k_card

Commit Graph

Author	SHA1	Message	Date
Morten V. Christiansen	4b719a0846	Switch token binding from per-request URL+method to domain-level host+nonce Challenge is now SHA256(host\|nonce) instead of SHA256(url\|method\|nonce). A single card interaction authorises access to any path and method on the gated domain, which is the intended granularity. Tests updated accordingly: path/method rejection cases replaced with domain-level and tampered-host cases. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-09 23:52:48 +02:00
Morten V. Christiansen	6f08c7eed4	Add k_server assertion verification tests + clarify session login comment tests/test_k_server.py: - TestVerifyAssertionToken (12 tests): unit tests using raw P-256 keys — valid accept, wrong path/method, tampered nonce/signature/key, cross- resource replay, malformed/empty token, wrong cdj type, missing field. - TestVerifyAssertionTokenRoundTrip (5 tests): end-to-end via CardEmulator — register, getAssertion with bound challenge, build bundle as k_phone does, verify on server. Tests include wrong path/method and cross-user key swap. Skipped automatically if fido2 is not installed. All 17 pass. proxy_service.dart: add comment to _handleSessionLogin explaining why random challenge is correct there (user-presence proof for portal session, not per-request resource binding). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-08 12:16:08 +02:00

Author

SHA1

Message

Date

Morten V. Christiansen

4b719a0846

Switch token binding from per-request URL+method to domain-level host+nonce

Challenge is now SHA256(host|nonce) instead of SHA256(url|method|nonce).
A single card interaction authorises access to any path and method on the
gated domain, which is the intended granularity. Tests updated accordingly:
path/method rejection cases replaced with domain-level and tampered-host cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-09 23:52:48 +02:00

Morten V. Christiansen

6f08c7eed4

Add k_server assertion verification tests + clarify session login comment

tests/test_k_server.py:
  - TestVerifyAssertionToken (12 tests): unit tests using raw P-256 keys —
    valid accept, wrong path/method, tampered nonce/signature/key, cross-
    resource replay, malformed/empty token, wrong cdj type, missing field.
  - TestVerifyAssertionTokenRoundTrip (5 tests): end-to-end via CardEmulator
    — register, getAssertion with bound challenge, build bundle as k_phone
    does, verify on server.  Tests include wrong path/method and cross-user
    key swap.  Skipped automatically if fido2 is not installed.
  All 17 pass.

proxy_service.dart: add comment to _handleSessionLogin explaining why
  random challenge is correct there (user-presence proof for portal session,
  not per-request resource binding).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-08 12:16:08 +02:00

2 Commits