diff --git a/Src/Fido2.Models/COSETypes.cs b/Src/Fido2.Models/COSETypes.cs
index 103005b6..039844b0 100644
--- a/Src/Fido2.Models/COSETypes.cs
+++ b/Src/Fido2.Models/COSETypes.cs
@@ -186,7 +186,7 @@ public enum EllipticCurve
///
Ed448 = 7,
///
- /// secp256k1 (pending IANA - requested assignment 8)
+ /// secp256k1
///
P256K = 8
}
diff --git a/Src/Fido2/AttestationFormat/AndroidKey.cs b/Src/Fido2/AttestationFormat/AndroidKey.cs
index 8056b0d5..ba8f05d5 100644
--- a/Src/Fido2/AttestationFormat/AndroidKey.cs
+++ b/Src/Fido2/AttestationFormat/AndroidKey.cs
@@ -15,11 +15,12 @@ internal sealed class AndroidKey : AttestationVerifier
{
foreach (var ext in exts)
{
- if (ext.Oid!.Value is "1.3.6.1.4.1.11129.2.1.17") // AttestationRecordOid
+ if (ext.Oid?.Value is "1.3.6.1.4.1.11129.2.1.17") // AttestationRecordOid
{
return ext.RawData;
}
}
+
return null;
}
diff --git a/Src/Fido2/AttestationFormat/AndroidSafetyNet.cs b/Src/Fido2/AttestationFormat/AndroidSafetyNet.cs
index 7a67ddca..d810edc6 100644
--- a/Src/Fido2/AttestationFormat/AndroidSafetyNet.cs
+++ b/Src/Fido2/AttestationFormat/AndroidSafetyNet.cs
@@ -29,26 +29,31 @@ public override (AttestationType, X509Certificate2[]) Verify(VerifyAttestationRe
// 2. Verify that response is a valid SafetyNet response of version ver
if (!request.TryGetVer(out string? ver))
{
- throw new Fido2VerificationException("Invalid version in SafetyNet data");
+ throw new Fido2VerificationException(Fido2ErrorMessages.InvalidSafetyNetVersion);
}
- if (!(request.AttStmt["response"] is CborByteString { Length: > 0 }))
- throw new Fido2VerificationException("Invalid response in SafetyNet data");
+ if (!(request.AttStmt["response"] is CborByteString { Length: > 0 } responseByteString))
+ throw new Fido2VerificationException(Fido2ErrorMessages.InvalidSafetyNetResponse);
- var response = (byte[])request.AttStmt["response"]!;
- var responseJWT = Encoding.UTF8.GetString(response);
+ var responseJwt = Encoding.UTF8.GetString(responseByteString);
- if (string.IsNullOrWhiteSpace(responseJWT))
- throw new Fido2VerificationException("SafetyNet response null or whitespace");
+ var jwtComponents = responseJwt.Split('.');
- var jwtParts = responseJWT.Split('.');
+ if (jwtComponents.Length != 3)
+ throw new Fido2VerificationException(Fido2ErrorMessages.MalformedSafetyNetJwt);
- if (jwtParts.Length != 3)
- throw new Fido2VerificationException("SafetyNet response JWT does not have the 3 expected components");
+ byte[] jwtHeaderBytes;
- string jwtHeaderString = jwtParts[0];
+ try
+ {
+ jwtHeaderBytes = Base64Url.Decode(jwtComponents[0]);
+ }
+ catch (FormatException)
+ {
+ throw new Fido2VerificationException(Fido2ErrorMessages.MalformedSafetyNetJwt);
+ }
- using var jwtHeaderJsonDoc = JsonDocument.Parse(Base64Url.Decode(jwtHeaderString));
+ using var jwtHeaderJsonDoc = JsonDocument.Parse(jwtHeaderBytes);
var jwtHeaderJson = jwtHeaderJsonDoc.RootElement;
if (!jwtHeaderJson.TryGetProperty("x5c", out var x5cEl))
@@ -97,7 +102,7 @@ public override (AttestationType, X509Certificate2[]) Verify(VerifyAttestationRe
SecurityToken validatedToken;
try
{
- tokenHandler.ValidateToken(responseJWT, validationParameters, out validatedToken);
+ tokenHandler.ValidateToken(responseJwt, validationParameters, out validatedToken);
}
catch (SecurityTokenException ex)
{
diff --git a/Src/Fido2/AttestationFormat/Apple.cs b/Src/Fido2/AttestationFormat/Apple.cs
index 66e93c31..f0878264 100644
--- a/Src/Fido2/AttestationFormat/Apple.cs
+++ b/Src/Fido2/AttestationFormat/Apple.cs
@@ -14,7 +14,7 @@ internal sealed class Apple : AttestationVerifier
{
public static byte[] GetAppleAttestationExtensionValue(X509ExtensionCollection exts)
{
- var appleExtension = exts.FirstOrDefault(static e => e.Oid!.Value is "1.2.840.113635.100.8.2");
+ var appleExtension = exts.FirstOrDefault(static e => e.Oid?.Value is "1.2.840.113635.100.8.2");
if (appleExtension is null || appleExtension.RawData is null || appleExtension.RawData.Length < 0x26)
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Extension with OID 1.2.840.113635.100.8.2 not found on Apple attestation credCert");
diff --git a/Src/Fido2/AttestationFormat/AppleAppAttest.cs b/Src/Fido2/AttestationFormat/AppleAppAttest.cs
index 045a93d8..c8a58688 100644
--- a/Src/Fido2/AttestationFormat/AppleAppAttest.cs
+++ b/Src/Fido2/AttestationFormat/AppleAppAttest.cs
@@ -13,7 +13,7 @@ internal sealed class AppleAppAttest : AttestationVerifier
{
public static byte[] GetAppleAppIdFromCredCertExtValue(X509ExtensionCollection exts)
{
- var appleExtension = exts.FirstOrDefault(static e => e.Oid!.Value is "1.2.840.113635.100.8.5");
+ var appleExtension = exts.FirstOrDefault(static e => e.Oid?.Value is "1.2.840.113635.100.8.5");
if (appleExtension is null || appleExtension.RawData is null)
throw new Fido2VerificationException("Extension with OID 1.2.840.113635.100.8.5 not found on Apple AppAttest credCert");
diff --git a/Src/Fido2/AttestationFormat/FidoU2f.cs b/Src/Fido2/AttestationFormat/FidoU2f.cs
index 5b09ea85..63941920 100644
--- a/Src/Fido2/AttestationFormat/FidoU2f.cs
+++ b/Src/Fido2/AttestationFormat/FidoU2f.cs
@@ -36,15 +36,9 @@ public override (AttestationType, X509Certificate2[]) Verify(VerifyAttestationRe
var pubKey = attCert.GetECDsaPublicKey()!;
var keyParams = pubKey.ExportParameters(false);
- if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+ if (!keyParams.Curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal))
{
- if (!keyParams.Curve.Oid.FriendlyName!.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal))
- throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve");
- }
- else
- {
- if (!keyParams.Curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal))
- throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve");
+ throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve");
}
// 3. Extract the claimed rpIdHash from authenticatorData, and the claimed credentialId and credentialPublicKey from authenticatorData
diff --git a/Src/Fido2/AttestationFormat/Tpm.cs b/Src/Fido2/AttestationFormat/Tpm.cs
index f88d5945..7f4f75eb 100644
--- a/Src/Fido2/AttestationFormat/Tpm.cs
+++ b/Src/Fido2/AttestationFormat/Tpm.cs
@@ -239,7 +239,7 @@ private static (string?, string?, string?) SANFromAttnCertExts(X509ExtensionColl
foreach (var extension in exts)
{
- if (extension.Oid!.Value is "2.5.29.17") // subject alternative name
+ if (extension.Oid?.Value is "2.5.29.17") // subject alternative name
{
if (extension.RawData.Length is 0)
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "SAN missing from TPM attestation certificate");
@@ -362,7 +362,7 @@ private static bool EKUFromAttnCertExts(X509ExtensionCollection exts, string exp
{
foreach (var ext in exts)
{
- if (ext.Oid!.Value is "2.5.29.37" && ext is X509EnhancedKeyUsageExtension enhancedKeyUsageExtension)
+ if (ext.Oid?.Value is "2.5.29.37" && ext is X509EnhancedKeyUsageExtension enhancedKeyUsageExtension)
{
foreach (var oid in enhancedKeyUsageExtension.EnhancedKeyUsages)
{
diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs
index 1e68288c..d7aa1563 100644
--- a/Src/Fido2/AuthenticatorAttestationResponse.cs
+++ b/Src/Fido2/AuthenticatorAttestationResponse.cs
@@ -280,20 +280,20 @@ public ParsedAttestationObject(string fmt, CborMap attStmt, AuthenticatorData au
public AuthenticatorData AuthData { get; }
- internal static ParsedAttestationObject FromCbor(CborObject cbor)
+ internal static ParsedAttestationObject FromCbor(CborMap cbor)
{
if (!(
- cbor["fmt"] is { Type: CborType.TextString } fmt &&
- cbor["attStmt"] is { Type: CborType.Map } attStmt &&
- cbor["authData"] is { Type: CborType.ByteString } authData))
+ cbor["fmt"] is CborTextString fmt &&
+ cbor["attStmt"] is CborMap attStmt &&
+ cbor["authData"] is CborByteString authData))
{
throw new Fido2VerificationException(Fido2ErrorCode.MalformedAttestationObject, Fido2ErrorMessages.MalformedAttestationObject);
}
return new ParsedAttestationObject(
- fmt : (string)fmt,
- attStmt : (CborMap)attStmt,
- authData : AuthenticatorData.Parse((byte[])authData)
+ fmt : fmt,
+ attStmt : attStmt,
+ authData : AuthenticatorData.Parse(authData)
);
}
}
diff --git a/Src/Fido2/Cbor/CborByteString.cs b/Src/Fido2/Cbor/CborByteString.cs
index fbfec6a3..a7c0a877 100644
--- a/Src/Fido2/Cbor/CborByteString.cs
+++ b/Src/Fido2/Cbor/CborByteString.cs
@@ -1,9 +1,13 @@
-namespace Fido2NetLib.Cbor;
+using System;
+
+namespace Fido2NetLib.Cbor;
public sealed class CborByteString : CborObject
{
public CborByteString(byte[] value)
{
+ ArgumentNullException.ThrowIfNull(value);
+
Value = value;
}
@@ -12,4 +16,6 @@ public CborByteString(byte[] value)
public byte[] Value { get; }
public int Length => Value.Length;
+
+ public static implicit operator byte[](CborByteString value) => value.Value;
}
diff --git a/Src/Fido2/Cbor/CborTextString.cs b/Src/Fido2/Cbor/CborTextString.cs
index d1b54ee6..8e491fe8 100644
--- a/Src/Fido2/Cbor/CborTextString.cs
+++ b/Src/Fido2/Cbor/CborTextString.cs
@@ -15,6 +15,8 @@ public CborTextString(string value)
public string Value { get; }
+ public static implicit operator string(CborTextString value) => value.Value;
+
public override bool Equals(object? obj)
{
return obj is CborTextString other && other.Value.Equals(Value, StringComparison.Ordinal);
diff --git a/Src/Fido2/Extensions/CryptoUtils.cs b/Src/Fido2/Extensions/CryptoUtils.cs
index e213fb45..2969ea9d 100644
--- a/Src/Fido2/Extensions/CryptoUtils.cs
+++ b/Src/Fido2/Extensions/CryptoUtils.cs
@@ -190,7 +190,7 @@ public static string CDPFromCertificateExts(X509ExtensionCollection exts)
var cdp = "";
foreach (var ext in exts)
{
- if (ext.Oid!.Value is "2.5.29.31") // id-ce-CRLDistributionPoints
+ if (ext.Oid?.Value is "2.5.29.31") // id-ce-CRLDistributionPoints
{
var asnData = Asn1Element.Decode(ext.RawData);
diff --git a/Src/Fido2/Extensions/EcCurveExtensions.cs b/Src/Fido2/Extensions/EcCurveExtensions.cs
index 4bb03c1a..14649e1a 100644
--- a/Src/Fido2/Extensions/EcCurveExtensions.cs
+++ b/Src/Fido2/Extensions/EcCurveExtensions.cs
@@ -1,5 +1,4 @@
using System;
-using System.Runtime.InteropServices;
using System.Security.Cryptography;
using Fido2NetLib.Objects;
@@ -10,32 +9,18 @@ internal static class EcCurveExtensions
{
public static COSE.EllipticCurve ToCoseCurve(this ECCurve curve)
{
- if (curve.Oid.FriendlyName is "secP256k1")
+ if (curve.Oid.FriendlyName is "secP256k1") // OID = 1.3.132.0.10
return COSE.EllipticCurve.P256K;
- if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
- {
- if (curve.Oid.FriendlyName!.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal))
- return COSE.EllipticCurve.P256;
