github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/linux_host_test.go (about) 1 // Copyright (c) 2014, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package tao 16 17 import ( 18 "bytes" 19 "fmt" 20 "io/ioutil" 21 "os" 22 "testing" 23 24 "github.com/jlmucb/cloudproxy/go/tao/auth" 25 ) 26 27 func testNewStackedLinuxHost() (*LinuxHost, error) { 28 tmpdir, err := ioutil.TempDir("/tmp", "test_new_stacked_linux_host") 29 if err != nil { 30 return nil, err 31 } 32 defer os.RemoveAll(tmpdir) 33 34 ft, err := NewSoftTao("", nil) 35 if err != nil { 36 return nil, err 37 } 38 39 tg := LiberalGuard 40 lh, err := NewStackedLinuxHost(tmpdir, &tg, ft, nil) 41 if err != nil { 42 return nil, err 43 } 44 45 return lh, nil 46 } 47 48 func testNewRootLinuxHost() (*LinuxHost, error) { 49 tmpdir, err := ioutil.TempDir("/tmp", "test_new_root_linux_host") 50 if err != nil { 51 return nil, err 52 } 53 defer os.RemoveAll(tmpdir) 54 55 tg := LiberalGuard 56 password := []byte("bad password") 57 lh, err := NewRootLinuxHost(tmpdir, &tg, password, nil) 58 if err != nil { 59 return nil, err 60 } 61 62 return lh, nil 63 } 64 65 func TestNewStackedLinuxHost(t *testing.T) { 66 if _, err := testNewStackedLinuxHost(); err != nil { 67 t.Fatal(err) 68 } 69 } 70 71 func TestNewRootLinuxHost(t *testing.T) { 72 if _, err := testNewRootLinuxHost(); err != nil { 73 t.Fatal(err) 74 } 75 } 76 77 func TestNewStackedLinuxHostWithTao(t *testing.T) { 78 tmpdir, err := ioutil.TempDir("", "test_new_stacked_linux_host") 79 if err != nil { 80 t.Errorf("ioutil.TempDir(\"\", \"test_new_stacked_linux_host\") = %v; want no error", err) 81 } 82 defer os.RemoveAll(tmpdir) 83 84 tc := &Config{ 85 HostType: Stacked, 86 HostChannelType: "completely fake type", 87 HostSpec: "completely fake spec", 88 HostedType: NoHostedPrograms, 89 } 90 91 st, err := NewSoftTao("", nil) 92 if err != nil { 93 t.Errorf("NewSoftTao(\"\", nil) = %v; want no error", err) 94 } 95 96 f := func(string) (Tao, error) { 97 return st, nil 98 } 99 Register("completely fake type", f) 100 101 parentTao := ParentFromConfig(*tc) 102 tg := LiberalGuard 103 if _, err = NewStackedLinuxHost(tmpdir, &tg, parentTao, nil); err != nil { 104 t.Errorf("NewStackedLinuxHost(%q, %v, %v, nil) = %v", tmpdir, tg, parentTao, nil) 105 } 106 } 107 108 // Test the methods directly instead of testing them across a channel. 109 110 var testChildLH = &LinuxHostChild{ 111 channel: nil, 112 Cmd: nil, 113 ChildSubprin: []auth.PrinExt{auth.PrinExt{Name: "TestChild"}}, 114 } 115 116 func DoTestLinuxHostHandleGetTaoName(lh *LinuxHost) error { 117 if !lh.GetTaoName(testChildLH).Identical(lh.Host.HostName().MakeSubprincipal(testChildLH.ChildSubprin)) { 118 return fmt.Errorf("Incorrect construction of Tao name") 119 } 120 121 return nil 122 } 123 124 func DoTestLinuxHostHandleGetRandomBytes(lh *LinuxHost) error { 125 b, err := lh.GetRandomBytes(testChildLH, 10) 126 if err != nil { 127 return fmt.Errorf("Failed to get random bytes from the Linux host: %s", err) 128 } 129 130 if len(b) != 10 { 131 return fmt.Errorf("Linux host returned the incorrect number of random bytes") 132 } 133 134 return nil 135 } 136 137 func DoTestLinuxHostHandleGetSharedSecret(lh *LinuxHost) error { 138 b, err := lh.GetSharedSecret(testChildLH, 10, SharedSecretPolicyDefault) 139 if err != nil { 140 return fmt.Errorf("Couldn't get a shared secret from the Linux host: %s", err) 141 } 142 143 b2, err := lh.GetSharedSecret(testChildLH, 10, SharedSecretPolicyDefault) 144 if err != nil { 145 return fmt.Errorf("Couldn't get a second shared secret from the Linux host: %s", err) 146 } 147 148 if len(b) == 0 || !bytes.Equal(b, b2) { 149 return fmt.Errorf("Invalid or inconsistent secrets returned from HandleGetSharedSecret in the Linux host") 150 } 151 152 return nil 153 } 154 155 func DoTestLinuxHostHandleSealUnseal(lh *LinuxHost) error { 156 data := []byte{1, 2, 3, 4, 5, 6, 7} 157 158 // `in` will be zeroed-out by LinuxHost.Seal(). Make a copy 159 // to compare to the result of LinuxHost.Unseal(). 