line-fido2-server icon indicating copy to clipboard operation
line-fido2-server copied to clipboard

Published 20 hours ago verified publisher icon line

TPM attestation parser does not correctly handle ECC keys in pubArea

Open aseigler opened this issue 3 years ago • 0 comments

When parsing the unique field from pubArea during an attestation verification, unique is a TPM2B_PUBLIC_KEY_RSA only if the TPMI_ALG_PUBLIC is TPM_ALG_RSA. If TPMI_ALG_PUBLIC is TPM_ALG_ECC, unique is a TPMS_ECC_POINT. See TPM Rev 2.0 part 2, structures, section 12.2.3.2.

Relevant code is at https://github.com/line/line-fido2-server/blob/7ad6e867b3faaab133ef950c16da37cda8a9d9e9/server/src/main/java/com/linecorp/line/auth/fido/fido2/server/attestation/tpm/TpmParser.java#L152.

aseigler avatar Aug 06 '22 01:08 aseigler