webauthn 2.1.0 → 3.4.0

data/.travis.yml

@@ -1,36 +0,0 @@
-dist: bionic
-language: ruby
-cache: bundler
-
-rvm:
-  - ruby-head
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
-  - 2.3.8
-
-gemfile:
-  - gemfiles/cose_head.gemfile
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/cose_head.gemfile
-    - gemfile: gemfiles/openssl_head.gemfile
-
-addons:
-  apt:
-    packages:
-      - libfaketime
-
-before_install:
-  - gem install bundler -v "~> 2.0"
-
-before_script:
-  - export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
-  - export FAKETIME_NO_CACHE=1

data/Appraisals

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-appraise "cose_head" do
-  gem "cose", git: "https://github.com/cedarcode/cose-ruby"
-end
-
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
-end
-
-appraise "openssl_2_1" do
-  gem "openssl", "~> 2.1.0"
-end
-
-appraise "openssl_2_0" do
-  gem "openssl", "~> 2.0.0"
-end

data/gemfiles/cose_head.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "cose", git: "https://github.com/cedarcode/cose-ruby"
-
-gemspec path: "../"

data/gemfiles/openssl_2_0.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "openssl", "~> 2.0.0"
-
-gemspec path: "../"

data/gemfiles/openssl_2_1.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "openssl", "~> 2.1.0"
-
-gemspec path: "../"

data/gemfiles/openssl_head.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "openssl", git: "https://github.com/ruby/openssl"
-
-gemspec path: "../"

data/lib/android_safetynet/attestation_response.rb

@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-
-require "base64"
-require "jwt"
-require "webauthn/security_utils"
-
-module AndroidSafetynet
-  # Decoupled from WebAuthn, candidate for extraction
-  # Reference: https://developer.android.com/training/safetynet/attestation.html
-  class AttestationResponse
-    class VerificationError < StandardError; end
-    class LeafCertificateSubjectError < VerificationError; end
-    class NonceMismatchError < VerificationError; end
-    class SignatureError < VerificationError; end
-    class ResponseMissingError < VerificationError; end
-    class TimestampError < VerificationError; end
-    class TrustworthinessError < VerificationError; end
-
-    CERTIRICATE_CHAIN_HEADER = "x5c"
-    VALID_SUBJECT_HOSTNAME = "attest.android.com"
-    HEADERS_POSITION = 1
-    PAYLOAD_POSITION = 0
-    LEEWAY = 60
-
-    # FIXME: Should probably be limited to only roots published by Google
-    # See https://github.com/cedarcode/webauthn-ruby/issues/160#issuecomment-487941201
-    @trust_store = OpenSSL::X509::Store.new.tap { |trust_store| trust_store.set_default_paths }
-
-    class << self
-      attr_accessor :trust_store
-    end
-
-    attr_reader :response
-
-    def initialize(response)
-      @response = response
-    end
-
-    def verify(nonce, trustworthiness: true)
-      if response
-        valid_nonce?(nonce) || raise(NonceMismatchError)
-        valid_attestation_domain? || raise(LeafCertificateSubjectError)
-        valid_signature? || raise(SignatureError)
-        valid_timestamp? || raise(TimestampError)
-        trustworthy? || raise(TrustworthinessError) if trustworthiness
-
-        true
-      else
-        raise(ResponseMissingError)
-      end
-    end
-
-    def cts_profile_match?
-      payload["ctsProfileMatch"]
-    end
-
-    def leaf_certificate
-      certificate_chain[0]
-    end
-
-    def certificate_chain
-      @certificate_chain ||= headers[CERTIRICATE_CHAIN_HEADER].map do |cert|
-        OpenSSL::X509::Certificate.new(Base64.strict_decode64(cert))
-      end
-    end
-
-    def valid_timestamp?
-      now = Time.now
-      Time.at((payload["timestampMs"] / 1000.0).round).between?(now - LEEWAY, now)
-    end
-
-    private
-
-    def valid_nonce?(nonce)
-      WebAuthn::SecurityUtils.secure_compare(payload["nonce"], nonce)
-    end
-
-    def valid_attestation_domain?
-      common_name = leaf_certificate&.subject&.to_a&.assoc('CN')
-
-      if common_name
-        common_name[1] == VALID_SUBJECT_HOSTNAME
-      end
-    end
-
-    def valid_signature?
-      JWT.decode(response, leaf_certificate.public_key, true, algorithms: ["ES256", "RS256"])
-    rescue JWT::VerificationError
-      false
-    end
-
-    def trustworthy?
-      !trust_store || trust_store.verify(leaf_certificate, signing_certificates)
-    end
-
-    def trust_store
-      self.class.trust_store
-    end
-
-    def signing_certificates
-      certificate_chain[1..-1]
-    end
-
-    def headers
-      jws_parts[HEADERS_POSITION]
-    end
-
-    def payload
-      jws_parts[PAYLOAD_POSITION]
-    end
-
-    def jws_parts
-      @jws_parts ||= JWT.decode(response, nil, false)
-    end
-  end
-end

data/lib/cose/rsassa_algorithm.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-require "cose"
-
-RSASSAAlgorithm = Struct.new(:id, :name, :hash_function, :kty)
-
-COSE::Algorithm.register(RSASSAAlgorithm.new(-257, "RS256", "SHA256", COSE::Key::RSA::KTY_RSA))
-COSE::Algorithm.register(RSASSAAlgorithm.new(-258, "RS384", "SHA384", COSE::Key::RSA::KTY_RSA))
-COSE::Algorithm.register(RSASSAAlgorithm.new(-259, "RS512", "SHA512", COSE::Key::RSA::KTY_RSA))
-COSE::Algorithm.register(RSASSAAlgorithm.new(-65535, "RS1", "SHA1", COSE::Key::RSA::KTY_RSA))

data/lib/tpm/constants.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-module TPM
-  # Section 6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-
-  GENERATED_VALUE = 0xFF544347
-
-  ST_ATTEST_CERTIFY = 0x8017
-
-  # Algorithms
-  ALG_RSA = 0x0001
-  ALG_SHA1 = 0x0004
-  ALG_SHA256 = 0x000B
-  ALG_NULL = 0x0010
-  ALG_RSASSA = 0x0014
-  ALG_RSAPSS = 0x0016
-  ALG_ECDSA = 0x0018
-  ALG_ECC = 0x0023
-
-  # ECC curves
-  ECC_NIST_P256 = 0x0003
-
-  # https://trustedcomputinggroup.org/resource/vendor-id-registry/ section 2 "TPM Capabilities Vendor ID (CAP_VID)"
-  VENDOR_IDS = {
-    "id:414D4400" => "AMD",
-    "id:41544D4C" => "Atmel",
-    "id:4252434D" => "Broadcom",
-    "id:49424D00" => "IBM",
-    "id:49465800" => "Infineon",
-    "id:494E5443" => "Intel",
-    "id:4C454E00" => "Lenovo",
-    "id:4E534D20" => "National Semiconductor",
-    "id:4E545A00" => "Nationz",
-    "id:4E544300" => "Nuvoton Technology",
-    "id:51434F4D" => "Qualcomm",
-    "id:534D5343" => "SMSC",
-    "id:53544D20" => "ST Microelectronics",
-    "id:534D534E" => "Samsung",
-    "id:534E5300" => "Sinosun",
-    "id:54584E00" => "Texas Instruments",
-    "id:57454300" => "Winbond",
-    "id:524F4343" => "Fuzhou Rockchip",
-  }.freeze
-end

data/lib/tpm/s_attest/s_certify_info.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/sized_buffer"
-
-module TPM
-  class SAttest < BinData::Record
-    # Section 10.12.3 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SCertifyInfo < BinData::Record
-      sized_buffer :name
-      sized_buffer :qualified_name
-    end
-  end
-end

data/lib/tpm/s_attest.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/constants"
-require "tpm/sized_buffer"
-require "tpm/s_attest/s_certify_info"
-
-module TPM
-  # Section 10.12.8 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class SAttest < BinData::Record
-    endian :big
-
-    uint32 :magic
-    uint16 :attested_type
-    sized_buffer :qualified_signer
-    sized_buffer :extra_data
-
-    # s_clock_info :clock_info
-    # uint64 :firmware_version
-    skip length: 25
-
-    choice :attested, selection: :attested_type do
-      s_certify_info TPM::ST_ATTEST_CERTIFY
-    end
-  end
-end

