From 67b2ba558bf251dd42b245159d99fd079ecdee5c Mon Sep 17 00:00:00 2001 From: matejcik Date: Thu, 28 Nov 2019 15:51:41 +0100 Subject: [PATCH] core: auto-generate list of FIDO known apps and improve code for loading icons --- core/src/apps/webauthn/confirm.py | 25 +- core/src/apps/webauthn/credential.py | 19 +- core/src/apps/webauthn/fido2.py | 8 +- core/src/apps/webauthn/knownapps.py | 365 +++++++++++++++-------- core/src/apps/webauthn/knownapps.py.mako | 48 +++ 5 files changed, 312 insertions(+), 153 deletions(-) create mode 100644 core/src/apps/webauthn/knownapps.py.mako diff --git a/core/src/apps/webauthn/confirm.py b/core/src/apps/webauthn/confirm.py index 00c5bae616..536d200b1c 100644 --- a/core/src/apps/webauthn/confirm.py +++ b/core/src/apps/webauthn/confirm.py @@ -5,6 +5,9 @@ if False: from typing import Optional +DEFAULT_ICON = "apps/webauthn/res/icon_webauthn.toif" + + class ConfirmInfo: def __init__(self) -> None: self.app_icon = None # type: Optional[bytes] @@ -20,23 +23,13 @@ class ConfirmInfo: def load_icon(self, rp_id_hash: bytes) -> None: from trezor import res - from apps.webauthn.knownapps import knownapps + from apps.webauthn import knownapps - app_name = knownapps.get(rp_id_hash, {}).get( - "label", None - ) # type: Optional[str] - if app_name is not None: - resource = "apps/webauthn/res/icon_%s.toif" % app_name.lower().replace( - " ", "_" - ) - try: - self.app_icon = res.load(resource) - except KeyError: - pass - else: - return - - self.app_icon = res.load("apps/webauthn/res/icon_webauthn.toif") + fido_app = knownapps.by_rp_id_hash(rp_id_hash) + if fido_app is not None and fido_app.icon is not None: + self.app_icon = res.load(fido_app.icon) + else: + self.app_icon = res.load(DEFAULT_ICON) class ConfirmContent(ui.Component): diff --git a/core/src/apps/webauthn/credential.py b/core/src/apps/webauthn/credential.py index e1d479556c..8222d37790 100644 --- a/core/src/apps/webauthn/credential.py +++ b/core/src/apps/webauthn/credential.py @@ -261,17 +261,16 @@ class U2fCredential(Credential): self.id = keypath + mac.digest() def app_name(self) -> str: - from apps.webauthn.knownapps import knownapps + from apps.webauthn import knownapps - app_name = knownapps.get(self.rp_id_hash, {}).get( - "label", None - ) # type: Optional[str] - if app_name is None: - app_name = "%s...%s" % ( - hexlify(self.rp_id_hash[:4]).decode(), - hexlify(self.rp_id_hash[-4:]).decode(), - ) - return app_name + app = knownapps.by_rp_id_hash(self.rp_id_hash) + if app is not None: + return app.label + + return "%s...