github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tpm2/tpm2_test.go (about) 1 // Copyright (c) 2014, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package tpm2 16 17 import ( 18 "bytes" 19 "crypto/rsa" 20 "fmt" 21 "math/big" 22 "testing" 23 ) 24 25 // Test Endian 26 func TestEndian(t *testing.T) { 27 l := uint16(0xff12) 28 v := byte(l >> 8) 29 var s [2]byte 30 s[0] = v 31 v = byte(l & 0xff) 32 s[1] = v 33 if s[0] != 0xff || s[1] != 0x12 { 34 t.Fatal("Endian test mismatch") 35 } 36 } 37 38 // Test GetRandom 39 func TestGetRandom(t *testing.T) { 40 fmt.Printf("TestGetRandom\n") 41 42 // Open TPM 43 rw, err := OpenTPM("/dev/tpm0") 44 if err != nil { 45 fmt.Printf("OpenTPM failed %s\n", err) 46 return 47 } 48 defer rw.Close() 49 Flushall(rw) 50 51 rand, err := GetRandom(rw, 16) 52 if err != nil { 53 fmt.Printf("GetRandon Error ", err, "\n") 54 t.Fatal("GetRandom failed\n") 55 } 56 fmt.Printf("rand: %x\n", rand[0:len(rand)]) 57 } 58 59 // TestReadPcr tests a ReadPcr command. 60 func TestReadPcrs(t *testing.T) { 61 fmt.Printf("TestReadPcrs\n") 62 63 // Open TPM 64 rw, err := OpenTPM("/dev/tpm0") 65 if err != nil { 66 fmt.Printf("OpenTPM failed %s\n", err) 67 return 68 } 69 defer rw.Close() 70 Flushall(rw) 71 72 pcr := []byte{0x03, 0x80, 0x00, 0x00} 73 counter, pcr_out, alg, digest, err := ReadPcrs(rw, byte(4), pcr) 74 if err != nil { 75 t.Fatal("ReadPcrs failed\n") 76 } 77 fmt.Printf("Counter: %x, pcr: %x, alg: %x, digest: %x\n", counter, 78 pcr_out, alg, digest) 79 rw.Close() 80 } 81 82 // TestReadClock tests a ReadClock command. 83 func TestReadClock(t *testing.T) { 84 fmt.Printf("TestReadClock\n") 85 86 // Open TPM 87 rw, err := OpenTPM("/dev/tpm0") 88 if err != nil { 89 fmt.Printf("OpenTPM failed %s\n", err) 90 return 91 } 92 Flushall(rw) 93 94 current_time, current_clock, err := ReadClock(rw) 95 if err != nil { 96 t.Fatal("ReadClock failed\n") 97 } 98 fmt.Printf("current_time: %x , current_clock: %x\n", 99 current_time, current_clock) 100 rw.Close() 101 102 } 103 104 // TestGetCapabilities tests a GetCapabilities command. 105 // Command: 8001000000160000017a000000018000000000000014 106 func TestGetCapabilities(t *testing.T) { 107 108 // Open TPM 109 rw, err := OpenTPM("/dev/tpm0") 110 if err != nil { 111 fmt.Printf("OpenTPM failed %s\n", err) 112 return 113 } 114 Flushall(rw) 115 116 handles, err := GetCapabilities(rw, OrdTPM_CAP_HANDLES, 117 1, 0x80000000) 118 if err != nil { 119 t.Fatal("GetCapabilities failed\n") 120 } 121 fmt.Printf("Open handles:\n") 122 for _, e := range handles { 123 fmt.Printf(" %x\n", e) 124 } 125 rw.Close() 126 } 127 128 // Combined Key Test 129 func TestCombinedKeyTest(t *testing.T) { 130 131 // Open tpm 132 rw, err := OpenTPM("/dev/tpm0") 133 if err != nil { 134 fmt.Printf("OpenTPM failed %s\n", err) 135 return 136 } 137 138 // Flushall 139 err = Flushall(rw) 140 if err != nil { 141 t.Fatal("Flushall failed\n") 142 } 143 144 // CreatePrimary 145 var empty []byte 146 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 147 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), 148 empty, uint16(AlgTPM_ALG_AES), uint16(128), 149 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 150 