def test_RS256_parse_verify(self):
key = CoseKey.parse(cbor.decode(_RS256_KEY))
self.assertIsInstance(key, RS256)
self.assertEqual(
key,
{
1:
3,
3:
-257,
-1:
a2b_hex(
b'B610DCE84B65029FAE24F7BF8A1730D37BC91435642A628E691E9B030BF3F7CEC59FF91CBE82C54DE16C136FA4FA8A58939B5A950B32E03073592FEC8D8B33601C04F70E5E2D5CF7B4E805E1990EA5A86928A1B390EB9026527933ACC03E6E41DC0BE40AA5EB7B9B460743E4DD80895A758FB3F3F794E5E9B8310D3A60C28F2410D95CF6E732749A243A30475267628B456DE770BC2185BBED1D451ECB0062A3D132C0E4D842E0DDF93A444A3EE33A85C2E913156361713155F1F1DC64E8E68ED176466553BBDE669EB82810B104CB4407D32AE6316C3BD6F382EC3AE2C5FD49304986D64D92ED11C25B6C5CF1287233545A987E9A3E169F99790603DBA5C8AD'
), # noqa
-2:
a2b_hex(b'010001') # noqa
})
key.verify(
a2b_hex(
b'0021F5FC0B85CD22E60623BCD7D1CA48948909249B4776EB515154E57B66AE12010000002E'
+ # noqa
b'CC9340FD84950987BA667DBE9B2C97C7241E15E2B54869A0DD1CE2013C4064B8'
), # noqa
a2b_hex(
b'071B707D11F0E7F62861DFACA89C4E674321AD8A6E329FDD40C7D6971348FBB0514E7B2B0EFE215BAAC0365C4124A808F8180D6575B710E7C01DAE8F052D0C5A2CE82F487C656E7AD824F3D699BE389ADDDE2CBF39E87A8955E93202BAE8830AB4139A7688DFDAD849F1BB689F3852BA05BED70897553CC44704F6941FD1467AD6A46B4DAB503716D386FE7B398E78E0A5A8C4040539D2C9BFA37E4D94F96091FFD1D194DE2CA58E9124A39757F013801421E09BD261ADA31992A8B0386A80AF51A87BD0CEE8FDAB0D4651477670D4C7B245489BED30A57B83964DB79418D5A4F5F2E5ABCA274426C9F90B007A962AE15DFF7343AF9E110746E2DB9226D785C6'
) # noqa
)
def test_EdDSA_parse_verify(self):
key = CoseKey.parse(cbor.decode(_EdDSA_KEY))
self.assertIsInstance(key, EdDSA)
self.assertEqual(
key,
{
1:
1,
3:
-8,
-1:
6,
-2:
a2b_hex(
'EE9B21803405D3CF45601E58B6F4C06EA93862DE87D3AF903C5870A5016E86F5'
) # noqa
})
key.verify(
a2b_hex(
b'a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947010000000500a11a323057d1103784ddff99a354ddd42348c2f00e88d8977b916cabf92268'
), # noqa
a2b_hex(
b'e8c927ef1a57c738ff4ba8d6f90e06d837a5219eee47991f96b126b0685d512520c9c2eedebe4b88ff2de2b19cb5f8686efc7c4261e9ed1cb3ac5de50869be0a'
) # noqa
)
def test_ES256_parse_verify(self):
key = CoseKey.parse(cbor.decode(_ES256_KEY))
self.assertIsInstance(key, ES256)
self.assertEqual(
key,
{
1:
2,
3:
-7,
-1:
1,
-2:
a2b_hex(
b'A5FD5CE1B1C458C530A54FA61B31BF6B04BE8B97AFDE54DD8CBB69275A8A1BE1'
), # noqa
-3:
a2b_hex(
b'FA3A3231DD9DEED9D1897BE5A6228C59501E4BCD12975D3DFF730F01278EA61C'
) # noqa
})
key.verify(
a2b_hex(
b'0021F5FC0B85CD22E60623BCD7D1CA48948909249B4776EB515154E57B66AE12010000002C'
+ # noqa
b'7B89F12A9088B0F5EE0EF8F6718BCCC374249C31AEEBAEB79BD0450132CD536C'
), # noqa
a2b_hex(
b'304402202B3933FE954A2D29DE691901EB732535393D4859AAA80D58B08741598109516D0220236FBE6B52326C0A6B1CFDC6BF0A35BDA92A6C2E41E40C3A1643428D820941E0'
) # noqa
)
def _get_user_credentials(self, user_id):
"""
Get all credentials associated with a user in the current mode from the
database
:param user_id: The id of the user
:return: List of AttestedCredentialData
"""
if not user_id:
return []
cursor = self._db_connection.cursor()
sql_command = """
SELECT credential_id, aaguid, public_key
FROM credentials
WHERE user_id=(?) AND mode=(?)
