public bool CompleteRegistration(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(deviceResponse))
{
return(false);
}
var user = _userRepository.FindUser(userName);
if (user == null ||
user.AuthenticationRequest == null ||
user.AuthenticationRequest.Count == 0)
{
return(false);
}
RegisterResponse registerResponse = RegisterResponse.FromJson <RegisterResponse>(deviceResponse);
// When the user is registration they should only ever have one auth request.
AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First();
StartedRegistration startedRegistration = new StartedRegistration(authenticationRequest.Challenge, authenticationRequest.AppId);
DeviceRegistration registration = U2F.FinishRegistration(startedRegistration, registerResponse);
_userRepository.RemoveUsersAuthenticationRequests(userName);
_userRepository.AddDeviceRegistration(userName, registration.AttestationCert, registration.Counter, registration.KeyHandle, registration.PublicKey);
return(true);
}
public void U2F_StartRegistration()
{
var results = U2F.StartRegistration(TestConts.APP_ID_ENROLL);
Assert.IsNotNull(results);
Assert.IsNotNull(results.Challenge);
Assert.IsNotNull(results.Version);
Assert.AreEqual(results.AppId, TestConts.APP_ID_ENROLL);
}
public void U2F_FinishRegistrationNoFacets()
{
StartedRegistration startedRegistration = new StartedRegistration(TestConts.SERVER_CHALLENGE_REGISTER_BASE64, TestConts.APP_ID_ENROLL);
RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64);
var results = U2F.FinishRegistration(startedRegistration, registerResponse);
Assert.IsNotNull(results);
Assert.IsNotNull(results.KeyHandle);
Assert.IsNotNull(results.PublicKey);
Assert.IsNotNull(results.GetAttestationCertificate());
}
public void U2F_StartAuthentication()
{
RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64);
RawRegisterResponse rawAuthenticateResponse = RawRegisterResponse.FromBase64(registerResponse.RegistrationData);
DeviceRegistration deviceRegistration = rawAuthenticateResponse.CreateDevice();
var results = U2F.StartAuthentication(TestConts.APP_ID_ENROLL, deviceRegistration);
Assert.IsNotNull(results);
Assert.IsNotNull(results.AppId);
Assert.IsNotNull(results.Challenge);
Assert.IsNotNull(results.KeyHandle);
Assert.IsNotNull(results.Version);
}
public List <ServerChallenge> GenerateServerChallenges(string userName)
{
if (string.IsNullOrWhiteSpace(userName))
{
return(null);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(null);
}
// We only want to generate challenges for un-compromised devices
List <Device> device = user.DeviceRegistrations.Where(w => w.IsCompromised == false).ToList();
if (device.Count == 0)
{
return(null);
}
_userRepository.RemoveUsersAuthenticationRequests(userName);
List <ServerChallenge> serverChallenges = new List <ServerChallenge>();
foreach (var registeredDevice in device)
{
DeviceRegistration registration = new DeviceRegistration(registeredDevice.KeyHandle, registeredDevice.PublicKey, registeredDevice.AttestationCert, Convert.ToUInt32(registeredDevice.Counter));
StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration);
serverChallenges.Add(new ServerChallenge
{
appId = startedAuthentication.AppId,
challenge = startedAuthentication.Challenge,
keyHandle = startedAuthentication.KeyHandle,
version = startedAuthentication.Version
});
_userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge,
startedAuthentication.KeyHandle);
}
return(serverChallenges);
}
public ServerRegisterResponse GenerateServerChallenge(string username)
{
if (string.IsNullOrWhiteSpace(username))
{
return(null);
}
StartedRegistration startedRegistration = U2F.StartRegistration(DemoAppId);
_userRepository.SaveUserAuthenticationRequest(username, startedRegistration.AppId, startedRegistration.Challenge, startedRegistration.Version);
return(new ServerRegisterResponse
{
AppId = startedRegistration.AppId,
Challenge = startedRegistration.Challenge,
Version = startedRegistration.Version
});
}
public void U2F_FinishAuthentication()
{
