kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Abstract attestation support

Browse Source
This commit is contained in:
Julien Cretin
2022-07-05 16:11:56 +02:00
parent aee7d7c9b3
commit 80a6b82ed7
10 changed files with 232 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/ctap/ctap1.rs
View File

@@ -16,7 +16,7 @@ use super::super::clock::CtapInstant;
use super::apdu::{Apdu, ApduStatusCode};
use super::crypto_wrapper::{decrypt_credential_source, encrypt_key_handle, PrivateKey};
use super::CtapState;
use crate::ctap::storage;
use crate::api::attestation_store::{self, Attestation, AttestationStore};
use crate::env::Env;
use alloc::vec::Vec;
use arrayref::array_ref;
@@ -257,12 +257,14 @@ impl Ctap1Command {
return Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION);
}
let certificate = storage::attestation_certificate(env)
let Attestation {
private_key,
certificate,
} = env
.attestation_store()
.get(&attestation_store::Id::Batch)
.map_err(|_| Ctap1StatusCode::SW_MEMERR)?
.ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
let private_key = storage::attestation_private_key(env)
.map_err(|_| Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?
.ok_or(Ctap1StatusCode::SW_INTERNAL_EXCEPTION)?;
let mut response = Vec::with_capacity(105 + key_handle.len() + certificate.len());
response.push(Ctap1Command::LEGACY_BYTE);
@@ -345,10 +347,10 @@ impl Ctap1Command {
mod test {
use super::super::crypto_wrapper::ECDSA_CREDENTIAL_ID_SIZE;
use super::super::data_formats::SignatureAlgorithm;
use super::super::key_material;
use super::*;
use crate::api::customization::Customization;
use crate::clock::TEST_CLOCK_FREQUENCY_HZ;
use crate::ctap::storage;
use crate::env::test::TestEnv;
use crypto::Hash256;
@@ -423,21 +425,13 @@ mod test {
// Certificate and private key are missing
assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
let fake_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
assert!(storage::set_attestation_private_key(&mut env, &fake_key).is_ok());
ctap_state.u2f_up_state.consume_up(CtapInstant::new(0));
ctap_state.u2f_up_state.grant_up(CtapInstant::new(0));
let response = Ctap1Command::process_command(
&mut env,
&message,
&mut ctap_state,
CtapInstant::new(0_u64),
);
// Certificate is still missing
assert_eq!(response, Err(Ctap1StatusCode::SW_INTERNAL_EXCEPTION));
let fake_cert = [0x99u8; 100]; // Arbitrary length
assert!(storage::set_attestation_certificate(&mut env, &fake_cert[..]).is_ok());
let attestation = Attestation {
private_key: [0x41; 32],
certificate: vec![0x99; 100],
};
env.attestation_store()
.set(&attestation_store::Id::Batch, Some(&attestation))
.unwrap();
ctap_state.u2f_up_state.consume_up(CtapInstant::new(0));
ctap_state.u2f_up_state.grant_up(CtapInstant::new(0));
let response =
@@ -454,8 +448,8 @@ mod test {
.is_some());
const CERT_START: usize = 67 + ECDSA_CREDENTIAL_ID_SIZE;
assert_eq!(
&response[CERT_START..CERT_START + fake_cert.len()],
&fake_cert[..]
&response[CERT_START..][..attestation.certificate.len()],
&attestation.certificate
);
}

