CNSA-276-FP/tet.py

from fido2.server import Fido2Server
from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
                            PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions)
from fido2.client import Fido2Client
from fido2.hid import CtapHidDevice
import os

# Setup the relying party (RP) entity
rp = PublicKeyCredentialRpEntity("eggtech.net", "test")

# Setup the user entity
user = PublicKeyCredentialUserEntity(
    id=b'91974',  # User ID as bytes
    name="cyrus@eggtech.net",
    display_name="Cyrus Schick"
)

# Define the public key credential parameters
cred_params = [
    PublicKeyCredentialParameters("public-key", -7),  # ES256
    PublicKeyCredentialParameters("public-key", -257)  # RS256
]

# FIDO2 Server setup
server = Fido2Server(rp)

# Generate a random challenge
challenge = os.urandom(32)

# Manually create the PublicKeyCredentialCreationOptions
options = PublicKeyCredentialCreationOptions(
    rp=rp,
    user=user,
    challenge=challenge,
    pub_key_cred_params=cred_params
)

# Start the registration process (adjust this method if needed)
registration_data, state = server.register_begin(
    user=user,
    challenge=challenge
)

# Assuming the device is the first one connected
device = next(CtapHidDevice.list_devices(), None)
if device is None:
    raise ValueError("No FIDO device found")

# Client instance for the device
client = Fido2Client(device, "eggtech.net")

# Use the manual options we created for make_credential
attestation_object, client_data = client.make_credential(options)

# Finalize the registration to validate the response and store the credentials
auth_data = server.register_complete(state, client_data, attestation_object)