update to new fido2 version

2019-02-19 12:36:20 -05:00 · 2019-02-19 12:36:20 -05:00 · e537d00173
commit e537d00173
parent f6ff3c1b87
1 changed files with 14 additions and 8 deletions
--- a/tools/ctap_test.py
+++ b/tools/ctap_test.py
@ -20,6 +20,7 @@ from fido2.ctap1 import CTAP1
 from fido2.ctap2 import *
 from fido2.cose import *
 from fido2.utils import Timeout, sha256
+from fido2.attestation import Attestation
 import sys, os, time
 from random import randint
 from binascii import hexlify
@ -35,6 +36,11 @@ def ForceU2F(client, device):
    client._do_get_assertion = client._ctap1_get_assertion


+def VerifyAttestation(attest, data):
+    verifier = Attestation.for_type(attest.fmt)
+    verifier().verify(attest.att_statement, attest.auth_data, data.hash)
+
+
 class Packet(object):
    def __init__(self, data):
        l = len(data)
@ -415,7 +421,7 @@ class Tester:
            rp, user, challenge, pin=PIN, exclude_list=[]
        )
        t2 = time.time() * 1000
-        attest.verify(data.hash)
+        VerifyAttestation(attest, data)
        print("Register valid (%d ms)" % (t2 - t1))

        cred = attest.auth_data.credential_data
@ -465,7 +471,7 @@ class Tester:
                )
                print(attest.auth_data.counter)
                t2 = time.time() * 1000
-                attest.verify(data.hash)
+                VerifyAttestation(attest, data)
                print("Register valid (%d ms)" % (t2 - t1))
            sys.stdout.flush()

@ -511,7 +517,7 @@ class Tester:
                attest, data = self.client.make_credential(
                    rp, user, challenge, pin=PIN, exclude_list=[]
                )
-                attest.verify(data.hash)
+                VerifyAttestation(attest, data)
                # verify endian-ness is correct
                assert attest.auth_data.counter < 0x10000
                cred = attest.auth_data.credential_data
@ -535,7 +541,7 @@ class Tester:
            attest, data = self.client.make_credential(
                rp, user, challenge, pin=PIN, exclude_list=exclude_list
            )
-            attest.verify(data.hash)
+            VerifyAttestation(attest, data)
            cred = attest.auth_data.credential_data
            creds.append(cred)
            print("PASS")
@ -665,7 +671,7 @@ class Tester:
            rp, user0, challenge, pin=PIN, exclude_list=[], rk=True
        )
        t2 = time.time() * 1000
-        attest.verify(data.hash)
+        VerifyAttestation(attest, data)
        creds.append(attest.auth_data.credential_data)
        print("Register valid (%d ms)" % (t2 - t1))

@ -687,7 +693,7 @@ class Tester:
                rp, users[i], challenge, pin=PIN, exclude_list=[], rk=True
            )
            t2 = time.time() * 1000
-            attest.verify(data.hash)
+            VerifyAttestation(attest, data)
            print("Register valid (%d ms)" % (t2 - t1))

            creds.append(attest.auth_data.credential_data)
@ -710,7 +716,7 @@ class Tester:
            rp, users[1], challenge, pin=PIN, exclude_list=[], rk=True
        )
        t2 = time.time() * 1000
-        attest.verify(data.hash)
+        VerifyAttestation(attest, data)
        creds = creds[:2] + creds[3:] + [attest.auth_data.credential_data]
        print("Register valid (%d ms)" % (t2 - t1))

@ -775,7 +781,7 @@ class Tester:
                    rp, user, challenge, pin=PIN, exclude_list=[], rk=True
                )
                t2 = time.time() * 1000
-                attest.verify(data.hash)
+                VerifyAttestation(attest, data)
                creds = [attest.auth_data.credential_data]
                print("Register valid (%d ms)" % (t2 - t1))