minor improvements
This commit is contained in:
Conor Patrick
parent
3a8be9eef7
commit
e31e703afd
@ -820,7 +820,7 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
|
|||||||
printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
|
printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
|
||||||
if (count == ALLOW_LIST_MAX_SIZE-1)
|
if (count == ALLOW_LIST_MAX_SIZE-1)
|
||||||
{
|
{
|
||||||
printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d)\r\n", count);
|
printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d). Skipping.\r\n", count);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
GA->creds[count].type = PUB_KEY_CRED_PUB_KEY;
|
GA->creds[count].type = PUB_KEY_CRED_PUB_KEY;
|
||||||
|
|||||||
15
pc/device.c
15
pc/device.c
@ -502,8 +502,16 @@ uint32_t ctap_rk_size()
|
|||||||
|
|
||||||
void ctap_store_rk(int index, CTAP_residentKey * rk)
|
void ctap_store_rk(int index, CTAP_residentKey * rk)
|
||||||
{
|
{
|
||||||
|
if (index < RK_NUM)
|
||||||
|
{
|
||||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||||
sync_rk();
|
sync_rk();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -514,8 +522,15 @@ void ctap_load_rk(int index, CTAP_residentKey * rk)
|
|||||||
|
|
||||||
void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
|
void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
|
||||||
{
|
{
|
||||||
|
if (index < RK_NUM)
|
||||||
|
{
|
||||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||||
sync_rk();
|
sync_rk();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void device_wink()
|
void device_wink()
|
||||||
|
|||||||
@ -61,6 +61,7 @@ class Tester:
|
|||||||
def __init__(self,):
|
def __init__(self,):
|
||||||
self.origin = "https://examplo.org"
|
self.origin = "https://examplo.org"
|
||||||
self.host = "examplo.org"
|
self.host = "examplo.org"
|
||||||
|
self.user_count = 10
|
||||||
|
|
||||||
def find_device(self,):
|
def find_device(self,):
|
||||||
print(list(CtapHidDevice.list_devices()))
|
print(list(CtapHidDevice.list_devices()))
|
||||||
@ -75,6 +76,9 @@ class Tester:
|
|||||||
# consume timeout error
|
# consume timeout error
|
||||||
# cmd,resp = self.recv_raw()
|
# cmd,resp = self.recv_raw()
|
||||||
|
|
||||||
|
def set_user_count(self, count):
|
||||||
|
self.user_count = count
|
||||||
|
|
||||||
def send_data(self, cmd, data):
|
def send_data(self, cmd, data):
|
||||||
if type(data) != type(b""):
|
if type(data) != type(b""):
|
||||||
data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
|
data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
|
||||||
@ -393,7 +397,6 @@ class Tester:
|
|||||||
chal = sha256(b"AAA")
|
chal = sha256(b"AAA")
|
||||||
appid = sha256(b"BBB")
|
appid = sha256(b"BBB")
|
||||||
lastc = 0
|
lastc = 0
|
||||||
test_count = 5
|
|
||||||
|
|
||||||
regs = []
|
regs = []
|
||||||
|
|
||||||
@ -415,7 +418,7 @@ class Tester:
|
|||||||
assert e.code == 0x6E00
|
assert e.code == 0x6E00
|
||||||
print("Pass")
|
print("Pass")
|
||||||
|
|
||||||
for i in range(0, test_count):
|
for i in range(0, self.user_count):
|
||||||
reg = self.ctap1.register(chal, appid)
|
reg = self.ctap1.register(chal, appid)
|
||||||
reg.verify(appid, chal)
|
reg.verify(appid, chal)
|
||||||
auth = self.ctap1.authenticate(chal, appid, reg.key_handle)
|
auth = self.ctap1.authenticate(chal, appid, reg.key_handle)
|
||||||
@ -430,16 +433,19 @@ class Tester:
|
|||||||
print("WARNING: counter is unusually high: %04x" % lastc)
|
print("WARNING: counter is unusually high: %04x" % lastc)
|
||||||
assert 0
|
assert 0
|
||||||
|
|
||||||
print("U2F reg + auth pass %d/5 (count: %02x)" % (i + 1, lastc))
|
print(
|
||||||
|
"U2F reg + auth pass %d/%d (count: %02x)"
|
||||||
|
% (i + 1, self.user_count, lastc)
|
||||||
|
)
|
||||||
|
|
||||||
print("Checking previous registrations...")
|
print("Checking previous registrations...")
|
||||||
for i in range(0, test_count):
|
for i in range(0, self.user_count):
|
||||||
auth = self.ctap1.authenticate(chal, appid, regs[i].key_handle)
|
auth = self.ctap1.authenticate(chal, appid, regs[i].key_handle)
|
||||||
auth.verify(appid, chal, regs[i].public_key)
|
auth.verify(appid, chal, regs[i].public_key)
|
||||||
print("Auth pass %d/5" % (i + 1))
|
print("Auth pass %d/%d" % (i + 1, self.user_count))
|
||||||
|
|
||||||
print("Check that all previous credentials are registered...")
|
print("Check that all previous credentials are registered...")
|
||||||
for i in range(0, test_count):
|
for i in range(0, self.user_count):
|
||||||
try:
|
try:
|
||||||
auth = self.ctap1.authenticate(
|
auth = self.ctap1.authenticate(
|
||||||
chal, appid, regs[i].key_handle, check_only=True
|
chal, appid, regs[i].key_handle, check_only=True
|
||||||
@ -448,7 +454,7 @@ class Tester:
|
|||||||
# Indicates that key handle is registered
|
# Indicates that key handle is registered
|
||||||
assert e.code == APDU.USE_NOT_SATISFIED
|
assert e.code == APDU.USE_NOT_SATISFIED
|
||||||
|
|
||||||
print("Check pass %d/5" % (i + 1))
|
print("Check pass %d/%d" % (i + 1, self.user_count))
|
||||||
|
|
||||||
print("Check an incorrect key handle is not registered")
|
print("Check an incorrect key handle is not registered")
|
||||||
kh = bytearray(regs[0].key_handle)
|
kh = bytearray(regs[0].key_handle)
|
||||||
@ -598,8 +604,8 @@ class Tester:
|
|||||||
exclude_list.append({"id": fake_id2, "type": "public-key"})
|
exclude_list.append({"id": fake_id2, "type": "public-key"})
|
||||||
|
|
||||||
# test make credential
|
# test make credential
|
||||||
print("make 3 credentials")
|
print("make %d credentials" % self.user_count)
|
||||||
for i in range(0, 3):
|
for i in range(0, self.user_count):
|
||||||
attest, data = self.client.make_credential(
|
attest, data = self.client.make_credential(
|
||||||
rp, user, challenge, pin=PIN, exclude_list=[]
|
rp, user, challenge, pin=PIN, exclude_list=[]
|
||||||
)
|
)
|
||||||
@ -743,7 +749,8 @@ class Tester:
|
|||||||
user0 = {"id": b"first one", "name": "single User"}
|
user0 = {"id": b"first one", "name": "single User"}
|
||||||
|
|
||||||
users = [
|
users = [
|
||||||
{"id": b"user" + os.urandom(16), "name": "AB User"} for i in range(0, 10)
|
{"id": b"user" + os.urandom(16), "name": "Username%d" % i}
|
||||||
|
for i in range(0, self.user_count)
|
||||||
]
|
]
|
||||||
challenge = "Y2hhbGxlbmdl"
|
challenge = "Y2hhbGxlbmdl"
|
||||||
PIN = None
|
PIN = None
|
||||||
@ -811,6 +818,7 @@ class Tester:
|
|||||||
rp["id"], challenge, pin=PIN
|
rp["id"], challenge, pin=PIN
|
||||||
)
|
)
|
||||||
t2 = time.time() * 1000
|
t2 = time.time() * 1000
|
||||||
|
print("Assertions: %d, users: %d" % (len(assertions), len(users)))
|
||||||
assert len(assertions) == len(users) + 1
|
assert len(assertions) == len(users) + 1
|
||||||
for x, y in zip(assertions, creds):
|
for x, y in zip(assertions, creds):
|
||||||
x.verify(client_data.hash, y.public_key)
|
x.verify(client_data.hash, y.public_key)
|
||||||
@ -927,6 +935,7 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
t = Tester()
|
t = Tester()
|
||||||
t.find_device()
|
t.find_device()
|
||||||
|
t.set_user_count(15)
|
||||||
|
|
||||||
if "u2f" in sys.argv:
|
if "u2f" in sys.argv:
|
||||||
t.test_u2f()
|
t.test_u2f()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user