Skip to content

Commit

Permalink
Resolved all outstanding nits.
Browse files Browse the repository at this point in the history
  • Loading branch information
Matthew Tsai committed Jul 13, 2022
1 parent e60193e commit 1489849
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions direct/tpm2/certify_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"crypto/sha256"
"testing"

"github.com/google/go-cmp/cmp"
"github.com/google/go-tpm/direct/helpers"
"github.com/google/go-tpm/direct/structures/tpm"
"github.com/google/go-tpm/direct/structures/tpm2b"
Expand Down Expand Up @@ -88,7 +89,7 @@ func TestCertify(t *testing.T) {
defer flushContextSigner.Execute(thetpm)

createPrimarySubject := CreatePrimary{
PrimaryHandle: tpm.RHPlatform,
PrimaryHandle: tpm.RHOwner,
InSensitive: tpm2b.SensitiveCreate{
Sensitive: tpms.SensitiveCreate{
UserAuth: tpm2b.Auth{
Expand All @@ -99,13 +100,22 @@ func TestCertify(t *testing.T) {
InPublic: public,
CreationPCR: pcrSelection,
}
unique := tpmu.PublicID{
RSA: &tpm2b.PublicKeyRSA{
Buffer: []byte("subject key"),
},
}
createPrimarySubject.InPublic.PublicArea.Unique = unique

rspSubject, err := createPrimarySubject.Execute(thetpm)
if err != nil {
t.Fatalf("Failed to create primary: %v", err)
}
flushContextSubject := FlushContext{FlushHandle: rspSubject.ObjectHandle}
defer flushContextSubject.Execute(thetpm)

originalBuffer := make([]byte, 16)

certify := Certify{
ObjectHandle: AuthHandle{
Handle: rspSubject.ObjectHandle,
Expand All @@ -118,7 +128,7 @@ func TestCertify(t *testing.T) {
Auth: PasswordAuth(Auth),
},
QualifyingData: tpm2b.Data{
Buffer: nil,
Buffer: originalBuffer,
},
InScheme: tpmt.SigScheme{
Scheme: tpm.AlgNull,
Expand All @@ -134,6 +144,7 @@ func TestCertify(t *testing.T) {
if err != nil {
t.Fatalf("Failed to marshal: %v", err)
}

attestHash := sha256.Sum256(info)
pub := rspSigner.OutPublic.PublicArea
rsaPub, err := helpers.RSAPub(pub.Parameters.RSADetail, pub.Unique.RSA)
Expand All @@ -144,4 +155,8 @@ func TestCertify(t *testing.T) {
if err := rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, attestHash[:], rspCert.Signature.Signature.RSASSA.Sig.Buffer); err != nil {
t.Errorf("Signature verification failed: %v", err)
}

if !cmp.Equal(originalBuffer, rspCert.CertifyInfo.AttestationData.ExtraData.Buffer) {
t.Errorf("Attested buffer is different from original buffer")
}
}

0 comments on commit 1489849

Please sign in to comment.