"""
cursor.execute(sql_command, (user_id, int(self.mode)))
results = cursor.fetchall()
cursor.close()
credentials = []
if results and len(results) > 0:
for result in results:
credential_id = result[0]
aaguid = result[1]
public_key = CoseKey.parse(loads(result[2])[0])
credential = AttestedCredentialData.create(
aaguid, credential_id, public_key)
credentials.append(credential)
return credentials
def test_EdDSA_parse_verify(self):
if LooseVersion(cryptography_version) < LooseVersion("2.6"):
self.skipTest("EdDSA support missing")
key = CoseKey.parse(cbor.decode(_EdDSA_KEY))
self.assertIsInstance(key, EdDSA)
self.assertEqual(
key,
{
1:
1,
3:
-8,
-1:
6,
-2:
a2b_hex(
"EE9B21803405D3CF45601E58B6F4C06EA93862DE87D3AF903C5870A5016E86F5"
),
},
)
key.verify(
a2b_hex(
b"a379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce1947010000000500a11a323057d1103784ddff99a354ddd42348c2f00e88d8977b916cabf92268" # noqa E501
),
a2b_hex(
b"e8c927ef1a57c738ff4ba8d6f90e06d837a5219eee47991f96b126b0685d512520c9c2eedebe4b88ff2de2b19cb5f8686efc7c4261e9ed1cb3ac5de50869be0a" # noqa E501
),
)
def credentials(cls, user):
u2f_devices = cls.objects.filter(user=user, confirmed=True)
return [
AttestedCredentialData.create(
aaguid=websafe_decode(d.aaguid),
credential_id=websafe_decode(d.credential_id),
public_key=CoseKey.parse(
cbor.decode(websafe_decode(d.public_key))))
for d in u2f_devices
]
def test_unsupported_key(self):
key = CoseKey.parse({1: 4711, 3: 4712, -1: b'123', -2: b'456'})
self.assertIsInstance(key, UnsupportedKey)
self.assertEqual(key, {1: 4711, 3: 4712, -1: b'123', -2: b'456'})
# data = b'this is some data Id like to sign'
# print(b2a_hex(data))
data2 = b'0021F5FC0B85CD22E60623BCD7D1CA48948909249B4776EB515154E57B66AE12010000002C' + b'7B89F12A9088B0F5EE0EF8F6718BCCC374249C31AEEBAEB79BD0450132CD536C'
signature = private_key.sign(data2, ec.ECDSA(hashes.SHA256()))
print(signature)
public_key.verify(signature, data2, ec.ECDSA(hashes.SHA256()))
cose_public_key = ES256.from_cryptography_key(public_key)
cose_public_key.verify(data2, signature)
#compre to test pubK
from fido2 import cbor
_ES256_KEY = a2b_hex(
b'A5010203262001215820A5FD5CE1B1C458C530A54FA61B31BF6B04BE8B97AFDE54DD8CBB69275A8A1BE1225820FA3A3231DD9DEED9D1897BE5A6228C59501E4BCD12975D3DFF730F01278EA61C'
) # noqa
key = CoseKey.parse(cbor.loads(_ES256_KEY)[0])
key.verify(
a2b_hex(
b'0021F5FC0B85CD22E60623BCD7D1CA48948909249B4776EB515154E57B66AE12010000002C'
+ # noqa
b'7B89F12A9088B0F5EE0EF8F6718BCCC374249C31AEEBAEB79BD0450132CD536C'
), # noqa
a2b_hex(
b'304402202B3933FE954A2D29DE691901EB732535393D4859AAA80D58B08741598109516D0220236FBE6B52326C0A6B1CFDC6BF0A35BDA92A6C2E41E40C3A1643428D820941E0'
) # noqa
)
print()
print(
b'a5010203262001215820643566c206dd00227005fa5de69320616ca268043a38f08bde2e9dc45a5cafaf225820171353b2932434703726aae579fa6542432861fe591e481ea22d63997e1a5290'
)
print(b2a_hex(cbor.dumps(cose_public_key)))