Skip to content

Commit

Permalink
Allow changing the initial signature counter (#700)
Browse files Browse the repository at this point in the history 
Unit tests had a hardcoded initial signature counter of 1. We want tests
to be flexible enough to adapt to other values, in case an
implementation wants to change it.
  • Loading branch information
@kaczmarczyck
kaczmarczyck authored Sep 5, 2024
1 parent 7da88b0 commit a68fae7
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 35 deletions.
3 changes: 1 addition & 2 deletions libraries/opensk/src/api/persist.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,8 +521,7 @@ mod test {
let mut env = TestEnv::default();
let persist = env.persist();

let mut counter_value = 1;
assert_eq!(persist.global_signature_counter().unwrap(), counter_value);
let mut counter_value = persist.global_signature_counter().unwrap();
for increment in 1..10 {
assert!(persist.incr_global_signature_counter(increment).is_ok());
counter_value += increment;
Expand Down
49 changes: 16 additions & 33 deletions libraries/opensk/src/ctap/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1479,13 +1479,14 @@ mod test {
const VENDOR_CHANNEL: Channel = Channel::VendorHid([0x12, 0x34, 0x56, 0x78]);

fn check_make_response(
env: &mut impl Env,
make_credential_response: &CtapResult<ResponseData>,
flags: u8,
expected_aaguid: &[u8],
expected_credential_id_size: u8,
expected_extension_cbor: &[u8],
) {
const INITIAL_SIGNATURE_COUNTER: u32 = 1;
let expected_aaguid = env.customization().aaguid();
let signature_counter = env.persist().global_signature_counter().unwrap();
match make_credential_response.as_ref().unwrap() {
ResponseData::AuthenticatorMakeCredential(make_credential_response) => {
let AuthenticatorMakeCredentialResponse {
Expand All @@ -1500,9 +1501,9 @@ mod test {
let mut expected_auth_data = vec![
0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80,
0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2,
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00,
0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags,
];
expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8);
expected_auth_data.extend(&signature_counter.to_be_bytes());
expected_auth_data.extend(expected_aaguid);
expected_auth_data.extend(&[0x00, expected_credential_id_size]);
assert_eq!(
Expand Down Expand Up @@ -1680,13 +1681,7 @@ mod test {
let make_credential_response =
ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL);

check_make_response(
&make_credential_response,
0x41,
env.customization().aaguid(),
0x20,
&[],
);
check_make_response(&mut env, &make_credential_response, 0x41, 0x20, &[]);
}

#[test]
Expand All @@ -1700,9 +1695,9 @@ mod test {
ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL);

check_make_response(
&mut env,
&make_credential_response,
0x41,
env.customization().aaguid(),
CBOR_CREDENTIAL_ID_SIZE as u8,
&[],
);
Expand Down Expand Up @@ -1870,9 +1865,9 @@ mod test {
0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
CBOR_CREDENTIAL_ID_SIZE as u8,
&expected_extension_cbor,
);
Expand All @@ -1896,9 +1891,9 @@ mod test {
0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
0x20,
&expected_extension_cbor,
);
Expand All @@ -1918,13 +1913,7 @@ mod test {
make_credential_params.extensions = extensions;
let make_credential_response =
ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL);
check_make_response(
&make_credential_response,
0x41,
env.customization().aaguid(),
0x20,
&[],
);
check_make_response(&mut env, &make_credential_response, 0x41, 0x20, &[]);

// Second part: The extension is used.
assert_eq!(
Expand All @@ -1945,9 +1934,9 @@ mod test {
0x04,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
0x20,
&expected_extension_cbor,
);
Expand All @@ -1970,9 +1959,9 @@ mod test {
0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF5,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
0x20,
&expected_extension_cbor,
);
Expand Down Expand Up @@ -2002,9 +1991,9 @@ mod test {
0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF4,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
0x20,
&expected_extension_cbor,
);
Expand Down Expand Up @@ -2079,13 +2068,7 @@ mod test {
DUMMY_CHANNEL,
);

check_make_response(
&make_credential_response,
0x45,
env.customization().aaguid(),
0x20,
&[],
);
check_make_response(&mut env, &make_credential_response, 0x45, 0x20, &[]);

let make_credential_response =
ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL);
Expand Down Expand Up @@ -2117,9 +2100,9 @@ mod test {
ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL);

check_make_response(
&mut env,
&make_credential_response,
0x41,
env.customization().aaguid(),
CBOR_CREDENTIAL_ID_SIZE as u8,
&[],
);
Expand Down Expand Up @@ -2816,9 +2799,9 @@ mod test {
0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF5,
];
check_make_response(
&mut env,
&make_credential_response,
0xC1,
env.customization().aaguid(),
CBOR_CREDENTIAL_ID_SIZE as u8,
&expected_extension_cbor,
);
Expand Down

0 comments on commit a68fae7

Please sign in to comment.