113 lines
4.5 KiB
Diff
113 lines
4.5 KiB
Diff
|
diff --git a/test/soft_u2f_v2.py b/test/soft_u2f_v2.py
|
||
|
index d011b1f..9a24bb9 100644
|
||
|
--- a/test/soft_u2f_v2.py
|
||
|
+++ b/test/soft_u2f_v2.py
|
||
|
@@ -112,9 +112,7 @@ class SoftU2FDevice(object):
|
||
|
CERT_PRIV, password=None, backend=default_backend())
|
||
|
cert = CERT
|
||
|
data = b'\x00' + app_param + client_param + key_handle + pub_key
|
||
|
- signer = cert_priv.signer(ec.ECDSA(hashes.SHA256()))
|
||
|
- signer.update(data)
|
||
|
- signature = signer.finalize()
|
||
|
+ signature = cert_priv.sign(data, ec.ECDSA(hashes.SHA256()))
|
||
|
|
||
|
raw_response = (b'\x05' + pub_key + six.int2byte(len(key_handle)) +
|
||
|
key_handle + cert + signature)
|
||
|
@@ -163,9 +161,7 @@ class SoftU2FDevice(object):
|
||
|
counter = struct.pack('>I', self.counter)
|
||
|
|
||
|
data = app_param + touch + counter + client_param
|
||
|
- signer = priv_key.signer(ec.ECDSA(hashes.SHA256()))
|
||
|
- signer.update(data)
|
||
|
- signature = signer.finalize()
|
||
|
+ signature = priv_key.sign(data, ec.ECDSA(hashes.SHA256()))
|
||
|
raw_response = touch + counter + signature
|
||
|
|
||
|
return SignResponse(
|
||
|
diff --git a/u2flib_server/attestation/resolvers.py b/u2flib_server/attestation/resolvers.py
|
||
|
index 034549f..cd59b10 100644
|
||
|
--- a/u2flib_server/attestation/resolvers.py
|
||
|
+++ b/u2flib_server/attestation/resolvers.py
|
||
|
@@ -86,27 +86,29 @@ class MetadataResolver(object):
|
||
|
cert_bytes = cert.tbs_certificate_bytes
|
||
|
|
||
|
if isinstance(pubkey, rsa.RSAPublicKey):
|
||
|
- verifier = pubkey.verifier(
|
||
|
- cert_signature,
|
||
|
- padding.PKCS1v15(),
|
||
|
- cert.signature_hash_algorithm
|
||
|
- )
|
||
|
+ try:
|
||
|
+ pubkey.verify(
|
||
|
+ cert_signature,
|
||
|
+ cert_bytes,
|
||
|
+ padding.PKCS1v15(),
|
||
|
+ cert.signature_hash_algorithm
|
||
|
+ )
|
||
|
+ return True
|
||
|
+ except InvalidSignature:
|
||
|
+ return False
|
||
|
elif isinstance(pubkey, ec.EllipticCurvePublicKey):
|
||
|
- verifier = pubkey.verifier(
|
||
|
- cert_signature,
|
||
|
- ec.ECDSA(cert.signature_hash_algorithm)
|
||
|
- )
|
||
|
+ try:
|
||
|
+ pubkey.verify(
|
||
|
+ cert_signature,
|
||
|
+ cert_bytes,
|
||
|
+ ec.ECDSA(cert.signature_hash_algorithm)
|
||
|
+ )
|
||
|
+ return True
|
||
|
+ except InvalidSignature:
|
||
|
+ return False
|
||
|
else:
|
||
|
raise ValueError("Unsupported public key value")
|
||
|
|
||
|
- verifier.update(cert_bytes)
|
||
|
-
|
||
|
- try:
|
||
|
- verifier.verify()
|
||
|
- return True
|
||
|
- except InvalidSignature:
|
||
|
- return False
|
||
|
-
|
||
|
def resolve(self, cert):
|
||
|
if isinstance(cert, bytes):
|
||
|
cert = x509.load_der_x509_certificate(cert, default_backend())
|
||
|
diff --git a/u2flib_server/model.py b/u2flib_server/model.py
|
||
|
index 481be51..6ec01bb 100644
|
||
|
--- a/u2flib_server/model.py
|
||
|
+++ b/u2flib_server/model.py
|
||
|
@@ -175,12 +175,9 @@ class RegistrationData(object):
|
||
|
cert = x509.load_der_x509_certificate(self.certificate,
|
||
|
default_backend())
|
||
|
pubkey = cert.public_key()
|
||
|
- verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256()))
|
||
|
-
|
||
|
- verifier.update(b'\0' + app_param + chal_param + self.key_handle +
|
||
|
- self.pub_key)
|
||
|
+ msg = (b'\0' + app_param + chal_param + self.key_handle + self.pub_key)
|
||
|
try:
|
||
|
- verifier.verify()
|
||
|
+ pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256()))
|
||
|
except InvalidSignature:
|
||
|
raise ValueError('Attestation signature is invalid')
|
||
|
|
||
|
@@ -207,13 +204,9 @@ class SignatureData(object):
|
||
|
def verify(self, app_param, chal_param, der_pubkey):
|
||
|
pubkey = load_der_public_key(PUB_KEY_DER_PREFIX + der_pubkey,
|
||
|
default_backend())
|
||
|
- verifier = pubkey.verifier(self.signature, ec.ECDSA(hashes.SHA256()))
|
||
|
- verifier.update(app_param +
|
||
|
- six.int2byte(self.user_presence) +
|
||
|
- struct.pack('>I', self.counter) +
|
||
|
- chal_param)
|
||
|
+ msg = app_param + six.int2byte(self.user_presence) + struct.pack('>I', self.counter) + chal_param
|
||
|
try:
|
||
|
- verifier.verify()
|
||
|
+ pubkey.verify(self.signature, msg, ec.ECDSA(hashes.SHA256()))
|
||
|
except InvalidSignature:
|
||
|
raise ValueError('U2F signature is invalid')
|
||
|
|