mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12628 Commits
17 Branches
Tree: 35c3553870
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '35c3553870'
${ noResults }
gitea/vendor/github.com/duo-labs/webauthn/protocol/attestation_tpm.go

attestation_tpm.go 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349 
  1. package protocol

  2. 

  3. import (

  4. 	"bytes"

  5. 	"crypto/x509"

  6. 	"crypto/x509/pkix"

  7. 	"encoding/asn1"

  8. 	"errors"

  9. 	"fmt"

  10. 	"math/big"

  11. 	"strings"

  12. 

  13. 	"github.com/duo-labs/webauthn/protocol/webauthncose"

  14. 

  15. 	"github.com/duo-labs/webauthn/protocol/googletpm"

  16. )

  17. 

  18. var tpmAttestationKey = "tpm"

  19. 

  20. func init() {

  21. 	RegisterAttestationFormat(tpmAttestationKey, verifyTPMFormat)

  22. 	googletpm.UseTPM20LengthPrefixSize()

  23. }

  24. 

  25. func verifyTPMFormat(att AttestationObject, clientDataHash []byte) (string, []interface{}, error) {

  26. 	// Given the verification procedure inputs attStmt, authenticatorData

  27. 	// and clientDataHash, the verification procedure is as follows

  28. 

  29. 	// Verify that attStmt is valid CBOR conforming to the syntax defined

  30. 	// above and perform CBOR decoding on it to extract the contained fields

  31. 

  32. 	ver, present := att.AttStatement["ver"].(string)

  33. 	if !present {

  34. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error retreiving ver value")

  35. 	}

  36. 

  37. 	if ver != "2.0" {

  38. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("WebAuthn only supports TPM 2.0 currently")

  39. 	}

  40. 

  41. 	alg, present := att.AttStatement["alg"].(int64)

  42. 	if !present {

  43. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error retreiving alg value")

  44. 	}

  45. 

  46. 	coseAlg := webauthncose.COSEAlgorithmIdentifier(alg)

  47. 

  48. 	x5c, x509present := att.AttStatement["x5c"].([]interface{})

  49. 	if !x509present {

  50. 		// Handle Basic Attestation steps for the x509 Certificate

  51. 		return tpmAttestationKey, nil, ErrNotImplemented

  52. 	}

  53. 

  54. 	_, ecdaaKeyPresent := att.AttStatement["ecdaaKeyId"].([]byte)

  55. 	if ecdaaKeyPresent {

  56. 		return tpmAttestationKey, nil, ErrNotImplemented

  57. 	}

  58. 

  59. 	sigBytes, present := att.AttStatement["sig"].([]byte)

  60. 	if !present {

  61. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error retreiving sig value")

  62. 	}

  63. 

  64. 	certInfoBytes, present := att.AttStatement["certInfo"].([]byte)

  65. 	if !present {

  66. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error retreiving certInfo value")

  67. 	}

  68. 

  69. 	pubAreaBytes, present := att.AttStatement["pubArea"].([]byte)

  70. 	if !present {

  71. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error retreiving pubArea value")

  72. 	}

  73. 

  74. 	// Verify that the public key specified by the parameters and unique fields of pubArea

  75. 	// is identical to the credentialPublicKey in the attestedCredentialData in authenticatorData.

  76. 	pubArea, err := googletpm.DecodePublic(pubAreaBytes)

  77. 	if err != nil {

  78. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Unable to decode TPMT_PUBLIC in attestation statement")

  79. 	}

  80. 

  81. 	key, err := webauthncose.ParsePublicKey(att.AuthData.AttData.CredentialPublicKey)

  82. 	switch key.(type) {

  83. 	case webauthncose.EC2PublicKeyData:

  84. 		e := key.(webauthncose.EC2PublicKeyData)

  85. 		if pubArea.ECCParameters.CurveID != googletpm.EllipticCurve(e.Curve) ||

  86. 			0 != pubArea.ECCParameters.Point.X.Cmp(new(big.Int).SetBytes(e.XCoord)) ||

  87. 			0 != pubArea.ECCParameters.Point.Y.Cmp(new(big.Int).SetBytes(e.YCoord)) {

  88. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Mismatch between ECCParameters in pubArea and credentialPublicKey")

  89. 		}

  90. 	case webauthncose.RSAPublicKeyData:

  91. 		r := key.(webauthncose.RSAPublicKeyData)

  92. 		mod := new(big.Int).SetBytes(r.Modulus)

  93. 		exp := uint32(r.Exponent[0]) + uint32(r.Exponent[1])<<8 + uint32(r.Exponent[2])<<16

  94. 		if 0 != pubArea.RSAParameters.Modulus.Cmp(mod) ||

  95. 			pubArea.RSAParameters.Exponent != exp {

  96. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Mismatch between RSAParameters in pubArea and credentialPublicKey")

  97. 		}

  98. 	default:

  99. 		return "", nil, ErrUnsupportedKey

  100. 	}

  101. 