uint16(0), uint16(1024), uint32(0x00010001), empty} 151 parent_handle, public_blob, err := CreatePrimary(rw, 152 uint32(OrdTPM_RH_OWNER), []int{0x7}, "", 153 "01020304", primaryparms) 154 if err != nil { 155 t.Fatal("CreatePrimary fails") 156 } 157 fmt.Printf("CreatePrimary succeeded\n") 158 159 // CreateKey 160 keyparms := RsaParams{uint16(AlgTPM_ALG_RSA), 161 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 162 uint16(AlgTPM_ALG_AES), uint16(128), 163 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 164 uint16(0), uint16(1024), uint32(0x00010001), empty} 165 private_blob, public_blob, err := CreateKey(rw, 166 uint32(parent_handle), []int{7}, "01020304", "01020304", 167 keyparms) 168 if err != nil { 169 t.Fatal("CreateKey fails") 170 } 171 fmt.Printf("CreateKey succeeded, handle: %x\n", uint32(parent_handle)) 172 173 // Load 174 key_handle, _, err := Load(rw, parent_handle, "", "01020304", 175 public_blob, private_blob) 176 if err != nil { 177 t.Fatal("Load fails") 178 } 179 fmt.Printf("Load succeeded, handle: %x\n", uint32(key_handle)) 180 181 // ReadPublic 182 _, name, _, err := ReadPublic(rw, key_handle) 183 if err != nil { 184 t.Fatal("ReadPublic fails") 185 } 186 fmt.Printf("ReadPublic succeeded, name: %x\n", name) 187 188 // Flush 189 err = FlushContext(rw, key_handle) 190 err = FlushContext(rw, parent_handle) 191 rw.Close() 192 } 193 194 // Combined Seal test 195 func TestCombinedSealTest(t *testing.T) { 196 197 // Open tpm 198 rw, err := OpenTPM("/dev/tpm0") 199 if err != nil { 200 fmt.Printf("OpenTPM failed %s\n", err) 201 return 202 } 203 204 // Flushall 205 err = Flushall(rw) 206 if err != nil { 207 t.Fatal("Flushall failed\n") 208 } 209 210 // CreatePrimary 211 var empty []byte 212 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 213 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 214 uint16(AlgTPM_ALG_AES), uint16(128), 215 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 216 uint16(0), uint16(1024), uint32(0x00010001), empty} 217 parent_handle, public_blob, err := CreatePrimary(rw, 218 uint32(OrdTPM_RH_OWNER), []int{0x7}, "", 219 "01020304", primaryparms) 220 if err != nil { 221 t.Fatal("CreatePrimary fails") 222 } 223 fmt.Printf("CreatePrimary succeeded\n") 224 225 nonceCaller := []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} 226 var secret []byte 227 sym := uint16(AlgTPM_ALG_NULL) 228 to_seal := []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 229 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10} 230 hash_alg := uint16(AlgTPM_ALG_SHA1) 231 232 session_handle, policy_digest, err := StartAuthSession(rw, 233 Handle(OrdTPM_RH_NULL), 234 Handle(OrdTPM_RH_NULL), nonceCaller, secret, 235 uint8(OrdTPM_SE_POLICY), sym, hash_alg) 236 if err != nil { 237 FlushContext(rw, parent_handle) 238 t.Fatal("StartAuthSession fails") 239 } 240 fmt.Printf("policy digest : %x\n", policy_digest) 241 242 err = PolicyPassword(rw, session_handle) 243 if err != nil { 244 FlushContext(rw, parent_handle) 245 FlushContext(rw, session_handle) 246 t.Fatal("PolicyPcr fails") 247 } 248 var tpm_digest []byte 249 err = PolicyPcr(rw, session_handle, tpm_digest, []int{7}) 250 if err != nil { 251 