From 0a5a5f06566c2eea34b637cb16fb9d7e4759ecce Mon Sep 17 00:00:00 2001 From: Tom D <40675700+twitchy-jsonp@users.noreply.github.com> Date: Fri, 5 Apr 2019 14:49:36 -0700 Subject: [PATCH] Refactor tests: remove build tags, de-dupe, use flags to control test runs from now on (#8) --- README.md | 4 - attest/attest_simulated_tpm20_test.go | 14 ++-- attest/attest_test.go | 108 +++++--------------------- 3 files changed, 27 insertions(+), 99 deletions(-) diff --git a/README.md b/README.md index 6832010..a2a5fd1 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,3 @@ API changes at any time. Please note that this is not an official Google product. -## Build tags on tests - - * `localtest` - Runs tests against TPM hardware of the local system. - * `tpm12` - Runs TPM 1.2 specific tests against the local system. diff --git a/attest/attest_simulated_tpm20_test.go b/attest/attest_simulated_tpm20_test.go index c4bc691..735e34e 100644 --- a/attest/attest_simulated_tpm20_test.go +++ b/attest/attest_simulated_tpm20_test.go @@ -43,7 +43,7 @@ func setupSimulatedTPM(t *testing.T) (*simulator.Simulator, *TPM) { } } -func TestEK(t *testing.T) { +func TestSimTPM20EK(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -56,7 +56,7 @@ func TestEK(t *testing.T) { } } -func TestInfo(t *testing.T) { +func TestSimTPM20Info(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -68,7 +68,7 @@ func TestInfo(t *testing.T) { t.Logf("TPM Info = %+v", info) } -func TestAIKCreateAndLoad(t *testing.T) { +func TestSimTPM20AIKCreateAndLoad(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -115,7 +115,7 @@ func chooseEKPub(t *testing.T, eks []PlatformEK) crypto.PublicKey { return nil } -func TestActivateCredentialTPM20(t *testing.T) { +func TestSimTPM20ActivateCredential(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -156,7 +156,7 @@ func TestActivateCredentialTPM20(t *testing.T) { } } -func TestQuoteTPM20(t *testing.T) { +func TestSimTPM20Quote(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -177,7 +177,7 @@ func TestQuoteTPM20(t *testing.T) { } } -func TestPCRsTPM20(t *testing.T) { +func TestSimTPM20PCRs(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() @@ -204,7 +204,7 @@ func TestPCRsTPM20(t *testing.T) { } } -func TestPersistence(t *testing.T) { +func TestSimTPM20Persistence(t *testing.T) { sim, tpm := setupSimulatedTPM(t) defer sim.Close() diff --git a/attest/attest_test.go b/attest/attest_test.go index 1017685..d613f27 100644 --- a/attest/attest_test.go +++ b/attest/attest_test.go @@ -12,23 +12,26 @@ // License for the specific language governing permissions and limitations under // the License. -// +build localtest - package attest import ( "bytes" "crypto" "crypto/rsa" + "flag" "testing" "github.com/google/certificate-transparency-go/x509" +) - "github.com/google/go-tpm/tpm2" - "github.com/google/go-tpm/tpm2/credactivation" +var ( + testLocal = flag.Bool("testLocal", false, "run tests against local hardware") ) func TestOpen(t *testing.T) { + if !*testLocal { + t.SkipNow() + } tpm, err := OpenTPM(nil) if err != nil { t.Fatalf("OpenTPM() failed: %v", err) @@ -40,6 +43,9 @@ func TestOpen(t *testing.T) { } func TestInfo(t *testing.T) { + if !