public bool CompleteRegistration(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(deviceResponse)) { return(false); } var user = _userRepository.FindUser(userName); if (user == null || user.AuthenticationRequest == null || user.AuthenticationRequest.Count == 0) { return(false); } RegisterResponse registerResponse = RegisterResponse.FromJson <RegisterResponse>(deviceResponse); // When the user is registration they should only ever have one auth request. AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(); StartedRegistration startedRegistration = new StartedRegistration(authenticationRequest.Challenge, authenticationRequest.AppId); DeviceRegistration registration = U2F.FinishRegistration(startedRegistration, registerResponse); _userRepository.RemoveUsersAuthenticationRequests(userName); _userRepository.AddDeviceRegistration(userName, registration.AttestationCert, registration.Counter, registration.KeyHandle, registration.PublicKey); return(true); }
public void U2F_StartRegistration() { var results = U2F.StartRegistration(TestConts.APP_ID_ENROLL); Assert.IsNotNull(results); Assert.IsNotNull(results.Challenge); Assert.IsNotNull(results.Version); Assert.AreEqual(results.AppId, TestConts.APP_ID_ENROLL); }
public void U2F_FinishRegistrationNoFacets() { StartedRegistration startedRegistration = new StartedRegistration(TestConts.SERVER_CHALLENGE_REGISTER_BASE64, TestConts.APP_ID_ENROLL); RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64); var results = U2F.FinishRegistration(startedRegistration, registerResponse); Assert.IsNotNull(results); Assert.IsNotNull(results.KeyHandle); Assert.IsNotNull(results.PublicKey); Assert.IsNotNull(results.GetAttestationCertificate()); }
public void U2F_StartAuthentication() { RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64); RawRegisterResponse rawAuthenticateResponse = RawRegisterResponse.FromBase64(registerResponse.RegistrationData); DeviceRegistration deviceRegistration = rawAuthenticateResponse.CreateDevice(); var results = U2F.StartAuthentication(TestConts.APP_ID_ENROLL, deviceRegistration); Assert.IsNotNull(results); Assert.IsNotNull(results.AppId); Assert.IsNotNull(results.Challenge); Assert.IsNotNull(results.KeyHandle); Assert.IsNotNull(results.Version); }
public List <ServerChallenge> GenerateServerChallenges(string userName) { if (string.IsNullOrWhiteSpace(userName)) { return(null); } User user = _userRepository.FindUser(userName); if (user == null) { return(null); } // We only want to generate challenges for un-compromised devices List <Device> device = user.DeviceRegistrations.Where(w => w.IsCompromised == false).ToList(); if (device.Count == 0) { return(null); } _userRepository.RemoveUsersAuthenticationRequests(userName); List <ServerChallenge> serverChallenges = new List <ServerChallenge>(); foreach (var registeredDevice in device) { DeviceRegistration registration = new DeviceRegistration(registeredDevice.KeyHandle, registeredDevice.PublicKey, registeredDevice.AttestationCert, Convert.ToUInt32(registeredDevice.Counter)); StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration); serverChallenges.Add(new ServerChallenge { appId = startedAuthentication.AppId, challenge = startedAuthentication.Challenge, keyHandle = startedAuthentication.KeyHandle, version = startedAuthentication.Version }); _userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge, startedAuthentication.KeyHandle); } return(serverChallenges); }
public ServerRegisterResponse GenerateServerChallenge(string username) { if (string.IsNullOrWhiteSpace(username)) { return(null); } StartedRegistration startedRegistration = U2F.StartRegistration(DemoAppId); _userRepository.SaveUserAuthenticationRequest(username, startedRegistration.AppId, startedRegistration.Challenge, startedRegistration.Version); return(new ServerRegisterResponse { AppId = startedRegistration.AppId, Challenge = startedRegistration.Challenge, Version = startedRegistration.Version }); }
public void U2F_FinishAuthentication() { StartedAuthentication startedAuthentication = new StartedAuthentication(TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL, TestConts.KEY_HANDLE_BASE64); AuthenticateResponse authenticateResponse = new AuthenticateResponse(TestConts.CLIENT_DATA_AUTHENTICATE_BASE64, TestConts.SIGN_RESPONSE_DATA_BASE64, TestConts.KEY_HANDLE_BASE64); RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64); RawRegisterResponse rawAuthenticateResponse = RawRegisterResponse.FromBase64(registerResponse.RegistrationData); DeviceRegistration deviceRegistration = rawAuthenticateResponse.CreateDevice(); uint orginalValue = deviceRegistration.Counter; U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration); Assert.IsTrue(deviceRegistration.Counter != 0); Assert.AreNotEqual(orginalValue, deviceRegistration.Counter); }
public ServerRegisterResponse GenerateServerRegistration(string userName, string password) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password)) { return(null); } StartedRegistration startedRegistration = U2F.StartRegistration(DemoAppId); string hashedPassword = HashPassword(password); _userRepository.AddUser(userName, hashedPassword); _userRepository.AddAuthenticationRequest(userName, startedRegistration.AppId, startedRegistration.Challenge, startedRegistration.Version); return(new ServerRegisterResponse { AppId = startedRegistration.AppId, Challenge = startedRegistration.Challenge, Version = startedRegistration.Version }); }
