public AndroidKey()
{
_attestationObject = new CborMap {
{ "fmt", "android-key" }
};
X509Certificate2 attestnCert;
using (var ecdsaAtt = ECDsa.Create(ECCurve.NamedCurves.nistP256))
{
var attRequest = new CertificateRequest("CN=AndroidKeyTesting, OU=Authenticator Attestation, O=FIDO2-NET-LIB, C=US", ecdsaAtt, HashAlgorithmName.SHA256);
attRequest.CertificateExtensions.Add(new X509Extension("1.3.6.1.4.1.11129.2.1.17", EncodeAttestationRecord(), false));
using (attestnCert = attRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(2)))
{
var X5c = new CborArray {
attestnCert.RawData
};
byte[] signature = SignData(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecdsa: ecdsaAtt);
_attestationObject.Add("attStmt", new CborMap {
{ "alg", COSE.Algorithm.ES256 },
{ "x5c", X5c },
{ "sig", signature }
});
}
}
}
public virtual (AttestationType, X509Certificate2[]) Verify(CborMap attStmt, byte[] authenticatorData, byte[] clientDataHash)
{
this.attStmt = attStmt;
this.authenticatorData = authenticatorData;
this.clientDataHash = clientDataHash;
return(Verify());
}
public static CborMap CreatePublicKeyFromU2fRegistrationData(byte[] keyHandleData, byte[] publicKeyData)
{
var x = new byte[32];
var y = new byte[32];
Buffer.BlockCopy(publicKeyData, 1, x, 0, 32);
Buffer.BlockCopy(publicKeyData, 33, y, 0, 32);
var point = new ECPoint
{
X = x,
Y = y,
};
var coseKey = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, COSE.KeyType.EC2 },
{ (int)COSE.KeyCommonParameter.Alg, -7 },
{ COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256 },
{ COSE.KeyTypeParameter.X, point.X },
{ COSE.KeyTypeParameter.Y, point.Y }
};
return(coseKey);
}
public void TestNone()
{
Fido2Tests._validCOSEParameters.ForEach(async((COSE.KeyType, COSE.Algorithm, COSE.EllipticCurve)param) =>
{
_attestationObject.Add("attStmt", new CborMap());
_credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(param);
Fido2.CredentialMakeResult res = null;
res = await MakeAttestationResponse();
Assert.Equal(string.Empty, res.ErrorMessage);
Assert.Equal("ok", res.Status);
Assert.Equal(_aaguid, res.Result.Aaguid);
Assert.Equal(_signCount, res.Result.Counter);
Assert.Equal("none", res.Result.CredType);
Assert.Equal(_credentialID, res.Result.CredentialId);
Assert.Null(res.Result.ErrorMessage);
Assert.Equal(_credentialPublicKey.GetBytes(), res.Result.PublicKey);
Assert.Null(res.Result.Status);
Assert.Equal("Test User", res.Result.User.DisplayName);
Assert.Equal(System.Text.Encoding.UTF8.GetBytes("testuser"), res.Result.User.Id);
Assert.Equal("testuser", res.Result.User.Name);
_attestationObject = new CborMap {
{ "fmt", "none" }
};
});
public CredentialPublicKey(X509Certificate2 cert, COSE.Algorithm alg)
{
var keyAlg = cert.GetKeyAlgorithm();
_type = CoseKeyTypeFromOid[keyAlg];
_alg = alg;
_cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, _type },
{ COSE.KeyCommonParameter.Alg, _alg }
};
if (_type is COSE.KeyType.RSA)
{
var keyParams = cert.GetRSAPublicKey() !.ExportParameters(false);
_cpk.Add(COSE.KeyTypeParameter.N, keyParams.Modulus !);
_cpk.Add(COSE.KeyTypeParameter.E, keyParams.Exponent !);
}
else if (_type is COSE.KeyType.EC2)
{
var ecDsaPubKey = cert.GetECDsaPublicKey() !;
var keyParams = ecDsaPubKey.ExportParameters(false);
if (keyParams.Curve.Oid.FriendlyName is "secP256k1")
{
_cpk.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256K);
}
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (keyParams.Curve.Oid.FriendlyName !.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal))
{
_cpk.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256);