data/lib/tpm/sized_buffer.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  # Section 10.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class SizedBuffer < BinData::Record
-    endian :big
-
-    uint16 :buffer_size, value: lambda { buffer.size }
-    string :buffer, read_length: :buffer_size
-  end
-end

data/lib/tpm/t_public/s_ecc_parms.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  class TPublic < BinData::Record
-    # Section 12.2.3.6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SEccParms < BinData::Record
-      endian :big
-
-      uint16 :symmetric
-      uint16 :scheme
-      uint16 :curve_id
-      uint16 :kdf
-    end
-  end
-end

data/lib/tpm/t_public/s_rsa_parms.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-
-module TPM
-  class TPublic < BinData::Record
-    # Section 12.2.3.5 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-    class SRsaParms < BinData::Record
-      endian :big
-
-      uint16 :symmetric
-      uint16 :scheme
-      uint16 :key_bits
-      uint32 :exponent
-    end
-  end
-end

data/lib/tpm/t_public.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-require "bindata"
-require "tpm/constants"
-require "tpm/sized_buffer"
-require "tpm/t_public/s_ecc_parms"
-require "tpm/t_public/s_rsa_parms"
-
-module TPM
-  # Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
-  class TPublic < BinData::Record
-    endian :big
-
-    uint16 :alg_type
-    uint16 :name_alg
-
-    # :object_attributes
-    skip length: 4
-
-    sized_buffer :auth_policy
-
-    choice :parameters, selection: :alg_type do
-      s_ecc_parms TPM::ALG_ECC
-      s_rsa_parms TPM::ALG_RSA
-    end
-
-    choice :unique, selection: :alg_type do
-      sized_buffer TPM::ALG_ECC
-      sized_buffer TPM::ALG_RSA
-    end
-  end
-end

data/lib/webauthn/attestation_statement/android_key/authorization_list.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class AndroidKey < Base
-      class AuthorizationList
-        PURPOSE_TAG = 1
-        ALL_APPLICATIONS_TAG = 600
-        ORIGIN_TAG = 702
-
-        def initialize(sequence)
-          @sequence = sequence
-        end
-
-        def purpose
-          find_by_tag(PURPOSE_TAG)&.value&.at(0)&.value&.at(0)&.value
-        end
-
-        def all_applications
-          find_by_tag(ALL_APPLICATIONS_TAG)&.value
-        end
-
-        def origin
-          find_by_tag(ORIGIN_TAG)&.value&.at(0)&.value
-        end
-
-        private
-
-        attr_reader :sequence
-
-        def find_by_tag(tag)
-          sequence.detect { |data| data.tag == tag }
-        end
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/android_key/key_description.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-require "webauthn/attestation_statement/android_key/authorization_list"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class AndroidKey < Base
-      class KeyDescription
-        # https://developer.android.com/training/articles/security-key-attestation#certificate_schema
-        ATTESTATION_CHALLENGE_INDEX = 4
-        SOFTWARE_ENFORCED_INDEX = 6
-        TEE_ENFORCED_INDEX = 7
-
-        def initialize(sequence)
-          @sequence = sequence
-        end
-
-        def attestation_challenge
-          sequence[ATTESTATION_CHALLENGE_INDEX].value
-        end
-
-        def tee_enforced
-          @tee_enforced ||= AuthorizationList.new(sequence[TEE_ENFORCED_INDEX].value)
-        end
-
-        def software_enforced
-          @software_enforced ||= AuthorizationList.new(sequence[SOFTWARE_ENFORCED_INDEX].value)
-        end
-
-        private
-
-        attr_reader :sequence
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/tpm/cert_info.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require "openssl"
-require "tpm/constants"
-require "tpm/s_attest"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class TPM < Base
-      class CertInfo
-        TPM_TO_OPENSSL_HASH_ALG = {
-          ::TPM::ALG_SHA1 => "SHA1",
-          ::TPM::ALG_SHA256 => "SHA256"
-        }.freeze
-
-        def initialize(data)
-          @data = data
-        end
-
-        def valid?(attested_data, extra_data)
-          s_attest.magic == ::TPM::GENERATED_VALUE &&
-            valid_name?(attested_data) &&
-            s_attest.extra_data.buffer == extra_data
-        end
-
-        private
-
-        attr_reader :data
-
-        def valid_name?(attested_data)
-          name_hash_alg = s_attest.attested.name.buffer[0..1].unpack("n")[0]
-          name = s_attest.attested.name.buffer[2..-1]
-
-          name == OpenSSL::Digest.digest(TPM_TO_OPENSSL_HASH_ALG[name_hash_alg], attested_data)
-        end
-
-        def s_attest
-          @s_attest ||= ::TPM::SAttest.read(data)
-        end
-      end
-    end
-  end
-end