+ if (curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal))
+ return COSE.EllipticCurve.P256;
- else if (curve.Oid.FriendlyName.Equals(ECCurve.NamedCurves.nistP384.Oid.FriendlyName, StringComparison.Ordinal))
- return COSE.EllipticCurve.P384;
-
- else if (curve.Oid.FriendlyName.Equals(ECCurve.NamedCurves.nistP521.Oid.FriendlyName, StringComparison.Ordinal))
- return COSE.EllipticCurve.P521;
- }
- else
- {
- if (curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal))
- return COSE.EllipticCurve.P256;
-
- else if (curve.Oid.Value.Equals(ECCurve.NamedCurves.nistP384.Oid.Value, StringComparison.Ordinal))
- return COSE.EllipticCurve.P384;
-
- else if (curve.Oid.Value.Equals(ECCurve.NamedCurves.nistP521.Oid.Value, StringComparison.Ordinal))
- return COSE.EllipticCurve.P521;
- }
+ else if (curve.Oid.Value.Equals(ECCurve.NamedCurves.nistP384.Oid.Value, StringComparison.Ordinal))
+ return COSE.EllipticCurve.P384;
+ else if (curve.Oid.Value.Equals(ECCurve.NamedCurves.nistP521.Oid.Value, StringComparison.Ordinal))
+ return COSE.EllipticCurve.P521;
+
throw new Exception($"Invalid ECCurve. Was {curve.Oid}");
}
}
diff --git a/Src/Fido2/Fido2ErrorMessages.cs b/Src/Fido2/Fido2ErrorMessages.cs
index 25dbbf60..2b5827c7 100644
--- a/Src/Fido2/Fido2ErrorMessages.cs
+++ b/Src/Fido2/Fido2ErrorMessages.cs
@@ -65,4 +65,9 @@ internal static class Fido2ErrorMessages
public static readonly string InvalidFidoU2fAttestationSignature = "Invalid fido-u2f attestation signature";
public static readonly string InvalidPackedAttestationSignature = "Invalid packed attestation signature";
public static readonly string InvalidTpmAttestationSignature = "Invalid TPM attestation signature";
+
+
+ public static readonly string InvalidSafetyNetVersion = "Invalid version in SafetyNet data";
+ public static readonly string InvalidSafetyNetResponse = "Invalid response in SafetyNet data";
+ public static readonly string MalformedSafetyNetJwt = "SafetyNet response JWT is malformed";
}
diff --git a/Src/Fido2/Objects/CredentialPublicKey.cs b/Src/Fido2/Objects/CredentialPublicKey.cs
index 6a9b2058..b3a0e864 100644
--- a/Src/Fido2/Objects/CredentialPublicKey.cs
+++ b/Src/Fido2/Objects/CredentialPublicKey.cs
@@ -82,7 +82,7 @@ public bool Verify(ReadOnlySpan data, ReadOnlySpan signature)
}
case COSE.KeyType.RSA:
- using (RSA rsa = CreateRsa())
+ using (RSA rsa = CreateRSA())
{
return rsa.VerifyData(data, signature, CryptoUtils.HashAlgFromCOSEAlg(_alg), Padding);
}
@@ -93,7 +93,7 @@ public bool Verify(ReadOnlySpan data, ReadOnlySpan signature)
throw new InvalidOperationException($"Missing or unknown kty {_type}");
}
- internal RSA CreateRsa()
+ internal RSA CreateRSA()
{
if (_type != COSE.KeyType.RSA)
{
@@ -129,9 +129,9 @@ public ECDsa CreateECDsa()
switch ((_alg, crv))
{
case (COSE.Algorithm.ES256K, COSE.EllipticCurve.P256K):
- if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) // see https://github.com/dotnet/runtime/issues/47770
+ if (OperatingSystem.IsMacOS()) // see https://github.com/dotnet/runtime/issues/47770
{
- throw new PlatformNotSupportedException($"No support currently for secP256k1 on macOS");
+ throw new PlatformNotSupportedException("The secP256k1 curve is not supported on macOS");
}
curve = ECCurve.CreateFromFriendlyName("secP256k1");
diff --git a/Test/Attestation/AndroidSafetyNet.cs b/Test/Attestation/AndroidSafetyNet.cs
index 786b3585..6985cf48 100644
--- a/Test/Attestation/AndroidSafetyNet.cs
+++ b/Test/Attestation/AndroidSafetyNet.cs
@@ -258,19 +258,22 @@ public void TestAndroidSafetyResponseWhitespace()
var attStmt = (CborMap)_attestationObject["attStmt"];
attStmt.Set("response", new CborByteString(" "u8.ToArray()));
var ex = Assert.ThrowsAsync(() => MakeAttestationResponseAsync());
- Assert.Equal("SafetyNet response null or whitespace", ex.Result.Message);
+ Assert.Same(Fido2ErrorMessages.MalformedSafetyNetJwt, ex.Result.Message);
}
- [Fact]
- public void TestAndroidSafetyNetMalformedResponseJWT()
+ [Theory]
+ [InlineData(".")]
+ [InlineData("x.x")]
+ [InlineData("x.x.")]
+ public void TestAndroidSafetyNetMalformedResponseJWT(string text)
{
var response = (byte[])_attestationObject["attStmt"]["response"];
var responseJWT = Encoding.UTF8.GetString(response);
- var jwtParts = responseJWT.Split('.');
+
var attStmt = (CborMap)_attestationObject["attStmt"];
- attStmt.Set("response", new CborByteString(Encoding.UTF8.GetBytes(jwtParts.First())));
+ attStmt.Set("response", new CborByteString(Encoding.UTF8.GetBytes(text)));
var ex = Assert.ThrowsAsync(() => MakeAttestationResponseAsync());
- Assert.Equal("SafetyNet response JWT does not have the 3 expected components", ex.Result.Message);
+ Assert.Same(Fido2ErrorMessages.MalformedSafetyNetJwt, ex.Result.Message);
}
[Fact]
@@ -381,13 +384,13 @@ public void TestAndroidSafetyNetResponseClaimTimestampExpired()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap {
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -459,14 +462,14 @@ public void TestAndroidSafetyNetResponseClaimTimestampNotYetValid()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -618,14 +621,14 @@ public void TestAndroidSafetyNetResponseClaimNonceMissing()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -703,14 +706,14 @@ public void TestAndroidSafetyNetResponseClaimNonceInvalid()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -871,14 +874,14 @@ public async Task TestAndroidSafetyNetAttestationCertSubjectInvalid()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -959,14 +962,14 @@ public void TestAndroidSafetyNetCtsProfileMatchMissing()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
diff --git a/Test/Attestation/Apple.cs b/Test/Attestation/Apple.cs
index cb02eacc..2f635c8e 100644
--- a/Test/Attestation/Apple.cs
+++ b/Test/Attestation/Apple.cs
@@ -51,13 +51,13 @@ public Apple()
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap {
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, crv }
};
@@ -198,7 +198,7 @@ public async Task TestApplePublicKeyMismatch()
var cpkBytes = new byte[] { 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x79, 0xfe, 0x59, 0x08, 0xbb, 0x51, 0x29, 0xc8, 0x09, 0x38, 0xb7, 0x54, 0xc0, 0x4d, 0x2b, 0x34, 0x0e, 0xfa, 0x66, 0x15, 0xb9, 0x87, 0x69, 0x8b, 0xf5, 0x9d, 0xa4, 0xe5, 0x3e, 0xa3, 0xe6, 0xfe, 0x22, 0x58, 0x20, 0xfb, 0x03, 0xda, 0xa1, 0x27, 0x0d, 0x58, 0x04, 0xe8, 0xab, 0x61, 0xc1, 0x5a, 0xac, 0xa2, 0x43, 0x5c, 0x7d, 0xbf, 0x36, 0x9d, 0x71, 0xca, 0x15, 0xc5, 0x23, 0xb0, 0x00, 0x4a, 0x1b, 0x75, 0xb7 };
_credentialPublicKey = new CredentialPublicKey(cpkBytes);
- var authData = new AuthenticatorData(_rpIdHash, _flags, _signCount, _acd, _exts).ToByteArray();
+ var authData = new AuthenticatorData(_rpIdHash, _flags, _signCount, _acd, GetExtensions()).ToByteArray();
_attestationObject.Set("authData", new CborByteString(authData));
var clientData = new
{
@@ -246,7 +246,7 @@ public async Task TestApplePublicKeyMismatch()
ErrorMessage = "",
PubKeyCredParams = new List()
{
- new PubKeyCredParam(COSE.Algorithm.ES256)
+ PubKeyCredParam.ES256
},
Rp = new PublicKeyCredentialRpEntity("https://www.passwordless.dev", "6cc3c9e7967a.ngrok.io", ""),
Status = "ok",
diff --git a/Test/Attestation/None.cs b/Test/Attestation/None.cs
index 1a76494c..0afcf267 100644
--- a/Test/Attestation/None.cs
+++ b/Test/Attestation/None.cs
@@ -4,7 +4,6 @@
using Fido2NetLib.Cbor;
using Fido2NetLib.Exceptions;
using Fido2NetLib.Objects;
-using System.Runtime.InteropServices;
namespace Test.Attestation;
@@ -16,17 +15,17 @@ public None()
}
[Fact]
- public void TestNone()
+ public async Task TestNone()
{
- Fido2Tests._validCOSEParameters.ForEach(async ((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve) param) =>
+ foreach (var (keyType, alg, crv) in Fido2Tests._validCOSEParameters)
{
- // No support for P256K on OSX
- if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && param.Item3 == COSE.EllipticCurve.P256K)
- return;
+ // P256K is not supported on macOS
+ if (OperatingSystem.IsMacOS() && crv is COSE.EllipticCurve.P256K)
+ continue;
_attestationObject.Add("attStmt", new CborMap());
- _credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(param);
- Fido2.CredentialMakeResult res = null;
+ _credentialPublicKey = Fido2Tests.MakeCredentialPublicKey((keyType, alg, crv));
+ Fido2.CredentialMakeResult res;
res = await MakeAttestationResponseAsync();
@@ -43,7 +42,7 @@ public void TestNone()
Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
Assert.Equal("testuser", res.Result.User.Name);
_attestationObject = new CborMap { { "fmt", "none" } };
- });
+ }
}
[Fact]
diff --git a/Test/Attestation/Packed.cs b/Test/Attestation/Packed.cs
index c473e160..7d13c465 100644
--- a/Test/Attestation/Packed.cs
+++ b/Test/Attestation/Packed.cs
@@ -7,7 +7,6 @@
using Fido2NetLib.Cbor;
using Fido2NetLib.Exceptions;
using Fido2NetLib.Objects;
-using System.Runtime.InteropServices;
namespace Test.Attestation;
@@ -19,15 +18,13 @@ public Packed()
}
[Fact]
- public void TestSelf()
+ public async Task TestSelf()
{
- Fido2Tests._validCOSEParameters.ForEach(async ((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve) param) =>
+ foreach (var (type, alg, crv) in Fido2Tests._validCOSEParameters)
{
- var (type, alg, crv) = param;
-
// No support for P256K on OSX
- if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && crv == COSE.EllipticCurve.P256K)
- return;
+ if (OperatingSystem.IsMacOS() && crv is COSE.EllipticCurve.P256K)
+ continue;
var signature = SignData(type, alg, crv);
@@ -51,7 +48,7 @@ public void TestSelf()
Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
Assert.Equal("testuser", res.Result.User.Name);
_attestationObject = new CborMap { { "fmt", "packed" } };
- });
+ }
}
[Fact]
@@ -187,19 +184,17 @@ public async Task TestSigByteStringZeroLen()
}
[Fact]
- public void TestFull()
+ public async Task TestFull()
{
- Fido2Tests._validCOSEParameters.ForEach(async ((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve) param) =>
+ foreach (var (type, alg, curve) in Fido2Tests._validCOSEParameters)
{
- var (type, alg, curve) = param;
-
if (type is COSE.KeyType.OKP)
{
return;
}
// No support for P256K on OSX
- if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && curve == COSE.EllipticCurve.P256K)
+ if (OperatingSystem.IsMacOS() && curve == COSE.EllipticCurve.P256K)
return;
X509Certificate2 attestnCert;
@@ -240,7 +235,7 @@ public void TestFull()
using var ecdsaAtt = ECDsa.Create(eCCurve);
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -291,7 +286,7 @@ public void TestFull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -336,7 +331,7 @@ public void TestFull()
Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
