tpm2test

package
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2022 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TPMFeatureOwnerHierarchy indicates that the test requires the use of the storage hierarchy. The
	// authorization value should be empty at the start of the test.
	TPMFeatureOwnerHierarchy = tpm2_testutil.TPMFeatureOwnerHierarchy

	// TPMFeatureEndorsementHierarchy indicates that the test requires the use of the endorsement hierarchy.
	// The authorization value should be empty at the start of the test.
	TPMFeatureEndorsementHierarchy = tpm2_testutil.TPMFeatureEndorsementHierarchy

	// TPMFeatureLockoutHierarchy indicates that the test requires the use of the lockout hierarchy. The
	// authorization value should be empty at the start of the test.
	TPMFeatureLockoutHierarchy = tpm2_testutil.TPMFeatureLockoutHierarchy

	// TPMFeaturePlatformHierarchy indicates that the test requires the use of the platform hierarchy. The
	// authorization value should be empty at the start of the test.
	// In order to maximize the number of tests that can run on a real TPM, this should be used
	// sparingly as the platform hierarchy should not normally be available - it may be needed in some
	// cases just to make the test fixture happy, but these tests will generally only run on a simulator.
	TPMFeaturePlatformHierarchy = tpm2_testutil.TPMFeaturePlatformHierarchy

	// TPMFeaturePCR indicates that the test requires the use of a PCR. This is only required for
	// commands that require authorization - ie, it is not required for TPM2_PCR_Read.
	// Tests that use this should only use it for PCR16 or PCR23 - defined as debug /
	// application-specific and resettable on PC-Client TPMs, and should avoid using it for any
	// other PCR.
	TPMFeaturePCR = tpm2_testutil.TPMFeaturePCR

	// TPMFeatureClear indicates that the test uses the TPM2_Clear command. This also requires either
	// TPMFeatureLockoutHierarchy or TPMFeaturePlatformHierarchy. This implies TPMFeatureNV for the
	// TPM2_Clear command.
	// In order to maximize the number of tests that are suitable for running on a real TPM, it
	// should be used sparingly.
	TPMFeatureClear = tpm2_testutil.TPMFeatureClear

	// TPMFeatureNV indicates that the test makes use of a command that may write to NV. Physical
	// TPMs may employ rate limiting on these commands.
	TPMFeatureNV = tpm2_testutil.TPMFeatureNV
)

Variables

This section is empty.

Functions

func CertifyTPM 

func CertifyTPM(tpm *tpm2.TPMContext, ekCert []byte) error

CertifyTPM certifies the TPM associated with the provided context with a EK certificate.

func CreateTestCA 

func CreateTestCA() ([]byte, crypto.PrivateKey, error)

CreateTestCA creates a snakeoil TPM manufacturer CA certificate.

func CreateTestEKCert 

func CreateTestEKCert(tpm *tpm2.TPMContext, caCert []byte, caKey crypto.PrivateKey) ([]byte, error)

CreateTestEKCert creates a snakeoil EK certificate for the TPM associated with the supplied TPMContext.

func FormatPCRValuesFromPCRProtectionProfile 

func FormatPCRValuesFromPCRProtectionProfile(profile *secboot_tpm2.PCRProtectionProfile, tpm *tpm2.TPMContext) string

FormatPCRValuesFromPCRProtectionProfile returns a formatted string of PCR values contained within the supplied PCR profile.

func MakePCREventDigest 

func MakePCREventDigest(alg tpm2.HashAlgorithmId, event string) tpm2.Digest

MakePCREventDigest creates a digest for a single PCR event by hashing the supplied string with the specified algorithm.

func MakePCRValueFromEvents 

func MakePCRValueFromEvents(alg tpm2.HashAlgorithmId, events ...string) tpm2.Digest

MakePCRValueFromEvents creates a PCR value by hashing the supplied events with the specified algorithm and then computing the PCR value that would result by extending these events.

func MockEKTemplate 

func MockEKTemplate(mock *tpm2.Public) (restore func())

MockEKTemplate overrides the tcg.EKTemplate variable, used to define the standard EK template.

func MockOpenDefaultTctiFn 

func MockOpenDefaultTctiFn(fn func() (tpm2.TCTI, error)) (restore func())

MockOpenDefaultTctiFn overrides the tcti.OpenDefault function, used to create a connection to the default TPM.

func NewPCRProfileFromCurrentValues 

func NewPCRProfileFromCurrentValues(alg tpm2.HashAlgorithmId, pcrs []int) *secboot_tpm2.PCRProtectionProfile

func NewResolvedPCRProfileFromCurrentValues 

func NewResolvedPCRProfileFromCurrentValues(c *C, tpm *tpm2.TPMContext, alg tpm2.HashAlgorithmId, pcrs []int) *secboot_tpm2.PCRProtectionProfile

func TrustCA 

func TrustCA(cert []byte) (restore func())

TrustCA adds the supplied TPM manufacturer CA certificate to the list of built-in roots.

Types

type TCTI 

type TCTI struct {
	// contains filtered or unexported fields
}

TCTI is a wrapper around tpm2_testutil.TCTI that provides a mechanism to keep the underlying connection open when Close is called.

func NewTPMConnectionFromExistingT 

func NewTPMConnectionFromExistingT(t *testing.T, tpm *secboot_tpm2.Connection, tcti *TCTI) (newTpm *secboot_tpm2.Connection, newTcti *TCTI, close func())

NewTPMConnectionFromExistingT creates a new connection and TCTI from the supplied ones. This is useful in scenarios where test fixture setup and test execution require a different connection. The returned connection uses the same underlying connection as the one supplied. The supplied source connection does not need to be closed afterwards.

func OpenTPMConnection 

func OpenTPMConnection(c *C, features tpm2_testutil.TPMFeatureFlags) (tpm *secboot_tpm2.Connection, tcti *TCTI)

OpenTPMConnection returns a new TPM connection for testing. If tpm2_testutil.TPMBackend is TPMBackendNone then the current test will be skipped. If tpm2_testutil.TPMBackend is TPMBackendMssim, the returned context will correspond to a connection to the TPM simulator on the port specified by the tpm2_testutil.MssimPort variable. If tpm2_testutil.TPMBackend is TPMBackendDevice, a TPM connection will be returned if the requested features are permitted, as defined by the tpm2_testutil.PermittedTPMFeatures variable. In this case, the connection will correspond to a connection to the Linux character device at the path specified by the tpm2_testutil.TPMDevicePath variable. If the test requires features that are not permitted, the test will be skipped.

The returned connection must be closed when it is no longer required.

func OpenTPMConnectionT 

func OpenTPMConnectionT(t *testing.T, features tpm2_testutil.TPMFeatureFlags) (tpm *secboot_tpm2.Connection, tcti *TCTI, close func())

OpenTPMConnectionT returns a new TPM connection for testing. If tpm2_testutil.TPMBackend is TPMBackendNone then the current test will be skipped. If tpm2_testutil.TPMBackend is TPMBackendMssim, the returned context will correspond to a connection to the TPM simulator on the port specified by the tpm2_testutil.MssimPort variable. If tpm2_testutil.TPMBackend is TPMBackendDevice, a TPM connection will be returned if the requested features are permitted, as defined by the tpm2_testutil.PermittedTPMFeatures variable. In this case, the connection will correspond to a connection to the Linux character device at the path specified by the tpm2_testutil.TPMDevicePath variable. If the test requires features that are not permitted, the test will be skipped.

The returned connection must be closed when it is no longer required. This can be done with the returned close callback, which will cause the test to fail if closing doesn't succeed.

func OpenTPMSimulatorConnection 

func OpenTPMSimulatorConnection(c *C) (tpm *secboot_tpm2.Connection, tcti *TCTI)

OpenTPMSimulatorConnection returns a new TPM connection to the TPM simulator on the port specified by tpm2_testutil.MssimPort. If tpm2_testutil.TPMBackend is not TPMBackendMssim then the test will be skipped.

The returned connection must be closed when it is no longer required.

func OpenTPMSimulatorConnectionT 

func OpenTPMSimulatorConnectionT(t *testing.T) (tpm *secboot_tpm2.Connection, tcti *TCTI, close func())

OpenTPMSimulatorConnectionT returns a new TPM connection to the TPM simulator on the port specified by tpm2_testutil.MssimPort. If tpm2_testutil.TPMBackend is not TPMBackendMssim then the test will be skipped.

The returned connection must be closed when it is no longer required. This can be done with the returned close callback, which will cause the test to fail if closing doesn't succeed.

func ResetTPMSimulatorT 

func ResetTPMSimulatorT(t *testing.T, tpm *secboot_tpm2.Connection, tcti *TCTI) (newTpm *secboot_tpm2.Connection, newTcti *TCTI, close func())

ResetTPMSimulatorT issues a Shutdown -> Reset -> Startup cycle of the TPM simulator and returns a newly initialized TPM connection. The supplied source connection does not need to be closed afterwards.

func WrapTCTI 

func WrapTCTI(tcti *tpm2_testutil.TCTI) *TCTI

func (*TCTI) Close 

func (t *TCTI) Close() error

Close closes the underlying connection unless SetKeepOpen has been called with keepOpen set to true, in which case, the interface is marked as closed without actually closing it.

