Add tests (#269)

Author: aseigler

Test/Attestation/AndroidKey.cs

@@ -1,6 +1,5 @@
 using System;
 using System.Formats.Asn1;
-using System.Linq;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -88,6 +87,14 @@ public void TestAndroidKeySigNull()
             Assert.Equal("Invalid android-key attestation signature", ex.Result.Message);
         }
 
+        [Fact]
+        public void TestAndroidKeyAttStmtEmpty()
+        {
+            _attestationObject.Set("attStmt", new CborMap { });
+            var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
+            Assert.Equal("Attestation format android-key must have attestation statement", ex.Result.Message);
+        }
+
         [Fact]
         public void TestAndroidKeySigNotByteString()
         {

Test/Attestation/AndroidSafetyNet.cs

@@ -327,6 +327,22 @@ public void TestAndroidSafetyNetResponseJWTX5cNoKeys()
             Assert.Equal("No keys were present in the TOC header in SafetyNet response JWT", ex.Result.Message);
         }
 
+        [Fact]
+        public void TestAndroidSafetyNetResponseJWTX5cInvalidString()
+        {
+            var response = (byte[])_attestationObject["attStmt"]["response"];
+            var jwtParts = Encoding.UTF8.GetString(response).Split('.');
+            var jwtHeaderJSON = JObject.Parse(Encoding.UTF8.GetString(Base64Url.Decode(jwtParts.First())));
+            jwtHeaderJSON.Remove("x5c");
+            jwtHeaderJSON.Add("x5c", JToken.FromObject(new List<string> { "RjFEMA=="}));
+            jwtParts[0] = Base64Url.Encode(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(jwtHeaderJSON)));
+            response = Encoding.UTF8.GetBytes(string.Join(".", jwtParts));
+            var attStmt = (CborMap)_attestationObject["attStmt"];
+            attStmt.Set("response", new CborByteString(response));
+            var ex = Assert.ThrowsAsync<System.ArgumentException>(() => MakeAttestationResponse());
+            Assert.Equal("Could not parse X509 certificate.", ex.Result.Message);
+        }
+
         [Fact]
         public void TestAndroidSafetyNetJwtInvalid()
         {

Test/Attestation/Apple.cs

@@ -81,6 +81,7 @@ public Apple()
                 }
             }
         }
+
         [Fact]
         public void TestAppleMissingX5c()
         {
@@ -89,6 +90,7 @@ public void TestAppleMissingX5c()
             var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
             Assert.Equal("Malformed x5c in Apple attestation", ex.Result.Message);
         }
+
         [Fact]
         public void TestAppleX5cNotArray()
         {
@@ -97,6 +99,7 @@ public void TestAppleX5cNotArray()
             var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
             Assert.Equal("Malformed x5c in Apple attestation", ex.Result.Message);
         }
+
         [Fact]
         public void TestAppleX5cCountNotOne()
         {
@@ -106,6 +109,7 @@ public void TestAppleX5cCountNotOne()
             var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
             Assert.Equal("Malformed x5c in Apple attestation", ex.Result.Message);
         }
+
         [Fact]
         public void TestAppleX5cValueNotByteString()
         {
@@ -114,6 +118,7 @@ public void TestAppleX5cValueNotByteString()
             var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
             Assert.Equal("Malformed x5c in Apple attestation", ex.Result.Message);
         }
+
         [Fact]
         public void TestAppleX5cValueZeroLengthByteString()
         {
@@ -123,6 +128,50 @@ public void TestAppleX5cValueZeroLengthByteString()
             Assert.Equal("Malformed x5c in Apple attestation", ex.Result.Message);
         }
 
+        [Fact]
+        public void TestAppleCertMissingExtension()
+        {
+            var invalidX5cStrings = validX5cStrings;
+            var invalidCert = Convert.FromBase64String(invalidX5cStrings[0]);
+            invalidCert[424] = 0x42;
+            invalidX5cStrings[0] = Convert.ToBase64String(invalidCert);
+
+            var trustPath = invalidX5cStrings
+                .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
+                .ToArray();
+
+            var x5c = new CborArray {
+                trustPath[0].RawData,
+                trustPath[1].RawData
+            };
+            var attStmt = (CborMap)_attestationObject["attStmt"];
+            attStmt.Set("x5c", x5c);
+            var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
+            Assert.Equal("Extension with OID 1.2.840.113635.100.8.2 not found on Apple attestation credCert", ex.Result.Message);
+        }
+
+        [Fact]
+        public void TestAppleCertCorruptExtension()
+        {
+            var invalidX5cStrings = validX5cStrings;
+            var invalidCert = Convert.FromBase64String(invalidX5cStrings[0]);
+            invalidCert[429] = 0x03;
+            invalidX5cStrings[0] = Convert.ToBase64String(invalidCert);
+
+            var trustPath = invalidX5cStrings
+                .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
+                .ToArray();
+
+            var x5c = new CborArray {
+                trustPath[0].RawData,
+                trustPath[1].RawData
+            };
+            var attStmt = (CborMap)_attestationObject["attStmt"];
+            attStmt.Set("x5c", x5c);
+            var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
+            Assert.Equal("Apple attestation extension has invalid data", ex.Result.Message);
+        }
+
         [Fact]
         public void TestAppleInvalidNonce()
         {
@@ -145,27 +194,38 @@ public void TestApplePublicKeyMismatch()
         {
             var cpkBytes = new byte[] { 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x79, 0xfe, 0x59, 0x08, 0xbb, 0x51, 0x29, 0xc8, 0x09, 0x38, 0xb7, 0x54, 0xc0, 0x4d, 0x2b, 0x34, 0x0e, 0xfa, 0x66, 0x15, 0xb9, 0x87, 0x69, 0x8b, 0xf5, 0x9d, 0xa4, 0xe5, 0x3e, 0xa3, 0xe6, 0xfe, 0x22, 0x58, 0x20, 0xfb, 0x03, 0xda, 0xa1, 0x27, 0x0d, 0x58, 0x04, 0xe8, 0xab, 0x61, 0xc1, 0x5a, 0xac, 0xa2, 0x43, 0x5c, 0x7d, 0xbf, 0x36, 0x9d, 0x71, 0xca, 0x15, 0xc5, 0x23, 0xb0, 0x00, 0x4a, 0x1b, 0x75, 0xb7 };
             _credentialPublicKey = new CredentialPublicKey(cpkBytes);
-            var trustPath = validX5cStrings
-                .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
-                .ToArray();
-
-            var X5c = new CborArray {
-                { trustPath[0].RawData },
-                { trustPath[1].RawData }
-            };
-
-            ((CborMap)_attestationObject["attStmt"]).Set("x5c", X5c);
 
             var authData = new AuthenticatorData(_rpIdHash, _flags, _signCount, _acd, _exts).ToByteArray();
             _attestationObject.Set("authData", new CborByteString(authData));
             var clientData = new
             {
                 type = "webauthn.create",
                 challenge = _challenge,
-                origin = "6cc3c9e7967a.ngrok.io",
+                origin = "https://www.passwordless.dev",
             };
             var clientDataJson = JsonSerializer.SerializeToUtf8Bytes(clientData);
 
+            var data = DataHelper.Concat(authData, SHA256.HashData(clientDataJson));
+            Span<byte> dataHash = stackalloc byte[32];
+            SHA256.HashData(data, dataHash);
+
+            var invalidX5cStrings = validX5cStrings;
+            var invalidCert = Convert.FromBase64String(invalidX5cStrings[0]);
+            Buffer.BlockCopy(dataHash.ToArray(), 0, invalidCert, 433, 32);
+            invalidCert[485] = 0xdb;
+            invalidX5cStrings[0] = Convert.ToBase64String(invalidCert);
+
+            var trustPath = invalidX5cStrings
+                .Select(x => new X509Certificate2(Convert.FromBase64String(x)))
+                .ToArray();
+
+            var X5c = new CborArray {
+                { trustPath[0].RawData },
+                { trustPath[1].RawData }
+            };
+
+            ((CborMap)_attestationObject["attStmt"]).Set("x5c", X5c);
+
             var attestationResponse = new AuthenticatorAttestationRawResponse
             {
                 Type = PublicKeyCredentialType.PublicKey,
@@ -193,7 +253,7 @@ public void TestApplePublicKeyMismatch()
                 {
                     new PubKeyCredParam(COSE.Algorithm.ES256)
                 },
-                Rp = new PublicKeyCredentialRpEntity("6cc3c9e7967a.ngrok.io", "6cc3c9e7967a.ngrok.io", ""),
+                Rp = new PublicKeyCredentialRpEntity("https://www.passwordless.dev", "6cc3c9e7967a.ngrok.io", ""),
                 Status = "ok",
                 User = new Fido2User
                 {
@@ -213,7 +273,7 @@ public void TestApplePublicKeyMismatch()
             {
                 ServerDomain = "6cc3c9e7967a.ngrok.io",
                 ServerName = "6cc3c9e7967a.ngrok.io",
-                Origins = new HashSet<string> { "https://6cc3c9e7967a.ngrok.io" },
+                Origin = "https://www.passwordless.dev",
             });
 
             var credentialMakeResult = lib.MakeNewCredentialAsync(attestationResponse, origChallenge, callback);

Test/Attestation/Packed.cs

@@ -87,6 +87,30 @@ public void TestMissingAlg()
             Assert.Equal("Invalid packed attestation algorithm", ex.Result.Message);
         }
 
+        [Fact]
+        public void TestEcdaaKeyIdPresent()
+        {
+            var (type, alg, crv) = Fido2Tests._validCOSEParameters[0];
+            var signature = SignData(type, alg, crv);
+            _attestationObject.Add("attStmt", new CborMap {
+                { "alg", alg },
+                { "sig", signature },
+                { "ecdaaKeyId", signature }
+            });
+            var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
+            Assert.Equal("ECDAA is not yet implemented", ex.Result.Message);
+        }
+
+        [Fact]
+        public void TestEmptyAttStmt()
+        {
+            var (type, alg, crv) = Fido2Tests._validCOSEParameters[0];
+            var signature = SignData(type, alg, crv);
+            _attestationObject.Add("attStmt", new CborMap { });
+            var ex = Assert.ThrowsAsync<Fido2VerificationException>(() => MakeAttestationResponse());
+            Assert.Equal("Attestation format packed must have attestation statement", ex.Result.Message);
+        }
+
         [Fact]
         public void TestAlgNaN()
         {

Test/Attestation/Tpm.cs

@@ -6021,7 +6021,88 @@ public void TestTPMECDAANotSupported()
                 }
             }
         }
-        
+
+        [Fact]
+        public void TestCertInfoNull()
+        {
+            var ex = Assert.Throws<Fido2VerificationException>(() => new CertInfo(null));
+            Assert.Equal("Malformed certInfo bytes", ex.Message);
+        }
+
+        [Fact]
+        public void TestCertInfoExtraBytes()
+        {
+            byte[] certInfo = Convert.FromHexString("ff5443478017000100002097d2ca06ce7dd7fdc56297462cd15f44ba594b0f472557a500659ccea1fcd0a6000000000000000000000000000000000000000000000000000022000b4fb39646c7a88c2322fa048ebaa748ad0c9025c6eca9e53211ffcdd2ee3ea20e000042");
+            var ex = Assert.Throws<Fido2VerificationException>(() => new CertInfo(certInfo));
+            Assert.Equal("Leftover bits decoding certInfo", ex.Message);
+        }
+
+        [Fact]
+        public void TestPubAreaAltKeyedHash()
+        {
+            using (var rsaAtt = RSA.Create())
+            {
+                var rsaparams = rsaAtt.ExportParameters(true);
+
+                unique = rsaparams.Modulus;
+                exponent = rsaparams.Exponent;
+
+                var pubArea = CreatePubArea(
+                TpmAlg.TPM_ALG_KEYEDHASH, // Type
+                tpmAlg, // Alg
+                new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
+                new byte[] { 0x00 }, // Policy
+                new byte[] { 0x00, 0x10 }, // Symmetric
+                new byte[] { 0x00, 0x10 }, // Scheme
+                new byte[] { 0x80, 0x00 }, // KeyBits
+                exponent, // Exponent
+                curveId, // CurveID
+                kdf, // KDF
+                unique // Unique
+                );
+
+                var ex = Assert.Throws<Fido2VerificationException>(() => new PubArea(pubArea));
+                Assert.Equal("TPM_ALG_KEYEDHASH not yet supported", ex.Message);
+            }
+        }
+
+        [Fact]
+        public void TestPubAreaAltSymCipher()
+        {
+            using (var rsaAtt = RSA.Create())
+            {
+                var rsaparams = rsaAtt.ExportParameters(true);
+
+                unique = rsaparams.Modulus;
+                exponent = rsaparams.Exponent;
+
+                var pubArea = CreatePubArea(
+                TpmAlg.TPM_ALG_SYMCIPHER, // Type
+                tpmAlg, // Alg
+                new byte[] { 0x00, 0x00, 0x00, 0x00 }, // Attributes
+                new byte[] { 0x00 }, // Policy
+                new byte[] { 0x00, 0x10 }, // Symmetric
+                new byte[] { 0x00, 0x10 }, // Scheme
+                new byte[] { 0x80, 0x00 }, // KeyBits
+                exponent, // Exponent
+                curveId, // CurveID
+                kdf, // KDF
+                unique // Unique
+                );
+
+                var ex = Assert.Throws<Fido2VerificationException>(() => new PubArea(pubArea));
+                Assert.Equal("TPM_ALG_SYMCIPHER not yet supported", ex.Message);
+            }
+        }
+
+        [Fact]
+        public void TestPubAreaExtraBytes()
+        {
+            var pubArea = Convert.FromHexString("0001000000000000000100001000108000010001000100b181b7dac685f3df1b0a24042b6e03f55a1483499701e5d6906dc5d4bdcce496e76268ec77eeef950e4638e53c61af0230cbcaa2ea6c5d1ed640f72854765e7fbab7206242ca8ced985b4fa19be29f69abd6f73248ee0fe9c8ee427799a1b745e32211099a8a087fb636da59fb3b5e34c0d610b6342c6086c06dad0bb71439c257b99c09593ff4ab8a4046e634920f04e2297b9aa9c6ae759035af5840e497112c3949077ec7879c2108d751e9220eff6cd974db209c91489d337208775018a1a402301137f724f21ec5a239f708fd4514582bae96047c0544c7da48cb1c876cf37c1dcc6509fa22976e176a68d6f2afe67efe18e9fe8a4d891cd167eba2da0542");
+            var ex = Assert.Throws<Fido2VerificationException>(() => new PubArea(pubArea));
+            Assert.Equal("Leftover bytes decoding pubArea", ex.Message);
+        }
+
         internal static byte[] CreatePubArea(
             TpmAlg type, 
             ReadOnlySpan<byte> alg, 
@@ -6037,7 +6118,7 @@ internal static byte[] CreatePubArea(
         {
             var raw = new MemoryStream();
 
