//! This module contains the function that allows attestation of ssh sk keys which
//! are created by FIDO2 devices.
#![cfg_attr(docsrs, feature(doc_cfg))]
#![deny(warnings)]
#![warn(unused_extern_crates)]
#![warn(missing_docs)]
#![deny(clippy::todo)]
#![deny(clippy::unimplemented)]
#![deny(clippy::unwrap_used)]
// #![deny(clippy::expect_used)]
#![deny(clippy::panic)]
#![deny(clippy::unreachable)]
#![deny(clippy::await_holding_lock)]
#![deny(clippy::needless_pass_by_value)]
#![deny(clippy::trivially_copy_pass_by_ref)]
#[macro_use]
extern crate tracing;
pub mod proto;
use uuid::Uuid;
pub use webauthn_rs_core::error::WebauthnError;
use webauthn_rs_core::{
attestation::{
assert_packed_attest_req, validate_extension, verify_attestation_ca_chain, FidoGenCeAaguid,
},
crypto::{compute_sha256, verify_signature},
internals::AuthenticatorData,
proto::{
AttestationCaList, AttestationFormat, AttestationMetadata, COSEAlgorithm, COSEKey,
COSEKeyType, CredentialProtectionPolicy, ExtnState, ParsedAttestation,
ParsedAttestationData, RegisteredExtensions, Registration,
},
};
use nom::{
bytes::complete::{tag, take},
number::complete::be_u32,
};
use openssl::{bn, ec, nid, x509};
use sshkeys::{Curve, EcdsaPublicKey, KeyType, KeyTypeKind, PublicKey, PublicKeyKind};
use crate::proto::AttestedPublicKey;
/// Given an attestation generated by ssh-keygen, parse and validate it's content
/// returning an attested public key structure that contains metadata and the ssh
/// public key.
///
/// You can create an attested sk key with:
/// ```shell
/// dd if=/dev/urandom of=/Users/username/.ssh/id_ecdsa_sk.chal bs=16 count=1
/// ssh-keygen -t ecdsa-sk -O challenge=/Users/username/.ssh/id_ecdsa_sk.chal \\
/// -O write-attestation=/Users/username/.ssh/id_ecdsa_sk.attest -f /Users/username/.ssh/id_ecdsa_sk
/// ```
///
/// The contents of `id_ecdsa_sk.attest` and `id_ecdsa_sk.chal` correspond to the
/// `attestation` and `challenge` parameters respectively.
pub fn verify_fido_sk_ssh_attestation(
attestation: &[u8],
challenge: &[u8],
attestation_cas: &AttestationCaList,
danger_disable_certificate_time_checks: bool,
) -> Result<AttestedPublicKey, WebauthnError> {
if attestation_cas.is_empty() {
return Err(WebauthnError::MissingAttestationCaList);
}
let alg = COSEAlgorithm::ES256;
let ssh_sk_attest = SshSkAttestation::try_from(attestation)?;
let acd = ssh_sk_attest
.auth_data
.acd
.as_ref()
.ok_or(WebauthnError::MissingAttestationCredentialData)?;
let attestation_format = AttestationFormat::Packed;
// Ssh simply uses the challenge as the client data hash.
let client_data_hash = compute_sha256(challenge);
trace!(?ssh_sk_attest);
let verification_data: Vec<u8> = ssh_sk_attest
.auth_data_bytes
.iter()
.chain(client_data_hash.iter())
.copied()
.collect();
let is_valid_signature = verify_signature(
alg,
&ssh_sk_attest.att_cert,
&ssh_sk_attest.sig,
&verification_data,
)?;
if !is_valid_signature {
return Err(WebauthnError::AttestationStatementSigInvalid);
}
// Verify that attestnCert meets the requirements in § 8.2.1 Packed Attestation
// Statement Certificate Requirements.
// https://w3c.github.io/webauthn/#sctn-packed-attestation-cert-requirements
assert_packed_attest_req(&ssh_sk_attest.att_cert)?;
// If attestnCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4
// (id-fido-gen-ce-aaguid) verify that the value of this extension matches the aaguid
// in authenticatorData.
validate_extension::<FidoGenCeAaguid>(&ssh_sk_attest.att_cert, &acd.aaguid)?;
// In the future if ssh changes their attest format we can provide the full chain here.
let att_x509 = vec![ssh_sk_attest.att_cert.clone()];
let attestation = ParsedAttestation {
data: ParsedAttestationData::Basic(att_x509),
metadata: AttestationMetadata::Packed {
aaguid: Uuid::from_bytes(acd.aaguid),
},
};
let ca_crt = verify_attestation_ca_chain(
&attestation.data,
attestation_cas,
danger_disable_certificate_time_checks,
)?;
// It may seem odd to unwrap the option and make this not verified at this point,
// but in this case because we have the ca_list and none was the result (which happens)
// in some cases, we need to map that through. But we need verify_attesation_ca_chain
// to still return these option types due to re-attestation in the future.
let ca_crt = ca_crt.ok_or(WebauthnError::AttestationNotVerifiable)?;
match &attestation.metadata {
AttestationMetadata::Packed { aaguid } | AttestationMetadata::Tpm { aaguid, .. } => {
// If not present, fail.
if !ca_crt.aaguids().contains_key(aaguid) {
error!(?aaguid, "aaguid not trusted by this CA");
return Err(WebauthnError::AttestationUntrustedAaguid);
}
}
_ => {
error!("this attestation format does not contain an aaguid and can not proceed");
return Err(WebauthnError::AttestationFormatMissingAaguid);
}
};
let cred_protect = match ssh_sk_attest.auth_data.extensions.cred_protect.as_ref() {
Some(credprotect) => {
if credprotect.0 == CredentialProtectionPolicy::UserVerificationRequired
&& !ssh_sk_attest.auth_data.user_verified
{
return Err(WebauthnError::SshPublicKeyInconsistentUserVerification);
}
ExtnState::Set(credprotect.0)
}
None => ExtnState::NotRequested,
};
let extensions = RegisteredExtensions {
cred_protect,
..Default::default()
};
// Assert that the key is not backup-eligible and not backed up.
if ssh_sk_attest.auth_data.backup_eligible || ssh_sk_attest.auth_data.backup_state {
error!("Fido ssh sk keys may not be backed up or backup eligible");
return Err(WebauthnError::SshPublicKeyBackupState);
}
// If attestation passes, extract the public key from the attestation.
//
// https://github.com/openssh/openssh-portable/blob/c46f6fed419167c1671e4227459e108036c760f8/ssh-sk.c#L291
let ck = COSEKey::try_from(&acd.credential_pk).map_err(|e| {
if matches!(e, WebauthnError::COSEKeyEDUnsupported) {
WebauthnError::SshPublicKeyEDUnsupported
} else {
e
}
})?;
trace!(?ck);
let pubkey = to_ssh_pubkey(&ck)?;
Ok(AttestedPublicKey {
pubkey,
extensions,
attestation,
attestation_format,
})
}
macro_rules! cbor_try_bytes {
(
$v:expr
) => {{
match $v {
serde_cbor_2::Value::Bytes(m) => Ok(m),
_ => Err(WebauthnError::COSEKeyInvalidCBORValue),
}
}};
}
#[derive(Debug)]
struct SshSkAttestation {
att_cert: x509::X509,
sig: Vec<u8>,
auth_data_bytes: Vec<u8>,
auth_data: AuthenticatorData<Registration>,
}
struct SshSkAttestationRaw<'a> {
// This is the x5c cbor per https://developers.yubico.com/libfido2/Manuals/fido_cred_x5c_ptr.html
att_cert_raw: &'a [u8],
// Likely a cbor slice?
sig_raw: &'a [u8],
// cbor auth data. Could just be serde slice?
auth_data_raw: &'a [u8],
}
impl TryFrom<&[u8]> for SshSkAttestation {
type Error = WebauthnError;
fn try_from(data: &[u8]) -> Result<SshSkAttestation, WebauthnError> {
// There doesn't seem to be much in the way of docs about the format of
// the ssh attestation binary, but reading the source, we see it is setup
// per: https://github.com/openssh/openssh-portable/blob/master/ssh-sk.c#L436
//
// Update: There are docs, but they are hard to find :(
// https://github.com/openssh/openssh-portable/blob/2709809fd616a0991dc18e3a58dea10fb383c3f0/PROTOCOL.u2f#L151-L174
let sk_raw = parse_ssh_sk_attestation(data)
.map_err(|e| {
error!(?e, "try_from parse_ssh_sk_attestation");
WebauthnError::ParseNOMFailure
})
// Discard the remaining bytes.
