Attestation refactor, implement Apple attestation format verifier (#205)

* WIP to make attestation work more like WebAuthn spec, reduce different ways of handling trust path

* Initial implementation for Apple anonymous attestation

* Additional Apple attestation work

Author: aseigler

Src/Fido2/AttestationFormat/AndroidKey.cs

@@ -6,14 +6,10 @@
 using Fido2NetLib.Objects;
 using PeterO.Cbor;
 
-namespace Fido2NetLib.AttestationFormat
+namespace Fido2NetLib
 {
-    internal class AndroidKey : AttestationFormat
+    internal class AndroidKey : AttestationVerifier
     {
-        public AndroidKey(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash) : base(attStmt, authenticatorData, clientDataHash)
-        {
-        }
-
         public static byte[] AttestationExtensionBytes(X509ExtensionCollection exts)
         {
             foreach (var ext in exts)
@@ -139,7 +135,7 @@ public static bool IsPurposeSign(byte[] attExtBytes)
             return (2 == softwareEnforcedPurposeValue && 2 == teeEnforcedPurposeValue);
         }
 
-        public override void Verify()
+        public override (AttestationType, X509Certificate2[]) Verify()
         {
             // 1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields
             // (handled in base class)
@@ -219,6 +215,12 @@ public override void Verify()
             // 5bii. The value in the AuthorizationList.purpose field is equal to KM_PURPOSE_SIGN (which == 2).
             if (false == IsPurposeSign(attExtBytes))
                 throw new Fido2VerificationException("Found purpose field not set to KM_PURPOSE_SIGN in android key attestation certificate extension");
+
+            var trustPath = X5c.Values
+                .Select(x => new X509Certificate2(x.GetByteString()))
+                .ToArray();
+
+            return (AttestationType.Basic, trustPath);
         }
     }
 }

Src/Fido2/AttestationFormat/AndroidSafetyNet.cs

@@ -6,22 +6,17 @@
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
+using Fido2NetLib.Objects;
 using Microsoft.IdentityModel.Tokens;
 using Newtonsoft.Json.Linq;
 using PeterO.Cbor;
 
-namespace Fido2NetLib.AttestationFormat
+namespace Fido2NetLib
 {
-    internal class AndroidSafetyNet : AttestationFormat
+    internal class AndroidSafetyNet : AttestationVerifier
     {
         private readonly int _driftTolerance;
 
-        public AndroidSafetyNet(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash, int driftTolerance) 
-            : base(attStmt, authenticatorData, clientDataHash)
-        {
-            _driftTolerance = driftTolerance;
-        }
-
         private X509Certificate2 GetX509Certificate(string certString)
         {
             try
@@ -35,7 +30,7 @@ private X509Certificate2 GetX509Certificate(string certString)
             }
         }
 
-        public override void Verify()
+        public override (AttestationType, X509Certificate2[]) Verify()
         {
             // 1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform 
             // CBOR decoding on it to extract the contained fields
@@ -169,7 +164,8 @@ public override void Verify()
             }
 
             // 4. Let attestationCert be the attestation certificate
-            var subject = certs[0].GetNameInfo(X509NameType.DnsName, false);
+            var attestationCert = certs[0];
+            var subject = attestationCert.GetNameInfo(X509NameType.DnsName, false);
 
             // 5. Verify that the attestation certificate is issued to the hostname "attest.android.com"
             if (false == ("attest.android.com").Equals(subject))
@@ -181,6 +177,8 @@ public override void Verify()
 
             if (true != ctsProfileMatch)
                 throw new Fido2VerificationException("SafetyNet response ctsProfileMatch false");
+
+            return (AttestationType.Basic, new X509Certificate2[] { attestationCert });
         }
     }
 }

Src/Fido2/AttestationFormat/Apple.cs

@@ -0,0 +1,111 @@
+using System;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using Asn1;
+using Fido2NetLib.Objects;
+using PeterO.Cbor;
+
+namespace Fido2NetLib
+{
+    internal class Apple : AttestationVerifier
+    {
+        public static byte[] GetAppleAttestationExtensionValue(X509ExtensionCollection exts)
+        {
+            var appleExtension = exts.Cast<X509Extension>().FirstOrDefault(e => e.Oid.Value == "1.2.840.113635.100.8.2");
+            
+            if (appleExtension == null || appleExtension.RawData == null || appleExtension.RawData.Length < 0x26)
+                throw new Fido2VerificationException("Extension with OID 1.2.840.113635.100.8.2 not found on Apple attestation credCert");
+
+            try
+            {
+                var appleAttestationASN = AsnElt.Decode(appleExtension.RawData);
+                appleAttestationASN.CheckConstructed();
+                appleAttestationASN.CheckTag(AsnElt.SEQUENCE);
+                appleAttestationASN.CheckNumSub(1);
+
+                var sequence = appleAttestationASN.GetSub(0);
+                sequence.CheckConstructed();
+                sequence.CheckNumSub(1);
+
+                var context = sequence.GetSub(0);
+                context.CheckPrimitive();
+                context.CheckTag(AsnElt.OCTET_STRING);
+
+                return context.GetOctetString();
+            }
+
+            catch (Exception ex)
+            {
+                throw new Fido2VerificationException("Apple attestation extension has invalid data", ex);
+            }
+        }
+
+        public override (AttestationType, X509Certificate2[]) Verify()
+        {
+            // 1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields.
+            if (null == X5c || CBORType.Array != X5c.Type || X5c.Count < 2 ||
+                    null == X5c.Values || 0 == X5c.Values.Count ||
+                    CBORType.ByteString != X5c.Values.First().Type ||
+                    0 == X5c.Values.First().GetByteString().Length)
+                throw new Fido2VerificationException("Malformed x5c in Apple attestation");
+
+            // 2. Verify x5c is a valid certificate chain starting from the credCert to the Apple WebAuthn root certificate.
+            // TODO: Pull this in instead of hard coding?
+            // https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
+            var appleWebAuthnRoots =    new string[] {
+                "MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w" +
+                "HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ" +
+                "bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx" +
+                "NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG" +
+                "A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49" +
+                "AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k" +
+                "xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/" +
+                "pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk" +
+                "2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA" +
+                "MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3" +
+                "jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B" +
+                "1bWeT0vT"};
+
+            var trustPath = X5c.Values
+                .Select(x => new X509Certificate2(x.GetByteString()))
+                .ToArray();
+
+            var appleWebAuthnRootCerts = appleWebAuthnRoots
+                .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
+                .ToArray();
+
+            if (!CryptoUtils.ValidateTrustChain(trustPath, appleWebAuthnRootCerts))
+                throw new Fido2VerificationException("Invalid certificate chain in Apple attestation");
+
+            // credCert is the first certificate in the trust path
+            var credCert = trustPath[0];
+
+            // 3. Concatenate authenticatorData and clientDataHash to form nonceToHash.
+            var nonceToHash = Data;
+
+            // 4. Perform SHA-256 hash of nonceToHash to produce nonce.
+            var nonce = CryptoUtils.GetHasher(HashAlgorithmName.SHA256).ComputeHash(nonceToHash);
+
+            // 5. Verify nonce matches the value of the extension with OID ( 1.2.840.113635.100.8.2 ) in credCert.
+            var appleExtensionBytes = GetAppleAttestationExtensionValue(credCert.Extensions);
+
+            if (!nonce.SequenceEqual(appleExtensionBytes))
+                throw new Fido2VerificationException("Mismatch between nonce and credCert attestation extension in Apple attestation");
+
+            // 6. Verify credential public key matches the Subject Public Key of credCert.
+            // First, obtain COSE algorithm being used from credential public key
+            var coseAlg = CredentialPublicKey[CBORObject.FromObject(COSE.KeyCommonParameter.Alg)].AsInt32();
+
+            // Next, build temporary CredentialPublicKey for comparison from credCert and COSE algorithm
+            var cpk = new CredentialPublicKey(credCert, coseAlg);
+
+            // Finally, compare byte sequence of CredentialPublicKey built from credCert with byte sequence of CredentialPublicKey from AttestedCredentialData from authData
+            if (!cpk.GetBytes().SequenceEqual(AuthData.AttestedCredentialData.CredentialPublicKey.GetBytes()))
+                throw new Fido2VerificationException("Credential public key in Apple attestation does not match subject public key of credCert");
+
+            // 7. If successful, return implementation-specific values representing attestation type Anonymous CA and attestation trust path x5c.
+            return (AttestationType.Basic, trustPath);
+        }
+    }
+}

Src/Fido2/AttestationFormat/AttestationFormat.cs

@@ -1,25 +1,17 @@
 using PeterO.Cbor;
 using System;
 using System.Security.Cryptography.X509Certificates;
-using System.Linq;
 using Fido2NetLib.Objects;
 using Asn1;
 
-namespace Fido2NetLib.AttestationFormat
+namespace Fido2NetLib
 {
-    public abstract class AttestationFormat
+    public abstract class AttestationVerifier
     {
         public CBORObject attStmt;
         public byte[] authenticatorData;
         public byte[] clientDataHash;
 
