Authen-U2F-Tester-0.03000755000766000024 013262716357 14501 5ustar00mschoutstaff000000000000README100644000766000024 57213262716357 15426 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03 This archive contains the distribution Authen-U2F-Tester, version 0.03: FIDO/U2F Authentication Test Client This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. This README file was generated by Dist::Zilla::Plugin::Readme v6.010. Changes100644000766000024 156013262716357 16057 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03Revision history for Authen-U2F-Tester 0.03 2018-04-09 - Turn on sign() response's "User Presence" byte to "1". Previously this was "0", meaning the user presence was not confirmed. But Yubico's libu2f-server lib requires that this is "1". In order to be compatible with libu2f-server we need to send the presence byte as 0x01. [github #2] 0.02 2018-01-06 - Rename tester keypair() accessor to key(). This is a bit less confusing as its not a ::Tester::Keypair object, but a Crypt::PK::ECC object. - Move key store management into its own class (Authen::U2F::Keystore::Wrapped) and allow for possibility to implement different keystore schemes by passing in an object that does the Authen::U2F::Tester::Role::Keystore role to the tester constructor. - Fix documentation typo 0.01 2017-12-27 - Initial release LICENSE100644000766000024 4366313262716357 15623 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2017 by Michael Schout. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2017 by Michael Schout. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End META.yml100644000766000024 403713262716357 16037 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03--- abstract: 'FIDO/U2F Authentication Test Client' author: - 'Michael Schout ' build_requires: Authen::U2F: '0' Crypt::Misc: '0' File::Slurp: '0' Path::Tiny: '0' Test::Exception: '0' Test::More: '0' perl: '5.006' configure_requires: ExtUtils::MakeMaker: '0' perl: '5.006' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.010, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Authen-U2F-Tester provides: Authen::U2F::Tester: file: lib/Authen/U2F/Tester.pm version: '0.03' Authen::U2F::Tester::Const: file: lib/Authen/U2F/Tester/Const.pm version: '0.03' Authen::U2F::Tester::Error: file: lib/Authen/U2F/Tester/Error.pm version: '0.03' Authen::U2F::Tester::Keypair: file: lib/Authen/U2F/Tester/Keypair.pm version: '0.03' Authen::U2F::Tester::Keystore::Wrapped: file: lib/Authen/U2F/Tester/Keystore/Wrapped.pm version: '0.03' Authen::U2F::Tester::RegisterResponse: file: lib/Authen/U2F/Tester/RegisterResponse.pm version: '0.03' Authen::U2F::Tester::Role::Keystore: file: lib/Authen/U2F/Tester/Role/Keystore.pm version: '0.03' Authen::U2F::Tester::Role::Response: file: lib/Authen/U2F/Tester/Role/Response.pm version: '0.03' Authen::U2F::Tester::SignResponse: file: lib/Authen/U2F/Tester/SignResponse.pm version: '0.03' requires: Carp: '0' Crypt::OpenSSL::X509: '0' Crypt::PK::ECC: '0' Digest::SHA: '0' Exporter: '0' JSON::MaybeXS: '0' List::Util: '0' MIME::Base64: '0' Moose: '0' Moose::Role: '0' MooseX::AttributeShortcuts: '0' MooseX::SingleArg: '0' base: '0' constant: '0' namespace::autoclean: '0' perl: '5.006' strictures: '2' resources: bugtracker: https://github.com/mschout/perl-authen-u2f-tester/issues homepage: https://github.com/mschout/perl-authen-u2f-tester repository: https://github.com/mschout/perl-authen-u2f-tester.git version: '0.03' x_serialization_backend: 'YAML::Tiny version 1.70' MANIFEST100644000766000024 114713262716357 15716 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.010. Changes LICENSE MANIFEST MANIFEST.SKIP META.json META.yml Makefile.PL README SIGNATURE lib/Authen/U2F/Tester.pm lib/Authen/U2F/Tester/Const.pm lib/Authen/U2F/Tester/Error.pm lib/Authen/U2F/Tester/Keypair.pm lib/Authen/U2F/Tester/Keystore/Wrapped.pm lib/Authen/U2F/Tester/RegisterResponse.pm lib/Authen/U2F/Tester/Role/Keystore.pm lib/Authen/U2F/Tester/Role/Response.pm lib/Authen/U2F/Tester/SignResponse.pm t/author-pod-coverage.t t/author-pod-syntax.t t/author-signature.t t/keystore/wrapped.t t/smoke.t t/ssl/cert.pem t/ssl/key.pem t000755000766000024 013262716357 14665 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03smoke.t100755000766000024 565313262716357 16344 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t#!/usr/bin/env perl use strictures 2; use Authen::U2F; use Crypt::Misc qw(write_rawfile); use Crypt::OpenSSL::X509; use Crypt::PK::ECC; use File::Slurp qw(read_file); use JSON::MaybeXS qw(decode_json); use MIME::Base64 qw(decode_base64url); use Path::Tiny; use Test::Exception; use Test::More; use_ok 'Authen::U2F::Tester' or exit 1; use_ok 'Authen::U2F::Tester::Const' or exit 1; my $certfile = 't/ssl/cert.pem'; my $keyfile = 't/ssl/key.pem'; my $pk = Crypt::PK::ECC->new($keyfile); isa_ok $pk, 'Crypt::PK::ECC'; my $cert = Crypt::OpenSSL::X509->new_from_file($certfile); isa_ok $cert, 'Crypt::OpenSSL::X509'; my $tester = new_ok 'Authen::U2F::Tester', [ certificate => $cert, key => $pk ]; # also test using key_file and cert_file $tester = new_ok 'Authen::U2F::Tester', [ cert_file => $certfile, key_file => $keyfile ]; my ($handle, $key); subtest register => sub { my $challenge = Authen::U2F->challenge; my $app_id = 'https://www.example.com'; my $client_data = { typ => 'navigator.id.finishEnrollment', challenge => $challenge, origin => $app_id, cid_pubkey => 'unused' }; my $res; lives_ok { $res = $tester->register($app_id, $challenge) }; isa_ok $res, 'Authen::U2F::Tester::RegisterResponse'; cmp_ok $res->error_code, '==', 0, 'register request was successful'; is_deeply decode_json(decode_base64url($res->client_data)), $client_data; lives_ok { ($handle, $key) = Authen::U2F->registration_verify( challenge => $challenge, app_id => $app_id, origin => $app_id, registration_data => $res->registration_data, client_data => $res->client_data); }; # try to register again, should get device is ineligible lives_ok { $res = $tester->register($app_id, $challenge, $handle) }; isa_ok $res, 'Authen::U2F::Tester::Error'; is $res->error_code, &Authen::U2F::Tester::Const::DEVICE_INELIGIBLE; }; subtest sign => sub { my $challenge = Authen::U2F->challenge; my $app_id = 'https://www.example.com'; my $res; lives_ok { $res = $tester->sign($app_id, $challenge, $handle); }; isa_ok $res, 'Authen::U2F::Tester::SignResponse'; cmp_ok $res->error_code, '==', 0, 'sign request was successful'; lives_ok { Authen::U2F->signature_verify( challenge => $challenge, app_id => $app_id, origin => $app_id, key_handle => $handle, key => $key, signature_data => $res->signature_data, client_data => $res->client_data); }; # device not registered lives_ok { $res = $tester->sign($app_id, $challenge, substr($handle, 1)); }; isa_ok $res, 'Authen::U2F::Tester::Error'; is $res->error_code, &Authen::U2F::Tester::Const::DEVICE_INELIGIBLE; }; done_testing; SIGNATURE100644000766000024 571613262716357 16057 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03This file contains message digests of all files listed in MANIFEST, signed via the Module::Signature module, version 0.81. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: % cpansign -v It will check each file's integrity, as well as the signature's validity. If "==> Signature verified OK! <==" is not displayed, the distribution may already have been compromised, and you should not run its Makefile.PL or Build.PL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SHA1 c3f4b6153264781aea1dd757636da46615de13a4 Changes SHA1 dd31f242fe1032bc39b741771b08dfff7a396aaf LICENSE SHA1 e87bbed81df0ed8e0610cfd07366e288d4173b56 MANIFEST SHA1 4b1a15af25c0544e1c14951c0ca4c0faf2f5fe72 MANIFEST.SKIP SHA1 fc899ee1dfd295d1c5ada043d39a470b3da32e58 META.json SHA1 90e8989d3fff4df3ecf518953179cb894e3e2385 META.yml SHA1 d4dc6e816de7ea32d5f04a7d0922e4010404dfe0 Makefile.PL SHA1 e70f8bc4bd22d4c43e884a4ebcf5daa8e58d8384 README SHA1 0c80518a2b98fb923e69fb570a2064a9447aade8 lib/Authen/U2F/Tester.pm SHA1 98e8477445a6301416b8a19965af42cee3c0603a lib/Authen/U2F/Tester/Const.pm SHA1 a4502be77cc6d7d57dc82dd2f195cf1c23231bb0 lib/Authen/U2F/Tester/Error.pm SHA1 44f52307ddf2b657ed8eef2efd98c3a2e06c979d lib/Authen/U2F/Tester/Keypair.pm SHA1 ad68e85602d0641579da272785c95e6371c34d21 lib/Authen/U2F/Tester/Keystore/Wrapped.pm SHA1 44bb70b5a21beb8b44ca2e5d62ec5e14c7133433 lib/Authen/U2F/Tester/RegisterResponse.pm SHA1 b481732558b8a0f57abc5ae3f8d59aaedd88908b lib/Authen/U2F/Tester/Role/Keystore.pm SHA1 1b00cb534ef5ac48c877f96bb1dffc0e91e01c53 lib/Authen/U2F/Tester/Role/Response.pm SHA1 934a3939a24ad07c0a459e7826e5f0540bcd5c08 lib/Authen/U2F/Tester/SignResponse.pm SHA1 5387f8ed48de7ef64220c5ed2c77e41ed844adb2 t/author-pod-coverage.t SHA1 8efad25309730a4d501fb40fc03eda4697303372 t/author-pod-syntax.t SHA1 19cc343f8a85c6805bbeb02580487483a6283887 t/author-signature.t SHA1 79d848e913cc083fb9bbcca0bb2f2f68e60e85ad t/keystore/wrapped.t SHA1 ab5a292fd7c239a304ded84bf13052aeb33c391d t/smoke.t SHA1 d47eec3a73827e0840255794214630e37aebcc11 t/ssl/cert.pem SHA1 161e39a64d86f1afd6762619bc892689b588f235 t/ssl/key.pem -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAlrLnO8RHG1zY2hvdXRA Y3Bhbi5vcmcACgkQRAzvLrlUzY6mshAArfl8xEXHovWBfHR1CwFlqBnIy4NnYTJh IqzurxO6sQDx40wNUrXgS+2zFQMmXtrHEJr19vN9UkZ0krcbX++m5R59thtKkxyF 4OgHycFp1nLWLSNPOlfNsR4oC9L5vHlI77UblV8PJdrgQ9Tx+G7sgwx/b4nuvXhf pN/Vez0CDrn+Aw+D7jKBTCf4UFZnrzUuAHTWosWzDsmXDGz3lHzDA48gZihIgmQa 6hS2YO44lTAkJP/lUC6rHANHsewfXKPyoSIcUPI4q9+5+xYLjlYHUm48vv5gSVtT vzAIVhkDOi9pCIsF3+m+X7r1ba5p8yio64ufhZhBKP90ieeOEL6lKDIUg12Bjyuv RBj2PEx8Op3hWSUa171Vy92c7Rxgf2XBEHxvhJDbzR7IlxaGQDpi7eH/1Dk0UL17 pmJcjxNadiBAK9P/38fUuPLZbD0eissyFIYYy0/MyMX5LIf1anALXGCYK/zw716H 2v0e+0rgURCeEcH72SvjewhdTWCsmY+4E6VoC1L4GwjZiKXN+rXjqnAo+E2a2Snm 21vl9QQc0OflYHSjQpVaRB9vDRJzNwVsv101CQq18MVbAXiyyRaA00DCPuMzP/3R WAVI9kxTjuMxtgJvU39/o7Xkfmz+RaWSniFNJ4os66IZCdxWwj/loPKrwkC6RGf5 Y/BG9Pz2KOE= =NtrI -----END PGP SIGNATURE----- META.json100644000766000024 707713262716357 16216 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03{ "abstract" : "FIDO/U2F Authentication Test Client", "author" : [ "Michael Schout " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.010, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Authen-U2F-Tester", "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0", "perl" : "5.006" } }, "develop" : { "requires" : { "Dist::Zilla" : "5", "Dist::Zilla::PluginBundle::MSCHOUT" : "0", "Pod::Coverage::TrustPod" : "0", "Software::License::Perl_5" : "0", "Test::Pod" : "1.41", "Test::Pod::Coverage" : "1.08", "Test::Signature" : "0" } }, "runtime" : { "requires" : { "Carp" : "0", "Crypt::OpenSSL::X509" : "0", "Crypt::PK::ECC" : "0", "Digest::SHA" : "0", "Exporter" : "0", "JSON::MaybeXS" : "0", "List::Util" : "0", "MIME::Base64" : "0", "Moose" : "0", "Moose::Role" : "0", "MooseX::AttributeShortcuts" : "0", "MooseX::SingleArg" : "0", "base" : "0", "constant" : "0", "namespace::autoclean" : "0", "perl" : "5.006", "strictures" : "2" } }, "test" : { "requires" : { "Authen::U2F" : "0", "Crypt::Misc" : "0", "File::Slurp" : "0", "Path::Tiny" : "0", "Test::Exception" : "0", "Test::More" : "0", "perl" : "5.006" } } }, "provides" : { "Authen::U2F::Tester" : { "file" : "lib/Authen/U2F/Tester.pm", "version" : "0.03" }, "Authen::U2F::Tester::Const" : { "file" : "lib/Authen/U2F/Tester/Const.pm", "version" : "0.03" }, "Authen::U2F::Tester::Error" : { "file" : "lib/Authen/U2F/Tester/Error.pm", "version" : "0.03" }, "Authen::U2F::Tester::Keypair" : { "file" : "lib/Authen/U2F/Tester/Keypair.pm", "version" : "0.03" }, "Authen::U2F::Tester::Keystore::Wrapped" : { "file" : "lib/Authen/U2F/Tester/Keystore/Wrapped.pm", "version" : "0.03" }, "Authen::U2F::Tester::RegisterResponse" : { "file" : "lib/Authen/U2F/Tester/RegisterResponse.pm", "version" : "0.03" }, "Authen::U2F::Tester::Role::Keystore" : { "file" : "lib/Authen/U2F/Tester/Role/Keystore.pm", "version" : "0.03" }, "Authen::U2F::Tester::Role::Response" : { "file" : "lib/Authen/U2F/Tester/Role/Response.pm", "version" : "0.03" }, "Authen::U2F::Tester::SignResponse" : { "file" : "lib/Authen/U2F/Tester/SignResponse.pm", "version" : "0.03" } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/mschout/perl-authen-u2f-tester/issues" }, "homepage" : "https://github.com/mschout/perl-authen-u2f-tester", "repository" : { "type" : "git", "url" : "https://github.com/mschout/perl-authen-u2f-tester.git", "web" : "https://github.com/mschout/perl-authen-u2f-tester" } }, "version" : "0.03", "x_serialization_backend" : "Cpanel::JSON::XS version 3.0233" } Makefile.PL100644000766000024 375113262716357 16542 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.010. use strict; use warnings; use 5.006; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "FIDO/U2F Authentication Test Client", "AUTHOR" => "Michael Schout ", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "Authen-U2F-Tester", "LICENSE" => "perl", "MIN_PERL_VERSION" => "5.006", "NAME" => "Authen::U2F::Tester", "PREREQ_PM" => { "Carp" => 0, "Crypt::OpenSSL::X509" => 0, "Crypt::PK::ECC" => 0, "Digest::SHA" => 0, "Exporter" => 0, "JSON::MaybeXS" => 0, "List::Util" => 0, "MIME::Base64" => 0, "Moose" => 0, "Moose::Role" => 0, "MooseX::AttributeShortcuts" => 0, "MooseX::SingleArg" => 0, "base" => 0, "constant" => 0, "namespace::autoclean" => 0, "strictures" => 2 }, "TEST_REQUIRES" => { "Authen::U2F" => 0, "Crypt::Misc" => 0, "File::Slurp" => 0, "Path::Tiny" => 0, "Test::Exception" => 0, "Test::More" => 0 }, "VERSION" => "0.03", "test" => { "TESTS" => "t/*.t t/keystore/*.t" } ); my %FallbackPrereqs = ( "Authen::U2F" => 0, "Carp" => 0, "Crypt::Misc" => 0, "Crypt::OpenSSL::X509" => 0, "Crypt::PK::ECC" => 0, "Digest::SHA" => 0, "Exporter" => 0, "File::Slurp" => 0, "JSON::MaybeXS" => 0, "List::Util" => 0, "MIME::Base64" => 0, "Moose" => 0, "Moose::Role" => 0, "MooseX::AttributeShortcuts" => 0, "MooseX::SingleArg" => 0, "Path::Tiny" => 0, "Test::Exception" => 0, "Test::More" => 0, "base" => 0, "constant" => 0, "namespace::autoclean" => 0, "strictures" => 2 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); MANIFEST.SKIP100644000766000024 25013262716357 16435 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03^blib/ ^MANIFEST\.bak$ ^Makefile$ ^Makefile\.old$ ^pm_to_blib$ ^\.git/ ^\.gitignore$ ^dist\.ini$ ^MYMETA ^\.travis\.yml$ ^\.build$ ^releases$ .*\.tar\.gz$ ^README\.md$ ssl000755000766000024 013262716357 15466 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/tkey.pem100644000766000024 34313262716357 17101 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t/ssl-----BEGIN EC PRIVATE KEY----- MHcCAQEEIAeziLe+61qKHf900vGwHIt7TgCKGAK3GWVXIwTBF0lDoAoGCCqGSM49 AwEHoUQDQgAEkerYUf2HLqnPPab2Ev3v7h5jAJ+6BYwHPoi+9AzF6D1EmMNadmJj Lc4KSGsqa+lVwxv+nYErpKGImWQxA4oCfQ== -----END EC PRIVATE KEY----- cert.pem100644000766000024 132113262716357 17263 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t/ssl-----BEGIN CERTIFICATE----- MIIB5jCCAY2gAwIBAgIJAKZaqZ1hhjDwMAoGCCqGSM49BAMCME8xCzAJBgNVBAYT AlVTMQ4wDAYDVQQIDAVUZXhhczEaMBgGA1UECgwRVW50cnVzdGVkIFUyRiBPcmcx FDASBgNVBAMMC3ZpcnR1YWwtdTJmMCAXDTE3MTIyMzIyMjE0MVoYDzIxMTUwNjEz MjIyMTQxWjBPMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxGjAYBgNVBAoM EVVudHJ1c3RlZCBVMkYgT3JnMRQwEgYDVQQDDAt2aXJ0dWFsLXUyZjBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABJHq2FH9hy6pzz2m9hL97+4eYwCfugWMBz6IvvQM xeg9RJjDWnZiYy3OCkhrKmvpVcMb/p2BK6ShiJlkMQOKAn2jUDBOMB0GA1UdDgQW BBS2z1CA8JCBqNY9QZWOQcxLamSHqjAfBgNVHSMEGDAWgBS2z1CA8JCBqNY9QZWO QcxLamSHqjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIGnHcJzvwsrk MbruNtufqOPB+5LnvGg2W6J1OSAXtkgBAiArCuj47NUyfeDC55E/YoSRXi5n9Qr+ vRXbJg582sAKVQ== -----END CERTIFICATE----- keystore000755000766000024 013262716357 16532 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/twrapped.t100755000766000024 217513262716357 20531 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t/keystore#!