예제 #1
0
func TestValidateEndorsementCert(t *testing.T) {
	aikblob, err := ioutil.ReadFile("./aikblob")
	if err != nil {
		t.Skip("Skipping tests, since there's no ./aikblob file")
	}
	tpmtao, err := tao.NewTPMTao("/dev/tpm0", aikblob, []int{17, 18})
	if err != nil {
		t.Skip("Couldn't create a new TPM Tao:", err)
	}
	tt, ok := tpmtao.(*tao.TPMTao)
	if !ok {
		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
	}
	defer tao.CleanUpTPMTao(tt)
	hwPublicKey, err := tpm.UnmarshalRSAPublicKey(aikblob)
	if err != nil {
		t.Fatal(err)
	}

	domain := generateDomain(t)
	policyKey, policyCert := domain.Keys, domain.Keys.Cert
	hwCert := generateEndorsementCertficate(t, policyKey, hwPublicKey, policyCert)
	rootCerts := x509.NewCertPool()
	rootCerts.AddCert(policyCert)
	taoname, err := tt.GetTaoName()
	if err != nil {
		t.Fatal(err)
	}
	err = validateEndorsementCertificate(hwCert, *generateGuard(t), &taoname, rootCerts)
	if err != nil {
		t.Fatal(err)
	}
}
예제 #2
0
func TestVerifyHostAttestation_stackedHost(t *testing.T) {
	aikblob, err := ioutil.ReadFile("./aikblob")
	if err != nil {
		t.Skip("Skipping tests, since there's no ./aikblob file")
	}
	tpmtao, err := tao.NewTPMTao("/dev/tpm0", aikblob, []int{17, 18})
	if err != nil {
		t.Skip("Couldn't create a new TPM Tao:", err)
	}
	tt, ok := tpmtao.(*tao.TPMTao)
	if !ok {
		t.Fatal("Failed to create the right kind of Tao object from NewTPMTao")
	}
	defer tao.CleanUpTPMTao(tt)
	hwPublicKey, err := tpm.UnmarshalRSAPublicKey(aikblob)
	if err != nil {
		t.Fatal(err)
	}

	domain := generateDomain(t)
	policyKey, policyCert := domain.Keys, domain.Keys.Cert
	hwCert := generateEndorsementCertficate(t, policyKey, hwPublicKey, policyCert)
	hostKey, hostAtt := generateTpmAttestation(t, tt, hostName)
	programKey, programAtt := generateAttestation(t, hostKey, programName)
	rawEnd1, err := proto.Marshal(hostAtt)
	if err != nil {
		t.Fatal("Error serializing attestation.")
	}
	rawEnd2 := hwCert.Raw
	programAtt.SerializedEndorsements = [][]byte{rawEnd1, rawEnd2}
	rawAtt, err := proto.Marshal(programAtt)
	if err != nil {
		t.Fatal("Error serializing attestation.")
	}
	certPool := x509.NewCertPool()
	certPool.AddCert(policyCert)
	speaker, key, prog, err := VerifyHostAttestation(rawAtt, domain, certPool)
	if err != nil {
		t.Fatal("Test attesation failed verification checks.", err)
	}
	if !programName.Identical(prog) {
		t.Fatal("Attestation program name not identical to expected program name.")
	}
	if !programKey.SigningKey.ToPrincipal().Identical(key) {
		t.Fatal("Attestation program key not identical to expected program key.")
	}
	if !hostKey.SigningKey.ToPrincipal().Identical(speaker) {
		t.Fatal("Attestation host key not identical to expected host key.")
	}
}