search

tsenger / CCU2F

An universal usable FIDO U2F authenticator applet for Java Cards
Apache License 2.0
44 stars 12 forks source link

Questions About Attestation Certificate #4

Closed 424778940z closed 4 years ago

424778940z commented 5 years ago

Is there a standard process for obtaining or generating the attestation certificate? Just get in to Java Cards, mainly want use it for login to windows lol

tsenger commented 5 years ago

You can use openssl to generate your own attestation certificate. It's a X.509 cert. The only thing you have to mention is to use the NIST P256 curve.

Here is the openssl output for the example certificate I used in this projekt: openssl asn1parse -inform DER -in FIDO-attestation_cert.der

0:d=0  hl=4 l= 316 cons: SEQUENCE          
    4:d=1  hl=3 l= 228 cons: SEQUENCE          
    7:d=2  hl=2 l=   3 cons: cont [ 0 ]        
    9:d=3  hl=2 l=   1 prim: INTEGER           :02
   12:d=2  hl=2 l=  10 prim: INTEGER           :47901280001155957352
   24:d=2  hl=2 l=  10 cons: SEQUENCE          
   26:d=3  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
   36:d=2  hl=2 l=  23 cons: SEQUENCE          
   38:d=3  hl=2 l=  21 cons: SET               
   40:d=4  hl=2 l=  19 cons: SEQUENCE          
   42:d=5  hl=2 l=   3 prim: OBJECT            :commonName
   47:d=5  hl=2 l=  12 prim: PRINTABLESTRING   :Gnubby Pilot
   61:d=2  hl=2 l=  30 cons: SEQUENCE          
   63:d=3  hl=2 l=  13 prim: UTCTIME           :120814182932Z
   78:d=3  hl=2 l=  13 prim: UTCTIME           :130814182932Z
   93:d=2  hl=2 l=  49 cons: SEQUENCE          
   95:d=3  hl=2 l=  47 cons: SET               
   97:d=4  hl=2 l=  45 cons: SEQUENCE          
   99:d=5  hl=2 l=   3 prim: OBJECT            :commonName
  104:d=5  hl=2 l=  38 prim: PRINTABLESTRING   :PilotGnubby-0.4.1-47901280001155957352
  144:d=2  hl=2 l=  89 cons: SEQUENCE          
  146:d=3  hl=2 l=  19 cons: SEQUENCE          
  148:d=4  hl=2 l=   7 prim: OBJECT            :id-ecPublicKey
  157:d=4  hl=2 l=   8 prim: OBJECT            :prime256v1
  167:d=3  hl=2 l=  66 prim: BIT STRING        
  235:d=1  hl=2 l=  10 cons: SEQUENCE          
  237:d=2  hl=2 l=   8 prim: OBJECT            :ecdsa-with-SHA256
  247:d=1  hl=2 l=  71 prim: BIT STRING

openssl x509 -inform DER -in FIDO-attestation_cert.der -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:90:12:80:00:11:55:95:73:52
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN = Gnubby Pilot
        Validity
            Not Before: Aug 14 18:29:32 2012 GMT
            Not After : Aug 14 18:29:32 2013 GMT
        Subject: CN = PilotGnubby-0.4.1-47901280001155957352
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:8d:61:7e:65:c9:50:8e:64:bc:c5:67:3a:c8:2a:
                    67:99:da:3c:14:46:68:2c:25:8c:46:3f:ff:df:58:
                    df:d2:fa:3e:6c:37:8b:53:d7:95:c4:a4:df:fb:41:
                    99:ed:d7:86:2f:23:ab:af:02:03:b4:b8:91:1b:a0:
                    56:99:94:e1:01
                ASN1 OID: prime256v1
                NIST CURVE: P-256
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:60:cd:b6:06:1e:9c:22:26:2d:1a:ac:1d:96:d8:
         c7:08:29:b2:36:65:31:dd:a2:68:83:2c:b8:36:bc:d3:0d:fa:
         02:20:63:1b:14:59:f0:9e:63:30:05:57:22:c8:d8:9b:7f:48:
         88:3b:90:89:b8:8d:60:d1:d9:79:59:02:b3:04:10:df
-----BEGIN CERTIFICATE-----
MIIBPDCB5KADAgECAgpHkBKAABFVlXNSMAoGCCqGSM49BAMCMBcxFTATBgNVBAMT
DEdudWJieSBQaWxvdDAeFw0xMjA4MTQxODI5MzJaFw0xMzA4MTQxODI5MzJaMDEx
LzAtBgNVBAMTJlBpbG90R251YmJ5LTAuNC4xLTQ3OTAxMjgwMDAxMTU1OTU3MzUy
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjWF+ZclQjmS8xWc6yCpnmdo8FEZo
LCWMRj//31jf0vo+bDeLU9eVxKTf+0GZ7deGLyOrrwIDtLiRG6BWmZThATAKBggq
hkjOPQQDAgNHADBEAiBgzbYGHpwiJi0arB2W2McIKbI2ZTHdomiDLLg2vNMN+gIg
YxsUWfCeYzAFVyLI2Jt/SIg7kIm4jWDR2XlZArMEEN8=
-----END CERTIFICATE-----
Aiosa commented 4 years ago

