ctap_response_unittest.cc | Explore in Territory

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <string_view>

#include "base/containers/contains.h"
#include "base/ranges/algorithm.h"
#include "components/cbor/reader.h"
#include "components/cbor/values.h"
#include "components/cbor/writer.h"
#include "device/fido/attestation_statement_formats.h"
#include "device/fido/authenticator_get_assertion_response.h"
#include "device/fido/authenticator_make_credential_response.h"
#include "device/fido/device_response_converter.h"
#include "device/fido/fido_constants.h"
#include "device/fido/fido_parsing_utils.h"
#include "device/fido/fido_test_data.h"
#include "device/fido/fido_transport_protocol.h"
#include "device/fido/fido_types.h"
#include "device/fido/opaque_attestation_statement.h"
#include "device/fido/p256_public_key.h"
#include "device/fido/public_key.h"
#include "fido_transport_protocol.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace device {

namespace {

// clang-format off
constexpr uint8_t kTestAuthenticatorGetInfoResponseWithNoVersion[] = …;

constexpr uint8_t kTestAuthenticatorGetInfoResponseWithDuplicateVersion[] = …;

constexpr uint8_t kTestAuthenticatorGetInfoResponseWithCtap2_1[] = …;

constexpr uint8_t kTestAuthenticatorGetInfoResponseOnlyCtap2_1[] = …;

constexpr uint8_t kTestAuthenticatorGetInfoResponseWithIncorrectAaguid[] = …;

// The attested credential data, excluding the public key bytes. Append
// with kTestECPublicKeyCOSE to get the complete attestation data.
constexpr uint8_t kTestAttestedCredentialDataPrefix[] = …;

// The authenticator data, excluding the attested credential data bytes. Append
// with attested credential data to get the complete authenticator data.
constexpr uint8_t kTestAuthenticatorDataPrefix[] = …;

// Components of the CBOR needed to form an authenticator object.
// Combined diagnostic notation:
// {"fmt": "fido-u2f", "attStmt": {"sig": h'30...}, "authData": h'D4C9D9...'}
constexpr uint8_t kFormatFidoU2fCBOR[] = …;

constexpr uint8_t kAttStmtCBOR[] = …;

constexpr uint8_t kAuthDataCBOR[] = …;
// clang-format on

constexpr std::array<uint8_t, kAaguidLength> kTestDeviceAaguid = …;

std::vector<uint8_t> GetTestAttestedCredentialDataBytes() { … }

std::vector<uint8_t> GetTestAuthenticatorDataBytes() { … }

std::vector<uint8_t> GetTestAttestationObjectBytes() { … }

std::vector<uint8_t> GetTestSignResponse() { … }

// Get a subset of the response for testing error handling.
std::vector<uint8_t> GetTestCorruptedSignResponse(size_t length) { … }

// Return a key handle used for GetAssertion request.
std::vector<uint8_t> GetTestCredentialRawIdBytes() { … }

// DecodeCBOR parses a CBOR structure, ignoring the first byte of |in|, which is
// assumed to be a CTAP2 status byte.
std::optional<cbor::Value> DecodeCBOR(base::span<const uint8_t> in) { … }

}  // namespace

// Leveraging example 4 of section 6.1 of the spec https://fidoalliance.org
// /specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-
// 20170927.html
TEST(CTAPResponseTest, TestReadMakeCredentialResponse) { … }

TEST(CTAPResponseTest, TestMakeCredentialNoneAttestationResponse) { … }

// Leveraging example 5 of section 6.1 of the CTAP spec.
// https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html
TEST(CTAPResponseTest, TestReadGetAssertionResponse) { … }

// Test that U2F register response is properly parsed.
TEST(CTAPResponseTest, TestParseRegisterResponseData) { … }

// These test the parsing of the U2F raw bytes of the registration response.
// Test that an EC public key serializes to CBOR properly.
TEST(CTAPResponseTest, TestSerializedPublicKey) { … }

// Test that the attestation statement cbor map is constructed properly.
TEST(CTAPResponseTest, TestParseU2fAttestationStatementCBOR) { … }

// Tests that well-formed attested credential data serializes properly.
TEST(CTAPResponseTest, TestSerializeAttestedCredentialData) { … }

// Tests that well-formed authenticator data serializes properly.
TEST(CTAPResponseTest, TestSerializeAuthenticatorData) { … }

// Tests that a U2F attestation object serializes properly.
TEST(CTAPResponseTest, TestSerializeU2fAttestationObject) { … }

// Tests that U2F authenticator data is properly serialized.
TEST(CTAPResponseTest, TestSerializeAuthenticatorDataForSign) { … }

TEST(CTAPResponseTest, TestParseSignResponseData) { … }

TEST(CTAPResponseTest, TestParseU2fSignWithNullNullKeyHandle) { … }

TEST(CTAPResponseTest, TestParseU2fSignWithNullResponse) { … }

TEST(CTAPResponseTest, TestParseU2fSignWithCTAP2Flags) { … }

TEST(CTAPResponseTest, TestParseU2fSignWithNullCorruptedCounter) { … }

TEST(CTAPResponseTest, TestParseU2fSignWithNullCorruptedSignature) { … }

TEST(CTAPResponseTest, TestReadGetInfoResponse) { … }

TEST(CTAPResponseTest, TestReadGetInfoResponseWithDuplicateVersion) { … }

TEST(CTAPResponseTest, TestReadGetInfoResponseWithCtap2_1) { … }

// Tests that an authenticator returning only the string "FIDO_2_1" is properly
// recognized as a CTAP 2.1 authenticator.
TEST(CTAPResponseTest, TestReadGetInfoResponseOnlyCtap2_1) { … }

TEST(CTAPResponseTest, TestReadGetInfoResponseWithIncorrectFormat) { … }

TEST(CTAPResponseTest, TestSerializeGetInfoResponse) { … }

TEST(CTAPResponseTest, TestSerializeMakeCredentialResponse) { … }

TEST(CTAPResponseTest, AttestationObjectResponseFields) { … }

}  // namespace device
chromium/device/fido/ctap_response_unittest.cc
