Class: U2F::RegisterResponse

Inherits:

Object

• Object
• U2F::RegisterResponse

Defined in:

lib/u2f/register_response.rb

Overview

Representation of a U2F registration response. See chapter 4.3: fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf

Constant Summary

PUBLIC_KEY_OFFSET =

1

PUBLIC_KEY_LENGTH =

65

KEY_HANDLE_LENGTH_LENGTH =

1

KEY_HANDLE_LENGTH_OFFSET =

PUBLIC_KEY_OFFSET + PUBLIC_KEY_LENGTH

KEY_HANDLE_OFFSET =

KEY_HANDLE_LENGTH_OFFSET + KEY_HANDLE_LENGTH_LENGTH

Instance Attribute Summary

• #client_data ⇒ Object

  Returns the value of attribute client_data.

• #client_data_json ⇒ Object

  Returns the value of attribute client_data_json.

• #registration_data_raw ⇒ Object

  Returns the value of attribute registration_data_raw.

Class Method Summary

• .load_from_json(json) ⇒ Object

Instance Method Summary

• #certificate ⇒ Object

  The attestation certificate in Base64 encoded X.509 DER format.

• #certificate_length ⇒ Object

  Length of the attestation certificate.

• #key_handle ⇒ Object

  Returns the key handle from registration data, URL safe base64 encoded.

• #key_handle_length ⇒ Object

  Returns the length of the key handle, extracted from the registration data.

• #key_handle_raw ⇒ Object
• #parsed_certificate ⇒ Object

  The parsed attestation certificate.

• #public_key ⇒ Object

  Returns the public key, extracted from the registration data.

• #public_key_raw ⇒ Object
• #signature ⇒ Object

  Returns the signature, extracted from the registration data.

• #verify(app_id) ⇒ Object

  Verifies the registration data against the app id.

Instance Attribute Details

#client_data ⇒ Object

Returns the value of attribute client_data.

# File 'lib/u2f/register_response.rb', line 7

def client_data
  @client_data
end

#client_data_json ⇒ Object

Returns the value of attribute client_data_json.

# File 'lib/u2f/register_response.rb', line 7

def client_data_json
  @client_data_json
end

#registration_data_raw ⇒ Object

Returns the value of attribute registration_data_raw.

# File 'lib/u2f/register_response.rb', line 7

def registration_data_raw
  @registration_data_raw
end

Class Method Details

.load_from_json(json) ⇒ Object

# File 'lib/u2f/register_response.rb', line 15

def self.load_from_json(json)
  # TODO: validate
  data = JSON.parse(json)

  if data['errorCode'] && data['errorCode'] > 0
    fail RegistrationError, :code => data['errorCode']
  end

  instance = new
  instance.client_data_json =
    ::U2F.urlsafe_decode64(data['clientData'])
  instance.client_data =
    ClientData.load_from_json(instance.client_data_json)
  instance.registration_data_raw =
    ::U2F.urlsafe_decode64(data['registrationData'])
  instance
end

Instance Method Details

#certificate ⇒ Object

The attestation certificate in Base64 encoded X.509 DER format

# File 'lib/u2f/register_response.rb', line 35

def certificate
  Base64.strict_encode64(parsed_certificate.to_der)
end

#certificate_length ⇒ Object

Length of the attestation certificate

# File 'lib/u2f/register_response.rb', line 47

def certificate_length
  parsed_certificate.to_der.bytesize
end

#key_handle ⇒ Object

Returns the key handle from registration data, URL safe base64 encoded

# File 'lib/u2f/register_response.rb', line 53

def key_handle
  ::U2F.urlsafe_encode64(key_handle_raw)
end

#key_handle_length ⇒ Object

Returns the length of the key handle, extracted from the registration data

# File 'lib/u2f/register_response.rb', line 63

def key_handle_length
  registration_data_raw.byteslice(KEY_HANDLE_LENGTH_OFFSET).unpack('C').first
end

#key_handle_raw ⇒ Object

# File 'lib/u2f/register_response.rb', line 57

def key_handle_raw
  registration_data_raw.byteslice(KEY_HANDLE_OFFSET, key_handle_length)
end

#parsed_certificate ⇒ Object

The parsed attestation certificate

# File 'lib/u2f/register_response.rb', line 41

def parsed_certificate
  OpenSSL::X509::Certificate.new(certificate_bytes)
end

#public_key ⇒ Object

Returns the public key, extracted from the registration data

# File 'lib/u2f/register_response.rb', line 69

def public_key
  # Base64 encode without linefeeds
  Base64.strict_encode64(public_key_raw)
end

#public_key_raw ⇒ Object

# File 'lib/u2f/register_response.rb', line 74

def public_key_raw
  registration_data_raw.byteslice(PUBLIC_KEY_OFFSET, PUBLIC_KEY_LENGTH)
end

#signature ⇒ Object

Returns the signature, extracted from the registration data

# File 'lib/u2f/register_response.rb', line 80

def signature
  registration_data_raw.byteslice(
    (KEY_HANDLE_OFFSET + key_handle_length + certificate_length)..-1)
end

#verify(app_id) ⇒ Object

Verifies the registration data against the app id

# File 'lib/u2f/register_response.rb', line 87

def verify(app_id)
  # Chapter 4.3 in
  # http://fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf
  data = [
    "\x00",
    Digest::SHA256.digest(app_id),
    Digest::SHA256.digest(client_data_json),
    key_handle_raw,
    public_key_raw
  ].join

  parsed_certificate.public_key.verify(OpenSSL::Digest::SHA256.new, signature, data)
end