%s" % ( + hexlify(self.rp_id_hash[:4]).decode(), + hexlify(self.rp_id_hash[-4:]).decode(), + ) @staticmethod def from_key_handle(key_handle: bytes, rp_id_hash: bytes) -> "U2fCredential": diff --git a/core/src/apps/webauthn/fido2.py b/core/src/apps/webauthn/fido2.py index 1e676b418a..f8524d12a3 100644 --- a/core/src/apps/webauthn/fido2.py +++ b/core/src/apps/webauthn/fido2.py @@ -1356,7 +1356,7 @@ def algorithms_from_pub_key_cred_params(pub_key_cred_params: List[dict]) -> List def cbor_make_credential(req: Cmd, dialog_mgr: DialogManager) -> Optional[Cmd]: - from apps.webauthn.knownapps import knownapps + from apps.webauthn import knownapps if not storage.is_initialized(): if __debug__: @@ -1414,7 +1414,11 @@ def cbor_make_credential(req: Cmd, dialog_mgr: DialogManager) -> Optional[Cmd]: except Exception: return cbor_error(req.cid, _ERR_INVALID_CBOR) - cred.use_sign_count = knownapps.get(rp_id_hash, {}).get("use_sign_count", True) + app = knownapps.by_rp_id_hash(rp_id_hash) + if app is not None and app.use_sign_count is not None: + cred.use_sign_count = app.use_sign_count + else: + cred.use_sign_count = True # Check data types. if ( diff --git a/core/src/apps/webauthn/knownapps.py b/core/src/apps/webauthn/knownapps.py index c621d4effe..b468f611dd 100644 --- a/core/src/apps/webauthn/knownapps.py +++ b/core/src/apps/webauthn/knownapps.py @@ -1,126 +1,241 @@ -# contents generated via script in -# trezor-common/defs/webauthn/gen.py -# do not edit manually +# generated from knownapps.py.mako +# do not edit manually! +# flake8: noqa -knownapps = { - # U2F - b"\x12t;\x92\x12\x97\xb7\x7f\x115\xe4\x1f\xde\xddJ\x84j\xfe\x82\xe1\xf3i2\xa9\x91/;\r\x8d\xfb}\x0e": { - "label": "Bitbucket", - "use_sign_count": True, - }, - b"0/\xd5\xb4I*\x07\xb9\xfe\xbb0\xe72i\xec\xa5\x01 \\\xcf\xe0\xc2\x0b\xf7\xb4r\xfa-1\xe2\x1ec": { - "label": "Bitfinex", - "use_sign_count": True, - }, - b"\xa3M0\x9f\xfa(\xc1$\x14\xb8\xbal\x07\xee\x1e\xfa\xe1\xa8^\x8a\x04aHY\xa6|\x04\x93\xb6\x95a\x90": { - "label": "Bitwarden", - "use_sign_count": True, - }, - b"h \x19\x15\xd7L\xb4*\xf5\xb3\xcc\\\x95\xb9U>>:\x83\xb4\xd2\xa9;E\xfb\xad\xaa\x84i\xff\x8en": { - "label": "Dashlane", - "use_sign_count": True, - }, - b'\xc5\x0f\x8a{p\x8e\x92\xf8.zP\xe2\xbd\xc5]\x8f\xd9\x1a"\xfek)\xc0\xcd\xf7\x80U0\x84*\xf5\x81': { - "label": "Dropbox", - "use_sign_count": True, - }, - b"\xf3\xe2\x04/\x94`}\xa0\xa9\xc1\xf3\xb9^\r/+\xb2\xe0i\xc5\xbbO\xa7d\xaf\xfad}\x84{~\xd6": { - "label": "Duo", - "use_sign_count": True, - }, - b"if\xab\xe3gN\xa2\xf50y\xebq\x01\x97\x84\x8c\x9b\xe6\xf3c\x99/\xd0)\xe9\x89\x84G\xcb\x9f\x00\x84": { - "label": "FastMail", - "use_sign_count": True, - }, - b"\x9daD/\\\xe13\xbdFTO\xc4/\nmT\xc0\xde\xb8\x88@\xca\xc2\xb6\xae\xfae\x14\xf8\x93I\xe9": { - "label": "Fedora", - "use_sign_count": True, - }, - b"\xa4\xe2-\xca\xfe\xa7\xe9\x0e\x12\x89P\x119\x89\xfcE\x97\x8d\xc9\xfb\x87vu`Ql\x1ci\xdf\xdf\xd1\x96": { - "label": "Gandi", - "use_sign_count": True, - }, - b"pa}\xfe\xd0e\x86:\xf4|\x15Ul\x91y\x88\x80\x82\x8c\xc4\x07\xfd\xf7\n\xe8P\x11V\x94e\xa0u": { - "label": "GitHub", - "use_sign_count": True, - }, - b"\xe7\xbe\x96\xa5\x1b\xd0\x19*r\x84\r.Y\t\xf7+\xa8*/\xe9?