FlushContext(rw, parent_handle) 252 FlushContext(rw, session_handle) 253 t.Fatal("PolicyPcr fails") 254 } 255 256 policy_digest, err = PolicyGetDigest(rw, session_handle) 257 if err != nil { 258 FlushContext(rw, parent_handle) 259 FlushContext(rw, session_handle) 260 t.Fatal("PolicyGetDigest after PolicyPcr fails") 261 } 262 fmt.Printf("policy digest after PolicyPcr: %x\n", policy_digest) 263 264 // CreateSealed 265 keyedhashparms := KeyedHashParams{uint16(AlgTPM_ALG_KEYEDHASH), 266 uint16(AlgTPM_ALG_SHA1), uint32(0x00000012), empty, 267 uint16(AlgTPM_ALG_AES), uint16(128), 268 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 269 empty} 270 private_blob, public_blob, err := CreateSealed(rw, parent_handle, 271 policy_digest, "01020304", "01020304", to_seal, []int{7}, 272 keyedhashparms) 273 if err != nil { 274 FlushContext(rw, parent_handle) 275 FlushContext(rw, session_handle) 276 t.Fatal("CreateSealed fails") 277 } 278 279 // Load 280 item_handle, _, err := Load(rw, parent_handle, "", "01020304", 281 public_blob, private_blob) 282 if err != nil { 283 FlushContext(rw, session_handle) 284 FlushContext(rw, item_handle) 285 FlushContext(rw, parent_handle) 286 t.Fatal("Load fails") 287 } 288 fmt.Printf("Load succeeded\n") 289 290 // Unseal 291 unsealed, nonce, err := Unseal(rw, item_handle, "01020304", 292 session_handle, policy_digest) 293 if err != nil { 294 FlushContext(rw, item_handle) 295 FlushContext(rw, parent_handle) 296 t.Fatal("Unseal fails") 297 } 298 fmt.Printf("Unseal succeeds\n") 299 fmt.Printf("unsealed : %x\n", unsealed) 300 fmt.Printf("nonce : %x\n\n", nonce) 301 302 // Flush 303 FlushContext(rw, item_handle) 304 FlushContext(rw, parent_handle) 305 FlushContext(rw, session_handle) 306 rw.Close() 307 if bytes.Compare(to_seal, unsealed) != 0 { 308 t.Fatal("seal and unsealed bytes dont match") 309 } 310 } 311 312 func checkQ(b1 []byte, b2 []byte) bool { 313 return true; 314 } 315 316 // Combined Quote test 317 func TestCombinedQuoteTest(t *testing.T) { 318 319 // Open tpm 320 rw, err := OpenTPM("/dev/tpm0") 321 if err != nil { 322 fmt.Printf("OpenTPM failed %s\n", err) 323 return 324 } 325 326 // Flushall 327 err = Flushall(rw) 328 if err != nil { 329 t.Fatal("Flushall failed\n") 330 } 331 332 // CreatePrimary 333 var empty []byte 334 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 335 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), 336 empty, uint16(AlgTPM_ALG_AES), uint16(128), 337 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 338 uint16(0), uint16(1024), uint32(0x00010001), empty} 339 parent_handle, public_blob, err := CreatePrimary(rw, 340 uint32(OrdTPM_RH_OWNER), []int{0x7}, "", 341 "01020304", primaryparms) 342 if err != nil { 343 t.Fatal("CreatePrimary fails") 344 } 345 fmt.Printf("CreatePrimary succeeded\n") 346 347 // Pcr event 348 eventData := []byte{1, 2, 3} 349 err = PcrEvent(rw, 7, eventData) 350 if err != nil { 351 t.Fatal("PcrEvent fails") 352 } 353 354 // CreateKey (Quote Key) 355 keyparms := RsaParams{uint16(AlgTPM_ALG_RSA), 356 uint16(AlgTPM_ALG_SHA1), uint32(0x00050072), empty, 357 uint16(AlgTPM_ALG_NULL), uint16(0), 358 uint16(AlgTPM_ALG_ECB), uint16(AlgTPM_ALG_RSASSA), 359 uint16(AlgTPM_ALG_SHA1), 