public virtual void TestEncodeRegisterRequest()
{
var registerRequest = new KeyRegisterRequest(APP_ID_ENROLL_SHA256, BROWSER_DATA_ENROLL_SHA256);
var encodedBytes = RawMessageCodec.EncodeKeyRegisterRequest(registerRequest);
CollectionAssert.AreEqual(REGISTRATION_REQUEST_DATA, encodedBytes);
}
async Task <RegisterOperationResult?> TryOneRequest(IKey key, KeyRegisterRequest request,
CancellationToken cancellationToken)
{
try
{
var result = await key.RegisterAsync(request, cancellationToken);
log.Info(result.Status.ToString());
switch (result.Status)
{
case KeyResponseStatus.Success:
return(RegisterOperationResult.Success(request, result.Data));
}
}
catch (KeyGoneException)
{
// No sense in continuing with this signer, the key isn't physically present anymore
log.DebugFormat("Key '{0}' is gone", keyId);
throw;
}
catch (TaskCanceledException)
{
// Let cancellation bubble up
throw;
}
catch (KeyBusyException)
{
// Maybe it won't be busy later
}
catch (Exception exception)
{
log.Error("Authenticate request failed", exception);
}
return(null);
}
public KeyRegisterResponse Register(KeyRegisterRequest keyRegisterRequest)
{
while (true)
{
var result = key.RegisterAsync(keyRegisterRequest).Result;
switch (result.Status)
{
case KeyResponseStatus.Success:
Debug.Assert(result.Data != null, "no data for success");
return(result.Data);
case KeyResponseStatus.TestOfuserPresenceRequired:
Console.WriteLine("User presence required");
Thread.Sleep(100);
continue;
case KeyResponseStatus.Failure:
throw new U2FException("Failure");
default:
throw new ArgumentOutOfRangeException();
}
}
}
public virtual void TestDecodeRegisterRequest()
{
KeyRegisterRequest keyRegisterRequest = RawMessageCodec
.DecodeKeyRegisterRequest(REGISTRATION_REQUEST_DATA);
Assert.AreEqual(new KeyRegisterRequest(APP_ID_ENROLL_SHA256
, BROWSER_DATA_ENROLL_SHA256), keyRegisterRequest);
}
public async Task <KeyResponse <KeyRegisterResponse> > RegisterAsync(KeyRegisterRequest request,
CancellationToken cancellationToken = new CancellationToken(),
bool invididualAttestation = false)
{
var flags = invididualAttestation
? EnforceUserPresenceAndSign | InteractionFlags.AttestWithDeviceKey
: EnforceUserPresenceAndSign;
var message = ApduMessageCodec.EncodeRegisterRequest(new KeyRequest <KeyRegisterRequest>(request, flags));
var response = await QueryApduAsync(message, cancellationToken);
return(ApduMessageCodec.DecodeRegisterReponse(response));
}
public Task <KeyResponse <KeyRegisterResponse> > RegisterAsync(KeyRegisterRequest request, CancellationToken cancellationToken = new CancellationToken(),
bool invididualAttestation = false)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
log.Info(">> register");
var applicationSha256 = request.ApplicationSha256;
var challengeSha256 = request.ChallengeSha256;
log.Info(" -- Inputs --");
log.Info(" applicationSha256: " + applicationSha256.ToHexString());
log.Info(" challengeSha256: " + challengeSha256.ToHexString());
var userPresent = userPresenceVerifier.VerifyUserPresence();
if ((userPresent & UserPresenceVerifierConstants.UserPresentFlag) == 0)
{
return(TestOfUserPresenceRequired <KeyRegisterResponse>());
}
var keyPair = keyPairGenerator.GenerateKeyPair(applicationSha256, challengeSha256);
var keyHandle = keyHandleGenerator.GenerateKeyHandle(applicationSha256, keyPair);
dataStore.StoreKeyPair(keyHandle, keyPair);
var userPublicKey = keyPairGenerator.EncodePublicKey(keyPair.PublicKey);
var signedData = RawMessageCodec.EncodeKeyRegisterSignedBytes(applicationSha256, challengeSha256, keyHandle,
userPublicKey);
log.Info("Signing bytes " + signedData.ToHexString());
var signature = crypto.Sign(signedData, certificatePrivateKey);
log.Info(" -- Outputs --");
log.Info(" userPublicKey: " + userPublicKey.ToHexString());
log.Info(" keyHandle: " + keyHandle.ToHexString());
log.Info(" vendorCertificate: " + vendorCertificate);
log.Info(" signature: " + signature.ToHexString());
log.Info("<< register");
var response = new KeyRegisterResponse(userPublicKey, keyHandle, vendorCertificate, signature);
var responseData = RawMessageCodec.EncodeKeyRegisterResponse(response).Segment();
var apdu = new ApduResponse(ApduResponseStatus.NoError, responseData);
var keyResponse = new KeyResponse <KeyRegisterResponse>(apdu, response, KeyResponseStatus.Success);
return(TaskEx.FromResult(keyResponse));
}
public virtual void TestRegister()
{
var registerRequest = new KeyRegisterRequest(APP_ID_ENROLL_SHA256, BROWSER_DATA_ENROLL_SHA256);
var registerResponse = u2FKey.Register(registerRequest);
mockDataStore.Verify(x => x.StoreKeyPair(KEY_HANDLE, USER_KEY_PAIR_ENROLL));
CollectionAssert.AreEqual(USER_PUBLIC_KEY_ENROLL_HEX, registerResponse.UserPublicKey);
Assert.AreEqual(VENDOR_CERTIFICATE, registerResponse.AttestationCertificate);
CollectionAssert.AreEqual(KEY_HANDLE, registerResponse.KeyHandle);
var ecdsaSignature = SignerUtilities.GetSigner("SHA-256withECDSA");
ecdsaSignature.Init(false, VENDOR_CERTIFICATE.GetPublicKey());
ecdsaSignature.BlockUpdate(EXPECTED_REGISTER_SIGNED_BYTES, 0, EXPECTED_REGISTER_SIGNED_BYTES.Length);
Assert.IsTrue(ecdsaSignature.VerifySignature(registerResponse.Signature));
}
public static byte[] EncodeKeyRegisterRequest([NotNull] KeyRegisterRequest keyRegisterRequest)
{
if (keyRegisterRequest == null)
{
throw new ArgumentNullException(nameof(keyRegisterRequest));
}
var appIdSha256 = keyRegisterRequest.ApplicationSha256;
var challengeSha256 = keyRegisterRequest.ChallengeSha256;
var result = new byte[appIdSha256.Length + challengeSha256.Length];
using (var writer = new EndianWriter(new MemoryStream(result), Endianness.BigEndian))
{
writer.Write(challengeSha256);
writer.Write(appIdSha256);
}
return(result);
}
/// <exception cref="U2FException" />
public KeyRegisterResponse Register(KeyRegisterRequest keyRegisterRequest)
{
if (keyRegisterRequest == null)
{
throw new ArgumentNullException(nameof(keyRegisterRequest));
}
log.Info(">> register");
var applicationSha256 = keyRegisterRequest.ApplicationSha256;
var challengeSha256 = keyRegisterRequest.ChallengeSha256;
log.Info(" -- Inputs --");
log.Info(" applicationSha256: " + applicationSha256.ToHexString());
log.Info(" challengeSha256: " + challengeSha256.ToHexString());
var userPresent = userPresenceVerifier.VerifyUserPresence();
if ((userPresent & UserPresenceVerifierConstants.UserPresentFlag) == 0)
{
throw new U2FException("Cannot verify user presence");
}
var keyPair = keyPairGenerator.GenerateKeyPair(applicationSha256, challengeSha256);
var keyHandle = keyHandleGenerator.GenerateKeyHandle(applicationSha256, keyPair);
dataStore.StoreKeyPair(keyHandle, keyPair);
var userPublicKey = keyPairGenerator.EncodePublicKey(keyPair.PublicKey);
var signedData = RawMessageCodec.EncodeKeyRegisterSignedBytes(applicationSha256, challengeSha256, keyHandle,
userPublicKey);
log.Info("Signing bytes " + signedData.ToHexString());
var signature = crypto.Sign(signedData, certificatePrivateKey);
log.Info(" -- Outputs --");
log.Info(" userPublicKey: " + userPublicKey.ToHexString());
log.Info(" keyHandle: " + keyHandle.ToHexString());
log.Info(" vendorCertificate: " + vendorCertificate);
log.Info(" signature: " + signature.ToHexString());
log.Info("<< register");
return(new KeyRegisterResponse(userPublicKey, keyHandle, vendorCertificate, signature));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="U2FException"/>
public static void SendRegisterRequest(Stream outputStream, KeyRegisterRequest keyRegisterRequest)
{
SendRequest(outputStream, CommandRegister, RawMessageCodec.
EncodeKeyRegisterRequest(keyRegisterRequest));
}
public RegisterInfo(RegisterRequest registerRequest, string clientDataBase64, KeyRegisterRequest keyRegisterRequest)
{
RegisterRequest = registerRequest;
ClientDataBase64 = clientDataBase64;
KeyRegisterRequest = keyRegisterRequest;
}
public static RegisterOperationResult Success(KeyRegisterRequest request, KeyRegisterResponse response)
{
return(new RegisterOperationResult(KeyResponseStatus.Success, request, response));
}
private RegisterOperationResult(KeyResponseStatus status, KeyRegisterRequest request, KeyRegisterResponse response)
{
Status = status;
Request = request;
Response = response;
}