.map(|(_, ad)| ad)?;
// Convert raw fields to parsed ones.
let sig = sk_raw.sig_raw.to_vec();
let att_cert =
x509::X509::from_der(sk_raw.att_cert_raw).map_err(WebauthnError::OpenSSLError)?;
let auth_data_bytes = serde_cbor_2::from_slice(sk_raw.auth_data_raw)
.map_err(|e| {
error!(?e, "invalid auth data cbor");
WebauthnError::ParseNOMFailure
})
.and_then(|value| cbor_try_bytes!(value))?;
let auth_data: AuthenticatorData<Registration> =
AuthenticatorData::try_from(auth_data_bytes.as_slice()).map_err(|e| {
error!(?e, "invalid auth data structure");
WebauthnError::ParseNOMFailure
})?;
Ok(SshSkAttestation {
att_cert,
sig,
// Probably need auth_data raw.
auth_data_bytes,
auth_data,
})
}
}
fn parse_ssh_sk_attestation(i: &[u8]) -> nom::IResult<&[u8], SshSkAttestationRaw<'_>> {
// Starts with a 4 byte u32 for the len of the header.
let (i, _tag_len) = tag([0, 0, 0, 17])(i)?;
let (i, _tag) = tag("ssh-sk-attest-v01")(i)?;
let (i, att_cert_len) = be_u32(i)?;
let (i, att_cert_raw) = take(att_cert_len as usize)(i)?;
let (i, sig_len) = be_u32(i)?;
let (i, sig_raw) = take(sig_len as usize)(i)?;
let (i, auth_data_len) = be_u32(i)?;
let (i, auth_data_raw) = take(auth_data_len as usize)(i)?;
let (i, _resvd_flags) = be_u32(i)?;
let (i, _resvd) = be_u32(i)?;
Ok((
i,
SshSkAttestationRaw {
att_cert_raw,
sig_raw,
auth_data_raw,
},
))
}
fn to_ssh_pubkey(cose: &COSEKey) -> Result<PublicKey, WebauthnError> {
match &cose.key {
COSEKeyType::EC_EC2(_ec2k) => {
let pubkey = cose.get_openssl_pkey()?;
let key = pubkey
.ec_key()
.and_then(|ec| {
let mut ctx = bn::BigNumContext::new()?;
let c_nid = nid::Nid::X9_62_PRIME256V1; // NIST P-256 curve
let group = ec::EcGroup::from_curve_name(c_nid)?;
ec.public_key().to_bytes(
&group,
ec::PointConversionForm::UNCOMPRESSED,
&mut ctx,
)
})
.map_err(WebauthnError::OpenSSLError)?;
let kind = PublicKeyKind::Ecdsa(EcdsaPublicKey {
curve: Curve::from_identifier("nistp256").map_err(|_| {
error!("Invalid curve identifier");
WebauthnError::SshPublicKeyInvalidCurve
})?,
key,
sk_application: Some("ssh:".to_string()),
});
Ok(PublicKey {
key_type: KeyType {
name: "sk-ecdsa-sha2-nistp256@openssh.com",
short_name: "ECDSA-SK",
is_cert: false,
is_sk: true,
kind: KeyTypeKind::EcdsaSk,
plain: "sk-ecdsa-sha2-nistp256@openssh.com",
},
kind,
comment: None,
})
}
_ => {
error!("ed25519 or ed448 public keys are not supported");
Err(WebauthnError::SshPublicKeyEDUnsupported)
}
}
}
#[cfg(test)]
mod tests {
use super::{verify_fido_sk_ssh_attestation, WebauthnError};
use base64::{engine::general_purpose::STANDARD, Engine};
use webauthn_rs_core::proto::{
AttestationCaList, AttestationCaListBuilder, CredentialProtectionPolicy, ExtnState,
};
use webauthn_rs_device_catalog::data::yubico::YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM;
#[test]
fn test_ssh_ecdsa_sk_attest() {
