From 98a011efdf5d78ae940cc5bc5bf23170060a626a Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 17:40:34 -0800 Subject: [PATCH 1/7] Add W3C WebAuthn Level 3 test vectors (spec section 16) Import all 15 registration/authentication test vector pairs from the official W3C WebAuthn Level 3 specification, covering: - No attestation (ES256, crossOrigin, topOrigin, long credential ID) - Self attestation (ES256) - Packed attestation (ES256, ES384, ES512, RS256, Ed25519, Ed448) - TPM attestation (ES256) - Android Key attestation (ES256) - Apple Anonymous attestation (ES256) - FIDO U2F attestation (ES256) Co-Authored-By: Claude Opus 4.5 --- tests/integration/w3c-android-key-es256/auth-req.json | 5 +++++ tests/integration/w3c-android-key-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-android-key-es256/metadata.json | 4 ++++ tests/integration/w3c-android-key-es256/reg-req.json | 5 +++++ tests/integration/w3c-android-key-es256/reg-res.json | 11 +++++++++++ tests/integration/w3c-apple-es256/auth-req.json | 5 +++++ tests/integration/w3c-apple-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-apple-es256/metadata.json | 4 ++++ tests/integration/w3c-apple-es256/reg-req.json | 5 +++++ tests/integration/w3c-apple-es256/reg-res.json | 11 +++++++++++ tests/integration/w3c-fido-u2f-es256/auth-req.json | 5 +++++ tests/integration/w3c-fido-u2f-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-fido-u2f-es256/metadata.json | 4 ++++ tests/integration/w3c-fido-u2f-es256/reg-req.json | 5 +++++ tests/integration/w3c-fido-u2f-es256/reg-res.json | 11 +++++++++++ .../w3c-none-es256-crossOrigin/auth-req.json | 5 +++++ .../w3c-none-es256-crossOrigin/auth-res.json | 9 +++++++++ .../w3c-none-es256-crossOrigin/metadata.json | 4 ++++ .../w3c-none-es256-crossOrigin/reg-req.json | 5 +++++ .../w3c-none-es256-crossOrigin/reg-res.json | 11 +++++++++++ .../w3c-none-es256-long-credentialId/auth-req.json | 5 +++++ .../w3c-none-es256-long-credentialId/auth-res.json | 9 +++++++++ .../w3c-none-es256-long-credentialId/metadata.json | 4 ++++ .../w3c-none-es256-long-credentialId/reg-req.json | 5 +++++ .../w3c-none-es256-long-credentialId/reg-res.json | 11 +++++++++++ .../w3c-none-es256-topOrigin/auth-req.json | 5 +++++ .../w3c-none-es256-topOrigin/auth-res.json | 9 +++++++++ .../w3c-none-es256-topOrigin/metadata.json | 4 ++++ .../integration/w3c-none-es256-topOrigin/reg-req.json | 5 +++++ .../integration/w3c-none-es256-topOrigin/reg-res.json | 11 +++++++++++ tests/integration/w3c-none-es256/auth-req.json | 5 +++++ tests/integration/w3c-none-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-none-es256/metadata.json | 4 ++++ tests/integration/w3c-none-es256/reg-req.json | 5 +++++ tests/integration/w3c-none-es256/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-ed25519/auth-req.json | 5 +++++ tests/integration/w3c-packed-ed25519/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-ed25519/metadata.json | 4 ++++ tests/integration/w3c-packed-ed25519/reg-req.json | 5 +++++ tests/integration/w3c-packed-ed25519/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-ed448/auth-req.json | 5 +++++ tests/integration/w3c-packed-ed448/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-ed448/metadata.json | 4 ++++ tests/integration/w3c-packed-ed448/reg-req.json | 5 +++++ tests/integration/w3c-packed-ed448/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-es256/auth-req.json | 5 +++++ tests/integration/w3c-packed-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-es256/metadata.json | 4 ++++ tests/integration/w3c-packed-es256/reg-req.json | 5 +++++ tests/integration/w3c-packed-es256/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-es384/auth-req.json | 5 +++++ tests/integration/w3c-packed-es384/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-es384/metadata.json | 4 ++++ tests/integration/w3c-packed-es384/reg-req.json | 5 +++++ tests/integration/w3c-packed-es384/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-es512/auth-req.json | 5 +++++ tests/integration/w3c-packed-es512/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-es512/metadata.json | 4 ++++ tests/integration/w3c-packed-es512/reg-req.json | 5 +++++ tests/integration/w3c-packed-es512/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-rs256/auth-req.json | 5 +++++ tests/integration/w3c-packed-rs256/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-rs256/metadata.json | 4 ++++ tests/integration/w3c-packed-rs256/reg-req.json | 5 +++++ tests/integration/w3c-packed-rs256/reg-res.json | 11 +++++++++++ tests/integration/w3c-packed-self-es256/auth-req.json | 5 +++++ tests/integration/w3c-packed-self-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-packed-self-es256/metadata.json | 4 ++++ tests/integration/w3c-packed-self-es256/reg-req.json | 5 +++++ tests/integration/w3c-packed-self-es256/reg-res.json | 11 +++++++++++ tests/integration/w3c-tpm-es256/auth-req.json | 5 +++++ tests/integration/w3c-tpm-es256/auth-res.json | 9 +++++++++ tests/integration/w3c-tpm-es256/metadata.json | 4 ++++ tests/integration/w3c-tpm-es256/reg-req.json | 5 +++++ tests/integration/w3c-tpm-es256/reg-res.json | 11 +++++++++++ 75 files changed, 510 insertions(+) create mode 100644 tests/integration/w3c-android-key-es256/auth-req.json create mode 100644 tests/integration/w3c-android-key-es256/auth-res.json create mode 100644 tests/integration/w3c-android-key-es256/metadata.json create mode 100644 tests/integration/w3c-android-key-es256/reg-req.json create mode 100644 tests/integration/w3c-android-key-es256/reg-res.json create mode 100644 tests/integration/w3c-apple-es256/auth-req.json create mode 100644 tests/integration/w3c-apple-es256/auth-res.json create mode 100644 tests/integration/w3c-apple-es256/metadata.json create mode 100644 tests/integration/w3c-apple-es256/reg-req.json create mode 100644 tests/integration/w3c-apple-es256/reg-res.json create mode 100644 tests/integration/w3c-fido-u2f-es256/auth-req.json create mode 100644 tests/integration/w3c-fido-u2f-es256/auth-res.json create mode 100644 tests/integration/w3c-fido-u2f-es256/metadata.json create mode 100644 tests/integration/w3c-fido-u2f-es256/reg-req.json create mode 100644 tests/integration/w3c-fido-u2f-es256/reg-res.json create mode 100644 tests/integration/w3c-none-es256-crossOrigin/auth-req.json create mode 100644 tests/integration/w3c-none-es256-crossOrigin/auth-res.json create mode 100644 tests/integration/w3c-none-es256-crossOrigin/metadata.json create mode 100644 tests/integration/w3c-none-es256-crossOrigin/reg-req.json create mode 100644 tests/integration/w3c-none-es256-crossOrigin/reg-res.json create mode 100644 tests/integration/w3c-none-es256-long-credentialId/auth-req.json create mode 100644 tests/integration/w3c-none-es256-long-credentialId/auth-res.json create mode 100644 tests/integration/w3c-none-es256-long-credentialId/metadata.json create mode 100644 tests/integration/w3c-none-es256-long-credentialId/reg-req.json create mode 100644 tests/integration/w3c-none-es256-long-credentialId/reg-res.json create mode 100644 tests/integration/w3c-none-es256-topOrigin/auth-req.json create mode 100644 tests/integration/w3c-none-es256-topOrigin/auth-res.json create mode 100644 tests/integration/w3c-none-es256-topOrigin/metadata.json create mode 100644 tests/integration/w3c-none-es256-topOrigin/reg-req.json create mode 100644 tests/integration/w3c-none-es256-topOrigin/reg-res.json create mode 100644 tests/integration/w3c-none-es256/auth-req.json create mode 100644 tests/integration/w3c-none-es256/auth-res.json create mode 100644 tests/integration/w3c-none-es256/metadata.json create mode 100644 tests/integration/w3c-none-es256/reg-req.json create mode 100644 tests/integration/w3c-none-es256/reg-res.json create mode 100644 tests/integration/w3c-packed-ed25519/auth-req.json create mode 100644 tests/integration/w3c-packed-ed25519/auth-res.json create mode 100644 tests/integration/w3c-packed-ed25519/metadata.json create mode 100644 tests/integration/w3c-packed-ed25519/reg-req.json create mode 100644 tests/integration/w3c-packed-ed25519/reg-res.json create mode 100644 tests/integration/w3c-packed-ed448/auth-req.json create mode 100644 tests/integration/w3c-packed-ed448/auth-res.json create mode 100644 tests/integration/w3c-packed-ed448/metadata.json create mode 100644 tests/integration/w3c-packed-ed448/reg-req.json create mode 100644 tests/integration/w3c-packed-ed448/reg-res.json create mode 100644 tests/integration/w3c-packed-es256/auth-req.json create mode 100644 tests/integration/w3c-packed-es256/auth-res.json create mode 100644 tests/integration/w3c-packed-es256/metadata.json create mode 100644 tests/integration/w3c-packed-es256/reg-req.json create mode 100644 tests/integration/w3c-packed-es256/reg-res.json create mode 100644 tests/integration/w3c-packed-es384/auth-req.json create mode 100644 tests/integration/w3c-packed-es384/auth-res.json create mode 100644 tests/integration/w3c-packed-es384/metadata.json create mode 100644 tests/integration/w3c-packed-es384/reg-req.json create mode 100644 tests/integration/w3c-packed-es384/reg-res.json create mode 100644 tests/integration/w3c-packed-es512/auth-req.json create mode 100644 tests/integration/w3c-packed-es512/auth-res.json create mode 100644 tests/integration/w3c-packed-es512/metadata.json create mode 100644 tests/integration/w3c-packed-es512/reg-req.json create mode 100644 tests/integration/w3c-packed-es512/reg-res.json create mode 100644 tests/integration/w3c-packed-rs256/auth-req.json create mode 100644 tests/integration/w3c-packed-rs256/auth-res.json create mode 100644 tests/integration/w3c-packed-rs256/metadata.json create mode 100644 tests/integration/w3c-packed-rs256/reg-req.json create mode 100644 tests/integration/w3c-packed-rs256/reg-res.json create mode 100644 tests/integration/w3c-packed-self-es256/auth-req.json create mode 100644 tests/integration/w3c-packed-self-es256/auth-res.json create mode 100644 tests/integration/w3c-packed-self-es256/metadata.json create mode 100644 tests/integration/w3c-packed-self-es256/reg-req.json create mode 100644 tests/integration/w3c-packed-self-es256/reg-res.json create mode 100644 tests/integration/w3c-tpm-es256/auth-req.json create mode 100644 tests/integration/w3c-tpm-es256/auth-res.json create mode 100644 tests/integration/w3c-tpm-es256/metadata.json create mode 100644 tests/integration/w3c-tpm-es256/reg-req.json create mode 100644 tests/integration/w3c-tpm-es256/reg-res.json diff --git a/tests/integration/w3c-android-key-es256/auth-req.json b/tests/integration/w3c-android-key-es256/auth-req.json new file mode 100644 index 0000000..12a930c --- /dev/null +++ b/tests/integration/w3c-android-key-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "5O4Fyp287XQRZUDyTtmtxiquhQdWBSKET_p-6hT3r4Y" + } +} diff --git a/tests/integration/w3c-android-key-es256/auth-res.json b/tests/integration/w3c-android-key-es256/auth-res.json new file mode 100644 index 0000000..351d237 --- /dev/null +++ b/tests/integration/w3c-android-key-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "CkcpUZeItu2KLXcrSU4YYkTYx5jAUpYNvIwQyRUXZ5U", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUJAAAAAA", + "signature": "MEUCIQCiteN9pDzrY1ZvbigXxsvvJhBz0Mrf0hP_Yim9M93qbAIgPXfrMgL8krm1u4Q-8ILHdm-MfyMZTJJwj_Lz0d52Wo8", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiNU80RnlwMjg3WFFSWlVEeVR0bXR4aXF1aFFkV0JTS0VUX3AtNmhUM3I0WSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogcXhKeEItX3hncnd5TUw2MThkclNuQSJ9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-android-key-es256/metadata.json