示例#1
0
        private string convertCOSEtoPEM(byte[] cose)
        {
            // COSE形式の公開鍵をPEM形式に変換する
            // 1-1.26byteのメタデータを追加
            // 1-2.0x04を追加
            // 1-3.COSEデータのxとyを追加
            // 2-1.Base64エンコード
            // 2-2.64文字ごとに改行コードをいれる
            // 2-3.ヘッダとフッタを入れる

            string pemdata = "";

            try {
                // Phase-1
                var pubkey     = new List <byte>();
                var metaheader = Common.HexStringToBytes("3059301306072a8648ce3d020106082a8648ce3d030107034200");
                pubkey.AddRange(metaheader);

                pubkey.Add(0x04);
                var cbor = PeterO.Cbor.CBORObject.DecodeFromBytes(cose, PeterO.Cbor.CBOREncodeOptions.Default);
                foreach (var key in cbor.Keys)
                {
                    if (key.Type == CBORType.Integer)
                    {
                        var keyVal = key.ToObject <Int16>();
                        if (keyVal == -2)
                        {
                            var x = cbor[key].GetByteString();
                            pubkey.AddRange(x);
                        }
                        else if (keyVal == -3)
                        {
                            var y = cbor[key].GetByteString();
                            pubkey.AddRange(y);
                        }
                    }
                }

                // Phase-2
                pemdata = DerConverter.ToPemPublicKey(pubkey.ToArray());
            } catch (Exception) {
            }
            return(pemdata);
        }
示例#2
0
        protected Result Verify(byte[] challenge, Attestation att)
        {
            var result = new Result();

            // Verifyの結果によらず | Regardless of the result of Verify
            {
                var decAuthdata = new DecodedAuthData();
                decAuthdata.Decode(att.AuthData);
                result.CredentialID = decAuthdata.CredentialId;
                result.PublicKeyPem = decAuthdata.PublicKeyPem;
            }

            //If an x5c certificate is used for attestation (attCA)
            if (att.AttStmtX5c != null)
            {
                var cert = DerConverter.ToPemCertificate(att.AttStmtX5c);
                var publicKeyforVerify = CryptoBC.GetPublicKeyPEMfromCert(cert);
                if (!string.IsNullOrEmpty(publicKeyforVerify))
                {
                    result.IsSuccess = VerifyPublicKey(publicKeyforVerify, challenge, att.AuthData, att.AttStmtSig);
                }
            }
            //Self attestation (signature uses credential keypair instead of attestation keypair)
            else if (att.AttStmtAlg != 0 && att.AttStmtSig != null)
            {
                if (!string.IsNullOrEmpty(result.PublicKeyPem))
                {
                    result.IsSuccess = VerifyPublicKey(result.PublicKeyPem, challenge, att.AuthData, att.AttStmtSig);
                }
            }

            //TODO: Implement check for ECDAA attestation
            //8.2 https://www.w3.org/TR/webauthn/#packed-attestation

            return(result);
        }