Attestation verification

Package.swift

@@ -26,6 +26,7 @@ let package = Package(
     dependencies: [
         .package(url: "https://github.com/unrelentingtech/SwiftCBOR.git", from: "0.4.7"),
         .package(url: "https://github.com/apple/swift-crypto.git", "2.0.0" ..< "4.0.0"),
+        .package(url: "https://github.com/apple/swift-certificates.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-docc-plugin", from: "1.1.0")
     ],
@@ -36,6 +37,7 @@ let package = Package(
                 "SwiftCBOR",
                 .product(name: "Crypto", package: "swift-crypto"),
                 .product(name: "_CryptoExtras", package: "swift-crypto"),
+                .product(name: "X509", package: "swift-certificates"),
                 .product(name: "Logging", package: "swift-log"),
             ],
             swiftSettings: [.enableExperimentalFeature("StrictConcurrency=complete")]

Sources/WebAuthn/Ceremonies/Registration/AttestationConveyancePreference.swift

@@ -19,6 +19,6 @@ public enum AttestationConveyancePreference: String, Encodable {
     /// Indicates the Relying Party is not interested in authenticator attestation.
     case none
     // case indirect
-    // case direct
+    case direct
     // case enterprise
 }

Sources/WebAuthn/Ceremonies/Registration/AttestationObject.swift

@@ -15,21 +15,23 @@
 import Foundation
 import Crypto
 import SwiftCBOR
+import X509
 
 /// Contains the cryptographic attestation that a new key pair was created by that authenticator.
 public struct AttestationObject {
     let authenticatorData: AuthenticatorData
     let rawAuthenticatorData: [UInt8]
     let format: AttestationFormat
     let attestationStatement: CBOR
+    var trustPath: [Certificate] = []
 
     func verify(
         relyingPartyID: String,
         verificationRequired: Bool,
         clientDataHash: SHA256.Digest,
         supportedPublicKeyAlgorithms: [PublicKeyCredentialParameters],
-        pemRootCertificatesByFormat: [AttestationFormat: [Data]] = [:]
-    ) async throws -> AttestedCredentialData {
+        rootCertificatesByFormat: [AttestationFormat: [Certificate]] = [:]
+    ) async throws -> AttestationResult {
         let relyingPartyIDHash = SHA256.hash(data: relyingPartyID.data(using: .utf8)!)
 
         guard relyingPartyIDHash == authenticatorData.relyingPartyIDHash else {
@@ -56,34 +58,58 @@ public struct AttestationObject {
             throw WebAuthnError.unsupportedCredentialPublicKeyAlgorithm
         }
 
-        // let pemRootCertificates = pemRootCertificatesByFormat[format] ?? []
+        let rootCertificates = rootCertificatesByFormat[format] ?? []
+        var attestationType: AttestationResult.AttestationType = .none
+        var trustedPath: [Certificate] = []
+
         switch format {
         case .none:
             // if format is `none` statement must be empty
             guard attestationStatement == .map([:]) else {
                 throw WebAuthnError.attestationStatementMustBeEmpty
             }
-        // case .packed:
-        //     try await PackedAttestation.verify(
-        //         attStmt: attestationStatement,
-        //         authenticatorData: rawAuthenticatorData,
-        //         clientDataHash: Data(clientDataHash),
-        //         credentialPublicKey: credentialPublicKey,
-        //         pemRootCertificates: pemRootCertificates
-        //     )
-        // case .tpm:
-        //     try TPMAttestation.verify(
-        //         attStmt: attestationStatement,
-        //         authenticatorData: rawAuthenticatorData,
-        //         attestedCredentialData: attestedCredentialData,
-        //         clientDataHash: Data(clientDataHash),
-        //         credentialPublicKey: credentialPublicKey,
-        //         pemRootCertificates: pemRootCertificates
-        //     )
+        case .packed:
+            (attestationType, trustedPath) = try await PackedAttestation.verify(
+                attStmt: attestationStatement,
+                authenticatorData: authenticatorData,
+                clientDataHash: Data(clientDataHash),
+                credentialPublicKey: credentialPublicKey,
+                rootCertificates: rootCertificates
+            )
+        case .tpm:
+            (attestationType, trustedPath) = try await TPMAttestation.verify(
+                attStmt: attestationStatement,
+                authenticatorData: authenticatorData,
+                clientDataHash: Data(clientDataHash),
+                credentialPublicKey: credentialPublicKey,
+                rootCertificates: rootCertificates
+            )
+        case .androidKey:
+            (attestationType, trustedPath) = try await AndroidKeyAttestation.verify(
+                attStmt: attestationStatement,
+                authenticatorData: authenticatorData,
+                clientDataHash: Data(clientDataHash),
+                credentialPublicKey: credentialPublicKey,
+                rootCertificates: rootCertificates
+            )
+        // Legacy format used mostly by older authenticators
+        case .fidoU2F:
+            (attestationType, trustedPath) = try await FidoU2FAttestation.verify(
+                attStmt: attestationStatement,
+                authenticatorData: authenticatorData,
+                clientDataHash: Data(clientDataHash),
+                credentialPublicKey: credentialPublicKey,
+                rootCertificates: rootCertificates
+            )
         default:
             throw WebAuthnError.attestationVerificationNotSupported
         }
-
-        return attestedCredentialData
+
+        return AttestationResult(
+            format: format,
+            type: attestationType,
+            trustChain: trustedPath,
+            attestedCredentialData: attestedCredentialData
+        )
     }
 }

