Merge pull request #181 from Chounoki/tpm20

gh4683 · web-flow · commit eb8cc8319abf · 2025-10-31T10:26:01.000-07:00
Implement VerifyHMAC function and its tests.
diff --git a/service/biz/tpm20_utils.go b/service/biz/tpm20_utils.go
@@ -17,9 +17,11 @@ package biz
 
 import (
 	"bytes"
+	"crypto/hmac"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
+	"crypto/subtle"
 	"crypto/x509"
 	"encoding/binary"
 	"encoding/pem"
@@ -41,6 +43,10 @@ var (
 	ErrInputNil = errors.New("input cannot be nil")
 	// ErrInvalidPubKeyAttributes is returned when public key attributes are invalid.
 	ErrInvalidPubKeyAttributes = errors.New("invalid public key attributes")
+	// ErrHMACNotMatch is returned when the HMAC does not match the expected one.
+	ErrHMACNotMatch = errors.New("HMAC does not match")
+	// ErrWrongAlgo is returned when an algorithm is not as expected.
+	ErrWrongAlgo = errors.New("unexpected algorithm")
 	// ErrUnsupportedKeyTemplate is returned when the key template is unsupported.
 	ErrUnsupportedKeyTemplate = errors.New("unsupported key template")
 )
@@ -285,7 +291,40 @@ func (u *DefaultTPM20Utils) WrapHMACKeytoRSAPublicKey(rsaPub *rsa.PublicKey, hma
 
 // VerifyHMAC verifies the HMAC signature of the message.
 func (u *DefaultTPM20Utils) VerifyHMAC(message []byte, signature []byte, hmacSensitive *tpm20.TPMTSensitive) error {
-	// TODO: Implement this function.
+	if hmacSensitive == nil {
+		return fmt.Errorf("VerifyHMAC: hmacSensitive cannot be empty, %w", ErrInputNil)
+	}
+	if len(message) == 0 {
+		return fmt.Errorf("VerifyHMAC: message cannot be empty, %w", ErrInputNil)
+	}
+	if len(signature) == 0 {
+		return fmt.Errorf("VerifyHMAC: signature cannot be empty, %w", ErrInputNil)
+	}
+
+	sig, err := tpm20.Unmarshal[tpm20.TPMTSignature](signature)
+	if err != nil {
+		return fmt.Errorf("VerifyHMAC: failed to unmarshal signature, %w", err)
+	}
+	ha, err := sig.Signature.HMAC()
+	if err != nil {
+		return fmt.Errorf("VerifyHMAC: failed to get HMAC from signature, %w", err)
+	}
+	if ha.HashAlg != tpm20.TPMAlgSHA256 {
+		return fmt.Errorf("VerifyHMAC: wrong HMAC algorithm: %v (expected SHA256), %w", ha.HashAlg, ErrWrongAlgo)
+	}
+
+	bits, err := hmacSensitive.Sensitive.Bits()
+	if err != nil {
+		return fmt.Errorf("VerifyHMAC: failed to get HMAC key from hmacSensitive, %w", err)
+	}
+	// The HMAC is over SHA256(message).
+	digest := sha256.Sum256(message)
+	h := hmac.New(sha256.New, bits.Buffer)
+	h.Write(digest[:])
+	if subtle.ConstantTimeCompare(ha.Digest, h.Sum(nil)) != 1 {
+		return fmt.Errorf("VerifyHMAC: HMAC verification failed, %w", ErrHMACNotMatch)
+	}
+
 	return nil
 }
 
diff --git a/service/biz/tpm20_utils_test.go b/service/biz/tpm20_utils_test.go
@@ -1013,6 +1013,89 @@ func TestWrapHMACKeytoRSAPublicKey_Failure(t *testing.T) {
 	}
 }
 
+func TestVerifyHMAC(t *testing.T) {
+	u := &DefaultTPM20Utils{}
+	// The following test vectors are true values generated by using a TPM hardware simulator.
+	// Generation code reference: https://github.com/TrustedComputingGroup/tpm-fw-attestation-reference-code/blob/main/go/pkg/host/host.go
+	message := []byte{0xFF, 0x54, 0x43, 0x47, 0x80, 0x17, 0x00, 0x22, 0x00, 0x0B, 0xCF, 0x1E, 0xC6, 0x7A, 0xE7, 0x6A, 0x85, 0xAD, 0x78, 0xDC, 0xE2, 0x84, 0x3F, 0x9A, 0x2B, 0x37, 0x25, 0x23, 0xCA, 0x27, 0x1B, 0x09, 0xE9, 0x72, 0x24, 0x33, 0x16, 0x05, 0x35, 0x7B, 0xD0, 0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x20, 0x17, 0x06, 0x19, 0x00, 0x16, 0x36, 0x36, 0x00, 0x22, 0x00, 0x0B, 0x01, 0x01, 0x3B, 0xBF, 0x20, 0xFB, 0xAB, 0x85, 0x80, 0x0C, 0xCA, 0xB6, 0xBB, 0x6A, 0x2B, 0x07, 0xA9, 0x01, 0x52, 0x26, 0x48, 0x77, 0xD3, 0x85, 0xB4, 0x2E, 0xF0, 0x2C, 0x34, 0x70, 0xA6, 0x75, 0x00, 0x22, 0x00, 0x0B, 0xCF, 0x1E, 0xC6, 0x7A, 0xE7, 0x6A, 0x85, 0xAD, 0x78, 0xDC, 0xE2, 0x84, 0x3F, 0x9A, 0x2B, 0x37, 0x25, 0x23, 0xCA, 0x27, 0x1B, 0x09, 0xE9, 0x72, 0x24, 0x33, 0x16, 0x05, 0x35, 0x7B, 0xD0, 0xCB}
+	signature := []byte{0x00, 0x05, 0x00, 0x0B, 0x39, 0x24, 0x94, 0x25, 0x51, 0x21, 0xA8, 0x57, 0x24, 0x94, 0x7E, 0x04, 0x4D, 0xAF, 0x7A, 0x23, 0x45, 0x40, 0x2A, 0xD2, 0xDD, 0x4E, 0x4B, 0x5F, 0x63, 0x30, 0x5B, 0x34, 0xA2, 0x10, 0xAD, 0x57}
+	hmacKey := []byte{0x08, 0x99, 0x71, 0xA1, 0x94, 0xAA, 0x90, 0x6C, 0xF9, 0x0C, 0xE2, 0xEE, 0xE4, 0x3C, 0x9B, 0xD7, 0x91, 0xB4, 0x63, 0x58, 0x39, 0xED, 0xCE, 0x5A, 0xBB, 0x6E, 0x78, 0xDA, 0x1C, 0x4F, 0xE0, 0x97}
+	sensitive := &tpm20.TPMTSensitive{
+		SensitiveType: tpm20.TPMAlgKeyedHash,
+		Sensitive: tpm20.NewTPMUSensitiveComposite(tpm20.TPMAlgKeyedHash, &tpm20.TPM2BSensitiveData{
+			Buffer: hmacKey,
+		}),
+	}
+	sensitiveIncorrect := &tpm20.TPMTSensitive{
+		SensitiveType: tpm20.TPMAlgKeyedHash,
+		Sensitive: tpm20.NewTPMUSensitiveComposite(tpm20.TPMAlgKeyedHash, &tpm20.TPM2BSensitiveData{
+			Buffer: append(hmacKey[10:], hmacKey[:10]...),
+		}),
+	}
+
+	successTests := []struct {
+		name      string
+		message   []byte
+		signature []byte
+		sensitive *tpm20.TPMTSensitive
+	}{
+		{
+			name:      "HMAC Match",
+			message:   message,
+			signature: signature,
+			sensitive: sensitive,
+		},
+	}
+	for _, tc := range successTests {
+		t.Run(tc.name, func(t *testing.T) {
+			if err := u.VerifyHMAC(tc.message, tc.signature, tc.sensitive); err != nil {
+				t.Errorf("TestVerifyHMAC() returned an unexpected error %v", err)
+			}
+		})
+	}
+
+	failureTests := []struct {
+		name      string
+		message   []byte
+		signature []byte
+		sensitive *tpm20.TPMTSensitive
+		wantErr   error
+	}{
+		{
+			name:      "Nil Sensitive",
+			message:   message,
+			signature: signature,
+			wantErr:   ErrInputNil,
+		},
+		{
+			name:      "Nil Message",
+			signature: signature,
+			sensitive: sensitive,
+			wantErr:   ErrInputNil,
+		},
+		{
+			name:      "Nil Signature",
+			message:   message,
+			sensitive: sensitive,
+			wantErr:   ErrInputNil,
+		},
+		{
+			name:      "HMAC Not Match",
+			message:   message,
+			signature: signature,
+			sensitive: sensitiveIncorrect,
+			wantErr:   ErrHMACNotMatch,
+		},
+	}
+	for _, tc := range failureTests {
+		t.Run(tc.name, func(t *testing.T) {
+			if err := u.VerifyHMAC(tc.message, tc.signature, tc.sensitive); !errors.Is(err, tc.wantErr) {
+				t.Errorf("TestVerifyHMAC() failed, want error %v, got error %v", tc.wantErr, err)
+			}
+		})
+	}
+}
+
 func TestVerifyIdevidAttributes(t *testing.T) {
 	u := DefaultTPM20Utils{}
 
