shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

start to test hmac-secret

Browse Source
This commit is contained in:
Conor Patrick 2019-03-20 15:45:35 -04:00
parent 821880a8d6
commit 6098810167
1 changed files with 138 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

252
tools/ctap_test.py
View File

@ -153,6 +153,43 @@ class Tester:
elif data[0] != err: elif data[0] != err:
raise ValueError("Unexpected error: %02x" % data[0]) raise ValueError("Unexpected error: %02x" % data[0])
def testFunc(self, func, test, *args, **kwargs):
with Test(test):
res = None
expectedError = kwargs.get("expectedError", None)
otherArgs = kwargs.get("other", {})
try:
res = func(*args, **otherArgs)
if expectedError != CtapError.ERR.SUCCESS:
raise RuntimeError("Expected error to occur for test: %s" % test)
except CtapError as e:
if expectedError is not None:
if e.code != expectedError:
raise RuntimeError(
"Got error code 0x%x, expected %x" % (e.code, expectedError)
)
else:
print(e)
return res
def testReset(self,):
print("Resetting Authenticator...")
self.ctap.reset()
def testMC(self, test, *args, **kwargs):
return self.testFunc(self.ctap.make_credential, test, *args, **kwargs)
def testGA(self, test, *args, **kwargs):
return self.testFunc(self.ctap.get_assertion, test, *args, **kwargs)
def testCP(self, test, *args, **kwargs):
return self.testFunc(self.ctap.client_pin, test, *args, **kwargs)
def testPP(self, test, *args, **kwargs):
return self.testFunc(
self.client.pin_protocol.get_pin_token, test, *args, **kwargs
)
def test_long_ping(self): def test_long_ping(self):
amt = 1000 amt = 1000
pingdata = os.urandom(amt) pingdata = os.urandom(amt)
@ -723,6 +760,30 @@ class Tester:
except CtapError as e: except CtapError as e:
print("Warning, reset failed: ", e) print("Warning, reset failed: ", e)
def test_extensions(self,):
creds = []
exclude_list = []
rp = {"id": self.host, "name": "ExaRP"}
user = {"id": b"usee_od", "name": "AB User"}
challenge = "Y2hhbGxlbmdl"
pin_protocol = 1
key_params = [{"type": "public-key", "alg": ES256.ALGORITHM}]
cdh = b"123456789abcdef0123456789abcdef0"
with Test("Get info has hmac-secret"):
info = self.ctap.get_info()
assert "hmac-secret" in info.extensions
self.testMC(
"Send MC with hmac-secret ext set to true, expect SUCCESS",
cdh,
rp,
user,
key_params,
expectedError=CtapError.ERR.SUCCESS,
other={"extensions": {"hmac-secret": True}},
)
def test_fido2_other(self,): def test_fido2_other(self,):
creds = [] creds = []
@ -738,46 +799,6 @@ class Tester:
key_params = [{"type": "public-key", "alg": ES256.ALGORITHM}] key_params = [{"type": "public-key", "alg": ES256.ALGORITHM}]
cdh = b"123456789abcdef0123456789abcdef0" cdh = b"123456789abcdef0123456789abcdef0"
def testFunc(func, test, *args, **kwargs):
with Test(test):
res = None
expectedError = kwargs.get("expectedError", None)
otherArgs = kwargs.get("other", {})
try:
res = func(*args, **otherArgs)
if expectedError != CtapError.ERR.SUCCESS:
raise RuntimeError(
"Expected error to occur for test: %s" % test
)
except CtapError as e:
if expectedError is not None:
if e.code != expectedError:
raise RuntimeError(
"Got error code 0x%x, expected %x"
% (e.code, expectedError)
)
else:
print(e)
return res
def testReset():
print("Resetting Authenticator...")
self.ctap.reset()
def testMC(test, *args, **kwargs):
return testFunc(self.ctap.make_credential, test, *args, **kwargs)
def testGA(test, *args, **kwargs):
return testFunc(self.ctap.get_assertion, test, *args, **kwargs)
def testCP(test, *args, **kwargs):
return testFunc(self.ctap.client_pin, test, *args, **kwargs)
def testPP(test, *args, **kwargs):
return testFunc(
self.client.pin_protocol.get_pin_token, test, *args, **kwargs
)
def reboot(): def reboot():
if self.is_sim: if self.is_sim:
print("Sending restart command...") print("Sending restart command...")