}
else if (keyParams.Curve.Oid.FriendlyName.Equals(ECCurve.NamedCurves.nistP384.Oid.FriendlyName, StringComparison.Ordinal))
{
_cpk.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P384);
}
else if (keyParams.Curve.Oid.FriendlyName.Equals(ECCurve.NamedCurves.nistP521.Oid.FriendlyName, StringComparison.Ordinal))
{
_cpk.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P521);
}
}
else
{
if (keyParams.Curve.Oid.Value !.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal))
{
_cpk.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256);
}
public void OnMap(int size)
{
if (size == 0)
{
CborMap map = new CborMap();
map.Tag = currentTag;
currentTag = null;
OnObject(map);
}
else
{
stack.Push(DynamicParseState.ParseMap(size, currentTag));
currentTag = null;
}
}
public Apple()
{
validX5cStrings = new[] {
"MIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5/lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm/vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs+GYNN/jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB/Lg9PjTdyye+w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN+aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOsg=",
"MIICNDCCAbqgAwIBAgIQViVTlcen+0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1/VSQRN+b/hkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww+HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O+nAsmkaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbY/HG1zAdBgNVHQ4EFgQU666CxP+hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ+/lVEV+9kiVDGMuXEg+cMECMCyKYETcIB/P5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wx/eLB6VxxugOBw=="
};
_attestationObject = new CborMap {
{ "fmt", "apple" }
};
var(type, alg, crv) = Fido2Tests._validCOSEParameters[0];
X509Certificate2 root, attestnCert;
DateTimeOffset notBefore = DateTimeOffset.UtcNow;
DateTimeOffset notAfter = notBefore.AddDays(2);
var attDN = new X500DistinguishedName("CN=attest.apple.com, OU=Apple Authenticator Attestation, O=FIDO2-NET-LIB, C=US");
using (var ecdsaRoot = ECDsa.Create())
{
var rootRequest = new CertificateRequest(rootDN, ecdsaRoot, HashAlgorithmName.SHA256);
rootRequest.CertificateExtensions.Add(caExt);
ECCurve eCCurve = ECCurve.NamedCurves.nistP256;
using (root = rootRequest.CreateSelfSigned(
notBefore,
notAfter))
using (var ecdsaAtt = ECDsa.Create(eCCurve))
{
var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256);
byte[] serial = new byte[12];
RandomNumberGenerator.Fill(serial);
using (X509Certificate2 publicOnly = attRequest.Create(
root,
notBefore,
notAfter,
serial))
{
attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt);
}
var ecparams = ecdsaAtt.ExportParameters(true);
var cpk = new CborMap
{
{ COSE.KeyCommonParameter.KeyType, type },
{ COSE.KeyCommonParameter.Alg, alg },
{ COSE.KeyTypeParameter.X, ecparams.Q.X },
{ COSE.KeyTypeParameter.Y, ecparams.Q.Y },
{ COSE.KeyTypeParameter.Crv, crv }
};
var x = (byte[])cpk[COSE.KeyTypeParameter.X];
var y = (byte[])cpk[COSE.KeyTypeParameter.Y];
_credentialPublicKey = new CredentialPublicKey(cpk);
var X5c = new CborArray {
attestnCert.RawData,
root.RawData
};
_attestationObject.Add("attStmt", new CborMap {
{ "x5c", X5c }
});
}
}
}
public CredentialPublicKey(CborMap cpk)
{
_cpk = cpk;
_type = (COSE.KeyType)(int) cpk[COSE.KeyCommonParameter.KeyType];
_alg = (COSE.Algorithm)(int) cpk[COSE.KeyCommonParameter.Alg];
}
public ParsedAttestationObject(string fmt, CborMap attStmt, byte[] authData)
{
Fmt = fmt;
AttStmt = attStmt;
AuthData = authData;
}
public None()
{
_attestationObject = new CborMap {
{ "fmt", "none" }
};
}