protected byte[] toBeSigned(byte[] rgbContent, byte[] bodyAttributes)
{
CBORObject cborProtected = CBORObject.FromObject(new byte[0]);
if ((ProtectedMap != null) && (ProtectedMap.Count > 0))
{
byte[] rgb = ProtectedMap.EncodeToBytes();
cborProtected = CBORObject.FromObject(rgb);
}
if (rgbContent == null)
{
rgbContent = new byte[0];
}
CBORObject signObj = CBORObject.NewArray();
signObj.Add(context);
signObj.Add(bodyAttributes);
signObj.Add(cborProtected);
signObj.Add(ExternalData);
signObj.Add(rgbContent);
#if FOR_EXAMPLES
m_toBeSigned = signObj.EncodeToBytes();
#endif
return(signObj.EncodeToBytes());
}
/// <summary>
/// Given the set of inputs, perform the crptographic operations that are needed
/// to build a security context for a single sender and recipient.
/// </summary>
/// <param name="masterSecret">pre-shared key</param>
/// <param name="entityId">name assigned to sender</param>
/// <param name="masterSalt">salt value</param>
/// <param name="algAEAD">encryption algorithm</param>
/// <param name="algKeyAgree">key agreement algorithm</param>
/// <returns></returns>
private static EntityContext DeriveEntityContext(byte[] masterSecret, byte[] entityId, byte[] masterSalt = null, CBORObject algAEAD = null, CBORObject algKeyAgree = null)
{
EntityContext ctx = new EntityContext();
ctx.Algorithm = algAEAD ?? AlgorithmValues.AES_CCM_64_64_128;
ctx.Id = entityId ?? throw new ArgumentNullException(nameof(entityId));
if (algKeyAgree == null)
{
algKeyAgree = AlgorithmValues.ECDH_SS_HKDF_256;
}
ctx.ReplayWindow = new ReplayWindow(0, 64);
CBORObject info = CBORObject.NewArray();
// M00TODO - add the group id into this
info.Add(entityId); // 0
info.Add(ctx.Algorithm); // 1
info.Add("Key"); // 2
info.Add(128 / 8); // 3 in bytes
IDigest sha256;
if (algKeyAgree == null || algKeyAgree.Equals(AlgorithmValues.ECDH_SS_HKDF_256))
{
sha256 = new Sha256Digest();
}
else if (algKeyAgree.Equals(AlgorithmValues.ECDH_SS_HKDF_512))
{
sha256 = new Sha512Digest();
}
else
{
throw new ArgumentException("Unknown key agree algorithm");
}
IDerivationFunction hkdf = new HkdfBytesGenerator(sha256);
hkdf.Init(new HkdfParameters(masterSecret, masterSalt, info.EncodeToBytes()));
ctx.Key = new byte[128 / 8];
hkdf.GenerateBytes(ctx.Key, 0, ctx.Key.Length);
info[2] = CBORObject.FromObject("IV");
info[3] = CBORObject.FromObject(56 / 8);
hkdf.Init(new HkdfParameters(masterSecret, masterSalt, info.EncodeToBytes()));
ctx.BaseIV = new byte[56 / 8];
hkdf.GenerateBytes(ctx.BaseIV, 0, ctx.BaseIV.Length);
return(ctx);
}
public void PerformSignature()
{
CBORObject cborProtected = CBORObject.FromObject(new byte[0]);
if ((objProtected != null) && (objProtected.Count > 0))
{
byte[] rgb = objProtected.EncodeToBytes();
cborProtected = CBORObject.FromObject(rgb);
}
if (rgbSignature == null)
{
CBORObject signObj = CBORObject.NewArray();
signObj.Add(context);
signObj.Add(cborProtected);
signObj.Add(externalData); // External AAD
signObj.Add(rgbContent);
rgbSignature = Sign(toBeSigned());
#if FOR_EXAMPLES
m_toBeSigned = signObj.EncodeToBytes();
#endif
}
}
public void decodeWrongBasis()
{
CBORObject obj = CBORObject.NewMap();
byte[] rgb = obj.EncodeToBytes();
Message msg = Message.DecodeFromBytes(rgb, Tags.Enveloped);
}
public AttestedCredentialData(byte[] attData, ref int offset)
{
Aaguid = AuthDataHelper.GetSizedByteArray(attData, ref offset, 16);
if (null == Aaguid)
{
throw new Fido2VerificationException("Attested credential data is invalid");
}
CredentialID = AuthDataHelper.GetSizedByteArray(attData, ref offset);
// Determining attested credential data's length, which is variable, involves determining credentialPublicKey’s beginning location given the preceding credentialId’s length, and then determining the credentialPublicKey’s length
var ms = new System.IO.MemoryStream(attData, offset, attData.Length - offset);
// CBORObject.Read: This method will read from the stream until the end of the CBOR object is reached or an error occurs, whichever happens first.
