From 5e5dbd5d7d2aa5c74147314cd0bb3756cb6b1e15 Mon Sep 17 00:00:00 2001 From: Jordan Hand Date: Wed, 3 Jan 2024 12:45:42 -0800 Subject: [PATCH] Move Go verification tests and client to separate packages The Go verification tests include a client and a set of test functions/infrastructure. Split these into separate packages so that the client can be included without also including the test helpers. --- ci.sh | 2 +- verification/README.md | 5 +- verification/{ => client}/abi.go | 2 +- verification/{ => client}/client.go | 2 +- verification/{ => client}/errors.go | 2 +- verification/client/go.mod | 3 + verification/{ => client}/helpers.go | 2 +- verification/{ => client}/profile.go | 2 +- verification/{ => client}/transport.go | 2 +- verification/{ => testing}/certifyKey.go | 47 ++--- verification/{ => testing}/certs.go | 6 +- verification/{ => testing}/extendTCI.go | 20 +- .../{ => testing}/getCertificateChain.go | 3 +- verification/{ => testing}/getProfile.go | 4 +- verification/{ => testing}/go.mod | 5 +- verification/{ => testing}/go.sum | 13 -- .../{ => testing}/initializeContext.go | 40 ++-- verification/{ => testing}/negativeCases.go | 190 +++++++++--------- .../{ => testing}/rotateContextHandle.go | 38 ++-- verification/{ => testing}/sign.go | 42 ++-- verification/{ => testing}/simulator.go | 20 +- verification/{ => testing}/tpm.go | 17 +- verification/{ => testing}/verification.go | 16 +- .../{ => testing}/verification_test.go | 2 +- 24 files changed, 250 insertions(+), 235 deletions(-) rename verification/{ => client}/abi.go (99%) mode change 100755 => 100644 rename verification/{ => client}/client.go (98%) mode change 100755 => 100644 rename verification/{ => client}/errors.go (98%) create mode 100644 verification/client/go.mod rename verification/{ => client}/helpers.go (98%) rename verification/{ => client}/profile.go (99%) rename verification/{ => client}/transport.go (99%) rename verification/{ => testing}/certifyKey.go (92%) mode change 100755 => 100644 rename verification/{ => testing}/certs.go (95%) rename verification/{ => testing}/extendTCI.go (85%) rename verification/{ => testing}/getCertificateChain.go (95%) rename verification/{ => testing}/getProfile.go (90%) rename verification/{ => testing}/go.mod (79%) rename verification/{ => testing}/go.sum (92%) rename verification/{ => testing}/initializeContext.go (64%) rename verification/{ => testing}/negativeCases.go (55%) rename verification/{ => testing}/rotateContextHandle.go (61%) rename verification/{ => testing}/sign.go (73%) rename verification/{ => testing}/simulator.go (93%) rename verification/{ => testing}/tpm.go (92%) rename verification/{ => testing}/verification.go (91%) rename verification/{ => testing}/verification_test.go (81%) mode change 100755 => 100644 diff --git a/ci.sh b/ci.sh index 5f4e08a2..70c34be9 100755 --- a/ci.sh +++ b/ci.sh @@ -58,7 +58,7 @@ function run_verification_tests() { cargo build --manifest-path simulator/Cargo.toml --features=$profile,$crypto --no-default-features - ( cd verification + ( cd verification/testing go test -v ) } diff --git a/verification/README.md b/verification/README.md index 06e38086..a60fd26c 100644 --- a/verification/README.md +++ b/verification/README.md @@ -1,4 +1,5 @@ # DPE Verification Tests -This test suite is a userspace test-suite which exercises DPE commands -end-to-end and ensures compliance with the DPE iRoT Profile. +* client: A generic Golang DPE client library +* testing: A userspace test suite which exercises DPE commands end-to-end and + ensures compliance with the DPE iRoT Profile. diff --git a/verification/abi.go b/verification/client/abi.go old mode 100755 new mode 100644 similarity index 99% rename from verification/abi.go rename to verification/client/abi.go index a78ad636..fb0e787c --- a/verification/abi.go +++ b/verification/client/abi.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import ( "fmt" diff --git a/verification/client.go b/verification/client/client.go old mode 100755 new mode 100644 similarity index 98% rename from verification/client.go rename to verification/client/client.go index e4d54fe8..ea682b48 --- a/verification/client.go +++ b/verification/client/client.