send 2B structs instead of T structs in ChallengeReq (#202)

gh4683 · web-flow · commit ec2e3f23da7d · 2026-01-13T10:18:29.000-08:00
diff --git a/service/biz/enrollz_biz.go b/service/biz/enrollz_biz.go
@@ -942,7 +942,7 @@ func EnrollSwitchWithHMACChallenge(ctx context.Context, req *EnrollSwitchWithHMA
 	for _, controlCardSelection := range req.ControlCardSelections {
 		cardID, iakPubKey, idevidPubKey, err := verifyIdentityWithHMACChallenge(ctx, controlCardSelection, req.Deps)
 		if err != nil {
-			err = fmt.Errorf("%w: failed to verify Identity with HMAC Challenge: %v", ErrVerifyIdentity, err)
+			err = fmt.Errorf("%w: failed to verify Identity with HMAC Challenge for control card %s: %v", ErrVerifyIdentity, prototext.Format(controlCardSelection), err)
 			log.ErrorContext(ctx, err)
 			return err
 		}
@@ -1102,9 +1102,9 @@ func createHMACChallenge(deps TPM20Utils, fetchEKResp *FetchEKResp) (*epb.HMACCh
 	}
 
 	challengeReq := &epb.HMACChallenge{
-		HmacPubKey: tpm20.Marshal(hmacPub),
-		Duplicate:  duplicate,
-		InSymSeed:  inSymSeed,
+		HmacPubKey: tpm20.Marshal(tpm20.BytesAs2B[tpm20.TPMTPublic](tpm20.Marshal(hmacPub))),
+		Duplicate:  tpm20.Marshal(&tpm20.TPM2BPrivate{Buffer: duplicate}),
+		InSymSeed:  tpm20.Marshal(&tpm20.TPM2BEncryptedSecret{Buffer: inSymSeed}),
 	}
 
 	return challengeReq, hmacSensitive, nil

Original file line number	Diff line number	Diff line change
`@@ -942,7 +942,7 @@ func EnrollSwitchWithHMACChallenge(ctx context.Context, req *EnrollSwitchWithHMA`
`942`	`942`	`for _, controlCardSelection := range req.ControlCardSelections {`
`943`	`943`	`cardID, iakPubKey, idevidPubKey, err := verifyIdentityWithHMACChallenge(ctx, controlCardSelection, req.Deps)`
`944`	`944`	`if err != nil {`
`945`		`- err = fmt.Errorf("%w: failed to verify Identity with HMAC Challenge: %v", ErrVerifyIdentity, err)`
	`945`	`+ err = fmt.Errorf("%w: failed to verify Identity with HMAC Challenge for control card %s: %v", ErrVerifyIdentity, prototext.Format(controlCardSelection), err)`
`946`	`946`	`log.ErrorContext(ctx, err)`
`947`	`947`	`return err`
`948`	`948`	`}`
`@@ -1102,9 +1102,9 @@ func createHMACChallenge(deps TPM20Utils, fetchEKResp FetchEKResp) (epb.HMACCh`
`1102`	`1102`	`}`
`1103`	`1103`
`1104`	`1104`	`challengeReq := &epb.HMACChallenge{`
`1105`		`- HmacPubKey: tpm20.Marshal(hmacPub),`
`1106`		`- Duplicate: duplicate,`
`1107`		`- InSymSeed: inSymSeed,`
	`1105`	`+ HmacPubKey: tpm20.Marshal(tpm20.BytesAs2B[tpm20.TPMTPublic](tpm20.Marshal(hmacPub))),`
	`1106`	`+ Duplicate: tpm20.Marshal(&tpm20.TPM2BPrivate{Buffer: duplicate}),`
	`1107`	`+ InSymSeed: tpm20.Marshal(&tpm20.TPM2BEncryptedSecret{Buffer: inSymSeed}),`
`1108`	`1108`	`}`
`1109`	`1109`
`1110`	`1110`	`return challengeReq, hmacSensitive, nil`