diff options
Diffstat (limited to 'tools/test.sh')
-rwxr-xr-x | tools/test.sh | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/tools/test.sh b/tools/test.sh new file mode 100755 index 0000000..8159a44 --- /dev/null +++ b/tools/test.sh | |||
@@ -0,0 +1,96 @@ | |||
1 | #!/bin/bash -e | ||
2 | # | ||
3 | # Copyright (c) 2018 Yubico AB. All rights reserved. | ||
4 | # Use of this source code is governed by a BSD-style | ||
5 | # license that can be found in the LICENSE file. | ||
6 | |||
7 | if [[ "$#" -ne 1 ]]; then | ||
8 | echo "usage: test.sh device" 1>&2 | ||
9 | exit 1 | ||
10 | fi | ||
11 | |||
12 | read -p "This script will reset the authenticator at $1, permanently erasing "\ | ||
13 | "its credentials. Are you *SURE* you want to proceed (yes/no)? " | ||
14 | if [[ "${REPLY}" != "yes" ]]; then | ||
15 | exit 1 | ||
16 | fi | ||
17 | |||
18 | echo "Resetting authenticator... (tap to continue!)" | ||
19 | fido2-token -R $1 | ||
20 | |||
21 | CRED_PARAM="$(mktemp /tmp/cred_param.XXXXXXXX)" | ||
22 | ASSERT_PARAM="$(mktemp /tmp/assert_param.XXXXXXXX)" | ||
23 | ASSERT_PUBKEY="$(mktemp /tmp/assert_pubkey.XXXXXXXX)" | ||
24 | ES256_CRED="$(mktemp /tmp/es256_cred.XXXXXXX)" | ||
25 | ES256_CRED_R="$(mktemp /tmp/es256_cred_r.XXXXXXXX)" | ||
26 | |||
27 | cleanup() { | ||
28 | echo "Cleaning up..." | ||
29 | [[ "${CRED_PARAM}" != "" ]] && rm "${CRED_PARAM}" | ||
30 | [[ "${ASSERT_PARAM}" != "" ]] && rm "${ASSERT_PARAM}" | ||
31 | [[ "${ASSERT_PUBKEY}" != "" ]] && rm "${ASSERT_PUBKEY}" | ||
32 | [[ "${ES256_CRED}" != "" ]] && rm "${ES256_CRED}" | ||
33 | [[ "${ES256_CRED_R}" != "" ]] && rm "${ES256_CRED_R}" | ||
34 | } | ||
35 | |||
36 | trap cleanup EXIT | ||
37 | |||
38 | dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${CRED_PARAM}" | ||
39 | echo "Boring Relying Party" >> "${CRED_PARAM}" | ||
40 | echo "Boring User Name" >> "${CRED_PARAM}" | ||
41 | dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 >> "${CRED_PARAM}" | ||
42 | echo "Credential parameters:" | ||
43 | cat "${CRED_PARAM}" | ||
44 | |||
45 | echo "Generating non-resident ES256 credential... (tap to continue!)" | ||
46 | fido2-cred -M -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED}" | ||
47 | echo "Generating resident ES256 credential... (tap to continue!)" | ||
48 | fido2-cred -M -r -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED_R}" | ||
49 | |||
50 | PIN1="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)" | ||
51 | PIN2="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)" | ||
52 | |||
53 | echo "Setting ${PIN1} as the PIN..." | ||
54 | echo -e "${PIN1}\n${PIN1}" | setsid -w fido2-token -S $1 | ||
55 | echo "Changing PIN from ${PIN1} to ${PIN2}..." | ||
56 | echo -e "${PIN1}\n${PIN2}\n${PIN2}" | setsid -w fido2-token -C $1 | ||
57 | echo "" | ||
58 | |||
59 | echo "Testing non-resident ES256 credential..." | ||
60 | echo "Getting assertion without user presence verification..." | ||
61 | dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}" | ||
62 | echo "Boring Relying Party" >> "${ASSERT_PARAM}" | ||
63 | head -1 "${ES256_CRED}" >> "${ASSERT_PARAM}" | ||
64 | tail -n +2 "${ES256_CRED}" > "${ASSERT_PUBKEY}" | ||
65 | echo "Assertion parameters:" | ||
66 | cat "${ASSERT_PARAM}" | ||
67 | fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" | ||
68 | echo "Checking that the user presence bit is observed..." | ||
69 | ! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" | ||
70 | echo "Checking that the user verification bit is observed..." | ||
71 | ! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}" | ||
72 | echo "Getting assertion _with_ user presence verification... (tap to continue!)" | ||
73 | fido2-assert -G -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" | ||
74 | echo "Getting assertion _with_ user verification..." | ||
75 | echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -i "${ASSERT_PARAM}" $1 | \ | ||
76 | fido2-assert -V -v "${ASSERT_PUBKEY}" | ||
77 | echo "" | ||
78 | |||
79 | echo "Testing resident ES256 credential..." | ||
80 | echo "Getting assertion without user presence verification..." | ||
81 | dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}" | ||
82 | echo "Boring Relying Party" >> "${ASSERT_PARAM}" | ||
83 | tail -n +2 "${ES256_CRED_R}" > "${ASSERT_PUBKEY}" | ||
84 | echo "Assertion parameters:" | ||
85 | cat "${ASSERT_PARAM}" | ||
86 | fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" | ||
87 | echo "Checking that the user presence bit is observed..." | ||
88 | ! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" | ||
89 | echo "Checking that the user verification bit is observed..." | ||
90 | ! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}" | ||
91 | echo "Getting assertion _with_ user presence verification... (tap to continue!)" | ||
92 | fido2-assert -G -r -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" | ||
93 | echo "Getting assertion _with_ user verification..." | ||
94 | echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -r -i "${ASSERT_PARAM}" $1 | \ | ||
95 | fido2-assert -V -v "${ASSERT_PUBKEY}" | ||
96 | echo "" | ||