webauthn 2.1.0 → 2.4.1

data/SECURITY.md

@@ -4,11 +4,13 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.1.z    | :white_check_mark: |
-| 2.0.z    | :white_check_mark: |
+| 2.4.z    | :white_check_mark: |
+| 2.3.z    | :white_check_mark: |
+| 2.2.z    | :white_check_mark: |
+| 2.1.z    | :x: |
+| 2.0.z    | :x: |
 | 1.18.z   | :white_check_mark: |
-| 1.17.z   | :white_check_mark: |
-| < 1.17   | :x:                |
+| < 1.18   | :x:                |
 
 ## Reporting a Vulnerability
 

data/gemfiles/openssl_2_2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "openssl", "~> 2.2.0"
+
+gemspec path: "../"

data/lib/cose/rsapkcs1_algorithm.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "cose"
+require "cose/algorithm/signature_algorithm"
+require "cose/error"
+require "cose/key/rsa"
+require "openssl/signature_algorithm/rsapkcs1"
+
+class RSAPKCS1Algorithm < COSE::Algorithm::SignatureAlgorithm
+  attr_reader :hash_function
+
+  def initialize(*args, hash_function:)
+    super(*args)
+
+    @hash_function = hash_function
+  end
+
+  private
+
+  def signature_algorithm_class
+    OpenSSL::SignatureAlgorithm::RSAPKCS1
+  end
+
+  def valid_key?(key)
+    to_cose_key(key).is_a?(COSE::Key::RSA)
+  end
+
+  def to_pkey(key)
+    case key
+    when COSE::Key::RSA
+      key.to_pkey
+    when OpenSSL::PKey::RSA
+      key
+    else
+      raise(COSE::Error, "Incompatible key for algorithm")
+    end
+  end
+end
+
+COSE::Algorithm.register(RSAPKCS1Algorithm.new(-257, "RS256", hash_function: "SHA256"))
+COSE::Algorithm.register(RSAPKCS1Algorithm.new(-258, "RS384", hash_function: "SHA384"))
+COSE::Algorithm.register(RSAPKCS1Algorithm.new(-259, "RS512", hash_function: "SHA512"))
+
+# Patch openssl-signature_algorithm gem to support discouraged/deprecated RSA-PKCS#1 with SHA-1
+# (RS1 in JOSE/COSE terminology) algorithm needed for WebAuthn.
+OpenSSL::SignatureAlgorithm::RSAPKCS1.const_set(
+  :ACCEPTED_HASH_FUNCTIONS,
+  OpenSSL::SignatureAlgorithm::RSAPKCS1::ACCEPTED_HASH_FUNCTIONS + ["SHA1"]
+)
+COSE::Algorithm.register(RSAPKCS1Algorithm.new(-65535, "RS1", hash_function: "SHA1"))

data/lib/webauthn/attestation_object.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "cbor"
+require "forwardable"
+require "openssl"
+require "webauthn/attestation_statement"
+require "webauthn/authenticator_data"
+
+module WebAuthn
+  class AttestationObject
+    extend Forwardable
+
+    def self.deserialize(attestation_object)
+      from_map(CBOR.decode(attestation_object))
+    end
+
+    def self.from_map(map)
+      new(
+        authenticator_data: WebAuthn::AuthenticatorData.deserialize(map["authData"]),
+        attestation_statement: WebAuthn::AttestationStatement.from(map["fmt"], map["attStmt"])
+      )
+    end
+
+    attr_reader :authenticator_data, :attestation_statement
+
+    def initialize(authenticator_data:, attestation_statement:)
+      @authenticator_data = authenticator_data
+      @attestation_statement = attestation_statement
+    end
+
+    def valid_attested_credential?
+      authenticator_data.attested_credential_data_included? &&
+        authenticator_data.attested_credential_data.valid?
+    end
+
+    def valid_attestation_statement?(client_data_hash)
+      attestation_statement.valid?(authenticator_data, client_data_hash)
+    end
+
+    def_delegators :authenticator_data, :credential, :aaguid
+    def_delegators :attestation_statement, :attestation_certificate_key_id
+  end
+end

data/lib/webauthn/attestation_statement.rb

@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 
+require "webauthn/attestation_statement/android_key"
+require "webauthn/attestation_statement/android_safetynet"
+require "webauthn/attestation_statement/fido_u2f"
+require "webauthn/attestation_statement/none"
+require "webauthn/attestation_statement/packed"
+require "webauthn/attestation_statement/tpm"
 require "webauthn/error"
 
 module WebAuthn
@@ -13,28 +19,22 @@ module WebAuthn
     ATTESTATION_FORMAT_ANDROID_KEY = "android-key"
     ATTESTATION_FORMAT_TPM = "tpm"
 
