public void FinishAuthentication_InvalidSignatureData() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); var signatureBytes = signatureData.Signature.ToByteArray(); signatureBytes[0] ^= 0xFF; signatureData = new FidoSignatureData( signatureData.UserPresence, signatureData.Counter, new FidoSignature(signatureBytes)); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public ActionResult Login(string keyHandle) { var model = new LoginDeviceViewModel { KeyHandle = keyHandle }; try { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + keyHandle); return(View(model)); } var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration); model = new LoginDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(), UserName = GetCurrentUser() }; } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return(View(model)); }
public ActionResult Login(string keyHandle) { var model = new LoginDeviceViewModel { KeyHandle = keyHandle }; try { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == keyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + keyHandle); return View(model); } var startedRegistration = u2f.StartAuthentication(appId, deviceRegistration); model = new LoginDeviceViewModel { AppId = startedRegistration.AppId.ToString(), Challenge = startedRegistration.Challenge, KeyHandle = startedRegistration.KeyHandle.ToWebSafeBase64(), UserName = GetCurrentUser() }; } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return View(model); }
public AuthenticateDeviceModel GetAuthenticationModel(Device device) { var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); var authentication = u2F.StartAuthentication(AppId, deviceRegistration); var model = new AuthenticateDeviceModel { AppId = authentication.AppId.ToString(), Challenge = authentication.Challenge, KeyHandle = device.Identifier }; return(model); }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void StartAuthentication() { var randomChallenge = Encoding.Default.GetBytes("random challenge"); var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once); Assert.AreEqual(TestVectors.AppIdEnroll, startedAuthentication.AppId.ToString()); Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedAuthentication.Challenge)); Assert.AreEqual(deviceRegistration.KeyHandle, startedAuthentication.KeyHandle); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_CounterTooSmall() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); signatureData = new FidoSignatureData( signatureData.UserPresence, 0, signatureData.Signature); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void StartAuthentication() { var randomChallenge = Encoding.Default.GetBytes("random challenge"); var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(randomChallenge); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); mockGenerateChallenge.Verify(x => x.GenerateChallenge(), Times.Once); Assert.AreEqual(TestVectors.AppIdEnroll, startedAuthentication.AppId.ToString()); Assert.AreEqual(randomChallenge, WebSafeBase64Converter.FromBase64String(startedAuthentication.Challenge)); Assert.AreEqual(deviceRegistration.KeyHandle, startedAuthentication.KeyHandle); }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }