Gitiles
Code Review Sign In
gerrit.avm99963.com / hores-external / be50d49a1de3579494650ceb3cad0f04719b087f / . / src / lib / WebAuthn / Attestation / AuthenticatorData.php
blob: 0a9eec8cf4624ea898fd292d9b3a3fc38517730e [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +0100[diff] [blame^]1<?php
2
3namespace lbuchs\WebAuthn\Attestation;
4use lbuchs\WebAuthn\WebAuthnException;
5use lbuchs\WebAuthn\CBOR\CborDecoder;
6use lbuchs\WebAuthn\Binary\ByteBuffer;
7
8/**
9 * @author Lukas Buchs
10 * @license https://github.com/lbuchs/WebAuthn/blob/master/LICENSE MIT
11 */
12class AuthenticatorData {
13 protected $_binary;
14 protected $_rpIdHash;
15 protected $_flags;
16 protected $_signCount;
17 protected $_attestedCredentialData;
18 protected $_extensionData;
19
20
21
22 // Cose encoded keys
23 private static $_COSE_KTY = 1;
24 private static $_COSE_ALG = 3;
25
26 // Cose curve
27 private static $_COSE_CRV = -1;
28 private static $_COSE_X = -2;
29 private static $_COSE_Y = -3;
30
31 // Cose RSA PS256
32 private static $_COSE_N = -1;
33 private static $_COSE_E = -2;
34
35 // EC2 key type
36 private static $_EC2_TYPE = 2;
37 private static $_EC2_ES256 = -7;
38 private static $_EC2_P256 = 1;
39
40 // RSA key type
41 private static $_RSA_TYPE = 3;
42 private static $_RSA_RS256 = -257;
43
44 // OKP key type
45 private static $_OKP_TYPE = 1;
46 private static $_OKP_ED25519 = 6;
47 private static $_OKP_EDDSA = -8;
48
49 /**
50 * Parsing the authenticatorData binary.
51 * @param string $binary
52 * @throws WebAuthnException
53 */
54 public function __construct($binary) {
55 if (!\is_string($binary) || \strlen($binary) < 37) {
56 throw new WebAuthnException('Invalid authenticatorData input', WebAuthnException::INVALID_DATA);
57 }
58 $this->_binary = $binary;
59
60 // Read infos from binary
61 // https://www.w3.org/TR/webauthn/#sec-authenticator-data
62
63 // RP ID
64 $this->_rpIdHash = \substr($binary, 0, 32);
65
66 // flags (1 byte)
67 $flags = \unpack('Cflags', \substr($binary, 32, 1))['flags'];
68 $this->_flags = $this->_readFlags($flags);
69
70 // signature counter: 32-bit unsigned big-endian integer.
71 $this->_signCount = \unpack('Nsigncount', \substr($binary, 33, 4))['signcount'];
72
73 $offset = 37;
74 // https://www.w3.org/TR/webauthn/#sec-attested-credential-data
75 if ($this->_flags->attestedDataIncluded) {
76 $this->_attestedCredentialData = $this->_readAttestData($binary, $offset);
77 }
78
79 if ($this->_flags->extensionDataIncluded) {
80 $this->_readExtensionData(\substr($binary, $offset));
81 }
82 }
83
84 /**
85 * Authenticator Attestation Globally Unique Identifier, a unique number
86 * that identifies the model of the authenticator (not the specific instance
87 * of the authenticator)
88 * The aaguid may be 0 if the user is using a old u2f device and/or if
89 * the browser is using the fido-u2f format.