+    FORMAT_TO_CLASS = {
+      ATTESTATION_FORMAT_NONE => WebAuthn::AttestationStatement::None,
+      ATTESTATION_FORMAT_FIDO_U2F => WebAuthn::AttestationStatement::FidoU2f,
+      ATTESTATION_FORMAT_PACKED => WebAuthn::AttestationStatement::Packed,
+      ATTESTATION_FORMAT_ANDROID_SAFETYNET => WebAuthn::AttestationStatement::AndroidSafetynet,
+      ATTESTATION_FORMAT_ANDROID_KEY => WebAuthn::AttestationStatement::AndroidKey,
+      ATTESTATION_FORMAT_TPM => WebAuthn::AttestationStatement::TPM
+    }.freeze
+
     def self.from(format, statement)
-      case format
-      when ATTESTATION_FORMAT_NONE
-        require "webauthn/attestation_statement/none"
-        WebAuthn::AttestationStatement::None.new(statement)
-      when ATTESTATION_FORMAT_FIDO_U2F
-        require "webauthn/attestation_statement/fido_u2f"
-        WebAuthn::AttestationStatement::FidoU2f.new(statement)
-      when ATTESTATION_FORMAT_PACKED
-        require "webauthn/attestation_statement/packed"
-        WebAuthn::AttestationStatement::Packed.new(statement)
-      when ATTESTATION_FORMAT_ANDROID_SAFETYNET
-        require "webauthn/attestation_statement/android_safetynet"
-        WebAuthn::AttestationStatement::AndroidSafetynet.new(statement)
-      when ATTESTATION_FORMAT_ANDROID_KEY
-        require "webauthn/attestation_statement/android_key"
-        WebAuthn::AttestationStatement::AndroidKey.new(statement)
-      when ATTESTATION_FORMAT_TPM
-        require "webauthn/attestation_statement/tpm"
-        WebAuthn::AttestationStatement::TPM.new(statement)
+      klass = FORMAT_TO_CLASS[format]
+
+      if klass
+        klass.new(statement)
       else
-        raise FormatNotSupportedError, "Unsupported attestation format '#{format}'"
+        raise(FormatNotSupportedError, "Unsupported attestation format '#{format}'")
       end
     end
   end

data/lib/webauthn/attestation_statement/android_key.rb

@@ -1,73 +1,71 @@
 # frozen_string_literal: true
 
+require "android_key_attestation"
 require "openssl"
-require "webauthn/attestation_statement/android_key/key_description"
 require "webauthn/attestation_statement/base"
-require "webauthn/security_utils"
-require "webauthn/signature_verifier"
 
 module WebAuthn
   module AttestationStatement
     class AndroidKey < Base
-      EXTENSION_DATA_OID = "1.3.6.1.4.1.11129.2.1.17"
-
-      # https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/keymaster_defs.h
-      KM_ORIGIN_GENERATED = 0
-      KM_PURPOSE_SIGN = 2
-
       def valid?(authenticator_data, client_data_hash)
         valid_signature?(authenticator_data, client_data_hash) &&
           matching_public_key?(authenticator_data) &&
           valid_attestation_challenge?(client_data_hash) &&
-          all_applications_field_not_present? &&
+          all_applications_fields_not_set? &&
           valid_authorization_list_origin? &&
           valid_authorization_list_purpose? &&
-          [WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC, attestation_trust_path]
+          trustworthy?(aaguid: authenticator_data.aaguid) &&
+          [attestation_type, attestation_trust_path]
       end
 
       private
 
-      def valid_signature?(authenticator_data, client_data_hash)
-        WebAuthn::SignatureVerifier
-          .new(algorithm, attestation_certificate.public_key)
-          .verify(signature, authenticator_data.data + client_data_hash)
-      end
-
       def matching_public_key?(authenticator_data)
         attestation_certificate.public_key.to_der == authenticator_data.credential.public_key_object.to_der
       end
 
       def valid_attestation_challenge?(client_data_hash)
-        WebAuthn::SecurityUtils.secure_compare(key_description.attestation_challenge, client_data_hash)
+        android_key_attestation.verify_challenge(client_data_hash)
+      rescue AndroidKeyAttestation::ChallengeMismatchError
+        false
       end
 
-      def all_applications_field_not_present?
-        tee_enforced.all_applications.nil? && software_enforced.all_applications.nil?
+      def valid_certificate_chain?(aaguid: nil, **_)
+        android_key_attestation.verify_certificate_chain(root_certificates: root_certificates(aaguid: aaguid))
+      rescue AndroidKeyAttestation::CertificateVerificationError
+        false
+      end
+
+      def all_applications_fields_not_set?
+        !tee_enforced.all_applications && !software_enforced.all_applications
       end
 
       def valid_authorization_list_origin?
-        tee_enforced.origin == KM_ORIGIN_GENERATED || software_enforced.origin == KM_ORIGIN_GENERATED
+        tee_enforced.origin == :generated || software_enforced.origin == :generated
       end
 
       def valid_authorization_list_purpose?
-        tee_enforced.purpose == KM_PURPOSE_SIGN || software_enforced.purpose == KM_PURPOSE_SIGN
+        tee_enforced.purpose == [:sign] || software_enforced.purpose == [:sign]
       end
 
       def tee_enforced
-        key_description.tee_enforced
+        android_key_attestation.tee_enforced
       end
 
       def software_enforced
-        key_description.software_enforced
+        android_key_attestation.software_enforced
+      end
+
+      def attestation_type
+        WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC
       end
 
-      def key_description
-        @key_description ||= begin
-          extension_data = attestation_certificate.extensions.detect { |ext| ext.oid == EXTENSION_DATA_OID }
-          raw_key_description = OpenSSL::ASN1.decode(extension_data).value.last
+      def default_root_certificates
+        AndroidKeyAttestation::Statement::GOOGLE_ROOT_CERTIFICATES
+      end
 
-          KeyDescription.new(OpenSSL::ASN1.decode(raw_key_description.value).value)
-        end
+      def android_key_attestation
+        @android_key_attestation ||= AndroidKeyAttestation::Statement.new(*certificates)
       end
     end
   end

data/lib/webauthn/attestation_statement/android_safetynet.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "android_safetynet/attestation_response"
+require "safety_net_attestation"
 require "openssl"
 require "webauthn/attestation_statement/base"
 
@@ -12,11 +12,12 @@ module WebAuthn
         valid_response?(authenticator_data, client_data_hash) &&
           valid_version? &&
           cts_profile_match? &&
-          [WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC, attestation_trust_path]
+          trustworthy?(aaguid: authenticator_data.aaguid) &&
+          [attestation_type, attestation_trust_path]
       end
 
       def attestation_certificate
-        attestation_response.leaf_certificate
+        attestation_trust_path.first
       end
 
       private
@@ -25,8 +26,9 @@ module WebAuthn
         nonce = Digest::SHA256.base64digest(authenticator_data.data + client_data_hash)
 
         begin
-          attestation_response.verify(nonce, trustworthiness: false)
-        rescue ::AndroidSafetynet::AttestationResponse::VerificationError
+          attestation_response
+            .verify(nonce, trusted_certificates: root_certificates(aaguid: authenticator_data.aaguid), time: time)
+        rescue SafetyNetAttestation::Error
           false
         end
       end
@@ -40,12 +42,30 @@ module WebAuthn
         attestation_response.cts_profile_match?
       end
 
+      def valid_certificate_chain?(**_)
+        # Already performed as part of #valid_response?
+        true
+      end
+
+      def attestation_type
+        WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC
+      end
+
+      # SafetyNetAttestation returns full chain including root, WebAuthn expects only the x5c certificates
       def attestation_trust_path
-        attestation_response.certificate_chain
+        attestation_response.certificate_chain[0..-2]
       end
 
       def attestation_response
-        @attestation_response ||= ::AndroidSafetynet::AttestationResponse.new(statement["response"])
+        @attestation_response ||= SafetyNetAttestation::Statement.new(statement["response"])
+      end
+
+      def default_root_certificates
+        SafetyNetAttestation::Statement::GOOGLE_ROOT_CERTIFICATES
+      end
+
+      def time
+        Time.now
       end
     end
   end

data/lib/webauthn/attestation_statement/base.rb

@@ -1,21 +1,29 @@
 # frozen_string_literal: true
 
+require "cose/algorithm"
+require "cose/error"
+require "cose/rsapkcs1_algorithm"
 require "openssl"
 require "webauthn/authenticator_data/attested_credential_data"
 require "webauthn/error"
 
 module WebAuthn
   module AttestationStatement
+    class UnsupportedAlgorithm < Error; end
+
     ATTESTATION_TYPE_NONE = "None"
     ATTESTATION_TYPE_BASIC = "Basic"
     ATTESTATION_TYPE_SELF = "Self"
     ATTESTATION_TYPE_ATTCA = "AttCA"
-    ATTESTATION_TYPE_ECDAA = "ECDAA"
     ATTESTATION_TYPE_BASIC_OR_ATTCA = "Basic_or_AttCA"
 
