From 6674f0a8ff927948922c524f8d8b367f294ce9eb Mon Sep 17 00:00:00 2001 From: Conor Patrick Date: Wed, 6 Mar 2019 16:17:12 -0500 Subject: [PATCH] add more tests --- tools/ctap_test.py | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/tools/ctap_test.py b/tools/ctap_test.py index 4176209..4058fbb 100755 --- a/tools/ctap_test.py +++ b/tools/ctap_test.py @@ -890,12 +890,41 @@ class Tester: assert len(prev_auth.auth_data) == 37 print("pass") + print("Test that auth_data.rpIdHash is correct") + assert sha256(rp["id"].encode()) == prev_auth.auth_data.rp_id_hash + print("Pass") + + print("Check that AT flag is not set") + assert (prev_auth.auth_data.flags & 0xF8) == 0 + print("Pass") + print("Test that user, credential and numberOfCredentials are not present") assert prev_auth.user == None assert prev_auth.number_of_credentials == None # assert prev_auth.credential == None # TODO double check this print("Pass") + testGA( + "Send GA request with empty allow_list, expect NO_CREDENTIALS", + rp["id"], + cdh, + [], + expectedError=CtapError.ERR.NO_CREDENTIALS, + ) + + # apply bit flip + badid = list(prev_reg.auth_data.credential_data.credential_id[:]) + badid[len(badid) // 2] = badid[len(badid) // 2] ^ 1 + badid = bytes(badid) + + testGA( + "Send GA request with corrupt credId in allow_list, expect NO_CREDENTIALS", + rp["id"], + cdh, + [{"id": badid, "type": "public-key"}], + expectedError=CtapError.ERR.NO_CREDENTIALS, + ) + testMC( "Send MC request with missing clientDataHash, expect error", None, @@ -1407,6 +1436,7 @@ class Tester: print("Send an extra getNextAssertion request, expect error") try: auth4 = self.ctap.get_next_assertion() + assert 0 except CtapError as e: print(e) print("Pass") @@ -1493,16 +1523,61 @@ class Tester: print("Setting pin code >63 bytes, expect POLICY_VIOLATION ") try: self.client.pin_protocol.set_pin("A" * 64) + assert 0 except CtapError as e: assert e.code == CtapError.ERR.PIN_POLICY_VIOLATION print("Pass") + print("Get pin token when no pin is set, expect PIN_NOT_SET") + try: + self.client.pin_protocol.get_pin_token(pin1) + assert 0 + except CtapError as e: + assert e.code == CtapError.ERR.PIN_NOT_SET + + print("Get change pin when no pin is set, expect PIN_NOT_SET") + try: + self.client.pin_protocol.change_pin(pin1, "1234") + assert 0 + except CtapError as e: + assert e.code == CtapError.ERR.PIN_NOT_SET + print("Pass") + print("Setting pin code and get pin_token, expect SUCCESS") self.client.pin_protocol.set_pin(pin1) pin_token = self.client.pin_protocol.get_pin_token(pin1) pin_auth = hmac_sha256(pin_token, cdh)[:16] print("Pass") + print("Get info and assert that clientPin is set to true") + info = self.ctap.get_info() + assert info.options["clientPin"] + print("Pass") + + print("Test setting pin again fails") + try: + self.client.pin_protocol.set_pin(pin1) + assert 0 + except CtapError as e: + print(e) + print("Pass") + + res_mc = testMC( + "Send MC request with no pin_auth, expect PIN_REQUIRED", + cdh, + rp, + user, + key_params, + expectedError=CtapError.ERR.PIN_REQUIRED, + ) + + res_mc = testGA( + "Send GA request with no pin_auth, expect PIN_REQUIRED", + rp["id"], + cdh, + expectedError=CtapError.ERR.PIN_REQUIRED, + ) + res = testCP( "Test getRetries, expect SUCCESS", pin_protocol, @@ -1733,6 +1808,7 @@ class Tester: def test_bootloader(self,): sc = SoloClient() sc.find_device(self.dev) + sc.use_u2f() memmap = (0x08005000, 0x08005000 + 198 * 1024 - 8) data = b"A" * 64