def data(self): """Return a SignRequest.""" return SignRequest( version=VERSION, challenge=websafe_encode(self.challenge), keyHandle=websafe_encode(self.binding.key_handle), appId=self.binding.app_id )
def start_authenticate(device, challenge=None): device = DeviceRegistration.wrap(device) if challenge is None: challenge = rand_bytes(32) return SignRequest(version=VERSION, appId=device.appId, keyHandle=device.keyHandle, challenge=websafe_encode(challenge))
def verify_authenticate(device, request, response, valid_facets=None): device = DeviceRegistration.wrap(device) request = SignRequest.wrap(request) response = SignResponse.wrap(response) _validate_client_data(response.clientData, request.challenge, "navigator.id.getAssertion", valid_facets) raw_response = RawAuthenticationResponse(device.appParam, response.clientParam, response.signatureData) raw_response.verify_signature(websafe_decode(device.publicKey)) return raw_response.counter_int, raw_response.user_presence
def getAssertion(self, request, facet="https://www.example.com"): """ signData = { 'version': "U2F_V2", 'challenge': websafe_encode(self.challenge), 'appId': self.binding.app_id, 'keyHandle': websafe_encode(self.binding.key_handle), } """ if not isinstance(request, SignRequest): request = SignRequest(request) if request.version != "U2F_V2": raise ValueError("Unsupported U2F version: %s" % request.version) key_handle = websafe_decode(request.keyHandle) if key_handle not in self.keys: raise ValueError("Unknown key handle!") # Client data client_data = ClientData( typ="navigator.id.getAssertion", challenge=request['challenge'], origin=facet ) client_data = client_data.json.encode('utf-8') client_param = sha_256(client_data) # Unwrap: priv_key, app_param = self.keys[key_handle] # Increment counter self.counter += 1 # Create signature touch = int2byte(1) counter = struct.pack('>I', self.counter) data = app_param + touch + counter + client_param signer = priv_key.signer(ec.ECDSA(hashes.SHA256())) signer.update(data) signature = signer.finalize() raw_response = touch + counter + signature return SignResponse( clientData=websafe_encode(client_data), signatureData=websafe_encode(raw_response), keyHandle=request.keyHandle )
def verify_authenticate(device, request, response, valid_facets=None): device = DeviceRegistration.wrap(device) request = SignRequest.wrap(request) response = SignResponse.wrap(response) _validate_client_data(response.clientData, request.challenge, "navigator.id.getAssertion", valid_facets) raw_response = RawAuthenticationResponse( device.appParam, response.clientParam, response.signatureData ) raw_response.verify_signature(websafe_decode(device.publicKey)) return raw_response.counter_int, raw_response.user_presence
def getAssertion(self, request, facet="https://www.example.com", touch=False): """ signData = { 'version': "U2F_V2", 'challenge': websafe_encode(self.challenge), 'appId': self.binding.app_id, 'keyHandle': websafe_encode(self.binding.key_handle), } """ if not isinstance(request, SignRequest): request = SignRequest(request) if request.version != "U2F_V2": raise ValueError("Unsupported U2F version: %s" % request.version) key_handle = websafe_decode(request.keyHandle) if key_handle not in self.keys: raise ValueError("Unknown key handle!") # Client data client_data = ClientData(typ="navigator.id.getAssertion", challenge=request['challenge'], origin=facet) client_data = client_data.json client_param = H(client_data) # Unwrap: privu, app_param = self.keys[key_handle] # Increment counter self.counter += 1 # Create signature touch = chr(1 if touch else 0) counter = struct.pack('>I', self.counter) digest = H(app_param + touch + counter + client_param) signature = privu.sign_dsa_asn1(digest) raw_response = touch + counter + signature return SignResponse(clientData=websafe_encode(client_data), signatureData=websafe_encode(raw_response), keyHandle=request.keyHandle)
def test_challenge(self): req = SignRequest(challenge='Zm9vYmFy') self.assertEqual('foobar', req.challenge)
def test_appParam(self): req = SignRequest(appId='https://example.com') self.assertEqual('\x10\x06\x80\xadTl\xe6\xa5w\xf4/R\xdf3\xb4\xcf' '\xdc\xa7V\x85\x9efK\x8d}\xe3)\xb1P\xd0\x9c\xe9', req.appParam)
def authenticateRequests(self): return [SignRequest(x) for x in self['authenticateRequests']]