def test_00_sign_check(self):
# Test the low level functions
# Values taken from
# https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html#authentication-example
pass
privkey = "ffa1e110dde5a2f8d93c4df71e2d4337b7bf5ddb60c75dc2b6b81433b54dd3c0"
pubkey = "04d368f1b665bade3c33a20f1e429c7750d5033660c019119d29aa4ba7abc04aa7c80a46bbe11ca8cb5674d74f31f8a903f6bad105fb6ab74aefef4db8b0025e1d"
app_id = "https://gstatic.com/securitykey/a/example.com"
client_data = '{"typ":"navigator.id.getAssertion","challenge":"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}'
counter = 1
signature = sign_challenge(privkey, app_id, client_data, counter)
r = check_response(pubkey, app_id, client_data, signature, counter)
self.assertEqual(r, 1)
def test_00_sign_check(self):
# Test the low level functions
# Values taken from
# https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html#authentication-example
pass
privkey = "ffa1e110dde5a2f8d93c4df71e2d4337b7bf5ddb60c75dc2b6b81433b54dd3c0"
pubkey = "04d368f1b665bade3c33a20f1e429c7750d5033660c019119d29aa4ba7abc04aa7c80a46bbe11ca8cb5674d74f31f8a903f6bad105fb6ab74aefef4db8b0025e1d"
app_id = "https://gstatic.com/securitykey/a/example.com"
client_data = '{"typ":"navigator.id.getAssertion","challenge":"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}'
counter = 1
signature = sign_challenge(privkey, app_id, client_data, counter)
r = check_response(pubkey, app_id, client_data, signature, counter)
self.assertEqual(r, 1)
def test_02_validate(self):
# assign token to user
r = assign_token(self.serial,
User("cornelius", self.realm1),
pin="u2f")
self.assertEqual(r, True)
# Issue challenge
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user":
"******" + self.realm1,
"pass": "******"
}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("value"), False)
transaction_id = detail.get("transaction_id")
self.assertEqual(len(transaction_id), len('01350277175811850842'))
self.assertTrue(
"Please confirm with your U2F token" in detail.get("message"),
detail.get("message"))
attributes = detail.get("attributes")
u2f_sign_request = attributes.get("u2fSignRequest")
self.assertTrue("appId" in u2f_sign_request)
app_id = u2f_sign_request.get("appId")
self.assertTrue("challenge" in u2f_sign_request)
challenge = u2f_sign_request.get("challenge")
self.assertTrue("keyHandle" in u2f_sign_request)
key_handle = u2f_sign_request.get("keyHandle")
self.assertEqual(u2f_sign_request.get("version"), "U2F_V2")
# private key from the registration example
privkey = "9a9684b127c5e3a706d618c86401c7cf6fd827fd0bc18d24b0eb842e36d16df1"
counter = 1
client_data = '{"typ":"navigator.id.getAssertion",' \
'"challenge":"%s","cid_pubkey":{"kty":"EC",' \
'"crv":"P-256",' \
'"x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8",' \
'"y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},' \
'"origin":"%s"}' % (challenge, app_id)
signature_hex = sign_challenge(privkey, app_id, client_data, counter)
signature_data_hex = "0100000001" + signature_hex
signature_data_url = url_encode(binascii.unhexlify(signature_data_hex))
client_data_url = url_encode(client_data)
# Send the response. Unfortunately it does not fit to the
# registration, so we create a BadSignatureError
with self.app.test_request_context('/validate/check',
method='POST',
data={
"user": "******",
"realm": self.realm1,
"pass": "",
"transaction_id":
transaction_id,
"clientdata": client_data_url,
"signaturedata":
signature_data_url
}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("status"), True)
self.assertEqual(result.get("value"), False)
def test_02_validate(self):
# assign token to user
r = assign_token(self.serial, User("cornelius", self.realm1),
pin="u2f")
self.assertEqual(r, True)
# Issue challenge
with self.app.test_request_context('/validate/check',
method='POST',
data={"user":
"******"+self.realm1,
"pass": "******"}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("value"), False)
transaction_id = detail.get("transaction_id")
self.assertEqual(len(transaction_id), len('01350277175811850842'))
self.assertTrue("Please confirm with your U2F token" in
detail.get("message"), detail.get("message"))
attributes = detail.get("attributes")
u2f_sign_request = attributes.get("u2fSignRequest")
self.assertTrue("appId" in u2f_sign_request)
app_id = u2f_sign_request.get("appId")
self.assertTrue("challenge" in u2f_sign_request)
challenge = u2f_sign_request.get("challenge")
self.assertTrue("keyHandle" in u2f_sign_request)
key_handle = u2f_sign_request.get("keyHandle")
self.assertEqual(u2f_sign_request.get("version"), "U2F_V2")
# private key from the registration example
privkey = "9a9684b127c5e3a706d618c86401c7cf6fd827fd0bc18d24b0eb842e36d16df1"
counter = 1
client_data = '{"typ":"navigator.id.getAssertion",' \
'"challenge":"%s","cid_pubkey":{"kty":"EC",' \
'"crv":"P-256",' \
'"x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8",' \
'"y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},' \
'"origin":"%s"}' % (challenge, app_id)
signature_hex = sign_challenge(privkey, app_id, client_data, counter)
signature_data_hex = "0100000001" + signature_hex
signature_data_url = url_encode(binascii.unhexlify(signature_data_hex))
client_data_url = url_encode(client_data)
# Send the response. Unfortunately it does not fit to the
# registration, so we create a BadSignatureError
with self.app.test_request_context('/validate/check',
method='POST',
data={"user": "******",
"realm": self.realm1,
"pass": "",
"transaction_id":
transaction_id,
"clientdata": client_data_url,
"signaturedata":
signature_data_url}):
res = self.app.full_dispatch_request()
self.assertEqual(res.status_code, 200)
result = json.loads(res.data).get("result")
detail = json.loads(res.data).get("detail")
self.assertEqual(result.get("status"), True)
self.assertEqual(result.get("value"), False)
