Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions NEWS
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
* Version 2.2.1 (released 2026-06-29)
** Server example: Migrate build tool from poetry to uv.
** Fix: Correctly format att_obj in previewSign.

* Version 2.2.0 (released 2026-04-15)
** Restrict DLL search paths (YSA-2026-01).
** Add support for experimental previewSign extension:
Expand Down
2 changes: 1 addition & 1 deletion examples/large_blobs.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@

# LargeBlob requires UV if it is configured
uv = "discouraged"
if info.options.get("clientPin"):
if info and info.options.get("clientPin"):
uv = "required"


Expand Down
41 changes: 22 additions & 19 deletions examples/prf.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,15 @@
authenticator_attachment="cross-platform",
)

# Generate salts for PRF:
salt = websafe_encode(os.urandom(32))
salt2 = websafe_encode(os.urandom(32))

# Create a credential
result = client.make_credential(
{
**create_options["publicKey"],
"extensions": {"prf": {}},
"extensions": {"prf": {"eval": {"first": salt, "second": salt2}}},
}
)

Expand All @@ -74,42 +78,41 @@
# the credential wasn't made with it, so keep going
print("Failed to create credential with PRF, it might not work")

print("New credential created, with the PRF extension.")

# If created with UV, keep using UV
if auth_data.is_user_verified():
uv = "required"

# Generate a salt for PRF:
salt = websafe_encode(os.urandom(32))
print("Authenticate with salt:", salt)
print("First salt:", salt)

# Prepare parameters for getAssertion
credentials = [credential]
request_options, state = server.authenticate_begin(credentials, user_verification=uv)

# Authenticate the credential
result = client.get_assertion(
{
**request_options["publicKey"],
"extensions": {"prf": {"eval": {"first": salt}}},
}
)
prf_results = result.client_extension_results.get("prf", {}).get("results")
if prf_results:
output1 = prf_results["first"]
print("Credential created, with salt. Secret:", output1)
else:
# Authenticate the credential
result = client.get_assertion(
{
**request_options["publicKey"],
"extensions": {"prf": {"eval": {"first": salt}}},
}
)

# Only one cred in allowCredentials, only one response.
response = result.get_response(0)
# Only one cred in allowCredentials, only one response.
response = result.get_response(0)

output1 = response.client_extension_results["prf"]["results"]["first"]
print("Authenticated, secret:", output1)
output1 = response.client_extension_results["prf"]["results"]["first"]
print("Authenticated, with salt. Secret:", output1)

# Authenticate again, using two salts to generate two secrets.

# This time we will use evalByCredential, which can be used if there are multiple
# credentials which use different salts. Here it is not needed, but provided for
# completeness of the example.

# Generate a second salt for PRF:
salt2 = websafe_encode(os.urandom(32))
print("Authenticate with second salt:", salt2)
# The first salt is reused, which should result in the same secret.

Expand Down
2 changes: 1 addition & 1 deletion examples/resident_key.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@

# Prefer UV if supported and configured
uv = "discouraged"
if info and info.options.get("uv") or info.options.get("bioEnroll"):
if info and (info.options.get("uv") or info.options.get("bioEnroll")):
uv = "preferred"
print("Authenticator is configured for User Verification")

Expand Down
96 changes: 80 additions & 16 deletions fido2/cose.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@
from cryptography.hazmat.primitives.asymmetric.types import PublicKeyTypes


_backend = default_backend()
_mldsa = hasattr(_backend, "mldsa_supported") and _backend.mldsa_supported()


class CoseKey(dict):
"""A COSE formatted public key.

Expand Down Expand Up @@ -118,7 +122,7 @@ def parse(cose: Mapping[int, Any]) -> CoseKey:
@staticmethod
def supported_algorithms() -> Sequence[int]:
"""Get a list of all supported algorithm identifiers"""
algs: Sequence[type[CoseKey]] = [
algs: list[type[CoseKey]] = [
ES256,
EdDSA,
ES384,
Expand All @@ -127,6 +131,9 @@ def supported_algorithms() -> Sequence[int]:
RS256,
ES256K,
]
if _mldsa:
algs.extend([MLDSA44, MLDSA65, MLDSA87])

return [cls.ALGORITHM for cls in algs]


Expand All @@ -146,9 +153,7 @@ def verify(self, message, signature):
raise ValueError("Unsupported elliptic curve")
ec.EllipticCurvePublicNumbers(
bytes2int(self[-2]), bytes2int(self[-3]), ec.SECP256R1()
).public_key(default_backend()).verify(
signature, message, ec.ECDSA(self._HASH_ALG)
)
).public_key(_backend).verify(signature, message, ec.ECDSA(self._HASH_ALG))

@classmethod
def from_cryptography_key(cls, public_key):
Expand Down Expand Up @@ -188,9 +193,7 @@ def verify(self, message, signature):
raise ValueError("Unsupported elliptic curve")
ec.EllipticCurvePublicNumbers(
bytes2int(self[-2]), bytes2int(self[-3]), ec.SECP384R1()
).public_key(default_backend()).verify(
signature, message, ec.ECDSA(self._HASH_ALG)
)
).public_key(_backend).verify(signature, message, ec.ECDSA(self._HASH_ALG))

