Fix TPMS_ECC_POINT parsing for TPM attestation

passwordless-lib · Aug 5, 2022 · b6f7642 · b6f7642
1 parent 0afa4a9
commit b6f7642
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 19 deletions.
diff --git a/.gitignore b/.gitignore
@@ -332,3 +332,4 @@ ASALocalRun/
 /Test/coverage.netcoreapp3.1.cobertura.xml
 
 .DS_Store
+/testEnvironments.json
diff --git a/Src/Fido2/AttestationFormat/Tpm.cs b/Src/Fido2/AttestationFormat/Tpm.cs
@@ -611,6 +611,8 @@ public PubArea(byte[] pubArea)
  Exponent = Convert.ToUInt32(Math.Pow(2, 16) + 1);
  }
  }
+ // TPM2B_PUBLIC_KEY_RSA
+ Unique = AuthDataHelper.GetSizedByteArray(pubArea, ref offset);
  }
 
  // TPMI_ECC_CURVE
@@ -625,10 +627,15 @@ public PubArea(byte[] pubArea)
  {
  CurveID = AuthDataHelper.GetSizedByteArray(pubArea, ref offset, 2);
  KDF = AuthDataHelper.GetSizedByteArray(pubArea, ref offset, 2);
- }
 
- // TPMU_PUBLIC_ID
- Unique = AuthDataHelper.GetSizedByteArray(pubArea, ref offset);
+ // TPMS_ECC_POINT
+ ECPoint = new()
+ {
+ X = AuthDataHelper.GetSizedByteArray(pubArea, ref offset),
+ Y = AuthDataHelper.GetSizedByteArray(pubArea, ref offset),
+ };
+ Unique = DataHelper.Concat(ECPoint.X, ECPoint.Y);
+ }
 
  if (pubArea.Length != offset)
  throw new Fido2VerificationException("Leftover bytes decoding pubArea");
@@ -645,21 +652,8 @@ public PubArea(byte[] pubArea)
  public uint Exponent { get; private set; }
  public byte[]? CurveID { get; private set; }
  public byte[]? KDF { get; private set; }
- public byte[] Unique { get; private set; }
+ public byte[]? Unique { get; private set; }
  public TpmEccCurve EccCurve => (TpmEccCurve)Enum.ToObject(typeof(TpmEccCurve), BinaryPrimitives.ReadUInt16BigEndian(CurveID));
-
- public ECPoint ECPoint
- {
- get
- {
- var point = new ECPoint();
- var uniqueOffset = 0;
- var size = AuthDataHelper.GetSizedByteArray(Unique, ref uniqueOffset, 2);
- point.X = AuthDataHelper.GetSizedByteArray(Unique, ref uniqueOffset, BinaryPrimitives.ReadUInt16BigEndian(size));
- size = AuthDataHelper.GetSizedByteArray(Unique, ref uniqueOffset, 2);
- point.Y = AuthDataHelper.GetSizedByteArray(Unique, ref uniqueOffset, BinaryPrimitives.ReadUInt16BigEndian(size));
- return point;
- }
- }
+ public ECPoint ECPoint { get; private set; }
  }
 }
diff --git a/Test/Attestation/Tpm.cs b/Test/Attestation/Tpm.cs
@@ -5920,7 +5920,6 @@ public void TestPubAreaExtraBytes()
  raw.Write(scheme);
  raw.Write(curveID);
  raw.Write(kdf);
- raw.Write(GetUInt16BigEndianBytes(unique.Length));
  raw.Write(unique);
  }
  else