1 files changed, 96 insertions, 0 deletions
diff --git a/tools/test.sh b/tools/test.sh
new file mode 100755
index 0000000..8159a44
--- /dev/null
+++ b/tools/test.sh
@@ -0,0 +1,96 @@
+#!/bin/bash -e
+#
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+if [[ "$#" -ne 1 ]]; then
+        echo "usage: test.sh device" 1>&2
+        exit 1
+fi
+read -p "This script will reset the authenticator at $1, permanently erasing "\
+"its credentials. Are you *SURE* you want to proceed (yes/no)? "
+if [[ "${REPLY}" != "yes" ]]; then
+        exit 1
+fi
+echo "Resetting authenticator... (tap to continue!)"
+fido2-token -R $1
+CRED_PARAM="$(mktemp /tmp/cred_param.XXXXXXXX)"
+ASSERT_PARAM="$(mktemp /tmp/assert_param.XXXXXXXX)"
+ASSERT_PUBKEY="$(mktemp /tmp/assert_pubkey.XXXXXXXX)"
+ES256_CRED="$(mktemp /tmp/es256_cred.XXXXXXX)"
+ES256_CRED_R="$(mktemp /tmp/es256_cred_r.XXXXXXXX)"
+cleanup() {
+        echo "Cleaning up..."
+        [[ "${CRED_PARAM}" != "" ]] && rm "${CRED_PARAM}"
+        [[ "${ASSERT_PARAM}" != "" ]] && rm "${ASSERT_PARAM}"
+        [[ "${ASSERT_PUBKEY}" != "" ]] && rm "${ASSERT_PUBKEY}"
+        [[ "${ES256_CRED}" != "" ]] && rm "${ES256_CRED}"
+        [[ "${ES256_CRED_R}" != "" ]] && rm "${ES256_CRED_R}"
+}
+trap cleanup EXIT
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${CRED_PARAM}"
+echo "Boring Relying Party" >> "${CRED_PARAM}"
+echo "Boring User Name" >> "${CRED_PARAM}"
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 >> "${CRED_PARAM}"
+echo "Credential parameters:"
+cat "${CRED_PARAM}"
+echo "Generating non-resident ES256 credential... (tap to continue!)"
+fido2-cred -M -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED}"
+echo "Generating resident ES256 credential... (tap to continue!)"
+fido2-cred -M -r -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED_R}"
+PIN1="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
+PIN2="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
+echo "Setting ${PIN1} as the PIN..."
+echo -e "${PIN1}\n${PIN1}" | setsid -w fido2-token -S $1
+echo "Changing PIN from ${PIN1} to ${PIN2}..."
+echo -e "${PIN1}\n${PIN2}\n${PIN2}" | setsid -w fido2-token -C $1
+echo ""
+echo "Testing non-resident ES256 credential..."
+echo "Getting assertion without user presence verification..."
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
+echo "Boring Relying Party" >> "${ASSERT_PARAM}"
+head -1 "${ES256_CRED}" >> "${ASSERT_PARAM}"
+tail -n +2 "${ES256_CRED}" > "${ASSERT_PUBKEY}"
+echo "Assertion parameters:"
+cat "${ASSERT_PARAM}"
+fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
+echo "Checking that the user presence bit is observed..."
+! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
+echo "Checking that the user verification bit is observed..."
+! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
+echo "Getting assertion _with_ user presence verification... (tap to continue!)"
+fido2-assert -G -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
+echo "Getting assertion  _with_ user verification..."
+echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -i "${ASSERT_PARAM}" $1 | \
+        fido2-assert -V -v "${ASSERT_PUBKEY}" 
+echo ""
+echo "Testing resident ES256 credential..."
+echo "Getting assertion without user presence verification..."
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
+echo "Boring Relying Party" >> "${ASSERT_PARAM}"
+tail -n +2 "${ES256_CRED_R}" > "${ASSERT_PUBKEY}"
+echo "Assertion parameters:"
+cat "${ASSERT_PARAM}"
+fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
+echo "Checking that the user presence bit is observed..."
+! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
+echo "Checking that the user verification bit is observed..."
+! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
+echo "Getting assertion _with_ user presence verification... (tap to continue!)"
+fido2-assert -G -r -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
+echo "Getting assertion _with_ user verification..."
+echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -r -i "${ASSERT_PARAM}" $1 | \
+        fido2-assert -V -v "${ASSERT_PUBKEY}" 
+echo ""

diff --git a/tools/test.sh b/tools/test.sh new file mode 100755 index 0000000..8159a44 --- /dev/null +++ b/tools/test.sh
@@ -0,0 +1,96 @@
	1	#!/bin/bash -e
	2	#
	3	# Copyright (c) 2018 Yubico AB. All rights reserved.
	4	# Use of this source code is governed by a BSD-style
	5	# license that can be found in the LICENSE file.
	6
	7	if [[ "$#" -ne 1 ]]; then
	8	echo "usage: test.sh device" 1>&2
	9	exit 1
	10	fi
	11
	12	read -p "This script will reset the authenticator at $1, permanently erasing "\
	13	"its credentials. Are you SURE you want to proceed (yes/no)? "
	14	if [[ "${REPLY}" != "yes" ]]; then
	15	exit 1
	16	fi
	17
	18	echo "Resetting authenticator... (tap to continue!)"
