From 8e26ec8bcddc434d7af8f8dc0a2a44cbea6301b2 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 14:10:17 +0200 Subject: [PATCH 1/3] Use python-fido2 from my repo, which contains some fixes. Signed-off-by: Pol Henarejos --- tests/docker/bullseye/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/docker/bullseye/Dockerfile b/tests/docker/bullseye/Dockerfile index 65a92c5..f4e20f8 100644 --- a/tests/docker/bullseye/Dockerfile +++ b/tests/docker/bullseye/Dockerfile @@ -22,7 +22,12 @@ RUN apt install -y libccid \ cmake \ libfuse-dev \ && rm -rf /var/lib/apt/lists/* -RUN pip3 install pytest pycvc cryptography pyscard fido2 inputimeout +RUN pip3 install pytest pycvc cryptography pyscard inputimeout +RUN git clone https://github.com/polhenarejos/python-fido2.git +WORKDIR /python-fido2 +RUN git checkout development +RUN pip3 install . +WORKDIR / RUN git clone https://github.com/frankmorgner/vsmartcard.git WORKDIR /vsmartcard/virtualsmartcard RUN autoreconf --verbose --install From 75771e5e464d4ea8a447179804730fa29ec8a12b Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 14:10:24 +0200 Subject: [PATCH 2/3] Not used. Signed-off-by: Pol Henarejos --- tests/pico-fido/test_020_register.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/pico-fido/test_020_register.py b/tests/pico-fido/test_020_register.py index d5e876a..faad60f 100644 --- a/tests/pico-fido/test_020_register.py +++ b/tests/pico-fido/test_020_register.py @@ -19,7 +19,7 @@ from fido2.client import CtapError -from fido2.cose import ES256, ES384, ES512, EdDSA +from fido2.cose import ES256, ES384, ES512 import pytest From 539ea61436466451db4042e19d87421e76ec1be6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 18 Aug 2023 14:10:49 +0200 Subject: [PATCH 3/3] Add get assertion test with different algorithms. Signed-off-by: Pol Henarejos --- tests/pico-fido/test_021_authenticate.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tests/pico-fido/test_021_authenticate.py b/tests/pico-fido/test_021_authenticate.py index 6223305..9de69bf 100644 --- a/tests/pico-fido/test_021_authenticate.py +++ b/tests/pico-fido/test_021_authenticate.py @@ -18,8 +18,9 @@ """ -from fido2.utils import sha256 from fido2.client import CtapError +from fido2.cose import ES256, ES384, ES512 +from utils import verify import pytest def test_authenticate(device): @@ -47,6 +48,17 @@ def test_empty_allowList(device): device.doGA(allow_list=[]) assert e.value.code == CtapError.ERR.NO_CREDENTIALS +@pytest.mark.parametrize( + "alg", [ES256.ALGORITHM, ES384.ALGORITHM, ES512.ALGORITHM] +) +def test_algorithms(device, info, alg): + if ({'alg': alg, 'type': 'public-key'} in info.algorithms): + MCRes = device.doMC(key_params=[{"alg": alg, "type": "public-key"}]) + res = device.GA(allow_list=[ + {"id": MCRes['res'].attestation_object.auth_data.credential_data.credential_id, "type": "public-key"} + ]) + verify(MCRes['res'].attestation_object, res['res'], res['req']['client_data_hash']) + def test_get_assertion_allow_list_filtering_and_buffering(device): """ Check that authenticator filters and stores items in allow list correctly """ allow_list = [] @@ -124,7 +136,6 @@ def test_missing_rp(device): assert e.value.code == CtapError.ERR.MISSING_PARAMETER def test_bad_rp(device): - with pytest.raises(CtapError) as e: device.doGA(rp_id={"id": {"type": "wrong"}})