Ejemplo n.º 1
0
 def data(self):
     """Return a SignRequest."""
     return SignRequest(
         version=VERSION,
         challenge=websafe_encode(self.challenge),
         keyHandle=websafe_encode(self.binding.key_handle),
         appId=self.binding.app_id
     )
Ejemplo n.º 2
0
def start_authenticate(device, challenge=None):
    device = DeviceRegistration.wrap(device)

    if challenge is None:
        challenge = rand_bytes(32)

    return SignRequest(version=VERSION,
                       appId=device.appId,
                       keyHandle=device.keyHandle,
                       challenge=websafe_encode(challenge))
Ejemplo n.º 3
0
def verify_authenticate(device, request, response, valid_facets=None):
    device = DeviceRegistration.wrap(device)
    request = SignRequest.wrap(request)
    response = SignResponse.wrap(response)

    _validate_client_data(response.clientData, request.challenge,
                          "navigator.id.getAssertion", valid_facets)

    raw_response = RawAuthenticationResponse(device.appParam,
                                             response.clientParam,
                                             response.signatureData)
    raw_response.verify_signature(websafe_decode(device.publicKey))

    return raw_response.counter_int, raw_response.user_presence
Ejemplo n.º 4
0
    def getAssertion(self, request, facet="https://www.example.com"):
        """
        signData = {
            'version': "U2F_V2",
            'challenge': websafe_encode(self.challenge),
            'appId': self.binding.app_id,
            'keyHandle': websafe_encode(self.binding.key_handle),
        }
        """

        if not isinstance(request, SignRequest):
            request = SignRequest(request)

        if request.version != "U2F_V2":
            raise ValueError("Unsupported U2F version: %s" % request.version)

        key_handle = websafe_decode(request.keyHandle)
        if key_handle not in self.keys:
            raise ValueError("Unknown key handle!")

        # Client data
        client_data = ClientData(
            typ="navigator.id.getAssertion",
            challenge=request['challenge'],
            origin=facet
        )
        client_data = client_data.json.encode('utf-8')
        client_param = sha_256(client_data)

        # Unwrap:
        priv_key, app_param = self.keys[key_handle]

        # Increment counter
        self.counter += 1

        # Create signature
        touch = int2byte(1)
        counter = struct.pack('>I', self.counter)

        data = app_param + touch + counter + client_param
        signer = priv_key.signer(ec.ECDSA(hashes.SHA256()))
        signer.update(data)
        signature = signer.finalize()
        raw_response = touch + counter + signature

        return SignResponse(
            clientData=websafe_encode(client_data),
            signatureData=websafe_encode(raw_response),
            keyHandle=request.keyHandle
        )
Ejemplo n.º 5
0
def verify_authenticate(device, request, response, valid_facets=None):
    device = DeviceRegistration.wrap(device)
    request = SignRequest.wrap(request)
    response = SignResponse.wrap(response)

    _validate_client_data(response.clientData, request.challenge,
                          "navigator.id.getAssertion", valid_facets)

    raw_response = RawAuthenticationResponse(
        device.appParam,
        response.clientParam,
        response.signatureData
    )
    raw_response.verify_signature(websafe_decode(device.publicKey))

    return raw_response.counter_int, raw_response.user_presence
Ejemplo n.º 6
0
    def getAssertion(self,
                     request,
                     facet="https://www.example.com",
                     touch=False):
        """
        signData = {
            'version': "U2F_V2",
            'challenge': websafe_encode(self.challenge),
            'appId': self.binding.app_id,
            'keyHandle': websafe_encode(self.binding.key_handle),
        }
        """

        if not isinstance(request, SignRequest):
            request = SignRequest(request)

        if request.version != "U2F_V2":
            raise ValueError("Unsupported U2F version: %s" % request.version)

        key_handle = websafe_decode(request.keyHandle)
        if key_handle not in self.keys:
            raise ValueError("Unknown key handle!")

        # Client data
        client_data = ClientData(typ="navigator.id.getAssertion",
                                 challenge=request['challenge'],
                                 origin=facet)
        client_data = client_data.json
        client_param = H(client_data)

        # Unwrap:
        privu, app_param = self.keys[key_handle]

        # Increment counter
        self.counter += 1

        # Create signature
        touch = chr(1 if touch else 0)
        counter = struct.pack('>I', self.counter)

        digest = H(app_param + touch + counter + client_param)
        signature = privu.sign_dsa_asn1(digest)
        raw_response = touch + counter + signature

        return SignResponse(clientData=websafe_encode(client_data),
                            signatureData=websafe_encode(raw_response),
                            keyHandle=request.keyHandle)
Ejemplo n.º 7
0
 def test_challenge(self):
     req = SignRequest(challenge='Zm9vYmFy')
     self.assertEqual('foobar', req.challenge)
Ejemplo n.º 8
0
 def test_appParam(self):
     req = SignRequest(appId='https://example.com')
     self.assertEqual('\x10\x06\x80\xadTl\xe6\xa5w\xf4/R\xdf3\xb4\xcf'
                      '\xdc\xa7V\x85\x9efK\x8d}\xe3)\xb1P\xd0\x9c\xe9',
                      req.appParam)
Ejemplo n.º 9
0
 def authenticateRequests(self):
     return [SignRequest(x) for x in self['authenticateRequests']]