let _ = tracing_subscriber::fmt::try_init();
// Create with:
// dd if=/dev/urandom of=/Users/william/.ssh/id_ecdsa_sk.chal bs=16 count=1
// ssh-keygen -t ecdsa-sk -O challenge=/Users/william/.ssh/id_ecdsa_sk.chal -O write-attestation=/Users/william/.ssh/id_ecdsa_sk.attest -f /Users/william/.ssh/id_ecdsa_sk
let attest = STANDARD.decode("AAAAEXNzaC1zay1hdHRlc3QtdjAxAAACwTCCAr0wggGloAMCAQICBBisRsAwDQYJKoZIhvcNAQELBQAwLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMG4xCzAJBgNVBAYTAlNFMRIwEAYDVQQKDAlZdWJpY28gQUIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xJzAlBgNVBAMMHll1YmljbyBVMkYgRUUgU2VyaWFsIDQxMzk0MzQ4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHnqOyx8SXAQYiMM0j/rYOUpMXHUg/EAvoWdaw+DlwMBtUbN1G7PyuPj8w+B6e1ivSaNTB69N7O8vpKowq7rTjqjbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS43MBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEMtpSB6P90A5k+wKJymhVKgwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAl50Dl9hg+C7hXTEceW66+yL6p+CE2bq0xhu7V/PmtMGKSDe4XDxO2+SDQ/TWpdmxztqK4f7UkSkhcwWOXuHL3WvawHVXxqDo02gluhWef7WtjNr4BIaM+Q6PH4rqF8AWtVwqetSXyJT7cddT15uaSEtsN21yO5mNLh1DBr8QM7Wu+Myly7JWi2kkIm0io1irfYfkrF8uCRqnFXnzpWkJSX1y9U4GusHDtEE7ul6vlMO2TzT566Qay2rig3dtNkZTeEj+6IS93fWxuleYVM/9zrrDRAWVJ+Vt1Zj49WZxWr5DAd0ZETDmufDGQDkSU+IpgD867ydL7b/eP8u9QurWeQAAAEYwRAIgeYp6mYVsuaj0NpHps1qkGkJYroyurnuCKdSYWUCCsVgCIAhFdmhNWGG0cY5l3sZUhjmrwCHpuQ1A0QXbhuEtjM7sAAAAxljE4wYQ6KFiEVlg/h7CI+ZSnJ9LboAgDcteXDIcivHisb9FAAALNMtpSB6P90A5k+wKJymhVKgAQPQVE6m4sayalwAfqHVZBGEP32y5ju2Vo7U3k1zPFKQGLDhpA0dRHWvYbsvTPmqVzSGuxSyRW/ugWzPqsveALlSlAQIDJiABIVggQ25tmKStvyG74d5VF1nSmn9UCTaq/gkNu4mG8PTI11YiWCAMvZ7dwFsRGIN40+RbHnxDitWfGRtXV9rwTbBpG1P3XAAAAAAAAAAA")
.expect("Failed to decode attestation");
let challenge = STANDARD
.decode("VzCkpMNVYVgXHBuDP74v9A==")
.expect("Failed to decode attestation");
let pubkey = "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBENubZikrb8hu+HeVRdZ0pp/VAk2qv4JDbuJhvD0yNdWDL2e3cBbERiDeNPkWx58Q4rVnxkbV1fa8E2waRtT91wAAAAEc3NoOg== william@hostname";
let mut key = sshkeys::PublicKey::from_string(pubkey).unwrap();
// Blank the comment
key.comment = None;
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(
YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM,
uuid::uuid!("cb69481e-8ff7-4039-93ec-0a2729a154a8"),
"yk 5 nano".to_string(),
Default::default(),
)
.expect("Failed to build att ca list");
let att_ca_list: AttestationCaList = att_ca_builder.build();
// Parse
let att = verify_fido_sk_ssh_attestation(
attest.as_slice(),
challenge.as_slice(),
&att_ca_list,
false,
)
.expect("Failed to parse attestation");
trace!("key {:?}", key);
trace!("att {:?}", att.pubkey);
trace!("att full {:?}", att);
// Check the supplied pubkey and the attested pubkey are the same.
assert_eq!(att.pubkey, key);
// Assert that cred protect isn't set.
