def make_auth_request(keyhandle): return dict( version = 'U2F_V2', challenge = websafe_encode(os.urandom(32)), appId = OUR_APPID, keyHandle = websafe_encode(keyhandle) )
def do_enroll(): devs = u2f.list_devices() req = make_reg_request() result = register.register(devs, req, OUR_APPID) # check client data from token clientData = json.loads(websafe_decode(result['clientData'])) assert clientData['origin'] == OUR_APPID assert clientData['challenge'] == req['challenge'] assert clientData['typ'] == 'navigator.id.finishEnrollment' # check registration data regData = decode_reg_response(websafe_decode(result['registrationData'])) salt = os.urandom(32) with open('data.json', 'w') as f: db = dict( hkey = websafe_encode(H(regData.pubkey)), keyhandle = websafe_encode(regData.keyhandle), salt = websafe_encode(salt) ) json.dump(db, f) print 'written data to', f.name key = hashlib.pbkdf2_hmac('sha256', regData.pubkey + SOME_PASSWORD, salt, SOME_ITERATIONS) print 'secret is', key.encode('hex')
def do_enroll(): devs = u2f.list_devices() req = make_reg_request() result = register.register(devs, req, OUR_APPID) # check client data from token clientData = json.loads(websafe_decode(result['clientData'])) assert clientData['origin'] == OUR_APPID assert clientData['challenge'] == req['challenge'] assert clientData['typ'] == 'navigator.id.finishEnrollment' # check registration data regData = decode_reg_response(websafe_decode(result['registrationData'])) salt = os.urandom(32) with open('data.json', 'w') as f: db = dict(hkey=websafe_encode(H(regData.pubkey)), keyhandle=websafe_encode(regData.keyhandle), salt=websafe_encode(salt)) json.dump(db, f) print 'written data to', f.name key = hashlib.pbkdf2_hmac('sha256', regData.pubkey + SOME_PASSWORD, salt, SOME_ITERATIONS) print 'secret is', key.encode('hex')
def authenticate(device, data, facet, check_only=False): """ Signs an authentication challenge data = { 'version': "U2F_V2", 'challenge': websafe_encode(self.challenge), 'appId': self.binding.app_id, 'keyHandle': websafe_encode(self.binding.key_handle) } """ if isinstance(data, basestring): data = json.loads(data) if data['version'] != VERSION: raise ValueError('Unsupported U2F version: %s' % data['version']) app_id = data.get('appId', facet) verify_facet(app_id, facet) app_param = H(app_id) key_handle = websafe_decode(data['keyHandle']) # Client data client_data = { 'typ': 'navigator.id.getAssertion', 'challenge': data['challenge'], 'origin': facet } client_data = json.dumps(client_data) client_param = H(client_data) request = client_param + app_param + chr( len(key_handle)) + key_handle p1 = 0x07 if check_only else 0x03 p2 = 0 response = device.send_apdu(INS_SIGN, p1, p2, request) return { 'clientData': websafe_encode(client_data), 'signatureData': websafe_encode(response), 'keyHandle': data['keyHandle'] }
def authenticate(device, data, facet, check_only=False): """ Signs an authentication challenge data = { 'version': "U2F_V2", 'challenge': websafe_encode(self.challenge), 'appId': self.binding.app_id, 'keyHandle': websafe_encode(self.binding.key_handle) } """ if isinstance(data, basestring): data = json.loads(data) if data['version'] != VERSION: raise ValueError('Unsupported U2F version: %s' % data['version']) app_id = data.get('appId', facet) verify_facet(app_id, facet) app_param = H(app_id) key_handle = websafe_decode(data['keyHandle']) # Client data client_data = { 'typ': 'navigator.id.getAssertion', 'challenge': data['challenge'], 'origin': facet } client_data = json.dumps(client_data) client_param = H(client_data) request = client_param + app_param + chr(len(key_handle)) + key_handle p1 = 0x07 if check_only else 0x03 p2 = 0 response = device.send_apdu(INS_SIGN, p1, p2, request) return { 'clientData': websafe_encode(client_data), 'signatureData': websafe_encode(response), 'keyHandle': data['keyHandle'] }
def test_websafe_encode(self): self.assertEqual(websafe_encode(''), '') self.assertEqual(websafe_encode('f'), 'Zg') self.assertEqual(websafe_encode('fo'), 'Zm8') self.assertEqual(websafe_encode('foo'), 'Zm9v') self.assertEqual(websafe_encode('foob'), 'Zm9vYg') self.assertEqual(websafe_encode('fooba'), 'Zm9vYmE') self.assertEqual(websafe_encode('foobar'), 'Zm9vYmFy')
def test_websafe_encode(self): self.assertEqual(websafe_encode(b''), u'') self.assertEqual(websafe_encode(b'f'), u'Zg') self.assertEqual(websafe_encode(b'fo'), u'Zm8') self.assertEqual(websafe_encode(b'foo'), u'Zm9v') self.assertEqual(websafe_encode(b'foob'), u'Zm9vYg') self.assertEqual(websafe_encode(b'fooba'), u'Zm9vYmE') self.assertEqual(websafe_encode(b'foobar'), u'Zm9vYmFy')
def register(device, data, facet): """ Register a U2F device data = { "version": "U2F_V2", "challenge": string, //b64 encoded challenge "appId": string, //app_id } """ if isinstance(data, basestring): data = json.loads(data) if data['version'] != VERSION: raise ValueError('Unsupported U2F version: %s' % data['version']) app_id = data.get('appId', facet) verify_facet(app_id, facet) app_param = H(app_id) client_data = { 'typ': 'navigator.id.finishEnrollment', 'challenge': data['challenge'], 'origin': facet } client_data = json.dumps(client_data) client_param = H(client_data) request = client_param + app_param p1 = 0x03 p2 = 0 response = device.send_apdu(INS_ENROLL, p1, p2, request) return { 'registrationData': websafe_encode(response), 'clientData': websafe_encode(client_data) }
def make_reg_request(): return dict( challenge = websafe_encode(os.urandom(32)), version = 'U2F_V2', appId = OUR_APPID )
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. from u2flib_host.constants import INS_ENROLL, INS_SIGN, APDU_USE_NOT_SATISFIED from u2flib_host.utils import websafe_decode, websafe_encode from u2flib_host.exc import APDUError from u2flib_host import u2f_v2 import unittest import json VERSION = 'U2F_V2' FACET = 'https://example.com' CHALLENGE = 'challenge' KEY_HANDLE = websafe_encode(b'\0' * 64) REG_DATA = json.dumps({ 'version': VERSION, 'challenge': CHALLENGE, 'appId': FACET }) AUTH_DATA = json.dumps({ 'version': VERSION, 'challenge': CHALLENGE, 'appId': FACET, 'keyHandle': KEY_HANDLE }) DUMMY_RESP = b'a_dummy_response'
import os import tempfile import unittest import json from u2flib_host.utils import websafe_encode from u2flib_host.soft import SoftU2FDevice from u2flib_host.register import register from u2flib_host.authenticate import authenticate VERSION = 'U2F_V2' FACET = 'https://example.com' CHALLENGE = 'challenge' KEY_HANDLE = websafe_encode(b'\0' * 64) REG_DATA = json.dumps({ 'version': VERSION, 'challenge': CHALLENGE, 'appId': FACET }) AUTH_DATA = json.dumps({ 'version': VERSION, 'challenge': CHALLENGE, 'appId': FACET, 'keyHandle': KEY_HANDLE })
def make_auth_request(keyhandle): return dict(version='U2F_V2', challenge=websafe_encode(os.urandom(32)), appId=OUR_APPID, keyHandle=websafe_encode(keyhandle))
def make_reg_request(): return dict(challenge=websafe_encode(os.urandom(32)), version='U2F_V2', appId=OUR_APPID)
def test_websafe_encode_unicode(self): self.assertEqual(websafe_encode(u''), u'') self.assertEqual(websafe_encode(u'foobar'), u'Zm9vYmFy')