From 90209997cc78eabdd2acc15fdf2458db2d3095e4 Mon Sep 17 00:00:00 2001 From: Trevor Bentley Date: Tue, 26 Sep 2017 16:05:39 +0200 Subject: [PATCH] Unit test for ykpiv_attest() --- lib/tests/util.c | 18 +++++++++++++++++- tool/yubico-piv-tool.c | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/tests/util.c b/lib/tests/util.c index 8b103c9..305a086 100644 --- a/lib/tests/util.c +++ b/lib/tests/util.c @@ -404,6 +404,14 @@ START_TEST(test_import_key) { ck_assert_int_eq(memcmp(secret, secret2, sizeof(secret)), 0); X509_free(cert); } + + // Verify that imported key can not be attested + { + unsigned char attest[2048]; + size_t attest_len = sizeof(attest); + res = ykpiv_attest(g_state, 0x9e, attest, &attest_len); + ck_assert_int_eq(res, YKPIV_GENERIC_ERROR); + } } END_TEST @@ -429,7 +437,15 @@ START_TEST(test_generate_key) { ck_assert_int_eq(res, YKPIV_OK); res = ykpiv_util_free(g_state, exp); ck_assert_int_eq(res, YKPIV_OK); - // TODO: and?? + + // Verify that imported key can be attested + { + unsigned char attest[2048]; + size_t attest_len = sizeof(attest); + res = ykpiv_attest(g_state, YKPIV_KEY_AUTHENTICATION, attest, &attest_len); + ck_assert_int_eq(res, YKPIV_OK); + ck_assert_int_gt(attest_len, 0); + } } END_TEST diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 11a9d71..37f6c2d 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -1594,7 +1594,7 @@ static bool list_readers(ykpiv_state *state) { static bool attest(ykpiv_state *state, enum enum_slot slot, enum enum_key_format key_format, const char *output_file_name) { - unsigned char data[YKPIV_OBJ_MAX_SIZE]; + unsigned char data[2048]; unsigned long len = sizeof(data); bool ret = false; X509 *x509 = NULL;