public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, FidoAuthenticateResponse authResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { authResponse.Validate(); var clientData = authResponse.ClientData; ExpectClientDataType(clientData, AuthenticateType); if (clientData.Challenge != startedAuthentication.Challenge) { throw new InvalidOperationException("Incorrect challenge signed in client data"); } ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin)); var signatureData = authResponse.SignatureData; VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration); deviceRegistration.UpdateCounter(signatureData.Counter); return(signatureData.Counter); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, string rawAuthResponse, FidoDeviceRegistration deviceRegistration, IEnumerable<FidoFacetId> trustedFacetIds) { var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse); return FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds); }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, string rawAuthResponse, FidoDeviceRegistration deviceRegistration, IEnumerable <FidoFacetId> trustedFacetIds) { var authResponse = FidoAuthenticateResponse.FromJson(rawAuthResponse); return(FinishAuthentication(startedAuthentication, authResponse, deviceRegistration, trustedFacetIds)); }
public static void AddDeviceRegistration(string deviceName, FidoDeviceRegistration deviceRegistration) { CurrentUser.Devices.Add(new Device { Name = deviceName, Identifier = deviceRegistration.KeyHandle.ToString(), Usage = 0, Data = deviceRegistration.ToJson() }); }
private static FidoDeviceRegistration CreateTestDeviceRegistration() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); return(deviceRegistration); }
public void Equals_DifferentPublicKey() { var registration1 = CreateTestDeviceRegistration(); var registration2 = new FidoDeviceRegistration( registration1.KeyHandle, new FidoPublicKey(Encoding.Default.GetBytes("different publickey")), registration1.Certificate, registration1.Counter); Assert.IsFalse(registration1.Equals(registration2)); }
public void Equals_DifferentCertificate() { var registration1 = CreateTestDeviceRegistration(); var registration2 = new FidoDeviceRegistration( registration1.KeyHandle, registration1.PublicKey, new FidoAttestationCertificate(Encoding.UTF8.GetBytes("different certificate")), registration1.Counter); Assert.IsFalse(registration1.Equals(registration2)); }
public void Equals_DifferentCertificate() { var registration1 = CreateTestDeviceRegistration(); var registration2 = new FidoDeviceRegistration( registration1.KeyHandle, registration1.PublicKey, new FidoAttestationCertificate(Encoding.UTF8.GetBytes("different certificate")), registration1.Counter); Assert.IsFalse(registration1.Equals(registration2)); }
public void Equals_DifferentKeyHandle() { var registration1 = CreateTestDeviceRegistration(); var registration2 = new FidoDeviceRegistration( new FidoKeyHandle(Encoding.Default.GetBytes("different keyhandle")), registration1.PublicKey, registration1.Certificate, registration1.Counter); Assert.IsFalse(registration1.Equals(registration2)); }
public void FromJson() { var deviceRegistration = FidoDeviceRegistration.FromJson("{\"Certificate\":\"Y2VydGlmaWNhdGU\",\"Counter\":12345,\"KeyHandle\":\"a2V5aGFuZGxl\",\"PublicKey\":\"cHVibGlja2V5\"}"); var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); Assert.AreEqual(12345, deviceRegistration.Counter); Assert.IsTrue(certificate.Equals(deviceRegistration.Certificate)); Assert.IsTrue(publicKey.Equals(deviceRegistration.PublicKey)); Assert.IsTrue(keyHandle.Equals(deviceRegistration.KeyHandle)); }
public AuthenticateDeviceModel GetAuthenticationModel(Device device) { var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); var authentication = u2F.StartAuthentication(AppId, deviceRegistration); var model = new AuthenticateDeviceModel { AppId = authentication.AppId.ToString(), Challenge = authentication.Challenge, KeyHandle = device.Identifier }; return(model); }
public FidoStartedAuthentication StartAuthentication(FidoAppId appId, FidoDeviceRegistration deviceRegistration) { if (appId == null) { throw new ArgumentNullException("appId"); } if (deviceRegistration == null) { throw new ArgumentNullException("deviceRegistration"); } var challenge = _generateFidoChallenge.GenerateChallenge(); return(new FidoStartedAuthentication(appId, WebSafeBase64Converter.ToBase64String(challenge), deviceRegistration.KeyHandle)); }
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData, FidoDeviceRegistration deviceRegistration) { if (appId == null) { throw new ArgumentNullException("appId"); } if (signatureData == null) { throw new ArgumentNullException("signatureData"); } if (clientData == null) { throw new ArgumentNullException("clientData"); } if (deviceRegistration == null) { throw new ArgumentNullException("deviceRegistration"); } if (String.IsNullOrEmpty(clientData.RawJsonValue)) { throw new InvalidOperationException("Client data has no JSON representation"); } var counterBytes = BitConverter.GetBytes(signatureData.Counter); if (BitConverter.IsLittleEndian) { Array.Reverse(counterBytes); } var signedBytes = PackBytes( Helpers.Sha256(appId.ToString()), new [] { signatureData.UserPresence }, counterBytes, Helpers.Sha256(clientData.RawJsonValue)); VerifySignature(deviceRegistration, signatureData.Signature, signedBytes); if (signatureData.UserPresence != UserPresentFlag) { throw new InvalidOperationException("User presence invalid during authentication"); } }
public void ToJson() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); var serialized = deviceRegistration.ToJson(); var jsonObject = JObject.Parse(serialized); var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant(), x => x.Value.ToString()); Assert.AreEqual("Y2VydGlmaWNhdGU", properties["certificate"].Single()); Assert.AreEqual("12345", properties["counter"].Single()); Assert.AreEqual("a2V5aGFuZGxl", properties["keyhandle"].Single()); Assert.AreEqual("cHVibGlja2V5", properties["publickey"].Single()); }
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model) { if (App.CurrentUser == null) { return(BadRequest(new { error = "You must login.", code = 401 })); } if (model == null || string.IsNullOrEmpty(model.KeyHandle)) { return(BadRequest(new { error = "Invalid device id.", code = 400 })); } var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle)); if (device == null) { return(BadRequest(new { error = "Device not found.", code = 400 })); } var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); if (deviceRegistration == null) { return(BadRequest(new { error = "Unknown key handle.", code = 400 })); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var facetIds = new List <FidoFacetId> { new FidoFacetId(AppId.ToString()) }; var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds); deviceRegistration.Counter = counter; device.Usage++; return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") })); }
private void VerifySignature(FidoDeviceRegistration deviceRegistration, FidoSignature signature, byte[] signedBytes) { try { var certPublicKey = deviceRegistration.PublicKey.PublicKey; var signer = SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(false, certPublicKey); signer.BlockUpdate(signedBytes, 0, signedBytes.Length); if (signer.VerifySignature(signature.ToByteArray())) { throw new InvalidOperationException("Invalid signature"); } } catch { throw new InvalidOperationException("Invalid signature"); } }
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication, FidoAuthenticateResponse authResponse, FidoDeviceRegistration deviceRegistration, IEnumerable<FidoFacetId> trustedFacetIds) { authResponse.Validate(); var clientData = authResponse.ClientData; ExpectClientDataType(clientData, AuthenticateType); if (clientData.Challenge != startedAuthentication.Challenge) throw new InvalidOperationException("Incorrect challenge signed in client data"); ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin)); var signatureData = authResponse.SignatureData; VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration); deviceRegistration.UpdateCounter(signatureData.Counter); return signatureData.Counter; }
public void StoreDeviceRegistration(string userName, FidoDeviceRegistration deviceRegistration) { DeviceRegistrations.Add(deviceRegistration); }
public void StoreDeviceRegistration(string userName, FidoDeviceRegistration deviceRegistration) { DeviceRegistrations.Add(deviceRegistration); }
public FidoStartedAuthentication StartAuthentication(FidoAppId appId, FidoDeviceRegistration deviceRegistration) { if (appId == null) throw new ArgumentNullException("appId"); if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration"); var challenge = _generateFidoChallenge.GenerateChallenge(); return new FidoStartedAuthentication(appId, WebSafeBase64Converter.ToBase64String(challenge), deviceRegistration.KeyHandle); }
private static FidoDeviceRegistration CreateTestDeviceRegistration() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); return deviceRegistration; }
public void ToJson() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); var serialized = deviceRegistration.ToJson(); var jsonObject = JObject.Parse(serialized); var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant(), x => x.Value.ToString()); Assert.AreEqual("Y2VydGlmaWNhdGU", properties["certificate"].Single()); Assert.AreEqual("12345", properties["counter"].Single()); Assert.AreEqual("a2V5aGFuZGxl", properties["keyhandle"].Single()); Assert.AreEqual("cHVibGlja2V5", properties["publickey"].Single()); }
private void VerifyAuthSignature(FidoAppId appId, FidoSignatureData signatureData, FidoClientData clientData, FidoDeviceRegistration deviceRegistration) { if (appId == null) throw new ArgumentNullException("appId"); if (signatureData == null) throw new ArgumentNullException("signatureData"); if (clientData == null) throw new ArgumentNullException("clientData"); if (deviceRegistration == null) throw new ArgumentNullException("deviceRegistration"); if (String.IsNullOrEmpty(clientData.RawJsonValue)) throw new InvalidOperationException("Client data has no JSON representation"); var counterBytes = BitConverter.GetBytes(signatureData.Counter); if (BitConverter.IsLittleEndian) Array.Reverse(counterBytes); var signedBytes = PackBytes( Helpers.Sha256(appId.ToString()), new [] { signatureData.UserPresence }, counterBytes, Helpers.Sha256(clientData.RawJsonValue)); VerifySignature(deviceRegistration, signatureData.Signature, signedBytes); if (signatureData.UserPresence != UserPresentFlag) throw new InvalidOperationException("User presence invalid during authentication"); }
private void VerifySignature(FidoDeviceRegistration deviceRegistration, FidoSignature signature, byte[] signedBytes) { try { var certPublicKey = deviceRegistration.PublicKey.PublicKey; var signer = SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(false, certPublicKey); signer.BlockUpdate(signedBytes, 0, signedBytes.Length); if (signer.VerifySignature(signature.ToByteArray())) throw new InvalidOperationException("Invalid signature"); } catch { throw new InvalidOperationException("Invalid signature"); } }