More signing extension

examples/sign.py

@@ -0,0 +1,178 @@
+# Copyright (c) 2024 Yubico AB
+# All rights reserved.
+#
+#   Redistribution and use in source and binary forms, with or
+#   without modification, are permitted provided that the following
+#   conditions are met:
+#
+#    1. Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#    2. Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+"""
+Connects to the first FIDO device found which supports the PRF extension,
+creates a new credential for it with the extension enabled, and uses it to
+derive two separate secrets.
+"""
+from fido2 import cbor
+from fido2.hid import CtapHidDevice
+from fido2.server import Fido2Server
+from fido2.client import Fido2Client, WindowsClient, UserInteraction
+from fido2.utils import sha256, websafe_encode
+from fido2.cose import CoseKey, ES256
+from getpass import getpass
+import ctypes
+import sys
+
+try:
+    from fido2.pcsc import CtapPcscDevice
+except ImportError:
+    CtapPcscDevice = None
+
+
+def enumerate_devices():
+    for dev in CtapHidDevice.list_devices():
+        yield dev
+    if CtapPcscDevice:
+        for dev in CtapPcscDevice.list_devices():
+            yield dev
+
+
+# Handle user interaction
+class CliInteraction(UserInteraction):
+    def prompt_up(self):
+        print("\nTouch your authenticator device now...\n")
+
+    def request_pin(self, permissions, rd_id):
+        return getpass("Enter PIN: ")
+
+    def request_uv(self, permissions, rd_id):
+        print("User Verification required.")
+        return True
+
+
+uv = "discouraged"
+rk = "discouraged"
+
+if WindowsClient.is_available() and not ctypes.windll.shell32.IsUserAnAdmin():
+    # Use the Windows WebAuthn API if available, and we're not running as admin
+    client = WindowsClient("https://example.com")
+else:
+    # Locate a device
+    for dev in enumerate_devices():
+        client = Fido2Client(
+            dev,
+            "https://example.com",
+            user_interaction=CliInteraction(),
+        )
+        if "sign" in client.info.extensions:
+            break
+    else:
+        print("No Authenticator with the sign extension found!")
+        sys.exit(1)
+
+server = Fido2Server({"id": "example.com", "name": "Example RP"}, attestation="none")
+user = {"id": b"user_id", "name": "A. User"}
+
+# Prepare parameters for makeCredential
+create_options, state = server.register_begin(
+    user,
+    resident_key_requirement=rk,
+    user_verification=uv,
+    authenticator_attachment="cross-platform",
+)
+
+message = b"I am a message"
+ph_data = sha256(message)
+
+# Create a credential
+result = client.make_credential(
+    {
+        **create_options["publicKey"],
+        "extensions": {
+            "sign": {
+                "generateKey": {"algorithms": [ES256.ALGORITHM], "phData": ph_data}
+            }
+        },
+    }
+)
+
+# Complete registration
+auth_data = server.register_complete(
+    state, result.client_data, result.attestation_object
+)
+credentials = [auth_data.credential_data]
+
+# PRF result:
+sign_result = result.extension_results.get("sign")
+print("CREATE sign result", sign_result)
+sign_key = sign_result.get("generatedKey")
+if not sign_key:
+    print("Failed to create credential with sign extension", result.extension_results)
+    sys.exit(1)
+
+pk = CoseKey.parse(cbor.decode(sign_key["publicKey"]))  # COSE key in bytes
+kh = sign_key["keyHandle"]  # key handle in bytes
+signature = sign_result.get("signature")
+print("public key", pk)
+print("keyHandle", kh.hex())
+
+print("Test verify signature", signature.hex())
+pk.verify(message, signature)
+print("Signature verified!")
+
+message = b"New message"
+ph_data = sha256(message)
+credential = result.attestation_object.auth_data.credential_data
+print("New credential created, with the sign extension.")
+
+# Prepare parameters for getAssertion
+allow_list = [{"type": "public-key", "id": credential.credential_id}]
+
+# Prepare parameters for getAssertion
+request_options, state = server.authenticate_begin(credentials, user_verification=uv)
+
+# Authenticate the credential
+result = client.get_assertion(
+    {
+        **request_options["publicKey"],
+        "extensions": {
+            "sign": {
+                "sign": {
+                    "phData": ph_data,
+                    "keyHandleByCredential": {
+                        websafe_encode(credential.credential_id): kh,
+                    },
+                },
+            }
+        },
+    }
+)
+
+# Only one cred in allowCredentials, only one response.
+result = result.get_response(0)
+
+sign_result = result.extension_results["sign"]
+print("GET sign result", sign_result)
+
+signature = sign_result.get("signature")
+
+print("Test verify signature", signature.hex())
+pk.verify(message, signature)
+print("Signature verified!")

fido2/cose.py

@@ -43,6 +43,10 @@ class CoseKey(dict):
 
     ALGORITHM: int = None  # type: ignore
 
+    def get_key_handle(self) -> Mapping[int, Any]:
+        """Returns a COSE Key Reference for the key."""
+        return {k: self[k] for k in (1, 2, 3) if k in self}
+
     def verify(self, message: bytes, signature: bytes) -> None:
         """Validates a digital signature over a given message.
 
@@ -121,6 +125,11 @@ class ES256(CoseKey):
     ALGORITHM = -7
     _HASH_ALG = hashes.SHA256()
 
+    def get_key_handle(self):
+        kh = dict(super().get_key_handle())
+        kh[1] = -2  # Ref-EC2
+        return kh
+
     def verify(self, message, signature):
         if self[-1] != 1:
             raise ValueError("Unsupported elliptic curve")

fido2/ctap2/extensions.py

@@ -370,7 +370,7 @@ def process_create_input(self, inputs):
 
         outputs = {
             3: gk["algorithms"],
-            4: 0b101,  # TODO: 0b001 if UV not "required"
+            4: 0b001,  # TODO: 0b101 if UV "required"
         }
 
         if "phData" in gk:
@@ -380,16 +380,15 @@ def process_create_input(self, inputs):
 
     def process_create_output(self, attestation_response, *args):
         data = attestation_response.auth_data.extensions.get(self.NAME)
-        att_obj = AttestationObject(data[7])
+        att_obj = AttestationResponse.from_dict(cbor.decode(data[7]))  # type: ignore
         cred_data = att_obj.auth_data.credential_data
         assert cred_data is not None  # nosec
         pk = cred_data.public_key
-        kh = cbor.encode({k: pk[k] for k in (1, 2, 3) if k in pk})
 
         output = {
             "generatedKey": {
                 "publicKey": cbor.encode(pk),
-                "keyHandle": kh,
+                "keyHandle": cbor.encode(pk.get_key_handle()),
             }
         }
 
@@ -406,18 +405,23 @@ def process_get_input(self, inputs):
         if "sign" not in data or "generateKey" in data:
             raise ValueError("Invalid inputs")
 
+        sign = data["sign"]
+        by_creds = sign["keyHandleByCredential"]
+
+        # Make sure all keys are valid IDs from allow_credentials
         allow_list = self._get_options.allow_credentials
         if not allow_list:
-            raise ValueError("None or empty allowCredential")
-
-        sign = data["sign"]
-        kh_map = sign["keyHandleByCredential"]
-        # We may have more keys, as allow_list has been filtered
-        khs = [kh_map[websafe_encode(cred.id)] for cred in allow_list]
+            raise ValueError("sign requires allowCredentials")
+        ids = {websafe_encode(c.id) for c in allow_list}
+        if ids.difference(by_creds):
+            raise ValueError("keyHandleByCredential is not valid")
+        if not self._selected:
+            return
+        kh = by_creds[websafe_encode(self._selected.id)]
 
         return {
             0: sign["phData"],
-            5: khs,
+            5: [kh],
         }
 
     def process_get_output(self, assertion_response, *args):