yubico / python-u2flib-host Goto Github PK
View Code? Open in Web Editor NEWPython based U2F host library
Home Page: https://developers.yubico.com/python-u2flib-host
License: BSD 2-Clause "Simplified" License
Python based U2F host library
Home Page: https://developers.yubico.com/python-u2flib-host
License: BSD 2-Clause "Simplified" License
Porting python-u2flib-server to cryptography I noticed that a few modules are duplicated in this project, and they're starting to diverge. Two examples are
u2flib_host.utils
and u2flib_server.utils
u2flib_host.soft
and python-u2flib-server/test/soft_u2f_v2.py
Are these intentional tradeoffs that you'd like to keep? Or mistakes you'd like fixed?
The options I see are
1 could allow bugs fixed in one package to go unfixed in the other. 2, 3 & 4 increase the complexity of making/keeping track of/declaring dependencies when releasing.
The following exception (which is silently ignored) prevent the Yubikey Nano 4 to be listed by u2f.list_devices() on MacOSX (not sure about the other OS):
Python 2.7:
Python 2.7.10 (default, Feb 7 2017, 00:08:15)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from u2flib_host import hid_transport
>>> hid_transport.list_devices()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/prousset/Library/Python/2.7/lib/python/site-packages/u2flib_host/hid_transport.py", line 81, in list_devices
device.open()
File "/Users/prousset/Library/Python/2.7/lib/python/site-packages/u2flib_host/hid_transport.py", line 116, in open
self.handle.open_path(self.path)
File "hid.pyx", line 72, in hid.device.open_path (hid.c:1909)
IOError: open failed
Python 3:
Python 3.6.1 (default, Apr 4 2017, 09:40:21)
[GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.38)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from u2flib_host import hid_transport
>>> hid_transport.list_devices()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.6/site-packages/u2flib_host/hid_transport.py", line 81, in list_devices
device.open()
File "/usr/local/lib/python3.6/site-packages/u2flib_host/hid_transport.py", line 116, in open
self.handle.open_path(self.path)
File "hid.pyx", line 72, in hid.device.open_path (hid.c:1909)
OSError: open failed
I have a real Yubikey,but I don't know how to take the place of the soft-u2f during the registration....
Hello~I have followed the steps given above,but when I run the command "u2f-register -s soft_device.json http://localhost:8081",the result is"u2f-register: command not found".I don't know how to solve it ?Can you help me ?
From https://thetis.io/collections/frontpage
idVendor=1ea8, idProduct=f025
[24833.970506] usb 2-6: USB disconnect, device number 16
[24835.896984] usb 2-6: new full-speed USB device number 17 using xhci_hcd
[24836.046010] usb 2-6: New USB device found, idVendor=1ea8, idProduct=f025
[24836.046012] usb 2-6: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[24836.046013] usb 2-6: Product: EsecuFIDO HID
[24836.046014] usb 2-6: Manufacturer: ExcelSecu
[24836.047735] hid-generic 0003:1EA8:F025.000C: hiddev2,hidraw10: USB HID v1.10 Device [ExcelSecu EsecuFIDO HID] on usb-0000:00:14.0-6/input0
Since d89ef7e changed the license to BSD, the 2 scripts still contain a GPL licence header e.g. u2f-authenticate
Is this intentional?
I’m developing a medical device that needs to communicate with a server to function. I need to secure this communication, and I’m trying to use u2f. The server is running Labview Web Services, but I’m able to make things work on the server side using the .Net server library. Where I’m stuck is in the trustedFacet stage. I output json according to the specification at FIDO:
{"trustedFacets":[{"version":{"major”:1,"minor":0},"ids":["https://myserver.example.com/u2f/AppID"]}]}
This gets rejected by appid.py verify_facet(self, app_id, facet, version=(2, 0))
I looked for a 2.0 version of FIDO AppID and Facet Specification v1.0, and can’t find it. No matter, I change the AppID to version 2.0 and it proceeds, but dies with:
File "register.py", line 23, in register return u2f.register(device, params, facet)
File "build/bdist.macosx-10.10-x86_64/egg/u2flib_host/u2f.py", line 52, in register
File "build/bdist.macosx-10.10-x86_64/egg/u2flib_host/u2f_v2.py", line 43, in register
File "build/bdist.macosx-10.10-x86_64/egg/u2flib_host/appid.py", line 140, in verify_facet
TypeError: valid_facets() takes exactly 3 arguments (2 given)
Looking at the code it seems like valid_facets is being called with:
trustedFacets = self.valid_facets(entry['ids'])
but is defined as:
valid_facets(self, app_id, facets):
This suggests that ids shouldn't be an array of strings, but rather an array of dicts. Am I missing something?
Thanks,
Jeff E Mandel MD MS
Assistant Professor of Anesthesiology & Critical Care
Perelman School of Medicine at the University of Pennsylvania
Update:
I changed the line
trustedFacets = self.valid_facets(entry['ids'])
to
trustedFacets = self.valid_facets(app_id, entry['ids'])
and
verify_facet(self, app_id, facet, version=(2, 0))
to
verify_facet(self, app_id, facet, version=(1, 0))
u2f.register works now.
pthon-u2flib-host currently only Python 2.x (in particular CPython 2.x). The limiting factor is the required libraries. Porting python-u2flib-host would first require porting, or replacing
I'd like to propose M2Crypto be replaced, the project appears to be stalled (with no commits since May 2015) and it's written using SWIG which isn't compatible with PyPy. I'd like to propose cryptography
I'm happy to do the work and provide a PR, but first I'd like to check you're happy with the concept. Would Yubico be willing to use cryptography instead of M2Crypto for python-u2flib-host?
I find that there is no code in this project sending data to the server. is it because that i'm not carefully enough, or that there is really no communication between the host and the server in this project, and we need to complete it?
Can you add
(0x24dc, 0x0501), # JaCarta U2F
to DEVICES
in u2flib_host/hid_transport.py
?
Thank you.
There are numerous things broken related to strings.
This line ( https://github.com/Yubico/python-u2flib-host/blob/master/u2flib_host/register.py#L98 ) will fail because str() (with an encoding) on something which is already a str
raises a TypeError.
In the JSON parsing, all values are bytes
. this causes lookups using strings to fail, like here: https://github.com/Yubico/python-u2flib-host/blob/master/u2flib_host/u2f.py#L58
When attempting to use u2f-register
on Mavericks, I get the following error:
Traceback (most recent call last):
File "/usr/local/bin/u2f-register", line 4, in <module>
__import__('pkg_resources').run_script('python-u2flib-host==2.0.0', 'u2f-register')
File "build/bdist.macosx-10.9-x86_64/egg/pkg_resources.py", line 534, in run_script
File "build/bdist.macosx-10.9-x86_64/egg/pkg_resources.py", line 1445, in run_script
File "/usr/local/Cellar/python/2.7.8_2/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/python_u2flib_host-2.0.0-py2.7.egg/EGG-INFO/scripts/u2f-register", line 95, in <module>
File "build/bdist.macosx-10.9-x86_64/egg/u2flib_host/u2f.py", line 31, in list_devices
File "build/bdist.macosx-10.9-x86_64/egg/u2flib_host/ccid_transport.py", line 30, in list_devices
File "/usr/local/lib/python2.7/site-packages/smartcard/System.py", line 41, in readers
return smartcard.reader.ReaderFactory.ReaderFactory.readers(groups)
File "/usr/local/lib/python2.7/site-packages/smartcard/reader/ReaderFactory.py", line 59, in readers
zreaders += fm(groups)
File "/usr/local/lib/python2.7/site-packages/smartcard/pcsc/PCSCReader.py", line 107, in readers
hcontext = PCSCContext().getContext()
File "/usr/local/lib/python2.7/site-packages/smartcard/pcsc/PCSCContext.py", line 53, in __init__
PCSCContext.instance = PCSCContext.__PCSCContextSingleton()
File "/usr/local/lib/python2.7/site-packages/smartcard/pcsc/PCSCContext.py", line 40, in __init__
raise EstablishContextException(hresult)
smartcard.pcsc.PCSCExceptions.EstablishContextException: 'Failure to establish context: Service not available.'
I'm using the test data from the README
on the Yubico/u2f-host
repo feeding in from a file. It appears to be something jacked up with the usage or my install of the smartcard library, but I can't figure out exactly what could be going on.
On line 71 in hid_transport.py only the following line is implemented:
devices.append(HIDDevice)
whereas I would expect that an object of the class HIDDevice would be implemented, like below:
devices.append(HIDDevice(d['path']))
Is there another way to obtain a list of actual HIDDevice objects? Or am I doing something wrong?
From the use of argparse in the scripts I infer only Python 2.7 (and possibly 3.2+) is supported, but that may be a bug.
Let me know the answer and I'll submit a pull request to document it, and if necessary fix missing 2.6 support.
Using the aws-google-auth app (which makes use of this library) along with my Yubikey 5 NFC
I was getting U2F device not found errors, digging deeper and this library was throwing an error on the send_apdu call with error code 0X6A80 being returned which points to an error in the data that the library is sending to the device.
Unfortunately i don't have enough experience with the APDU spec in order to debug this any further
hi,
with this code :
from u2flib_host import u2f
device = u2f.list_devices()
device = device.pop()
# next dictionary come from u2fval_client
registrationRequest = {u'challenge': u'-X0I9Cor1oh3ZoRff1F1h2cA_O9zeQtLMwIYXTMBHJo', u'version': u'U2F_V2', u'appId': u'https://localhost.localdomain'}
with device as yubikey:
registrationResponse = u2f.register(yubikey, registrationRequest, 'https://localhost.localdomain')
I've this error :
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
File "/home/pascal/yubico/yubihost/lib/python2.7/site-packages/u2flib_host/u2f.py", line 63, in register
return lib.register(device, data, facet)
File "/home/pascal/yubico/yubihost/lib/python2.7/site-packages/u2flib_host/u2f_v2.py", line 70, in register
response = device.send_apdu(INS_ENROLL, p1, p2, request)
File "/home/pascal/yubico/yubihost/lib/python2.7/site-packages/u2flib_host/device.py", line 113, in send_apdu
raise exc.APDUError(status)
u2flib_host.exc.APDUError: 0x6985
and the yubikey blinks.
if I touch the yubikey (light is on) before calling u2f.register, a response is returned by the key (light is turned off) :
with device as yubikey:
registrationResponse = u2f.register(yubikey, registrationRequest, 'https://localhost.localdomain')
registrationResponse
{'registrationData': ..., 'clientData': ...}
apdu_data = struct.pack('B B B B B B B %is B B' % size,0, ins, p1, p2, l0, l1, l2, data, 0x04, 0x00)
It shows that struct.error: required argument is not an integer
Can you add
(0x1209, 0x53c1), # Trezor U2F/FIDO2
to DEVICES
in u2flib_host/hid_transport.py
?
Thank you.
It reads:
from u2flib_host.yubicommon.setup import setup
To build a package from it, it should read:
from setuptools import setup
In U2F spec U2F_REGISTER command parameter define P1 => 0x00, P2 => 0x00. But this code P1 => 0x03, P2 => 0x00.
python-u2flib-host/u2flib_host/u2f_v2.py
Lines 71 to 73 in 7431bd1
Nevertheless YubiKey work fine...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.