test.sh revision 1.1.1.3
1 #!/bin/sh -ex 2 3 # Copyright (c) 2021 Yubico AB. All rights reserved. 4 # Use of this source code is governed by a BSD-style 5 # license that can be found in the LICENSE file. 6 7 # usage: ./test.sh "$(mktemp -d fido2test-XXXXXXXX)" device 8 9 # Please note that this test script: 10 # - is incomplete; 11 # - assumes CTAP 2.1-like hmac-secret; 12 # - should pass as-is on a YubiKey with a PIN set; 13 # - may otherwise require set +e above; 14 # - can be executed with UV=1 to run additional UV tests; 15 # - was last tested on 2021-07-21 with firmware 5.2.7. 16 17 cd "$1" 18 DEV="$2" 19 20 make_cred() { 21 cat > cred_param << EOF 22 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) 23 $1 24 some user name 25 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) 26 EOF 27 fido2-cred -M $2 "${DEV}" > "$3" < cred_param 28 } 29 30 verify_cred() { 31 fido2-cred -V $1 > cred_out < "$2" 32 head -1 cred_out > "$3" 33 tail -n +2 cred_out > "$4" 34 } 35 36 get_assert() { 37 cat > assert_param << EOF 38 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64) 39 $1 40 $(cat $3) 41 $(cat $4) 42 EOF 43 fido2-assert -G $2 "${DEV}" > "$5" < assert_param 44 } 45 46 verify_assert() { 47 fido2-assert -V $1 "$2" < "$3" 48 } 49 50 dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt 51 52 # u2f 53 make_cred no.tld "-u" u2f 54 ! make_cred no.tld "-ru" /dev/null 55 ! make_cred no.tld "-uc1" /dev/null 56 ! make_cred no.tld "-uc2" /dev/null 57 verify_cred "--" u2f u2f-cred u2f-pubkey 58 ! verify_cred "-h" u2f /dev/null /dev/null 59 ! verify_cred "-v" u2f /dev/null /dev/null 60 verify_cred "-c0" u2f /dev/null /dev/null 61 ! verify_cred "-c1" u2f /dev/null /dev/null 62 ! verify_cred "-c2" u2f /dev/null /dev/null 63 ! verify_cred "-c3" u2f /dev/null /dev/null 64 65 # wrap (non-resident) 66 make_cred no.tld "--" wrap 67 verify_cred "--" wrap wrap-cred wrap-pubkey 68 ! verify_cred "-h" wrap /dev/null /dev/null 69 ! verify_cred "-v" wrap /dev/null /dev/null 70 verify_cred "-c0" wrap /dev/null /dev/null 71 ! verify_cred "-c1" wrap /dev/null /dev/null 72 ! verify_cred "-c2" wrap /dev/null /dev/null 73 ! verify_cred "-c3" wrap /dev/null /dev/null 74 75 # wrap (non-resident) + hmac-secret 76 make_cred no.tld "-h" wrap-hs 77 ! verify_cred "--" wrap-hs /dev/null /dev/null 78 verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey 79 ! verify_cred "-v" wrap-hs /dev/null /dev/null 80 verify_cred "-hc0" wrap-hs /dev/null /dev/null 81 ! verify_cred "-c0" wrap-hs /dev/null /dev/null 82 ! verify_cred "-c1" wrap-hs /dev/null /dev/null 83 ! verify_cred "-c2" wrap-hs /dev/null /dev/null 84 ! verify_cred "-c3" wrap-hs /dev/null /dev/null 85 86 # resident 87 make_cred no.tld "-r" rk 88 verify_cred "--" rk rk-cred rk-pubkey 89 ! verify_cred "-h" rk /dev/null /dev/null 90 ! verify_cred "-v" rk /dev/null /dev/null 91 verify_cred "-c0" rk /dev/null /dev/null 92 ! verify_cred "-c1" rk /dev/null /dev/null 93 ! verify_cred "-c2" rk /dev/null /dev/null 94 ! verify_cred "-c3" rk /dev/null /dev/null 95 96 # resident + hmac-secret 97 make_cred no.tld "-hr" rk-hs 98 ! verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey 99 verify_cred "-h" rk-hs /dev/null /dev/null 100 ! verify_cred "-v" rk-hs /dev/null /dev/null 101 verify_cred "-hc0" rk-hs /dev/null /dev/null 102 ! verify_cred "-c0" rk-hs /dev/null /dev/null 103 ! verify_cred "-c1" rk-hs /dev/null /dev/null 104 ! verify_cred "-c2" rk-hs /dev/null /dev/null 105 ! verify_cred "-c3" rk-hs /dev/null /dev/null 106 107 # u2f 108 get_assert no.tld "-u" u2f-cred /dev/null u2f-assert 109 ! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null 110 verify_assert "--" u2f-pubkey u2f-assert 111 verify_assert "-p" u2f-pubkey u2f-assert 112 113 # wrap (non-resident) 114 get_assert no.tld "--" wrap-cred /dev/null wrap-assert 115 verify_assert "--" wrap-pubkey wrap-assert 116 get_assert no.tld "-t pin=true" wrap-cred /dev/null wrap-assert 117 verify_assert "--" wrap-pubkey wrap-assert 118 verify_assert "-v" wrap-pubkey wrap-assert 119 get_assert no.tld "-t pin=false" wrap-cred /dev/null wrap-assert 120 verify_assert "--" wrap-pubkey wrap-assert 121 get_assert no.tld "-t up=true" wrap-cred /dev/null wrap-assert 122 verify_assert "-p" wrap-pubkey wrap-assert 123 get_assert no.tld "-t up=true -t pin=true" wrap-cred /dev/null wrap-assert 124 verify_assert "--" wrap-pubkey wrap-assert 125 verify_assert "-p" wrap-pubkey wrap-assert 126 verify_assert "-v" wrap-pubkey wrap-assert 127 verify_assert "-pv" wrap-pubkey wrap-assert 128 get_assert no.tld "-t up=true -t pin=false" wrap-cred /dev/null wrap-assert 129 verify_assert "--" wrap-pubkey wrap-assert 130 verify_assert "-p" wrap-pubkey wrap-assert 131 get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert 132 verify_assert "--" wrap-pubkey wrap-assert 133 ! verify_assert "-p" wrap-pubkey wrap-assert 134 get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert 135 ! verify_assert "-p" wrap-pubkey wrap-assert 136 verify_assert "-v" wrap-pubkey wrap-assert 137 ! verify_assert "-pv" wrap-pubkey wrap-assert 138 get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert 139 ! verify_assert "-p" wrap-pubkey wrap-assert 140 get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert 141 ! verify_assert "--" wrap-pubkey wrap-assert 142 verify_assert "-h" wrap-pubkey wrap-assert 143 get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert 144 ! verify_assert "--" wrap-pubkey wrap-assert 145 verify_assert "-h" wrap-pubkey wrap-assert 146 verify_assert "-hv" wrap-pubkey wrap-assert 147 get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert 148 ! verify_assert "--" wrap-pubkey wrap-assert 149 verify_assert "-h" wrap-pubkey wrap-assert 150 get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert 151 ! verify_assert "--" wrap-pubkey wrap-assert 152 verify_assert "-h" wrap-pubkey wrap-assert 153 verify_assert "-hp" wrap-pubkey wrap-assert 154 get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert 155 ! verify_assert "--" wrap-pubkey wrap-assert 156 verify_assert "-h" wrap-pubkey wrap-assert 157 verify_assert "-hp" wrap-pubkey wrap-assert 158 verify_assert "-hv" wrap-pubkey wrap-assert 159 verify_assert "-hpv" wrap-pubkey wrap-assert 160 get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert 161 ! verify_assert "--" wrap-pubkey wrap-assert 162 verify_assert "-h" wrap-pubkey wrap-assert 163 verify_assert "-hp" wrap-pubkey wrap-assert 164 ! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert 165 ! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert 166 ! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert 167 168 if [ "x${UV}" != "x" ]; then 169 get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert 170 verify_assert "-v" wrap-pubkey wrap-assert 171 get_assert no.tld "-t uv=true -t pin=true" wrap-cred /dev/null wrap-assert 172 verify_assert "-v" wrap-pubkey wrap-assert 173 get_assert no.tld "-t uv=true -t pin=false" wrap-cred /dev/null wrap-assert 174 verify_assert "-v" wrap-pubkey wrap-assert 175 get_assert no.tld "-t uv=false" wrap-cred /dev/null wrap-assert 176 verify_assert "--" wrap-pubkey wrap-assert 177 get_assert no.tld "-t uv=false -t pin=true" wrap-cred /dev/null wrap-assert 178 verify_assert "-v" wrap-pubkey wrap-assert 179 get_assert no.tld "-t uv=false -t pin=false" wrap-cred /dev/null wrap-assert 180 verify_assert "--" wrap-pubkey wrap-assert 181 get_assert no.tld "-t up=true -t uv=true" wrap-cred /dev/null wrap-assert 182 verify_assert "-pv" wrap-pubkey wrap-assert 183 get_assert no.tld "-t up=true -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert 184 verify_assert "-pv" wrap-pubkey wrap-assert 185 get_assert no.tld "-t up=true -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert 186 verify_assert "-pv" wrap-pubkey wrap-assert 187 get_assert no.tld "-t up=true -t uv=false" wrap-cred /dev/null wrap-assert 188 verify_assert "-p" wrap-pubkey wrap-assert 189 get_assert no.tld "-t up=true -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert 190 verify_assert "-pv" wrap-pubkey wrap-assert 191 get_assert no.tld "-t up=true -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert 192 verify_assert "-p" wrap-pubkey wrap-assert 193 get_assert no.tld "-t up=false -t uv=true" wrap-cred /dev/null wrap-assert 194 verify_assert "-v" wrap-pubkey wrap-assert 195 get_assert no.tld "-t up=false -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert 196 verify_assert "-v" wrap-pubkey wrap-assert 197 get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert 198 verify_assert "-v" wrap-pubkey wrap-assert 199 get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert 200 ! verify_assert "--" wrap-pubkey wrap-assert 201 get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert 202 verify_assert "-v" wrap-pubkey wrap-assert 203 get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert 204 ! verify_assert "--" wrap-pubkey wrap-assert 205 get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert 206 verify_assert "-hv" wrap-pubkey wrap-assert 207 get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert 208 verify_assert "-hv" wrap-pubkey wrap-assert 209 get_assert no.tld "-h -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert 210 verify_assert "-hv" wrap-pubkey wrap-assert 211 get_assert no.tld "-h -t uv=false" wrap-cred hmac-salt wrap-assert 212 verify_assert "-h" wrap-pubkey wrap-assert 213 get_assert no.tld "-h -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert 214 verify_assert "-hv" wrap-pubkey wrap-assert 215 get_assert no.tld "-h -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert 216 verify_assert "-h" wrap-pubkey wrap-assert 217 get_assert no.tld "-h -t up=true -t uv=true" wrap-cred hmac-salt wrap-assert 218 verify_assert "-hpv" wrap-pubkey wrap-assert 219 get_assert no.tld "-h -t up=true -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert 220 verify_assert "-hpv" wrap-pubkey wrap-assert 221 get_assert no.tld "-h -t up=true -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert 222 verify_assert "-hpv" wrap-pubkey wrap-assert 223 get_assert no.tld "-h -t up=true -t uv=false" wrap-cred hmac-salt wrap-assert 224 verify_assert "-hp" wrap-pubkey wrap-assert 225 get_assert no.tld "-h -t up=true -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert 226 verify_assert "-hpv" wrap-pubkey wrap-assert 227 get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert 228 verify_assert "-hp" wrap-pubkey wrap-assert 229 ! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert 230 ! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert 231 ! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert 232 ! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert 233 ! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert 234 ! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert 235 fi 236 237 # resident 238 get_assert no.tld "-r" /dev/null /dev/null wrap-assert 239 get_assert no.tld "-r -t pin=true" /dev/null /dev/null wrap-assert 240 get_assert no.tld "-r -t pin=false" /dev/null /dev/null wrap-assert 241 get_assert no.tld "-r -t up=true" /dev/null /dev/null wrap-assert 242 get_assert no.tld "-r -t up=true -t pin=true" /dev/null /dev/null wrap-assert 243 get_assert no.tld "-r -t up=true -t pin=false" /dev/null /dev/null wrap-assert 244 get_assert no.tld "-r -t up=false" /dev/null /dev/null wrap-assert 245 get_assert no.tld "-r -t up=false -t pin=true" /dev/null /dev/null wrap-assert 246 get_assert no.tld "-r -t up=false -t pin=false" /dev/null /dev/null wrap-assert 247 get_assert no.tld "-r -h" /dev/null hmac-salt wrap-assert 248 get_assert no.tld "-r -h -t pin=true" /dev/null hmac-salt wrap-assert 249 get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert 250 get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert 251 get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert 252 get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert 253 ! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert 254 ! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert 255 ! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert 256 257 if [ "x${UV}" != "x" ]; then 258 get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert 259 get_assert no.tld "-r -t uv=true -t pin=true" /dev/null /dev/null wrap-assert 260 get_assert no.tld "-r -t uv=true -t pin=false" /dev/null /dev/null wrap-assert 261 get_assert no.tld "-r -t uv=false" /dev/null /dev/null wrap-assert 262 get_assert no.tld "-r -t uv=false -t pin=true" /dev/null /dev/null wrap-assert 263 get_assert no.tld "-r -t uv=false -t pin=false" /dev/null /dev/null wrap-assert 264 get_assert no.tld "-r -t up=true -t uv=true" /dev/null /dev/null wrap-assert 265 get_assert no.tld "-r -t up=true -t uv=true -t pin=true" /dev/null /dev/null wrap-assert 266 get_assert no.tld "-r -t up=true -t uv=true -t pin=false" /dev/null /dev/null wrap-assert 267 get_assert no.tld "-r -t up=true -t uv=false" /dev/null /dev/null wrap-assert 268 get_assert no.tld "-r -t up=true -t uv=false -t pin=true" /dev/null /dev/null wrap-assert 269 get_assert no.tld "-r -t up=true -t uv=false -t pin=false" /dev/null /dev/null wrap-assert 270 get_assert no.tld "-r -t up=false -t uv=true" /dev/null /dev/null wrap-assert 271 get_assert no.tld "-r -t up=false -t uv=true -t pin=true" /dev/null /dev/null wrap-assert 272 get_assert no.tld "-r -t up=false -t uv=true -t pin=false" /dev/null /dev/null wrap-assert 273 get_assert no.tld "-r -t up=false -t uv=false" /dev/null /dev/null wrap-assert 274 get_assert no.tld "-r -t up=false -t uv=false -t pin=true" /dev/null /dev/null wrap-assert 275 get_assert no.tld "-r -t up=false -t uv=false -t pin=false" /dev/null /dev/null wrap-assert 276 get_assert no.tld "-r -h -t uv=true" /dev/null hmac-salt wrap-assert 277 get_assert no.tld "-r -h -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert 278 get_assert no.tld "-r -h -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert 279 get_assert no.tld "-r -h -t uv=false" /dev/null hmac-salt wrap-assert 280 get_assert no.tld "-r -h -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert 281 get_assert no.tld "-r -h -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert 282 get_assert no.tld "-r -h -t up=true -t uv=true" /dev/null hmac-salt wrap-assert 283 get_assert no.tld "-r -h -t up=true -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert 284 get_assert no.tld "-r -h -t up=true -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert 285 get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert 286 get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert 287 get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert 288 ! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert 289 ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert 290 ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert 291 ! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert 292 ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert 293 ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert 294 fi 295 296 exit 0 297
Indexes created Sun Mar 01 05:31:48 UTC 2026