Assert.Equal("testuser", res.Result.User.Name);
_attestationObject = new CborMap { { "fmt", "packed" } };
- });
+ }
}
[Fact]
@@ -358,7 +353,7 @@ public void TestFullMissingX5c()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -401,7 +396,7 @@ public void TestFullX5cNotArray()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -448,7 +443,7 @@ public void TestFullX5cCountNotOne()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -489,7 +484,7 @@ public void TestFullX5cValueNotByteString()
using var ecdsaAtt = ECDsa.Create(eCCurve);
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -530,7 +525,7 @@ public void TestFullX5cValueZeroLengthByteString()
using var ecdsaAtt = ECDsa.Create(eCCurve);
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -572,7 +567,7 @@ public void TestFullX5cCertExpired()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -618,7 +613,7 @@ public void TestFullX5cCertNotYetValid()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -667,7 +662,7 @@ public void TestFullInvalidAlg()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -710,7 +705,7 @@ public void TestFullInvalidSig()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -756,7 +751,7 @@ public void TestFullAttCertNotV3()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -815,7 +810,7 @@ public async Task TestFullAttCertSubject()
using var ecdsaAtt = ECDsa.Create(eCCurve);
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -868,7 +863,7 @@ public async void TestAttCertSubjectCommaAsync()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -916,7 +911,7 @@ public async Task TestFullAttCertAaguidNotMatchAuthdata()
var notAsnEncodedAaguid = _asnEncodedAaguid;
notAsnEncodedAaguid[3] = 0x42;
- var notIdFidoGenCeAaguidExt = new X509Extension(oidIdFidoGenCeAaguid, _asnEncodedAaguid, false);
+ var notIdFidoGenCeAaguidExt = new X509Extension(oidIdFidoGenCeAaGuid, _asnEncodedAaguid, false);
attRequest.CertificateExtensions.Add(notIdFidoGenCeAaguidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
@@ -966,7 +961,7 @@ public void TestFullAttCertCAFlagSet()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(caExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
diff --git a/Test/Attestation/Tpm.cs b/Test/Attestation/Tpm.cs
index c8cace97..19973fdb 100644
--- a/Test/Attestation/Tpm.cs
+++ b/Test/Attestation/Tpm.cs
@@ -2,6 +2,7 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
+using fido2_net_lib;
using fido2_net_lib.Test;
using Fido2NetLib;
@@ -69,20 +70,18 @@ public Tpm()
}
[Fact]
- public void TestTPM()
+ public async Task TestTPM()
{
- Fido2Tests._validCOSEParameters.ForEach(async ((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve) param) =>
+ foreach (var (type, alg, curve) in Fido2Tests._validCOSEParameters)
{
- var (type, alg, curve) = param;
-
if (type is COSE.KeyType.OKP)
{
- return; // no OKP support in TPM
+ continue; // no OKP support in TPM
}
if (type is COSE.KeyType.EC2 && alg is COSE.Algorithm.ES256K)
{
- return; // no secp256k1 support in TPM
+ continue; // no secp256k1 support in TPM
}
tpmAlg = GetTmpAlg(alg).ToUInt16BigEndianBytes();
@@ -112,17 +111,13 @@ public void TestTPM()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
@@ -156,7 +151,7 @@ public void TestTPM()
curveId = BitConverter.GetBytes((ushort)CoseCurveToTpm[(int)cpk[COSE.KeyTypeParameter.Crv]]).Reverse().ToArray();
kdf = BitConverter.GetBytes((ushort)TpmAlg.TPM_ALG_NULL); // should this be big endian?
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_ECC, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -180,7 +175,7 @@ public void TestTPM()
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -219,25 +214,21 @@ public void TestTPM()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
- attestnCert.RawData,
- rootCert.RawData
- };
+ var x5c = new CborArray {
+ attestnCert.RawData,
+ rootCert.RawData
+ };
var rsaParams = rsaAtt.ExportParameters(true);
@@ -246,7 +237,7 @@ public void TestTPM()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -271,7 +262,7 @@ public void TestTPM()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -290,7 +281,7 @@ public void TestTPM()
_attestationObject.Set("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -314,7 +305,7 @@ public void TestTPM()
Assert.Equal("testuser"u8.ToArray(), res.Result.User.Id);
Assert.Equal("testuser", res.Result.User.Name);
_attestationObject = new CborMap { { "fmt", "tpm" } };
- });
+ }
}
[Fact]
@@ -335,7 +326,7 @@ public void TestTPMAikCertSANTCGConformant()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
byte[] asnEncodedSAN = TpmSanEncoder.Encode(
manufacturer: "id:FFFFF1D0",
@@ -350,16 +341,12 @@ public void TestTPMAikCertSANTCGConformant()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -371,7 +358,7 @@ public void TestTPMAikCertSANTCGConformant()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -396,7 +383,7 @@ public void TestTPMAikCertSANTCGConformant()
byte[] tpm1bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm1bName = Concat(tpm1bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -415,7 +402,7 @@ public void TestTPMAikCertSANTCGConformant()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -455,22 +442,18 @@ public void TestTPMSigNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -482,7 +465,7 @@ public void TestTPMSigNull()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -506,7 +489,7 @@ public void TestTPMSigNull()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -525,7 +508,7 @@ public void TestTPMSigNull()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", CborNull.Instance },
{ "certInfo", certInfo },
{ "pubArea", pubArea },
@@ -553,22 +536,18 @@ public void TestTPMSigNotByteString()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -580,7 +559,7 @@ public void TestTPMSigNotByteString()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -604,7 +583,7 @@ public void TestTPMSigNotByteString()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -623,7 +602,7 @@ public void TestTPMSigNotByteString()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", "strawberries" },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -651,22 +630,18 @@ public void TestTPMSigByteStringZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -678,7 +653,7 @@ public void TestTPMSigByteStringZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -702,7 +677,7 @@ public void TestTPMSigByteStringZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -721,7 +696,7 @@ public void TestTPMSigByteStringZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", Array.Empty() },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -756,22 +731,18 @@ public void TestTPMVersionNot2()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -783,7 +754,7 @@ public void TestTPMVersionNot2()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -807,7 +778,7 @@ public void TestTPMVersionNot2()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -826,7 +797,7 @@ public void TestTPMVersionNot2()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "3.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -855,22 +826,18 @@ public void TestTPMPubAreaNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -882,7 +849,7 @@ public void TestTPMPubAreaNull()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -907,7 +874,7 @@ public void TestTPMPubAreaNull()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -926,7 +893,7 @@ public void TestTPMPubAreaNull()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo},
{ "pubArea", CborNull.Instance },
@@ -954,22 +921,18 @@ public void TestTPMPubAreaNotByteString()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -981,7 +944,7 @@ public void TestTPMPubAreaNotByteString()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1005,7 +968,7 @@ public void TestTPMPubAreaNotByteString()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1024,7 +987,7 @@ public void TestTPMPubAreaNotByteString()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", "banana" }
@@ -1052,22 +1015,18 @@ public void TestTPMPubAreaByteStringZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -1079,7 +1038,7 @@ public void TestTPMPubAreaByteStringZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1103,7 +1062,7 @@ public void TestTPMPubAreaByteStringZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1122,7 +1081,7 @@ public void TestTPMPubAreaByteStringZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", Array.Empty() }
@@ -1150,22 +1109,18 @@ public void TestTPMPubAreaUniqueNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -1199,7 +1154,7 @@ var pubArea
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1218,7 +1173,7 @@ var pubArea
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -1246,22 +1201,18 @@ public void TestTPMPubAreaUniqueByteStringZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -1273,7 +1224,7 @@ public void TestTPMPubAreaUniqueByteStringZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1299,7 +1250,7 @@ public void TestTPMPubAreaUniqueByteStringZeroLen()
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1318,7 +1269,7 @@ public void TestTPMPubAreaUniqueByteStringZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -1346,17 +1297,13 @@ public void TestTPMPubAreaUniquePublicKeyMismatch()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
@@ -1373,7 +1320,7 @@ public void TestTPMPubAreaUniquePublicKeyMismatch()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1397,7 +1344,7 @@ public void TestTPMPubAreaUniquePublicKeyMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1444,22 +1391,18 @@ public void TestTPMPubAreaUniqueExponentMismatch()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -1471,7 +1414,7 @@ public void TestTPMPubAreaUniqueExponentMismatch()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1495,7 +1438,7 @@ public void TestTPMPubAreaUniqueExponentMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1514,7 +1457,7 @@ public void TestTPMPubAreaUniqueExponentMismatch()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -1542,33 +1485,29 @@ public void TestTPMPubAreaUniqueXValueMismatch()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap {
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -1586,7 +1525,7 @@ public void TestTPMPubAreaUniqueXValueMismatch()
curveId = BitConverter.GetBytes((ushort)CoseCurveToTpm[(int)cpk[COSE.KeyTypeParameter.Crv]]).Reverse().ToArray();
kdf = BitConverter.GetBytes((ushort)TpmAlg.TPM_ALG_NULL);
