def public_key(self) -> bytes:
return nist256p1.publickey(self._private_key(), False)
def sign(self, data: Iterable[bytes]) -> bytes:
return self._u2f_sign(data)
def bogus_signature(self) -> bytes:
return der.encode_seq((b"\x0a" * 32, b"\x0a" * 32))
def generate_key_handle(self) -> None:
# derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
path = [HARDENED | random.uniform(0x8000_0000) for _ in range(0, 8)]
nodepath = [_U2F_KEY_PATH] + path
# prepare signing key from random path, compute decompressed public key
self.node = seed.derive_node_without_passphrase(nodepath, "nist256p1")
# first half of keyhandle is keypath
keypath = ustruct.pack("<8L", *path)
# second half of keyhandle is a hmac of rp_id_hash and keypath
mac = hmac(hmac.SHA256, self.node.private_key(), self.rp_id_hash)
mac.update(keypath)
self.id = keypath + mac.digest()
def app_name(self) -> str:
from . import knownapps
app = knownapps.by_rp_id_hash(self.rp_id_hash)
if app is not None:
def _private_key(self) -> bytes:
path = [HARDENED | 10022, HARDENED | int.from_bytes(self.id[:4], "big")] + [
HARDENED | i for i in ustruct.unpack(">4L", self.id[-16:])
]
node = seed.derive_node_without_passphrase(path, _CURVE_NAME[self.curve])
return node.private_key()