public void FinishAuthentication_InvalidSignatureData() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); var signatureBytes = signatureData.Signature.ToByteArray(); signatureBytes[0] ^= 0xFF; signatureData = new FidoSignatureData( signatureData.UserPresence, signatureData.Counter, new FidoSignature(signatureBytes)); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, FidoAuthenticateResponse authResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { authResponse.Validate(); var clientData = authResponse.ClientData; ExpectClientDataType(clientData, AuthenticateType); if (clientData.Challenge != startedAuthentication.Challenge) { throw new InvalidOperationException("Incorrect challenge signed in client data"); } ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin)); var signatureData = authResponse.SignatureData; VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration); deviceRegistration.UpdateCounter(signatureData.Counter); return(signatureData.Counter); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, string rawAuthResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse); return(FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds)); }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }