commit 3509acd5863eb7f534700ee1dcb102f29f62a2cb
author Andrey Pronin <apronin@chromium.org> Thu Jan 02 13:20:06 2020 -0800
committer Mary Ruthven <mruthven@chromium.org> Wed Jan 22 18:09:36 2020 +0000
tree 033d6a4ee25fbd2f69dfc099b3435c8ed3b76cf9
parent 6a19429d7e0077dfa608920cae2982cda8880242

firmware_Cr50U2fCommands: more U2F_ATTEST tests

This CL adds test for verifying that U2F_ATTEST doesn't sign data that
contains a wrong reserved byte or public key.

BUG=b:147097407
TEST=test_that <dut> firmware_Cr50U2fCommands

Cq-Depend: chromium:1984891
Change-Id: Id1a6012913c9e0ea8fe2c3f526c965e5deb91fae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/autotest/+/1986230
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>

server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py

diff --git a/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py b/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
index b8110dd..d43ea8d 100644
--- a/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
+++ b/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
@@ -479,6 +479,13 @@
                                  registration['pubKey'], USER_SECRET_1,
                                  VENDOR_CMD_RESPONSE_NOT_ALLOWED)
 
+  def __test_attest_wrong_pub_key(self):
+    registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
+
+    self.__check_attest_reg_resp(APP_ID, registration['keyHandle'],
+                                 'FF' * 65, USER_SECRET_1,
+                                 VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+
   def __test_attest_garbage_data(self):
     self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP,
                       'ff' * U2F_ATTEST_REG_RESP_SIZE_BYTES,
@@ -497,6 +504,20 @@
     self.__u2f_attest(USER_SECRET_1, 'ff', register_resp,
                       VENDOR_CMD_RESPONSE_NOT_ALLOWED)
 
+  def __test_attest_invalid_reserved_byte(self):
+    registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
+
+    register_resp = '{}{}{}{}{}'.format(
+        '01', # unexpected reserved byte
+        APP_ID,
+        RANDOM_32,  # challenge
+        registration['keyHandle'],
+        registration['pubKey'])
+
+    # Attempt to attest to valid data with invalid format.
+    self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP, register_resp,
+                      VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+
   def __test_kh_invalidated_by_powerwash(self):
     registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
 
@@ -551,8 +572,10 @@
     self.__test_attest_simple_padded()
     self.__test_attest_wrong_user()
     self.__test_attest_wrong_app_id()
+    self.__test_attest_wrong_pub_key()
     self.__test_attest_garbage_data()
     self.__test_attest_invalid_format()
+    self.__test_attest_invalid_reserved_byte()
 
     # Powerwash
     self.__test_kh_invalidated_by_powerwash()