Change none attestation statement DCHECK condition

For "FIDO-U2F" attestation statement format, attestation credential data
within authenticator data is always present. However, for attestation
data received from CTAP authenticators, this may not be the case as the
WebAuthN spec defines attested credential data as optional. Change the
DCHECK conditions for none attestation statement format to execute only
when attested credential data is present.

Bug: 825455
Change-Id: Ie63f051846b67c9deaa1b6bb64de76efa49a7aa1
Reviewed-on: https://chromium-review.googlesource.com/979217Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org>
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545785}

device/fido/attestation_object.cc

@@ -33,7 +33,13 @@ void AttestationObject::EraseAttestationStatement() {
   attestation_statement_ = std::make_unique<NoneAttestationStatement>();
   authenticator_data_.DeleteDeviceAaguid();
 
+// Attested credential data is optional section within authenticator data. But
+// if present, the first 16 bytes of it represents a device AAGUID which must
+// be set to zeros for none attestation statement format.
 #if DCHECK_IS_ON()
+  if (!authenticator_data_.attested_data())
+    return;
+
   std::vector<uint8_t> auth_data = authenticator_data_.SerializeToByteArray();
   // See diagram at https://w3c.github.io/webauthn/#sctn-attestation
   constexpr size_t kAaguidOffset =

device/fido/authenticator_data.h

@@ -55,6 +55,10 @@ class COMPONENT_EXPORT(DEVICE_FIDO) AuthenticatorData {
   // authenticator data.
   std::vector<uint8_t> GetCredentialId() const;
 
+  const base::Optional<AttestedCredentialData>& attested_data() const {
+    return attested_data_;
+  }
+
  private:
   // The application parameter: a SHA-256 hash of either the RP ID or the AppID
   // associated with the credential.