\xaabO\x039k0\xe4\x94\xc8\x04": { - "label": "GitLab", - "use_sign_count": True, - }, - b'\xa5Fr\xb2"\xc4\xcf\x95\xe1Q\xed\x8dM\x960\x18\xcd\xdb\xd9": { - "label": "Gandi", - "use_sign_count": False, - }, - b":\xeb\x00$`8\x1co%\x8e\x83\x95\xd3\x02oW\x1f\r\x9avH\x8d\xcd\x83v9\xb1:\xed1e`": { - "label": "GitHub", - "use_sign_count": True, - }, - b"\xd4\xc9\xd9\x02s&'\x1a\x89\xceQ\xfc\xaf2\x8e\xd6s\xf1{\xe34i\xff\x97\x9e\x8a\xb8\xddP\x1efO": { - "label": "Google", - }, - b"\xf8?\xc3\xa1\xb2\x89\xa0\xde\xc5\xc1\xc8\xaa\x07\xe9\xb5\xdd\x9c\xbbv\xf6\xb2\xf5``\x17frh\xe5\xb9\xc4^": { - "label": "login.gov", - "use_sign_count": False, - }, - b"5l\x9e\xd4\xa0\x93!\xb9i_\x1e\xaf\x91\x82\x03\xf1\xb5_h\x9d\xa6\x1f\xbc\x96\x18L\x15}\xdah\x0c\x81": { - "label": "Microsoft", - "use_sign_count": False, - }, - b"\xab-\xaf\x07C\xdex*p\x18\x9a\x0f^\xfc0\x90/\x92[\x9f\x9a\x18\xc5\xd7\x14\x1b{\x12\xf8\xa0\x10\x0c": { - "label": "mojeID", - }, - b"\xa6B\xd2\x1b|mU\xe1\xce#\xc59\x98(\xd2\xc7I\xbfjn\xf2\xfe\x03\xcc\x9e\x10\xcd\xf4\xedS\x08\x8b": { - "label": "webauthn.bin.coffee", - }, - b"t\xa6\xea\x92\x13\xc9\x9c/t\xb2$\x92\xb3 \xcf@&*\x94\xc1\xa9P\xa09\x7f)%\x0b`\x84\x1e\xf0": { - "label": "WebAuthn.io", - }, - b"\xf9[\xc78(\xee!\x0f\x9f\xd3\xbb\xe7-\x97\x90\x80\x13\xb0\xa3u\x9e\x9a\xea=\n\xe3\x18vl\xd2\xe1\xad": { - "label": "WebAuthn.me", - }, - b"\xc4l\xef\x82\xad\x1bTdwY\x1d\x00\x8b\x08u\x9e\xc3\xe6\xd2\xec\xb4\xf3\x94t\xbf\xeaii\x92]\x03\xb7": { - "label": "demo.yubico.com", - }, -} # type: dict + +if False: + from typing import Optional + + +class FIDOApp: + def __init__( + self, label: str, icon: Optional[str], use_sign_count: Optional[bool] + ) -> None: + self.label = label + self.icon = icon + self.use_sign_count = use_sign_count + + +# fmt: off +def by_rp_id_hash(rp_id_hash: bytes) -> Optional[FIDOApp]: + if False: + raise RuntimeError # if false + elif rp_id_hash == b"\xc3\x40\x8c\x04\x47\x88\xae\xa5\xb3\xdf\x30\x89\x52\xfd\x8c\xa3\xc7\x0e\x21\xfe\xf4\xf6\xc1\xc2\x37\x4c\xaa\x1d\xf9\xb2\x8d\xdd": + # WebAuthn key for Binance + return FIDOApp( + label="Binance", + icon="apps/webauthn/res/icon_binance.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\x12\x74\x3b\x92\x12\x97\xb7\x7f\x11\x35\xe4\x1f\xde\xdd\x4a\x84\x6a\xfe\x82\xe1\xf3\x69\x32\xa9\x91\x2f\x3b\x0d\x8d\xfb\x7d\x0e": + # U2F key for Bitbucket + return FIDOApp( + label="Bitbucket", + icon="apps/webauthn/res/icon_bitbucket.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x30\x2f\xd5\xb4\x49\x2a\x07\xb9\xfe\xbb\x30\xe7\x32\x69\xec\xa5\x01\x20\x5c\xcf\xe0\xc2\x0b\xf7\xb4\x72\xfa\x2d\x31\xe2\x1e\x63": + # U2F key for Bitfinex + return FIDOApp( + label="Bitfinex", + icon="apps/webauthn/res/icon_bitfinex.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xa3\x4d\x30\x9f\xfa\x28\xc1\x24\x14\xb8\xba\x6c\x07\xee\x1e\xfa\xe1\xa8\x5e\x8a\x04\x61\x48\x59\xa6\x7c\x04\x93\xb6\x95\x61\x90": + # U2F key for Bitwarden + return FIDOApp( + label="Bitwarden", + icon="apps/webauthn/res/icon_bitwarden.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x68\x20\x19\x15\xd7\x4c\xb4\x2a\xf5\xb3\xcc\x5c\x95\xb9\x55\x3e\x3e\x3a\x83\xb4\xd2\xa9\x3b\x45\xfb\xad\xaa\x84\x69\xff\x8e\x6e": + # U2F key for Dashlane + return FIDOApp( + label="Dashlane", + icon="apps/webauthn/res/icon_dashlane.