mirror of https://github.com/Yubico/python-fido2
Fix: Use RFC1951 DEFLATE for large blobs.
This commit is contained in:
parent
221b822b12
commit
30ee871c3a
|
@ -93,7 +93,7 @@ user = {"id": b"user_id", "name": "A. User"}
|
|||
# Prepare parameters for makeCredential
|
||||
create_options, state = server.register_begin(
|
||||
user,
|
||||
resident_key=True,
|
||||
resident_key_requirement="required",
|
||||
user_verification=uv,
|
||||
authenticator_attachment="cross-platform",
|
||||
)
|
||||
|
@ -146,4 +146,4 @@ selection = client.get_assertion(options)
|
|||
|
||||
# Only one cred in allowCredentials, only one response.
|
||||
result = selection.get_response(0)
|
||||
print("Read blob: ", result.extension_results.get("blob"))
|
||||
print("Read blob:", result.extension_results.get("blob"))
|
||||
|
|
|
@ -41,6 +41,16 @@ import zlib
|
|||
import os
|
||||
|
||||
|
||||
def _compress(data):
|
||||
o = zlib.compressobj(wbits=-zlib.MAX_WBITS)
|
||||
return o.compress(data) + o.flush()
|
||||
|
||||
|
||||
def _decompress(data):
|
||||
o = zlib.decompressobj(wbits=-zlib.MAX_WBITS)
|
||||
return o.decompress(data) + o.flush()
|
||||
|
||||
|
||||
def _lb_ad(orig_size):
|
||||
return b"blob" + struct.pack("<Q", orig_size)
|
||||
|
||||
|
@ -50,7 +60,7 @@ def _lb_pack(key, data):
|
|||
nonce = os.urandom(12)
|
||||
aesgcm = AESGCM(key)
|
||||
|
||||
ciphertext = aesgcm.encrypt(nonce, zlib.compress(data), _lb_ad(orig_size))
|
||||
ciphertext = aesgcm.encrypt(nonce, _compress(data), _lb_ad(orig_size))
|
||||
|
||||
return {
|
||||
1: ciphertext,
|
||||
|
@ -172,7 +182,7 @@ class LargeBlobs:
|
|||
for entry in self.read_blob_array():
|
||||
try:
|
||||
compressed, orig_size = _lb_unpack(large_blob_key, entry)
|
||||
decompressed = zlib.decompress(compressed)
|
||||
decompressed = _decompress(compressed)
|
||||
if len(decompressed) == orig_size:
|
||||
return decompressed
|
||||
except (ValueError, zlib.error):
|
||||
|
|
Loading…
Reference in New Issue