b/tests/integration/w3c-android-key-es256/metadata.json new file mode 100644 index 0000000..f081c22 --- /dev/null +++ b/tests/integration/w3c-android-key-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "CkcpUZeItu2KLXcrSU4YYkTYx5jAUpYNvIwQyRUXZ5U", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-android-key-es256/reg-req.json b/tests/integration/w3c-android-key-es256/reg-req.json new file mode 100644 index 0000000..c645e76 --- /dev/null +++ b/tests/integration/w3c-android-key-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "PeHwtzZdzN4_8MvyXib_p7r_h-8QbID8hl3EAtmWAFA" + } +} diff --git a/tests/integration/w3c-android-key-es256/reg-res.json b/tests/integration/w3c-android-key-es256/reg-res.json new file mode 100644 index 0000000..50873b7 --- /dev/null +++ b/tests/integration/w3c-android-key-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "CkcpUZeItu2KLXcrSU4YYkTYx5jAUpYNvIwQyRUXZ5U", + "rawId": "CkcpUZeItu2KLXcrSU4YYkTYx5jAUpYNvIwQyRUXZ5U", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiUGVId3R6WmR6TjRfOE12eVhpYl9wN3JfaC04UWJJRDhobDNFQXRtV0FGQSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogVlYxY1F1UjJxTE1fYW1QZm9IekwwZyJ9", + "attestationObject": "o2NmbXRrYW5kcm9pZC1rZXlnYXR0U3RtdKNjYWxnJmNzaWdYSDBGAiEA6VUSmCqj8hbP8uh8jsVwV7hSn2dOqr7Mqif9A9h3nxkCIQCvtr9FnaSoJvANAfxrYHEv8x3E6zMWGcj4dLsX5DFOlGN4NWOBWQJvMIICazCCAhCgAwIBAgIQH_kfdrY_RIEvmYslCwKGvzAKBggqhkjOPQQDAjBiMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzElMCMGA1UECwwcQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbiBDQTELMAkGA1UEBhMCQUEwIBcNMjQwMTAxMDAwMDAwWhgPMzAyNDAxMDEwMDAwMDBaMF8xHjAcBgNVBAMMFVdlYkF1dGhuIHRlc3QgdmVjdG9yczEMMAoGA1UECgwDVzNDMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJBQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJkWllcDbQiaKpghp9AGPTQfGkYTOJNZY276tfPL8azP3ZHFVUMXbqmbZEQG3R3WN3S2r2WsdZ4G_0CxyKsC32ujgagwgaUwDAYDVR0TAQH_BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFBrIHlBkHo0TOauffrJfDNWqwFSwMB8GA1UdIwQYMBaAFEWv9xWw3XhnQf7pluvBZUejkxseMEUGCisGAQQB1nkCAREENzA1AgIBLAIBAAIBAAIBAAQgtDUCjXtqj4O7Rh1BwZsFOp082zA1Gk83TNTN6NvvtgYEADAAMAAwCgYIKoZIzj0EAwIDSQAwRgIhAIFnHyR08zbmtaho0otHzQVMDtQmH1MfzfGhzu0Z9gCtAiEA56xoOEjDSEKkMv9KJunbxTe4joP8TLWRON48o6PhCBRoYXV0aERhdGFYpL-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1XQAAAACt6XBeHOcIW4maVA0CGZv4ACAKRylRl4i27YotdytJThhiRNjHmMBSlg28jBDJFRdnlaUBAgMmIAEhWCCZFpZXA20ImiqYIafQBj00HxpGEziTWWNu-rXzy_GszyJYIN2RxVVDF26pm2REBt0d1jd0tq9lrHWeBv9AscirAt9r", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-apple-es256/auth-req.json b/tests/integration/w3c-apple-es256/auth-req.json new file mode 100644 index 0000000..7daee21 --- /dev/null +++ b/tests/integration/w3c-apple-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "0-spZGQeJv7QI0A6ct3gk7GcS6kAjD-d2D_P00embQU" + } +} diff --git a/tests/integration/w3c-apple-es256/auth-res.json b/tests/integration/w3c-apple-es256/auth-res.json new file mode 100644 index 0000000..0f68793 --- /dev/null +++ b/tests/integration/w3c-apple-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "nEpYhq-Sg9m-Pp7FWXje39zi47NlyrGTroUMFiOPr7g", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUJAAAAAA", + "signature": "MEYCIQDuNdt5XOKAROH4Ix1os9eamIL3QVqjXBtax00kJRBzyAIhANzGVpFlCkEtDO74Q3EMCYJ6zybHhFvdrAfuyVhj5_xM", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMC1zcFpHUWVKdjdRSTBBNmN0M2drN0djUzZrQWpELWQyRF9QMDBlbWJRVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-apple-es256/metadata.json b/tests/integration/w3c-apple-es256/metadata.json new file mode 100644 index 0000000..009aff7 --- /dev/null +++ b/tests/integration/w3c-apple-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "nEpYhq-Sg9m-Pp7FWXje39zi47NlyrGTroUMFiOPr7g", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-apple-es256/reg-req.json b/tests/integration/w3c-apple-es256/reg-req.json new file mode 100644 index 0000000..e3f0559 --- /dev/null +++ b/tests/integration/w3c-apple-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "9_aIIThSAHd1AJz4wJb9qJ1guan7WlDdgd2YmK9aBgk" + } +} diff --git a/tests/integration/w3c-apple-es256/reg-res.json b/tests/integration/w3c-apple-es256/reg-res.json new file mode 100644 index 0000000..f83e13f --- /dev/null +++ b/tests/integration/w3c-apple-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "nEpYhq-Sg9m-Pp7FWXje39zi47NlyrGTroUMFiOPr7g", + "rawId": "nEpYhq-Sg9m-Pp7FWXje39zi47NlyrGTroUMFiOPr7g", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiOV9hSUlUaFNBSGQxQUp6NHdKYjlxSjFndWFuN1dsRGRnZDJZbUs5YUJnayIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogVGpMUG5wT2FYUVVyRk5jYkgydFRaQSJ9", + "attestationObject": "o2NmbXRlYXBwbGVnYXR0U3RtdKFjeDVjgVkCXDCCAlgwggH-oAMCAQICEDlCdWE9UxC4GinOkPSLYcEwCgYIKoZIzj0EAwIwYjEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxJTAjBgNVBAsMHEF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24gQ0ExCzAJBgNVBAYTAkFBMCAXDTI0MDEwMTAwMDAwMFoYDzMwMjQwMTAxMDAwMDAwWjBfMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCQUEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASKPVsbTFQ6cGv25LAK_ts8kwtpDdKGk0_ikR93nMd2Gvco4ao7D_Zmkhktqndrg9344zQNLZoOq9_DJOs-LxNso4GWMIGTMAwGA1UdEwEB_wQCMAAwDgYDVR0PAQH_BAQDAgeAMB0GA1UdDgQWBBQS8c5sCuObQDv8kgAxe8GDpOTXZjAfBgNVHSMEGDAWgBRFr_cVsN14Z0H-6ZbrwWVHo5MbHjAzBgkqhkiG92NkCAIEJjAkoSIEINeobnIz-4Q-sO60B9i3b_fk-C0hjPXbtGHXUgc_XLKaMAoGCCqGSM49BAMCA0gAMEUCIHD1wu3jAA6drjWNQSsmpKy_GPTN64D1sT_NVk0JDDnsAiEA9nLiw9vhF8mxSQs8Zgq_Xc10OYGHCC2stYtnRN5KymBoYXV0aERhdGFYpL-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1SQAAAAB0ghCiAHZhanM7IRQzb8OEACCcSliGr5KD2b4-nsVZeN7f3OLjs2XKsZOuhQwWI4-vuKUBAgMmIAEhWCCKPVsbTFQ6cGv25LAK_ts8kwtpDdKGk0_ikR93nMd2GiJYIPco4ao7D_Zmkhktqndrg9344zQNLZoOq9_DJOs-LxNs", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-fido-u2f-es256/auth-req.json b/tests/integration/w3c-fido-u2f-es256/auth-req.json new file mode 100644 index 0000000..08b3fc4 --- /dev/null +++ b/tests/integration/w3c-fido-u2f-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "-QxhKYHYT1mUON4aUA92km6SzIS--OAsbiNVPwBIVDU" + } +} diff --git a/tests/integration/w3c-fido-u2f-es256/auth-res.json b/tests/integration/w3c-fido-u2f-es256/auth-res.json new file mode 100644 index 0000000..71a4250 --- /dev/null +++ b/tests/integration/w3c-fido-u2f-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "pLpuLSz-xDZI19JcXtVlm8GPK3gVOFJ-vUkt4DJWvfQ", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUBAAAAAA", + "signature": "MEQCIGFyRZlY_qkHtykrkvVVA0v9iEiV8oenYgDBuihyORNwAiBHJ7FmFH4mohu8KSHRkuv-1Wm3lDhTjlwSi14o5pJt1w", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiLVF4aEtZSFlUMW1VT040YVVBOTJrbTZTeklTLS1PQXNiaU5WUHdCSVZEVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-fido-u2f-es256/metadata.json b/tests/integration/w3c-fido-u2f-es256/metadata.json new file mode 100644 index 0000000..5ab6a07 --- /dev/null +++ b/tests/integration/w3c-fido-u2f-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "pLpuLSz-xDZI19JcXtVlm8GPK3gVOFJ-vUkt4DJWvfQ", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-fido-u2f-es256/reg-req.json b/tests/integration/w3c-fido-u2f-es256/reg-req.json new file mode 100644 index 0000000..32c3d54 --- /dev/null +++ b/tests/integration/w3c-fido-u2f-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "4HQ3KZC5yqUHoiffxnsAN4DEUyU4DRqQwg-B7X0IDAY" + } +} diff --git a/tests/integration/w3c-fido-u2f-es256/reg-res.json b/tests/integration/w3c-fido-u2f-es256/reg-res.json new file mode 100644 index 0000000..5e5c396 --- /dev/null +++ b/tests/integration/w3c-fido-u2f-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "pLpuLSz-xDZI19JcXtVlm8GPK3gVOFJ-vUkt4DJWvfQ", + "rawId": "pLpuLSz-xDZI19JcXtVlm8GPK3gVOFJ-vUkt4DJWvfQ", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiNEhRM0taQzV5cVVIb2lmZnhuc0FONERFVXlVNERScVF3Zy1CN1gwSURBWSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9", + "attestationObject": "o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEcwRQIhAPQYh6IAY7smhny5dRl4rM6luBeRpo9PTdbqH7alwIbDAiBOXgCqOJV3fmYI8fN1-VRQBF2j2leg5P1FHfNaMdLZimN4NWOBWQIlMIICITCCAcegAwIBAgIQBPZtxlQup3Gd6kFtMlokATAKBggqhkjOPQQDAjBiMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzElMCMGA1UECwwcQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbiBDQTELMAkGA1UEBhMCQUEwIBcNMjQwMTAxMDAwMDAwWhgPMzAyNDAxMDEwMDAwMDBaMF8xHjAcBgNVBAMMFVdlYkF1dGhuIHRlc3QgdmVjdG9yczEMMAoGA1UECgwDVzNDMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJBQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFb_-nCT3t5Grv7vtuUgx8zHiWdjbi-SWCunFFX2TpOTLf875ODU72jj47c6oIfiagoKMLAtwqojCdtMOi_JNt6jYDBeMAwGA1UdEwEB_wQCMAAwDgYDVR0PAQH_BAQDAgeAMB0GA1UdDgQWBBRCCCLrGQi1zTkRAX-8rUZBwF4FozAfBgNVHSMEGDAWgBRFr_cVsN14Z0H-6ZbrwWVHo5MbHjAKBggqhkjOPQQDAgNIADBFAiANC3d_CgsYGtKDAnWswxUP1gkkMLzQNP13vre9-MLVRgIhANSGTt2V2qOScICFXfGZ8XFymbJKXuzvvQF0Vam5NNj2aGF1dGhEYXRhWKS_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktUEAAAAAr7PC78BU30JQE9XIjnnDwQAgpLpuLSz-xDZI19JcXtVlm8GPK3gVOFJ-vUkt4DJWvfSlAQIDJiABIVggsNYt5rMPhvC6x6kBaVE5HC4xhJ4uZGYcvSsTzX1VCK0iWCBQOwvaKjV6mks0R1oo5ltmC0iYqePpu_CCDUNJQpft0A", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-none-es256-crossOrigin/auth-req.json b/tests/integration/w3c-none-es256-crossOrigin/auth-req.json new file mode 100644 index 0000000..11c9141 --- /dev/null +++ b/tests/integration/w3c-none-es256-crossOrigin/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "h2qlF7qD_e5l_P_bykyE7q5dVPgEGh_IXJkeW7snMTc" + } +} diff --git a/tests/integration/w3c-none-es256-crossOrigin/auth-res.json b/tests/integration/w3c-none-es256-crossOrigin/auth-res.json new file mode 100644 index 0000000..7e58126 --- /dev/null +++ b/tests/integration/w3c-none-es256-crossOrigin/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "bhBQwNLKLwfHVcssZqdMZPpDBlwY-Tg1TZkV2yvVzlc", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUFAAAAAA", + "signature": "MEYCIQDrEvzyOxJ2TA8SLiI3H6uS4oOHn9eY847hhByVG25A5wIhAMdiN_-dt3s8VvMIN82moJrPoukVVE5gnAczsRhANtHP", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiaDJxbEY3cURfZTVsX1BfYnlreUU3cTVkVlBnRUdoX0lYSmtlVzdzbk1UYyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6dHJ1ZSwiZXh0cmFEYXRhIjoiY2xpZW50RGF0YUpTT04gbWF5IGJlIGV4dGVuZGVkIHdpdGggYWRkaXRpb25hbCBmaWVsZHMgaW4gdGhlIGZ1dHVyZSwgc3VjaCBhcyB0aGlzOiA5MnBjVFZEMEFieS1xNGR0bWo2ZWZnIn0" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-none-es256-crossOrigin/metadata.json b/tests/integration/w3c-none-es256-crossOrigin/metadata.json new file mode 100644 index 0000000..4cb6c1d --- /dev/null +++ b/tests/integration/w3c-none-es256-crossOrigin/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "bhBQwNLKLwfHVcssZqdMZPpDBlwY-Tg1TZkV2yvVzlc", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-none-es256-crossOrigin/reg-req.json b/tests/integration/w3c-none-es256-crossOrigin/reg-req.json new file mode 100644 index 0000000..4444481 --- /dev/null +++ b/tests/integration/w3c-none-es256-crossOrigin/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "O-WqzQNTcUJHI0CrWWnyQPHYdxbiC2gHrCMGVfpLO0k" + } +} diff --git a/tests/integration/w3c-none-es256-crossOrigin/reg-res.json b/tests/integration/w3c-none-es256-crossOrigin/reg-res.json new file mode 100644 index 0000000..cc9afaa --- /dev/null +++ b/tests/integration/w3c-none-es256-crossOrigin/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "bhBQwNLKLwfHVcssZqdMZPpDBlwY-Tg1TZkV2yvVzlc", + "rawId": "bhBQwNLKLwfHVcssZqdMZPpDBlwY-Tg1TZkV2yvVzlc", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTy1XcXpRTlRjVUpISTBDcldXbnlRUEhZZHhiaUMyZ0hyQ01HVmZwTE8wayIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6dHJ1ZSwiZXh0cmFEYXRhIjoiY2xpZW50RGF0YUpTT04gbWF5IGJlIGV4dGVuZGVkIHdpdGggYWRkaXRpb25hbCBmaWVsZHMgaW4gdGhlIGZ1dHVyZSwgc3VjaCBhcyB0aGlzOiB6WnF1RXREUjlEV3FwVzV0QldURnVnIn0", + "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikv6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LVFAAAAAIg_T2AU8ZwJ2HqjgSO-SNAAIG4QUMDSyi8Hx1XLLGanTGT6QwZcGPk4NU2ZFdsr1c5XpQECAyYgASFYICIgCkc_kLEQeIUVUNA7TkSiJ5-MTsonsxU97f4D5Ol9Ilggy9C-ledGrW9agZG-EXVuTAQg5y9ltGbTm8VrixI6nG4", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-none-es256-long-credentialId/auth-req.json b/tests/integration/w3c-none-es256-long-credentialId/auth-req.json new file mode 100644 index 0000000..891e5dd --- /dev/null +++ b/tests/integration/w3c-none-es256-long-credentialId/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "7x3rpW3OSPZ0pEfM9juVmSWM6HZI5cOW8u8ModpGDjs" + } +} diff --git a/tests/integration/w3c-none-es256-long-credentialId/auth-res.json b/tests/integration/w3c-none-es256-long-credentialId/auth-res.json new file mode 100644 index 0000000..915592c --- /dev/null +++ b/tests/integration/w3c-none-es256-long-credentialId/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "OnYaThZ0rWxDBYaUNcDu6cKGFywim7kbSLStoUDAhjQXAxMFzOW0onqI1_5yil9aYn3ncbS0Dnfxh5gMEk-f6DLXE2AQQ2oFbM5xZoBYfSMYfPH8LGKuhvw-UI7pYX_8dPvBBIjsFuxekJYyhmmomHCbZV5UlzjGZsGuYoHcO19zPCUdPu-3bucKOAXKkbzBjknI3H9j68tIa6jD1qtSuI_3LGpbtHwy8-6Gg6PdyKv2CHBEjsiiG1vcsYPH3q2HAlVXWm35brG2oqEBl4DLqeSIexf_EWS7vMEOsNhu11mEzT-jQZEDAkUH39nOj5LFaveRTLC7ULh7qCoxK7fc2TAo29zWrbJml5ZnFYM1Fx42gtN3VXAe2_nYcoRqKR1J5X7wnaHsY39QUu0qp0B_fmGCdGjpS0YYRPTGe-X6nGBVpWb4_fwp1L94qf8nX1UsxoulQ_o5Yu6jb9HqhFN2RXfQIdChge_B9hAKsuQRADniHuFpcL2nQythNEkhVa_BJilbOi7M0Sxmpo40CWnplePoycR245XPwhIDQUEQd5R08cl5dAZjfb5BTxMlGdO_DOTwFzTvDhoSw61gT_FddmsWJNtqWnzL_3vDXJkI35Sronfgr0jwT_PRY4HEflo37TmIpno7HsqpJjNrMzkf_wQSj4aZkcn6vZBbb-PO71-LYw7BxdJjbVsZYa1cpQBBcPb15IJ5Kq2YmwKH_pHlxHlAM5cVLx-laqebFW60fmyOo-sXXDTPs4rY53KHRjmxAj1NATlclOVYMWccwCKqb6HgKgLC5KvHdvaWDlH4O3GowPIHtqNHVzl3gSyapUgLABGqc5vUt2wYwADMR1fM7MuSDwB8QMAON-WrIUds2fYFSo__tVoQj1xwbizqIEnYH9Mh_0fSpXYbCACVWrHU9IifVahOJgHGhPF6St50U-pJWR0LWcjZp2UFL2IhnPbvSl3ZU58GF9brvrznwABFVHXRhEniXEnvmh4-_hjAkILr4gWNfDR976qS8GZFU7gFx9drv85fMwrKIgrJCniTgPxHnqDYeTIFgTzKWQqRL2ma1S-ZGhvApQPD7EsqaWcZ48JlkahxJ_cwXMfnL0yOOTVeuwalsQQpkPOHEO56phLuQ3S7guh4WFpwqWwqa0fxAaT_FUvk_XajFnV3pcxU2RZ8FUxprDVIXkTMiYtxnhvjzJwPtWJLj4oNrhCUekG_hItsG7M9EAbsB31-KG4_KntIQ3FjkBGUSf4nIegaXtIzPTMccSB2XaWPra5zwZ2ajEUJz4rB6dmLeZpSdFCQaXObWCPz-0lmY4IAM0JpiO78pT5YDg-eDf4JkvwuU6l-BTY5-YV3BY-ZW9vUHO_b", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUNAAAAAA", + "signature": "MEUCID7O-D-xKgyueEEFX5-HEDqZ_RS0JBlLvwbEYj0-5uP9AiEA0qzjRtsmKxN0prcPqlH1GKQt3KE6QSXOb1BSp1usn7Y", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiN3gzcnBXM09TUFowcEVmTTlqdVZtU1dNNkhaSTVjT1c4dThNb2RwR0RqcyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-none-es256-long-credentialId/metadata.json b/tests/integration/w3c-none-es256-long-credentialId/metadata.json new file mode 100644 index 0000000..ceff1a3 --- /dev/null +++ b/tests/integration/w3c-none-es256-long-credentialId/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "OnYaThZ0rWxDBYaUNcDu6cKGFywim7kbSLStoUDAhjQXAxMFzOW0onqI1_5yil9aYn3ncbS0Dnfxh5gMEk-f6DLXE2AQQ2oFbM5xZoBYfSMYfPH8LGKuhvw-UI7pYX_8dPvBBIjsFuxekJYyhmmomHCbZV5UlzjGZsGuYoHcO19zPCUdPu-3bucKOAXKkbzBjknI3H9j68tIa6jD1qtSuI_3LGpbtHwy8-6Gg6PdyKv2CHBEjsiiG1vcsYPH3q2HAlVXWm35brG2oqEBl4DLqeSIexf_EWS7vMEOsNhu11mEzT-jQZEDAkUH39nOj5LFaveRTLC7ULh7qCoxK7fc2TAo29zWrbJml5ZnFYM1Fx42gtN3VXAe2_nYcoRqKR1J5X7wnaHsY39QUu0qp0B_fmGCdGjpS0YYRPTGe-X6nGBVpWb4_fwp1L94qf8nX1UsxoulQ_o5Yu6jb9HqhFN2RXfQIdChge_B9hAKsuQRADniHuFpcL2nQythNEkhVa_BJilbOi7M0Sxmpo40CWnplePoycR245XPwhIDQUEQd5R08cl5dAZjfb5BTxMlGdO_DOTwFzTvDhoSw61gT_FddmsWJNtqWnzL_3vDXJkI35Sronfgr0jwT_PRY4HEflo37TmIpno7HsqpJjNrMzkf_wQSj4aZkcn6vZBbb-PO71-LYw7BxdJjbVsZYa1cpQBBcPb15IJ5Kq2YmwKH_pHlxHlAM5cVLx-laqebFW60fmyOo-sXXDTPs4rY53KHRjmxAj1NATlclOVYMWccwCKqb6HgKgLC5KvHdvaWDlH4O3GowPIHtqNHVzl3gSyapUgLABGqc5vUt2wYwADMR1fM7MuSDwB8QMAON-WrIUds2fYFSo__tVoQj1xwbizqIEnYH9Mh_0fSpXYbCACVWrHU9IifVahOJgHGhPF6St50U-pJWR0LWcjZp2UFL2IhnPbvSl3ZU58GF9brvrznwABFVHXRhEniXEnvmh4-_hjAkILr4gWNfDR976qS8GZFU7gFx9drv85fMwrKIgrJCniTgPxHnqDYeTIFgTzKWQqRL2ma1S-ZGhvApQPD7EsqaWcZ48JlkahxJ_cwXMfnL0yOOTVeuwalsQQpkPOHEO56phLuQ3S7guh4WFpwqWwqa0fxAaT_FUvk_XajFnV3pcxU2RZ8FUxprDVIXkTMiYtxnhvjzJwPtWJLj4oNrhCUekG_hItsG7M9EAbsB31-KG4_KntIQ3FjkBGUSf4nIegaXtIzPTMccSB2XaWPra5zwZ2ajEUJz4rB6dmLeZpSdFCQaXObWCPz-0lmY4IAM0JpiO78pT5YDg-eDf4JkvwuU6l-BTY5-YV3BY-ZW9vUHO_b", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-none-es256-long-credentialId/reg-req.json b/tests/integration/w3c-none-es256-long-credentialId/reg-req.json new file mode 100644 index 0000000..5a55edb --- /dev/null +++ b/tests/integration/w3c-none-es256-long-credentialId/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "ERPHJlzPXmUSQoL6HXgZp6FMuFOapM2-x0h-XzXY7Gw" + } +} diff --git a/tests/integration/w3c-none-es256-long-credentialId/reg-res.json b/tests/integration/w3c-none-es256-long-credentialId/reg-res.json new file mode 100644 index 0000000..a1f4607 --- /dev/null +++ b/tests/integration/w3c-none-es256-long-credentialId/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "OnYaThZ0rWxDBYaUNcDu6cKGFywim7kbSLStoUDAhjQXAxMFzOW0onqI1_5yil9aYn3ncbS0Dnfxh5gMEk-f6DLXE2AQQ2oFbM5xZoBYfSMYfPH8LGKuhvw-UI7pYX_8dPvBBIjsFuxekJYyhmmomHCbZV5UlzjGZsGuYoHcO19zPCUdPu-3bucKOAXKkbzBjknI3H9j68tIa6jD1qtSuI_3LGpbtHwy8-6Gg6PdyKv2CHBEjsiiG1vcsYPH3q2HAlVXWm35brG2oqEBl4DLqeSIexf_EWS7vMEOsNhu11mEzT-jQZEDAkUH39nOj5LFaveRTLC7ULh7qCoxK7fc2TAo29zWrbJml5ZnFYM1Fx42gtN3VXAe2_nYcoRqKR1J5X7wnaHsY39QUu0qp0B_fmGCdGjpS0YYRPTGe-X6nGBVpWb4_fwp1L94qf8nX1UsxoulQ_o5Yu6jb9HqhFN2RXfQIdChge_B9hAKsuQRADniHuFpcL2nQythNEkhVa_BJilbOi7M0Sxmpo40CWnplePoycR245XPwhIDQUEQd5R08cl5dAZjfb5BTxMlGdO_DOTwFzTvDhoSw61gT_FddmsWJNtqWnzL_3vDXJkI35Sronfgr0jwT_PRY4HEflo37TmIpno7HsqpJjNrMzkf_wQSj4aZkcn6vZBbb-PO71-LYw7BxdJjbVsZYa1cpQBBcPb15IJ5Kq2YmwKH_pHlxHlAM5cVLx-laqebFW60fmyOo-sXXDTPs4rY53KHRjmxAj1NATlclOVYMWccwCKqb6HgKgLC5KvHdvaWDlH4O3GowPIHtqNHVzl3gSyapUgLABGqc5vUt2wYwADMR1fM7MuSDwB8QMAON-WrIUds2fYFSo__tVoQj1xwbizqIEnYH9Mh_0fSpXYbCACVWrHU9IifVahOJgHGhPF6St50U-pJWR0LWcjZp2UFL2IhnPbvSl3ZU58GF9brvrznwABFVHXRhEniXEnvmh4-_hjAkILr4gWNfDR976qS8GZFU7gFx9drv85fMwrKIgrJCniTgPxHnqDYeTIFgTzKWQqRL2ma1S-ZGhvApQPD7EsqaWcZ48JlkahxJ_cwXMfnL0yOOTVeuwalsQQpkPOHEO56phLuQ3S7guh4WFpwqWwqa0fxAaT_FUvk_XajFnV3pcxU2RZ8FUxprDVIXkTMiYtxnhvjzJwPtWJLj4oNrhCUekG_hItsG7M9EAbsB31-KG4_KntIQ3FjkBGUSf4nIegaXtIzPTMccSB2XaWPra5zwZ2ajEUJz4rB6dmLeZpSdFCQaXObWCPz-0lmY4IAM0JpiO78pT5YDg-eDf4JkvwuU6l-BTY5-YV3BY-ZW9vUHO_b", + "rawId": "OnYaThZ0rWxDBYaUNcDu6cKGFywim7kbSLStoUDAhjQXAxMFzOW0onqI1_5yil9aYn3ncbS0Dnfxh5gMEk-f6DLXE2AQQ2oFbM5xZoBYfSMYfPH8LGKuhvw-UI7pYX_8dPvBBIjsFuxekJYyhmmomHCbZV5UlzjGZsGuYoHcO19zPCUdPu-3bucKOAXKkbzBjknI3H9j68tIa6jD1qtSuI_3LGpbtHwy8-6Gg6PdyKv2CHBEjsiiG1vcsYPH3q2HAlVXWm35brG2oqEBl4DLqeSIexf_EWS7vMEOsNhu11mEzT-jQZEDAkUH39nOj5LFaveRTLC7ULh7qCoxK7fc2TAo29zWrbJml5ZnFYM1Fx42gtN3VXAe2_nYcoRqKR1J5X7wnaHsY39QUu0qp0B_fmGCdGjpS0YYRPTGe-X6nGBVpWb4_fwp1L94qf8nX1UsxoulQ_o5Yu6jb9HqhFN2RXfQIdChge_B9hAKsuQRADniHuFpcL2nQythNEkhVa_BJilbOi7M0Sxmpo40CWnplePoycR245XPwhIDQUEQd5R08cl5dAZjfb5BTxMlGdO_DOTwFzTvDhoSw61gT_FddmsWJNtqWnzL_3vDXJkI35Sronfgr0jwT_PRY4HEflo37TmIpno7HsqpJjNrMzkf_wQSj4aZkcn6vZBbb-PO71-LYw7BxdJjbVsZYa1cpQBBcPb15IJ5Kq2YmwKH_pHlxHlAM5cVLx-laqebFW60fmyOo-sXXDTPs4rY53KHRjmxAj1NATlclOVYMWccwCKqb6HgKgLC5KvHdvaWDlH4O3GowPIHtqNHVzl3gSyapUgLABGqc5vUt2wYwADMR1fM7MuSDwB8QMAON-WrIUds2fYFSo__tVoQj1xwbizqIEnYH9Mh_0fSpXYbCACVWrHU9IifVahOJgHGhPF6St50U-pJWR0LWcjZp2UFL2IhnPbvSl3ZU58GF9brvrznwABFVHXRhEniXEnvmh4-_hjAkILr4gWNfDR976qS8GZFU7gFx9drv85fMwrKIgrJCniTgPxHnqDYeTIFgTzKWQqRL2ma1S-ZGhvApQPD7EsqaWcZ48JlkahxJ_cwXMfnL0yOOTVeuwalsQQpkPOHEO56phLuQ3S7guh4WFpwqWwqa0fxAaT_FUvk_XajFnV3pcxU2RZ8FUxprDVIXkTMiYtxnhvjzJwPtWJLj4oNrhCUekG_hItsG7M9EAbsB31-KG4_KntIQ3FjkBGUSf4nIegaXtIzPTMccSB2XaWPra5zwZ2ajEUJz4rB6dmLeZpSdFCQaXObWCPz-0lmY4IAM0JpiO78pT5YDg-eDf4JkvwuU6l-BTY5-YV3BY-ZW9vUHO_b", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRVJQSEpselBYbVVTUW9MNkhYZ1pwNkZNdUZPYXBNMi14MGgtWHpYWTdHdyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9", + "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVkEg7-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1SQAAAACPM2DCzRsKwU_-B5XF0mOOA_86dhpOFnStbEMFhpQ1wO7pwoYXLCKbuRtItK2hQMCGNBcDEwXM5bSieojX_nKKX1pifedxtLQOd_GHmAwST5_oMtcTYBBDagVsznFmgFh9Ixh88fwsYq6G_D5Qjulhf_x0-8EEiOwW7F6QljKGaaiYcJtlXlSXOMZmwa5igdw7X3M8JR0-77du5wo4BcqRvMGOScjcf2Pry0hrqMPWq1K4j_csalu0fDLz7oaDo93Iq_YIcESOyKIbW9yxg8ferYcCVVdabflusbaioQGXgMup5Ih7F_8RZLu8wQ6w2G7XWYTNP6NBkQMCRQff2c6PksVq95FMsLtQuHuoKjErt9zZMCjb3NatsmaXlmcVgzUXHjaC03dVcB7b-dhyhGopHUnlfvCdoexjf1BS7SqnQH9-YYJ0aOlLRhhE9MZ75fqcYFWlZvj9_CnUv3ip_ydfVSzGi6VD-jli7qNv0eqEU3ZFd9Ah0KGB78H2EAqy5BEAOeIe4WlwvadDK2E0SSFVr8EmKVs6LszRLGamjjQJaemV4-jJxHbjlc_CEgNBQRB3lHTxyXl0BmN9vkFPEyUZ078M5PAXNO8OGhLDrWBP8V12axYk22pafMv_e8NcmQjflKuid-CvSPBP89FjgcR-WjftOYimejseyqkmM2szOR__BBKPhpmRyfq9kFtv487vX4tjDsHF0mNtWxlhrVylAEFw9vXkgnkqrZibAof-keXEeUAzlxUvH6Vqp5sVbrR-bI6j6xdcNM-zitjncodGObECPU0BOVyU5VgxZxzAIqpvoeAqAsLkq8d29pYOUfg7cajA8ge2o0dXOXeBLJqlSAsAEapzm9S3bBjAAMxHV8zsy5IPAHxAwA435ashR2zZ9gVKj_-1WhCPXHBuLOogSdgf0yH_R9KldhsIAJVasdT0iJ9VqE4mAcaE8XpK3nRT6klZHQtZyNmnZQUvYiGc9u9KXdlTnwYX1uu-vOfAAEVUddGESeJcSe-aHj7-GMCQguviBY18NH3vqpLwZkVTuAXH12u_zl8zCsoiCskKeJOA_EeeoNh5MgWBPMpZCpEvaZrVL5kaG8ClA8PsSyppZxnjwmWRqHEn9zBcx-cvTI45NV67BqWxBCmQ84cQ7nqmEu5DdLuC6HhYWnCpbCprR_EBpP8VS-T9dqMWdXelzFTZFnwVTGmsNUheRMyJi3GeG-PMnA-1YkuPig2uEJR6Qb-Ei2wbsz0QBuwHfX4obj8qe0hDcWOQEZRJ_ich6Bpe0jM9MxxxIHZdpY-trnPBnZqMRQnPisHp2Yt5mlJ0UJBpc5tYI_P7SWZjggAzQmmI7vylPlgOD54N_gmS_C5TqX4FNjn5hXcFj5lb29Qc79ulAQIDJiABIVggO4F2t1BEicxZMEbXmIq7eQWnQt5qws3HSKhzxmPpDLEiWCAUNtXtyadfI5me751ZUKXCRVUU7hAUCEcg-EGga4KKEQ", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-none-es256-topOrigin/auth-req.json b/tests/integration/w3c-none-es256-topOrigin/auth-req.json new file mode 100644 index 0000000..97cd13f --- /dev/null +++ b/tests/integration/w3c-none-es256-topOrigin/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "1UpcjKS2Ko47syHjsrxzhW-FoQFQ2yk5rBlXOeseoGY" + } +} diff --git a/tests/integration/w3c-none-es256-topOrigin/auth-res.json b/tests/integration/w3c-none-es256-topOrigin/auth-res.json new file mode 100644 index 0000000..b9a28f2 --- /dev/null +++ b/tests/integration/w3c-none-es256-topOrigin/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "uK1ZuZYEerGOLOtXIGw2LaV0WHk0gfSo6_EBx8p8wPE", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUFAAAAAA", + "signature": "MEUCIQC1pwyBeA1fzJpPKunKrpkFj4rMr1i5H7WTKWRsKKxv_AIgEuEBwWXbPI6ZV_DFTdbKm1a8O9LygL0vqmwdAsblwXE", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiMVVwY2pLUzJLbzQ3c3lIanNyeHpoVy1Gb1FGUTJ5azVyQmxYT2VzZW9HWSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6dHJ1ZSwidG9wT3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogVWlGb0pNVlJRSERBRldGaTR2eFVwUSJ9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-none-es256-topOrigin/metadata.json b/tests/integration/w3c-none-es256-topOrigin/metadata.json new file mode 100644 index 0000000..563952c --- /dev/null +++ b/tests/integration/w3c-none-es256-topOrigin/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "uK1ZuZYEerGOLOtXIGw2LaV0WHk0gfSo6_EBx8p8wPE", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-none-es256-topOrigin/reg-req.json b/tests/integration/w3c-none-es256-topOrigin/reg-req.json new file mode 100644 index 0000000..18baf6c --- /dev/null +++ b/tests/integration/w3c-none-es256-topOrigin/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "Th9MYZhpnjPBTxkhU_Sdfg6ONXfVrEFsXzrckqQfJ-U" + } +} diff --git a/tests/integration/w3c-none-es256-topOrigin/reg-res.json b/tests/integration/w3c-none-es256-topOrigin/reg-res.json new file mode 100644 index 0000000..3a1932c --- /dev/null +++ b/tests/integration/w3c-none-es256-topOrigin/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "uK1ZuZYEerGOLOtXIGw2LaV0WHk0gfSo6_EBx8p8wPE", + "rawId": "uK1ZuZYEerGOLOtXIGw2LaV0WHk0gfSo6_EBx8p8wPE", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVGg5TVlaaHBualBCVHhraFVfU2RmZzZPTlhmVnJFRnNYenJja3FRZkotVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6dHJ1ZSwidG9wT3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSJ9", + "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikv6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LVBAAAAAJdYb9CXmadkAcIARVCZ7yoAILitWbmWBHqxjizrVyBsNi2ldFh5NIH0qOvxAcfKfMDxpQECAyYgASFYIKHEfB2C2k6-gs1yIHECs4BnBwGZO8NTmK4uVyZCf-AdIlgghsEIDYKYcCjH9U7LGwEYXeJDs1kpSg7SEM1HSA8K3Ig", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-none-es256/auth-req.json b/tests/integration/w3c-none-es256/auth-req.json new file mode 100644 index 0000000..dabd0fb --- /dev/null +++ b/tests/integration/w3c-none-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "OcDnUhQXulTUPo3JUXT0I97pvzzYBP9tZchXyav01Ag" + } +} diff --git a/tests/integration/w3c-none-es256/auth-res.json b/tests/integration/w3c-none-es256/auth-res.json new file mode 100644 index 0000000..45be1ea --- /dev/null +++ b/tests/integration/w3c-none-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "-R85HbTJsv3g6nAYnLo_tj9Xm6YSKzOtlP8-wzAIS-Q", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUZAAAAAA", + "signature": "MEYCIQD1Ck4uRAkknEqFO6NhKC8JhB303UVHoTqHeAIY3v_NOAIhAISArA8Lk1OBdPV1vxGh3V14xuSGAT-TcpXqE2U-Mx6H", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiT2NEblVoUVh1bFRVUG8zSlVYVDBJOTdwdnp6WUJQOXRaY2hYeWF2MDFBZyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-none-es256/metadata.json b/tests/integration/w3c-none-es256/metadata.json new file mode 100644 index 0000000..04eeb9e --- /dev/null +++ b/tests/integration/w3c-none-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "-R85HbTJsv3g6nAYnLo_tj9Xm6YSKzOtlP8-wzAIS-Q", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-none-es256/reg-req.json b/tests/integration/w3c-none-es256/reg-req.json new file mode 100644 index 0000000..b810ccf --- /dev/null +++ b/tests/integration/w3c-none-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "AMMPt4UxxGTStncdq417YDwBFi8vpIa-pw8oOuVW4TA" + } +} diff --git a/tests/integration/w3c-none-es256/reg-res.json b/tests/integration/w3c-none-es256/reg-res.json new file mode 100644 index 0000000..0185b59 --- /dev/null +++ b/tests/integration/w3c-none-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "-R85HbTJsv3g6nAYnLo_tj9Xm6YSKzOtlP8-wzAIS-Q", + "rawId": "-R85HbTJsv3g6nAYnLo_tj9Xm6YSKzOtlP8-wzAIS-Q", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiQU1NUHQ0VXh4R1RTdG5jZHE0MTdZRHdCRmk4dnBJYS1wdzhvT3VWVzRUQSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogQmtRZURqZGNUQnJYQmlBd0pUTEU1USJ9", + "attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVikv6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LVZAAAAAIRGzLmrHbN0dQsjZ_9vOh8AIPkfOR20ybL94OpwGJy6P7Y_V5umEiszrZT_PsMwCEvkpQECAyYgASFYIK_voW-XypstI-uGzLZAmNINuQhWBi6yScM6m2cvJt9hIlggkwpWuHovymYzSwNFir-HlxfBLMaO1zKQry4mZHlrkiA", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-ed25519/auth-req.json b/tests/integration/w3c-packed-ed25519/auth-req.json new file mode 100644 index 0000000..1d5d09b --- /dev/null +++ b/tests/integration/w3c-packed-ed25519/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "iVlX4BxjOmmDSKLYoxpUt9sn6MHEOyCA15riGQJnv9I" + } +} diff --git a/tests/integration/w3c-packed-ed25519/auth-res.json b/tests/integration/w3c-packed-ed25519/auth-res.json new file mode 100644 index 0000000..4941da5 --- /dev/null +++ b/tests/integration/w3c-packed-ed25519/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "zp-EDtllmVgM0UD7x7syMGM_UPYQQa_3Mwiuccqoor0", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUBAAAAAA", + "signature": "9cWcfkbDT2-MwZcQHd-ZNPollfaOsZE6Y36EGeubpM_fxI-FOTvA1AsBHw1v7LCX1mB1JXEyI6DcDUU5k9rgCw", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiaVZsWDRCeGpPbW1EU0tMWW94cFV0OXNuNk1IRU95Q0ExNXJpR1FKbnY5SSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-ed25519/metadata.json b/tests/integration/w3c-packed-ed25519/metadata.json new file mode 100644 index 0000000..1c457d7 --- /dev/null +++ b/tests/integration/w3c-packed-ed25519/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "zp-EDtllmVgM0UD7x7syMGM_UPYQQa_3Mwiuccqoor0", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-ed25519/reg-req.json b/tests/integration/w3c-packed-ed25519/reg-req.json new file mode 100644 index 0000000..1240a3c --- /dev/null +++ b/tests/integration/w3c-packed-ed25519/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "qKv52r3GsN9jRms5vanoo0o04YUzelnxxXmZBnbTs70" + } +} diff --git a/tests/integration/w3c-packed-ed25519/reg-res.json b/tests/integration/w3c-packed-ed25519/reg-res.json new file mode 100644 index 0000000..f39aa4e --- /dev/null +++ b/tests/integration/w3c-packed-ed25519/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "zp-EDtllmVgM0UD7x7syMGM_UPYQQa_3Mwiuccqoor0", + "rawId": "zp-EDtllmVgM0UD7x7syMGM_UPYQQa_3Mwiuccqoor0", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicUt2NTJyM0dzTjlqUm1zNXZhbm9vMG8wNFlVemVsbnh4WG1aQm5iVHM3MCIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogQl9EVDVnN1pEXy05T1RMWVg1SXZFUSJ9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEgwRgIhANg_YL2AJpU3WDIYhYrvsDrFfUX6BuQv6q4zLRh_YtqfAiEAoCvTy29-HSg8k7rR8_S1pMBJRGPaf9vyVpSRFnVNHxdjeDVjgVkCJzCCAiMwggHIoAMCAQICEQCyz8nqM8hkOw4adgRj6vFkMAoGCCqGSM49BAMCMGIxHjAcBgNVBAMMFVdlYkF1dGhuIHRlc3QgdmVjdG9yczEMMAoGA1UECgwDVzNDMSUwIwYDVQQLDBxBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uIENBMQswCQYDVQQGEwJBQTAgFw0yNDAxMDEwMDAwMDBaGA8zMDI0MDEwMTAwMDAwMFowXzEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xCzAJBgNVBAYTAkFBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3St6VktzuMC4HExi5SGSXE0RmOyfWD2_HuvjZLZc2cKam980aqqB-2uVB-UkmlL9r4454msLfcRZkqfiM7cPcKNgMF4wDAYDVR0TAQH_BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFAridUa8fsyxtLWXvTVPDAsfH4-OMB8GA1UdIwQYMBaAFEWv9xWw3XhnQf7pluvBZUejkxseMAoGCCqGSM49BAMCA0kAMEYCIQCg1DTstfw7_X2l9BkEUXrSg2JJ9WG9g0unpDioq3pM6AIhAPrIRbt6AlE7WOnzGWVNvkmw8CuVg1usVoxx-KGM3emraGF1dGhEYXRhWIG_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktUEAAAAA1aozWB6MpHjiD-cT9dMv8gAgzp-EDtllmVgM0UD7x7syMGM_UPYQQa_3Mwiuccqoor2kAQEDJyAGIVggROBt3TMcNqjcZnurUryuY0hskWql4znmrOuqhJNL-DI", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-ed448/auth-req.json b/tests/integration/w3c-packed-ed448/auth-req.json new file mode 100644 index 0000000..d6a6dfe --- /dev/null +++ b/tests/integration/w3c-packed-ed448/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "GpQvQB2Njjb-iIw1witxgheAL8ZoW_E5xHsxFAgShpM" + } +} diff --git a/tests/integration/w3c-packed-ed448/auth-res.json b/tests/integration/w3c-packed-ed448/auth-res.json new file mode 100644 index 0000000..aaa7af8 --- /dev/null +++ b/tests/integration/w3c-packed-ed448/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "Ik_N4yTmsHXt5VCYokud3OX1p8cdI3A-_VKKOPil8zw", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUdAAAAAA", + "signature": "Bx25IUMOE8oaYH7tuWy9MP1jlGoG5zEhfK1v2CujuTDUgjCKLBAXUqJRjP9wkY1KIPKb0u2k9FqAu6bErYWxD7chsYSXJbfb7zFdX7EBxtq4kLBtlKi1KnS1hI9o5hUq8khnt1VdKyK4lVy_9ch95zsA", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiR3BRdlFCMk5qamItaUl3MXdpdHhnaGVBTDhab1dfRTV4SHN4RkFnU2hwTSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogWEtIamdiWGdDZUFYWU5zdXRqSXhidyJ9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-ed448/metadata.json b/tests/integration/w3c-packed-ed448/metadata.json new file mode 100644 index 0000000..bb402f1 --- /dev/null +++ b/tests/integration/w3c-packed-ed448/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "Ik_N4yTmsHXt5VCYokud3OX1p8cdI3A-_VKKOPil8zw", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-ed448/reg-req.json b/tests/integration/w3c-packed-ed448/reg-req.json new file mode 100644 index 0000000..5be6802 --- /dev/null +++ b/tests/integration/w3c-packed-ed448/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "JXjQgBtaAFtUUeVAEheIywGUnhh7kdsT9YdVQD778zc" + } +} diff --git a/tests/integration/w3c-packed-ed448/reg-res.json b/tests/integration/w3c-packed-ed448/reg-res.json new file mode 100644 index 0000000..9470c15 --- /dev/null +++ b/tests/integration/w3c-packed-ed448/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "Ik_N4yTmsHXt5VCYokud3OX1p8cdI3A-_VKKOPil8zw", + "rawId": "Ik_N4yTmsHXt5VCYokud3OX1p8cdI3A-_VKKOPil8zw", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiSlhqUWdCdGFBRnRVVWVWQUVoZUl5d0dVbmhoN2tkc1Q5WWRWUUQ3Nzh6YyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogQlFxQTNpZUhWU0hNVERNV3dHMmtLdyJ9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAMVDC2tT9rj9Hl-kaufruPnprg0Q68dI6Hbi2XmzmxOCAiAIxc2orxdPLTwFDV0U7sByEDE2TLEpJKBmM9SSTGvK02N4NWOBWQInMIICIzCCAcigAwIBAgIRAM_0IoaX1uWsR0gLI5BnfwUwCgYIKoZIzj0EAwIwYjEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxJTAjBgNVBAsMHEF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24gQ0ExCzAJBgNVBAYTAkFBMCAXDTI0MDEwMTAwMDAwMFoYDzMwMjQwMTAxMDAwMDAwWjBfMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCQUEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4Wq95DIJAN8_p_FarjXzm-_r_Lj_nyNdFc0w8bjxs6IDVBczbHiw3OGgOb0n0deTY0LbCkGDm4NemOS-2kJTOo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAdBgNVHQ4EFgQU-o-BwtzA4ZSuUDTH553PbZ2Fk-IwHwYDVR0jBBgwFoAURa_3FbDdeGdB_umW68FlR6OTGx4wCgYIKoZIzj0EAwIDSQAwRgIhAOdh9UIVrZLyfCwUue6j456MIkKegz7Lpb6RiYeqcuDmAiEA1acU30ecI4WGt9nmaE6oSZEIcDiw_vaim1e2a3TfBf1oYXV0aERhdGFYm7-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1WQAAAABByROu2pJf4CJzMi40wq5nACAiT83jJOawde3lUJiiS53c5fWnxx0jcD79Uoo4-KXzPKQBAQM4NCAHIVg5gFHvT5RnC1q_F9oulVi6brqU64cENjkVtNZm3ih60ynenx8HUhGrpgLcbnpeUrFajuHJhKn4iHOA", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-es256/auth-req.json b/tests/integration/w3c-packed-es256/auth-req.json new file mode 100644 index 0000000..9010d1b --- /dev/null +++ b/tests/integration/w3c-packed-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "sRBvpGpXvvF4FRHAVX3ImKA0E9Xw8X0kRjDBlMfhrbU" + } +} diff --git a/tests/integration/w3c-packed-es256/auth-res.json b/tests/integration/w3c-packed-es256/auth-res.json new file mode 100644 index 0000000..5d919f1 --- /dev/null +++ b/tests/integration/w3c-packed-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "yab1s0YtAoc_6gxWhiI0-Z8IFygITlEbt3YCAaiQVKU", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUNAAAAAA", + "signature": "MEUCIGlJadPuko3m8C7yOpxkTX13mRZFFzSpS0MlQvSYoevpAiEAiwgZyCQhipcVLNCZxVv7FHeynZAKSaZAGDFPm_zNoWM", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoic1JCdnBHcFh2dkY0RlJIQVZYM0ltS0EwRTlYdzhYMGtSakRCbE1maHJiVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogQVpNd3lNeEliRDgtdWd1Rk5wNnI4USJ9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-es256/metadata.json b/tests/integration/w3c-packed-es256/metadata.json new file mode 100644 index 0000000..28b81f6 --- /dev/null +++ b/tests/integration/w3c-packed-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "yab1s0YtAoc_6gxWhiI0-Z8IFygITlEbt3YCAaiQVKU", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-es256/reg-req.json b/tests/integration/w3c-packed-es256/reg-req.json new file mode 100644 index 0000000..66b9393 --- /dev/null +++ b/tests/integration/w3c-packed-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "wRhKX934BF4T3Ef1S2H1pla2ZrWQGPFthw6SVumVIBI" + } +} diff --git a/tests/integration/w3c-packed-es256/reg-res.json b/tests/integration/w3c-packed-es256/reg-res.json new file mode 100644 index 0000000..fee8d4a --- /dev/null +++ b/tests/integration/w3c-packed-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "yab1s0YtAoc_6gxWhiI0-Z8IFygITlEbt3YCAaiQVKU", + "rawId": "yab1s0YtAoc_6gxWhiI0-Z8IFygITlEbt3YCAaiQVKU", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoid1JoS1g5MzRCRjRUM0VmMVMySDFwbGEyWnJXUUdQRnRodzZTVnVtVklCSSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogOWE4Yk5ZaktDZ1dyQlhVLWZDbDFhZyJ9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIgPxnsSyKfRquMRe_ym5BP8QwDkNxAvxIW8Ep49M66NCUCIQD-cEGjJ1mv8FoPnybHCpmceihEUbqJI0odNIPCXiGSW2N4NWOBWQIlMIICITCCAcigAwIBAgIRAIjCIPg8jvH-r-lN6uRfqtAwCgYIKoZIzj0EAwIwYjEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxJTAjBgNVBAsMHEF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24gQ0ExCzAJBgNVBAYTAkFBMCAXDTI0MDEwMTAwMDAwMFoYDzMwMjQwMTAxMDAwMDAwWjBfMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCQUEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASpG6Q4lAndOKQoFBlAyo_rGsDXtDUFWBBKN3ekkyLzeYRA83izOYqy07t7-RMiyS6yNVb1mtCoNv7Ex2Y7Dk3Do2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAdBgNVHQ4EFgQUpYm6ctBghCqxH3T7JGve2rFvm5swHwYDVR0jBBgwFoAURa_3FbDdeGdB_umW68FlR6OTGx4wCgYIKoZIzj0EAwIDRwAwRAIgFya52F7Nil7VEWNyLKOiCIb9myQqCqBFPUQhFgdd79UCIH70ceUwrIeWGoin8NDBewkf_GuSONMPefY1tBe-WRDnaGF1dGhEYXRhWKS_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktU0AAAAAh2yk9SBxw-myVQnvLN9-1gAgyab1s0YtAoc_6gxWhiI0-Z8IFygITlEbt3YCAaiQVKWlAQIDJiABIVggHPJ_JdpZEgikI5wuMk8QT1hVJUeaKe3u3YMPSOd66uUiWCBZ5LfabAEG4gbOOQyTq5ihWl7DiH5X8Mwr7OgDuSDEIw", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-es384/auth-req.json b/tests/integration/w3c-packed-es384/auth-req.json new file mode 100644 index 0000000..0075437 --- /dev/null +++ b/tests/integration/w3c-packed-es384/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "_0HD0l29iWb7YeKO9eRwQeE37SaFIEEtdiAroK0tFFM" + } +} diff --git a/tests/integration/w3c-packed-es384/auth-res.json b/tests/integration/w3c-packed-es384/auth-res.json new file mode 100644 index 0000000..ec462f3 --- /dev/null +++ b/tests/integration/w3c-packed-es384/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "lTri3Z8osaHVgCyD4fZYM7uXaaCN6C2BK8J8E_xvBqk", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUNAAAAAA", + "signature": "MGUCMQDk77tGdF7QDmfE1Rqyusqyr2L_qLfF_s7G19m_JYInUDSnE6PdcxaF7uga369qpj8CMBYWVTU_B-AYo8JTn43nyMTPiNTDLSvin-Tnb6CW7MlFi7_giV1XEpqzJBMObwaS2w", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiXzBIRDBsMjlpV2I3WWVLTzllUndRZUUzN1NhRklFRXRkaUFyb0swdEZGTSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-es384/metadata.json b/tests/integration/w3c-packed-es384/metadata.json new file mode 100644 index 0000000..2214b6d --- /dev/null +++ b/tests/integration/w3c-packed-es384/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "lTri3Z8osaHVgCyD4fZYM7uXaaCN6C2BK8J8E_xvBqk", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-es384/reg-req.json b/tests/integration/w3c-packed-es384/reg-req.json new file mode 100644 index 0000000..5d6958c --- /dev/null +++ b/tests/integration/w3c-packed-es384/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "VnsDCz4Ya8HRad1Ft5-eDYbx_WNHTaPq3lvbjbN5oMM" + } +} diff --git a/tests/integration/w3c-packed-es384/reg-res.json b/tests/integration/w3c-packed-es384/reg-res.json new file mode 100644 index 0000000..06b51d9 --- /dev/null +++ b/tests/integration/w3c-packed-es384/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "lTri3Z8osaHVgCyD4fZYM7uXaaCN6C2BK8J8E_xvBqk", + "rawId": "lTri3Z8osaHVgCyD4fZYM7uXaaCN6C2BK8J8E_xvBqk", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVm5zREN6NFlhOEhSYWQxRnQ1LWVEWWJ4X1dOSFRhUHEzbHZiamJONW9NTSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAMVuzJcLeEODPg9GH94mIz9h6zlRYdSBVYwIucbtYWdbAiAp9eBQM3Bc0PmwoH4UlGjsMIpPhJBkCe_c6x2iCnUY1mN4NWOBWQIlMIICITCCAcegAwIBAgIQPQpViLuH67HUzuShgHwbfDAKBggqhkjOPQQDAjBiMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzElMCMGA1UECwwcQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbiBDQTELMAkGA1UEBhMCQUEwIBcNMjQwMTAxMDAwMDAwWhgPMzAyNDAxMDEwMDAwMDBaMF8xHjAcBgNVBAMMFVdlYkF1dGhuIHRlc3QgdmVjdG9yczEMMAoGA1UECgwDVzNDMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJBQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBflzJHWdtNw42qn3kDCWqy0WjhF8T0pMgiOziJwubQxJBwhnCLQwlbJQ4reAPLAXmL475Brm5l66fPEYMLbZvWjYDBeMAwGA1UdEwEB_wQCMAAwDgYDVR0PAQH_BAQDAgeAMB0GA1UdDgQWBBTHyN2VOCoiMOTA3TZkM4-pCBaanDAfBgNVHSMEGDAWgBRFr_cVsN14Z0H-6ZbrwWVHo5MbHjAKBggqhkjOPQQDAgNIADBFAiBUBozJrgOJN7fEaMMH7bnGkn_962ogBwxIPrQDMPmfEAIhAM9BlTkZw8BGk9ax9CphN1PyBOcOhfxumxcDYXC4NZbgaGF1dGhEYXRhWMW_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktVkAAAAA6VDc2jva4dCHzaOAqJeEiwAglTri3Z8osaHVgCyD4fZYM7uXaaCN6C2BK8J8E_xvBqmlAQIDOCIgAiFYMEhmvYsB2nienrgG5eqwWuWmOFQilqsFei8bvOm1j4oIuRcTkLWKN6x__8LF9FhX2iJYMCoLAkx_S3IHKh-WvTCnJhqulXHdOYcOsp5VwJQcawjolimh6hIWqmTOV8KAe_OQGg", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-es512/auth-req.json b/tests/integration/w3c-packed-es512/auth-req.json new file mode 100644 index 0000000..1a0cb08 --- /dev/null +++ b/tests/integration/w3c-packed-es512/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "CNMZDG3LPU8MtlmgMzv16hJN3zagzTPVIEsNeiKozCby5PFp0gAoXHez-yLg8cf0mofUvi0l6S15eAjdqqm1cV79OmrakznTBSpofbxdL4yHGwRR4GkfV60ThUG3ty56qJM3KewcZkvy5N7a4WFtCOzvqAoqU7EDZjzlqIEEiCk" + } +} diff --git a/tests/integration/w3c-packed-es512/auth-res.json b/tests/integration/w3c-packed-es512/auth-res.json new file mode 100644 index 0000000..13e73bf --- /dev/null +++ b/tests/integration/w3c-packed-es512/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "0X1a9-PzfFZiKmfIRiyeHGM238y4th01ncRzeNuljOQ", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUZAAAAAA", + "signature": "MIGHAkIAm9oC_jhOd7y5-0KwfDlbelPsnZYW3QMIq4SVwhQcg2TH0W4hKkpPuOOYf_bJnq_WTYSE_SjD_Hlo9lipAz0bsbgCQWOD6fPuIMaRtmYgKZ_vNr6i3005ySsurZL1jnt5qw2YZNLr87Dcxm6hMjRJLM7m6dQh20PJWby5TBYtyUlBNsn2", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiQ05NWkRHM0xQVThNdGxtZ016djE2aEpOM3phZ3pUUFZJRXNOZWlLb3pDYnk1UEZwMGdBb1hIZXoteUxnOGNmMG1vZlV2aTBsNlMxNWVBamRxcW0xY1Y3OU9tcmFrem5UQlNwb2ZieGRMNHlIR3dSUjRHa2ZWNjBUaFVHM3R5NTZxSk0zS2V3Y1prdnk1TjdhNFdGdENPenZxQW9xVTdFRFpqemxxSUVFaUNrIiwib3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLm9yZyIsImNyb3NzT3JpZ2luIjpmYWxzZX0" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-es512/metadata.json b/tests/integration/w3c-packed-es512/metadata.json new file mode 100644 index 0000000..7ee6a10 --- /dev/null +++ b/tests/integration/w3c-packed-es512/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "0X1a9-PzfFZiKmfIRiyeHGM238y4th01ncRzeNuljOQ", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-es512/reg-req.json b/tests/integration/w3c-packed-es512/reg-req.json new file mode 100644 index 0000000..14c7148 --- /dev/null +++ b/tests/integration/w3c-packed-es512/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "TuIgzZKwfhFFHLTCAcV1W9h5hI5JKpsS15E1xidk3C_Sjq1ICMr-WtHej6ngjUqO6v6k37Mzh3sCvFA_R107DBOUp2g7qvTyR3gp97jPdQlImFVYdIwHMGg5b8_c0_JFvyA45rs411MnaKrRO-jBGPcnci50JhOQQenKylA4hMU" + } +} diff --git a/tests/integration/w3c-packed-es512/reg-res.json b/tests/integration/w3c-packed-es512/reg-res.json new file mode 100644 index 0000000..0990b8e --- /dev/null +++ b/tests/integration/w3c-packed-es512/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "0X1a9-PzfFZiKmfIRiyeHGM238y4th01ncRzeNuljOQ", + "rawId": "0X1a9-PzfFZiKmfIRiyeHGM238y4th01ncRzeNuljOQ", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiVHVJZ3paS3dmaEZGSExUQ0FjVjFXOWg1aEk1Sktwc1MxNUUxeGlkazNDX1NqcTFJQ01yLVd0SGVqNm5nalVxTzZ2NmszN016aDNzQ3ZGQV9SMTA3REJPVXAyZzdxdlR5UjNncDk3alBkUWxJbUZWWWRJd0hNR2c1YjhfYzBfSkZ2eUE0NXJzNDExTW5hS3JSTy1qQkdQY25jaTUwSmhPUVFlbkt5bEE0aE1VIiwib3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLm9yZyIsImNyb3NzT3JpZ2luIjpmYWxzZSwiZXh0cmFEYXRhIjoiY2xpZW50RGF0YUpTT04gbWF5IGJlIGV4dGVuZGVkIHdpdGggYWRkaXRpb25hbCBmaWVsZHMgaW4gdGhlIGZ1dHVyZSwgc3VjaCBhcyB0aGlzOiBvM3FWak9MMnRUV200R3hreklfUWdnIn0", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAM4Vj2wEqlwUwN0-EQPPk2ZIlvtcM3pm29fboxVG_w1BAiBxy80NO44him0FN04O-AMTKdJQWQAqwWA9AtX9igopy2N4NWOBWQInMIICIzCCAcigAwIBAgIRAIoSi36-UrmTg1d55tm4E1UwCgYIKoZIzj0EAwIwYjEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxJTAjBgNVBAsMHEF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24gQ0ExCzAJBgNVBAYTAkFBMCAXDTI0MDEwMTAwMDAwMFoYDzMwMjQwMTAxMDAwMDAwWjBfMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCQUEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASUC2iIUpFTbi98YMBaz7JS5-689DBEJd2Tq3sZYvIEkr8Y3A8ShiWZ6B-3ZKySFR-aePy7NdeibIxSlJsYEzwGo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAdBgNVHQ4EFgQUP_rYY6vNPcVxe4olIYn0Gvl-fzEwHwYDVR0jBBgwFoAURa_3FbDdeGdB_umW68FlR6OTGx4wCgYIKoZIzj0EAwIDSQAwRgIhAIMsi2TE8BiL0y4b7GPhMwHNwDFl0--EDR89q7mlcZ-DAiEArdV6nVvt7JjykiLfyX6nldBV7hOgKhU9Ar6c4Art65FoYXV0aERhdGFY6b-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1TQAAAAA52M5qPPYQJXdQg6c45cJUACDRfVr34_N8VmIqZ8hGLJ4cYzbfzLi2HTWdxHN426WM5KUBAgM4IyADIVhCAIMkCiw60ho9wKbao9i8BaRtfNmCW6AQrioiaGwtbWY9fV9niYf7HnZ1QuY9wZeukV4l-O4oRlGvKQZpEKLMCD9QIlhCAXM330erXM5dcW74yv-pejASaJsfMm6mxDobqVlscvcfASI5AUNVK0K-dytMNf-5YSIMdDtIamAepMttVBL1sHjT", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-rs256/auth-req.json b/tests/integration/w3c-packed-rs256/auth-req.json new file mode 100644 index 0000000..9feec79 --- /dev/null +++ b/tests/integration/w3c-packed-rs256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "KV9Z9fqP5ixayp4nYmx4yNo3aubYzS3SmuutYB4bxMU" + } +} diff --git a/tests/integration/w3c-packed-rs256/auth-res.json b/tests/integration/w3c-packed-rs256/auth-res.json new file mode 100644 index 0000000..e281316 --- /dev/null +++ b/tests/integration/w3c-packed-rs256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "mSoYrMg_Z1M2AMETiktMS9I23hNinPAl7RfLALALdN8", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUZAAAAAA", + "signature": "AQY9UtfDm01DL8cGPF2T5YK9yxaInNcfiI1n2IDqcwpChJjTvI4e4R8rHsvmwpKxGMVf-q3e-oytClTdE3xR8e7Gc_G7bE0XidaCaiIrItD1hfyQH9yTMhLledGZuJ1nKqRIkTM-ahNVU2Al6CslWQJWw1OCKbVXNwg7L2uTd-SeJHLxGVL3n90NoYC1_9kBtASajwgbtAcRvvdsYq7ZQ1cfLQV1MEy1SdaNiJL5UIajD5Nxau6Bj43AbpbA1eDtTPqf2Hc9kEZLaM8UD3mGZm_5yeMwKs0FNdYNdp9GXiq1fviqvIn8z-97oypkFUqLPSa-Ipj0cLjMU3fb49_UsLRfjwHmO95s_Ha2J3H5twqifPQBUsrZOqWs14T9S5D2duLqgo0L8kAK67quQVPlg49Tf4i2IoNGeCqTqJm-Zux33kWz788xHaYyHJLmsM0Rv-ZTvz6YzujjQfAtZ9u2-cmNnoF4CQz7W3D7xtVBWZrHlK4vHU3hKG7I3owtr3sdFchDjpDZJN9cGQRSIKTIQ4wbl5u-AWzz0O7sI8OZnUiCzGRbd23pMHVmEs3G3TmBYP8Cpg", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiS1Y5WjlmcVA1aXhheXA0bllteDR5Tm8zYXViWXpTM1NtdXV0WUI0YnhNVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-rs256/metadata.json b/tests/integration/w3c-packed-rs256/metadata.json new file