@ -788,7 +809,7 @@ class Tester:
input() input()
self.find_device() self.find_device()
testReset() self.testReset()
with Test("Get info"): with Test("Get info"):
info = self.ctap.get_info() info = self.ctap.get_info()
@ -804,7 +825,7 @@ class Tester:
for x in info.options: for x in info.options:
assert info.options[x] in [True, False] assert info.options[x] in [True, False]
prev_reg = testMC( prev_reg = self.testMC(
"Send MC request, expect success", "Send MC request, expect success",
cdh, cdh,
rp, rp,
@ -826,7 +847,7 @@ class Tester:
} }
] ]
prev_auth = testGA( prev_auth = self.testGA(
"Send GA request, expect success", "Send GA request, expect success",
rp["id"], rp["id"],
cdh, cdh,
@ -847,7 +868,7 @@ class Tester:
assert prev_auth.user == None assert prev_auth.user == None
assert prev_auth.number_of_credentials == None assert prev_auth.number_of_credentials == None
testGA( self.testGA(
"Send GA request with empty allow_list, expect NO_CREDENTIALS", "Send GA request with empty allow_list, expect NO_CREDENTIALS",
rp["id"], rp["id"],
cdh, cdh,
@ -860,7 +881,7 @@ class Tester:
badid[len(badid) // 2] = badid[len(badid) // 2] ^ 1 badid[len(badid) // 2] = badid[len(badid) // 2] ^ 1
badid = bytes(badid) badid = bytes(badid)
testGA( self.testGA(
"Send GA request with corrupt credId in allow_list, expect NO_CREDENTIALS", "Send GA request with corrupt credId in allow_list, expect NO_CREDENTIALS",
rp["id"], rp["id"],
cdh, cdh,
@ -868,7 +889,7 @@ class Tester:
expectedError=CtapError.ERR.NO_CREDENTIALS, expectedError=CtapError.ERR.NO_CREDENTIALS,
) )
testMC( self.testMC(
"Send MC request with missing clientDataHash, expect error", "Send MC request with missing clientDataHash, expect error",
None, None,
rp, rp,
@ -877,7 +898,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with integer for clientDataHash, expect error", "Send MC request with integer for clientDataHash, expect error",
5, 5,
rp, rp,
@ -885,7 +906,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with missing user, expect error", "Send MC request with missing user, expect error",
cdh, cdh,
rp, rp,
@ -894,7 +915,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with bytearray user, expect error", "Send MC request with bytearray user, expect error",
cdh, cdh,
rp, rp,
@ -902,7 +923,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with missing RP, expect error", "Send MC request with missing RP, expect error",
cdh, cdh,
None, None,
@ -911,7 +932,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with bytearray RP, expect error", "Send MC request with bytearray RP, expect error",
cdh, cdh,
b"1234abcd", b"1234abcd",
@ -919,7 +940,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with missing pubKeyCredParams, expect error", "Send MC request with missing pubKeyCredParams, expect error",
cdh, cdh,
rp, rp,
@ -928,7 +949,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with incorrect pubKeyCredParams, expect error", "Send MC request with incorrect pubKeyCredParams, expect error",
cdh, cdh,
rp, rp,
@ -936,7 +957,7 @@ class Tester:
b"2356", b"2356",
) )
testMC( self.testMC(
"Send MC request with incorrect excludeList, expect error", "Send MC request with incorrect excludeList, expect error",
cdh, cdh,
rp, rp,
@ -945,7 +966,7 @@ class Tester:
other={"exclude_list": 8}, other={"exclude_list": 8},
) )
testMC( self.testMC(
