github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/linux_host_tao_rpc_test.go (about)

     1  //  Copyright (c) 2014, Google Inc.  All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tao
    16  
    17  // This now tests a full round trip:
    18  // RPC -> protorpc -> pipe -> protorpc -> LinuxHostTaoServer -> LinuxHost
    19  // RPC <- protorpc <- pipe <- protorpc <- LinuxHostTaoServer <- LinuxHost
    20  
    21  import (
    22  	"bytes"
    23  	"fmt"
    24  	"os"
    25  	"strconv"
    26  	"testing"
    27  	"time"
    28  
    29  	"github.com/jlmucb/cloudproxy/go/tao/auth"
    30  	"github.com/jlmucb/cloudproxy/go/util"
    31  	"github.com/jlmucb/cloudproxy/go/util/protorpc"
    32  )
    33  
    34  func testNewLinuxHostTaoServer(t *testing.T) (Tao, error) {
    35  	lh, err := testNewRootLinuxHost()
    36  	if err != nil {
    37  		return nil, fmt.Errorf("Can't make root linux host: %s", err)
    38  	}
    39  
    40  	hostRead, childWrite, err := os.Pipe()
    41  	if err != nil {
    42  		return nil, fmt.Errorf("Can't make pipe: %s", err)
    43  	}
    44  
    45  	childRead, hostWrite, err := os.Pipe()
    46  	if err != nil {
    47  		childWrite.Close()
    48  		hostRead.Close()
    49  		return nil, fmt.Errorf("Can't make pipe: %s", err)
    50  	}
    51  
    52  	hostChannel := util.NewPairReadWriteCloser(hostRead, hostWrite)
    53  	childChannel := util.NewPairReadWriteCloser(childRead, childWrite)
    54  
    55  	child := &LinuxHostChild{
    56  		channel:      hostChannel,
    57  		ChildSubprin: []auth.PrinExt{auth.PrinExt{Name: "TestChild"}},
    58  		Cmd:          nil, // The Cmd field is not used in this test.
    59  	}
    60  
    61  	go NewLinuxHostTaoServer(lh, child).Serve(hostChannel)
    62  	return &RPC{protorpc.NewClient(childChannel), "Tao"}, nil
    63  }
    64  
    65  func TestLinuxHostTaoServerGetTaoName(t *testing.T) {
    66  	host, err := testNewLinuxHostTaoServer(t)
    67  	if err != nil {
    68  		t.Fatal(err)
    69  	}
    70  	prin, err := host.GetTaoName()
    71  	if err != nil {
    72  		t.Fatal("Couldn't get the Tao name from the LinuxHostTaoServer:", err)
    73  	}
    74  	if prin.String() == "" {
    75  		t.Fatal("Got bad Tao name from the LinuxHostTaoServer:", prin.String())
    76  	}
    77  }
    78  
    79  func TestLinuxHostTaoServerExtendTaoName(t *testing.T) {
    80  	host, err := testNewLinuxHostTaoServer(t)
    81  	if err != nil {
    82  		t.Fatal(err)
    83  	}
    84  	ext := auth.SubPrin{auth.PrinExt{Name: "Extension"}}
    85  	if err := host.ExtendTaoName(ext); err != nil {
    86  		t.Fatal("Couldn't extend the Tao name through LinuxHostTaoServer:", err)
    87  	}
    88  }
    89  
    90  func TestLinuxHostTaoServerGetRandomBytes(t *testing.T) {
    91  	host, err := testNewLinuxHostTaoServer(t)
    92  	if err != nil {
    93  		t.Fatal(err)
    94  	}
    95  	data, err := host.GetRandomBytes(10)
    96  	if err != nil {
    97  		t.Fatal("Couldn't get random bytes from LinuxHostTaoServer:", err)
    98  	}
    99  	if len(data) != 10 {
   100  		t.Fatal("Wrong number of bytes returned from GetRandomBytes on LinuxHostTaoServer. Expected 10 and got " + strconv.Itoa(len(data)))
   101  	}
   102  }
   103  
   104  func TestLinuxHostTaoServerSealUnseal(t *testing.T) {
   105  	host, err := testNewLinuxHostTaoServer(t)
   106  	if err != nil {
   107  		t.Fatal(err)
   108  	}
   109  	orig := []byte{1, 2, 3, 4, 5}
   110  	sealed, err := host.Seal(orig, SealPolicyDefault)
   111  	if err != nil {
   112  		t.Fatal("Couldn't seal the data using LinuxHostTaoServer:", err)
   113  	}
   114  	if len(sealed) == 0 {
   115  		t.Fatal("Invalid sealed data from LinuxHostTaoServer")
   116  	}
   117  	unsealed, policy, err := host.Unseal(sealed)
   118  	if err != nil {
   119  		t.Fatal("Couldn't unseal data sealed by LinuxHostTaoServer:", err)
   120  	}
   121  	if !bytes.Equal(unsealed, orig) {
   122  		t.Fatal("Incorrect data unsealed by Seal/Unseal on LinuxHostTaoServer")
   123  	}
   124  	if policy != SealPolicyDefault {
   125  		t.Fatal("Incorrect policy on unseal")
   126  	}
   127  }
   128  
   129  func TestLinuxHostTaoServerAttest(t *testing.T) {
   130  	host, err := testNewLinuxHostTaoServer(t)
   131  	if err != nil {
   132  		t.Fatal(err)
   133  	}
   134  	prin, err := host.GetTaoName()
   135  	if err != nil {
   136  		t.Fatal("Couldn't get the Tao name from the LinuxHostTaoServer:", err)
   137  	}
   138  
   139  	issuer := prin
   140  	commencement := time.Now().UnixNano()
   141  	expiration := time.Now().Add(24 * time.Hour).UnixNano()
   142  	message := auth.Pred{Name: "FakePredicate"}
   143  
   144  	a, err := host.Attest(&issuer, &commencement, &expiration, message)
   145  	if err != nil {
   146  		t.Fatal("Couldn't attest to data through LinuxHostTaoServer:", err)
   147  	}
   148  	if a == nil {
   149  		t.Fatal("Invalid Attestation returned by LinuxHostTaoServer")
   150  	}
   151  	// TODO(tmroeder): verify the attestation
   152  
   153  	a, err = host.Attest(nil, &commencement, &expiration, message)
   154  	if err != nil {
   155  		t.Fatal("Couldn't attest to data through LinuxHostTaoServer:", err)
   156  	}
   157  	if a == nil {
   158  		t.Fatal("Invalid Attestation returned by LinuxHostTaoServer")
   159  	}
   160  	// TODO(tmroeder): verify the attestation
   161  
   162  	a, err = host.Attest(nil, nil, nil, message)
   163  	if err != nil {
   164  		t.Fatal("Couldn't attest to data through LinuxHostTaoServer:", err)
   165  	}
   166  	if a == nil {
   167  		t.Fatal("Invalid Attestation returned by LinuxHostTaoServer")
   168  	}
   169  
   170  	// TODO(tmroeder): verify the attestation
   171  }
   172  
   173  func TestLinuxHostTaoServerInitCounter(t *testing.T) {
   174  	host, err := testNewLinuxHostTaoServer(t)
   175  	if err != nil {
   176  		t.Fatal(err)
   177  	}
   178  	err = host.InitCounter("label", int64(1))
   179  	if err != nil {
   180  		t.Fatalf("Couldn't InitCounter: %s: ", err)
   181  	}
   182  	c, err := host.GetCounter("label")
   183  	if c != int64(1) {
   184  		t.Fatal("Counter should be 1")
   185  	}
   186  }
   187  
   188  func TestLinuxHostTaoServerRollbackProtectedSeal(t *testing.T) {
   189  	host, err := testNewLinuxHostTaoServer(t)
   190  	if err != nil {
   191  		t.Fatal(err)
   192  	}
   193  	err = host.InitCounter("label", int64(1))
   194  	data := []byte{0, 1, 2, 3}
   195  	sealed, err := host.RollbackProtectedSeal("label", data, SealPolicyDefault)
   196  	if err != nil {
   197  		t.Fatal("LinuxHostTaoServer failed in RollbackProtectedSeal: ", err)
   198  	}
   199  	fmt.Printf("Sealed: %x\n", sealed)
   200  	newData, policy, err := host.RollbackProtectedUnseal(sealed)
   201  	if err != nil {
   202  		t.Fatal("LinuxHostTaoServer failed in RollbackProtectedUnseal: ", err)
   203  	}
   204  	_, err = host.RollbackProtectedSeal("label", data, SealPolicyDefault)
   205  	if err != nil {
   206  		t.Fatal("LinuxHostTaoServer failed in RollbackProtectedSeal (2): ", err)
   207  	}
   208  	// This should fail because sealed has old counter.
   209  	_, policy, err = host.RollbackProtectedUnseal(sealed)
   210  	if err == nil {
   211  		t.Fatal("LinuxHostTaoServer succeeded in RollbackProtectedUnseal and it shouldn't.")
   212  	}
   213  	fmt.Printf("Data: %x, policy: %s\n", newData, policy)
   214  }