public static bool Verify(string rpid, byte[] clientDataHash, CTAPResponseAttestation attestation) { bool verify = false; try { // SHA-256(rpid) == attestation.RpIdHash { byte[] rpidbyte = Encoding.ASCII.GetBytes(rpid); SHA256 sha = new SHA256CryptoServiceProvider(); byte[] rpidbytesha = sha.ComputeHash(rpidbyte); if (rpidbytesha.SequenceEqual(attestation.RpIdHash) == false) { // verify error throw (new Exception("verify failed CTAPResponseAttestation.RpIdHash")); } } // flags - skip // counter - skip // SigBase = authData + clientDataHash var sigBase = new List <byte>(); sigBase.AddRange(attestation.AuthData.ToList()); sigBase.AddRange(clientDataHash.ToList()); // Verify string certPem = CTAPVerify.ConvertCertificateDERtoPEM(attestation.AttStmtX5c); var pubKeyPem = BCVerify.GetPublicKeyPEMfromCert(certPem); if (BCVerify.VerifySignature(sigBase.ToArray(), pubKeyPem, attestation.AttStmtSig) == false) { // verify error throw (new Exception("verify failed Signature")); } verify = true; } catch (Exception) { } return(verify); }
public static bool Verify(string rpid, byte[] clientDataHash, string pubkeypem, CTAPResponseAssertion assertion) { bool verify = false; try { // SHA-256(rpid) == attestation.RpIdHash { byte[] rpidbyte = Encoding.ASCII.GetBytes(rpid); SHA256 sha = new SHA256CryptoServiceProvider(); byte[] rpidbytesha = sha.ComputeHash(rpidbyte); if (rpidbytesha.SequenceEqual(assertion.RpIdHash) == false) { // verify error; throw (new Exception("verify failed CTAPResponseAssertion.RpIdHash")); } } // flags - skip // counter - skip // SigBase = authData + clientDataHash var sigBase = new List <byte>(); sigBase.AddRange(assertion.AuthData.ToList()); sigBase.AddRange(clientDataHash.ToList()); // Verify if (BCVerify.VerifySignature(sigBase.ToArray(), pubkeypem, assertion.Signature) == false) { // verify error throw (new Exception("verify failed Signature")); } verify = true; } catch (Exception) { } return(verify); }