CBORObject tmp = null;
try
{
tmp = CBORObject.Read(ms);
}
catch (Exception)
{
throw new Fido2VerificationException("Failed to read credential public key from attested credential data");
}
var aCDLen = tmp.EncodeToBytes().Length;
CredentialPublicKey = AuthDataHelper.GetSizedByteArray(attData, ref offset, (ushort)(aCDLen));
if (null == CredentialID || null == CredentialPublicKey)
{
throw new Fido2VerificationException("Attested credential data is invalid");
}
}
private byte[] BuildContentBytes()
#endif
{
CBORObject obj = CBORObject.NewArray();
obj.Add(strContext);
if (objProtected.Count > 0)
{
obj.Add(objProtected.EncodeToBytes());
}
else
{
obj.Add(CBORObject.FromObject(new byte[0]));
}
if (externalData != null)
{
obj.Add(CBORObject.FromObject(externalData));
}
else
{
obj.Add(CBORObject.FromObject(new byte[0]));
}
obj.Add(rgbContent);
return(obj.EncodeToBytes());
}
public static void AssertRoundTrip(CBORObject o)
{
CBORObject o2 = FromBytesTestAB(o.EncodeToBytes());
TestCommon.CompareTestEqual(o, o2);
TestNumber(o);
TestCommon.AssertEqualsHashCode(o, o2);
}
private byte[] BuildContentBytes()
#endif
{
CBORObject obj = CBORObject.NewArray();
obj.Add(_strContext);
if (ProtectedBytes == null)
{
if (ProtectedMap.Count > 0)
{
ProtectedBytes = ProtectedMap.EncodeToBytes();
}
else
{
ProtectedBytes = new byte[0];
}
}
obj.Add(ProtectedBytes);
if (ExternalData != null)
{
obj.Add(CBORObject.FromObject(ExternalData));
}
else
{
obj.Add(CBORObject.FromObject(new byte[0]));
}
obj.Add(rgbContent);
return(obj.EncodeToBytes());
}
/**
* Verifies the signature of the COSE_Sign1 object.
* <p>
* Note: This method only verifies the signature. Not the payload.
* </p>
*
* @param publicKey
* the key to use when verifying the signature
* @throws SignatureException
* for signature verification errors
*/
public void VerifySignature(byte[] publicKey)
{
if (Signature == null)
{
throw new Exception("Object is not signed");
}
CBORObject obj = CBORObject.NewArray();
obj.Add(ContextString);
obj.Add(ProtectedAttributesEncoding);
obj.Add(ExternalData);
if (Content != null)
{
obj.Add(Content);
}
else
{
obj.Add(null);
}
byte[] signedData = obj.EncodeToBytes();
// First find out which algorithm to use by searching for the algorithm ID in the protected attributes.
//
CBORObject registeredAlgorithm = ProtectedAttributes[HeaderParameterKey.ALG];
if (registeredAlgorithm == null)
{
throw new Exception("No algorithm ID stored in protected attributes - cannot sign");
}
byte[] signatureToVerify = Signature;
// For ECDSA, convert the signature according to section 8.1 of RFC8152.