"Send MC request with incorrect extensions, expect error", "Send MC request with incorrect extensions, expect error",
cdh, cdh,
rp, rp,
@ -954,7 +975,7 @@ class Tester:
other={"extensions": 8}, other={"extensions": 8},
) )
testMC( self.testMC(
"Send MC request with incorrect options, expect error", "Send MC request with incorrect options, expect error",
cdh, cdh,
rp, rp,
@ -963,7 +984,7 @@ class Tester:
other={"options": 8}, other={"options": 8},
) )
testMC( self.testMC(
"Send MC request with bad RP.name", "Send MC request with bad RP.name",
cdh, cdh,
{"id": self.host, "name": 8, "icon": "icon"}, {"id": self.host, "name": 8, "icon": "icon"},
@ -971,7 +992,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad RP.id", "Send MC request with bad RP.id",
cdh, cdh,
{"id": 8, "name": "name", "icon": "icon"}, {"id": 8, "name": "name", "icon": "icon"},
@ -979,7 +1000,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad RP.icon", "Send MC request with bad RP.icon",
cdh, cdh,
{"id": self.host, "name": "name", "icon": 8}, {"id": self.host, "name": "name", "icon": 8},
@ -987,7 +1008,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad user.name", "Send MC request with bad user.name",
cdh, cdh,
rp, rp,
@ -995,7 +1016,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad user.id", "Send MC request with bad user.id",
cdh, cdh,
rp, rp,
@ -1003,7 +1024,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad user.displayName", "Send MC request with bad user.displayName",
cdh, cdh,
rp, rp,
@ -1011,7 +1032,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with bad user.icon", "Send MC request with bad user.icon",
cdh, cdh,
rp, rp,
@ -1019,7 +1040,7 @@ class Tester:
key_params, key_params,
) )
testMC( self.testMC(
"Send MC request with non-map pubKeyCredParams item", "Send MC request with non-map pubKeyCredParams item",
cdh, cdh,
rp, rp,
@ -1027,7 +1048,7 @@ class Tester:
["wrong"], ["wrong"],
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item missing type field", "Send MC request with pubKeyCredParams item missing type field",
cdh, cdh,
rp, rp,
@ -1036,7 +1057,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item with bad type field", "Send MC request with pubKeyCredParams item with bad type field",
cdh, cdh,
rp, rp,
@ -1044,7 +1065,7 @@ class Tester:
[{"alg": ES256.ALGORITHM, "type": b"public-key"}], [{"alg": ES256.ALGORITHM, "type": b"public-key"}],
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item missing alg", "Send MC request with pubKeyCredParams item missing alg",
cdh, cdh,
rp, rp,
@ -1053,7 +1074,7 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item with bad alg", "Send MC request with pubKeyCredParams item with bad alg",
cdh, cdh,
rp, rp,
@ -1061,7 +1082,7 @@ class Tester:
[{"alg": "7", "type": "public-key"}], [{"alg": "7", "type": "public-key"}],
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item with bogus alg, expect UNSUPPORTED_ALGORITHM", "Send MC request with pubKeyCredParams item with bogus alg, expect UNSUPPORTED_ALGORITHM",
cdh, cdh,
rp, rp,
@ -1070,7 +1091,7 @@ class Tester:
expectedError=CtapError.ERR.UNSUPPORTED_ALGORITHM, expectedError=CtapError.ERR.UNSUPPORTED_ALGORITHM,
) )
testMC( self.testMC(
"Send MC request with pubKeyCredParams item with bogus type, expect UNSUPPORTED_ALGORITHM", "Send MC request with pubKeyCredParams item with bogus type, expect UNSUPPORTED_ALGORITHM",
cdh, cdh,
rp, rp,
@ -1079,7 +1100,7 @@ class Tester:
