webauthn 1.13.0 → 1.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9b0ee13d67d762afc44c92d76d99a7a7f3500c31658a0248a6dfb4d986f3f18
-  data.tar.gz: 888a0fb232facc8e5d02458bc1c94f926ed4b8541cac4b3937cf7bb4098ed0f4
+  metadata.gz: 812396778f9d74667ca7be0273e1ac38c0f0275aae8eb32b35f4d7aa5a52b6ec
+  data.tar.gz: 66539bc1f99c17b31f51e91df71b4423b059519eb0d8ccb7e4d637e6db8c588b
 SHA512:
-  metadata.gz: a8f7821dbbc3ce730216ade21b37a23d6c202e1e060b90ed1bfb419c2abeed1ff6867d4ba6730de07d7b0f0eef54306358c894cac95faf90cb09af397f60f49e
-  data.tar.gz: ec06219c2f23352fbeec12c6bdf550b5120403c2dbbc249eb577e1eeb90f16ee1425b8ca857cdcdef884d7e2cd385e1d4e5dfb3cc9173aabc511088cf0627760
+  metadata.gz: 875d8b449345498f08caf64f7a9b7cf01d537e85ac188d398ba337b2e13c24a2dd07c8013c201d0b00deb0eb191c8328abfed212e806afee287c91c63c6f8a46
+  data.tar.gz: fa8d32da1d05d15d9a74868c343cf2f907f31d9eab4830c1a3b4eead8317440e4ade8695ff19f463d494ee356a02486ffe37b5c52bf5beff3e70a78d4f4ccbd8

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [v1.14.0] - 2019-04-25
+
+### Added
+
+- Support 'tpm' attestation statement
+- Support RS256 credential public key
+
 ## [v1.13.0] - 2019-04-09
 
 ### Added
@@ -166,6 +173,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
 
+[v1.14.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.13.0...v1.14.0/
 [v1.13.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.12.0...v1.13.0/
 [v1.12.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.11.0...v1.12.0/
 [v1.11.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.10.0...v1.11.0/

data/README.md

@@ -93,15 +93,15 @@ attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
 
 # This value needs to match `window.location.origin` evaluated by
 # the User Agent as part of the verification phase.
-original_origin = "https://www.example.com"
+expected_origin = "https://www.example.com"
 
-# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `original_origin` was used on
+# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `expected_origin` was used on
 # `navigator.credentials.create`, it needs to specified for verification.
 # Otherwise, you can ignore passing in this value to the `verify` method below.
 rp_id = "example.com"
 
 begin
-  attestation_response.verify(original_challenge, original_origin, rp_id: rp_id)
+  attestation_response.verify(expected_challenge, expected_origin, rp_id: rp_id)
 
   # 1. Register the new user and
   # 2. Keep Credential ID and Credential Public Key under storage
@@ -160,9 +160,9 @@ assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
 
 # This value needs to match `window.location.origin` evaluated by
 # the User Agent as part of the verification phase.
-original_origin = "https://www.example.com"
+expected_origin = "https://www.example.com"
 
-# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `original_origin` was used on
+# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `expected_origin` was used on
 # `navigator.credentials.get`, it needs to be specified for verification.
 # Otherwise, you can ignore passing in this value to the `verify` method below.`
 rp_id = "example.com"
@@ -175,7 +175,7 @@ allowed_credential = {
 }
 
 begin
-  assertion_response.verify(original_challenge, original_origin, allowed_credentials: [allowed_credential], rp_id: rp_id)
+  assertion_response.verify(expected_challenge, expected_origin, allowed_credentials: [allowed_credential], rp_id: rp_id)
 
   # Sign in the user
 rescue WebAuthn::VerificationError => e
@@ -190,7 +190,7 @@ end
 | packed (self attestation) | Yes |
 | packed (x5c attestation) | Yes |
 | packed (ECDAA attestation) | No |
-| tpm (x5c attestation) | No |
+| tpm (x5c attestation) | Yes |
 | tpm (ECDAA attestation) | No |
 | android-key | Yes |
 | android-safetynet | Yes |