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import ( "fmt" diff --git a/verification/errors.go b/verification/client/errors.go similarity index 98% rename from verification/errors.go rename to verification/client/errors.go index 3dd0bae6..50065935 100644 --- a/verification/errors.go +++ b/verification/client/errors.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import "fmt" diff --git a/verification/client/go.mod b/verification/client/go.mod new file mode 100644 index 00000000..a6f6e1ab --- /dev/null +++ b/verification/client/go.mod @@ -0,0 +1,3 @@ +module github.com/chipsalliance/caliptra-dpe/verification/client + +go 1.20 diff --git a/verification/helpers.go b/verification/client/helpers.go similarity index 98% rename from verification/helpers.go rename to verification/client/helpers.go index e1d91f5c..caf31eef 100644 --- a/verification/helpers.go +++ b/verification/client/helpers.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import ( "bytes" diff --git a/verification/profile.go b/verification/client/profile.go similarity index 99% rename from verification/profile.go rename to verification/client/profile.go index 29e5be4f..2b5943d5 100644 --- a/verification/profile.go +++ b/verification/client/profile.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import "fmt" diff --git a/verification/transport.go b/verification/client/transport.go similarity index 99% rename from verification/transport.go rename to verification/client/transport.go index d0a078b9..01b86efb 100644 --- a/verification/transport.go +++ b/verification/client/transport.go @@ -1,6 +1,6 @@ // Licensed under the Apache-2.0 license -package verification +package client import ( "reflect" diff --git a/verification/certifyKey.go b/verification/testing/certifyKey.go old mode 100755 new mode 100644 similarity index 92% rename from verification/certifyKey.go rename to verification/testing/certifyKey.go index 7d09c0ee..01c6dd18 --- a/verification/certifyKey.go +++ b/verification/testing/certifyKey.go @@ -19,6 +19,7 @@ import ( "go.mozilla.org/pkcs7" + "github.com/chipsalliance/caliptra-dpe/verification/client" zx509 "github.com/zmap/zcrypto/x509" zlint "github.com/zmap/zlint/v3" "github.com/zmap/zlint/v3/lint" @@ -117,34 +118,34 @@ type TcgMultiTcbInfo = []DiceTcbInfo // CertifyKeyParams holds configurable parameters to CertifyKey for test-cases type CertifyKeyParams struct { Label []byte - Flags CertifyKeyFlags + Flags client.CertifyKeyFlags } // TestCertifyKey tests calling CertifyKey -func TestCertifyKey(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestCertifyKey(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { testCertifyKey(d, c, t, false) } // TestCertifyKeySimulation tests calling CertifyKey on simulation contexts -func TestCertifyKeySimulation(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestCertifyKeySimulation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { testCertifyKey(d, c, t, true) } -// TestCertifyKeyCsr tests calling CeritifyKey with type = CSR -func TestCertifyKeyCsr(d TestDPEInstance, c DPEClient, t *testing.T) { +// Testclient.CertifyKeyCsr tests calling CeritifyKey with type = CSR +func TestCertifyKeyCsr(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { ctx := getInitialContextHandle(d, c, t, false) - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } digestLen := profile.GetDigestSize() - flags := CertifyKeyFlags(0) + flags := client.CertifyKeyFlags(0) label := make([]byte, digestLen) // Get DPE leaf certificate from CertifyKey - certifyKeyResp, err := c.CertifyKey(ctx, label, CertifyKeyCsr, flags) + certifyKeyResp, err := c.CertifyKey(ctx, label, client.CertifyKeyCsr, flags) if err != nil { t.Fatalf("[FATAL]: Could not certify key: %v", err) } @@ -163,7 +164,7 @@ func TestCertifyKeyCsr(d TestDPEInstance, c DPEClient, t *testing.T) { lastCertInCertChain := certChain[len(certChain)-1] // Get DPE leaf cert - certifyKeyResp, err = c.CertifyKey(ctx, label, CertifyKeyX509, flags) + certifyKeyResp, err = c.CertifyKey(ctx, label, client.CertifyKeyX509, flags) if err != nil { t.Fatalf("[FATAL]: Could not certify key: %v", err) } @@ -333,7 +334,7 @@ func checkCertifyKeyExtendedKeyUsages(t *testing.T, extensions []pkix.Extension, // Checks for KeyUsage Extension as per spec // If IsCA = true, KeyUsage extension MUST contain DigitalSignature and KeyCertSign // If IsCA = false, KeyUsage extension MUST