Skip to content

Commit 6d96614

Browse files
gh4683gh4683
authored
allow ek cert to be parsed as TPMT_PUBLIC (#203)
1 parent ec2e3f2 commit 6d96614

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

service/biz/tpm20_utils.go

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -827,8 +827,18 @@ func (u *DefaultTPM20Utils) ParseTCGCSRIDevIDContent(csrBytes []byte) (*TCGCSRID
827827
}
828828
ekCert, err := certificateDerToPem(ekCertBytes)
829829
if err != nil {
830-
return nil, fmt.Errorf("failed to convert EK Cert to PEM: %w", err)
830+
pub, tpmErr := tpm20.Unmarshal[tpm20.TPMTPublic](ekCertBytes)
831+
if tpmErr != nil {
832+
return nil, fmt.Errorf("failed to parse ekCert as X509 certificate (%v) or TPMTPublic (%v)", err, tpmErr)
833+
}
834+
835+
log.Infof("Successfully parsed ekCertBytes as TPMTPublic structure. Converting to PEM.")
836+
ekCert, err = u.TPMTPublicToPEM(pub)
837+
if err != nil {
838+
return nil, fmt.Errorf("failed to convert TPMTPublic to PEM: %w", err)
839+
}
831840
}
841+
832842
result.EKCert = ekCert
833843

834844
// attestPub - Attestation Key public key (IAK)

service/biz/tpm20_utils_test.go

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -636,6 +636,23 @@ func generateCsrBytes(options CsrOptions) []byte {
636636
}
637637

638638
func TestParseTCGCSRIDevIDContent(t *testing.T) {
639+
u := DefaultTPM20Utils{}
640+
privKey, err := rsa.GenerateKey(rand.Reader, 2048)
641+
if err != nil {
642+
t.Fatalf("Failed to generate RSA key for testing: %v", err)
643+
}
644+
tpmtPub, err := u.RSAEKPublicKeyToTPMTPublic(&privKey.PublicKey)
645+
if err != nil {
646+
t.Fatalf("Failed to create TPMT Public for testing: %v", err)
647+
}
648+
tpmtPubPEM, err := u.TPMTPublicToPEM(tpmtPub)
649+
if err != nil {
650+
t.Fatalf("Failed to convert TPMT Public to PEM for testing: %v", err)
651+
}
652+
tpmtPubBytes := tpm20.Marshal(tpmtPub)
653+
654+
validCSRWithTPMTPub := *validCSR
655+
validCSRWithTPMTPub.EKCert = tpmtPubPEM
639656
// Define test cases
640657
tests := []struct {
641658
name string
@@ -736,7 +753,7 @@ func TestParseTCGCSRIDevIDContent(t *testing.T) {
736753
{
737754
name: "Invalid EK Cert",
738755
csrBytes: generateCsrBytes(CsrOptions{EKCert: []byte("invalid-ek-cert")}),
739-
expectedError: errors.New("failed to convert EK Cert to PEM"),
756+
expectedError: errors.New("failed to parse ekCert as X509 certificate"),
740757
},
741758
{
742759
name: "Invalid Attest Pub Bytes",
@@ -763,6 +780,12 @@ func TestParseTCGCSRIDevIDContent(t *testing.T) {
763780
csrBytes: generateCsrBytes(CsrOptions{AddExtraBytesToEnd: true}),
764781
expectedError: errors.New("leftover bytes in TCG_CSR_IDEVID_CONTENT block after parsing"),
765782
},
783+
{
784+
name: "Valid CSR bytes: PPK in EkCert field as TPMTPublic",
785+
csrBytes: generateCsrBytes(CsrOptions{EKCert: tpmtPubBytes}),
786+
expectedError: nil,
787+
expectedResult: &validCSRWithTPMTPub,
788+
},
766789
}
767790

768791
for _, tc := range tests {

0 commit comments

Comments
 (0)