90 * @return string
91 * @throws WebAuthnException
92 */
93 public function getAAGUID() {
94 if (!($this->_attestedCredentialData instanceof \stdClass)) {
95 throw new WebAuthnException('credential data not included in authenticator data', WebAuthnException::INVALID_DATA);
96 }
97 return $this->_attestedCredentialData->aaguid;
98 }
99
100 /**
101 * returns the authenticatorData as binary
102 * @return string
103 */
104 public function getBinary() {
105 return $this->_binary;
106 }
107
108 /**
109 * returns the credentialId
110 * @return string
111 * @throws WebAuthnException
112 */
113 public function getCredentialId() {
114 if (!($this->_attestedCredentialData instanceof \stdClass)) {
115 throw new WebAuthnException('credential id not included in authenticator data', WebAuthnException::INVALID_DATA);
116 }
117 return $this->_attestedCredentialData->credentialId;
118 }
119
120 /**
121 * returns the public key in PEM format
122 * @return string
123 */
124 public function getPublicKeyPem() {
125 if (!($this->_attestedCredentialData instanceof \stdClass) || !isset($this->_attestedCredentialData->credentialPublicKey)) {
126 throw new WebAuthnException('credential data not included in authenticator data', WebAuthnException::INVALID_DATA);
127 }
128
129 $der = null;
130 switch ($this->_attestedCredentialData->credentialPublicKey->kty ?? null) {
131 case self::$_EC2_TYPE: $der = $this->_getEc2Der(); break;
132 case self::$_RSA_TYPE: $der = $this->_getRsaDer(); break;
133 case self::$_OKP_TYPE: $der = $this->_getOkpDer(); break;
134 default: throw new WebAuthnException('invalid key type', WebAuthnException::INVALID_DATA);
135 }
136
137 $pem = '-----BEGIN PUBLIC KEY-----' . "\n";
138 $pem .= \chunk_split(\base64_encode($der), 64, "\n");
139 $pem .= '-----END PUBLIC KEY-----' . "\n";
140 return $pem;
141 }
142
143 /**
144 * returns the public key in U2F format
145 * @return string
146 * @throws WebAuthnException
147 */
148 public function getPublicKeyU2F() {
149 if (!($this->_attestedCredentialData instanceof \stdClass) || !isset($this->_attestedCredentialData->credentialPublicKey)) {
150 throw new WebAuthnException('credential data not included in authenticator data', WebAuthnException::INVALID_DATA);
151 }
152 if (($this->_attestedCredentialData->credentialPublicKey->kty ?? null) !== self::$_EC2_TYPE) {
153 throw new WebAuthnException('signature algorithm not ES256', WebAuthnException::INVALID_PUBLIC_KEY);
154 }
155 return "\x04" . // ECC uncompressed
156 $this->_attestedCredentialData->credentialPublicKey->x .
157 $this->_attestedCredentialData->credentialPublicKey->y;
158 }
159
160 /**
161 * returns the SHA256 hash of the relying party id (=hostname)
162 * @return string
163 */
164 public function getRpIdHash() {
165 return $this->_rpIdHash;
166 }
167
168 /**
169 * returns the sign counter
170 * @return int
171 */
172 public function getSignCount() {
173 return $this->_signCount;
174 }
175
176 /**
177 * returns true if the user is present
178 * @return boolean
179 */
180 public function getUserPresent() {
181 return $this->_flags->userPresent;
182 }
183
184 /**
185 * returns true if the user is verified
186 * @return boolean
187 */
188 public function getUserVerified() {
189 return $this->_flags->userVerified;
190 }
191
192 // -----------------------------------------------
193 // PRIVATE
194 // -----------------------------------------------
195
196 /**
197 * Returns DER encoded EC2 key
198 * @return string
199 */
200 private function _getEc2Der() {
201 return $this->_der_sequence(
202 $this->_der_sequence(
203 $this->_der_oid("\x2A\x86\x48\xCE\x3D\x02\x01") . // OID 1.2.840.10045.2.1 ecPublicKey
204 $this->_der_oid("\x2A\x86\x48\xCE\x3D\x03\x01\x07") // 1.2.840.10045.3.1.7 prime256v1
205 ) .
206 $this->_der_bitString($this->getPublicKeyU2F())
207 );
208 }
209
210 /**
211 * Returns DER encoded EdDSA key
212 * @return string
213 */
214 private function _getOkpDer() {
215 return $this->_der_sequence(
216 $this->_der_sequence(
217 $this->_der_oid("\x2B\x65\x70") // OID 1.3.101.112 curveEd25519 (EdDSA 25519 signature algorithm)
218 ) .
219 $this->_der_bitString($this->_attestedCredentialData->credentialPublicKey->x)
220 );
221 }
222
223 /**
224 * Returns DER encoded RSA key
225 * @return string
226 */
227 private function _getRsaDer() {
228 return $this->_der_sequence(
229 $this->_der_sequence(
230 $this->_der_oid("\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01") . // OID 1.2.840.113549.1.1.1 rsaEncryption
231 $this->_der_nullValue()
232 ) .
233 $this->_der_bitString(
234 $this->_der_sequence(
235 $this->_der_unsignedInteger($this->_attestedCredentialData->credentialPublicKey->n) .