contain only DigitalSignature -func checkCertifyKeyExtensions(t *testing.T, extensions []pkix.Extension, flags CertifyKeyFlags, label []byte) { +func checkCertifyKeyExtensions(t *testing.T, extensions []pkix.Extension, flags client.CertifyKeyFlags, label []byte) { t.Helper() bc, err := getBasicConstraints(extensions) @@ -378,7 +379,7 @@ func checkCertifyKeyExtensions(t *testing.T, extensions []pkix.Extension, flags // The BasicConstraints extension MUST be included // If CertifyKey AddIsCA is set, IsCA MUST be set to true. // If CertifyKey AddIsCA is NOT set, IsCA MUST be set to false -func checkCertifyKeyBasicConstraints(t *testing.T, extensions []pkix.Extension, flags CertifyKeyFlags) { +func checkCertifyKeyBasicConstraints(t *testing.T, extensions []pkix.Extension, flags client.CertifyKeyFlags) { t.Helper() flagsBuf := &bytes.Buffer{} @@ -389,7 +390,7 @@ func checkCertifyKeyBasicConstraints(t *testing.T, extensions []pkix.Extension, t.Error(err) } - flagIsCA := CertifyAddIsCA&flags != 0 + flagIsCA := client.CertifyAddIsCA&flags != 0 if flagIsCA != bc.IsCA { t.Errorf("[ERROR]: ADD_IS_CA is set to %v but the basic constraint IsCA is set to %v", flagIsCA, bc.IsCA) } @@ -470,15 +471,15 @@ func checkCertificateStructure(t *testing.T, certBytes []byte) *x509.Certificate return x509Cert } -func testCertifyKey(d TestDPEInstance, c DPEClient, t *testing.T, simulation bool) { +func testCertifyKey(d client.TestDPEInstance, c client.DPEClient, t *testing.T, simulation bool) { handle := getInitialContextHandle(d, c, t, simulation) defer func() { if simulation { - c.DestroyContext(handle, DestroyDescendants) + c.DestroyContext(handle, client.DestroyDescendants) } }() - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } @@ -490,13 +491,13 @@ func testCertifyKey(d TestDPEInstance, c DPEClient, t *testing.T, simulation boo } certifyKeyParams := []CertifyKeyParams{ - {Label: make([]byte, digestLen), Flags: CertifyKeyFlags(0)}, - {Label: seqLabel, Flags: CertifyKeyFlags(0)}, + {Label: make([]byte, digestLen), Flags: client.CertifyKeyFlags(0)}, + {Label: seqLabel, Flags: client.CertifyKeyFlags(0)}, } for _, params := range certifyKeyParams { // Get DPE leaf certificate from CertifyKey - certifyKeyResp, err := c.CertifyKey(handle, params.Label, CertifyKeyX509, params.Flags) + certifyKeyResp, err := c.CertifyKey(handle, params.Label, client.CertifyKeyX509, params.Flags) if err != nil { t.Fatalf("[FATAL]: Could not certify key: %v", err) } @@ -624,16 +625,16 @@ func getKeyUsageNames(keyUsage x509.KeyUsage) []string { return keyUsageNames } -func checkPubKey(t *testing.T, p Profile, pubkey any, response CertifiedKey) { +func checkPubKey(t *testing.T, p client.Profile, pubkey any, response client.CertifiedKey) { var pubKeyInResponse ecdsa.PublicKey switch p { - case ProfileP256SHA256: + case client.ProfileP256SHA256: pubKeyInResponse = ecdsa.PublicKey{ Curve: elliptic.P256(), X: new(big.Int).SetBytes(response.Pub.X), Y: new(big.Int).SetBytes(response.Pub.Y), } - case ProfileP384SHA384: + case client.ProfileP384SHA384: pubKeyInResponse = ecdsa.PublicKey{ Curve: elliptic.P384(), X: new(big.Int).SetBytes(response.Pub.X), @@ -654,8 +655,8 @@ func checkPubKey(t *testing.T, p Profile, pubkey any, response CertifiedKey) { } // Checks whether the context handle is unchanged after certifyKey command when default context handle is used. -func checkCertifyKeyRespHandle(res CertifiedKey, t *testing.T, handle *ContextHandle) { - if *handle != DefaultContextHandle { +func checkCertifyKeyRespHandle(res client.CertifiedKey, t *testing.T, handle *client.ContextHandle) { + if *handle != client.DefaultContextHandle { t.Logf("[LOG]: Handle is not default context, skipping check...") return } diff --git a/verification/certs.go b/verification/testing/certs.go similarity index 95% rename from verification/certs.go rename to verification/testing/certs.go index c754b824..d4e98cbf 100644 --- a/verification/certs.go +++ b/verification/testing/certs.go @@ -7,6 +7,8 @@ import ( "crypto/x509/pkix" "encoding/asn1" "fmt" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // This file is used to test the certify key command. @@ -128,7 +130,7 @@ func getKeyUsage(extensions []pkix.Extension) (x509.KeyUsage, error) { return x509.KeyUsage(usage), nil } -func getTcbInfoForHandle(c