@classmethod
def from_cryptography_key(cls, public_key):
Expand Down Expand Up @@ -221,9 +224,7 @@ def verify(self, message, signature):
raise ValueError("Unsupported elliptic curve")
ec.EllipticCurvePublicNumbers(
bytes2int(self[-2]), bytes2int(self[-3]), ec.SECP521R1()
).public_key(default_backend()).verify(
signature, message, ec.ECDSA(self._HASH_ALG)
)
).public_key(_backend).verify(signature, message, ec.ECDSA(self._HASH_ALG))

@classmethod
def from_cryptography_key(cls, public_key):
Expand Down Expand Up @@ -251,7 +252,7 @@ class RS256(CoseKey):

def verify(self, message, signature):
rsa.RSAPublicNumbers(bytes2int(self[-2]), bytes2int(self[-1])).public_key(
default_backend()
_backend
).verify(signature, message, padding.PKCS1v15(), self._HASH_ALG)

@classmethod
Expand All @@ -267,7 +268,7 @@ class PS256(CoseKey):

def verify(self, message, signature):
rsa.RSAPublicNumbers(bytes2int(self[-2]), bytes2int(self[-1])).public_key(
default_backend()
_backend
).verify(
signature,
message,
Expand Down Expand Up @@ -342,7 +343,7 @@ class RS1(CoseKey):

def verify(self, message, signature):
rsa.RSAPublicNumbers(bytes2int(self[-2]), bytes2int(self[-1])).public_key(
default_backend()
_backend
).verify(signature, message, padding.PKCS1v15(), self._HASH_ALG)

@classmethod
Expand All @@ -361,9 +362,7 @@ def verify(self, message, signature):
raise ValueError("Unsupported elliptic curve")
ec.EllipticCurvePublicNumbers(
bytes2int(self[-2]), bytes2int(self[-3]), ec.SECP256K1()
).public_key(default_backend()).verify(
signature, message, ec.ECDSA(self._HASH_ALG)
)
).public_key(_backend).verify(signature, message, ec.ECDSA(self._HASH_ALG))

@classmethod
def from_cryptography_key(cls, public_key):
Expand Down Expand Up @@ -462,3 +461,68 @@ def derive_public_key(self, ikm: bytes, ctx: bytes) -> Tuple[CoseKey, Mapping]:
}

return pk_cose, args


# MLDSA support was added in cryptography 47.0.0, and requires a supported backend
if _mldsa:
from cryptography.hazmat.primitives.asymmetric import mldsa

class MLDSA44(CoseKey):
ALGORITHM = -48

def verify(self, message, signature):
if self[1] != 7:
raise ValueError("Invalid key type")
pk = mldsa.MLDSA44PublicKey.from_public_bytes(self[-1])
pk.verify(signature, message)

@classmethod
def from_cryptography_key(cls, public_key):
assert isinstance(public_key, mldsa.MLDSA44PublicKey) # noqa: S101
return cls(
{
1: 7,
3: cls.ALGORITHM,
-1: public_key.public_bytes_raw(),
}
)

class MLDSA65(CoseKey):
ALGORITHM = -49

def verify(self, message, signature):
if self[1] != 7:
raise ValueError("Invalid key type")
pk = mldsa.MLDSA65PublicKey.from_public_bytes(self[-1])
pk.verify(signature, message)

@classmethod
def from_cryptography_key(cls, public_key):
assert isinstance(public_key, mldsa.MLDSA65PublicKey) # noqa: S101
return cls(
{
1: 7,
3: cls.ALGORITHM,
-1: public_key.public_bytes_raw(),
}
)

class MLDSA87(CoseKey):
ALGORITHM = -50

def verify(self, message, signature):
if self[1] != 7:
raise ValueError("Invalid key type")
pk = mldsa.MLDSA87PublicKey.from_public_bytes(self[-1])
pk.verify(signature, message)

@classmethod
def from_cryptography_key(cls, public_key):
assert isinstance(public_key, mldsa.MLDSA87PublicKey) # noqa: S101
return cls(
{
1: 7,
3: cls.ALGORITHM,
-1: public_key.public_bytes_raw(),
}
)
2 changes: 1 addition & 1 deletion fido2/hid/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ def _do_call(self, cmd, data, event, on_keepalive):
else: # Continuation packet
r_seq = struct.unpack_from(">B", recv)[0]
recv = recv[1:]
if r_seq != seq:
if r_seq != seq & 0x7F:
raise ConnectionFailure("Wrong sequence number")
seq += 1

Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[project]
name = "fido2"
version = "2.2.1-dev.0"
version = "2.2.2-dev.0"
description = "FIDO2/WebAuthn library for implementing clients and servers."
authors = [{ name = "Dain Nilsson", email = "<dain@yubico.com>" }]
readme = "README.adoc"
Expand Down
23 changes: 22 additions & 1 deletion tests/test_attestation.py

Large diffs are not rendered by default.

Loading