removed other files
This commit is contained in:
parent
0d7fad8a15
commit
6f0003557c
144
credblobex.py
144
credblobex.py
@ -1,144 +0,0 @@
|
||||
# Copyright (c) 2018 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or
|
||||
# without modification, are permitted provided that the following
|
||||
# conditions are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
"""
|
||||
Connects to the first FIDO device found (starts from USB, then looks into NFC),
|
||||
creates a new credential for it, and authenticates the credential.
|
||||
This works with both FIDO 2.0 devices as well as with U2F devices.
|
||||
On Windows, the native WebAuthn API will be used.
|
||||
"""
|
||||
from fido2.hid import CtapHidDevice
|
||||
from fido2.client import Fido2Client, WindowsClient, UserInteraction
|
||||
from fido2.server import Fido2Server
|
||||
from getpass import getpass
|
||||
import sys
|
||||
import ctypes
|
||||
|
||||
try:
|
||||
from fido2.pcsc import CtapPcscDevice
|
||||
except ImportError:
|
||||
CtapPcscDevice = None
|
||||
|
||||
|
||||
def enumerate_devices():
|
||||
for dev in CtapHidDevice.list_devices():
|
||||
yield dev
|
||||
if CtapPcscDevice:
|
||||
for dev in CtapPcscDevice.list_devices():
|
||||
yield dev
|
||||
|
||||
|
||||
# Handle user interaction
|
||||
class CliInteraction(UserInteraction):
|
||||
def prompt_up(self):
|
||||
print("\nTouch your authenticator device now...\n")
|
||||
|
||||
def request_pin(self, permissions, rd_id):
|
||||
return getpass("Enter PIN: ")
|
||||
|
||||
def request_uv(self, permissions, rd_id):
|
||||
print("User Verification required.")
|
||||
return True
|
||||
|
||||
|
||||
uv = "discouraged"
|
||||
|
||||
if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
|
||||
# Use the Windows WebAuthn API if available, and we're not running as admin
|
||||
client = WindowsClient("https://example.com")
|
||||
else:
|
||||
# Locate a device
|
||||
for dev in enumerate_devices():
|
||||
client = Fido2Client(
|
||||
dev, "https://example.com", user_interaction=CliInteraction()
|
||||
)
|
||||
if client.info.options.get("rk"):
|
||||
break
|
||||
else:
|
||||
print("No Authenticator with support for resident key found!")
|
||||
sys.exit(1)
|
||||
|
||||
# Prefer UV if supported
|
||||
if client.info.options.get("uv"):
|
||||
uv = "preferred"
|
||||
print("Authenticator supports User Verification")
|
||||
|
||||
|
||||
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
|
||||
|
||||
user = {"id": b"user_id", "name": "A. User"}
|
||||
|
||||
# Prepare parameters for makeCredential
|
||||
create_options, state = server.register_begin(
|
||||
user,
|
||||
resident_key_requirement="required",
|
||||
user_verification=uv,
|
||||
authenticator_attachment="cross-platform",
|
||||
)
|
||||
|
||||
# Create a credential
|
||||
result = client.make_credential(create_options["publicKey"])
|
||||
|
||||
|
||||
# Complete registration
|
||||
auth_data = server.register_complete(
|
||||
state, result.client_data, result.attestation_object
|
||||
)
|
||||
credentials = [auth_data.credential_data]
|
||||
|
||||
print("New credential created!")
|
||||
|
||||
print("CLIENT DATA:", result.client_data)
|
||||
print("ATTESTATION OBJECT:", result.attestation_object)
|
||||
print()
|
||||
print("CREDENTIAL DATA:", auth_data.credential_data)
|
||||
|
||||
|
||||
# Prepare parameters for getAssertion
|
||||
request_options, state = server.authenticate_begin(user_verification=uv)
|
||||
|
||||
# Authenticate the credential
|
||||
selection = client.get_assertion(request_options["publicKey"])
|
||||
result = selection.get_response(0) # There may be multiple responses, get the first.
|
||||
|
||||
print("USER ID:", result.user_handle)
|
||||
|
||||
# Complete authenticator
|
||||
server.authenticate_complete(
|
||||
state,
|
||||
credentials,
|
||||
result.credential_id,
|
||||
result.client_data,
|
||||
result.authenticator_data,
|
||||
result.signature,
|
||||
)
|
||||
|
||||
print("Credential authenticated!")
|
||||
|
||||
print("CLIENT DATA:", result.client_data)
|
||||
print()
|
||||
print("AUTHENTICATOR DATA:", result.authenticator_data)
|
84
test2.py
84
test2.py
@ -1,84 +0,0 @@
|
||||
from fido2.hid import CtapHidDevice
|
||||
from fido2.server import Fido2Server
|
||||
from fido2.webauthn import PublicKeyCredentialRpEntity, UserVerificationRequirement, PublicKeyCredentialUserEntity, \
|
||||
PublicKeyCredentialCreationOptions
|
||||
from fido2.client import Fido2Client
|
||||
import os
|
||||
|
||||
# Initialize the FIDO2 server
|
||||
rp = PublicKeyCredentialRpEntity("example.com", "Example Corporation")
|
||||
server = Fido2Server(rp)
|
||||
|
||||
# User information
|
||||
user_id = os.urandom(32)
|
||||
user = PublicKeyCredentialUserEntity("testuser", b"Example Corporation")
|
||||
|
||||
# Create a registration request
|
||||
registration_data = PublicKeyCredentialCreationOptions(rp, user, os.urandom(32), rp)
|
||||
state = server.register_begin(user,
|
||||
challenge=os.urandom(32),
|
||||
user_verification=UserVerificationRequirement.PREFERRED)
|
||||
# List FIDO devices
|
||||
devices = list(CtapHidDevice.list_devices())
|
||||
if not devices:
|
||||
print("No FIDO devices found")
|
||||
exit(1)
|
||||
|
||||
# Select the first device (you could add logic to choose a device)
|
||||
device = devices[0]
|
||||
print("Using device:", device)
|
||||
|
||||
# Simulate client processing and generate a response (normally done in browser)
|
||||
client = Fido2Client(device, "https://example.com")
|
||||
attestation_object, client_data = client.make_credential(registration_data)
|
||||
|
||||
# Setup Relying Party
|
||||
rp = PublicKeyCredentialRpEntity("example.com", name="Example Corporation")
|
||||
server = Fido2Server(rp)
|
||||
|
||||
# User information
|
||||
user_id = os.urandom(32)
|
||||
user = {"id": user_id, "name": "user@example.com", "displayName": "Example User"}
|
||||
|
||||
# Create a registration request
|
||||
registration_data, state = server.register_begin({
|
||||
"id": user_id,
|
||||
"name": user['name'],
|
||||
"displayName": user['displayName']
|
||||
},
|
||||
challenge=os.urandom(32),
|
||||
user_verification="preferred")
|
||||
|
||||
# Use the client to create a credential
|
||||
attestation_object, client_data = client.make_credential(registration_data)
|
||||
|
||||
|
||||
# Complete registration
|
||||
authenticator_data = server.register_complete(
|
||||
state,
|
||||
client_data,
|
||||
attestation_object
|
||||
)
|
||||
|
||||
print("Registration complete")
|
||||
print("Authenticator data:", authenticator_data.credential_data)
|
||||
|
||||
# Authentication process
|
||||
auth_data, state = server.authenticate_begin(user_id)
|
||||
|
||||
# Simulate client processing and generate a response
|
||||
assertion = client.get_assertion(auth_data["publicKey"])
|
||||
assertion_response = assertion.get_response(0)
|
||||
|
||||
# Complete authentication
|
||||
credentials, user_handle = server.authenticate_complete(
|
||||
state,
|
||||
auth_data["allowCredentials"],
|
||||
assertion_response.client_data,
|
||||
assertion_response.authenticator_data,
|
||||
assertion_response.signature
|
||||
)
|
||||
|
||||
print("Authentication complete")
|
||||
print("User handle:", user_handle)
|
||||
print("Credentials:", credentials)
|
56
tet.py
56
tet.py
@ -1,56 +0,0 @@
|
||||
from fido2.server import Fido2Server
|
||||
from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
|
||||
PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions)
|
||||
from fido2.client import Fido2Client
|
||||
from fido2.hid import CtapHidDevice
|
||||
import os
|
||||
|
||||
# Setup the relying party (RP) entity
|
||||
rp = PublicKeyCredentialRpEntity("eggtech.net", "test")
|
||||
|
||||
# Setup the user entity
|
||||
user = PublicKeyCredentialUserEntity(
|
||||
id=b'91974', # User ID as bytes
|
||||
name="cyrus@eggtech.net",
|
||||
display_name="Cyrus Schick"
|
||||
)
|
||||
|
||||
# Define the public key credential parameters
|
||||
cred_params = [
|
||||
PublicKeyCredentialParameters("public-key", -7), # ES256
|
||||
PublicKeyCredentialParameters("public-key", -257) # RS256
|
||||
]
|
||||
|
||||
# FIDO2 Server setup
|
||||
server = Fido2Server(rp)
|
||||
|
||||
# Generate a random challenge
|
||||
challenge = os.urandom(32)
|
||||
|
||||
# Manually create the PublicKeyCredentialCreationOptions
|
||||
options = PublicKeyCredentialCreationOptions(
|
||||
rp=rp,
|
||||
user=user,
|
||||
challenge=challenge,
|
||||
pub_key_cred_params=cred_params
|
||||
)
|
||||
|
||||
# Start the registration process (adjust this method if needed)
|
||||
registration_data, state = server.register_begin(
|
||||
user=user,
|
||||
challenge=challenge
|
||||
)
|
||||
|
||||
# Assuming the device is the first one connected
|
||||
device = next(CtapHidDevice.list_devices(), None)
|
||||
if device is None:
|
||||
raise ValueError("No FIDO device found")
|
||||
|
||||
# Client instance for the device
|
||||
client = Fido2Client(device, "eggtech.net")
|
||||
|
||||
# Use the manual options we created for make_credential
|
||||
attestation_object, client_data = client.make_credential(options)
|
||||
|
||||
# Finalize the registration to validate the response and store the credentials
|
||||
auth_data = server.register_complete(state, client_data, attestation_object)
|
38
tryme.py
38
tryme.py
@ -1,38 +0,0 @@
|
||||
from fido2.pcsc import CtapPcscDevice
|
||||
from fido2.utils import sha256
|
||||
from fido2.ctap1 import Ctap1
|
||||
import sys
|
||||
|
||||
|
||||
dev = next(CtapPcscDevice.list_devices(), None)
|
||||
if not dev:
|
||||
print("No NFC u2f device found")
|
||||
sys.exit(1)
|
||||
|
||||
chal = sha256(b"AAA")
|
||||
appid = sha256(b"BBB")
|
||||
|
||||
ctap1 = Ctap1(dev)
|
||||
|
||||
print("version:", ctap1.get_version())
|
||||
|
||||
# True - make extended APDU and send it to key
|
||||
# ISO 7816-3:2006. page 33, 12.1.3 Decoding conventions for command APDUs
|
||||
# ISO 7816-3:2006. page 34, 12.2 Command-response pair transmission by T=0
|
||||
# False - make group of short (less than 255 bytes length) APDU
|
||||
# and send them to key. ISO 7816-3:2005, page 9, 5.1.1.1 Command chaining
|
||||
dev.use_ext_apdu = False
|
||||
|
||||
reg = ctap1.register(chal, appid)
|
||||
print("register:", reg)
|
||||
|
||||
|
||||
reg.verify(appid, chal)
|
||||
print("Register message verify OK")
|
||||
|
||||
|
||||
auth = ctap1.authenticate(chal, appid, reg.key_handle)
|
||||
print("authenticate result: ", auth)
|
||||
|
||||
res = auth.verify(appid, chal, reg.public_key)
|
||||
print("Authenticate message verify OK")
|
46
u2fClient.py
46
u2fClient.py
@ -1,46 +0,0 @@
|
||||
from fido2.hid import CtapHidDevice
|
||||
from fido2.client import Fido2Client
|
||||
from fido2.server import Fido2Server
|
||||
from fido2.webauthn import PublicKeyCredentialRpEntity
|
||||
|
||||
while True:
|
||||
|
||||
# Discover FIDO2 devices connected via USB
|
||||
devices = list(CtapHidDevice.list_devices())
|
||||
if not devices:
|
||||
#raise ValueError("No FIDO2 device found")
|
||||
pass
|
||||
else:
|
||||
device = devices[0]
|
||||
break
|
||||
|
||||
# Use the first available device
|
||||
client = Fido2Client(device, "https://example.com")
|
||||
rp = PublicKeyCredentialRpEntity("example.com", "Example RP")
|
||||
server = Fido2Server(rp)
|
||||
|
||||
# Example: Registration
|
||||
user = {"id": b"user_id", "name": "john_doe", "displayName": "John Doe"}
|
||||
challenge = server.register_begin(user)
|
||||
|
||||
print(challenge)
|
||||
|
||||
# Prompt user to perform registration action on the device
|
||||
attestation_object, client_data = client.make_credential(challenge)
|
||||
|
||||
# Finalize registration on the server
|
||||
auth_data = server.register_complete(challenge['state'], client_data, attestation_object)
|
||||
|
||||
print("Registration complete. Credential ID:", auth_data.credential_data.credential_id)
|
||||
|
||||
# Example: Authentication
|
||||
credentials = [auth_data.credential_data]
|
||||
challenge = server.authenticate_begin(credentials)
|
||||
|
||||
# Prompt user to perform authentication action on the device
|
||||
assertion, client_data = client.get_assertion(challenge['publicKey'])
|
||||
assertion_response = assertion[0] # Assuming the first assertion (most common scenario)
|
||||
|
||||
# Finalize authentication on the server
|
||||
server.authenticate_complete(challenge['state'], credentials, assertion_response, client_data)
|
||||
print("Authentication successful!")
|
142
working build.py
142
working build.py
@ -1,142 +0,0 @@
|
||||
# Copyright (c) 2018 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or
|
||||
# without modification, are permitted provided that the following
|
||||
# conditions are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
"""
|
||||
Connects to the first FIDO device found (starts from USB, then looks into NFC),
|
||||
creates a new credential for it, and authenticates the credential.
|
||||
This works with both FIDO 2.0 devices as well as with U2F devices.
|
||||
On Windows, the native WebAuthn API will be used.
|
||||
"""
|
||||
from fido2.hid import CtapHidDevice
|
||||
from fido2.client import Fido2Client, WindowsClient, UserInteraction
|
||||
from fido2.server import Fido2Server
|
||||
from getpass import getpass
|
||||
import sys
|
||||
import ctypes
|
||||
|
||||
|
||||
# Handle user interaction
|
||||
class CliInteraction(UserInteraction):
|
||||
def prompt_up(self):
|
||||
print("\nTouch your authenticator device now...\n")
|
||||
|
||||
def request_pin(self, permissions, rd_id):
|
||||
return getpass("Enter PIN: ")
|
||||
|
||||
def request_uv(self, permissions, rd_id):
|
||||
print("User Verification required.")
|
||||
return True
|
||||
|
||||
|
||||
uv = "discouraged"
|
||||
|
||||
if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
|
||||
# Use the Windows WebAuthn API if available, and we're not running as admin
|
||||
client = WindowsClient("https://example.com")
|
||||
else:
|
||||
# Locate a device
|
||||
dev = next(CtapHidDevice.list_devices(), None)
|
||||
if dev is not None:
|
||||
print("Use USB HID channel.")
|
||||
else:
|
||||
try:
|
||||
from fido2.pcsc import CtapPcscDevice
|
||||
|
||||
dev = next(CtapPcscDevice.list_devices(), None)
|
||||
print("Use NFC channel.")
|
||||
except Exception as e:
|
||||
print("NFC channel search error:", e)
|
||||
|
||||
if not dev:
|
||||
print("No FIDO device found")
|
||||
sys.exit(1)
|
||||
|
||||
# Set up a FIDO 2 client using the origin https://example.com
|
||||
client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction())
|
||||
|
||||
# Prefer UV if supported and configured
|
||||
if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"):
|
||||
uv = "preferred"
|
||||
print("Authenticator supports User Verification")
|
||||
|
||||
|
||||
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
|
||||
|
||||
user = {"id": b"user_id", "name": "A. User"}
|
||||
|
||||
|
||||
# Prepare parameters for makeCredential
|
||||
create_options, state = server.register_begin(
|
||||
user, user_verification=uv, authenticator_attachment="cross-platform"
|
||||
)
|
||||
|
||||
# Create a credential
|
||||
result = client.make_credential(create_options["publicKey"])
|
||||
|
||||
# Complete registration
|
||||
auth_data = server.register_complete(
|
||||
state, result.client_data, result.attestation_object
|
||||
)
|
||||
credentials = [auth_data.credential_data]
|
||||
|
||||
print("New credential created!")
|
||||
|
||||
print("CLIENT DATA:", result.client_data)
|
||||
print("ATTESTATION OBJECT:", result.attestation_object)
|
||||
print()
|
||||
print("CREDENTIAL DATA:", auth_data.credential_data)
|
||||
|
||||
|
||||
# Prepare parameters for getAssertion
|
||||
request_options, state = server.authenticate_begin(credentials, user_verification=uv)
|
||||
|
||||
# Authenticate the credential
|
||||
result = client.get_assertion(request_options["publicKey"])
|
||||
|
||||
# Only one cred in allowCredentials, only one response.
|
||||
result = result.get_response(0)
|
||||
print(str(state))
|
||||
print(str(credentials))
|
||||
print(str(result.credential_id))
|
||||
print(str(result.client_data))
|
||||
print(str(result.authenticator_data))
|
||||
print(str(result.signature))
|
||||
# Complete authenticator
|
||||
server.authenticate_complete(
|
||||
state,
|
||||
credentials,
|
||||
result.credential_id,
|
||||
result.client_data,
|
||||
result.authenticator_data,
|
||||
result.signature,
|
||||
)
|
||||
|
||||
print("Credential authenticated!")
|
||||
|
||||
print("CLIENT DATA:", result.client_data)
|
||||
print()
|
||||
print("AUTH DATA:", result.authenticator_data)
|
Loading…
Reference in New Issue
Block a user