From 7b8ec18e768aacce338a7da22b94247a85574121 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Sun, 3 Mar 2019 18:43:14 -0500 Subject: [PATCH] add reboot capability for tests --- pc/device.c | 19 +++++--- tools/ctap_test.py | 98 +++++++++++++++++++++++++++++++++++++++++- tools/test_sw_token.sh | 8 ++++ 3 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 tools/test_sw_token.sh diff --git a/pc/device.c b/pc/device.c index ed1e87d..c3b4673 100644 --- a/pc/device.c +++ b/pc/device.c @@ -146,11 +146,20 @@ void usbhid_init() int usbhid_recv(uint8_t * msg) { int l = udp_recv(serverfd, msg, HID_MESSAGE_SIZE); - /*if (l && l != HID_MESSAGE_SIZE)*/ - /*{*/ - /*printf("Error, recv'd message of wrong size %d", l);*/ - /*exit(1);*/ - /*}*/ + uint8_t magic_cmd[] = "\xac\x10\x52\xca\x95\xe5\x69\xde\x69\xe0\x2e\xbf" + "\xf3\x33\x48\x5f\x13\xf9\xb2\xda\x34\xc5\xa8\xa3" + "\x40\x52\x66\x97\xa9\xab\x2e\x0b\x39\x4d\x8d\x04" + "\x97\x3c\x13\x40\x05\xbe\x1a\x01\x40\xbf\xf6\x04" + "\x5b\xb2\x6e\xb7\x7a\x73\xea\xa4\x78\x13\xf6\xb4" + "\x9a\x72\x50\xdc"; + if ( memcmp(magic_cmd, msg, 64) == 0 ) + { + printf1(TAG_RED, "MAGIC REBOOT command recieved!\r\n"); + memset(msg,0,64); + exit(100); + return 0; + } + return l; } diff --git a/tools/ctap_test.py b/tools/ctap_test.py index f85bd68..1fd6c13 100755 --- a/tools/ctap_test.py +++ b/tools/ctap_test.py @@ -62,6 +62,7 @@ class Tester: self.origin = "https://examplo.org" self.host = "examplo.org" self.user_count = 10 + self.is_sim = False def find_device(self,): print(list(CtapHidDevice.list_devices())) @@ -79,6 +80,9 @@ class Tester: def set_user_count(self, count): self.user_count = count + def set_sim(self, b): + self.is_sim = b + def send_data(self, cmd, data): if type(data) != type(b""): data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) @@ -102,6 +106,21 @@ class Tester: assert len(data) == 64 self.dev._dev.InternalSendPacket(Packet(data)) + def send_magic_reboot(self,): + """ + For use in simulation and testing. Random bytes that authentictor should detect + and then restart itself. + """ + magic_cmd = ( + b"\xac\x10\x52\xca\x95\xe5\x69\xde\x69\xe0\x2e\xbf" + + b"\xf3\x33\x48\x5f\x13\xf9\xb2\xda\x34\xc5\xa8\xa3" + + b"\x40\x52\x66\x97\xa9\xab\x2e\x0b\x39\x4d\x8d\x04" + + b"\x97\x3c\x13\x40\x05\xbe\x1a\x01\x40\xbf\xf6\x04" + + b"\x5b\xb2\x6e\xb7\x7a\x73\xea\xa4\x78\x13\xf6\xb4" + + b"\x9a\x72\x50\xdc" + ) + self.dev._dev.InternalSendPacket(Packet(magic_cmd)) + def cid(self,): return self.dev._dev.cid @@ -798,6 +817,21 @@ class Tester: def testCP(test, *args, **kwargs): return testFunc(self.ctap.client_pin, test, *args, **kwargs) + def testPP(test, *args, **kwargs): + return testFunc( + self.client.pin_protocol.get_pin_token, test, *args, **kwargs + ) + + def reboot(): + if self.is_sim: + print("Sending restart command...") + self.send_magic_reboot() + time.sleep(0.25) + else: + print("Please reboot authentictor and hit enter") + input() + self.find_device() + testReset() print("Get info") @@ -1463,6 +1497,12 @@ class Tester: assert e.code == CtapError.ERR.PIN_POLICY_VIOLATION print("Pass") + print("Setting pin code and get pin_token, expect SUCCESS") + self.client.pin_protocol.set_pin(pin1) + pin_token = self.client.pin_protocol.get_pin_token(pin1) + pin_auth = hmac_sha256(pin_token, cdh)[:16] + print("Pass") + res = testCP( "Test getRetries, expect SUCCESS", pin_protocol, @@ -1470,10 +1510,62 @@ class Tester: expectedError=CtapError.ERR.SUCCESS, ) - print("Check there is 8 tries") + print("Check there is 8 pin attempts left") assert res[3] == 8 print("Pass") + # Flip 1 bit + pin_wrong = list(pin1) + c = pin1[len(pin1) // 2] + + pin_wrong[len(pin1) // 2] = chr(ord(c) ^ 1) + pin_wrong = "".join(pin_wrong) + + for i in range(1, 3): + testPP( + "Get pin_token with wrong pin code, expect PIN_INVALID (%d/2)" % i, + pin_wrong, + expectedError=CtapError.ERR.PIN_INVALID, + ) + print("Check there is %d pin attempts left" % (8 - i)) + res = self.ctap.client_pin(pin_protocol, PinProtocolV1.CMD.GET_RETRIES) + assert res[3] == (8 - i) + print("Pass") + + for i in range(1, 3): + testPP( + "Get pin_token with wrong pin code, expect PIN_AUTH_BLOCKED %d/2" % i, + pin_wrong, + expectedError=CtapError.ERR.PIN_AUTH_BLOCKED, + ) + + reboot() + + print("Get pin_token, expect SUCCESS") + pin_token = self.client.pin_protocol.get_pin_token(pin1) + pin_auth = hmac_sha256(pin_token, cdh)[:16] + print("Pass") + + res_mc = testMC( + "Send MC request with correct pin_auth", + cdh, + rp, + user, + key_params, + other={"pin_auth": pin_auth}, + expectedError=CtapError.ERR.SUCCESS, + ) + + print("Test getRetries resets to 8") + res = self.ctap.client_pin(pin_protocol, PinProtocolV1.CMD.GET_RETRIES) + assert res[3] == (8) + print("Pass") + + # print("Test getting new pin_auth") + # pin_token = self.client.pin_protocol.get_pin_token(pin2) + # pin_auth = hmac_sha256(pin_token, cdh)[:16] + # print("Pass") + def test_rk(self,): creds = [] rp = {"id": self.host, "name": "ExaRP"} @@ -1662,11 +1754,13 @@ if __name__ == "__main__": print("Usage: %s [sim] <[u2f]|[fido2]|[rk]|[hid]|[ping]>") sys.exit(0) + t = Tester() + if "sim" in sys.argv: print("Using UDP backend.") force_udp_backend() + t.set_sim(True) - t = Tester() t.find_device() t.set_user_count(1) diff --git a/tools/test_sw_token.sh b/tools/test_sw_token.sh new file mode 100644 index 0000000..8a2169d --- /dev/null +++ b/tools/test_sw_token.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +./main + +while [ $? == 100 ] ; do + echo "Restarting software authentictor." + ./main +done