PivApplet icon indicating copy to clipboard operation
PivApplet copied to clipboard

Published 20 hours ago verified publisher icon arekinath

Full YubiKey Attestation Compatibility

Open mistial-dev opened this issue 3 years ago • 0 comments

Yubikey Attestation certs can be loaded (along with their key) to a YubiKey.

Loading an alternate certificate to the F9 slot affects the chain construction. It appears that the YubiKey parses the loaded certificate, in order to get the required information.

The YubiKey enforces the following requirements:

  • It must be X.509 version 2 or 3
  • The encoded validity dates must be less than 66 bytes
  • The encoded SubjectName must be less than 1029 bytes
  • The total length of the certificate must be fewer than 3052 bytes

Looking through my token, the F9 certificate name subject is the same as the issuer on the attestation certs (as expected).

With PIVApplet, the subject name is hard-coded:

	private static final byte[] CN_STRING = {
	    'P', 'I', 'V', 'A', 'p', 'p', 'l', 'e', 't', ' ',
	    'A', 't', 't', 'e', 's', 't', 'a', 't', 'i', 'o', 'n'
	};

        ...

	wtlv.write(OID_CN, (short)0, (short)OID_CN.length);
	wtlv.pop();
	wtlv.push(ASN1_UTF8STRING);
	wtlv.write(CN_STRING, (short)0, (short)CN_STRING.length);

The YubiKey certificates do not appear to have an authority key identifier extension, but they load the same "CN=Yubico PIV Attestation" certificate to many tokens. This simplifies certificate parsing and chain building.

With PIVApplet, each card is generating its own attestation certificate, with the same CN_STRING value. This makes it harder to validate the attestation certs, and requires either a custom applet or issuing certs that exactly match the expected issuer name.

I'd like to submit a patch to bring this up to full compatibility with certificates meeting the YubiKey requirements. It would potentially increase the applet memory used, especially if a large certificate is provided.

Additionally, in accordance with general good practices and to facilitate differentiation between attestation certs, I'd like to add an Authority Key Identifier extension to generated attestation certs if the Subject Key Identifier is present in the F9 attestation cert. This would help tell attestation certificates apart between various issued PivApplet cards.

mistial-dev avatar Dec 31 '21 01:12 mistial-dev