diff --git a/Src/Fido2/AttestationFormat/AndroidKey.cs b/Src/Fido2/AttestationFormat/AndroidKey.cs index 12ab65ad..8dff2d5d 100644 --- a/Src/Fido2/AttestationFormat/AndroidKey.cs +++ b/Src/Fido2/AttestationFormat/AndroidKey.cs @@ -35,7 +35,7 @@ public static byte[] GetAttestationChallenge(byte[] attExtBytes) public static bool FindAllApplicationsField(byte[] attExtBytes) { // https://developer.android.com/training/articles/security-key-attestation#certificate_schema - // check both software and tee enforced AuthorizationList objects for presense of "allApplications" tag, number 600 + // check both software and tee enforced AuthorizationList objects for presence of "allApplications" tag, number 600 var keyDescription = Asn1Element.Decode(attExtBytes); diff --git a/Src/Fido2/AttestationFormat/AttestationVerifier.cs b/Src/Fido2/AttestationFormat/AttestationVerifier.cs index 78d4e502..f6ca190a 100644 --- a/Src/Fido2/AttestationFormat/AttestationVerifier.cs +++ b/Src/Fido2/AttestationFormat/AttestationVerifier.cs @@ -102,27 +102,27 @@ internal static bool IsAttnCertCACert(X509ExtensionCollection exts) internal static byte U2FTransportsFromAttnCert(X509ExtensionCollection exts) { - byte u2ftransports = 0; + byte u2fTransports = 0; var ext = exts.FirstOrDefault(e => e.Oid?.Value is "1.3.6.1.4.1.45724.2.1.1"); if (ext != null) { - var decodedU2Ftransports = Asn1Element.Decode(ext.RawData); - decodedU2Ftransports.CheckPrimitive(); + var decodedU2fTransports = Asn1Element.Decode(ext.RawData); + decodedU2fTransports.CheckPrimitive(); // some certificates seem to have this encoded as an octet string // instead of a bit string, attempt to correct - if (decodedU2Ftransports.Tag == Asn1Tag.PrimitiveOctetString) + if (decodedU2fTransports.Tag == Asn1Tag.PrimitiveOctetString) { ext.RawData[0] = (byte)UniversalTagNumber.BitString; - decodedU2Ftransports = Asn1Element.Decode(ext.RawData); + decodedU2fTransports = Asn1Element.Decode(ext.RawData); } - decodedU2Ftransports.CheckTag(Asn1Tag.PrimitiveBitString); + decodedU2fTransports.CheckTag(Asn1Tag.PrimitiveBitString); - u2ftransports = decodedU2Ftransports.GetBitString()[0]; + u2fTransports = decodedU2fTransports.GetBitString()[0]; } - return u2ftransports; + return u2fTransports; } #nullable disable diff --git a/Src/Fido2/AttestationFormat/FidoU2f.cs b/Src/Fido2/AttestationFormat/FidoU2f.cs index 097f8841..7154a79b 100644 --- a/Src/Fido2/AttestationFormat/FidoU2f.cs +++ b/Src/Fido2/AttestationFormat/FidoU2f.cs @@ -7,93 +7,92 @@ using Fido2NetLib.Exceptions; using Fido2NetLib.Objects; -namespace Fido2NetLib +namespace Fido2NetLib; + +internal sealed class FidoU2f : AttestationVerifier { - internal sealed class FidoU2f : AttestationVerifier + public override (AttestationType, X509Certificate2[]) Verify() { - public override (AttestationType, X509Certificate2[]) Verify() + // verify that aaguid is 16 empty bytes (note: required by fido2 conformance testing, could not find this in spec?) + if (AuthData.AttestedCredentialData!.AaGuid.CompareTo(Guid.Empty) != 0) + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Aaguid was not empty parsing fido-u2f attestation statement"); + + // https://www.w3.org/TR/webauthn/#fido-u2f-attestation + // 1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields. + // (handled in base class) + + // 2a. Check that x5c has exactly one element and let attCert be that element. + if (!(X5c is CborArray { Length: 1 } x5cArray && x5cArray[0] is CborByteString { Length: > 0 })) + { + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, Fido2ErrorMessages.MalformedX5c_FidoU2fAttestation); + } + + var attCert = new X509Certificate2((byte[])x5cArray[0]); + + // TODO : Check why this variable isn't used. Remove it or use it. + var u2fTransports = U2FTransportsFromAttnCert(attCert.Extensions); + + // 2b. If certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve, terminate this algorithm and return an appropriate error + var pubKey = attCert.GetECDsaPublicKey()!; + var keyParams = pubKey.ExportParameters(false); + + if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + if (!keyParams.Curve.Oid.FriendlyName!.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal)) + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve"); + } + else { - // verify that aaguid is 16 empty bytes (note: required by fido2 conformance testing, could not find this in spec?) - if (AuthData.AttestedCredentialData!.AaGuid.CompareTo(Guid.Empty) != 0) - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Aaguid was not empty parsing fido-u2f atttestation statement"); - - // https://www.w3.org/TR/webauthn/#fido-u2f-attestation - // 1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields. - // (handled in base class) - - // 2a. Check that x5c has exactly one element and let attCert be that element. - if (!(X5c is CborArray { Length: 1 } x5cArray && x5cArray[0] is CborByteString { Length: > 0 })) - { - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, Fido2ErrorMessages.MalformedX5c_FidoU2fAttestation); - } - - var attCert = new X509Certificate2((byte[])x5cArray[0]); - - // TODO : Check why this variable isn't used. Remove it or use it. - var u2ftransports = U2FTransportsFromAttnCert(attCert.Extensions); - - // 2b. If certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve, terminate this algorithm and return an appropriate error - var pubKey = attCert.GetECDsaPublicKey()!; - var keyParams = pubKey.ExportParameters(false); - - if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) - { - if (!keyParams.Curve.Oid.FriendlyName!.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName, StringComparison.Ordinal)) - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve"); - } - else - { - if (!keyParams.Curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal)) - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve"); - } - - // 3. Extract the claimed rpIdHash from authenticatorData, and the claimed credentialId and credentialPublicKey from authenticatorData - // see rpIdHash, credentialId, and credentialPublicKey members of base class AuthenticatorData (AuthData) - - // 4. Convert the COSE_KEY formatted credentialPublicKey (see Section 7 of [RFC8152]) to CTAP1/U2F public Key format (Raw ANSI X9.62 public key format) - // 4a. Let x be the value corresponding to the "-2" key (representing x coordinate) in credentialPublicKey, and confirm its size to be of 32 bytes. If size differs or "-2" key is not found, terminate this algorithm and return an appropriate error - var x = (byte[])CredentialPublicKey[COSE.KeyTypeParameter.X]; - - // 4b. Let y be the value corresponding to the "-3" key (representing y coordinate) in credentialPublicKey, and confirm its size to be of 32 bytes. If size differs or "-3" key is not found, terminate this algorithm and return an appropriate error - var y = (byte[])CredentialPublicKey[COSE.KeyTypeParameter.Y]; - - // 4c.Let publicKeyU2F be the concatenation 0x04 || x || y - var publicKeyU2F = DataHelper.Concat(stackalloc byte[1] { 0x4 }, x, y); - - // 5. Let verificationData be the concatenation of (0x00 || rpIdHash || clientDataHash || credentialId || publicKeyU2F) - byte[] verificationData = DataHelper.Concat( - stackalloc byte[1] { 0x00 }, - AuthData.RpIdHash, - _clientDataHash, - AuthData.AttestedCredentialData.CredentialID, - publicKeyU2F - ); - - // 6. Verify the sig using verificationData and certificate public key - if (!TryGetSig(out byte[]? sig)) - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, Fido2ErrorMessages.InvalidFidoU2fAttestationSignature); - - byte[] ecsig; - try - { - ecsig = CryptoUtils.SigFromEcDsaSig(sig, pubKey.KeySize); - } - catch (Exception ex) - { - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex); - } - - var coseAlg = (COSE.Algorithm)(int)CredentialPublicKey[COSE.KeyCommonParameter.Alg]; - var hashAlg = CryptoUtils.HashAlgFromCOSEAlg(coseAlg); - - if (!pubKey.VerifyData(verificationData, ecsig, hashAlg)) - throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Invalid fido-u2f attestation signature"); - - // 7. Optionally, inspect x5c and consult externally provided knowledge to determine whether attStmt conveys a Basic or AttCA attestation - - var trustPath = new X509Certificate2[1] { attCert }; - - return (AttestationType.AttCa, trustPath); + if (!keyParams.Curve.Oid.Value!.Equals(ECCurve.NamedCurves.nistP256.Oid.Value, StringComparison.Ordinal)) + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Attestation certificate public key is not an Elliptic Curve (EC) public key over the P-256 curve"); } + + // 3. Extract the claimed rpIdHash from authenticatorData, and the claimed credentialId and credentialPublicKey from authenticatorData + // see rpIdHash, credentialId, and credentialPublicKey members of base class AuthenticatorData (AuthData) + + // 4. Convert the COSE_KEY formatted credentialPublicKey (see Section 7 of [RFC8152]) to CTAP1/U2F public Key format (Raw ANSI X9.62 public key format) + // 4a. Let x be the value corresponding to the "-2" key (representing x coordinate) in credentialPublicKey, and confirm its size to be of 32 bytes. If size differs or "-2" key is not found, terminate this algorithm and return an appropriate error + var x = (byte[])CredentialPublicKey[COSE.KeyTypeParameter.X]; + + // 4b. Let y be the value corresponding to the "-3" key (representing y coordinate) in credentialPublicKey, and confirm its size to be of 32 bytes. If size differs or "-3" key is not found, terminate this algorithm and return an appropriate error + var y = (byte[])CredentialPublicKey[COSE.KeyTypeParameter.Y]; + + // 4c.Let publicKeyU2F be the concatenation 0x04 || x || y + var publicKeyU2F = DataHelper.Concat(stackalloc byte[1] { 0x4 }, x, y); + + // 5. Let verificationData be the concatenation of (0x00 || rpIdHash || clientDataHash || credentialId || publicKeyU2F) + byte[] verificationData = DataHelper.Concat( + stackalloc byte[1] { 0x00 }, + AuthData.RpIdHash, + _clientDataHash, + AuthData.AttestedCredentialData.CredentialID, + publicKeyU2F + ); + + // 6. Verify the sig using verificationData and certificate public key + if (!TryGetSig(out byte[]? sig)) + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, Fido2ErrorMessages.InvalidFidoU2fAttestationSignature); + + byte[] ecsig; + try + { + ecsig = CryptoUtils.SigFromEcDsaSig(sig, pubKey.KeySize); + } + catch (Exception ex) + { + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Failed to decode fido-u2f attestation signature from ASN.1 encoded form", ex); + } + + var coseAlg = (COSE.Algorithm)(int)CredentialPublicKey[COSE.KeyCommonParameter.Alg]; + var hashAlg = CryptoUtils.HashAlgFromCOSEAlg(coseAlg); + + if (!pubKey.VerifyData(verificationData, ecsig, hashAlg)) + throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Invalid fido-u2f attestation signature"); + + // 7. Optionally, inspect x5c and consult externally provided knowledge to determine whether attStmt conveys a Basic or AttCA attestation + + var trustPath = new X509Certificate2[1] { attCert }; + + return (AttestationType.AttCa, trustPath); } } diff --git a/Src/Fido2/AttestationFormat/Packed.cs b/Src/Fido2/AttestationFormat/Packed.cs index be1e2d92..9f5164b0 100644 --- a/Src/Fido2/AttestationFormat/Packed.cs +++ b/Src/Fido2/AttestationFormat/Packed.cs @@ -113,7 +113,7 @@ public override (AttestationType, X509Certificate2[]?) Verify() } // id-fido-u2f-ce-transports - byte u2ftransports = U2FTransportsFromAttnCert(attestnCert.Extensions); + byte u2fTransports = U2FTransportsFromAttnCert(attestnCert.Extensions); // 2d. Optionally, inspect x5c and consult externally provided knowledge to determine whether attStmt conveys a Basic or AttCA attestation diff --git a/Src/Fido2/AttestationFormat/Tpm.cs b/Src/Fido2/AttestationFormat/Tpm.cs index a53e1e57..e25301ea 100644 --- a/Src/Fido2/AttestationFormat/Tpm.cs +++ b/Src/Fido2/AttestationFormat/Tpm.cs @@ -229,7 +229,7 @@ public override (AttestationType, X509Certificate2[]) Verify() { 3, TpmEccCurve.TPM_ECC_NIST_P521} }; - private static (string?, string?, string?) SANFromAttnCertExts(X509ExtensionCollection extensions) + private static (string?, string?, string?) SANFromAttnCertExts(X509ExtensionCollection exts) { string? tpmManufacturer = null; string? tpmModel = null; @@ -237,7 +237,7 @@ private static (string?, string?, string?) SANFromAttnCertExts(X509ExtensionColl var foundSAN = false; - foreach (var extension in extensions) + foreach (var extension in exts) { if (extension.Oid!.Value is "2.5.29.17") // subject alternative name { @@ -433,7 +433,7 @@ public enum TpmAlg : ushort // TPMS_ATTEST, TPMv2-Part2, section 10.12.8 public class CertInfo { - private static readonly Dictionary tpmAlgToDigestSizeMap = new() + private static readonly Dictionary s_tpmAlgToDigestSizeMap = new() { { TpmAlg.TPM_ALG_SHA1, (160/8) }, { TpmAlg.TPM_ALG_SHA256, (256/8) }, @@ -472,7 +472,7 @@ public static (ushort size, byte[] name) NameFromTPM2BName(ReadOnlySpan ab if (Enum.IsDefined(typeof(TpmAlg), size)) { var tpmalg = (TpmAlg)size; - if (tpmAlgToDigestSizeMap.TryGetValue(tpmalg, out ushort tplAlgDigestSize)) + if (s_tpmAlgToDigestSizeMap.TryGetValue(tpmalg, out ushort tplAlgDigestSize)) { name = AuthDataHelper.GetSizedByteArray(ab, ref offset, tplAlgDigestSize); } @@ -529,19 +529,19 @@ public CertInfo(byte[] certInfo) if (certInfo.Length != offset) throw new Fido2VerificationException("Leftover bits decoding certInfo"); } - public byte[] Raw { get; private set; } - public byte[] Magic { get; private set; } - public byte[] Type { get; private set; } - public byte[] QualifiedSigner { get; private set; } - public byte[] ExtraData { get; private set; } - public byte[] Clock { get; private set; } - public byte[] ResetCount { get; private set; } - public byte[] RestartCount { get; private set; } - public byte[] Safe { get; private set; } - public byte[] FirmwareVersion { get; private set; } - public ushort Alg { get; private set; } - public byte[] AttestedName { get; private set; } - public byte[] AttestedQualifiedNameBuffer { get; private set; } + public byte[] Raw { get; } + public byte[] Magic { get; } + public byte[] Type { get; } + public byte[] QualifiedSigner { get; } + public byte[] ExtraData { get; } + public byte[] Clock { get; } + public byte[] ResetCount { get; } + public byte[] RestartCount { get; } + public byte[] Safe { get; } + public byte[] FirmwareVersion { get; } + public ushort Alg { get; } + public byte[] AttestedName { get; } + public byte[] AttestedQualifiedNameBuffer { get; } } // TPMT_PUBLIC, TPMv2-Part2, section 12.2.4 @@ -635,18 +635,18 @@ public PubArea(byte[] pubArea) throw new Fido2VerificationException("Leftover bytes decoding pubArea"); } - public byte[] Raw { get; private set; } - public byte[] Type { get; private set; } - public byte[] Alg { get; private set; } - public byte[] Attributes { get; private set; } - public byte[] Policy { get; private set; } - public byte[]? Symmetric { get; private set; } - public byte[]? Scheme { get; private set; } - public byte[]? KeyBits { get; private set; } - public uint Exponent { get; private set; } - public byte[]? CurveID { get; private set; } - public byte[]? KDF { get; private set; } - public byte[]? Unique { get; private set; } + public byte[] Raw { get; } + public byte[] Type { get; } + public byte[] Alg { get; } + public byte[] Attributes { get; } + public byte[] Policy { get; } + public byte[]? Symmetric { get; } + public byte[]? Scheme { get; } + public byte[]? KeyBits { get; } + public uint Exponent { get; } + public byte[]? CurveID { get; } + public byte[]? KDF { get;} + public byte[]? Unique { get; } public TpmEccCurve EccCurve => (TpmEccCurve)Enum.ToObject(typeof(TpmEccCurve), BinaryPrimitives.ReadUInt16BigEndian(CurveID)); - public ECPoint ECPoint { get; private set; } + public ECPoint ECPoint { get; } } diff --git a/Src/Fido2/AuthenticatorAssertionResponse.cs b/Src/Fido2/AuthenticatorAssertionResponse.cs index bc272f3f..791d4595 100644 --- a/Src/Fido2/AuthenticatorAssertionResponse.cs +++ b/Src/Fido2/AuthenticatorAssertionResponse.cs @@ -290,7 +290,9 @@ byte[] hash // This is likely a known device. // If fmt's value is "none" then there is no attestation signature to verify and this is a known device public key with a valid signature and thus a known device. Terminate these verification steps. if (devicePublicKeyAuthenticatorOutput.Fmt.Equals("none")) + { return null; + } // Otherwise, check attObjForDevicePublicKey's attStmt by performing a binary equality check between the corresponding stored and extracted attStmt values. else if (devicePublicKeyAuthenticatorOutput.AttStmt.Encode().SequenceEqual(matchedDpkRecords.FirstOrDefault().AttStmt.Encode())) { @@ -302,7 +304,7 @@ byte[] hash // Optionally, if attestation was requested and the RP wishes to verify it, verify that attStmt // is a correct attestation statement, conveying a valid attestation signature, by using the // attestation statement format fmt’s verification procedure given attStmt. See § 10.2.2.2.2 - // Attestation calculations. Relying Party policy may specifiy which attestations are acceptable. + // Attestation calculations. Relying Party policy may specify which attestations are acceptable. // https://www.w3.org/TR/webauthn/#defined-attestation-formats var verifier = AttestationVerifier.Create(devicePublicKeyAuthenticatorOutput.Fmt); @@ -351,7 +353,7 @@ byte[] hash else { // Optionally, if attestation was requested and the RP wishes to verify it, verify that attStmt is a correct attestation statement, conveying a valid attestation signature, by using the attestation statement format fmt’s verification procedure given attStmt. See § 10.2.2.2.2 Attestation calculations. - // Relying Party policy may specifiy which attestations are acceptable. + // Relying Party policy may specify which attestations are acceptable. var verifier = AttestationVerifier.Create(devicePublicKeyAuthenticatorOutput.Fmt); // https://w3c.github.io/webauthn/#sctn-device-publickey-attestation-calculations try @@ -369,7 +371,7 @@ byte[] hash } else { - // Otherwise there is some form of error: we recieved a known dpk value, but one or more of the + // Otherwise there is some form of error: we received a known dpk value, but one or more of the // accompanying aaguid, scope, or fmt values did not match what the Relying Party has stored // along with that dpk value. Terminate these verification steps. throw new Fido2VerificationException(Fido2ErrorCode.DevicePublicKeyAuthentication, Fido2ErrorMessages.MissingStoredPublicKey); @@ -386,7 +388,7 @@ byte[] hash if (devicePublicKeyAuthenticatorOutput.Fmt.Equals("none")) return devicePublicKeyAuthenticatorOutput.GetBytes(); // Otherwise, verify that attStmt is a correct attestation statement, conveying a valid attestation signature, by using the attestation statement format fmt’s verification procedure given attStmt. See § 10.2.2.2.2 Attestation calculations. - // Relying Party policy may specifiy which attestations are acceptable. + // Relying Party policy may specify which attestations are acceptable. else { var verifier = AttestationVerifier.Create(devicePublicKeyAuthenticatorOutput.Fmt); diff --git a/Src/Fido2/AuthenticatorAttestationResponse.cs b/Src/Fido2/AuthenticatorAttestationResponse.cs index 3a42e4f1..84d12efd 100644 --- a/Src/Fido2/AuthenticatorAttestationResponse.cs +++ b/Src/Fido2/AuthenticatorAttestationResponse.cs @@ -260,7 +260,7 @@ byte[] hash VerifyTrustAnchor(metadataEntry, trustPath); - // Check status resports for authenticator with undesirable status + // Check status reports for authenticator with undesirable status var latestStatusReport = metadataEntry?.GetLatestStatusReport(); if (latestStatusReport != null && _config.UndesiredAuthenticatorMetadataStatuses.Contains(latestStatusReport.Status)) { diff --git a/Src/Fido2/AuthenticatorResponse.cs b/Src/Fido2/AuthenticatorResponse.cs index 7a4f15bd..fd11ed03 100644 --- a/Src/Fido2/AuthenticatorResponse.cs +++ b/Src/Fido2/AuthenticatorResponse.cs @@ -68,7 +68,7 @@ protected void BaseVerify(IReadOnlySet fullyQualifiedExpectedOrigins, Re throw new Fido2VerificationException(Fido2ErrorCode.InvalidAuthenticatorResponse, $"Type must be 'webauthn.create' or 'webauthn.get'. Was '{Type}'"); if (Challenge is null) - throw new Fido2VerificationException(Fido2ErrorCode.MissingAuthenticatorResponseChallenge, Fido2ErrorMessages.MissingAuthenticatorResponseChallange); + throw new Fido2VerificationException(Fido2ErrorCode.MissingAuthenticatorResponseChallenge, Fido2ErrorMessages.MissingAuthenticatorResponseChallenge); // 11. Verify that the value of C.challenge matches the challenge that was sent to the authenticator in the create() call if (!Challenge.AsSpan().SequenceEqual(originalChallenge)) diff --git a/Src/Fido2/CryptoUtils.cs b/Src/Fido2/CryptoUtils.cs index 86b28978..e213fb45 100644 --- a/Src/Fido2/CryptoUtils.cs +++ b/Src/Fido2/CryptoUtils.cs @@ -170,7 +170,7 @@ public static byte[] SigFromEcDsaSig(byte[] ecDsaSig, int keySize) } /// - /// Convert PEM formated string into byte array. + /// Convert PEM formatted string into byte array. /// /// source string. /// output byte array. diff --git a/Src/Fido2/AuthDataHelper.cs b/Src/Fido2/Extensions/AuthDataHelper.cs similarity index 100% rename from Src/Fido2/AuthDataHelper.cs rename to Src/Fido2/Extensions/AuthDataHelper.cs diff --git a/Src/Fido2/Fido2ErrorMessages.cs b/Src/Fido2/Fido2ErrorMessages.cs index ea4b9506..a5dedff5 100644 --- a/Src/Fido2/Fido2ErrorMessages.cs +++ b/Src/Fido2/Fido2ErrorMessages.cs @@ -19,7 +19,7 @@ internal static class Fido2ErrorMessages public static readonly string UserHandleIsEmpty = "UserHandle was empty DOMString. It should either be null or have a value."; public static readonly string InvalidAttestedCredentialData_TooShort = "Not enough bytes to be a valid AttestedCredentialData"; public static readonly string InvalidAttestedCredentialData_CredentialIdTooLong = "CredentialId too many bytes"; - public static readonly string MissingAuthenticatorResponseChallange = "Authenticator response challenge may not be null"; + public static readonly string MissingAuthenticatorResponseChallenge = "Authenticator response challenge may not be null"; public static readonly string InvalidAuthenticatorResponseChallenge = "Authenticator response challenge does not match original challenge"; public static readonly string AttestedCredentialDataFlagNotSet = "Attestation flag not set on attestation data"; public static readonly string MissingAuthenticatorData = "Authenticator data may not be null"; diff --git a/Src/Fido2/Fido2NetLib.cs b/Src/Fido2/Fido2NetLib.cs index 2156b278..1eef6dc0 100644 --- a/Src/Fido2/Fido2NetLib.cs +++ b/Src/Fido2/Fido2NetLib.cs @@ -2,151 +2,152 @@ using System.Security.Cryptography; using System.Threading; using System.Threading.Tasks; + using Fido2NetLib.Objects; -namespace Fido2NetLib +namespace Fido2NetLib; + +/// +/// Public API for parsing and verifying FIDO2 attestation & assertion responses. +/// +public partial class Fido2 : IFido2 { + private readonly Fido2Configuration _config; + private readonly IMetadataService? _metadataService; + + public Fido2( + Fido2Configuration