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xc5\x0f\x8a\x7b\x70\x8e\x92\xf8\x2e\x7a\x50\xe2\xbd\xc5\x5d\x8f\xd9\x1a\x22\xfe\x6b\x29\xc0\xcd\xf7\x80\x55\x30\x84\x2a\xf5\x81": + # U2F key for Dropbox + return FIDOApp( + label="Dropbox", + icon="apps/webauthn/res/icon_dropbox.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\x82\xf4\xa8\xc9\x5f\xec\x94\xb2\x6b\xaf\x9e\x37\x25\x0e\x95\x63\xd9\xa3\x66\xc7\xbe\x26\x1c\xa4\xdd\x01\x01\xf4\xd5\xef\xcb\x83": + # WebAuthn key for Dropbox + return FIDOApp( + label="Dropbox", + icon="apps/webauthn/res/icon_dropbox.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\xf3\xe2\x04\x2f\x94\x60\x7d\xa0\xa9\xc1\xf3\xb9\x5e\x0d\x2f\x2b\xb2\xe0\x69\xc5\xbb\x4f\xa7\x64\xaf\xfa\x64\x7d\x84\x7b\x7e\xd6": + # U2F key for Duo + return FIDOApp( + label="Duo", + icon="apps/webauthn/res/icon_duo.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x69\x66\xab\xe3\x67\x4e\xa2\xf5\x30\x79\xeb\x71\x01\x97\x84\x8c\x9b\xe6\xf3\x63\x99\x2f\xd0\x29\xe9\x89\x84\x47\xcb\x9f\x00\x84": + # U2F key for FastMail + return FIDOApp( + label="FastMail", + icon="apps/webauthn/res/icon_fastmail.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x9d\x61\x44\x2f\x5c\xe1\x33\xbd\x46\x54\x4f\xc4\x2f\x0a\x6d\x54\xc0\xde\xb8\x88\x40\xca\xc2\xb6\xae\xfa\x65\x14\xf8\x93\x49\xe9": + # U2F key for Fedora + return FIDOApp( + label="Fedora", + icon="apps/webauthn/res/icon_fedora.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xa4\xe2\x2d\xca\xfe\xa7\xe9\x0e\x12\x89\x50\x11\x39\x89\xfc\x45\x97\x8d\xc9\xfb\x87\x76\x75\x60\x51\x6c\x1c\x69\xdf\xdf\xd1\x96": + # U2F key for Gandi + return FIDOApp( + label="Gandi", + icon="apps/webauthn/res/icon_gandi.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\x54\xce\x65\x1e\xd7\x15\xb4\xaa\xa7\x55\xee\xce\xbd\x4e\xa0\x95\x08\x15\xb3\x34\xbd\x07\xd1\x09\x89\x3e\x96\x30\x18\xcd\xdb\xd9": + # WebAuthn key for Gandi + return FIDOApp( + label="Gandi", + icon="apps/webauthn/res/icon_gandi.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\x70\x61\x7d\xfe\xd0\x65\x86\x3a\xf4\x7c\x15\x55\x6c\x91\x79\x88\x80\x82\x8c\xc4\x07\xfd\xf7\x0a\xe8\x50\x11\x56\x94\x65\xa0\x75": + # U2F key for GitHub + return FIDOApp( + label="GitHub", + icon="apps/webauthn/res/icon_github.toif", + use_sign_count=True, + ) + elif rp_id_hash == b"\x3a\xeb\x00\x24\x60\x38\x1c\x6f\x25\x8e\x83\x95\xd3\x02\x6f\x57\x1f\x0d\x9a\x76\x48\x8d\xcd\x83\x76\x39\xb1\x3a\xed\x31\x65\x60": + # WebAuthn key for GitHub + return FIDOApp( + label="GitHub", + icon="apps/webauthn/res/icon_github.toif", + use_sign_count=True, + ) + elif rp_id_hash == b"\xe7\xbe\x96\xa5\x1b\xd0\x19\x2a\x72\x84\x0d\x2e\x59\x09\xf7\x2b\xa8\x2a\x2f\xe9\x3f\xaa\x62\x4f\x03\x39\x6b\x30\xe4\x94\xc8\x04": + # U2F key for GitLab + return FIDOApp( + label="GitLab", + icon="apps/webauthn/res/icon_gitlab.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xa5\x46\x72\xb2\x22\xc4\xcf\x95\xe1\x51\xed\x8d\x4d\x3c\x76\x7a\x6c\xc3\x49\x43\x59\x43\x79\x4e\x88\x4f\x3d\x02\x3a\x82\x29\xfd": + # U2F key for Google + return FIDOApp( + label="Google", + icon="apps/webauthn/res/icon_google.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xd4\xc9\xd9\x02\x73\x26\x27\x1a\x89\xce\x51\xfc\xaf\x32\x8e\xd6\x73\xf1\x7b\xe3\x34\x69\xff\x97\x9e\x8a\xb8\xdd\x50\x1e\x66\x4f": + # WebAuthn key for Google + return FIDOApp( + label="Google", + icon="apps/webauthn/res/icon_google.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x53\xa1\x5b\xa4\x2a\x7c\x03\x25\xb8\xdb\xee\x28\x96\x34\xa4\x8f\x58\xae\xa3\x24\x66\x45\xd5\xff\x41\x8f\x9b\xb8\x81\x98\x85\xa9": + # U2F key for Keeper + return FIDOApp( + label="Keeper", + icon="apps/webauthn/res/icon_keeper.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xd6\x5f\x00\x5e\xf4\xde\xa9\x32\x0c\x99\x73\x05\x3c\x95\xff\x60\x20\x11\x5d\x5f\xec\x1b\x7f\xee\x41\xa5\x78\xe1\x8d\xf9\xca\x8c": + # U2F key for Keeper + return FIDOApp( + label="Keeper", + icon="apps/webauthn/res/icon_keeper.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xd7\x55\xc5\x27\xa8\x6b\xf7\x84\x45\xc2\x82\xe7\x13\xdc\xb8\x6d\x46\xff\x8b\x3c\xaf\xcf\xb7\x3b\x2e\x8c\xbe\x6c\x08\x84\xcb\x24": + # U2F key for LastPass + return FIDOApp( + label="LastPass", + icon="apps/webauthn/res/icon_lastpass.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\xf8\x3f\xc3\xa1\xb2\x89\xa0\xde\xc5\xc1\xc8\xaa\x07\xe9\xb5\xdd\x9c\xbb\x76\xf6\xb2\xf5\x60\x60\x17\x66\x72\x68\xe5\xb9\xc4\x5e": + # WebAuthn key for login.gov + return FIDOApp( + label="login.gov", + icon="apps/webauthn/res/icon_login.gov.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\x35\x6c\x9e\xd4\xa0\x93\x21\xb9\x69\x5f\x1e\xaf\x91\x82\x03\xf1\xb5\x5f\x68\x9d\xa6\x1f\xbc\x96\x18\x4c\x15\x7d\xda\x68\x0c\x81": + # WebAuthn key for Microsoft + return FIDOApp( + label="Microsoft", + icon="apps/webauthn/res/icon_microsoft.toif", + use_sign_count=False, + ) + elif rp_id_hash == b"\xab\x2d\xaf\x07\x43\xde\x78\x2a\x70\x18\x9a\x0f\x5e\xfc\x30\x90\x2f\x92\x5b\x9f\x9a\x18\xc5\xd7\x14\x1b\x7b\x12\xf8\xa0\x10\x0c": + # WebAuthn key for mojeID + return FIDOApp( + label="mojeID", + icon="apps/webauthn/res/icon_mojeid.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x08\xb2\xa3\xd4\x19\x39\xaa\x31\x66\x84\x93\xcb\x36\xcd\xcc\x4f\x16\xc4\xd9\xb4\xc8\x23\x8b\x73\xc2\xf6\x72\xc0\x33\x00\x71\x97": + # U2F key for Slush Pool + return FIDOApp( + label="Slush Pool", + icon="apps/webauthn/res/icon_slushpool.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x38\x80\x4f\x2e\xff\x74\xf2\x28\xb7\x41\x51\xc2\x01\xaa\x82\xe7\xe8\xee\xfc\xac\xfe\xcf\x23\xfa\x14\x6b\x13\xa3\x76\x66\x31\x4f": + # U2F key for Slush Pool + return FIDOApp( + label="Slush Pool", + icon="apps/webauthn/res/icon_slushpool.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x2a\xc6\xad\x09\xa6\xd0\x77\x2c\x44\xda\x73\xa6\x07\x2f\x9d\x24\x0f\xc6\x85\x4a\x70\xd7\x9c\x10\x24\xff\x7c\x75\x59\x59\x32\x92": + # U2F key for Stripe + return FIDOApp( + label="Stripe", + icon="apps/webauthn/res/icon_stripe.toif", + use_sign_count=None, + ) + elif rp_id_hash == b"\x1b\x3c\x16\xdd\x2f\x7c\x46\xe2\xb4\xc2\x89\xdc\x16\x74\x6b\xcc\x60\xdf\xcf\x0f\xb8\x18\xe1\x32\x15\x52\x6e\x14\x08\xe7\xf4\x68": + # U2F key for u2f.bin.coffee + return FIDOApp( + label="u2f.bin.coffee", + icon=None, + use_sign_count=None, + ) + elif rp_id_hash == b"\xa6\x42\xd2\x1b\x7c\x6d\x55\xe1\xce\x23\xc5\x39\x98\x28\xd2\xc7\x49\xbf\x6a\x6e\xf2\xfe\x03\xcc\x9e\x10\xcd\xf4\xed\x53\x08\x8b": + # WebAuthn key for webauthn.bin.coffee + return FIDOApp( + label="webauthn.bin.coffee", + icon=None, + use_sign_count=None, + ) + elif rp_id_hash == b"\x74\xa6\xea\x92\x13\xc9\x9c\x2f\x74\xb2\x24\x92\xb3\x20\xcf\x40\x26\x2a\x94\xc1\xa9\x50\xa0\x39\x7f\x29\x25\x0b\x60\x84\x1e\xf0": + # WebAuthn key for WebAuthn.io + return FIDOApp( + label="WebAuthn.io", + icon=None, + use_sign_count=None, + ) + elif rp_id_hash == b"\xf9\x5b\xc7\x38\x28\xee\x21\x0f\x9f\xd3\xbb\xe7\x2d\x97\x90\x80\x13\xb0\xa3\x75\x9e\x9a\xea\x3d\x0a\xe3\x18\x76\x6c\xd2\xe1\xad": + # WebAuthn key for WebAuthn.me + return FIDOApp( + label="WebAuthn.me", + icon=None, + use_sign_count=None, + ) + elif rp_id_hash == b"\xc4\x6c\xef\x82\xad\x1b\x54\x64\x77\x59\x1d\x00\x8b\x08\x75\x9e\xc3\xe6\xd2\xec\xb4\xf3\x94\x74\xbf\xea\x69\x69\x92\x5d\x03\xb7": + # WebAuthn key for demo.yubico.com + return FIDOApp( + label="demo.yubico.com", + icon=None, + use_sign_count=None, + ) + else: + return None diff --git a/core/src/apps/webauthn/knownapps.py.mako b/core/src/apps/webauthn/knownapps.py.mako new file mode 100644 index 0000000000..4e581898e0 --- /dev/null +++ b/core/src/apps/webauthn/knownapps.py.mako @@ -0,0 +1,48 @@ +# generated from knownapps.py.mako +# do not edit manually! +# flake8: noqa + + +if False: + from typing import Optional + + +class FIDOApp: + def __init__( + self, label: str, icon: Optional[str], use_sign_count: Optional[bool] + ) -> None: + self.label = label + self.icon = icon + self.use_sign_count = use_sign_count + + +<% +from hashlib import sha256 + +fido_entries = [] +for app in fido: + for u2f in app.u2f: + fido_entries.append((bytes.fromhex(u2f), "U2F", app)) + for origin in app.webauthn: + rp_id_hash = sha256(origin.encode()).digest() + fido_entries.append((rp_id_hash, "WebAuthn", app)) + if app.icon is not None: + app.icon_res = f"apps/webauthn/res/icon_{app.key}.toif" + else: + app.icon_res = None +%>\ +# fmt: off +def by_rp_id_hash(rp_id_hash: bytes) -> Optional[FIDOApp]: + if False: + raise RuntimeError # if false +% for rp_id_hash, type, app in fido_entries: + elif rp_id_hash == ${black_repr(rp_id_hash)}: + # ${type} key for ${app.label} + return FIDOApp( + label=${black_repr(app.label)}, + icon=${black_repr(app.icon_res)}, + use_sign_count=${black_repr(app.use_sign_count)}, + ) +% endfor + else: + return None