def test_00_sign_check(self): # Test the low level functions # Values taken from # https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-raw-message-formats.html#authentication-example pass privkey = "ffa1e110dde5a2f8d93c4df71e2d4337b7bf5ddb60c75dc2b6b81433b54dd3c0" pubkey = "04d368f1b665bade3c33a20f1e429c7750d5033660c019119d29aa4ba7abc04aa7c80a46bbe11ca8cb5674d74f31f8a903f6bad105fb6ab74aefef4db8b0025e1d" app_id = "https://gstatic.com/securitykey/a/example.com" client_data = '{"typ":"navigator.id.getAssertion","challenge":"opsXqUifDriAAmWclinfbS0e-USY0CgyJHe_Otd7z8o","cid_pubkey":{"kty":"EC","crv":"P-256","x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8","y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},"origin":"http://example.com"}' counter = 1 signature = sign_challenge(privkey, app_id, client_data, counter) r = check_response(pubkey, app_id, client_data, signature, counter) self.assertEqual(r, 1)
def test_02_validate(self): # assign token to user r = assign_token(self.serial, User("cornelius", self.realm1), pin="u2f") self.assertEqual(r, True) # Issue challenge with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******" + self.realm1, "pass": "******" }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("value"), False) transaction_id = detail.get("transaction_id") self.assertEqual(len(transaction_id), len('01350277175811850842')) self.assertTrue( "Please confirm with your U2F token" in detail.get("message"), detail.get("message")) attributes = detail.get("attributes") u2f_sign_request = attributes.get("u2fSignRequest") self.assertTrue("appId" in u2f_sign_request) app_id = u2f_sign_request.get("appId") self.assertTrue("challenge" in u2f_sign_request) challenge = u2f_sign_request.get("challenge") self.assertTrue("keyHandle" in u2f_sign_request) key_handle = u2f_sign_request.get("keyHandle") self.assertEqual(u2f_sign_request.get("version"), "U2F_V2") # private key from the registration example privkey = "9a9684b127c5e3a706d618c86401c7cf6fd827fd0bc18d24b0eb842e36d16df1" counter = 1 client_data = '{"typ":"navigator.id.getAssertion",' \ '"challenge":"%s","cid_pubkey":{"kty":"EC",' \ '"crv":"P-256",' \ '"x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8",' \ '"y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},' \ '"origin":"%s"}' % (challenge, app_id) signature_hex = sign_challenge(privkey, app_id, client_data, counter) signature_data_hex = "0100000001" + signature_hex signature_data_url = url_encode(binascii.unhexlify(signature_data_hex)) client_data_url = url_encode(client_data) # Send the response. Unfortunately it does not fit to the # registration, so we create a BadSignatureError with self.app.test_request_context('/validate/check', method='POST', data={ "user": "******", "realm": self.realm1, "pass": "", "transaction_id": transaction_id, "clientdata": client_data_url, "signaturedata": signature_data_url }): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("status"), True) self.assertEqual(result.get("value"), False)
def test_02_validate(self): # assign token to user r = assign_token(self.serial, User("cornelius", self.realm1), pin="u2f") self.assertEqual(r, True) # Issue challenge with self.app.test_request_context('/validate/check', method='POST', data={"user": "******"+self.realm1, "pass": "******"}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("value"), False) transaction_id = detail.get("transaction_id") self.assertEqual(len(transaction_id), len('01350277175811850842')) self.assertTrue("Please confirm with your U2F token" in detail.get("message"), detail.get("message")) attributes = detail.get("attributes") u2f_sign_request = attributes.get("u2fSignRequest") self.assertTrue("appId" in u2f_sign_request) app_id = u2f_sign_request.get("appId") self.assertTrue("challenge" in u2f_sign_request) challenge = u2f_sign_request.get("challenge") self.assertTrue("keyHandle" in u2f_sign_request) key_handle = u2f_sign_request.get("keyHandle") self.assertEqual(u2f_sign_request.get("version"), "U2F_V2") # private key from the registration example privkey = "9a9684b127c5e3a706d618c86401c7cf6fd827fd0bc18d24b0eb842e36d16df1" counter = 1 client_data = '{"typ":"navigator.id.getAssertion",' \ '"challenge":"%s","cid_pubkey":{"kty":"EC",' \ '"crv":"P-256",' \ '"x":"HzQwlfXX7Q4S5MtCCnZUNBw3RMzPO9tOyWjBqRl4tJ8",' \ '"y":"XVguGFLIZx1fXg3wNqfdbn75hi4-_7-BxhMljw42Ht4"},' \ '"origin":"%s"}' % (challenge, app_id) signature_hex = sign_challenge(privkey, app_id, client_data, counter) signature_data_hex = "0100000001" + signature_hex signature_data_url = url_encode(binascii.unhexlify(signature_data_hex)) client_data_url = url_encode(client_data) # Send the response. Unfortunately it does not fit to the # registration, so we create a BadSignatureError with self.app.test_request_context('/validate/check', method='POST', data={"user": "******", "realm": self.realm1, "pass": "", "transaction_id": transaction_id, "clientdata": client_data_url, "signaturedata": signature_data_url}): res = self.app.full_dispatch_request() self.assertEqual(res.status_code, 200) result = json.loads(res.data).get("result") detail = json.loads(res.data).get("detail") self.assertEqual(result.get("status"), True) self.assertEqual(result.get("value"), False)