expectedError=CtapError.ERR.UNSUPPORTED_ALGORITHM, expectedError=CtapError.ERR.UNSUPPORTED_ALGORITHM,
) )
testMC( self.testMC(
"Send MC request with excludeList item with bogus type, expect SUCCESS", "Send MC request with excludeList item with bogus type, expect SUCCESS",
cdh, cdh,
rp, rp,
@ -1089,7 +1110,7 @@ class Tester:
other={"exclude_list": [{"id": b"1234", "type": "rot13"}]}, other={"exclude_list": [{"id": b"1234", "type": "rot13"}]},
) )
testMC( self.testMC(
"Send MC request with excludeList with bad item, expect error", "Send MC request with excludeList with bad item, expect error",
cdh, cdh,
rp, rp,
@ -1098,7 +1119,7 @@ class Tester:
other={"exclude_list": ["1234"]}, other={"exclude_list": ["1234"]},
) )
testMC( self.testMC(
"Send MC request with excludeList with item missing type field, expect error", "Send MC request with excludeList with item missing type field, expect error",
cdh, cdh,
rp, rp,
@ -1107,7 +1128,7 @@ class Tester:
other={"exclude_list": [{"id": b"1234"}]}, other={"exclude_list": [{"id": b"1234"}]},
) )
testMC( self.testMC(
"Send MC request with excludeList with item missing id field, expect error", "Send MC request with excludeList with item missing id field, expect error",
cdh, cdh,
rp, rp,
@ -1116,7 +1137,7 @@ class Tester:
other={"exclude_list": [{"type": "public-key"}]}, other={"exclude_list": [{"type": "public-key"}]},
) )
testMC( self.testMC(
"Send MC request with excludeList with item containing bad id field, expect error", "Send MC request with excludeList with item containing bad id field, expect error",
cdh, cdh,
rp, rp,
@ -1125,7 +1146,7 @@ class Tester:
other={"exclude_list": [{"type": "public-key", "id": "1234"}]}, other={"exclude_list": [{"type": "public-key", "id": "1234"}]},
) )
testMC( self.testMC(
"Send MC request with excludeList with item containing bad type field, expect error", "Send MC request with excludeList with item containing bad type field, expect error",
cdh, cdh,
rp, rp,
@ -1134,7 +1155,7 @@ class Tester:
other={"exclude_list": [{"type": b"public-key", "id": b"1234"}]}, other={"exclude_list": [{"type": b"public-key", "id": b"1234"}]},
) )
testMC( self.testMC(
"Send MC request with excludeList containing previous registration, expect CREDENTIAL_EXCLUDED", "Send MC request with excludeList containing previous registration, expect CREDENTIAL_EXCLUDED",
cdh, cdh,
rp, rp,
@ -1151,7 +1172,7 @@ class Tester:
expectedError=CtapError.ERR.CREDENTIAL_EXCLUDED, expectedError=CtapError.ERR.CREDENTIAL_EXCLUDED,
) )
testMC( self.testMC(
"Send MC request with unknown option, expect SUCCESS", "Send MC request with unknown option, expect SUCCESS",
cdh, cdh,
rp, rp,
@ -1163,7 +1184,7 @@ class Tester:
if "uv" in info.options: if "uv" in info.options:
if info.options["uv"]: if info.options["uv"]:
testMC( self.testMC(
"Send MC request with uv set to true, expect SUCCESS", "Send MC request with uv set to true, expect SUCCESS",
cdh, cdh,
rp, rp,
@ -1174,7 +1195,7 @@ class Tester:
) )
if "up" in info.options: if "up" in info.options:
if info.options["up"]: if info.options["up"]:
testMC( self.testMC(
"Send MC request with up set to true, expect INVALID_OPTION", "Send MC request with up set to true, expect INVALID_OPTION",
cdh, cdh,
rp, rp,
@ -1184,7 +1205,7 @@ class Tester:
expectedError=CtapError.ERR.INVALID_OPTION, expectedError=CtapError.ERR.INVALID_OPTION,
) )
testGA( self.testGA(