Sources/WebAuthn/Ceremonies/Registration/AttestationResult.swift

@@ -0,0 +1,33 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the WebAuthn Swift open source project
+//
+// Copyright (c) 2022 the WebAuthn Swift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of WebAuthn Swift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import X509
+
+public struct AttestationResult {
+    public enum AttestationType {
+        /// Attestation key pair validated by device manufacturer CA
+        case basicFull
+        /// Attestation signed by the public key generated during the registration
+        case `self`
+        case attCA
+        case anonCA
+        case none
+    }
+
+    public let format: AttestationFormat
+    public let type: AttestationType
+    public let trustChain: [Certificate]
+
+    public let attestedCredentialData: AttestedCredentialData
+}

Sources/WebAuthn/Ceremonies/Registration/AttestedCredentialData.swift

@@ -13,8 +13,8 @@
 //===----------------------------------------------------------------------===//
 
 // Contains the new public key created by the authenticator.
-struct AttestedCredentialData: Equatable {
-    let aaguid: [UInt8]
-    let credentialID: [UInt8]
-    let publicKey: [UInt8]
+public struct AttestedCredentialData: Equatable, Sendable {
+    public let aaguid: [UInt8]
+    public let credentialID: [UInt8]
+    public let publicKey: [UInt8]
 }

Sources/WebAuthn/Ceremonies/Registration/Credential.swift

@@ -41,7 +41,7 @@ public struct Credential {
 
     // MARK: Optional content
 
-    public let attestationObject: AttestationObject
+    public let attestationResult: AttestationResult
 
     public let attestationClientDataJSON: CollectedClientData
 }

Sources/WebAuthn/Ceremonies/Registration/Formats/AndroidKey/AndroidKeyAttestation.swift

@@ -0,0 +1,83 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the WebAuthn Swift open source project
+//
+// Copyright (c) 2023 the WebAuthn Swift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of WebAuthn Swift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Foundation
+import SwiftCBOR
+import X509
+
+// https://www.w3.org/TR/webauthn-2/#sctn-android-key-attestation
+struct AndroidKeyAttestation: AttestationProtocol {
+    static func verify(
+        attStmt: CBOR,
+        authenticatorData: AuthenticatorData,
+        clientDataHash: Data,
+        credentialPublicKey: CredentialPublicKey,
+        rootCertificates: [Certificate]
+    ) async throws -> (AttestationResult.AttestationType, [Certificate]) {
+        guard let algCBOR = attStmt["alg"],
+            case let .negativeInt(algorithmNegative) = algCBOR,
+            let alg = COSEAlgorithmIdentifier(rawValue: -1 - Int(algorithmNegative)) else {
+            throw WebAuthnError.invalidAttestationSignatureAlgorithm
+        }
+        guard let sigCBOR = attStmt["sig"], case let .byteString(sig) = sigCBOR else {
+            throw WebAuthnError.invalidSignature
+        }
+
+        guard let x5cCBOR = attStmt["x5c"], case let .array(x5cCBOR) = x5cCBOR else {
+            throw WebAuthnError.invalidAttestationCertificate
+        }
+
+        let x5c: [Certificate] = try x5cCBOR.map {
+            guard case let .byteString(certificate) = $0 else {
+                throw WebAuthnError.invalidAttestationCertificate
+            }
+            return try Certificate(derEncoded: certificate)
+        }
+
+        guard let leafCertificate = x5c.first else { throw WebAuthnError.invalidAttestationCertificate }
+        let verificationData = authenticatorData.rawData + clientDataHash
+        // Verify signature
+        let leafCertificatePublicKey: Certificate.PublicKey = leafCertificate.publicKey
+        guard try leafCertificatePublicKey.verifySignature(
+            Data(sig),
+            algorithm: alg,
+            data: verificationData) else {
+            throw WebAuthnError.invalidVerificationData
+        }
+
+        // We need to verify that the authenticator certificate's public key matches the public key present in
+        // authenticatorData.attestedData (credentialPublicKey).
+        // We can't directly compare two public keys, so instead we verify the signature with both keys:
+        // the authenticator cert (previous step above) and credentialPublicKey (below).
+        guard let _ = try? credentialPublicKey.verify(signature: Data(sig), data: verificationData) else {
+            throw WebAuthnError.attestationPublicKeyMismatch
+        }
+
+        let intermediates = CertificateStore(x5c[1...])
+        let rootCertificatesStore = CertificateStore(rootCertificates)
+        var verifier = Verifier(rootCertificates: rootCertificatesStore) {
+            AndroidKeyVerificationPolicy(clientDataHash: clientDataHash)
+        }
+        let verifierResult: VerificationResult = await verifier.validate(
+            leafCertificate: leafCertificate,
+            intermediates: intermediates
+        )
+        guard case .validCertificate(let chain) = verifierResult else {
+            throw WebAuthnError.invalidTrustPath
+        }
+
+        return (.basicFull, chain)
+    }
+}
+