify_item(:attestation_statement) if WebAuthn.configuration.verify_attestation_statement
+      if WebAuthn.configuration.verify_attestation_statement
+        verify_item(:attestation_statement)
+      end
 
       true
     end
 
-    def credential
-      authenticator_data.credential
-    end
-
-    def attestation_statement
-      @attestation_statement ||=
-        WebAuthn::AttestationStatement.from(attestation["fmt"], attestation["attStmt"])
-    end
-
-    def authenticator_data
-      @authenticator_data ||= WebAuthn::AuthenticatorData.new(attestation["authData"])
-    end
-
-    def attestation_format
-      attestation["fmt"]
+    def attestation_object
+      @attestation_object ||= WebAuthn::AttestationObject.deserialize(attestation_object_bytes)
     end
 
-    def attestation
-      @attestation ||= CBOR.decode(attestation_object)
-    end
-
-    def aaguid
-      raw_aaguid = authenticator_data.attested_credential_data.raw_aaguid
-      unless raw_aaguid == WebAuthn::AuthenticatorData::AttestedCredentialData::ZEROED_AAGUID
-        authenticator_data.attested_credential_data.aaguid
-      end
-    end
+    def_delegators(
+      :attestation_object,
+      :aaguid,
+      :attestation_statement,
+      :attestation_certificate_key_id,
+      :authenticator_data,
+      :credential
+    )
 
-    def attestation_certificate_key
-      raw_subject_key_identifier(attestation_statement.attestation_certificate)&.unpack("H*")&.[](0)
-    end
+    alias_method :attestation_certificate_key, :attestation_certificate_key_id
 
     private
 
-    attr_reader :attestation_object
+    attr_reader :attestation_object_bytes
 
     def type
       WebAuthn::TYPES[:create]
     end
 
     def valid_attested_credential?
-      authenticator_data.attested_credential_data_included? &&
-        authenticator_data.attested_credential_data.valid?
+      attestation_object.valid_attested_credential?
     end
 
     def valid_attestation_statement?
-      @attestation_type, @attestation_trust_path = attestation_statement.valid?(authenticator_data, client_data.hash)
-    end
-
-    def raw_subject_key_identifier(certificate)
-      extension = certificate.extensions.detect { |ext| ext.oid == "subjectKeyIdentifier" }
-      return unless extension
-
-      ext_asn1 = OpenSSL::ASN1.decode(extension.to_der)
-      ext_value = ext_asn1.value.last
-      OpenSSL::ASN1.decode(ext_value.value).value
+      @attestation_type, @attestation_trust_path = attestation_object.valid_attestation_statement?(client_data.hash)
     end
   end
 end