"Send GA request with missing RPID, expect MISSING_PARAMETER", "Send GA request with missing RPID, expect MISSING_PARAMETER",
None, None,
cdh, cdh,
@ -1192,14 +1213,14 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testGA( self.testGA(
"Send GA request with bad RPID, expect error", "Send GA request with bad RPID, expect error",
{"type": "wrong"}, {"type": "wrong"},
cdh, cdh,
allow_list, allow_list,
) )
testGA( self.testGA(
"Send GA request with missing clientDataHash, expect MISSING_PARAMETER", "Send GA request with missing clientDataHash, expect MISSING_PARAMETER",
rp["id"], rp["id"],
None, None,
@ -1207,28 +1228,28 @@ class Tester:
expectedError=CtapError.ERR.MISSING_PARAMETER, expectedError=CtapError.ERR.MISSING_PARAMETER,
) )
testGA( self.testGA(
"Send GA request with bad clientDataHash, expect error", "Send GA request with bad clientDataHash, expect error",
rp["id"], rp["id"],
{"type": "wrong"}, {"type": "wrong"},
allow_list, allow_list,
) )
testGA( self.testGA(
"Send GA request with bad allow_list, expect error", "Send GA request with bad allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
{"type": "wrong"}, {"type": "wrong"},
) )
testGA( self.testGA(
"Send GA request with bad item in allow_list, expect error", "Send GA request with bad item in allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
allow_list + ["wrong"], allow_list + ["wrong"],
) )
testGA( self.testGA(
"Send GA request with unknown option, expect SUCCESS", "Send GA request with unknown option, expect SUCCESS",
rp["id"], rp["id"],
cdh, cdh,
@ -1239,7 +1260,7 @@ class Tester:
if "uv" in info.options: if "uv" in info.options:
if info.options["uv"]: if info.options["uv"]:
res = testGA( res = self.testGA(
"Send GA request with uv set to true, expect SUCCESS", "Send GA request with uv set to true, expect SUCCESS",
rp["id"], rp["id"],
cdh, cdh,
@ -1251,7 +1272,7 @@ class Tester:
assert res.auth_data.flags & (1 << 2) assert res.auth_data.flags & (1 << 2)
if "up" in info.options: if "up" in info.options:
if info.options["up"]: if info.options["up"]:
res = testGA( res = self.testGA(
"Send GA request with up set to true, expect SUCCESS", "Send GA request with up set to true, expect SUCCESS",
rp["id"], rp["id"],
cdh, cdh,
@ -1262,7 +1283,7 @@ class Tester:
with Test("Check that UP flag is set in response"): with Test("Check that UP flag is set in response"):
assert res.auth_data.flags & 1 assert res.auth_data.flags & 1
testGA( self.testGA(
"Send GA request with bogus type item in allow_list, expect SUCCESS", "Send GA request with bogus type item in allow_list, expect SUCCESS",
rp["id"], rp["id"],
cdh, cdh,
@ -1270,38 +1291,38 @@ class Tester:
expectedError=CtapError.ERR.SUCCESS, expectedError=CtapError.ERR.SUCCESS,
) )
testGA( self.testGA(
"Send GA request with item missing type field in allow_list, expect error", "Send GA request with item missing type field in allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
allow_list + [{"id": b"1234"}], allow_list + [{"id": b"1234"}],
) )
testGA( self.testGA(
"Send GA request with item containing bad type field in allow_list, expect error", "Send GA request with item containing bad type field in allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
allow_list + [{"type": b"public-key", "id": b"1234"}], allow_list + [{"type": b"public-key", "id": b"1234"}],
) )
testGA( self.testGA(