	19	fido2-token -R $1
	20
	21	CRED_PARAM="$(mktemp /tmp/cred_param.XXXXXXXX)"
	22	ASSERT_PARAM="$(mktemp /tmp/assert_param.XXXXXXXX)"
	23	ASSERT_PUBKEY="$(mktemp /tmp/assert_pubkey.XXXXXXXX)"
	24	ES256_CRED="$(mktemp /tmp/es256_cred.XXXXXXX)"
	25	ES256_CRED_R="$(mktemp /tmp/es256_cred_r.XXXXXXXX)"
	26
	27	cleanup() {
	28	echo "Cleaning up..."
	29	[[ "${CRED_PARAM}" != "" ]] && rm "${CRED_PARAM}"
	30	[[ "${ASSERT_PARAM}" != "" ]] && rm "${ASSERT_PARAM}"
	31	[[ "${ASSERT_PUBKEY}" != "" ]] && rm "${ASSERT_PUBKEY}"
	32	[[ "${ES256_CRED}" != "" ]] && rm "${ES256_CRED}"
	33	[[ "${ES256_CRED_R}" != "" ]] && rm "${ES256_CRED_R}"
	34	}
	35
	36	trap cleanup EXIT
	37
	38	dd if=/dev/urandom bs=1 count=32 2>/dev/null \| base64 > "${CRED_PARAM}"
	39	echo "Boring Relying Party" >> "${CRED_PARAM}"
	40	echo "Boring User Name" >> "${CRED_PARAM}"
	41	dd if=/dev/urandom bs=1 count=32 2>/dev/null \| base64 >> "${CRED_PARAM}"
	42	echo "Credential parameters:"
	43	cat "${CRED_PARAM}"
	44
	45	echo "Generating non-resident ES256 credential... (tap to continue!)"
	46	fido2-cred -M -i "${CRED_PARAM}" $1 \| fido2-cred -V \| tee "${ES256_CRED}"
	47	echo "Generating resident ES256 credential... (tap to continue!)"
	48	fido2-cred -M -r -i "${CRED_PARAM}" $1 \| fido2-cred -V \| tee "${ES256_CRED_R}"
	49
	50	PIN1="$(dd if=/dev/urandom \| tr -cd '[:print:]' \| fold -w50 \| head -1)"
	51	PIN2="$(dd if=/dev/urandom \| tr -cd '[:print:]' \| fold -w50 \| head -1)"
	52
	53	echo "Setting ${PIN1} as the PIN..."
	54	echo -e "${PIN1}\n${PIN1}" \| setsid -w fido2-token -S $1
	55	echo "Changing PIN from ${PIN1} to ${PIN2}..."
	56	echo -e "${PIN1}\n${PIN2}\n${PIN2}" \| setsid -w fido2-token -C $1
	57	echo ""
	58
	59	echo "Testing non-resident ES256 credential..."
	60	echo "Getting assertion without user presence verification..."
	61	dd if=/dev/urandom bs=1 count=32 2>/dev/null \| base64 > "${ASSERT_PARAM}"
	62	echo "Boring Relying Party" >> "${ASSERT_PARAM}"
	63	head -1 "${ES256_CRED}" >> "${ASSERT_PARAM}"
	64	tail -n +2 "${ES256_CRED}" > "${ASSERT_PUBKEY}"
	65	echo "Assertion parameters:"
	66	cat "${ASSERT_PARAM}"
	67	fido2-assert -G -i "${ASSERT_PARAM}" $1 \| fido2-assert -V "${ASSERT_PUBKEY}"
	68	echo "Checking that the user presence bit is observed..."
	69	! fido2-assert -G -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -p "${ASSERT_PUBKEY}"
	70	echo "Checking that the user verification bit is observed..."
	71	! fido2-assert -G -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -v "${ASSERT_PUBKEY}"
	72	echo "Getting assertion _with_ user presence verification... (tap to continue!)"
	73	fido2-assert -G -p -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -p "${ASSERT_PUBKEY}"
	74	echo "Getting assertion _with_ user verification..."
	75	echo -e "${PIN2}\n" \| setsid -w fido2-assert -G -v -i "${ASSERT_PARAM}" $1 \| \
	76	fido2-assert -V -v "${ASSERT_PUBKEY}"
	77	echo ""
	78
	79	echo "Testing resident ES256 credential..."
	80	echo "Getting assertion without user presence verification..."
	81	dd if=/dev/urandom bs=1 count=32 2>/dev/null \| base64 > "${ASSERT_PARAM}"
	82	echo "Boring Relying Party" >> "${ASSERT_PARAM}"
	83	tail -n +2 "${ES256_CRED_R}" > "${ASSERT_PUBKEY}"
	84	echo "Assertion parameters:"
	85	cat "${ASSERT_PARAM}"
	86	fido2-assert -G -r -i "${ASSERT_PARAM}" $1 \| fido2-assert -V "${ASSERT_PUBKEY}"
	87	echo "Checking that the user presence bit is observed..."
	88	! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -p "${ASSERT_PUBKEY}"
	89	echo "Checking that the user verification bit is observed..."
	90	! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -v "${ASSERT_PUBKEY}"
	91	echo "Getting assertion _with_ user presence verification... (tap to continue!)"
	92	fido2-assert -G -r -p -i "${ASSERT_PARAM}" $1 \| fido2-assert -V -p "${ASSERT_PUBKEY}"
	93	echo "Getting assertion _with_ user verification..."
	94	echo -e "${PIN2}\n" \| setsid -w fido2-assert -G -v -r -i "${ASSERT_PARAM}" $1 \| \
	95	fido2-assert -V -v "${ASSERT_PUBKEY}"
	96	echo ""