From e9fc4c9ae306027b823e4facdaf19ef61e18873b Mon Sep 17 00:00:00 2001 From: z4yx Date: Sat, 4 Jan 2025 22:42:28 +0800 Subject: [PATCH] increase test coverage of PIV applet --- .github/workflows/tests.yml | 4 ++++ virt-card/fabrication.c | 1 + 2 files changed, 5 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8d991fee..35c4ec1a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -407,6 +407,7 @@ jobs: # change the algorithm identifier of ED25519 piv-tool --admin M:9B:03 -s '00 EE 02 00 07 01 22 05 51 52 53 54' | grep 'SW1=0x90, SW2=0x00' # PIV_INS_ALGORITHM_EXTENSION, Yubico + piv-tool --admin M:9B:03 -s '00 EE 01 00 10' | grep '01 22 05 51 52 53 54' cd piv-go; go test -v ./piv --wipe-yubikey; cd - piv-tool --admin M:9B:03 -s '00 EE 02 00 07 01 E0 05 16 E1 53 54' | grep 'SW1=0x90, SW2=0x00' # PIV_INS_ALGORITHM_EXTENSION, Yubico @@ -456,6 +457,9 @@ jobs: yubico-piv-tool -r "$RDID" -a generate -A ECCP256 -s 9e yubico-piv-tool -r "$RDID" -a generate -A X25519 -s 82 > /tmp/pubkey-9e.pem yubico-piv-tool -r "$RDID" -a test-decipher -s 9e -A X25519 &1 | grep "Failed ECDH exchange"; # Wrong slot + yubico-piv-tool -r "$RDID" -a test-decipher -s 84 -A X25519 &1 | grep "Failed ECDH exchange"; # Unsupported slot + opensc-tool -r "$RDID" -s '00 24 00 01 02 00 00' | grep 'SW1=0x6A, SW2=0x88' # change ref data, not found + opensc-tool -r "$RDID" -s '00 87 FF 9B 02 00 00' | grep 'SW1=0x6A, SW2=0x80' # general auth, invalid P1 ## RSA tests for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA3072; done yubico-piv-tool -r "$RDID" -a status diff --git a/virt-card/fabrication.c b/virt-card/fabrication.c index 57699e55..7f4d2cd6 100644 --- a/virt-card/fabrication.c +++ b/virt-card/fabrication.c @@ -147,6 +147,7 @@ int card_fs_init(const char *lfs_root) { int card_fabrication_procedure(const char *lfs_root) { if (card_fs_init(lfs_root)) return 1; init_apdu_buffer(); + device_init(); applets_install(); // reset state of applets