-            if (type is TpmAlg.TPM_ALG_RSA)
+            if (type is TpmAlg.TPM_ALG_ECC)
             {
                 raw.Write(type.ToUInt16BigEndianBytes());
                 raw.Write(alg);
@@ -6046,12 +6127,12 @@ internal static byte[] CreatePubArea(
                 raw.Write(policy);
                 raw.Write(symmetric);
                 raw.Write(scheme);
-                raw.Write(keyBits);
-                raw.Write(BitConverter.GetBytes(exponent[0] + (exponent[1] << 8) + (exponent[2] << 16)));
+                raw.Write(curveID);
+                raw.Write(kdf);
                 raw.Write(GetUInt16BigEndianBytes(unique.Length));
-                raw.Write(unique); ;
+                raw.Write(unique);
             }
-            else if (type is TpmAlg.TPM_ALG_ECC)
+            else
             {
                 raw.Write(type.ToUInt16BigEndianBytes());
                 raw.Write(alg);
@@ -6060,8 +6141,8 @@ internal static byte[] CreatePubArea(
                 raw.Write(policy);
                 raw.Write(symmetric);
                 raw.Write(scheme);
-                raw.Write(curveID);
-                raw.Write(kdf);
+                raw.Write(keyBits);
+                raw.Write(BitConverter.GetBytes(exponent[0] + (exponent[1] << 8) + (exponent[2] << 16)));
                 raw.Write(GetUInt16BigEndianBytes(unique.Length));
                 raw.Write(unique);
             }

Test/AuthenticatorDataTests.cs

@@ -0,0 +1,34 @@
+using System;
+using Fido2NetLib;
+using Fido2NetLib.Objects;
+using Xunit;
+
+namespace Test
+{
+    public class AuthenticatorDataTests
+    {
+        [Fact]
+        public void AuthenticatorDataNull()
+        {
+            byte[] ad = null;
+            var ex = Assert.Throws<Fido2VerificationException>(() => new AuthenticatorData(ad));
+            Assert.Equal("Authenticator data cannot be null", ex.Message);
+        }
+
+        [Fact]
+        public void AuthenticatorDataMinLen()
+        {
+            byte[] ad = new byte[36];
+            var ex = Assert.Throws<Fido2VerificationException>(() => new AuthenticatorData(ad));
+            Assert.Equal("Authenticator data is less than the minimum structure length of 37", ex.Message);
+        }
+
+        [Fact]
+        public void AuthenticatorDataExtraBytes()
+        {
+            byte[] ad = Convert.FromHexString("49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97634100000000000000000000000000000000000000000040ee726cb6daf874b4ac9ab5a76870777aca49d2e6bdaec276c2cfbddc115c34e3fae20fecff8c0b143be496b358720d0108de9d7548c92f10df0d206b78a40b03a501020326200121582050e028e71aac2683df256b14e7487b7364bbfe594fd0ac0623abc99048f5378f225820364cc49e05f849f381f23104208c9bc1880e899c7034721c52966b99793f578242");
+            var ex = Assert.Throws<Fido2VerificationException>(() => new AuthenticatorData(ad));
+            Assert.Equal("Leftover bytes decoding AuthenticatorData", ex.Message);
+        }
+    }
+}