testing

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 29, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package testing defines fakes and mocks for the sev-guest device and AMD-SP.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CustomVcekExtensions added in v0.2.4 

func CustomVcekExtensions(tcb kds.TCBParts, hwid [64]byte) []pkix.Extension

CustomVcekExtensions returns an array of extensions following the KDS specification for the given values.

func DefaultArk 

func DefaultArk() (*rsa.PrivateKey, error)

DefaultArk returns a new RSA key with the expected size for an ARK.

func DefaultAsk 

func DefaultAsk() (*rsa.PrivateKey, error)

DefaultAsk returns a new RSA key with the expected size for an ASK.

func DefaultVcek 

func DefaultVcek() (*ecdsa.PrivateKey, error)

DefaultVcek returns a new ECDSA key on the expected curve for a VCEK.

func DerivedKeyRequestToString added in v0.2.3 

func DerivedKeyRequestToString(req *labi.SnpDerivedKeyReqABI) string

DerivedKeyRequestToString translates a DerivedKeyReqABI into a map key string representation.

func TestRawReport added in v0.2.1 

func TestRawReport(reportData [64]byte) [labi.SnpReportRespReportSize]byte

TestRawReport creates simple raw attestation report with the given REPORT_DATA. We can't sign the report with AMD keys, and verification isn't the client's responsibility, so we keep the signature zeros. Similarly, we leave the randomly-generated fields zero.

Types

type AmdKeys 

type AmdKeys struct {
	Ark  *rsa.PrivateKey
	Ask  *rsa.PrivateKey
	Vcek *ecdsa.PrivateKey
}

AmdKeys encapsulates the key chain of ARK through ASK down to VCEK.

func DefaultAmdKeys 

func DefaultAmdKeys() (*AmdKeys, error)

DefaultAmdKeys returns a key set for ARK, ASK, and VCEK with the expected key type and size.

type AmdSigner 

type AmdSigner struct {
	Ark  *x509.Certificate
	Ask  *x509.Certificate
	Vcek *x509.Certificate
	Keys *AmdKeys
}

AmdSigner encapsulates a key and certificate chain following the format of AMD-SP's VCEK for signing attestation reports.

func DefaultCertChain 

func DefaultCertChain(productName string, creationTime time.Time) (*AmdSigner, error)

DefaultCertChain creates a test-only certificate chain for a fake attestation signer.

func (*AmdSigner) CertTableBytes 

func (s *AmdSigner) CertTableBytes() ([]byte, error)

CertTableBytes outputs the certificates in AMD's ABI format.

func (*AmdSigner) Sign 

func (s *AmdSigner) Sign(toSign []byte) (*big.Int, *big.Int, error)

Sign takes a chunk of bytes, signs it with VcekPriv, and returns the R, S pair for the signature in little endian format.

type AmdSignerBuilder 

type AmdSignerBuilder struct {
	// Keys contains the private keys that will get a certificate chain structure.
	Keys             *AmdKeys
	Product          string
	ArkCreationTime  time.Time
	AskCreationTime  time.Time
	VcekCreationTime time.Time
	ArkCustom        CertOverride
	AskCustom        CertOverride
	VcekCustom       CertOverride
	// Intermediate built certificates
	Ark  *x509.Certificate
	Ask  *x509.Certificate
	Vcek *x509.Certificate
}

AmdSignerBuilder represents toggleable configurations of the VCEK certificate chain.

func (*AmdSignerBuilder) CertChain 

func (b *AmdSignerBuilder) CertChain() (*AmdSigner, error)

CertChain creates a test-only certificate chain from the keys and configurables in b.

type CertOverride 

type CertOverride struct {
	// If 0, interpreted as Version, otherwise the ARK cert version number.
	Version            int
	SerialNumber       *big.Int
	Issuer             *pkix.Name
	Subject            *pkix.Name
	SignatureAlgorithm x509.SignatureAlgorithm
	PublicKeyAlgorithm x509.PublicKeyAlgorithm
	KeyUsage           x509.KeyUsage
	// If nil, interpreted as default, otherwise the CRLDistributionPoints for the cert.
	CRLDistributionPoints []string
	// If nil, interpreted as default list.
	Extensions []pkix.Extension
}

CertOverride encapsulates certificate aspects that can be overridden when creating a certificate chain.

type Device 

type Device struct {
	ReportDataRsp map[string]interface{}
	Keys          map[string][]byte
	Certs         []byte
	Signer        *AmdSigner
	// contains filtered or unexported fields
}

Device represents a sev-guest driver implementation with pre-programmed responses to commands.

func TcDevice 

func TcDevice(tcs []TestCase, opts *DeviceOptions) (*Device, error)

TcDevice returns a mock device populated from test cases' inputs and expected outputs.

func (*Device) Close 

func (d *Device) Close() error

Close changes the mock device's state to closed.

func (*Device) Ioctl 

func (d *Device) Ioctl(command uintptr, req interface{}) (uintptr, error)

Ioctl mocks commands with pre-specified responses for a finite number of requests.

func (*Device) Open 

func (d *Device) Open(path string) error

Open changes the mock device's state to open.

type DeviceOptions added in v0.2.4 

type DeviceOptions struct {
	Keys   map[string][]byte
	Now    time.Time
	Signer *AmdSigner
}

DeviceOptions specifies customizations for a fake sev-guest device.

type GetReportResponse 

type GetReportResponse struct {
	Resp     labi.SnpReportRespABI
	EsResult labi.EsResult
	FwErr    abi.SevFirmwareStatus
}

GetReportResponse represents a mocked response to a command request.

type Getter 

type Getter struct {
	Responses map[string][]byte
}

Getter represents a static server for request/respond url -> body contents.

func (*Getter) Get 

func (g *Getter) Get(url string) ([]byte, error)

Get returns a registered response for a given URL.

type TestCase 

type TestCase struct {
	Name        string
	Input       [64]byte
	Output      [labi.SnpReportRespReportSize]byte
	OutputProto string
	FwErr       abi.SevFirmwareStatus
	EsResult    labi.EsResult
	WantErr     error
}

TestCase represents a get_report input/output test case.

func TestCases 

func TestCases() []TestCase

TestCases returns common test cases for get_report.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.