public void FinishAuthentication_DifferentChallenge()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different");
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public void FinishAuthentication_CounterTooSmall()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64);
signatureData = new FidoSignatureData(
signatureData.UserPresence,
0,
signatureData.Signature);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
signatureData,
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
public uint FinishAuthentication(FidoStartedAuthentication startedAuthentication,
FidoAuthenticateResponse authResponse,
FidoDeviceRegistration deviceRegistration,
IEnumerable<FidoFacetId> trustedFacetIds)
{
authResponse.Validate();
var clientData = authResponse.ClientData;
ExpectClientDataType(clientData, AuthenticateType);
if (clientData.Challenge != startedAuthentication.Challenge)
throw new InvalidOperationException("Incorrect challenge signed in client data");
ValidateOrigin(trustedFacetIds, new FidoFacetId(clientData.Origin));
var signatureData = authResponse.SignatureData;
VerifyAuthSignature(startedAuthentication.AppId, signatureData, clientData, deviceRegistration);
deviceRegistration.UpdateCounter(signatureData.Counter);
return signatureData.Counter;
}
public void FinishAuthentication_Works()
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(TestVectors.ClientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains);
}
public void FinishAuthentication_UntrustedOrigin(string origin)
{
var mockGenerateChallenge = new Mock<IGenerateFidoChallenge>();
mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64));
var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object);
var deviceRegistration = CreateTestDeviceRegistration();
var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration);
var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin);
var authenticateResponse = new FidoAuthenticateResponse(
FidoClientData.FromJson(clientDataAuth),
FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64),
FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle));
Assert.Throws<InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains));
}