//
if (registeredAlgorithm == SignatureAlgorithm.ES256 ||
registeredAlgorithm == SignatureAlgorithm.ES384 ||
registeredAlgorithm == SignatureAlgorithm.ES512)
{
signatureToVerify = ConvertToDer(Signature);
}
// Verify using the public key
var pubkey = PublicKeyFactory.CreateKey(publicKey);
var verifier = SignerUtilities.GetSigner(SignatureAlgorithm.GetAlgorithmName(registeredAlgorithm));
verifier.Init(false, pubkey);
verifier.BlockUpdate(signedData, 0, signedData.Length);
var result = verifier.VerifySignature(signatureToVerify);
if (!result)
{
throw new CertificateValidationException("Signature did not verify correctly");
}
Console.WriteLine("result: " + result);
}
public static void AssertRoundTrip(CBORObject o)
{
CBORObject o2 = FromBytesTestAB(o.EncodeToBytes());
TestCommon.CompareTestEqual(o, o2);
TestNumber(o);
TestCommon.AssertEqualsHashCode(o, o2);
}
public void decodeWrongCount()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
Message.DecodeFromBytes(rgb, Tags.Enveloped);
}
public void macDecodeWrongBasis()
{
CBORObject obj = CBORObject.NewMap();
byte[] rgb = obj.EncodeToBytes();
CoseException e = Assert.ThrowsException <CoseException>(() =>
Message.DecodeFromBytes(rgb, Tags.MAC));
Assert.AreEqual(e.Message, ("Message is not a COSE security message."));
}
public void decodeBadUnprotected()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(CBORObject.NewMap().EncodeToBytes()));
obj.Add(CBORObject.False);
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
Message.DecodeFromBytes(rgb, Tags.Encrypted);
}
public byte[] EncodeToBytes()
{
CBORObject m_array = CBORObject.NewArray();
foreach (Key k in m_keyList)
{
m_array.Add(k.AsCBOR());
}
return(m_array.EncodeToBytes());
}
public static void AssertJSONSer(CBORObject o, String s)
{
if (!s.Equals(o.ToJSONString(), StringComparison.Ordinal))
{
Assert.AreEqual(s, o.ToJSONString(), "o is not equal to s");
}
// Test round-tripping
CBORObject o2 = FromBytesTestAB(o.EncodeToBytes());
if (!s.Equals(o2.ToJSONString(), StringComparison.Ordinal))
{
string msg = "o2 is not equal to s:\no = " +
TestCommon.ToByteArrayString(o.EncodeToBytes()) +
"\no2 = " + TestCommon.ToByteArrayString(o2.EncodeToBytes()) +
"\no2string = " + o2.ToString();
Assert.AreEqual(s, o2.ToJSONString(), msg);
}
TestNumber(o);
TestCommon.AssertEqualsHashCode(o, o2);
}
#pragma warning restore CS0618
public static byte[] CheckEncodeToBytes(CBORObject o)
{
byte[] bytes = o.EncodeToBytes();
if (bytes.Length != o.CalcEncodedSize())
{
string msg = "encoded size doesn't match:\no = " +
TestCommon.ToByteArrayString(bytes) + "\nostring = " + o.ToString();
Assert.AreEqual(bytes.Length, o.CalcEncodedSize(), msg);
}
return(bytes);
}
public void decodeBadProtected2()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(CBORObject.False.EncodeToBytes()));
obj.Add(CBORObject.False);
obj.Add(CBORObject.False);
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
Message.DecodeFromBytes(rgb, Tags.Enveloped);
}
static void RunSetPayload(string[] cmds)
{
if (cmds.Length != 2)
{
Console.WriteLine("Incorrect command");
return;
}
CBORObject cbor = CBORDiagnostics.Parse(cmds[1]);
Body = cbor.EncodeToBytes();
}
public void decodeBadRecipients()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(new byte[0]));
obj.Add(CBORObject.NewMap());
obj.Add(CBORObject.Null);
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