-    class Base
-      class NotSupportedError < Error; end
+    ATTESTATION_TYPES_WITH_ROOT = [
+      ATTESTATION_TYPE_BASIC,
+      ATTESTATION_TYPE_BASIC_OR_ATTCA,
+      ATTESTATION_TYPE_ATTCA
+    ].freeze
 
+    class Base
       AAGUID_EXTENSION_OID = "1.3.6.1.4.1.45724.1.1.4"
 
       def initialize(statement)
@@ -26,6 +34,10 @@ module WebAuthn
         raise NotImplementedError
       end
 
+      def format
+        WebAuthn::AttestationStatement::FORMAT_TO_CLASS.key(self.class)
+      end
+
       def attestation_certificate
         certificates&.first
       end
@@ -36,6 +48,10 @@ module WebAuthn
         end
       end
 
+      def attestation_certificate_key_id
+        raw_subject_key_identifier&.unpack("H*")&.[](0)
+      end
+
       private
 
       attr_reader :statement
@@ -53,9 +69,10 @@ module WebAuthn
       end
 
       def certificates
-        @certificates ||= raw_certificates&.map do |raw_certificate|
-          OpenSSL::X509::Certificate.new(raw_certificate)
-        end
+        @certificates ||=
+          raw_certificates&.map do |raw_certificate|
+            OpenSSL::X509::Certificate.new(raw_certificate)
+          end
       end
 
       def algorithm
@@ -66,10 +83,6 @@ module WebAuthn
         statement["x5c"]
       end
 
-      def raw_ecdaa_key_id
-        statement["ecdaaKeyId"]
-      end
-
       def signature
         statement["sig"]
       end
@@ -79,6 +92,91 @@ module WebAuthn
           certificates
         end
       end
+
+      def trustworthy?(aaguid: nil, attestation_certificate_key_id: nil)
+        if ATTESTATION_TYPES_WITH_ROOT.include?(attestation_type)
+          configuration.acceptable_attestation_types.include?(attestation_type) &&
+            valid_certificate_chain?(aaguid: aaguid, attestation_certificate_key_id: attestation_certificate_key_id)
+        else
+          configuration.acceptable_attestation_types.include?(attestation_type)
+        end
+      end
+
+      def valid_certificate_chain?(aaguid: nil, attestation_certificate_key_id: nil)
+        attestation_root_certificates_store(
+          aaguid: aaguid,
+          attestation_certificate_key_id: attestation_certificate_key_id
+        ).verify(attestation_certificate, attestation_trust_path)
+      end
+
+      def attestation_root_certificates_store(aaguid: nil, attestation_certificate_key_id: nil)
+        OpenSSL::X509::Store.new.tap do |store|
+          root_certificates(
+            aaguid: aaguid,
+            attestation_certificate_key_id: attestation_certificate_key_id
+          ).each do |cert|
+            store.add_cert(cert)
+          end
+        end
+      end
+
+      def root_certificates(aaguid: nil, attestation_certificate_key_id: nil)
+        root_certificates =
+          configuration.attestation_root_certificates_finders.reduce([]) do |certs, finder|
+            if certs.empty?
+              finder.find(
+                attestation_format: format,
+                aaguid: aaguid,
+                attestation_certificate_key_id: attestation_certificate_key_id
+              ) || []
+            else
+              certs
+            end
+          end
+
+        if root_certificates.empty? && respond_to?(:default_root_certificates, true)
+          default_root_certificates
+        else
+          root_certificates
+        end
+      end
+
+      def raw_subject_key_identifier
+        extension = attestation_certificate.extensions.detect { |ext| ext.oid == "subjectKeyIdentifier" }
+        return unless extension
+
+        ext_asn1 = OpenSSL::ASN1.decode(extension.to_der)
+        ext_value = ext_asn1.value.last
+        OpenSSL::ASN1.decode(ext_value.value).value
+      end
+
+      def valid_signature?(authenticator_data, client_data_hash, public_key = attestation_certificate.public_key)
+        raise("Incompatible algorithm and key") unless cose_algorithm.compatible_key?(public_key)
+
+        cose_algorithm.verify(
+          public_key,
+          signature,
+          verification_data(authenticator_data, client_data_hash)
+        )
+      rescue COSE::Error
+        false
+      end
+
+      def verification_data(authenticator_data, client_data_hash)
+        authenticator_data.data + client_data_hash
+      end
+
+      def cose_algorithm
+        @cose_algorithm ||=
+          COSE::Algorithm.find(algorithm).tap do |alg|
+            alg && configuration.algorithms.include?(alg.name) ||
+              raise(UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}")
+          end
+      end
+
+      def configuration
+        WebAuthn.configuration
+      end
     end
   end
 end