*testLocal { + t.SkipNow() + } tpm, err := OpenTPM(nil) if err != nil { t.Fatalf("OpenTPM() failed: %v", err) @@ -57,6 +63,9 @@ func TestInfo(t *testing.T) { } func TestEKs(t *testing.T) { + if !*testLocal { + t.SkipNow() + } tpm, err := OpenTPM(nil) if err != nil { t.Fatalf("OpenTPM() failed: %v", err) @@ -73,6 +82,9 @@ func TestEKs(t *testing.T) { } func TestAIKCreateAndLoad(t *testing.T) { + if !*testLocal { + t.SkipNow() + } tpm, err := OpenTPM(nil) if err != nil { t.Fatalf("OpenTPM() failed: %v", err) @@ -122,89 +134,15 @@ func chooseEK(t *testing.T, eks []PlatformEK) crypto.PublicKey { return nil } -func TestActivateCredentialTPM20(t *testing.T) { +func TestPCRs(t *testing.T) { + if !*testLocal { + t.SkipNow() + } tpm, err := OpenTPM(nil) if err != nil { t.Fatalf("OpenTPM() failed: %v", err) } defer tpm.Close() - if tpm.version != TPMVersion20 { - t.Skip("N/A for non-TPM2.0 TPMs") - } - - aik, err := tpm.MintAIK(nil) - if err != nil { - t.Fatalf("MintAIK() failed: %v", err) - } - defer aik.Close(tpm) - - EKs, err := tpm.EKs() - if err != nil { - t.Fatalf("EKs() failed: %v", err) - } - ek := chooseEK(t, EKs) - - att, err := tpm2.DecodeAttestationData(aik.CreateAttestation) - if err != nil { - t.Fatalf("tpm2.DecodeAttestationData() failed: %v", err) - } - secret := []byte{1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8} - - id, encSecret, err := credactivation.Generate(att.AttestedCreationInfo.Name.Digest, ek, 16, secret) - if err != nil { - t.Fatalf("credactivation.Generate() failed: %v", err) - } - - decryptedSecret, err := aik.ActivateCredential(tpm, EncryptedCredential{ - Credential: id, - Secret: encSecret, - }) - if err != nil { - t.Errorf("aik.ActivateCredential() failed: %v", err) - } - if !bytes.Equal(secret, decryptedSecret) { - t.Error("secret does not match decrypted secret") - t.Logf("Secret = %v", secret) - t.Logf("Decrypted secret = %v", decryptedSecret) - } -} - -func TestQuoteTPM20(t *testing.T) { - tpm, err := OpenTPM(nil) - if err != nil { - t.Fatalf("OpenTPM() failed: %v", err) - } - defer tpm.Close() - if tpm.version != TPMVersion20 { - t.Skip("N/A for non-TPM2.0 TPMs") - } - - aik, err := tpm.MintAIK(nil) - if err != nil { - t.Fatalf("MintAIK() failed: %v", err) - } - defer aik.Close(tpm) - - nonce := []byte{1, 2, 3, 4, 5, 6, 7, 8} - quote, err := aik.Quote(tpm, nonce, tpm2.AlgSHA1) - if err != nil { - t.Fatalf("aik.Quote() failed: %v", err) - } - // TODO(jsonp): Parse quote structure once gotpm/tpm2 supports it. - if quote == nil { - t.Error("quote was nil, want *Quote") - } -} - -func TestPCRsTPM20(t *testing.T) { - tpm, err := OpenTPM(nil) - if err != nil { - t.Fatalf("OpenTPM() failed: %v", err) - } - defer tpm.Close() - if tpm.version != TPMVersion20 { - t.Skip("N/A for non-TPM2.0 TPMs") - } PCRs, _, err := tpm.PCRs() if err != nil { @@ -214,14 +152,8 @@ func TestPCRsTPM20(t *testing.T) { t.Errorf("len(PCRs) = %d, want %d", len(PCRs), 24) } for i, pcr := range PCRs { - if len(pcr.Digest) != pcr.DigestAlg.Size() { - t.Errorf("PCR %d len(digest) = %d, expected match with digest algorithm size (%d)", pcr.Index, len(pcr.Digest), pcr.DigestAlg.Size()) - } if pcr.Index != i { t.Errorf("PCR index %d does not match map index %d", pcr.Index, i) } - if pcr.DigestAlg != crypto.SHA1 { - t.Errorf("pcr.DigestAlg = %v, expected crypto.SHA1", pcr.DigestAlg) - } } }