"Send GA request with item containing bad id in allow_list, expect error", "Send GA request with item containing bad id in allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
allow_list + [{"type": b"public-key", "id": 42}], allow_list + [{"type": b"public-key", "id": 42}],
) )
testGA( self.testGA(
"Send GA request with item missing id in allow_list, expect error", "Send GA request with item missing id in allow_list, expect error",
rp["id"], rp["id"],
cdh, cdh,
allow_list + [{"type": b"public-key"}], allow_list + [{"type": b"public-key"}],
) )
testReset() self.testReset()
def testRk(pin_code=None): def testRk(pin_code=None):
testGA( self.testGA(
"Send GA request with reset auth, expect NO_CREDENTIALS", "Send GA request with reset auth, expect NO_CREDENTIALS",
rp["id"], rp["id"],
cdh, cdh,
@ -1316,7 +1337,7 @@ class Tester:
pin_token = self.client.pin_protocol.get_pin_token(pin_code) pin_token = self.client.pin_protocol.get_pin_token(pin_code)
pin_auth = hmac_sha256(pin_token, cdh)[:16] pin_auth = hmac_sha256(pin_token, cdh)[:16]
testMC( self.testMC(
"Send MC request with rk option set to true, expect SUCCESS", "Send MC request with rk option set to true, expect SUCCESS",
cdh, cdh,
rp, rp,
@ -1331,7 +1352,7 @@ class Tester:
options["uv"] = False options["uv"] = False
for i, x in enumerate([user1, user2, user3]): for i, x in enumerate([user1, user2, user3]):
testMC( self.testMC(
"Send MC request with rk option set to true, expect SUCCESS %d/3" "Send MC request with rk option set to true, expect SUCCESS %d/3"
% (i + 1), % (i + 1),
cdh, cdh,
@ -1342,7 +1363,7 @@ class Tester:
expectedError=CtapError.ERR.SUCCESS, expectedError=CtapError.ERR.SUCCESS,
) )
auth1 = testGA( auth1 = self.testGA(
"Send GA request with no allow_list, expect SUCCESS", "Send GA request with no allow_list, expect SUCCESS",
rp2["id"], rp2["id"],
cdh, cdh,
@ -1383,7 +1404,7 @@ class Tester:
testRk("1234567890") testRk("1234567890")
# PinProtocolV1 # PinProtocolV1
res = testCP( res = self.testCP(
"Test getKeyAgreement, expect SUCCESS", "Test getKeyAgreement, expect SUCCESS",
pin_protocol, pin_protocol,
PinProtocolV1.CMD.GET_KEY_AGREEMENT, PinProtocolV1.CMD.GET_KEY_AGREEMENT,
@ -1405,7 +1426,7 @@ class Tester:
pin_token = self.client.pin_protocol.get_pin_token(pin2) pin_token = self.client.pin_protocol.get_pin_token(pin2)
pin_auth = hmac_sha256(pin_token, cdh)[:16] pin_auth = hmac_sha256(pin_token, cdh)[:16]
res_mc = testMC( res_mc = self.testMC(
"Send MC request with new pin auth", "Send MC request with new pin auth",
cdh, cdh,
rp, rp,
@ -1418,7 +1439,7 @@ class Tester:
with Test("Check UV flag is set"): with Test("Check UV flag is set"):
assert res_mc.auth_data.flags & (1 << 2) assert res_mc.auth_data.flags & (1 << 2)
res_ga = testGA( res_ga = self.testGA(
"Send GA request with no allow_list, expect SUCCESS", "Send GA request with no allow_list, expect SUCCESS",
rp["id"], rp["id"],
cdh, cdh,
@ -1435,12 +1456,12 @@ class Tester:
with Test("Check UV flag is set"): with Test("Check UV flag is set"):
assert res_ga.auth_data.flags & (1 << 2) assert res_ga.auth_data.flags & (1 << 2)
testReset() self.testReset()
with Test("Setting pin code, expect SUCCESS"): with Test("Setting pin code, expect SUCCESS"):
self.client.pin_protocol.set_pin(pin1) self.client.pin_protocol.set_pin(pin1)
testReset() self.testReset()
