summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/cred_make.c14
-rw-r--r--tools/fido2-cred.c4
-rwxr-xr-xtools/fido2-unprot.sh39
-rwxr-xr-xtools/include_check.sh17
-rwxr-xr-xtools/test.sh145
5 files changed, 122 insertions, 97 deletions
diff --git a/tools/cred_make.c b/tools/cred_make.c
index 66c8b52d8e38..6d335a5c58b1 100644
--- a/tools/cred_make.c
+++ b/tools/cred_make.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023 Yubico AB. All rights reserved.
+ * Copyright (c) 2018-2024 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
@@ -151,11 +151,16 @@ cred_make(int argc, char **argv)
int type = COSE_ES256;
int flags = 0;
int cred_protect = -1;
+ int ea = 0;
int ch;
int r;
- while ((ch = getopt(argc, argv, "bc:dhi:o:qruvw")) != -1) {
+ while ((ch = getopt(argc, argv, "a:bc:dhi:o:qruvw")) != -1) {
switch (ch) {
+ case 'a':
+ if ((ea = base10(optarg)) < 0)
+ errx(1, "-a: invalid argument '%s'", optarg);
+ break;
case 'b':
flags |= FLAG_LARGEBLOB;
break;
@@ -221,6 +226,11 @@ cred_make(int argc, char **argv)
errx(1, "fido_cred_set_prot: %s", fido_strerr(r));
}
}
+ if (ea > 0) {
+ r = fido_cred_set_entattest(cred, ea);
+ if (r != FIDO_OK)
+ errx(1, "fido_cred_set_entattest: %s", fido_strerr(r));
+ }
r = fido_dev_make_cred(dev, cred, NULL);
if (r == FIDO_ERR_PIN_REQUIRED && !(flags & FLAG_QUIET)) {
diff --git a/tools/fido2-cred.c b/tools/fido2-cred.c
index 76081c6856e9..a819bd118d12 100644
--- a/tools/fido2-cred.c
+++ b/tools/fido2-cred.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2023 Yubico AB. All rights reserved.
+ * Copyright (c) 2018-2024 Yubico AB. All rights reserved.
* Use of this source code is governed by a BSD-style
* license that can be found in the LICENSE file.
* SPDX-License-Identifier: BSD-2-Clause
@@ -27,7 +27,7 @@ void
usage(void)
{
fprintf(stderr,
-"usage: fido2-cred -M [-bdhqruvw] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n"
+"usage: fido2-cred -M [-bdhqruvw] [-a mode] [-c cred_protect] [-i input_file] [-o output_file] device [type]\n"
" fido2-cred -V [-dhv] [-c cred_protect] [-i input_file] [-o output_file] [type]\n"
);
diff --git a/tools/fido2-unprot.sh b/tools/fido2-unprot.sh
index 7d8c77936ee9..06b52232c6be 100755
--- a/tools/fido2-unprot.sh
+++ b/tools/fido2-unprot.sh
@@ -6,53 +6,56 @@
# SPDX-License-Identifier: BSD-2-Clause
-if [ $(uname) != "Linux" ] ; then
+if [ "$(uname)" != "Linux" ] ; then
echo "Can only run on Linux"
exit 1
fi
-TOKEN_VERSION=$(${FIDO_TOOLS_PREFIX}fido2-token -V 2>&1)
-if [ $? -ne 0 ] ; then
+if ! TOKEN_VERSION=$("${FIDO_TOOLS_PREFIX}"fido2-token -V 2>&1); then
echo "Please install libfido2 1.5.0 or higher"
- exit
+ exit 1
fi
TOKEN_VERSION_MAJOR=$(echo "$TOKEN_VERSION" | cut -d. -f1)
TOKEN_VERSION_MINOR=$(echo "$TOKEN_VERSION" | cut -d. -f2)
-if [ $TOKEN_VERSION_MAJOR -eq 0 -o $TOKEN_VERSION_MAJOR -eq 1 -a $TOKEN_VERSION_MINOR -lt 5 ] ; then
+if [ "$TOKEN_VERSION_MAJOR" -eq 0 ] ; then
+ echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)"
+ exit 1
+fi
+if [ "$TOKEN_VERSION_MAJOR" -eq 1 ] && [ "$TOKEN_VERSION_MINOR" -lt 5 ] ; then
echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)"
exit 1
fi
set -e
-TOKEN_OUTPUT=$(${FIDO_TOOLS_PREFIX}fido2-token -L)
+TOKEN_OUTPUT=$("${FIDO_TOOLS_PREFIX}"fido2-token -L)
DEV_PATH_NAMES=$(echo "$TOKEN_OUTPUT" | sed -r 's/^(.*): .*\((.*)\)$/\1 \2/g')
DEV_COUNT=$(echo "$DEV_PATH_NAMES" | wc -l)
-for i in $(seq 1 $DEV_COUNT)
+for i in $(seq 1 "$DEV_COUNT")
do
DEV_PATH_NAME=$(echo "$DEV_PATH_NAMES" | sed "${i}q;d")
DEV_PATH=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1)
DEV_NAME=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1 --complement)
- DEV_PRETTY=$(echo "$DEV_NAME (at '$DEV_PATH')")
- if expr match "$(${FIDO_TOOLS_PREFIX}fido2-token -I $DEV_PATH)" ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then
- printf "Enter PIN for $DEV_PRETTY once (ignore further prompts): "
+ DEV_PRETTY="$DEV_NAME (at '$DEV_PATH')"
+ if expr "$("${FIDO_TOOLS_PREFIX}"fido2-token -I "$DEV_PATH")" : ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then
+ printf "Enter PIN for %s once (ignore further prompts): " "$DEV_PRETTY"
stty -echo
- read PIN
+ IFS= read -r PIN
stty echo
printf "\n"
- RESIDENT_RPS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -r $DEV_PATH | cut -d' ' -f3)
+ RESIDENT_RPS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -r "$DEV_PATH" | cut -d' ' -f3)
printf "\n"
RESIDENT_RPS_COUNT=$(echo "$RESIDENT_RPS" | wc -l)
FOUND=0
- for j in $(seq 1 $DEV_RESIDENT_RPS_COUNT)
+ for j in $(seq 1 "$RESIDENT_RPS_COUNT")
do
RESIDENT_RP=$(echo "$RESIDENT_RPS" | sed "${j}q;d")
- UNPROT_CREDS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -k $RESIDENT_RP $DEV_PATH | grep ' uvopt$' | cut -d' ' -f2,3,4)
+ UNPROT_CREDS=$(printf "%s\n" "$PIN" | setsid -w "${FIDO_TOOLS_PREFIX}"fido2-token -L -k "$RESIDENT_RP" "$DEV_PATH" | grep ' uvopt$' | cut -d' ' -f2,3,4)
printf "\n"
UNPROT_CREDS_COUNT=$(echo "$UNPROT_CREDS" | wc -l)
- if [ $UNPROT_CREDS_COUNT -gt 0 ] ; then
+ if [ "$UNPROT_CREDS_COUNT" -gt 0 ] ; then
FOUND=1
echo "Unprotected credentials on $DEV_PRETTY for '$RESIDENT_RP':"
echo "$UNPROT_CREDS"
@@ -64,9 +67,9 @@ do
else
echo "$DEV_PRETTY cannot enumerate credentials"
echo "Discovering unprotected SSH credentials only..."
- STUB_HASH=$(echo -n "" | openssl sha256 -binary | base64)
- printf "$STUB_HASH\nssh:\n" | ${FIDO_TOOLS_PREFIX}fido2-assert -G -r -t up=false $DEV_PATH 2> /dev/null || ASSERT_EXIT_CODE=$?
