From 3015729d11a48e6144f7be4760658e841947c449 Mon Sep 17 00:00:00 2001 From: JohnnyJayJay Date: Thu, 6 Oct 2022 18:04:32 +0200 Subject: [PATCH 1/3] Add RS384 and RS512 to algorithm ID enum --- .../java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java index 1ba31d5ca..b55b8fcb8 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java @@ -43,6 +43,8 @@ public enum COSEAlgorithmIdentifier { EdDSA(-8), ES256(-7), RS256(-257), + RS384(-258), + RS512(-259), RS1(-65535); @JsonValue @Getter private final long id; From 6fa3f779ddad1fbbce6ec338dd7a36f71b5354c5 Mon Sep 17 00:00:00 2001 From: JohnnyJayJay Date: Thu, 6 Oct 2022 18:15:09 +0200 Subject: [PATCH 2/3] Add Java algorithm name mappings for RS384 and RS512 --- .../src/main/java/com/yubico/webauthn/WebAuthnCodecs.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java index 34d961bae..9926ee455 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java @@ -154,6 +154,10 @@ static String getJavaAlgorithmName(COSEAlgorithmIdentifier alg) { return "SHA256withECDSA"; case RS256: return "SHA256withRSA"; + case RS384: + return "SHA384withRSA"; + case RS512: + return "SHA512withRSA"; case RS1: return "SHA1withRSA"; default: From 4f706212b0a52e25b077da69342b1f6317327007 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Thu, 26 Jan 2023 16:57:18 +0100 Subject: [PATCH 3/3] Add support for RS384 and RS512 --- NEWS | 8 +- .../com/yubico/webauthn/RelyingParty.java | 8 +- .../TpmAttestationStatementVerifier.java | 2 + .../PublicKeyCredentialCreationOptions.java | 10 ++ .../data/PublicKeyCredentialParameters.java | 14 ++ .../webauthn/RegistrationTestData.scala | 128 ++++++++++++++++++ .../RelyingPartyRegistrationSpec.scala | 18 +++ .../yubico/webauthn/TestAuthenticator.scala | 11 +- .../yubico/webauthn/WebAuthnTestCodecs.scala | 3 +- 9 files changed, 197 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index a31e14f9c..e68e820a2 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,13 @@ -== Version 2.3.1 (unreleased) == +== Version 2.4.0 (unreleased) == `webauthn-server-core`: +New features: + +* Added support for RS384 and RS512 signature algorithms. + ** Thanks to GitHub user JohnnyJayJay for the contribution, see + https://github.com/Yubico/java-webauthn-server/pull/235 + Fixes: * During `RelyingParty.finishRegistration()` if an `attestationTrustSource` is diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java index b2378f523..d1472092c 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java @@ -218,6 +218,8 @@ public class RelyingParty { *
  • {@link com.yubico.webauthn.data.PublicKeyCredentialParameters#ES256 ES384} *
  • {@link com.yubico.webauthn.data.PublicKeyCredentialParameters#ES256 ES512} *
  • {@link com.yubico.webauthn.data.PublicKeyCredentialParameters#RS256 RS256} + *
  • {@link com.yubico.webauthn.data.PublicKeyCredentialParameters#RS384 RS384} + *
  • {@link com.yubico.webauthn.data.PublicKeyCredentialParameters#RS512 RS512} * * * @see PublicKeyCredentialCreationOptions#getAttestation() @@ -232,7 +234,9 @@ public class RelyingParty { PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.ES512, - PublicKeyCredentialParameters.RS256)); + PublicKeyCredentialParameters.RS256, + PublicKeyCredentialParameters.RS384, + PublicKeyCredentialParameters.RS512)); /** * If true, the origin matching rule is relaxed to allow any port number. @@ -427,6 +431,8 @@ private static List filterAvailableAlgorithms( break; case RS256: + case RS384: + case RS512: case RS1: KeyFactory.getInstance("RSA"); break; diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java index b49d05bc1..ee051e770 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java @@ -217,10 +217,12 @@ private void validateCertInfo( break; case ES384: + case RS384: expectedExtraData = Crypto.sha384(attToBeSigned); break; case ES512: + case RS512: expectedExtraData = Crypto.sha512(attToBeSigned); break; diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java index c1ac9517a..a5f252c31 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java @@ -382,6 +382,8 @@ private static List filterAvailableAlgorithms( break; case RS256: + case RS384: + case RS512: case RS1: KeyFactory.getInstance("RSA"); break; @@ -419,6 +421,14 @@ private static List filterAvailableAlgorithms( Signature.getInstance("SHA256withRSA"); break; + case RS384: + Signature.getInstance("SHA384withRSA"); + break; + + case RS512: + Signature.getInstance("SHA512withRSA"); + break; + case RS1: Signature.getInstance("SHA1withRSA"); break; diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java index e2e59d7b4..4848bcd45 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java @@ -100,6 +100,20 @@ private PublicKeyCredentialParameters( public static final PublicKeyCredentialParameters RS256 = builder().alg(COSEAlgorithmIdentifier.RS256).build(); + /** + * Algorithm {@link COSEAlgorithmIdentifier#RS384} and type {@link + * PublicKeyCredentialType#PUBLIC_KEY}. + */ + public static final PublicKeyCredentialParameters RS384 = + builder().alg(COSEAlgorithmIdentifier.RS384).build(); + + /** + * Algorithm {@link COSEAlgorithmIdentifier#RS512} and type {@link + * PublicKeyCredentialType#PUBLIC_KEY}. + */ + public static final PublicKeyCredentialParameters RS512 = + builder().alg(COSEAlgorithmIdentifier.RS512).build(); + public static PublicKeyCredentialParametersBuilder.MandatoryStages builder() { return new PublicKeyCredentialParametersBuilder.MandatoryStages(); } diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala index efe60fba3..484399d24 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala @@ -140,6 +140,8 @@ object RegistrationTestDataGenerator extends App { td.Packed.BasicAttestation, td.Packed.BasicAttestationEdDsa, td.Packed.BasicAttestationRsa, + td.Packed.BasicAttestationRs384, + td.Packed.BasicAttestationRs512, td.Packed.BasicAttestationRs1, td.Packed.BasicAttestationWithoutAaguidExtension, td.Packed.BasicAttestationWithWrongAaguidExtension, @@ -150,6 +152,8 @@ object RegistrationTestDataGenerator extends App { td.Tpm.ValidEs384, td.Tpm.ValidEs512, td.Tpm.ValidRs256, + td.Tpm.ValidRs384, + td.Tpm.ValidRs512, td.Tpm.ValidRs1, ).zipWithIndex } { @@ -178,6 +182,8 @@ object RegistrationTestData { Packed.BasicAttestation, Packed.BasicAttestationEdDsa, Packed.BasicAttestationRsa, + Packed.BasicAttestationRs384, + Packed.BasicAttestationRs512, Packed.BasicAttestationRsaReal, Packed.SelfAttestation, Tpm.ValidEs256, @@ -185,6 +191,8 @@ object RegistrationTestData { Tpm.ValidEs384, Tpm.ValidEs512, Tpm.ValidRs256, + Tpm.ValidRs384, + Tpm.ValidRs512, RealExamples.WindowsHelloTpm.asRegistrationTestData, RealExamples.ThinkpadTpm.asRegistrationTestData, ) @@ -449,6 +457,56 @@ object RegistrationTestData { ) } + val BasicAttestationRs384: RegistrationTestData = new RegistrationTestData( + alg = COSEAlgorithmIdentifier.RS384, + attestationObject = + ByteArray.fromHex("bf68617574684461746159016849960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97634100000539000102030405060708090a0b0c0d0e0f0020c088fcbe4ba7f49b972e6cb5fc5819ede68bb6e6267b4a1832af45facff40517a40103033901012059010100c5e44335f0b4b5450eeec98576cd39d7b0b87ff76d330f9c0892fa9a1f7d378bdb2d8fb488c6dab3cbeba47a32ef696156fdc5d07f594ce8cd4d15f8053988b453468440fc3419531ff3605a025855497f36bba5d776660bea8d4a6f9c654b78f362be5bd1c669c2b49fd15fa2d751fb95a80138c75a1b3df18fe5ca6ad3185e24e7da6e0405f78a4353c33c9ebd48021dd2e6c2590311a59f8c3b62945aec3a570687e16a83ffed75a8fd2a12126461d70906185396457008cfe46514495875507d5c4f1aa8237b337cb5319ac5bd4808389990cc74281daf9237b49bcfc8bab24fa4953d6dad3347a5c623d9edd105af3e5d6767fde27c38ff06df6b4aee7d214301000163666d74667061636b65646761747453746d74bf63616c67390101637369675901009b18b1991728261445bede30204b7a86f92cfa5584b6c8895f00d92a6157b5b9da4336ff2c72a2a7e26f2ae6cc9f2e32bf4daa4599b116bff0bc8af9e2cd57f3329e1614eaece02d852bf660d3c419d42d7429225f2d6b3e9a4b68376070c17ffcd85cf1430641731bbe49204088779d8e586ebbd1f64a3edad071ade30ae8ecfb90c8b3fb5ff471d9fe71cbc1ea488c1a263ec9d438c505c91cb4a17d8a1ee5ae47c88876cbf20c74e55196b99bec606ade7ba82b64793eaa91f1207d70c80eba19589ec0e423c886cc616457420dc1b3c04f2b5791772a3c023a246c4d3efcca0169933ee6130cc4af37d5456372e7f6553cc07221aa741566af78744f4ab0637835638159034c3082034830820230a003020102020209b0300d06092a864886f70d01010c050030673123302106035504030c1a59756269636f20576562417574686e20756e6974207465737473310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a30673123302106035504030c1a59756269636f20576562417574686e20756e6974207465737473310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b300906035504061302534530820122300d06092a864886f70d01010105000382010f003082010a0282010100bbf836d1dd6e2627f2a80a457f49adae909846863ef3eba0cc1a605813b93ef2b683d896a1dcaf74a7db3463c9f0d5dbec2ed30f5edb857e0dbd34576caa1716c43910f4325484a1a6dcf3bf63f2343ce46b88f00210e0cb0b2fbc3065ec8ad302807ce431f4edb9b9b07bdee10fe1fbcbf41451e6f6b04ea996215c2667b80a04fa376c5d17e953b70af71fe8be7dd7f4a845bdf4b2fa654531debefa99d66fe0c1a04c924bcc3be146da68c2de3a97dded885277a84f450e6669a95f1b901057f1ac6d91fa701b0a8170fa415fa28aa4fa242fe4eaea8fc8c44c8258301a25cda21bb9ddd37addd7e2154f43811036045e5b856453e85078401f0659593d950203010001300d06092a864886f70d01010c050003820101000514466869a9656754f0f81121dda9efa3723882dc1600d4b2c6516022c4873be034c8ffd939e191da50b4c7d7198e37c7596fa879343cb8406e0c92b8978078e02b0ce3c7e6e4421b665f6b63b0e566dc758e17f5b9cc6c42d58845740857cb5f488f6f6f81bcd71d9f46346f17cf61021275e577c114588a1fbc8de5f5ebfe97c2267f99c437323891efce43e989e0189dfac9dd331103adce542906794cc59e361526d8ca7016652be3843c270673019ecc296072bb763d8d3cd815a5d1185471e363cdd37edbb812219acab23e90cc57002465e8fe4434a33b10b4e116634c94d16455ef5d887cdcfa424f47ff59bc2aef7d0588a3af60c90c823f61d7a6ffff"), + clientDataJson = """{"challenge":"AAEBAgMFCA0VIjdZEGl5Yls","origin":"https://localhost","type":"webauthn.create","tokenBinding":{"status":"supported"}}""", + privateKey = Some( + ByteArray.fromHex("308204be020100300d06092a864886f70d0101010500048204a8308204a40201000282010100c5e44335f0b4b5450eeec98576cd39d7b0b87ff76d330f9c0892fa9a1f7d378bdb2d8fb488c6dab3cbeba47a32ef696156fdc5d07f594ce8cd4d15f8053988b453468440fc3419531ff3605a025855497f36bba5d776660bea8d4a6f9c654b78f362be5bd1c669c2b49fd15fa2d751fb95a80138c75a1b3df18fe5ca6ad3185e24e7da6e0405f78a4353c33c9ebd48021dd2e6c2590311a59f8c3b62945aec3a570687e16a83ffed75a8fd2a12126461d70906185396457008cfe46514495875507d5c4f1aa8237b337cb5319ac5bd4808389990cc74281daf9237b49bcfc8bab24fa4953d6dad3347a5c623d9edd105af3e5d6767fde27c38ff06df6b4aee7d0203010001028201001742701febede18c7f67d3a9eb3fcdf7ab1ed473a99321d78e2e706423255d9d03a3044c0cf38a8b2d81c1f057024ad99516f8e43bc3ac4584b3f5cc1419221747de76f7086dbb3848fe1b2a193276bbcfc708214304f89397fb096fbaeb3106c35cacd13003e93468748c70783c64b7746cadd015a662a3523c3e9f1f1536bccd0dc7139c5c813443f654305924d3296b6fcf01e1539217a1ce0c634164c42d40617048cbb81a401d0a457f1230957f40c3f16f58414d4de96921aa353dfb294b94b65cafbf05bdb46895a423121a7918dbde57a3e1b30c4a40bff4086597b7558f1fd535e5c4cc8e0a46a80700e43d4afada920266d2bf0eb456a4a1fe250502818100ede3f68c1142913405c4a7bdd5550f123c75d29405e342e61d22e40a9c547799f8729f18b3d1066af094178ce4fb2cfd885239487ed96ce94d770018754dc963ef8bb13bbec9b33905f1d030a2b2b7778c326454b3cc7e2c54e46042e50ed7da12da02505ec817dd5889ab3355a6bd406d4d1c0705ffd6ec4c04d88b683887a702818100d4f4cc350d2e2942c28a7b9e3f83a9d2faf22f24d78bc53407d29614365f013470d55b995afa29978c14c786a76f8fee9e2b692ad5e11e57ea349914758025f9316b5f5290e2f12e771cd2917aacd80b76a43a5e7c60d84de67e0b6556da75f2b163f943952262e8c42d659b157a94e0b3905c4ce8a0c943c5a6057c1aa45d3b02818100ac013a510861d34f84242f0d096519229c68acbbae8e25def08e3bc8984452be176ff92d09474796a720ccee68da5c2b6d17d6a75e60a3690543d7e3d75d4912632fe41448dcda238ef2cb0f7f742d47d92cce72981671dc67fd40c4dd8e1ff063d511fb3eacfae46692142167fac9b7fdcfd54616c667862f690991b2e7bcdd02818100b4ff93890bb8ce4cf5b86a35285aa9beae97a546350591091615008611685247d61721918867d36e011bb0325ca14fbe4a252f6fbef565aae75ee935206158e52201d6b5007c42ed7143c81cea1d7a4ad3fde5b6651493043301b281e17e307da4140aca4c393bc406e966d09742e6c2cd1bc7b77e891a4745f843f52557c9fd0281800ff1fabad5587a4089746854833fb3ef15296c15c13959b6bf0d4f01777525f8c5fb87d9c3cd7b0c63fd182930e9ee9eaad35b5c361f3c2553629dc358b1b591651bfc2104f068fa6175044c40b910aebf7ce6f58ce9b24224182059e2838e20e213523d1fe05e2c49f999d355da66107aa398b844c8993c8e1b7f7ae9cc8026") + ), + attestationCertChain = List( + RegistrationTestDataGenerator.importAttestationCa( + "MIIDSDCCAjCgAwIBAgICCbAwDQYJKoZIhvcNAQEMBQAwZzEjMCEGA1UEAwwaWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMxDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjBnMSMwIQYDVQQDDBpZdWJpY28gV2ViQXV0aG4gdW5pdCB0ZXN0czEPMA0GA1UECgwGWXViaWNvMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALv4NtHdbiYn8qgKRX9Jra6QmEaGPvProMwaYFgTuT7ytoPYlqHcr3Sn2zRjyfDV2+wu0w9e24V+Db00V2yqFxbEORD0MlSEoabc879j8jQ85GuI8AIQ4MsLL7wwZeyK0wKAfOQx9O25ubB73uEP4fvL9BRR5vawTqmWIVwmZ7gKBPo3bF0X6VO3Cvcf6L591/SoRb30svplRTHevvqZ1m/gwaBMkkvMO+FG2mjC3jqX3e2IUneoT0UOZmmpXxuQEFfxrG2R+nAbCoFw+kFfooqk+iQv5Orqj8jETIJYMBolzaIbud3Tet3X4hVPQ4EQNgReW4VkU+hQeEAfBllZPZUCAwEAATANBgkqhkiG9w0BAQwFAAOCAQEABRRGaGmpZWdU8PgRId2p76NyOILcFgDUssZRYCLEhzvgNMj/2TnhkdpQtMfXGY43x1lvqHk0PLhAbgySuJeAeOArDOPH5uRCG2Zfa2Ow5WbcdY4X9bnMbELViEV0CFfLX0iPb2+BvNcdn0Y0bxfPYQISdeV3wRRYih+8jeX16/6XwiZ/mcQ3MjiR785D6YngGJ36yd0zEQOtzlQpBnlMxZ42FSbYynAWZSvjhDwnBnMBnswpYHK7dj2NPNgVpdEYVHHjY83Tftu4EiGayrI+kMxXACRl6P5ENKM7ELThFmNMlNFkVe9diHzc+kJPR/9ZvCrvfQWIo69gyQyCP2HXpg==", + "RSA", + "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC7+DbR3W4mJ/KoCkV/Sa2ukJhGhj7z66DMGmBYE7k+8raD2Jah3K90p9s0Y8nw1dvsLtMPXtuFfg29NFdsqhcWxDkQ9DJUhKGm3PO/Y/I0PORriPACEODLCy+8MGXsitMCgHzkMfTtubmwe97hD+H7y/QUUeb2sE6pliFcJme4CgT6N2xdF+lTtwr3H+i+fdf0qEW99LL6ZUUx3r76mdZv4MGgTJJLzDvhRtpowt46l93tiFJ3qE9FDmZpqV8bkBBX8axtkfpwGwqBcPpBX6KKpPokL+Tq6o/IxEyCWDAaJc2iG7nd03rd1+IVT0OBEDYEXluFZFPoUHhAHwZZWT2VAgMBAAECggEBAJkG6EpOhOAXYZugURfheb5GBVJU9GdMCupfBtRtqkAvBJut9mPr8AN+rByoqLyivpo3PKikxv6Ussa4F/xlNMraEMNWqqrYF2prMx07VvFkKWnKX+qupvNmNgR1OmUqV8MPq51zdj0bGKsvDTIY5hdB4YGxc+CdhEzX5mzI72OJjAQHbw4mOUMjepPPU1sdp/DFtwgv5UN+AhFc5fbIkiQv/AROiKXTegi03xuUGzdoarnSw6t6qdiD/JCqj4vW9bQFm4daCqMbC910ngXxpo4HdD4qbGf8U7gUjHIVwXtc7c7UNDe9QL7sKMdbmtqDxj/Yl13AopLXZ1IC5ZUYbsECgYEA/B7m43Fc4aBknSStNZcdOvYV89bxpGZ3gedSsESp1OoSCsP3IyrzmADK3Q88nFa2AyJKQY58vX6h8VRbR6DzN2TpR5Ui7qB2RLRuK9xcIcILxLtAg4KUJovu0VJLNjDlCqrrMzYKWT71I8rgf9/M6rwDYopYGyk7ohoju8EjUY0CgYEAvtyfUKtfLWNcuieAFzPZA0KLLmWI0ng8xWo9LeP6WKc9hYZZMPY8+E3ZS5EcINfIeMuoU/9MMMBDfsgsoOLdQBNsbX8m66h2qt8KQWTLZptBiSOoBRH3rZIf1xuBC5nwD5Loig2CQDjrvv5ccaEO7t9NA4Z7UPXY9HdAYIC/ZikCgYBkVGfNWu97Wjiv0EidauVW8VcLEh5XLe+g4k0lmC19bSiA4DsY457MfoQ8NDQKgvcriBnEvM8nGZ2YS9mHR6WCBcZPlimwjGqELMkq6yY+yNmmEF4791q9fDItWnJTvmFnPV0bpAW6PjOPasysFoOVZfxy2lr1dBMnDv/pV5KWgQKBgQCT1rjg952Fvs14tFgXoOWcDNNaYPOWc+Q+1ogFH+4u9XxGDUbREisv+r0yN3ieSAbU6ou8ZKhTqtmdPtiy1oeitmjqd+9h4t/og1OiS7zyAZjF7YScSMqc++8F5BwVLGwy5AyTwtr9fBm/m69npOW4SeeRr32dvJEM68JF/fRD4QKBgQDzljYrmgfa3yzST7IVoaF5ZmmuoIBKQhsh+tglpYdRBzT0jr3vk0AWdm2DUEPvnSoroqBMA5CYMV248XT0jvyZRFY87HOnJkFdagf5i5bGMbMIEqpuwxU9zMXUM+dnz8+vjmWwHnM/eQy4PWV/FoXG/Ll40bRX6admbJix0Oe/og==", + ) + ), + ) { + override def regenerate() = + TestAuthenticator.createBasicAttestedCredential( + keyAlgorithm = COSEAlgorithmIdentifier.RS384, + attestationMaker = AttestationMaker.packed( + AttestationSigner.selfsigned(COSEAlgorithmIdentifier.RS384) + ), + ) + } + + val BasicAttestationRs512: RegistrationTestData = new RegistrationTestData( + alg = COSEAlgorithmIdentifier.RS512, + attestationObject = + ByteArray.fromHex("bf68617574684461746159016849960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97634100000539000102030405060708090a0b0c0d0e0f0020144ff435d36e8b657e2143922addec5614af740a0f7acc1aaa9f46a85dc73df2a40103033901022059010100b4380cf9bb40185d3f5b141c2a8daec8076e91a9c281f3aa7a981f08375f7528bb9d0fd3348b2f00999d515a24ad345491836f2822535e21391feb4a0a948b277a04b8a6af8e89ad437481aa53a376b97e5b11896f75ceaaa032eb985147f2e4bd4a729e9b64d1b863fa852193012184488ae3634322b59fb63ffac42da9786060e6bb6e6878209377e22a9903104743f7ceb35aaaaf6868072368b5cf65d4f78b805f849e249c9c7d1f7751663caa58bbe978c677358a3c1cec5abb21e44b8950416f77ee0afae12968252d49c2a9d16a9844cb4bb111492140517d0aa9214fa85e3012423dd46f8f4d8e649020bbafe8f1e73762ce1cb2e733c51b180cb537214301000163666d74667061636b65646761747453746d74bf63616c673901026373696759010062313cd97a9d81f54fb88b423218f3632897fb833800339cbdb2f153d87033f7ba81d32467f3784af15e5f12633e2fefcded70c3f560922aca9cf9e2978e7b5a13498b4758feb33d621e5fde54f74fa1f26874fdc4e492e12f0ca6f012cce9916023635292ea902d5dbf12cecf29165200e35a2739afd312263a93fa4e0c29454fee6e5c2ed84c9e9cc1c8220d47274648477ea68642d9a0cb385fa132b95dae73ff900f0fc5e08cd584e01855fc36a6fbfc4facfe3fd4afd1418771ac831c204b33c73b1543c1f309597f97c0af9f710ff2ae40c5cf4144b2c5f2e62b59ed3ce04a6a714300ce9ed8343f8f760f3ab415f1e6666bbce50c8e2fdf2b2c9ab6eb637835638159034c3082034830820230a00302010202020cca300d06092a864886f70d01010d050030673123302106035504030c1a59756269636f20576562417574686e20756e6974207465737473310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a30673123302106035504030c1a59756269636f20576562417574686e20756e6974207465737473310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b300906035504061302534530820122300d06092a864886f70d01010105000382010f003082010a0282010100d19dec1547c6169901207d39de3147951fe95aa932790fd06e87731f0c74c7a30f2ca34b5996f48222eb4813a6b7c06f3920fdec4b27737356160c138091b971ffd11d55f4411f65c5017de8e1ff0792ef326ae9e561ee2bb628aefba26be8af16219b61c9f9c6bf54c6979c8eea63cc41530a2c02065a890f667a685a456f9c1d6a81e64cf42aba1f82503063004cc7d461c205a8307a4dc59c4d3a499081031e4a3d189ec29ae437b68c62db8efdd9f6fd04da29c184acbce1bf093a29111e5eca22175df4535952584b3e909157e7692c76cd106cf9125d001a519285354798ad4e7efa5e45b1f34e5fb869ada9243874cc759fa7a9d584c2025c14c8cb710203010001300d06092a864886f70d01010d050003820101008b7d7fce57afb896444250e8d099f96c84e3363627c938fc15b6d2a1a5514874d39ced9cb1d86be91b53ef139df2953604293aa30a25a387de12efb5d4b877bf7bd1a1e334a848dcceebe679ce05440e6063069b42d8666298389bdc20dd0c5b3afe353723212404eebe2e4b95a9a75dafa9e9dabba5f7fc19d7f2941988a8ac70e1b812f826528dfe7c002275b5765448d2246779d6cf201bb2976df1dd2c1461f268706fe9a5ad33fd65d58c6107b0fbc7d3da2226ee9fb6304ab381f9342223dfed894999313f1c013fdd432a2ade171cb47562d9d4a8a2a6d33eebbab70934e249dce03e0b87fdbf33f1a183fc697c9c843cc949350a547213a87d75d100ffff"), + clientDataJson = """{"challenge":"AAEBAgMFCA0VIjdZEGl5Yls","origin":"https://localhost","type":"webauthn.create","tokenBinding":{"status":"supported"}}""", + privateKey = Some( + ByteArray.fromHex("308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b4380cf9bb40185d3f5b141c2a8daec8076e91a9c281f3aa7a981f08375f7528bb9d0fd3348b2f00999d515a24ad345491836f2822535e21391feb4a0a948b277a04b8a6af8e89ad437481aa53a376b97e5b11896f75ceaaa032eb985147f2e4bd4a729e9b64d1b863fa852193012184488ae3634322b59fb63ffac42da9786060e6bb6e6878209377e22a9903104743f7ceb35aaaaf6868072368b5cf65d4f78b805f849e249c9c7d1f7751663caa58bbe978c677358a3c1cec5abb21e44b8950416f77ee0afae12968252d49c2a9d16a9844cb4bb111492140517d0aa9214fa85e3012423dd46f8f4d8e649020bbafe8f1e73762ce1cb2e733c51b180cb5370203010001028201006b07e6dce2127ce5d45cb922c93b0014982558a923759e4b1f27fd3619fcbd4e05ae8fd975993bbef57c72f6405605803c337ceeaf0428213f15efdd374f651d7ae016f217cd6582db4ef43b3e1514cbb179507ef90d54420d86705933dcb12a9c28fccda9a844cd67c33f11e386866b53d1f89dd91f62128a609103b5c2b2543939ba84a7bd88f876433754c24b72f3c50cdae49e43283b486515a5ca287ab18b4f68c0e5a0fc5b08ffa619cdb2e4bec2e4aa0884dc27f3e5c2e3d22122e68e0ec5214cf3b5f1ffe4915c692b9ad7e225ce111ed91807b8584d3ff84c66a55471fddde411ddb7cf131e529beee2b38590805db780a599c317e5e4b17d56dd9102818100f7d0541ba1e580a1281f294153095013cad88f9d4d41586ad48849a641349ddd797b6a73c6c690c29570a745ca10c8babdb714671cce3c0b5c1c2e531adc6ee1750c4610b2271547fa87956ae994c53a239ce0fbf62caf9c25003cd7ac9b39bebc93223e0218d532877a56da897beae8542045cc1be8bdbaff5e49bfb44cdf0502818100ba2c18daa8fcabfba1484a19ae000304ec6f3a2f4d4058e6d156cbe7c3a9e0416dbd514027d236c2d613df1fc03c8b9006762f31b37b4167661eeb4c473e88bc9afac1565cfb27ecabcc204c2eaa63ffc0a22edb61d64d710da14dcaca2026d1a8ad42836aeca52d68f9a142a3c533040a10c5518eb65e00e7d073f47eaca00b0281801fcfd98c368b3ca8f37a94943331a5daf4963a516a2272543c7646661646c7e12f801d5941722a112097f69129f05fa441486851184c8d3eb413560b0b0eb319342a6030327e7be7e28c572d03513ac44ce00dadaa9b6febae804a4f317437c47976b5d599f550210d6d320b19cd1389c18ae70adda651fcd85d65403bc8067502818010407336fb537b4bef0b59749e6cdfd69931287a229b40677dd4bede0f858fcf065e656e5d4b8b7e3ca3e571671da1ed43b323718a4273362c82fc755f2ec54ef99474362ecdb9f17e19c6a3ffdaddf9e07e07eb1cc25166521347b0312ed754ac0ddbe58efaf37c6052925237ebaa056b3f858a161433668ed5f29960497f7b02818100a1e9ff8b24499fe1db468cc0377b30bf35788214639eb1ab54801b77d5e9b27ec196cb3cbcaebf9ab57282cdbb811bab96773b40bc5856c3ed6bcd5743cde5fa897e5733939cddc445dc9590a753be7df06dfeaaebc7365758696d1cd2a546a5e828aeda960c812cb41178caa4e0fcf9f295e595b74d3dca4ba742ae6593d666") + ), + attestationCertChain = List( + RegistrationTestDataGenerator.importAttestationCa( + "MIIDSDCCAjCgAwIBAgICDMowDQYJKoZIhvcNAQENBQAwZzEjMCEGA1UEAwwaWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMxDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjBnMSMwIQYDVQQDDBpZdWJpY28gV2ViQXV0aG4gdW5pdCB0ZXN0czEPMA0GA1UECgwGWXViaWNvMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGd7BVHxhaZASB9Od4xR5Uf6VqpMnkP0G6Hcx8MdMejDyyjS1mW9IIi60gTprfAbzkg/exLJ3NzVhYME4CRuXH/0R1V9EEfZcUBfejh/weS7zJq6eVh7iu2KK77omvorxYhm2HJ+ca/VMaXnI7qY8xBUwosAgZaiQ9memhaRW+cHWqB5kz0KrofglAwYwBMx9RhwgWoMHpNxZxNOkmQgQMeSj0YnsKa5De2jGLbjv3Z9v0E2inBhKy84b8JOikRHl7KIhdd9FNZUlhLPpCRV+dpLHbNEGz5El0AGlGShTVHmK1OfvpeRbHzTl+4aa2pJDh0zHWfp6nVhMICXBTIy3ECAwEAATANBgkqhkiG9w0BAQ0FAAOCAQEAi31/zlevuJZEQlDo0Jn5bITjNjYnyTj8FbbSoaVRSHTTnO2csdhr6RtT7xOd8pU2BCk6owolo4feEu+11Lh3v3vRoeM0qEjczuvmec4FRA5gYwabQthmYpg4m9wg3QxbOv41NyMhJATuvi5LlamnXa+p6dq7pff8GdfylBmIqKxw4bgS+CZSjf58ACJ1tXZUSNIkZ3nWzyAbspdt8d0sFGHyaHBv6aWtM/1l1YxhB7D7x9PaIibun7YwSrOB+TQiI9/tiUmZMT8cAT/dQyoq3hcctHVi2dSooqbTPuu6twk04knc4D4Lh/2/M/Ghg/xpfJyEPMlJNQpUchOofXXRAA==", + "RSA", + "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDRnewVR8YWmQEgfTneMUeVH+laqTJ5D9Buh3MfDHTHow8so0tZlvSCIutIE6a3wG85IP3sSydzc1YWDBOAkblx/9EdVfRBH2XFAX3o4f8Hku8yaunlYe4rtiiu+6Jr6K8WIZthyfnGv1TGl5yO6mPMQVMKLAIGWokPZnpoWkVvnB1qgeZM9Cq6H4JQMGMATMfUYcIFqDB6TcWcTTpJkIEDHko9GJ7CmuQ3toxi24792fb9BNopwYSsvOG/CTopER5eyiIXXfRTWVJYSz6QkVfnaSx2zRBs+RJdABpRkoU1R5itTn76XkWx805fuGmtqSQ4dMx1n6ep1YTCAlwUyMtxAgMBAAECggEBANBdxSHaOOSZr28WTAG8xsVL9XEzo4KH388fQaZpgWQ5iIn8wJgL4H3ELFF3h1A9L9KAIylSA6NV0QsVcgVp1gemHb6lhKl/hnBw7TIkBJkIzFE3yc1ErbYx2vsmE+xkXjcHrSdl2K5h3umSKARApneRr/P6jwC12my+l4tHwKIRpMEO9Bxj5bTLp81uGTOT68B3nOiB9UJQ3Anb5gDTWalSnRZIZy8oS4cpfFAGrN7NE9Amm4JaK6FRzTAD/Z2nuCmOZBAzlx8qQJhr9bJa3DANwhDJux2lPpqldukpOd2N5eHXXNMQ85qlcber74o2TOqtRXP5fER07GAN99oaImECgYEA/4ca3YzJChGdVCTHTCllzHqpyLAT8+nv4hVjQp+H/RQc6ZkzDDRweMCQlfnvtDywT9H6kRHsZM1Px+GYomEeHaHEMU4xZAaKFuny7ohjx8nxHFdSYCNfnmq9WFowAxN61O2a8o7zXv+A7OpRzrKP+g+hDnrikASyqat211VMQN0CgYEA0gEYkAjr9FJFcQoyly6/sCjIDnWkNyPUa7+4ko1FWB2UDa6eaq/eSMrefg4OcIviije1KcEhXAeU1+ciLrI2jdSxcnIcRikbd8+oAVHzZPTOKy4nP0QKoBulvTN/8/Zu715qF9lmrZfa0jQLYs1dp16ZeRSHcaxYpjUBlLO4oaUCgYBld5jLcSRDw0reJtyc+bNaxzq0XncN3E9NT4Di68ZsUJhKinMi3Y/r40uGwoDU6WR5zb/Z62wbewu7K3IYyMfUrG/jxFEIjzA2eR/maHJ221HLF0G2u1U06t3VP7rg/dNAyjlFKE6r4nmnmkRx96YEfkBOJ63f0n2/sj62s0BcYQKBgQC3zV3CMwzRenBsz5AX4kLD2+29OhnQaPuyksro+dyHktvSXdMpbWQQMf8qNQNOXiCY+MkHEpIwCjKsBRBV7oTw/geRM26rua7g3k8dWKy+38TS5kJTjSn/mDMntbt3u2i8+NXCqfTEWvSaphKRF02w/4sz/lPNmhq83gfULriaQQKBgQCu/gBexP0ImPy7O9MsOE9Zyi4FpOFB4X3KbAUjaev6grxrKo/cxc3M/1GsZ4DNQq4PrmA0l6yEp0FJD70v2OLsxtxNkHTKiMWb2cvNr1IwmYRUW3YGW6N+VCXpXrri5NSNMTeuMvfj2j60Hu64rUJn/MoAo1UGJpJ6FT9vCjvHsQ==", + ) + ), + ) { + override def regenerate() = + TestAuthenticator.createBasicAttestedCredential( + keyAlgorithm = COSEAlgorithmIdentifier.RS512, + attestationMaker = AttestationMaker.packed( + AttestationSigner.selfsigned(COSEAlgorithmIdentifier.RS512) + ), + ) + } + val BasicAttestationRs1: RegistrationTestData = new RegistrationTestData( alg = COSEAlgorithmIdentifier.RS1, attestationObject = @@ -867,6 +925,74 @@ object RegistrationTestData { ) } + val ValidRs384: RegistrationTestData = new RegistrationTestData( + alg = COSEAlgorithmIdentifier.RS384, + attestationObject = + ByteArray.fromHex("bf68617574684461746159016849960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97634100000539000102030405060708090a0b0c0d0e0f0020c28bda3318d7721b2d62f1ac5bc3ba6cfa634dce5e1613c42c54e9c2920533dda40103033901012059010100a086d9533f5cd8550dd2a5a1207b3c18845cc20dcaeb40c5a148c2a1ab3b1d34c73f7b2069b39de1e22032eb56077bb09f2025d93d6dbdf66cf200227268caf0de22f6d4b68c36aef28df970bba05bfc9c43073dc780d61ce76e55d02810ef9f835988a3e86cce1b9af830497f47176f9fbe1ed924c0ccccbdb582850c4d39a2bbefa9ee59296e247c684a49f1cbc0df144b3cd7355f732b0da221b397438584fd860a8f243595290a2a26ce7244c9d1a52f669a14ed92ac253b68fb37d489c3d0b467e9755a08409c1000afc5b46d71999c9453f3c0a168e28e950f871e67ad977a99fc5c12a6d732d3d646fae44cdb12ba8bec46347a993d9059ebf9ddfdab214301000163666d746374706d6761747453746d74bf63616c6739010163736967590100559308d2dd2e8fa7bb4e0c11f904e3dbe6f5f695dd59a47ede3fc3f4f8c532aa19db498215ea90fa6aa1c383620da9ec321918aacd61df83d1f6602e4369392df2d2763e0895d62fcd62c8c7769cbc3e77c04f46e195e01df35beaa4e760e6806b471d231cde499959c5323fa0fb9c2292fecb9fbce73c2647d8092250f2a03b9c67d5d5bef65240f08b80e0d278d98a6fe1e4738e4e46526aaf48aeac11c91673a37be6f912eae880815ca63f968991692c43f0c668e53608ac1086a8c892915f4541a22e84b9abafedc2e70e9443bdd3375204192d8ab01cfba2652e270672e61ad3a8c274ee9e296c29d514b3f5ff52b23367f52a1429e89aacf6bc0e810963783563825903913082038d30820275a003020102020211f0300d06092a864886f70d01010c0500306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a300030820122300d06092a864886f70d01010105000382010f003082010a028201010080d4fcffce24bcde9b675454a95f42d9de18a98680c8919c388b58510e9412adc58c3576f4604a3cf3a4335bb318e6b2bc7e8f4d314b269948bf2fb76ce698d0b117a059281d8aff63860372111cd27b1b917f6719a5db9d24654fcef58ba10617c47381bc18729a90db38f9722eb326ef59ee9a59ca388409b1413ddb51afe5949ef5b588d7926c40f27fed80e8912b461dcce555726400dd75620da2822975f7e9920e0e711872c333af43429dadde27a3114a6b4d37927846df77cf2fe35dc94851fb753ca3371faab3a33cf6ee573922223863ddc1d5dd89bec4c66ee3cd54837905972632bdad6492262eb815c7579a6f677f878f311aa51278734f1aa70203010001a381a63081a33021060b2b0601040182e51c01010404120410000102030405060708090a0b0c0d0e0f30690603551d110101ff045f305da45b305931573014060567810502010c0b69643a30303030303030303014060567810502030c0b69643a30303030303030303029060567810502020c20544553545f59756269636f5f6a6176612d776562617574686e2d73657276657230130603551d250101ff0409300706056781050803300d06092a864886f70d01010c050003820101008dcb1be0feeafd6d2b06959868df474fee3b78087919163eaf6bfce38143653a4bbbe5ef1634149786d1765a0fd4ca5348fd84198025fcf6442a18e97f9e0b6d669b7f49ba4ade87dc6e2584da9ac1b5072b7f29a211178f5717730d7306a9bdc8dbf0a4a9fbc94b15d39e6b12661ebfac3c29bbe5e0d154fc833f15e41717e49133656fd130bd63bee22c4e7e54474442eed20158d8a98e861cf3e55742696e5d4e899ef7a63b06c75ef1460caac67d2883ff55d1fbf791db1eae3ae2c685c3207dba8fce74a50419c874821d94245bed7c22d84097407f3f74327c155a7fd8caaa33fbceb95a4907315e3bd09599ee682b425130dba69824d5755273a0a069590367308203633082024ba003020102020210cc300d06092a864886f70d01010c0500306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b300906035504061302534530820122300d06092a864886f70d01010105000382010f003082010a028201010090bd7c9cfcccffa596fd45a4586d14906a4ff94826756b0c1856ea3f1ae151ae95156c3584c3cc08bdbd866a8291735b27fefec11848766cf964645efc47452ea59a13b6ae2c77a6a2b37e0c74ff9af5226d3a12848e7be84d809cf81cf1b46e0af5d7b1ce8745dc8572c60f79a331405dc98530d62c8be77e14a9da8e440a4a14192b2eae1d4bdf714728c11b9d3eb82b8d6371ab0a0a295d7d691f9432f4ab859133d1cf312949fdcbe2138d2b7e4399b477243eaf84063d16afecaddbaed16d915a8740eace0a88c0faab3db51433187c5fffe3077249dbd8021c0f3e8950cec31d46c7d6c4aa200c00ac70d7ba583ee0dfa9877374c9981fa5d1c3d7c90b0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010c0500038201010007f0ebe81b798b51e85a6e4eae0b725c46fcd7b65bf30322980e39bd0595b84e381413ae51bc9a7072c8944012edaa41a5f40a28e06916bb8cf8946962f240352ed3c57fc03eef87f0d832196677b46b1ee5f40358a9a24637a637078338b333a75f084f8912fd3e4d1a3469934b8510b9e8ed0b5a762e82c1b8d7306208b8a43b8aa4adc15104da5ca45c4de158094d588a600c48642ef6a008aeb1f8c4f36d1067e75fd06c1b568c1d2ab299f0a8cee0092dce2cd8f2bbf1bd06e9fcc429da23bafcbae8e2946ef390532ba1112b46e7d64e2a30706655d815b62da3f3e94bb386ef3d6e57a9df3f154deb87ca588b394cdc6ecf1bb0d5ced92f8382693d736863657274496e666f5889ff5443478017000000304474eddbe2aaad0976688da49bb2427d2d18fd545d7abf10c699ce19c8760a5a3a4e734eb62428defd21b88daca43f8b000000000000000011111111222222223300000000000000000032000c9f655881ca92c820f85e04e5403a5e4e8b72cc3ef68f5d0f35fb5dd47a073160671851f641932b9aa95bc96024156dae00006376657263322e3067707562417265615901170001000c00040000000000100014080000010001010100a086d9533f5cd8550dd2a5a1207b3c18845cc20dcaeb40c5a148c2a1ab3b1d34c73f7b2069b39de1e22032eb56077bb09f2025d93d6dbdf66cf200227268caf0de22f6d4b68c36aef28df970bba05bfc9c43073dc780d61ce76e55d02810ef9f835988a3e86cce1b9af830497f47176f9fbe1ed924c0ccccbdb582850c4d39a2bbefa9ee59296e247c684a49f1cbc0df144b3cd7355f732b0da221b397438584fd860a8f243595290a2a26ce7244c9d1a52f669a14ed92ac253b68fb37d489c3d0b467e9755a08409c1000afc5b46d71999c9453f3c0a168e28e950f871e67ad977a99fc5c12a6d732d3d646fae44cdb12ba8bec46347a993d9059ebf9ddfdabffff"), + clientDataJson = """{"challenge":"AAEBAgMFCA0VIjdZEGl5Yls","origin":"https://localhost","type":"webauthn.create","tokenBinding":{"status":"supported"}}""", + privateKey = Some( + ByteArray.fromHex("308204be020100300d06092a864886f70d0101010500048204a8308204a40201000282010100a086d9533f5cd8550dd2a5a1207b3c18845cc20dcaeb40c5a148c2a1ab3b1d34c73f7b2069b39de1e22032eb56077bb09f2025d93d6dbdf66cf200227268caf0de22f6d4b68c36aef28df970bba05bfc9c43073dc780d61ce76e55d02810ef9f835988a3e86cce1b9af830497f47176f9fbe1ed924c0ccccbdb582850c4d39a2bbefa9ee59296e247c684a49f1cbc0df144b3cd7355f732b0da221b397438584fd860a8f243595290a2a26ce7244c9d1a52f669a14ed92ac253b68fb37d489c3d0b467e9755a08409c1000afc5b46d71999c9453f3c0a168e28e950f871e67ad977a99fc5c12a6d732d3d646fae44cdb12ba8bec46347a993d9059ebf9ddfdab0203010001028201010097b579d47c3091df28362904733f245783586aa9405a3f17c7ca8ceedf75f9af349321194bec4dccf9b936864502c379f3991d4c070b1d19b472ad7fe0a27b1152ceb679e79ff1da3b2fc44b2f776917fed23618c3e055fa711a4c8d72203766886b6880879bb4da500639146cee520ed368899cec682de55d711a4e0587426cb1c20c0d9c019de56317604002bfd501f96218dac96fba922c418fd812c3a3103931ac04db859d1a18125cfa448dc02c83c365ea991ddce45bb1175aa4f348c4a75d24f084f39929a40c91bb2c782681e48679cf0c1e635c588e8139658d74c83a2e5c2a530b7216de6dc0b2398354d3a6547ca7d4ce353d90ecd5fbeb124aa902818100df274427e772a8ecb7c76557575cc744d213d161e4ea396488ae30adfc35eda523f5cc11a9afe05cd6c918820f7ce287d5fea801d70c5d9f1dbb78ef8b495706af247f6ac0a0ce4f2cc189168cf853a41e027e43ceebf4e4c470b66a21b80d5556981163855cba88a6f632e622bcb9043a44521874361673c97a7c4e949cad1d02818100b827b91b4fc55a52fd566106944471ef25369ac26b24e1379d12476cab605db75e2fd9154f86c62ff7cae534039e04b740e232a8f5e3a98eba4b12cd94461121b9a4206f7ce320ea575ebea879ff463073f323b13a8746f2778e6a15d00abd0a13e13d0af80247a445861bb47de95461bdff04f758ff500e3b766d377b7103670281804690b028be33afdf4b2e2e89b4028eb0e08d8bc49d12c41b5a6d5acf69d5d3d448cecd3d389f791f627c2cd7d3f5f5dc667b24bd903744d3b01f3c5ae37cc99c3f7e171cb6d522e83e8ae4c2d0c92609dbc386120338f233f53a7f34887d1f1a414bcd13df7437384733cb5ca2d772da3762ab63383c725522fd2c99dcbcbeb102818069e3155179edbd40e8c0292bf246e4c8203aa483d3bdb1ee1b57ae4ff2be87446f58cdd6ae128d94794365c521ab5384d73ef8e823f292c529a30f1dbbfb09d0bd807cd1fe1a4f0bcfceff8bba122916a52511c9cf20878fd564c2e4e5e9b6c6bba59046e551d245c76014401501fbedf3a45603af5da677788360cb3d243f5302818100d8e0387a2fd83c82190026e8795b6f8834853126bdee577aa896873ec5c4712cf871a9444d3bdd752481fb710b18129b6a2adf30f51c8d2337f58d974cd1a43720dae6b35401a87bc7803d2cf1774981ffdef01419dc1e7eeb65b24e27cd61ff73a27023cba8cec21a3269f327d8de8faf9cf9b4c74e5fe63329e65e602e5eb7") + ), + attestationCertChain = List( + RegistrationTestDataGenerator.importAttestationCa( + "MIIDjTCCAnWgAwIBAgICEfAwDQYJKoZIhvcNAQEMBQAwajEmMCQGA1UEAwwdWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMgQ0ExDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNT8/84kvN6bZ1RUqV9C2d4YqYaAyJGcOItYUQ6UEq3FjDV29GBKPPOkM1uzGOayvH6PTTFLJplIvy+3bOaY0LEXoFkoHYr/Y4YDchEc0nsbkX9nGaXbnSRlT871i6EGF8RzgbwYcpqQ2zj5ci6zJu9Z7ppZyjiECbFBPdtRr+WUnvW1iNeSbEDyf+2A6JErRh3M5VVyZADddWINooIpdffpkg4OcRhywzOvQ0Kdrd4noxFKa003knhG33fPL+NdyUhR+3U8ozcfqrOjPPbuVzkiIjhj3cHV3Ym+xMZu481Ug3kFlyYyva1kkiYuuBXHV5pvZ3+HjzEapRJ4c08apwIDAQABo4GmMIGjMCEGCysGAQQBguUcAQEEBBIEEAABAgMEBQYHCAkKCwwNDg8waQYDVR0RAQH/BF8wXaRbMFkxVzAUBgVngQUCAQwLaWQ6MDAwMDAwMDAwFAYFZ4EFAgMMC2lkOjAwMDAwMDAwMCkGBWeBBQICDCBURVNUX1l1Ymljb19qYXZhLXdlYmF1dGhuLXNlcnZlcjATBgNVHSUBAf8ECTAHBgVngQUIAzANBgkqhkiG9w0BAQwFAAOCAQEAjcsb4P7q/W0rBpWYaN9HT+47eAh5GRY+r2v844FDZTpLu+XvFjQUl4bRdloP1MpTSP2EGYAl/PZEKhjpf54LbWabf0m6St6H3G4lhNqawbUHK38pohEXj1cXcw1zBqm9yNvwpKn7yUsV055rEmYev6w8Kbvl4NFU/IM/FeQXF+SRM2Vv0TC9Y77iLE5+VEdEQu7SAVjYqY6GHPPlV0Jpbl1OiZ73pjsGx17xRgyqxn0og/9V0fv3kdserjrixoXDIH26j850pQQZyHSCHZQkW+18IthAl0B/P3QyfBVaf9jKqjP7zrlaSQcxXjvQlZnuaCtCUTDbppgk1XVSc6CgaQ==", + "RSA", + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCA1Pz/ziS83ptnVFSpX0LZ3hiphoDIkZw4i1hRDpQSrcWMNXb0YEo886QzW7MY5rK8fo9NMUsmmUi/L7ds5pjQsRegWSgdiv9jhgNyERzSexuRf2cZpdudJGVPzvWLoQYXxHOBvBhympDbOPlyLrMm71numlnKOIQJsUE921Gv5ZSe9bWI15JsQPJ/7YDokStGHczlVXJkAN11Yg2igil19+mSDg5xGHLDM69DQp2t3iejEUprTTeSeEbfd88v413JSFH7dTyjNx+qs6M89u5XOSIiOGPdwdXdib7Exm7jzVSDeQWXJjK9rWSSJi64FcdXmm9nf4ePMRqlEnhzTxqnAgMBAAECggEAMZtRi+JBjSQeLKxxKQKQSDnXvzcWUaSXxcIKELQPWh3lSjawBispisy59jih/r2eJyyIW03WxRcSxuNFur4UK491LH4ID1AdRKIuo3ZpZbaXh+/JsDuIE7sW86MaM1iecvpnC5Z0x3QywObwTgIjY6OYOmLenhoi5WSGXZ4clyDAjq6lz/f6njX4nLN9biNH0nPwgxapbFaQ2p6Qw49WFztkDXgw4YQA9CALYFcOL/fUauOIaWKAoFSXRwfiLQQUwGaPlGVOGGJnvQDrTSFnUqqNXqH9t/2zqO9xomjCgXRU0b/zba3zsYR0J0hYUh0YoHO/Hk1AFs2VrF/FqKEIsQKBgQC/FCI1hkxvm7C2Rt/ByDVEdSC98Hmoau0N9z6q1qor/EZVeKTKgYVBczbu0QCWfL2WLJ93qGuENZDUOBuh5ueUO/tMXmqfaperUdWWk7L6ElA/inxiNVKq1v6KHFOQqBNVJDNAmkcHZ6gWnFVaHjXmxBEvBKSQGwAWFmJJuhqfOQKBgQCsmrC4HRqybjHsHSzZRd3dcgbmKiLtmdbw032wiyPiv6Vut7nZ0NPmiPWqaxyZYtX16vI4kEVZ8IluasjnsaIPcZKIgAI4NDmkQZGQ4DOgeUcRTpFN2sHufGxmmf+tM7v2fBC7Q0gnAnfM31Hsz8n/dg/qc05jbDiZ5aS/yamo3wKBgQCC8phTGBtv7UGYWU/k7IDczmxG3vNw4P5eMM/Iol5y0GufDZPZmBOre/rshV0ixI/kx+XtSgWM0GzVkzIUrTqNUuHwP1BQuesBJI78p3HjgQNv2EdPwn1JyRcdrTXzj8vX8HwTTOdagsYl4LN5k/Salkm0cDka7PYNLP/kyN6PuQKBgFKZDCxvMRFmDlnRdF7dQljwckC+tUxCrEs+yg0r6JZf48jh/vwvJNhTfkx5SYxVcdJnBlbvI2Dw7LN8Qnwt00HUtazApU9EHrlt7z0HLW2D2/B6SqqZHukDfdRzqZi3AyHnKRKUFfklAzN1Qv0ySpYHZ4Jof4Cwjz2GWZq15Iy9AoGAX9mbT8QvC8/vLnxmvgz98tsDVarT6Tx7wcEMgyNC/2CUaPUf8P8rkP/Zfym/nTC8Ew/c5N5nLSivU/sPeLjpSQ/cFGZXXysTsVARSeQAvm4UvQy9+b6YoKWl/IOFWISp7TvKjpH3mPiJ4iX37xI7JeGcpUhFbj/q89NNTQMuVJo=", + ), + RegistrationTestDataGenerator.importAttestationCa( + "MIIDYzCCAkugAwIBAgICEMwwDQYJKoZIhvcNAQEMBQAwajEmMCQGA1UEAwwdWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMgQ0ExDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjBqMSYwJAYDVQQDDB1ZdWJpY28gV2ViQXV0aG4gdW5pdCB0ZXN0cyBDQTEPMA0GA1UECgwGWXViaWNvMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJC9fJz8zP+llv1FpFhtFJBqT/lIJnVrDBhW6j8a4VGulRVsNYTDzAi9vYZqgpFzWyf+/sEYSHZs+WRkXvxHRS6lmhO2rix3pqKzfgx0/5r1Im06EoSOe+hNgJz4HPG0bgr117HOh0XchXLGD3mjMUBdyYUw1iyL534UqdqORApKFBkrLq4dS99xRyjBG50+uCuNY3GrCgopXX1pH5Qy9KuFkTPRzzEpSf3L4hONK35DmbR3JD6vhAY9Fq/srduu0W2RWodA6s4KiMD6qz21FDMYfF//4wdySdvYAhwPPolQzsMdRsfWxKogDACscNe6WD7g36mHc3TJmB+l0cPXyQsCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAQEAB/Dr6Bt5i1HoWm5OrgtyXEb817Zb8wMimA45vQWVuE44FBOuUbyacHLIlEAS7apBpfQKKOBpFruM+JRpYvJANS7TxX/APu+H8NgyGWZ3tGse5fQDWKmiRjemNweDOLMzp18IT4kS/T5NGjRpk0uFELno7Qtadi6CwbjXMGIIuKQ7iqStwVEE2lykXE3hWAlNWIpgDEhkLvagCK6x+MTzbRBn51/QbBtWjB0qspnwqM7gCS3OLNjyu/G9Bun8xCnaI7r8uujilG7zkFMroRErRufWTiowcGZV2BW2LaPz6Uuzhu89blep3z8VTeuHyliLOUzcbs8bsNXO2S+Dgmk9cw==", + "RSA", + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCQvXyc/Mz/pZb9RaRYbRSQak/5SCZ1awwYVuo/GuFRrpUVbDWEw8wIvb2GaoKRc1sn/v7BGEh2bPlkZF78R0UupZoTtq4sd6ais34MdP+a9SJtOhKEjnvoTYCc+BzxtG4K9dexzodF3IVyxg95ozFAXcmFMNYsi+d+FKnajkQKShQZKy6uHUvfcUcowRudPrgrjWNxqwoKKV19aR+UMvSrhZEz0c8xKUn9y+ITjSt+Q5m0dyQ+r4QGPRav7K3brtFtkVqHQOrOCojA+qs9tRQzGHxf/+MHcknb2AIcDz6JUM7DHUbH1sSqIAwArHDXulg+4N+ph3N0yZgfpdHD18kLAgMBAAECggEARzbD+iWz41Cg4oqCWvOIe6mjIZ6rNXhu4gbZiCT8mYjRV1H/XwxK9j4M4vbCuTfNsPcYdv8wn/vsFMYBqhSS6GmYTnzCY6SXO1Qe/5gNLzvPLXi2JbxJILoJPrIg45eH0SK2doiMLAZdLmRettVhZS7/+OVXa2GGi5U1IRCAT6L3LoIxq1YycV4sFIl51B5TNIluqm8VHejlQ2mlc0TthpLLhvwWFQvLp3+qt5Il67MXTexEFTUMjCECCidqR5JM67rt5lzJKwMEi1GqtLd23A1p6raEyVXfS8wQZL4SRzu1JklE7nUM4nKukEFUNWpUUp/SYXqycjSnpWDYii+QQQKBgQDOiz4JcjGvDd0c0QdiAeobhgW5BcC5i85WKupTuQGPwLjpZuQJKnasMkXpf0sq6Gg3O8W89psj9qzNPnfRaY67li7Ymo34WLVGg7+UdDPl/7JN8SR6jPlTdH96iem2hLGnJQ8uLi5Ay3Fpj9/GVQY7xiYKWyTWRUGq+qbv/Y+FIQKBgQCzZcpm6z483F8IWWmBGUDRHjNx5Th2tIA9A0E0eNCsIMJ+EuBZCRqxpg487QsLCuOLz5NCGTSWKkZQ3XU9HynzKaDZY3zwuqw0YfConpmIjYnwmfaq2/4bKC22PTeVvhb+ghkG05U6YWmolgkGM9zlpMyb7VXrd5QbNSPdCuJcqwKBgGVu2nuXGjFHFLTHLuIB4K+9pOfVnG1C7IVCtCuDqvGnCuiNACZENV2hntXqDsc2tZ+Seiyvy0bhKMHvELbGKTOUsNLtLBWvsu67WwWT/7zPUwiWCX0p6HQEvWo3epCJIBneyFK8mTh28O6PmqzzKomGaT4ivrd/8Zz/VaZ8ltQhAoGATXmlWqM3grMtO37ZyI4uZuFjGEoFA4baZv8T1uRiQiP3utjOGMWMyLHNLlS00zUFpiikEQSvqDZjnaK2cgoWZNRSie+kUpZbrlepxjiQV9/Ada8YTxuo9vN4Il73tWydo5Zt1nvj042kQtFg3lPhjy+HycNKuuEujj152olLzvcCgYBNKJCD1w40qWy51usqrFgYLA0X8dBGc4yv1AEJVknGl/bfhlwovc82PgzEGLq9fXjKHQEeQtY+K56erFpCrLBU7JPVtfck9LX+HGN4D6LD7ycTIQVtA3AwW/b58OQqIqULO4++Vc3BvI/qoX5oBnnpXn7XnZUbtUSJF/4GxGJ6Vw==", + ), + ), + ) { + override def regenerate() = + TestAuthenticator.createBasicAttestedCredential( + keyAlgorithm = COSEAlgorithmIdentifier.RS384, + attestationMaker = AttestationMaker.tpm( + AttestationSigner.ca( + alg = COSEAlgorithmIdentifier.RS384, + certSubject = new X500Name(Array.empty[RDN]), + certExtensions = tpmCertExtensions, + ) + ), + ) + } + + val ValidRs512: RegistrationTestData = new RegistrationTestData( + alg = COSEAlgorithmIdentifier.RS512, + attestationObject = + ByteArray.fromHex("bf68617574684461746159016849960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97634100000539000102030405060708090a0b0c0d0e0f0020720f0707397ade996822ef5474c9a796b1a89113fc7d79521e7008f414e6948ea4010303390102205901010099116dd8d7264698788f7916ceab8950ddef91a6627aef32f6fb682cb9d581ba4d979c22ee99b456e518399af900dc41b712086a85fa1f57b14e5a7e19c94c283024125f43ee03e62efd10470172cb890c3fddecef2f32937b74172175b66351691d49d441ebb6305d02fa844a2e0566c9e96aac07d28cf91a4d4c975c03f630a606a43537cf48e661aa16d8a035e302f12ca4d529ed8ac82c57b811dfa7fef0a84d1e8d3b27d3cd0cc140f45c82a737239f470bd737b0c52202173b37941d106ee456f6853a4adb12c5b42006f055808a256b96aaeb7a3c44ad2c03f11484735e603da10c1e7d1bbc29648c30ea38c4bbd4a9cb78b939b5a58b2d8ff8a8ba27214301000163666d746374706d6761747453746d74bf63616c67390102637369675901004a0200672a612871d63d6c5ac4483d044d8af21ea2e18864a1e49fddaeeddc505b74e332a76119e5eaecdeb1bf8fc9504d3f0e2c09d3c83a9357315d201b67332562030aa6a8a3ffc6573f05a12b595b69834f6412a4e1ccd8209d8742703e2e0637ad2ed0eaf8030bf29cb1b1344a5e2e9b316c84930bd65bae7ef8fea18913ee300db3e99965532f7f062024fc4424dee6e583b635b67d130e12947fba7dbcad8213d1c9a37e7abf1ee145ac84e54f02208cf5411fed5e8119f3302b8f4f9ef010c5c037f72704fe4653d2c7431df0e94f34854c5d8337e7f267b1a3e7ecce40b683fb1b2a859a92396cfc673e2bd1b72dc2fbb2f91ed5542e838e31a8801463783563825903913082038d30820275a00302010202021ba4300d06092a864886f70d01010d0500306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a300030820122300d06092a864886f70d01010105000382010f003082010a0282010100935b5d593d9f8f6eec753e61735c7228915d78e5e4ce715437cedbd6c7a684acfbc01807e6f3762453ba48a29613a766db7aeac1682d2e23def0a9d7e2366caeee90f447188b55036a956bea104e9a4d7075da6312853f4ec3a57a04ddf31aaf505ec93249ff3324bc93053a88322c6a51901439c25c6b615e451567dee94d937afd2dbfd6406875eb174ee0e00d9716de98ee232c2d5fa6024391dd7e5eca424afb8daae8c26d65523296a891e0aaa7df792b9de7dc94d250ddc85a8c562bd331cd7616e07b208e281722110526e2eeb28a830b6ca051599368ee5ebd1306a4398f1f8f214c410b7e24bff8ca7193774454747e3cd6b4d0ba7c361981662b210203010001a381a63081a33021060b2b0601040182e51c01010404120410000102030405060708090a0b0c0d0e0f30690603551d110101ff045f305da45b305931573014060567810502010c0b69643a30303030303030303014060567810502030c0b69643a30303030303030303029060567810502020c20544553545f59756269636f5f6a6176612d776562617574686e2d73657276657230130603551d250101ff0409300706056781050803300d06092a864886f70d01010d0500038201010000a2dc0579f375ba042eeaf34837b8aefd0e43e228263f93da51ab3e991faefa282290b496004aa60b6454bfc1ffcfd004e84be4a71a5069b99d6eefad41629a7b8ba5b576ad954bd50a232b4f69f7d7bf3ad1882d6f2602e3508df6a670df11c9afe773493a94b004795e622f7448c56e4e45c11aa1a20a5244d76559c08d0c53e9886d470724cabd9a4f4d7a21fa37059d28a9e1604998312b5820888167406265ca6b6e39087216f9601d1eb3071947319e87451e9af1077dbf5e91a23623091051371c942698f2ad831c437f3ab9fcf1e94c1728fa201d86d353adfea9aec127255e0ca9b95e3d676d4feb6f6d327ee8bfa88d5f5df42aca2b23644ab010590367308203633082024ba00302010202021ed2300d06092a864886f70d01010d0500306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025345301e170d3138303930363137343230305a170d3138303931333137343230305a306a3126302406035504030c1d59756269636f20576562417574686e20756e6974207465737473204341310f300d060355040a0c0659756269636f31223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b300906035504061302534530820122300d06092a864886f70d01010105000382010f003082010a028201010081f2dad381970f5bd571081f92db0a78a660f45e27b0bd11d321e906f1c03a17b72660eff210aa908e82edbb3e42a6c781e37fe1c42025b899d12683ce2512583018ebd54b129559465dbd3fd231d95271e23a60403a0104785d0e17b25256f4dfa4b1ab4b7d60e8985664642059335eca925fd985d1165c460d7ab4dc33b1e8883d9bfa45893df6d3b67cabe64122e935d6b6b084b5eae512b18f726c4db58295cb198b6e320197a5e3421af3705299bb3ae31c82c2016c123c0afec05e980b0df8840c225ce318373eac9cfbd1ac9b53d9ae67a0e59bd0f620e5af738fba98f3645df4f152e42ccce1b0f4d2b5295e136865f8a5f8ffc061666dfecac0ce390203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010d050003820101005824dab316433c723cd4ced60e46e3e630fca9048ba190c6d5ecb293c0a6f8e6a5186f5edb87350ba4126c374ccd03828292258e4770976b151e190b462198198f5048d9511973c3b1daedd5e0fa38c0bfe397cdf806681116a3f059b43ab008f35eeea352e62cfda1f76c8a37493ec598474783a2fd0bad36af0cef4a2ad838978295e02b4d6defd60c9c5f931b7e0e9e9b6513a4873f9ce15306c5c8944be2d01178ea62db5ae6c3c538c9c2792943e9209e622417d20aea8c876521ec25367e442823d1a8b545ef3251fbc1d53a21eb2b994231e70e1bddf290a356c30e7e049d9f7ee00503ec36a17ba6da0b01da6f8b545880551aa9da44f484ce38d4036863657274496e666f58a9ff5443478017000000409b34053f3da1fca291f1c83578b9fe3e950f89bfe9a6ac802dfc3170d9436d95a1c1229e0534b0ed34fda227f58c970bfabfd804ef554187baf643d44b150135000000000000000011111111222222223300000000000000000042000dfeb6906ef87911b6e6ebd3126d8f2d2c6bb2d72a96aa1a6db27e0547264077fffed8664eb459611c9f8094935453401316f519df3e52ecc8032a218029d33c6700006376657263322e3067707562417265615901170001000d0004000000000010001408000001000101010099116dd8d7264698788f7916ceab8950ddef91a6627aef32f6fb682cb9d581ba4d979c22ee99b456e518399af900dc41b712086a85fa1f57b14e5a7e19c94c283024125f43ee03e62efd10470172cb890c3fddecef2f32937b74172175b66351691d49d441ebb6305d02fa844a2e0566c9e96aac07d28cf91a4d4c975c03f630a606a43537cf48e661aa16d8a035e302f12ca4d529ed8ac82c57b811dfa7fef0a84d1e8d3b27d3cd0cc140f45c82a737239f470bd737b0c52202173b37941d106ee456f6853a4adb12c5b42006f055808a256b96aaeb7a3c44ad2c03f11484735e603da10c1e7d1bbc29648c30ea38c4bbd4a9cb78b939b5a58b2d8ff8a8ba27ffff"), + clientDataJson = """{"challenge":"AAEBAgMFCA0VIjdZEGl5Yls","origin":"https://localhost","type":"webauthn.create","tokenBinding":{"status":"supported"}}""", + privateKey = Some( + ByteArray.fromHex("308204bd020100300d06092a864886f70d0101010500048204a7308204a3020100028201010099116dd8d7264698788f7916ceab8950ddef91a6627aef32f6fb682cb9d581ba4d979c22ee99b456e518399af900dc41b712086a85fa1f57b14e5a7e19c94c283024125f43ee03e62efd10470172cb890c3fddecef2f32937b74172175b66351691d49d441ebb6305d02fa844a2e0566c9e96aac07d28cf91a4d4c975c03f630a606a43537cf48e661aa16d8a035e302f12ca4d529ed8ac82c57b811dfa7fef0a84d1e8d3b27d3cd0cc140f45c82a737239f470bd737b0c52202173b37941d106ee456f6853a4adb12c5b42006f055808a256b96aaeb7a3c44ad2c03f11484735e603da10c1e7d1bbc29648c30ea38c4bbd4a9cb78b939b5a58b2d8ff8a8ba270203010001028201000d41281cedcc7fb276461e3b2e5c4640bd67205aa30e782616a3008b56f0391293e37bfebe608af0375858aca5c140516473e84ca91b5699765e0d91fbd3a587995b9647af8f2dc141f261f57417a7ae4f643c6866f1d454570d5f6f634d0ede9ed68d6d16e43d5b84c25c45165353de69bf8fa023f14489d1903e00a1542a7e3aae6929ba4ec754ec4c01864fcd1e774a3b7f090078ad8fe618e8b79c07e644ae34bdd0534b6cdee6c08018548984f66641fb026afdd85d3a44bc715b2aa2e8583af5a99ccc81c7d55317425501e5b5aa82bd0958a3b0c0b068349fdea13ea6f043300d78c316d5f358297f1a023469b839c5c52a0f459a76524a0a8856c2b102818100fb570a0770ee0eabb7f51fed98bbdb14146a28518128af749f854fabb680ff6a597a3f17ba968ec7b8c4e4acf964044828741375b2cf513bef4f52d1dd39924d64b9037d109c85cdf0ffe1f7d44e0f8802fc48979a80587a84a8200162bf7d197c237ff6b91aac742e0e48d3022639f50c49405d6d69b8d7bc23f2a125421579028181009be7f3abcb18e8dd2a96f96e0f37589ddbafcc78dae698fd0b51c317971b9decddf06b4c219f3380db4c4d71fcdc9e27cf59847f002c2296bf6600b8391b9c2cdca3af4af8a5f421845780152637df0c9790021b73f9926cc160b5935918d6cde92db47a6cf918d434bcd5d5fc3a7b0c48f122a7a851ba9eabb42bf6e223849f02818100a652e5ff209b58b808273d76b4d0f3dc28da4b4e0c63c9202b044441c4a73edeb8d1adf8dcf00f1259d269e591afbf29a52393511b0018a8c9e7bb4dc7d0f66122db5054adee76995ef76628e3a4b8a07021554485e8932498aecd673d5aacc575a1e46777fd0fcc5e41f3ad3749e6a6a3f7c19151fb5967e24803a2e20e0639028180062b223ffcd42a7a7db1e5828e459153059b2a0aea164f9d4b725bb6b63ad87fc3b43c7a91a5fbe2b04a8f91e000569d9a9d9f196b4753c30525a307a6f2c9b618b0bd41c91ebfcf07ae7299e39e384c063f236634ab7e38a15a133516445e535d537a9d916c35a847c1e4f0077fc4d892963fd9c4561f7d21ac0a454563445f0281803aa51050b258667e701df840ce5975f5e6706c5e58b5a5b6c9100de05a7c3d420f41bfdac8c0c9fd98036f0d12ed2c4faf5fc07215a0a7e4a4517009117b1a2c24126dee8cab6d6d56c6fd3301983fdf2c77ffe58f83e0175e6793c38fea968bce6b640f67389769c4fbd4664c9130d2eef6c819f621f199027f4e824027c303") + ), + attestationCertChain = List( + RegistrationTestDataGenerator.importAttestationCa( + "MIIDjTCCAnWgAwIBAgICG6QwDQYJKoZIhvcNAQENBQAwajEmMCQGA1UEAwwdWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMgQ0ExDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1tdWT2fj27sdT5hc1xyKJFdeOXkznFUN87b1semhKz7wBgH5vN2JFO6SKKWE6dm23rqwWgtLiPe8KnX4jZsru6Q9EcYi1UDapVr6hBOmk1wddpjEoU/TsOlegTd8xqvUF7JMkn/MyS8kwU6iDIsalGQFDnCXGthXkUVZ97pTZN6/S2/1kBodesXTuDgDZcW3pjuIywtX6YCQ5Hdfl7KQkr7jarowm1lUjKWqJHgqqffeSud59yU0lDdyFqMVivTMc12FuB7II4oFyIRBSbi7rKKgwtsoFFZk2juXr0TBqQ5jx+PIUxBC34kv/jKcZN3RFR0fjzWtNC6fDYZgWYrIQIDAQABo4GmMIGjMCEGCysGAQQBguUcAQEEBBIEEAABAgMEBQYHCAkKCwwNDg8waQYDVR0RAQH/BF8wXaRbMFkxVzAUBgVngQUCAQwLaWQ6MDAwMDAwMDAwFAYFZ4EFAgMMC2lkOjAwMDAwMDAwMCkGBWeBBQICDCBURVNUX1l1Ymljb19qYXZhLXdlYmF1dGhuLXNlcnZlcjATBgNVHSUBAf8ECTAHBgVngQUIAzANBgkqhkiG9w0BAQ0FAAOCAQEAAKLcBXnzdboELurzSDe4rv0OQ+IoJj+T2lGrPpkfrvooIpC0lgBKpgtkVL/B/8/QBOhL5KcaUGm5nW7vrUFimnuLpbV2rZVL1QojK09p99e/OtGILW8mAuNQjfamcN8Rya/nc0k6lLAEeV5iL3RIxW5ORcEaoaIKUkTXZVnAjQxT6YhtRwckyr2aT016Ifo3BZ0oqeFgSZgxK1ggiIFnQGJlymtuOQhyFvlgHR6zBxlHMZ6HRR6a8Qd9v16RojYjCRBRNxyUJpjyrYMcQ386ufzx6UwXKPogHYbTU63+qa7BJyVeDKm5Xj1nbU/rb20yfui/qI1fXfQqyisjZEqwEA==", + "RSA", + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCTW11ZPZ+Pbux1PmFzXHIokV145eTOcVQ3ztvWx6aErPvAGAfm83YkU7pIopYTp2bbeurBaC0uI97wqdfiNmyu7pD0RxiLVQNqlWvqEE6aTXB12mMShT9Ow6V6BN3zGq9QXskySf8zJLyTBTqIMixqUZAUOcJca2FeRRVn3ulNk3r9Lb/WQGh16xdO4OANlxbemO4jLC1fpgJDkd1+XspCSvuNqujCbWVSMpaokeCqp995K53n3JTSUN3IWoxWK9MxzXYW4HsgjigXIhEFJuLusoqDC2ygUVmTaO5evRMGpDmPH48hTEELfiS/+Mpxk3dEVHR+PNa00Lp8NhmBZishAgMBAAECggEAUsSP009cr0kDwfsO66gyavzzfrPKZ/aZ8lrbenFb48vx//y/e4amhlMNID1KhLGTgZYyA/6K2g7F63HK08H0G/HeM4c3jxNqPtS875THQb5be6b13PJBE/GqobXYIPONI1yKMBgGIujwjrfyH4vnDLTRc7rZo+WgpD2zf0tiyfJBWPwpwhVbqMp2OIFKg2iLMdoDOfEEFswEQySxjzi+/gMR/kPb2U1JKFM5Lg77UKNb+t9YvZ1Qd5BL7pAwbFMjhpLz3F2V569+wzdwWj50WVpaVlBZwIGxn7pV/Tw26jl2DoV6Hc+16CpsqUd3baOuaWIv/sJZNSgYqM2ctYIzrQKBgQDJ7zBf4Eg3lSAJ2Ds3Gg0/jxDnwQaNQ9GHvYTXOFAXrkpntvwQxgntR4+X5RGiQDgCvE1Vvdi5ZR4erSFQ/dCaMSAarjnCm6LAuYYtIpycH6vOwaAjOm5p2hCvXykw/27cOsTHeSsJtxUd6n9pcnfajL/ZSFovgPhydEctQJbU1wKBgQC6z2AWhvKth0usyHSjUgAP+QRCMSFgRKpuf5AMXADmAgcvJlxuyPBLDlOtHdaJ9SN9wJuFnSU+rmQM0PaS1d3Aa+sWsJIs67lrSHO+w6nsEYbZrs3hH8MALqcMgU+25MY+mRMftHfXtsWHaOEu1Vh9sykGfz7SErnGBLRc5oAIxwKBgQChb0gEDgCN9vkDBcvpNDmNK2m/bRA41RPoabmOeWWGWP8AxUfkfP4opIIGU8nyJVbh0PoeZsShCla2/X/aCN/AtS9ORSTGELhfTLIY2UfMhIFMrHzCTQ9CLmQSX4hFtJ9DDvSL57Fhde062mJ7wVhR7x3crjvzKC73CUBxy+YJRwKBgQCnOAojIBkLDBjJSYZey4ASzCzrs17U9aI51yXyakjDmv0jT4td/7BY/zIXvKXWSADFCCwupkQ4n5Ifhs2xEo+1NuTxIo02eKs5RVmWYT8xeV7kbH0OD4hWGWye3QGmDZMHZa6gqsK77XdThqZLbd4QZtdKYYyyLuDsSDnLDul88QKBgG8kw4SrT5SjlpkzT2XZJg/ehPI//wnuL2jm1kqDr1Y+MZ78YOrTTGwRKFK1eBAuNh7mAhZ4LN4kYiwLQ5ucJ/ipqXknp00Hvkc88lW3DX7pBf4ZoXgooz8mctCvXaZgDLfR861rMJXYQw+XQjbyslbVShQLbdWTDbwOiqUZcDpN", + ), + RegistrationTestDataGenerator.importAttestationCa( + "MIIDYzCCAkugAwIBAgICHtIwDQYJKoZIhvcNAQENBQAwajEmMCQGA1UEAwwdWXViaWNvIFdlYkF1dGhuIHVuaXQgdGVzdHMgQ0ExDzANBgNVBAoMBll1YmljbzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCU0UwHhcNMTgwOTA2MTc0MjAwWhcNMTgwOTEzMTc0MjAwWjBqMSYwJAYDVQQDDB1ZdWJpY28gV2ViQXV0aG4gdW5pdCB0ZXN0cyBDQTEPMA0GA1UECgwGWXViaWNvMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIHy2tOBlw9b1XEIH5LbCnimYPReJ7C9EdMh6QbxwDoXtyZg7/IQqpCOgu27PkKmx4Hjf+HEICW4mdEmg84lElgwGOvVSxKVWUZdvT/SMdlSceI6YEA6AQR4XQ4XslJW9N+ksatLfWDomFZkZCBZM17Kkl/ZhdEWXEYNerTcM7HoiD2b+kWJPfbTtnyr5kEi6TXWtrCEterlErGPcmxNtYKVyxmLbjIBl6XjQhrzcFKZuzrjHILCAWwSPAr+wF6YCw34hAwiXOMYNz6snPvRrJtT2a5noOWb0PYg5a9zj7qY82Rd9PFS5CzM4bD00rUpXhNoZfil+P/AYWZt/srAzjkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAQEAWCTasxZDPHI81M7WDkbj5jD8qQSLoZDG1eyyk8Cm+OalGG9e24c1C6QSbDdMzQOCgpIljkdwl2sVHhkLRiGYGY9QSNlRGXPDsdrt1eD6OMC/45fN+AZoERaj8Fm0OrAI817uo1LmLP2h92yKN0k+xZhHR4Oi/QutNq8M70oq2DiXgpXgK01t79YMnF+TG34OnptlE6SHP5zhUwbFyJRL4tAReOpi21rmw8U4ycJ5KUPpIJ5iJBfSCuqMh2Uh7CU2fkQoI9GotUXvMlH7wdU6IesrmUIx5w4b3fKQo1bDDn4EnZ9+4AUD7Dahe6baCwHab4tUWIBVGqnaRPSEzjjUAw==", + "RSA", + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCB8trTgZcPW9VxCB+S2wp4pmD0XiewvRHTIekG8cA6F7cmYO/yEKqQjoLtuz5CpseB43/hxCAluJnRJoPOJRJYMBjr1UsSlVlGXb0/0jHZUnHiOmBAOgEEeF0OF7JSVvTfpLGrS31g6JhWZGQgWTNeypJf2YXRFlxGDXq03DOx6Ig9m/pFiT3207Z8q+ZBIuk11rawhLXq5RKxj3JsTbWClcsZi24yAZel40Ia83BSmbs64xyCwgFsEjwK/sBemAsN+IQMIlzjGDc+rJz70aybU9muZ6Dlm9D2IOWvc4+6mPNkXfTxUuQszOGw9NK1KV4TaGX4pfj/wGFmbf7KwM45AgMBAAECggEAS2SiLwpFoUSPjle/Mc3hwmQNZlnmPzVCzTMkZsIF2+58dUjSjae7vcjhD5qOIc9vet2KCWtnl1sF6wGkgQqjHQUywEjsmGiL9jZWoVuLTmH17uIdi8XbZ0OKAa4f6IPI6KQ97HsM0BfCooT2TopSMpHm4LNsXwXRHVeetKX5XCMHcUBAQYtd2DhHST3BCGeWWvxy+dbaX0TzscUfb7OkVoXYaCb+88c2GL74cNjz24D8MzEXUd2HBP2J7nBLHlUGWI1LIkbYLuNZ5oPSJOxZ3gZtD/xPzRvLY7aORKplu4AYfwgW24hHf0b3IQfDwVV+uhwDgJV7De0rh96kbIId8QKBgQD0jZ5ZQXxYK8GZGsyy48LZ07k/3/sMo483RY3y0We0JxKwBCkqZPfBjG5c2dSJuJsOkTKJfuhI7kdkp/+FJjLNpCqmcUbVYs4OSWBK2aoFltOJ210XFY09lzTLScfOcXf11jSiiFQ0HvxrOPpIWIoMn0K/VKppHnEoF2zlFRyepQKBgQCIB/oCkzLClWqghsDyz1Yr2HVQQsYUZWpKkzSLfw7VIPnppRQd7j5KysN6p9wuWX0+6SvJhhjM/Tn1n6vSco8Sn2f5XDq/ayblKrfAS/LV0/Z1M7G6U4Kcjr7Yd+mIPxCFqgES/XHZ+10Ikdp5R7Vr46L/Wq0pUS+0Z007imnRBQKBgHLAgS0grVgyMAXHrYXDmgrcbnCqiQLFPM6StKjb2e2O6BXv3eEmv5ryalbnX/O/zAJp32zlP9n49UcmDaBM7EnSXrD7NmGqm0XY6HY27LDytRBa/rN2SXA9I2jAliEo3UFd4hTiI6DRaWBmvAp2gVCq6ocdE1mAD1jgpRhZb7SBAoGAR4MR/sqNc9gC7xMIWl1/aptnyOLhqRVLlJrgk7ke/hJQ73B2K+n0W3NO4qteSAuJmUoRV+ckIJe7IZJoTMEmz953VZMT20+kafNUGEaVCa5dsW2UsGR4lH9CeyBG5/ZnZC1kVSxh7vuDBB9RIFL/YBGSvfVYdREWKBvqcTOpv1UCgYBjQNVSvXNOHb/0ChcFyAIZtN+p/7ykLyjVMbPK0TkWWGfVNSUXvz2/otUEiGQjnIMgQ+PHNOOLdmCwiSjgx1s1rbl6/xAFWS4/GlugPAug0u859sIdTkMjDmotAsBSATHHG4S4TYG7ArCBsxhVzkUdK4pH7vldSjSyOf4YPypyeQ==", + ), + ), + ) { + override def regenerate() = + TestAuthenticator.createBasicAttestedCredential( + keyAlgorithm = COSEAlgorithmIdentifier.RS512, + attestationMaker = AttestationMaker.tpm( + AttestationSigner.ca( + alg = COSEAlgorithmIdentifier.RS512, + certSubject = new X500Name(Array.empty[RDN]), + certExtensions = tpmCertExtensions, + ) + ), + ) + } + val ValidRs1: RegistrationTestData = new RegistrationTestData( alg = COSEAlgorithmIdentifier.RS1, attestationObject = @@ -1087,6 +1213,8 @@ case class RegistrationTestData( PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.ES512, PublicKeyCredentialParameters.RS256, + PublicKeyCredentialParameters.RS384, + PublicKeyCredentialParameters.RS512, ).asJava ) .extensions(requestedExtensions) diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala index 94d94ca06..2519fa756 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala @@ -4182,6 +4182,24 @@ class RelyingPartyRegistrationSpec COSEAlgorithmIdentifier.RS256 ) } + + it("RS384.") { + pubKeyCredParams should contain( + PublicKeyCredentialParameters.RS384 + ) + pubKeyCredParams map (_.getAlg) should contain( + COSEAlgorithmIdentifier.RS384 + ) + } + + it("RS512.") { + pubKeyCredParams should contain( + PublicKeyCredentialParameters.RS512 + ) + pubKeyCredParams map (_.getAlg) should contain( + COSEAlgorithmIdentifier.RS512 + ) + } } describe("do not include") { diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala index 85bc8c7cd..83f3b5606 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala @@ -909,6 +909,10 @@ object TestAuthenticator { (TpmAlgHash.SHA512, TpmAlgAsym.ECC) case COSEAlgorithmIdentifier.RS256 => (TpmAlgHash.SHA256, TpmAlgAsym.RSA) + case COSEAlgorithmIdentifier.RS384 => + (TpmAlgHash.SHA384, TpmAlgAsym.RSA) + case COSEAlgorithmIdentifier.RS512 => + (TpmAlgHash.SHA512, TpmAlgAsym.RSA) case COSEAlgorithmIdentifier.RS1 => (TpmAlgHash.SHA1, TpmAlgAsym.RSA) case COSEAlgorithmIdentifier.EdDSA => ??? } @@ -964,6 +968,8 @@ object TestAuthenticator { case COSEAlgorithmIdentifier.ES512 => 0x0005 case COSEAlgorithmIdentifier.RS1 | COSEAlgorithmIdentifier.RS256 | + COSEAlgorithmIdentifier.RS384 | + COSEAlgorithmIdentifier.RS512 | COSEAlgorithmIdentifier.EdDSA => ??? })) @@ -1115,8 +1121,9 @@ object TestAuthenticator { case COSEAlgorithmIdentifier.ES256 => generateEcKeypair("secp256r1") case COSEAlgorithmIdentifier.ES384 => generateEcKeypair("secp384r1") case COSEAlgorithmIdentifier.ES512 => generateEcKeypair("secp521r1") - case COSEAlgorithmIdentifier.RS256 => generateRsaKeypair() - case COSEAlgorithmIdentifier.RS1 => generateRsaKeypair() + case COSEAlgorithmIdentifier.RS256 | COSEAlgorithmIdentifier.RS384 | + COSEAlgorithmIdentifier.RS512 | COSEAlgorithmIdentifier.RS1 => + generateRsaKeypair() } def generateEcKeypair(curve: String = "secp256r1"): KeyPair = { diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnTestCodecs.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnTestCodecs.scala index 04ac6e9b0..eb0202ebb 100644 --- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnTestCodecs.scala +++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnTestCodecs.scala @@ -51,7 +51,8 @@ object WebAuthnTestCodecs { val spec = new PKCS8EncodedKeySpec(encodedKey.getBytes) keyFactory.generatePrivate(spec) - case COSEAlgorithmIdentifier.RS256 | COSEAlgorithmIdentifier.RS1 => + case COSEAlgorithmIdentifier.RS256 | COSEAlgorithmIdentifier.RS384 | + COSEAlgorithmIdentifier.RS512 | COSEAlgorithmIdentifier.RS1 => val keyFactory: KeyFactory = KeyFactory.getInstance("RSA") val spec = new PKCS8EncodedKeySpec(encodedKey.getBytes) keyFactory.generatePrivate(spec)