mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 07:28:10 +00:00
python: rename webauthn and u2f to fido
This commit is contained in:
parent
8e4de5e929
commit
bd9bf4e2bc
@ -16,15 +16,15 @@
|
|||||||
|
|
||||||
import click
|
import click
|
||||||
|
|
||||||
from .. import device, webauthn
|
from .. import fido
|
||||||
|
|
||||||
|
|
||||||
@click.group(name="webauthn")
|
@click.group(name="fido")
|
||||||
def cli():
|
def cli():
|
||||||
"""WebAuthn, FIDO2 and U2F management commands."""
|
"""FIDO2, U2F and WebAuthN management commands."""
|
||||||
|
|
||||||
|
|
||||||
@click.group()
|
@cli.group()
|
||||||
def credentials():
|
def credentials():
|
||||||
"""Manage FIDO2 resident credentials."""
|
"""Manage FIDO2 resident credentials."""
|
||||||
|
|
||||||
@ -33,7 +33,7 @@ def credentials():
|
|||||||
@click.pass_obj
|
@click.pass_obj
|
||||||
def credentials_list(connect):
|
def credentials_list(connect):
|
||||||
"""List all resident credentials on the device."""
|
"""List all resident credentials on the device."""
|
||||||
creds = webauthn.list_credentials(connect())
|
creds = fido.list_credentials(connect())
|
||||||
for cred in creds:
|
for cred in creds:
|
||||||
click.echo("")
|
click.echo("")
|
||||||
click.echo("WebAuthn credential at index {}:".format(cred.index))
|
click.echo("WebAuthn credential at index {}:".format(cred.index))
|
||||||
@ -62,49 +62,49 @@ def credentials_list(connect):
|
|||||||
@credentials.command(name="add")
|
@credentials.command(name="add")
|
||||||
@click.argument("hex_credential_id")
|
@click.argument("hex_credential_id")
|
||||||
@click.pass_obj
|
@click.pass_obj
|
||||||
def credential_add(connect, hex_credential_id):
|
def credentials_add(connect, hex_credential_id):
|
||||||
"""Add the credential with the given ID as a resident credential.
|
"""Add the credential with the given ID as a resident credential.
|
||||||
|
|
||||||
HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string.
|
HEX_CREDENTIAL_ID is the credential ID as a hexadecimal string.
|
||||||
"""
|
"""
|
||||||
return webauthn.add_credential(connect(), bytes.fromhex(hex_credential_id))
|
return fido.add_credential(connect(), bytes.fromhex(hex_credential_id))
|
||||||
|
|
||||||
|
|
||||||
@cli.command()
|
@credentials.command(name="remove")
|
||||||
@click.option(
|
@click.option(
|
||||||
"-i", "--index", required=True, type=click.IntRange(0, 99), help="Credential index."
|
"-i", "--index", required=True, type=click.IntRange(0, 99), help="Credential index."
|
||||||
)
|
)
|
||||||
@click.pass_obj
|
@click.pass_obj
|
||||||
def remove_credential(connect, index):
|
def credentials_remove(connect, index):
|
||||||
"""Remove the resident credential at the given index."""
|
"""Remove the resident credential at the given index."""
|
||||||
return webauthn.remove_credential(connect(), index)
|
return fido.remove_credential(connect(), index)
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# U2F counter operations
|
# FIDO counter operations
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@cli.group()
|
@cli.group()
|
||||||
def u2f():
|
def counter():
|
||||||
"""Get or set the U2F counter value."""
|
"""Get or set the FIDO/U2F counter value."""
|
||||||
|
|
||||||
|
|
||||||
@u2f.command(name="set")
|
@counter.command(name="set")
|
||||||
@click.argument("counter", type=int)
|
@click.argument("counter", type=int)
|
||||||
@click.pass_obj
|
@click.pass_obj
|
||||||
def u2f_set(connect, counter):
|
def counter_set(connect, counter):
|
||||||
"""Set U2F counter value."""
|
"""Set FIDO/U2F counter value."""
|
||||||
return device.set_u2f_counter(connect(), counter)
|
return fido.set_counter(connect(), counter)
|
||||||
|
|
||||||
|
|
||||||
@u2f.command(name="get-next")
|
@counter.command(name="get-next")
|
||||||
@click.pass_obj
|
@click.pass_obj
|
||||||
def u2f_get_next(connect):
|
def counter_get_next(connect):
|
||||||
"""Get-and-increase value of U2F counter.
|
"""Get-and-increase value of FIDO/U2F counter.
|
||||||
|
|
||||||
U2F counter value cannot be read directly. On each U2F exchange, the counter value
|
FIDO counter value cannot be read directly. On each U2F exchange, the counter value
|
||||||
is returned and atomically increased. This command performs the same operation
|
is returned and atomically increased. This command performs the same operation
|
||||||
and returns the counter value.
|
and returns the counter value.
|
||||||
"""
|
"""
|
||||||
return device.get_next_u2f_counter(connect())
|
return fido.get_next_counter(connect())
|
@ -34,6 +34,7 @@ from . import (
|
|||||||
device,
|
device,
|
||||||
eos,
|
eos,
|
||||||
ethereum,
|
ethereum,
|
||||||
|
fido,
|
||||||
firmware,
|
firmware,
|
||||||
lisk,
|
lisk,
|
||||||
monero,
|
monero,
|
||||||
@ -42,7 +43,6 @@ from . import (
|
|||||||
settings,
|
settings,
|
||||||
stellar,
|
stellar,
|
||||||
tezos,
|
tezos,
|
||||||
webauthn,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
COMMAND_ALIASES = {
|
COMMAND_ALIASES = {
|
||||||
@ -262,6 +262,7 @@ cli.add_command(crypto.cli)
|
|||||||
cli.add_command(device.cli)
|
cli.add_command(device.cli)
|
||||||
cli.add_command(eos.cli)
|
cli.add_command(eos.cli)
|
||||||
cli.add_command(ethereum.cli)
|
cli.add_command(ethereum.cli)
|
||||||
|
cli.add_command(fido.cli)
|
||||||
cli.add_command(lisk.cli)
|
cli.add_command(lisk.cli)
|
||||||
cli.add_command(monero.cli)
|
cli.add_command(monero.cli)
|
||||||
cli.add_command(nem.cli)
|
cli.add_command(nem.cli)
|
||||||
@ -269,7 +270,6 @@ cli.add_command(ripple.cli)
|
|||||||
cli.add_command(settings.cli)
|
cli.add_command(settings.cli)
|
||||||
cli.add_command(stellar.cli)
|
cli.add_command(stellar.cli)
|
||||||
cli.add_command(tezos.cli)
|
cli.add_command(tezos.cli)
|
||||||
cli.add_command(webauthn.cli)
|
|
||||||
|
|
||||||
cli.add_command(firmware.firmware_update)
|
cli.add_command(firmware.firmware_update)
|
||||||
|
|
||||||
|
@ -337,7 +337,7 @@ class ProtocolMixin(object):
|
|||||||
reset_device = MovedTo("device.reset")
|
reset_device = MovedTo("device.reset")
|
||||||
backup_device = MovedTo("device.backup")
|
backup_device = MovedTo("device.backup")
|
||||||
|
|
||||||
set_u2f_counter = MovedTo("device.set_u2f_counter")
|
set_u2f_counter = MovedTo("fido.set_counter")
|
||||||
|
|
||||||
apply_settings = MovedTo("device.apply_settings")
|
apply_settings = MovedTo("device.apply_settings")
|
||||||
apply_flags = MovedTo("device.apply_flags")
|
apply_flags = MovedTo("device.apply_flags")
|
||||||
@ -386,8 +386,7 @@ class ProtocolMixin(object):
|
|||||||
decrypt_keyvalue = MovedTo("misc.decrypt_keyvalue")
|
decrypt_keyvalue = MovedTo("misc.decrypt_keyvalue")
|
||||||
|
|
||||||
# Debug device functionality
|
# Debug device functionality
|
||||||
load_device_by_mnemonic = MovedTo("debuglink.load_device_by_mnemonic")
|
load_device_by_mnemonic = MovedTo("debuglink.load_device")
|
||||||
load_device_by_xprv = MovedTo("debuglink.load_device_by_xprv")
|
|
||||||
|
|
||||||
|
|
||||||
class BaseClient:
|
class BaseClient:
|
||||||
|
@ -97,16 +97,6 @@ def sd_protect(client, operation):
|
|||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.Success, field="message")
|
|
||||||
def set_u2f_counter(client, u2f_counter):
|
|
||||||
return client.call(proto.SetU2FCounter(u2f_counter=u2f_counter))
|
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.NextU2FCounter, field="u2f_counter")
|
|
||||||
def get_next_u2f_counter(client):
|
|
||||||
return client.call(proto.GetNextU2FCounter())
|
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.Success, field="message")
|
@expect(proto.Success, field="message")
|
||||||
def wipe(client):
|
def wipe(client):
|
||||||
ret = client.call(proto.WipeDevice())
|
ret = client.call(proto.WipeDevice())
|
||||||
|
@ -14,20 +14,30 @@
|
|||||||
# You should have received a copy of the License along with this library.
|
# You should have received a copy of the License along with this library.
|
||||||
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
||||||
|
|
||||||
from . import messages as proto
|
from . import messages
|
||||||
from .tools import expect
|
from .tools import expect
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.WebAuthnCredentials, field="credentials")
|
@expect(messages.WebAuthnCredentials, field="credentials")
|
||||||
def list_credentials(client):
|
def list_credentials(client):
|
||||||
return client.call(proto.WebAuthnListResidentCredentials())
|
return client.call(messages.WebAuthnListResidentCredentials())
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.Success, field="message")
|
@expect(messages.Success, field="message")
|
||||||
def add_credential(client, credential_id):
|
def add_credential(client, credential_id):
|
||||||
return client.call(proto.WebAuthnAddResidentCredential(credential_id))
|
return client.call(messages.WebAuthnAddResidentCredential(credential_id))
|
||||||
|
|
||||||
|
|
||||||
@expect(proto.Success, field="message")
|
@expect(messages.Success, field="message")
|
||||||
def remove_credential(client, index):
|
def remove_credential(client, index):
|
||||||
return client.call(proto.WebAuthnRemoveResidentCredential(index))
|
return client.call(messages.WebAuthnRemoveResidentCredential(index))
|
||||||
|
|
||||||
|
|
||||||
|
@expect(messages.Success, field="message")
|
||||||
|
def set_counter(client, u2f_counter):
|
||||||
|
return client.call(messages.SetU2FCounter(u2f_counter=u2f_counter))
|
||||||
|
|
||||||
|
|
||||||
|
@expect(messages.NextU2FCounter, field="u2f_counter")
|
||||||
|
def get_next_counter(client):
|
||||||
|
return client.call(messages.GetNextU2FCounter())
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from trezorlib import webauthn
|
from trezorlib import fido
|
||||||
from trezorlib.exceptions import Cancelled, TrezorFailure
|
from trezorlib.exceptions import Cancelled, TrezorFailure
|
||||||
|
|
||||||
from ..common import MNEMONIC12
|
from ..common import MNEMONIC12
|
||||||
@ -32,16 +32,16 @@ class TestMsgWebAuthn:
|
|||||||
def test_add_remove(self, client):
|
def test_add_remove(self, client):
|
||||||
# Remove index 0 should fail.
|
# Remove index 0 should fail.
|
||||||
with pytest.raises(TrezorFailure):
|
with pytest.raises(TrezorFailure):
|
||||||
webauthn.remove_credential(client, 0)
|
fido.remove_credential(client, 0)
|
||||||
|
|
||||||
# List should be empty.
|
# List should be empty.
|
||||||
assert webauthn.list_credentials(client) == []
|
assert fido.list_credentials(client) == []
|
||||||
|
|
||||||
# Add valid credential #1.
|
# Add valid credential #1.
|
||||||
webauthn.add_credential(client, CRED1)
|
fido.add_credential(client, CRED1)
|
||||||
|
|
||||||
# Check that the credential was added and parameters are correct.
|
# Check that the credential was added and parameters are correct.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == 1
|
assert len(creds) == 1
|
||||||
assert creds[0].rp_id == "example.com"
|
assert creds[0].rp_id == "example.com"
|
||||||
assert creds[0].rp_name == "Example"
|
assert creds[0].rp_name == "Example"
|
||||||
@ -54,10 +54,10 @@ class TestMsgWebAuthn:
|
|||||||
assert creds[0].hmac_secret is True
|
assert creds[0].hmac_secret is True
|
||||||
|
|
||||||
# Add valid credential #2, which has same rpId and userId as credential #1.
|
# Add valid credential #2, which has same rpId and userId as credential #1.
|
||||||
webauthn.add_credential(client, CRED2)
|
fido.add_credential(client, CRED2)
|
||||||
|
|
||||||
# Check that the credential #2 replaced credential #1 and parameters are correct.
|
# Check that the credential #2 replaced credential #1 and parameters are correct.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == 1
|
assert len(creds) == 1
|
||||||
assert creds[0].rp_id == "example.com"
|
assert creds[0].rp_id == "example.com"
|
||||||
assert creds[0].rp_name is None
|
assert creds[0].rp_name is None
|
||||||
@ -71,41 +71,41 @@ class TestMsgWebAuthn:
|
|||||||
|
|
||||||
# Adding an invalid credential should appear as if user cancelled.
|
# Adding an invalid credential should appear as if user cancelled.
|
||||||
with pytest.raises(Cancelled):
|
with pytest.raises(Cancelled):
|
||||||
webauthn.add_credential(client, CRED1[:-2])
|
fido.add_credential(client, CRED1[:-2])
|
||||||
|
|
||||||
# Check that the invalid credential was not added.
|
# Check that the invalid credential was not added.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == 1
|
assert len(creds) == 1
|
||||||
|
|
||||||
# Add valid credential, which has same userId as #2, but different rpId.
|
# Add valid credential, which has same userId as #2, but different rpId.
|
||||||
webauthn.add_credential(client, CRED3)
|
fido.add_credential(client, CRED3)
|
||||||
|
|
||||||
# Check that the credential was added.
|
# Check that the credential was added.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == 2
|
assert len(creds) == 2
|
||||||
|
|
||||||
# Fill up the credential storage to maximum capacity.
|
# Fill up the credential storage to maximum capacity.
|
||||||
for cred in CREDS[: RK_CAPACITY - 2]:
|
for cred in CREDS[: RK_CAPACITY - 2]:
|
||||||
webauthn.add_credential(client, cred)
|
fido.add_credential(client, cred)
|
||||||
|
|
||||||
# Adding one more valid credential to full storage should fail.
|
# Adding one more valid credential to full storage should fail.
|
||||||
with pytest.raises(TrezorFailure):
|
with pytest.raises(TrezorFailure):
|
||||||
webauthn.add_credential(client, CREDS[-1])
|
fido.add_credential(client, CREDS[-1])
|
||||||
|
|
||||||
# Removing the index, which is one past the end, should fail.
|
# Removing the index, which is one past the end, should fail.
|
||||||
with pytest.raises(TrezorFailure):
|
with pytest.raises(TrezorFailure):
|
||||||
webauthn.remove_credential(client, RK_CAPACITY)
|
fido.remove_credential(client, RK_CAPACITY)
|
||||||
|
|
||||||
# Remove index 2.
|
# Remove index 2.
|
||||||
webauthn.remove_credential(client, 2)
|
fido.remove_credential(client, 2)
|
||||||
|
|
||||||
# Check that the credential was removed.
|
# Check that the credential was removed.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == RK_CAPACITY - 1
|
assert len(creds) == RK_CAPACITY - 1
|
||||||
|
|
||||||
# Adding another valid credential should succeed now.
|
# Adding another valid credential should succeed now.
|
||||||
webauthn.add_credential(client, CREDS[-1])
|
fido.add_credential(client, CREDS[-1])
|
||||||
|
|
||||||
# Check that the credential was added.
|
# Check that the credential was added.
|
||||||
creds = webauthn.list_credentials(client)
|
creds = fido.list_credentials(client)
|
||||||
assert len(creds) == RK_CAPACITY
|
assert len(creds) == RK_CAPACITY
|
||||||
|
@ -14,14 +14,14 @@
|
|||||||
# You should have received a copy of the License along with this library.
|
# You should have received a copy of the License along with this library.
|
||||||
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
||||||
|
|
||||||
from trezorlib import device
|
from trezorlib import fido
|
||||||
|
|
||||||
|
|
||||||
def test_u2f_counter(client):
|
def test_u2f_counter(client):
|
||||||
assert device.get_next_u2f_counter(client) == 0
|
assert fido.get_next_counter(client) == 0
|
||||||
assert device.get_next_u2f_counter(client) == 1
|
assert fido.get_next_counter(client) == 1
|
||||||
device.set_u2f_counter(client, 111111)
|
fido.set_counter(client, 111111)
|
||||||
assert device.get_next_u2f_counter(client) == 111112
|
assert fido.get_next_counter(client) == 111112
|
||||||
assert device.get_next_u2f_counter(client) == 111113
|
assert fido.get_next_counter(client) == 111113
|
||||||
device.set_u2f_counter(client, 0)
|
fido.set_counter(client, 0)
|
||||||
assert device.get_next_u2f_counter(client) == 1
|
assert fido.get_next_counter(client) == 1
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from trezorlib import MINIMUM_FIRMWARE_VERSION, btc, debuglink, device
|
from trezorlib import MINIMUM_FIRMWARE_VERSION, btc, debuglink, device, fido
|
||||||
from trezorlib.messages import BackupType
|
from trezorlib.messages import BackupType
|
||||||
from trezorlib.tools import H_
|
from trezorlib.tools import H_
|
||||||
|
|
||||||
@ -253,15 +253,15 @@ def test_upgrade_u2f(gen, from_tag, to_tag):
|
|||||||
Check U2F counter stayed the same after an upgrade.
|
Check U2F counter stayed the same after an upgrade.
|
||||||
"""
|
"""
|
||||||
with EmulatorWrapper(gen, from_tag) as emu:
|
with EmulatorWrapper(gen, from_tag) as emu:
|
||||||
success = device.set_u2f_counter(emu.client, 10)
|
success = fido.set_counter(emu.client, 10)
|
||||||
assert "U2F counter set" in success
|
assert "U2F counter set" in success
|
||||||
|
|
||||||
counter = device.get_next_u2f_counter(emu.client)
|
counter = fido.get_next_counter(emu.client)
|
||||||
assert counter == 11
|
assert counter == 11
|
||||||
storage = emu.storage()
|
storage = emu.storage()
|
||||||
|
|
||||||
with EmulatorWrapper(gen, to_tag, storage=storage) as emu:
|
with EmulatorWrapper(gen, to_tag, storage=storage) as emu:
|
||||||
counter = device.get_next_u2f_counter(emu.client)
|
counter = fido.get_next_counter(emu.client)
|
||||||
assert counter == 12
|
assert counter == 12
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user