The ctap2-test-tool-corpus from google

This repository contains the fuzzing corpus for the CTAP2 test tool. Please check its documentation for more information about the project or how to contribute.

ctap2-test-tool-corpus's People

Contributors

Stargazers

Watchers

ctap2-test-tool-corpus's Issues

Some items in Cbor_MakeCredentialParameters should be okay under ctap2.1 spec

Ctap2.1 has loosed the check for user/pubKeyCredParams(algo)/options, e.g. Treat any option keys that are not understood as absent.. So below items will trigger Please touch your security key then with positive response, Fuzzing test should remove them.

8cb0d5244d619d44b4a4cb205c0d8960d4d8f336
- {1: h'687134968222EC17202E42505D8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A00302010230820193308201389B030201023082019330FE', "i/ah": h'', "xampl": "z.cod", "splayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "publis-key"}], 7: {"nk": true}}
bb643501327d9731217c1678b16082ea7f67206b
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A003020102308201933082', "i/aB": "jjpqsmith@", "xampl": "z.cod", "splayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "publis-key"}], 7: {"nk": true}}
cb4e3558824eef3b22b2eca52cf0b40a3d3b0588
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A003020102308201933082', "i/aB": "jjpqPb.png", "nAme": "[email protected]", "splayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}
d80dd27a58e70e9be9f78593bee1d81ec93d0fb8
- {1: h'6873BB968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A00302010230826D933082', "i/aB": "jjpqPb.png", "name": "[email protected]", "splayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"vk": true}}
8575daa68af1546115c06a3a00f3098ba2cf2fb9
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3682012830820138A0030201023082019330820138A003020102308201933082', "icaB": "jjpqPb.png", "nAme": "[email protected]", "displayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}
468ffbba9d9583efbaae23ff93c7c8e58803c55c
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A003020102308201933082', "icon": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "nAme": "[email protected]", "splayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}
d46e33c350dcee9f8911b2c2750d003417433b16
- {1: h'6873BB968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A00302010230826D933082', "ic:n": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "name": "[email protected]", "splayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"vk": true}}
47482618a90e20307f8ba6dd6debd3a5ac1f7c62
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A003020102308201933082', "icon": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "nAme": "[email protected]", "displayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}
528d6082a8556c0948a58f3e7319d49c633dd73d
- {1: h'687334968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A00302010230826D933082', "ic:n": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "name": "[email protected]", "displayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"vk": true}}
53d4028984243b08d6ec79fc2b5fc52803925015
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A003020102308201933082', "icon": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "name": "[email protected]", "displayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}
6d6c3d8b82f567890a0faaf5f9ccea01aeffd04a
- {1: h'687334968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3882012830820138A0030201023082019330820138A00302010230826D933082', "ic:;": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "name": "[email protected]", "displayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"vk": true}}
d4e00efc435df10f04504054dd189a471ecc792d
- {1: h'687134968222EC17202E42505F8ED2B16AE22F16BB05B88C25DB9E602645F141', 2: {"id": "example.com", "name": "Acme"}, 3: {"id": h'3682012830820138A0030201023082019330820138A003020102308201933082', "icon": "https://pics.epamxle.com600/p/aBjjjpqPb.png", "nAme": "[email protected]", "displayName": "John P( Smith"}, 4: [{"alg": -7, "type": "public-key"}, {"alg": -257, "type": "public-key"}], 7: {"nk": true}}

Some test items of Cbor_ClientPinParameters with CTAP2_ERR_PIN_INVALID(0x31) ended due to wrong PIN will cause regenerate() on keygreement's public

So in these cases that, following getPinToken(0x05) command with failed soon with CTAP1_ERR_INVALID_PARAMETER(0x02) due to keyagreement pub-key is updated and need to call getKeyAgreement(0x02) first.

Below is my test results with unexpected log as below.

{
  "description": "Tests the corpus of CTAP ClientPIN commands.",
  "error_message": null,
  "id": "client_pin_corpus",
  "observations": [
    "GetAuthToken failed.",
    "In file 4d72e36f660e0ff720ca487d6261e40fd8408a56 GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER",
    "In file 6c501006a5f512307967eb77cf3452aa85c423bd GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER",
    "In file 924dcf5de871c82d4fa14227c1d53b892f45a028 GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER",
    "In file c71ae102e9b76bae2528376c9dd40d9776ad9ad1 GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER",
    "In file fb00a06acad5a321cff2123be3bc074d5ffa8e06 GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER",
    "In file seed_file_29 GetAuthToken got error code - CTAP1_ERR_INVALID_PARAMETER"
  ],
  "result": "pass",
  "tags": [
    "Fuzzing"
  ]
}

Recommend Projects

google / ctap2-test-tool-corpus Goto Github PK

ctap2-test-tool-corpus's Introduction

ctap2-test-tool-corpus's People

Contributors

Stargazers

Watchers

Forkers

ctap2-test-tool-corpus's Issues

Some items in Cbor_MakeCredentialParameters should be okay under ctap2.1 spec

Some test items of Cbor_ClientPinParameters with CTAP2_ERR_PIN_INVALID(0x31) ended due to wrong PIN will cause regenerate() on keygreement's public

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent