From 6f0003557ca7c6714cc18310685510196f63477f Mon Sep 17 00:00:00 2001 From: caschick221 Date: Thu, 2 May 2024 14:43:34 -0400 Subject: [PATCH] removed other files --- credblobex.py | 144 ------------------------------------ credentailsex.py => main.py | 0 test2.py | 84 --------------------- tet.py | 56 -------------- tryme.py | 38 ---------- u2fClient.py | 46 ------------ u2fServer.py | 0 working build.py | 142 ----------------------------------- 8 files changed, 510 deletions(-) delete mode 100644 credblobex.py rename credentailsex.py => main.py (100%) delete mode 100644 test2.py delete mode 100644 tet.py delete mode 100644 tryme.py delete mode 100644 u2fClient.py delete mode 100644 u2fServer.py delete mode 100644 working build.py diff --git a/credblobex.py b/credblobex.py deleted file mode 100644 index d6e7df9..0000000 --- a/credblobex.py +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright (c) 2018 Yubico AB -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials provided -# with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -""" -Connects to the first FIDO device found (starts from USB, then looks into NFC), -creates a new credential for it, and authenticates the credential. -This works with both FIDO 2.0 devices as well as with U2F devices. -On Windows, the native WebAuthn API will be used. -""" -from fido2.hid import CtapHidDevice -from fido2.client import Fido2Client, WindowsClient, UserInteraction -from fido2.server import Fido2Server -from getpass import getpass -import sys -import ctypes - -try: - from fido2.pcsc import CtapPcscDevice -except ImportError: - CtapPcscDevice = None - - -def enumerate_devices(): - for dev in CtapHidDevice.list_devices(): - yield dev - if CtapPcscDevice: - for dev in CtapPcscDevice.list_devices(): - yield dev - - -# Handle user interaction -class CliInteraction(UserInteraction): - def prompt_up(self): - print("\nTouch your authenticator device now...\n") - - def request_pin(self, permissions, rd_id): - return getpass("Enter PIN: ") - - def request_uv(self, permissions, rd_id): - print("User Verification required.") - return True - - -uv = "discouraged" - -if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): - # Use the Windows WebAuthn API if available, and we're not running as admin - client = WindowsClient("https://example.com") -else: - # Locate a device - for dev in enumerate_devices(): - client = Fido2Client( - dev, "https://example.com", user_interaction=CliInteraction() - ) - if client.info.options.get("rk"): - break - else: - print("No Authenticator with support for resident key found!") - sys.exit(1) - - # Prefer UV if supported - if client.info.options.get("uv"): - uv = "preferred" - print("Authenticator supports User Verification") - - -server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") - -user = {"id": b"user_id", "name": "A. User"} - -# Prepare parameters for makeCredential -create_options, state = server.register_begin( - user, - resident_key_requirement="required", - user_verification=uv, - authenticator_attachment="cross-platform", -) - -# Create a credential -result = client.make_credential(create_options["publicKey"]) - - -# Complete registration -auth_data = server.register_complete( - state, result.client_data, result.attestation_object -) -credentials = [auth_data.credential_data] - -print("New credential created!") - -print("CLIENT DATA:", result.client_data) -print("ATTESTATION OBJECT:", result.attestation_object) -print() -print("CREDENTIAL DATA:", auth_data.credential_data) - - -# Prepare parameters for getAssertion -request_options, state = server.authenticate_begin(user_verification=uv) - -# Authenticate the credential -selection = client.get_assertion(request_options["publicKey"]) -result = selection.get_response(0) # There may be multiple responses, get the first. - -print("USER ID:", result.user_handle) - -# Complete authenticator -server.authenticate_complete( - state, - credentials, - result.credential_id, - result.client_data, - result.authenticator_data, - result.signature, -) - -print("Credential authenticated!") - -print("CLIENT DATA:", result.client_data) -print() -print("AUTHENTICATOR DATA:", result.authenticator_data) \ No newline at end of file diff --git a/credentailsex.py b/main.py similarity index 100% rename from credentailsex.py rename to main.py diff --git a/test2.py b/test2.py deleted file mode 100644 index 171a4f3..0000000 --- a/test2.py +++ /dev/null @@ -1,84 +0,0 @@ -from fido2.hid import CtapHidDevice -from fido2.server import Fido2Server -from fido2.webauthn import PublicKeyCredentialRpEntity, UserVerificationRequirement, PublicKeyCredentialUserEntity, \ - PublicKeyCredentialCreationOptions -from fido2.client import Fido2Client -import os - -# Initialize the FIDO2 server -rp = PublicKeyCredentialRpEntity("example.com", "Example Corporation") -server = Fido2Server(rp) - -# User information -user_id = os.urandom(32) -user = PublicKeyCredentialUserEntity("testuser", b"Example Corporation") - -# Create a registration request -registration_data = PublicKeyCredentialCreationOptions(rp, user, os.urandom(32), rp) -state = server.register_begin(user, -challenge=os.urandom(32), -user_verification=UserVerificationRequirement.PREFERRED) -# List