Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix SKI computation in verification tests
Currently, we are computing the subject key identifier as the hash of 0x04 || pubkey.x || pubkey.y and checking that it matches what's in the cert in the go verification tests. The pubkey is also pulled from the cert and we get its byte representation through big.int::Bytes. For our purposes, this function is error-prone as it returns the absolute value of the pubkey coordinate. If the coordinate's first bit is 1 (i.e. the coordinate is negative), we would get the wrong byte representation and our hash would be incorrect. So instead of pulling the pubkey from the cert, in this PR we just pull it from the certifyKeyResponse since it's guaranteed to always have the correct pubkey representation. This should fix this flaky test failures in Caliptra.
- Loading branch information