106
src/ctap/mod.rs
View File

@@ -62,6 +62,7 @@ use self::status_code::Ctap2StatusCode;
use self::timed_permission::TimedPermission;
#[cfg(feature = "with_ctap1")]
use self::timed_permission::U2fUserPresenceState;
use crate::api::attestation_store::{self, Attestation, AttestationStore};
use crate::api::connection::{HidConnection, SendOrRecvStatus};
use crate::api::customization::Customization;
use crate::api::firmware_protection::FirmwareProtection;
@@ -860,7 +861,7 @@ impl CtapState {
key_type: PublicKeyCredentialType::PublicKey,
credential_id: random_id.clone(),
private_key: private_key.clone(),
rp_id,
rp_id: rp_id.clone(),
user_handle: user.user_id,
// This input is user provided, so we crop it to 64 byte for storage.
// The UTF8 encoding is always preserved, so the string might end up shorter.
@@ -918,21 +919,31 @@ impl CtapState {
let mut signature_data = auth_data.clone();
signature_data.extend(client_data_hash);
let (signature, x5c) = if env.customization().use_batch_attestation() || ep_att {
let attestation_private_key = storage::attestation_private_key(env)?
.ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
let attestation_key =
crypto::ecdsa::SecKey::from_bytes(&attestation_private_key).unwrap();
let attestation_certificate = storage::attestation_certificate(env)?
.ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
(
attestation_key
.sign_rfc6979::<Sha256>(&signature_data)
.to_asn1_der(),
Some(vec![attestation_certificate]),
)
let attestation_id = if env.customization().use_batch_attestation() {
Some(attestation_store::Id::Batch)
} else if ep_att {
Some(attestation_store::Id::Enterprise { rp_id })
} else {
(private_key.sign_and_encode(env, &signature_data)?, None)
None
};
let (signature, x5c) = match attestation_id {
Some(id) => {
let Attestation {
private_key,
certificate,
} = env
.attestation_store()
.get(&id)?
.ok_or(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)?;
let attestation_key = crypto::ecdsa::SecKey::from_bytes(&private_key).unwrap();
(
attestation_key
.sign_rfc6979::<Sha256>(&signature_data)
.to_asn1_der(),
Some(vec![certificate]),
)
}
None => (private_key.sign_and_encode(env, &signature_data)?, None),
};
let attestation_statement = PackedAttestationStatement {
alg: SignatureAlgorithm::ES256 as i64,
@@ -1338,41 +1349,26 @@ impl CtapState {
if params.attestation_material.is_some() || params.lockdown {
check_user_presence(env, channel)?;
}
// This command is for U2F support and we use the batch attestation there.
let attestation_id = attestation_store::Id::Batch;
// Sanity checks
let current_priv_key = storage::attestation_private_key(env)?;
let current_cert = storage::attestation_certificate(env)?;
let current_attestation = env.attestation_store().get(&attestation_id)?;
let response = match params.attestation_material {
// Only reading values.
None => AuthenticatorVendorConfigureResponse {
cert_programmed: current_cert.is_some(),
pkey_programmed: current_priv_key.is_some(),
cert_programmed: current_attestation.is_some(),
pkey_programmed: current_attestation.is_some(),
},
// Device is already fully programmed. We don't leak information.
Some(_) if current_cert.is_some() && current_priv_key.is_some() => {
AuthenticatorVendorConfigureResponse {
cert_programmed: true,
pkey_programmed: true,
}
}
// Device is partially or not programmed. We complete the process.
Some(data) => {
if let Some(current_cert) = &current_cert {
if current_cert != &data.certificate {
return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
}
}
if let Some(current_priv_key) = &current_priv_key {
if current_priv_key != &data.private_key {
return Err(Ctap2StatusCode::CTAP1_ERR_INVALID_PARAMETER);
}
}
if current_cert.is_none() {
storage::set_attestation_certificate(env, &data.certificate)?;
}
if current_priv_key.is_none() {
storage::set_attestation_private_key(env, &data.private_key)?;
// We don't overwrite the attestation if it's already set. We don't return any error
// to not leak information.
if current_attestation.is_none() {
let attestation = Attestation {
private_key: data.private_key,
certificate: data.certificate,
};
env.attestation_store()
.set(&attestation_id, Some(&attestation))?;
}
AuthenticatorVendorConfigureResponse {
cert_programmed: true,
@@ -3145,12 +3141,11 @@ mod test {
))
);
assert_eq!(
storage::attestation_certificate(&mut env).unwrap().unwrap(),
dummy_cert
);
assert_eq!(
storage::attestation_private_key(&mut env).unwrap().unwrap(),
dummy_key
env.attestation_store().get(&attestation_store::Id::Batch),
Ok(Some(Attestation {
private_key: dummy_key,
certificate: dummy_cert.to_vec(),
}))
);
// Try to inject other dummy values and check that initial values are retained.
@@ -3176,12 +3171,11 @@ mod test {
))
);
assert_eq!(
storage::attestation_certificate(&mut env).unwrap().unwrap(),
dummy_cert
);
assert_eq!(
storage::attestation_private_key(&mut env).unwrap().unwrap(),
dummy_key
env.attestation_store().get(&attestation_store::Id::Batch),
Ok(Some(Attestation {
private_key: dummy_key,
certificate: dummy_cert.to_vec(),
}))
);
// Now try to lock the device

13
src/ctap/status_code.rs
View File

@@ -12,8 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use crate::api::key_store;
use crate::api::user_presence::UserPresenceError;
use crate::api::{attestation_store, key_store};
// CTAP specification (version 20190130) section 6.3
// For now, only the CTAP2 codes are here, the CTAP1 are not included.
@@ -100,3 +100,14 @@ impl From<key_store::Error> for Ctap2StatusCode {
Self::CTAP2_ERR_VENDOR_INTERNAL_ERROR
}
}
impl From<attestation_store::Error> for Ctap2StatusCode {
fn from(error: attestation_store::Error) -> Self {
use attestation_store::Error;
match error {
Error::Storage => Self::CTAP2_ERR_VENDOR_HARDWARE_FAILURE,
Error::Internal => Self::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
Error::NoSupport => Self::CTAP2_ERR_VENDOR_INTERNAL_ERROR,
}
}
}

101
src/ctap/storage.rs
View File

@@ -437,58 +437,6 @@ pub fn commit_large_blob_array(
)?)
}
/// Returns the attestation private key if defined.
pub fn attestation_private_key(
env: &mut impl Env,
) -> Result<Option<[u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH]>, Ctap2StatusCode> {
match env.store().find(key::ATTESTATION_PRIVATE_KEY)? {
None => Ok(None),
Some(key) if key.len() == key_material::ATTESTATION_PRIVATE_KEY_LENGTH => {
Ok(Some(*array_ref![
key,
0,
key_material::ATTESTATION_PRIVATE_KEY_LENGTH
]))
}
Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
}
}
/// Sets the attestation private key.
///
/// If it is already defined, it is overwritten.
pub fn set_attestation_private_key(
env: &mut impl Env,
attestation_private_key: &[u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
) -> Result<(), Ctap2StatusCode> {
match env.store().find(key::ATTESTATION_PRIVATE_KEY)? {
None => Ok(env
.store()
.insert(key::ATTESTATION_PRIVATE_KEY, attestation_private_key)?),
Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
}
}
/// Returns the attestation certificate if defined.
pub fn attestation_certificate(env: &mut impl Env) -> Result<Option<Vec<u8>>, Ctap2StatusCode> {
Ok(env.store().find(key::ATTESTATION_CERTIFICATE)?)
}
/// Sets the attestation certificate.
///
/// If it is already defined, it is overwritten.
pub fn set_attestation_certificate(
env: &mut impl Env,
attestation_certificate: &[u8],
) -> Result<(), Ctap2StatusCode> {
match env.store().find(key::ATTESTATION_CERTIFICATE)? {
None => Ok(env
.store()
.insert(key::ATTESTATION_CERTIFICATE, attestation_certificate)?),
Some(_) => Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR),
}
}
/// Returns the AAGUID.
pub fn aaguid(env: &mut impl Env) -> Result<[u8; key_material::AAGUID_LENGTH], Ctap2StatusCode> {
let aaguid = env
@@ -545,10 +493,9 @@ pub fn enterprise_attestation(env: &mut impl Env) -> Result<bool, Ctap2StatusCod
}
/// Marks enterprise attestation as enabled.
///
/// Doesn't check whether an attestation is setup because it depends on the RP id.
pub fn enable_enterprise_attestation(env: &mut impl Env) -> Result<(), Ctap2StatusCode> {
if attestation_private_key(env)?.is_none() || attestation_certificate(env)?.is_none() {
return Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR);
}
if !enterprise_attestation(env)? {
env.store().insert(key::ENTERPRISE_ATTESTATION, &[])?;
}
@@ -696,6 +643,7 @@ fn serialize_min_pin_length_rp_ids(rp_ids: Vec<String>) -> Result<Vec<u8>, Ctap2
#[cfg(test)]
mod test {
use super::*;
use crate::api::attestation_store::{self, Attestation, AttestationStore};
use crate::ctap::crypto_wrapper::PrivateKey;
use crate::ctap::data_formats::{PublicKeyCredentialSource, PublicKeyCredentialType};
use crate::env::test::TestEnv;
@@ -1033,25 +981,26 @@ mod test {
init(&mut env).unwrap();
// Make sure the attestation are absent. There is no batch attestation in tests.
assert!(attestation_private_key(&mut env).unwrap().is_none());
assert!(attestation_certificate(&mut env).unwrap().is_none());
assert_eq!(
env.attestation_store().get(&attestation_store::Id::Batch),
Ok(None)
);
// Make sure the persistent keys are initialized to dummy values.
let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
let dummy_cert = [0xddu8; 20];
set_attestation_private_key(&mut env, &dummy_key).unwrap();
set_attestation_certificate(&mut env, &dummy_cert).unwrap();
let dummy_attestation = Attestation {
private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
certificate: vec![0xdd; 20],
};
env.attestation_store()
.set(&attestation_store::Id::Batch, Some(&dummy_attestation))
.unwrap();
assert_eq!(&aaguid(&mut env).unwrap(), key_material::AAGUID);
// The persistent keys stay initialized and preserve their value after a reset.
reset(&mut env).unwrap();
assert_eq!(
&attestation_private_key(&mut env).unwrap().unwrap(),
&dummy_key
);
assert_eq!(
attestation_certificate(&mut env).unwrap().unwrap(),
&dummy_cert
env.attestation_store().get(&attestation_store::Id::Batch),
Ok(Some(dummy_attestation))
);
assert_eq!(&aaguid(&mut env).unwrap(), key_material::AAGUID);
}
@@ -1187,17 +1136,13 @@ mod test {
fn test_enterprise_attestation() {
let mut env = TestEnv::new();
assert!(!enterprise_attestation(&mut env).unwrap());
assert_eq!(
enable_enterprise_attestation(&mut env),
Err(Ctap2StatusCode::CTAP2_ERR_VENDOR_INTERNAL_ERROR)
);
assert!(!enterprise_attestation(&mut env).unwrap());
let dummy_key = [0x41u8; key_material::ATTESTATION_PRIVATE_KEY_LENGTH];
let dummy_cert = [0xddu8; 20];
set_attestation_private_key(&mut env, &dummy_key).unwrap();
set_attestation_certificate(&mut env, &dummy_cert).unwrap();
let dummy_attestation = Attestation {
private_key: [0x41; key_material::ATTESTATION_PRIVATE_KEY_LENGTH],
certificate: vec![0xdd; 20],
};
env.attestation_store()
.set(&attestation_store::Id::Batch, Some(&dummy_attestation))
.unwrap();
assert!(!enterprise_attestation(&mut env).unwrap());
assert_eq!(enable_enterprise_attestation(&mut env), Ok(()));

7
src/ctap/storage/key.rs
View File

@@ -61,11 +61,8 @@ make_partition! {
// WARNING: Keys should not be deleted but prefixed with `_` to avoid accidentally reusing them.
/// The attestation private key.
ATTESTATION_PRIVATE_KEY = 1;
/// The attestation certificate.
ATTESTATION_CERTIFICATE = 2;
/// Reserved for the attestation store implementation of the environment.
_RESERVED_ATTESTATION_STORE = 1..3;
/// The aaguid.
AAGUID = 3;