From 3094c87b0afaa4c8eb86fd7c186804a6de80efbb Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Mon, 22 Apr 2019 16:25:08 -0400
Subject: [PATCH 1/2] Test empty pinAuth in MC and GA #179

---
 tools/testing/tests/fido2.py | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/tools/testing/tests/fido2.py b/tools/testing/tests/fido2.py
index cbb4de7..fc27cfd 100644
--- a/tools/testing/tests/fido2.py
+++ b/tools/testing/tests/fido2.py
@@ -1069,9 +1069,45 @@ class FIDO2Tests(Tester):
 
         self.testReset()
 
+        with Test("Test sending zero-length pin_auth, expect PIN_NOT_SET"):
+            self.testMC(
+                "Send MC request with new pin auth",
+                cdh,
+                rp,
+                user,
+                key_params,
+                other={"pin_auth": b"", "pin_protocol": pin_protocol},
+                expectedError=CtapError.ERR.PIN_NOT_SET,
+            )
+            self.testGA(
+                "Send MC request with new pin auth",
+                rp["id"],
+                cdh,
+                other={"pin_auth": b"", "pin_protocol": pin_protocol},
+                expectedError=CtapError.ERR.PIN_NOT_SET,
+            )
+
         with Test("Setting pin code, expect SUCCESS"):
             self.client.pin_protocol.set_pin(pin1)
 
+        with Test("Test sending zero-length pin_auth, expect PIN_INVALID"):
+            self.testMC(
+                "Send MC request with new pin auth",
+                cdh,
+                rp,
+                user,
+                key_params,
+                other={"pin_auth": b"", "pin_protocol": pin_protocol},
+                expectedError=CtapError.ERR.PIN_INVALID,
+            )
+            self.testGA(
+                "Send MC request with new pin auth",
+                rp["id"],
+                cdh,
+                other={"pin_auth": b"", "pin_protocol": pin_protocol},
+                expectedError=CtapError.ERR.PIN_INVALID,
+            )
+
         self.testReset()
         with Test("Setting pin code >63 bytes, expect POLICY_VIOLATION "):
             try:

From 56d6624e4ea1ad98c99805298abf80e14c020115 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Mon, 22 Apr 2019 16:26:26 -0400
Subject: [PATCH 2/2] Test correct alg parameter #179

---
 tools/testing/tests/fido2.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/tests/fido2.py b/tools/testing/tests/fido2.py
index fc27cfd..70f0e84 100644
--- a/tools/testing/tests/fido2.py
+++ b/tools/testing/tests/fido2.py
@@ -1009,8 +1009,8 @@ class FIDO2Tests(Tester):
             key = res[1]
             assert "Is public key" and key[1] == 2
             assert "Is P256" and key[-1] == 1
-            if key[3] != -7:
-                print("WARNING: algorithm returned is not for ES256 (-7): ", key[3])
+            assert "Is ALG_ECDH_ES_HKDF_256" and key[3] == -25
+
             assert "Right key" and len(key[-3]) == 32 and isinstance(key[-3], bytes)
 
         with Test("Test setting a new pin"):