160 in := make([]byte, len(data)) 161 copy(in, data) 162 163 b, err := lh.Seal(testChildLH, in, SharedSecretPolicyDefault) 164 if err != nil { 165 return fmt.Errorf("Couldn't seal the data: %s", err) 166 } 167 168 d, policy, err := lh.Unseal(testChildLH, b) 169 if err != nil { 170 return fmt.Errorf("Couldn't unseal the sealed data: %s", err) 171 } 172 173 if !bytes.Equal(d, data) { 174 return fmt.Errorf("Incorrect unsealed data: %s", d) 175 } 176 177 if policy != SharedSecretPolicyDefault { 178 return fmt.Errorf("Wrong policy returned by Unseal: %s", policy) 179 } 180 181 return nil 182 } 183 184 func DoTestLinuxHostHandleAttest(lh *LinuxHost) error { 185 stmt := auth.Pred{Name: "FakePredicate"} 186 187 a, err := lh.Attest(testChildLH, nil, nil, nil, stmt) 188 if err != nil { 189 return fmt.Errorf("Couldn't create Attestation") 190 } 191 192 if a == nil { 193 return fmt.Errorf("Returned invalid Attestation from Attest") 194 } 195 196 // TODO(tmroeder): verify this attestation. 197 return nil 198 } 199 200 func testRootLinuxHostHandleGetTaoName(t *testing.T) { 201 lh, _ := testNewRootLinuxHost() 202 if err := DoTestLinuxHostHandleGetTaoName(lh); err != nil { 203 t.Error(err) 204 } 205 } 206 207 func testRootLinuxHostHandleGetRandomBytes(t *testing.T) { 208 lh, _ := testNewRootLinuxHost() 209 if err := DoTestLinuxHostHandleGetRandomBytes(lh); err != nil { 210 t.Error(err) 211 } 212 } 213 214 func testRootLinuxHostHandleGetSharedSecret(t *testing.T) { 215 lh, _ := testNewRootLinuxHost() 216 if err := DoTestLinuxHostHandleGetSharedSecret(lh); err != nil { 217 t.Error(err) 218 } 219 } 220 221 func testRootLinuxHostHandleSealUnseal(t *testing.T) { 222 lh, _ := testNewRootLinuxHost() 223 if err := DoTestLinuxHostHandleSealUnseal(lh); err != nil { 224 t.Error(err) 225 } 226 } 227 228 func testRootLinuxHostHandleAttest(t *testing.T) { 229 lh, _ := testNewRootLinuxHost() 230 if err := DoTestLinuxHostHandleAttest(lh); err != nil { 231 t.Error(err) 232 } 233 } 234 235 func testStackedLinuxHostHandleGetTaoName(t *testing.T) { 236 lh, _ := testNewStackedLinuxHost() 237 if err := DoTestLinuxHostHandleGetTaoName(lh); err != nil { 238 t.Error(err) 239 } 240 } 241 242 func testStackedLinuxHostHandleGetRandomBytes(t *testing.T) { 243 lh, _ := testNewStackedLinuxHost() 244 if err := DoTestLinuxHostHandleGetRandomBytes(lh); err != nil { 245 t.Error(err) 246 } 247 } 248 249 func testStackedLinuxHostHandleGetSharedSecret(t *testing.T) { 250 lh, _ := testNewStackedLinuxHost() 251 if err := DoTestLinuxHostHandleGetSharedSecret(lh); err != nil { 252 t.Error(err) 253 } 254 } 255 256 func testStackedLinuxHostHandleSealUnseal(t *testing.T) { 257 lh, _ := testNewStackedLinuxHost() 258 if err := DoTestLinuxHostHandleSealUnseal(lh); err != nil { 259 t.Error(err) 260 } 261 } 262 263 func testStackedLinuxHostHandleAttest(t *testing.T) { 264 lh, _ := testNewStackedLinuxHost() 265 if err := DoTestLinuxHostHandleAttest(lh); err != nil { 266 t.Error(err) 267 } 268 }