data/lib/webauthn/attestation_statement/tpm/pub_area.rb

@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-require "cose"
-require "cose/rsassa_algorithm"
-require "tpm/constants"
-require "tpm/t_public"
-require "webauthn/attestation_statement/base"
-
-module WebAuthn
-  module AttestationStatement
-    class TPM < Base
-      class PubArea
-        BYTE_LENGTH = 8
-
-        COSE_ECC_TO_TPM_ALG = {
-          COSE::Algorithm.by_name("ES256").id => ::TPM::ALG_ECDSA,
-        }.freeze
-
-        COSE_RSA_TO_TPM_ALG = {
-          COSE::Algorithm.by_name("RS256").id => ::TPM::ALG_RSASSA,
-          COSE::Algorithm.by_name("PS256").id => ::TPM::ALG_RSAPSS,
-        }.freeze
-
-        COSE_TO_TPM_CURVE = {
-          COSE::Key::Curve.by_name("P-256").id => ::TPM::ECC_NIST_P256
-        }.freeze
-
-        def initialize(data)
-          @data = data
-        end
-
-        def valid?(public_key)
-          cose_key = COSE::Key.deserialize(public_key)
-
-          case cose_key
-          when COSE::Key::EC2
-            valid_ecc_key?(cose_key)
-          when COSE::Key::RSA
-            valid_rsa_key?(cose_key)
-          else
-            raise "Unsupported or unknown TPM key type"
-          end
-        end
-
-        private
-
-        attr_reader :data
-
-        def valid_ecc_key?(cose_key)
-          valid_symmetric? &&
-            valid_scheme?(COSE_ECC_TO_TPM_ALG[cose_key.alg]) &&
-            parameters.curve_id == COSE_TO_TPM_CURVE[cose_key.crv] &&
-            unique == cose_key.x + cose_key.y
-        end
-
-        def valid_rsa_key?(cose_key)
-          valid_symmetric? &&
-            valid_scheme?(COSE_RSA_TO_TPM_ALG[cose_key.alg]) &&
-            parameters.key_bits == cose_key.n.size * BYTE_LENGTH &&
-            unique == cose_key.n
-        end
-
-        def valid_symmetric?
-          parameters.symmetric == ::TPM::ALG_NULL
-        end
-
-        def valid_scheme?(scheme)
-          parameters.scheme == ::TPM::ALG_NULL || parameters.scheme == scheme
-        end
-
-        def unique
-          t_public.unique.buffer
-        end
-
-        def parameters
-          t_public.parameters
-        end
-
-        def t_public
-          @t_public = ::TPM::TPublic.read(data)
-        end
-      end
-    end
-  end
-end

data/lib/webauthn/security_utils.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require "securecompare"
-
-module WebAuthn
-  module SecurityUtils
-    # Constant time string comparison, for variable length strings.
-    # This code was adapted from Rails ActiveSupport::SecurityUtils
-    #
-    # The values are first processed by SHA256, so that we don't leak length info
-    # via timing attacks.
-    def secure_compare(first_string, second_string)
-      first_string_sha256 = ::Digest::SHA256.digest(first_string)
-      second_string_sha256 = ::Digest::SHA256.digest(second_string)
-
-      SecureCompare.compare(first_string_sha256, second_string_sha256) && first_string == second_string
-    end
-    module_function :secure_compare
-  end
-end