mode 100644 index 0000000..36c6dd1 --- /dev/null +++ b/tests/integration/w3c-packed-rs256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "mSoYrMg_Z1M2AMETiktMS9I23hNinPAl7RfLALALdN8", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-rs256/reg-req.json b/tests/integration/w3c-packed-rs256/reg-req.json new file mode 100644 index 0000000..46d9e97 --- /dev/null +++ b/tests/integration/w3c-packed-rs256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "vqjwdwAJvVfywN9v6p90Oifkthu-kjyGLHqtep_I5KY" + } +} diff --git a/tests/integration/w3c-packed-rs256/reg-res.json b/tests/integration/w3c-packed-rs256/reg-res.json new file mode 100644 index 0000000..9a85ce4 --- /dev/null +++ b/tests/integration/w3c-packed-rs256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "mSoYrMg_Z1M2AMETiktMS9I23hNinPAl7RfLALALdN8", + "rawId": "mSoYrMg_Z1M2AMETiktMS9I23hNinPAl7RfLALALdN8", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoidnFqd2R3QUp2VmZ5d045djZwOTBPaWZrdGh1LWtqeUdMSHF0ZXBfSTVLWSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAIuMXG6owULAMuC-aeE1PURGHFyRCZQc3alRuXbrlbazAiBNUvQGwZ4lSz_5WJvRgHD7BVrI2xL90KZzS-qdcWjpAGN4NWOBWQImMIICIjCCAcegAwIBAgIQH2-3pezoG0WJa5g6mV2l8zAKBggqhkjOPQQDAjBiMR4wHAYDVQQDDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMxDDAKBgNVBAoMA1czQzElMCMGA1UECwwcQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbiBDQTELMAkGA1UEBhMCQUEwIBcNMjQwMTAxMDAwMDAwWhgPMzAyNDAxMDEwMDAwMDBaMF8xHjAcBgNVBAMMFVdlYkF1dGhuIHRlc3QgdmVjdG9yczEMMAoGA1UECgwDVzNDMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJBQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLeza3VCoREgtEPHlNDJn9wloGt2WGQT2B4IYWPvb-FHpVevw04oYdkFfW1GXUcFoDEFUL3utfNe41uUJauFmYGjYDBeMAwGA1UdEwEB_wQCMAAwDgYDVR0PAQH_BAQDAgeAMB0GA1UdDgQWBBT7N7ZHvM-55U2YnqqswWM4aHA_szAfBgNVHSMEGDAWgBRFr_cVsN14Z0H-6ZbrwWVHo5MbHjAKBggqhkjOPQQDAgNJADBGAiEAuGvBKdkq_KfZhpo59w8TmjBbQHOjnrZU2BQkvtV1fZECIQDPn3xgyrfEp9Pn8AIPKBqT1P0Kn5USG5ifVpMqaIhfumhhdXRoRGF0YVkCG7-rw3QylYsGM2DTrWRhycRzWuf47dRlkqXg8BRSsuS1XQAAAABCj4h4KYuYYqNq2MdSe_7yACCZKhisyD9nUzYAwROKS0xL0jbeE2Kc8CXtF8sAsAt036QBAwM5AQAgWQG0A_____________________________________________________________________________________________________________________________________________________________________________________________________________________f_________________________________________________________________________________________________________________________________________________________gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASFDAQAB", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-packed-self-es256/auth-req.json b/tests/integration/w3c-packed-self-es256/auth-req.json new file mode 100644 index 0000000..afbdc97 --- /dev/null +++ b/tests/integration/w3c-packed-self-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "RHihCxNSNI3RYME1Ow1Gm12xnrkcJ_ffpv7Tn-Jq8gs" + } +} diff --git a/tests/integration/w3c-packed-self-es256/auth-res.json b/tests/integration/w3c-packed-self-es256/auth-res.json new file mode 100644 index 0000000..b6e6385 --- /dev/null +++ b/tests/integration/w3c-packed-self-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "RV7zTiBDqH2z1K_rObvLbMMt-TR8eJqGXs3KEpy-9Yw", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUJAAAAAA", + "signature": "MEQCIDMQuUMZA8QB8b4r3I0jpAB2gtu93PhGmUlHt_Rl2vhAAiBOlN0ABHsxYGGzuZdyt-_ZWZSoPvWEs7a4Jeo1UCUbZg", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiUkhpaEN4TlNOSTNSWU1FMU93MUdtMTJ4bnJrY0pfZmZwdjdUbi1KcThncyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogZ1RiNTNyejZFaFNXb21YR3ppbUMxUSJ9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-packed-self-es256/metadata.json b/tests/integration/w3c-packed-self-es256/metadata.json new file mode 100644 index 0000000..d087e5b --- /dev/null +++ b/tests/integration/w3c-packed-self-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "RV7zTiBDqH2z1K_rObvLbMMt-TR8eJqGXs3KEpy-9Yw", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-packed-self-es256/reg-req.json b/tests/integration/w3c-packed-self-es256/reg-req.json new file mode 100644 index 0000000..7d64101 --- /dev/null +++ b/tests/integration/w3c-packed-self-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "eGnCt3LUtY66k3jPjynibPk1qnffDaifqZwL3Ap29-U" + } +} diff --git a/tests/integration/w3c-packed-self-es256/reg-res.json b/tests/integration/w3c-packed-self-es256/reg-res.json new file mode 100644 index 0000000..c2b6bb7 --- /dev/null +++ b/tests/integration/w3c-packed-self-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "RV7zTiBDqH2z1K_rObvLbMMt-TR8eJqGXs3KEpy-9Yw", + "rawId": "RV7zTiBDqH2z1K_rObvLbMMt-TR8eJqGXs3KEpy-9Yw", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiZUduQ3QzTFV0WTY2azNqUGp5bmliUGsxcW5mZkRhaWZxWndMM0FwMjktVSIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2UsImV4dHJhRGF0YSI6ImNsaWVudERhdGFKU09OIG1heSBiZSBleHRlbmRlZCB3aXRoIGFkZGl0aW9uYWwgZmllbGRzIGluIHRoZSBmdXR1cmUsIHN1Y2ggYXMgdGhpczogVTloVFh2S0UyVVJrTW5iXzB4WUhWZyJ9", + "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEYwRAIgBnogdUq5JQBdvzeAl8khIAMVgccyKNH7T1uIG819qYMCIH_HsUdVjHwOujrxi9nRIfo9OibRf-PyICchePRztgBtaGF1dGhEYXRhWKS_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktV0AAAAA34UOCdtq-9-rUWl3kVBs_AAgRV7zTiBDqH2z1K_rObvLbMMt-TR8eJqGXs3KEpy-9YylAQIDJiABIVgg6xUcgXayJcxlFVn-zwevRQ_YWAIEZlazTBj2zxk4Q8UiWCCSe4qkJ6K-G4g00jOi009h8Tv9RBGcMl1YluGD_uSE8g", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} diff --git a/tests/integration/w3c-tpm-es256/auth-req.json b/tests/integration/w3c-tpm-es256/auth-req.json new file mode 100644 index 0000000..5802787 --- /dev/null +++ b/tests/integration/w3c-tpm-es256/auth-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "AAk7ZsIdW16J96BwghGJB-o-UC00OzFLjFpU1i2yAvs" + } +} diff --git a/tests/integration/w3c-tpm-es256/auth-res.json b/tests/integration/w3c-tpm-es256/auth-res.json new file mode 100644 index 0000000..f2ba2ec --- /dev/null +++ b/tests/integration/w3c-tpm-es256/auth-res.json @@ -0,0 +1,9 @@ +{ + "rawId": "7Ce-x1IciUu7ghEF6jckyQ53DPH6NUFX7xjQ8Y94vqk", + "response": { + "authenticatorData": "v6vDdDKViwYzYNOtZGHJxHNa5_jt1GWSpeDwFFKy5LUNAAAAAA", + "signature": "MEUCIGDcdrFgfscWxuXrqNBWaV7WvEey49enKcNOdZ46tmqgAiEA0BCp6P3ctkxDnf3KYo3bM88kXVZ9FX2fZvlCYBvtmzg", + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiQUFrN1pzSWRXMTZKOTZCd2doR0pCLW8tVUMwME96RkxqRnBVMWkyeUF2cyIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9" + }, + "type": "public-key" +} diff --git a/tests/integration/w3c-tpm-es256/metadata.json b/tests/integration/w3c-tpm-es256/metadata.json new file mode 100644 index 0000000..004fb71 --- /dev/null +++ b/tests/integration/w3c-tpm-es256/metadata.json @@ -0,0 +1,4 @@ +{ + "id": "7Ce-x1IciUu7ghEF6jckyQ53DPH6NUFX7xjQ8Y94vqk", + "origin": "https://example.org" +} diff --git a/tests/integration/w3c-tpm-es256/reg-req.json b/tests/integration/w3c-tpm-es256/reg-req.json new file mode 100644 index 0000000..a1498d4 --- /dev/null +++ b/tests/integration/w3c-tpm-es256/reg-req.json @@ -0,0 +1,5 @@ +{ + "publicKey": { + "challenge": "z8gs3xzu6HYSCqiPA2TwkQGTRgz7l6MXsv4JBpT5opk" + } +} diff --git a/tests/integration/w3c-tpm-es256/reg-res.json b/tests/integration/w3c-tpm-es256/reg-res.json new file mode 100644 index 0000000..1dea8dc --- /dev/null +++ b/tests/integration/w3c-tpm-es256/reg-res.json @@ -0,0 +1,11 @@ +{ + "id": "7Ce-x1IciUu7ghEF6jckyQ53DPH6NUFX7xjQ8Y94vqk", + "rawId": "7Ce-x1IciUu7ghEF6jckyQ53DPH6NUFX7xjQ8Y94vqk", + "response": { + "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiejhnczN4enU2SFlTQ3FpUEEyVHdrUUdUUmd6N2w2TVhzdjRKQnBUNW9wayIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5vcmciLCJjcm9zc09yaWdpbiI6ZmFsc2V9", + "attestationObject": "o2NmbXRjdHBtZ2F0dFN0bXSmY2FsZyZjc2lnWEYwRAIgZuWCamUgkQMP1ETjPD7KK8bcVIzzBFATrds4qmRXohACID86XJXJ5wfQ5VUEG8yGmO5OvATibMi65FlwVHF4mFF2Y3ZlcmMyLjBjeDVjgVkCOjCCAjYwggHcoAMCAQICEDEfxC2gqxDEOpsb86deNOIwCgYIKoZIzj0EAwIwYjEeMBwGA1UEAwwVV2ViQXV0aG4gdGVzdCB2ZWN0b3JzMQwwCgYDVQQKDANXM0MxJTAjBgNVBAsMHEF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24gQ0ExCzAJBgNVBAYTAkFBMCAXDTI0MDEwMTAwMDAwMFoYDzMwMjQwMTAxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExU4_EJCU9g12mbfbXYOFaf_R8-HJ6JfNnrQAY_lALj6ZN-k2zx_NXrdD_0Q8l6su3NfI4ObPbP1BO4qxn_-naaOB0zCB0DAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAdBgNVHQ4EFgQUX1Rstpc9SYHoD83HRjhZ9YeWgOQwHwYDVR0jBBgwFoAURa_3FbDdeGdB_umW68FlR6OTGx4wEAYDVR0lBAkwBwYFZ4EFCAMwXgYDVR0RAQH_BFQwUqRQME4xTDAUBgVngQUCAQwLaWQ6MDAwMDAwMDAwFAYFZ4EFAgMMC2lkOjAwMDAwMDAwMB4GBWeBBQICDBVXZWJBdXRobiB0ZXN0IHZlY3RvcnMwCgYIKoZIzj0EAwIDSAAwRQIgY8mieXuAZvHbNN1gnxq2aVYH56mOn_gJCmiFPJqfyUkCIQClWDGjn1uKKqmmiDeCnKv0P-oqXOpIWa6FHKx45qw-l2dwdWJBcmVhWFYAIwALAAQAAAAAABAAEAADABAAIEEgJpjJ2XU_tLs_J80J_muK_bdkOO4q5U18na3hDYZLACDYc1EVzbMwpj6h1uQ9UAD0vVb5m86D7h1zMB_CcBFtB2hjZXJ0SW5mb1hp_1RDR4AXAAAAICd9DgVXndATIVpiJz9_Oj5-GR6tJlSjA211paPuN6awAAAAAAAAAAARERERIiIiIjMAAAAAAAAAAAAiAAucQtiq1ZOTMbmvNxGvF58XEjF4CYyafQyon80fyADzxwAAaGF1dGhEYXRhWKS_q8N0MpWLBjNg061kYcnEc1rn-O3UZZKl4PAUUrLktU0AAAAAS5Kjd_xfYQfEyFwZCtv9mQAg7Ce-x1IciUu7ghEF6jckyQ53DPH6NUFX7xjQ8Y94vqmlAQIDJiABIVggQSAmmMnZdT-0uz8nzQn-a4r9t2Q47irlTXydreENhksiWCDYc1EVzbMwpj6h1uQ9UAD0vVb5m86D7h1zMB_CcBFtBw", + "transports": [] + }, + "type": "public-key", + "authenticatorAttachment": "" +} From 7adc74b0fadf3766a998ef74ea57de29768819aa Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:06:40 -0800 Subject: [PATCH 2/7] Add ES384 support and fix Packed attestation algorithm handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Uncomment EcdsaSha384 (-35) in COSE Algorithm enum - Add P384 curve OID, coordinate size, and parameters to COSE Curve - Generalize EllipticCurve to support variable coordinate sizes - Add Algorithm::getOpenSslAlgorithm() to map COSE algorithms to OpenSSL digest constants - Fix Packed attestation: only require attStmt.alg == credential algorithm for self-attestation (not x5c), per spec §8.2 - Use algorithm-aware digest in GetResponse signature verification Co-Authored-By: Claude Opus 4.5 --- src/Attestations/Packed.php | 13 ++++++++---- src/COSE/Algorithm.php | 13 +++++++++++- src/COSE/Curve.php | 16 +++++++++++++++ src/GetResponse.php | 3 ++- src/PublicKey/EllipticCurve.php | 36 +++++++++++++++++---------------- 5 files changed, 58 insertions(+), 23 deletions(-) diff --git a/src/Attestations/Packed.php b/src/Attestations/Packed.php index 9011940..30372e4 100644 --- a/src/Attestations/Packed.php +++ b/src/Attestations/Packed.php @@ -58,8 +58,8 @@ public function verify(AuthenticatorData $data, BinaryString $clientDataHash): V $acd = $data->getAttestedCredentialData(); $alg = COSE\Algorithm::tryFrom($this->data['alg']); - if ($alg !== $acd->coseKey->algorithm) { - throw new Exception('8.2/v3.a'); + if ($alg === null) { + throw new Exception('8.2/v2: unknown algorithm'); } if (array_key_exists('x5c', $this->data)) { @@ -73,7 +73,7 @@ public function verify(AuthenticatorData $data, BinaryString $clientDataHash): V $signedData->unwrap(), $this->data['sig'], $certPubKey, - OPENSSL_ALGO_SHA256, + $alg->getOpenSslAlgorithm(), ); // Verify that `sig` is a valid signature over ... @@ -144,13 +144,18 @@ public function verify(AuthenticatorData $data, BinaryString $clientDataHash): V ]); } else { // Self attestation in use + // §8.2/v4.a: alg must match credential key algorithm + if ($alg !== $acd->coseKey->algorithm) { + throw new Exception('8.2/v4.a'); + } + $credentialPublicKey = $acd->coseKey->getPublicKey(); $result = openssl_verify( $signedData->unwrap(), $this->data['sig'], $credentialPublicKey->getPemFormatted(), - OPENSSL_ALGO_SHA256, + $alg->getOpenSslAlgorithm(), ); if ($result !