add titan log

ritou · Dec 3, 2023 · ed0895f · ed0895f
1 parent eb1ac78
commit ed0895f
Show file tree

Hide file tree

Showing 2 changed files with 142 additions and 0 deletions.
diff --git a/test/lib/web_authn_lite/operation/authenticate_test.exs b/test/lib/web_authn_lite/operation/authenticate_test.exs
@@ -36,6 +36,12 @@ defmodule WebAuthnLite.Operation.AuthenticateTest do
   @encoded_client_data_json_1password "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiS001UDA1M3o5SEtES25mREJDZEU2ZyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5jb20ifQ"
   @encoded_signature_1password "MEUCIQD59PjH7DGr7GkKlJf2LRj-JtAwEgq1Q2KEPXmgsqumZgIgQBxKCXTFq1PH81cgN8I_zWPNlKJ5-9TPdwgm-y_FeRA"
 
+  # Titan Security Key
+  @encoded_attestation_object_titan "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViio3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUfFAAAABAAAAAAAAAAAAAAAAAAAAAAAEAABALkUNLt3WUXkiu0RtI2lAQIDJiABIVggyWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmoiWCDLAU9vy_ZOkd_Gz_1auXTDxRSJhNsPdyiYcIV_gWnCjKFrY3JlZFByb3RlY3QC"
+  @encoded_authenticator_data_titan "o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUcFAAAADA"
+  @encoded_client_data_json_titan "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiS001UDA1M3o5SEtES25mREJDZEU2ZyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9"
+  @encoded_signature_titan "MEMCH3Dok-D_nk2xc6EmAMZuUAOXjtPQP3iwA058v8dG4DcCIGckHG757nZSfny5f9Q1frDB5M1i6182a-OgA9stR7zr"
+
   describe "basic" do
     test "validate_client_data_json" do
       assert {:ok, _client_data_json} =
@@ -246,5 +252,62 @@ defmodule WebAuthnLite.Operation.AuthenticateTest do
                extensions: nil
              } = authenticator_data
     end
+
+    test "titan" do
+      {:ok, attestation_object} =
+        WebAuthnLite.AttestationObject.decode(@encoded_attestation_object_titan)
+
+      storable_public_key = %StorablePublicKey{
+        credential_id: attestation_object.auth_data.attested_credential_data.credential_id,
+        public_key: attestation_object.auth_data.attested_credential_data.credential_public_key,
+        sign_count: attestation_object.auth_data.sign_count
+      }
+
+      assert {:ok, updated_storable_public_key, authenticator_data} =
+               Authenticate.validate_authenticator_assertion(%{
+                 credential_id: storable_public_key.credential_id,
+                 signature: @encoded_signature_titan,
+                 authenticator_data: @encoded_authenticator_data_titan,
+                 client_data_json: @encoded_client_data_json_titan,
+                 public_keys: [storable_public_key],
+                 rp_id: @sample_rp_id,
+                 up_required: true,
+                 uv_required: true
+               })
+
+      assert %WebAuthnLite.StorablePublicKey{
+               credential_id: "AAEAuRQ0u3dZReSK7RG0jQ",
+               public_key: %WebAuthnLite.CredentialPublicKey.ES256{
+                 key: {{:ECPoint, _}, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}},
+                 digest_type: :sha256,
+                 map: %{
+                   "crv" => "P-256",
+                   "kty" => "EC",
+                   "x" => "yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo",
+                   "y" => "ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow"
+                 },
+                 json:
+                   "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo\",\"y\":\"ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow\"}"
+               },
+               sign_count: 12
+             } = updated_storable_public_key
+
+      assert %WebAuthnLite.AuthenticatorData{
+               rp_id_hash: "o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUc",
+               flags: %WebAuthnLite.AuthenticatorData.Flags{
+                 flags: <<5>>,
+                 up: true,
+                 uv: true,
+                 be: false,
+                 bs: false,
+                 at: false,
+                 ed: false
+               },
+               sign_count: 12,
+               raw: _,
+               attested_credential_data: nil,
+               extensions: nil
+             } = authenticator_data
+    end
   end
 end
diff --git a/test/lib/web_authn_lite/operation/register_test.exs b/test/lib/web_authn_lite/operation/register_test.exs
@@ -30,6 +30,10 @@ defmodule WebAuthnLite.Operation.RegisterTest do
   @encoded_attestation_object_1password "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViUo3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUddAAAAALraVWanqkAfvZZFYZpVEg0AEGBXeEQ8yxQazz5IPwZqhE2lAQIDJiABIVggvWFLkJMYDEDGBi6yc8ScvDfjq2kouAGlmQYdx9JunzIiWCDXAfwyGybtPLjHWFj0vR7bWVq6RvNuEq4xGW9Mf6eCcw"
   @encoded_client_data_json_1password "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiS001UDA1M3o5SEtES25mREJDZEU2ZyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5jb20ifQ"
 
