public void FinishAuthentication_InvalidSignatureData() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var signatureData = FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64); var signatureBytes = signatureData.Signature.ToByteArray(); signatureBytes[0] ^= 0xFF; signatureData = new FidoSignatureData( signatureData.UserPresence, signatureData.Counter, new FidoSignature(signatureBytes)); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), signatureData, FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void Equals_NotEqual() { var value1 = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var value2 = new FidoKeyHandle(Encoding.Default.GetBytes("Keyhandle")); Assert.IsFalse(value1.Equals(value2)); }
public void UpdateDeviceRegistrationCounter(string userName, FidoKeyHandle keyHandle, uint counter) { var deviceRegistration = GetDeviceRegistrationsOfUser(userName).FirstOrDefault(x => x.KeyHandle == keyHandle); if (deviceRegistration == null) throw new InvalidOperationException(String.Format("Could not find device registration for user '{0}' with key handle '{1}'", userName, keyHandle)); deviceRegistration.UpdateCounter(counter); }
internal static FidoAuthenticateResponse CreateGoodAuthenticateResponse() { var clientData = FidoClientData.FromJson(TestVectors.ClientDataAuth); var signatureData = FidoSignatureData.FromBytes(TestVectors.AuthenticateResponse); var keyHandle = FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle); return(new FidoAuthenticateResponse(clientData, signatureData, keyHandle)); }
private static FidoDeviceRegistration CreateTestDeviceRegistration() { var cert = FidoAttestationCertificate.FromWebSafeBase64(TestVectors.AttestationCertificate); var keyHandle = FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle); var publicKey = FidoPublicKey.FromWebSafeBase64(TestVectors.PublicKeyBase64); return(new FidoDeviceRegistration(keyHandle, publicKey, cert, 0)); }
private FidoRegistrationData(FidoPublicKey userPublicKey, FidoKeyHandle keyHandle, FidoAttestationCertificate attestationCertificate, FidoSignature signature) { UserPublicKey = userPublicKey; KeyHandle = keyHandle; AttestationCertificate = attestationCertificate; Signature = signature; }
public FidoStartedAuthentication(FidoAppId appId, string challenge, FidoKeyHandle keyHandle) { if (appId == null) throw new ArgumentNullException("appId"); if (challenge == null) throw new ArgumentNullException("challenge"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); AppId = appId; Challenge = challenge; KeyHandle = keyHandle; }
private static FidoDeviceRegistration CreateTestDeviceRegistration() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); return(deviceRegistration); }
public void SerializeObject() { var randomBytes = new byte[256]; RandomNumberGenerator.Create().GetBytes(randomBytes); var value = new FidoKeyHandle(randomBytes); var serialized = JsonConvert.SerializeObject(value); var bytes = WebSafeBase64Converter.FromBase64String(serialized.Trim('"')); Assert.IsTrue(randomBytes.SequenceEqual(bytes)); }
public void UpdateDeviceRegistrationCounter(string userName, FidoKeyHandle keyHandle, uint counter) { var deviceRegistration = GetDeviceRegistrationsOfUser(userName).FirstOrDefault(x => x.KeyHandle == keyHandle); if (deviceRegistration == null) { throw new InvalidOperationException(String.Format("Could not find device registration for user '{0}' with key handle '{1}'", userName, keyHandle)); } deviceRegistration.UpdateCounter(counter); }
public void DeserializeObject() { var publicKey = new byte[256]; RandomNumberGenerator.Create().GetBytes(publicKey); var value = new FidoKeyHandle(publicKey); var serialized = JsonConvert.SerializeObject(value); var deserialized = JsonConvert.DeserializeObject<FidoKeyHandle>(serialized); Assert.AreEqual(value, deserialized); }
public void DeserializeObject() { var publicKey = new byte[256]; RandomNumberGenerator.Create().GetBytes(publicKey); var value = new FidoKeyHandle(publicKey); var serialized = JsonConvert.SerializeObject(value); var deserialized = JsonConvert.DeserializeObject <FidoKeyHandle>(serialized); Assert.AreEqual(value, deserialized); }
public void FromJson() { var deviceRegistration = FidoDeviceRegistration.FromJson("{\"Certificate\":\"Y2VydGlmaWNhdGU\",\"Counter\":12345,\"KeyHandle\":\"a2V5aGFuZGxl\",\"PublicKey\":\"cHVibGlja2V5\"}"); var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); Assert.AreEqual(12345, deviceRegistration.Counter); Assert.IsTrue(certificate.Equals(deviceRegistration.Certificate)); Assert.IsTrue(publicKey.Equals(deviceRegistration.PublicKey)); Assert.IsTrue(keyHandle.Equals(deviceRegistration.KeyHandle)); }
public void FinishAuthentication_Works() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(TestVectors.ClientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains); }
public void ToJson() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); var serialized = deviceRegistration.ToJson(); var jsonObject = JObject.Parse(serialized); var properties = jsonObject.Properties().ToLookup(x => x.Name.ToLowerInvariant(), x => x.Value.ToString()); Assert.AreEqual("Y2VydGlmaWNhdGU", properties["certificate"].Single()); Assert.AreEqual("12345", properties["counter"].Single()); Assert.AreEqual("a2V5aGFuZGxl", properties["keyhandle"].Single()); Assert.AreEqual("cHVibGlja2V5", properties["publickey"].Single()); }
