// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // This file contains common data used to test CTAP/U2F register and sign // request/responses. #ifndef DEVICE_FIDO_FIDO_TEST_DATA_H_ #define DEVICE_FIDO_FIDO_TEST_DATA_H_ #include <stdint.h> namespace device { namespace test_data { // U2F request parameters ------------------------------------------------------ // Sample U2F register request parameters used in example 6 of the CTAP spec. // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#using-the-ctap2-authenticatormakecredential-command-with-ctap1-u2f-authenticators constexpr uint8_t kChallengeParameter[] = …; // SHA256(kRelyingPartyId) constexpr uint8_t kApplicationParameter[] = …; // SHA256(kAppId) constexpr uint8_t kAlternativeApplicationParameter[] = …; constexpr char kClientDataJson[] = …; // SHA-256 hash of kClientDataJson. constexpr uint8_t kClientDataHash[] = …; constexpr uint8_t kUserId[] = …; // "allowedCredential" encoded as uint8_t array constexpr uint8_t kCredentialId[] = …; constexpr char kRelyingPartyId[] = …; constexpr char kAppId[] = …; constexpr uint8_t kU2fRegisterCommandApduWithIndividualAttestation[] = …; constexpr uint8_t kU2fRegisterCommandApdu[] = …; // kU2fBogusRegisterCommandApdu is the U2F register command generated by // |ConstructBogusU2fRegistrationCommand|. constexpr uint8_t kU2fBogusRegisterCommandApdu[] = …; // Sample U2F sign request parameters used in example 7 of the CTAP spec. // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#using-the-ctap2-authenticatormakecredential-command-with-ctap1-u2f-authenticators constexpr uint8_t kU2fSignKeyHandle[] = …; // Signed signature of above |kU2fSignKeyHandle|. constexpr uint8_t kU2fSignature[] = …; constexpr uint8_t kKeyHandleAlpha[] = …; constexpr uint8_t kKeyHandleBeta[] = …; constexpr uint8_t kKeyHandleGamma[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyAlpha[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyAlphaAndBogusChallenge[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyBeta[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyBetaAndBogusChallenge[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyGamma[] = …; constexpr uint8_t kU2fSignCommandApduWithKeyGammaAndBogusChallenge[] = …; constexpr uint8_t kU2fSignCommandApdu[] = …; constexpr uint8_t kU2fSignCommandApduWithAlternativeApplicationParameter[] = …; // Encoded U2fSign command excluding key handle length and key handle. Precise // key handle length and key handle shall be added based on different testing // scenarios. constexpr uint8_t kU2fSignCommandWithoutKeyHandle[] = …; constexpr uint8_t kU2fFakeRegisterCommand[] = …; // U2F responses --------------------------------------------------------------- constexpr uint8_t kU2fConditionNotSatisfiedApduResponse[] = …; constexpr uint8_t kU2fWrongDataApduResponse[] = …; constexpr uint8_t kU2fWrongLengthApduResponse[] = …; constexpr uint8_t kU2fKeyHandleSizeApduResponse[] = …; constexpr uint8_t kApduEncodedNoErrorRegisterResponse[] = …; constexpr uint8_t kApduEncodedNoErrorSignResponse[] = …; // U2F response blob produced by a U2F registration request used in example 6 // of the CTAP spec. // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html constexpr uint8_t kTestU2fRegisterResponse[] = …; // EC public key encoded in COSE_Key format extracted from above // |kTestU2fRegisterResponse|. constexpr uint8_t kTestECPublicKeyCOSE[] = …; // The attestation statement extracted from above |kTestU2fRegisterResponse|, a // CBOR-encoded byte array. // Diagnostic notation: // {"sig": // h'30450220324779C68F3380288A1197B6095F7A6EB9B1B1C127F66AE12A99FE8532EC23B9 // 022100E39516AC4D61EE64044D50B415A6A4D4D84BA6D895CB5AB7A1AA7D081DE341FA', // "x5c": [h'3082024A30820132A0030201020204046C8822300D06092A864886F70D01010B0 \ // 500302E312C302A0603550403132359756269636F2055324620526F6F742043412053657269 \ // 616C203435373230303633313020170D3134303830313030303030305A180F3230353030393 \ // 0343030303030305A302C312A302806035504030C2159756269636F20553246204545205365 \ // 7269616C203234393138323332343737303059301306072A8648CE3D020106082A8648CE3D0 \ // 30107034200043CCAB92CCB97287EE8E639437E21FCD6B6F165B2D5A3F3DB131D31C16B742B \ // B476D8D1E99080EB546C9BBDF556E6210FD42785899E78CC589EBE310F6CDB9FF4A33B30393 \ // 02206092B0601040182C40A020415312E332E362E312E342E312E34313438322E312E323013 \ // 060B2B0601040182E51C020101040403020430300D06092A864886F70D01010B05000382010 \ // 1009F9B052248BC4CF42CC5991FCAABAC9B651BBE5BDCDC8EF0AD2C1C1FFB36D18715D42E78 \ // B249224F92C7E6E7A05C49F0E7E4C881BF2E94F45E4A21833D7456851D0F6C145A29540C874 \ // F3092C934B43D222B8962C0F410CEF1DB75892AF116B44A96F5D35ADEA3822FC7146F600438 \ // 5BCB69B65C99E7EB6919786703C0D8CD41E8F75CCA44AA8AB725AD8E799FF3A8696A6F1B265 \ // 6E631B1E40183C08FDA53FA4A8F85A05693944AE179A1339D002D15CABD810090EC722EF5DE \ // F9965A371D415D624B68A2707CAD97BCDD1785AF97E258F33DF56A031AA0356D8E8D5EBCADC \ // 74E071636C6B110ACE5CC9B90DFEACAE640FF1BB0F1FE5DB4EFF7A95F060733F5']} constexpr uint8_t kU2fAttestationStatementCBOR[] = …; // Like kU2fAttestationStatementCBOR but in 'packed' format. constexpr uint8_t kPackedAttestationStatementCBOR[] = …; // Like kPackedAttestationStatementCBOR but certs are omitted. constexpr uint8_t kPackedAttestationStatementCBORNoCerts[] = …; // U2F response blob produced by a U2F sign request used in example 7 of the // CTAP spec. // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html#using-the-ctap2-authenticatorgetassertion-command-with-ctap1-u2f-authenticators constexpr uint8_t kTestU2fSignResponse[] = …; // Signature counter returned within the authenticator data extracted from above // |kTestU2fSignResponse|. constexpr uint8_t kTestSignatureCounter[] = …; // The authenticator data for sign responses extracted from above // |kTestU2fSignResponse|. constexpr uint8_t kTestSignAuthenticatorData[] = …; // A sample APDU encoded response to a U2F sign request that contains NO_ERROR // status but has a corrupted data. constexpr uint8_t kTestCorruptedU2fSignResponse[] = …; // CTAP requests --------------------------------------------------------------- // A MakeCredential request with no RK and no UV. constexpr uint8_t kCtapSimpleMakeCredentialRequest[] = …; constexpr uint8_t kCtapMakeCredentialRequest[] = …; constexpr uint8_t kTestComplexCtapGetAssertionRequest[] = …; constexpr uint8_t kCtapGetAssertionRequest[] = …; constexpr uint8_t kCtapSilentGetAssertionRequest[] = …; // CTAP responses -------------------------------------------------------------- // A sample well formed response to CTAP AuthenticatorGetInfo request. Cross // platform device that supports resident key, and user verification. constexpr uint8_t kTestAuthenticatorGetInfoResponse[] = …; // AuthenticatorGetInfo response with all configurations equal to that of // kTestAuthenticatorGetInfoResponse except that U2F protocol is not supported. constexpr uint8_t kTestCtap2OnlyAuthenticatorGetInfoResponse[] = …; // AuthenticatorGetInfo response with all configurations equal to that of // kTestAuthenticatorGetInfoResponse except user verification option is set to // false. constexpr uint8_t kTestGetInfoResponseWithoutUvSupport[] = …; // AuthenticatorGetInfo request with all configurations equal to that of // kTestAuthenticatorGetInfoResponse except resident key option is set to false. constexpr uint8_t kTestGetInfoResponseWithoutResidentKeySupport[] = …; // AuthenticatorGetInfo request with all configurations equal to that of // kTestAuthenticatorGetInfoResponse except platform device option is set to // true. constexpr uint8_t kTestGetInfoResponsePlatformDevice[] = …; // AuthenticatorGetInfo request with all configurations equal to that of // kTestAuthenticatorGetInfoResponse except clientPin option is set to true. constexpr uint8_t kTestGetInfoResponseWithClientPinSet[] = …; // A Sample well formed response to CTAP MakeCredential request. constexpr uint8_t kTestMakeCredentialResponse[] = …; constexpr uint8_t kTestMakeCredentialResponseWithIncorrectRpIdHash[] = …; // Credential ID to be used in a request to yield the below // kTestGetAssertionResponse. constexpr uint8_t kTestGetAssertionCredentialId[64] = …; constexpr uint8_t kTestGetAssertionResponse[] = …; // {1: {"id": h'010203', "type": "public-key"}, 2: // h'1194228DA8FDBDEEFD261BD7B6595CFD70A50D70C6407BCF013DE96D4EFB17DE010000005F', // 3: h'101112', 4: {"id": h'01020304', "name": "..."}} constexpr uint8_t kTestGetAssertionResponseWithTruncatedUTF8[] = …; // {1: {"id": h'010203', "type": "public-key"}, 2: // h'1194228DA8FDBDEEFD261BD7B6595CFD70A50D70C6407BCF013DE96D4EFB17DE010000005F', // 3: h'101112', 4: {"id": h'01020304', "name": "..."}} constexpr uint8_t kTestGetAssertionResponseWithTruncatedAndInvalidUTF8[] = …; constexpr uint8_t kTestGetAssertionResponseWithEmptyCredential[] = …; constexpr uint8_t kTestGetAssertionResponseWithIncorrectRpIdHash[] = …; // Below |kCtap2MakeCredentialCertificate|, |kCtap2MakeCredentialAuthData|, and // |kCtap2MakeCredentialSignature| leverage example 4 of the CTAP spec. // https://fidoalliance.org/specs/fido-v2.0-rd-20170927/fido-client-to-authenticator-protocol-v2.0-rd-20170927.html constexpr uint8_t kCtap2MakeCredentialCertificate[] = …; constexpr uint8_t kCtap2MakeCredentialAuthData[] = …; constexpr uint8_t kCtap2MakeCredentialSignature[] = …; constexpr uint8_t kCtap2MakeCredentialCredentialId[] = …; constexpr uint8_t kNoneAttestationResponse[] = …; constexpr uint8_t kCtap2GetAssertionAuthData[] = …; constexpr uint8_t kCtap2GetAssertionSignature[] = …; constexpr uint8_t kDeviceGetAssertionResponse[] = …; constexpr uint8_t kX962UncompressedPublicKey[] = …; } // namespace test_data } // namespace device #endif // DEVICE_FIDO_FIDO_TEST_DATA_H_
Codebase Browser
chromium