+  # Titan Security Key
+  @encoded_attestation_object_titan "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViio3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUfFAAAABAAAAAAAAAAAAAAAAAAAAAAAEAABALkUNLt3WUXkiu0RtI2lAQIDJiABIVggyWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmoiWCDLAU9vy_ZOkd_Gz_1auXTDxRSJhNsPdyiYcIV_gWnCjKFrY3JlZFByb3RlY3QC"
+  @encoded_client_data_json_titan "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiS001UDA1M3o5SEtES25mREJDZEU2ZyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9"
+
   describe "basic" do
     test "validate_client_data_json" do
       assert {:ok, _client_data_json} =
@@ -295,5 +299,80 @@ defmodule WebAuthnLite.Operation.RegisterTest do
                raw: _
              } = attestation_object
     end
+
+    test "titan" do
+      assert {:ok, _client_data_json} =
+               Register.validate_client_data_json(%{
+                 client_data_json: @encoded_client_data_json_titan,
+                 origin: @sample_origin,
+                 challenge: @sample_challenge
+               })
+
+      assert {:ok, storable_public_key = %StorablePublicKey{}, attestation_object} =
+               Register.validate_attestation_object(%{
+                 attestation_object: @encoded_attestation_object_titan,
+                 client_data_json: @encoded_client_data_json_titan,
+                 rp_id: @sample_rp_id,
+                 up_required: true,
+                 uv_required: false
+               })
+
+      assert %WebAuthnLite.StorablePublicKey{
+               credential_id: "AAEAuRQ0u3dZReSK7RG0jQ",
+               public_key: %WebAuthnLite.CredentialPublicKey.ES256{
+                 key: {{:ECPoint, _}, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}},
+                 digest_type: :sha256,
+                 map: %{
+                   "crv" => "P-256",
+                   "kty" => "EC",
+                   "x" => "yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo",
+                   "y" => "ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow"
+                 },
+                 json:
+                   "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo\",\"y\":\"ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow\"}"
+               },
+               sign_count: 4
+             } = storable_public_key
+
+      assert %WebAuthnLite.AttestationObject{
+               auth_data: %WebAuthnLite.AuthenticatorData{
+                 rp_id_hash: "o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUc",
+                 flags: %WebAuthnLite.AuthenticatorData.Flags{
+                   flags: <<197>>,
+                   up: true,
+                   uv: true,
+                   be: false,
+                   bs: false,
+                   at: true,
+                   ed: true
+                 },
+                 sign_count: 4,
+                 raw: _,
+                 attested_credential_data: %WebAuthnLite.AttestedCredentialData{
+                   aaguid: "00000000-0000-0000-0000-000000000000",
+                   authenticator_name: nil,
+                   credential_id: "AAEAuRQ0u3dZReSK7RG0jQ",
+                   credential_public_key: %WebAuthnLite.CredentialPublicKey.ES256{
+                     key: {{:ECPoint, _}, {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}},
+                     digest_type: :sha256,
+                     map: %{
+                       "crv" => "P-256",
+                       "kty" => "EC",
+                       "x" => "yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo",
+                       "y" => "ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow"
+                     },
+                     json:
+                       "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"yWB-u2ZIJnvTOIH-hKxya4JkDJNPj6wapbzsYA_7jmo\",\"y\":\"ywFPb8v2TpHfxs_9Wrl0w8UUiYTbD3comHCFf4Fpwow\"}"
+                   },
+                   raw: _,
+                   extensions: %{"credProtect" => 2}
+                 },
+                 extensions: %{"credProtect" => 2}
+               },
+               fmt: "none",
+               att_stmt: %{},
+               raw: _
+             } = attestation_object
+    end
   end
 end