removed other files

This commit is contained in:
caschick221 2024-05-02 14:43:34 -04:00
parent 0d7fad8a15
commit 6f0003557c
8 changed files with 0 additions and 510 deletions

View File

@ -1,144 +0,0 @@
# Copyright (c) 2018 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
"""
Connects to the first FIDO device found (starts from USB, then looks into NFC),
creates a new credential for it, and authenticates the credential.
This works with both FIDO 2.0 devices as well as with U2F devices.
On Windows, the native WebAuthn API will be used.
"""
from fido2.hid import CtapHidDevice
from fido2.client import Fido2Client, WindowsClient, UserInteraction
from fido2.server import Fido2Server
from getpass import getpass
import sys
import ctypes
try:
from fido2.pcsc import CtapPcscDevice
except ImportError:
CtapPcscDevice = None
def enumerate_devices():
for dev in CtapHidDevice.list_devices():
yield dev
if CtapPcscDevice:
for dev in CtapPcscDevice.list_devices():
yield dev
# Handle user interaction
class CliInteraction(UserInteraction):
def prompt_up(self):
print("\nTouch your authenticator device now...\n")
def request_pin(self, permissions, rd_id):
return getpass("Enter PIN: ")
def request_uv(self, permissions, rd_id):
print("User Verification required.")
return True
uv = "discouraged"
if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
# Use the Windows WebAuthn API if available, and we're not running as admin
client = WindowsClient("https://example.com")
else:
# Locate a device
for dev in enumerate_devices():
client = Fido2Client(
dev, "https://example.com", user_interaction=CliInteraction()
)
if client.info.options.get("rk"):
break
else:
print("No Authenticator with support for resident key found!")
sys.exit(1)
# Prefer UV if supported
if client.info.options.get("uv"):
uv = "preferred"
print("Authenticator supports User Verification")
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
user = {"id": b"user_id", "name": "A. User"}
# Prepare parameters for makeCredential
create_options, state = server.register_begin(
user,
resident_key_requirement="required",
user_verification=uv,
authenticator_attachment="cross-platform",
)
# Create a credential
result = client.make_credential(create_options["publicKey"])
# Complete registration
auth_data = server.register_complete(
state, result.client_data, result.attestation_object
)
credentials = [auth_data.credential_data]
print("New credential created!")
print("CLIENT DATA:", result.client_data)
print("ATTESTATION OBJECT:", result.attestation_object)
print()
print("CREDENTIAL DATA:", auth_data.credential_data)
# Prepare parameters for getAssertion
request_options, state = server.authenticate_begin(user_verification=uv)
# Authenticate the credential
selection = client.get_assertion(request_options["publicKey"])
result = selection.get_response(0) # There may be multiple responses, get the first.
print("USER ID:", result.user_handle)
# Complete authenticator
server.authenticate_complete(
state,
credentials,
result.credential_id,
result.client_data,
result.authenticator_data,
result.signature,
)
print("Credential authenticated!")
print("CLIENT DATA:", result.client_data)
print()
print("AUTHENTICATOR DATA:", result.authenticator_data)

