go-tpm-tools
go-tpm-tools copied to clipboard
Published
20 hours ago •
google
google
Validate max size of import blob.
trafficstars
Import blob appears to only handle sensitive data with a max of 128 bytes. See this test:
package client_test
import (
"fmt"
"io"
"strings"
"testing"
"github.com/google/go-cmp/cmp"
tpmclient "github.com/google/go-tpm-tools/client"
tpmserver "github.com/google/go-tpm-tools/server"
"github.com/google/go-tpm-tools/simulator"
)
func TestImportE2E(t *testing.T) {
sim, err := simulator.Get()
if err != nil {
t.Fatal(err)
}
defer sim.Close()
for i := 0; i < 256; i++ {
t.Run(fmt.Sprint(i), func(t *testing.T) {
testImport(t, sim, i)
})
}
}
func testImport(t *testing.T, tpmDev io.ReadWriteCloser, size int) {
ek, err := tpmclient.EndorsementKeyRSA(tpmDev)
if err != nil {
t.Fatal(err)
}
defer ek.Close()
secret := strings.Repeat("s", size)
blob, err := tpmserver.CreateImportBlob(ek.PublicKey(), []byte(secret), nil)
if err != nil {
t.Fatal(err)
}
out, err := ek.Import(blob)
if err != nil {
t.Fatalf("Import failed: size=%v, err=%v", size, err)
}
if diff := cmp.Diff(string(out), secret); diff != "" {
t.Errorf("unexpected output (-got +want): %s", diff)
}
}
At message size of 129 bytes and beyond, this test starts failing with:
Import failed: size=129, err=import failed: parameter 3, error code 0x15 : structure is the wrong size
Is that by the TPM spec or is there a something wrong with the encoding?