assert!(matches!(
att.extensions.cred_protect,
ExtnState::NotRequested
));
}
#[test]
fn test_ssh_ecdsa_sk_credprotect_attest() {
let _ = tracing_subscriber::fmt::try_init();
// Create with:
// dd if=/dev/urandom of=/Users/william/.ssh/id_ecdsa_sk.chal bs=16 count=1
// ssh-keygen -t ecdsa-sk -O verify-required -O challenge=/Users/william/.ssh/id_ecdsa_sk.chal -O write-attestation=/Users/william/.ssh/id_ecdsa_sk_uv.attest -f /Users/william/.ssh/id_ecdsa_sk_uv
let attest = STANDARD.decode("AAAAEXNzaC1zay1hdHRlc3QtdjAxAAAC8DCCAuwwggHUoAMCAQICCQCIobnFT2wgvjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTE2OTc5MzQxNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP3N+hZ2qRVyajtVRGx/tdK/YAcNNGY++kDoDODSHk4cAqXSZ7jZepIkLdQXk7JP2dD0gVMpP5WzOJpEv8J6tRejgZQwgZEwEwYKKwYBBAGCxAoNAQQFBAMFBAMwEAYJKwYBBAGCxAoMBAMCAQcwIgYJKwYBBAGCxAoCBBUxLjMuNi4xLjQuMS40MTQ4Mi4xLjcwEwYLKwYBBAGC5RwCAQEEBAMCBSAwIQYLKwYBBAGC5RwBAQQEEgQQc7sM1OUCSbicb7WURb9yCzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8JczOIP9yDzuYizYwoJwGCwmYbUWNuokPu/NOMRLKTHvRfZRhf5LRHX7WjD0kJwifo725l/O7b+G4Y+3w9a1tK00wBGCMxw3F/oGcxsn+Tg6zWQZW3HXN8Qxfb5vtnX7lK5omugUPyq7XBqiBqFi2oqHFxjPjZSYFqQLE1DxDfJVtxXysvG1q/tkTkRagkAaqLb59SitNKsSXJ14Y9aG6liaFpSL8q+BeIe6XBHZ8NGxGhZdnhOu6qzYcTpSXlYHjeUoVF2/crpnQocjl59cgarJgS2aJV/jlSWnyZVhKbq14up6YUg0UsO60+UYm5rKuxS5OvAsvgKbl+71jhxCSAAAASDBGAiEA0tN1SoFM6y25G1MAqiogh9YrxC3xXAjq5PqSLfpEiBMCIQCzlf2HkoQxzw26d/H54qG7usJxGqjI7ar5QTPTmyPiPAAAANRY0uMGEOihYhFZYP4ewiPmUpyfS26AIA3LXlwyHIrx4rG/xQAAAANzuwzU5QJJuJxvtZRFv3ILAEDSkcmqMSeSNIZeeun9OR70HsiBGZv4Z487AIxLcDGlygV+x8o0pcXuQLBt5qkyLgbjHz9AG8VnoG89Xsqc7FDNpQECAyYgASFYIMD4M0oQcZZURp0PhmabT3X+rvYak+JdnMwDTlJ/zBzZIlggrec0hNPMTEy2/BSWTiX/LCtOIuxSUAzRFG07JAwxxTyha2NyZWRQcm90ZWN0AwAAAAAAAAAA")
.expect("Failed to decode attestation");
let challenge = STANDARD
.decode("VzCkpMNVYVgXHBuDP74v9A==")
.expect("Failed to decode attestation");
let pubkey = "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBMD4M0oQcZZURp0PhmabT3X+rvYak+JdnMwDTlJ/zBzZrec0hNPMTEy2/BSWTiX/LCtOIuxSUAzRFG07JAwxxTwAAAAEc3NoOg== william@hostname";
let mut key = sshkeys::PublicKey::from_string(pubkey).unwrap();
// Blank the comment
key.comment = None;
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(
YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM,
uuid::uuid!("73bb0cd4-e502-49b8-9c6f-b59445bf720b"),
"yk 5 fips".to_string(),
Default::default(),
)
.expect("Failed to build att ca list");
let att_ca_list: AttestationCaList = att_ca_builder.build();
// Parse
let att = verify_fido_sk_ssh_attestation(
attest.as_slice(),
challenge.as_slice(),
&att_ca_list,
false,
)
.expect("Failed to parse attestation");
trace!("key {:?}", key);
trace!("att {:?}", att.pubkey);
trace!("att full {:?}", att);
// Check the supplied pubkey and the attested pubkey are the same.
assert_eq!(att.pubkey, key);
// Assert that cred protect is present.