View File

@ -1,84 +0,0 @@
from fido2.hid import CtapHidDevice
from fido2.server import Fido2Server
from fido2.webauthn import PublicKeyCredentialRpEntity, UserVerificationRequirement, PublicKeyCredentialUserEntity, \
PublicKeyCredentialCreationOptions
from fido2.client import Fido2Client
import os
# Initialize the FIDO2 server
rp = PublicKeyCredentialRpEntity("example.com", "Example Corporation")
server = Fido2Server(rp)
# User information
user_id = os.urandom(32)
user = PublicKeyCredentialUserEntity("testuser", b"Example Corporation")
# Create a registration request
registration_data = PublicKeyCredentialCreationOptions(rp, user, os.urandom(32), rp)
state = server.register_begin(user,
challenge=os.urandom(32),
user_verification=UserVerificationRequirement.PREFERRED)
# List FIDO devices
devices = list(CtapHidDevice.list_devices())
if not devices:
print("No FIDO devices found")
exit(1)
# Select the first device (you could add logic to choose a device)
device = devices[0]
print("Using device:", device)
# Simulate client processing and generate a response (normally done in browser)
client = Fido2Client(device, "https://example.com")
attestation_object, client_data = client.make_credential(registration_data)
# Setup Relying Party
rp = PublicKeyCredentialRpEntity("example.com", name="Example Corporation")
server = Fido2Server(rp)
# User information
user_id = os.urandom(32)
user = {"id": user_id, "name": "user@example.com", "displayName": "Example User"}
# Create a registration request
registration_data, state = server.register_begin({
"id": user_id,
"name": user['name'],
"displayName": user['displayName']
},
challenge=os.urandom(32),
user_verification="preferred")
# Use the client to create a credential
attestation_object, client_data = client.make_credential(registration_data)
# Complete registration
authenticator_data = server.register_complete(
state,
client_data,
attestation_object
)
print("Registration complete")
print("Authenticator data:", authenticator_data.credential_data)
# Authentication process
auth_data, state = server.authenticate_begin(user_id)
# Simulate client processing and generate a response
assertion = client.get_assertion(auth_data["publicKey"])
assertion_response = assertion.get_response(0)
# Complete authentication
credentials, user_handle = server.authenticate_complete(
state,
auth_data["allowCredentials"],
assertion_response.client_data,
assertion_response.authenticator_data,
assertion_response.signature
)
print("Authentication complete")
print("User handle:", user_handle)
print("Credentials:", credentials)

56
tet.py
View File

@ -1,56 +0,0 @@
from fido2.server import Fido2Server
from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions)
from fido2.client import Fido2Client
from fido2.hid import CtapHidDevice
import os
# Setup the relying party (RP) entity
rp = PublicKeyCredentialRpEntity("eggtech.net", "test")
# Setup the user entity
user = PublicKeyCredentialUserEntity(
id=b'91974', # User ID as bytes
name="cyrus@eggtech.net",
display_name="Cyrus Schick"
)
# Define the public key credential parameters
cred_params = [
PublicKeyCredentialParameters("public-key", -7), # ES256
PublicKeyCredentialParameters("public-key", -257) # RS256
]
# FIDO2 Server setup
server = Fido2Server(rp)
# Generate a random challenge
challenge = os.urandom(32)
# Manually create the PublicKeyCredentialCreationOptions
options = PublicKeyCredentialCreationOptions(
rp=rp,
user=user,
challenge=challenge,
pub_key_cred_params=cred_params
)
# Start the registration process (adjust this method if needed)
registration_data, state = server.register_begin(
user=user,
challenge=challenge
)
# Assuming the device is the first one connected
device = next(CtapHidDevice.list_devices(), None)
if device is None:
raise ValueError("No FIDO device found")
# Client instance for the device
client = Fido2Client(device, "eggtech.net")
# Use the manual options we created for make_credential
attestation_object, client_data = client.make_credential(options)
# Finalize the registration to validate the response and store the credentials
auth_data = server.register_complete(state, client_data, attestation_object)

View File

@ -1,38 +0,0 @@
from fido2.pcsc import CtapPcscDevice
from fido2.utils import sha256
from fido2.ctap1 import Ctap1
import sys
dev = next(CtapPcscDevice.list_devices(), None)
if not dev:
print("No NFC u2f device found")
sys.exit(1)
chal = sha256(b"AAA")
appid = sha256(b"BBB")
ctap1 = Ctap1(dev)
print("version:", ctap1.get_version())
# True - make extended APDU and send it to key
# ISO 7816-3:2006. page 33, 12.1.3 Decoding conventions for command APDUs
# ISO 7816-3:2006. page 34, 12.2 Command-response pair transmission by T=0
# False - make group of short (less than 255 bytes length) APDU
# and send them to key. ISO 7816-3:2005, page 9, 5.1.1.1 Command chaining
dev.use_ext_apdu = False
reg = ctap1.register(chal, appid)
print("register:", reg)
reg.verify(appid, chal)
print("Register message verify OK")
auth = ctap1.authenticate(chal, appid, reg.key_handle)
print("authenticate result: ", auth)
res = auth.verify(appid, chal, reg.public_key)
print("Authenticate message verify OK")

View File

@ -1,46 +0,0 @@
from fido2.hid import CtapHidDevice
from fido2.client import Fido2Client
from fido2.server import Fido2Server
from fido2.webauthn import PublicKeyCredentialRpEntity
while True:
# Discover FIDO2 devices connected via USB
devices = list(CtapHidDevice.list_devices())
if not devices:
#raise ValueError("No FIDO2 device found")
pass
else:
device = devices[0]
break
# Use the first available device
client = Fido2Client(device, "https://example.com")
rp = PublicKeyCredentialRpEntity("example.com", "Example RP")
server = Fido2Server(rp)
# Example: Registration
user = {"id": b"user_id", "name": "john_doe", "displayName": "John Doe"}
challenge = server.register_begin(user)
print(challenge)
# Prompt user to perform registration action on the device
attestation_object, client_data = client.make_credential(challenge)
# Finalize registration on the server
auth_data = server.register_complete(challenge['state'], client_data, attestation_object)
print("Registration complete. Credential ID:", auth_data.credential_data.credential_id)
# Example: Authentication
credentials = [auth_data.credential_data]
challenge = server.authenticate_begin(credentials)
# Prompt user to perform authentication action on the device
assertion, client_data = client.get_assertion(challenge['publicKey'])
assertion_response = assertion[0] # Assuming the first assertion (most common scenario)
# Finalize authentication on the server
server.authenticate_complete(challenge['state'], credentials, assertion_response, client_data)
print("Authentication successful!")

View File

View File

@ -1,142 +0,0 @@
# Copyright (c) 2018 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
"""
Connects to the first FIDO device found (starts from USB, then looks into NFC),
creates a new credential for it, and authenticates the credential.
This works with both FIDO 2.0 devices as well as with U2F devices.
On Windows, the native WebAuthn API will be used.
"""
from fido2.hid import CtapHidDevice
from fido2.client import Fido2Client, WindowsClient, UserInteraction
from fido2.server import Fido2Server
from getpass import getpass
import sys
import ctypes
# Handle user interaction
class CliInteraction(UserInteraction):
def prompt_up(self):
print("\nTouch your authenticator device now...\n")
def request_pin(self, permissions, rd_id):
return getpass("Enter PIN: ")
def request_uv(self, permissions, rd_id):
print("User Verification required.")
return True
uv = "discouraged"
if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
# Use the Windows WebAuthn API if available, and we're not running as admin
client = WindowsClient("https://example.com")
else:
# Locate a device
dev = next(CtapHidDevice.list_devices(), None)
if dev is not None:
print("Use USB HID channel.")
else:
try:
from fido2.pcsc import CtapPcscDevice
dev = next(CtapPcscDevice.list_devices(), None)
print("Use NFC channel.")
except Exception as e:
print("NFC channel search error:", e)
if not dev:
print("No FIDO device found")
sys.exit(1)
# Set up a FIDO 2 client using the origin https://example.com
client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction())
# Prefer UV if supported and configured
if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"):
uv = "preferred"
print("Authenticator supports User Verification")
server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct")
user = {"id": b"user_id", "name": "A. User"}
# Prepare parameters for makeCredential
create_options, state = server.register_begin(
user, user_verification=uv, authenticator_attachment="cross-platform"
)
# Create a credential
result = client.make_credential(create_options["publicKey"])
# Complete registration
auth_data = server.register_complete(
state, result.client_data, result.attestation_object
)
credentials = [auth_data.credential_data]
print("New credential created!")
print("CLIENT DATA:", result.client_data)
print("ATTESTATION OBJECT:", result.attestation_object)
print()
print("CREDENTIAL DATA:", auth_data.credential_data)
# Prepare parameters for getAssertion
request_options, state = server.authenticate_begin(credentials, user_verification=uv)
# Authenticate the credential
result = client.get_assertion(request_options["publicKey"])
# Only one cred in allowCredentials, only one response.
result = result.get_response(0)
print(str(state))
print(str(credentials))
print(str(result.credential_id))
print(str(result.client_data))
print(str(result.authenticator_data))
print(str(result.signature))
# Complete authenticator
server.authenticate_complete(
state,
credentials,
result.credential_id,
result.client_data,
result.authenticator_data,
result.signature,
)
print("Credential authenticated!")
print("CLIENT DATA:", result.client_data)
print()
print("AUTH DATA:", result.authenticator_data)