From 7f9af3d270084763f654f0a89393c3947d4855c0 Mon Sep 17 00:00:00 2001 From: Eggman20339 Date: Tue, 30 Apr 2024 21:27:29 -0400 Subject: [PATCH] working build.py is currently the same as credentialsex.py --- working build.py | 137 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 working build.py diff --git a/working build.py b/working build.py new file mode 100644 index 0000000..0df24c6 --- /dev/null +++ b/working build.py @@ -0,0 +1,137 @@ +# Copyright (c) 2018 Yubico AB +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +""" +Connects to the first FIDO device found (starts from USB, then looks into NFC), +creates a new credential for it, and authenticates the credential. +This works with both FIDO 2.0 devices as well as with U2F devices. +On Windows, the native WebAuthn API will be used. +""" +from fido2.hid import CtapHidDevice +from fido2.client import Fido2Client, WindowsClient, UserInteraction +from fido2.server import Fido2Server +from getpass import getpass +import sys +import ctypes + + +# Handle user interaction +class CliInteraction(UserInteraction): + def prompt_up(self): + print("\nTouch your authenticator device now...\n") + + def request_pin(self, permissions, rd_id): + return getpass("Enter PIN: ") + + def request_uv(self, permissions, rd_id): + print("User Verification required.") + return True + + +uv = "discouraged" + +if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin(): + # Use the Windows WebAuthn API if available, and we're not running as admin + client = WindowsClient("https://example.com") +else: + # Locate a device + dev = next(CtapHidDevice.list_devices(), None) + if dev is not None: + print("Use USB HID channel.") + else: + try: + from fido2.pcsc import CtapPcscDevice + + dev = next(CtapPcscDevice.list_devices(), None) + print("Use NFC channel.") + except Exception as e: + print("NFC channel search error:", e) + + if not dev: + print("No FIDO device found") + sys.exit(1) + + # Set up a FIDO 2 client using the origin https://example.com + client = Fido2Client(dev, "https://example.com", user_interaction=CliInteraction()) + + # Prefer UV if supported and configured + if client.info.options.get("uv") or client.info.options.get("pinUvAuthToken"): + uv = "preferred" + print("Authenticator supports User Verification") + + +server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="direct") + +user = {"id": b"user_id", "name": "A. User"} + + +# Prepare parameters for makeCredential +create_options, state = server.register_begin( + user, user_verification=uv, authenticator_attachment="cross-platform" +) + +# Create a credential +result = client.make_credential(create_options["publicKey"]) + +# Complete registration +auth_data = server.register_complete( + state, result.client_data, result.attestation_object +) +credentials = [auth_data.credential_data] + +print("New credential created!") + +print("CLIENT DATA:", result.client_data) +print("ATTESTATION OBJECT:", result.attestation_object) +print() +print("CREDENTIAL DATA:", auth_data.credential_data) + + +# Prepare parameters for getAssertion +request_options, state = server.authenticate_begin(credentials, user_verification=uv) + +# Authenticate the credential +result = client.get_assertion(request_options["publicKey"]) + +# Only one cred in allowCredentials, only one response. +result = result.get_response(0) + +# Complete authenticator +server.authenticate_complete( + state, + credentials, + result.credential_id, + result.client_data, + result.authenticator_data, + result.signature, +) + +print("Credential authenticated!") + +print("CLIENT DATA:", result.client_data) +print() +print("AUTH DATA:", result.authenticator_data) \ No newline at end of file