DPEClient, handle *ContextHandle) (*ContextHandle, DiceTcbInfo, error) { +func getTcbInfoForHandle(c client.DPEClient, handle *client.ContextHandle) (*client.ContextHandle, DiceTcbInfo, error) { outHandle := handle // Get digest size @@ -140,7 +142,7 @@ func getTcbInfoForHandle(c DPEClient, handle *ContextHandle) (*ContextHandle, Di digestLen := profile.Profile.GetDigestSize() label := make([]byte, digestLen) - certifiedKey, err := c.CertifyKey(outHandle, label, CertifyKeyX509, 0) + certifiedKey, err := c.CertifyKey(outHandle, label, client.CertifyKeyX509, 0) if err != nil { return outHandle, DiceTcbInfo{}, fmt.Errorf("Could not certify key: %s", err) } diff --git a/verification/extendTCI.go b/verification/testing/extendTCI.go similarity index 85% rename from verification/extendTCI.go rename to verification/testing/extendTCI.go index 7d8cb6e0..9e0d07c1 100644 --- a/verification/extendTCI.go +++ b/verification/testing/extendTCI.go @@ -9,11 +9,13 @@ import ( "hash" "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // TestExtendTCI checks whether the ExtendTCI command updates the current TCI // and cumulative TCI. -func TestExtendTCI(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestExtendTCI(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { var err error useSimulation := false // To indicate that simulation context is not used @@ -21,7 +23,7 @@ func TestExtendTCI(d TestDPEInstance, c DPEClient, t *testing.T) { handle := getInitialContextHandle(d, c, t, useSimulation) // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("[FATAL]: Could not get profile: %v", err) } @@ -64,14 +66,14 @@ func computeExpectedCumulative(lastCumulative []byte, tciValue []byte) []byte { // TestExtendTciOnDerivedContexts checks whether the ExtendTCI command with // derived child context. -func TestExtendTciOnDerivedContexts(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestExtendTciOnDerivedContexts(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { useSimulation := false // To indicate that simulation context is not used // Get default context handle handle := getInitialContextHandle(d, c, t, useSimulation) // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("[FATAL]: Could not get profile: %v", err) } @@ -89,21 +91,21 @@ func TestExtendTciOnDerivedContexts(d TestDPEInstance, c DPEClient, t *testing.T } // Preserve parent context to restore for subsequent tests. - parentHandle, err := c.RotateContextHandle(handle, RotateContextHandleFlags(0)) + parentHandle, err := c.RotateContextHandle(handle, client.RotateContextHandleFlags(0)) if err != nil { t.Errorf("[ERROR]: Error while rotating parent context handle, this may cause failure in subsequent tests: %s", err) } // Change parent back to default context defer func() { - _, err = c.RotateContextHandle(parentHandle, RotateContextHandleFlags(TargetIsDefault)) + _, err = c.RotateContextHandle(parentHandle, client.RotateContextHandleFlags(client.TargetIsDefault)) if err != nil { t.Errorf("[ERROR]: Error while restoring parent context handle as default context handle, this may cause failure in subsequent tests: %s", err) } }() // Derive Child context with input data, tag it and check TCI_CUMULATIVE - childCtx, err := c.DeriveChild(parentHandle, tciValue, DeriveChildFlags(RetainParent|InputAllowX509), 0, 0) + childCtx, err := c.DeriveChild(parentHandle, tciValue, client.DeriveChildFlags(client.RetainParent|client.InputAllowX509), 0, 0) if err != nil { t.Fatalf("[FATAL]: Error while creating default child handle in default context: %s", err) } @@ -113,7 +115,7 @@ func TestExtendTciOnDerivedContexts(d TestDPEInstance, c DPEClient, t *testing.T // Clean up contexts defer func() { - err := c.DestroyContext(childHandle, DestroyDescendants) + err := c.DestroyContext(childHandle, client.DestroyDescendants) if err != nil { t.Errorf("[ERROR]: Error while cleaning up derived context, this may cause failure in subsequent tests: %s", err) } @@ -156,7 +158,7 @@ func TestExtendTciOnDerivedContexts(d TestDPEInstance, c DPEClient, t *testing.T } } -func verifyMeasurements(c DPEClient, t *testing.T, handle *ContextHandle, expectedCurrent []byte, expectedCumulative []byte) { +func verifyMeasurements(c client.DPEClient, t *testing.T, handle *client.ContextHandle, expectedCurrent []byte, expectedCumulative []byte) { handle, tcbInfo, err := getTcbInfoForHandle(c, handle) if err != nil { t.Fatal(err) diff --git a/verification/getCertificateChain.go b/verification/testing/getCertificateChain.go similarity index 95% rename from verification/getCertificateChain.go rename to verification/testing/getCertificateChain.go index aa008462..3b76c949 100644 --- a/verification/getCertificateChain.go +++ b/verification/testing/getCertificateChain.go @@ -8,13 +8,14 @@ import ( "fmt" "testing" + "github.com/chipsalliance/caliptra-dpe/verification/client" zx509 "github.com/zmap/zcrypto/x509" zlint "github.com/zmap/zlint/v3" "github.com/zmap/zlint/v3/lint" ) // TestGetCertificateChain tests calling GetCertificateChain -func TestGetCertificateChain(d TestDPEInstance, client DPEClient, t *testing.T) { +func TestGetCertificateChain(d client.TestDPEInstance, client client.DPEClient, t *testing.T) { certChain, err := client.GetCertificateChain() if err != nil { t.Fatalf("[FATAL]: Could not get Certificate Chain: %v", err) diff --git a/verification/getProfile.go b/verification/testing/getProfile.go similarity index 90% rename from verification/getProfile.go rename to verification/testing/getProfile.go index 71946ae9..2fcbb500 100644 --- a/verification/getProfile.go +++ b/verification/testing/getProfile.go @@ -4,12 +4,14 @@ package verification import ( "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // This file is used to test the get profile command. // TestGetProfile tests calling GetProfile -func TestGetProfile(d TestDPEInstance, client DPEClient, t *testing.T) { +func TestGetProfile(d client.TestDPEInstance, client client.DPEClient, t *testing.T) { const minTCINodes uint32 = 8 for _, locality := range d.GetSupportedLocalities() { diff --git a/verification/go.mod b/verification/testing/go.mod similarity index 79% rename from verification/go.mod rename to verification/testing/go.mod index e3a7eccb..442549a7 100644 --- a/verification/go.mod +++ b/verification/testing/go.mod @@ -1,8 +1,11 @@ -module github.com/chipsalliance/caliptra-dpe/verification +module github.com/chipsalliance/caliptra-dpe/verification/testing go 1.20 +replace github.com/chipsalliance/caliptra-dpe/verification/client => ../client + require ( + github.com/chipsalliance/caliptra-dpe/verification/client v0.0.0-00010101000000-000000000000 github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.4.1 github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968 diff --git a/verification/go.sum b/verification/testing/go.sum similarity index 92% rename from verification/go.sum rename to verification/testing/go.sum index bba036dc..97dc3e12 100644 --- a/verification/go.sum +++ b/verification/testing/go.sum @@ -1,18 +1,13 @@ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= -github.com/google/go-attestation v0.5.0 h1:jXtAWT2sw2Yu8mYU0BC7FDidR+ngxFPSE+pl6IUu3/0= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -24,18 +19,15 @@ github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= github.com/google/go-tpm-tools v0.4.1 h1:gYU6iwRo0tY3V6NDnS6m+XYog+b3g6YFhHQl3sYaUL4= github.com/google/go-tpm-tools v0.4.1/go.mod h1:w03m0jynhTo7puXTYoyfpNOMqyQ9SB7sixnKWsS/1L0= -github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mreiferson/go-httpclient v0.0.0-20201222173833-5e475fde3a4d/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= @@ -45,7 +37,6 @@ github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5d github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -55,7 +46,6 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/weppos/publicsuffix-go v0.13.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db h1:/WcxBne+5CbtbgWd/sV2wbravmr4sT7y52ifQaCgoLs= github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db/go.mod h1:aiQaH1XpzIfgrJq3S1iw7w+3EDbRP7mF5fmwUhWyRUs= @@ -73,7 +63,6 @@ github.com/zmap/zlint/v3 v3.4.1 h1:zhGB2Q1oPNS+bODC5tTPlKDOnLfDGyxejgAEp1SfFiQ= github.com/zmap/zlint/v3 v3.4.1/go.mod h1:WgepL2QqxyMHnrOWJ54NqrgfMtOyuXr52wEE0tcfo9k= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -149,8 +138,6 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/verification/initializeContext.go b/verification/testing/initializeContext.go similarity index 64% rename from verification/initializeContext.go rename to verification/testing/initializeContext.go