Hello, I would like to know how to get the raw hexadecimal form of the certificate - is it the whole ASN structure (the whole certificate file in hex string) or some part within? I am stuck with .der certificate, unable to find out what format the applet expects...

Aiosa commented 4 years ago

Oh, its just the DER representation... I was a bit confused because mine was like two times the size of example certificate, but it had only more custom data...

darconeous commented 4 years ago

Here is a quick no-frills install script for Global Platform Pro: https://gist.github.com/darconeous/adb1b2c4b15d3d8fbc72a5097270cdaf

Installs the attestation cert, too. It just uses the original Google one from the spec.

tsenger commented 4 years ago

Yeah its's DER encoded and nice install script. This eliminates the "scriptor" tool. This is perfect because it is not available for Windows.

ckahlo commented 4 years ago

Hi Tobias,

you can even shorten this when re-factoring the method to correct extended length handling:

private void handleSetAttestationCert(final APDU apdu) throws ISOException {
        final byte[] buffer = apdu.getBuffer();
    short len = apdu.setIncomingAndReceive();

        final short copyOffset = Util.makeShort(buffer[ISO7816.OFFSET_P1], buffer[ISO7816.OFFSET_P2]),
            ioSz = apdu.getIncomingLength();

        if(copyOffset == 0 && ioSz == attestationCertificate.length) {
        len = Util.arrayCopyNonAtomic(buffer, apdu.getOffsetCdata(), attestationCertificate, (short) 0, len);
        while (len < ioSz) {
            len = Util.arrayCopyNonAtomic(buffer, (short) 0, attestationCertificate, len, apdu.receiveBytes((short) 0));
        }
            attestationCertificateSet = true;
        } else {
        if ((short) (copyOffset + len) > attestationCertificate.length) {
            ISOException.throwIt(ISO7816.SW_WRONG_DATA);
        }
            Util.arrayCopy(buffer, apdu.getOffsetCdata(), attestationCertificate, copyOffset, len);
        if ((short) (copyOffset + len) == attestationCertificate.length) {
            attestationCertificateSet = true;
        }
        }
}

to

00A4040008A0000006472F000100
800900000001403082013C3081E4A003020102020A47901280001155957352300A06082A8648CE3D0403023017311530130603550403130C476E756262792050696C6F74301E170D3132303831343138323933325A170D3133303831343138323933325A3031312F302D0603550403132650696C6F74476E756262792D302E342E312D34373930313238303030313135353935373335323059301306072A8648CE3D020106082A8648CE3D030107034200048D617E65C9508E64BCC5673AC82A6799DA3C1446682C258C463FFFDF58DFD2FA3E6C378B53D795C4A4DFFB4199EDD7862F23ABAF0203B4B8911BA0569994E101300A06082A8648CE3D0403020347003044022060CDB6061E9C22262D1AAC1D96D8C70829B2366531DDA268832CB836BCD30DFA0220631B1459F09E6330055722C8D89B7F48883B9089B88D60D1D9795902B30410DF

This is also part of the @c-base implementation variant including similar refactorings to Roberts.

Best regards & greeting to BN, Christian