assert!(matches!(
att.extensions.cred_protect,
ExtnState::Set(CredentialProtectionPolicy::UserVerificationRequired)
));
}
#[test]
fn test_ssh_ed25519_sk_attest() {
let _ = tracing_subscriber::fmt::try_init();
// Create with:
// dd if=/dev/urandom of=/tmp/id_ed25519_sk.chal bs=16 count=1
// ssh-keygen -t ed25519-sk -O challenge=/tmp/id_ed25519_sk.chal -O write-attestation=/tmp/id_ed25519_sk.attest -f /tmp/id_ed25519_sk
let attest = STANDARD.decode("AAAAEXNzaC1zay1hdHRlc3QtdjAxAAAC8DCCAuwwggHUoAMCAQICCQCIobnFT2wgvjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTE2OTc5MzQxNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP3N+hZ2qRVyajtVRGx/tdK/YAcNNGY++kDoDODSHk4cAqXSZ7jZepIkLdQXk7JP2dD0gVMpP5WzOJpEv8J6tRejgZQwgZEwEwYKKwYBBAGCxAoNAQQFBAMFBAMwEAYJKwYBBAGCxAoMBAMCAQcwIgYJKwYBBAGCxAoCBBUxLjMuNi4xLjQuMS40MTQ4Mi4xLjcwEwYLKwYBBAGC5RwCAQEEBAMCBSAwIQYLKwYBBAGC5RwBAQQEEgQQc7sM1OUCSbicb7WURb9yCzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8JczOIP9yDzuYizYwoJwGCwmYbUWNuokPu/NOMRLKTHvRfZRhf5LRHX7WjD0kJwifo725l/O7b+G4Y+3w9a1tK00wBGCMxw3F/oGcxsn+Tg6zWQZW3HXN8Qxfb5vtnX7lK5omugUPyq7XBqiBqFi2oqHFxjPjZSYFqQLE1DxDfJVtxXysvG1q/tkTkRagkAaqLb59SitNKsSXJ14Y9aG6liaFpSL8q+BeIe6XBHZ8NGxGhZdnhOu6qzYcTpSXlYHjeUoVF2/crpnQocjl59cgarJgS2aJV/jlSWnyZVhKbq14up6YUg0UsO60+UYm5rKuxS5OvAsvgKbl+71jhxCSAAAARzBFAiEA9wvGXR0jdmlx41KiDgVnHng/u+aABcL0T7Mcla5RY1cCIG3w7FmnUCC9cN4OTsF0YIUKREVl7YZ/ULpgG9r3gbGcAAAA41jh4wYQ6KFiEVlg/h7CI+ZSnJ9LboAgDcteXDIcivHisb9FAAAAAnO7DNTlAkm4nG+1lEW/cgsAgOlyrDirl7wov1VQfV/0peGGSiOf4dfQ/MwcKRxhWA7OIEczExGaaoiNJZBKyVUnte5FWF4xz+g2yY1LA9DYizkHRyuH3V6nOqaBl56+pImD7oJA2sMGgFaK7OawkNInLrZn+kK1KwDwAuqGyraYxUwOimcyj3iO0cmnx8Kl3VsbpAEBAycgBiFYIJrDpo9OvZ479Kr/+2n9IY88++eEu1g+RqRgrNsGWyCLAAAAAAAAAAA=")
.expect("Failed to decode attestation");
let challenge = STANDARD
.decode("aAqBnywP0Vbv3SUgqmnMRQ==")
.expect("Failed to decode attestation");
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(
YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM,
uuid::uuid!("73bb0cd4-e502-49b8-9c6f-b59445bf720b"),
"yk 5 fips".to_string(),
Default::default(),
)
.expect("Failed to build att ca list");
let att_ca_list: AttestationCaList = att_ca_builder.build();
// Parse
let att = verify_fido_sk_ssh_attestation(
attest.as_slice(),
challenge.as_slice(),
&att_ca_list,
false,
);
trace!("att full {:?}", att);
assert!(matches!(att, Err(WebauthnError::SshPublicKeyEDUnsupported)));
/*
trace!("key {:?}", key);
trace!("att {:?}", att.pubkey);
trace!("att full {:?}", att);
// Check the supplied pubkey and the attested pubkey are the same.