/usr/bin/env perl use strictures 2; use Crypt::PK::ECC; use MIME::Base64 qw(encode_base64url); use Test::Exception; use Test::More; use_ok 'Authen::U2F::Tester::Keypair' or exit 1; use_ok 'Authen::U2F::Tester::Keystore::Wrapped' or exit 1; my $keyfile = 't/ssl/key.pem'; my $pk = Crypt::PK::ECC->new($keyfile); isa_ok $pk, 'Crypt::PK::ECC'; my $keystore = Authen::U2F::Tester::Keystore::Wrapped->new(key => $pk); isa_ok $keystore, 'Authen::U2F::Tester::Keystore::Wrapped'; can_ok $keystore, qw(exists get put); my $keypair = Authen::U2F::Tester::Keypair->new; isa_ok $keypair, 'Authen::U2F::Tester::Keypair'; my $handle = $keystore->put($keypair->private_key); ok defined $handle; $handle = encode_base64url($handle); # valid handle exists ok $keystore->exists($handle); # invalid handle does not exist ok !$keystore->exists('aaa'); $pk = $keystore->get($handle); isa_ok $pk, 'Crypt::PK::ECC'; # compare the private key to the original keypair private key my $ks_keypair = Authen::U2F::Tester::Keypair->new(keypair => $pk); is $ks_keypair->private_key, $keypair->private_key; dies_ok { $keystore->remove($handle) }; done_testing; author-signature.t100644000766000024 65713262716357 20503 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t#!perl -w BEGIN { unless ($ENV{AUTHOR_TESTING}) { print qq{1..0 # SKIP these tests are for testing by the author\n}; exit } } # This file was automatically generated by Dist::Zilla::Plugin::AuthorSignatureTest use strict; use warnings; use Test::More; unless (eval { require Test::Signature; 1 }) { plan skip_all => 'Test::Signature is required for this test'; } Test::Signature::signature_ok(); done_testing; author-pod-syntax.t100644000766000024 45413262716357 20603 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t#!perl BEGIN { unless ($ENV{AUTHOR_TESTING}) { print qq{1..0 # SKIP these tests are for testing by the author\n}; exit } } # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. use strict; use warnings; use Test::More; use Test::Pod 1.41; all_pod_files_ok(); author-pod-coverage.t100644000766000024 53613262716357 21051 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/t#!perl BEGIN { unless ($ENV{AUTHOR_TESTING}) { print qq{1..0 # SKIP these tests are for testing by the author\n}; exit } } # This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests. use Test::Pod::Coverage 1.08; use Pod::Coverage::TrustPod; all_pod_coverage_ok({ coverage_class => 'Pod::Coverage::TrustPod' }); U2F000755000766000024 013262716357 17010 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/AuthenTester.pm100644000766000024 2353513262716357 21004 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester; $Authen::U2F::Tester::VERSION = '0.03'; # ABSTRACT: FIDO/U2F Authentication Test Client use Moose; use strictures 2; use Authen::U2F::Tester::Const qw(OK DEVICE_INELIGIBLE); use Authen::U2F::Tester::Error; use Authen::U2F::Tester::Keypair; use Authen::U2F::Tester::RegisterResponse; use Authen::U2F::Tester::SignResponse; use Crypt::OpenSSL::X509; use Crypt::PK::ECC; use Digest::SHA qw(sha256); use JSON::MaybeXS qw(encode_json); use List::Util qw(first); use MIME::Base64 qw(encode_base64url decode_base64url); use namespace::autoclean; my $COUNTER = 0; has key => ( is => 'ro', isa => 'Crypt::PK::ECC', required => 1); has keystore => ( is => 'ro', does => 'Authen::U2F::Tester::Role::Keystore', required => 1); has certificate => ( is => 'ro', isa => 'Crypt::OpenSSL::X509', required => 1); around BUILDARGS => sub { my ($orig, $self) = splice @_, 0, 2; if (@_ > 1) { my %args = @_; if (my $keyfile = delete $args{key_file}) { $args{key} = Crypt::PK::ECC->new($keyfile); } if (my $certfile = delete $args{cert_file}) { $args{certificate} = Crypt::OpenSSL::X509->new_from_file($certfile); } # if no keystore was given, use the wrapped keystore unless (defined $args{keystore}) { require Authen::U2F::Tester::Keystore::Wrapped; $args{keystore} = Authen::U2F::Tester::Keystore::Wrapped->new(key => $args{key}); } return $self->$orig(%args); } else { return $self->$orig(@_); } }; sub register { my ($self, $app_id, $challenge, @registered_handles) = @_; # check if this device has already been registered for my $registered (@registered_handles) { if ($self->keystore->exists($registered)) { return Authen::U2F::Tester::Error->new(DEVICE_INELIGIBLE); } } # generate a new keypair for this application my $keypair = Authen::U2F::Tester::Keypair->new; my $handle = $self->keystore->put($keypair->private_key); my $cert = $self->certificate->as_string(Crypt::OpenSSL::X509::FORMAT_ASN1); my %client_data = ( typ => 'navigator.id.finishEnrollment', challenge => $challenge, origin => $app_id, cid_pubkey => 'unused'); my $client_data = encode_json(\%client_data); my $sign_data = pack 'x a32 a32 a* a65', sha256($app_id), sha256($client_data), $handle, $keypair->public_key; my $signature = $self->key->sign_hash(sha256($sign_data)); my $response = pack 'a a65 C/a* a* a*', chr(0x05), $keypair->public_key, $handle, $cert, $signature; return Authen::U2F::Tester::RegisterResponse->new( error_code => OK, response => $response, client_data => encode_base64url($client_data)); } sub sign { my ($self, $app_id, $challenge, @handles) = @_; my $handle = first { $self->keystore->exists($_) } @handles; unless (defined $handle) { return Authen::U2F::Tester::Error->new(DEVICE_INELIGIBLE); } my %client_data = ( typ => 'navigator.id.getAssertion', challenge => $challenge, origin => $app_id, cid_pubkey => 'unused'); my $client_data = encode_json(\%client_data); my $pkec = $self->keystore->get($handle); my $counter = ++$COUNTER; # generate the signature my $sign_data = pack 'a32 a N a32', sha256($app_id), # 32 byte SHA256 application parameter chr(0x01), # 1 byte user presence $counter, # 4 byte counter sha256($client_data); # 32 byte SHA256 of client data JSON my $signature = $pkec->sign_hash(sha256($sign_data)); my $response = pack 'a N a*', chr(0x01), $counter, $signature; return Authen::U2F::Tester::SignResponse->new( error_code => OK, response => $response, key_handle => $handle, client_data => encode_base64url($client_data)); } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester - FIDO/U2F Authentication Test Client =head1 VERSION version 0.03 =head1 SYNOPSIS my $tester = Authen::U2F::Tester->new( cert_file => $certfile, key_file => $keyfile); # # Test a U2F registration # my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $r = $tester->register($app_id, $challenge); unless ($r->is_success) { die $r->error_message; } print $res->client_data; print $res->registration_data; # the fields in $res can be used to verify the registration using # Authen::U2F my ($handle, $key) = Authen::U2F->registration_verify( challenge => $challenge, app_id => $app_id, origin => $origin, registration_data => $res->registration_data, client_data => $res->client_data); # # Test a U2F Signing request # $r = $tester->sign($app_id, $challenge, $handle); unless ($r->is_success) { die $r->error_message; } print $res->client_data; print $res->signature_data; # verify the signing request with Authen::U2F Authen::U2F->signature_verify( challenge => $challenge, app_id => $app_id, origin => $app_id, key_handle => $handle, key => $key, signature_data => $r->signature_data, client_data => $r->client_data); =head1 DESCRIPTION This module implements a FIDO/U2F tester that can be used for testing web applications that support FIDO/U2F. Think of this module as a "virtual" U2F security key. =head1 METHODS =head2 new(%args) Constructor. The following arguments are required: =over 4 =item * key_file The location of the private key file. =item * cert_file The location of the C certificate file. =back Alternatively, the key and certificate can be passed in directly as objects: =over 4 =item * key An L object. =item * certificate An L object. =back In order to create and use the tester, you will need both an Elliptic Curve key, and a SSL X.509 certificate. The key can be generated using OpenSSL: % openssl ecparam -name secp256r1 -genkey -noout -out key.pem Then this key can be used to generate a self signed X.509 certificate: % openssl req -key key.pem -x509 -days 3560 -sha256 \ -subj '/C=US/ST=Texas/O=Untrusted U2F Org/CN=virtual-u2f' \ -out cert.pem Note that this key is also used to encrypt key handles that the tester generates for registration requests. =head2 key(): Crypt::PK::ECC Get the key for this tester. =head2 keystore(): Authen::U2F::Tester::Role::Keystore This returns the key store instance that the tester uses. The default key store is a "wrapped" key store as described in the FIDO/U2F specs. What this means is it does not actually store anything, but instead encrypts the private key using the tester's private key, and returns that as the key handle. This key store will accept any encrypted private key as a valid key handle so long as it can be decrypted by the tester's private key. This is similar to how many physical U2F devices work in the real world. See L for more information. =head2 certificate(): Crypt::OpenSSL::X509 Get the SSL certificate that this tester uses. =head2 register($app_id, $challenge, @keyhandles): Authen::U2F::Tester::RegisterResponse Complete a registration request. Returns a L on success, or an L object on failure. Arguments are: =over 4 =item * app_id: string The application id =item * challenge: string The challenge parameter, in Base64 URL encoded format =item * keyhandles: list (optional) List of already registered keyhandles for the current user, in Base64 URL format. =back Example: my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $res = $tester->register($app_id, $challenge); unless ($res->is_success) { die $res->error_message; } =head2 sign($app_id, $challenge, @keyhandles) Complete a U2F signing request. Returns a L object on success, L object otherwise. Arguments are: =over 4 =item * app_id The appId value =item * challenge The challenge parameter, in Base64 URL encoded format =item * keyhandles List of possible keyhandles, in Base64 URL encoded format =back Example: my $app_id = 'https://www.example.com'; my $challenge = Authen::U2F->challenge; my $res = $tester->sign($app_id, $challenge, $keyhandle); unless ($res->is_success) { die $res->error_message; } # signature and client data, which should be sent to relaying party for # verification. print $res->signature_data; print $res->client_data; =for Pod::Coverage OK DEVICE_INELIGIBLE =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Tester000755000766000024 013262716357 20256 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2FConst.pm100644000766000024 547013262716357 22050 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Const; $Authen::U2F::Tester::Const::VERSION = '0.03'; # ABSTRACT: Constants for Authen::U2F::Tester use base 'Exporter'; use strictures 2; my %constants; BEGIN { %constants = ( OK => 0, OTHER_ERROR => 1, BAD_REQUEST => 2, CONFIGURATION_UNSUPPORTED => 3, DEVICE_INELIGIBLE => 4, TIMEOUT => 5); } use constant \%constants; our @EXPORT_OK = keys %constants; our %EXPORT_TAGS = ( all => \@EXPORT_OK ); 1; __END__ =pod =head1 NAME Authen::U2F::Tester::Const - Constants for Authen::U2F::Tester =head1 VERSION version 0.03 =head1 SYNOPSIS # import constants explicitly by name use Authen::U2F::Tester::Const qw(OK DEVICE_INELIGIBLE); # import all constants use Authen::U2F::Tester::Const ':all'; # example of a sign() request where the device has not been registered my $r = $tester->sign(...); if ($r->error_code == DEVICE_INELIGIBLE) { die "this device has not been registered"; } =head1 DESCRIPTION This module provides error constants that are used by L. =head1 ATTRIBUTES =head2 OK This error code indicates a successful response. =head2 OTHER_ERROR This error indicates some other error happened. =head2 BAD_REQUEST This error code indicates the request cannot be processed. =head2 CONFIGURATION_UNSUPPORTED This error code indicates the client configuration is not supported. =head2 DEVICE_INELIGIBLE This error code indicates that the device is not eligible for this request. For a registration request, this may mean the device has already been registered. For a signing request, this may mean the device was never registered. =head2 TIMEOUT This error code indicates a timeout occurred waiting for the request to be satisfied. =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Error.pm100644000766000024 516213262716357 22051 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Error; $Authen::U2F::Tester::Error::VERSION = '0.03'; # ABSTRACT: Authen::U2F::Tester Error Response use Moose; use MooseX::AttributeShortcuts; use MooseX::SingleArg; use Authen::U2F::Tester::Const ':all'; use namespace::autoclean; has error_code => (is => 'ro', isa => 'Int', required => 1); has error_message => (is => 'lazy', isa => 'Str'); single_arg 'error_code'; sub is_success { 0 } sub _build_error_message { my $self = shift; my %errors = ( OTHER_ERROR => 'Other Error', BAD_REQUEST => 'Bad Request', CONFIGURATION_UNSUPPORTED => 'Configuration Unsupported', DEVICE_INELIGIBLE => 'Device Ineligible', TIMEOUT => 'Timeout'); } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester::Error - Authen::U2F::Tester Error Response =head1 VERSION version 0.03 =head1 SYNOPSIS $r = $tester->register(...); # or $r = $tester->sign(...); unless ($r->is_success) { print $r->error_code; print $r->error_message; } =head1 DESCRIPTION This object is returned from L sign or register requests if the request resulted in an error. =head1 METHODS =head2 new(int) Single arg constructor. Argument is a U2F error code. See L for constants that should be used for this. =head2 error_code(): int Get the error code =head2 error_message(): string Get the error message =head2 is_success(): bool Returns false as this object is only returned for errors. =head1 SEE ALSO =over 4 =item * L =back =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Keypair.pm100644000766000024 521713262716357 22365 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Keypair; $Authen::U2F::Tester::Keypair::VERSION = '0.03'; # ABSTRACT: Authen::U2F::Tester Keypair Object use Moose; use MooseX::AttributeShortcuts; use MooseX::SingleArg; use strictures 2; use Crypt::PK::ECC; use namespace::autoclean; has keypair => (is => 'lazy', isa => 'Crypt::PK::ECC'); has [qw(public_key private_key)] => (is => 'lazy', isa => 'Value'); single_arg 'keypair'; sub _build_keypair { my $pk = Crypt::PK::ECC->new; $pk->generate_key('nistp256'); return $pk; } sub _build_public_key { shift->keypair->export_key_raw('public'); } sub _build_private_key { shift->keypair->export_key_raw('private'); } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester::Keypair - Authen::U2F::Tester Keypair Object =head1 VERSION version 0.03 =head1 SYNOPSIS my $keypair = Authen::U2F::Tester::Keypair->new; # private key in DER format my $private_key = $keypair->private_key; # public key in DER format my $public_key = $keypair->public_key; print $keypair->handle; =head1 DESCRIPTION This module manages L keypairs for L. =head1 METHODS =head2 new() =head2 new($keypair) Construct a new keypair object. A L object can be passed to the constructor. Otherwise a new keypair will be generated on demand. =head2 keypair(): Crypt::PK::ECC Gets the keypair for this object. If a keypair was not passed to the constructor, a new key will be generated. =head2 public_key(): scalar Get the public key (in C format) for this keypair. =head2 private_key(): scalar Get the private key (in C format) for this keypair. =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut SignResponse.pm100644000766000024 407613262716357 23402 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::SignResponse; $Authen::U2F::Tester::SignResponse::VERSION = '0.03'; # ABSTRACT: U2F Tester Sign Response use Moose; use MIME::Base64 qw(encode_base64url); use namespace::autoclean; with qw(Authen::U2F::Tester::Role::Response); has key_handle => (is => 'ro', isa => 'Str', required => 1); sub signature_data { encode_base64url(shift->response); } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester::SignResponse - U2F Tester Sign Response =head1 VERSION version 0.03 =head1 SYNOPSIS my $res = $tester->sign($app_id, $challenge, @keyhandles); print $res->client_data; print $res->key_handle; print unpack 'H*', $res->response; =head1 DESCRIPTION This class is a signing response from a U2F signing request. =head1 METHODS =head2 key_handle(): string Get the key handle, in Base64 URL format. =head2 signature_data(): string Get the signature data from the response, in Base64 URL encoded format. =head1 SEE ALSO =over 4 =item * L =item * L =back =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Role000755000766000024 013262716357 21157 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/TesterKeystore.pm100644000766000024 534513262716357 23471 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester/Role# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Role::Keystore; $Authen::U2F::Tester::Role::Keystore::VERSION = '0.03'; # ABSTRACT: U2F Tester Keystore Role. use Moose::Role; requires qw(exists put get remove); 1; __END__ =pod =head1 NAME Authen::U2F::Tester::Role::Keystore - U2F Tester Keystore Role. =head1 VERSION version 0.03 =head1 SYNOPSIS package Authen::U2F::Tester::Keystore::Example; use Moose; use namespace::autoclean; with 'Authen::U2F::Tester::Role::Keystore'; sub exists { my ($self, $handle) = @_; ... # if handle is valid and exists in the keystore: return 1; # else return 0; } sub put { my ($self, $private_key) = @_; # somehow generate a unique handle return $handle; } sub get { my ($self, $handle) = @_; $handle = decode_base64url($handle); # fetch the Crypt::PK::ECC private key object associated with this handle. return $pkec; } __PACKAGE__->meta->make_immutable; =head1 DESCRIPTION This is a L that L keystore's must consume. All required methods must be implemented by the consuming L class. =head1 METHODS =head2 exists($handle): bool Check if the given handle (in Base64 URL format) exists (or is valid) in the key store. =head2 get($handle): Crypt::PK::ECC Given the key handle (in Base64 URL format), return the private key (as a L object) associated with it in the key store. =head2 put($private_key): scalar Save the given keypair in the keystore, returning a unique key handle that uniquely identifies the keypair. The returned handle should B be Base64 URL encoded. C<$private_key> is a raw private key string. =head2 remove($handle): void Remove the given key handle from the key store. =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Response.pm100644000766000024 512513262716357 23456 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester/Role# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Role::Response; $Authen::U2F::Tester::Role::Response::VERSION = '0.03'; # ABSTRACT: U2F Successful Response Role use Moose::Role; use strictures 2; use Authen::U2F::Tester::Const qw(OK); use namespace::autoclean; has response => (is => 'ro', isa => 'Value', required => 1); has error_code => (is => 'ro', isa => 'Int', required => 1); has client_data => (is => 'ro', isa => 'Str', required => 1); sub is_success { my $self = shift; return $self->error_code == OK ? 