- if [ $ASSERT_EXIT_CODE -eq 0 ] ; then
+ STUB_HASH=$(printf "" | openssl sha256 -binary | base64)
+ printf "%s\nssh:\n" "$STUB_HASH" | "${FIDO_TOOLS_PREFIX}"fido2-assert -G -r -t up=false "$DEV_PATH" 2> /dev/null || ASSERT_EXIT_CODE=$?
+ if [ "$ASSERT_EXIT_CODE" -eq 0 ] ; then
echo "Found an unprotected SSH credential on $DEV_PRETTY!"
else
echo "No unprotected SSH credentials (default settings) on $DEV_PRETTY"
diff --git a/tools/include_check.sh b/tools/include_check.sh
index 70abada1640d..a9a9873ca7df 100755
--- a/tools/include_check.sh
+++ b/tools/include_check.sh
@@ -1,15 +1,22 @@
-#!/bin/sh
+#!/bin/sh -u
# Copyright (c) 2019 Yubico AB. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
# SPDX-License-Identifier: BSD-2-Clause
+SKIP='(webauthn.h)'
+
check() {
- for f in $(find $1 -maxdepth 1 -name '*.h'); do
- echo "#include \"$f\"" | \
- cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1
- echo "$f $CFLAGS $?"
+ try="cc $CFLAGS -Isrc -xc -c - -o /dev/null 2>&1"
+ git ls-files "$1" | grep '.*\.h$' | while read -r header; do
+ if echo "$header" | grep -Eq "$SKIP"; then
+ echo "Skipping $header"
+ else
+ body="#include \"$header\""
+ echo "echo $body | $try"
+ echo "$body" | eval "$try"
+ fi
done
}
diff --git a/tools/test.sh b/tools/test.sh
index 67b757e80a8d..28b3facca570 100755
--- a/tools/test.sh
+++ b/tools/test.sh
@@ -13,7 +13,7 @@
# - should pass as-is on a YubiKey with a PIN set;
# - may otherwise require set +e above;
# - can be executed with UV=1 to run additional UV tests;
-# - was last tested on 2022-01-11 with firmware 5.4.3.
+# - was last tested on 2024-06-15 with firmware 5.7.1.
cd "$1"
DEV="$2"
@@ -28,11 +28,11 @@ $1
some user name
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
EOF
- fido2-cred -M $2 "${DEV}" "${TYPE}" > "$3" < cred_param
+ fido2-cred -M "$2" "${DEV}" "${TYPE}" > "$3" < cred_param
}
verify_cred() {
- fido2-cred -V $1 "${TYPE}" > cred_out < "$2"
+ fido2-cred -V "$1" "${TYPE}" > cred_out < "$2" || return 1
head -1 cred_out > "$3"
tail -n +2 cred_out > "$4"
}
@@ -41,79 +41,84 @@ get_assert() {
sed /^$/d > assert_param << EOF
$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)
$1
-$(cat $3)
-$(cat $4)
+$(cat "$3")
+$(cat "$4")
EOF
+ # we want to expand $2
+ # shellcheck disable=SC2086
fido2-assert -G $2 "${DEV}" > "$5" < assert_param
}
verify_assert() {
- fido2-assert -V $1 "$2" "${TYPE}" < "$3"
+ fido2-assert -V "$1" "$2" "${TYPE}" < "$3"
}
dd if=/dev/urandom bs=32 count=1 | base64 > hmac-salt
# u2f
-if [ "x${TYPE}" = "xes256" ]; then
+if [ "${TYPE}" = "es256" ]; then
make_cred no.tld "-u" u2f
- ! make_cred no.tld "-ru" /dev/null
- ! make_cred no.tld "-uc1" /dev/null
- ! make_cred no.tld "-uc2" /dev/null
+ make_cred no.tld "-ru" /dev/null && exit 1
+ make_cred no.tld "-uc1" /dev/null && exit 1
+ make_cred no.tld "-uc2" /dev/null && exit 1
verify_cred "--" u2f u2f-cred u2f-pubkey
- ! verify_cred "-h" u2f /dev/null /dev/null
- ! verify_cred "-v" u2f /dev/null /dev/null
+ verify_cred "-h" u2f /dev/null /dev/null && exit 1
+ verify_cred "-v" u2f /dev/null /dev/null && exit 1
verify_cred "-c0" u2f /dev/null /dev/null
- ! verify_cred "-c1" u2f /dev/null /dev/null
- ! verify_cred "-c2" u2f /dev/null /dev/null
- ! verify_cred "-c3" u2f /dev/null /dev/null
+ verify_cred "-c1" u2f /dev/null /dev/null && exit 1
+ verify_cred "-c2" u2f /dev/null /dev/null && exit 1
+ verify_cred "-c3" u2f /dev/null /dev/null && exit 1
fi
# wrap (non-resident)
make_cred no.tld "--" wrap
-verify_cred "--" wrap wrap-cred wrap-pubkey
-! verify_cred "-h" wrap /dev/null /dev/null
-! verify_cred "-v" wrap /dev/null /dev/null
+verify_cred "--" wrap wrap-cred wrap-pubkey
+verify_cred "-h" wrap /dev/null /dev/null && exit 1
+verify_cred "-v" wrap /dev/null /dev/null && exit 1
verify_cred "-c0" wrap /dev/null /dev/null
-! verify_cred "-c1" wrap /dev/null /dev/null
-! verify_cred "-c2" wrap /dev/null /dev/null
-! verify_cred "-c3" wrap /dev/null /dev/null
+verify_cred "-c1" wrap /dev/null /dev/null && exit 1
+verify_cred "-c2" wrap /dev/null /dev/null && exit 1
+verify_cred "-c3" wrap /dev/null /dev/null && exit 1
# wrap (non-resident) + hmac-secret
make_cred no.tld "-h" wrap-hs
-! verify_cred "--" wrap-hs /dev/null /dev/null
+verify_cred "--" wrap-hs /dev/null /dev/null && exit 1
verify_cred "-h" wrap-hs wrap-hs-cred wrap-hs-pubkey
-! verify_cred "-v" wrap-hs /dev/null /dev/null
+verify_cred "-v" wrap-hs /dev/null /dev/null && exit 1
+verify_cred "-hv" wrap-hs /dev/null /dev/null && exit 1
verify_cred "-hc0" wrap-hs /dev/null /dev/null
-! verify_cred "-c0" wrap-hs /dev/null /dev/null
-! verify_cred "-c1" wrap-hs /dev/null /dev/null
-! verify_cred "-c2" wrap-hs /dev/null /dev/null
-! verify_cred "-c3" wrap-hs /dev/null /dev/null
+verify_cred "-c0" wrap-hs /dev/null /dev/null && exit 1
+verify_cred "-c1" wrap-hs /dev/null /dev/null && exit 1
+verify_cred "-c2" wrap-hs /dev/null /dev/null && exit 1
+verify_cred "-c3" wrap-hs /dev/null /dev/null && exit 1
# resident
make_cred no.tld "-r" rk
verify_cred "--" rk rk-cred rk-pubkey
-! verify_cred "-h" rk /dev/null /dev/null
-! verify_cred "-v" rk /dev/null /dev/null
+verify_cred "-h" rk /dev/null /dev/null && exit 1
+verify_cred "-v" rk /dev/null /dev/null
+verify_cred "-hv" rk /dev/null /dev/null && exit 1
verify_cred "-c0" rk /dev/null /dev/null
-! verify_cred "-c1" rk /dev/null /dev/null
-! verify_cred "-c2" rk /dev/null /dev/null
-! verify_cred "-c3" rk /dev/null /dev/null
+verify_cred "-c1" rk /dev/null /dev/null && exit 1
+verify_cred "-c2" rk /dev/null /dev/null && exit 1
+verify_cred "-c3" rk /dev/null /dev/null && exit 1
# resident + hmac-secret
make_cred no.tld "-hr" rk-hs
-! verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey
+verify_cred "--" rk-hs rk-hs-cred rk-hs-pubkey && exit 1
verify_cred "-h" rk-hs /dev/null /dev/null
-! verify_cred "-v" rk-hs /dev/null /dev/null
+verify_cred "-v" rk-hs /dev/null /dev/null && exit 1
+verify_cred "-hv" rk-hs /dev/null /dev/null
verify_cred "-hc0" rk-hs /dev/null /dev/null
-! verify_cred "-c0" rk-hs /dev/null /dev/null
-! verify_cred "-c1" rk-hs /dev/null /dev/null
-! verify_cred "-c2" rk-hs /dev/null /dev/null
-! verify_cred "-c3" rk-hs /dev/null /dev/null
+verify_cred "-c0" rk-hs /dev/null /dev/null && exit 1
+verify_cred "-c1" rk-hs /dev/null /dev/null && exit 1
+verify_cred "-c2" rk-hs /dev/null /dev/null && exit 1
+verify_cred "-c3" rk-hs /dev/null /dev/null && exit 1
# u2f
-if [ "x${TYPE}" = "xes256" ]; then
+if [ "${TYPE}" = "es256" ]; then
get_assert no.tld "-u" u2f-cred /dev/null u2f-assert
- ! get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null
+ get_assert no.tld "-u -t up=false" u2f-cred /dev/null /dev/null && exit 1
verify_assert "--" u2f-pubkey u2f-assert
verify_assert "-p" u2f-pubkey u2f-assert
fi
@@ -138,40 +143,40 @@ verify_assert "--" wrap-pubkey wrap-assert
verify_assert "-p" wrap-pubkey wrap-assert
get_assert no.tld "-t up=false" wrap-cred /dev/null wrap-assert
verify_assert "--" wrap-pubkey wrap-assert
-! verify_assert "-p" wrap-pubkey wrap-assert
+verify_assert "-p" wrap-pubkey wrap-assert && exit 1
get_assert no.tld "-t up=false -t pin=true" wrap-cred /dev/null wrap-assert
-! verify_assert "-p" wrap-pubkey wrap-assert
+verify_assert "-p" wrap-pubkey wrap-assert && exit 1
verify_assert "-v" wrap-pubkey wrap-assert
-! verify_assert "-pv" wrap-pubkey wrap-assert
+verify_assert "-pv" wrap-pubkey wrap-assert && exit 1
get_assert no.tld "-t up=false -t pin=false" wrap-cred /dev/null wrap-assert
-! verify_assert "-p" wrap-pubkey wrap-assert
+verify_assert "-p" wrap-pubkey wrap-assert && exit 1
get_assert no.tld "-h" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
get_assert no.tld "-h -t pin=true" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
verify_assert "-hv" wrap-pubkey wrap-assert
get_assert no.tld "-h -t pin=false" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
get_assert no.tld "-h -t up=true" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
verify_assert "-hp" wrap-pubkey wrap-assert
get_assert no.tld "-h -t up=true -t pin=true" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
verify_assert "-hp" wrap-pubkey wrap-assert
verify_assert "-hv" wrap-pubkey wrap-assert
verify_assert "-hpv" wrap-pubkey wrap-assert
get_assert no.tld "-h -t up=true -t pin=false" wrap-cred hmac-salt wrap-assert
-! verify_assert "--" wrap-pubkey wrap-assert
+verify_assert "--" wrap-pubkey wrap-assert && exit 1
verify_assert "-h" wrap-pubkey wrap-assert
verify_assert "-hp" wrap-pubkey wrap-assert
-! get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert
-! get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert
-! get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert
+get_assert no.tld "-h -t up=false" wrap-cred hmac-salt wrap-assert && exit 1
+get_assert no.tld "-h -t up=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1
+get_assert no.tld "-h -t up=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1
if [ "x${UV}" != "x" ]; then
get_assert no.tld "-t uv=true" wrap-cred /dev/null wrap-assert
@@ -205,11 +210,11 @@ if [ "x${UV}" != "x" ]; then
get_assert no.tld "-t up=false -t uv=true -t pin=false" wrap-cred /dev/null wrap-assert
verify_assert "-v" wrap-pubkey wrap-assert
get_assert no.tld "-t up=false -t uv=false" wrap-cred /dev/null wrap-assert
- ! verify_assert "--" wrap-pubkey wrap-assert
+ verify_assert "--" wrap-pubkey wrap-assert && exit 1
get_assert no.tld "-t up=false -t uv=false -t pin=true" wrap-cred /dev/null wrap-assert
verify_assert "-v" wrap-pubkey wrap-assert
get_assert no.tld "-t up=false -t uv=false -t pin=false" wrap-cred /dev/null wrap-assert
- ! verify_assert "--" wrap-pubkey wrap-assert
+ verify_assert "--" wrap-pubkey wrap-assert && exit 1
get_assert no.tld "-h -t uv=true" wrap-cred hmac-salt wrap-assert
verify_assert "-hv" wrap-pubkey wrap-assert
get_assert no.tld "-h -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
@@ -234,12 +239,12 @@ if [ "x${UV}" != "x" ]; then
verify_assert "-hpv" wrap-pubkey wrap-assert
get_assert no.tld "-h -t up=true -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
verify_assert "-hp" wrap-pubkey wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert
- ! get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert
+ get_assert no.tld "-h -t up=false -t uv=true" wrap-cred hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-h -t up=false -t uv=true -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-h -t up=false -t uv=true -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-h -t up=false -t uv=false" wrap-cred hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-h -t up=false -t uv=false -t pin=true" wrap-cred hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-h -t up=false -t uv=false -t pin=false" wrap-cred hmac-salt wrap-assert && exit 1
fi
# resident
@@ -258,9 +263,9 @@ get_assert no.tld "-r -h -t pin=false" /dev/null hmac-salt wrap-assert
get_assert no.tld "-r -h -t up=true" /dev/null hmac-salt wrap-assert
get_assert no.tld "-r -h -t up=true -t pin=true" /dev/null hmac-salt wrap-assert
get_assert no.tld "-r -h -t up=true -t pin=false" /dev/null hmac-salt wrap-assert
-! get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert
-! get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert
-! get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert
+get_assert no.tld "-r -h -t up=false" /dev/null hmac-salt wrap-assert && exit 1
+get_assert no.tld "-r -h -t up=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1
+get_assert no.tld "-r -h -t up=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1
if [ "x${UV}" != "x" ]; then
get_assert no.tld "-r -t uv=true" /dev/null /dev/null wrap-assert
@@ -293,12 +298,12 @@ if [ "x${UV}" != "x" ]; then
get_assert no.tld "-r -h -t up=true -t uv=false" /dev/null hmac-salt wrap-assert
get_assert no.tld "-r -h -t up=true -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
get_assert no.tld "-r -h -t up=true -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert
- ! get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert
+ get_assert no.tld "-r -h -t up=false -t uv=true" /dev/null hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-r -h -t up=false -t uv=true -t pin=true" /dev/null hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-r -h -t up=false -t uv=true -t pin=false" /dev/null hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-r -h -t up=false -t uv=false" /dev/null hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-r -h -t up=false -t uv=false -t pin=true" /dev/null hmac-salt wrap-assert && exit 1
+ get_assert no.tld "-r -h -t up=false -t uv=false -t pin=false" /dev/null hmac-salt wrap-assert && exit 1
fi
exit 0
generated by cgit v1.3 (git 2.53.0) at 2026-04-08 18:10:15 +0000