public void FinishAuthentication_CounterTooSmall()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64);
signatureData = new FidoSignatureData(
signatureData.UserPresence,
0,
signatureData.Signature);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
signatureData,
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData,
FidoDeviceRegistration deviceRegistration)
{
if (appId == null) throw new ArgumentNullException("appId");
if (signatureData == null) throw new ArgumentNullException("signatureData");
if (clientData == null) throw new ArgumentNullException("clientData");
if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration");
if (String.IsNullOrEmpty(clientData.RawJsonValue))
throw new InvalidOperationException("Client data has no JSON representation");
var counterBytes = BitConverter.GetBytes(signatureData.Counter);
if (BitConverter.IsLittleEndian)
Array.Reverse(counterBytes);
var signedBytes = PackBytes(
Helpers.Sha256(appId.ToString()),
new [] { signatureData.UserPresence },
counterBytes,
Helpers.Sha256(clientData.RawJsonValue));
VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);
if (signatureData.UserPresence != UserPresentFlag)
throw new InvalidOperationException("User presence invalid during authentication");
}
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
{
ClientData = clientData;
SignatureData = signatureData;
KeyHandle = keyHandle;
}
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
{
ClientData = clientData;
SignatureData = signatureData;
KeyHandle = keyHandle;
}