|
|
|
@ -16,7 +16,7 @@
|
|
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
|
|
from trezorlib import webauthn
|
|
|
|
|
from trezorlib import fido
|
|
|
|
|
from trezorlib.exceptions import Cancelled, TrezorFailure
|
|
|
|
|
|
|
|
|
|
from ..common import MNEMONIC12
|
|
|
|
@ -32,16 +32,16 @@ class TestMsgWebAuthn:
|
|
|
|
|
def test_add_remove(self, client):
|
|
|
|
|
# Remove index 0 should fail.
|
|
|
|
|
with pytest.raises(TrezorFailure):
|
|
|
|
|
webauthn.remove_credential(client, 0)
|
|
|
|
|
fido.remove_credential(client, 0)
|
|
|
|
|
|
|
|
|
|
# List should be empty.
|
|
|
|
|
assert webauthn.list_credentials(client) == []
|
|
|
|
|
assert fido.list_credentials(client) == []
|
|
|
|
|
|
|
|
|
|
# Add valid credential #1.
|
|
|
|
|
webauthn.add_credential(client, CRED1)
|
|
|
|
|
fido.add_credential(client, CRED1)
|
|
|
|
|
|
|
|
|
|
# Check that the credential was added and parameters are correct.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == 1
|
|
|
|
|
assert creds[0].rp_id == "example.com"
|
|
|
|
|
assert creds[0].rp_name == "Example"
|
|
|
|
@ -54,10 +54,10 @@ class TestMsgWebAuthn:
|
|
|
|
|
assert creds[0].hmac_secret is True
|
|
|
|
|
|
|
|
|
|
# Add valid credential #2, which has same rpId and userId as credential #1.
|
|
|
|
|
webauthn.add_credential(client, CRED2)
|
|
|
|
|
fido.add_credential(client, CRED2)
|
|
|
|
|
|
|
|
|
|
# Check that the credential #2 replaced credential #1 and parameters are correct.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == 1
|
|
|
|
|
assert creds[0].rp_id == "example.com"
|
|
|
|
|
assert creds[0].rp_name is None
|
|
|
|
@ -71,41 +71,41 @@ class TestMsgWebAuthn:
|
|
|
|
|
|
|
|
|
|
# Adding an invalid credential should appear as if user cancelled.
|
|
|
|
|
with pytest.raises(Cancelled):
|
|
|
|
|
webauthn.add_credential(client, CRED1[:-2])
|
|
|
|
|
fido.add_credential(client, CRED1[:-2])
|
|
|
|
|
|
|
|
|
|
# Check that the invalid credential was not added.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == 1
|
|
|
|
|
|
|
|
|
|
# Add valid credential, which has same userId as #2, but different rpId.
|
|
|
|
|
webauthn.add_credential(client, CRED3)
|
|
|
|
|
fido.add_credential(client, CRED3)
|
|
|
|
|
|
|
|
|
|
# Check that the credential was added.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == 2
|
|
|
|
|
|
|
|
|
|
# Fill up the credential storage to maximum capacity.
|
|
|
|
|
for cred in CREDS[: RK_CAPACITY - 2]:
|
|
|
|
|
webauthn.add_credential(client, cred)
|
|
|
|
|
fido.add_credential(client, cred)
|
|
|
|
|
|
|
|
|
|
# Adding one more valid credential to full storage should fail.
|
|
|
|
|
with pytest.raises(TrezorFailure):
|
|
|
|
|
webauthn.add_credential(client, CREDS[-1])
|
|
|
|
|
fido.add_credential(client, CREDS[-1])
|
|
|
|
|
|
|
|
|
|
# Removing the index, which is one past the end, should fail.
|
|
|
|
|
with pytest.raises(TrezorFailure):
|
|
|
|
|
webauthn.remove_credential(client, RK_CAPACITY)
|
|
|
|
|
fido.remove_credential(client, RK_CAPACITY)
|
|
|
|
|
|
|
|
|
|
# Remove index 2.
|
|
|
|
|
webauthn.remove_credential(client, 2)
|
|
|
|
|
fido.remove_credential(client, 2)
|
|
|
|
|
|
|
|
|
|
# Check that the credential was removed.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == RK_CAPACITY - 1
|
|
|
|
|
|
|
|
|
|
# Adding another valid credential should succeed now.
|
|
|
|
|
webauthn.add_credential(client, CREDS[-1])
|
|
|
|
|
fido.add_credential(client, CREDS[-1])
|
|
|
|
|
|
|
|
|
|
# Check that the credential was added.
|
|
|
|
|
creds = webauthn.list_credentials(client)
|
|
|
|
|
creds = fido.list_credentials(client)
|
|
|
|
|
assert len(creds) == RK_CAPACITY
|
|
|
|
|