360 uint16(1024), uint32(0x00010001), empty} 361 362 private_blob, public_blob, err := CreateKey(rw, 363 uint32(parent_handle), []int{7}, "01020304", "01020304", 364 keyparms) 365 if err != nil { 366 t.Fatal("CreateKey fails") 367 } 368 fmt.Printf("CreateKey succeeded\n") 369 370 // Load 371 quote_handle, _, err := Load(rw, parent_handle, "", "01020304", 372 public_blob, private_blob) 373 if err != nil { 374 t.Fatal("Load fails") 375 } 376 fmt.Printf("Load succeeded, handle: %x\n", uint32(quote_handle)) 377 378 // Quote 379 to_quote := []byte{0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 380 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00} 381 attest, sig, err := Quote(rw, quote_handle, "01020304", "01020304", 382 to_quote, []int{7}, uint16(AlgTPM_ALG_NULL)) 383 if err != nil { 384 FlushContext(rw, quote_handle) 385 rw.Close() 386 t.Fatal("Quote fails") 387 } 388 fmt.Printf("attest : %x\n", attest) 389 fmt.Printf("sig : %x\n\n", sig) 390 391 // get info for verify 392 _, name, qualified_name, err := ReadPublic(rw, quote_handle) 393 if err != nil { 394 FlushContext(rw, quote_handle) 395 err = FlushContext(rw, parent_handle) 396 rw.Close() 397 t.Fatal("Quote fails") 398 } 399 400 // Flush 401 err = FlushContext(rw, quote_handle) 402 err = FlushContext(rw, parent_handle) 403 rw.Close() 404 405 // Verify quote 406 fmt.Printf("name(%x): %x\n", len(name), name) 407 fmt.Printf("qualified_name(%x): %x\n", len(qualified_name), qualified_name) 408 rsaParams, err := DecodeRsaBuf(public_blob) 409 if err != nil { 410 t.Fatal("DecodeRsaBuf fails %s", err) 411 } 412 413 var quote_key_info QuoteKeyInfoMessage 414 att := int32(rsaParams.Attributes) 415 quote_key_info.Name = name 416 quote_key_info.Properties = &att 417 quote_key_info.PublicKey = new(PublicKeyMessage) 418 key_type := "rsa" 419 quote_key_info.PublicKey.KeyType = &key_type 420 quote_key_info.PublicKey.RsaKey = new(RsaPublicKeyMessage) 421 key_name := "QuoteKey" 422 quote_key_info.PublicKey.RsaKey.KeyName = &key_name 423 sz_mod := int32(rsaParams.Mod_sz) 424 quote_key_info.PublicKey.RsaKey.BitModulusSize = &sz_mod 425 quote_key_info.PublicKey.RsaKey.Exponent = []byte{0, 1, 0, 1} 426 quote_key_info.PublicKey.RsaKey.Modulus = rsaParams.Modulus 427 if !VerifyQuote(to_quote, quote_key_info, 428 uint16(AlgTPM_ALG_SHA1), attest, sig, checkQ) { 429 t.Fatal("VerifyQuote fails") 430 } 431 fmt.Printf("VerifyQuote succeeds\n") 432 } 433 434 // Combined Endorsement/Activate test 435 func TestCombinedEndorsementTest(t *testing.T) { 436 hash_alg_id := uint16(AlgTPM_ALG_SHA1) 437 438 // Open tpm 439 rw, err := OpenTPM("/dev/tpm0") 440 if err != nil { 441 fmt.Printf("OpenTPM failed %s\n", err) 442 return 443 } 444 defer rw.Close() 445 446 // Flushall 447 err = Flushall(rw) 448 if err != nil { 449 t.Fatal("Flushall failed\n") 450 } 451 452 // CreatePrimary 453 var empty []byte 454 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 455 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 456 uint16(AlgTPM_ALG_AES), uint16(128), 457 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 458 uint16(0), uint16(2048), uint32(0x00010001), empty} 459 parent_handle, public_blob, err := CreatePrimary(rw, 460 // uint32(OrdTPM_RH_ENDORSEMENT), []int{0x7}, "", "", primaryparms) 461 uint32(OrdTPM_RH_OWNER), []int{0x7}, "", "", primaryparms) 462 if err != nil { 463 t.Fatal("CreatePrimary fails") 464 } 465 fmt.Printf("CreatePrimary succeeded\n") 466 endorseParams, err := DecodeRsaArea(public_blob) 467 if err != nil { 468 t.Fatal("DecodeRsaBuf fails", err) 469 } 470 471 // CreateKey 472 keyparms := RsaParams{uint16(AlgTPM_ALG_RSA), 473 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 474 uint16(AlgTPM_ALG_AES), uint16(128), 475 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 476 uint16(0), uint16(2048), uint32(0x00010001), empty} 477 private_blob, public_blob, err := CreateKey(rw, 478 uint32(parent_handle), 479 []int{7}, "", "01020304", keyparms) 480 if err != nil { 481 t.Fatal("CreateKey fails") 482 } 483 fmt.Printf("CreateKey succeeded\n") 484 485 // Load 486 key_handle, _, err := Load(rw, parent_handle, "", "", 487 public_blob, private_blob) 488 if err != nil { 489 t.Fatal("Load fails") 490 } 491 fmt.Printf("Load succeeded\n") 492 493 // ReadPublic 494 _, name, _, err := ReadPublic(rw, key_handle) 495 if err != nil { 496 t.Fatal("ReadPublic fails") 497 } 498 fmt.Printf("ReadPublic succeeded\n") 499 500 // Generate Credential 501 credential := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 0x10} 502 fmt.Printf("Credential: %x\n", credential) 503 504 // Internal MakeCredential 505 credBlob, encrypted_secret0, err := InternalMakeCredential(rw, 506 parent_handle, credential, name) 507 if err != nil { 508 FlushContext(rw, key_handle) 509 FlushContext(rw, parent_handle) 510 t.Fatal("Can't InternalMakeCredential\n") 511 } 512 513 // ActivateCredential 514 recovered_credential1, err := ActivateCredential(rw, 515 key_handle, parent_handle, 516 "01020304", "", credBlob, encrypted_secret0) 517 if err != nil { 518 FlushContext(rw, key_handle) 519 FlushContext(rw, parent_handle) 520 t.Fatal("Can't ActivateCredential\n") 521 } 522 if bytes.Compare(credential, recovered_credential1) != 0 { 523 FlushContext(rw, key_handle) 524 FlushContext(rw, parent_handle) 525 t.Fatal("Credential and recovered credential differ\n") 526 } 527 fmt.Printf("InternalMake/Activate test succeeds\n\n") 528 529 protectorPublic := new(rsa.PublicKey) 530 protectorPublic.E = 0x00010001 531 M := new(big.Int) 532 M.SetBytes(endorseParams.Modulus) 533 protectorPublic.N = M 534 535 // MakeCredential 536 encrypted_secret, encIdentity, integrityHmac, err := MakeCredential( 537 protectorPublic, hash_alg_id, credential, name) 538 if err != nil { 539 FlushContext(rw, key_handle) 540 FlushContext(rw, parent_handle) 541 t.Fatal("Can't MakeCredential\n") 542 } 543 544 // ActivateCredential 545 recovered_credential2, err := ActivateCredential(rw, 546 key_handle, parent_handle, "01020304", "", 547 append(integrityHmac, encIdentity...), encrypted_secret) 548 if err != nil { 549 FlushContext(rw, key_handle) 550 FlushContext(rw, parent_handle) 551 t.Fatal("Can't ActivateCredential\n") 552 } 553 if bytes.Compare(credential, recovered_credential2) != 0 { 554 FlushContext(rw, key_handle) 555 FlushContext(rw, parent_handle) 556 t.Fatal("Credential and recovered