-        public AttestationFormat(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash)
-        {
-            this.attStmt = attStmt;
-            this.authenticatorData = authenticatorData;
-            this.clientDataHash = clientDataHash;
-        }
-
         internal CBORObject Sig => attStmt["sig"];
         internal CBORObject X5c => attStmt["x5c"];
         internal CBORObject Alg => attStmt["alg"];
@@ -81,34 +73,14 @@ internal static int U2FTransportsFromAttnCert(X509ExtensionCollection exts)
             }
             return u2ftransports;
         }
-
-        internal bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certificate2[] attestationRootCertificates)
+        public virtual (AttestationType, X509Certificate2[]) Verify(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash)
         {
-            foreach (var attestationRootCert in attestationRootCertificates)
-            {
-                var chain = new X509Chain();
-                chain.ChainPolicy.ExtraStore.Add(attestationRootCert);
-                chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-                chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
-                if (trustPath.Length > 1)
-                {
-                    foreach (var cert in trustPath.Skip(1).Reverse())
-                    {
-                        chain.ChainPolicy.ExtraStore.Add(cert);
-                    }
-                }
-                var valid = chain.Build(trustPath[0]);
-
-                // because we are using AllowUnknownCertificateAuthority we have to verify that the root matches ourselves
-                var chainRoot = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
-                valid = valid && chainRoot.RawData.SequenceEqual(attestationRootCert.RawData);
-
-                if (true == valid)
-                    return true;
-            }
-            return false;
+            this.attStmt = attStmt;
+            this.authenticatorData = authenticatorData;
+            this.clientDataHash = clientDataHash;
+            return Verify();
         }
 
-        public abstract void Verify();
+        public abstract (AttestationType, X509Certificate2[]) Verify();
     }
 }

Src/Fido2/AttestationFormat/FidoU2f.cs

@@ -6,17 +6,13 @@
 using Fido2NetLib.Objects;
 using PeterO.Cbor;
 
-namespace Fido2NetLib.AttestationFormat
+namespace Fido2NetLib
 {
-    internal class FidoU2f : AttestationFormat
+    internal class FidoU2f : AttestationVerifier
     {
         private readonly IMetadataService _metadataService;
 
-        public FidoU2f(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash, IMetadataService metadataService) : base(attStmt, authenticatorData, clientDataHash)
-        {
-            _metadataService = metadataService;
-        }
-        public override void Verify()
+        public override (AttestationType, X509Certificate2[]) Verify()
         {
             // verify that aaguid is 16 empty bytes (note: required by fido2 conformance testing, could not find this in spec?)
             if (0 != AuthData.AttestedCredentialData.AaGuid.CompareTo(Guid.Empty))
@@ -101,25 +97,7 @@ public override void Verify()
                 .Select(x => new X509Certificate2(x.GetByteString()))
                 .ToArray();
 
-            var aaguid = AaguidFromAttnCertExts(attCert.Extensions);
-
-            if (null != _metadataService && null != aaguid)
-            {
-                var guidAaguid = AttestedCredentialData.FromBigEndian(aaguid);
-                var entry = _metadataService.GetEntry(guidAaguid);
-
-                if (null != entry && null != entry.MetadataStatement)
-                {
-                    var attestationRootCertificates = entry.MetadataStatement.AttestationRootCertificates
-                        .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
-                        .ToArray();
-
-                    if (false == ValidateTrustChain(trustPath, attestationRootCertificates))
-                    {
-                        throw new Fido2VerificationException("Invalid certificate chain in U2F attestation");
-                    }
-                }
-            }
+            return (AttestationType.AttCa, trustPath);
         }
     }
 }

Src/Fido2/AttestationFormat/None.cs

@@ -1,18 +1,17 @@
-using PeterO.Cbor;
+using System.Security.Cryptography.X509Certificates;
+using Fido2NetLib.Objects;
+using PeterO.Cbor;
 
-namespace Fido2NetLib.AttestationFormat
+namespace Fido2NetLib
 {
-    internal class None : AttestationFormat
+    public class None : AttestationVerifier
     {
-        public None(CBORObject attStmt, byte[] authenticatorData, byte[] clientDataHash) 
-            : base(attStmt, authenticatorData, clientDataHash)
-        {
-        }
-
-        public override void Verify()
+        public override (AttestationType, X509Certificate2[]) Verify()
         {
             if (0 != attStmt.Keys.Count && 0 != attStmt.Values.Count)
                 throw new Fido2VerificationException("Attestation format none should have no attestation statement");
+
+            return (AttestationType.None, null);
         }
     }
 }