def sign(self, client_data):
authenticator_data = AuthenticatorData.create(
sha256(self.app_id),
flags=AuthenticatorData.FLAG.USER_PRESENT,
counter=0)
signature = self.priv_key.sign(authenticator_data + client_data.hash,
ec.ECDSA(hashes.SHA256()))
return authenticator_data, signature
def _get_assertion_1(seed, rp_id_hash, descriptor, client_data_hash):
credential_id = descriptor.id
assert softkey_valid_credential_id(seed, credential_id)
auth_data = AuthenticatorData.create(
rp_id_hash=rp_id_hash,
flags=AuthenticatorData.FLAG.USER_PRESENT,
counter=0xdeadbeef,
)
ed25519priv = softkey_derive_ed25519priv(seed, credential_id)
signature = ed25519priv.sign(auth_data + client_data_hash)
return AssertionResponse.create(descriptor, auth_data, signature)
def _make_authenticator_data(
self, rp_id: str,
attested_credential_data: Optional[AttestedCredentialData]
) -> AuthenticatorData:
flags = (AuthenticatorData.FLAG.USER_PRESENT
| AuthenticatorData.FLAG.USER_VERIFIED)
if attested_credential_data:
flags |= AuthenticatorData.FLAG.ATTESTED
rp_id_hash = sha256(rp_id.encode('utf-8')).digest()
sig_counter = self._get_timestamp_signature_counter()
return AuthenticatorData.create(rp_id_hash, flags, sig_counter,
attested_credential_data or b'')
def get_auth_webauthn(user: "******") -> Authenticator:
return Authenticator.objects.create(
type=3, # u2f
user=user,
config={
"devices": [
{
"binding": {
"publicKey":
"aowekroawker",
"keyHandle":
"devicekeyhandle",
"appId":
"https://dev.getsentry.net:8000/auth/2fa/u2fappid.json",
},
"name": "Amused Beetle",
"ts": 1512505334,
},
{
"binding": {
"publicKey":
"publickey",
"keyHandle":
"aowerkoweraowerkkro",
"appId":
"https://dev.getsentry.net:8000/auth/2fa/u2fappid.json",
},
"name": "Sentry",
"ts": 1512505334,
},
{
"name":
"Alert Escargot",
"ts":
1512505334,
"binding":
AuthenticatorData.create(
sha256(b"test"),
0x41,
1,
create_credential_object({
"publicKey": "webauthn",
"keyHandle": "webauthn",
}),
),
},
]
},
)