  102. 	// Concatenate authenticatorData and clientDataHash to form attToBeSigned

  103. 	attToBeSigned := append(att.RawAuthData, clientDataHash...)

  104. 

  105. 	// Validate that certInfo is valid:

  106. 	certInfo, err := googletpm.DecodeAttestationData(certInfoBytes)

  107. 	// 1/4 Verify that magic is set to TPM_GENERATED_VALUE.

  108. 	if certInfo.Magic != 0xff544347 {

  109. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Magic is not set to TPM_GENERATED_VALUE")

  110. 	}

  111. 	// 2/4 Verify that type is set to TPM_ST_ATTEST_CERTIFY.

  112. 	if certInfo.Type != googletpm.TagAttestCertify {

  113. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Type is not set to TPM_ST_ATTEST_CERTIFY")

  114. 	}

  115. 	// 3/4 Verify that extraData is set to the hash of attToBeSigned using the hash algorithm employed in "alg".

  116. 	f := webauthncose.HasherFromCOSEAlg(coseAlg)

  117. 	h := f()

  118. 	h.Write(attToBeSigned)

  119. 	if 0 != bytes.Compare(certInfo.ExtraData, h.Sum(nil)) {

  120. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("ExtraData is not set to hash of attToBeSigned")

  121. 	}

  122. 	// 4/4 Verify that attested contains a TPMS_CERTIFY_INFO structure as specified in

  123. 	// [TPMv2-Part2] section 10.12.3, whose name field contains a valid Name for pubArea,

  124. 	// as computed using the algorithm in the nameAlg field of pubArea

  125. 	// using the procedure specified in [TPMv2-Part1] section 16.

  126. 	f, err = certInfo.AttestedCertifyInfo.Name.Digest.Alg.HashConstructor()

  127. 	h = f()

  128. 	h.Write(pubAreaBytes)

  129. 	if 0 != bytes.Compare(h.Sum(nil), certInfo.AttestedCertifyInfo.Name.Digest.Value) {

  130. 		return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Hash value mismatch attested and pubArea")

  131. 	}

  132. 

  133. 	// Note that the remaining fields in the "Standard Attestation Structure"

  134. 	// [TPMv2-Part1] section 31.2, i.e., qualifiedSigner, clockInfo and firmwareVersion

  135. 	// are ignored. These fields MAY be used as an input to risk engines.

  136. 

  137. 	// If x5c is present, this indicates that the attestation type is not ECDAA.

  138. 	if x509present {

  139. 		// In this case:

  140. 		// Verify the sig is a valid signature over certInfo using the attestation public key in aikCert with the algorithm specified in alg.

  141. 		aikCertBytes, valid := x5c[0].([]byte)

  142. 		if !valid {

  143. 			return tpmAttestationKey, nil, ErrAttestation.WithDetails("Error getting certificate from x5c cert chain")

  144. 		}

  145. 

  146. 		aikCert, err := x509.ParseCertificate(aikCertBytes)

  147. 		if err != nil {

  148. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Error parsing certificate from ASN.1")

  149. 		}

  150. 

  151. 		sigAlg := webauthncose.SigAlgFromCOSEAlg(coseAlg)

  152. 

  153. 		err = aikCert.CheckSignature(x509.SignatureAlgorithm(sigAlg), certInfoBytes, sigBytes)

  154. 		if err != nil {

  155. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails(fmt.Sprintf("Signature validation error: %+v\n", err))

  156. 		}

  157. 		// Verify that aikCert meets the requirements in §8.3.1 TPM Attestation Statement Certificate Requirements

  158. 

  159. 		// 1/6 Version MUST be set to 3.

  160. 		if aikCert.Version != 3 {

  161. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate version must be 3")

  162. 		}

  163. 		// 2/6 Subject field MUST be set to empty.

  164. 		if aikCert.Subject.String() != "" {

  165. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate subject must be empty")

  166. 		}

  167. 

  168. 		// 3/6 The Subject Alternative Name extension MUST be set as defined in [TPMv2-EK-Profile] section 3.2.9{}

  169. 		var manufacturer, model, version string

  170. 		for _, ext := range aikCert.Extensions {

  171. 			if ext.Id.Equal([]int{2, 5, 29, 17}) {

  172. 				manufacturer, model, version, err = parseSANExtension(ext.Value)

  173. 			}

  174. 		}

  175. 

  176. 		if manufacturer == "" || model == "" || version == "" {

  177. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Invalid SAN data in AIK certificate")

  178. 		}

  179. 

  180. 		if false == isValidTPMManufacturer(manufacturer) {

  181. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("Invalid TPM manufacturer")

  182. 		}

  183. 

  184. 		// 4/6 The Extended Key Usage extension MUST contain the "joint-iso-itu-t(2) internationalorganizations(23) 133 tcg-kp(8) tcg-kp-AIKCertificate(3)" OID.

  185. 		var ekuValid = false

  186. 		var eku []asn1.ObjectIdentifier

  187. 		for _, ext := range aikCert.Extensions {

  188. 			if ext.Id.Equal([]int{2, 5, 29, 37}) {

  189. 				rest, err := asn1.Unmarshal(ext.Value, &eku)

  190. 				if len(rest) != 0 || err != nil || !eku[0].Equal(tcgKpAIKCertificate) {

  191. 					return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate EKU missing 2.23.133.8.3")

  192. 				}

  193. 				ekuValid = true

  194. 			}

  195. 		}

  196. 		if false == ekuValid {

  197. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate missing EKU")

  198. 		}

  199. 

  200. 		// 5/6 The Basic Constraints extension MUST have the CA component set to false.

  201. 		type basicConstraints struct {

  202. 			IsCA       bool `asn1:"optional"`

  203. 			MaxPathLen int  `asn1:"optional,default:-1"`

  204. 		}

  205. 		var constraints basicConstraints

  206. 		for _, ext := range aikCert.Extensions {

  207. 			if ext.Id.Equal([]int{2, 5, 29, 19}) {

  208. 				if rest, err := asn1.Unmarshal(ext.Value, &constraints); err != nil {

  209. 					return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate basic constraints malformed")

  210. 				} else if len(rest) != 0 {

  211. 					return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate basic constraints contains extra data")

  212. 				}

  213. 			}

  214. 		}

  215. 		if constraints.IsCA != false {

  216. 			return tpmAttestationKey, nil, ErrAttestationFormat.WithDetails("AIK certificate basic constraints missing or CA is true")

  217. 		}

  218. 		// 6/6 An Authority Information Access (AIA) extension with entry id-ad-ocsp and a CRL Distribution Point

  219. 		// extension [RFC5280] are both OPTIONAL as the status of many attestation certificates is available

  220. 		// through metadata services. See, for example, the FIDO Metadata Service.

  221. 	}

  222. 

  223. 	return tpmAttestationKey, x5c, err

  224. }

  225. func forEachSAN(extension []byte, callback func(tag int, data []byte) error) error {

  226. 	// RFC 5280, 4.2.1.6

  227. 

  228. 	// SubjectAltName ::= GeneralNames

  229. 	//

  230. 	// GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

  231. 	//

  232. 	// GeneralName ::= CHOICE {

  233. 	//      otherName                       [0]     OtherName,

  234. 	//      rfc822Name                      [1]     IA5String,

  235. 	//      dNSName                         [2]     IA5String,

  236. 	//      x400Address                     [3]     ORAddress,

  237. 	//      directoryName                   [4]     Name,

  238. 	//      ediPartyName                    [5]     EDIPartyName,

  239. 	//      uniformResourceIdentifier       [6]     IA5String,

  240. 	//      iPAddress                       [7]     OCTET STRING,

  241. 	//      registeredID                    [8]     OBJECT IDENTIFIER }

  242. 	var seq asn1.RawValue

  243. 	rest, err := asn1.Unmarshal(extension, &seq)

  244. 	if err != nil {

  245. 		return err

  246. 	} else if len(rest) != 0 {

  247. 		return errors.New("x509: trailing data after X.509 extension")

  248. 	}

  249. 	if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {

  250. 		return asn1.StructuralError{Msg: "bad SAN sequence"}

  251. 	}

  252. 

  253. 	rest = seq.Bytes

  254. 	for len(rest) > 0 {

  255. 		var v asn1.RawValue

  256. 		rest, err = asn1.Unmarshal(rest, &v)

  257. 		if err != nil {

  258. 			return err

  259. 		}

  260. 

  261. 		if err := callback(v.Tag, v.Bytes); err != nil {

  262. 			return err

  263. 		}

  264. 	}

  265. 

  266. 	return nil

  267. }

  268. 

  269. const (

  270. 	nameTypeDN = 4

  271. )

  272. 

  273. var (

  274. 	tcgKpAIKCertificate  = asn1.ObjectIdentifier{2, 23, 133, 8, 3}

  275. 	tcgAtTpmManufacturer = asn1.ObjectIdentifier{2, 23, 133, 2, 1}

  276. 	tcgAtTpmModel        = asn1.ObjectIdentifier{2, 23, 133, 2, 2}

  277. 	tcgAtTpmVersion      = asn1.ObjectIdentifier{2, 23, 133, 2, 3}

  278. )

  279. 

  280. func parseSANExtension(value []byte) (manufacturer string, model string, version string, err error) {

  281. 	err = forEachSAN(value, func(tag int, data []byte) error {

  282. 		switch tag {

  283. 		case nameTypeDN:

  284. 			tpmDeviceAttributes := pkix.RDNSequence{}

  285. 			_, err := asn1.Unmarshal(data, &tpmDeviceAttributes)

  286. 			if err != nil {

  287. 				return err

  288. 			}

  289. 			for _, rdn := range tpmDeviceAttributes {

  290. 				if len(rdn) == 0 {

  291. 					continue

  292. 				}

  293. 				for _, atv := range rdn {

  294. 					value, ok := atv.Value.(string)

  295. 					if !ok {

  296. 						continue

  297. 					}

  298. 

  299. 					if atv.Type.Equal(tcgAtTpmManufacturer) {

  300. 						manufacturer = strings.TrimPrefix(value, "id:")

  301. 					}

  302. 					if atv.Type.Equal(tcgAtTpmModel) {

  303. 						model = value

  304. 					}

  305. 					if atv.Type.Equal(tcgAtTpmVersion) {

  306. 						version = strings.TrimPrefix(value, "id:")

  307. 					}

  308. 				}

  309. 			}

  310. 		}

  311. 		return nil

  312. 	})

  313. 	return

  314. }

  315. 

  316. var tpmManufacturers = []struct {

  317. 	id   string

  318. 	name string

  319. 	code string

  320. }{

  321. 	{"414D4400", "AMD", "AMD"},

  322. 	{"41544D4C", "Atmel", "ATML"},

  323. 	{"4252434D", "Broadcom", "BRCM"},

  324. 	{"49424d00", "IBM", "IBM"},

  325. 	{"49465800", "Infineon", "IFX"},

  326. 	{"494E5443", "Intel", "INTC"},

  327. 	{"4C454E00", "Lenovo", "LEN"},

  328. 	{"4E534D20", "National Semiconductor", "NSM"},

  329. 	{"4E545A00", "Nationz", "NTZ"},

  330. 	{"4E544300", "Nuvoton Technology", "NTC"},

  331. 	{"51434F4D", "Qualcomm", "QCOM"},

  332. 	{"534D5343", "SMSC", "SMSC"},

  333. 	{"53544D20", "ST Microelectronics", "STM"},

  334. 	{"534D534E", "Samsung", "SMSN"},

  335. 	{"534E5300", "Sinosun", "SNS"},

  336. 	{"54584E00", "Texas Instruments", "TXN"},

  337. 	{"57454300", "Winbond", "WEC"},

  338. 	{"524F4343", "Fuzhouk Rockchip", "ROCC"},

  339. 	{"FFFFF1D0", "FIDO Alliance Conformance Testing", "FIDO"},

  340. }

  341. 

  342. func isValidTPMManufacturer(id string) bool {

  343. 	for _, m := range tpmManufacturers {

  344. 		if m.id == id {

  345. 			return true

  346. 		}

  347. 	}

  348. 	return false

  349. }