236 $this->_der_unsignedInteger($this->_attestedCredentialData->credentialPublicKey->e)
237 )
238 )
239 );
240 }
241
242 /**
243 * reads the flags from flag byte
244 * @param string $binFlag
245 * @return \stdClass
246 */
247 private function _readFlags($binFlag) {
248 $flags = new \stdClass();
249
250 $flags->bit_0 = !!($binFlag & 1);
251 $flags->bit_1 = !!($binFlag & 2);
252 $flags->bit_2 = !!($binFlag & 4);
253 $flags->bit_3 = !!($binFlag & 8);
254 $flags->bit_4 = !!($binFlag & 16);
255 $flags->bit_5 = !!($binFlag & 32);
256 $flags->bit_6 = !!($binFlag & 64);
257 $flags->bit_7 = !!($binFlag & 128);
258
259 // named flags
260 $flags->userPresent = $flags->bit_0;
261 $flags->userVerified = $flags->bit_2;
262 $flags->attestedDataIncluded = $flags->bit_6;
263 $flags->extensionDataIncluded = $flags->bit_7;
264 return $flags;
265 }
266
267 /**
268 * read attested data
269 * @param string $binary
270 * @param int $endOffset
271 * @return \stdClass
272 * @throws WebAuthnException
273 */
274 private function _readAttestData($binary, &$endOffset) {
275 $attestedCData = new \stdClass();
276 if (\strlen($binary) <= 55) {
277 throw new WebAuthnException('Attested data should be present but is missing', WebAuthnException::INVALID_DATA);
278 }
279
280 // The AAGUID of the authenticator
281 $attestedCData->aaguid = \substr($binary, 37, 16);
282
283 //Byte length L of Credential ID, 16-bit unsigned big-endian integer.
284 $length = \unpack('nlength', \substr($binary, 53, 2))['length'];
285 $attestedCData->credentialId = \substr($binary, 55, $length);
286
287 // set end offset
288 $endOffset = 55 + $length;
289
290 // extract public key
291 $attestedCData->credentialPublicKey = $this->_readCredentialPublicKey($binary, 55 + $length, $endOffset);
292
293 return $attestedCData;
294 }
295
296 /**
297 * reads COSE key-encoded elliptic curve public key in EC2 format
298 * @param string $binary
299 * @param int $endOffset
300 * @return \stdClass
301 * @throws WebAuthnException
302 */
303 private function _readCredentialPublicKey($binary, $offset, &$endOffset) {
304 $enc = CborDecoder::decodeInPlace($binary, $offset, $endOffset);
305
306 // COSE key-encoded elliptic curve public key in EC2 format
307 $credPKey = new \stdClass();
308 $credPKey->kty = $enc[self::$_COSE_KTY];
309 $credPKey->alg = $enc[self::$_COSE_ALG];
310
311 switch ($credPKey->alg) {
312 case self::$_EC2_ES256: $this->_readCredentialPublicKeyES256($credPKey, $enc); break;
313 case self::$_RSA_RS256: $this->_readCredentialPublicKeyRS256($credPKey, $enc); break;
314 case self::$_OKP_EDDSA: $this->_readCredentialPublicKeyEDDSA($credPKey, $enc); break;
315 }
316
317 return $credPKey;
318 }
319
320 /**
321 * extract EDDSA informations from cose
322 * @param \stdClass $credPKey
323 * @param \stdClass $enc
324 * @throws WebAuthnException
325 */
326 private function _readCredentialPublicKeyEDDSA(&$credPKey, $enc) {
327 $credPKey->crv = $enc[self::$_COSE_CRV];
328 $credPKey->x = $enc[self::$_COSE_X] instanceof ByteBuffer ? $enc[self::$_COSE_X]->getBinaryString() : null;
329 unset ($enc);
330
331 // Validation
332 if ($credPKey->kty !== self::$_OKP_TYPE) {
333 throw new WebAuthnException('public key not in OKP format', WebAuthnException::INVALID_PUBLIC_KEY);
334 }
335
336 if ($credPKey->alg !== self::$_OKP_EDDSA) {
337 throw new WebAuthnException('signature algorithm not EdDSA', WebAuthnException::INVALID_PUBLIC_KEY);
338 }
339
340 if ($credPKey->crv !== self::$_OKP_ED25519) {
341 throw new WebAuthnException('curve not Ed25519', WebAuthnException::INVALID_PUBLIC_KEY);
342 }
343
344 if (\strlen($credPKey->x) !== 32) {
345 throw new WebAuthnException('Invalid X-coordinate', WebAuthnException::INVALID_PUBLIC_KEY);
346 }
347 }
348
349 /**
350 * extract ES256 informations from cose
351 * @param \stdClass $credPKey
352 * @param \stdClass $enc
353 * @throws WebAuthnException
354 */
355 private function _readCredentialPublicKeyES256(&$credPKey, $enc) {
