Lines Matching +full:pin +full:- +full:count
1 #!/bin/sh -ex
3 # Copyright (c) 2021-2022 Yubico AB. All rights reserved.
4 # Use of this source code is governed by a BSD-style
6 # SPDX-License-Identifier: BSD-2-Clause
8 # usage: ./test.sh "$(mktemp -d fido2test-XXXXXXXX)" device
11 # - is incomplete;
12 # - assumes CTAP 2.1-like hmac-secret;
13 # - should pass as-is on a YubiKey with a PIN set;
14 # - may otherwise require set +e above;
15 # - can be executed with UV=1 to run additional UV tests;
16 # - was last tested on 2022-01-11 with firmware 5.4.3.
26 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
29 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
31 fido2-cred -M $2 "${DEV}" "${TYPE}" > "$3" < cred_param
35 fido2-cred -V $1 "${TYPE}" > cred_out < "$2"
36 head -1 cred_out > "$3"
37 tail -n +2 cred_out > "$4"
42 $(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
47 fido2-assert -G $2 "${DEV}" > "$5" < assert_param
51 fido2-assert -V $1 "$2" "${TYPE}" < "$3"
54 dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt
58 make_cred no.tld "-u" u2f
59 ! make_cred no.tld "-ru" /dev/null
60 ! make_cred no.tld "-uc1" /dev/null
61 ! make_cred no.tld "-uc2" /dev/null
62 verify_cred "--" u2f u2f-cred u2f-pubkey
63 ! verify_cred "-h" u2f /dev/null /dev/null
64 ! verify_cred "-v" u2f /dev/null /dev/null
65 verify_cred "-c0" u2f /dev/null /dev/null
66 ! verify_cred "-c1" u2f /dev/null /dev/null
67 ! verify_cred "-c2" u2f /dev/null /dev/null
68 ! verify_cred "-c3" u2f /dev/null /dev/null
71 # wrap (non-resident)
72 make_cred no.tld "--" wrap
73 verify_cred "--" wrap wrap-cred wrap-pubkey
74 ! verify_cred "-h" wrap /dev/null /dev/null
75 ! verify_cred "-v" wrap /dev/null /dev/null
76 verify_cred "-c0" wrap /dev/null /dev/null
77 ! verify_cred "-c1" wrap /dev/null /dev/null
78 ! verify_cred "-c2" wrap /dev/null /dev/null
79 ! verify_cred "-c3" wrap /dev/null /dev/null
81 # wrap (non-resident) + hmac-secret
82 make_cred no.tld "-h" wrap-hs
83 ! verify_cred "--" wrap-hs /dev/null /dev/null
84 verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey
85 ! verify_cred "-v" wrap-hs /dev/null /dev/null
86 verify_cred "-hc0" wrap-hs /dev/null /dev/null
87 ! verify_cred "-c0" wrap-hs /dev/null /dev/null
88 ! verify_cred "-c1" wrap-hs /dev/null /dev/null
89 ! verify_cred "-c2" wrap-hs /dev/null /dev/null
90 ! verify_cred "-c3" wrap-hs /dev/null /dev/null
93 make_cred no.tld "-r" rk
94 verify_cred "--" rk rk-cred rk-pubkey
95 ! verify_cred "-h" rk /dev/null /dev/null
96 ! verify_cred "-v" rk /dev/null /dev/null
97 verify_cred "-c0" rk /dev/null /dev/null
98 ! verify_cred "-c1" rk /dev/null /dev/null
99 ! verify_cred "-c2" rk /dev/null /dev/null
100 ! verify_cred "-c3" rk /dev/null /dev/null
102 # resident + hmac-secret
103 make_cred no.tld "-hr" rk-hs
104 ! verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey
105 verify_cred "-h" rk-hs /dev/null /dev/null
106 ! verify_cred "-v" rk-hs /dev/null /dev/null
107 verify_cred "-hc0" rk-hs /dev/null /dev/null
108 ! verify_cred "-c0" rk-hs /dev/null /dev/null
109 ! verify_cred "-c1" rk-hs /dev/null /dev/null
110 ! verify_cred "-c2" rk-hs /dev/null /dev/null
111 ! verify_cred "-c3" rk-hs /dev/null /dev/null
115 get_assert no.tld "-u" u2f-cred /dev/null u2f-assert
116 ! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null
117 verify_assert "--" u2f-pubkey u2f-assert
118 verify_assert "-p" u2f-pubkey u2f-assert
121 # wrap (non-resident)
122 get_assert no.tld "--" wrap-cred /dev/null wrap-assert
123 verify_assert "--" wrap-pubkey wrap-assert
124 get_assert no.tld "-t pin=true" wrap-cred /dev/null wrap-assert
125 verify_assert "--" wrap-pubkey wrap-assert
126 verify_assert "-v" wrap-pubkey wrap-assert
127 get_assert no.tld "-t pin=false" wrap-cred /dev/null wrap-assert
128 verify_assert "--" wrap-pubkey wrap-assert
129 get_assert no.tld "-t up=true" wrap-cred /dev/null wrap-assert
130 verify_assert "-p" wrap-pubkey wrap-assert
131 get_assert no.tld "-t up=true -t pin=true" wrap-cred /dev/null wrap-assert
132 verify_assert "--" wrap-pubkey wrap-assert
133 verify_assert "-p" wrap-pubkey wrap-assert
134 verify_assert "-v" wrap-pubkey wrap-assert
135 verify_assert "-pv" wrap-pubkey wrap-assert
136 get_assert no.tld "-t up=true -t pin=false" wrap-cred /dev/null wrap-assert
137 verify_assert "--" wrap-pubkey wrap-assert
138 verify_assert "-p" wrap-pubkey wrap-assert
139 get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert
140 verify_assert "--" wrap-pubkey wrap-assert
141 ! verify_assert "-p" wrap-pubkey wrap-assert
142 get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert
143 ! verify_assert "-p" wrap-pubkey wrap-assert
144 verify_assert "-v" wrap-pubkey wrap-assert
145 ! verify_assert "-pv" wrap-pubkey wrap-assert
146 get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert
147 ! verify_assert "-p" wrap-pubkey wrap-assert
148 get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert
149 ! verify_assert "--" wrap-pubkey wrap-assert
150 verify_assert "-h" wrap-pubkey wrap-assert
151 get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert
152 ! verify_assert "--" wrap-pubkey wrap-assert
153 verify_assert "-h" wrap-pubkey wrap-assert
154 verify_assert "-hv" wrap-pubkey wrap-assert
155 get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert
156 ! verify_assert "--" wrap-pubkey wrap-assert
157 verify_assert "-h" wrap-pubkey wrap-assert
158 get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert
159 ! verify_assert "--" wrap-pubkey wrap-assert
160 verify_assert "-h" wrap-pubkey wrap-assert
161 verify_assert "-hp" wrap-pubkey wrap-assert
162 get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert
163 ! verify_assert "--" wrap-pubkey wrap-assert
164 verify_assert "-h" wrap-pubkey wrap-assert
165 verify_assert "-hp" wrap-pubkey wrap-assert
166 verify_assert "-hv" wrap-pubkey wrap-assert
167 verify_assert "-hpv" wrap-pubkey wrap-assert
168 get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert
169 ! verify_assert "--" wrap-pubkey wrap-assert
170 verify_assert "-h" wrap-pubkey wrap-assert
171 verify_assert "-hp" wrap-pubkey wrap-assert
172 ! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert
173 ! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert
174 ! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert
177 get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert
178 verify_assert "-v" wrap-pubkey wrap-assert
179 get_assert no.tld "-t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
180 verify_assert "-v" wrap-pubkey wrap-assert
181 get_assert no.tld "-t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
182 verify_assert "-v" wrap-pubkey wrap-assert
183 get_assert no.tld "-t uv=false" wrap-cred /dev/null wrap-assert
184 verify_assert "--" wrap-pubkey wrap-assert
185 get_assert no.tld "-t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
186 verify_assert "-v" wrap-pubkey wrap-assert
187 get_assert no.tld "-t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
188 verify_assert "--" wrap-pubkey wrap-assert
189 get_assert no.tld "-t up=true -t uv=true" wrap-cred /dev/null wrap-assert
190 verify_assert "-pv" wrap-pubkey wrap-assert
191 get_assert no.tld "-t up=true -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
192 verify_assert "-pv" wrap-pubkey wrap-assert
193 get_assert no.tld "-t up=true -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
194 verify_assert "-pv" wrap-pubkey wrap-assert
195 get_assert no.tld "-t up=true -t uv=false" wrap-cred /dev/null wrap-assert
196 verify_assert "-p" wrap-pubkey wrap-assert
197 get_assert no.tld "-t up=true -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
198 verify_assert "-pv" wrap-pubkey wrap-assert
199 get_assert no.tld "-t up=true -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
200 verify_assert "-p" wrap-pubkey wrap-assert
201 get_assert no.tld "-t up=false -t uv=true" wrap-cred /dev/null wrap-assert
202 verify_assert "-v" wrap-pubkey wrap-assert
203 get_assert no.tld "-t up=false -t uv=true -t pin=true" wrap-cred /dev/null wrap-assert
204 verify_assert "-v" wrap-pubkey wrap-assert
205 get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
206 verify_assert "-v" wrap-pubkey wrap-assert
207 get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert
208 ! verify_assert "--" wrap-pubkey wrap-assert
209 get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
210 verify_assert "-v" wrap-pubkey wrap-assert
211 get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
212 ! verify_assert "--" wrap-pubkey wrap-assert
213 get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert
214 verify_assert "-hv" wrap-pubkey wrap-assert
215 get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
216 verify_assert "-hv" wrap-pubkey wrap-assert
217 get_assert no.tld "-h -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
218 verify_assert "-hv" wrap-pubkey wrap-assert
219 get_assert no.tld "-h -t uv=false" wrap-cred hmac-salt wrap-assert
220 verify_assert "-h" wrap-pubkey wrap-assert
221 get_assert no.tld "-h -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
222 verify_assert "-hv" wrap-pubkey wrap-assert
223 get_assert no.tld "-h -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
224 verify_assert "-h" wrap-pubkey wrap-assert
225 get_assert no.tld "-h -t up=true -t uv=true" wrap-cred hmac-salt wrap-assert
226 verify_assert "-hpv" wrap-pubkey wrap-assert
227 get_assert no.tld "-h -t up=true -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
228 verify_assert "-hpv" wrap-pubkey wrap-assert
229 get_assert no.tld "-h -t up=true -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
230 verify_assert "-hpv" wrap-pubkey wrap-assert
231 get_assert no.tld "-h -t up=true -t uv=false" wrap-cred hmac-salt wrap-assert
232 verify_assert "-hp" wrap-pubkey wrap-assert
233 get_assert no.tld "-h -t up=true -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
234 verify_assert "-hpv" wrap-pubkey wrap-assert
235 get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
236 verify_assert "-hp" wrap-pubkey wrap-assert
237 ! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert
238 ! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
239 ! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
240 ! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert
241 ! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
242 ! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
246 get_assert no.tld "-r" /dev/null /dev/null wrap-assert
247 get_assert no.tld "-r -t pin=true" /dev/null /dev/null wrap-assert
248 get_assert no.tld "-r -t pin=false" /dev/null /dev/null wrap-assert
249 get_assert no.tld "-r -t up=true" /dev/null /dev/null wrap-assert
250 get_assert no.tld "-r -t up=true -t pin=true" /dev/null /dev/null wrap-assert
251 get_assert no.tld "-r -t up=true -t pin=false" /dev/null /dev/null wrap-assert
252 get_assert no.tld "-r -t up=false" /dev/null /dev/null wrap-assert
253 get_assert no.tld "-r -t up=false -t pin=true" /dev/null /dev/null wrap-assert
254 get_assert no.tld "-r -t up=false -t pin=false" /dev/null /dev/null wrap-assert
255 get_assert no.tld "-r -h" /dev/null hmac-salt wrap-assert
256 get_assert no.tld "-r -h -t pin=true" /dev/null hmac-salt wrap-assert
257 get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert
258 get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert
259 get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert
260 get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert
261 ! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert
262 ! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert
263 ! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert
266 get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert
267 get_assert no.tld "-r -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
268 get_assert no.tld "-r -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
269 get_assert no.tld "-r -t uv=false" /dev/null /dev/null wrap-assert
270 get_assert no.tld "-r -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
271 get_assert no.tld "-r -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
272 get_assert no.tld "-r -t up=true -t uv=true" /dev/null /dev/null wrap-assert
273 get_assert no.tld "-r -t up=true -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
274 get_assert no.tld "-r -t up=true -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
275 get_assert no.tld "-r -t up=true -t uv=false" /dev/null /dev/null wrap-assert
276 get_assert no.tld "-r -t up=true -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
277 get_assert no.tld "-r -t up=true -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
278 get_assert no.tld "-r -t up=false -t uv=true" /dev/null /dev/null wrap-assert
279 get_assert no.tld "-r -t up=false -t uv=true -t pin=true" /dev/null /dev/null wrap-assert
280 get_assert no.tld "-r -t up=false -t uv=true -t pin=false" /dev/null /dev/null wrap-assert
281 get_assert no.tld "-r -t up=false -t uv=false" /dev/null /dev/null wrap-assert
282 get_assert no.tld "-r -t up=false -t uv=false -t pin=true" /dev/null /dev/null wrap-assert
283 get_assert no.tld "-r -t up=false -t uv=false -t pin=false" /dev/null /dev/null wrap-assert
284 get_assert no.tld "-r -h -t uv=true" /dev/null hmac-salt wrap-assert
285 get_assert no.tld "-r -h -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
286 get_assert no.tld "-r -h -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
287 get_assert no.tld "-r -h -t uv=false" /dev/null hmac-salt wrap-assert
288 get_assert no.tld "-r -h -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
289 get_assert no.tld "-r -h -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
290 get_assert no.tld "-r -h -t up=true -t uv=true" /dev/null hmac-salt wrap-assert
291 get_assert no.tld "-r -h -t up=true -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
292 get_assert no.tld "-r -h -t up=true -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
293 get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert
294 get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
295 get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
296 ! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert
297 ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
298 ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
299 ! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert
300 ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
301 ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert