2024-01-26 11:16:55 +00:00
|
|
|
from common import * # isort:skip
|
2023-06-28 10:58:54 +00:00
|
|
|
|
2019-10-31 15:34:16 +00:00
|
|
|
import storage
|
2020-06-16 07:20:06 +00:00
|
|
|
import storage.device
|
2023-06-28 10:58:54 +00:00
|
|
|
from trezor.crypto.hashlib import sha256
|
|
|
|
|
|
2019-10-31 15:34:16 +00:00
|
|
|
from apps.common import mnemonic
|
2023-06-28 10:58:54 +00:00
|
|
|
from apps.webauthn.credential import _NAME_MAX_LENGTH, Fido2Credential, U2fCredential
|
2022-09-19 10:55:46 +00:00
|
|
|
from apps.webauthn.fido2 import _distinguishable_cred_list
|
2019-08-08 16:33:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class TestCredential(unittest.TestCase):
|
|
|
|
|
def test_fido2_credential_decode(self):
|
|
|
|
|
mnemonic_secret = b"all all all all all all all all all all all all"
|
2019-09-19 07:37:23 +00:00
|
|
|
mnemonic.get_secret = lambda: mnemonic_secret
|
2020-06-16 07:20:06 +00:00
|
|
|
storage.device.is_initialized = lambda: True
|
2019-08-08 16:33:52 +00:00
|
|
|
|
|
|
|
|
cred_id = (
|
|
|
|
|
b"f1d0020013e65c865634ad8abddf7a66df56ae7d8c3afd356f76426801508b2e"
|
|
|
|
|
b"579bcb3496fe6396a6002e3cd6d80f6359dfa9961e24c544bfc2f26acec1b8d8"
|
|
|
|
|
b"78ba56727e1f6a7b5176c607552aea63a5abe5d826d69fab3063edfa0201d9a5"
|
|
|
|
|
b"1013d69eddb2eff37acdd5963f"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
rp_id = "example.com"
|
|
|
|
|
rp_id_hash = sha256(rp_id).digest()
|
|
|
|
|
|
2023-06-28 10:46:29 +00:00
|
|
|
user_id = b"3082019330820138a0030201023082019330820138a003020102308201933082"
|
2019-08-08 16:33:52 +00:00
|
|
|
|
|
|
|
|
user_name = "johnpsmith@example.com"
|
|
|
|
|
|
|
|
|
|
creation_time = 2
|
|
|
|
|
|
|
|
|
|
public_key = (
|
2020-02-27 17:58:21 +00:00
|
|
|
b"a501020326200121582051f0d4c307bc737c90ac605c6279f7d01e451798aa7b"
|
|
|
|
|
b"74df550fdb43a7760c7c22582002b5107fef42094d00f52a9b1e90afb90e1b9d"
|
|
|
|
|
b"ecbf15a6f13d4f882de857e2f4"
|
2019-08-08 16:33:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
cred_random = (
|
|
|
|
|
b"36a9b5d71c13ed54594474b54073af1fb03ea91cd056588909dae43ae2f35dbf"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Load credential.
|
|
|
|
|
cred = Fido2Credential.from_cred_id(unhexlify(cred_id), rp_id_hash)
|
|
|
|
|
self.assertIsNotNone(cred)
|
|
|
|
|
|
|
|
|
|
# Check credential data.
|
|
|
|
|
self.assertEqual(hexlify(cred.id), cred_id)
|
|
|
|
|
self.assertEqual(cred.rp_id, rp_id)
|
|
|
|
|
self.assertEqual(cred.rp_id_hash, rp_id_hash)
|
|
|
|
|
self.assertEqual(hexlify(cred.user_id), user_id)
|
|
|
|
|
self.assertEqual(cred.user_name, user_name)
|
2019-09-19 09:30:42 +00:00
|
|
|
self.assertEqual(cred.creation_time, creation_time)
|
2019-08-08 16:33:52 +00:00
|
|
|
self.assertTrue(cred.hmac_secret)
|
|
|
|
|
self.assertIsNone(cred.rp_name)
|
|
|
|
|
self.assertIsNone(cred.user_display_name)
|
|
|
|
|
|
|
|
|
|
# Check credential keys.
|
|
|
|
|
self.assertEqual(hexlify(cred.hmac_secret_key()), cred_random)
|
2020-02-27 17:58:21 +00:00
|
|
|
self.assertEqual(hexlify(cred.public_key()), public_key)
|
2019-08-08 16:33:52 +00:00
|
|
|
|
2020-03-14 19:16:44 +00:00
|
|
|
def test_truncation(self):
|
|
|
|
|
cred = Fido2Credential()
|
|
|
|
|
cred.truncate_names()
|
|
|
|
|
self.assertIsNone(cred.rp_name)
|
|
|
|
|
self.assertIsNone(cred.user_name)
|
|
|
|
|
self.assertIsNone(cred.user_display_name)
|
|
|
|
|
|
2022-09-19 10:55:46 +00:00
|
|
|
cred.rp_name = "a" * (_NAME_MAX_LENGTH - 2) + "\u0123"
|
|
|
|
|
cred.user_name = "a" * (_NAME_MAX_LENGTH - 1) + "\u0123"
|
|
|
|
|
cred.user_display_name = "a" * _NAME_MAX_LENGTH + "\u0123"
|
2020-03-14 19:16:44 +00:00
|
|
|
cred.truncate_names()
|
2022-09-19 10:55:46 +00:00
|
|
|
self.assertEqual(cred.rp_name, "a" * (_NAME_MAX_LENGTH - 2) + "\u0123")
|
|
|
|
|
self.assertEqual(cred.user_name, "a" * (_NAME_MAX_LENGTH - 1))
|
|
|
|
|
self.assertEqual(cred.user_display_name, "a" * _NAME_MAX_LENGTH)
|
2020-03-14 19:16:44 +00:00
|
|
|
|
2020-03-15 19:56:03 +00:00
|
|
|
def test_allow_list_processing(self):
|
|
|
|
|
a1 = Fido2Credential()
|
|
|
|
|
a1.user_id = b"user-a"
|
|
|
|
|
a1.user_name = "user-a"
|
|
|
|
|
a1.creation_time = 1
|
|
|
|
|
|
|
|
|
|
a2 = Fido2Credential()
|
|
|
|
|
a2.user_id = b"user-a"
|
|
|
|
|
a2.user_display_name = "User A"
|
|
|
|
|
a2.creation_time = 3
|
|
|
|
|
|
|
|
|
|
a3 = Fido2Credential()
|
|
|
|
|
a3.user_id = b"user-a"
|
|
|
|
|
a3.user_name = "User A"
|
|
|
|
|
a3.creation_time = 4
|
|
|
|
|
|
|
|
|
|
b1 = Fido2Credential()
|
|
|
|
|
b1.user_id = b"user-b"
|
|
|
|
|
b1.creation_time = 2
|
|
|
|
|
|
|
|
|
|
b2 = Fido2Credential()
|
|
|
|
|
b2.user_id = b"user-b"
|
|
|
|
|
b2.creation_time = 5
|
|
|
|
|
|
|
|
|
|
b3 = Fido2Credential()
|
|
|
|
|
b3.user_id = b"user-b"
|
|
|
|
|
b3.creation_time = 5
|
|
|
|
|
|
|
|
|
|
c1 = U2fCredential()
|
|
|
|
|
|
|
|
|
|
c2 = U2fCredential()
|
|
|
|
|
|
2023-06-28 10:46:29 +00:00
|
|
|
self.assertEqual(
|
|
|
|
|
sorted(_distinguishable_cred_list([a1, a2, a3, b1, b2, c1, c2])),
|
|
|
|
|
[b2, a3, a1, c1],
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
sorted(_distinguishable_cred_list([c2, c1, b2, b1, a3, a2, a1])),
|
|
|
|
|
[b2, a3, a1, c2],
|
|
|
|
|
)
|
2020-03-15 19:56:03 +00:00
|
|
|
|
|
|
|
|
# Test input by creation time.
|
2023-06-28 10:46:29 +00:00
|
|
|
self.assertEqual(
|
|
|
|
|
sorted(_distinguishable_cred_list([b2, a3, c1, a2, b1, a1, c2])),
|
|
|
|
|
[b2, a3, a1, c1],
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
sorted(_distinguishable_cred_list([c2, a1, b1, a2, c1, a3, b2])),
|
|
|
|
|
[b2, a3, a1, c2],
|
|
|
|
|
)
|
2020-03-15 19:56:03 +00:00
|
|
|
|
|
|
|
|
# Test duplicities.
|
2023-06-28 10:46:29 +00:00
|
|
|
self.assertEqual(
|
|
|
|
|
sorted(_distinguishable_cred_list([c1, a1, a1, c2, c1])), [a1, c1]
|
|
|
|
|
)
|
2022-09-19 10:55:46 +00:00
|
|
|
self.assertEqual(sorted(_distinguishable_cred_list([b2, b3])), [b2])
|
|
|
|
|
self.assertEqual(sorted(_distinguishable_cred_list([b3, b2])), [b3])
|
2020-03-15 19:56:03 +00:00
|
|
|
|
|
|
|
|
|
2023-06-28 10:46:29 +00:00
|
|
|
if __name__ == "__main__":
|
2019-08-08 16:33:52 +00:00
|
|
|
unittest.main()
|
