Example #1
0
def makeSignature(challenge,cred_id,rp_id):
	allow_list = [{
    	'type': 'public-key',
    	'id': websafe_decode(cred_id)
	}]
	sys.stderr.write('\nTouch your authenticator device now...\n')
	# sys.stderr.write(challenge+"\n")
	# sys.stderr.write(cred_id+"\n")
	# sys.stderr.write(rp_id+"\n")

	try:
	    assertions, client_data = client.get_assertion(
	    	rp_id, challenge, allow_list)
	except ValueError:
	    assertions, client_data = client.get_assertion(
	    	rp_id, challenge, allow_list)

	sys.stderr.write('Credential authenticated!')

	assertion = assertions[0]  # Only one cred in allowList, only one response.
	# print('ASSERTIONS : ', assertions)

	# print()
	# print('CLIENT DATA:', client_data)
	# print()
	# print('ASSERTION DATA:', assertion)
	# print()

	return str(cbor.decode_from(assertion.signature))
Example #2
0
 def test_vectors(self):
     for (data, value) in _TEST_VECTORS:
         try:
             self.assertEqual(cbor.decode_from(a2b_hex(data)), (value, b''))
             self.assertEqual(cbor.decode(a2b_hex(data)), value)
             self.assertEqual(cbor2hex(value), data)
         except Exception:
             print('\nERROR in test vector, %s' % data)
             raise
Example #3
0
    def test_get_info(self, ):
        with Test("Get info"):
            info = self.ctap.get_info()
            print("data:", bytes(info))
            print("decoded:", cbor.decode_from(bytes(info)))

        with Test("Check FIDO2 string is in VERSIONS field"):
            assert "FIDO_2_0" in info.versions

        with Test("Check pin protocols field"):
            if len(info.pin_protocols):
                assert sum(info.pin_protocols) > 0

        with Test("Check options field"):
            for x in info.options:
                assert info.options[x] in [True, False]

        if "uv" in info.options:
            if info.options["uv"]:
                self.testMC(
                    "Send MC request with uv set to true, expect SUCCESS",
                    cdh,
                    rp,
                    user,
                    key_params,
                    other={"options": {
                        "uv": True
                    }},
                    expectedError=CtapError.ERR.SUCCESS,
                )
        if "up" in info.options:
            if info.options["up"]:
                self.testMC(
                    "Send MC request with up set to true, expect INVALID_OPTION",
                    cdh,
                    rp,
                    user,
                    key_params,
                    other={"options": {
                        "up": True
                    }},
                    expectedError=CtapError.ERR.INVALID_OPTION,
                )
Example #4
0
def TestCborKeysSorted(cbor_obj):
    # Cbor canonical ordering of keys.
    # https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#ctap2-canonical-cbor-encoding-form

    if isinstance(cbor_obj, bytes):
        cbor_obj = cbor.decode_from(cbor_obj)[0]

    if isinstance(cbor_obj, dict):
        l = [x for x in cbor_obj]
    else:
        l = cbor_obj

    l_sorted = sorted(l[:], key=cmp_to_key(cmp_cbor_keys))

    for i in range(len(l)):

        if not isinstance(l[i], (str, int)):
            raise ValueError(f"Cbor map key {l[i]} must be int or str for CTAP2")

        if l[i] != l_sorted[i]:
            raise ValueError(f"Cbor map item {i}: {l[i]} is out of order")

    return l