Skip to content

Commit 3fafe8a

Browse files
iamcarbonabergs
iamcarbon
authored and
abergs
committed
Add and use TpmSanEncoder
1 parent 85747c8 commit 3fafe8a

File tree

3 files changed

+74
-24
lines changed

3 files changed

+74
-24
lines changed

Test/Asn1Tests.cs

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
using System;
22
using System.Formats.Asn1;
33
using System.Linq;
4+
using System.Security.Cryptography;
45
using System.Text;
56

67
using Fido2NetLib;
@@ -11,6 +12,16 @@ namespace Test
1112
{
1213
public class Asn1Tests
1314
{
15+
[Fact]
16+
public void EncodeTpmSan()
17+
{
18+
Assert.Equal("MG2kazBpMRYwFAYFZ4EFAgEMC2lkOkZGRkZGMUQwMTcwNQYFZ4EFAgIMLEZJRE8yLU5FVC1MSUItVGVzdFRQTUFpa0NlcnRTQU5UQ0dDb25mb3JtYW50MRYwFAYFZ4EFAgMMC2lkOkYxRDAwMDAy", Convert.ToBase64String(TpmSanEncoder.Encode(
19+
( new Oid("2.23.133.2.1"), "id:FFFFF1D0" ),
20+
( new Oid("2.23.133.2.2"), "FIDO2-NET-LIB-TestTPMAikCertSANTCGConformant" ),
21+
( new Oid("2.23.133.2.3"), "id:F1D00002")
22+
)));
23+
}
24+
1425
[Fact]
1526
public void DecodeObjectIdentifierAsOctetString()
1627
{

Test/Attestation/Tpm.cs

Lines changed: 10 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -45,15 +45,11 @@ public Tpm()
4545
},
4646
false);
4747

48-
49-
var tpmManufacturer = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.1"), AsnElt.MakeString(AsnElt.UTF8String, "id:FFFFF1D0") });
50-
var tpmModel = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.2"), AsnElt.MakeString(AsnElt.UTF8String, "FIDO2-NET-LIB-TEST-TPM") });
51-
var tpmVersion = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.3"), AsnElt.MakeString(AsnElt.UTF8String, "id:F1D00002") });
52-
var tpmDeviceAttributes = AsnElt.Make(AsnElt.SET, new AsnElt[] { tpmManufacturer, tpmModel, tpmVersion });
53-
var tpmDirectoryName = AsnElt.Make(AsnElt.SEQUENCE, tpmDeviceAttributes);
54-
var tpmGeneralName = AsnElt.MakeExplicit(AsnElt.OCTET_STRING, tpmDirectoryName);
55-
var tpmSAN = AsnElt.Make(AsnElt.SEQUENCE, tpmGeneralName);
56-
var asnEncodedSAN = tpmSAN.Encode();
48+
byte[] asnEncodedSAN = TpmSanEncoder.Encode(
49+
manufacturer : "id:FFFFF1D0",
50+
model : "FIDO2-NET-LIB-TEST-TPM",
51+
version : "id:F1D00002"
52+
);
5753

5854
aikCertSanExt = new X509Extension(
5955
"2.5.29.17",
@@ -382,17 +378,11 @@ public void TestTPMAikCertSANTCGConformant()
382378

383379
attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
384380

385-
var tcpaTpmManufacturer = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.1"), AsnElt.MakeString(AsnElt.UTF8String, "id:FFFFF1D0") });
386-
var tcpaTpmModel = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.2"), AsnElt.MakeString(AsnElt.UTF8String, "FIDO2-NET-LIB-TestTPMAikCertSANTCGConformant") });
387-
var tcpaTpmVersion = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] { AsnElt.MakeOID("2.23.133.2.3"), AsnElt.MakeString(AsnElt.UTF8String, "id:F1D00002") });
388-
var asnEncodedSAN = AsnElt.Make(AsnElt.SEQUENCE, new AsnElt[] {
389-
AsnElt.Make(AsnElt.CONTEXT, AsnElt.OCTET_STRING, AsnElt.Make(
390-
AsnElt.SEQUENCE, new AsnElt[] {
391-
AsnElt.Make(AsnElt.SET, tcpaTpmManufacturer),
392-
AsnElt.Make(AsnElt.SET, tcpaTpmModel),
393-
AsnElt.Make(AsnElt.SET, tcpaTpmVersion)
394-
})
395-
)}).Encode();
381+
byte[] asnEncodedSAN = TpmSanEncoder.Encode(
382+
manufacturer : "id:FFFFF1D0",
383+
model : "FIDO2-NET-LIB-TestTPMAikCertSANTCGConformant",
384+
version : "id:F1D00002"
385+
);
396386

397387
var aikCertSanExt = new X509Extension(
398388
"2.5.29.17",
@@ -662,11 +652,8 @@ public void TestTPMSigNotByteString()
662652
var attRequest = new CertificateRequest(attDN, rsaAtt, HashAlgorithmName.SHA256, padding);
663653

664654
attRequest.CertificateExtensions.Add(notCAExt);
665-
666655
attRequest.CertificateExtensions.Add(idFidoGenCeAaguidExt);
667-
668656
attRequest.CertificateExtensions.Add(aikCertSanExt);
669-
670657
attRequest.CertificateExtensions.Add(tcgKpAIKCertExt);
671658

672659
var serial = new byte[12];
@@ -694,7 +681,6 @@ public void TestTPMSigNotByteString()
694681

695682
_credentialPublicKey = new CredentialPublicKey(cpk);
696683

697-
698684
unique = rsaparams.Modulus;
699685
exponent = rsaparams.Exponent;
700686

Test/Extensions/TpmSanEncoder.cs

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
using System.Formats.Asn1;
2+
using System.Security.Cryptography;
3+
4+
namespace Test
5+
{
6+
internal static class TpmSanEncoder
7+
{
8+
internal static class Oids
9+
{
10+
public static readonly Oid Manufacturer = new ("2.23.133.2.1");
11+
public static readonly Oid Model = new ("2.23.133.2.2");
12+
public static readonly Oid Version = new ("2.23.133.2.3");
13+
}
14+
15+
public static byte[] Encode(string manufacturer, string model, string version)
16+
{
17+
return Encode(
18+
(Oids.Manufacturer, manufacturer),
19+
(Oids.Model, model),
20+
(Oids.Version, version)
21+
);
22+
}
23+
24+
public static byte[] Encode(params (Oid, string)[] items)
25+
{
26+
var writer = new AsnWriter(AsnEncodingRules.BER);
27+
28+
using (writer.PushSequence())
29+
using (writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 4, true)))
30+
{
31+
using (writer.PushSequence())
32+
{
33+
foreach ((Oid oid, string value) in items)
34+
{
35+
WriteSet(writer, oid, value);
36+
}
37+
}
38+
}
39+
40+
return writer.Encode();
41+
}
42+
43+
private static void WriteSet(AsnWriter writer, Oid oid, string text)
44+
{
45+
using (writer.PushSetOf())
46+
using (writer.PushSequence())
47+
{
48+
writer.WriteObjectIdentifier(oid.Value);
49+
writer.WriteCharacterString(UniversalTagNumber.UTF8String, text);
50+
}
51+
}
52+
}
53+
}

0 commit comments

Comments
 (0)