CNSA-276-FP/tet.py

57 lines
1.7 KiB
Python

from fido2.server import Fido2Server
from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions)
from fido2.client import Fido2Client
from fido2.hid import CtapHidDevice
import os
# Setup the relying party (RP) entity
rp = PublicKeyCredentialRpEntity("eggtech.net", "test")
# Setup the user entity
user = PublicKeyCredentialUserEntity(
id=b'91974', # User ID as bytes
name="cyrus@eggtech.net",
display_name="Cyrus Schick"
)
# Define the public key credential parameters
cred_params = [
PublicKeyCredentialParameters("public-key", -7), # ES256
PublicKeyCredentialParameters("public-key", -257) # RS256
]
# FIDO2 Server setup
server = Fido2Server(rp)
# Generate a random challenge
challenge = os.urandom(32)
# Manually create the PublicKeyCredentialCreationOptions
options = PublicKeyCredentialCreationOptions(
rp=rp,
user=user,
challenge=challenge,
pub_key_cred_params=cred_params
)
# Start the registration process (adjust this method if needed)
registration_data, state = server.register_begin(
user=user,
challenge=challenge
)
# Assuming the device is the first one connected
device = next(CtapHidDevice.list_devices(), None)
if device is None:
raise ValueError("No FIDO device found")
# Client instance for the device
client = Fido2Client(device, "eggtech.net")
# Use the manual options we created for make_credential
attestation_object, client_data = client.make_credential(options)
# Finalize the registration to validate the response and store the credentials
auth_data = server.register_complete(state, client_data, attestation_object)