FIDO devices -devices = list(CtapHidDevice.list_devices()) -if not devices: - print("No FIDO devices found") - exit(1) - -# Select the first device (you could add logic to choose a device) -device = devices[0] -print("Using device:", device) - -# Simulate client processing and generate a response (normally done in browser) -client = Fido2Client(device, "https://example.com") -attestation_object, client_data = client.make_credential(registration_data) - -# Setup Relying Party -rp = PublicKeyCredentialRpEntity("example.com", name="Example Corporation") -server = Fido2Server(rp) - -# User information -user_id = os.urandom(32) -user = {"id": user_id, "name": "user@example.com", "displayName": "Example User"} - -# Create a registration request -registration_data, state = server.register_begin({ - "id": user_id, - "name": user['name'], - "displayName": user['displayName'] -}, -challenge=os.urandom(32), -user_verification="preferred") - -# Use the client to create a credential -attestation_object, client_data = client.make_credential(registration_data) - - -# Complete registration -authenticator_data = server.register_complete( - state, - client_data, - attestation_object -) - -print("Registration complete") -print("Authenticator data:", authenticator_data.credential_data) - -# Authentication process -auth_data, state = server.authenticate_begin(user_id) - -# Simulate client processing and generate a response -assertion = client.get_assertion(auth_data["publicKey"]) -assertion_response = assertion.get_response(0) - -# Complete authentication -credentials, user_handle = server.authenticate_complete( - state, - auth_data["allowCredentials"], - assertion_response.client_data, - assertion_response.authenticator_data, - assertion_response.signature -) - -print("Authentication complete") -print("User handle:", user_handle) -print("Credentials:", credentials) diff --git a/tet.py b/tet.py deleted file mode 100644 index 4566e8d..0000000 --- a/tet.py +++ /dev/null @@ -1,56 +0,0 @@ -from fido2.server import Fido2Server -from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity, - PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions) -from fido2.client import Fido2Client -from fido2.hid import CtapHidDevice -import os - -# Setup the relying party (RP) entity -rp = PublicKeyCredentialRpEntity("eggtech.net", "test") - -# Setup the user entity -user = PublicKeyCredentialUserEntity( - id=b'91974', # User ID as bytes - name="cyrus@eggtech.net", - display_name="Cyrus Schick" -) - -# Define the public key credential parameters -cred_params = [ - PublicKeyCredentialParameters("public-key", -7), # ES256 - PublicKeyCredentialParameters("public-key", -257) # RS256 -] - -# FIDO2 Server setup -server = Fido2Server(rp) - -# Generate a random challenge -challenge = os.urandom(32) - -# Manually create the PublicKeyCredentialCreationOptions -options = PublicKeyCredentialCreationOptions( - rp=rp, - user=user, - challenge=challenge, - pub_key_cred_params=cred_params -) - -# Start the registration process (adjust this method if needed) -registration_data, state = server.register_begin( - user=user, - challenge=challenge -) - -# Assuming the device is the first one connected -device = next(CtapHidDevice.list_devices(), None) -if device is None: - raise ValueError("No FIDO device found") - -# Client instance for the device -client = Fido2Client(device, "eggtech.net") - -# Use the manual options we created for make_credential -attestation_object, client_data = client.make_credential(options) - -# Finalize the registration to validate the response and store the credentials -auth_data = server.register_complete(state, client_data, attestation_object) diff --git a/tryme.py b/tryme.py deleted file mode 100644 index 2b17600..0000000 --- a/tryme.py +++ /dev/null @@ -1,38 +0,0 @@ -from fido2.pcsc import CtapPcscDevice -from fido2.utils import sha256 -from fido2.ctap1 import Ctap1 -import sys - - -dev = next(CtapPcscDevice.list_devices(), None) -if not dev: - print("No NFC u2f device found") - sys.exit(1) - -chal = sha256(b"AAA") -appid = sha256(b"BBB") - -ctap1 = Ctap1(dev) - -print("version:", ctap1.get_version()) - -# True - make extended APDU and send it to key -# ISO 7816-3:2006. page 33, 12.1.3 Decoding conventions for command APDUs -# ISO 7816-3:2006. page 34, 12.2 Command-response pair transmission by T=0 -# False - make group of short (less than 255 bytes length) APDU -# and send them to key. ISO 7816-3:2005, page 9, 5.1.1.1 Command chaining -dev.use_ext_apdu = False - -reg = ctap1.register(chal, appid) -print("register:", reg) - - -reg.verify(appid, chal) -print("Register message verify OK") - - -auth = ctap1.authenticate(chal, appid, reg.key_handle) -print("authenticate result: ", auth) - -res = auth.verify(appid, chal, reg.public_key) -print("Authenticate message verify OK") \ No newline at end of file diff --git a/u2fClient.py b/u2fClient.py deleted file mode 100644 index bb235fb..0000000 --- a/u2fClient.py +++ /dev/null @@ -1,46 +0,0 @@ -from fido2.hid import CtapHidDevice -from fido2.client import Fido2Client -from fido2.server import Fido2Server -from fido2.webauthn import PublicKeyCredentialRpEntity - -while True: - - # Discover FIDO2 