Add remaining Yubikey devices to WebUSB blocklist

As requested by Yubico this change adds the rest of their Yubikey devices to the WebUSB blocklist. Bug: 818807 Change-Id: I4755ca0a2558e7efb2449e6b439c2abcc2440611 Reviewed-on: https://chromium-review.googlesource.com/949389Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/heads/master@{#540992}

Add remaining Yubikey devices to WebUSB blocklist
As requested by Yubico this change adds the rest of their Yubikey devices to the WebUSB blocklist. Bug: 818807 Change-Id: I4755ca0a2558e7efb2449e6b439c2abcc2440611 Reviewed-on: https://chromium-review.googlesource.com/949389Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/heads/master@{#540992}
19ef9b19 · Reilly Grant · Commit Bot · 14350ac7 · 19ef9b19 · 19ef9b19
Commit 19ef9b19 authored Mar 05, 2018 by Reilly Grant Committed by Commit Bot Mar 05, 2018
Showing with 29 additions and 31 deletions

chrome/browser/usb/usb_blocklist.cc chrome/browser/usb/usb_blocklist.cc +12 -18

chrome/browser/usb/usb_blocklist_unittest.cc chrome/browser/usb/usb_blocklist_unittest.cc +17 -13

No files found.
--- a/chrome/browser/usb/usb_blocklist.cc
+++ b/chrome/browser/usb/usb_blocklist.cc
@@ -57,24 +57,18 @@ bool EntryMatches(Iterator begin,

 // This list must be sorted according to CompareEntry.
 const UsbBlocklist::Entry kStaticEntries[] = {
-    // Yubikey NEO - OTP and CCID
-    {0x1050, 0x0111, kMaxVersion},
-    // Yubikey NEO - CCID only
-    {0x1050, 0x0112, kMaxVersion},
-    // Yubikey NEO - U2F and CCID
-    {0x1050, 0x0115, kMaxVersion},
-    // Yubikey NEO - OTP, U2F and CCID
-    {0x1050, 0x0116, kMaxVersion},
-    // Google Gnubby (WinUSB firmware)
-    {0x1050, 0x0211, kMaxVersion},
-    // Yubikey 4 - CCID only
-    {0x1050, 0x0404, kMaxVersion},
-    // Yubikey 4 - OTP and CCID
-    {0x1050, 0x0405, kMaxVersion},
-    // Yubikey 4 - U2F and CCID
-    {0x1050, 0x0406, kMaxVersion},
-    // Yubikey 4 - OTP, U2F and CCID
-    {0x1050, 0x0407, kMaxVersion},
+    // Yubikey devices. https://crbug.com/818807
+    {0x1050, 0x0010, kMaxVersion}, {0x1050, 0x0018, kMaxVersion},
+    {0x1050, 0x0030, kMaxVersion}, {0x1050, 0x0110, kMaxVersion},
+    {0x1050, 0x0111, kMaxVersion}, {0x1050, 0x0112, kMaxVersion},
+    {0x1050, 0x0113, kMaxVersion}, {0x1050, 0x0114, kMaxVersion},
+    {0x1050, 0x0115, kMaxVersion}, {0x1050, 0x0116, kMaxVersion},
+    {0x1050, 0x0120, kMaxVersion}, {0x1050, 0x0200, kMaxVersion},
+    {0x1050, 0x0211, kMaxVersion}, {0x1050, 0x0401, kMaxVersion},
+    {0x1050, 0x0402, kMaxVersion}, {0x1050, 0x0403, kMaxVersion},
+    {0x1050, 0x0404, kMaxVersion}, {0x1050, 0x0405, kMaxVersion},
+    {0x1050, 0x0406, kMaxVersion}, {0x1050, 0x0407, kMaxVersion},
+    {0x1050, 0x0410, kMaxVersion},
 };

 }  // namespace

--- a/chrome/browser/usb/usb_blocklist_unittest.cc
+++ b/chrome/browser/usb/usb_blocklist_unittest.cc
@@ -108,30 +108,34 @@ TEST_F(UsbBlocklistTest, StringsWithOneValidEntry) {
 }

 TEST_F(UsbBlocklistTest, StaticEntries) {
+  // Yubikey devices. https://crbug.com/818807
+  //
  // The specific versions of these devices that we want to block are unknown.
  // The device versions listed here are abitrary chosen to test that any device
  // will be matched.
-
-  // Yubikey NEO - OTP and CCID
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0010, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0018, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0030, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0110, 0x0100}));
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0111, 0x0100}));
-  // Yubikey NEO - CCID only
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0112, 0x0100}));
-  // Yubikey NEO - U2F and CCID
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0113, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0114, 0x0100}));
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0115, 0x0100}));
-  // Yubikey NEO - OTP, U2F and CCID
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0116, 0x0100}));
-  // Google Gnubby (WinUSB firmware)
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0120, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0200, 0x0100}));
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0211, 0x0100}));
-  // Yubikey 4 - CCID only
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0401, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0402, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0403, 0x0100}));
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0404, 0x0100}));
-  // Yubikey 4 - OTP and CCID
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0405, 0x0100}));
-  // Yubikey 4 - U2F and CCID
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0406, 0x0100}));
-  // Yubikey 4 - OTP, U2F and CCID
  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0407, 0x0100}));
+  EXPECT_TRUE(list().IsExcluded({0x1050, 0x0410, 0x0100}));

-  // The non-WinUSB version of the Google Gnubby firmware is not in the static
-  // list. Check that it is not matched despite a similar product ID.
-  EXPECT_FALSE(list().IsExcluded({0x1050, 0x0200, 0x0100}));
+  // Check that various devices around the Yubikey range are not blocked.
+  EXPECT_FALSE(list().IsExcluded({0x104F, 0x0200, 0x0100}));
+  EXPECT_FALSE(list().IsExcluded({0x1051, 0x0200, 0x0100}));
 }