Skip to content

Commit

Permalink
Add test of serializing uninitialized and unmatched PRF inputs
Browse files Browse the repository at this point in the history
  • Loading branch information
emlun committed Jul 19, 2024
1 parent a615942 commit 5d914f3
Showing 1 changed file with 64 additions and 3 deletions.
67 changes: 64 additions & 3 deletions src/ctap2/commands/get_assertion.rs
Original file line number Diff line number Diff line change
Expand Up @@ -819,7 +819,9 @@ pub mod test {
};
use crate::crypto::{COSEAlgorithm, COSEEC2Key, COSEKey, COSEKeyType, Curve, PinUvAuthParam};
use crate::ctap2::attestation::{AAGuid, AuthenticatorData, AuthenticatorDataFlags};
use crate::ctap2::client_data::{Challenge, CollectedClientData, TokenBinding, WebauthnType};
use crate::ctap2::client_data::{
Challenge, ClientDataHash, CollectedClientData, TokenBinding, WebauthnType,
};
use crate::ctap2::commands::get_assertion::{
CalculatedHmacSecretExtension, GetAssertionExtensions, HmacGetSecretOrPrf,
HmacSecretExtension,
Expand All @@ -833,8 +835,8 @@ pub mod test {
do_credential_list_filtering_ctap1, do_credential_list_filtering_ctap2,
};
use crate::ctap2::server::{
AuthenticatorAttachment, PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity,
RelyingParty, RpIdHash, Transport,
AuthenticationExtensionsPRFInputs, AuthenticatorAttachment, PublicKeyCredentialDescriptor,
PublicKeyCredentialUserEntity, RelyingParty, RpIdHash, Transport,
};
use crate::transport::device_selector::Device;
use crate::transport::hid::HIDDevice;
Expand Down Expand Up @@ -1075,6 +1077,65 @@ pub mod test {
);
}

#[test]
#[should_panic(
expected = "PrfUninitialized must be replaced with Prf or PrfUnmatched before serializing"
)]
fn test_serialize_prf_uninitialized() {
let assertion = GetAssertion {
client_data_hash: ClientDataHash([0; 32]),
rp: RelyingParty::from("example.com"),
allow_list: vec![],
extensions: GetAssertionExtensions {
app_id: None,
hmac_secret: Some(HmacGetSecretOrPrf::PrfUninitialized(
AuthenticationExtensionsPRFInputs {
eval: None,
eval_by_credential: None,
},
)),
},
options: GetAssertionOptions {
user_presence: None,
user_verification: None,
},
pin_uv_auth_param: None,
};
assertion
.wire_format()
.expect("Failed to serialize GetAssertion request");
}

#[test]
fn test_serialize_prf_unmatched() {
let assertion = GetAssertion {
client_data_hash: ClientDataHash([0; 32]),
rp: RelyingParty::from("example.com"),
allow_list: vec![],
extensions: GetAssertionExtensions {
app_id: None,
hmac_secret: Some(HmacGetSecretOrPrf::PrfUnmatched),
},
options: GetAssertionOptions {
user_presence: None,
user_verification: None,
},
pin_uv_auth_param: None,
};
let req_serialized = assertion
.wire_format()
.expect("Failed to serialize GetAssertion request");
assert_eq!(
req_serialized,
[
// Value copied from test failure output as regression test snapshot
163, 1, 107, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109, 2, 88, 32, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 4, 160
]
);
}

fn fill_device_ctap1(device: &mut Device, cid: [u8; 4], flags: u8, answer_status: [u8; 2]) {
// ctap2 request
let mut msg = cid.to_vec();
Expand Down

0 comments on commit 5d914f3

Please sign in to comment.