def make_credential(self, client_data_hash, rp, user, key_params, options, pin_auth, pin_protocol): """Enroll a new security key using CTAP version 2""" # pylint: disable=unused-argument alg = key_params[0]['alg'] if self.dev.error == 'err': raise CtapError(CtapError.ERR.INVALID_CREDENTIAL) elif self.dev.error == 'pinreq': raise CtapError(CtapError.ERR.PIN_REQUIRED) elif self.dev.error == 'badpin': raise CtapError(CtapError.ERR.PIN_INVALID) public_key, key_handle = self._enroll(alg) cdata = _CredentialData(alg, public_key, key_handle) if options.get('rk'): cred_mgmt = CredentialManagement(self) cred_mgmt.add_resident_key(user['name'], cdata) return _Credential(_CredentialAuthData(cdata))
def __init__(self, ctap, pin_protocol=None, pin_token=None): # pylint: disable=unused-argument self.dev = ctap.dev if self.dev.error == 'err': raise CtapError(CtapError.ERR.INVALID_CREDENTIAL) elif self.dev.error == 'nocred': raise CtapError(CtapError.ERR.NO_CREDENTIALS) elif self.dev.error == 'nopin': raise CtapError(CtapError.ERR.PIN_NOT_SET) elif self.dev.error == 'badpin': raise CtapError(CtapError.ERR.PIN_INVALID)
def get_assertions(self, application, message_hash, allow_creds, options): """Sign a message with a security key using CTAP version 2""" app_hash = sha256(application.encode()).digest() key_handle = allow_creds[0]['id'] flags = SSH_SK_USER_PRESENCE_REQD if options['up'] else 0 if self.dev.error == 'nocred': raise CtapError(CtapError.ERR.NO_CREDENTIALS) elif self.dev.error == 'err': raise CtapError(CtapError.ERR.INVALID_CREDENTIAL) flags, counter, sig = self._sign(message_hash, app_hash, key_handle, flags) return [_Assertion(_AuthData(flags, counter), sig)]