config, + IMetadataService? metadataService = null) + { + _config = config; + _metadataService = metadataService; + } + /// - /// Public API for parsing and veriyfing FIDO2 attestation & assertion responses. + /// Returns CredentialCreateOptions including a challenge to be sent to the browser/authr to create new credentials /// - public partial class Fido2 : IFido2 + /// + /// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter. + public CredentialCreateOptions RequestNewCredential( + Fido2User user, + List excludeCredentials, + AuthenticationExtensionsClientInputs? extensions = null) { - private readonly Fido2Configuration _config; - private readonly IMetadataService? _metadataService; - - public Fido2( - Fido2Configuration config, - IMetadataService? metadataService = null) - { - _config = config; - _metadataService = metadataService; - } - - /// - /// Returns CredentialCreateOptions including a challenge to be sent to the browser/authr to create new credentials - /// - /// - /// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter. - public CredentialCreateOptions RequestNewCredential( - Fido2User user, - List excludeCredentials, - AuthenticationExtensionsClientInputs? extensions = null) - { - return RequestNewCredential(user, excludeCredentials, AuthenticatorSelection.Default, AttestationConveyancePreference.None, extensions); - } - - /// - /// Returns CredentialCreateOptions including a challenge to be sent to the browser/authr to create new credentials - /// - /// - /// This member is intended for use by Relying Parties that wish to express their preference for attestation conveyance. The default is none. - /// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter. - public CredentialCreateOptions RequestNewCredential( - Fido2User user, - List excludeCredentials, - AuthenticatorSelection authenticatorSelection, - AttestationConveyancePreference attestationPreference, - AuthenticationExtensionsClientInputs? extensions = null) - { - byte[] challenge = RandomNumberGenerator.GetBytes(_config.ChallengeSize); - - return CredentialCreateOptions.Create(_config, challenge, user, authenticatorSelection, attestationPreference, excludeCredentials, extensions); - } - - /// - /// Verifies the response from the browser/authr after creating new credentials - /// - /// - /// - /// - /// - /// - public async Task MakeNewCredentialAsync( - AuthenticatorAttestationRawResponse attestationResponse, - CredentialCreateOptions origChallenge, - IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, - CancellationToken cancellationToken = default) - { - var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse); - var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken); - - // todo: Set Errormessage etc. - return new CredentialMakeResult( - status : "ok", - errorMessage : string.Empty, - result : success - ); - } - - /// - /// Returns AssertionOptions including a challenge to the browser/authr to assert existing credentials and authenticate a user. - /// - /// - public AssertionOptions GetAssertionOptions( - IEnumerable allowedCredentials, - UserVerificationRequirement? userVerification, - AuthenticationExtensionsClientInputs? extensions = null) - { - byte[] challenge = RandomNumberGenerator.GetBytes(_config.ChallengeSize); + return RequestNewCredential(user, excludeCredentials, AuthenticatorSelection.Default, AttestationConveyancePreference.None, extensions); + } - return AssertionOptions.Create(_config, challenge, allowedCredentials, userVerification, extensions); - } + /// + /// Returns CredentialCreateOptions including a challenge to be sent to the browser/authr to create new credentials + /// + /// + /// This member is intended for use by Relying Parties that wish to express their preference for attestation conveyance. The default is none. + /// Recommended. This member is intended for use by Relying Parties that wish to limit the creation of multiple credentials for the same account on a single authenticator.The client is requested to return an error if the new credential would be created on an authenticator that also contains one of the credentials enumerated in this parameter. + public CredentialCreateOptions RequestNewCredential( + Fido2User user, + List excludeCredentials, + AuthenticatorSelection authenticatorSelection, + AttestationConveyancePreference attestationPreference, + AuthenticationExtensionsClientInputs? extensions = null) + { + byte[] challenge = RandomNumberGenerator.GetBytes(_config.ChallengeSize); - /// - /// Verifies the assertion response from the browser/authr to assert existing credentials and authenticate a user. - /// - /// - public async Task MakeAssertionAsync( - AuthenticatorAssertionRawResponse assertionResponse, - AssertionOptions originalOptions, - byte[] storedPublicKey, - List storedDevicePublicKeys, - uint storedSignatureCounter, - IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredentialIdCallback, - CancellationToken cancellationToken = default) - { - var parsedResponse = AuthenticatorAssertionResponse.Parse(assertionResponse); - - var result = await parsedResponse.VerifyAsync(originalOptions, - _config, - storedPublicKey, - storedDevicePublicKeys, - storedSignatureCounter, - isUserHandleOwnerOfCredentialIdCallback, - _metadataService, - cancellationToken); - - return result; - } + return CredentialCreateOptions.Create(_config, challenge, user, authenticatorSelection, attestationPreference, excludeCredentials, extensions); + } - /// - /// Result of parsing and verifying attestation. Used to transport Public Key back to RP - /// - public sealed class CredentialMakeResult : Fido2ResponseBase - { - public CredentialMakeResult(string status, string errorMessage, AttestationVerificationSuccess? result) - { - Status = status; - ErrorMessage = errorMessage; - Result = result; - } + /// + /// Verifies the response from the browser/authr after creating new credentials + /// + /// + /// + /// + /// + /// + public async Task MakeNewCredentialAsync( + AuthenticatorAttestationRawResponse attestationResponse, + CredentialCreateOptions origChallenge, + IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, + CancellationToken cancellationToken = default) + { + var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse); + var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, cancellationToken); + + // todo: Set Errormessage etc. + return new CredentialMakeResult( + status : "ok", + errorMessage : string.Empty, + result : success + ); + } - public AttestationVerificationSuccess? Result { get; } + /// + /// Returns AssertionOptions including a challenge to the browser/authr to assert existing credentials and authenticate a user. + /// + /// + public AssertionOptions GetAssertionOptions( + IEnumerable allowedCredentials, + UserVerificationRequirement? userVerification, + AuthenticationExtensionsClientInputs? extensions = null) + { + byte[] challenge = RandomNumberGenerator.GetBytes(_config.ChallengeSize); - // todo: add debuginfo? - } + return AssertionOptions.Create(_config, challenge, allowedCredentials, userVerification, extensions); } /// - /// Callback function used to validate that the CredentialID is unique to this User + /// Verifies the assertion response from the browser/authr to assert existing credentials and authenticate a user. /// - /// /// - public delegate Task IsCredentialIdUniqueToUserAsyncDelegate(IsCredentialIdUniqueToUserParams credentialIdUserParams, CancellationToken cancellationToken); + public async Task MakeAssertionAsync( + AuthenticatorAssertionRawResponse assertionResponse, + AssertionOptions originalOptions, + byte[] storedPublicKey, + List storedDevicePublicKeys, + uint storedSignatureCounter, + IsUserHandleOwnerOfCredentialIdAsync isUserHandleOwnerOfCredentialIdCallback, + CancellationToken cancellationToken = default) + { + var parsedResponse = AuthenticatorAssertionResponse.Parse(assertionResponse); + + var result = await parsedResponse.VerifyAsync(originalOptions, + _config, + storedPublicKey, + storedDevicePublicKeys, + storedSignatureCounter, + isUserHandleOwnerOfCredentialIdCallback, + _metadataService, + cancellationToken); + + return result; + } + /// - /// Callback function used to validate that the Userhandle is indeed owned of the CrendetialId + /// Result of parsing and verifying attestation. Used to transport Public Key back to RP /// - /// - /// - public delegate Task IsUserHandleOwnerOfCredentialIdAsync(IsUserHandleOwnerOfCredentialIdParams credentialIdUserHandleParams, CancellationToken cancellationToken); + public sealed class CredentialMakeResult : Fido2ResponseBase + { + public CredentialMakeResult(string status, string errorMessage, AttestationVerificationSuccess? result) + { + Status = status; + ErrorMessage = errorMessage; + Result = result; + } + + public AttestationVerificationSuccess? Result { get; } + + // todo: add debuginfo? + } } + +/// +/// Callback function used to validate that the CredentialID is unique to this User +/// +/// +/// +public delegate Task IsCredentialIdUniqueToUserAsyncDelegate(IsCredentialIdUniqueToUserParams credentialIdUserParams, CancellationToken cancellationToken); + +/// +/// Callback function used to validate that the user handle is indeed owned of the CredentialId +/// +/// +/// +public delegate Task IsUserHandleOwnerOfCredentialIdAsync(IsUserHandleOwnerOfCredentialIdParams credentialIdUserHandleParams, CancellationToken cancellationToken); diff --git a/Src/Fido2/Objects/AttestedCredentialData.cs b/Src/Fido2/Objects/AttestedCredentialData.cs index a1f6dc3d..e9597e1c 100644 --- a/Src/Fido2/Objects/AttestedCredentialData.cs +++ b/Src/Fido2/Objects/AttestedCredentialData.cs @@ -88,20 +88,20 @@ internal AttestedCredentialData(ReadOnlyMemory data, out int bytesRead) /// The AAGUID of the authenticator. Can be used to identify the make and model of the authenticator. /// /// - public Guid AaGuid { get; private set; } + public Guid AaGuid { get; } /// /// A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions. /// /// - public byte[] CredentialID { get; private set; } + public byte[] CredentialID { get; } /// /// The credential public key encoded in COSE_Key format, as defined in /// Section 7 of RFC8152, using the CTAP2 canonical CBOR encoding form. /// /// - public CredentialPublicKey CredentialPublicKey { get; private set; } + public CredentialPublicKey CredentialPublicKey { get; } private static void SwapBytes(byte[] bytes, int index1, int index2) { diff --git a/Src/Fido2/Objects/CredentialPublicKey.cs b/Src/Fido2/Objects/CredentialPublicKey.cs index 43df6a41..ffb52e3d 100644 --- a/Src/Fido2/Objects/CredentialPublicKey.cs +++ b/Src/Fido2/Objects/CredentialPublicKey.cs @@ -24,7 +24,6 @@ public CredentialPublicKey(CborMap cpk) _alg = (COSE.Algorithm)(int)cpk[COSE.KeyCommonParameter.Alg]; } - public CredentialPublicKey(ECDsa ecdsaPublicKey, COSE.Algorithm alg) { _type = COSE.KeyType.EC2; diff --git a/Test/Attestation/AndroidSafetyNet.cs b/Test/Attestation/AndroidSafetyNet.cs index 28619e2a..20f5d427 100644 --- a/Test/Attestation/AndroidSafetyNet.cs +++ b/Test/Attestation/AndroidSafetyNet.cs @@ -41,22 +41,18 @@ public AndroidSafetyNet() var serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } - var ecparams = ecdsaAtt.ExportParameters(true); + var ecParams = ecdsaAtt.ExportParameters(true); var cpk = new CborMap { { COSE.KeyCommonParameter.KeyType, type }, { COSE.KeyCommonParameter.Alg, alg }, - { COSE.KeyTypeParameter.X, ecparams.Q.X }, - { COSE.KeyTypeParameter.Y, ecparams.Q.Y }, + { COSE.KeyTypeParameter.X, ecParams.Q.X }, + { COSE.KeyTypeParameter.Y, ecParams.Q.Y }, { COSE.KeyTypeParameter.Crv, curve } }; @@ -138,24 +134,20 @@ public async void TestAndroidSafetyNetRSA() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt); } - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); var cpk = new CborMap - { - { COSE.KeyCommonParameter.KeyType, type }, - { COSE.KeyCommonParameter.Alg, alg }, - { COSE.KeyTypeParameter.N, rsaparams.Modulus }, - { COSE.KeyTypeParameter.E, rsaparams.Exponent } - }; + { + { COSE.KeyCommonParameter.KeyType, type }, + { COSE.KeyCommonParameter.Alg, alg }, + { COSE.KeyTypeParameter.N, rsaParams.Modulus }, + { COSE.KeyTypeParameter.E, rsaParams.Exponent } + }; _credentialPublicKey = new CredentialPublicKey(cpk); @@ -328,7 +320,7 @@ public void TestAndroidSafetyNetResponseJWTX5cInvalidString() } [Fact] - public void TestAndroidSafetyNetJwtInvalid() + public async Task TestAndroidSafetyNetJwtInvalid() { var response = (byte[])_attestationObject["attStmt"]["response"]; var jwtParts = Encoding.UTF8.GetString(response).Split('.'); @@ -352,8 +344,8 @@ public void TestAndroidSafetyNetJwtInvalid() response = Encoding.UTF8.GetBytes(string.Join(".", jwtParts)); var attStmt = (CborMap)_attestationObject["attStmt"]; attStmt.Set("response", new CborByteString(response)); - var ex = Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); - Assert.StartsWith("SafetyNet response security token validation failed", ex.Result.Message); + var ex = await Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); + Assert.StartsWith("SafetyNet response security token validation failed", ex.Message); } [Fact] @@ -371,9 +363,7 @@ public void TestAndroidSafetyNetResponseClaimTimestampExpired() rootRequest.CertificateExtensions.Add(caExt); ECCurve eCCurve = ECCurve.NamedCurves.nistP256; - using (root = rootRequest.CreateSelfSigned( - notBefore, - notAfter)) + using (root = rootRequest.CreateSelfSigned(notBefore, notAfter)) using (var ecdsaAtt = ECDsa.Create(eCCurve)) { @@ -456,21 +446,14 @@ public void TestAndroidSafetyNetResponseClaimTimestampNotYetValid() rootRequest.CertificateExtensions.Add(caExt); ECCurve eCCurve = ECCurve.NamedCurves.nistP256; - using (root = rootRequest.CreateSelfSigned( - notBefore, - notAfter)) - + using (root = rootRequest.CreateSelfSigned(notBefore, notAfter)) using (var ecdsaAtt = ECDsa.Create(eCCurve)) { var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256); byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create( root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -542,9 +525,7 @@ public void TestAndroidSafetyNetResponseClaimTimestampMissing() rootRequest.CertificateExtensions.Add(caExt); ECCurve eCCurve = ECCurve.NamedCurves.nistP256; - using (root = rootRequest.CreateSelfSigned( - notBefore, - notAfter)) + using (root = rootRequest.CreateSelfSigned(notBefore, notAfter)) using (var ecdsaAtt = ECDsa.Create(eCCurve)) { @@ -552,11 +533,7 @@ public void TestAndroidSafetyNetResponseClaimTimestampMissing() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -627,9 +604,7 @@ public void TestAndroidSafetyNetResponseClaimNonceMissing() rootRequest.CertificateExtensions.Add(caExt); ECCurve eCCurve = ECCurve.NamedCurves.nistP256; - using (root = rootRequest.CreateSelfSigned( - notBefore, - notAfter)) + using (root = rootRequest.CreateSelfSigned(notBefore, notAfter)) using (var ecdsaAtt = ECDsa.Create(eCCurve)) { @@ -637,11 +612,7 @@ public void TestAndroidSafetyNetResponseClaimNonceMissing() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -895,11 +866,7 @@ public async Task TestAndroidSafetyNetAttestationCertSubjectInvalid() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -1058,21 +1025,14 @@ public void TestAndroidSafetyNetCtsProfileMatchFalse() rootRequest.CertificateExtensions.Add(caExt); ECCurve eCCurve = ECCurve.NamedCurves.nistP256; - using (root = rootRequest.CreateSelfSigned( - notBefore, - notAfter)) - + using (root = rootRequest.CreateSelfSigned(notBefore, notAfter)) using (var ecdsaAtt = ECDsa.Create(eCCurve)) { var attRequest = new CertificateRequest(attDN, ecdsaAtt, HashAlgorithmName.SHA256); byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } diff --git a/Test/Attestation/Apple.cs b/Test/Attestation/Apple.cs index 94848fae..cb02eacc 100644 --- a/Test/Attestation/Apple.cs +++ b/Test/Attestation/Apple.cs @@ -264,7 +264,7 @@ public async Task TestApplePublicKeyMismatch() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = "6cc3c9e7967a.ngrok.io", ServerName = "6cc3c9e7967a.ngrok.io", diff --git a/Test/Attestation/AppleAppAttest.cs b/Test/Attestation/AppleAppAttest.cs index a458b821..f431ce90 100644 --- a/Test/Attestation/AppleAppAttest.cs +++ b/Test/Attestation/AppleAppAttest.cs @@ -1,14 +1,11 @@ using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; -using System.Text; -using System.Text.Json; using fido2_net_lib.Test; using Fido2NetLib; using Fido2NetLib.Cbor; using Fido2NetLib.Objects; -using static Fido2NetLib.AuthenticatorAttestationResponse; namespace Test.Attestation; @@ -30,8 +27,8 @@ public AppleAppAttest() //); validX5cStrings = new[] { - "MIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5/lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm/vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs+GYNN/jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB/Lg9PjTdyye+w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN+aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOsg=", - "MIICNDCCAbqgAwIBAgIQViVTlcen+0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1/VSQRN+b/hkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww+HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O+nAsmkaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbY/HG1zAdBgNVHQ4EFgQU666CxP+hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ+/lVEV+9kiVDGMuXEg+cMECMCyKYETcIB/P5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wx/eLB6VxxugOBw==" + "MIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5/lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm/vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs+GYNN/jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB/Lg9PjTdyye+w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN+aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOsg=", + "MIICNDCCAbqgAwIBAgIQViVTlcen+0Dr4ijYJghTtjAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MzgwMVoXDTMwMDMxMzAwMDAwMFowSDEcMBoGA1UEAwwTQXBwbGUgV2ViQXV0aG4gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIMuhy8mFJGBAiW59fzWu2N4tfVfP8sEW8c1mTR1/VSQRN+b/hkhF2XGmh3aBQs41FCDQBpDT7JNES1Ww+HPv8uYkf7AaWCBvvlsvHfIjd2vRqWu4d1RW1r6q5O+nAsmkaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQm12TZxXjCWmfRp95rEtAbY/HG1zAdBgNVHQ4EFgQU666CxP+hrFtR1M8kYQUAvmO9d4gwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQDdixo0gaX62du052V7hB4UTCe3W4dqQYbCsUdXUDNyJ+/lVEV+9kiVDGMuXEg+cMECMCyKYETcIB/P5ZvDTSkwwUh4Udlg7Wp18etKyr44zSW4l9DIBb7wx/eLB6VxxugOBw==" }; //_attestationObject = new CborMap { { "fmt", "apple-appattest" } }; var (type, alg, crv) = Fido2Tests._validCOSEParameters[0]; @@ -149,4 +146,3 @@ public void TestAppleAppAttestX5cValueZeroLengthByteString() Assert.Equal("Malformed x5c in Apple AppAttest attestation", ex.Message); } } - diff --git a/Test/Attestation/DevicePublicKey.cs b/Test/Attestation/DevicePublicKey.cs index dbdbc8de..5e721e82 100644 --- a/Test/Attestation/DevicePublicKey.cs +++ b/Test/Attestation/DevicePublicKey.cs @@ -4,19 +4,16 @@ using Fido2NetLib.Objects; namespace Test.Attestation; + public class DevicePublicKey : Fido2Tests.Attestation { - public DevicePublicKey() - { - } - [Fact] public void TestDevicePublicKey() { string json = """{"authenticatorOutput":"pmNkcGtYTaUBAgMmIAEhWCBNwZidDC8QQNAffsFaxUKxTbVLxepdV-1_azg-u0-rsCJYIFtht9l1L8g2hqQOo8omnBd9fRj2byJzn1JQqnp19oVbY2ZtdGRub25lZW5vbmNlQGVzY29wZQBmYWFndWlkUAAAAAAAAAAAAAAAAAAAAABnYXR0U3RtdKA=","signature":"MEUCIQDTf2ImngEOi3qHws6gxf6CpquI97oDIl8m_4T2xQO-YwIgdWN7elqNuU-yMZtGpy8hQtL_E-qmZ1_rM2u2nhXYw7A="}"""; var model = JsonSerializer.Deserialize(json); - DevicePublicKeyAuthenticatorOutput devicePublicKeyAuthenticatorOutput = new(model.AuthenticatorOutput); + var devicePublicKeyAuthenticatorOutput = new DevicePublicKeyAuthenticatorOutput(model.AuthenticatorOutput); Assert.Equal("none", devicePublicKeyAuthenticatorOutput.Fmt); } } diff --git a/Test/Attestation/FidoU2f.cs b/Test/Attestation/FidoU2f.cs index f3925992..593a809d 100644 --- a/Test/Attestation/FidoU2f.cs +++ b/Test/Attestation/FidoU2f.cs @@ -27,9 +27,9 @@ public FidoU2f() attestnCert.RawData }; - var ecparams = ecdsaAtt.ExportParameters(true); + var ecParams = ecdsaAtt.ExportParameters(true); - _credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecparams.Q.X, ecparams.Q.Y); + _credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256, ecParams.Q.X, ecParams.Q.Y); var x = (byte[])_credentialPublicKey.GetCborObject()[COSE.KeyTypeParameter.X]; var y = (byte[])_credentialPublicKey.GetCborObject()[COSE.KeyTypeParameter.Y]; @@ -77,7 +77,7 @@ public async Task TestU2fWithAaguid() var ex = await Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); Assert.Equal(Fido2ErrorCode.InvalidAttestation, ex.Code); - Assert.Equal("Aaguid was not empty parsing fido-u2f atttestation statement", ex.Message); + Assert.Equal("Aaguid was not empty parsing fido-u2f attestation statement", ex.Message); } [Fact] diff --git a/Test/Attestation/Packed.cs b/Test/Attestation/Packed.cs index 95d7b245..c473e160 100644 --- a/Test/Attestation/Packed.cs +++ b/Test/Attestation/Packed.cs @@ -73,7 +73,7 @@ public async Task TestSelfAlgMismatch() } [Fact] - public void TestSelfBadSig() + public async Task TestSelfBadSig() { var (type, alg, crv) = Fido2Tests._validCOSEParameters[0]; var signature = SignData(type, alg, crv); @@ -81,8 +81,8 @@ public void TestSelfBadSig() { "alg", alg }, { "sig", new byte[] { 0x30, 0x45, 0x02, 0x20, 0x11, 0x9b, 0x6f, 0xa8, 0x1c, 0xe1, 0x75, 0x9e, 0xbe, 0xf1, 0x52, 0xa6, 0x99, 0x40, 0x5e, 0xd6, 0x6a, 0xcc, 0x01, 0x33, 0x65, 0x18, 0x05, 0x00, 0x96, 0x28, 0x29, 0xbe, 0x85, 0x57, 0xb7, 0x1d, 0x02, 0x21, 0x00, 0x94, 0x50, 0x1d, 0xf1, 0x90, 0x03, 0xa4, 0x4d, 0xa4, 0xdf, 0x9f, 0xbb, 0xb5, 0xe4, 0xce, 0x91, 0x6b, 0xc3, 0x90, 0xe8, 0x38, 0x99, 0x66, 0x4f, 0xa5, 0xc4, 0x0c, 0xf3, 0xed, 0xe3, 0xda, 0x83 } } }); - var ex = Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); - Assert.Equal("Failed to validate signature", ex.Result.Message); + var ex = await Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); + Assert.Equal("Failed to validate signature", ex.Message); } [Fact] @@ -174,7 +174,7 @@ public void TestSigNotByteString() } [Fact] - public void TestSigByteStringZeroLen() + public async Task TestSigByteStringZeroLen() { var (type, alg, crv) = Fido2Tests._validCOSEParameters[0]; var signature = SignData(type, alg, crv); @@ -182,8 +182,8 @@ public void TestSigByteStringZeroLen() { "alg", alg }, { "sig", Array.Empty() } }); - var ex = Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); - Assert.Equal("Invalid packed attestation signature", ex.Result.Message); + var ex = await Assert.ThrowsAsync(() => MakeAttestationResponseAsync()); + Assert.Equal("Invalid packed attestation signature", ex.Message); } [Fact] @@ -295,11 +295,7 @@ public void TestFull() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt); } @@ -366,11 +362,7 @@ public void TestFullMissingX5c() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -460,11 +452,7 @@ public void TestFullX5cCountNotOne() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -505,11 +493,7 @@ public void TestFullX5cValueNotByteString() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -550,11 +534,7 @@ public void TestFullX5cValueZeroLengthByteString() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -691,11 +671,7 @@ public void TestFullInvalidAlg() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -738,11 +714,7 @@ public void TestFullInvalidSig() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -900,11 +872,7 @@ public async void TestAttCertSubjectCommaAsync() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } @@ -953,11 +921,7 @@ public async Task TestFullAttCertAaguidNotMatchAuthdata() byte[] serial = RandomNumberGenerator.GetBytes(12); - using (X509Certificate2 publicOnly = attRequest.Create( - root, - notBefore, - notAfter, - serial)) + using (X509Certificate2 publicOnly = attRequest.Create(root, notBefore, notAfter, serial)) { attestnCert = publicOnly.CopyWithPrivateKey(ecdsaAtt); } diff --git a/Test/Attestation/Tpm.cs b/Test/Attestation/Tpm.cs index a15333a5..80fe3a65 100644 --- a/Test/Attestation/Tpm.cs +++ b/Test/Attestation/Tpm.cs @@ -132,15 +132,15 @@ public void TestTPM() rootCert.RawData }; - var ecparams = ecdsaAtt.ExportParameters(true); + var ecParams = ecdsaAtt.ExportParameters(true); var cpk = new CborMap { - { COSE.KeyCommonParameter.KeyType, type }, - { COSE.KeyCommonParameter.Alg, alg}, - { COSE.KeyTypeParameter.X, ecparams.Q.X}, - { COSE.KeyTypeParameter.Y, ecparams.Q.Y}, - { COSE.KeyTypeParameter.Crv, curve}, - }; + { COSE.KeyCommonParameter.KeyType, type }, + { COSE.KeyCommonParameter.Alg, alg}, + { COSE.KeyTypeParameter.X, ecParams.Q.X}, + { COSE.KeyTypeParameter.Y, ecParams.Q.Y}, + { COSE.KeyTypeParameter.Crv, curve}, + }; var x = (byte[])cpk[COSE.KeyTypeParameter.X]; var y = (byte[])cpk[COSE.KeyTypeParameter.Y]; @@ -183,7 +183,7 @@ public void TestTPM() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -239,12 +239,12 @@ public void TestTPM() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -274,7 +274,7 @@ public void TestTPM() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -364,12 +364,12 @@ public void TestTPMAikCertSANTCGConformant() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -399,7 +399,7 @@ public void TestTPMAikCertSANTCGConformant() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -475,12 +475,12 @@ public void TestTPMSigNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -509,7 +509,7 @@ public void TestTPMSigNull() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -573,12 +573,12 @@ public void TestTPMSigNotByteString() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -607,7 +607,7 @@ public void TestTPMSigNotByteString() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -671,12 +671,12 @@ public void TestTPMSigByteStringZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -705,7 +705,7 @@ public void TestTPMSigByteStringZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -776,12 +776,12 @@ public void TestTPMVersionNot2() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -810,7 +810,7 @@ public void TestTPMVersionNot2() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -875,12 +875,12 @@ public void TestTPMPubAreaNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -910,7 +910,7 @@ public void TestTPMPubAreaNull() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -974,12 +974,12 @@ public void TestTPMPubAreaNotByteString() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1008,7 +1008,7 @@ public void TestTPMPubAreaNotByteString() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1072,12 +1072,12 @@ public void TestTPMPubAreaByteStringZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1106,7 +1106,7 @@ public void TestTPMPubAreaByteStringZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1170,12 +1170,12 @@ public void TestTPMPubAreaUniqueNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var policy = new byte[] { 0x00 }; var pubArea = TpmAlg.TPM_ALG_RSA.ToUInt16BigEndianBytes() @@ -1202,7 +1202,7 @@ var pubArea var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1266,12 +1266,12 @@ public void TestTPMPubAreaUniqueByteStringZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1302,7 +1302,7 @@ public void TestTPMPubAreaUniqueByteStringZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1361,17 +1361,17 @@ public void TestTPMPubAreaUniquePublicKeyMismatch() attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt); } - var X5c = new CborArray { + var x5c = new CborArray { attestnCert.RawData, rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1400,7 +1400,7 @@ public void TestTPMPubAreaUniquePublicKeyMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1416,7 +1416,7 @@ public void TestTPMPubAreaUniquePublicKeyMismatch() _attestationObject.Add("attStmt", new CborMap { { "ver", "2.0" }, { "alg", alg }, - { "x5c", X5c }, + { "x5c", x5c }, { "sig", signature }, { "certInfo", certInfo }, { "pubArea", pubArea } @@ -1464,12 +1464,12 @@ public void TestTPMPubAreaUniqueExponentMismatch() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1498,7 +1498,7 @@ public void TestTPMPubAreaUniqueExponentMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1612,7 +1612,7 @@ public void TestTPMPubAreaUniqueXValueMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1727,7 +1727,7 @@ public void TestTPMPubAreaUniqueYValueMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1842,7 +1842,7 @@ public void TestTPMPubAreaUniqueCurveMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -1906,12 +1906,12 @@ public void TestTPMCertInfoNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -1940,7 +1940,7 @@ public void TestTPMCertInfoNull() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2004,12 +2004,12 @@ public void TestTPMCertInfoNotByteString() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2038,7 +2038,7 @@ public void TestTPMCertInfoNotByteString() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2109,12 +2109,12 @@ public void TestTPMCertInfoByteStringZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2143,7 +2143,7 @@ public void TestTPMCertInfoByteStringZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2207,12 +2207,12 @@ public void TestTPMCertInfoBadMagic() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2241,7 +2241,7 @@ public void TestTPMCertInfoBadMagic() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }, // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2305,12 +2305,12 @@ public void TestTPMCertInfoBadType() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2339,7 +2339,7 @@ public void TestTPMCertInfoBadType() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }, // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2403,12 +2403,12 @@ public void TestTPMCertInfoExtraDataZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2437,7 +2437,7 @@ public void TestTPMCertInfoExtraDataZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner Array.Empty(), // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2501,12 +2501,12 @@ public void TestTPMCertInfoTPM2BNameIsHandle() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2535,7 +2535,7 @@ public void TestTPMCertInfoTPM2BNameIsHandle() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2599,12 +2599,12 @@ public void TestTPMCertInfoTPM2BNoName() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2633,7 +2633,7 @@ public void TestTPMCertInfoTPM2BNoName() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2697,12 +2697,12 @@ public void TestTPMCertInfoTPM2BExtraBytes() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2736,7 +2736,7 @@ public void TestTPMCertInfoTPM2BExtraBytes() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2800,12 +2800,12 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2834,7 +2834,7 @@ public void TestTPMCertInfoTPM2BInvalidHashAlg() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2898,12 +2898,12 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -2932,7 +2932,7 @@ public void TestTPMCertInfoTPM2BInvalidTPMALGID() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -2996,12 +2996,12 @@ public void TestTPMAlgNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3030,7 +3030,7 @@ public void TestTPMAlgNull() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3094,12 +3094,12 @@ public void TestTPMAlgNotNumber() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3128,7 +3128,7 @@ public void TestTPMAlgNotNumber() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3192,12 +3192,12 @@ public void TestTPMAlgMismatch() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3226,7 +3226,7 @@ public void TestTPMAlgMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3290,12 +3290,12 @@ public void TestTPMPubAreaAttestedDataMismatch() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3327,7 +3327,7 @@ public void TestTPMPubAreaAttestedDataMismatch() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3391,12 +3391,12 @@ public void TestTPMMissingX5c() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3425,7 +3425,7 @@ public void TestTPMMissingX5c() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3489,12 +3489,12 @@ public void TestX5cNotArray() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3523,7 +3523,7 @@ public void TestX5cNotArray() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3587,12 +3587,12 @@ public void TestTPMX5cCountZero() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3621,7 +3621,7 @@ public void TestTPMX5cCountZero() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3685,12 +3685,12 @@ public async Task TestTPMX5cValuesNull() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3719,7 +3719,7 @@ public async Task TestTPMX5cValuesNull() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3778,17 +3778,17 @@ public void TestTPMX5cValuesCountZero() attestnCert = publicOnly.CopyWithPrivateKey(rsaAtt); } - var X5c = new CborArray { + var x5c = new CborArray { attestnCert.RawData, rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3817,7 +3817,7 @@ public void TestTPMX5cValuesCountZero() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3882,12 +3882,12 @@ public void TestTPMFirstX5cValueNotByteString() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -3916,7 +3916,7 @@ public void TestTPMFirstX5cValueNotByteString() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -3980,12 +3980,12 @@ public void TestTPMFirstX5cValueByteStringZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4014,7 +4014,7 @@ public void TestTPMFirstX5cValueByteStringZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4078,12 +4078,12 @@ public void TestTPMBadSignature() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4112,7 +4112,7 @@ public void TestTPMBadSignature() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4181,12 +4181,12 @@ public void TestTPMAikCertNotV3() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4215,7 +4215,7 @@ public void TestTPMAikCertNotV3() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4290,12 +4290,12 @@ public void TestTPMAikCertSubjectNotEmpty() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4324,7 +4324,7 @@ public void TestTPMAikCertSubjectNotEmpty() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4388,12 +4388,12 @@ public void TestTPMAikCertSANMissing() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4427,7 +4427,7 @@ public void TestTPMAikCertSANMissing() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4494,12 +4494,12 @@ public void TestTPMAikCertSANZeroLen() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4528,7 +4528,7 @@ public void TestTPMAikCertSANZeroLen() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4596,12 +4596,12 @@ public void TestTPMAikCertSANNoManufacturer() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4630,7 +4630,7 @@ public void TestTPMAikCertSANNoManufacturer() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4698,12 +4698,12 @@ public void TestTPMAikCertSANNoModel() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4732,7 +4732,7 @@ public void TestTPMAikCertSANNoModel() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4800,12 +4800,12 @@ public void TestTPMAikCertSANNoVersion() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4834,7 +4834,7 @@ public void TestTPMAikCertSANNoVersion() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -4903,12 +4903,12 @@ public void TestTPMAikCertSANInvalidManufacturer() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -4937,7 +4937,7 @@ public void TestTPMAikCertSANInvalidManufacturer() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5002,12 +5002,12 @@ public void TestTPMAikCertEKUMissingTCGKP() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -5036,7 +5036,7 @@ public void TestTPMAikCertEKUMissingTCGKP() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5100,12 +5100,12 @@ public void TestTPMAikCertCATrue() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -5134,7 +5134,7 @@ public void TestTPMAikCertCATrue() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5198,12 +5198,12 @@ public async void TestTPMAikCertMisingAAGUID() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -5232,7 +5232,7 @@ public async void TestTPMAikCertMisingAAGUID() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5312,12 +5312,12 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -5346,7 +5346,7 @@ public void TestTPMAikCertAAGUIDNotMatchAuthData() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5410,12 +5410,12 @@ public void TestTPMECDAANotSupported() rootCert.RawData }; - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaparams); + _credentialPublicKey = GetRSACredentialPublicKey(type, alg, rsaParams); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_RSA, // Type @@ -5444,7 +5444,7 @@ public void TestTPMECDAANotSupported() var certInfo = CreateCertInfo( new byte[] { 0x47, 0x43, 0x54, 0xff }.Reverse().ToArray(), // Magic new byte[] { 0x17, 0x80 }.Reverse().ToArray(), // Type - new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSIgner + new byte[] { 0x00, 0x01, 0x00 }, // QualifiedSigner extraData, // ExtraData new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // Clock new byte[] { 0x00, 0x00, 0x00, 0x00 }, // ResetCount @@ -5489,10 +5489,10 @@ public void TestCertInfoExtraBytes() public void TestPubAreaAltKeyedHash() { using var rsaAtt = RSA.Create(); - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_KEYEDHASH, // Type @@ -5516,10 +5516,10 @@ public void TestPubAreaAltKeyedHash() public void TestPubAreaAltSymCipher() { using var rsaAtt = RSA.Create(); - var rsaparams = rsaAtt.ExportParameters(true); + var rsaParams = rsaAtt.ExportParameters(true); - unique = rsaparams.Modulus; - exponent = rsaparams.Exponent; + unique = rsaParams.Modulus; + exponent = rsaParams.Exponent; var pubArea = CreatePubArea( TpmAlg.TPM_ALG_SYMCIPHER, // Type @@ -5596,7 +5596,7 @@ internal static byte[] CreatePubArea( internal static byte[] CreateCertInfo( ReadOnlySpan magic, ReadOnlySpan type, - ReadOnlySpan qualifiedSigner, + ReadOnlySpan QualifiedSigner, ReadOnlySpan extraData, ReadOnlySpan clock, ReadOnlySpan resetCount, @@ -5610,7 +5610,7 @@ internal static byte[] CreateCertInfo( stream.Write(magic); stream.Write(type); - stream.Write(qualifiedSigner); + stream.Write(QualifiedSigner); stream.Write(extraData); stream.Write(clock); stream.Write(resetCount); @@ -5638,13 +5638,13 @@ internal static byte[] GetUInt16BigEndianBytes(UInt16 value) } - internal static CredentialPublicKey GetRSACredentialPublicKey(COSE.KeyType type, COSE.Algorithm alg, RSAParameters rsaparams) + internal static CredentialPublicKey GetRSACredentialPublicKey(COSE.KeyType type, COSE.Algorithm alg, RSAParameters rsaParams) { var cpk = new CborMap { { COSE.KeyCommonParameter.KeyType, type }, { COSE.KeyCommonParameter.Alg, alg }, - { COSE.KeyTypeParameter.N, rsaparams.Modulus }, - { COSE.KeyTypeParameter.E, rsaparams.Exponent } + { COSE.KeyTypeParameter.N, rsaParams.Modulus }, + { COSE.KeyTypeParameter.E, rsaParams.Exponent } }; return new CredentialPublicKey(cpk); diff --git a/Test/AttestationTypeTests.cs b/Test/AttestationTypeTests.cs index df7ebe10..02d6fcbc 100644 --- a/Test/AttestationTypeTests.cs +++ b/Test/AttestationTypeTests.cs @@ -5,7 +5,7 @@ namespace Fido2NetLib.Objects.Tests; public class AttestationTypeTests { [Fact] - public void ImplicitlyConvertableToString() + public void ImplicitlyConvertibleToString() { Assert.Equal("none", AttestationType.None); } @@ -18,7 +18,7 @@ public void CanSerialize() } [Fact] - public void CanDeseriaalize() + public void CanDeserialize() { Assert.Same(AttestationType.None, JsonSerializer.Deserialize("\"none\"")); Assert.Same(AttestationType.ECDAA, JsonSerializer.Deserialize("\"ecdaa\"")); diff --git a/Test/AuthenticatorResponse.cs b/Test/AuthenticatorResponse.cs index 25d364dc..8c48a146 100644 --- a/Test/AuthenticatorResponse.cs +++ b/Test/AuthenticatorResponse.cs @@ -23,7 +23,6 @@ public void CanDeserialize() Assert.Equal("webauthn.get", response.Type); Assert.Equal(Base64Url.Decode("J4fjxBV-BNywGRJRm8JZ7znvdiZo9NINObNBpnKnJQEOtplTMF0ERuIrzrkeoO-dNMoeMZjhzqfar7eWRANvPeNFPrB5Q6zlS1ZFPf37F3suIwpXi9NCpFA_RlBSiygLmvcIOa57_QHubZQD3cv0UWtRTLslJjmgumphMc7EFN8"), response.Challenge); Assert.Equal("https://www.passwordless.dev", response.Origin); - } [Theory] @@ -58,7 +57,7 @@ public async Task TestAuthenticatorOriginsAsync(string origin, string expectedOr { var challenge = RandomNumberGenerator.GetBytes(128); var rp = origin; - var acd = new AttestedCredentialData(("00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-40-FE-6A-32-63-BE-37-D1-01-B1-2E-57-CA-96-6C-00-22-93-E4-19-C8-CD-01-06-23-0B-C6-92-E8-CC-77-12-21-F1-DB-11-5D-41-0F-82-6B-DB-98-AC-64-2E-B1-AE-B5-A8-03-D1-DB-C1-47-EF-37-1C-FD-B1-CE-B0-48-CB-2C-A5-01-02-03-26-20-01-21-58-20-A6-D1-09-38-5A-C7-8E-5B-F0-3D-1C-2E-08-74-BE-6D-BB-A4-0B-4F-2A-5F-2F-11-82-45-65-65-53-4F-67-28-22-58-20-43-E1-08-2A-F3-13-5B-40-60-93-79-AC-47-42-58-AA-B3-97-B8-86-1D-E4-41-B4-4E-83-08-5D-1C-6B-E0-D0").Split('-').Select(c => Convert.ToByte(c, 16)).ToArray()); + var acd = new AttestedCredentialData(Convert.FromHexString("000000000000000000000000000000000040FE6A3263BE37D101B12E57CA966C002293E419C8CD0106230BC692E8CC771221F1DB115D410F826BDB98AC642EB1AEB5A803D1DBC147EF371CFDB1CEB048CB2CA5010203262001215820A6D109385AC78E5BF03D1C2E0874BE6DBBA40B4F2A5F2F1182456565534F672822582043E1082AF3135B40609379AC474258AAB397B8861DE441B44E83085D1C6BE0D0")); var authData = new AuthenticatorData( SHA256.HashData(Encoding.UTF8.GetBytes(origin)), AuthenticatorFlags.UP | AuthenticatorFlags.AT, @@ -99,9 +98,9 @@ public async Task TestAuthenticatorOriginsAsync(string origin, string expectedOr }, Challenge = challenge, ErrorMessage = "", - PubKeyCredParams = new List() + PubKeyCredParams = new List { - new PubKeyCredParam(COSE.Algorithm.ES256) + PubKeyCredParam.ES256 }, Rp = new PublicKeyCredentialRpEntity(rp, rp, ""), Status = "ok", @@ -161,7 +160,7 @@ public void TestAuthenticatorOriginsFail(string origin, string expectedOrigin) { var challenge = RandomNumberGenerator.GetBytes(128); var rp = origin; - var acd = new AttestedCredentialData(("00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-40-FE-6A-32-63-BE-37-D1-01-B1-2E-57-CA-96-6C-00-22-93-E4-19-C8-CD-01-06-23-0B-C6-92-E8-CC-77-12-21-F1-DB-11-5D-41-0F-82-6B-DB-98-AC-64-2E-B1-AE-B5-A8-03-D1-DB-C1-47-EF-37-1C-FD-B1-CE-B0-48-CB-2C-A5-01-02-03-26-20-01-21-58-20-A6-D1-09-38-5A-C7-8E-5B-F0-3D-1C-2E-08-74-BE-6D-BB-A4-0B-4F-2A-5F-2F-11-82-45-65-65-53-4F-67-28-22-58-20-43-E1-08-2A-F3-13-5B-40-60-93-79-AC-47-42-58-AA-B3-97-B8-86-1D-E4-41-B4-4E-83-08-5D-1C-6B-E0-D0").Split('-').Select(c => Convert.ToByte(c, 16)).ToArray()); + var acd = new AttestedCredentialData(Convert.FromHexString("000000000000000000000000000000000040FE6A3263BE37D101B12E57CA966C002293E419C8CD0106230BC692E8CC771221F1DB115D410F826BDB98AC642EB1AEB5A803D1DBC147EF371CFDB1CEB048CB2CA5010203262001215820A6D109385AC78E5BF03D1C2E0874BE6DBBA40B4F2A5F2F1182456565534F672822582043E1082AF3135B40609379AC474258AAB397B8861DE441B44E83085D1C6BE0D0")); var authData = new AuthenticatorData( SHA256.HashData(Encoding.UTF8.GetBytes(origin)), AuthenticatorFlags.UP | AuthenticatorFlags.AT, @@ -180,7 +179,7 @@ public void TestAuthenticatorOriginsFail(string origin, string expectedOrigin) Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Response = new AuthenticatorAttestationRawResponse.ResponseData() + Response = new AuthenticatorAttestationRawResponse.ResponseData { AttestationObject = new CborMap { { "fmt", "none" }, @@ -222,7 +221,7 @@ public void TestAuthenticatorOriginsFail(string origin, string expectedOrigin) return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -249,12 +248,12 @@ public void TestAuthenticatorAttestationRawResponse() Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Response = new AuthenticatorAttestationRawResponse.ResponseData() + Response = new AuthenticatorAttestationRawResponse.ResponseData { AttestationObject = new CborMap().Encode(), ClientDataJson = clientDataJson }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = true, AuthenticatorSelection = true, @@ -297,6 +296,7 @@ public void TestAuthenticatorAttestationRawResponse() public void TestAuthenticatorAttestationRawResponseNull() { var ex = Assert.Throws(() => AuthenticatorAttestationResponse.Parse(null)); + Assert.Equal("Expected rawResponse, got null", ex.Message); } @@ -310,6 +310,7 @@ public void TestAuthenticatorAttestationResponseNull() RawId = new byte[] { 0xf1, 0xd0 }, Response = null, }; + var ex = Assert.Throws(() => AuthenticatorAttestationResponse.Parse(rawResponse)); Assert.Equal("Expected rawResponse, got null", ex.Message); } @@ -317,7 +318,7 @@ public void TestAuthenticatorAttestationResponseNull() [Theory] [InlineData(null)] [InlineData(new byte[0])] - public void TestAuthenticatorAttestationReponseAttestationObjectNull(byte[] value) + public void TestAuthenticatorAttestationResponseAttestationObjectNull(byte[] value) { var rawResponse = new AuthenticatorAttestationRawResponse { @@ -433,7 +434,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidType() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -505,7 +506,7 @@ public void TestAuthenticatorAttestationResponseInvalidRawId(byte[] value) return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -575,7 +576,7 @@ public async Task TestAuthenticatorAttestationResponseInvalidRawType() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -652,7 +653,7 @@ public void TestAuthenticatorAttestationResponseRpidMismatch() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -731,7 +732,7 @@ public async Task TestAuthenticatorAttestationResponseNotUserPresentAsync() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -800,7 +801,7 @@ public void TestAuthenticatorAttestationResponseBackupEligiblePolicyRequired() { Name = "testuser", Id = "testuser"u8.ToArray(), - DisplayName = "Test User", + DisplayName = "Test User" }, Timeout = 60000, }; @@ -810,7 +811,7 @@ public void TestAuthenticatorAttestationResponseBackupEligiblePolicyRequired() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -888,7 +889,7 @@ public void TestAuthenticatorAttestationResponseBackupEligiblePolicyDisallowed() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -924,7 +925,7 @@ public void TestAuthenticatorAttestationResponseNoAttestedCredentialData() Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Response = new AuthenticatorAttestationRawResponse.ResponseData() + Response = new AuthenticatorAttestationRawResponse.ResponseData { AttestationObject = new CborMap { { "fmt", "testing" }, @@ -966,7 +967,7 @@ public void TestAuthenticatorAttestationResponseNoAttestedCredentialData() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -982,7 +983,7 @@ public void TestAuthenticatorAttestationResponseUnknownAttestationType() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var acd = new AttestedCredentialData(("00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-40-FE-6A-32-63-BE-37-D1-01-B1-2E-57-CA-96-6C-00-22-93-E4-19-C8-CD-01-06-23-0B-C6-92-E8-CC-77-12-21-F1-DB-11-5D-41-0F-82-6B-DB-98-AC-64-2E-B1-AE-B5-A8-03-D1-DB-C1-47-EF-37-1C-FD-B1-CE-B0-48-CB-2C-A5-01-02-03-26-20-01-21-58-20-A6-D1-09-38-5A-C7-8E-5B-F0-3D-1C-2E-08-74-BE-6D-BB-A4-0B-4F-2A-5F-2F-11-82-45-65-65-53-4F-67-28-22-58-20-43-E1-08-2A-F3-13-5B-40-60-93-79-AC-47-42-58-AA-B3-97-B8-86-1D-E4-41-B4-4E-83-08-5D-1C-6B-E0-D0").Split('-').Select(c => Convert.ToByte(c, 16)).ToArray()); + var acd = new AttestedCredentialData(Convert.FromHexString("000000000000000000000000000000000040FE6A3263BE37D101B12E57CA966C002293E419C8CD0106230BC692E8CC771221F1DB115D410F826BDB98AC642EB1AEB5A803D1DBC147EF371CFDB1CEB048CB2CA5010203262001215820A6D109385AC78E5BF03D1C2E0874BE6DBBA40B4F2A5F2F1182456565534F672822582043E1082AF3135B40609379AC474258AAB397B8861DE441B44E83085D1C6BE0D0")); var authData = new AuthenticatorData( SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.AT | AuthenticatorFlags.UP | AuthenticatorFlags.UV, @@ -1044,7 +1045,7 @@ public void TestAuthenticatorAttestationResponseUnknownAttestationType() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1061,7 +1062,7 @@ public void TestAuthenticatorAttestationResponseNotUniqueCredId() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var acd = new AttestedCredentialData(("00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-40-FE-6A-32-63-BE-37-D1-01-B1-2E-57-CA-96-6C-00-22-93-E4-19-C8-CD-01-06-23-0B-C6-92-E8-CC-77-12-21-F1-DB-11-5D-41-0F-82-6B-DB-98-AC-64-2E-B1-AE-B5-A8-03-D1-DB-C1-47-EF-37-1C-FD-B1-CE-B0-48-CB-2C-A5-01-02-03-26-20-01-21-58-20-A6-D1-09-38-5A-C7-8E-5B-F0-3D-1C-2E-08-74-BE-6D-BB-A4-0B-4F-2A-5F-2F-11-82-45-65-65-53-4F-67-28-22-58-20-43-E1-08-2A-F3-13-5B-40-60-93-79-AC-47-42-58-AA-B3-97-B8-86-1D-E4-41-B4-4E-83-08-5D-1C-6B-E0-D0").Split('-').Select(c => Convert.ToByte(c, 16)).ToArray()); + var acd = new AttestedCredentialData(Convert.FromHexString("000000000000000000000000000000000040FE6A3263BE37D101B12E57CA966C002293E419C8CD0106230BC692E8CC771221F1DB115D410F826BDB98AC642EB1AEB5A803D1DBC147EF371CFDB1CEB048CB2CA5010203262001215820A6D109385AC78E5BF03D1C2E0874BE6DBBA40B4F2A5F2F1182456565534F672822582043E1082AF3135B40609379AC474258AAB397B8861DE441B44E83085D1C6BE0D0")); var authData = new AuthenticatorData( SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.AT | AuthenticatorFlags.UP | AuthenticatorFlags.UV, @@ -1080,7 +1081,7 @@ public void TestAuthenticatorAttestationResponseNotUniqueCredId() Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Response = new AuthenticatorAttestationRawResponse.ResponseData() + Response = new AuthenticatorAttestationRawResponse.ResponseData { AttestationObject = new CborMap { { "fmt", "none" }, @@ -1122,7 +1123,7 @@ public void TestAuthenticatorAttestationResponseNotUniqueCredId() return Task.FromResult(false); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1138,7 +1139,7 @@ public void TestAuthenticatorAttestationResponseUVRequired() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var acd = new AttestedCredentialData(("00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-40-FE-6A-32-63-BE-37-D1-01-B1-2E-57-CA-96-6C-00-22-93-E4-19-C8-CD-01-06-23-0B-C6-92-E8-CC-77-12-21-F1-DB-11-5D-41-0F-82-6B-DB-98-AC-64-2E-B1-AE-B5-A8-03-D1-DB-C1-47-EF-37-1C-FD-B1-CE-B0-48-CB-2C-A5-01-02-03-26-20-01-21-58-20-A6-D1-09-38-5A-C7-8E-5B-F0-3D-1C-2E-08-74-BE-6D-BB-A4-0B-4F-2A-5F-2F-11-82-45-65-65-53-4F-67-28-22-58-20-43-E1-08-2A-F3-13-5B-40-60-93-79-AC-47-42-58-AA-B3-97-B8-86-1D-E4-41-B4-4E-83-08-5D-1C-6B-E0-D0").Split('-').Select(c => Convert.ToByte(c, 16)).ToArray()); + var acd = new AttestedCredentialData(Convert.FromHexString("000000000000000000000000000000000040FE6A3263BE37D101B12E57CA966C002293E419C8CD0106230BC692E8CC771221F1DB115D410F826BDB98AC642EB1AEB5A803D1DBC147EF371CFDB1CEB048CB2CA5010203262001215820A6D109385AC78E5BF03D1C2E0874BE6DBBA40B4F2A5F2F1182456565534F672822582043E1082AF3135B40609379AC474258AAB397B8861DE441B44E83085D1C6BE0D0")); var authData = new AuthenticatorData( SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.AT | AuthenticatorFlags.UP, @@ -1199,7 +1200,7 @@ public void TestAuthenticatorAttestationResponseUVRequired() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1221,7 +1222,7 @@ public void TestAuthenticatorAssertionRawResponse() Origin = "https://www.passwordless.dev", }); - var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse() + var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse { AuthenticatorData = new byte[] { 0xf1, 0xd0 }, Signature = new byte[] { 0xf1, 0xd0 }, @@ -1229,13 +1230,13 @@ public void TestAuthenticatorAssertionRawResponse() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = true, AuthenticatorSelection = true, @@ -1246,7 +1247,7 @@ public void TestAuthenticatorAssertionRawResponse() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, PRF = new AuthenticationExtensionsPRFOutputs { @@ -1281,7 +1282,6 @@ public void TestAuthenticatorAssertionTypeNotPublicKey() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, @@ -1305,16 +1305,16 @@ public void TestAuthenticatorAssertionTypeNotPublicKey() AuthenticatorData = new AuthenticatorData(SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.UP | AuthenticatorFlags.UV, 0, null).ToByteArray(), Signature = new byte[] { 0xf1, 0xd0 }, ClientDataJson = clientDataJson, - UserHandle = new byte[] { 0xf1, 0xd0 }, + UserHandle = new byte[] { 0xf1, 0xd0 } }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.Invalid, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -1325,12 +1325,12 @@ public void TestAuthenticatorAssertionTypeNotPublicKey() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, - }, + } + } } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1352,7 +1352,6 @@ public void TestAuthenticatorAssertionIdMissing() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, @@ -1371,7 +1370,7 @@ public void TestAuthenticatorAssertionIdMissing() } }; - var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse() + var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse { AuthenticatorData = new AuthenticatorData(SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.UP | AuthenticatorFlags.UV, 0, null).ToByteArray(), Signature = new byte[] { 0xf1, 0xd0 }, @@ -1379,12 +1378,12 @@ public void TestAuthenticatorAssertionIdMissing() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -1395,12 +1394,12 @@ public void TestAuthenticatorAssertionIdMissing() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1465,12 +1464,12 @@ public void TestAuthenticatorAssertionRawIdMissing() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1492,7 +1491,6 @@ public void TestAuthenticatorAssertionUserHandleEmpty() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, @@ -1516,7 +1514,7 @@ public void TestAuthenticatorAssertionUserHandleEmpty() AuthenticatorData = new AuthenticatorData(SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.UP | AuthenticatorFlags.UV, 0, null).ToByteArray(), Signature = new byte[] { 0xf1, 0xd0 }, ClientDataJson = clientDataJson, - UserHandle = new byte[] { }, + UserHandle = Array.Empty(), }; var assertionResponse = new AuthenticatorAssertionRawResponse() @@ -1536,12 +1534,12 @@ public void TestAuthenticatorAssertionUserHandleEmpty() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1563,7 +1561,6 @@ public void TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, @@ -1607,12 +1604,12 @@ public void TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1634,7 +1631,6 @@ public void TestAuthenticatorAssertionTypeNotWebAuthnGet() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.create", challenge : challenge, @@ -1661,13 +1657,13 @@ public void TestAuthenticatorAssertionTypeNotWebAuthnGet() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -1678,12 +1674,12 @@ public void TestAuthenticatorAssertionTypeNotWebAuthnGet() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1730,7 +1726,7 @@ public void TestAuthenticatorAssertionAppId() AuthenticatorData = new AuthenticatorData(SHA256.HashData(Encoding.UTF8.GetBytes(rp)), AuthenticatorFlags.UP | AuthenticatorFlags.UV, 0, null).ToByteArray(), Signature = new byte[] { 0xf1, 0xd0 }, ClientDataJson = clientDataJson, - UserHandle = new byte[] { 0xf1, 0xd0 }, + UserHandle = new byte[] { 0xf1, 0xd0 } }; var assertionResponse = new AuthenticatorAssertionRawResponse() @@ -1755,7 +1751,7 @@ public void TestAuthenticatorAssertionAppId() } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1826,7 +1822,7 @@ public void TestAuthenticatorAssertionInvalidRpIdHash() } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -1876,13 +1872,13 @@ public void TestAuthenticatorAssertionUPRequirementNotMet() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -1893,12 +1889,12 @@ public void TestAuthenticatorAssertionUPRequirementNotMet() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, - }, + } + } } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1920,7 +1916,7 @@ public void TestAuthenticatorAssertionUVPolicyNotMet() var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -1947,13 +1943,13 @@ public void TestAuthenticatorAssertionUVPolicyNotMet() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -1965,11 +1961,11 @@ public void TestAuthenticatorAssertionUVPolicyNotMet() { 4 // USER_VERIFY_PASSCODE_INTERNAL }, - }, + } } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1990,8 +1986,7 @@ public void TestAuthenticatorAssertionBEPolicyRequired() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2034,12 +2029,12 @@ public void TestAuthenticatorAssertionBEPolicyRequired() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -2061,8 +2056,7 @@ public void TestAuthenticatorAssertionBEPolicyDisallow() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2094,7 +2088,7 @@ public void TestAuthenticatorAssertionBEPolicyDisallow() Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -2110,7 +2104,7 @@ public void TestAuthenticatorAssertionBEPolicyDisallow() } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackupEligibleCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Disallowed, ServerDomain = rp, @@ -2132,8 +2126,7 @@ public void TestAuthenticatorAssertionBSPolicyRequired() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2165,7 +2158,7 @@ public void TestAuthenticatorAssertionBSPolicyRequired() Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -2181,7 +2174,7 @@ public void TestAuthenticatorAssertionBSPolicyRequired() } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackedUpCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Required, ServerDomain = rp, @@ -2203,8 +2196,7 @@ public void TestAuthenticatorAssertionBSPolicyDisallow() { var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2230,13 +2222,13 @@ public void TestAuthenticatorAssertionBSPolicyDisallow() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, Id = new byte[] { 0xf1, 0xd0 }, RawId = new byte[] { 0xf1, 0xd0 }, - Extensions = new AuthenticationExtensionsClientOutputs() + Extensions = new AuthenticationExtensionsClientOutputs { AppID = false, AuthenticatorSelection = true, @@ -2248,11 +2240,11 @@ public void TestAuthenticatorAssertionBSPolicyDisallow() { 4 // USER_VERIFY_PASSCODE_INTERNAL }, - }, + } } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { BackedUpCredentialPolicy = Fido2Configuration.CredentialBackupPolicy.Disallowed, ServerDomain = rp, @@ -2275,7 +2267,7 @@ public void TestAuthenticatorAssertionStoredPublicKeyMissing() var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2317,12 +2309,12 @@ public void TestAuthenticatorAssertionStoredPublicKeyMissing() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -2344,7 +2336,7 @@ public void TestAuthenticatorAssertionInvalidSignature() var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2387,22 +2379,23 @@ public void TestAuthenticatorAssertionInvalidSignature() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, - }, + } + } } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, - Origins = new HashSet { rp }, + Origins = new HashSet { rp } }); IsUserHandleOwnerOfCredentialIdAsync callback = static (args, cancellationToken) => { return Task.FromResult(true); }; + fido2_net_lib.Test.Fido2Tests.MakeEdDSA(out _, out var publicKey, out var privateKey); var ex = Assert.ThrowsAsync(() => lib.MakeAssertionAsync(assertionResponse, options, fido2_net_lib.Test.Fido2Tests.MakeCredentialPublicKey(COSE.KeyType.OKP, COSE.Algorithm.EdDSA, COSE.EllipticCurve.Ed25519, publicKey).GetBytes(), null, 0, callback)); Assert.Equal(Fido2ErrorMessages.InvalidSignature, ex.Result.Message); @@ -2414,7 +2407,7 @@ public void TestAuthenticatorAssertionSignCountSignature() var challenge = RandomNumberGenerator.GetBytes(128); var rp = "https://www.passwordless.dev"; - Fido2NetLib.AuthenticatorResponse authenticatorResponse = new( + var authenticatorResponse = new AuthenticatorResponse( type : "webauthn.get", challenge : challenge, origin : rp @@ -2438,8 +2431,7 @@ public void TestAuthenticatorAssertionSignCountSignature() Key privateKey = Key.Import(SignatureAlgorithm.Ed25519, expandedPrivateKey, KeyBlobFormat.RawPrivateKey); var cpk = fido2_net_lib.Test.Fido2Tests.MakeCredentialPublicKey(COSE.KeyType.OKP, COSE.Algorithm.EdDSA, COSE.EllipticCurve.Ed25519, publicKey); - - var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse() + var assertion = new AuthenticatorAssertionRawResponse.AssertionResponse { AuthenticatorData = authData, Signature = SignatureAlgorithm.Ed25519.Sign(privateKey, DataHelper.Concat(authData, SHA256.HashData(clientDataJson))), @@ -2447,7 +2439,7 @@ public void TestAuthenticatorAssertionSignCountSignature() UserHandle = new byte[] { 0xf1, 0xd0 }, }; - var assertionResponse = new AuthenticatorAssertionRawResponse() + var assertionResponse = new AuthenticatorAssertionRawResponse { Response = assertion, Type = PublicKeyCredentialType.PublicKey, @@ -2464,12 +2456,12 @@ public void TestAuthenticatorAssertionSignCountSignature() new ulong[] { 4 // USER_VERIFY_PASSCODE_INTERNAL - }, + } }, } }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, diff --git a/Test/Converters/FidoEnumConverterTests.cs b/Test/Converters/FidoEnumConverterTests.cs index 497bf18e..6b823ae0 100644 --- a/Test/Converters/FidoEnumConverterTests.cs +++ b/Test/Converters/FidoEnumConverterTests.cs @@ -24,7 +24,7 @@ public void CorrectlyFallsBackToMemberName() Assert.Equal("\"A\"", JsonSerializer.Serialize(ABC.A)); Assert.Equal(ABC.A, JsonSerializer.Deserialize("\"A\"")); - // Case insenstive + // Case insensitive Assert.Equal("\"A\"", JsonSerializer.Serialize(ABC.A)); Assert.Equal(ABC.A, JsonSerializer.Deserialize("\"a\"")); } diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs index 0a95b0ce..c1d24c57 100644 --- a/Test/CryptoUtilsTests.cs +++ b/Test/CryptoUtilsTests.cs @@ -1,9 +1,7 @@ using System.Runtime.InteropServices; -using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Fido2NetLib; -using Fido2NetLib.Objects; namespace Test; @@ -53,6 +51,7 @@ public void TestValidateTrustChainRootAnchor() Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath)); } + [Fact] public void TestValidateTrustChainSubAnchor() { @@ -72,6 +71,7 @@ public void TestValidateTrustChainSubAnchor() Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath)); } + [Fact] public void TestValidateTrustChainSelf() { diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs index 50d2df21..a924c2bd 100644 --- a/Test/Fido2Tests.cs +++ b/Test/Fido2Tests.cs @@ -24,7 +24,6 @@ namespace fido2_net_lib.Test; - // todo: Create tests and name Facts and json files better. public class Fido2Tests { @@ -91,13 +90,13 @@ public abstract class Attestation public CredentialPublicKey _credentialPublicKey; public const string rp = "https://www.passwordless.dev"; public byte[] _challenge; - public X500DistinguishedName rootDN = new X500DistinguishedName("CN=Testing, O=FIDO2-NET-LIB, C=US"); - public Oid oidIdFidoGenCeAaguid = new Oid("1.3.6.1.4.1.45724.1.1.4"); + public X500DistinguishedName rootDN = new("CN=Testing, O=FIDO2-NET-LIB, C=US"); + public Oid oidIdFidoGenCeAaguid = new("1.3.6.1.4.1.45724.1.1.4"); //private byte[] asnEncodedAaguid = new byte[] { 0x04, 0x10, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, }; //public byte[] asnEncodedAaguid = new byte[] { 0x04, 0x10, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, }; public byte[] _asnEncodedAaguid; - public X509BasicConstraintsExtension caExt = new X509BasicConstraintsExtension(true, true, 2, false); - public X509BasicConstraintsExtension notCAExt = new X509BasicConstraintsExtension(false, false, 0, false); + protected X509BasicConstraintsExtension caExt = new(true, true, 2, false); + protected X509BasicConstraintsExtension notCAExt = new(false, false, 0, false); public X509Extension idFidoGenCeAaguidExt; public byte[] _rpIdHash => SHA256.HashData(Encoding.UTF8.GetBytes(rp)); @@ -127,7 +126,7 @@ public byte[] _attToBeSignedHash(HashAlgorithmName alg) public byte[] _credentialID; public const AuthenticatorFlags _flags = AuthenticatorFlags.AT | AuthenticatorFlags.ED | AuthenticatorFlags.UP | AuthenticatorFlags.UV; public ushort _signCount; - public Guid _aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0"); + protected Guid _aaguid = new("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0"); public Extensions _exts { get @@ -136,9 +135,10 @@ public Extensions _exts return new Extensions(extBytes); } } - public AuthenticatorData _authData => new AuthenticatorData(_rpIdHash, _flags, _signCount, _acd, _exts); + + public AuthenticatorData _authData => new(_rpIdHash, _flags, _signCount, _acd, _exts); - public AttestedCredentialData _acd => new AttestedCredentialData(_aaguid, _credentialID, _credentialPublicKey); + public AttestedCredentialData _acd => new(_aaguid, _credentialID, _credentialPublicKey); public Attestation() { @@ -199,18 +199,18 @@ public Attestation() ErrorMessage = "", PubKeyCredParams = new List() { - new PubKeyCredParam(COSE.Algorithm.ES256), - new PubKeyCredParam(COSE.Algorithm.ES384), - new PubKeyCredParam(COSE.Algorithm.ES512), - new PubKeyCredParam(COSE.Algorithm.RS1), - new PubKeyCredParam(COSE.Algorithm.RS256), - new PubKeyCredParam(COSE.Algorithm.RS384), - new PubKeyCredParam(COSE.Algorithm.RS512), - new PubKeyCredParam(COSE.Algorithm.PS256), - new PubKeyCredParam(COSE.Algorithm.PS384), - new PubKeyCredParam(COSE.Algorithm.PS512), - new PubKeyCredParam(COSE.Algorithm.EdDSA), - new PubKeyCredParam(COSE.Algorithm.ES256K), + new(COSE.Algorithm.ES256), + new(COSE.Algorithm.ES384), + new(COSE.Algorithm.ES512), + new(COSE.Algorithm.RS1), + new(COSE.Algorithm.RS256), + new(COSE.Algorithm.RS384), + new(COSE.Algorithm.RS512), + new(COSE.Algorithm.PS256), + new(COSE.Algorithm.PS384), + new(COSE.Algorithm.PS512), + new(COSE.Algorithm.EdDSA), + new(COSE.Algorithm.ES256K), }, Rp = new PublicKeyCredentialRpEntity(rp, rp, ""), Status = "ok", @@ -228,7 +228,7 @@ public Attestation() return Task.FromResult(true); }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -304,8 +304,8 @@ internal byte[] SignData(COSE.KeyType kty, COSE.Algorithm alg, COSE.EllipticCurv throw new ArgumentOutOfRangeException(nameof(alg), $"Missing or unknown alg {alg}"); } - var rsaparams = rsa.ExportParameters(true); - _credentialPublicKey = MakeCredentialPublicKey(kty, alg, rsaparams.Modulus, rsaparams.Exponent); + var rsaParams = rsa.ExportParameters(true); + _credentialPublicKey = MakeCredentialPublicKey(kty, alg, rsaParams.Modulus, rsaParams.Exponent); return rsa.SignData(_attToBeSigned, CryptoUtils.HashAlgFromCOSEAlg(alg), padding); } case COSE.KeyType.OKP: @@ -744,8 +744,8 @@ public void TestAttestedCredentialDataRSA() var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0"); var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, }; var rsa = RSA.Create(); - var rsaparams = rsa.ExportParameters(true); - var cpk = MakeCredentialPublicKey(COSE.KeyType.RSA, COSE.Algorithm.RS256, rsaparams.Modulus, rsaparams.Exponent); + var rsaParams = rsa.ExportParameters(true); + var cpk = MakeCredentialPublicKey(COSE.KeyType.RSA, COSE.Algorithm.RS256, rsaParams.Modulus, rsaParams.Exponent); var acdFromConst = new AttestedCredentialData(aaguid, credentialID, cpk); var acdBytes = acdFromConst.ToByteArray(); @@ -900,7 +900,7 @@ internal static byte[] CreatePubArea(byte[] type, byte[] alg, byte[] attributes, return raw.ToArray(); } - internal static byte[] CreateCertInfo(byte[] magic, byte[] type, byte[] qualifiedSigner, + internal static byte[] CreateCertInfo(byte[] magic, byte[] type, byte[] QualifiedSigner, byte[] extraData, byte[] clock, byte[] resetCount, byte[] restartCount, byte[] safe, byte[] firmwareRevision, byte[] tPM2BName, byte[] attestedQualifiedNameBuffer) { @@ -908,7 +908,7 @@ internal static byte[] CreateCertInfo(byte[] magic, byte[] type, byte[] qualifie raw.Write(magic); raw.Write(type); - raw.Write(qualifiedSigner); + raw.Write(QualifiedSigner); raw.Write(extraData); raw.Write(clock); raw.Write(resetCount); @@ -953,8 +953,8 @@ internal static async Task MakeAssertionResponseAsy { rsa ??= RSA.Create(); - var rsaparams = rsa.ExportParameters(true); - cpk = MakeCredentialPublicKey(kty, alg, rsaparams.Modulus, rsaparams.Exponent); + var rsaParams = rsa.ExportParameters(true); + cpk = MakeCredentialPublicKey(kty, alg, rsaParams.Modulus, rsaParams.Exponent); break; } case COSE.KeyType.OKP: @@ -1007,7 +1007,7 @@ internal static async Task MakeAssertionResponseAsy UserHandle = userHandle, }; - IFido2 lib = new Fido2(new Fido2Configuration() + var lib = new Fido2(new Fido2Configuration { ServerDomain = rp, ServerName = rp, @@ -1150,8 +1150,8 @@ internal static CredentialPublicKey MakeCredentialPublicKey((COSE.KeyType, COSE. case COSE.KeyType.RSA: { var rsa = RSA.Create(); - var rsaparams = rsa.ExportParameters(true); - cpk = MakeCredentialPublicKey(kty, alg, rsaparams.Modulus, rsaparams.Exponent); + var rsaParams = rsa.ExportParameters(true); + cpk = MakeCredentialPublicKey(kty, alg, rsaParams.Modulus, rsaParams.Exponent); break; } case COSE.KeyType.OKP: diff --git a/Test/MetadataServiceTests.cs b/Test/MetadataServiceTests.cs index 02a29ce1..e99ac539 100644 --- a/Test/MetadataServiceTests.cs +++ b/Test/MetadataServiceTests.cs @@ -85,17 +85,12 @@ public Task GetMetadataStatementAsync(MetadataBLOBPayload blo public class MockClock : ISystemClock { - public MockClock(DateTimeOffset time) { UtcNow = time; } - public DateTimeOffset UtcNow - { - get; - set; - } + public DateTimeOffset UtcNow { get; set; } } [Fact]