github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/tpm_tao_test.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/tpm_tao_test.go (about)

     1  // Copyright (c) 2014, Google Inc. All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package tao
    16  
    17  import (
    18  	"bytes"
    19  	"io/ioutil"
    20  	"testing"
    21  
    22  	"github.com/jlmucb/cloudproxy/go/tao/auth"
    23  )
    24  
    25  func TestTPMTao(t *testing.T) {
    26  	aikblob, err := ioutil.ReadFile("./aikblob")
    27  	if err != nil {
    28  		t.Skip("Skipping tests, since there's no ./aikblob file")
    29  	}
    30  
    31  	// Set up a TPM Tao that seals and attests against PCRs 17 and 18 and uses
    32  	// the AIK stored in aikblob. It communicates with the TPM directly through
    33  	// /dev/tpm0.
    34  	tt, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18}, nil)
    35  	if err != nil {
    36  		t.Skip("Couldn't create a new TPM Tao:", err)
    37  	}
    38  	tpmtao, ok := tt.(*TPMTao)
    39  	if !ok {
    40  		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
    41  	}
    42  	CleanUpTPMTao(tpmtao)
    43  }
    44  
    45  func TestTPMTaoSeal(t *testing.T) {
    46  	aikblob, err := ioutil.ReadFile("./aikblob")
    47  	if err != nil {
    48  		t.Skip("Skipping tests, since there's no ./aikblob file")
    49  	}
    50  
    51  	tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18}, nil)
    52  	if err != nil {
    53  		t.Skip("Couldn't create a new TPM Tao:", err)
    54  	}
    55  	tt, ok := tpmtao.(*TPMTao)
    56  	if !ok {
    57  		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
    58  	}
    59  	defer CleanUpTPMTao(tt)
    60  
    61  	data := []byte(`test data to seal`)
    62  	sealed, err := tpmtao.Seal(data, SealPolicyDefault)
    63  	if err != nil {
    64  		t.Fatal("Couldn't seal data in the TPM Tao:", err)
    65  	}
    66  
    67  	unsealed, policy, err := tpmtao.Unseal(sealed)
    68  	if err != nil {
    69  		t.Fatal("Couldn't unseal data sealed by the TPM Tao:", err)
    70  	}
    71  
    72  	if policy != SealPolicyDefault {
    73  		t.Fatal("Got the wrong policy back from TPMTao.Unseal")
    74  	}
    75  
    76  	if !bytes.Equal(unsealed, data) {
    77  		t.Fatal("The data returned from TPMTao.Unseal didn't match the original data")
    78  	}
    79  
    80  }
    81  
    82  func TestTPMTaoLargeSeal(t *testing.T) {
    83  	aikblob, err := ioutil.ReadFile("./aikblob")
    84  	if err != nil {
    85  		t.Skip("Skipping tests, since there's no ./aikblob file")
    86  	}
    87  
    88  	tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18}, nil)
    89  	if err != nil {
    90  		t.Skip("Couldn't create a new TPM Tao:", err)
    91  	}
    92  	tt, ok := tpmtao.(*TPMTao)
    93  	if !ok {
    94  		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
    95  	}
    96  	defer CleanUpTPMTao(tt)
    97  
    98  	data := make([]byte, 10000)
    99  	sealed, err := tpmtao.Seal(data, SealPolicyDefault)
   100  	if err != nil {
   101  		t.Fatal("Couldn't seal data in the TPM Tao:", err)
   102  	}
   103  
   104  	unsealed, policy, err := tpmtao.Unseal(sealed)
   105  	if err != nil {
   106  		t.Fatal("Couldn't unseal data sealed by the TPM Tao:", err)
   107  	}
   108  
   109  	if policy != SealPolicyDefault {
   110  		t.Fatal("Got the wrong policy back from TPMTao.Unseal")
   111  	}
   112  
   113  	if !bytes.Equal(unsealed, data) {
   114  		t.Fatal("The data returned from TPMTao.Unseal didn't match the original data")
   115  	}
   116  
   117  }
   118  
   119  func TestTPMTaoAttest(t *testing.T) {
   120  	aikblob, err := ioutil.ReadFile("./aikblob")
   121  	if err != nil {
   122  		t.Skip("Skipping tests, since there's no ./aikblob file")
   123  	}
   124  
   125  	tpmtao, err := NewTPMTao("/dev/tpm0", aikblob, []int{17, 18}, nil)
   126  	if err != nil {
   127  		t.Skip("Couldn't create a new TPM Tao:", err)
   128  	}
   129  	tt, ok := tpmtao.(*TPMTao)
   130  	if !ok {
   131  		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
   132  	}
   133  	defer CleanUpTPMTao(tt)
   134  
   135  	// Set up a fake key delegation.
   136  	taoname, err := tpmtao.GetTaoName()
   137  	if err != nil {
   138  		t.Fatal("Couldn't get the name of the tao:", err)
   139  	}
   140  	stmt := auth.Speaksfor{
   141  		Delegate:  auth.NewKeyPrin([]byte(`FakeKeyBytes`)),
   142  		Delegator: taoname,
   143  	}
   144  
   145  	// Let the TPMTao set up the issuer and time and expiration.
   146  	a, err := tpmtao.Attest(nil, nil, nil, stmt)
   147  	if err != nil {
   148  		t.Fatal("Couldn't attest to a key delegation:", err)
   149  	}
   150  
   151  	says, err := a.Validate()
   152  	if err != nil {
   153  		t.Fatal("The attestation didn't pass validation:", err)
   154  	}
   155  
   156  	t.Logf("Got valid statement %s\n", says)
   157  }