CoCalc -- test.sh

GitHub Repository: freebsd/freebsd-src
Path: blob/main/contrib/libfido2/tools/test.sh
³⁹⁵⁰⁷ views
1
#!/bin/sh -ex
2

3
# Copyright (c) 2021-2022 Yubico AB. All rights reserved.
4
# Use of this source code is governed by a BSD-style
5
# license that can be found in the LICENSE file.
6
# SPDX-License-Identifier: BSD-2-Clause
7

8
# usage: ./test.sh "$(mktemp -d fido2test-XXXXXXXX)" device
9

10
# Please note that this test script:
11
# - is incomplete;
12
# - assumes CTAP 2.1-like hmac-secret;
13
# - should pass as-is on a YubiKey with a PIN set;
14
# - may otherwise require set +e above;
15
# - can be executed with UV=1 to run additional UV tests;
16
# - was last tested on 2022-01-11 with firmware 5.4.3.
17

18
cd "$1"
19
DEV="$2"
20
TYPE="es256"
21
#TYPE="es384"
22
#TYPE="eddsa"
23

24
make_cred() {
25
	sed /^$/d > cred_param << EOF
26
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
27
$1
28
some user name
29
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
30
EOF
31
	fido2-cred -M $2 "${DEV}" "${TYPE}" > "$3" < cred_param
32
}
33

34
verify_cred() {
35
	fido2-cred -V $1 "${TYPE}" > cred_out < "$2"
36
	head -1 cred_out > "$3"
37
	tail -n +2 cred_out > "$4"
38
}
39

40
get_assert() {
41
	sed /^$/d > assert_param << EOF
42
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
43
$1
44
$(cat $3)
45
$(cat $4)
46
EOF
47
	fido2-assert -G $2 "${DEV}" > "$5" < assert_param
48
}
49

50
verify_assert() {
51
	fido2-assert -V $1 "$2" "${TYPE}" < "$3"
52
}
53

54
dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt
55

56
# u2f
57
if [ "x${TYPE}" = "xes256" ]; then
58
	make_cred no.tld "-u" u2f
59
	! make_cred no.tld "-ru" /dev/null
60
	! make_cred no.tld "-uc1" /dev/null
61
	! make_cred no.tld "-uc2" /dev/null
62
	verify_cred "--"  u2f u2f-cred u2f-pubkey
63
	! verify_cred "-h" u2f /dev/null /dev/null
64
	! verify_cred "-v" u2f /dev/null /dev/null
65
	verify_cred "-c0" u2f /dev/null /dev/null
66
	! verify_cred "-c1" u2f /dev/null /dev/null
67
	! verify_cred "-c2" u2f /dev/null /dev/null
68
	! verify_cred "-c3" u2f /dev/null /dev/null
69
fi
70

71
# wrap (non-resident)
72
make_cred no.tld "--" wrap
73
verify_cred "--" wrap wrap-cred	wrap-pubkey
74
! verify_cred "-h" wrap	/dev/null /dev/null
75
! verify_cred "-v" wrap	/dev/null /dev/null
76
verify_cred "-c0" wrap /dev/null /dev/null
77
! verify_cred "-c1" wrap /dev/null /dev/null
78
! verify_cred "-c2" wrap /dev/null /dev/null
79
! verify_cred "-c3" wrap /dev/null /dev/null
80

81
# wrap (non-resident) + hmac-secret
82
make_cred no.tld "-h" wrap-hs
83
! verify_cred "--" wrap-hs /dev/null /dev/null
84
verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey
85
! verify_cred "-v" wrap-hs /dev/null /dev/null
86
verify_cred "-hc0" wrap-hs /dev/null /dev/null
87
! verify_cred "-c0" wrap-hs /dev/null /dev/null
88
! verify_cred "-c1" wrap-hs /dev/null /dev/null
89
! verify_cred "-c2" wrap-hs /dev/null /dev/null
90
! verify_cred "-c3" wrap-hs /dev/null /dev/null
91

92
# resident
93
make_cred no.tld "-r" rk
94
verify_cred "--" rk rk-cred rk-pubkey
95
! verify_cred "-h" rk /dev/null /dev/null
96
! verify_cred "-v" rk /dev/null /dev/null
97
verify_cred "-c0" rk /dev/null /dev/null
98
! verify_cred "-c1" rk /dev/null /dev/null
99
! verify_cred "-c2" rk /dev/null /dev/null
100
! verify_cred "-c3" rk /dev/null /dev/null
101

102
# resident + hmac-secret
103
make_cred no.tld "-hr" rk-hs
104
! verify_cred  "--" rk-hs rk-hs-cred rk-hs-pubkey
105
verify_cred "-h" rk-hs /dev/null /dev/null
106
! verify_cred "-v" rk-hs /dev/null /dev/null
107
verify_cred "-hc0" rk-hs /dev/null /dev/null
108
! verify_cred "-c0" rk-hs /dev/null /dev/null
109
! verify_cred "-c1" rk-hs /dev/null /dev/null
110
! verify_cred "-c2" rk-hs /dev/null /dev/null
111
! verify_cred "-c3" rk-hs /dev/null /dev/null
112

113
# u2f
114
if [ "x${TYPE}" = "xes256" ]; then
115
	get_assert no.tld "-u" u2f-cred /dev/null u2f-assert
116
	! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null
117
	verify_assert "--"  u2f-pubkey u2f-assert
118
	verify_assert "-p"  u2f-pubkey u2f-assert
119
fi
120

121
# wrap (non-resident)
122
get_assert no.tld "--" wrap-cred /dev/null wrap-assert
123
verify_assert "--" wrap-pubkey wrap-assert
124
get_assert no.tld "-t pin=true" wrap-cred /dev/null wrap-assert
125
verify_assert "--" wrap-pubkey wrap-assert
126
verify_assert "-v" wrap-pubkey wrap-assert
127
get_assert no.tld "-t pin=false" wrap-cred /dev/null wrap-assert
128
verify_assert "--" wrap-pubkey wrap-assert
129
get_assert no.tld "-t up=true" wrap-cred /dev/null wrap-assert
130
verify_assert "-p" wrap-pubkey wrap-assert
131
get_assert no.tld "-t up=true -t pin=true" wrap-cred /dev/null wrap-assert
132
verify_assert "--" wrap-pubkey wrap-assert
133
verify_assert "-p" wrap-pubkey wrap-assert
134
verify_assert "-v" wrap-pubkey wrap-assert
135
verify_assert "-pv" wrap-pubkey wrap-assert
136
get_assert no.tld "-t up=true -t pin=false" wrap-cred /dev/null wrap-assert
137
verify_assert "--" wrap-pubkey wrap-assert
138
verify_assert "-p" wrap-pubkey wrap-assert
139
get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert
140
verify_assert "--" wrap-pubkey wrap-assert
141
! verify_assert "-p" wrap-pubkey wrap-assert
142
get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert
143
! verify_assert "-p" wrap-pubkey wrap-assert
144
verify_assert "-v" wrap-pubkey wrap-assert
145
! verify_assert "-pv" wrap-pubkey wrap-assert
146
get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert
147
! verify_assert "-p" wrap-pubkey wrap-assert
148
get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert
149
! verify_assert "--" wrap-pubkey wrap-assert
150
verify_assert "-h" wrap-pubkey wrap-assert
151
get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert
152
! verify_assert "--" wrap-pubkey wrap-assert
153
verify_assert "-h" wrap-pubkey wrap-assert
154
verify_assert "-hv" wrap-pubkey wrap-assert
155
get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert
156
! verify_assert "--" wrap-pubkey wrap-assert
157
verify_assert "-h" wrap-pubkey wrap-assert
158
get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert
159
! verify_assert "--" wrap-pubkey wrap-assert
160
verify_assert "-h" wrap-pubkey wrap-assert
161
verify_assert "-hp" wrap-pubkey wrap-assert
162
get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert
163
! verify_assert "--" wrap-pubkey wrap-assert
164
verify_assert "-h" wrap-pubkey wrap-assert
165
verify_assert "-hp" wrap-pubkey wrap-assert
166
verify_assert "-hv" wrap-pubkey wrap-assert
167
verify_assert "-hpv" wrap-pubkey wrap-assert
168
get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert
169
! verify_assert "--" wrap-pubkey wrap-assert
170
verify_assert "-h" wrap-pubkey wrap-assert
171
verify_assert "-hp" wrap-pubkey wrap-assert
172
! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert
173
! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert
174
! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert
175

176
if [ "x${UV}" != "x" ]; then
177
	get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert
178
	verify_assert "-v" wrap-pubkey wrap-assert
179
	get_assert no.tld "-t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
180
	verify_assert "-v" wrap-pubkey wrap-assert
181
	get_assert no.tld "-t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
182
	verify_assert "-v" wrap-pubkey wrap-assert
183
	get_assert no.tld "-t uv=false" wrap-cred /dev/null wrap-assert
184
	verify_assert "--" wrap-pubkey wrap-assert
185
	get_assert no.tld "-t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
186
	verify_assert "-v" wrap-pubkey wrap-assert
187
	get_assert no.tld "-t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
188
	verify_assert "--" wrap-pubkey wrap-assert
189
	get_assert no.tld "-t up=true -t uv=true" wrap-cred /dev/null wrap-assert
190
	verify_assert "-pv" wrap-pubkey wrap-assert
191
	get_assert no.tld "-t up=true -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
192
	verify_assert "-pv" wrap-pubkey wrap-assert
193
	get_assert no.tld "-t up=true -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
194
	verify_assert "-pv" wrap-pubkey wrap-assert
195
	get_assert no.tld "-t up=true -t uv=false" wrap-cred /dev/null wrap-assert
196
	verify_assert "-p" wrap-pubkey wrap-assert
197
	get_assert no.tld "-t up=true -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
198
	verify_assert "-pv" wrap-pubkey wrap-assert
199
	get_assert no.tld "-t up=true -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
200
	verify_assert "-p" wrap-pubkey wrap-assert
201
	get_assert no.tld "-t up=false -t uv=true" wrap-cred /dev/null wrap-assert
202
	verify_assert "-v" wrap-pubkey wrap-assert
203
	get_assert no.tld "-t up=false -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
204
	verify_assert "-v" wrap-pubkey wrap-assert
205
	get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
206
	verify_assert "-v" wrap-pubkey wrap-assert
207
	get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert
208
	! verify_assert "--" wrap-pubkey wrap-assert
209
	get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
210
	verify_assert "-v" wrap-pubkey wrap-assert
211
	get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
212
	! verify_assert "--" wrap-pubkey wrap-assert
213
	get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert
214
	verify_assert "-hv" wrap-pubkey wrap-assert
215
	get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
216
	verify_assert "-hv" wrap-pubkey wrap-assert
217
	get_assert no.tld "-h -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
218
	verify_assert "-hv" wrap-pubkey wrap-assert
219
	get_assert no.tld "-h -t uv=false" wrap-cred hmac-salt wrap-assert
220
	verify_assert "-h" wrap-pubkey wrap-assert
221
	get_assert no.tld "-h -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
222
	verify_assert "-hv" wrap-pubkey wrap-assert
223
	get_assert no.tld "-h -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
224
	verify_assert "-h" wrap-pubkey wrap-assert
225
	get_assert no.tld "-h -t up=true -t uv=true" wrap-cred hmac-salt wrap-assert
226
	verify_assert "-hpv" wrap-pubkey wrap-assert
227
	get_assert no.tld "-h -t up=true -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
228
	verify_assert "-hpv" wrap-pubkey wrap-assert
229
	get_assert no.tld "-h -t up=true -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
230
	verify_assert "-hpv" wrap-pubkey wrap-assert
231
	get_assert no.tld "-h -t up=true -t uv=false" wrap-cred hmac-salt wrap-assert
232
	verify_assert "-hp" wrap-pubkey wrap-assert
233
	get_assert no.tld "-h -t up=true -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
234
	verify_assert "-hpv" wrap-pubkey wrap-assert
235
	get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
236
	verify_assert "-hp" wrap-pubkey wrap-assert
237
	! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert
238
	! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
239
	! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
240
	! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert
241
	! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
242
	! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
243
fi
244

245
# resident
246
get_assert no.tld "-r" /dev/null /dev/null wrap-assert
247
get_assert no.tld "-r -t pin=true" /dev/null /dev/null wrap-assert
248
get_assert no.tld "-r -t pin=false" /dev/null /dev/null wrap-assert
249
get_assert no.tld "-r -t up=true" /dev/null /dev/null wrap-assert
250
get_assert no.tld "-r -t up=true -t pin=true" /dev/null /dev/null wrap-assert
251
get_assert no.tld "-r -t up=true -t pin=false" /dev/null /dev/null wrap-assert
252
get_assert no.tld "-r -t up=false" /dev/null /dev/null wrap-assert
253
get_assert no.tld "-r -t up=false -t pin=true" /dev/null /dev/null wrap-assert
254
get_assert no.tld "-r -t up=false -t pin=false" /dev/null /dev/null wrap-assert
255
get_assert no.tld "-r -h" /dev/null hmac-salt wrap-assert
256
get_assert no.tld "-r -h -t pin=true" /dev/null hmac-salt wrap-assert
257
get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert
258
get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert
259
get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert
260
get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert
261
! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert
262
! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert
263
! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert
264

265
if [ "x${UV}" != "x" ]; then
266
	get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert
267
	get_assert no.tld "-r -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
268
	get_assert no.tld "-r -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
269
	get_assert no.tld "-r -t uv=false" /dev/null /dev/null wrap-assert
270
	get_assert no.tld "-r -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
271
	get_assert no.tld "-r -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
272
	get_assert no.tld "-r -t up=true -t uv=true" /dev/null /dev/null wrap-assert
273
	get_assert no.tld "-r -t up=true -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
274
	get_assert no.tld "-r -t up=true -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
275
	get_assert no.tld "-r -t up=true -t uv=false" /dev/null /dev/null wrap-assert
276
	get_assert no.tld "-r -t up=true -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
277
	get_assert no.tld "-r -t up=true -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
278
	get_assert no.tld "-r -t up=false -t uv=true" /dev/null /dev/null wrap-assert
279
	get_assert no.tld "-r -t up=false -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
280
	get_assert no.tld "-r -t up=false -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
281
	get_assert no.tld "-r -t up=false -t uv=false" /dev/null /dev/null wrap-assert
282
	get_assert no.tld "-r -t up=false -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
283
	get_assert no.tld "-r -t up=false -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
284
	get_assert no.tld "-r -h -t uv=true" /dev/null hmac-salt wrap-assert
285
	get_assert no.tld "-r -h -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
286
	get_assert no.tld "-r -h -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
287
	get_assert no.tld "-r -h -t uv=false" /dev/null hmac-salt wrap-assert
288
	get_assert no.tld "-r -h -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
289
	get_assert no.tld "-r -h -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
290
	get_assert no.tld "-r -h -t up=true -t uv=true" /dev/null hmac-salt wrap-assert
291
	get_assert no.tld "-r -h -t up=true -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
292
	get_assert no.tld "-r -h -t up=true -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
293
	get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert
294
	get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
295
	get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
296
	! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert
297
	! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
298
	! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
299
	! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert
300
	! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
301
	! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
302
fi
303

304
exit 0
305

306
Product

Resources

Company
