github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/tpm2_tao_test.go (about) 1 // Copyright (c) 2014-2016, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package tao 16 17 import ( 18 "bytes" 19 "fmt" 20 "os" 21 "runtime" 22 "testing" 23 "time" 24 25 "github.com/jlmucb/cloudproxy/go/tao/auth" 26 "github.com/jlmucb/cloudproxy/go/tpm2" 27 ) 28 29 // cleanUpTPM2Tao runs the finalizer for TPMTao early then unsets it so it 30 // doesn't run later. Normal code will only create one instance of TPM2Tao, so 31 // the finalizer will work correctly. But this test code creates multiple such 32 // instances, so it needs to call the finalizer early. 33 func cleanUpTPM2Tao(tt *TPM2Tao) { 34 FinalizeTPM2Tao(tt) 35 runtime.SetFinalizer(tt, nil) 36 } 37 38 var testDir string = "../tpm2/tmptest" 39 var quoteServerRunning bool = false 40 41 func TPM2Setup() { 42 if !quoteServerRunning { 43 os.Mkdir(testDir, 777) 44 // Setup testing env 45 us := "US" 46 org := "Google" 47 details := X509Details{ 48 Country: &us, 49 Organization: &org, 50 OrganizationalUnit: &org, 51 CommonName: &org, 52 } 53 go HandleQuote("tcp", "127.0.0.1:8121", "xxx", testDir, details) 54 time.Sleep(1) 55 HandleEndorsement(2048, "endorsement_key", testDir+"/endorsement_cert", 56 "", "", "xxx", testDir, true) 57 } 58 quoteServerRunning = true 59 } 60 61 func TestEncode(t *testing.T) { 62 b1 := []byte{1, 2, 3} 63 b2 := []byte{4, 5, 6} 64 cb := EncodeTwoBytes(b1, b2) 65 fmt.Printf("combined: %x\n", cb) 66 c1, c2 := DecodeTwoBytes(cb) 67 fmt.Printf("seperated: %x, %x\n", c1, c2) 68 } 69 70 func TestTPM2Tao(t *testing.T) { 71 TPM2Setup() 72 // Set up a TPM2 Tao that seals and attests against PCRs 17 and 18. 73 tt, err := NewTPM2Tao("/dev/tpm0", testDir, []int{17, 18}) 74 if err != nil { 75 t.Skip("Couldn't create a new TPM2 Tao:", err) 76 } 77 tpmtao, ok := tt.(*TPM2Tao) 78 if !ok { 79 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 80 } 81 cleanUpTPM2Tao(tpmtao) 82 } 83 84 func TestTPM2TaoSeal(t *testing.T) { 85 TPM2Setup() 86 tpmtao, err := NewTPM2Tao("/dev/tpm0", testDir, []int{17, 18}) 87 if err != nil { 88 t.Skip("Couldn't create a new TPM2 Tao:", err) 89 } 90 tt, ok := tpmtao.(*TPM2Tao) 91 if !ok { 92 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 93 } 94 defer cleanUpTPM2Tao(tt) 95 96 data := []byte(`test data to seal`) 97 sealed, err := tpmtao.Seal(data, SealPolicyDefault) 98 if err != nil { 99 t.Fatal("Couldn't seal data in the TPM2 Tao:", err) 100 } 101 fmt.Printf("sealed: %x\n", sealed) 102 103 // Fix this hack 104 // tpmtao.(*TPM2Tao).TmpRm() 105 106 unsealed, policy, err := tpmtao.Unseal(sealed) 107 if err != nil { 108 t.Fatal("Couldn't unseal data sealed by the TPM2 Tao:", err) 109 } 110 111 if policy != SealPolicyDefault { 112 t.Fatal("Got the wrong policy back from TPM2Tao.Unseal") 113 } 114 115 if !bytes.Equal(unsealed, data) { 116 t.Fatal("The data returned from TPM2Tao.Unseal didn't match the original data") 117 } 118 } 119 120 func TestTPM2TaoLargeSeal(t *testing.T) { 121 TPM2Setup() 122 tpmtao, err := NewTPM2Tao("/dev/tpm0", "../tpm2//tmptest", []int{17, 18}) 123 if err != nil { 124 t.Skip("Couldn't create a new TPM2 Tao:", err) 125 } 126 tt, ok := tpmtao.(*TPM2Tao) 127 if !ok { 128 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 129 } 130 defer cleanUpTPM2Tao(tt) 131 132 data := make([]byte, 10000) 133 sealed, err := tpmtao.Seal(data, SealPolicyDefault) 134 if err != nil { 135 t.Fatal("Couldn't seal data in the TPM2 Tao:", err) 136 } 137 138 unsealed, policy, err := tpmtao.Unseal(sealed) 139 if err != nil { 140 t.Fatal("Couldn't unseal data sealed by the TPM2 Tao:", err) 141 } 142 143 if policy != SealPolicyDefault { 144 t.Fatal("Got the wrong policy back from TPM2Tao.Unseal") 145 } 146 147 if !bytes.Equal(unsealed, data) { 148 t.Fatal("The data returned from TPM2Tao.Unseal didn't match the original data") 149 } 150 } 151 152 func TestTPM2TaoAttest(t *testing.T) { 153 TPM2Setup() 154 // Fix 155 hash_alg_id := uint16(tpm2.AlgTPM_ALG_SHA1) 156 157 tpmtao, err := NewTPM2Tao("/dev/tpm0", testDir, []int{17, 18}) 158 if err != nil { 159 t.Skip("Couldn't create a new TPM2 Tao:", err) 160 } 161 tt, ok := tpmtao.(*TPM2Tao) 162 if !ok { 163 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 164 } 165 defer cleanUpTPM2Tao(tt) 166 167 // Set up a fake key delegation. 168 taoname, err := tpmtao.GetTaoName() 169 if err != nil { 170 t.Fatal("Couldn't get the name of the tao:", err) 171 } 172 stmt := auth.Speaksfor{ 173 Delegate: auth.NewKeyPrin([]byte(`FakeKeyBytes`)), 174 Delegator: taoname, 175 } 176 177 // Let the TPMTao set up the issuer and time and expiration. 178 a, err := tpmtao.Attest(nil, nil, nil, stmt) 179 if err != nil { 180 t.Fatal("Couldn't attest to a key delegation:", err) 181 } 182 183 digests, err := ReadTPM2PCRs(tt.rw, []int{17, 18}) 184 if err != nil { 185 t.Fatal("ReadPcrs failed\n") 186 } 187 var allDigests []byte 188 for i := 0; i < len(digests); i++ { 189 allDigests = append(allDigests, digests[i]...) 190 } 191 computedDigest, err := tpm2.ComputeHashValue(hash_alg_id, allDigests) 192 if err != nil { 193 t.Fatal("Can't compute combined quote digest") 194 } 195 fmt.Printf("Pcr combined digest: %x\n", computedDigest) 196 197 pms, err := tpm2.UnmarshalCertifyInfo(a.Tpm2QuoteStructure) 198 if err != nil { 199 fmt.Printf("a.Tpm2QuoteStructure: %x\n", a.Tpm2QuoteStructure) 200 t.Fatal("Can't unmarshal quote structure\n") 201 } 202 tpm2.PrintAttestData(pms) 203 quoteHandle, err := tt.loadQuoteContext() 204 if err != nil { 205 } 206 defer tpm2.FlushContext(tt.rw, quoteHandle) 207 key, _ := tt.GetRsaTPMKey(quoteHandle) 208 ok, err = tpm2.VerifyTpm2Quote(a.SerializedStatement, tt.GetPcrNums(), 209 computedDigest, a.Tpm2QuoteStructure, a.Signature, key) 210 if err != nil { 211 t.Fatal("VerifyQuote error") 212 } 213 if !ok { 214 t.Fatal("VerifyQuote succeeds") 215 } 216 } 217 218 func TestTPM2TaoGetCounter(t *testing.T) { 219 TPM2Setup() 220 fmt.Printf("TestTPM2TaoGetCounter") 221 tpmtao, err := NewTPM2Tao("/dev/tpm0", testDir, []int{17, 18}) 222 if err != nil { 223 t.Skip("Couldn't create a new TPM2 Tao:", err) 224 } 225 tt, ok := tpmtao.(*TPM2Tao) 226 if !ok { 227 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 228 } 229 defer cleanUpTPM2Tao(tt) 230 231 c, err := tpmtao.GetCounter("TestSealCounterLabel") 232 if err != nil { 233 t.Fatal("Couldn't GetCounter from TPM2 Tao:", err) 234 } 235 fmt.Printf("TestTPM2TaoGetCounter: %d\n", c) 236 } 237 238 func TestTPM2TaoRollbackSealUnseal(t *testing.T) { 239 TPM2Setup() 240 tpmtao, err := NewTPM2Tao("/dev/tpm0", testDir, []int{17, 18}) 241 if err != nil { 242 t.Skip("Couldn't create a new TPM2 Tao:", err) 243 } 244 tt, ok := tpmtao.(*TPM2Tao) 245 if !ok { 246 t.Fatal("Failed to create the right kind of Tao object from NewTPM2Tao") 247 } 248 defer cleanUpTPM2Tao(tt) 249 250 data := make([]byte, 10000) 251 sealed, err := tpmtao.RollbackProtectedSeal("TestSeal", data, SealPolicyDefault) 252 if err != nil { 253 t.Fatal("Couldn't RollbackProtectedSeal data in the TPM2 Tao:", err) 254 } 255 256 unsealed, policy, err := tpmtao.RollbackProtectedUnseal(sealed) 257 if err != nil { 258 t.Fatal("Couldn't RollbackProtectedUnseal data sealed by the TPM2 Tao:", err) 259 } 260 261 if policy != SealPolicyDefault { 262 t.Fatal("Got the wrong policy back from TPM2Tao.Unseal") 263 } 264 265 if !bytes.Equal(unsealed, data) { 266 t.Fatal("The data returned from TPM2Tao.Unseal didn't match the original data") 267 } 268 }