public static async Task AuthenticateAsync(IHidDevice hidDevice, DeviceRegistration deviceRegistration, string appId, string facet, bool checkOnly = false, CancellationToken?cancellationToken = null) { cancellationToken = cancellationToken ?? CancellationToken.None; if (hidDevice == null || !hidDevice.IsConnected) { throw new ArgumentException("Hid device not connected", nameof(hidDevice)); } using (var u2fHidDevice = await U2FHidDevice.OpenAsync(hidDevice)) { var startAuthentication = U2F.StartAuthentication(appId, deviceRegistration); Log.Debug("Touch token to authenticate"); var authenticateResponse = await WaitForTokenInputAsync(() => U2Fv2.AuthenticateAsync(u2fHidDevice, startAuthentication, facet, checkOnly), cancellationToken.Value).ConfigureAwait(false); U2F.FinishAuthentication(startAuthentication, authenticateResponse, deviceRegistration); Log.Debug("Authenticated"); } }
public static async Task <DeviceRegistration> RegisterAsync(IHidDevice hidDevice, string appId, string facet, CancellationToken?cancellationToken = null) { cancellationToken = cancellationToken ?? CancellationToken.None; if (hidDevice == null || !hidDevice.IsConnected) { throw new ArgumentException("Hid device not connected", nameof(hidDevice)); } using (var u2fHidDevice = await U2FHidDevice.OpenAsync(hidDevice)) { var startRegistration = U2F.StartRegistration(appId); Log.Debug("Touch token to register"); var registerResponse = await WaitForTokenInputAsync(() => U2Fv2.RegisterAsync(u2fHidDevice, startRegistration, facet), cancellationToken.Value); var deviceRegistration = U2F.FinishRegistration(startRegistration, registerResponse); Log.Debug("Registered"); return(deviceRegistration); } }
public void U2F_FinishAuthentication() { StartedAuthentication startedAuthentication = new StartedAuthentication( TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_SIGN_ID, TestConts.KEY_HANDLE_BASE64); AuthenticateResponse authenticateResponse = new AuthenticateResponse( TestConts.CLIENT_DATA_AUTHENTICATE_BASE64, TestConts.SIGN_RESPONSE_DATA_BASE64, TestConts.KEY_HANDLE_BASE64); DeviceRegistration deviceRegistration = new DeviceRegistration(TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX, Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0); uint orginalValue = deviceRegistration.Counter; U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration); Assert.IsTrue(deviceRegistration.Counter != 0); Assert.AreNotEqual(orginalValue, deviceRegistration.Counter); }
public ServerChallenge GenerateServerChallenge(string userName) { if (string.IsNullOrWhiteSpace(userName)) { return(null); } User user = _userRepository.FindUser(userName); if (user == null) { return(null); } // TODO this would have to change var device = user.DeviceRegistrations.FirstOrDefault(); if (device == null) { return(null); } DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter); StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration); _userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge, startedAuthentication.KeyHandle); return(new ServerChallenge { AppId = startedAuthentication.AppId, Challenge = startedAuthentication.Challenge, KeyHandle = startedAuthentication.KeyHandle, Version = startedAuthentication.Version }); }
public bool AuthenticateUser(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse)) { return(false); } User user = _userRepository.FindUser(userName); if (user == null) { return(false); } AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson <AuthenticateResponse>(deviceResponse); var device = user.DeviceRegistrations.FirstOrDefault(f => f.KeyHandle.SequenceEqual(Utils.Base64StringToByteArray(authenticateResponse.KeyHandle))); if (device == null || user.AuthenticationRequest == null) { return(false); } // User will have a authentication request for each device they have registered so get the one that matches the device key handle AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(f => f.KeyHandle.Equals(authenticateResponse.KeyHandle)); DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, Convert.ToUInt32(device.Counter)); StartedAuthentication authentication = new StartedAuthentication(authenticationRequest.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle); U2F.FinishAuthentication(authentication, authenticateResponse, registration); _userRepository.RemoveUsersAuthenticationRequests(user.Name); _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter); return(true); }
public bool AuthenticateUser(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse)) { return(false); } User user = _userRepository.FindUser(userName); if (user == null) { return(false); } AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson(deviceResponse); byte[] keyHandle = Base64StringToByteArray(authenticateResponse.KeyHandle); var device = user.DeviceRegistrations.FirstOrDefault(); if (device == null || user.AuthenticationRequest == null) { return(false); } DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter); StartedAuthentication authentication = new StartedAuthentication(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId, user.AuthenticationRequest.KeyHandle); U2F.FinishAuthentication(authentication, authenticateResponse, registration); _userRepository.RemoveUsersAuthenticationRequest(user.Name); _userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter); return(true); }
public bool CompleteRegistration(string userName, string deviceResponse) { if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse)) { return(false); } RegisterResponse registerResponse = RegisterResponse.FromJson(deviceResponse); var user = _userRepository.FindUser(userName); if (user == null || user.AuthenticationRequest == null) { return(false); } StartedRegistration startedRegistration = new StartedRegistration(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId); DeviceRegistration registration = U2F.FinishRegistration(startedRegistration, registerResponse); _userRepository.RemoveUsersAuthenticationRequest(userName); _userRepository.AddDeviceRegistration(userName, registration.AttestationCert, registration.Counter, registration.KeyHandle, registration.PublicKey); return(true); }