webauthn 2.0.0.beta1 → 2.3.0

data/lib/android_safetynet/attestation_response.rb

@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-require "base64"
-require "jwt"
-require "webauthn/security_utils"
-
-module AndroidSafetynet
-  # Decoupled from WebAuthn, candidate for extraction
-  # Reference: https://developer.android.com/training/safetynet/attestation.html
-  class AttestationResponse
-    class VerificationError < StandardError; end
-    class LeafCertificateSubjectError < VerificationError; end
-    class NonceMismatchError < VerificationError; end
-    class SignatureError < VerificationError; end
-    class ResponseMissingError < VerificationError; end
-
-    CERTIRICATE_CHAIN_HEADER = "x5c"
-    VALID_SUBJECT_HOSTNAME = "attest.android.com"
-    HEADERS_POSITION = 1
-    PAYLOAD_POSITION = 0
-
-    attr_reader :response
-
-    def initialize(response)
-      @response = response
-    end
-
-    def verify(nonce)
-      if response
-        valid_nonce?(nonce) || raise(NonceMismatchError)
-        valid_attestation_domain? || raise(LeafCertificateSubjectError)
-        valid_signature? || raise(SignatureError)
-      else
-        raise(ResponseMissingError)
-      end
-    end
-
-    def cts_profile_match?
-      payload["ctsProfileMatch"]
-    end
-
-    def certificate_chain
-      @certificate_chain ||= headers[CERTIRICATE_CHAIN_HEADER].map do |cert|
-        OpenSSL::X509::Certificate.new(Base64.strict_decode64(cert))
-      end
-    end
-
-    private
-
-    def valid_nonce?(nonce)
-      WebAuthn::SecurityUtils.secure_compare(payload["nonce"], nonce)
-    end
-
-    def valid_attestation_domain?
-      common_name = leaf_certificate&.subject&.to_a&.assoc('CN')
-
-      if common_name
-        common_name[1] == VALID_SUBJECT_HOSTNAME
-      end
-    end
-
-    def valid_signature?
-      JWT.decode(response, leaf_certificate.public_key, true, algorithms: ["ES256", "RS256"])
-    rescue JWT::VerificationError
-      false
-    end
-
-    def leaf_certificate
-      certificate_chain[0]
-    end
-
-    def headers
-      jws_parts[HEADERS_POSITION]
-    end
-
-    def payload
-      jws_parts[PAYLOAD_POSITION]
-    end
-
-    def jws_parts
-      @jws_parts ||= JWT.decode(response, nil, false)
-    end
-  end
-end

data/lib/cose/algorithm.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require "cose/key"
-
-# TODO: Move this to cose gem
-module COSE
-  # https://tools.ietf.org/html/rfc8152#section-8.1
-  Algorithm = Struct.new(:id, :name, :hash, :kty, :key_curve) do
-    @registered = {}
-
-    def self.register(id, name, hash, kty, key_curve = nil)
-      @registered[id] = COSE::Algorithm.new(id, name, hash, kty, key_curve)
-    end
-
-    def self.find(id)
-      @registered[id]
-    end
-
-    def self.by_name(name)
-      @registered.values.detect { |algorithm| algorithm.name == name }
-    end
-
-    def value
-      id
-    end
-  end
-end
-
-COSE::Algorithm.register(-7, "ES256", "SHA256", COSE::Key::EC2::KTY_EC2, "prime256v1")
-COSE::Algorithm.register(-35, "ES384", "SHA384", COSE::Key::EC2::KTY_EC2, "prime256v1")
-COSE::Algorithm.register(-36, "ES512", "SHA512", COSE::Key::EC2::KTY_EC2, "prime256v1")
-COSE::Algorithm.register(-37, "PS256", "SHA256", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-38, "PS384", "SHA384", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-39, "PS512", "SHA512", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-257, "RS256", "SHA256", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-258, "RS384", "SHA384", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-259, "RS512", "SHA512", COSE::Key::RSA::KTY_RSA)
-COSE::Algorithm.register(-65535, "RS1", "SHA1", COSE::Key::RSA::KTY_RSA)