StartedAuthentication startedAuthentication =
new StartedAuthentication(TestConts.SERVER_CHALLENGE_SIGN_BASE64, TestConts.APP_ID_ENROLL,
TestConts.KEY_HANDLE_BASE64);
AuthenticateResponse authenticateResponse = new AuthenticateResponse(TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
TestConts.SIGN_RESPONSE_DATA_BASE64,
TestConts.KEY_HANDLE_BASE64);
RegisterResponse registerResponse = new RegisterResponse(TestConts.REGISTRATION_RESPONSE_DATA_BASE64, TestConts.CLIENT_DATA_REGISTER_BASE64);
RawRegisterResponse rawAuthenticateResponse = RawRegisterResponse.FromBase64(registerResponse.RegistrationData);
DeviceRegistration deviceRegistration = rawAuthenticateResponse.CreateDevice();
uint orginalValue = deviceRegistration.Counter;
U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration);
Assert.IsTrue(deviceRegistration.Counter != 0);
Assert.AreNotEqual(orginalValue, deviceRegistration.Counter);
}
public ServerRegisterResponse GenerateServerRegistration(string userName, string password)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password))
{
return(null);
}
StartedRegistration startedRegistration = U2F.StartRegistration(DemoAppId);
string hashedPassword = HashPassword(password);
_userRepository.AddUser(userName, hashedPassword);
_userRepository.AddAuthenticationRequest(userName, startedRegistration.AppId, startedRegistration.Challenge, startedRegistration.Version);
return(new ServerRegisterResponse
{
AppId = startedRegistration.AppId,
Challenge = startedRegistration.Challenge,
Version = startedRegistration.Version
});
}
public static async Task AuthenticateAsync(IHidDevice hidDevice, DeviceRegistration deviceRegistration, string appId, string facet, bool checkOnly = false, CancellationToken?cancellationToken = null)
{
cancellationToken = cancellationToken ?? CancellationToken.None;
if (hidDevice == null || !hidDevice.IsConnected)
{
throw new ArgumentException("Hid device not connected", nameof(hidDevice));
}
using (var u2fHidDevice = await U2FHidDevice.OpenAsync(hidDevice))
{
var startAuthentication = U2F.StartAuthentication(appId, deviceRegistration);
Log.Debug("Touch token to authenticate");
var authenticateResponse = await WaitForTokenInputAsync(() => U2Fv2.AuthenticateAsync(u2fHidDevice, startAuthentication, facet, checkOnly), cancellationToken.Value).ConfigureAwait(false);
U2F.FinishAuthentication(startAuthentication, authenticateResponse, deviceRegistration);
Log.Debug("Authenticated");
}
}
public static async Task <DeviceRegistration> RegisterAsync(IHidDevice hidDevice, string appId, string facet, CancellationToken?cancellationToken = null)
{
cancellationToken = cancellationToken ?? CancellationToken.None;
if (hidDevice == null || !hidDevice.IsConnected)
{
throw new ArgumentException("Hid device not connected", nameof(hidDevice));
}
using (var u2fHidDevice = await U2FHidDevice.OpenAsync(hidDevice))
{
var startRegistration = U2F.StartRegistration(appId);
Log.Debug("Touch token to register");
var registerResponse = await WaitForTokenInputAsync(() => U2Fv2.RegisterAsync(u2fHidDevice, startRegistration, facet), cancellationToken.Value);
var deviceRegistration = U2F.FinishRegistration(startRegistration, registerResponse);
Log.Debug("Registered");
return(deviceRegistration);
}
}
public void U2F_FinishAuthentication()
{
StartedAuthentication startedAuthentication = new StartedAuthentication(
TestConts.SERVER_CHALLENGE_SIGN_BASE64,
TestConts.APP_SIGN_ID,
TestConts.KEY_HANDLE_BASE64);
AuthenticateResponse authenticateResponse = new AuthenticateResponse(
TestConts.CLIENT_DATA_AUTHENTICATE_BASE64,
TestConts.SIGN_RESPONSE_DATA_BASE64,
TestConts.KEY_HANDLE_BASE64);
DeviceRegistration deviceRegistration = new DeviceRegistration(TestConts.KEY_HANDLE_BASE64_BYTE, TestConts.USER_PUBLIC_KEY_AUTHENTICATE_HEX,
Utils.Base64StringToByteArray(TestConts.ATTESTATION_CERTIFICATE), 0);
uint orginalValue = deviceRegistration.Counter;
U2F.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration);
Assert.IsTrue(deviceRegistration.Counter != 0);
