Example #1
0
        private void VerifyAssert(ReadOnlySpan <byte> authData, ReadOnlySpan <byte> signature, FidoExtensions extensions)
        {
            byte[] keyBytes = null;
            using (var fin = new StreamReader(File.OpenRead(PublicKey))) {
                var reader = new PemReader(fin);
                if (Type == KeyType.ECDSA)
                {
                    ECPublicKeyParameters parameters = (ECPublicKeyParameters)reader.ReadObject();
                    var x = parameters.Q.XCoord.ToBigInteger().ToByteArray();
                    var y = parameters.Q.YCoord.ToBigInteger().ToByteArray();
                    keyBytes = new byte[64];

                    // Why?  There seems to be an extra byte at the beginning sometimes
                    Array.Copy(x, x.Length - 32, keyBytes, 0, 32);
                    Array.Copy(y, y.Length - 32, keyBytes, 32, 32);
                }
                else if (Type == KeyType.RSA)
                {
                    RsaKeyParameters parameters = (RsaKeyParameters)reader.ReadObject();
                    var mod = parameters.Modulus.ToByteArray();
                    var e   = parameters.Exponent.ToByteArray();
                    keyBytes = new byte[mod.Length + e.Length];
                    mod.CopyTo(keyBytes, 0);
                    e.CopyTo(keyBytes, mod.Length);
                }
                else if (Type == KeyType.EDDSA)
                {
                    throw new NotSupportedException("Original example includes this but not sure why, it doesn't seem supported");
                }
                else
                {
                    throw new NotSupportedException("Unsupported key type");
                }
            }

            using (var assert = new FidoAssertion()) {
                assert.SetClientData(Cd);
                assert.Rp    = "localhost";
                assert.Count = 1;
                assert.SetAuthData(authData, 0);
                assert.SetExtensions(extensions);
                if (UserPresenceRequired)
                {
                    assert.SetUserPresenceRequired(true);
                }

                if (UserVerificationRequired)
                {
                    assert.SetUserVerificationRequired(true);
                }

                assert.SetSignature(signature, 0);
                assert.Verify(0, FromKeyType(Type), keyBytes);
            }
        }
Example #2
0
        private void OnExecute()
        {
            Fido2Settings.Flags = FidoFlags.Debug;
            var ext = FidoExtensions.None;

            if (HMACSalt != null)
            {
                ext |= FidoExtensions.HmacSecret;
            }
            if (BlobKey != null)
            {
                ext |= FidoExtensions.LargeBlobKey;
            }

            using (var assert = new FidoAssertion()) {
                using (var dev = new FidoDevice()) {
                    dev.Open(Device);
                    if (ForceU2F)
                    {
                        dev.ForceU2F();
                    }

                    assert.SetClientData(Cd);
                    assert.Rp = "localhost";
                    assert.SetExtensions(ext);
                    if (UserPresenceRequired)
                    {
                        assert.SetUserPresenceRequired(true);
                    }

                    if (UserVerificationRequired)
                    {
                        assert.SetUserVerificationRequired(true);
                    }

                    if (Timeout != 0)
                    {
                        dev.SetTimeout(TimeSpan.FromSeconds(Timeout));
                    }

                    if (CredentialId != null)
                    {
                        var credId = File.ReadAllBytes(CredentialId);
                        assert.AllowCredential(credId);
                    }

                    dev.GetAssert(assert, Pin);
                    dev.Close();
                }

                if (assert.Count != 1)
                {
                    throw new Exception($"{assert.Count} signatures required");
                }

                if (Pin != null)
                {
                    UserVerificationRequired = true;
                }

                VerifyAssert(assert[0].AuthData, assert[0].Signature, ext);

                if (HMACSecret != null)
                {
                    File.WriteAllBytes(HMACSecret, assert[0].HmacSecret.ToArray());
                }
            }
        }