| 1 | // Copyright (c) 2014-2018, Yubico AB | |
| 2 | // Copyright (c) 2014, Google Inc. | |
| 3 | // All rights reserved. | |
| 4 | // | |
| 5 | // Redistribution and use in source and binary forms, with or without | |
| 6 | // modification, are permitted provided that the following conditions are met: | |
| 7 | // | |
| 8 | // 1. Redistributions of source code must retain the above copyright notice, this | |
| 9 | // list of conditions and the following disclaimer. | |
| 10 | // | |
| 11 | // 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 12 | // this list of conditions and the following disclaimer in the documentation | |
| 13 | // and/or other materials provided with the distribution. | |
| 14 | // | |
| 15 | // 3. Neither the name of Google Inc. nor the names of its contributors may be | |
| 16 | // used to endorse or promote products derived from this software without | |
| 17 | // specific prior written permission. | |
| 18 | // | |
| 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 20 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 21 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 22 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 23 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 24 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 25 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 26 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 27 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | ||
| 30 | package com.yubico.webauthn; | |
| 31 | ||
| 32 | import com.google.common.io.ByteArrayDataOutput; | |
| 33 | import com.google.common.io.ByteStreams; | |
| 34 | import com.yubico.webauthn.data.ByteArray; | |
| 35 | import com.yubico.webauthn.data.COSEAlgorithmIdentifier; | |
| 36 | import java.security.cert.X509Certificate; | |
| 37 | import lombok.Value; | |
| 38 | ||
| 39 | /** The register response produced by the token/key */ | |
| 40 | @Value | |
| 41 | class U2fRawRegisterResponse { | |
| 42 | private static final byte REGISTRATION_SIGNED_RESERVED_BYTE_VALUE = (byte) 0x00; | |
| 43 | ||
| 44 | /** The (uncompressed) x,y-representation of a curve point on the P-256 NIST elliptic curve. */ | |
| 45 | private final ByteArray userPublicKey; | |
| 46 | ||
| 47 | /** A handle that allows the U2F token to identify the generated key pair. */ | |
| 48 | private final ByteArray keyHandle; | |
| 49 | ||
| 50 | private final X509Certificate attestationCertificate; | |
| 51 | ||
| 52 | /** A ECDSA signature (on P-256) */ | |
| 53 | private final ByteArray signature; | |
| 54 | ||
| 55 | U2fRawRegisterResponse( | |
| 56 | ByteArray userPublicKey, | |
| 57 | ByteArray keyHandle, | |
| 58 | X509Certificate attestationCertificate, | |
| 59 | ByteArray signature) { | |
| 60 | this.userPublicKey = userPublicKey; | |
| 61 | this.keyHandle = keyHandle; | |
| 62 | this.attestationCertificate = attestationCertificate; | |
| 63 | this.signature = signature; | |
| 64 | } | |
| 65 | ||
| 66 | boolean verifySignature(ByteArray appIdHash, ByteArray clientDataHash) { | |
| 67 | ByteArray signedBytes = packBytesToSign(appIdHash, clientDataHash, keyHandle, userPublicKey); | |
| 68 |
2
1. verifySignature : replaced boolean return with true for com/yubico/webauthn/U2fRawRegisterResponse::verifySignature → KILLED 2. verifySignature : replaced boolean return with false for com/yubico/webauthn/U2fRawRegisterResponse::verifySignature → KILLED |
return Crypto.verifySignature( |
| 69 | attestationCertificate, signedBytes, signature, COSEAlgorithmIdentifier.ES256); | |
| 70 | } | |
| 71 | ||
| 72 | private static ByteArray packBytesToSign( | |
| 73 | ByteArray appIdHash, ByteArray clientDataHash, ByteArray keyHandle, ByteArray userPublicKey) { | |
| 74 | ByteArrayDataOutput encoded = ByteStreams.newDataOutput(); | |
| 75 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(REGISTRATION_SIGNED_RESERVED_BYTE_VALUE); |
| 76 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(appIdHash.getBytes()); |
| 77 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(clientDataHash.getBytes()); |
| 78 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(keyHandle.getBytes()); |
| 79 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(userPublicKey.getBytes()); |
| 80 |
1
1. packBytesToSign : replaced return value with null for com/yubico/webauthn/U2fRawRegisterResponse::packBytesToSign → KILLED |
return new ByteArray(encoded.toByteArray()); |
| 81 | } | |
| 82 | } | |
Mutations | ||
| 68 |
1.1 2.2 |
|
| 75 |
1.1 |
|
| 76 |
1.1 |
|
| 77 |
1.1 |
|
| 78 |
1.1 |
|
| 79 |
1.1 |
|
| 80 |
1.1 |