Last active
December 4, 2019 23:23
-
-
Save My1/d450a292b43a33d9194ba05165dc17f3 to your computer and use it in GitHub Desktop.
Revisions
-
My1 revised this gist
Dec 4, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,7 +17,7 @@ function bin2uuid($bin) { require_once '../WebAuthn.php'; $rk=true; $uv=true; $timeout=180; //dont ask for attestation, it's just slowing us down. $formats=array('none'); -
Nov 30, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,7 +20,7 @@ function bin2uuid($bin) { $uv=1´true; $timeout=180; //dont ask for attestation, it's just slowing us down. $formats=array('none'); $WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats); -
Nov 30, 2019 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,8 @@ function bin2uuid($bin) { $rk=true; $uv=1´true; $timeout=180; //dont ask for attestation, it's just slowing us down. $formats=array('none); $WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats); -
Nov 30, 2019 . No changes.There are no files selected for viewing
-
Nov 30, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,112 @@ <?php $dbhost="use"; $dbname="your"; $dbuser="own"; $dbpass="database"; $table="table"; function bin2uuid($bin) { $uuidReadable = unpack("H*",$bin); $uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable); $uuidReadable = array_merge($uuidReadable)[0]; return $uuidReadable; } $link = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname) or die("nocon"); require_once '../WebAuthn.php'; $rk=true; $uv=1´true; $timeout=180; $formats=array('none'/*,'android-key','android-safetynet','fido-u2f','packed'*/); $WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats); if(isset($_POST["reg"])||isset($_GET["reg"]) && !isset($_POST["regdata"])) { if(!isset($_GET["num"])) { $num=1; } else { $num=$_GET["num"]; } $uid="RK Blowup Test $num"; $uname="User $num"; $dname="Display $num"; $exist=[]; $args = $WebAuthn->getCreateArgs($uid, $uname, $dname, $timeout, $rk,$uv,$exist); //$pargs=json_encode($args,JSON_PRETTY_PRINT); $createArgs = json_encode($args); session_start(); $_SESSION['challenge'] = $WebAuthn->getChallenge(); $_SESSION['uid']=$uid; } if(isset($_POST["regdata"])) { session_start(); $r=json_decode($_POST["regdata"]); $challenge=$_SESSION["challenge"]; $uid=$_SESSION["uid"]; $clientDataJSON = base64_decode($r->clientDataJSON); $attestationObject = base64_decode($r->attestationObject); $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge); $data->credentialId=base64_encode($data->credentialId); $data->AAGUID=bin2uuid($data->AAGUID); $data->signatureCounter=($data->signatureCounter === NULL ? 0 : $data->signatureCounter); //var_dump($data); $cols="uid,credid,pk".($data->signatureCounter ? ",counter" : '').($data->certificate ? ",cert" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",aaguid" : ''); $vals="'$uid','{$data->credentialId}','{$data->credentialPublicKey}'".($data->signatureCounter ? ",'{$data->signatureCounter}'" : '').($data->certificate ? ",'{$data->certificate}'" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",'{$data->AAGUID}'" : ''); $q="insert into webauthn ($cols) values ($vals)"; //echo $q; mysqli_query($link,$q) or die(mysqli_error($link)); header("Location: blowuprks.php?reg&num=".($_GET["num"]+1)); } echo <<<end <html> <head> <title>My1s WebAuthn test</title> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> Current number is $num end; if(isset($createArgs)) { echo <<<end <form id="regform" method="post"> <input type="text" name="uv" value="$uv" readonly> <input type="text size="100" name="regdata" id="regdata"/> </form> <button onclick="webreg()">Sign Up</button> <script> var args=$createArgs; function recursiveBase64StrToArrayBuffer(r){if("object"==typeof r)for(let t in r)if("string"==typeof r[t]){let n=r[t];if("?BINARY?B?"===n.substring(0,"?BINARY?B?".length)&&"?="===n.substring(n.length-"?=".length)){n=n.substring("?BINARY?B?".length,n.length-"?=".length);let f=window.atob(n),o=f.length,i=new Uint8Array(o);for(var e=0;e<o;e++)i[e]=f.charCodeAt(e);r[t]=i.buffer}}else recursiveBase64StrToArrayBuffer(r[t])}function arrayBufferToBase64(r){for(var e="",t=new Uint8Array(r),n=t.byteLength,f=0;f<n;f++)e+=String.fromCharCode(t[f]);return window.btoa(e)} recursiveBase64StrToArrayBuffer(args); function webreg() { navigator.credentials.create(args) .then(result => { r={}; r.clientDataJSON = result.response.clientDataJSON ? arrayBufferToBase64(result.response.clientDataJSON) : null; r.attestationObject = result.response.attestationObject ? arrayBufferToBase64(result.response.attestationObject) : null; document.getElementById("regdata").value=JSON.stringify(r); document.getElementById("regform").submit(); }) .catch(e => { window.exc=e; console.log(e.message); }); } webreg(); </script> end; } echo <<<end </body> </html> end;