Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing support cont. #296

Merged
merged 8 commits into from
Dec 7, 2022
Merged

Fuzzing support cont. #296

merged 8 commits into from
Dec 7, 2022

Conversation

szszszsz
Copy link
Member

@szszszsz szszszsz commented Dec 5, 2022
edited
Loading

This PR handles the latest protocol change for the oath-authenticator app, and its fuzzing support update.

Changes

  • Handle the protocol change for the oath-auth, where the response got prefixed with the precise error code.
  • Write down all commands sent per given test case (for multi-command fuzzing)
  • Update test cases with the new error names
  • Translate error codes to HR readable format, when showing to user
  • Reuse NK3 connection during the tests execution
  • Add passphrase clearing test
  • No UI changes
  • Add Earthly based setup for setting up development environment (required since nitropy does not work under Python 3.11)

Checklist

  • tested with Python3.10
  • run make check or make fix for the formatting check
  • signed commits
  • updated documentation (e.g. parameter description, inline doc, docs.nitrokey)
  • added labels

Test Environment and Execution

  • OS: Linux Fedora 35
  • device's model: USB/IP simulation, Nitrokey 3 CN
  • device's firmware version: 1.2.2 alpha

Connected: Nitrokey/trussed-secrets-app#15

Future work / to discuss:

@szszszsz
Make corpus data per test case execution
adcd8ca 
This allows to create more complicated data for the fuzzing
Use new corpus format, and connect to the device only once
@szszszsz
Build: prepare dev environment using Earthly
7a6ed71 
See https://earthly.dev/
@szszszsz
Prefix response with the status code
c235ecd 
Allows for more fine-grained error handling.
@szszszsz
Linter fixes
edb1840
@szszszsz
Correct failing case for test_reverse_hotp_window
99968e6
@szszszsz
Test clearing the passphrase
42ebd8b
@szszszsz szszszsz added enhancement New feature or request device/Nitrokey 3 labels Dec 5, 2022
robin-nitrokey
robin-nitrokey reviewed Dec 5, 2022
View reviewed changes
Copy link
Member

@robin-nitrokey robin-nitrokey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! I’ve added some minor comments.

Makefile Show resolved Hide resolved
Earthfile Outdated Show resolved Hide resolved
Makefile Outdated Show resolved Hide resolved
pynitrokey/nk3/otp_app.py Show resolved Hide resolved
@szszszsz szszszsz mentioned this pull request Dec 6, 2022
Merged
8 tasks
@szszszsz
Fuzzing: allow to change the outgoing path for the generated data
ba09737
@szszszsz
Correct Earhtly setup file. Extend documentation on its use.
44437a0 
Remove preinstalled packages, and use the ones from pyproject instead.
Allow to use podman/docker on user choosing.
@szszszsz szszszsz closed this in 7abba82 Dec 7, 2022
@szszszsz szszszsz merged commit 7abba82 into master Dec 7, 2022
@szszszsz szszszsz mentioned this pull request Dec 7, 2022
Open
@szszszsz szszszsz deleted the fuzzing-2 branch December 7, 2022 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey left review comments

Assignees
No one assigned
Labels
device/Nitrokey 3 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@szszszsz @robin-nitrokey