assert_eq!(att.pubkey, key);
// Assert that cred protect isn't set.
assert!(matches!(
att.extensions.cred_protect,
ExtnState::NotRequested
));
*/
}
#[test]
fn test_ssh_ecdsa_sk_reject_attest_aaguid() {
let _ = tracing_subscriber::fmt::try_init();
// Create with:
// dd if=/dev/urandom of=/Users/william/.ssh/id_ecdsa_sk.chal bs=16 count=1
// ssh-keygen -t ecdsa-sk -O challenge=/Users/william/.ssh/id_ecdsa_sk.chal -O write-attestation=/Users/william/.ssh/id_ecdsa_sk.attest -f /Users/william/.ssh/id_ecdsa_sk
let attest = STANDARD.decode("AAAAEXNzaC1zay1hdHRlc3QtdjAxAAACwTCCAr0wggGloAMCAQICBBisRsAwDQYJKoZIhvcNAQELBQAwLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMG4xCzAJBgNVBAYTAlNFMRIwEAYDVQQKDAlZdWJpY28gQUIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xJzAlBgNVBAMMHll1YmljbyBVMkYgRUUgU2VyaWFsIDQxMzk0MzQ4ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHnqOyx8SXAQYiMM0j/rYOUpMXHUg/EAvoWdaw+DlwMBtUbN1G7PyuPj8w+B6e1ivSaNTB69N7O8vpKowq7rTjqjbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS43MBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEMtpSB6P90A5k+wKJymhVKgwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAl50Dl9hg+C7hXTEceW66+yL6p+CE2bq0xhu7V/PmtMGKSDe4XDxO2+SDQ/TWpdmxztqK4f7UkSkhcwWOXuHL3WvawHVXxqDo02gluhWef7WtjNr4BIaM+Q6PH4rqF8AWtVwqetSXyJT7cddT15uaSEtsN21yO5mNLh1DBr8QM7Wu+Myly7JWi2kkIm0io1irfYfkrF8uCRqnFXnzpWkJSX1y9U4GusHDtEE7ul6vlMO2TzT566Qay2rig3dtNkZTeEj+6IS93fWxuleYVM/9zrrDRAWVJ+Vt1Zj49WZxWr5DAd0ZETDmufDGQDkSU+IpgD867ydL7b/eP8u9QurWeQAAAEYwRAIgeYp6mYVsuaj0NpHps1qkGkJYroyurnuCKdSYWUCCsVgCIAhFdmhNWGG0cY5l3sZUhjmrwCHpuQ1A0QXbhuEtjM7sAAAAxljE4wYQ6KFiEVlg/h7CI+ZSnJ9LboAgDcteXDIcivHisb9FAAALNMtpSB6P90A5k+wKJymhVKgAQPQVE6m4sayalwAfqHVZBGEP32y5ju2Vo7U3k1zPFKQGLDhpA0dRHWvYbsvTPmqVzSGuxSyRW/ugWzPqsveALlSlAQIDJiABIVggQ25tmKStvyG74d5VF1nSmn9UCTaq/gkNu4mG8PTI11YiWCAMvZ7dwFsRGIN40+RbHnxDitWfGRtXV9rwTbBpG1P3XAAAAAAAAAAA")
.expect("Failed to decode attestation");
let challenge = STANDARD
.decode("VzCkpMNVYVgXHBuDP74v9A==")
.expect("Failed to decode attestation");
// The device signature above is from a yk5nano, however we have an attestation policy
// to only allow the yk5 fips.