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_ECC, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1609,7 +1548,7 @@ public void TestTPMPubAreaUniqueXValueMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1628,7 +1567,7 @@ public void TestTPMPubAreaUniqueXValueMismatch()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature},
{ "certInfo", certInfo},
{ "pubArea", pubArea }
@@ -1656,17 +1595,13 @@ public void TestTPMPubAreaUniqueYValueMismatch()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
@@ -1676,13 +1611,13 @@ public void TestTPMPubAreaUniqueYValueMismatch()
rootCert.RawData
};
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap {
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -1700,7 +1635,7 @@ public void TestTPMPubAreaUniqueYValueMismatch()
curveId = BitConverter.GetBytes((ushort)CoseCurveToTpm[(int)cpk[COSE.KeyTypeParameter.Crv]]).Reverse().ToArray();
kdf = BitConverter.GetBytes((ushort)TpmAlg.TPM_ALG_NULL);
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_ECC, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1724,7 +1659,7 @@ public void TestTPMPubAreaUniqueYValueMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1771,33 +1706,29 @@ public void TestTPMPubAreaUniqueCurveMismatch()
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
- var ecparams = ecdsaAtt.ExportParameters(true);
+ var ecParams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap {
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
- { COSE.KeyTypeParameter.X, ecparams.Q.X },
- { COSE.KeyTypeParameter.Y, ecparams.Q.Y },
+ { COSE.KeyTypeParameter.X, ecParams.Q.X },
+ { COSE.KeyTypeParameter.Y, ecParams.Q.Y },
{ COSE.KeyTypeParameter.Crv, curve }
};
@@ -1815,7 +1746,7 @@ public void TestTPMPubAreaUniqueCurveMismatch()
curveId = BitConverter.GetBytes((ushort)CoseCurveToTpm[2]).Reverse().ToArray();
kdf = BitConverter.GetBytes((ushort)TpmAlg.TPM_ALG_NULL);
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_ECC, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1839,7 +1770,7 @@ public void TestTPMPubAreaUniqueCurveMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1858,7 +1789,7 @@ public void TestTPMPubAreaUniqueCurveMismatch()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -1886,22 +1817,18 @@ public void TestTPMCertInfoNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -1913,7 +1840,7 @@ public void TestTPMCertInfoNull()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -1937,7 +1864,7 @@ public void TestTPMCertInfoNull()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -1956,7 +1883,7 @@ public void TestTPMCertInfoNull()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", CborNull.Instance },
{ "pubArea", pubArea },
@@ -1984,22 +1911,18 @@ public void TestTPMCertInfoNotByteString()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2011,7 +1934,7 @@ public void TestTPMCertInfoNotByteString()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2035,7 +1958,7 @@ public void TestTPMCertInfoNotByteString()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2054,7 +1977,7 @@ public void TestTPMCertInfoNotByteString()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", "tomato" },
{ "pubArea", pubArea }
@@ -2089,22 +2012,18 @@ public void TestTPMCertInfoByteStringZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2116,7 +2035,7 @@ public void TestTPMCertInfoByteStringZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2140,7 +2059,7 @@ public void TestTPMCertInfoByteStringZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2159,7 +2078,7 @@ public void TestTPMCertInfoByteStringZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", Array.Empty() },
{ "pubArea", pubArea }
@@ -2187,22 +2106,18 @@ public void TestTPMCertInfoBadMagic()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2214,7 +2129,7 @@ public void TestTPMCertInfoBadMagic()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2238,7 +2153,7 @@ public void TestTPMCertInfoBadMagic()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }, // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2257,7 +2172,7 @@ public void TestTPMCertInfoBadMagic()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2285,22 +2200,18 @@ public void TestTPMCertInfoBadType()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2312,7 +2223,7 @@ public void TestTPMCertInfoBadType()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2336,7 +2247,7 @@ public void TestTPMCertInfoBadType()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }, // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2355,7 +2266,7 @@ public void TestTPMCertInfoBadType()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2383,22 +2294,18 @@ public void TestTPMCertInfoExtraDataZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2410,7 +2317,7 @@ public void TestTPMCertInfoExtraDataZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2434,7 +2341,7 @@ public void TestTPMCertInfoExtraDataZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2453,7 +2360,7 @@ public void TestTPMCertInfoExtraDataZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea },
@@ -2481,22 +2388,18 @@ public void TestTPMCertInfoTPM2BNameIsHandle()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2508,7 +2411,7 @@ public void TestTPMCertInfoTPM2BNameIsHandle()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2532,7 +2435,7 @@ public void TestTPMCertInfoTPM2BNameIsHandle()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, new byte[] { 0x00, 0x04 }, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2551,7 +2454,7 @@ public void TestTPMCertInfoTPM2BNameIsHandle()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2579,22 +2482,18 @@ public void TestTPMCertInfoTPM2BNoName()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2606,7 +2505,7 @@ public void TestTPMCertInfoTPM2BNoName()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2630,7 +2529,7 @@ public void TestTPMCertInfoTPM2BNoName()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, new byte[] { 0x00, 0x00 }, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2649,7 +2548,7 @@ public void TestTPMCertInfoTPM2BNoName()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2677,22 +2576,18 @@ public void TestTPMCertInfoTPM2BExtraBytes()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2704,7 +2599,7 @@ public void TestTPMCertInfoTPM2BExtraBytes()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2733,7 +2628,7 @@ public void TestTPMCertInfoTPM2BExtraBytes()
.Concat(hashedPubArea)
.Concat(new byte[] { 0x00 });
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2752,7 +2647,7 @@ public void TestTPMCertInfoTPM2BExtraBytes()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2780,22 +2675,18 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2807,7 +2698,7 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2831,7 +2722,7 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, new byte[] { 0x00, 0x10 }, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2850,7 +2741,7 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2878,22 +2769,18 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -2905,7 +2792,7 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -2929,7 +2816,7 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, new byte[] { 0xff, 0xff }, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -2948,7 +2835,7 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -2976,22 +2863,18 @@ public void TestTPMAlgNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3003,7 +2886,7 @@ public void TestTPMAlgNull()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3027,7 +2910,7 @@ public void TestTPMAlgNull()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3046,7 +2929,7 @@ public void TestTPMAlgNull()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", CborNull.Instance },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -3074,22 +2957,18 @@ public void TestTPMAlgNotNumber()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3101,7 +2980,7 @@ public void TestTPMAlgNotNumber()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3125,7 +3004,7 @@ public void TestTPMAlgNotNumber()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3144,7 +3023,7 @@ public void TestTPMAlgNotNumber()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", "kiwi" },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -3172,22 +3051,18 @@ public void TestTPMAlgMismatch()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3199,7 +3074,7 @@ public void TestTPMAlgMismatch()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3223,7 +3098,7 @@ public void TestTPMAlgMismatch()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3242,7 +3117,7 @@ public void TestTPMAlgMismatch()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", COSE.Algorithm.RS1 },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -3270,22 +3145,18 @@ public void TestTPMPubAreaAttestedDataMismatch()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3297,7 +3168,7 @@ public void TestTPMPubAreaAttestedDataMismatch()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3324,7 +3195,7 @@ public void TestTPMPubAreaAttestedDataMismatch()
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3343,7 +3214,7 @@ public void TestTPMPubAreaAttestedDataMismatch()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -3371,22 +3242,18 @@ public void TestTPMMissingX5c()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3398,7 +3265,7 @@ public void TestTPMMissingX5c()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3422,7 +3289,7 @@ public void TestTPMMissingX5c()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3469,17 +3336,13 @@ public void TestX5cNotArray()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
@@ -3496,7 +3359,7 @@ public void TestX5cNotArray()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3520,7 +3383,7 @@ public void TestX5cNotArray()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3567,22 +3430,18 @@ public void TestTPMX5cCountZero()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3594,7 +3453,7 @@ public void TestTPMX5cCountZero()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3618,7 +3477,7 @@ public void TestTPMX5cCountZero()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3665,22 +3524,18 @@ public async Task TestTPMX5cValuesNull()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3692,7 +3547,7 @@ public async Task TestTPMX5cValuesNull()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3716,7 +3571,7 @@ public async Task TestTPMX5cValuesNull()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3763,17 +3618,13 @@ public void TestTPMX5cValuesCountZero()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
@@ -3790,7 +3641,7 @@ public void TestTPMX5cValuesCountZero()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3814,7 +3665,7 @@ public void TestTPMX5cValuesCountZero()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3862,22 +3713,18 @@ public void TestTPMFirstX5cValueNotByteString()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3889,7 +3736,7 @@ public void TestTPMFirstX5cValueNotByteString()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -3913,7 +3760,7 @@ public void TestTPMFirstX5cValueNotByteString()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -3960,22 +3807,18 @@ public void TestTPMFirstX5cValueByteStringZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -3987,7 +3830,7 @@ public void TestTPMFirstX5cValueByteStringZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4011,7 +3854,7 @@ public void TestTPMFirstX5cValueByteStringZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4058,22 +3901,18 @@ public void TestTPMBadSignature()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4085,7 +3924,7 @@ public void TestTPMBadSignature()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4109,7 +3948,7 @@ public void TestTPMBadSignature()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4129,7 +3968,7 @@ public void TestTPMBadSignature()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4158,17 +3997,13 @@ public void TestTPMAikCertNotV3()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
@@ -4176,7 +4011,7 @@ public void TestTPMAikCertNotV3()
var rawAttestnCert = attestnCert.RawData;
rawAttestnCert[12] = 0x41;
- var X5c = new CborArray {
+ var x5c = new CborArray {
rawAttestnCert,
rootCert.RawData
};
@@ -4188,7 +4023,7 @@ public void TestTPMAikCertNotV3()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4212,7 +4047,7 @@ public void TestTPMAikCertNotV3()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4231,7 +4066,7 @@ public void TestTPMAikCertNotV3()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea },
@@ -4270,22 +4105,18 @@ public void TestTPMAikCertSubjectNotEmpty()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4297,7 +4128,7 @@ public void TestTPMAikCertSubjectNotEmpty()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4321,7 +4152,7 @@ public void TestTPMAikCertSubjectNotEmpty()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4340,7 +4171,7 @@ public void TestTPMAikCertSubjectNotEmpty()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature},
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4368,22 +4199,18 @@ public void TestTPMAikCertSANMissing()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
// attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4395,7 +4222,7 @@ public void TestTPMAikCertSANMissing()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4421,7 +4248,7 @@ public void TestTPMAikCertSANMissing()
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4440,7 +4267,7 @@ public void TestTPMAikCertSANMissing()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4468,7 +4295,7 @@ public void TestTPMAikCertSANZeroLen()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
var aikCertSanExt = new X509Extension("2.5.29.17", Array.Empty(), false);
@@ -4477,16 +4304,12 @@ public void TestTPMAikCertSANZeroLen()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4498,7 +4321,7 @@ public void TestTPMAikCertSANZeroLen()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4522,7 +4345,7 @@ public void TestTPMAikCertSANZeroLen()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4541,7 +4364,7 @@ public void TestTPMAikCertSANZeroLen()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4569,7 +4392,7 @@ public void TestTPMAikCertSANNoManufacturer()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
var asnEncodedSAN = new byte[] { 0x30, 0x53, 0xA4, 0x51, 0x30, 0x4F, 0x31, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x04, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x46, 0x46, 0x46, 0x46, 0x31, 0x44, 0x30, 0x30, 0x1F, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x02, 0x0C, 0x16, 0x46, 0x49, 0x44, 0x4F, 0x32, 0x2D, 0x4E, 0x45, 0x54, 0x2D, 0x4C, 0x49, 0x42, 0x2D, 0x54, 0x45, 0x53, 0x54, 0x2D, 0x54, 0x50, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x31, 0x44, 0x30, 0x30, 0x30, 0x30, 0x32 };
var aikCertSanExt = new X509Extension("2.5.29.17", asnEncodedSAN, false);
@@ -4579,16 +4402,12 @@ public void TestTPMAikCertSANNoManufacturer()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4600,7 +4419,7 @@ public void TestTPMAikCertSANNoManufacturer()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4624,7 +4443,7 @@ public void TestTPMAikCertSANNoManufacturer()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4643,7 +4462,7 @@ public void TestTPMAikCertSANNoManufacturer()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4671,7 +4490,7 @@ public void TestTPMAikCertSANNoModel()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
var asnEncodedSAN = new byte[] { 0x30, 0x53, 0xA4, 0x51, 0x30, 0x4F, 0x31, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x01, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x46, 0x46, 0x46, 0x46, 0x31, 0x44, 0x30, 0x30, 0x1F, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x05, 0x0C, 0x16, 0x46, 0x49, 0x44, 0x4F, 0x32, 0x2D, 0x4E, 0x45, 0x54, 0x2D, 0x4C, 0x49, 0x42, 0x2D, 0x54, 0x45, 0x53, 0x54, 0x2D, 0x54, 0x50, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x31, 0x44, 0x30, 0x30, 0x30, 0x30, 0x32 };
var aikCertSanExt = new X509Extension("2.5.29.17", asnEncodedSAN, false);
@@ -4681,16 +4500,12 @@ public void TestTPMAikCertSANNoModel()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4702,7 +4517,7 @@ public void TestTPMAikCertSANNoModel()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4726,7 +4541,7 @@ public void TestTPMAikCertSANNoModel()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4745,7 +4560,7 @@ public void TestTPMAikCertSANNoModel()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -4773,7 +4588,7 @@ public void TestTPMAikCertSANNoVersion()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
var asnEncodedSAN = new byte[] { 0x30, 0x53, 0xA4, 0x51, 0x30, 0x4F, 0x31, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x01, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x46, 0x46, 0x46, 0x46, 0x31, 0x44, 0x30, 0x30, 0x1F, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0C, 0x16, 0x46, 0x49, 0x44, 0x4F, 0x32, 0x2D, 0x4E, 0x45, 0x54, 0x2D, 0x4C, 0x49, 0x42, 0x2D, 0x54, 0x45, 0x53, 0x54, 0x2D, 0x54, 0x50, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x06, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x31, 0x44, 0x30, 0x30, 0x30, 0x30, 0x32 };
var aikCertSanExt = new X509Extension("2.5.29.17", asnEncodedSAN, false);
@@ -4783,16 +4598,12 @@ public void TestTPMAikCertSANNoVersion()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4804,7 +4615,7 @@ public void TestTPMAikCertSANNoVersion()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4828,7 +4639,7 @@ public void TestTPMAikCertSANNoVersion()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4847,7 +4658,7 @@ public void TestTPMAikCertSANNoVersion()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature},
{ "certInfo", certInfo},
{ "pubArea", pubArea }
@@ -4875,7 +4686,7 @@ public void TestTPMAikCertSANInvalidManufacturer()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
var asnEncodedSAN = new byte[] { 0x30, 0x53, 0xA4, 0x51, 0x30, 0x4F, 0x31, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x01, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x46, 0x46, 0x46, 0x46, 0x31, 0x44, 0x32, 0x30, 0x1F, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x02, 0x0C, 0x16, 0x46, 0x49, 0x44, 0x4F, 0x32, 0x2D, 0x4E, 0x45, 0x54, 0x2D, 0x4C, 0x49, 0x42, 0x2D, 0x54, 0x45, 0x53, 0x54, 0x2D, 0x54, 0x50, 0x4D, 0x30, 0x14, 0x06, 0x05, 0x67, 0x81, 0x05, 0x02, 0x03, 0x0C, 0x0B, 0x69, 0x64, 0x3A, 0x46, 0x31, 0x44, 0x30, 0x30, 0x30, 0x30, 0x32 };
var aikCertSanExt = new X509Extension("2.5.29.17", asnEncodedSAN, false);
@@ -4886,16 +4697,12 @@ public void TestTPMAikCertSANInvalidManufacturer()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -4907,7 +4714,7 @@ public void TestTPMAikCertSANInvalidManufacturer()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -4931,7 +4738,7 @@ public void TestTPMAikCertSANInvalidManufacturer()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -4950,7 +4757,7 @@ public void TestTPMAikCertSANInvalidManufacturer()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature},
{ "certInfo", certInfo},
{ "pubArea", pubArea},
@@ -4978,23 +4785,19 @@ public void TestTPMAikCertEKUMissingTCGKP()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
//attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -5006,7 +4809,7 @@ public void TestTPMAikCertEKUMissingTCGKP()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5030,7 +4833,7 @@ public void TestTPMAikCertEKUMissingTCGKP()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -5049,7 +4852,7 @@ public void TestTPMAikCertEKUMissingTCGKP()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -5077,22 +4880,18 @@ public void TestTPMAikCertCATrue()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(caExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -5104,7 +4903,7 @@ public void TestTPMAikCertCATrue()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5128,7 +4927,7 @@ public void TestTPMAikCertCATrue()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -5147,7 +4946,7 @@ public void TestTPMAikCertCATrue()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -5181,19 +4980,15 @@ public async void TestTPMAikCertMisingAAGUID()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
- attestnCert.RawData,
- rootCert.RawData
- };
+ var x5c = new CborArray {
+ attestnCert.RawData,
+ rootCert.RawData
+ };
var rsaParams = rsaAtt.ExportParameters(true);
@@ -5202,7 +4997,7 @@ public async void TestTPMAikCertMisingAAGUID()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5226,7 +5021,7 @@ public async void TestTPMAikCertMisingAAGUID()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -5245,7 +5040,7 @@ public async void TestTPMAikCertMisingAAGUID()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -5287,7 +5082,7 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData()
attRequest.CertificateExtensions.Add(notCAExt);
var asnEncodedAaguid = new byte[] { 0x04, 0x10, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
- var idFidoGenCeAaguidExt = new X509Extension(oidIdFidoGenCeAaguid, asnEncodedAaguid, false);
+ var idFidoGenCeAaguidExt = new X509Extension(oidIdFidoGenCeAaGuid, asnEncodedAaguid, false);
attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
@@ -5295,16 +5090,12 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData()
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -5316,7 +5107,7 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5340,7 +5131,7 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -5359,7 +5150,7 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData()
_attestationObject.Add("attStmt", new CborMap {
{ "ver", "2.0" },
{ "alg", (int)alg },
- { "x5c", X5c },
+ { "x5c", x5c },
{ "sig", signature },
{ "certInfo", certInfo },
{ "pubArea", pubArea }
@@ -5387,22 +5178,18 @@ public void TestTPMECDAANotSupported()
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
attRequest.CertificateExtensions.Add(notCAExt);
- attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
+ attRequest.CertificateExtensions.Add(idFidoGenCeAaGuidExt);
attRequest.CertificateExtensions.Add(aikCertSanExt);
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
byte[] serial = RandomNumberGenerator.GetBytes(12);
- using (X509Certificate2 publicOnly = attRequest.Create(
- rootCert,
- notBefore,
- notAfter,
- serial))
+ using (X509Certificate2 publicOnly = attRequest.Create(rootCert, notBefore, notAfter, serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt);
}
- var X5c = new CborArray {
+ var x5c = new CborArray {
attestnCert.RawData,
rootCert.RawData
};
@@ -5414,7 +5201,7 @@ public void TestTPMECDAANotSupported()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_RSA, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5438,7 +5225,7 @@ public void TestTPMECDAANotSupported()
byte[] tpm2bNameLen = GetUInt16BigEndianBytes(tpmAlg.Length + hashedPubArea.Length);
byte[] tpm2bName = Concat(tpm2bNameLen, tpmAlg, hashedPubArea);
- var certInfo = CreateCertInfo(
+ var certInfo = CertInfoHelper.CreateCertInfo(
new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic
new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type
new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner
@@ -5491,7 +5278,7 @@ public void TestPubAreaAltKeyedHash()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
+ var pubArea = PubAreaHelper.CreatePubArea(
TpmAlg.TPM_ALG_KEYEDHASH, // Type
tpmAlg, // Alg
new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
@@ -5518,18 +5305,18 @@ public void TestPubAreaAltSymCipher()
unique = rsaParams.Modulus;
exponent = rsaParams.Exponent;
- var pubArea = CreatePubArea(
- TpmAlg.TPM_ALG_SYMCIPHER, // Type
- tpmAlg, // Alg
- new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
- new byte[] { 0x00 }, // Policy
- new byte[] { 0x00, 0x10 }, // Symmetric
- new byte[] { 0x00, 0x10 }, // Scheme
- new byte[] { 0x80, 0x00 }, // KeyBits
- exponent, // Exponent
- curveId, // CurveID
- kdf, // KDF
- unique // Unique
+ var pubArea = PubAreaHelper.CreatePubArea(
+ TpmAlg.TPM_ALG_SYMCIPHER, // Type
+ tpmAlg, // Alg
+ new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
+ new byte[] { 0x00 }, // Policy
+ new byte[] { 0x00, 0x10 }, // Symmetric
+ new byte[] { 0x00, 0x10 }, // Scheme
+ new byte[] { 0x80, 0x00 }, // KeyBits
+ exponent, // Exponent
+ curveId, // CurveID
+ kdf, // KDF
+ unique // Unique
);
var ex = Assert.Throws(() => new PubArea(pubArea));
@@ -5544,82 +5331,6 @@ public void TestPubAreaExtraBytes()
Assert.Equal("Leftover bytes decoding pubArea", ex.Message);
}
- internal static byte[] CreatePubArea(
- TpmAlg type,
- ReadOnlySpan alg,
- ReadOnlySpan attributes,
- ReadOnlySpan policy,
- ReadOnlySpan symmetric,
- ReadOnlySpan scheme,
- ReadOnlySpan keyBits,
- ReadOnlySpan exponent,
- ReadOnlySpan curveID,
- ReadOnlySpan kdf,
- ReadOnlySpan unique = default)
- {
- var raw = new MemoryStream();
-
- if (type is TpmAlg.TPM_ALG_ECC)
- {
- raw.Write(type.ToUInt16BigEndianBytes());
- raw.Write(alg);
- raw.Write(attributes);
- raw.Write(GetUInt16BigEndianBytes(policy.Length));
- raw.Write(policy);
- raw.Write(symmetric);
- raw.Write(scheme);
- raw.Write(curveID);
- raw.Write(kdf);
- raw.Write(unique);
- }
- else
- {
- raw.Write(type.ToUInt16BigEndianBytes());
- raw.Write(alg);
- raw.Write(attributes);
- raw.Write(GetUInt16BigEndianBytes(policy.Length));
- raw.Write(policy);
- raw.Write(symmetric);
- raw.Write(scheme);
- raw.Write(keyBits);
- raw.Write(BitConverter.GetBytes(exponent[0] + (exponent[1] << 8) + (exponent[2] << 16)));
- raw.Write(GetUInt16BigEndianBytes(unique.Length));
- raw.Write(unique);
- }
-
- return raw.ToArray();
- }
-
- internal static byte[] CreateCertInfo(
- ReadOnlySpan magic,
- ReadOnlySpan type,
- ReadOnlySpan QualifiedSigner,
- ReadOnlySpan extraData,
- ReadOnlySpan clock,
- ReadOnlySpan resetCount,
- ReadOnlySpan restartCount,
- ReadOnlySpan safe,
- ReadOnlySpan firmwareRevision,
- ReadOnlySpan tPM2BName,
- ReadOnlySpan attestedQualifiedNameBuffer)
- {
- var stream = new MemoryStream();
-
- stream.Write(magic);
- stream.Write(type);
- stream.Write(QualifiedSigner);
- stream.Write(extraData);
- stream.Write(clock);
- stream.Write(resetCount);
- stream.Write(restartCount);
- stream.Write(safe);
- stream.Write(firmwareRevision);
- stream.Write(tPM2BName);
- stream.Write(attestedQualifiedNameBuffer);
-
- return stream.ToArray();
- }
-
internal static byte[] GetUInt16BigEndianBytes(int value)
{
return GetUInt16BigEndianBytes((UInt16)value);
diff --git a/Test/AuthenticatorResponse.cs b/Test/AuthenticatorResponse.cs
index b3e9bf36..f4fb331d 100644
--- a/Test/AuthenticatorResponse.cs
+++ b/Test/AuthenticatorResponse.cs
@@ -278,18 +278,18 @@ public void TestAuthenticatorAttestationRawResponse()
}
};
Assert.Equal(PublicKeyCredentialType.PublicKey, rawResponse.Type);
- Assert.True(rawResponse.Id.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(rawResponse.RawId.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(rawResponse.Response.AttestationObject.SequenceEqual(new byte[] { 0xa0 }));
- Assert.True(rawResponse.Response.ClientDataJson.SequenceEqual(clientDataJson));
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, rawResponse.Id);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, rawResponse.RawId);
+ Assert.Equal(new byte[] { 0xa0 }, rawResponse.Response.AttestationObject);
+ Assert.Equal(clientDataJson, rawResponse.Response.ClientDataJson);
Assert.True(rawResponse.Extensions.AppID);
Assert.True(rawResponse.Extensions.AuthenticatorSelection);
- Assert.Equal(rawResponse.Extensions.Extensions, new string[] { "foo", "bar" });
+ Assert.Equal(new string[] { "foo", "bar" }, rawResponse.Extensions.Extensions);
Assert.Equal("test", rawResponse.Extensions.Example);
Assert.Equal((ulong)4, rawResponse.Extensions.UserVerificationMethod[0][0]);
Assert.True(rawResponse.Extensions.PRF.Enabled);
- Assert.True(rawResponse.Extensions.PRF.Results.First.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(rawResponse.Extensions.PRF.Results.Second.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
+ Assert.Equal(rawResponse.Extensions.PRF.Results.First, new byte[] { 0xf1, 0xd0 });
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, rawResponse.Extensions.PRF.Results.Second);
}
[Fact]
@@ -308,7 +308,7 @@ public void TestAuthenticatorAttestationResponseNull()
Type = PublicKeyCredentialType.PublicKey,
Id = new byte[] { 0xf1, 0xd0 },
RawId = new byte[] { 0xf1, 0xd0 },
- Response = null,
+ Response = null
};
var ex = Assert.Throws(() => AuthenticatorAttestationResponse.Parse(rawResponse));
@@ -1259,20 +1259,20 @@ public void TestAuthenticatorAssertionRawResponse()
}
};
Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);
- Assert.True(assertionResponse.Id.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(assertionResponse.RawId.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(assertionResponse.Response.AuthenticatorData.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(assertionResponse.Response.Signature.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(assertionResponse.Response.ClientDataJson.SequenceEqual(clientDataJson));
- Assert.True(assertionResponse.Response.UserHandle.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Id);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.RawId);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Response.AuthenticatorData);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Response.Signature);
+ Assert.Equal(clientDataJson, assertionResponse.Response.ClientDataJson);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Response.UserHandle);
Assert.True(assertionResponse.Extensions.AppID);
Assert.True(assertionResponse.Extensions.AuthenticatorSelection);
- Assert.Equal(assertionResponse.Extensions.Extensions, new string[] { "foo", "bar" });
+ Assert.Equal(new string[] { "foo", "bar" }, assertionResponse.Extensions.Extensions);
Assert.Equal("test", assertionResponse.Extensions.Example);
Assert.Equal((ulong)4, assertionResponse.Extensions.UserVerificationMethod[0][0]);
Assert.True(assertionResponse.Extensions.PRF.Enabled);
- Assert.True(assertionResponse.Extensions.PRF.Results.First.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
- Assert.True(assertionResponse.Extensions.PRF.Results.Second.SequenceEqual(new byte[] { 0xf1, 0xd0 }));
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Extensions.PRF.Results.First);
+ Assert.Equal(new byte[] { 0xf1, 0xd0 }, assertionResponse.Extensions.PRF.Results.Second);
}
[Fact]
diff --git a/Test/CborTests.cs b/Test/CborTests.cs
index 815bb198..d241cc4c 100644
--- a/Test/CborTests.cs
+++ b/Test/CborTests.cs
@@ -18,7 +18,7 @@ public void CanRoundtripAttestationObject()
Assert.Equal(1, ((CborArray)attStmt["x5c"]).Length);
Assert.Equal(70, ((CborByteString)attStmt["sig"]).Value.Length);
- Assert.True(data.AsSpan().SequenceEqual(@object.Encode()));
+ Assert.Equal(data, @object.Encode());
}
[Fact]
diff --git a/Test/CredentialPublicKeyTests.cs b/Test/CredentialPublicKeyTests.cs
new file mode 100644
index 00000000..ab37c4b3
--- /dev/null
+++ b/Test/CredentialPublicKeyTests.cs
@@ -0,0 +1,47 @@
+using System.Security.Cryptography;
+
+using Fido2NetLib;
+using Fido2NetLib.Objects;
+
+namespace fido2_net_lib.Test;
+
+public class CredentialPublicKeyTests
+{
+ [Theory]
+ [InlineData("1.3.132.0.10", COSE.Algorithm.ES256K)] // secP256k1
+ [InlineData("1.2.840.10045.3.1.7", COSE.Algorithm.ES256)] // P256
+ [InlineData("1.3.132.0.34", COSE.Algorithm.ES384)] // P384
+ [InlineData("1.3.132.0.35", COSE.Algorithm.ES512)] // P512
+ public void CanUseECCurves(string oid, COSE.Algorithm alg)
+ {
+ if (OperatingSystem.IsMacOS() && alg is COSE.Algorithm.ES256K)
+ {
+ return;
+ }
+
+ byte[] signedData = RandomNumberGenerator.GetBytes(64);
