doitian · December 17, 2023 14:09
diff --git a/verify_joyid_webauthn.py b/verify_joyid_webauthn.py
 import base64
 from Crypto.Hash import SHA256
 from Crypto.PublicKey import ECC
 from Crypto.Signature import DSS
 from Crypto.Util.asn1 import DerSequence


 response = {
    "signature": "MEUCICF25qdO6nLreEoBHnyaw-9R6XFHbIu-NwsAI53t016qAiEAgmhlwTEMxoWx"
    "Kj79R1rUkB_6nrhJfws82DqHkY_HnqQ",
    "message": "K4sF4fAwPvuJj-TW3mARmMenuGSrvmohxzsueH4YfFIFAAAAAHsidHlwZSI6IndlYmF1dGhuLmdldCIsImNoYWxsZW5nZSI6IlUybG5iaUIwYUdseklHWnZjaUJ0WlEiLCJvcmlnaW4iOiJodHRwczovL3Rlc3RuZXQuam95aWQuZGV2IiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
    "challenge": "Sign this for me",
    "alg": -7,
    "pubkey": "3538dfd53ad93d2e0a6e7f470295dcd71057d825e1f87229e5afe2a906aa7cfc099fdfa04442dac33548b6988af8af58d2052529088f7b73ef00800f7fbcddb3",
    "keyType": "main_key",
 }

 pubkey = ECC.import_key(
    bytes.fromhex("04" + response["pubkey"]),
    curve_name="secp256r1",
 )
 with open("pubkey.pem", "wt") as fout:
    fout.write(pubkey.export_key(format="PEM"))

 message_bin = base64.urlsafe_b64decode(response["message"] + "==")
 authenticator_data = message_bin[:37]
 client_data = message_bin[37:]
 # https://github.com/duo-labs/py_webauthn/blob/master/webauthn/authentication/verify_authentication_response.py
 message_to_sign = authenticator_data + SHA256.new(client_data).digest()
 with open("message.bin", "wb") as fout:
    fout.write(message_to_sign)

 signature_der = base64.urlsafe_b64decode(response["signature"] + "==")
 with open("signature.der", "wb") as fout:
    fout.write(signature_der)
 signature_seq = DerSequence()
 signature_seq.decode(signature_der)
 signature = signature_seq[0].to_bytes(32) + signature_seq[1].to_bytes(32)

 DSS.new(pubkey, "fips-186-3").verify(SHA256.new(message_to_sign), signature)
 print("Verified OK")
	import base64
	from Crypto.Hash import SHA256
	from Crypto.PublicKey import ECC
	from Crypto.Signature import DSS
	from Crypto.Util.asn1 import DerSequence


	response = {
	"signature": "MEUCICF25qdO6nLreEoBHnyaw-9R6XFHbIu-NwsAI53t016qAiEAgmhlwTEMxoWx"
	"Kj79R1rUkB_6nrhJfws82DqHkY_HnqQ",
	"message": "K4sF4fAwPvuJj-TW3mARmMenuGSrvmohxzsueH4YfFIFAAAAAHsidHlwZSI6IndlYmF1dGhuLmdldCIsImNoYWxsZW5nZSI6IlUybG5iaUIwYUdseklHWnZjaUJ0WlEiLCJvcmlnaW4iOiJodHRwczovL3Rlc3RuZXQuam95aWQuZGV2IiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
	"challenge": "Sign this for me",
	"alg": -7,
	"pubkey": "3538dfd53ad93d2e0a6e7f470295dcd71057d825e1f87229e5afe2a906aa7cfc099fdfa04442dac33548b6988af8af58d2052529088f7b73ef00800f7fbcddb3",
	"keyType": "main_key",
	}

	pubkey = ECC.import_key(
	bytes.fromhex("04" + response["pubkey"]),
	curve_name="secp256r1",
	)
	with open("pubkey.pem", "wt") as fout:
	fout.write(pubkey.export_key(format="PEM"))

	message_bin = base64.urlsafe_b64decode(response["message"] + "==")
	authenticator_data = message_bin[:37]
	client_data = message_bin[37:]
	# https://github.com/duo-labs/py_webauthn/blob/master/webauthn/authentication/verify_authentication_response.py
	message_to_sign = authenticator_data + SHA256.new(client_data).digest()
	with open("message.bin", "wb") as fout:
	fout.write(message_to_sign)

	signature_der = base64.urlsafe_b64decode(response["signature"] + "==")
	with open("signature.der", "wb") as fout:
	fout.write(signature_der)
	signature_seq = DerSequence()
	signature_seq.decode(signature_der)
	signature = signature_seq[0].to_bytes(32) + signature_seq[1].to_bytes(32)

	DSS.new(pubkey, "fips-186-3").verify(SHA256.new(message_to_sign), signature)
	print("Verified OK")