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(
YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM,
uuid::uuid!("73bb0cd4-e502-49b8-9c6f-b59445bf720b"),
"yk 5 fips".to_string(),
Default::default(),
)
.expect("Failed to build att ca list");
let att_ca_list: AttestationCaList = att_ca_builder.build();
// Parse
let att = verify_fido_sk_ssh_attestation(
attest.as_slice(),
challenge.as_slice(),
&att_ca_list,
false,
);
trace!("att full {:?}", att);
assert!(matches!(
att,
Err(WebauthnError::AttestationUntrustedAaguid)
));
}
#[test]
fn test_ssh_ecdsa_sk_reject_attest_ca() {
let _ = tracing_subscriber::fmt::try_init();
// Create with:
// dd if=/dev/urandom of=/Users/william/.ssh/id_ecdsa_sk.chal bs=16 count=1
// ssh-keygen -t ecdsa-sk -O challenge=/Users/william/.ssh/id_ecdsa_sk.chal -O write-attestation=/Users/william/.ssh/id_ecdsa_sk.attest -f /Users/william/.ssh/id_ecdsa_sk
let attest = STANDARD.decode("AAAAEXNzaC1zay1hdHRlc3QtdjAxAAADGzCCAxcwggK+oAMCAQICCQDFabHRsxYpGTAKBggqhkjOPQQDAjCBnDELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEQMA4GA1UEBwwHVmVyc29peDEPMA0GA1UECgwGVE9LRU4yMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMRMwEQYDVQQDDAp0b2tlbjIuY29tMSAwHgYJKoZIhvcNAQkBFhFvZmZpY2VAdG9rZW4yLmNvbTAeFw0xOTEyMDQwNzAyMjJaFw0zOTExMjkwNzAyMjJaMF4xCzAJBgNVBAYTAkNIMQ8wDQYDVQQKDAZUT0tFTjIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xGjAYBgNVBAMMEW9mZmljZUB0b2tlbjIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC/l7QJNMxtrBu91XScVYjFlqTFza0N/9RRYWPItzgmppWvjUPwyCres27Lo3Waf7OVMdmc5ML5HB+eECnVWqg6OCASQwggEgMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFCysnSFvKuvrSVyB3ToAQshmMpjMIG7BgNVHSMEgbMwgbChgaKkgZ8wgZwxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExEDAOBgNVBAcMB1ZlcnNvaXgxDzANBgNVBAoMBlRPS0VOMjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjETMBEGA1UEAwwKdG9rZW4yLmNvbTEgMB4GCSqGSIb3DQEJARYRb2ZmaWNlQHRva2VuMi5jb22CCQCv1vlqKeW5ejATBgsrBgEEAYLlHAIBAQQEAwIFIDAhBgsrBgEEAYLlHAEBBAQSBBCrMvDGIjmvu8Rw0u9OJU23MAoGCCqGSM49BAMCA0cAMEQCIGgzWHRCvlMLEPA+qAk+33KwVVyvTKnBxC7jESc0vSV1AiBXPi/VVvaIiDh0vtnBmMSP1WCUGHhY7RReYNm9cbe8swAAAEYwRAIgfxtWfDli/pqS0/DqyaXvLn5C4BNRXoHx1ofpU4WZqfICIEzUSXKUI4/DezfU9MtW3t5ua5fhgL7EoMdaXBRGmNnLAAAA5ljk4wYQ6KFiEVlg/h7CI+ZSnJ9LboAgDcteXDIcivHisb9FAAADIasy8MYiOa+7xHDS704lTbcAYCnb4hHUYvEK9Dp4gjgJer+Wtcj0GglGtd5ubraTzUc19amoIyg/+/lNKrntsFSalESwu7fNNRPjWldzr2zyueB9MyJZDXkOrkP1iK/B836pudmGcJq6vfV1Da2Bieks16UBAgMmIAEhWCAe32mzSUWbouK4KOykaK3dGczNTUoTqBjengeoL6DhyCJYIIogmo+NOwfBZgF5xEORNffCk+4dA+preNaQE9mSv506AAAAAAAAAAA=")
.expect("Failed to decode attestation");
let challenge = STANDARD
.decode("aAqBnywP0Vbv3SUgqmnMRQ==")
.expect("Failed to decode attestation");
// The device signature above is from a token 2 however we have an attestation policy
// to only allow the yk5 fips.
let mut att_ca_builder = AttestationCaListBuilder::new();
att_ca_builder
.insert_device_pem(
YUBICO_U2F_ROOT_CA_SERIAL_457200631_PEM,
uuid::uuid!("73bb0cd4-e502-49b8-9c6f-b59445bf720b"),
"yk 5 fips".to_string(),
Default::default(),
)
.expect("Failed to build att ca list");
let att_ca_list: AttestationCaList = att_ca_builder.build();
// Parse
let att = verify_fido_sk_ssh_attestation(
attest.as_slice(),
challenge.as_slice(),
&att_ca_list,
false,
);
trace!("att full {:?}", att);
assert!(matches!(
att,
Err(WebauthnError::AttestationChainNotTrusted(_))
));
}
}