brucedog / u2f_core Goto Github PK
View Code? Open in Web Editor NEWU2F library for .NET Core
Home Page: https://bfoster.me/U2FDemo/DemoHome
License: MIT License
U2F library for .NET Core
Home Page: https://bfoster.me/U2FDemo/DemoHome
License: MIT License
Would you be open to dumping the bouncy castle dependency in favor of standard framework crypto or are you trying to keep everything 1-1 with the java implementation? With .NET Core 2.0 we should be able to do all of the needed crypto.
bfoster.me does not work with generic U2F device. Tried these:
https://www.ftsafe.com/products/FIDO/NFC
https://hypersecu.com/products/hyperfido
Works fine with github, google and hypersecu demo app (https://u2fdemo.hypersecu.com/signup <- has a glass mode for debugging).
Does your lib works only with Yubikey?
When register an account and pair my Solokey, the following error is shown on screen:
exception of type 'U2F.Core.Exceptions.U2fException' was thrown.
Hi Bryce,
My Yubico FIDO U2F key is working with the Yubico's test site (https://demo.yubico.com/u2f) using both Chrome 63 and FF 57.0.2.
I also have your U2F test application working with Chrome 63. However, I've not been able to get it to work with FF 57.0.2. With FF, the Finish Authentication page displays but the key never starts blinking. I also tried using the latest u2f-api (https://demo.yubico.com/js/u2f-api.js) but neither Chrome or FF works with the test app with the latest api--the key never starts blinking on the Finish Authentication page.
Maybe you've run into this sort of thing before? Thanks for any help or ideas you have.
Best,
When attempting to register a device on the demo site in Safari 13.1.2, I get the model pop-up prompting U2F interaction but my U2F key does not begin blinking for interaction.
I am using Yubikey 5C Nano.
Registration/Authentication works from most other U2F compatible sites (GitHub, Yubico Demo Site).
NuGet package does not seem to work.
Install-Package U2F.Core
System.IO.FileNotFoundException: 'Could not load file or assembly 'System.Runtime, Version=4.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.'
Inner Exception:
FileNotFoundException: Could not load file or assembly 'System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
When adding the package from NuGet it shows that there are no dependencies, which definitely isn't right either. https://www.nuget.org/packages/U2F.Core
Just upgraded to v2.0.0 and am testing it out. It works great on Windows, however, fails on Linux (maybe macOS too, have not tested that).
Trying to call FinishRegistration
on a Linux (Debian) host causes U2fException
(Error when verifying signature). Stack trace shows it coming from the CheckSignature
method.
Reverting back to v1.0.4 resolves the problem.
U2F.Core.Exceptions.U2fException: Error when verifying signature
at U2F.Core.Crypto.CryptoService.CheckSignature(X509Certificate2 attestationCertificate, Byte[] signedBytes, Byte[] signature)
at U2F.Core.Models.RawRegisterResponse.CheckSignature(String appId, String clientData)
at U2F.Core.Crypto.U2F.FinishRegistration(StartedRegistration startedRegistration, RegisterResponse tokenResponse, HashSet`1 facets)
at Bit.Core.Services.UserService.CompleteU2fRegistrationAsync(User user, Int32 id, String name, String deviceResponse) in /home/bitwarden/Projects/bitwarden/core/src/Core/Services/Implementations/UserService.cs:line 330
at Bit.Api.Controllers.TwoFactorController.PutU2f(TwoFactorU2fRequestModel model) in /home/bitwarden/Projects/bitwarden/core/src/Api/Controllers/TwoFactorController.cs:line 221
at lambda_method(Closure , Object )
at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at System.Threading.Tasks.ValueTask`1.get_Result()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
My guess is some break in the new crypto libs being used.
Bryce, just a heads-up that this 12/12/17 reported problem might affect Bouncy Castle crypto apis being used by U2F_Core. I believe a Bouncy Castle fix is currently in beta.
https://nvd.nist.gov/vuln/detail/CVE-2017-13098
https://robotattack.org/
http://www.securityweek.com/old-crypto-vulnerability-hits-major-tech-firms
I am unable to open the solution source code in VS2015 because the VS2017 csproj files are not backwards compatible with VS2015.
Thinking about creating a new empty ASP.Core project in VS2015 and trying to manually copy the U2F_Core source files into the empty VS2015 project. Do you think manually porting the source to VS2015 would work? Can you offer any guidance or suggestions on reconstructing from a new project?
I realize I could get the compiled U2F_Core DLL via NuGet but I'd really like to work directly with the source to understand how it works.
The overall goal is investigate using the library with a VS2015 ASP.Core 1.1 web application (full-framework 4.5.2) with ASP.NET Core Identity.
Thanks!
Should this work in Firefox?
I am using U2F.Core in my own application and it works great in Chrome. I see odd behavior in Firefox. Device registration works fine, but Authenticating with the device gives an errorCode 2.
When trying to use your demo site in Firefox, it does not work for me at all (device does not enable for input).
GitHub, Facebook, other U2F implementations work fine.
Do you know if it is possible to use U2F_Core on the server for performing the same U2F operations while using WenAuthn APIs on the client? We are looking to migrate our clients to WebAuthn and I am not sure if it will work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.