# print("Setting pin code <4 bytes, expect POLICY_VIOLATION ") # print("Setting pin code <4 bytes, expect POLICY_VIOLATION ")
# try: # try:
@ -1486,7 +1507,7 @@ class Tester:
except CtapError as e: except CtapError as e:
print(e) print(e)
res_mc = testMC( res_mc = self.testMC(
"Send MC request with no pin_auth, expect PIN_REQUIRED", "Send MC request with no pin_auth, expect PIN_REQUIRED",
cdh, cdh,
rp, rp,
@ -1495,14 +1516,14 @@ class Tester:
expectedError=CtapError.ERR.PIN_REQUIRED, expectedError=CtapError.ERR.PIN_REQUIRED,
) )
res_mc = testGA( res_mc = self.testGA(
"Send GA request with no pin_auth, expect PIN_REQUIRED", "Send GA request with no pin_auth, expect PIN_REQUIRED",
rp["id"], rp["id"],
cdh, cdh,
expectedError=CtapError.ERR.PIN_REQUIRED, expectedError=CtapError.ERR.PIN_REQUIRED,
) )
res = testCP( res = self.testCP(
"Test getRetries, expect SUCCESS", "Test getRetries, expect SUCCESS",
pin_protocol, pin_protocol,
PinProtocolV1.CMD.GET_RETRIES, PinProtocolV1.CMD.GET_RETRIES,
@ -1520,7 +1541,7 @@ class Tester:
pin_wrong = "".join(pin_wrong) pin_wrong = "".join(pin_wrong)
for i in range(1, 3): for i in range(1, 3):
testPP( self.testPP(
"Get pin_token with wrong pin code, expect PIN_INVALID (%d/2)" % i, "Get pin_token with wrong pin code, expect PIN_INVALID (%d/2)" % i,
pin_wrong, pin_wrong,
expectedError=CtapError.ERR.PIN_INVALID, expectedError=CtapError.ERR.PIN_INVALID,
@ -1531,7 +1552,7 @@ class Tester:
print("Pass") print("Pass")
for i in range(1, 3): for i in range(1, 3):
testPP( self.testPP(
"Get pin_token with wrong pin code, expect PIN_AUTH_BLOCKED %d/2" % i, "Get pin_token with wrong pin code, expect PIN_AUTH_BLOCKED %d/2" % i,
pin_wrong, pin_wrong,
expectedError=CtapError.ERR.PIN_AUTH_BLOCKED, expectedError=CtapError.ERR.PIN_AUTH_BLOCKED,
@ -1543,7 +1564,7 @@ class Tester:
pin_token = self.client.pin_protocol.get_pin_token(pin1) pin_token = self.client.pin_protocol.get_pin_token(pin1)
pin_auth = hmac_sha256(pin_token, cdh)[:16] pin_auth = hmac_sha256(pin_token, cdh)[:16]
res_mc = testMC( res_mc = self.testMC(
"Send MC request with correct pin_auth", "Send MC request with correct pin_auth",
cdh, cdh,
rp, rp,
@ -1563,7 +1584,7 @@ class Tester:
err = CtapError.ERR.PIN_AUTH_BLOCKED err = CtapError.ERR.PIN_AUTH_BLOCKED
elif i >= 9: elif i >= 9:
err = CtapError.ERR.PIN_BLOCKED err = CtapError.ERR.PIN_BLOCKED
testPP( self.testPP(
"Lock out authentictor and check correct error codes %d/9" % i, "Lock out authentictor and check correct error codes %d/9" % i,
pin_wrong, pin_wrong,
expectedError=err, expectedError=err,
@ -1580,7 +1601,7 @@ class Tester:
if err == CtapError.ERR.PIN_AUTH_BLOCKED: if err == CtapError.ERR.PIN_AUTH_BLOCKED:
reboot() reboot()
res_mc = testMC( res_mc = self.testMC(
"Send MC request with correct pin_auth, expect PIN_BLOCKED", "Send MC request with correct pin_auth, expect PIN_BLOCKED",
cdh, cdh,
rp, rp,
@ -1592,13 +1613,13 @@ class Tester:
reboot() reboot()
testPP( self.testPP(
"Get pin_token with correct pin code, expect PIN_BLOCKED", "Get pin_token with correct pin code, expect PIN_BLOCKED",
pin1, pin1,
expectedError=CtapError.ERR.PIN_BLOCKED, expectedError=CtapError.ERR.PIN_BLOCKED,
) )
testReset() self.testReset()
print("Done") print("Done")
@ -1856,6 +1877,9 @@ if __name__ == "__main__":
t.test_fido2() t.test_fido2()
t.test_fido2_other() t.test_fido2_other()
if "fido2-ext" in sys.argv:
t.test_extensions()
if "rk" in sys.argv: if "rk" in sys.argv:
t.test_rk() t.test_rk()