def complete_register(request_data, response, valid_facets=None): request_data = RegisterRequestData.wrap(request_data) response = RegisterResponse.wrap(response) return u2f_v2.complete_register(request_data.getRegisterRequest(response), response, valid_facets)
def bind(self, response): """ Complete registration, returning a U2FBinding. registrationResponse = { "registrationData": string, //b64 encoded raw registration response "clientData": string, //b64 encoded JSON of ClientData } """ if not isinstance(response, RegisterResponse): response = RegisterResponse(response) self._validate_client_data(response.clientData) raw_response = RawRegistrationResponse( self.app_param, response.clientParam, websafe_decode(response['registrationData']) ) raw_response.verify_csr_signature() # TODO: Validate the certificate as well return U2FBinding(self.app_id, self.facets, raw_response)
def register(self, request, facet="https://www.example.com"): """ RegisterRequest = { "version": "U2F_V2", "challenge": string, //b64 encoded challenge "appId": string, //app_id } """ if not isinstance(request, RegisterRequest): request = RegisterRequest(request) if request.version != "U2F_V2": raise ValueError("Unsupported U2F version: %s" % request.version) # Client data client_data = ClientData(typ='navigator.id.finishEnrollment', challenge=request['challenge'], origin=facet) client_data = client_data.json.encode('utf-8') client_param = sha_256(client_data) # ECC key generation priv_key = ec.generate_private_key(CURVE, default_backend()) pub_key = priv_key.public_key().public_bytes( Encoding.DER, PublicFormat.SubjectPublicKeyInfo) pub_key = pub_key[-65:] # Store key_handle = rand_bytes(64) app_param = request.appParam self.keys[key_handle] = (priv_key, app_param) # Attestation signature cert_priv = load_pem_private_key(CERT_PRIV, password=None, backend=default_backend()) cert = CERT data = b'\x00' + app_param + client_param + key_handle + pub_key signer = cert_priv.signer(ec.ECDSA(hashes.SHA256())) signer.update(data) signature = signer.finalize() raw_response = (b'\x05' + pub_key + int2byte(len(key_handle)) + key_handle + cert + signature) return RegisterResponse( registrationData=websafe_encode(raw_response), clientData=websafe_encode(client_data), )
def register(self, request, facet="https://www.example.com"): """ RegisterRequest = { "version": "U2F_V2", "challenge": string, //b64 encoded challenge "appId": string, //app_id } """ if not isinstance(request, RegisterRequest): request = RegisterRequest(request) if request.version != "U2F_V2": raise ValueError("Unsupported U2F version: %s" % request.version) # Client data client_data = ClientData(typ='navigator.id.finishEnrollment', challenge=request['challenge'], origin=facet) client_data = client_data.json client_param = H(client_data) # ECC key generation privu = EC.gen_params(CURVE) privu.gen_key() pub_key = str(privu.pub().get_der())[-65:] # Store key_handle = rand_bytes(64) app_param = request.appParam self.keys[key_handle] = (privu, app_param) # Attestation signature cert_priv = EC.load_key_bio(BIO.MemoryBuffer(CERT_PRIV)) cert = CERT digest = H(chr(0x00) + app_param + client_param + key_handle + pub_key) signature = cert_priv.sign_dsa_asn1(digest) raw_response = chr(0x05) + pub_key + chr(len(key_handle)) + \ key_handle + cert + signature return RegisterResponse( registrationData=websafe_encode(raw_response), clientData=websafe_encode(client_data), )
def complete_register(request, response, valid_facets=None): request = RegisterRequest.wrap(request) response = RegisterResponse.wrap(response) _validate_client_data(response.clientData, request.challenge, "navigator.id.finishEnrollment", valid_facets) raw_response = RawRegistrationResponse(request.appParam, response.clientParam, response.registrationData) raw_response.verify_csr_signature() return DeviceRegistration( appId=request.appId, keyHandle=websafe_encode(raw_response.key_handle), publicKey=websafe_encode( raw_response.pub_key)), raw_response.certificate
def complete_register(request, response, valid_facets=None): request = RegisterRequest.wrap(request) response = RegisterResponse.wrap(response) _validate_client_data(response.clientData, request.challenge, "navigator.id.finishEnrollment", valid_facets) raw_response = RawRegistrationResponse( request.appParam, response.clientParam, response.registrationData ) raw_response.verify_csr_signature() return DeviceRegistration( appId=request.appId, keyHandle=websafe_encode(raw_response.key_handle), publicKey=websafe_encode(raw_response.pub_key) ), raw_response.certificate
def test_clientParam(self): obj = RegisterResponse(clientData='eyJhIjoxfQ') self.assertEqual("\x01Z\xbd\x7f\\\xc5z-\xd9Ku\x90\xf0J\xd8\x08" "Bs\x90^\xe3>\xc5\xce\xbe\xaeb'j\x97\xf8b", obj.clientParam)
def test_clientData(self): obj = RegisterResponse(clientData='eyJhIjoxfQ') self.assertEqual({'a': 1}, obj.clientData) self.assertTrue(isinstance(obj.clientData, ClientData))
def registerResponse(self): return RegisterResponse(self['registerResponse'])