Message.DecodeFromBytes(rgb, Tags.Enveloped);
}
public void macDecodeWrongCount()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
CoseException e = Assert.ThrowsException <CoseException>(() =>
Message.DecodeFromBytes(rgb, Tags.MAC));
Assert.AreEqual(e.Message, ("Invalid MAC structure"));
}
public static void AssertSer(CBORObject o, String s)
{
if (!s.Equals(o.ToString())) {
Assert.AreEqual(s, o.ToString(), "o is not equal to s");
}
// Test round-tripping
CBORObject o2 = FromBytesTestAB(o.EncodeToBytes());
if (!s.Equals(o2.ToString())) {
Assert.AreEqual(s, o2.ToString(), "o2 is not equal to s");
}
TestNumber(o);
TestCommon.AssertEqualsHashCode(o, o2);
}
private static void AddTlsCwt(string[] commands)
{
if (commands.Length != 4)
{
Console.Write($"Incorrect number of arguments: {commands.Length}");
return;
}
CBORObject cbor = CBORDiagnostics.Parse(commands[2]);
CWT cwt = CWT.Decode(cbor.EncodeToBytes(), CwtRootKeys, CwtRootKeys);
cbor = CBORDiagnostics.Parse(commands[3]);
_TlsKeys.Add(commands[1], new TlsKeyPair(cwt, new OneKey(cbor)));
}
private byte[] toBeSigned()
{
CBORObject cborProtected = CBORObject.FromObject(new byte[0]);
if ((objProtected != null) && (objProtected.Count > 0))
{
byte[] rgb = objProtected.EncodeToBytes();
cborProtected = CBORObject.FromObject(rgb);
}
CBORObject signObj = CBORObject.NewArray();
signObj.Add(context);
signObj.Add(cborProtected);
signObj.Add(externalData); // External AAD
signObj.Add(rgbContent);
#if FOR_EXAMPLES
m_toBeSigned = signObj.EncodeToBytes();
#endif
return(signObj.EncodeToBytes());
}
public void EncryptDecodeBadTag()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(CBORObject.NewArray()).EncodeToBytes());
obj.Add(CBORObject.NewMap());
obj.Add(new byte[0]);
byte[] rgb = obj.EncodeToBytes();
CoseException e = Assert.ThrowsException <CoseException>(() =>
Message.DecodeFromBytes(rgb, Tags.Encrypt0));
Assert.AreEqual(e.Message, ("Invalid Encrypt0 structure"));
}
public byte[] CreateMessage3()
{
CBORObject msg = CBORObject.NewArray();
if (_fSymmetricSecret)
{
msg.Add(6);
}
else
{
msg.Add(3);
}
msg.Add(_SessionId[1]);
byte[] aad_3 = ConcatenateAndHash(new byte[2][] { _LastMessageAuthenticator, msg.EncodeToBytes() }, _MessageDigest);
byte[] signBody = new byte[0];
if (!_fSymmetricSecret)
{
Sign1Message sign1 = new Sign1Message(false, false);
sign1.SetContent(aad_3);
sign1.AddAttribute(HeaderKeys.Algorithm, _algSign, Attributes.DO_NOT_SEND);
sign1.AddAttribute(HeaderKeys.KeyId, _SigningKey[CoseKeyKeys.KeyIdentifier], Attributes.UNPROTECTED);
sign1.Sign(_SigningKey);
CBORObject obj = CBORObject.NewArray();
obj.Add(sign1.EncodeToBytes());
signBody = obj.EncodeToBytes();
}
byte[][] encKeys = _DeriveKeys(_Keys, _SecretSalt, aad_3, _algAEAD);
Encrypt0Message enc = new Encrypt0Message(false);
enc.SetContent(signBody);
enc.SetExternalData(aad_3);
enc.AddAttribute(HeaderKeys.Algorithm, _algAEAD, Attributes.DO_NOT_SEND);
enc.AddAttribute(HeaderKeys.IV, CBORObject.FromObject(encKeys[1]), Attributes.DO_NOT_SEND);
enc.Encrypt(encKeys[0]);
msg.Add(enc.EncodeToBytes());
byte[] msgOut = msg.EncodeToBytes();
_LastMessageAuthenticator = ConcatenateAndHash(new byte[2][] { _LastMessageAuthenticator, msgOut }, _MessageDigest);
return(msgOut);
}
public void decodeBadUnprotected()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(CBORObject.NewArray()).EncodeToBytes());
obj.Add(CBORObject.False);
obj.Add(CBORObject.False);
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
CoseException e = Assert.ThrowsException <CoseException>(() =>
Message.DecodeFromBytes(rgb, Tags.Sign1));
Assert.AreEqual(e.Message, ("Invalid Sign1 structure"));
}
public async Task <bool> SwatoothKeyStore(EncoderSettings settings, CBORObject obj)
{
if (obj != null && settings != null)
{
var res = await _key.InsertOneAsync(new KeyMaintainer()
{
certficate = Convert.ToBase64String(obj.EncodeToBytes()),
keysettings = Newtonsoft.Json.JsonConvert.SerializeObject(settings),
uname = obj["Name"].AsString(),
CreatedAt = DateTime.Now
});
return(res);
}
return(false);
}
public static void AssertSer(CBORObject o, String s)
{
if (!s.Equals(o.ToString()))
{
Assert.AreEqual(s, o.ToString(), "o is not equal to s");
}
// Test round-tripping
CBORObject o2 = FromBytesTestAB(o.EncodeToBytes());
if (!s.Equals(o2.ToString()))
{
Assert.AreEqual(s, o2.ToString(), "o2 is not equal to s");
}
TestNumber(o);
TestCommon.AssertEqualsHashCode(o, o2);
}
public static ushort GetCBORMapLength(byte[] buffer, int index, int count)
{
var ms = new System.IO.MemoryStream(buffer, index, count);
// CBORObject.Read: This method will read from the stream until the end of the CBOR object is reached or an error occurs, whichever happens first.
CBORObject tmp = null;
try
{
tmp = CBORObject.Read(ms);
}
catch (Exception)
{
throw new Fido2VerificationException("Failed to read CBOR map");
}
return((ushort)tmp.EncodeToBytes().Length);
}
public void signDecodeBadRecipients()
{
CBORObject obj = CBORObject.NewArray();
obj.Add(CBORObject.FromObject(CBORObject.NewArray()).EncodeToBytes());
obj.Add(CBORObject.NewMap());
obj.Add(new byte[0]);
obj.Add(CBORObject.False);
byte[] rgb = obj.EncodeToBytes();
CoseException e = Assert.ThrowsException <CoseException>(() =>
Message.DecodeFromBytes(rgb, Tags.Sign));
Assert.AreEqual(e.Message, ("Invalid SignMessage structure"));
}
public static byte[] SerializeCbor(IResource root, IEnumerable <string> queries)
{
CBORObject linkFormat = CBORObject.NewArray();
List <string> queryList = null;
if (queries != null)
{
queryList = queries.ToList();
}
foreach (IResource child in root.Children)
{
SerializeTree(child, queryList, linkFormat, _CborAttributeKeys);
}
return(linkFormat.EncodeToBytes());
}
public byte[] CreateMessage1()
{
CBORObject msg = CBORObject.NewArray();
if (_fSymmetricSecret)
{
msg.Add(4);
}
else
{
msg.Add(1); // Msg Type
}
msg.Add(_SessionId[0]);
msg.Add(_Nonce[0]);
msg.Add(_Keys[0].PublicKey().AsCBOR());
CBORObject obj = CBORObject.NewArray(); // Key Agree algorithms
obj.Add(AlgorithmValues.ECDH_SS_HKDF_256);
msg.Add(obj);
obj = CBORObject.NewArray();
obj.Add(AlgorithmValues.AES_CCM_64_64_128); // AEAD algorithms
msg.Add(obj);
if (_fSymmetricSecret)
{
msg.Add(_SharedSecret[CoseKeyKeys.KeyIdentifier]);
}
else
{
obj = CBORObject.NewArray(); // SIG verify algorithms
obj.Add(AlgorithmValuesInt.ECDSA_256);
obj.Add(AlgorithmValues.EdDSA);
msg.Add(obj);
msg.Add(obj); // SIG generate algorithms
}
_Messages[0] = msg.EncodeToBytes(); // message_1
_LastMessageAuthenticator = _Messages[0];
return(_Messages[0]);
}
private static string ObjectMessage(CBORObject obj)
{
return new System.Text.StringBuilder()
.Append("CBORObject.DecodeFromBytes(")
.Append(TestCommon.ToByteArrayString(obj.EncodeToBytes()))
.Append("); /").Append("/ ").Append(obj.ToJSONString()).ToString();
}