Assert.AreNotEqual(orginalValue, deviceRegistration.Counter);
}
public ServerChallenge GenerateServerChallenge(string userName)
{
if (string.IsNullOrWhiteSpace(userName))
{
return(null);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(null);
}
// TODO this would have to change
var device = user.DeviceRegistrations.FirstOrDefault();
if (device == null)
{
return(null);
}
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter);
StartedAuthentication startedAuthentication = U2F.StartAuthentication(DemoAppId, registration);
_userRepository.SaveUserAuthenticationRequest(userName, startedAuthentication.AppId, startedAuthentication.Challenge,
startedAuthentication.KeyHandle);
return(new ServerChallenge
{
AppId = startedAuthentication.AppId,
Challenge = startedAuthentication.Challenge,
KeyHandle = startedAuthentication.KeyHandle,
Version = startedAuthentication.Version
});
}
public bool AuthenticateUser(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
{
return(false);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(false);
}
AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson <AuthenticateResponse>(deviceResponse);
var device = user.DeviceRegistrations.FirstOrDefault(f => f.KeyHandle.SequenceEqual(Utils.Base64StringToByteArray(authenticateResponse.KeyHandle)));
if (device == null || user.AuthenticationRequest == null)
{
return(false);
}
// User will have a authentication request for each device they have registered so get the one that matches the device key handle
AuthenticationRequest authenticationRequest = user.AuthenticationRequest.First(f => f.KeyHandle.Equals(authenticateResponse.KeyHandle));
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, Convert.ToUInt32(device.Counter));
StartedAuthentication authentication = new StartedAuthentication(authenticationRequest.Challenge, authenticationRequest.AppId, authenticationRequest.KeyHandle);
U2F.FinishAuthentication(authentication, authenticateResponse, registration);
_userRepository.RemoveUsersAuthenticationRequests(user.Name);
_userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);
return(true);
}
public bool AuthenticateUser(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
{
return(false);
}
User user = _userRepository.FindUser(userName);
if (user == null)
{
return(false);
}
AuthenticateResponse authenticateResponse = AuthenticateResponse.FromJson(deviceResponse);
byte[] keyHandle = Base64StringToByteArray(authenticateResponse.KeyHandle);
var device = user.DeviceRegistrations.FirstOrDefault();
if (device == null || user.AuthenticationRequest == null)
{
return(false);
}
DeviceRegistration registration = new DeviceRegistration(device.KeyHandle, device.PublicKey, device.AttestationCert, device.Counter);
StartedAuthentication authentication = new StartedAuthentication(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId, user.AuthenticationRequest.KeyHandle);
U2F.FinishAuthentication(authentication, authenticateResponse, registration);
_userRepository.RemoveUsersAuthenticationRequest(user.Name);
_userRepository.UpdateDeviceCounter(user.Name, device.PublicKey, registration.Counter);
return(true);
}
public bool CompleteRegistration(string userName, string deviceResponse)
{
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(deviceResponse))
{
return(false);
}
RegisterResponse registerResponse = RegisterResponse.FromJson(deviceResponse);
var user = _userRepository.FindUser(userName);
if (user == null || user.AuthenticationRequest == null)
{
return(false);
}
StartedRegistration startedRegistration = new StartedRegistration(user.AuthenticationRequest.Challenge, user.AuthenticationRequest.AppId);
DeviceRegistration registration = U2F.FinishRegistration(startedRegistration, registerResponse);
_userRepository.RemoveUsersAuthenticationRequest(userName);
_userRepository.AddDeviceRegistration(userName, registration.AttestationCert, registration.Counter, registration.KeyHandle, registration.PublicKey);
return(true);
}
