firmware_Cr50U2fCommands: more U2F_ATTEST tests
This CL adds test for verifying that U2F_ATTEST doesn't sign data that
contains a wrong reserved byte or public key.
BUG=b:147097407
TEST=test_that <dut> firmware_Cr50U2fCommands
Cq-Depend: chromium:1984891
Change-Id: Id1a6012913c9e0ea8fe2c3f526c965e5deb91fae
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/autotest/+/1986230
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
diff --git a/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py b/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
index b8110dd..d43ea8d 100644
--- a/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
+++ b/server/site_tests/firmware_Cr50U2fCommands/firmware_Cr50U2fCommands.py
@@ -479,6 +479,13 @@
registration['pubKey'], USER_SECRET_1,
VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+ def __test_attest_wrong_pub_key(self):
+ registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
+
+ self.__check_attest_reg_resp(APP_ID, registration['keyHandle'],
+ 'FF' * 65, USER_SECRET_1,
+ VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+
def __test_attest_garbage_data(self):
self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP,
'ff' * U2F_ATTEST_REG_RESP_SIZE_BYTES,
@@ -497,6 +504,20 @@
self.__u2f_attest(USER_SECRET_1, 'ff', register_resp,
VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+ def __test_attest_invalid_reserved_byte(self):
+ registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
+
+ register_resp = '{}{}{}{}{}'.format(
+ '01', # unexpected reserved byte
+ APP_ID,
+ RANDOM_32, # challenge
+ registration['keyHandle'],
+ registration['pubKey'])
+
+ # Attempt to attest to valid data with invalid format.
+ self.__u2f_attest(USER_SECRET_1, U2F_ATTEST_FORMAT_REG_RESP, register_resp,
+ VENDOR_CMD_RESPONSE_NOT_ALLOWED)
+
def __test_kh_invalidated_by_powerwash(self):
registration = self.__u2f_generate(APP_ID, USER_SECRET_1, '00')
@@ -551,8 +572,10 @@
self.__test_attest_simple_padded()
self.__test_attest_wrong_user()
self.__test_attest_wrong_app_id()
+ self.__test_attest_wrong_pub_key()
self.__test_attest_garbage_data()
self.__test_attest_invalid_format()
+ self.__test_attest_invalid_reserved_byte()
# Powerwash
self.__test_kh_invalidated_by_powerwash()