def test_register_await_touch(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = 'U2F_V2'
client.ctap.authenticate.side_effect = ApduError(APDU.WRONG_DATA)
client.ctap.register.side_effect = [
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED), REG_DATA
]
event = Event()
event.wait = mock.MagicMock()
resp = client.register(APP_ID, [{
'version': 'U2F_V2',
'challenge': 'foobar'
}], [{
'version': 'U2F_V2',
'keyHandle': 'a2V5'
}],
timeout=event)
event.wait.assert_called()
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called_once()
client.ctap.register.assert_called()
client_param, app_param = client.ctap.register.call_args[0]
self.assertEqual(sha256(websafe_decode(resp['clientData'])),
client_param)
self.assertEqual(websafe_decode(resp['registrationData']), REG_DATA)
self.assertEqual(sha256(APP_ID.encode()), app_param)
def test_sign_await_touch(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = 'U2F_V2'
client.ctap.authenticate.side_effect = [
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED), SIG_DATA
]
event = Event()
event.wait = mock.MagicMock()
resp = client.sign(APP_ID,
'challenge', [{
'version': 'U2F_V2',
'keyHandle': 'a2V5'
}],
timeout=event)
event.wait.assert_called()
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called()
client_param, app_param, key_handle = \
client.ctap.authenticate.call_args[0]
self.assertEqual(client_param,
sha256(websafe_decode(resp['clientData'])))
self.assertEqual(app_param, sha256(APP_ID.encode()))
self.assertEqual(key_handle, b'key')
self.assertEqual(websafe_decode(resp['signatureData']), SIG_DATA)
def test_register_await_timeout(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = "U2F_V2"
client.ctap.authenticate.side_effect = ApduError(APDU.WRONG_DATA)
client.ctap.register.side_effect = ApduError(APDU.USE_NOT_SATISFIED)
client.poll_delay = 0.01
event = Event()
timer = Timer(0.1, event.set)
timer.start()
try:
client.register(
APP_ID,
[{
"version": "U2F_V2",
"challenge": "foobar"
}],
[{
"version": "U2F_V2",
"keyHandle": "a2V5"
}],
event=event,
)
except ClientError as e:
self.assertEqual(e.code, ClientError.ERR.TIMEOUT)
def test_sign_await_touch(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = "U2F_V2"
client.ctap.authenticate.side_effect = [
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
SIG_DATA,
]
event = Event()
event.wait = mock.MagicMock()
resp = client.sign(
APP_ID,
"challenge",
[{"version": "U2F_V2", "keyHandle": "a2V5"}],
event=event,
)
event.wait.assert_called()
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called()
client_param, app_param, key_handle = client.ctap.authenticate.call_args[0]
self.assertEqual(client_param, sha256(websafe_decode(resp["clientData"])))
self.assertEqual(app_param, sha256(APP_ID.encode()))
self.assertEqual(key_handle, b"key")
self.assertEqual(websafe_decode(resp["signatureData"]), SIG_DATA)
def test_register_await_touch(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = "U2F_V2"
client.ctap.authenticate.side_effect = ApduError(APDU.WRONG_DATA)
client.ctap.register.side_effect = [
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
ApduError(APDU.USE_NOT_SATISFIED),
REG_DATA,
]
event = Event()
event.wait = mock.MagicMock()
resp = client.register(
APP_ID,
[{"version": "U2F_V2", "challenge": "foobar"}],
[{"version": "U2F_V2", "keyHandle": "a2V5"}],
event=event,
)
event.wait.assert_called()
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called_once()
client.ctap.register.assert_called()
client_param, app_param = client.ctap.register.call_args[0]
self.assertEqual(sha256(websafe_decode(resp["clientData"])), client_param)
self.assertEqual(websafe_decode(resp["registrationData"]), REG_DATA)
self.assertEqual(sha256(APP_ID.encode()), app_param)
def test_register_existing_key(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = "U2F_V2"
client.ctap.authenticate.side_effect = ApduError(
APDU.USE_NOT_SATISFIED)
try:
client.register(
APP_ID,
[{
"version": "U2F_V2",
"challenge": "foobar"
}],
[{
"version": "U2F_V2",
"keyHandle": "a2V5"
}],
timeout=1,
)
self.fail("register did not raise error")
except ClientError as e:
self.assertEqual(e.code, ClientError.ERR.DEVICE_INELIGIBLE)
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called_once()
# Check keyHandle
self.assertEqual(client.ctap.authenticate.call_args[0][2], b"key")
# Ensure check-only was set
self.assertTrue(client.ctap.authenticate.call_args[0][3])
def test_register_await_timeout(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = 'U2F_V2'
client.ctap.authenticate.side_effect = ApduError(APDU.WRONG_DATA)
client.ctap.register.side_effect = ApduError(APDU.USE_NOT_SATISFIED)
client.poll_delay = 0.01
try:
client.register(APP_ID, [{
'version': 'U2F_V2',
'challenge': 'foobar'
}], [{
'version': 'U2F_V2',
'keyHandle': 'a2V5'
}],
timeout=0.1)
except ClientError as e:
self.assertEqual(e.code, ClientError.ERR.TIMEOUT)
def test_sign_missing_key(self):
client = U2fClient(None, APP_ID)
client.ctap = mock.MagicMock()
client.ctap.get_version.return_value = "U2F_V2"
client.ctap.authenticate.side_effect = ApduError(APDU.WRONG_DATA)
try:
client.sign(
APP_ID, "challenge", [{"version": "U2F_V2", "keyHandle": "a2V5"}]
)
self.fail("sign did not raise error")
except ClientError as e:
self.assertEqual(e.code, ClientError.ERR.DEVICE_INELIGIBLE)
client.ctap.get_version.assert_called_with()
client.ctap.authenticate.assert_called_once()
_, app_param, key_handle = client.ctap.authenticate.call_args[0]
self.assertEqual(app_param, sha256(APP_ID.encode()))
self.assertEqual(key_handle, b"key")