credential differ\n") 557 } 558 fmt.Printf("Make/Activate test succeeds\n") 559 560 // Flush 561 FlushContext(rw, key_handle) 562 } 563 564 // Combined Evict test 565 func TestCombinedEvictTest(t *testing.T) { 566 fmt.Printf("TestCombinedEvictTest excluded\n") 567 return 568 569 // Open tpm 570 rw, err := OpenTPM("/dev/tpm0") 571 if err != nil { 572 fmt.Printf("OpenTPM failed %s\n", err) 573 return 574 } 575 576 // Flushall 577 err = Flushall(rw) 578 if err != nil { 579 t.Fatal("Flushall failed\n") 580 } 581 582 // CreatePrimary 583 var empty []byte 584 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 585 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 586 uint16(AlgTPM_ALG_AES), uint16(128), 587 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 588 uint16(0), uint16(1024), uint32(0x00010001), empty} 589 parent_handle, public_blob, err := CreatePrimary(rw, 590 uint32(OrdTPM_RH_OWNER), []int{0x7}, "", 591 "01020304", primaryparms) 592 if err != nil { 593 t.Fatal("CreatePrimary fails") 594 } 595 fmt.Printf("CreatePrimary succeeded\n") 596 597 // CreateKey 598 keyparms := RsaParams{uint16(AlgTPM_ALG_RSA), 599 uint16(AlgTPM_ALG_SHA1), uint32(0x00030072), empty, 600 uint16(AlgTPM_ALG_AES), uint16(128), 601 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 602 uint16(0), uint16(1024), uint32(0x00010001), empty} 603 private_blob, public_blob, err := CreateKey(rw, 604 uint32(parent_handle), 605 []int{7}, "01020304", "01020304", keyparms) 606 if err != nil { 607 t.Fatal("CreateKey fails") 608 } 609 fmt.Printf("CreateKey succeeded\n") 610 611 // Load 612 key_handle, _, err := Load(rw, parent_handle, "", "01020304", 613 public_blob, private_blob) 614 if err != nil { 615 t.Fatal("Load fails") 616 } 617 fmt.Printf("Load succeeded\n") 618 619 perm_handle := uint32(0x810003e8) 620 621 // Evict 622 err = EvictControl(rw, Handle(OrdTPM_RH_OWNER), 623 key_handle, Handle(perm_handle)) 624 if err != nil { 625 t.Fatal("EvictControl 1 fails") 626 } 627 628 // Evict 629 err = EvictControl(rw, Handle(OrdTPM_RH_OWNER), 630 Handle(perm_handle), Handle(perm_handle)) 631 if err != nil { 632 t.Fatal("EvictControl 2 fails") 633 } 634 635 // Flush 636 err = FlushContext(rw, key_handle) 637 err = FlushContext(rw, parent_handle) 638 rw.Close() 639 } 640 641 // Combined Context test 642 func TestCombinedContextTest(t *testing.T) { 643 644 // Open tpm 645 rw, err := OpenTPM("/dev/tpm0") 646 if err != nil { 647 fmt.Printf("OpenTPM failed %s\n", err) 648 return 649 } 650 defer rw.Close() 651 652 // Flushall 653 err = Flushall(rw) 654 if err != nil { 655 t.Fatal("Flushall failed\n") 656 } 657 658 pcrs := []int{7} 659 keySize := uint16(2048) 660 quotePassword := "" 661 662 // CreatePrimary 663 var empty []byte 664 primaryparms := RsaParams{uint16(AlgTPM_ALG_RSA), 665 uint16(AlgTPM_ALG_SHA1), FlagStorageDefault, 666 empty, uint16(AlgTPM_ALG_AES), uint16(128), 667 uint16(AlgTPM_ALG_CFB), uint16(AlgTPM_ALG_NULL), 668 uint16(0), keySize, uint32(0x00010001), empty} 669 rootHandle, _, err := CreatePrimary(rw, 670 uint32(OrdTPM_RH_OWNER), pcrs, "", "", primaryparms) 671 if err != nil { 672 t.Fatal("CreatePrimary failed") 673 } 674 defer FlushContext(rw, rootHandle) 675 676 // CreateKey (Quote Key) 677 keyparms := RsaParams{uint16(AlgTPM_ALG_RSA), 678 uint16(AlgTPM_ALG_SHA1), FlagSignerDefault, empty, 679 uint16(AlgTPM_ALG_NULL), uint16(0), 680 uint16(AlgTPM_ALG_ECB), uint16(AlgTPM_ALG_RSASSA), 681 uint16(AlgTPM_ALG_SHA1), keySize, uint32(0x00010001), empty} 682 quote_private, quote_public, err := CreateKey(rw, 683 uint32(rootHandle), pcrs, "", quotePassword, keyparms) 684 if err != nil { 685 t.Fatal("Can't create quote key") 686 } 687 688 // Load 689 quoteHandle, _, err := Load(rw, rootHandle, "", 690 quotePassword, quote_public, quote_private) 691 if err != nil { 692 t.Fatal("Load failed") 693 } 694 defer FlushContext(rw, quoteHandle) 695 696 // SaveContext 697 save_area, err := SaveContext(rw, quoteHandle) 698 if err != nil { 699 t.Fatal("Save Context fails") 700 } 701 FlushContext(rw, quoteHandle) 702 703 // LoadContext 704 quoteHandle, err = LoadContext(rw, save_area) 705 if err != nil { 706 t.Fatal("Load Context fails") 707 } 708 709 // FlushContext 710 defer FlushContext(rw, quoteHandle) 711 } 712 713 // Combined Nv test 714 func TestCombinedNvTest(t *testing.T) { 715 fmt.Printf("TestCombinedNvTest\n") 716 // Open tpm 717 rw, err := OpenTPM("/dev/tpm0") 718 if err != nil { 719 fmt.Printf("OpenTPM failed %s\n", err) 720 return 721 } 722 defer rw.Close() 723 724 // Flushall 725 err = Flushall(rw) 726 if err != nil { 727 t.Fatal("Flushall failed\n") 728 } 729 730 handle, err := GetNvHandle(1000) 731 if err != nil { 732 t.Fatal("Can't get nv handle") 733 } 734 fmt.Printf("nvHandle: %x\n", uint32(handle)); 735 owner := Handle(OrdTPM_RH_OWNER) 736 err = UndefineSpace(rw, owner, handle) 737 if err != nil { 738 fmt.Printf("UndefineSpace failed (ok) %s\n", err) 739 } else { 740 fmt.Printf("UndefineSpace succeeded\n") 741 } 742 dataSize := uint16(8) 743 offset := uint16(0) 744 var policy []byte // empty 745 attributes := OrdNV_COUNTER | OrdNV_AUTHWRITE | OrdNV_AUTHREAD 746 authString := "01020304" 747 err = DefineSpace(rw, owner, handle, authString, policy, 748 attributes, dataSize) 749 if err != nil { 750 t.Fatal("DefineSpace fails") 751 } else { 752 fmt.Printf("DefineSpace succeeded\n") 753 } 754 // The counter must be initialized by IncrementNv before 755 // ReadNv is called. Thus the counter is advanced by 1 756 // no matter what. 757 err = IncrementNv(rw, handle, authString) 758 if err != nil { 759 t.Fatal("IncrementNv failed ", err) 760 } 761 c1, err := ReadNv(rw, handle, authString, offset, dataSize) 762 if err != nil { 763 t.Fatal("ReadNv (2) failed %s", err) 764 } 765 fmt.Printf("Counter before second increment: %d\n", c1) 766 err = IncrementNv(rw, handle, authString) 767 if err != nil { 768 t.Fatal("IncrementNv failed ", err) 769 } 770 c2, err := ReadNv(rw, handle, authString, offset, dataSize) 771 if err != nil { 772 t.Fatal("ReadNv (3) failed %s", err) 773 } 774 fmt.Printf("Counter after increment: %d\n", c2) 775 if c2 <= c1 { 776 t.Fatal("Error: Counter did not advance") 777 } 778 // Clean up. 779 err = UndefineSpace(rw, owner, handle) 780 if err != nil { 781 fmt.Printf("UndefineSpace failed (ok) %s\n", err) 782 } else { 783 fmt.Printf("UndefineSpace succeeded\n") 784 } 785 }