Finish removing cng for cross platform to work. Also add MDSCacheDirP…

…ath that got missed in #132. Passes 172/172 conformance tests on tools build 1.2.1.
passwordless-lib · Oct 31, 2019 · f397ece · f397ece · aseigler · Oct 31, 2019
1 parent 24fabf1
commit f397ece
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 34 deletions.
diff --git a/Demo/Startup.cs b/Demo/Startup.cs
@@ -47,6 +47,7 @@ public void ConfigureServices(IServiceCollection services)
  options.Origin = Configuration["fido2:origin"];
  options.TimestampDriftTolerance = Configuration.GetValue<int>("fido2:timestampDriftTolerance");
  options.MDSAccessKey = Configuration["fido2:MDSAccessKey"];
+ options.MDSCacheDirPath = Configuration["fido2:MDSCacheDirPath"];
  })
  .AddCachedMetadataService(config =>
  {

diff --git a/Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs b/Src/Fido2/Metadata/Fido2MetadataServiceRepository.cs
@@ -111,7 +111,7 @@ protected async Task<MetadataTOCPayload> DeserializeAndValidateToc(string toc)
  var keys = (jwtToken.Header["x5c"] as JArray)
  .Values<string>()
  .Select(x => new ECDsaSecurityKey(
- (ECDsaCng)(new X509Certificate2(Convert.FromBase64String(x)).GetECDsaPublicKey())))
+ (ECDsa)(new X509Certificate2(Convert.FromBase64String(x)).GetECDsaPublicKey())))
  .ToArray();
 
  var root = new X509Certificate2(Convert.FromBase64String(ROOT_CERT));

diff --git a/Test/ExistingU2fRegistrationDataTests.cs b/Test/ExistingU2fRegistrationDataTests.cs
@@ -69,35 +69,28 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
 
  public static CBORObject CreatePublicKeyFromU2fRegistrationData(byte[] keyHandleData, byte[] publicKeyData)
  {
- using (var publicKey = new ECDsaCng(ConvertPublicKey(publicKeyData)))
+ var x = new byte[32];
+ var y = new byte[32];
+ Buffer.BlockCopy(publicKeyData, 1, x, 0, 32);
+ Buffer.BlockCopy(publicKeyData, 33, y, 0, 32);
+
+ var point = new ECPoint
  {
- var coseKey = CBORObject.NewMap();
+ X = x,
+ Y = y,
+ };
 
- coseKey.Add(COSE.KeyCommonParameter.KeyType, COSE.KeyType.EC2);
- coseKey.Add(COSE.KeyCommonParameter.Alg, -7);
+ var coseKey = CBORObject.NewMap();
 
- var keyParams = publicKey.ExportParameters(false);
+ coseKey.Add(COSE.KeyCommonParameter.KeyType, COSE.KeyType.EC2);
+ coseKey.Add(COSE.KeyCommonParameter.Alg, -7);
 
- if (keyParams.Curve.Oid.FriendlyName.Equals(ECCurve.NamedCurves.nistP256.Oid.FriendlyName))
- coseKey.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256);
+ coseKey.Add(COSE.KeyTypeParameter.Crv, COSE.EllipticCurve.P256);
 
-  coseKey.Add(COSE.KeyTypeParameter.X, keyParams.Q.X);
-  coseKey.Add(COSE.KeyTypeParameter.Y, keyParams.Q.Y);
+ coseKey.Add(COSE.KeyTypeParameter.X, point.X);
+ coseKey.Add(COSE.KeyTypeParameter.Y, point.Y);
 
- return coseKey;
- }
- }
-
- public static CngKey ConvertPublicKey(byte[] rawData)
- {
- if (rawData == null || rawData.Length != 65)
- throw new Exception();
- var header = new byte[] { 0x45, 0x43, 0x53, 0x31, 0x20, 0x00, 0x00, 0x00 };
- var eccPublicKeyBlob = new byte[72];
- Array.Copy(header, 0, eccPublicKeyBlob, 0, 8);
- Array.Copy(rawData, 1, eccPublicKeyBlob, 8, 64);
- CngKey key = CngKey.Import(eccPublicKeyBlob, CngKeyBlobFormat.EccPublicBlob);
- return key;
+ return coseKey;
  }
  }
 }
diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs
@@ -141,11 +141,7 @@ public async Task TestFido2AssertionAsync()
  var aresponse = Get<AuthenticatorAssertionRawResponse>("./assertionNoneResponse.json");
 
  // signed assertion?
- //var cng = CngKey.Import(StringToByteArray(key2), CngKeyBlobFormat.EccPublicBlob);
- //var existingPublicKey = new ECDsaCng(cng);
  //fido2.MakeAssertion(aresponse, aoptions, response.);
-
-
  }
 
  [Fact]
@@ -297,7 +293,7 @@ public void TestAttestedCredentialDataRSA()
  {
  var aaguid = new Guid("F1D0F1D0-F1D0-F1D0-F1D0-F1D0F1D0F1D0");
  var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
- var rsa = new RSACng();
+ var rsa = RSA.Create();
  var rsaparams = rsa.ExportParameters(true);
  var cpk = MakeCredentialPublicKey(COSE.KeyType.RSA, COSE.Algorithm.RS256, rsaparams.Modulus, rsaparams.Exponent);
 
@@ -430,8 +426,8 @@ internal async void MakeAssertionResponse(COSE.KeyType kty, COSE.Algorithm alg,
  var credentialID = new byte[] { 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, 0xf1, 0xd0, };
 
  CredentialPublicKey cpk = null;
- ECDsaCng ecdsa = null;
- RSACng rsa = null;
+ ECDsa ecdsa = null;
+ RSA rsa = null;
  byte[] expandedPrivateKey = null;
  switch (kty)
  {
@@ -444,7 +440,7 @@ internal async void MakeAssertionResponse(COSE.KeyType kty, COSE.Algorithm alg,
  }
  case COSE.KeyType.RSA:
  {
- rsa = new RSACng();
+ rsa = RSA.Create();
  var rsaparams = rsa.ExportParameters(true);
  cpk = MakeCredentialPublicKey(kty, alg, rsaparams.Modulus, rsaparams.Exponent);
  break;
@@ -582,7 +578,7 @@ internal void MakeEdDSA(out byte[] privateKeySeed, out byte[] publicKey, out byt
  }
  }
 
- internal ECDsaCng MakeECDsa(COSE.Algorithm alg, COSE.EllipticCurve crv)
+ internal ECDsa MakeECDsa(COSE.Algorithm alg, COSE.EllipticCurve crv)
  {
  ECCurve curve;
  switch (alg)
@@ -621,7 +617,7 @@ internal ECDsaCng MakeECDsa(COSE.Algorithm alg, COSE.EllipticCurve crv)
  default:
  throw new ArgumentOutOfRangeException(nameof(alg), $"Missing or unknown alg {alg}");
  }
- return new ECDsaCng(curve);
+ return ECDsa.Create(curve);
  }
 
  internal CredentialPublicKey MakeCredentialPublicKey(COSE.KeyType kty, COSE.Algorithm alg, COSE.EllipticCurve crv, byte[] x, byte[] y)