public void FinishAuthentication_DifferentChallenge() { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("challenge\":\"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o", "challenge\":\"different"); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public void FinishAuthentication_UntrustedOrigin(string origin) { var mockGenerateChallenge = new Mock <IGenerateFidoChallenge>(); mockGenerateChallenge.Setup(x => x.GenerateChallenge()).Returns(WebSafeBase64Converter.FromBase64String(TestVectors.ServerChallengeAuthBase64)); var fido = new FidoUniversalTwoFactor(mockGenerateChallenge.Object); var deviceRegistration = CreateTestDeviceRegistration(); var startedAuthentication = fido.StartAuthentication(new FidoAppId(TestVectors.AppIdEnroll), deviceRegistration); var clientDataAuth = TestVectors.ClientDataAuth.Replace("origin\":\"http://example.com", "origin\":\"" + origin); var authenticateResponse = new FidoAuthenticateResponse( FidoClientData.FromJson(clientDataAuth), FidoSignatureData.FromWebSafeBase64(TestVectors.SignResponseDataBase64), FidoKeyHandle.FromWebSafeBase64(TestVectors.KeyHandle)); Assert.Throws <InvalidOperationException>(() => fido.FinishAuthentication(startedAuthentication, authenticateResponse, deviceRegistration, TestVectors.TrustedDomains)); }
public ActionResult Login(LoginDeviceViewModel model) { model = model ?? new LoginDeviceViewModel(); try { if (!String.IsNullOrEmpty(model.RawAuthenticationResponse)) { var u2f = new FidoUniversalTwoFactor(); var appId = new FidoAppId(Request.Url); var deviceRegistration = GetFidoRepository().GetDeviceRegistrationsOfUser(GetCurrentUser()).FirstOrDefault(x => x.KeyHandle.ToWebSafeBase64() == model.KeyHandle); if (deviceRegistration == null) { ModelState.AddModelError("", "Unknown key handle: " + model.KeyHandle); return(View(new LoginDeviceViewModel())); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(appId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var counter = u2f.FinishAuthentication(startedAuthentication, model.RawAuthenticationResponse, deviceRegistration, GetTrustedDomains()); // save the counter somewhere, the device registration of the next authentication should use this updated counter //deviceRegistration.Counter = counter; return(RedirectToAction("LoginSuccess")); } } catch (Exception ex) { ModelState.AddModelError("", ex.GetType().Name + ": " + ex.Message); } return(View(model)); }
public void Validate_Good_NoException() { var value = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); value.Validate(); }
public void Validate_BytesEmpty_Throws() { var value = new FidoKeyHandle(new byte[0]); Assert.Throws<InvalidOperationException>(() => value.Validate()); }
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) { return(FidoKeyHandle.FromWebSafeBase64(reader.Value.ToString())); }
public void Constructor() { var value = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); Assert.AreEqual("keyhandle", Encoding.Default.GetString(value.ToByteArray())); }
public FidoAuthenticateResponse(FidoClientData clientData, FidoSignatureData signatureData, FidoKeyHandle keyHandle) { ClientData = clientData; SignatureData = signatureData; KeyHandle = keyHandle; }
private static FidoDeviceRegistration CreateTestDeviceRegistration() { var keyHandle = new FidoKeyHandle(Encoding.Default.GetBytes("keyhandle")); var publicKey = new FidoPublicKey(Encoding.Default.GetBytes("publickey")); var certificate = new FidoAttestationCertificate(Encoding.Default.GetBytes("certificate")); var deviceRegistration = new FidoDeviceRegistration(keyHandle, publicKey, certificate, 12345); return deviceRegistration; }
public void Equals_Null() { Assert.IsFalse(FidoKeyHandle.FromWebSafeBase64("").Equals(null)); }
public void Validate_BytesEmpty_Throws() { var value = new FidoKeyHandle(new byte[0]); Assert.Throws <InvalidOperationException>(() => value.Validate()); }
public IActionResult AuthenticateDevice(AuthenticateDeviceModel model) { if (App.CurrentUser == null) { return(BadRequest(new { error = "You must login.", code = 401 })); } if (model == null || string.IsNullOrEmpty(model.KeyHandle)) { return(BadRequest(new { error = "Invalid device id.", code = 400 })); } var device = App.CurrentUser.Devices.FirstOrDefault(x => x.Identifier.Equals(model.KeyHandle)); if (device == null) { return(BadRequest(new { error = "Device not found.", code = 400 })); } var u2F = new FidoUniversalTwoFactor(); var deviceRegistration = FidoDeviceRegistration.FromJson(device.Data); if (deviceRegistration == null) { return(BadRequest(new { error = "Unknown key handle.", code = 400 })); } var challenge = model.Challenge; var startedAuthentication = new FidoStartedAuthentication(AppId, challenge, FidoKeyHandle.FromWebSafeBase64(model.KeyHandle ?? "")); var facetIds = new List <FidoFacetId> { new FidoFacetId(AppId.ToString()) }; var counter = u2F.FinishAuthentication(startedAuthentication, model.RawAuthenticateResponse, deviceRegistration, facetIds); deviceRegistration.Counter = counter; device.Usage++; return(Ok(new { message = "Device has been authenticated.", code = 200, redirect = Url.Action("CurrentUser") })); }