data/lib/tpm/constants.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module TPM
-  # Section 6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-
-  GENERATED_VALUE = 0xFF544347
-
-  ST_ATTEST_CERTIFY = 0x8017
-
-  # Algorithms
-  ALG_RSA = 0x0001
-  ALG_SHA1 = 0x0004
-  ALG_SHA256 = 0x000B
-  ALG_NULL = 0x0010
-  ALG_RSASSA = 0x0014
-  ALG_RSAPSS = 0x0016
-  ALG_ECDSA = 0x0018
-  ALG_ECC = 0x0023
-
-  # ECC curves
-  ECC_NIST_P256 = 0x0003
-end

data/lib/tpm/s_attest.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/constants"
-require "tpm/sized_buffer"
-require "tpm/s_attest/s_certify_info"
-
-module TPM
-  # Section 10.12.8 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class SAttest < BinData::Record
-    endian :big
-
-    uint32 :magic
-    uint16 :attested_type
-    sized_buffer :qualified_signer
-    sized_buffer :extra_data
-
-    # s_clock_info :clock_info
-    # uint64 :firmware_version
-    skip length: 25
-
-    choice :attested, selection: :attested_type do
-      s_certify_info TPM::ST_ATTEST_CERTIFY
-    end
-  end
-end

data/lib/tpm/s_attest/s_certify_info.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/sized_buffer"
-
-module TPM
-  class SAttest < BinData::Record
-    # Section 10.12.3 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SCertifyInfo < BinData::Record
-      sized_buffer :name
-      sized_buffer :qualified_name
-    end
-  end
-end

data/lib/tpm/sized_buffer.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  # Section 10.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class SizedBuffer < BinData::Record
-    endian :big
-
-    uint16 :buffer_size, value: lambda { buffer.size }
-    string :buffer, read_length: :buffer_size
-  end
-end

data/lib/tpm/t_public.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/constants"
-require "tpm/sized_buffer"
-require "tpm/t_public/s_ecc_parms"
-require "tpm/t_public/s_rsa_parms"
-
-module TPM
-  # Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class TPublic < BinData::Record
-    endian :big
-
-    uint16 :alg_type
-    uint16 :name_alg
-
-    # :object_attributes
-    skip length: 4
-
-    sized_buffer :auth_policy
-
-    choice :parameters, selection: :alg_type do
-      s_ecc_parms TPM::ALG_ECC
-      s_rsa_parms TPM::ALG_RSA
-    end
-
-    choice :unique, selection: :alg_type do
-      sized_buffer TPM::ALG_ECC
-      sized_buffer TPM::ALG_RSA
-    end
-  end
-end

data/lib/tpm/t_public/s_ecc_parms.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  class TPublic < BinData::Record
-    # Section 12.2.3.6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SEccParms < BinData::Record
-      endian :big
-
-      uint16 :symmetric
-      uint16 :scheme
-      uint16 :curve_id
-      uint16 :kdf
-    end
-  end
-end

data/lib/tpm/t_public/s_rsa_parms.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  class TPublic < BinData::Record
-    # Section 12.2.3.5 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SRsaParms < BinData::Record
-      endian :big
-
-      uint16 :symmetric
-      uint16 :scheme
-      uint16 :key_bits
-      uint32 :exponent
-    end
-  end
-end

data/lib/webauthn/attestation_statement/android_key/authorization_list.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class AndroidKey < Base
-      class AuthorizationList
-        PURPOSE_TAG = 1
-        ALL_APPLICATIONS_TAG = 600
-        ORIGIN_TAG = 702
-
-        def initialize(sequence)
-          @sequence = sequence
-        end
-
-        def purpose
-          find_by_tag(PURPOSE_TAG)&.value&.at(0)&.value&.at(0)&.value
-        end
-
-        def all_applications
-          find_by_tag(ALL_APPLICATIONS_TAG)&.value
-        end
-
-        def origin
-          find_by_tag(ORIGIN_TAG)&.value&.at(0)&.value
-        end
-
-        private
-
-        attr_reader :sequence
-
-        def find_by_tag(tag)
-          sequence.detect { |data| data.tag == tag }
-        end
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/android_key/key_description.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-require "webauthn/attestation_statement/android_key/authorization_list"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class AndroidKey < Base
-      class KeyDescription
-        # https://developer.android.com/training/articles/security-key-attestation#certificate_schema
-        ATTESTATION_CHALLENGE_INDEX = 4
-        SOFTWARE_ENFORCED_INDEX = 6
-        TEE_ENFORCED_INDEX = 7
-
-        def initialize(sequence)
-          @sequence = sequence
-        end
-
-        def attestation_challenge
-          sequence[ATTESTATION_CHALLENGE_INDEX].value
-        end
-
-        def tee_enforced
-          @tee_enforced ||= AuthorizationList.new(sequence[TEE_ENFORCED_INDEX].value)
-        end
-
-        def software_enforced
-          @software_enforced ||= AuthorizationList.new(sequence[SOFTWARE_ENFORCED_INDEX].value)
-        end
-
-        private
-
-        attr_reader :sequence
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/tpm/cert_info.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require "openssl"
-require "tpm/constants"
-require "tpm/s_attest"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class TPM < Base
-      class CertInfo
-        TPM_TO_OPENSSL_HASH_ALG = {
-          ::TPM::ALG_SHA1 => "SHA1",
-          ::TPM::ALG_SHA256 => "SHA256"
-        }.freeze
-
-        def initialize(data)
-          @data = data
-        end
-
-        def valid?(attested_data, extra_data)
-          s_attest.magic == ::TPM::GENERATED_VALUE &&
-            valid_name?(attested_data) &&
-            s_attest.extra_data.buffer == extra_data
-        end
-
-        private
-
-        attr_reader :data
-
-        def valid_name?(attested_data)
-          name_hash_alg = s_attest.attested.name.buffer[0..1].unpack("n")[0]
-          name = s_attest.attested.name.buffer[2..-1]
-
-          name == OpenSSL::Digest.digest(TPM_TO_OPENSSL_HASH_ALG[name_hash_alg], attested_data)
-        end
-
-        def s_attest
-          @s_attest ||= ::TPM::SAttest.read(data)
-        end
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/tpm/pub_area.rb

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-require "cose/algorithm"
-require "cose/key"
-require "tpm/constants"
-require "tpm/t_public"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class TPM < Base
-      class PubArea
-        BYTE_LENGTH = 8
-
-        COSE_ECC_TO_TPM_ALG = {
-          COSE::Algorithm.by_name("ES256").id => ::TPM::ALG_ECDSA,
-        }.freeze
-
-        COSE_RSA_TO_TPM_ALG = {
-          COSE::Algorithm.by_name("RS256").id => ::TPM::ALG_RSASSA,
-          COSE::Algorithm.by_name("PS256").id => ::TPM::ALG_RSAPSS,
-        }.freeze
-
-        COSE_TO_TPM_CURVE = {
-          COSE::Key::Curve.by_name("P-256").id => ::TPM::ECC_NIST_P256
-        }.freeze
-
-        def initialize(data)
-          @data = data
-        end
-
-        def valid?(public_key)
-          cose_key = COSE::Key.deserialize(public_key)
-
-          case cose_key
-          when COSE::Key::EC2
-            valid_ecc_key?(cose_key)
-          when COSE::Key::RSA
-            valid_rsa_key?(cose_key)
-          else
-            raise "Unsupported or unknown TPM key type"
-          end
-        end
-
-        private
-
-        attr_reader :data
-
-        def valid_ecc_key?(cose_key)
-          valid_symmetric? &&
-            valid_scheme?(COSE_ECC_TO_TPM_ALG[cose_key.alg]) &&
-            parameters.curve_id == COSE_TO_TPM_CURVE[cose_key.crv] &&
-            unique == cose_key.x + cose_key.y
-        end
-
-        def valid_rsa_key?(cose_key)
-          valid_symmetric? &&
-            valid_scheme?(COSE_RSA_TO_TPM_ALG[cose_key.alg]) &&
-            parameters.key_bits == cose_key.n.size * BYTE_LENGTH &&
-            unique == cose_key.n
-        end
-
-        def valid_symmetric?
-          parameters.symmetric == ::TPM::ALG_NULL
-        end
-
-        def valid_scheme?(scheme)
-          parameters.scheme == ::TPM::ALG_NULL || parameters.scheme == scheme
-        end
-
-        def unique
-          t_public.unique.buffer
-        end
-
-        def parameters
-          t_public.parameters
-        end
-
-        def t_public
-          @t_public = ::TPM::TPublic.read(data)
-        end
-      end
-    end
-  end
-end