+
+ using var ecDsa = ECDsa.Create(ECCurve.CreateFromValue(oid));
+
+ var signature = SignatureHelper.EcDsaSigFromSig(ecDsa.SignData(signedData, CryptoUtils.HashAlgFromCOSEAlg(alg)), ecDsa.KeySize);
+
+ var credentialPublicKey = new CredentialPublicKey(ecDsa, alg);
+
+ using var decodedPublicKey = credentialPublicKey.CreateECDsa();
+
+ var decodedEcDsaParams = decodedPublicKey.ExportParameters(false);
+
+ // NOTES
+ // - the oid.value is not set for secP256k1
+ // - macOS does not support the secP256k1 curve
+
+ if (decodedEcDsaParams.Curve.Oid?.Value != null)
+ {
+ Assert.Equal(oid, decodedEcDsaParams.Curve.Oid.Value);
+ }
+
+
+
+ Assert.True(credentialPublicKey.Verify(signedData, signature));
+ }
+}
diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs
index c1d24c57..17732af0 100644
--- a/Test/CryptoUtilsTests.cs
+++ b/Test/CryptoUtilsTests.cs
@@ -55,8 +55,8 @@ public void TestValidateTrustChainRootAnchor()
[Fact]
public void TestValidateTrustChainSubAnchor()
{
- // TODO: Figure out why this test fails on Mac/Linux
- if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+ // TODO: Figure out why this test fails on macOS and Linux
+ if (!OperatingSystem.IsWindows())
return;
byte[] attRootCertBytes = Convert.FromBase64String("MIIDCDCCAq+gAwIBAgIQQAFqUNTHZ8kBN8u/bCk+xDAKBggqhkjOPQQDAjBrMQswCQYDVQQGEwJVUzETMBEGA1UEChMKSElEIEdsb2JhbDEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEjMCEGA1UEAxMaRklETyBBdHRlc3RhdGlvbiBSb290IENBIDEwHhcNMTkwNDI0MTkzMTIzWhcNNDQwNDI3MTkzMTIzWjBmMQswCQYDVQQGEwJVUzETMBEGA1UEChMKSElEIEdsb2JhbDEiMCAGA1UECxMZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEeMBwGA1UEAxMVRklETyBBdHRlc3RhdGlvbiBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4nK9ctzk6GEGFNQBcrnBBmWU+dCnuHQAARrB2Eyc8MbsljkSFhZtfz/Rw6SuVIDk5VakDzrKBAOJ9v0Rvg/406OCATgwggE0MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMIGEBggrBgEFBQcBAQR4MHYwLgYIKwYBBQUHMAGGImh0dHA6Ly9oaWQuZmlkby5vY3NwLmlkZW50cnVzdC5jb20wRAYIKwYBBQUHMAKGOGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vcm9vdHMvSElERklET1Jvb3RjYTEucDdjMB8GA1UdIwQYMBaAFB2m3iwWSYHvWTHbJiHAyKDp+CSjMEcGA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20vY3JsL0hJREZJRE9Sb290Y2ExLmNybDAdBgNVHQ4EFgQUDLCbuLslcclrOZIz57Fu0imSMQ8wCgYIKoZIzj0EAwIDRwAwRAIgDCW5IrbjEI/y35lPjx9a+/sF4lPSoZdBHgFgTWC+8VICIEqs2SPzUHgHVh65Ajl1oIUmhh0C2lyR/Zdk7O3u1TIK");
diff --git a/Test/Extensions/CertInfoHelper.cs b/Test/Extensions/CertInfoHelper.cs
new file mode 100644
index 00000000..e4736396
--- /dev/null
+++ b/Test/Extensions/CertInfoHelper.cs
@@ -0,0 +1,34 @@
+namespace fido2_net_lib;
+
+internal static class CertInfoHelper
+{
+ public static byte[] CreateCertInfo(
+ ReadOnlySpan magic,
+ ReadOnlySpan type,
+ ReadOnlySpan qualifiedSigner,
+ ReadOnlySpan extraData,
+ ReadOnlySpan clock,
+ ReadOnlySpan resetCount,
+ ReadOnlySpan restartCount,
+ ReadOnlySpan safe,
+ ReadOnlySpan firmwareRevision,
+ ReadOnlySpan tPM2BName,
+ ReadOnlySpan attestedQualifiedNameBuffer)
+ {
+ using var stream = new MemoryStream();
+
+ stream.Write(magic);
+ stream.Write(type);
+ stream.Write(qualifiedSigner);
+ stream.Write(extraData);
+ stream.Write(clock);
+ stream.Write(resetCount);
+ stream.Write(restartCount);
+ stream.Write(safe);
+ stream.Write(firmwareRevision);
+ stream.Write(tPM2BName);
+ stream.Write(attestedQualifiedNameBuffer);
+
+ return stream.ToArray();
+ }
+}
diff --git a/Test/Extensions/PubAreaHelper.cs b/Test/Extensions/PubAreaHelper.cs
new file mode 100644
index 00000000..8135b42f
--- /dev/null
+++ b/Test/Extensions/PubAreaHelper.cs
@@ -0,0 +1,70 @@
+using System.Buffers.Binary;
+
+using Fido2NetLib;
+
+using Test;
+
+namespace fido2_net_lib;
+
+internal static class PubAreaHelper
+{
+ internal static byte[] CreatePubArea(
+ TpmAlg type,
+ ReadOnlySpan alg,
+ ReadOnlySpan attributes,
+ ReadOnlySpan policy,
+ ReadOnlySpan symmetric,
+ ReadOnlySpan scheme,
+ ReadOnlySpan keyBits,
+ ReadOnlySpan exponent,
+ ReadOnlySpan curveID,
+ ReadOnlySpan kdf,
+ ReadOnlySpan unique = default)
+ {
+ using var stream = new MemoryStream();
+
+ if (type is TpmAlg.TPM_ALG_ECC)
+ {
+ stream.Write(type.ToUInt16BigEndianBytes());
+ stream.Write(alg);
+ stream.Write(attributes);
+ stream.Write(GetUInt16BigEndianBytes(policy.Length));
+ stream.Write(policy);
+ stream.Write(symmetric);
+ stream.Write(scheme);
+ stream.Write(curveID);
+ stream.Write(kdf);
+ stream.Write(unique);
+ }
+ else
+ {
+ stream.Write(type.ToUInt16BigEndianBytes());
+ stream.Write(alg);
+ stream.Write(attributes);
+ stream.Write(GetUInt16BigEndianBytes(policy.Length));
+ stream.Write(policy);
+ stream.Write(symmetric);
+ stream.Write(scheme);
+ stream.Write(keyBits);
+ stream.Write(BitConverter.GetBytes(exponent[0] + (exponent[1] << 8) + (exponent[2] << 16)));
+ stream.Write(GetUInt16BigEndianBytes(unique.Length));
+ stream.Write(unique);
+ }
+
+ return stream.ToArray();
+ }
+
+ private static byte[] GetUInt16BigEndianBytes(int value)
+ {
+ return GetUInt16BigEndianBytes((UInt16)value);
+ }
+
+ private static byte[] GetUInt16BigEndianBytes(UInt16 value)
+ {
+ var buffer = new byte[2];
+
+ BinaryPrimitives.WriteUInt16BigEndian(buffer, value);
+
+ return buffer;
+ }
+}
diff --git a/Test/Extensions/SignatureHelper.cs b/Test/Extensions/SignatureHelper.cs
new file mode 100644
index 00000000..0969d9c2
--- /dev/null
+++ b/Test/Extensions/SignatureHelper.cs
@@ -0,0 +1,25 @@
+using System.Formats.Asn1;
+
+namespace fido2_net_lib;
+
+internal static class SignatureHelper
+{
+ public static byte[] EcDsaSigFromSig(ReadOnlySpan sig, int keySizeInBits)
+ {
+ var coefficientSize = (int)Math.Ceiling((decimal)keySizeInBits / 8);
+ var r = sig.Slice(0, coefficientSize);
+ var s = sig.Slice(sig.Length - coefficientSize);
+
+ var writer = new AsnWriter(AsnEncodingRules.BER);
+
+ ReadOnlySpan zero = new byte[1] { 0 };
+
+ using (writer.PushSequence())
+ {
+ writer.WriteIntegerUnsigned(r.TrimStart(zero));
+ writer.WriteIntegerUnsigned(s.TrimStart(zero));
+ }
+
+ return writer.Encode();
+ }
+}
diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs
index e45bc19d..87be4509 100644
--- a/Test/Fido2Tests.cs
+++ b/Test/Fido2Tests.cs
@@ -1,6 +1,4 @@
using System.Buffers.Binary;
-using System.Formats.Asn1;
-using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
@@ -91,13 +89,13 @@ public abstract class Attestation
public const string rp = "https://www.passwordless.dev";
public byte[] _challenge;
public X500DistinguishedName rootDN = new("CN=Testing, O=FIDO2-NET-LIB, C=US");
- public Oid oidIdFidoGenCeAaguid = new("1.3.6.1.4.1.45724.1.1.4");
- //private byte[] asnEncodedAaguid = new byte[] { 0x04, 0x10, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
- //public byte[] asnEncodedAaguid = new byte[] { 0x04, 0x10, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
+ public Oid oidIdFidoGenCeAaGuid = new("1.3.6.1.4.1.45724.1.1.4");
+ //private byte[] asnEncodedAaGuid = new byte[] { 0x04, 0x10, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
+ //public byte[] asnEncodedAaGuid = new byte[] { 0x04, 0x10, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
public byte[] _asnEncodedAaguid;
protected X509BasicConstraintsExtension caExt = new(true, true, 2, false);
protected X509BasicConstraintsExtension notCAExt = new(false, false, 0, false);
- public X509Extension idFidoGenCeAaguidExt;
+ public X509Extension idFidoGenCeAaGuidExt;
public byte[] _rpIdHash => SHA256.HashData(Encoding.UTF8.GetBytes(rp));
@@ -127,16 +125,13 @@ public byte[] _attToBeSignedHash(HashAlgorithmName alg)
public const AuthenticatorFlags _flags = AuthenticatorFlags.AT | AuthenticatorFlags.ED | AuthenticatorFlags.UP | AuthenticatorFlags.UV;
public ushort _signCount;
protected Guid _aaguid = new("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
- public Extensions _exts
- {
- get
- {
- var extBytes = new CborMap { { "testing", true } }.Encode();
- return new Extensions(extBytes);
- }
+ public Extensions GetExtensions()
+ {
+ var extBytes = new CborMap { { "testing", true } }.Encode();
+ return new Extensions(extBytes);
}
- public AuthenticatorData _authData => new(_rpIdHash, _flags, _signCount, _acd, _exts);
+ public AuthenticatorData _authData => new(_rpIdHash, _flags, _signCount, _acd, GetExtensions());
public AttestedCredentialData _acd => new(_aaguid, _credentialID, _credentialPublicKey);
@@ -153,7 +148,7 @@ public Attestation()
_asnEncodedAaguid = AsnHelper.GetAaguidBlob(_aaguid);
- idFidoGenCeAaguidExt = new X509Extension(oidIdFidoGenCeAaguid, _asnEncodedAaguid, false);
+ idFidoGenCeAaGuidExt = new X509Extension(oidIdFidoGenCeAaGuid, _asnEncodedAaguid, false);
}
public async Task MakeAttestationResponseAsync()
@@ -278,10 +273,10 @@ internal byte[] SignData(COSE.KeyType kty, COSE.Algorithm alg, COSE.EllipticCurv
{
case COSE.KeyType.EC2:
{
- var ecparams = ecdsa.ExportParameters(true);
- _credentialPublicKey = MakeCredentialPublicKey(kty, alg, curve, ecparams.Q.X, ecparams.Q.Y);
+ var ecParams = ecdsa.ExportParameters(true);
+ _credentialPublicKey = MakeCredentialPublicKey(kty, alg, curve, ecParams.Q.X, ecParams.Q.Y);
var signature = ecdsa.SignData(_attToBeSigned, CryptoUtils.HashAlgFromCOSEAlg(alg));
- return EcDsaSigFromSig(signature, ecdsa.KeySize);
+ return SignatureHelper.EcDsaSigFromSig(signature, ecdsa.KeySize);
}
case COSE.KeyType.RSA:
{
@@ -327,7 +322,7 @@ internal static byte[] SignData(COSE.KeyType kty, COSE.Algorithm alg, byte[] dat
case COSE.KeyType.EC2:
{
var signature = ecdsa.SignData(data, CryptoUtils.HashAlgFromCOSEAlg(alg));
- return EcDsaSigFromSig(signature, ecdsa.KeySize);
+ return SignatureHelper.EcDsaSigFromSig(signature, ecdsa.KeySize);
}
case COSE.KeyType.RSA:
{
@@ -383,7 +378,7 @@ public void TestStringIsSerializable()
Assert.False(UserVerificationRequirement.Required == UserVerificationRequirement.Discouraged);
Assert.True(UserVerificationRequirement.Required != UserVerificationRequirement.Discouraged);
- // testing where string and membername mismatch
+ // testing where string and member name mismatch
var y1 = AuthenticatorAttachment.CrossPlatform;
var yjson = JsonSerializer.Serialize(y1);
@@ -393,7 +388,7 @@ public void TestStringIsSerializable()
Assert.Equal(AuthenticatorAttachment.CrossPlatform, y2);
- // test list of typedstrings
+ // test list of typed strings
var z1 = new[] {
AuthenticatorTransport.Ble,
AuthenticatorTransport.Usb,
@@ -405,7 +400,7 @@ public void TestStringIsSerializable()
var z2 = JsonSerializer.Deserialize(zjson);
Assert.All(z2, (x) => z1.Contains(x));
- Assert.True(z1.SequenceEqual(z2));
+ Assert.Equal(z1, z2);
}
[Fact]
@@ -556,7 +551,7 @@ public async Task TestPackedAttestationAsync()