356 $credPKey->crv = $enc[self::$_COSE_CRV];
357 $credPKey->x = $enc[self::$_COSE_X] instanceof ByteBuffer ? $enc[self::$_COSE_X]->getBinaryString() : null;
358 $credPKey->y = $enc[self::$_COSE_Y] instanceof ByteBuffer ? $enc[self::$_COSE_Y]->getBinaryString() : null;
359 unset ($enc);
360
361 // Validation
362 if ($credPKey->kty !== self::$_EC2_TYPE) {
363 throw new WebAuthnException('public key not in EC2 format', WebAuthnException::INVALID_PUBLIC_KEY);
364 }
365
366 if ($credPKey->alg !== self::$_EC2_ES256) {
367 throw new WebAuthnException('signature algorithm not ES256', WebAuthnException::INVALID_PUBLIC_KEY);
368 }
369
370 if ($credPKey->crv !== self::$_EC2_P256) {
371 throw new WebAuthnException('curve not P-256', WebAuthnException::INVALID_PUBLIC_KEY);
372 }
373
374 if (\strlen($credPKey->x) !== 32) {
375 throw new WebAuthnException('Invalid X-coordinate', WebAuthnException::INVALID_PUBLIC_KEY);
376 }
377
378 if (\strlen($credPKey->y) !== 32) {
379 throw new WebAuthnException('Invalid Y-coordinate', WebAuthnException::INVALID_PUBLIC_KEY);
380 }
381 }
382
383 /**
384 * extract RS256 informations from COSE
385 * @param \stdClass $credPKey
386 * @param \stdClass $enc
387 * @throws WebAuthnException
388 */
389 private function _readCredentialPublicKeyRS256(&$credPKey, $enc) {
390 $credPKey->n = $enc[self::$_COSE_N] instanceof ByteBuffer ? $enc[self::$_COSE_N]->getBinaryString() : null;
391 $credPKey->e = $enc[self::$_COSE_E] instanceof ByteBuffer ? $enc[self::$_COSE_E]->getBinaryString() : null;
392 unset ($enc);
393
394 // Validation
395 if ($credPKey->kty !== self::$_RSA_TYPE) {
396 throw new WebAuthnException('public key not in RSA format', WebAuthnException::INVALID_PUBLIC_KEY);
397 }
398
399 if ($credPKey->alg !== self::$_RSA_RS256) {
400 throw new WebAuthnException('signature algorithm not ES256', WebAuthnException::INVALID_PUBLIC_KEY);
401 }
402
403 if (\strlen($credPKey->n) !== 256) {
404 throw new WebAuthnException('Invalid RSA modulus', WebAuthnException::INVALID_PUBLIC_KEY);
405 }
406
407 if (\strlen($credPKey->e) !== 3) {
408 throw new WebAuthnException('Invalid RSA public exponent', WebAuthnException::INVALID_PUBLIC_KEY);
409 }
410
411 }
412
413 /**
414 * reads cbor encoded extension data.
415 * @param string $binary
416 * @return array
417 * @throws WebAuthnException
418 */
419 private function _readExtensionData($binary) {
420 $ext = CborDecoder::decode($binary);
421 if (!\is_array($ext)) {
422 throw new WebAuthnException('invalid extension data', WebAuthnException::INVALID_DATA);
423 }
424
425 return $ext;
426 }
427
428
429 // ---------------
430 // DER functions
431 // ---------------
432
433 private function _der_length($len) {
434 if ($len < 128) {
435 return \chr($len);
436 }
437 $lenBytes = '';
438 while ($len > 0) {
439 $lenBytes = \chr($len % 256) . $lenBytes;
440 $len = \intdiv($len, 256);
441 }
442 return \chr(0x80 | \strlen($lenBytes)) . $lenBytes;
443 }
444
445 private function _der_sequence($contents) {
446 return "\x30" . $this->_der_length(\strlen($contents)) . $contents;
447 }
448
449 private function _der_oid($encoded) {
450 return "\x06" . $this->_der_length(\strlen($encoded)) . $encoded;
451 }
452
453 private function _der_bitString($bytes) {
454 return "\x03" . $this->_der_length(\strlen($bytes) + 1) . "\x00" . $bytes;
455 }
456
457 private function _der_nullValue() {
458 return "\x05\x00";
459 }
460
461 private function _der_unsignedInteger($bytes) {
462 $len = \strlen($bytes);
463
464 // Remove leading zero bytes
465 for ($i = 0; $i < ($len - 1); $i++) {
466 if (\ord($bytes[$i]) !== 0) {
467 break;
468 }
469 }
470 if ($i !== 0) {
471 $bytes = \substr($bytes, $i);
472 }
473
474 // If most significant bit is set, prefix with another zero to prevent it being seen as negative number
475 if ((\ord($bytes[0]) & 0x80) !== 0) {
476 $bytes = "\x00" . $bytes;
477 }
478
479 return "\x02" . $this->_der_length(\strlen($bytes)) . $bytes;
480 }
481}