func (*TCTI) MakeSticky 

func (t *TCTI) MakeSticky(handle tpm2.Handle, sticky bool) error

func (*TCTI) Read 

func (t *TCTI) Read(data []byte) (int, error)

func (*TCTI) SetKeepOpen 

func (t *TCTI) SetKeepOpen(keepOpen bool) error

SetKeepOpen provides a mechanism to keep the underlying connection open when Close is called. If keepOpen is true, calling Close will mark the connection as closed without actually closing it. This makes it possible to reuse the underlying connection in another secboot_tpm2.Connection.

func (*TCTI) SetLocality 

func (t *TCTI) SetLocality(locality uint8) error

func (*TCTI) Unwrap 

func (t *TCTI) Unwrap() tpm2.TCTI

func (*TCTI) Write 

func (t *TCTI) Write(data []byte) (int, error)

type TPMSimulatorTest 

type TPMSimulatorTest struct {
	tpm2_testutil.TPMSimulatorTest
	// contains filtered or unexported fields
}

TPMSimulatorTest is a base test suite for all tests that require a TPM simulator. This test suite makes use of the test fixture from go-tpm2 which restores TPM state when the connection is closed at the end of a test.

func (*TPMSimulatorTest) ReinitTPMConnectionFromExisting 

func (b *TPMSimulatorTest) ReinitTPMConnectionFromExisting(c *C)

ReinitTPMConnectionFromExisting recreates a new connection and TCTI from the existing ones. This is useful in scenarios where the fixture setup and test code should use a different connection.

func (*TPMSimulatorTest) ResetAndClearTPMSimulatorUsingPlatformHierarchy 

func (b *TPMSimulatorTest) ResetAndClearTPMSimulatorUsingPlatformHierarchy(c *C)

ResetAndClearTPMSimulatorUsingPlatformHierarchy issues a Shutdown -> Reset -> Startup cycle of the TPM simulator which ensures that the platform hierarchy is enabled, reinitializes the TPM connection, enables the TPM2_Clear command and clears the TPM using the platform hierarchy.

func (*TPMSimulatorTest) ResetTPMSimulator 

func (b *TPMSimulatorTest) ResetTPMSimulator(c *C)

ResetTPMSimulator issues a Shutdown -> Reset -> Startup cycle of the TPM simulator and reinitializes the TPM connection.

func (*TPMSimulatorTest) SetConnection 

func (b *TPMSimulatorTest) SetConnection(tpm *secboot_tpm2.Connection, tcti *TCTI)

SetConnection can be called prior to SetUpTest in order to supply a TPM connection rather than having the fixture create one.

func (*TPMSimulatorTest) SetUpTest 

func (b *TPMSimulatorTest) SetUpTest(c *C)

SetUpTest is called to set up the test fixture before each test. If SetConnection has not been called before this is called, a TPM simulator connection will be created automatically. If tpm2_testutil.TPMBackend is not TPMBackendMssim, then the test will be skipped.

If SetConnection has been called with a test provided TCTI, then a connection will be created from this.

When TearDownTest is called, the TPM simulator is reset and cleared and the connection is closed.

func (*TPMSimulatorTest) TCTI 

func (b *TPMSimulatorTest) TCTI() *TCTI

func (*TPMSimulatorTest) TPM 

func (b *TPMSimulatorTest) TPM() *secboot_tpm2.Connection

type TPMTest 

type TPMTest struct {
	tpm2_testutil.TPMTest
	// contains filtered or unexported fields
}

TPMTest is a base test suite for all tests that require a TPM and are able to execute on a real TPM or a simulator. This test suite makes use of the test fixture from go-tpm2 which restores TPM state when the connection is closed at the end of a test.

func (*TPMTest) ReinitTPMConnectionFromExisting 

func (b *TPMTest) ReinitTPMConnectionFromExisting(c *C)

ReinitTPMConnectionFromExisting recreates a new connection and TCTI from the existing ones. This is useful in scenarios where the fixture setup and test code should use a different connection.

func (*TPMTest) SetConnection 

func (b *TPMTest) SetConnection(tpm *secboot_tpm2.Connection, tcti *TCTI)

SetConnection can be called prior to SetUpTest in order to supply a TPM connection rather than having the fixture create one.

func (*TPMTest) SetUpTest 

func (b *TPMTest) SetUpTest(c *C)

SetUpTest is called to set up the test fixture before each test. If SetConnection has not been called before this is called, a TPM connection will be created automatically. In this case, the TPMFeatures member should be set prior to calling SetUpTest in order to declare the features that the test will require. If the test requires any features that are not included in tpm2_testutil.PermittedTPMFeatures, the test will be skipped. If tpm2_testutil.TPMBackend is TPMBackendNone, then the test will be skipped.

If SetConnection has been called with a test provided TCTI, then a connection will be created from this.

The TPM connection closed automatically when TearDownTest is called.

func (*TPMTest) TCTI 

func (b *TPMTest) TCTI() *TCTI

func (*TPMTest) TPM 

func (b *TPMTest) TPM() *secboot_tpm2.Connection

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.