data/lib/android_safetynet/attestation_response.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require "jwt"
+
+module AndroidSafetynet
+  # Decoupled from WebAuthn, candidate for extraction
+  # Reference: https://developer.android.com/training/safetynet/attestation.html
+  class AttestationResponse
+    class VerificationError < StandardError; end
+    class LeafCertificateSubjectError < VerificationError; end
+    class NonceMismatchError < VerificationError; end
+    class SignatureError < VerificationError; end
+    class ResponseMissingError < VerificationError; end
+
+    CERTIRICATE_CHAIN_HEADER = "x5c"
+    VALID_SUBJECT_HOSTNAME = "attest.android.com"
+    HEADERS_POSITION = 1
+    PAYLOAD_POSITION = 0
+
+    attr_reader :response
+
+    def initialize(response)
+      @response = response
+    end
+
+    def verify(nonce)
+      if response
+        valid_nonce?(nonce) || raise(NonceMismatchError)
+        valid_attestation_domain? || raise(LeafCertificateSubjectError)
+        valid_signature? || raise(SignatureError)
+      else
+        raise(ResponseMissingError)
+      end
+    end
+
+    def cts_profile_match?
+      payload["ctsProfileMatch"]
+    end
+
+    def certificate_chain
+      @certificate_chain ||= headers[CERTIRICATE_CHAIN_HEADER].map do |cert|
+        OpenSSL::X509::Certificate.new(Base64.strict_decode64(cert))
+      end
+    end
+
+    private
+
+    def valid_nonce?(nonce)
+      payload["nonce"] == nonce
+    end
+
+    def valid_attestation_domain?
+      common_name = leaf_certificate&.subject&.to_a&.assoc('CN')
+
+      if common_name
+        common_name[1] == VALID_SUBJECT_HOSTNAME
+      end
+    end
+
+    def valid_signature?
+      JWT.decode(response, leaf_certificate.public_key, true, algorithms: algorithm_for(leaf_certificate.public_key))
+    rescue JWT::VerificationError
+      false
+    end
+
+    def algorithm_for(public_key)
+      case public_key
+      when OpenSSL::PKey::RSA
+        "RS256"
+      when OpenSSL::PKey::EC, OpenSSL::PKey::EC::Point
+        "ES256"
+      else
+        raise "Unsupported algorithm"
+      end
+    end
+
+    def leaf_certificate
+      certificate_chain[0]
+    end
+
+    def headers
+      jws_parts[HEADERS_POSITION]
+    end
+
+    def payload
+      jws_parts[PAYLOAD_POSITION]
+    end
+
+    def jws_parts
+      @jws_parts ||= JWT.decode(response, nil, false)
+    end
+  end
+end

data/lib/cose/algorithm.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
+require "cose/key"
+
 # TODO: Move this to cose gem
 module COSE
   # https://tools.ietf.org/html/rfc8152#section-8.1
-  Algorithm = Struct.new(:id, :name, :hash, :key_curve) do
+  Algorithm = Struct.new(:id, :name, :hash, :kty, :key_curve) do
     @registered = {}
 
-    def self.register(id, name, hash, key_curve)
-      @registered[id] = COSE::Algorithm.new(id, name, hash, key_curve)
+    def self.register(id, name, hash, kty, key_curve = nil)
+      @registered[id] = COSE::Algorithm.new(id, name, hash, kty, key_curve)
     end
 
     def self.find(id)
@@ -24,4 +26,5 @@ module COSE
   end
 end
 
-COSE::Algorithm.register(-7, "ES256", "SHA256", "prime256v1")
+COSE::Algorithm.register(-7, "ES256", "SHA256", COSE::Key::EC2::KTY_EC2, "prime256v1")
+COSE::Algorithm.register(-257, "RS256", "SHA256", COSE::Key::RSA::KTY_RSA)

data/lib/tpm/constants.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module TPM
+  # Section 6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+
+  GENERATED_VALUE = 0xFF544347
+
+  ST_ATTEST_CERTIFY = 0x8017
+
+  # Algorithms
+  ALG_RSA = 0x0001
+  ALG_SHA1 = 0x0004
+  ALG_SHA256 = 0x000B
+  ALG_NULL = 0x0010
+  ALG_RSASSA = 0x0014
+  ALG_ECDSA = 0x0018
+  ALG_ECC = 0x0023
+
+  # ECC curves
+  ECC_NIST_P256 = 0x0003
+end

data/lib/tpm/s_attest.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require "bindata"
+require "tpm/constants"
+require "tpm/sized_buffer"
+require "tpm/s_attest/s_certify_info"
+
+module TPM
+  # Section 10.12.8 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+  class SAttest < BinData::Record
+    endian :big
+
+    uint32 :magic
+    uint16 :attested_type
+    sized_buffer :qualified_signer
+    sized_buffer :extra_data
+
+    # s_clock_info :clock_info
+    # uint64 :firmware_version
+    skip length: 25
+
+    choice :attested, selection: :attested_type do
+      s_certify_info TPM::ST_ATTEST_CERTIFY
+    end
+  end
+end

data/lib/tpm/s_attest/s_certify_info.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require "bindata"
+require "tpm/sized_buffer"
+
+module TPM
+  class SAttest < BinData::Record
+    # Section 10.12.3 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+    class SCertifyInfo < BinData::Record
+      sized_buffer :name
+      sized_buffer :qualified_name
+    end
+  end
+end

data/lib/tpm/sized_buffer.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "bindata"
+
+module TPM
+  # Section 10.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+  class SizedBuffer < BinData::Record
+    endian :big
+
+    uint16 :buffer_size, value: lambda { buffer.size }
+    string :buffer, read_length: :buffer_size
+  end
+end

data/lib/tpm/t_public.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "bindata"
+require "tpm/constants"
+require "tpm/sized_buffer"
+require "tpm/t_public/s_ecc_parms"
+require "tpm/t_public/s_rsa_parms"
+
+module TPM
+  # Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+  class TPublic < BinData::Record
+    endian :big
+
+    uint16 :alg_type
+    uint16 :name_alg
+
+    # :object_attributes
+    skip length: 4
+
+    sized_buffer :auth_policy
+
+    choice :parameters, selection: :alg_type do
+      s_ecc_parms TPM::ALG_ECC
+      s_rsa_parms TPM::ALG_RSA
+    end
+
+    choice :unique, selection: :alg_type do
+      sized_buffer TPM::ALG_ECC
+      sized_buffer TPM::ALG_RSA
+    end
+  end
+end

data/lib/tpm/t_public/s_ecc_parms.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require "bindata"
+
+module TPM
+  class TPublic < BinData::Record
+    # Section 12.2.3.6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+    class SEccParms < BinData::Record
+      endian :big
+
+      uint16 :symmetric
+      uint16 :scheme
+      uint16 :curve_id
+      uint16 :kdf
+    end
+  end
+end

data/lib/tpm/t_public/s_rsa_parms.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require "bindata"
+
+module TPM
+  class TPublic < BinData::Record
+    # Section 12.2.3.5 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+    class SRsaParms < BinData::Record
+      endian :big
+
+      uint16 :symmetric
+      uint16 :scheme
+      uint16 :key_bits
+      uint32 :exponent
+    end
+  end
+end

data/lib/webauthn.rb

@@ -11,7 +11,12 @@ require "securerandom"
 require "json"
 
 module WebAuthn
-  CRED_PARAM_ES256 = { type: "public-key", alg: COSE::Algorithm.by_name("ES256").id }.freeze
+  DEFAULT_ALGORITHMS = ["ES256", "RS256"].freeze
+
+  DEFAULT_PUB_KEY_CRED_PARAMS = DEFAULT_ALGORITHMS.map do |alg_name|
+    { type: "public-key", alg: COSE::Algorithm.by_name(alg_name).id }
+  end.freeze
+
   TYPES = { create: "webauthn.create", get: "webauthn.get" }.freeze
 
   # TODO: make keyword arguments mandatory in next major version
@@ -23,7 +28,7 @@ module WebAuthn
   )
     {
       challenge: challenge,
-      pubKeyCredParams: [CRED_PARAM_ES256],
+      pubKeyCredParams: DEFAULT_PUB_KEY_CRED_PARAMS,
       rp: { name: rp_name },
       user: { name: user_name, displayName: display_name, id: user_id }
     }

data/lib/webauthn/attestation_statement.rb

@@ -11,6 +11,7 @@ module WebAuthn
     ATTESTATION_FORMAT_PACKED = 'packed'
     ATTESTATION_FORMAT_ANDROID_SAFETYNET = "android-safetynet"
     ATTESTATION_FORMAT_ANDROID_KEY = "android-key"
+    ATTESTATION_FORMAT_TPM = "tpm"
 
     ATTESTATION_TYPE_NONE = "None"
     ATTESTATION_TYPE_BASIC = "Basic"
@@ -36,6 +37,9 @@ module WebAuthn
       when ATTESTATION_FORMAT_ANDROID_KEY
         require "webauthn/attestation_statement/android_key"
         WebAuthn::AttestationStatement::AndroidKey.new(statement)
+      when ATTESTATION_FORMAT_TPM
+        require "webauthn/attestation_statement/tpm"
+        WebAuthn::AttestationStatement::TPM.new(statement)
       else
         raise FormatNotSupportedError, "Unsupported attestation format '#{format}'"
       end

data/lib/webauthn/attestation_statement/android_key.rb

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-require "cose/algorithm"
 require "openssl"
 require "webauthn/attestation_statement/android_key/key_description"
 require "webauthn/attestation_statement/base"
+require "webauthn/signature_verifier"
 
 module WebAuthn
   module AttestationStatement
@@ -27,17 +27,9 @@ module WebAuthn
       private
 
       def valid_signature?(authenticator_data, client_data_hash)
-        cose_algorithm = COSE::Algorithm.find(algorithm)
-
-        if cose_algorithm
-          attestation_certificate.public_key.verify(
-            cose_algorithm.hash,
-            signature,
-            authenticator_data.data + client_data_hash
-          )
-        else
-          raise "Unsupported algorithm #{algorithm}"
-        end
+        WebAuthn::SignatureVerifier
+          .new(algorithm, attestation_certificate.public_key)
+          .verify(signature, authenticator_data.data + client_data_hash)
       end
 
       def matching_public_key?(authenticator_data)
@@ -76,28 +68,6 @@ module WebAuthn
           KeyDescription.new(OpenSSL::ASN1.decode(raw_key_description.value).value)
         end
       end
-
-      def attestation_certificate
-        attestation_certificate_chain[0]
-      end
-
-      def attestation_certificate_chain
-        @attestation_certificate_chain ||= raw_attestation_certificates.map do |cert|
-          OpenSSL::X509::Certificate.new(cert)
-        end
-      end
-
-      def raw_attestation_certificates
-        statement["x5c"]
-      end
-
-      def signature
-        statement["sig"]
-      end
-
-      def algorithm
-        statement["alg"]
-      end
     end
   end
 end

data/lib/webauthn/attestation_statement/android_safetynet.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "jwt"
+require "android_safetynet/attestation_response"
 require "openssl"
 require "webauthn/attestation_statement/base"
 
@@ -14,10 +14,8 @@ module WebAuthn
 
       def valid?(authenticator_data, client_data_hash, trust_store: self.class.default_trust_store)
         trusted_attestation_certificate?(trust_store) &&
-          valid_signature? &&
-          valid_attestation_domain? &&
+          valid_response?(authenticator_data, client_data_hash) &&
           valid_version? &&
-          valid_nonce?(authenticator_data, client_data_hash) &&
           cts_profile_match? &&
           [WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC, attestation_certificate]
       end
@@ -31,15 +29,14 @@ module WebAuthn
         trust_store.verify(attestation_certificate)
       end
 
-      def valid_signature?
-        signed_payload, _, base64_signature = statement["response"].rpartition(".")
-        signature = Base64.urlsafe_decode64(base64_signature)
-        attestation_certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature, signed_payload)
-      end
+      def valid_response?(authenticator_data, client_data_hash)
+        nonce = Digest::SHA256.base64digest(authenticator_data.data + client_data_hash)
 
-      def valid_attestation_domain?
-        subject = attestation_certificate.subject.to_a
-        subject.assoc('CN')[1] == "attest.android.com"
+        begin
+          attestation_response.verify(nonce)
+        rescue ::AndroidSafetynet::AttestationResponse::VerificationError
+          false
+        end
       end
 
       # TODO: improve once the spec has clarifications https://github.com/w3c/webauthn/issues/968
@@ -47,35 +44,20 @@ module WebAuthn
         !statement["ver"].empty?
       end
 
-      def valid_nonce?(authenticator_data, client_data_hash)
-        nonce = unverified_jws_result[0]["nonce"]
-        nonce == verification_data(authenticator_data, client_data_hash)
-      end
-
       def cts_profile_match?
-        unverified_jws_result[0]["ctsProfileMatch"]
-      end
-
-      def verification_data(authenticator_data, client_data_hash)
-        Digest::SHA256.base64digest(authenticator_data.data + client_data_hash)
+        attestation_response.cts_profile_match?
       end
 
       def attestation_certificate
-        attestation_certificate_chain[0]
+        attestation_response.certificate_chain[0]
       end
 
       def signing_certificates
-        attestation_certificate_chain[1..-1]
-      end
-
-      def attestation_certificate_chain
-        @attestation_certificate_chain ||= unverified_jws_result[1]["x5c"].map do |cert|
-          OpenSSL::X509::Certificate.new(Base64.strict_decode64(cert))
-        end
+        attestation_response.certificate_chain[1..-1]
       end
 
-      def unverified_jws_result
-        @unverified_jws_result ||= JWT.decode(statement["response"], nil, false)
+      def attestation_response
+        @attestation_response ||= ::AndroidSafetynet::AttestationResponse.new(statement["response"])
       end
     end
   end

data/lib/webauthn/attestation_statement/base.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "openssl"
 require "webauthn/error"
 
 module WebAuthn
@@ -20,6 +21,44 @@ module WebAuthn
       private
 
       attr_reader :statement
+
+      def matching_aaguid?(attested_credential_data_aaguid)
+        extension = attestation_certificate&.extensions&.detect { |ext| ext.oid == AAGUID_EXTENSION_OID }
+        if extension
+          # `extension.value` mangles data into ASCII, so we must manually compare bytes
+          # see https://github.com/ruby/openssl/pull/234
+          extension.to_der[-WebAuthn::AuthenticatorData::AttestedCredentialData::AAGUID_LENGTH..-1] ==
+            attested_credential_data_aaguid
+        else
+          true
+        end
+      end
+
+      def attestation_certificate
+        attestation_certificate_chain&.first
+      end
+
+      def attestation_certificate_chain
+        @attestation_certificate_chain ||= raw_attestation_certificates&.map do |raw_certificate|
+          OpenSSL::X509::Certificate.new(raw_certificate)
+        end
+      end
+
+      def algorithm
+        statement["alg"]
+      end
+
+      def raw_attestation_certificates
+        statement["x5c"]
+      end
+
+      def raw_ecdaa_key_id
+        statement["ecdaaKeyId"]
+      end
+
+      def signature
+        statement["sig"]
+      end
     end
   end
 end

data/lib/webauthn/attestation_statement/fido_u2f.rb

@@ -3,6 +3,7 @@
 require "openssl"
 require "webauthn/attestation_statement/base"
 require "webauthn/attestation_statement/fido_u2f/public_key"
+require "webauthn/signature_verifier"
 
 module WebAuthn
   module AttestationStatement
@@ -22,10 +23,6 @@ module WebAuthn
 
       private
 
-      def signature
-        statement["sig"]
-      end
-
       def valid_format?
         !!(raw_attestation_certificates && signature) &&
           raw_attestation_certificates.length == VALID_ATTESTATION_CERTIFICATE_COUNT
@@ -45,24 +42,14 @@ module WebAuthn
         attestation_certificate.public_key
       end
 
-      def attestation_certificate
-        @attestation_certificate ||= OpenSSL::X509::Certificate.new(raw_attestation_certificates[0])
-      end
-
-      def raw_attestation_certificates
-        statement["x5c"]
-      end
-
       def valid_aaguid?(attested_credential_data_aaguid)
         attested_credential_data_aaguid == VALID_ATTESTED_AAGUID
       end
 
       def valid_signature?(authenticator_data, client_data_hash)
-        certificate_public_key.verify(
-          VALID_ATTESTATION_CERTIFICATE_ALGORITHM.hash,
-          signature,
-          verification_data(authenticator_data, client_data_hash)
-        )
+        WebAuthn::SignatureVerifier
+          .new(VALID_ATTESTATION_CERTIFICATE_ALGORITHM, certificate_public_key)
+          .verify(signature, verification_data(authenticator_data, client_data_hash))
       end
 
       def verification_data(authenticator_data, client_data_hash)

data/lib/webauthn/attestation_statement/packed.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-require "cose/algorithm"
 require "openssl"
 require "webauthn/attestation_statement/base"
+require "webauthn/signature_verifier"
 
 module WebAuthn
   # Implements https://www.w3.org/TR/2018/CR-webauthn-20180807/#packed-attestation
@@ -16,7 +16,7 @@ module WebAuthn
         valid_format? &&
           valid_algorithm?(authenticator_data.credential) &&
           valid_certificate_chain? &&
-          valid_public_keys?(authenticator_data.credential) &&
+          valid_ec_public_keys?(authenticator_data.credential) &&
           meet_certificate_requirement? &&
           matching_aaguid?(authenticator_data.attested_credential_data.aaguid) &&
           valid_signature?(authenticator_data, client_data_hash) &&
@@ -33,22 +33,6 @@ module WebAuthn
         !raw_attestation_certificates && !raw_ecdaa_key_id
       end
 
-      def algorithm
-        statement["alg"]
-      end
-
-      def signature
-        statement["sig"]
-      end
-
-      def raw_attestation_certificates
-        statement["x5c"]
-      end
-
-      def raw_ecdaa_key_id
-        statement["ecdaaKeyId"]
-      end
-
       def valid_format?
         algorithm && signature && (
           [raw_attestation_certificates, raw_ecdaa_key_id].compact.size < 2
@@ -61,16 +45,6 @@ module WebAuthn
         end
       end
 
-      def attestation_certificate_chain
-        @attestation_certificate_chain ||= raw_attestation_certificates&.map do |cert|
-          OpenSSL::X509::Certificate.new(cert)
-        end
-      end
-
-      def attestation_certificate
-        attestation_certificate_chain&.first
-      end
-
       def valid_certificate_chain?
         if attestation_certificate_chain
           attestation_certificate_chain[1..-1].all? { |c| certificate_in_use?(c) }
@@ -79,12 +53,10 @@ module WebAuthn
         end
       end
 
-      # TODO: Reevaluate this check
-      def valid_public_keys?(credential)
-        public_keys = attestation_certificate_chain&.map(&:public_key) || [credential.public_key_object]
-        public_keys.all? do |public_key|
-          public_key.is_a?(OpenSSL::PKey::EC) && public_key.check_key
-        end
+      def valid_ec_public_keys?(credential)
+        (attestation_certificate_chain&.map(&:public_key) || [credential.public_key_object])
+          .select { |pkey| pkey.is_a?(OpenSSL::PKey::EC) }
+          .all? { |pkey| pkey.check_key }
       end
 
       # Check https://www.w3.org/TR/2018/CR-webauthn-20180807/#packed-attestation-cert-requirements
@@ -101,18 +73,6 @@ module WebAuthn
         end
       end
 
-      def matching_aaguid?(attested_credential_data_aaguid)
-        extension = attestation_certificate&.extensions&.detect { |ext| ext.oid == AAGUID_EXTENSION_OID }
-        if extension
-          # `extension.value` mangles data into ASCII, so we must manually compare bytes
-          # see https://github.com/ruby/openssl/pull/234
-          extension.to_der[-WebAuthn::AuthenticatorData::AttestedCredentialData::AAGUID_LENGTH..-1] ==
-            attested_credential_data_aaguid
-        else
-          true
-        end
-      end
-
       def certificate_in_use?(certificate)
         now = Time.now
 
@@ -120,21 +80,12 @@ module WebAuthn
       end
 
       def valid_signature?(authenticator_data, client_data_hash)
-        cose_algorithm = COSE::Algorithm.find(algorithm)
-
-        if cose_algorithm
-          (attestation_certificate&.public_key || authenticator_data.credential.public_key_object).verify(
-            cose_algorithm.hash,
-            signature,
-            verification_data(authenticator_data, client_data_hash)
-          )
-        else
-          raise "Unsupported algorithm #{algorithm}"
-        end
-      end
+        signature_verifier = WebAuthn::SignatureVerifier.new(
+          algorithm,
+          attestation_certificate&.public_key || authenticator_data.credential.public_key_object
+        )
 
-      def verification_data(authenticator_data, client_data_hash)
-        authenticator_data.data + client_data_hash
+        signature_verifier.verify(signature, authenticator_data.data + client_data_hash)
       end
 
       def attestation_type_and_trust_path

data/lib/webauthn/attestation_statement/tpm.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require "cose/algorithm"
+require "openssl"
+require "webauthn/attestation_statement/base"
+require "webauthn/attestation_statement/tpm/cert_info"
+require "webauthn/attestation_statement/tpm/pub_area"
+require "webauthn/signature_verifier"
+
+module WebAuthn
+  module AttestationStatement
+    class TPM < Base
+      CERTIFICATE_V3 = 2
+      CERTIFICATE_EMPTY_NAME = OpenSSL::X509::Name.new([]).freeze
+      OID_TCG_KP_AIK_CERTIFICATE = "2.23.133.8.3"
+      TPM_V2 = "2.0"
+
+      def valid?(authenticator_data, client_data_hash)
+        case attestation_type
+        when ATTESTATION_TYPE_ATTCA
+          att_to_be_signed = authenticator_data.data + client_data_hash
+
+          ver == TPM_V2 &&
+            valid_signature? &&
+            valid_attestation_certificate? &&
+            pub_area.valid?(authenticator_data.credential.public_key) &&
+            cert_info.valid?(statement["pubArea"], OpenSSL::Digest.digest(cose_algorithm.hash, att_to_be_signed)) &&
+            matching_aaguid?(authenticator_data.attested_credential_data.aaguid) &&
+            [attestation_type, attestation_trust_path]
+        when ATTESTATION_TYPE_ECDAA
+          raise(
+            WebAuthn::AttestationStatement::Base::NotSupportedError,
+            "Attestation type ECDAA is not supported"
+          )
+        end
+      end
+
+      private
+
+      def valid_signature?
+        WebAuthn::SignatureVerifier
+          .new(algorithm, attestation_certificate.public_key)
+          .verify(signature, verification_data)
+      end
+
+      def valid_attestation_certificate?
+        extensions = attestation_certificate.extensions
+
+        attestation_certificate.version == CERTIFICATE_V3 &&
+          attestation_certificate.subject.eql?(CERTIFICATE_EMPTY_NAME) &&
+          certificate_in_use?(attestation_certificate) &&
+          extensions.find { |ext| ext.oid == 'basicConstraints' }&.value == "CA:FALSE" &&
+          extensions.find { |ext| ext.oid == "extendedKeyUsage" }&.value == OID_TCG_KP_AIK_CERTIFICATE
+      end
+
+      def certificate_in_use?(certificate)
+        now = Time.now
+
+        certificate.not_before < now && now < certificate.not_after
+      end
+
+      def verification_data
+        statement["certInfo"]
+      end
+
+      def cert_info
+        @cert_info ||= CertInfo.new(statement["certInfo"])
+      end
+
+      def pub_area
+        @pub_area ||= PubArea.new(statement["pubArea"])
+      end
+
+      def ver
+        statement["ver"]
+      end
+
+      def cose_algorithm
+        @cose_algorithm ||= COSE::Algorithm.find(algorithm)
+      end
+
+      def attestation_type
+        if raw_attestation_certificates && !raw_ecdaa_key_id
+          ATTESTATION_TYPE_ATTCA
+        elsif raw_ecdaa_key_id && !raw_attestation_certificates
+          ATTESTATION_TYPE_ECDAA
+        else
+          raise "Attestation type invalid"
+        end
+      end
+
+      def attestation_trust_path
+        attestation_certificate_chain
+      end
+    end
+  end
+end

data/lib/webauthn/attestation_statement/tpm/cert_info.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require "tpm/constants"
+require "tpm/s_attest"
+
+module WebAuthn
+  module AttestationStatement
+    class TPM < Base
+      class CertInfo
+        TPM_TO_OPENSSL_HASH_ALG = {
+          ::TPM::ALG_SHA1 => "SHA1",
+          ::TPM::ALG_SHA256 => "SHA256"
+        }.freeze
+
+        def initialize(data)
+          @data = data
+        end
+
+        def valid?(attested_data, extra_data)
+          s_attest.magic == ::TPM::GENERATED_VALUE &&
+            valid_name?(attested_data) &&
+            s_attest.extra_data.buffer == extra_data
+        end
+
+        private
+
+        attr_reader :data
+
+        def valid_name?(attested_data)
+          name_hash_alg = s_attest.attested.name.buffer[0..1].unpack("n")[0]
+          name = s_attest.attested.name.buffer[2..-1]
+
+          name == OpenSSL::Digest.digest(TPM_TO_OPENSSL_HASH_ALG[name_hash_alg], attested_data)
+        end
+
+        def s_attest
+          @s_attest ||= ::TPM::SAttest.read(data)
+        end
+      end
+    end
+  end
+end

data/lib/webauthn/attestation_statement/tpm/pub_area.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require "cose/key"
+require "tpm/constants"
+require "tpm/t_public"
+
+module WebAuthn
+  module AttestationStatement
+    class TPM < Base
+      class PubArea
+        BYTE_LENGTH = 8
+
+        COSE_ECC_TO_TPM_ALG = {
+          COSE::Algorithm.by_name("ES256").id => ::TPM::ALG_ECDSA,
+        }.freeze
+
+        COSE_RSA_TO_TPM_ALG = {
+          COSE::Algorithm.by_name("RS256").id => ::TPM::ALG_RSASSA
+        }.freeze
+
+        COSE_TO_TPM_CURVE = {
+          COSE::Key::EC2::CRV_P256 => ::TPM::ECC_NIST_P256
+        }.freeze
+
+        def initialize(data)
+          @data = data
+        end
+
+        def valid?(public_key)
+          cose_key = COSE::Key.deserialize(public_key)
+
+          case cose_key
+          when COSE::Key::EC2
+            valid_ecc_key?(cose_key)
+          when COSE::Key::RSA
+            valid_rsa_key?(cose_key)
+          else
+            raise "Unsupported or unknown TPM key type"
+          end
+        end
+
+        private
+
+        attr_reader :data
+
+        def valid_ecc_key?(cose_key)
+          valid_symmetric? &&
+            valid_scheme?(COSE_ECC_TO_TPM_ALG[cose_key.alg]) &&
+            parameters.curve_id == COSE_TO_TPM_CURVE[cose_key.crv] &&
+            unique == cose_key.x + cose_key.y
+        end
+
+        def valid_rsa_key?(cose_key)
+          valid_symmetric? &&
+            valid_scheme?(COSE_RSA_TO_TPM_ALG[cose_key.alg]) &&
+            parameters.key_bits == cose_key.n.size * BYTE_LENGTH &&
+            unique == cose_key.n
+        end
+
+        def valid_symmetric?
+          parameters.symmetric == ::TPM::ALG_NULL
+        end
+
+        def valid_scheme?(scheme)
+          parameters.scheme == ::TPM::ALG_NULL || parameters.scheme == scheme
+        end
+
+        def unique
+          t_public.unique.buffer
+        end
+
+        def parameters
+          t_public.parameters
+        end
+
+        def t_public
+          @t_public = ::TPM::TPublic.read(data)
+        end
+      end
+    end
+  end
+end

data/lib/webauthn/authenticator_assertion_response.rb

@@ -4,6 +4,7 @@ require "cose/algorithm"
 require "cose/key"
 require "webauthn/attestation_statement/fido_u2f/public_key"
 require "webauthn/authenticator_response"
+require "webauthn/signature_verifier"
 
 module WebAuthn
   class CredentialVerificationError < VerificationError; end
@@ -18,8 +19,8 @@ module WebAuthn
       @signature = signature
     end
 
-    def verify(original_challenge, original_origin, allowed_credentials:, rp_id: nil)
-      super(original_challenge, original_origin, rp_id: rp_id)
+    def verify(expected_challenge, expected_origin, allowed_credentials:, rp_id: nil)
+      super(expected_challenge, expected_origin, rp_id: rp_id)
 
       verify_item(:credential, allowed_credentials)
       verify_item(:signature, credential_cose_key(allowed_credentials))
@@ -36,17 +37,9 @@ module WebAuthn
     attr_reader :credential_id, :authenticator_data_bytes, :signature
 
     def valid_signature?(credential_cose_key)
-      cose_algorithm = COSE::Algorithm.find(credential_cose_key.alg)
-
-      if cose_algorithm
-        credential_cose_key.to_pkey.verify(
-          cose_algorithm.hash,
-          signature,
-          authenticator_data_bytes + client_data.hash
-        )
-      else
-        raise "Unsupported algorithm #{credential_cose_key.alg}"
-      end
+      WebAuthn::SignatureVerifier
+        .new(credential_cose_key.alg, credential_cose_key.to_pkey)
+        .verify(signature, authenticator_data_bytes + client_data.hash)
     end
 
     def valid_credential?(allowed_credentials)

data/lib/webauthn/authenticator_attestation_response.rb

@@ -21,7 +21,7 @@ module WebAuthn
       @attestation_object = attestation_object
     end
 
-    def verify(original_challenge, original_origin, rp_id: nil)
+    def verify(expected_challenge, expected_origin, rp_id: nil)
       super
 
       verify_item(:attestation_statement)

data/lib/webauthn/authenticator_response.rb

@@ -18,13 +18,13 @@ module WebAuthn
       @client_data_json = client_data_json
     end
 
-    def verify(original_challenge, original_origin, rp_id: nil)
+    def verify(expected_challenge, expected_origin, rp_id: nil)
       verify_item(:type)
       verify_item(:token_binding)
-      verify_item(:challenge, original_challenge)
-      verify_item(:origin, original_origin)
+      verify_item(:challenge, expected_challenge)
+      verify_item(:origin, expected_origin)
       verify_item(:authenticator_data)
-      verify_item(:rp_id, rp_id || rp_id_from_origin(original_origin))
+      verify_item(:rp_id, rp_id || rp_id_from_origin(expected_origin))
       verify_item(:user_presence)
 
       true
@@ -62,12 +62,12 @@ module WebAuthn
       client_data.valid_token_binding_format?
     end
 
-    def valid_challenge?(original_challenge)
-      WebAuthn::SecurityUtils.secure_compare(Base64.urlsafe_decode64(client_data.challenge), original_challenge)
+    def valid_challenge?(expected_challenge)
+      WebAuthn::SecurityUtils.secure_compare(Base64.urlsafe_decode64(client_data.challenge), expected_challenge)
     end
 
-    def valid_origin?(original_origin)
-      client_data.origin == original_origin
+    def valid_origin?(expected_origin)
+      client_data.origin == expected_origin
     end
 
     def valid_rp_id?(rp_id)
@@ -82,8 +82,8 @@ module WebAuthn
       authenticator_data.user_flagged?
     end
 
-    def rp_id_from_origin(original_origin)
-      URI.parse(original_origin).host
+    def rp_id_from_origin(expected_origin)
+      URI.parse(expected_origin).host
     end
 
     def type

data/lib/webauthn/fake_authenticator/authenticator_data.rb

@@ -93,16 +93,23 @@ module WebAuthn
       end
 
       def cose_credential_public_key
-        alg = {
-          COSE::Key::EC2::CRV_P256 => -7,
-          COSE::Key::EC2::CRV_P384 => -35,
-          COSE::Key::EC2::CRV_P521 => -36
-        }
+        case credential[:public_key]
+        when OpenSSL::PKey::RSA
+          key = COSE::Key::RSA.from_pkey(credential[:public_key])
+          # FIXME: Remove once writer in cose
+          key.instance_variable_set(:@alg, -257)
+        when OpenSSL::PKey::EC::Point
+          alg = {
+            COSE::Key::EC2::CRV_P256 => -7,
+            COSE::Key::EC2::CRV_P384 => -35,
+            COSE::Key::EC2::CRV_P521 => -36
+          }
+
+          key = COSE::Key::EC2.from_pkey(credential[:public_key])
+          # FIXME: Remove once writer in cose
+          key.instance_variable_set(:@alg, alg[key.crv])
 
-        key = COSE::Key::EC2.from_pkey(credential[:public_key])
-
-        # FIXME: Remove once writer in cose
-        key.instance_variable_set(:@alg, alg[key.crv])
+        end
 
         key.serialize
       end

data/lib/webauthn/signature_verifier.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require "cose/algorithm"
+
+module WebAuthn
+  class SignatureVerifier
+    class UnsupportedAlgorithm < Error; end
+
+    # This logic contained in this map constant is a candidate to be moved to cose gem domain
+    KTY_MAP = {
+      COSE::Key::EC2::KTY_EC2 => [OpenSSL::PKey::EC, OpenSSL::PKey::EC::Point],
+      COSE::Key::RSA::KTY_RSA => [OpenSSL::PKey::RSA]
+    }.freeze
+
+    def initialize(algorithm, public_key)
+      @algorithm = algorithm
+      @public_key = public_key
+
+      validate
+    end
+
+    def verify(signature, verification_data)
+      public_key.verify(cose_algorithm.hash, signature, verification_data)
+    end
+
+    private
+
+    attr_reader :algorithm, :public_key
+
+    def cose_algorithm
+      case algorithm
+      when COSE::Algorithm
+        algorithm
+      else
+        COSE::Algorithm.find(algorithm)
+      end
+    end
+
+    def validate
+      if cose_algorithm
+        if !KTY_MAP[cose_algorithm.kty].include?(public_key.class)
+          raise("Incompatible algorithm and key")
+        end
+      else
+        raise UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}"
+      end
+    end
+  end
+end

data/lib/webauthn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WebAuthn
-  VERSION = "1.13.0"
+  VERSION = "1.14.0"
 end

data/webauthn.gemspec

@@ -30,6 +30,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = ">= 2.3"
 
+  spec.add_dependency "bindata", "~> 2.4"
   spec.add_dependency "cbor", "~> 0.5.9"
   spec.add_dependency "cose", "~> 0.6.0"
   spec.add_dependency "jwt", [">= 1.5", "< 3.0"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,8 +9,22 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-04-09 00:00:00.000000000 Z
+date: 2019-04-25 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bindata
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: cbor
   requirement: !ruby/object:Gem::Requirement
@@ -200,7 +214,15 @@ files:
 - bin/setup
 - gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
+- lib/android_safetynet/attestation_response.rb
 - lib/cose/algorithm.rb
+- lib/tpm/constants.rb
+- lib/tpm/s_attest.rb
+- lib/tpm/s_attest/s_certify_info.rb
+- lib/tpm/sized_buffer.rb
+- lib/tpm/t_public.rb
+- lib/tpm/t_public/s_ecc_parms.rb
+- lib/tpm/t_public/s_rsa_parms.rb
 - lib/webauthn.rb
 - lib/webauthn/attestation_statement.rb
 - lib/webauthn/attestation_statement/android_key.rb
@@ -212,6 +234,9 @@ files:
 - lib/webauthn/attestation_statement/fido_u2f/public_key.rb
 - lib/webauthn/attestation_statement/none.rb
 - lib/webauthn/attestation_statement/packed.rb
+- lib/webauthn/attestation_statement/tpm.rb
+- lib/webauthn/attestation_statement/tpm/cert_info.rb
+- lib/webauthn/attestation_statement/tpm/pub_area.rb
 - lib/webauthn/authenticator_assertion_response.rb
 - lib/webauthn/authenticator_attestation_response.rb
 - lib/webauthn/authenticator_data.rb
@@ -224,6 +249,7 @@ files:
 - lib/webauthn/fake_authenticator/authenticator_data.rb
 - lib/webauthn/fake_client.rb
 - lib/webauthn/security_utils.rb
+- lib/webauthn/signature_verifier.rb
 - lib/webauthn/version.rb
 - webauthn.gemspec
 homepage: https://github.com/cedarcode/webauthn-ruby