mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

more fido2 tests

pull/129/head
Conor Patrick 2019-03-03 03:43:15 -05:00
rodzic 1507758ad1
commit 880d54a4f0
1 zmienionych plików z 86 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

87
tools/ctap_test.py
Wyświetl plik

@ -605,13 +605,20 @@ class Tester:
# test make credential
print("make %d credentials" % self.user_count)
lastc = 0
for i in range(0, self.user_count):
attest, data = self.client.make_credential(
rp, user, challenge, pin=PIN, exclude_list=[]
)
VerifyAttestation(attest, data)
# verify endian-ness is correct
# verify counter is correct
if lastc > 0:
assert attest.auth_data.counter - lastc < 10
assert attest.auth_data.counter - lastc > 0
assert attest.auth_data.counter < 0x10000
lastc = attest.auth_data.counter
cred = attest.auth_data.credential_data
creds.append(cred)
print(cred)
@ -748,7 +755,11 @@ class Tester:
creds = []
exclude_list = []
rp = {"id": self.host, "name": "ExaRP"}
rp2 = {"id": "solokeys.com", "name": "ExaRP"}
user = {"id": b"usee_od", "name": "AB User"}
user1 = {"id": b"1234567890", "name": "Conor Patrick"}
user2 = {"id": b"oiewhfoi", "name": "Han Solo"}
user3 = {"id": b"23ohfpjwo@@", "name": "John Smith"}
challenge = "Y2hhbGxlbmdl"
key_params = [{"type": "public-key", "alg": ES256.ALGORITHM}]
cdh = b"123456789abcdef0123456789abcdef0"
@ -812,6 +823,10 @@ class Tester:
assert prev_reg.fmt in ["packed", "tpm", "android-key", "adroid-safetynet"]
print("Pass")
print("Check auth_data is at least 77 bytes")
assert len(prev_reg.auth_data) >= 77
print("Pass")
allow_list = [
{
"id": prev_reg.auth_data.credential_data.credential_id,
@ -827,6 +842,16 @@ class Tester:
expectedError=CtapError.ERR.SUCCESS,
)
print("Test auth_data is 37 bytes")
assert len(prev_auth.auth_data) == 37
print("pass")
print("Test that user, credential and numberOfCredentials are not present")
assert prev_auth.user == None
assert prev_auth.number_of_credentials == None
# assert prev_auth.credential == None # TODO double check this
print("Pass")
testMC(
"Send MC request with missing clientDataHash, expect error",
None,
@ -1259,6 +1284,66 @@ class Tester:
allow_list + [{"type": b"public-key"}],
)
print("Test Reset, expect SUCCESS")
self.ctap.reset()
print("Pass")
testGA(
"Send GA request with reset auth, expect NO_CREDENTIALS",
rp["id"],
cdh,
allow_list,
expectedError=CtapError.ERR.NO_CREDENTIALS,
)
testMC(
"Send MC request with rk option set to true, expect SUCCESS",
cdh,
rp,
user,
key_params,
other={"options": {"rk": True}},
expectedError=CtapError.ERR.SUCCESS,
)
options = {"rk": True}
if "uv" in info.options and info.options["uv"]:
options["uv"] = False
for i, x in enumerate([user1, user2, user3]):
testMC(
"Send MC request with rk option set to true, expect SUCCESS %d/3"
% (i + 1),
cdh,
rp2,
x,
key_params,
other={"options": options},
expectedError=CtapError.ERR.SUCCESS,
)
auth1 = testGA(
"Send GA request with no allow_list, expect SUCCESS",
rp2["id"],
cdh,
expectedError=CtapError.ERR.SUCCESS,
)
print("Check that there are 3 credentials returned")
assert auth1.number_of_credentials == 3
print("Pass")
print("Get the next 2 assertions")
auth2 = self.ctap.get_next_assertion()
auth3 = self.ctap.get_next_assertion()
print("Pass")
print("Check only the user ID was returned")
assert "id" in auth1.user.keys() and len(auth1.user.keys()) == 1
assert "id" in auth2.user.keys() and len(auth2.user.keys()) == 1
assert "id" in auth3.user.keys() and len(auth3.user.keys()) == 1
print("Pass")
def test_rk(self,):
creds = []
rp = {"id": self.host, "name": "ExaRP"}