1 | // Copyright (c) 2014-2018, Yubico AB | |
2 | // Copyright (c) 2014, Google Inc. | |
3 | // All rights reserved. | |
4 | // | |
5 | // Redistribution and use in source and binary forms, with or without | |
6 | // modification, are permitted provided that the following conditions are met: | |
7 | // | |
8 | // 1. Redistributions of source code must retain the above copyright notice, this | |
9 | // list of conditions and the following disclaimer. | |
10 | // | |
11 | // 2. Redistributions in binary form must reproduce the above copyright notice, | |
12 | // this list of conditions and the following disclaimer in the documentation | |
13 | // and/or other materials provided with the distribution. | |
14 | // | |
15 | // 3. Neither the name of Google Inc. nor the names of its contributors may be | |
16 | // used to endorse or promote products derived from this software without | |
17 | // specific prior written permission. | |
18 | // | |
19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
20 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
21 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
22 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
23 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
24 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
25 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
26 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
27 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
28 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
29 | ||
30 | package com.yubico.webauthn; | |
31 | ||
32 | import com.google.common.io.ByteArrayDataOutput; | |
33 | import com.google.common.io.ByteStreams; | |
34 | import com.yubico.webauthn.data.ByteArray; | |
35 | import com.yubico.webauthn.data.COSEAlgorithmIdentifier; | |
36 | import java.security.cert.X509Certificate; | |
37 | import lombok.Value; | |
38 | ||
39 | /** The register response produced by the token/key */ | |
40 | @Value | |
41 | class U2fRawRegisterResponse { | |
42 | private static final byte REGISTRATION_SIGNED_RESERVED_BYTE_VALUE = (byte) 0x00; | |
43 | ||
44 | /** The (uncompressed) x,y-representation of a curve point on the P-256 NIST elliptic curve. */ | |
45 | private final ByteArray userPublicKey; | |
46 | ||
47 | /** A handle that allows the U2F token to identify the generated key pair. */ | |
48 | private final ByteArray keyHandle; | |
49 | ||
50 | private final X509Certificate attestationCertificate; | |
51 | ||
52 | /** A ECDSA signature (on P-256) */ | |
53 | private final ByteArray signature; | |
54 | ||
55 | U2fRawRegisterResponse( | |
56 | ByteArray userPublicKey, | |
57 | ByteArray keyHandle, | |
58 | X509Certificate attestationCertificate, | |
59 | ByteArray signature) { | |
60 | this.userPublicKey = userPublicKey; | |
61 | this.keyHandle = keyHandle; | |
62 | this.attestationCertificate = attestationCertificate; | |
63 | this.signature = signature; | |
64 | } | |
65 | ||
66 | boolean verifySignature(ByteArray appIdHash, ByteArray clientDataHash) { | |
67 | ByteArray signedBytes = packBytesToSign(appIdHash, clientDataHash, keyHandle, userPublicKey); | |
68 |
2
1. verifySignature : replaced boolean return with true for com/yubico/webauthn/U2fRawRegisterResponse::verifySignature → KILLED 2. verifySignature : replaced boolean return with false for com/yubico/webauthn/U2fRawRegisterResponse::verifySignature → KILLED |
return Crypto.verifySignature( |
69 | attestationCertificate, signedBytes, signature, COSEAlgorithmIdentifier.ES256); | |
70 | } | |
71 | ||
72 | private static ByteArray packBytesToSign( | |
73 | ByteArray appIdHash, ByteArray clientDataHash, ByteArray keyHandle, ByteArray userPublicKey) { | |
74 | ByteArrayDataOutput encoded = ByteStreams.newDataOutput(); | |
75 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(REGISTRATION_SIGNED_RESERVED_BYTE_VALUE); |
76 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(appIdHash.getBytes()); |
77 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(clientDataHash.getBytes()); |
78 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(keyHandle.getBytes()); |
79 |
1
1. packBytesToSign : removed call to com/google/common/io/ByteArrayDataOutput::write → KILLED |
encoded.write(userPublicKey.getBytes()); |
80 |
1
1. packBytesToSign : replaced return value with null for com/yubico/webauthn/U2fRawRegisterResponse::packBytesToSign → KILLED |
return new ByteArray(encoded.toByteArray()); |
81 | } | |
82 | } | |
Mutations | ||
68 |
1.1 2.2 |
|
75 |
1.1 |
|
76 |
1.1 |
|
77 |
1.1 |
|
78 |
1.1 |
|
79 |
1.1 |
|
80 |
1.1 |