1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 07:28:10 +00:00

python: rename webauthn and u2f to fido

This commit is contained in:
matejcik 2019-11-13 17:47:03 +01:00 committed by matejcik
parent 8e4de5e929
commit bd9bf4e2bc
8 changed files with 73 additions and 74 deletions

View File

@ -16,15 +16,15 @@
import click import click
from .. import device, webauthn from .. import fido
@click.group(name="webauthn") @click.group(name="fido")
def cli(): def cli():
"""WebAuthn, FIDO2 and U2F management commands.""" """FIDO2, U2F and WebAuthN management commands."""
@click.group() @cli.group()
def credentials(): def credentials():
"""Manage FIDO2 resident credentials.""" """Manage FIDO2 resident credentials."""
@ -33,7 +33,7 @@ def credentials():
@click.pass_obj @click.pass_obj
def credentials_list(connect): def credentials_list(connect):
"""List all resident credentials on the device.""" """List all resident credentials on the device."""
creds = webauthn.list_credentials(connect()) creds = fido.list_credentials(connect())
for cred in creds: for cred in creds:
click.echo("") click.echo("")
click.echo("WebAuthn credential at index {}:".format(cred.index)) click.echo("WebAuthn credential at index {}:".format(cred.index))
@ -62,49 +62,49 @@ def credentials_list(connect):
@credentials.command(name="add") @credentials.command(name="add")
@click.argument("hex_credential_id") @click.argument("hex_credential_id")
@click.pass_obj @click.pass_obj
def credential_add(connect, hex_credential_id): def credentials_add(connect, hex_credential_id):
"""Add the credential with the given ID as a resident credential. """Add the credential with the given ID as a resident credential.
HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string. HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string.
""" """
return webauthn.add_credential(connect(), bytes.fromhex(hex_credential_id)) return fido.add_credential(connect(), bytes.fromhex(hex_credential_id))
@cli.command() @credentials.command(name="remove")
@click.option( @click.option(
"-i", "--index", required=True, type=click.IntRange(0, 99), help="Credential index." "-i", "--index", required=True, type=click.IntRange(0, 99), help="Credential index."
) )
@click.pass_obj @click.pass_obj
def remove_credential(connect, index): def credentials_remove(connect, index):
"""Remove the resident credential at the given index.""" """Remove the resident credential at the given index."""
return webauthn.remove_credential(connect(), index) return fido.remove_credential(connect(), index)
# #
# U2F counter operations # FIDO counter operations
# #
@cli.group() @cli.group()
def u2f(): def counter():
"""Get or set the U2F counter value.""" """Get or set the FIDO/U2F counter value."""
@u2f.command(name="set") @counter.command(name="set")
@click.argument("counter", type=int) @click.argument("counter", type=int)
@click.pass_obj @click.pass_obj
def u2f_set(connect, counter): def counter_set(connect, counter):
"""Set U2F counter value.""" """Set FIDO/U2F counter value."""
return device.set_u2f_counter(connect(), counter) return fido.set_counter(connect(), counter)
@u2f.command(name="get-next") @counter.command(name="get-next")
@click.pass_obj @click.pass_obj
def u2f_get_next(connect): def counter_get_next(connect):
"""Get-and-increase value of U2F counter. """Get-and-increase value of FIDO/U2F counter.
U2F counter value cannot be read directly. On each U2F exchange, the counter value FIDO counter value cannot be read directly. On each U2F exchange, the counter value
is returned and atomically increased. This command performs the same operation is returned and atomically increased. This command performs the same operation
and returns the counter value. and returns the counter value.
""" """
return device.get_next_u2f_counter(connect()) return fido.get_next_counter(connect())

View File

@ -34,6 +34,7 @@ from . import (
device, device,
eos, eos,
ethereum, ethereum,
fido,
firmware, firmware,
lisk, lisk,
monero, monero,
@ -42,7 +43,6 @@ from . import (
settings, settings,
stellar, stellar,
tezos, tezos,
webauthn,
) )
COMMAND_ALIASES = { COMMAND_ALIASES = {
@ -262,6 +262,7 @@ cli.add_command(crypto.cli)
cli.add_command(device.cli) cli.add_command(device.cli)
cli.add_command(eos.cli) cli.add_command(eos.cli)
cli.add_command(ethereum.cli) cli.add_command(ethereum.cli)
cli.add_command(fido.cli)
cli.add_command(lisk.cli) cli.add_command(lisk.cli)
cli.add_command(monero.cli) cli.add_command(monero.cli)
cli.add_command(nem.cli) cli.add_command(nem.cli)
@ -269,7 +270,6 @@ cli.add_command(ripple.cli)
cli.add_command(settings.cli) cli.add_command(settings.cli)
cli.add_command(stellar.cli) cli.add_command(stellar.cli)
cli.add_command(tezos.cli) cli.add_command(tezos.cli)
cli.add_command(webauthn.cli)
cli.add_command(firmware.firmware_update) cli.add_command(firmware.firmware_update)

View File

@ -337,7 +337,7 @@ class ProtocolMixin(object):
reset_device = MovedTo("device.reset") reset_device = MovedTo("device.reset")
backup_device = MovedTo("device.backup") backup_device = MovedTo("device.backup")
set_u2f_counter = MovedTo("device.set_u2f_counter") set_u2f_counter = MovedTo("fido.set_counter")
apply_settings = MovedTo("device.apply_settings") apply_settings = MovedTo("device.apply_settings")
apply_flags = MovedTo("device.apply_flags") apply_flags = MovedTo("device.apply_flags")
@ -386,8 +386,7 @@ class ProtocolMixin(object):
decrypt_keyvalue = MovedTo("misc.decrypt_keyvalue") decrypt_keyvalue = MovedTo("misc.decrypt_keyvalue")
# Debug device functionality # Debug device functionality
load_device_by_mnemonic = MovedTo("debuglink.load_device_by_mnemonic") load_device_by_mnemonic = MovedTo("debuglink.load_device")
load_device_by_xprv = MovedTo("debuglink.load_device_by_xprv")
class BaseClient: class BaseClient:

View File

@ -97,16 +97,6 @@ def sd_protect(client, operation):
return ret return ret
@expect(proto.Success, field="message")
def set_u2f_counter(client, u2f_counter):
return client.call(proto.SetU2FCounter(u2f_counter=u2f_counter))
@expect(proto.NextU2FCounter, field="u2f_counter")
def get_next_u2f_counter(client):
return client.call(proto.GetNextU2FCounter())
@expect(proto.Success, field="message") @expect(proto.Success, field="message")
def wipe(client): def wipe(client):
ret = client.call(proto.WipeDevice()) ret = client.call(proto.WipeDevice())

View File

@ -14,20 +14,30 @@
# You should have received a copy of the License along with this library. # You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>. # If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
from . import messages as proto from . import messages
from .tools import expect from .tools import expect
@expect(proto.WebAuthnCredentials, field="credentials") @expect(messages.WebAuthnCredentials, field="credentials")
def list_credentials(client): def list_credentials(client):
return client.call(proto.WebAuthnListResidentCredentials()) return client.call(messages.WebAuthnListResidentCredentials())
@expect(proto.Success, field="message") @expect(messages.Success, field="message")
def add_credential(client, credential_id): def add_credential(client, credential_id):
return client.call(proto.WebAuthnAddResidentCredential(credential_id)) return client.call(messages.WebAuthnAddResidentCredential(credential_id))
@expect(proto.Success, field="message") @expect(messages.Success, field="message")
def remove_credential(client, index): def remove_credential(client, index):
return client.call(proto.WebAuthnRemoveResidentCredential(index)) return client.call(messages.WebAuthnRemoveResidentCredential(index))
@expect(messages.Success, field="message")
def set_counter(client, u2f_counter):
return client.call(messages.SetU2FCounter(u2f_counter=u2f_counter))
@expect(messages.NextU2FCounter, field="u2f_counter")
def get_next_counter(client):
return client.call(messages.GetNextU2FCounter())

View File

@ -16,7 +16,7 @@
import pytest import pytest
from trezorlib import webauthn from trezorlib import fido
from trezorlib.exceptions import Cancelled, TrezorFailure from trezorlib.exceptions import Cancelled, TrezorFailure
from ..common import MNEMONIC12 from ..common import MNEMONIC12
@ -32,16 +32,16 @@ class TestMsgWebAuthn:
def test_add_remove(self, client): def test_add_remove(self, client):
# Remove index 0 should fail. # Remove index 0 should fail.
with pytest.raises(TrezorFailure): with pytest.raises(TrezorFailure):
webauthn.remove_credential(client, 0) fido.remove_credential(client, 0)
# List should be empty. # List should be empty.
assert webauthn.list_credentials(client) == [] assert fido.list_credentials(client) == []
# Add valid credential #1. # Add valid credential #1.
webauthn.add_credential(client, CRED1) fido.add_credential(client, CRED1)
# Check that the credential was added and parameters are correct. # Check that the credential was added and parameters are correct.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == 1 assert len(creds) == 1
assert creds[0].rp_id == "example.com" assert creds[0].rp_id == "example.com"
assert creds[0].rp_name == "Example" assert creds[0].rp_name == "Example"
@ -54,10 +54,10 @@ class TestMsgWebAuthn:
assert creds[0].hmac_secret is True assert creds[0].hmac_secret is True
# Add valid credential #2, which has same rpId and userId as credential #1. # Add valid credential #2, which has same rpId and userId as credential #1.
webauthn.add_credential(client, CRED2) fido.add_credential(client, CRED2)
# Check that the credential #2 replaced credential #1 and parameters are correct. # Check that the credential #2 replaced credential #1 and parameters are correct.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == 1 assert len(creds) == 1
assert creds[0].rp_id == "example.com" assert creds[0].rp_id == "example.com"
assert creds[0].rp_name is None assert creds[0].rp_name is None
@ -71,41 +71,41 @@ class TestMsgWebAuthn:
# Adding an invalid credential should appear as if user cancelled. # Adding an invalid credential should appear as if user cancelled.
with pytest.raises(Cancelled): with pytest.raises(Cancelled):
webauthn.add_credential(client, CRED1[:-2]) fido.add_credential(client, CRED1[:-2])
# Check that the invalid credential was not added. # Check that the invalid credential was not added.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == 1 assert len(creds) == 1
# Add valid credential, which has same userId as #2, but different rpId. # Add valid credential, which has same userId as #2, but different rpId.
webauthn.add_credential(client, CRED3) fido.add_credential(client, CRED3)
# Check that the credential was added. # Check that the credential was added.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == 2 assert len(creds) == 2
# Fill up the credential storage to maximum capacity. # Fill up the credential storage to maximum capacity.
for cred in CREDS[: RK_CAPACITY - 2]: for cred in CREDS[: RK_CAPACITY - 2]:
webauthn.add_credential(client, cred) fido.add_credential(client, cred)
# Adding one more valid credential to full storage should fail. # Adding one more valid credential to full storage should fail.
with pytest.raises(TrezorFailure): with pytest.raises(TrezorFailure):
webauthn.add_credential(client, CREDS[-1]) fido.add_credential(client, CREDS[-1])
# Removing the index, which is one past the end, should fail. # Removing the index, which is one past the end, should fail.
with pytest.raises(TrezorFailure): with pytest.raises(TrezorFailure):
webauthn.remove_credential(client, RK_CAPACITY) fido.remove_credential(client, RK_CAPACITY)
# Remove index 2. # Remove index 2.
webauthn.remove_credential(client, 2) fido.remove_credential(client, 2)
# Check that the credential was removed. # Check that the credential was removed.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == RK_CAPACITY - 1 assert len(creds) == RK_CAPACITY - 1
# Adding another valid credential should succeed now. # Adding another valid credential should succeed now.
webauthn.add_credential(client, CREDS[-1]) fido.add_credential(client, CREDS[-1])
# Check that the credential was added. # Check that the credential was added.
creds = webauthn.list_credentials(client) creds = fido.list_credentials(client)
assert len(creds) == RK_CAPACITY assert len(creds) == RK_CAPACITY

View File

@ -14,14 +14,14 @@
# You should have received a copy of the License along with this library. # You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>. # If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
from trezorlib import device from trezorlib import fido
def test_u2f_counter(client): def test_u2f_counter(client):
assert device.get_next_u2f_counter(client) == 0 assert fido.get_next_counter(client) == 0
assert device.get_next_u2f_counter(client) == 1 assert fido.get_next_counter(client) == 1
device.set_u2f_counter(client, 111111) fido.set_counter(client, 111111)
assert device.get_next_u2f_counter(client) == 111112 assert fido.get_next_counter(client) == 111112
assert device.get_next_u2f_counter(client) == 111113 assert fido.get_next_counter(client) == 111113
device.set_u2f_counter(client, 0) fido.set_counter(client, 0)
assert device.get_next_u2f_counter(client) == 1 assert fido.get_next_counter(client) == 1

View File

@ -16,7 +16,7 @@
import pytest import pytest
from trezorlib import MINIMUM_FIRMWARE_VERSION, btc, debuglink, device from trezorlib import MINIMUM_FIRMWARE_VERSION, btc, debuglink, device, fido
from trezorlib.messages import BackupType from trezorlib.messages import BackupType
from trezorlib.tools import H_ from trezorlib.tools import H_
@ -253,15 +253,15 @@ def test_upgrade_u2f(gen, from_tag, to_tag):
Check U2F counter stayed the same after an upgrade. Check U2F counter stayed the same after an upgrade.
""" """
with EmulatorWrapper(gen, from_tag) as emu: with EmulatorWrapper(gen, from_tag) as emu:
success = device.set_u2f_counter(emu.client, 10) success = fido.set_counter(emu.client, 10)
assert "U2F counter set" in success assert "U2F counter set" in success
counter = device.get_next_u2f_counter(emu.client) counter = fido.get_next_counter(emu.client)
assert counter == 11 assert counter == 11
storage = emu.storage() storage = emu.storage()
with EmulatorWrapper(gen, to_tag, storage=storage) as emu: with EmulatorWrapper(gen, to_tag, storage=storage) as emu:
counter = device.get_next_u2f_counter(emu.client) counter = fido.get_next_counter(emu.client)
assert counter == 12 assert counter == 12