ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-30 01:39:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
73020b971b
go-attestation/attest/eventlog_test.go
Brandon Weeks 73020b971b Rename AIK to AK everywhere 
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00

151 lines
3.6 KiB
Go
Raw Blame History

// Copyright 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.
package attest
import (
"encoding/json"
"io/ioutil"
"testing"
"github.com/google/go-tpm/tpm2"
)
// Dump describes the layout of serialized information from the dump command.
type Dump struct {
Static struct {
TPMVersion TPMVersion
EKPem []byte
}
AK AttestationParameters
Quote struct {
Nonce []byte
Alg HashAlg
Quote []byte
Signature []byte
}
Log struct {
PCRs []PCR
PCRAlg tpm2.Algorithm
Raw []byte // The measured boot log in binary form.
}
}
func TestParseEventLogWindows(t *testing.T) {
testParseEventLog(t, "testdata/windows_gcp_shielded_vm.json")
}
func TestParseEventLogLinux(t *testing.T) {
testParseEventLog(t, "testdata/linux_tpm12.json")
}
func testParseEventLog(t *testing.T, testdata string) {
data, err := ioutil.ReadFile(testdata)
if err != nil {
t.Fatalf("reading test data: %v", err)
}
var dump Dump
if err := json.Unmarshal(data, &dump); err != nil {
t.Fatalf("parsing test data: %v", err)
}
if _, err := ParseEventLog(dump.Log.Raw); err != nil {
t.Fatalf("parsing event log: %v", err)
}
}
func TestParseCryptoAgileEventLog(t *testing.T) {
data, err := ioutil.ReadFile("testdata/crypto_agile_eventlog")
if err != nil {
t.Fatalf("reading test data: %v", err)
}
if _, err := ParseEventLog(data); err != nil {
t.Fatalf("parsing event log: %v", err)
}
}
func TestEventLogLinux(t *testing.T) {
testEventLog(t, "testdata/linux_tpm12.json")
}
func TestEventLog(t *testing.T) {
testEventLog(t, "testdata/windows_gcp_shielded_vm.json")
}
func testEventLog(t *testing.T, testdata string) {
data, err := ioutil.ReadFile(testdata)
if err != nil {
t.Fatalf("reading test data: %v", err)
}
var dump Dump
if err := json.Unmarshal(data, &dump); err != nil {
t.Fatalf("parsing test data: %v", err)
}
ak, err := ParseAKPublic(dump.Static.TPMVersion, dump.AK.Public)
if err != nil {
t.Fatalf("parsing AK: %v", err)
}
if err := ak.Verify(Quote{
Version: dump.Static.TPMVersion,
Quote: dump.Quote.Quote,
Signature: dump.Quote.Signature,
}, dump.Log.PCRs, dump.Quote.Nonce); err != nil {
t.Fatalf("verifying quote: %v", err)
}
el, err := ParseEventLog(dump.Log.Raw)
if err != nil {
t.Fatalf("parsing event log: %v", err)
}
events, err := el.Verify(dump.Log.PCRs)
if err != nil {
t.Fatalf("validating event log: %v", err)
}
for i, e := range events {
if e.sequence != i {
t.Errorf("event out of order: events[%d].sequence = %d, want %d", i, e.sequence, i)
}
}
}
func TestParseEventLogEventSizeTooLarge(t *testing.T) {
data := []byte{
// PCR index
0x30, 0x34, 0x39, 0x33,
// type
0x36, 0x30, 0x30, 0x32,
// Digest
0x31, 0x39, 0x36, 0x33, 0x39, 0x34, 0x34, 0x37, 0x39, 0x32,
0x31, 0x32, 0x32, 0x37, 0x39, 0x30, 0x34, 0x30, 0x31, 0x6d,
// Even size (3.183 GB)
0xbd, 0xbf, 0xef, 0x47,
// "event data"
0x00, 0x00, 0x00, 0x00,
}
// If this doesn't panic, the test passed
// TODO(ericchiang): use errors.As once go-attestation switches to Go 1.13.
_, err := ParseEventLog(data)
if err == nil {
t.Fatalf("expected parsing invalid event log to fail")
}
}
Reference in New Issue View Git Blame Copy Permalink