doitian/verify_joyid_webauthn.py

## verify_joyid_webauthn.py
import base64
from Crypto.Hash import SHA256
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
from Crypto.Util.asn1 import DerSequence


response = {
    "signature": "MEUCICF25qdO6nLreEoBHnyaw-9R6XFHbIu-NwsAI53t016qAiEAgmhlwTEMxoWx"
    "Kj79R1rUkB_6nrhJfws82DqHkY_HnqQ",
    "message": "K4sF4fAwPvuJj-TW3mARmMenuGSrvmohxzsueH4YfFIFAAAAAHsidHlwZSI6IndlYmF1dGhuLmdldCIsImNoYWxsZW5nZSI6IlUybG5iaUIwYUdseklHWnZjaUJ0WlEiLCJvcmlnaW4iOiJodHRwczovL3Rlc3RuZXQuam95aWQuZGV2IiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
    "challenge": "Sign this for me",
    "alg": -7,
    "pubkey": "3538dfd53ad93d2e0a6e7f470295dcd71057d825e1f87229e5afe2a906aa7cfc099fdfa04442dac33548b6988af8af58d2052529088f7b73ef00800f7fbcddb3",
    "keyType": "main_key",
}

pubkey = ECC.import_key(
    bytes.fromhex("04" + response["pubkey"]),
    curve_name="secp256r1",
)
with open("pubkey.pem", "wt") as fout:
    fout.write(pubkey.export_key(format="PEM"))

message_bin = base64.urlsafe_b64decode(response["message"] + "==")
authenticator_data = message_bin[:37]
client_data = message_bin[37:]
# https://github.com/duo-labs/py_webauthn/blob/master/webauthn/authentication/verify_authentication_response.py
message_to_sign = authenticator_data + SHA256.new(client_data).digest()
with open("message.bin", "wb") as fout:
    fout.write(message_to_sign)

signature_der = base64.urlsafe_b64decode(response["signature"] + "==")
with open("signature.der", "wb") as fout:
    fout.write(signature_der)
signature_seq = DerSequence()
signature_seq.decode(signature_der)
signature = signature_seq[0].to_bytes(32) + signature_seq[1].to_bytes(32)

DSS.new(pubkey, "fips-186-3").verify(SHA256.new(message_to_sign), signature)
print("Verified OK")
	import base64
	from Crypto.Hash import SHA256
	from Crypto.PublicKey import ECC
	from Crypto.Signature import DSS
	from Crypto.Util.asn1 import DerSequence


	response = {
	"signature": "MEUCICF25qdO6nLreEoBHnyaw-9R6XFHbIu-NwsAI53t016qAiEAgmhlwTEMxoWx"
	"Kj79R1rUkB_6nrhJfws82DqHkY_HnqQ",
	"message": "K4sF4fAwPvuJj-TW3mARmMenuGSrvmohxzsueH4YfFIFAAAAAHsidHlwZSI6IndlYmF1dGhuLmdldCIsImNoYWxsZW5nZSI6IlUybG5iaUIwYUdseklHWnZjaUJ0WlEiLCJvcmlnaW4iOiJodHRwczovL3Rlc3RuZXQuam95aWQuZGV2IiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
	"challenge": "Sign this for me",
	"alg": -7,
	"pubkey": "3538dfd53ad93d2e0a6e7f470295dcd71057d825e1f87229e5afe2a906aa7cfc099fdfa04442dac33548b6988af8af58d2052529088f7b73ef00800f7fbcddb3",
	"keyType": "main_key",
	}

	pubkey = ECC.import_key(
	bytes.fromhex("04" + response["pubkey"]),
	curve_name="secp256r1",
	)
	with open("pubkey.pem", "wt") as fout:
	fout.write(pubkey.export_key(format="PEM"))

	message_bin = base64.urlsafe_b64decode(response["message"] + "==")
	authenticator_data = message_bin[:37]
	client_data = message_bin[37:]
	# https://github.com/duo-labs/py_webauthn/blob/master/webauthn/authentication/verify_authentication_response.py
	message_to_sign = authenticator_data + SHA256.new(client_data).digest()
	with open("message.bin", "wb") as fout:
	fout.write(message_to_sign)

	signature_der = base64.urlsafe_b64decode(response["signature"] + "==")
	with open("signature.der", "wb") as fout:
	fout.write(signature_der)
	signature_seq = DerSequence()
	signature_seq.decode(signature_der)
	signature = signature_seq[0].to_bytes(32) + signature_seq[1].to_bytes(32)

	DSS.new(pubkey, "fips-186-3").verify(SHA256.new(message_to_sign), signature)
	print("Verified OK")