Fix unit tests for NEO: use ECCP256 and detect attestation errors

This commit is contained in:
Trevor Bentley
2017-10-20 12:40:09 +02:00
parent 7177ceda74
commit c07355fefb
4 changed files with 26 additions and 6 deletions
+18 -3
View File
@@ -409,8 +409,15 @@ START_TEST(test_import_key) {
{
unsigned char attest[2048];
size_t attest_len = sizeof(attest);
ykpiv_devmodel model;
model = ykpiv_util_devicemodel(g_state);
res = ykpiv_attest(g_state, 0x9e, attest, &attest_len);
ck_assert_int_eq(res, YKPIV_GENERIC_ERROR);
if (model == DEVTYPE_YK4) {
ck_assert_int_eq(res, YKPIV_GENERIC_ERROR);
}
else {
ck_assert_int_eq(res, YKPIV_NOT_SUPPORTED);
}
}
}
END_TEST
@@ -440,11 +447,19 @@ START_TEST(test_generate_key) {
// Verify that imported key can be attested
{
ykpiv_devmodel model;
unsigned char attest[2048];
size_t attest_len = sizeof(attest);
model = ykpiv_util_devicemodel(g_state);
res = ykpiv_attest(g_state, YKPIV_KEY_AUTHENTICATION, attest, &attest_len);
ck_assert_int_eq(res, YKPIV_OK);
ck_assert_int_gt(attest_len, 0);
// Only works with YK4. NEO should error.
if (model == DEVTYPE_YK4) {
ck_assert_int_eq(res, YKPIV_OK);
ck_assert_int_gt(attest_len, 0);
}
else {
ck_assert_int_eq(res, YKPIV_NOT_SUPPORTED);
}
}
}
END_TEST
+3
View File
@@ -1346,6 +1346,9 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
return res;
}
else if(SW_SUCCESS != sw) {
if (sw == SW_ERR_NOT_SUPPORTED) {
return YKPIV_NOT_SUPPORTED;
}
return YKPIV_GENERIC_ERROR;
}
if (data[0] != 0x30) {
+3 -1
View File
@@ -61,7 +61,8 @@ extern "C"
YKPIV_PIN_LOCKED = -13,
YKPIV_ARGUMENT_ERROR = -14, //i.e. invalid input argument
YKPIV_RANGE_ERROR = -15 //i.e. value range error
YKPIV_RANGE_ERROR = -15, //i.e. value range error
YKPIV_NOT_SUPPORTED = -16
} ykpiv_rc;
typedef void* (*ykpiv_pfn_alloc)(void* alloc_data, size_t size);
@@ -217,6 +218,7 @@ extern "C"
#define SW_ERR_INCORRECT_PARAM 0x6a80
/* this is a custom sw for yubikey */
#define SW_ERR_INCORRECT_SLOT 0x6b00
#define SW_ERR_NOT_SUPPORTED 0x6d00
/* Yubico vendor specific instructions */
#define YKPIV_INS_SET_MGMKEY 0xff