fido2.attestation.base

Exceptions

InvalidAttestation

Base exception for attestation-related errors.

InvalidData

Attestation contains invalid data.

InvalidSignature

The signature of the attestation could not be verified.

UntrustedAttestation

The CA of the attestation is not trusted.

UnsupportedType

The attestation format is not supported.

Classes

AttestationType

Supported attestation types.

AttestationResult

The result of verifying an attestation.

Attestation

Implements verification of a specific attestation type.

UnsupportedAttestation

Implements verification of a specific attestation type.

NoneAttestation

Implements verification of a specific attestation type.

AttestationVerifier

Base class for verifying attestation.

Functions

catch_builtins(f)

Utility decoractor to wrap common exceptions related to InvalidData.

verify_x509_chain(chain)

Verifies a chain of certificates.

Module Contents

exception fido2.attestation.base.InvalidAttestation[source]

Bases: Exception

Base exception for attestation-related errors.

exception fido2.attestation.base.InvalidData[source]

Bases: InvalidAttestation

Attestation contains invalid data.

exception fido2.attestation.base.InvalidSignature[source]

Bases: InvalidAttestation

The signature of the attestation could not be verified.

exception fido2.attestation.base.UntrustedAttestation[source]

Bases: InvalidAttestation

The CA of the attestation is not trusted.

exception fido2.attestation.base.UnsupportedType(auth_data, fmt=None)[source]

Bases: InvalidAttestation

The attestation format is not supported.

auth_data
fmt = None
class fido2.attestation.base.AttestationType[source]

Bases: enum.IntEnum

Supported attestation types.

BASIC = 1
SELF = 2
ATT_CA = 3
ANON_CA = 4
NONE = 0
class fido2.attestation.base.AttestationResult[source]

The result of verifying an attestation.

attestation_type: AttestationType
trust_path: list[bytes]
fido2.attestation.base.catch_builtins(f)[source]

Utility decoractor to wrap common exceptions related to InvalidData.

fido2.attestation.base.verify_x509_chain(chain)[source]

Verifies a chain of certificates.

Checks that the first item in the chain is signed by the next, and so on. The first item is the leaf, the last is the root.

Parameters:

chain (list[bytes])

Return type:

None

class fido2.attestation.base.Attestation[source]

Bases: abc.ABC

Implements verification of a specific attestation type.

abstractmethod verify(statement, auth_data, client_data_hash)[source]

Verifies attestation statement.

Returns:

An AttestationResult if successful.

Parameters:
Return type:

AttestationResult

static for_type(fmt)[source]

Get an Attestation subclass type for the given format.

Parameters:

fmt (str)

Return type:

type[Attestation]

class fido2.attestation.base.UnsupportedAttestation(fmt=None)[source]

Bases: Attestation

Implements verification of a specific attestation type.

fmt = None
verify(statement, auth_data, client_data_hash)[source]

Verifies attestation statement.

Returns:

An AttestationResult if successful.

class fido2.attestation.base.NoneAttestation[source]

Bases: Attestation

Implements verification of a specific attestation type.

FORMAT = 'none'
verify(statement, auth_data, client_data_hash)[source]

Verifies attestation statement.

Returns:

An AttestationResult if successful.

class fido2.attestation.base.AttestationVerifier(attestation_types=None)[source]

Bases: abc.ABC

Base class for verifying attestation.

Override the ca_lookup method to provide a trusted root certificate used to verify the trust path from the attestation.

Parameters:

attestation_types (Sequence[Attestation] | None)

abstractmethod ca_lookup(attestation_result, auth_data)[source]

Lookup a CA certificate to be used to verify a trust path.

Parameters:
Return type:

bytes | None

verify_attestation(attestation_object, client_data_hash)[source]

Verify attestation.

Parameters:
Return type:

None