From e5b0f03a6f132d57337212c3928c820d785072e0 Mon Sep 17 00:00:00 2001
From: Howard Yang <hcyang@google.com>
Date: Thu, 26 May 2022 12:29:01 +0800
Subject: cr50: Add corp format to u2f_attest

Add a format for u2fd-corp attestation to u2f_attest, and corresponding
test case in u2f_test.py

BUG=b:233147441
TEST=make buildall -j
TEST=u2f_test.py

Change-Id: I4d12345fd0531a4be091c05670215444fe38e706
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3670107
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 test/tpm_test/u2f_test.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'test/tpm_test')

diff --git a/test/tpm_test/u2f_test.py b/test/tpm_test/u2f_test.py
index a0118c7b13..a5f9e0743c 100644
--- a/test/tpm_test/u2f_test.py
+++ b/test/tpm_test/u2f_test.py
@@ -57,12 +57,20 @@ def u2f_sign(tpm, origin, user, auth, kh, msg, flag, fail=False):
         return b''
     return sig
 
-def u2f_attest(tpm, origin, user, challenge, kh, public_key, fail=False):
+def u2f_attest(tpm, origin, user, challenge, kh, public_key, corp_format=False, fail=False):
     origin = origin[:32].ljust(32, b'\0')
     user = user[:32].ljust(32, b'\0')
-    challenge = challenge[:32].ljust(32, b'\0')
-    g2f_cmd = b'\0' + origin + challenge + kh + public_key
-    cmd = user + b'\0' + len(g2f_cmd).to_bytes(1, 'big') + g2f_cmd
+    if not corp_format:
+        challenge = challenge[:32].ljust(32, b'\0')
+        g2f_cmd = b'\0' + origin + challenge + kh + public_key
+        cmd = user + b'\0' + len(g2f_cmd).to_bytes(1, 'big') + g2f_cmd
+    else:
+        challenge = challenge[:16].ljust(16, b'\0')
+        salt = b'\0' * 65
+        corp_data = challenge + public_key + salt
+        corp_cmd = corp_data + origin + kh
+        cmd = user + b'\1' + len(corp_cmd).to_bytes(1, 'big') + corp_cmd
+
     if fail==False:
         wrapped_response = tpm.command(tpm.wrap_ext_command(
                                        subcmd.U2F_ATTEST, cmd))
@@ -169,6 +177,11 @@ def u2f_test(tpm):
 
     print('U2F_ATTEST v0');
     sig_attest = u2f_attest(tpm, origin, user, auth, khv0, public_key0)
+    if tpm.debug_enabled():
+        print('sig attest = ',utils.hex_dump(sig_attest), len(sig_attest))
+
+    print('U2F_ATTEST corp');
+    sig_attest = u2f_attest(tpm, origin, user, auth, khv0, public_key0, corp_format=True)
     if tpm.debug_enabled():
         print('sig attest = ',utils.hex_dump(sig_attest), len(sig_attest))
     print('%sSUCCESS: %s' % (utils.cursor_back(), 'U2F test'))
-- 
cgit v1.2.1