Exemple #1
0
        public async Task <SignResponse> Sign(ICollection <SignRequest> requests,
                                              CancellationToken cancellationToken = default(CancellationToken))
        {
            var appIds = requests.Select(r => r.AppId).Distinct().ToList();

            await CheckOriginAndAppIdsAsync(appIds, cancellationToken);

            var signInfos   = requests.Select(GenerateSignInfo).ToDictionary(s => s.KeySignRequest);
            var keyRequests = signInfos.Keys.ToList();
            var result      = await keyOperations.Sign(keyRequests, cancellationToken);

            if (!result.IsSuccess)
            {
                return(null);
            }

            var signInfo = signInfos[result.Request];

            return(new SignResponse(
                       WebSafeBase64Converter.ToBase64String(signInfo.ClientDataBase64),
                       WebSafeBase64Converter.ToBase64String(RawMessageCodec.EncodeKeySignResponse(result.Response)),
                       signInfo.SignRequest.Challenge,
                       signInfo.SignRequest.SessionId,
                       signInfo.SignRequest.AppId));
        }
        public virtual void TestEncodeAuthenticateResponse()
        {
            var authenticateResponse = new KeySignResponse(UserPresenceVerifierConstants.UserPresentFlag,
                                                           COUNTER_VALUE, SIGNATURE_AUTHENTICATE);
            var encodedBytes = RawMessageCodec.EncodeKeySignResponse(authenticateResponse);

            CollectionAssert.AreEqual(SIGN_RESPONSE_DATA, encodedBytes);
        }
Exemple #3
0
        public Task <KeyResponse <KeySignResponse> > SignAsync(KeySignRequest request, CancellationToken cancellationToken = new CancellationToken(),
                                                               bool noWink = false)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            log.Info(">> authenticate");

            var applicationSha256 = request.ApplicationSha256;
            var challengeSha256   = request.ChallengeSha256;
            var keyHandle         = request.KeyHandle;

            log.Info(" -- Inputs --");
            log.Info("  applicationSha256: " + applicationSha256.ToHexString());
            log.Info("  challengeSha256: " + challengeSha256.ToHexString());
            log.Info("  keyHandle: " + keyHandle.ToHexString());

            var keyPair     = dataStore.GetKeyPair(keyHandle);
            var counter     = dataStore.IncrementCounter();
            var userPresent = userPresenceVerifier.VerifyUserPresence();

            if ((userPresent & UserPresenceVerifierConstants.UserPresentFlag) == 0)
            {
                return(TestOfUserPresenceRequired <KeySignResponse>());
            }

            var signedData = RawMessageCodec.EncodeKeySignSignedBytes(applicationSha256, userPresent, counter,
                                                                      challengeSha256);

            log.Info("Signing bytes " + signedData.ToHexString());
            var signature = crypto.Sign(signedData, keyPair.PrivateKey);

            log.Info(" -- Outputs --");
            log.Info("  userPresence: " + userPresent);
            log.Info("  counter: " + counter);
            log.Info("  signature: " + signature.ToHexString());
            log.Info("<< authenticate");

            var response     = new KeySignResponse(userPresent, counter, signature);
            var responseData = RawMessageCodec.EncodeKeySignResponse(response).Segment();
            var apdu         = new ApduResponse(ApduResponseStatus.NoError, responseData);
            var keyResponse  = new KeyResponse <KeySignResponse>(apdu, response, KeyResponseStatus.Success);

            return(TaskEx.FromResult(keyResponse));
        }
        public void Authenticate(string origin, string accountName)
        {
            // the key can be used to sign any of the requests - we're gonna sign the first one.
            var signRequest = server.GetSignRequests(accountName, origin)[0];

            if (!signRequest.Version.Equals(U2FConsts.U2Fv2))
            {
                throw new U2FException($"Unsupported protocol version: {signRequest.Version}");
            }
            appIdVerifier.ValidateOrigin(signRequest.AppId, origin);
            var    channelIdJson = channelIdProvider.GetJsonChannelId();
            string clientData;
            var    authenticateRequest = SignRequestToAuthenticateRequest(origin, signRequest, channelIdJson, out clientData, crypto);

            var authenticateResponse      = key.Authenticate(authenticateRequest);
            var rawAuthenticateResponse   = RawMessageCodec.EncodeKeySignResponse(authenticateResponse);
            var rawAuthenticateResponse64 = WebSafeBase64Converter.ToBase64String(rawAuthenticateResponse);
            var clientDataBase64          = WebSafeBase64Converter.ToBase64String(Encoding.UTF8.GetBytes(clientData));

            server.ProcessSignResponse(new SignResponse(clientDataBase64, rawAuthenticateResponse64,
                                                        signRequest.Challenge, signRequest.SessionId, signRequest.AppId));
        }