Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add many unit tests for nearly all attestation types #162

Merged
merged 13 commits into from
May 15, 2020
Merged

Add many unit tests for nearly all attestation types #162

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
4cf3fab
Adding some work in progress attestation tests
aseigler Feb 25, 2020
02eb039
More WIP
aseigler Feb 29, 2020
cfaa719
U2F tests nearly complete
aseigler Feb 29, 2020
86cb26f
WIP
aseigler Mar 29, 2020
5e70ca5
EC2 tests for TPM are working
aseigler Apr 9, 2020
bd3b1c6
TPM positive cases working for both EC2 and RSA
aseigler Apr 10, 2020
47cbffe
Added a bunch of packed and TPM tests, added a little bit more error …
aseigler May 9, 2020
19c626e
Remainder of TPM tests (except chain validation).
aseigler May 11, 2020
92b03ff
Add (nearly complete) AndroidKey tests.
aseigler May 13, 2020
028ca0b
Update an Android Key test to StartsWith instead of Equal
aseigler May 13, 2020
1ff9c7b
Fix test data file name capitalization
aseigler May 15, 2020
3407c57
Change tests to use async properly
aseigler May 15, 2020
8fc05e2
Try to prevent test hangs
aseigler May 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added a bunch of packed and TPM tests, added a little bit more error … 
…handling.
  • Loading branch information
@aseigler
aseigler committed May 9, 2020
commit 47cbffe91368a833d048fa0c56a9b828464f509b
11 changes: 6 additions & 5 deletions Src/Fido2/AttestationFormat/Packed.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,11 @@ public static bool IsValidPackedAttnCertSubject(string attnCertSubj)
var dictSubject = attnCertSubj.Split(new string[] { ", " }, StringSplitOptions.None)
.Select(part => part.Split('='))
.ToDictionary(split => split[0], split => split[1]);
return (0 != dictSubject["C"].Length ||
0 != dictSubject["O"].Length ||
0 != dictSubject["OU"].Length ||
0 != dictSubject["CN"].Length ||

return (0 != dictSubject["C"].Length &&
0 != dictSubject["O"].Length &&
0 != dictSubject["OU"].Length &&
0 != dictSubject["CN"].Length &&
"Authenticator Attestation" == dictSubject["OU"].ToString());
}

Expand Down Expand Up @@ -106,7 +107,7 @@ public override void Verify()
if (aaguid != null)
{
if (0 != AttestedCredentialData.FromBigEndian(aaguid).CompareTo(AuthData.AttestedCredentialData.AaGuid))
throw new Fido2VerificationException("aaguid present in packed attestation but does not match aaguid from authData");
throw new Fido2VerificationException("aaguid present in packed attestation cert exts but does not match aaguid from authData");
}
// 2d. The Basic Constraints extension MUST have the CA component set to false
if (IsAttnCertCACert(attestnCert.Extensions))
Expand Down
17 changes: 13 additions & 4 deletions Src/Fido2/AttestationFormat/Tpm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,7 +590,7 @@ public override void Verify()
var aaguid = AaguidFromAttnCertExts(aikCert.Extensions);
if ((null != aaguid) &&
(!aaguid.SequenceEqual(Guid.Empty.ToByteArray())) &&
(0 != new Guid(aaguid).CompareTo(AuthData.AttestedCredentialData.AaGuid)))
(0 != AttestedCredentialData.FromBigEndian(aaguid).CompareTo(AuthData.AttestedCredentialData.AaGuid)))
throw new Fido2VerificationException(string.Format("aaguid malformed, expected {0}, got {1}", AuthData.AttestedCredentialData.AaGuid, new Guid(aaguid)));
}
// If ecdaaKeyId is present, then the attestation type is ECDAA
Expand Down Expand Up @@ -738,9 +738,18 @@ public static (ushort size, byte[] name) NameFromTPM2BName(Memory<byte> ab, ref
{
name = AuthDataHelper.GetSizedByteArray(ab, ref offset, tpmAlgToDigestSizeMap[tpmalg]);
}
else
{
throw new Fido2VerificationException("TPM_ALG_ID found in TPM2B_NAME not acceptable hash algorithm");
}
}
else
{
throw new Fido2VerificationException("Invalid TPM_ALG_ID found in TPM2B_NAME");
}

if (totalSize != bytes.Length + name.Length)
throw new Fido2VerificationException("Unexpected no name found in TPM2B_NAME");
throw new Fido2VerificationException("Unexpected extra bytes found in TPM2B_NAME");
return (size, name);
}

Expand All @@ -752,10 +761,10 @@ public CertInfo(byte[] certInfo)
var offset = 0;
Magic = AuthDataHelper.GetSizedByteArray(certInfo, ref offset, 4);
if (0xff544347 != BitConverter.ToUInt32(Magic.ToArray().Reverse().ToArray(), 0))
throw new Fido2VerificationException("Bad magic number " + Magic.ToString());
throw new Fido2VerificationException("Bad magic number " + BitConverter.ToString(Magic).Replace("-",""));
Type = AuthDataHelper.GetSizedByteArray(certInfo, ref offset, 2);
if (0x8017 != BitConverter.ToUInt16(Type.ToArray().Reverse().ToArray(), 0))
throw new Fido2VerificationException("Bad structure tag " + Type.ToString());
throw new Fido2VerificationException("Bad structure tag " + BitConverter.ToString(Type).Replace("-", ""));
QualifiedSigner = AuthDataHelper.GetSizedByteArray(certInfo, ref offset);
ExtraData = AuthDataHelper.GetSizedByteArray(certInfo, ref offset);
if (null == ExtraData || 0 == ExtraData.Length)
Expand Down
3 changes: 1 addition & 2 deletions Test/Attestation/FidoU2f.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@ public FidoU2f()
{
var attRequest = new CertificateRequest("CN=U2FTesting, OU=Authenticator Attestation, O=FIDO2-NET-LIB, C=US", ecdsaAtt, HashAlgorithmName.SHA256);

attRequest.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, false));
attRequest.CertificateExtensions.Add(notCAExt);

using (attestnCert = attRequest.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(2)))
{
Expand Down
1 change: 1 addition & 0 deletions Test/Attestation/None.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ public void TestNone()
public void TestNoneWithAttStmt()
{
_attestationObject.Add("attStmt", CBORObject.NewMap().Add("foo", "bar"));
_credentialPublicKey = Fido2Tests.MakeCredentialPublicKey(Fido2Tests._validCOSEParameters[0]);
var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse(_attestationObject, COSE.KeyType.EC2, COSE.Algorithm.ES256, COSE.EllipticCurve.P256));
Assert.Equal("Attestation format none should have no attestation statement", ex.Result.Message);
}
Expand Down
Loading