public static bool Verify(string rpid, byte[] clientDataHash, CTAPResponseAttestation attestation)
{
bool verify = false;
try {
// SHA-256(rpid) == attestation.RpIdHash
{
byte[] rpidbyte = Encoding.ASCII.GetBytes(rpid);
SHA256 sha = new SHA256CryptoServiceProvider();
byte[] rpidbytesha = sha.ComputeHash(rpidbyte);
if (rpidbytesha.SequenceEqual(attestation.RpIdHash) == false)
{
// verify error
throw (new Exception("verify failed CTAPResponseAttestation.RpIdHash"));
}
}
// flags - skip
// counter - skip
// SigBase = authData + clientDataHash
var sigBase = new List <byte>();
sigBase.AddRange(attestation.AuthData.ToList());
sigBase.AddRange(clientDataHash.ToList());
// Verify
string certPem = CTAPVerify.ConvertCertificateDERtoPEM(attestation.AttStmtX5c);
var pubKeyPem = BCVerify.GetPublicKeyPEMfromCert(certPem);
if (BCVerify.VerifySignature(sigBase.ToArray(), pubKeyPem, attestation.AttStmtSig) == false)
{
// verify error
throw (new Exception("verify failed Signature"));
}
verify = true;
} catch (Exception) {
}
return(verify);
}
public static bool Verify(string rpid, byte[] clientDataHash, string pubkeypem, CTAPResponseAssertion assertion)
{
bool verify = false;
try {
// SHA-256(rpid) == attestation.RpIdHash
{
byte[] rpidbyte = Encoding.ASCII.GetBytes(rpid);
SHA256 sha = new SHA256CryptoServiceProvider();
byte[] rpidbytesha = sha.ComputeHash(rpidbyte);
if (rpidbytesha.SequenceEqual(assertion.RpIdHash) == false)
{
// verify error;
throw (new Exception("verify failed CTAPResponseAssertion.RpIdHash"));
}
}
// flags - skip
// counter - skip
// SigBase = authData + clientDataHash
var sigBase = new List <byte>();
sigBase.AddRange(assertion.AuthData.ToList());
sigBase.AddRange(clientDataHash.ToList());
// Verify
if (BCVerify.VerifySignature(sigBase.ToArray(), pubkeypem, assertion.Signature) == false)
{
// verify error
throw (new Exception("verify failed Signature"));
}
verify = true;
} catch (Exception) {
}
return(verify);
}
