Home | History | Annotate | Line # | Download | only in tools
test.sh revision 1.1 
      1 #!/bin/bash -e
      2 #
      3 # Copyright (c) 2018 Yubico AB. All rights reserved.
      4 # Use of this source code is governed by a BSD-style
      5 # license that can be found in the LICENSE file.
      6 
      7 if [[ "$#" -ne 1 ]]; then
      8 	echo "usage: test.sh device" 1>&2
      9 	exit 1
     10 fi
     11 
     12 read -p "This script will reset the authenticator at $1, permanently erasing "\
     13 "its credentials. Are you *SURE* you want to proceed (yes/no)? "
     14 if [[ "${REPLY}" != "yes" ]]; then
     15 	exit 1
     16 fi
     17 
     18 echo "Resetting authenticator... (tap to continue!)"
     19 fido2-token -R $1
     20 
     21 CRED_PARAM="$(mktemp /tmp/cred_param.XXXXXXXX)"
     22 ASSERT_PARAM="$(mktemp /tmp/assert_param.XXXXXXXX)"
     23 ASSERT_PUBKEY="$(mktemp /tmp/assert_pubkey.XXXXXXXX)"
     24 ES256_CRED="$(mktemp /tmp/es256_cred.XXXXXXX)"
     25 ES256_CRED_R="$(mktemp /tmp/es256_cred_r.XXXXXXXX)"
     26 
     27 cleanup() {
     28 	echo "Cleaning up..."
     29 	[[ "${CRED_PARAM}" != "" ]] && rm "${CRED_PARAM}"
     30 	[[ "${ASSERT_PARAM}" != "" ]] && rm "${ASSERT_PARAM}"
     31 	[[ "${ASSERT_PUBKEY}" != "" ]] && rm "${ASSERT_PUBKEY}"
     32 	[[ "${ES256_CRED}" != "" ]] && rm "${ES256_CRED}"
     33 	[[ "${ES256_CRED_R}" != "" ]] && rm "${ES256_CRED_R}"
     34 }
     35 
     36 trap cleanup EXIT
     37 
     38 dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${CRED_PARAM}"
     39 echo "Boring Relying Party" >> "${CRED_PARAM}"
     40 echo "Boring User Name" >> "${CRED_PARAM}"
     41 dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 >> "${CRED_PARAM}"
     42 echo "Credential parameters:"
     43 cat "${CRED_PARAM}"
     44 
     45 echo "Generating non-resident ES256 credential... (tap to continue!)"
     46 fido2-cred -M -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED}"
     47 echo "Generating resident ES256 credential... (tap to continue!)"
     48 fido2-cred -M -r -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED_R}"
     49 
     50 PIN1="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
     51 PIN2="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
     52 
     53 echo "Setting ${PIN1} as the PIN..."
     54 echo -e "${PIN1}\n${PIN1}" | setsid -w fido2-token -S $1
     55 echo "Changing PIN from ${PIN1} to ${PIN2}..."
     56 echo -e "${PIN1}\n${PIN2}\n${PIN2}" | setsid -w fido2-token -C $1
     57 echo ""
     58 
     59 echo "Testing non-resident ES256 credential..."
     60 echo "Getting assertion without user presence verification..."
     61 dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
     62 echo "Boring Relying Party" >> "${ASSERT_PARAM}"
     63 head -1 "${ES256_CRED}" >> "${ASSERT_PARAM}"
     64 tail -n +2 "${ES256_CRED}" > "${ASSERT_PUBKEY}"
     65 echo "Assertion parameters:"
     66 cat "${ASSERT_PARAM}"
     67 fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
     68 echo "Checking that the user presence bit is observed..."
     69 ! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
     70 echo "Checking that the user verification bit is observed..."
     71 ! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
     72 echo "Getting assertion _with_ user presence verification... (tap to continue!)"
     73 fido2-assert -G -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
     74 echo "Getting assertion  _with_ user verification..."
     75 echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -i "${ASSERT_PARAM}" $1 | \
     76 	fido2-assert -V -v "${ASSERT_PUBKEY}" 
     77 echo ""
     78 
     79 echo "Testing resident ES256 credential..."
     80 echo "Getting assertion without user presence verification..."
     81 dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
     82 echo "Boring Relying Party" >> "${ASSERT_PARAM}"
     83 tail -n +2 "${ES256_CRED_R}" > "${ASSERT_PUBKEY}"
     84 echo "Assertion parameters:"
     85 cat "${ASSERT_PARAM}"
     86 fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
     87 echo "Checking that the user presence bit is observed..."
     88 ! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
     89 echo "Checking that the user verification bit is observed..."
     90 ! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
     91 echo "Getting assertion _with_ user presence verification... (tap to continue!)"
     92 fido2-assert -G -r -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
     93 echo "Getting assertion _with_ user verification..."
     94 echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -r -i "${ASSERT_PARAM}" $1 | \
     95 	fido2-assert -V -v "${ASSERT_PUBKEY}" 
     96 echo ""
     97