Skip to content

Commit 95eb0d9

Browse files
ArthurHeymansArthurHeymans
committed
Fix test_certify_key_extended and test_invoke_dpe_get_profile_cmd
The CertifyKeyExtendedResp type has a huge fixed-size payload buffer (~25KB) that the mailbox truncates to the actual response size. The tests were calling read_from_bytes which requires an exact size match and failed with SizeError against the truncated slice. Copy the truncated mailbox data into a zeroed fixed-size response buffer, then use try_read_from_prefix on the inner CertifyKeyP384Resp which has its own fixed-size cert buffer larger than any real DPE response. Also update test_invoke_dpe_get_profile_cmd to expect max_tci_nodes=64 after the DPE 64-context change (backport of main commit c3fced9).
1 parent f98629e commit 95eb0d9

2 files changed

Lines changed: 18 additions & 14 deletions

File tree

runtime/tests/runtime_integration_tests/test_certify_key_extended.rs

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ use caliptra_common::mailbox_api::{
77
};
88
use caliptra_hw_model::HwModel;
99
use caliptra_runtime::{AddSubjectAltNameCmd, RtBootStatus};
10+
use core::mem::size_of;
1011
use dpe::{
1112
commands::{CertifyKeyCommand, CertifyKeyFlags, CertifyKeyP384Cmd as CertifyKeyCmd},
1213
context::ContextHandle,
@@ -15,7 +16,7 @@ use dpe::{
1516
use x509_parser::{
1617
certificate::X509Certificate, extensions::GeneralName, oid_registry::asn1_rs::FromDer,
1718
};
18-
use zerocopy::{FromBytes, IntoBytes, TryFromBytes};
19+
use zerocopy::{IntoBytes, TryFromBytes};
1920

2021
use crate::common::{assert_error, run_rt_test, RuntimeTestArgs, TEST_LABEL};
2122

@@ -99,10 +100,11 @@ fn test_dmtf_other_name_extension_present() {
99100
)
100101
.unwrap()
101102
.expect("We should have received a response");
102-
let certify_key_extended_resp =
103-
CertifyKeyExtendedResp::read_from_bytes(resp.as_slice()).unwrap();
104-
let certify_key_resp =
105-
CertifyKeyP384Resp::try_read_from_bytes(&certify_key_extended_resp.certify_key_resp[..])
103+
let mut certify_key_extended_resp = CertifyKeyExtendedResp::default();
104+
assert!(resp.len() <= size_of::<CertifyKeyExtendedResp>());
105+
certify_key_extended_resp.as_mut_bytes()[..resp.len()].copy_from_slice(&resp);
106+
let (certify_key_resp, _) =
107+
CertifyKeyP384Resp::try_read_from_prefix(&certify_key_extended_resp.certify_key_resp[..])
106108
.unwrap();
107109

108110
let (_, cert) =
@@ -153,10 +155,11 @@ fn test_dmtf_other_name_extension_not_present() {
153155
)
154156
.unwrap()
155157
.expect("We should have received a response");
156-
let certify_key_extended_resp =
157-
CertifyKeyExtendedResp::read_from_bytes(resp.as_slice()).unwrap();
158-
let certify_key_resp =
159-
CertifyKeyP384Resp::try_read_from_bytes(&certify_key_extended_resp.certify_key_resp[..])
158+
let mut certify_key_extended_resp = CertifyKeyExtendedResp::default();
159+
assert!(resp.len() <= size_of::<CertifyKeyExtendedResp>());
160+
certify_key_extended_resp.as_mut_bytes()[..resp.len()].copy_from_slice(&resp);
161+
let (certify_key_resp, _) =
162+
CertifyKeyP384Resp::try_read_from_prefix(&certify_key_extended_resp.certify_key_resp[..])
160163
.unwrap();
161164
let (_, cert) =
162165
X509Certificate::from_der(&certify_key_resp.cert[..certify_key_resp.cert_size as usize])
@@ -198,10 +201,11 @@ fn test_dmtf_other_name_extension_not_present() {
198201
)
199202
.unwrap()
200203
.expect("We should have received a response");
201-
let certify_key_extended_resp =
202-
CertifyKeyExtendedResp::read_from_bytes(resp.as_slice()).unwrap();
203-
let certify_key_resp =
204-
CertifyKeyP384Resp::try_read_from_bytes(&certify_key_extended_resp.certify_key_resp[..])
204+
let mut certify_key_extended_resp = CertifyKeyExtendedResp::default();
205+
assert!(resp.len() <= size_of::<CertifyKeyExtendedResp>());
206+
certify_key_extended_resp.as_mut_bytes()[..resp.len()].copy_from_slice(&resp);
207+
let (certify_key_resp, _) =
208+
CertifyKeyP384Resp::try_read_from_prefix(&certify_key_extended_resp.certify_key_resp[..])
205209
.unwrap();
206210
let (_, cert) =
207211
X509Certificate::from_der(&certify_key_resp.cert[..certify_key_resp.cert_size as usize])

runtime/tests/runtime_integration_tests/test_invoke_dpe.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ fn test_invoke_dpe_get_profile_cmd() {
5555
assert_eq!(profile.vendor_id, VENDOR_ID);
5656
assert_eq!(profile.vendor_sku, VENDOR_SKU);
5757
assert_eq!(profile.flags, DPE_SUPPORT.bits());
58-
assert_eq!(profile.max_tci_nodes, 32);
58+
assert_eq!(profile.max_tci_nodes, 64);
5959
}
6060

6161
#[test]

0 commit comments

Comments
 (0)