1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-13 19:18:56 +00:00

trezorctl: Implement credential management command.

This commit is contained in:
Andrew Kozlik 2019-09-05 12:24:21 +02:00
parent 091053507d
commit 3e2ae5e469
3 changed files with 90 additions and 0 deletions

View File

@ -82,4 +82,7 @@ Use the following command to see all options:
tezos-sign-tx Sign Tezos transaction.
verify-message Verify message.
version Show version of trezorctl/trezorlib.
webauthn-add-credential Add the credential with the given ID as a resident credential.
webauthn-list-credentials List all resident credentials on the device.
webauthn-remove-credential Remove the resident credential at the given index.
wipe-device Reset device to factory defaults and remove all private data.

View File

@ -54,6 +54,7 @@ from trezorlib import (
tezos,
tools,
ui,
webauthn,
)
from trezorlib.client import TrezorClient
from trezorlib.transport import enumerate_devices, get_transport
@ -1929,6 +1930,58 @@ def binance_sign_tx(connect, address, file):
return binance.sign_tx(client, address_n, json.load(file))
#
# WebAuthn functions
#
@cli.command(help="List all resident credentials on the device.")
@click.pass_obj
def webauthn_list_credentials(connect):
creds = webauthn.list_credentials(connect())
for cred in creds:
click.echo("")
click.echo("WebAuthn credential at index {}:".format(cred.index))
if cred.rp_id is not None:
click.echo(" Relying party ID: {}".format(cred.rp_id))
if cred.rp_name is not None:
click.echo(" Relying party name: {}".format(cred.rp_name))
if cred.user_id is not None:
click.echo(" User ID: {}".format(cred.user_id.hex()))
if cred.user_name is not None:
click.echo(" User name: {}".format(cred.user_name))
if cred.user_display_name is not None:
click.echo(" User display name: {}".format(cred.user_display_name))
if cred.creation_time is not None:
click.echo(" Creation time: {}".format(cred.creation_time))
if cred.hmac_secret is not None:
click.echo(" hmac-secret enabled: {}".format(cred.hmac_secret))
click.echo(" Credential ID: {}".format(cred.id.hex()))
if not creds:
click.echo("There are no resident credentials stored on the device.")
@cli.command()
@click.argument("hex_credential_id")
@click.pass_obj
def webauthn_add_credential(connect, hex_credential_id):
"""Add the credential with the given ID as a resident credential.
HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string.
"""
return webauthn.add_credential(connect(), bytes.fromhex(hex_credential_id))
@cli.command(help="Remove the resident credential at the given index.")
@click.option(
"-i", "--index", required=True, type=click.IntRange(0, 15), help="Credential index."
)
@click.pass_obj
def webauthn_remove_credential(connect, index):
return webauthn.remove_credential(connect(), index)
#
# Main
#

View File

@ -0,0 +1,34 @@
# This file is part of the Trezor project.
#
# Copyright (C) 2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
from . import messages as proto
from .tools import expect
@expect(proto.WebAuthnCredentials, field="credentials")
def list_credentials(client):
return client.call(proto.WebAuthnListResidentCredentials())
@expect(proto.Success, field="message")
def add_credential(client, credential_id):
return client.call(proto.WebAuthnAddResidentCredential(credential_id))
@expect(proto.Success, field="message")
def remove_credential(client, index):
return client.call(proto.WebAuthnRemoveResidentCredential(index))