devices connected via USB - devices = list(CtapHidDevice.list_devices()) - if not devices: - #raise ValueError("No FIDO2 device found") - pass - else: - device = devices[0] - break - -# Use the first available device -client = Fido2Client(device, "https://example.com") -rp = PublicKeyCredentialRpEntity("example.com", "Example RP") -server = Fido2Server(rp) - -# Example: Registration -user = {"id": b"user_id", "name": "john_doe", "displayName": "John Doe"} -challenge = server.register_begin(user) - -print(challenge) - -# Prompt user to perform registration action on the device -attestation_object, client_data = client.make_credential(challenge) - -# Finalize registration on the server -auth_data = server.register_complete(challenge['state'], client_data, attestation_object) - -print("Registration complete. Credential ID:", auth_data.credential_data.credential_id) - -# Example: Authentication -credentials = [auth_data.credential_data] -challenge = server.authenticate_begin(credentials) - -# Prompt user to perform authentication action on the device -assertion, client_data = client.get_assertion(challenge['publicKey']) -assertion_response = assertion[0] # Assuming the first assertion (most common scenario) - -# Finalize authentication on the server -server.authenticate_complete(challenge['state'], credentials, assertion_response, client_data) -print("Authentication successful!") diff --git a/u2fServer.py b/u2fServer.py deleted file mode 100644 index e69de29..0000000 diff --git a/working build.py b/working build.py deleted file mode 100644 index 20d4190..0000000 --- a/working build.py +++ /dev/null @@ -1,142 +0,0 @@ -# Copyright (c) 2018 Yubico AB -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or -# without modification, are permitted provided that the following -# conditions are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials provided -# with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. - -""" -Connects to the first FIDO device found (starts from USB, then looks into NFC), -creates a new credential for it, and authenticates the credential. -This works with both FIDO 2.0 devices as well as with U2F devices. -On Windows, the native WebAuthn API will be used. -""" -from fido2.hid import CtapHidDevice -from fido2.client import Fido2Client, WindowsClient, UserInteraction -from fido2.server import Fido2Server -from getpass import getpass -import sys -import ctypes - - -# Handle user interaction -class CliInteraction(UserInteraction): - def prompt_up(self): - print("\nTouch your authenticator device now...\n") - - def request_pin(self, permissions, rd_id): - return getpass("Enter PIN: ") - - def request_uv(self, permissions, rd_id): - print("User Verification required.") - return True - - -uv = "discouraged" - -if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): - # Use the Windows WebAuthn API if available, and we're not running as admin - client = WindowsClient("https://example.com") -else: - # Locate a device - dev = next(CtapHidDevice.list_devices(), None) - if dev is not None: - print("Use USB HID channel.") - else: - try: - from fido2.pcsc import CtapPcscDevice - - dev = next(CtapPcscDevice.list_devices(), None) - print("Use NFC channel.") - except Exception as e: - print("NFC channel search error:", e) - - if not dev: - print("No FIDO device found") - sys.exit(1) - - # Set up a FIDO 2 client using the origin https://example.com - client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) - - # Prefer UV if supported and configured - if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"): - uv = "preferred" - print("Authenticator supports User Verification") - - -server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") - -user = {"id": b"user_id", "name": "A. User"} - - -# Prepare parameters for makeCredential -create_options, state = server.register_begin( - user, user_verification=uv, authenticator_attachment="cross-platform" -) - -# Create a credential -result = client.make_credential(create_options["publicKey"]) - -# Complete registration -auth_data = server.register_complete( - state, result.client_data, result.attestation_object -) -credentials = [auth_data.credential_data] - -print("New credential created!") - -print("CLIENT DATA:", result.client_data) -print("ATTESTATION OBJECT:", result.attestation_object) -print() -print("CREDENTIAL DATA:", auth_data.credential_data) - - -# Prepare parameters for getAssertion -request_options, state = server.authenticate_begin(credentials, user_verification=uv) - -# Authenticate the credential -result = client.get_assertion(request_options["publicKey"]) - -# Only one cred in allowCredentials, only one response. -result = result.get_response(0) -print(str(state)) -print(str(credentials)) -print(str(result.credential_id)) -print(str(result.client_data)) -print(str(result.authenticator_data)) -print(str(result.signature)) -# Complete authenticator -server.authenticate_complete( - state, - credentials, - result.credential_id, - result.client_data, - result.authenticator_data, - result.signature, -) - -print("Credential authenticated!") - -print("CLIENT DATA:", result.client_data) -print() -print("AUTH DATA:", result.authenticator_data) \ No newline at end of file