public void FinishAuthentication_CounterTooSmall()
        {
            var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
            mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));

            var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);

            var deviceRegistration = CreateTestDeviceRegistration();
            var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);

            var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64);
            signatureData = new FidoSignatureData(
                signatureData.UserPresence,
                0,
                signatureData.Signature);

            var authenticateResponse = new FidoAuthenticateResponse(
                FidoClientData.FromJson(TestVectors.ClientDataAuth),
                signatureData,
                FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));

            Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
        }
Ejemplo n.º 2
0
        private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData, 
			FidoDeviceRegistration deviceRegistration)
        {
            if (appId == null) throw new ArgumentNullException("appId");
            if (signatureData == null) throw new ArgumentNullException("signatureData");
            if (clientData == null) throw new ArgumentNullException("clientData");
            if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration");

            if (String.IsNullOrEmpty(clientData.RawJsonValue))
                throw new InvalidOperationException("Client data has no JSON representation");

            var counterBytes = BitConverter.GetBytes(signatureData.Counter);
            if (BitConverter.IsLittleEndian)
                Array.Reverse(counterBytes);

            var signedBytes = PackBytes(
                Helpers.Sha256(appId.ToString()),
                new [] { signatureData.UserPresence },
                counterBytes,
                Helpers.Sha256(clientData.RawJsonValue));

            VerifySignature(deviceRegistration, signatureData.Signature, signedBytes);

            if (signatureData.UserPresence != UserPresentFlag)
                throw new InvalidOperationException("User presence invalid during authentication");
        }
 public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
 {
     ClientData = clientData;
     SignatureData = signatureData;
     KeyHandle = keyHandle;
 }
 public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle)
 {
     ClientData    = clientData;
     SignatureData = signatureData;
     KeyHandle     = keyHandle;
 }