kopia lustrzana https://github.com/solokeys/solo1
minor improvements
rodzic
3a8be9eef7
commit
e31e703afd
|
@ -820,7 +820,7 @@ int ctap_filter_invalid_credentials(CTAP_getAssertion * GA)
|
|||
printf1(TAG_GA, "RK %d is a rpId match!\r\n", i);
|
||||
if (count == ALLOW_LIST_MAX_SIZE-1)
|
||||
{
|
||||
printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d)\r\n", count);
|
||||
printf2(TAG_ERR, "not enough ram allocated for matching RK's (%d). Skipping.\r\n", count);
|
||||
break;
|
||||
}
|
||||
GA->creds[count].type = PUB_KEY_CRED_PUB_KEY;
|
||||
|
|
23
pc/device.c
23
pc/device.c
|
@ -502,8 +502,16 @@ uint32_t ctap_rk_size()
|
|||
|
||||
void ctap_store_rk(int index, CTAP_residentKey * rk)
|
||||
{
|
||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||
sync_rk();
|
||||
if (index < RK_NUM)
|
||||
{
|
||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||
sync_rk();
|
||||
}
|
||||
else
|
||||
{
|
||||
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -514,8 +522,15 @@ void ctap_load_rk(int index, CTAP_residentKey * rk)
|
|||
|
||||
void ctap_overwrite_rk(int index, CTAP_residentKey * rk)
|
||||
{
|
||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||
sync_rk();
|
||||
if (index < RK_NUM)
|
||||
{
|
||||
memmove(RK_STORE.rks + index, rk, sizeof(CTAP_residentKey));
|
||||
sync_rk();
|
||||
}
|
||||
else
|
||||
{
|
||||
printf1(TAG_ERR,"Out of bounds for store_rk\r\n");
|
||||
}
|
||||
}
|
||||
|
||||
void device_wink()
|
||||
|
|
|
@ -61,6 +61,7 @@ class Tester:
|
|||
def __init__(self,):
|
||||
self.origin = "https://examplo.org"
|
||||
self.host = "examplo.org"
|
||||
self.user_count = 10
|
||||
|
||||
def find_device(self,):
|
||||
print(list(CtapHidDevice.list_devices()))
|
||||
|
@ -75,6 +76,9 @@ class Tester:
|
|||
# consume timeout error
|
||||
# cmd,resp = self.recv_raw()
|
||||
|
||||
def set_user_count(self, count):
|
||||
self.user_count = count
|
||||
|
||||
def send_data(self, cmd, data):
|
||||
if type(data) != type(b""):
|
||||
data = struct.pack("%dB" % len(data), *[ord(x) for x in data])
|
||||
|
@ -393,7 +397,6 @@ class Tester:
|
|||
chal = sha256(b"AAA")
|
||||
appid = sha256(b"BBB")
|
||||
lastc = 0
|
||||
test_count = 5
|
||||
|
||||
regs = []
|
||||
|
||||
|
@ -415,7 +418,7 @@ class Tester:
|
|||
assert e.code == 0x6E00
|
||||
print("Pass")
|
||||
|
||||
for i in range(0, test_count):
|
||||
for i in range(0, self.user_count):
|
||||
reg = self.ctap1.register(chal, appid)
|
||||
reg.verify(appid, chal)
|
||||
auth = self.ctap1.authenticate(chal, appid, reg.key_handle)
|
||||
|
@ -430,16 +433,19 @@ class Tester:
|
|||
print("WARNING: counter is unusually high: %04x" % lastc)
|
||||
assert 0
|
||||
|
||||
print("U2F reg + auth pass %d/5 (count: %02x)" % (i + 1, lastc))
|
||||
print(
|
||||
"U2F reg + auth pass %d/%d (count: %02x)"
|
||||
% (i + 1, self.user_count, lastc)
|
||||
)
|
||||
|
||||
print("Checking previous registrations...")
|
||||
for i in range(0, test_count):
|
||||
for i in range(0, self.user_count):
|
||||
auth = self.ctap1.authenticate(chal, appid, regs[i].key_handle)
|
||||
auth.verify(appid, chal, regs[i].public_key)
|
||||
print("Auth pass %d/5" % (i + 1))
|
||||
print("Auth pass %d/%d" % (i + 1, self.user_count))
|
||||
|
||||
print("Check that all previous credentials are registered...")
|
||||
for i in range(0, test_count):
|
||||
for i in range(0, self.user_count):
|
||||
try:
|
||||
auth = self.ctap1.authenticate(
|
||||
chal, appid, regs[i].key_handle, check_only=True
|
||||
|
@ -448,7 +454,7 @@ class Tester:
|
|||
# Indicates that key handle is registered
|
||||
assert e.code == APDU.USE_NOT_SATISFIED
|
||||
|
||||
print("Check pass %d/5" % (i + 1))
|
||||
print("Check pass %d/%d" % (i + 1, self.user_count))
|
||||
|
||||
print("Check an incorrect key handle is not registered")
|
||||
kh = bytearray(regs[0].key_handle)
|
||||
|
@ -598,8 +604,8 @@ class Tester:
|
|||
exclude_list.append({"id": fake_id2, "type": "public-key"})
|
||||
|
||||
# test make credential
|
||||
print("make 3 credentials")
|
||||
for i in range(0, 3):
|
||||
print("make %d credentials" % self.user_count)
|
||||
for i in range(0, self.user_count):
|
||||
attest, data = self.client.make_credential(
|
||||
rp, user, challenge, pin=PIN, exclude_list=[]
|
||||
)
|
||||
|
@ -743,7 +749,8 @@ class Tester:
|
|||
user0 = {"id": b"first one", "name": "single User"}
|
||||
|
||||
users = [
|
||||
{"id": b"user" + os.urandom(16), "name": "AB User"} for i in range(0, 10)
|
||||
{"id": b"user" + os.urandom(16), "name": "Username%d" % i}
|
||||
for i in range(0, self.user_count)
|
||||
]
|
||||
challenge = "Y2hhbGxlbmdl"
|
||||
PIN = None
|
||||
|
@ -811,6 +818,7 @@ class Tester:
|
|||
rp["id"], challenge, pin=PIN
|
||||
)
|
||||
t2 = time.time() * 1000
|
||||
print("Assertions: %d, users: %d" % (len(assertions), len(users)))
|
||||
assert len(assertions) == len(users) + 1
|
||||
for x, y in zip(assertions, creds):
|
||||
x.verify(client_data.hash, y.public_key)
|
||||
|
@ -927,6 +935,7 @@ if __name__ == "__main__":
|
|||
|
||||
t = Tester()
|
||||
t.find_device()
|
||||
t.set_user_count(15)
|
||||
|
||||
if "u2f" in sys.argv:
|
||||
t.test_u2f()
|
||||
|
|
Ładowanie…
Reference in New Issue