1 : 0; } 1; __END__ =pod =head1 NAME Authen::U2F::Tester::Role::Response - U2F Successful Response Role =head1 VERSION version 0.03 =head1 SYNOPSIS # This is used by successful tester U2F responses =head1 DESCRIPTION This is a role used by successful L responses. Successful responses consume this role. =head1 METHODS =head2 response(): scalar Get the raw U2F register response. This is a binary string representing a successful registration response. See L for the details on the contents of this string. =head2 error_code(): int Get the error code =head2 client_data() Get the client data from the request, in Base64 URL format. =head2 is_success(): bool Returns true if the response was successful, false otherwise. =for Pod::Coverage OK =head1 SEE ALSO =over 4 =item * L =item * L =item * L =back =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut RegisterResponse.pm100644000766000024 415413262716357 24263 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::RegisterResponse; $Authen::U2F::Tester::RegisterResponse::VERSION = '0.03'; # ABSTRACT: U2F Tester Registration Response use Moose; use strictures 2; use MIME::Base64 qw(encode_base64url); use namespace::autoclean; with qw(Authen::U2F::Tester::Role::Response); sub registration_data { return encode_base64url(shift->response); } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester::RegisterResponse - U2F Tester Registration Response =head1 VERSION version 0.03 =head1 SYNOPSIS use Authen::U2F::Tester; my $tester = Authen::U2F::Tester->new(...); my $res = $tester->register(...); print $res->client_data; print $res->registration_data; # print the binary response in hex format print unpack 'H*', $res->response; =head1 DESCRIPTION This class represents a successful response to a registration request. =head1 METHODS =head2 registration_data(): string Get the registration data from the tester's register request, in Base64 URL encoding. =head1 SEE ALSO =over 4 =item * L =item * L =back =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Keystore000755000766000024 013262716357 22063 5ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/TesterWrapped.pm100644000766000024 676513262716357 24201 0ustar00mschoutstaff000000000000Authen-U2F-Tester-0.03/lib/Authen/U2F/Tester/Keystore# # This file is part of Authen-U2F-Tester # # This software is copyright (c) 2017 by Michael Schout. # # This is free software; you can redistribute it and/or modify it under # the same terms as the Perl 5 programming language system itself. # package Authen::U2F::Tester::Keystore::Wrapped; $Authen::U2F::Tester::Keystore::Wrapped::VERSION = '0.03'; # ABSTRACT: Wrapped Keystore for Authen::U2F::Tester use Moose; use Crypt::PK::ECC; use MIME::Base64 qw(decode_base64url); use namespace::autoclean; with 'Authen::U2F::Tester::Role::Keystore'; has key => (is => 'ro', isa => 'Crypt::PK::ECC', required => 1); sub exists { my ($self, $handle) = @_; $handle = decode_base64url($handle); if (eval { $self->key->decrypt($handle); 1 }) { return 1; } else { return 0; } } sub get { my ($self, $handle) = @_; my $private_key = $self->key->decrypt(decode_base64url($handle)); my $pkec = Crypt::PK::ECC->new; $pkec->import_key_raw($private_key, 'nistp256'); return $pkec; } sub put { my ($self, $private_key) = @_; my $handle = $self->key->encrypt($private_key, 'SHA256'); return $handle; } sub remove { require Carp; Carp::croak 'Keys cannot be removed from the Wrapped Keystore'; } __PACKAGE__->meta->make_immutable; __END__ =pod =head1 NAME Authen::U2F::Tester::Keystore::Wrapped - Wrapped Keystore for Authen::U2F::Tester =head1 VERSION version 0.03 =head1 SYNOPSIS my $key = Crypt::PK::ECC->new; ... my $keystore = Authen::U2F::Tester::Keystore->new(key => $key); my $keypair = Authen::U2F::Tester::Keypair->new; my $handle = $keystore->put($keypair->private_key); if ($keystore->exists($handle)) { my $pkec = $keystore->get($handle); } =head1 DESCRIPTION This is a "wrapped" key store for L. This is the default key store used by L. This key store does not require any backing storage at all to keep track of registered keys. Instead, it generates key handles by encrypting the private key using the tester's private key and returns this encrypted value as the key handle. This is somewhat vaguely describe in the FIDO/U2F specifications as a "wrapped" key handle. My experience is that most of the U2F devices out there use some variation of this scheme because it allows the devices to be used with an infinite number of services as no local storage is required on the U2F device. Storage of the key handle is not required because this class can tell if the handle is valid or not by trying to decrypt the passed in key handle. If decryption succeeds, then the handle is valid. Otherwise, the handle is not valid. =for Pod::Coverage exists get put remove =head1 SEE ALSO =over 4 =item * L =back =head1 SOURCE The development version is on github at L and may be cloned from L =head1 BUGS Please report any bugs or feature requests on the bugtracker website L When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature. =head1 AUTHOR Michael Schout =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2017 by Michael Schout. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut