From d2091563abc0c77b15931a92ce7094e1aca8be04 Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Tue, 26 Mar 2019 16:09:30 -0400 Subject: [PATCH] fix code quality issues --- tools/testing/tests/fido2.py | 105 ++++++++-------------------------- tools/testing/tests/hid.py | 12 ++-- tools/testing/tests/solo.py | 8 +-- tools/testing/tests/tester.py | 31 +++++----- tools/testing/tests/u2f.py | 2 +- tools/testing/tests/util.py | 6 +- 6 files changed, 55 insertions(+), 109 deletions(-) diff --git a/tools/testing/tests/fido2.py b/tools/testing/tests/fido2.py index ac50378..105e279 100644 --- a/tools/testing/tests/fido2.py +++ b/tools/testing/tests/fido2.py @@ -1,8 +1,8 @@ from __future__ import print_function, absolute_import, unicode_literals -import sys, os, time +import sys +import time from random import randint -from binascii import hexlify -import array, struct, socket +import array from fido2.ctap import CtapError @@ -73,62 +73,7 @@ class FIDO2Tests(Tester): print("Assertion time: %d ms" % (t2 - t1)) - def test_fido2_brute_force(self): - creds = [] - exclude_list = [] - PIN = None - abc = "abcdefghijklnmopqrstuvwxyz" - abc += abc.upper() - - self.ctap.reset() - - for i in range(0, 2048 ** 2): - creds = [] - - challenge = "".join([abc[randint(0, len(abc) - 1)] for x in range(0, 32)]) - - fake_id1 = array.array( - "B", [randint(0, 255) for i in range(0, 150)] - ).tobytes() - fake_id2 = array.array( - "B", [randint(0, 255) for i in range(0, 73)] - ).tobytes() - - exclude_list.append({"id": fake_id1, "type": "public-key"}) - exclude_list.append({"id": fake_id2, "type": "public-key"}) - - # for i in range(0,2048**2): - for i in range(0, 1): - t1 = time.time() * 1000 - attest, data = self.client.make_credential( - rp, user, challenge, pin=PIN, exclude_list=[] - ) - print(attest.auth_data.counter) - t2 = time.time() * 1000 - VerifyAttestation(attest, data) - print("Register valid (%d ms)" % (t2 - t1)) - sys.stdout.flush() - - cred = attest.auth_data.credential_data - creds.append(cred) - - # for i in range(0,2048**2): - for i in range(0, 1): - allow_list = [{"id": creds[0].credential_id, "type": "public-key"}] - t1 = time.time() * 1000 - assertions, client_data = self.client.get_assertion( - rp["id"], challenge, allow_list, pin=PIN - ) - t2 = time.time() * 1000 - assertions[0].verify(client_data.hash, creds[0].public_key) - print(assertions[0].auth_data.counter) - - print("Assertion valid (%d ms)" % (t2 - t1)) - sys.stdout.flush() - def test_extensions(self,): - creds = [] - exclude_list = [] salt1 = b"\x5a" * 32 salt2 = b"\x96" * 32 @@ -208,7 +153,7 @@ class FIDO2Tests(Tester): ext = auth.auth_data.extensions assert ext assert "hmac-secret" in ext - assert type(ext["hmac-secret"]) == type(b"") + assert isinstance(ext["hmac-secret"], bytes) assert len(ext["hmac-secret"]) == len(salt_list) * 32 with Test("Check that shannon_entropy of hmac-secret is good"): @@ -901,7 +846,7 @@ class FIDO2Tests(Tester): with Test("Send an extra getNextAssertion request, expect error"): try: - auth4 = self.ctap.get_next_assertion() + self.ctap.get_next_assertion() assert 0 except CtapError as e: print(e) @@ -924,7 +869,7 @@ class FIDO2Tests(Tester): assert "Is P256" and key[-1] == 1 if key[3] != -7: print("WARNING: algorithm returned is not for ES256 (-7): ", key[3]) - assert "Right key" and len(key[-3]) == 32 and type(key[-3]) == type(bytes()) + assert "Right key" and len(key[-3]) == 32 and isinstance(key[-3], bytes) with Test("Test setting a new pin"): pin2 = "qwertyuiop\x11\x22\x33\x00123" @@ -961,18 +906,18 @@ class FIDO2Tests(Tester): expectedError=CtapError.ERR.SUCCESS, ) - self.testGA( - "Send GA request with no pinAuth, expect SUCCESS", - rp["id"], - cdh, - [ - { - "type": "public-key", - "id": res_mc.auth_data.credential_data.credential_id, - } - ], - expectedError=CtapError.ERR.SUCCESS, - ) + # self.testGA( + # "Send GA request with no pinAuth, expect SUCCESS", + # rp["id"], + # cdh, + # [ + # { + # "type": "public-key", + # "id": res_mc.auth_data.credential_data.credential_id, + # } + # ], + # expectedError=CtapError.ERR.SUCCESS, + # ) with Test("Check UV flag is set"): assert res_ga.auth_data.flags & (1 << 2) @@ -1029,12 +974,12 @@ class FIDO2Tests(Tester): expectedError=CtapError.ERR.PIN_REQUIRED, ) - res_mc = self.testGA( - "Send GA request with no pin_auth, expect NO_CREDENTIALS", - rp["id"], - cdh, - expectedError=CtapError.ERR.NO_CREDENTIALS, - ) + # res_mc = self.testGA( + # "Send GA request with no pin_auth, expect NO_CREDENTIALS", + # rp["id"], + # cdh, + # expectedError=CtapError.ERR.NO_CREDENTIALS, + # ) res = self.testCP( "Test getRetries, expect SUCCESS", @@ -1096,7 +1041,7 @@ class FIDO2Tests(Tester): if i in (3, 6): err = CtapError.ERR.PIN_AUTH_BLOCKED elif i >= 8: - err = [CtapError.ERR.PIN_BLOCKED, CtapError.ERR.PIN_AUTH_BLOCKED] + err = [CtapError.ERR.PIN_BLOCKED, CtapError.ERR.PIN_INVALID] self.testPP( "Lock out authentictor and check correct error codes %d/9" % i, pin_wrong, diff --git a/tools/testing/tests/hid.py b/tools/testing/tests/hid.py index 4ad3f6c..74d9d92 100644 --- a/tools/testing/tests/hid.py +++ b/tools/testing/tests/hid.py @@ -1,7 +1,7 @@ -import sys, struct, os, time +import sys, os, time from binascii import hexlify -from fido2.hid import CtapHidDevice, CTAPHID +from fido2.hid import CTAPHID from fido2.ctap import CtapError from .tester import Tester, Test @@ -34,7 +34,7 @@ class HIDTests(Tester): raise RuntimeError("Fob is too slow (%d ms)" % delt) if r != pingdata: raise ValueError("Ping data not echo'd") - except CtapError as e: + except CtapError: raise RuntimeError("ping failed") sys.stdout.flush() @@ -95,7 +95,7 @@ class HIDTests(Tester): with Test("Sending packet with too large of a length."): self.send_raw("\x81\x1d\xba\x00") cmd, resp = self.recv_raw() - self.check_error(resp, CtapError.ERR.INVALID_LENGTH) + Tester.check_error(resp, CtapError.ERR.INVALID_LENGTH) r = self.send_data(CTAPHID.PING, "\x44" * 200) with Test("Sending packets that skip a sequence number."): @@ -105,7 +105,7 @@ class HIDTests(Tester): # skip 2 self.send_raw("\x03") cmd, resp = self.recv_raw() - self.check_error(resp, CtapError.ERR.INVALID_SEQ) + Tester.check_error(resp, CtapError.ERR.INVALID_SEQ) with Test("Resync and send ping"): try: @@ -207,7 +207,7 @@ class HIDTests(Tester): self.set_cid(cid2) # send ping on 2nd channel self.send_raw("\x81\x00\x63") - self.delay(0.1) + Tester.delay(0.1) self.send_raw("\x00") cmd, r = self.recv_raw() # busy response diff --git a/tools/testing/tests/solo.py b/tools/testing/tests/solo.py index 518389a..e59421e 100644 --- a/tools/testing/tests/solo.py +++ b/tools/testing/tests/solo.py @@ -1,6 +1,6 @@ from solo.client import SoloClient -from fido2.ctap1 import ApduError, APDU +from fido2.ctap1 import ApduError from .util import shannon_entropy from .tester import Tester, Test @@ -30,9 +30,9 @@ class SoloTests(Tester): entropy += sc.get_rng() with Test("Test entropy is close to perfect"): - sum = shannon_entropy(entropy) - assert sum > 7.98 - print("Entropy is %.5f bits per byte." % sum) + s = shannon_entropy(entropy) + assert s > 7.98 + print("Entropy is %.5f bits per byte." % s) with Test("Test Solo version command"): assert len(sc.solo_version()) == 3 diff --git a/tools/testing/tests/tester.py b/tools/testing/tests/tester.py index 0cce014..09d1e8d 100644 --- a/tools/testing/tests/tester.py +++ b/tools/testing/tests/tester.py @@ -1,8 +1,8 @@ import time, struct -from fido2.hid import CtapHidDevice, CTAPHID -from fido2.client import Fido2Client, ClientError -from fido2.ctap1 import CTAP1, ApduError, APDU +from fido2.hid import CtapHidDevice +from fido2.client import Fido2Client +from fido2.ctap1 import CTAP1, ApduError from fido2.utils import Timeout from fido2.ctap import CtapError @@ -17,7 +17,6 @@ def ForceU2F(client, device): class Packet(object): def __init__(self, data): - l = len(data) self.data = data def ToWireFormat(self,): @@ -79,14 +78,14 @@ class Tester: if self.is_sim: print("Sending restart command...") self.send_magic_reboot() - self.delay(0.25) + Tester.delay(0.25) else: print("Please reboot authentictor and hit enter") input() self.find_device() def send_data(self, cmd, data): - if type(data) != type(b""): + if not isinstance(data, bytes): data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) with Timeout(1.0) as event: return self.dev.call(cmd, data, event) @@ -94,9 +93,9 @@ class Tester: def send_raw(self, data, cid=None): if cid is None: cid = self.dev._dev.cid - elif type(cid) != type(b""): + elif not isinstance(cid, bytes): cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid]) - if type(data) != type(b""): + if not isinstance(data, bytes): data = struct.pack("%dB" % len(data), *[ord(x) for x in data]) data = cid + data l = len(data) @@ -127,16 +126,16 @@ class Tester: return self.dev._dev.cid def set_cid(self, cid): - if type(cid) not in [type(b""), type(bytearray())]: + if not isinstance(cid, (bytes, bytearray)): cid = struct.pack("%dB" % len(cid), *[ord(x) for x in cid]) self.dev._dev.cid = cid def recv_raw(self,): - with Timeout(1.0) as t: + with Timeout(1.0): cmd, payload = self.dev._dev.InternalRecv() return cmd, payload - def check_error(self, data, err=None): + def check_error(data, err=None): assert len(data) == 1 if err is None: if data[0] != 0: @@ -156,11 +155,13 @@ class Tester: except CtapError as e: if expectedError is not None: cond = e.code != expectedError - if type(expectedError) == type([]): + if isinstance(expectedError, list): cond = e.code not in expectedError + else: + expectedError = [expectedError] if cond: raise RuntimeError( - "Got error code 0x%x, expected %x" % (e.code, expectedError) + f"Got error code {hex(e.code)}, expected {[hex(x) for x in expectedError]}" ) else: print(e) @@ -170,7 +171,7 @@ class Tester: print("Resetting Authenticator...") try: self.ctap.reset() - except CtapError as e: + except CtapError: # Some authenticators need a power cycle print("You must power cycle authentictor. Hit enter when done.") input() @@ -192,5 +193,5 @@ class Tester: self.client.pin_protocol.get_pin_token, test, *args, **kwargs ) - def delay(self, secs): + def delay(secs): time.sleep(secs) diff --git a/tools/testing/tests/u2f.py b/tools/testing/tests/u2f.py index 87d8799..847769b 100644 --- a/tools/testing/tests/u2f.py +++ b/tools/testing/tests/u2f.py @@ -41,7 +41,7 @@ class U2FTests(Tester): with Test("Check bad INS"): try: - res = self.ctap1.send_apdu(0, 0, 0, 0, b"") + self.ctap1.send_apdu(0, 0, 0, 0, b"") except ApduError as e: assert e.code == 0x6D00 diff --git a/tools/testing/tests/util.py b/tools/testing/tests/util.py index d6b07ae..94c3c45 100644 --- a/tools/testing/tests/util.py +++ b/tools/testing/tests/util.py @@ -2,11 +2,11 @@ import math def shannon_entropy(data): - sum = 0.0 + s = 0.0 total = len(data) for x in range(0, 256): freq = data.count(x) p = freq / total if p > 0: - sum -= p * math.log2(p) - return sum + s -= p * math.log2(p) + return s