From c79050aa44b8836d836c5dd22a383a073c28b74b Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@debian.org>
Date: Wed, 12 Feb 2020 13:42:22 +0100
Subject: Import upstream release 1.3.0

Closes: #951184
---
 tools/test.sh | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100755 tools/test.sh

(limited to 'tools/test.sh')

diff --git a/tools/test.sh b/tools/test.sh
new file mode 100755
index 0000000..8159a44
--- /dev/null
+++ b/tools/test.sh
@@ -0,0 +1,96 @@
+#!/bin/bash -e
+#
+# Copyright (c) 2018 Yubico AB. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+if [[ "$#" -ne 1 ]]; then
+	echo "usage: test.sh device" 1>&2
+	exit 1
+fi
+
+read -p "This script will reset the authenticator at $1, permanently erasing "\
+"its credentials. Are you *SURE* you want to proceed (yes/no)? "
+if [[ "${REPLY}" != "yes" ]]; then
+	exit 1
+fi
+
+echo "Resetting authenticator... (tap to continue!)"
+fido2-token -R $1
+
+CRED_PARAM="$(mktemp /tmp/cred_param.XXXXXXXX)"
+ASSERT_PARAM="$(mktemp /tmp/assert_param.XXXXXXXX)"
+ASSERT_PUBKEY="$(mktemp /tmp/assert_pubkey.XXXXXXXX)"
+ES256_CRED="$(mktemp /tmp/es256_cred.XXXXXXX)"
+ES256_CRED_R="$(mktemp /tmp/es256_cred_r.XXXXXXXX)"
+
+cleanup() {
+	echo "Cleaning up..."
+	[[ "${CRED_PARAM}" != "" ]] && rm "${CRED_PARAM}"
+	[[ "${ASSERT_PARAM}" != "" ]] && rm "${ASSERT_PARAM}"
+	[[ "${ASSERT_PUBKEY}" != "" ]] && rm "${ASSERT_PUBKEY}"
+	[[ "${ES256_CRED}" != "" ]] && rm "${ES256_CRED}"
+	[[ "${ES256_CRED_R}" != "" ]] && rm "${ES256_CRED_R}"
+}
+
+trap cleanup EXIT
+
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${CRED_PARAM}"
+echo "Boring Relying Party" >> "${CRED_PARAM}"
+echo "Boring User Name" >> "${CRED_PARAM}"
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 >> "${CRED_PARAM}"
+echo "Credential parameters:"
+cat "${CRED_PARAM}"
+
+echo "Generating non-resident ES256 credential... (tap to continue!)"
+fido2-cred -M -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED}"
+echo "Generating resident ES256 credential... (tap to continue!)"
+fido2-cred -M -r -i "${CRED_PARAM}" $1 | fido2-cred -V | tee "${ES256_CRED_R}"
+
+PIN1="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
+PIN2="$(dd if=/dev/urandom | tr -cd '[:print:]' | fold -w50 | head -1)"
+
+echo "Setting ${PIN1} as the PIN..."
+echo -e "${PIN1}\n${PIN1}" | setsid -w fido2-token -S $1
+echo "Changing PIN from ${PIN1} to ${PIN2}..."
+echo -e "${PIN1}\n${PIN2}\n${PIN2}" | setsid -w fido2-token -C $1
+echo ""
+
+echo "Testing non-resident ES256 credential..."
+echo "Getting assertion without user presence verification..."
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
+echo "Boring Relying Party" >> "${ASSERT_PARAM}"
+head -1 "${ES256_CRED}" >> "${ASSERT_PARAM}"
+tail -n +2 "${ES256_CRED}" > "${ASSERT_PUBKEY}"
+echo "Assertion parameters:"
+cat "${ASSERT_PARAM}"
+fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
+echo "Checking that the user presence bit is observed..."
+! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
+echo "Checking that the user verification bit is observed..."
+! fido2-assert -G -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
+echo "Getting assertion _with_ user presence verification... (tap to continue!)"
+fido2-assert -G -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
+echo "Getting assertion  _with_ user verification..."
+echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -i "${ASSERT_PARAM}" $1 | \
+	fido2-assert -V -v "${ASSERT_PUBKEY}" 
+echo ""
+
+echo "Testing resident ES256 credential..."
+echo "Getting assertion without user presence verification..."
+dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 > "${ASSERT_PARAM}"
+echo "Boring Relying Party" >> "${ASSERT_PARAM}"
+tail -n +2 "${ES256_CRED_R}" > "${ASSERT_PUBKEY}"
+echo "Assertion parameters:"
+cat "${ASSERT_PARAM}"
+fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V "${ASSERT_PUBKEY}" 
+echo "Checking that the user presence bit is observed..."
+! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}"
+echo "Checking that the user verification bit is observed..."
+! fido2-assert -G -r -i "${ASSERT_PARAM}" $1 | fido2-assert -V -v "${ASSERT_PUBKEY}"
+echo "Getting assertion _with_ user presence verification... (tap to continue!)"
+fido2-assert -G -r -p -i "${ASSERT_PARAM}" $1 | fido2-assert -V -p "${ASSERT_PUBKEY}" 
+echo "Getting assertion _with_ user verification..."
+echo -e "${PIN2}\n" | setsid -w fido2-assert -G -v -r -i "${ASSERT_PARAM}" $1 | \
+	fido2-assert -V -v "${ASSERT_PUBKEY}" 
+echo ""
-- 
cgit v1.2.3