== 1) { diff --git a/src/COSE/Algorithm.php b/src/COSE/Algorithm.php index 887ecab..45e7754 100644 --- a/src/COSE/Algorithm.php +++ b/src/COSE/Algorithm.php @@ -16,9 +16,20 @@ enum Algorithm: int { case EcdsaSha256 = -7; - // case EcdsaSha384 = -35; + case EcdsaSha384 = -35; // case EcdsaSha512 = -36; // section 8.2: EdDSA = -8; case Rs256 = -257; + + /** + * Returns the OpenSSL algorithm constant for signature verification. + */ + public function getOpenSslAlgorithm(): int + { + return match ($this) { + self::EcdsaSha256, self::Rs256 => \OPENSSL_ALGO_SHA256, + self::EcdsaSha384 => \OPENSSL_ALGO_SHA384, + }; + } } diff --git a/src/COSE/Curve.php b/src/COSE/Curve.php index 9228e83..b3538cd 100644 --- a/src/COSE/Curve.php +++ b/src/COSE/Curve.php @@ -42,6 +42,19 @@ public function getOid(): string { return match ($this) { self::P256 => '1.2.840.10045.3.1.7', + self::P384 => '1.3.132.0.34', + default => throw new UnhandledMatchError('Curve unsupported'), + }; + } + + /** + * Returns the coordinate size in bytes for this curve. + */ + public function getCoordinateSize(): int + { + return match ($this) { + self::P256 => 32, + self::P384 => 48, default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -52,6 +65,7 @@ public function getA(): GMP { return match ($this) { self::P256 => gmp_init('0xFFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFC'), + self::P384 => gmp_init('0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFC'), default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -60,6 +74,7 @@ public function getB(): GMP { return match ($this) { self::P256 => gmp_init('0x5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B'), + self::P384 => gmp_init('0xB3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF'), default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -68,6 +83,7 @@ public function getP(): GMP { return match ($this) { self::P256 => gmp_init('0xFFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF'), + self::P384 => gmp_init('0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFF'), default => throw new UnhandledMatchError('Curve unsupported'), }; } diff --git a/src/GetResponse.php b/src/GetResponse.php index 4e615b7..13b776b 100644 --- a/src/GetResponse.php +++ b/src/GetResponse.php @@ -168,6 +168,7 @@ public function verify( // 7.2.23 $credentialPublicKey = $credential->getPublicKey(); + $coseKey = new COSEKey($credential->getCoseCbor()); // Spec note: the signature is over the concatenation of the authData // and the hash of clientDataJSON. Due to the above checks (relying @@ -184,7 +185,7 @@ public function verify( $verificationData, $sig, $credentialPublicKey->getPemFormatted(), - \OPENSSL_ALGO_SHA256, + $coseKey->algorithm->getOpenSslAlgorithm(), ); if ($result !== 1) { $this->fail('7.2.23', 'Signature verification'); diff --git a/src/PublicKey/EllipticCurve.php b/src/PublicKey/EllipticCurve.php index 43d2bf4..d813126 100644 --- a/src/PublicKey/EllipticCurve.php +++ b/src/PublicKey/EllipticCurve.php @@ -43,11 +43,12 @@ public function __construct( private BinaryString $x, private BinaryString $y, ) { - if ($x->getLength() !== 32) { - throw new UnexpectedValueException('X-coordinate not 32 bytes'); + $coordinateSize = $curve->getCoordinateSize(); + if ($x->getLength() !== $coordinateSize) { + throw new UnexpectedValueException("X-coordinate not $coordinateSize bytes"); } - if ($y->getLength() !== 32) { - throw new UnexpectedValueException('Y-coordinate not 32 bytes'); + if ($y->getLength() !== $coordinateSize) { + throw new UnexpectedValueException("Y-coordinate not $coordinateSize bytes"); } if (!$this->isOnCurve()) { throw new VerificationError('5.8.5', 'Point not on curve'); @@ -67,22 +68,27 @@ public static function fromDecodedCbor(array $decoded): EllipticCurve assert(array_key_exists(COSEKey::INDEX_ALGORITHM, $decoded)); $algorithm = COSE\Algorithm::from($decoded[COSEKey::INDEX_ALGORITHM]); - // TODO: support other algorithms - if ($algorithm !== COSE\Algorithm::EcdsaSha256) { - throw new DomainException('Only ES256 is supported'); - } $curve = COSE\Curve::from($decoded[self::INDEX_CURVE]); // WebAuthn §5.8.5 - cross-reference curve to algorithm - assert($curve === COSE\Curve::P256); + $expectedCurve = match ($algorithm) { + COSE\Algorithm::EcdsaSha256 => COSE\Curve::P256, + COSE\Algorithm::EcdsaSha384 => COSE\Curve::P384, + default => throw new DomainException('Unsupported EC algorithm: ' . $algorithm->value), + }; + if ($curve !== $expectedCurve) { + throw new DomainException('Curve does not match algorithm'); + } + + $coordinateSize = $curve->getCoordinateSize(); - if (strlen($decoded[self::INDEX_X_COORDINATE]) !== 32) { - throw new DomainException('X coordinate not 32 bytes'); + if (strlen($decoded[self::INDEX_X_COORDINATE]) !== $coordinateSize) { + throw new DomainException("X coordinate not $coordinateSize bytes"); } $x = new BinaryString($decoded[self::INDEX_X_COORDINATE]); - if (strlen($decoded[self::INDEX_Y_COORDINATE]) !== 32) { - throw new DomainException('X coordinate not 32 bytes'); + if (strlen($decoded[self::INDEX_Y_COORDINATE]) !== $coordinateSize) { + throw new DomainException("Y coordinate not $coordinateSize bytes"); } $y = new BinaryString($decoded[self::INDEX_Y_COORDINATE]); @@ -117,10 +123,6 @@ public function getYCoordinate(): BinaryString // public key component public function getPemFormatted(): string { - if ($this->curve !== COSE\Curve::P256) { - throw new DomainException('Only P256 curves can be PEM-formatted so far'); - } - $asn = new ASN\Constructed\Sequence( new ASN\Constructed\Sequence( new ASN\Primitive\ObjectIdentifier(self::OID), From 81505e71743c7583b8415a81d37a9a440e7ce756 Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:12:49 -0800 Subject: [PATCH 3/7] Add ES512 (P-521) support Enable ECDSA with SHA-512 using the P-521 curve, including SEC 2 v2 curve parameters for on-curve validation and algorithm-to-curve mapping. Co-Authored-By: Claude Opus 4.5 --- src/COSE/Algorithm.php | 3 ++- src/COSE/Curve.php | 5 +++++ src/PublicKey/EllipticCurve.php | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/COSE/Algorithm.php b/src/COSE/Algorithm.php index 45e7754..29b04c5 100644 --- a/src/COSE/Algorithm.php +++ b/src/COSE/Algorithm.php @@ -17,7 +17,7 @@ enum Algorithm: int { case EcdsaSha256 = -7; case EcdsaSha384 = -35; - // case EcdsaSha512 = -36; + case EcdsaSha512 = -36; // section 8.2: EdDSA = -8; case Rs256 = -257; @@ -30,6 +30,7 @@ public function getOpenSslAlgorithm(): int return match ($this) { self::EcdsaSha256, self::Rs256 => \OPENSSL_ALGO_SHA256, self::EcdsaSha384 => \OPENSSL_ALGO_SHA384, + self::EcdsaSha512 => \OPENSSL_ALGO_SHA512, }; } } diff --git a/src/COSE/Curve.php b/src/COSE/Curve.php index b3538cd..6c36ed7 100644 --- a/src/COSE/Curve.php +++ b/src/COSE/Curve.php @@ -43,6 +43,7 @@ public function getOid(): string return match ($this) { self::P256 => '1.2.840.10045.3.1.7', self::P384 => '1.3.132.0.34', + self::P521 => '1.3.132.0.35', default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -55,6 +56,7 @@ public function getCoordinateSize(): int return match ($this) { self::P256 => 32, self::P384 => 48, + self::P521 => 66, default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -66,6 +68,7 @@ public function getA(): GMP return match ($this) { self::P256 => gmp_init('0xFFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFC'), self::P384 => gmp_init('0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFC'), + self::P521 => gmp_init('0x01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC'), default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -75,6 +78,7 @@ public function getB(): GMP return match ($this) { self::P256 => gmp_init('0x5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B'), self::P384 => gmp_init('0xB3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF'), + self::P521 => gmp_init('0x0051 953EB961 8E1C9A1F 929A21A0 B68540EE A2DA725B 99B315F3 B8B48991 8EF109E1 56193951 EC7E937B 1652C0BD 3BB1BF07 3573DF88 3D2C34F1 EF451FD4 6B503F00'), default => throw new UnhandledMatchError('Curve unsupported'), }; } @@ -84,6 +88,7 @@ public function getP(): GMP return match ($this) { self::P256 => gmp_init('0xFFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF'), self::P384 => gmp_init('0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFF'), + self::P521 => gmp_init('0x01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF'), default => throw new UnhandledMatchError('Curve unsupported'), }; } diff --git a/src/PublicKey/EllipticCurve.php b/src/PublicKey/EllipticCurve.php index d813126..880654c 100644 --- a/src/PublicKey/EllipticCurve.php +++ b/src/PublicKey/EllipticCurve.php @@ -74,6 +74,7 @@ public static function fromDecodedCbor(array $decoded): EllipticCurve $expectedCurve = match ($algorithm) { COSE\Algorithm::EcdsaSha256 => COSE\Curve::P256, COSE\Algorithm::EcdsaSha384 => COSE\Curve::P384, + COSE\Algorithm::EcdsaSha512 => COSE\Curve::P521, default => throw new DomainException('Unsupported EC algorithm: ' . $algorithm->value), }; if ($curve !== $expectedCurve) { From b82515c5dc31efce78b75f639ed23f2afeb5d1d4 Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:27:03 -0800 Subject: [PATCH 4/7] Add Ed25519 (OKP/EdDSA) support Enable OctetKeyPair key type with Ed25519 curve for EdDSA signatures. Adds OKP public key parsing, RFC 8410 PEM formatting, and wires up the EdDSA algorithm with appropriate OpenSSL verification. Co-Authored-By: Claude Opus 4.5 --- src/COSE/Algorithm.php | 6 ++- src/COSE/Curve.php | 6 ++- src/COSE/KeyType.php | 2 +- src/COSEKey.php | 5 +- src/PublicKey/OctetKeyPair.php | 88 ++++++++++++++++++++++++++++++++++ 5 files changed, 99 insertions(+), 8 deletions(-) create mode 100644 src/PublicKey/OctetKeyPair.php diff --git a/src/COSE/Algorithm.php b/src/COSE/Algorithm.php index 29b04c5..d19da2e 100644 --- a/src/COSE/Algorithm.php +++ b/src/COSE/Algorithm.php @@ -18,7 +18,7 @@ enum Algorithm: int case EcdsaSha256 = -7; case EcdsaSha384 = -35; case EcdsaSha512 = -36; - // section 8.2: EdDSA = -8; + case EdDSA = -8; case Rs256 = -257; @@ -31,6 +31,10 @@ public function getOpenSslAlgorithm(): int self::EcdsaSha256, self::Rs256 => \OPENSSL_ALGO_SHA256, self::EcdsaSha384 => \OPENSSL_ALGO_SHA384, self::EcdsaSha512 => \OPENSSL_ALGO_SHA512, + // EdDSA (Ed25519/Ed448) uses PureEdDSA which performs hashing + // internally. OpenSSL has no named constant for this; passing + // 0 tells openssl_verify to skip external digest computation. + self::EdDSA => 0, }; } } diff --git a/src/COSE/Curve.php b/src/COSE/Curve.php index 6c36ed7..ac2f9b4 100644 --- a/src/COSE/Curve.php +++ b/src/COSE/Curve.php @@ -36,14 +36,16 @@ enum Curve: int case ED448 = 7; // OKP - // RFC 5480 - // §2.1.1.1 OIDs for named curves + // EC curves: RFC 5480 §2.1.1.1 + // EdDSA curves: RFC 8410 §3 public function getOid(): string { return match ($this) { self::P256 => '1.2.840.10045.3.1.7', self::P384 => '1.3.132.0.34', self::P521 => '1.3.132.0.35', + self::ED25519 => '1.3.101.112', + self::ED448 => '1.3.101.113', default => throw new UnhandledMatchError('Curve unsupported'), }; } diff --git a/src/COSE/KeyType.php b/src/COSE/KeyType.php index 38de62e..9256c03 100644 --- a/src/COSE/KeyType.php +++ b/src/COSE/KeyType.php @@ -13,7 +13,7 @@ enum KeyType: int { // case Reserved = 0; - // case OctetKeyPair = 1; + case OctetKeyPair = 1; case EllipticCurve = 2; case Rsa = 3; // case Symmetric = 4; diff --git a/src/COSEKey.php b/src/COSEKey.php index 853b026..06204a5 100644 --- a/src/COSEKey.php +++ b/src/COSEKey.php @@ -53,15 +53,12 @@ public function __construct(public readonly BinaryString $cbor) $this->publicKey = match ($keyType) { COSE\KeyType::EllipticCurve => PublicKey\EllipticCurve::fromDecodedCbor($decodedCbor), COSE\KeyType::Rsa => PublicKey\RSA::fromDecodedCbor($decodedCbor), - // Other syntactially-valid key types exist, but the library - // doesn't handle them (yet?) + COSE\KeyType::OctetKeyPair => PublicKey\OctetKeyPair::fromDecodedCbor($decodedCbor), }; assert(array_key_exists(self::INDEX_ALGORITHM, $decodedCbor)); $this->algorithm = COSE\Algorithm::from($decodedCbor[self::INDEX_ALGORITHM]); - // Future: rfc8152/13.2 - // if keytype == .OctetKeyPair, set `x` and `d` } /** diff --git a/src/PublicKey/OctetKeyPair.php b/src/PublicKey/OctetKeyPair.php new file mode 100644 index 0000000..8959663 --- /dev/null +++ b/src/PublicKey/OctetKeyPair.php @@ -0,0 +1,88 @@ + Expected public key sizes in bytes */ + private const KEY_SIZES = [ + COSE\Curve::ED25519->value => 32, + COSE\Curve::ED448->value => 57, + ]; + + public function __construct( + private COSE\Curve $curve, + private BinaryString $x, + ) { + $expectedSize = self::KEY_SIZES[$curve->value] + ?? throw new DomainException('Unsupported OKP curve: ' . $curve->value); + if ($x->getLength() !== $expectedSize) { + throw new DomainException("Public key not $expectedSize bytes"); + } + } + + /** + * @param mixed[] $decoded + */ + public static function fromDecodedCbor(array $decoded): OctetKeyPair + { + // Checked upstream, but re-verify + assert(array_key_exists(COSEKey::INDEX_KEY_TYPE, $decoded)); + $type = COSE\KeyType::from($decoded[COSEKey::INDEX_KEY_TYPE]); + assert($type === COSE\KeyType::OctetKeyPair); + + assert(array_key_exists(COSEKey::INDEX_ALGORITHM, $decoded)); + $algorithm = COSE\Algorithm::from($decoded[COSEKey::INDEX_ALGORITHM]); + if ($algorithm !== COSE\Algorithm::EdDSA) { + throw new DomainException('Unsupported OKP algorithm: ' . $algorithm->value); + } + + $curve = COSE\Curve::from($decoded[self::INDEX_CURVE]); + if (!isset(self::KEY_SIZES[$curve->value])) { + throw new DomainException('Unsupported OKP curve: ' . $curve->value); + } + + $x = new BinaryString($decoded[self::INDEX_X_COORDINATE]); + + return new OctetKeyPair(curve: $curve, x: $x); + } + + // RFC 8410 §4 + public function getPemFormatted(): string + { + // SubjectPublicKeyInfo per RFC 8410 §4 + $asn = new ASN\Constructed\Sequence( + new ASN\Constructed\Sequence( + new ASN\Primitive\ObjectIdentifier($this->curve->getOid()), + ), + new ASN\Primitive\BitString($this->x->unwrap()), + ); + $der = $asn->toDER(); + + $pem = "-----BEGIN PUBLIC KEY-----\n"; + $pem .= chunk_split(base64_encode($der), 64, "\n"); + $pem .= "-----END PUBLIC KEY-----"; + return $pem; + } +} From 9f7dc11fb2a4e52be735195df6c3ce7363bc7f04 Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:29:46 -0800 Subject: [PATCH 5/7] Add Ed448 support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add the fully-specified Ed448 algorithm identifier (COSE -53, RFC 9864 §2.2) and accept it in OKP key parsing alongside the polymorphic EdDSA identifier. Co-Authored-By: Claude Opus 4.5 --- src/COSE/Algorithm.php | 4 +++- src/PublicKey/OctetKeyPair.php | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/COSE/Algorithm.php b/src/COSE/Algorithm.php index d19da2e..ed4f1a8 100644 --- a/src/COSE/Algorithm.php +++ b/src/COSE/Algorithm.php @@ -19,6 +19,8 @@ enum Algorithm: int case EcdsaSha384 = -35; case EcdsaSha512 = -36; case EdDSA = -8; + // RFC 9864 §2.2: fully-specified Ed448 algorithm identifier + case Ed448 = -53; case Rs256 = -257; @@ -34,7 +36,7 @@ public function getOpenSslAlgorithm(): int // EdDSA (Ed25519/Ed448) uses PureEdDSA which performs hashing // internally. OpenSSL has no named constant for this; passing // 0 tells openssl_verify to skip external digest computation. - self::EdDSA => 0, + self::EdDSA, self::Ed448 => 0, }; } } diff --git a/src/PublicKey/OctetKeyPair.php b/src/PublicKey/OctetKeyPair.php index 8959663..702335f 100644 --- a/src/PublicKey/OctetKeyPair.php +++ b/src/PublicKey/OctetKeyPair.php @@ -54,7 +54,7 @@ public static function fromDecodedCbor(array $decoded): OctetKeyPair assert(array_key_exists(COSEKey::INDEX_ALGORITHM, $decoded)); $algorithm = COSE\Algorithm::from($decoded[COSEKey::INDEX_ALGORITHM]); - if ($algorithm !== COSE\Algorithm::EdDSA) { + if ($algorithm !== COSE\Algorithm::EdDSA && $algorithm !== COSE\Algorithm::Ed448) { throw new DomainException('Unsupported OKP algorithm: ' . $algorithm->value); } From a0aafe62f4937aae5d7718d4cc43cb1f2f6f11a8 Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:43:58 -0800 Subject: [PATCH 6/7] Add Ed448 support, fix PHPStan errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add the fully-specified Ed448 algorithm identifier (COSE -53, RFC 9864 §2.2) and accept it in OKP key parsing alongside the polymorphic EdDSA identifier. Assert decoded CBOR is array in COSEKey, resolving several baselined PHPStan errors. Add type-narrowing asserts in OctetKeyPair. Co-Authored-By: Claude Opus 4.5 --- phpstan-baseline.neon | 24 ------------------------ src/COSEKey.php | 1 + src/PublicKey/OctetKeyPair.php | 4 ++++ 3 files changed, 5 insertions(+), 24 deletions(-) diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 4df01f7..99b6b34 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -162,24 +162,6 @@ parameters: count: 1 path: src/BinaryString.php - - - message: '#^Cannot access offset 1 on mixed\.$#' - identifier: offsetAccess.nonOffsetAccessible - count: 1 - path: src/COSEKey.php - - - - message: '#^Parameter \#1 \$decoded of static method Firehed\\WebAuthn\\PublicKey\\EllipticCurve\:\:fromDecodedCbor\(\) expects array\, mixed given\.$#' - identifier: argument.type - count: 1 - path: src/COSEKey.php - - - - message: '#^Parameter \#1 \$decoded of static method Firehed\\WebAuthn\\PublicKey\\RSA\:\:fromDecodedCbor\(\) expects array\, mixed given\.$#' - identifier: argument.type - count: 1 - path: src/COSEKey.php - - message: '#^Parameter \#1 \$value of static method Firehed\\WebAuthn\\COSE\\Algorithm\:\:from\(\) expects int\|string, mixed given\.$#' identifier: argument.type @@ -192,12 +174,6 @@ parameters: count: 1 path: src/COSEKey.php - - - message: '#^Parameter \#2 \$array of function array_key_exists expects array, mixed given\.$#' - identifier: argument.type - count: 1 - path: src/COSEKey.php - - message: '#^PHPDoc tag @api has invalid value \(\(with the above caveats\)\)\: Unexpected token "the", expected ''\)'' at offset 518 on line 11$#' identifier: phpDoc.parseError diff --git a/src/COSEKey.php b/src/COSEKey.php index 06204a5..a8d7bc8 100644 --- a/src/COSEKey.php +++ b/src/COSEKey.php @@ -46,6 +46,7 @@ public function __construct(public readonly BinaryString $cbor) { $decoder = new Decoder(); $decodedCbor = $decoder->decode($cbor->unwrap()); + assert(is_array($decodedCbor)); // Note: these limitations may be lifted in the future $keyType = COSE\KeyType::from($decodedCbor[self::INDEX_KEY_TYPE]); diff --git a/src/PublicKey/OctetKeyPair.php b/src/PublicKey/OctetKeyPair.php index 702335f..0387d94 100644 --- a/src/PublicKey/OctetKeyPair.php +++ b/src/PublicKey/OctetKeyPair.php @@ -49,20 +49,24 @@ public static function fromDecodedCbor(array $decoded): OctetKeyPair { // Checked upstream, but re-verify assert(array_key_exists(COSEKey::INDEX_KEY_TYPE, $decoded)); + assert(is_int($decoded[COSEKey::INDEX_KEY_TYPE])); $type = COSE\KeyType::from($decoded[COSEKey::INDEX_KEY_TYPE]); assert($type === COSE\KeyType::OctetKeyPair); assert(array_key_exists(COSEKey::INDEX_ALGORITHM, $decoded)); + assert(is_int($decoded[COSEKey::INDEX_ALGORITHM])); $algorithm = COSE\Algorithm::from($decoded[COSEKey::INDEX_ALGORITHM]); if ($algorithm !== COSE\Algorithm::EdDSA && $algorithm !== COSE\Algorithm::Ed448) { throw new DomainException('Unsupported OKP algorithm: ' . $algorithm->value); } + assert(is_int($decoded[self::INDEX_CURVE])); $curve = COSE\Curve::from($decoded[self::INDEX_CURVE]); if (!isset(self::KEY_SIZES[$curve->value])) { throw new DomainException('Unsupported OKP curve: ' . $curve->value); } + assert(is_string($decoded[self::INDEX_X_COORDINATE])); $x = new BinaryString($decoded[self::INDEX_X_COORDINATE]); return new OctetKeyPair(curve: $curve, x: $x); From 7424138616cff7c6274ef62c7f9d204d862c1e57 Mon Sep 17 00:00:00 2001 From: Eric Stern Date: Mon, 2 Feb 2026 18:49:26 -0800 Subject: [PATCH 7/7] Update supported algorithms in README All ECDSA curves (ES256, ES384, ES512), EdDSA (Ed25519, Ed448), and RS256 are now fully supported. Remove stale footnotes referencing unofficial test vectors and missing algorithm support. Co-Authored-By: Claude Opus 4.5 --- README.md | 13 ++++++------- src/COSE/Algorithm.php | 1 - 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6f7945d..40b3ad5 100644 --- a/README.md +++ b/README.md @@ -695,10 +695,11 @@ There are additional notes in Best Practices / Data Handling around this. | Name | [IANA ID](https://www.iana.org/assignments/cose/cose.xhtml#algorithms) | Supported | Notes | | --- | --- | --- | --- | | `ES256` | `-7` | ✅ | | -| `EdDSA` | `-8` | ❌ | | -| `ES384` | `-35` | ❌ | [^alg-needs-tests] | -| `ES512` | `-36` | ❌ | [^alg-needs-tests] | -| `RS256` | `-257` | ✅⚠️ | [^ext-vec] | +| `EdDSA` | `-8` | ✅ | Ed25519 | +| `ES384` | `-35` | ✅ | | +| `ES512` | `-36` | ✅ | | +| `Ed448` | `-53` | ✅ | | +| `RS256` | `-257` | ✅ | | ## Supported Identifiers @@ -713,7 +714,7 @@ Due to an inability to generate responses with all formats, not all are supporte | `android-safetynet` | ❌ | 8.5 | SafetyNet attestation has been [deprecated](https://android-developers.googleblog.com/2024/09/attestation-format-change-for-android-fido2-api.html), so this library will not be adding support. | | `fido-u2f` | ✅ | 8.6 | YubiKeys and similar U2F stateless devices. | | `none` | ✅ | 8.7 | Used by Apple in Safari when using Passkeys (even when direct attestation is requested) | -| `apple` | ✅⚠️ [^ext-vec], [^limited-trust-path] | 8.8 | Apple no longer appears to use this format, instead providing non-attested credentials (fmt=none). | +| `apple` | ✅⚠️ [^limited-trust-path] | 8.8 | Apple no longer appears to use this format, instead providing non-attested credentials (fmt=none). | | `compound` | ❌ | 8.9 | This format only appears in the editor's draft of the spec and is not yet on the official registry. | By default, the `$registration->verify()` process will reject uncertain trust paths. @@ -749,6 +750,4 @@ General quickstart guide: Intro to passkeys: - https://developer.apple.com/videos/play/wwdc2021/10106/ -[^ext-vec]: Support is based on [unofficial test vectors](https://github.com/w3c/webauthn/issues/1633). [^limited-trust-path]: Handling of attestation trust path is limited. -[^alg-needs-tests]: This should be easy add support, but test vectors are needed diff --git a/src/COSE/Algorithm.php b/src/COSE/Algorithm.php index ed4f1a8..6bee1ea 100644 --- a/src/COSE/Algorithm.php +++ b/src/COSE/Algorithm.php @@ -19,7 +19,6 @@ enum Algorithm: int case EcdsaSha384 = -35; case EcdsaSha512 = -36; case EdDSA = -8; - // RFC 9864 §2.2: fully-specified Ed448 algorithm identifier case Ed448 = -53; case Rs256 = -257;