var authData = o.AttestationObject.AuthData;
var acdBytes = authData.AttestedCredentialData.ToByteArray();
var acd = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acd.ToByteArray().SequenceEqual(acdBytes));
+ Assert.Equal(acd.ToByteArray(), acdBytes);
}
[Fact]
@@ -616,14 +611,14 @@ public async Task TestTrustKeyAttestationAsync()
var authData = o.AttestationObject.AuthData;
var acdBytes = authData.AttestedCredentialData.ToByteArray();
var acd = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acd.ToByteArray().SequenceEqual(acdBytes));
+ Assert.Equal(acd.ToByteArray(), acdBytes);
}
[Fact]
public async Task TestInvalidU2FAttestationAsync()
{
- // TODO: Figure out why this test fails on Mac/Linux
- if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+ // TODO: Figure out why this test fails on macOS and Linux
+ if (!OperatingSystem.IsWindows())
return;
var jsonPost = JsonSerializer.Deserialize(await File.ReadAllTextAsync("./attestationResultsATKey.json"));
@@ -633,7 +628,7 @@ public async Task TestInvalidU2FAttestationAsync()
var authData = o.AttestationObject.AuthData;
var acdBytes = authData.AttestedCredentialData.ToByteArray();
var acd = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acd.ToByteArray().SequenceEqual(acdBytes));
+ Assert.Equal(acd.ToByteArray(), acdBytes);
}
[Fact]
@@ -729,13 +724,13 @@ public void TestAttestedCredentialDataES256()
var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
var ecdsa = MakeECDsa(COSE.Algorithm.ES256, COSE.EllipticCurve.P256);
- var ecparams = ecdsa.ExportParameters(true);
- var cpk = MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecparams.Q.X, ecparams.Q.Y);
+ var ecParams = ecdsa.ExportParameters(true);
+ var cpk = MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecParams.Q.X, ecParams.Q.Y);
var acdFromConst = new AttestedCredentialData(aaguid, credentialID, cpk);
var acdBytes = acdFromConst.ToByteArray();
var acdFromBytes = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acdFromBytes.ToByteArray().SequenceEqual(acdFromConst.ToByteArray()));
+ Assert.Equal(acdFromBytes.ToByteArray(), acdFromConst.ToByteArray());
}
[Fact]
@@ -750,7 +745,7 @@ public void TestAttestedCredentialDataRSA()
var acdFromConst = new AttestedCredentialData(aaguid, credentialID, cpk);
var acdBytes = acdFromConst.ToByteArray();
var acdFromBytes = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acdFromBytes.ToByteArray().SequenceEqual(acdFromConst.ToByteArray()));
+ Assert.Equal(acdFromBytes.ToByteArray(), acdFromConst.ToByteArray());
var sig = SignData(COSE.KeyType.RSA, COSE.Algorithm.RS256, acdBytes, null, rsa, null);
@@ -762,15 +757,15 @@ public void TestAttestedCredentialDataRSA()
[Fact]
public void TestAttestedCredentialDataOKP()
{
- var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
+ var aaGuid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
MakeEdDSA(out _, out var publicKey, out var privateKey);
var cpk = MakeCredentialPublicKey(COSE.KeyType.OKP, COSE.Algorithm.EdDSA, COSE.EllipticCurve.Ed25519, publicKey);
- var acdFromConst = new AttestedCredentialData(aaguid, credentialID, cpk);
+ var acdFromConst = new AttestedCredentialData(aaGuid, credentialID, cpk);
var acdBytes = acdFromConst.ToByteArray();
var acdFromBytes = AttestedCredentialData.Parse(acdBytes);
- Assert.True(acdFromBytes.ToByteArray().SequenceEqual(acdFromConst.ToByteArray()));
+ Assert.Equal(acdFromBytes.ToByteArray(), acdFromConst.ToByteArray());
var sig = SignData(COSE.KeyType.OKP, COSE.Algorithm.EdDSA, acdBytes, null, null, privateKey);
@@ -786,53 +781,32 @@ public void TestAuthenticatorData()
var rpIdHash = SHA256.HashData(rpId);
var flags = AuthenticatorFlags.AT | AuthenticatorFlags.ED | AuthenticatorFlags.UP | AuthenticatorFlags.UV;
const ushort signCount = 0xf1d0;
- var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
+ var aaGuid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
var ecdsa = MakeECDsa(COSE.Algorithm.ES256, COSE.EllipticCurve.P256);
- var ecparams = ecdsa.ExportParameters(true);
- var cpk = MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecparams.Q.X, ecparams.Q.Y);
+ var ecParams = ecdsa.ExportParameters(true);
+ var cpk = MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecParams.Q.X, ecParams.Q.Y);
- var acd = new AttestedCredentialData(aaguid, credentialID, cpk);
+ var acd = new AttestedCredentialData(aaGuid, credentialID, cpk);
var extBytes = new CborMap { { "testing", true } }.Encode();
var exts = new Extensions(extBytes);
var ad = new AuthenticatorData(rpIdHash, flags, signCount, acd, exts);
- Assert.True(ad.RpIdHash.SequenceEqual(rpIdHash));
+ Assert.Equal(rpIdHash, ad.RpIdHash);
Assert.True(ad.HasAttestedCredentialData | ad.UserPresent | ad.UserVerified | ad.HasExtensionsData);
- Assert.True(ad.SignCount == signCount);
- Assert.True(ad.AttestedCredentialData.ToByteArray().SequenceEqual(acd.ToByteArray()));
- Assert.True(ad.Extensions.GetBytes().SequenceEqual(extBytes));
- }
-
- internal static byte[] EcDsaSigFromSig(ReadOnlySpan sig, int keySize)
- {
- var coefficientSize = (int)Math.Ceiling((decimal)keySize / 8);
- var r = sig.Slice(0, coefficientSize);
- var s = sig.Slice(sig.Length - coefficientSize);
-
- var writer = new AsnWriter(AsnEncodingRules.BER);
-
- ReadOnlySpan zero = new byte[1] { 0 };
-
- using (writer.PushSequence())
- {
- writer.WriteIntegerUnsigned(r.TrimStart(zero));
- writer.WriteIntegerUnsigned(s.TrimStart(zero));
- }
-
- return writer.Encode();
+ Assert.Equal(signCount, ad.SignCount);
+ Assert.Equal(ad.AttestedCredentialData.ToByteArray(), acd.ToByteArray());
+ Assert.Equal(extBytes, ad.Extensions.GetBytes());
}
[Fact]
- public void TestAssertionResponse()
+ public async Task TestAssertionResponse()
{
AssertionVerificationResult avr;
- _validCOSEParameters.ForEach(async ((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve) param) =>
+ foreach (var (type, alg, curve) in _validCOSEParameters)
{
- var (type, alg, curve) = param;
-
// No support for P256K on OSX
- if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX) && curve == COSE.EllipticCurve.P256K)
+ if (OperatingSystem.IsMacOS() && curve is COSE.EllipticCurve.P256K)
return;
if (curve != default)
@@ -843,82 +817,12 @@ public void TestAssertionResponse()
{
avr = await MakeAssertionResponseAsync(type, alg);
}
+
Assert.Equal("", avr.ErrorMessage);
Assert.Equal("ok", avr.Status);
Assert.Equal(new byte[] { 0xf1, 0xd0 }, avr.CredentialId);
Assert.Equal("1", avr.Counter.ToString("X"));
- });
- }
-
- internal static byte[] CreatePubArea(byte[] type, byte[] alg, byte[] attributes, byte[] policy, byte[] symmetric,
- byte[] scheme, byte[] keyBits, byte[] exponent, byte[] curveID, byte[] kdf, byte[] unique)
- {
- var tpmalg = (TpmAlg)Enum.ToObject(typeof(TpmAlg), BinaryPrimitives.ReadUInt16BigEndian(type));
-
- IEnumerable raw = null;
- var uniqueLen = new byte[2];
- BinaryPrimitives.WriteUInt16BigEndian(uniqueLen, (UInt16)unique.Length);
-
- if (TpmAlg.TPM_ALG_RSA == tpmalg)
- {
- raw
- = type
- .Concat(alg)
- .Concat(attributes)
- .Concat(BitConverter.GetBytes((UInt16)policy.Length)
- .Reverse()
- .ToArray())
- .Concat(policy)
- .Concat(symmetric)
- .Concat(scheme)
- .Concat(keyBits)
- .Concat(BitConverter.GetBytes(exponent[0] + (exponent[1] << 8) + (exponent[2] << 16)))
- .Concat(BitConverter.GetBytes((UInt16)unique.Length)
- .Reverse()
- .ToArray())
- .Concat(unique);
}
- if (TpmAlg.TPM_ALG_ECC == tpmalg)
- {
- raw = type
- .Concat(alg)
- .Concat(attributes)
- .Concat(BitConverter.GetBytes((UInt16)policy.Length)
- .Reverse()
- .ToArray())
- .Concat(policy)
- .Concat(symmetric)
- .Concat(scheme)
- .Concat(curveID)
- .Concat(kdf)
- .Concat(BitConverter.GetBytes((UInt16)unique.Length)
- .Reverse()
- .ToArray())
- .Concat(unique);
- }
-
- return raw.ToArray();
- }
-
- internal static byte[] CreateCertInfo(byte[] magic, byte[] type, byte[] QualifiedSigner,
- byte[] extraData, byte[] clock, byte[] resetCount, byte[] restartCount,
- byte[] safe, byte[] firmwareRevision, byte[] tPM2BName, byte[] attestedQualifiedNameBuffer)
- {
- var raw = new MemoryStream();
-
- raw.Write(magic);
- raw.Write(type);
- raw.Write(QualifiedSigner);
- raw.Write(extraData);
- raw.Write(clock);
- raw.Write(resetCount);
- raw.Write(restartCount);
- raw.Write(safe);
- raw.Write(firmwareRevision);
- raw.Write(tPM2BName);
- raw.Write(attestedQualifiedNameBuffer);
-
- return raw.ToArray();
}
internal static async Task MakeAssertionResponseAsync(
@@ -935,8 +839,8 @@ internal static async Task MakeAssertionResponseAsy
byte[] rpId = Encoding.UTF8.GetBytes(rp);
var rpIdHash = SHA256.HashData(rpId);
var flags = AuthenticatorFlags.AT | AuthenticatorFlags.ED | AuthenticatorFlags.UP | AuthenticatorFlags.UV;
- var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
- var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
+ var aaGuid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
+ var credentialId = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
if (cpk == null)
{
switch (kty)
@@ -945,8 +849,8 @@ internal static async Task MakeAssertionResponseAsy
{
ecdsa ??= MakeECDsa(alg, crv);
- var ecparams = ecdsa.ExportParameters(true);
- cpk = MakeCredentialPublicKey(kty, alg, crv, ecparams.Q.X, ecparams.Q.Y);
+ var ecParams = ecdsa.ExportParameters(true);
+ cpk = MakeCredentialPublicKey(kty, alg, crv, ecParams.Q.X, ecParams.Q.Y);
break;
}
case COSE.KeyType.RSA:
@@ -972,7 +876,7 @@ internal static async Task MakeAssertionResponseAsy
throw new ArgumentOutOfRangeException(nameof(kty), $"Missing or unknown kty {kty}");
}
}
- var acd = new AttestedCredentialData(aaguid, credentialID, cpk);
+ var acd = new AttestedCredentialData(aaGuid, credentialId, cpk);
var extBytes = new CborMap { { "testing", true } }.Encode();
var exts = new Extensions(extBytes);
@@ -1052,7 +956,7 @@ internal static ECDsa MakeECDsa(COSE.Algorithm alg, COSE.EllipticCurve crv)
if (OperatingSystem.IsMacOS())
{
// see https://github.com/dotnet/runtime/issues/47770
- throw new PlatformNotSupportedException($"No support currently for secP256k1 on MacOS");
+ throw new PlatformNotSupportedException($"No support currently for secP256k1 on macOS");
}
curve = ECCurve.CreateFromFriendlyName("secP256k1");
break;
@@ -1141,8 +1045,8 @@ internal static CredentialPublicKey MakeCredentialPublicKey((COSE.KeyType, COSE.
case COSE.KeyType.EC2:
{
var ecdsa = MakeECDsa(alg, crv);
- var ecparams = ecdsa.ExportParameters(true);
- cpk = MakeCredentialPublicKey(kty, alg, crv, ecparams.Q.X, ecparams.Q.Y);
+ var ecParams = ecdsa.ExportParameters(true);
+ cpk = MakeCredentialPublicKey(kty, alg, crv, ecParams.Q.X, ecParams.Q.Y);
break;
}
case COSE.KeyType.RSA: