TpmAttestationStatementVerifier.java

// Copyright (c) 2018, Yubico AB

// All rights reserved.

//

// Redistribution and use in source and binary forms, with or without

// modification, are permitted provided that the following conditions are met:

//

// 1. Redistributions of source code must retain the above copyright notice, this

//    list of conditions and the following disclaimer.

//

// 2. Redistributions in binary form must reproduce the above copyright notice,

//    this list of conditions and the following disclaimer in the documentation

//    and/or other materials provided with the distribution.

//

// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package com.yubico.webauthn;

import com.fasterxml.jackson.databind.JsonNode;

import com.fasterxml.jackson.databind.node.ObjectNode;

import com.upokecenter.cbor.CBORObject;

import com.yubico.internal.util.BinaryUtil;

import com.yubico.internal.util.ByteInputStream;

import com.yubico.internal.util.CertificateParser;

import com.yubico.internal.util.ExceptionUtil;

import com.yubico.webauthn.data.AttestationObject;

import com.yubico.webauthn.data.AttestationType;

import com.yubico.webauthn.data.ByteArray;

import com.yubico.webauthn.data.COSEAlgorithmIdentifier;

import java.io.IOException;

import java.math.BigInteger;

import java.security.KeyFactory;

import java.security.NoSuchAlgorithmException;

import java.security.PublicKey;

import java.security.cert.CertificateException;

import java.security.cert.CertificateParsingException;

import java.security.cert.X509Certificate;

import java.security.spec.InvalidKeySpecException;

import java.security.spec.RSAPublicKeySpec;

import java.util.Arrays;

import java.util.List;

import javax.naming.InvalidNameException;

import javax.naming.ldap.LdapName;

import javax.naming.ldap.Rdn;

import lombok.Value;

import lombok.extern.slf4j.Slf4j;

    implements AttestationStatementVerifier, X5cAttestationStatementVerifier {

  private static final String TPM_VER = "2.0";

  static final int TPM_ALG_NULL = 0x0010;

  private static final String OID_TCG_AT_TPM_MANUFACTURER = "2.23.133.2.1";

  private static final String OID_TCG_AT_TPM_MODEL = "2.23.133.2.2";

  private static final String OID_TCG_AT_TPM_VERSION = "2.23.133.2.3";

  /**

   * Object attributes

   *

   * <p>see section 8.3 of

   * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

   */

    static final int SIGN_ENCRYPT = 1 << 18;

    private static final int SHALL_BE_ZERO =

        (1 << 0) // 0 Reserved

            | (1 << 3) // 3 Reserved

            | (0x3 << 8) // 9:8 Reserved

            | (0xF << 12) // 15:12 Reserved

            | ((0xFFFFFFFF << 19) & ((1 << 31) | ((1 << 31) - 1))) // 31:19 Reserved

        ;

  }

  @Override

  public AttestationType getAttestationType(AttestationObject attestation) {

  }

  @Override

  public boolean verifyAttestationSignature(

      AttestationObject attestationObject, ByteArray clientDataJsonHash) {

    // Step 1: Verify that attStmt is valid CBOR conforming to the syntax defined above and perform

    // CBOR decoding on it to extract the contained fields.

        "attStmt.ver must equal \"%s\", was: %s",

        TPM_VER,

        verNode);

        "attStmt.alg must be set to an integer value, was: %s",

        algNode);

                () ->

        "attStmt.x5c must be set to an array value, was: %s",

        x5cNode);

    final List<X509Certificate> x5c;

    try {

                  () ->

                          "Failed to parse \"x5c\" attestation certificate chain in \"tpm\" attestation statement."));

        "attStmt.sig must be set to a binary value, was: %s",

        sigNode);

    final ByteArray sig;

    try {

        "attStmt.certInfo must be set to a binary value, was: %s",

        certInfoNode);

        "attStmt.pubArea must be set to a binary value, was: %s",

        pubAreaNode);

    final TpmtPublic pubArea;

    try {

    final TpmsAttest certInfo;

    try {

    // Step 2: Verify that the public key specified by the parameters and unique fields of pubArea

    // is identical to the credentialPublicKey in the attestedCredentialData in authenticatorData.

    try {

          "Failed to verify that public key in TPM attestation matches public key in authData.", e);

    // Step 3: Concatenate authenticatorData and clientDataHash to form attToBeSigned.

    // Step 4: Validate that certInfo is valid:

    try {

  }

  private void validateCertInfo(

      COSEAlgorithmIdentifier alg,

      X509Certificate aikCert,

      ByteArray sig,

      TpmtPublic pubArea,

      TpmsAttest certInfo,

      ByteArray attToBeSigned,

      AttestationObject attestationObject)

      throws CertificateParsingException {

    // Sub-steps 1-2 handled in TpmsAttest.parse()

    // Sub-step 3: Verify that extraData is set to the hash of attToBeSigned using the hash

    // algorithm employed in "alg".

    final ByteArray expectedExtraData;

      case ES256:

      case RS256:

      case ES384:

      case RS384:

      case ES512:

      case RS512:

      case RS1:

        try {

        break;

      default:

    }

    // Sub-step 4: Verify that attested contains a TPMS_CERTIFY_INFO structure as specified in

    // [TPMv2-Part2] section 10.12.3, whose name field contains a valid Name for pubArea, as

    // computed using the algorithm in the nameAlg field of pubArea using the procedure specified in

    // [TPMv2-Part1] section 16.

    // Sub-step 5 handled by parsing above

    // Sub-step 6: Nothing to do

    // Sub-step 7: Verify the sig is a valid signature over certInfo using the attestation public

    // key in aikCert with the algorithm specified in alg.

        "Incorrect TPM attestation signature.");

    // Sub-step 8: Verify that aikCert meets the requirements in § 8.3.1 TPM Attestation Statement

    // Certificate Requirements.

    // Sub-step 9: If aikCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4

    // (id-fido-gen-ce-aaguid) verify that the value of this extension matches the aaguid in

    // authenticatorData.

        aikCert,

  private void verifyPublicKeysMatch(AttestationObject attestationObject, TpmtPublic pubArea)

      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {

            attestationObject

    final PublicKey signedCredentialPublicKey;

      case TpmAlgAsym.RSA:

        {

              new RSAPublicKeySpec(

        }

            "Signed public key in TPM attestation is not identical to credential public key in authData.");

      case TpmAlgAsym.ECC:

        {

                      attestationObject

          final COSEAlgorithmIdentifier tpmAlgId;

                  attestationObject

            case TpmEccCurve.NIST_P256:

            case TpmEccCurve.NIST_P384:

            case TpmEccCurve.NIST_P521:

            default:

          }

              "Signed public key in TPM attestation is not identical to credential public key in authData; elliptic curve differs: %s != %s",

              tpmAlgId,

              algId);

              "Signed public key in TPM attestation is not identical to credential public key in authData; EC X coordinate differs: %s != %s",

              new ByteArray(cosePubkeyX));

              "Signed public key in TPM attestation is not identical to credential public key in authData; EC Y coordinate differs: %s != %s",

              new ByteArray(cosePubkeyY));

        }

      default:

    }

    static final int RSA = 0x0001;

    static final int ECC = 0x0023;

  }

  private interface Parameters {}

  private interface Unique {}

  private static class TpmtPublic {

    private static TpmtPublic parse(byte[] pubArea) throws IOException {

            (attributes & Attributes.SHALL_BE_ZERO) == 0,

            "Attributes contains 1 bits in reserved position(s): 0x%08x",

        // authPolicy is not used by this implementation

        final Parameters parameters;

        final Unique unique;

            (attributes & Attributes.SIGN_ENCRYPT) == Attributes.SIGN_ENCRYPT,

            "Public key is expected to have the SIGN_ENCRYPT attribute set, attributes were: 0x%08x",

        } else {

        }

            "%d remaining bytes in TPMT_PUBLIC buffer",

    }

    /**

     * Computing Entity Names

     *

     * <p>see:

     * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf

     * section 16 Names

     *

     * <pre>

     * Name ≔ nameAlg || HnameAlg (handle→nvPublicArea)

     * where

     * nameAlg algorithm used to compute Name

     * HnameAlg hash using the nameAlg parameter in the NV Index location

     * associated with handle

     * nvPublicArea contents of the TPMS_NV_PUBLIC associated with handle

     * </pre>

     */

    private ByteArray name() {

      final ByteArray hash;

        case TpmAlgHash.SHA1:

          try {

          break;

        case TpmAlgHash.SHA256:

        case TpmAlgHash.SHA384:

        case TpmAlgHash.SHA512:

        default:

      }

    }

  }

    static final int SHA1 = 0x0004;

    static final int SHA256 = 0x000B;

    static final int SHA384 = 0x000C;

    static final int SHA512 = 0x000D;

  }

  private void verifyX5cRequirements(X509Certificate cert, ByteArray aaguid)

      throws CertificateParsingException {

        "Invalid TPM attestation certificate: Version MUST be 3, but was: %s",

        "Invalid TPM attestation certificate: subject MUST be empty, but was: %s",

          try {

                "Failed to decode subject alternative name in TPM attestation cert", e);

        } else {

        }

      }

        foundManufacturer && foundModel && foundVersion,

        "Invalid TPM attestation certificate: The Subject Alternative Name extension MUST be set as defined in [TPMv2-EK-Profile] section 3.2.9.%s%s%s",

        "Invalid TPM attestation certificate: extended key usage extension MUST contain the OID 2.23.133.8.3, but was: %s",

        "Invalid TPM attestation certificate: MUST NOT be a CA certificate, but was.");

            extensionAaguid -> {

                  "Invalid TPM attestation certificate: X.509 extension \"id-fido-gen-ce-aaguid\" is present but does not match the authenticator AAGUID.");

    static final int RSASSA = 0x0014;

  }

  /**

   * See:

   * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

   * section 12.2.3.5

   */

  private static class TpmsRsaParms implements Parameters {

    private static TpmsRsaParms parse(ByteInputStream reader) throws IOException {

          symmetric == TPM_ALG_NULL,

          "RSA key is expected to have \"symmetric\" set to TPM_ALG_NULL, was: 0x%04x",

          scheme == TpmRsaScheme.RSASSA || scheme == TPM_ALG_NULL,

          "RSA key is expected to have \"scheme\" set to TPM_ALG_RSASSA or TPM_ALG_NULL, was: 0x%04x",

        // When zero,  indicates  that  the  exponent  is  the  default  of 2^16 + 1

      }

    }

  }

  private static class Tpm2bPublicKeyRsa implements Unique {

    private static Tpm2bPublicKeyRsa parse(ByteInputStream reader) throws IOException {

    }

  }

  private static class TpmsEccParms implements Parameters {

    private static TpmsEccParms parse(ByteInputStream reader) throws IOException {

          symmetric == TPM_ALG_NULL,

          "ECC key is expected to have \"symmetric\" set to TPM_ALG_NULL, was: 0x%04x",

          scheme == TPM_ALG_NULL,

          "ECC key is expected to have \"scheme\" set to TPM_ALG_NULL, was: 0x%04x",

    }

  }

  /**

   * TPMS_ECC_POINT

   *

   * <p>See

   * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

   * Section 11.2.5.2

   */

  private static class TpmsEccPoint implements Unique {

    private static TpmsEccPoint parse(ByteInputStream reader) throws IOException {

    }

  }

  /**

   * TPM_ECC_CURVE

   *

   * <p>https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

   * section 6.4

   */

    private static final int NONE = 0x0000;

    private static final int NIST_P256 = 0x0003;

    private static final int NIST_P384 = 0x0004;

    private static final int NIST_P521 = 0x0005;

  }

  /**

   * the signature data is defined by [TPMv2-Part2] Section 10.12.8 (TPMS_ATTEST) as:

   * TPM_GENERATED_VALUE (0xff544347 aka "\xffTCG") TPMI_ST_ATTEST - always TPM_ST_ATTEST_CERTIFY

   * (0x8017) because signing procedure defines it should call TPM_Certify [TPMv2-Part3] Section

   * 18.2 TPM2B_NAME size (uint16) name (size long) TPM2B_DATA size (uint16) name (size long)

   * TPMS_CLOCK_INFO clock (uint64) resetCount (uint32) restartCount (uint32) safe (byte) 1 yes, 0

   * no firmwareVersion uint64 attested TPMS_CERTIFY_INFO (because TPM_ST_ATTEST_CERTIFY) name

   * TPM2B_NAME qualified_name TPM2B_NAME See:

   * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf

   * https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf

   */

  private static class TpmsAttest {

    private static TpmsAttest parse(byte[] certInfo) throws IOException {

        // Verify that magic is set to TPM_GENERATED_VALUE.

        // see https://w3c.github.io/webauthn/#sctn-tpm-attestation

        // verification procedure

        // Verify that type is set to TPM_ST_ATTEST_CERTIFY.

        // see https://w3c.github.io/webauthn/#sctn-tpm-attestation

        // verification procedure

        // qualifiedSigner is not used by this implementation

        // clockInfo is not used by this implementation

        // firmwareVersion is not used by this implementation

        // attestedQualifiedName is not used by this implementation

    }

  }

}

Mutations