public async Task <SignResponse> Sign(ICollection <SignRequest> requests,
CancellationToken cancellationToken = default(CancellationToken))
{
var appIds = requests.Select(r => r.AppId).Distinct().ToList();
await CheckOriginAndAppIdsAsync(appIds, cancellationToken);
var signInfos = requests.Select(GenerateSignInfo).ToDictionary(s => s.KeySignRequest);
var keyRequests = signInfos.Keys.ToList();
var result = await keyOperations.Sign(keyRequests, cancellationToken);
if (!result.IsSuccess)
{
return(null);
}
var signInfo = signInfos[result.Request];
return(new SignResponse(
WebSafeBase64Converter.ToBase64String(signInfo.ClientDataBase64),
WebSafeBase64Converter.ToBase64String(RawMessageCodec.EncodeKeySignResponse(result.Response)),
signInfo.SignRequest.Challenge,
signInfo.SignRequest.SessionId,
signInfo.SignRequest.AppId));
}
public virtual void TestEncodeAuthenticateResponse()
{
var authenticateResponse = new KeySignResponse(UserPresenceVerifierConstants.UserPresentFlag,
COUNTER_VALUE, SIGNATURE_AUTHENTICATE);
var encodedBytes = RawMessageCodec.EncodeKeySignResponse(authenticateResponse);
CollectionAssert.AreEqual(SIGN_RESPONSE_DATA, encodedBytes);
}
public Task <KeyResponse <KeySignResponse> > SignAsync(KeySignRequest request, CancellationToken cancellationToken = new CancellationToken(),
bool noWink = false)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
log.Info(">> authenticate");
var applicationSha256 = request.ApplicationSha256;
var challengeSha256 = request.ChallengeSha256;
var keyHandle = request.KeyHandle;
log.Info(" -- Inputs --");
log.Info(" applicationSha256: " + applicationSha256.ToHexString());
log.Info(" challengeSha256: " + challengeSha256.ToHexString());
log.Info(" keyHandle: " + keyHandle.ToHexString());
var keyPair = dataStore.GetKeyPair(keyHandle);
var counter = dataStore.IncrementCounter();
var userPresent = userPresenceVerifier.VerifyUserPresence();
if ((userPresent & UserPresenceVerifierConstants.UserPresentFlag) == 0)
{
return(TestOfUserPresenceRequired <KeySignResponse>());
}
var signedData = RawMessageCodec.EncodeKeySignSignedBytes(applicationSha256, userPresent, counter,
challengeSha256);
log.Info("Signing bytes " + signedData.ToHexString());
var signature = crypto.Sign(signedData, keyPair.PrivateKey);
log.Info(" -- Outputs --");
log.Info(" userPresence: " + userPresent);
log.Info(" counter: " + counter);
log.Info(" signature: " + signature.ToHexString());
log.Info("<< authenticate");
var response = new KeySignResponse(userPresent, counter, signature);
var responseData = RawMessageCodec.EncodeKeySignResponse(response).Segment();
var apdu = new ApduResponse(ApduResponseStatus.NoError, responseData);
var keyResponse = new KeyResponse <KeySignResponse>(apdu, response, KeyResponseStatus.Success);
return(TaskEx.FromResult(keyResponse));
}
public void Authenticate(string origin, string accountName)
{
// the key can be used to sign any of the requests - we're gonna sign the first one.
var signRequest = server.GetSignRequests(accountName, origin)[0];
if (!signRequest.Version.Equals(U2FConsts.U2Fv2))
{
throw new U2FException($"Unsupported protocol version: {signRequest.Version}");
}
appIdVerifier.ValidateOrigin(signRequest.AppId, origin);
var channelIdJson = channelIdProvider.GetJsonChannelId();
string clientData;
var authenticateRequest = SignRequestToAuthenticateRequest(origin, signRequest, channelIdJson, out clientData, crypto);
var authenticateResponse = key.Authenticate(authenticateRequest);
var rawAuthenticateResponse = RawMessageCodec.EncodeKeySignResponse(authenticateResponse);
var rawAuthenticateResponse64 = WebSafeBase64Converter.ToBase64String(rawAuthenticateResponse);
var clientDataBase64 = WebSafeBase64Converter.ToBase64String(Encoding.UTF8.GetBytes(clientData));
server.ProcessSignResponse(new SignResponse(clientDataBase64, rawAuthenticateResponse64,
signRequest.Challenge, signRequest.SessionId, signRequest.AppId));
}