xref: /netbsd-src/external/bsd/pam-u2f/dist/tests/regenerate_credentials.py (revision ae082add65442546470c0ba499a860ee89eed305) 
1#!/bin/python2
2
3import collections
4import re
5import subprocess
6import sys
7
8PUC = "../pamu2fcfg/pamu2fcfg"
9
10resident = ["", "-r"]
11
12presence = ["", "-P"]
13
14pin = ["", "-N"]
15
16verification = ["", "-V"]
17
18Credential = collections.namedtuple("Credential", "keyhandle pubkey attributes oldformat")
19
20sshformat = 0
21
22def print_test_case(filename, sshformat, credentials):
23
24    start = """
25  cfg.auth_file = "{authfile}";
26  cfg.sshformat = {ssh};
27  rc = get_devices_from_authfile(&cfg, username, dev, &n_devs);
28  assert(rc == 1);
29  assert(n_devs == {devices});
30"""
31
32    checks = """
33  assert(strcmp(dev[{i}].coseType, "es256") == 0);
34  assert(strcmp(dev[{i}].keyHandle, "{kh}") == 0);
35  assert(strcmp(dev[{i}].publicKey, "{pk}") == 0);
36  assert(strcmp(dev[{i}].attributes, "{attr}") == 0);
37  assert(dev[{i}].old_format == {old});
38"""
39
40    free = """
41  free(dev[{i}].coseType);
42  free(dev[{i}].attributes);
43  free(dev[{i}].keyHandle);
44  free(dev[{i}].publicKey);
45"""
46    end = """
47  memset(dev, 0, sizeof(dev));
48"""
49
50    code = ""
51    free_block = ""
52
53    code += start.format(authfile = filename, ssh = sshformat, devices = len(credentials))
54    for c, v in enumerate(credentials):
55        code += checks.format(i = c, kh = v.keyhandle, pk = v.pubkey, attr = v.attributes, old = v.oldformat)
56        free_block += free.format(i = c)
57
58    code += free_block + end
59
60    print(code)
61
62
63# Single credentials
64print >> sys.stderr, "Generating single credentials"
65
66for r in resident:
67    for p in presence:
68        for n in pin:
69            for v in verification:
70                filename = "credentials/new_" + r + p + v + n
71                print >> sys.stderr, "Generating " + filename + ".templ"
72                line = subprocess.check_output([PUC, "-u@USERNAME@", r, p, v, n])
73
74                matches = re.match(r'^.*?:(.*?),(.*?),es256,(.*)', line, re.M)
75                with open(filename + ".templ", "w") as outfile:
76                    outfile.write(line)
77                credentials = [Credential(keyhandle = matches.group(1),
78                                         pubkey = matches.group(2),
79                                         attributes = matches.group(3),
80                                         oldformat = 0)]
81
82                print_test_case(filename + ".cred", sshformat, credentials)
83
84
85# Double credentials
86print >> sys.stderr, "Generating double credentials"
87
88for r in resident:
89    for p in presence:
90        for n in pin:
91            for v in verification:
92                filename = "credentials/new_double_" + r + p + v + n
93                print >> sys.stderr, "Generating " + filename + ".templ"
94                line = subprocess.check_output([PUC, "-u@USERNAME@", r, p, v, n])
95
96                matches = re.match(r'^.*?:(.*?),(.*?),es256,(.*)', line, re.M)
97                with open(filename + ".templ", "w") as outfile:
98                    outfile.write(line)
99                credentials = [Credential(keyhandle = matches.group(1),
100                                         pubkey = matches.group(2),
101                                         attributes = matches.group(3),
102                                         oldformat = 0)]
103
104                line = subprocess.check_output([PUC, "-n", r, p, v, n])
105
106                matches = re.match(r'^.*?:(.*?),(.*?),es256,(.*)', line, re.M)
107                with open(filename + ".templ", "a") as outfile:
108                    outfile.write(line)
109                credentials += [Credential(keyhandle = matches.group(1),
110                                         pubkey = matches.group(2),
111                                         attributes = matches.group(3),
112                                         oldformat = 0)]
113
114                print_test_case(filename + ".cred", sshformat, credentials)
115
116# Mixed credentials
117print >> sys.stderr, "Mixed double credentials"
118
119options = [("", ""), ("", "-P"), ("-P", ""), ("-P", "-P")]
120
121for p1, p2 in options:
122    filename = "credentials/new_mixed_" + p1 +"1" + p2 + "2"
123    print >> sys.stderr, "Generating " + filename + ".templ"
124    line = subprocess.check_output([PUC, "-u@USERNAME@", p1])
125
126    matches = re.match(r'^.*?:(.*?),(.*?),es256,(.*)', line, re.M)
127    with open(filename + ".templ", "w") as outfile:
128        outfile.write(line)
129    credentials = [Credential(keyhandle = matches.group(1),
130                              pubkey = matches.group(2),
131                              attributes = matches.group(3),
132                              oldformat = 0)]
133
134    line = subprocess.check_output([PUC, "-n", p2])
135
136    matches = re.match(r'^.*?:(.*?),(.*?),es256,(.*)', line, re.M)
137    with open(filename + ".templ", "a") as outfile:
138        outfile.write(line)
139    credentials += [Credential(keyhandle = matches.group(1),
140                               pubkey = matches.group(2),
141                               attributes = matches.group(3),
142                               oldformat = 0)]
143
144    print_test_case(filename + ".cred", sshformat, credentials)
145