diff --git a/libraries/opensk/src/api/persist.rs b/libraries/opensk/src/api/persist.rs index a11548cc..089e8741 100644 --- a/libraries/opensk/src/api/persist.rs +++ b/libraries/opensk/src/api/persist.rs @@ -521,8 +521,7 @@ mod test { let mut env = TestEnv::default(); let persist = env.persist(); - let mut counter_value = 1; - assert_eq!(persist.global_signature_counter().unwrap(), counter_value); + let mut counter_value = persist.global_signature_counter().unwrap(); for increment in 1..10 { assert!(persist.incr_global_signature_counter(increment).is_ok()); counter_value += increment; diff --git a/libraries/opensk/src/ctap/mod.rs b/libraries/opensk/src/ctap/mod.rs index 8ef166ad..b457de27 100644 --- a/libraries/opensk/src/ctap/mod.rs +++ b/libraries/opensk/src/ctap/mod.rs @@ -1447,13 +1447,14 @@ mod test { const VENDOR_CHANNEL: Channel = Channel::VendorHid([0x12, 0x34, 0x56, 0x78]); fn check_make_response( + env: &mut impl Env, make_credential_response: &CtapResult, flags: u8, - expected_aaguid: &[u8], expected_credential_id_size: u8, expected_extension_cbor: &[u8], ) { - const INITIAL_SIGNATURE_COUNTER: u32 = 1; + let expected_aaguid = env.customization().aaguid(); + let signature_counter = env.persist().global_signature_counter().unwrap(); match make_credential_response.as_ref().unwrap() { ResponseData::AuthenticatorMakeCredential(make_credential_response) => { let AuthenticatorMakeCredentialResponse { @@ -1468,9 +1469,9 @@ mod test { let mut expected_auth_data = vec![ 0xA3, 0x79, 0xA6, 0xF6, 0xEE, 0xAF, 0xB9, 0xA5, 0x5E, 0x37, 0x8C, 0x11, 0x80, 0x34, 0xE2, 0x75, 0x1E, 0x68, 0x2F, 0xAB, 0x9F, 0x2D, 0x30, 0xAB, 0x13, 0xD2, - 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, 0x00, 0x00, 0x00, + 0x12, 0x55, 0x86, 0xCE, 0x19, 0x47, flags, ]; - expected_auth_data.push(INITIAL_SIGNATURE_COUNTER as u8); + expected_auth_data.extend(&signature_counter.to_be_bytes()); expected_auth_data.extend(expected_aaguid); expected_auth_data.extend(&[0x00, expected_credential_id_size]); assert_eq!( @@ -1648,13 +1649,7 @@ mod test { let make_credential_response = ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL); - check_make_response( - &make_credential_response, - 0x41, - env.customization().aaguid(), - 0x20, - &[], - ); + check_make_response(&mut env, &make_credential_response, 0x41, 0x20, &[]); } #[test] @@ -1668,9 +1663,9 @@ mod test { ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL); check_make_response( + &mut env, &make_credential_response, 0x41, - env.customization().aaguid(), CBOR_CREDENTIAL_ID_SIZE as u8, &[], ); @@ -1838,9 +1833,9 @@ mod test { 0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), CBOR_CREDENTIAL_ID_SIZE as u8, &expected_extension_cbor, ); @@ -1864,9 +1859,9 @@ mod test { 0xA1, 0x6B, 0x68, 0x6D, 0x61, 0x63, 0x2D, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0xF5, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), 0x20, &expected_extension_cbor, ); @@ -1886,13 +1881,7 @@ mod test { make_credential_params.extensions = extensions; let make_credential_response = ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL); - check_make_response( - &make_credential_response, - 0x41, - env.customization().aaguid(), - 0x20, - &[], - ); + check_make_response(&mut env, &make_credential_response, 0x41, 0x20, &[]); // Second part: The extension is used. assert_eq!( @@ -1913,9 +1902,9 @@ mod test { 0x04, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), 0x20, &expected_extension_cbor, ); @@ -1938,9 +1927,9 @@ mod test { 0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF5, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), 0x20, &expected_extension_cbor, ); @@ -1970,9 +1959,9 @@ mod test { 0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF4, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), 0x20, &expected_extension_cbor, ); @@ -2047,13 +2036,7 @@ mod test { DUMMY_CHANNEL, ); - check_make_response( - &make_credential_response, - 0x45, - env.customization().aaguid(), - 0x20, - &[], - ); + check_make_response(&mut env, &make_credential_response, 0x45, 0x20, &[]); let make_credential_response = ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL); @@ -2085,9 +2068,9 @@ mod test { ctap_state.process_make_credential(&mut env, make_credential_params, DUMMY_CHANNEL); check_make_response( + &mut env, &make_credential_response, 0x41, - env.customization().aaguid(), CBOR_CREDENTIAL_ID_SIZE as u8, &[], ); @@ -2784,9 +2767,9 @@ mod test { 0xA1, 0x68, 0x63, 0x72, 0x65, 0x64, 0x42, 0x6C, 0x6F, 0x62, 0xF5, ]; check_make_response( + &mut env, &make_credential_response, 0xC1, - env.customization().aaguid(), CBOR_CREDENTIAL_ID_SIZE as u8, &expected_extension_cbor, );