index deabe39b..f796db30 100644 --- a/verification/initializeContext.go +++ b/verification/testing/initializeContext.go @@ -5,12 +5,14 @@ package verification import ( "errors" "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // This file is used to test the initialize context command. // TestInitializeContext tests calling InitializeContext -func TestInitializeContext(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestInitializeContext(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { for _, locality := range d.GetSupportedLocalities() { d.SetLocality(locality) testInitContext(d, c, t, false) @@ -18,53 +20,53 @@ func TestInitializeContext(d TestDPEInstance, c DPEClient, t *testing.T) { } // TestInitializeSimulation tests calling InitializeContext simulation mode -func TestInitializeSimulation(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestInitializeSimulation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { for _, locality := range d.GetSupportedLocalities() { d.SetLocality(locality) testInitContext(d, c, t, true) } } -func testInitContext(d TestDPEInstance, client DPEClient, t *testing.T, simulation bool) { +func testInitContext(d client.TestDPEInstance, c client.DPEClient, t *testing.T, simulation bool) { // Try to create the default context if isn't done automatically. if !d.GetIsInitialized() { - handle, err := client.InitializeContext(InitIsDefault) + handle, err := c.InitializeContext(client.InitIsDefault) if err != nil { t.Fatalf("Failed to initialize default context: %v", err) } - if *handle != ContextHandle([16]byte{0}) { + if *handle != client.ContextHandle([16]byte{0}) { t.Fatal("Incorrect default context handle.") } d.SetIsInitialized(true) } // Try to initialize another default context. - _, err := client.InitializeContext(InitIsDefault) + _, err := c.InitializeContext(client.InitIsDefault) if err == nil { t.Fatal("The instance should return an error when trying to initialize another default context.") - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Fatalf("Incorrect error type. Should return %q, but returned %q", StatusArgumentNotSupported, err) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Fatalf("Incorrect error type. Should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Try to initialize a context that is neither default or simulation. - _, err = client.InitializeContext(InitCtxFlags(0)) + _, err = c.InitializeContext(client.InitCtxFlags(0)) if err == nil { t.Fatal("The instance should return an error when not default or simulation.") - } else if !errors.Is(err, StatusInvalidArgument) { - t.Fatalf("Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) + } else if !errors.Is(err, client.StatusInvalidArgument) { + t.Fatalf("Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err) } // TODO: test exhausting handles. This requires the ability to query how // many handles are currently in use. if simulation { - handle, err := client.InitializeContext(InitIsSimulation) + handle, err := c.InitializeContext(client.InitIsSimulation) if err != nil { t.Fatal("Failed to create a simulation context.") } - defer client.DestroyContext(handle, DestroyDescendants) + defer c.DestroyContext(handle, client.DestroyDescendants) // Could prove difficult to prove it is a cryptographically secure random. - if *handle == ContextHandle([16]byte{0}) { + if *handle == client.ContextHandle([16]byte{0}) { t.Fatal("Incorrect simulation context handle.") } } @@ -74,16 +76,16 @@ func testInitContext(d TestDPEInstance, client DPEClient, t *testing.T, simulati // Else initializes a simulation context and returns its handle. To get simulation // context handle, the DPE profile must support simulation context creation. // Caller must ensure to destroy the non-default handle through DestroyContext after usage. -func getInitialContextHandle(d TestDPEInstance, c DPEClient, t *testing.T, simulation bool) *ContextHandle { - var handle *ContextHandle +func getInitialContextHandle(d client.TestDPEInstance, c client.DPEClient, t *testing.T, simulation bool) *client.ContextHandle { + var handle *client.ContextHandle var err error if simulation { if d.GetSupport().Simulation { - handle, err = c.InitializeContext(InitIsSimulation) + handle, err = c.InitializeContext(client.InitIsSimulation) if err != nil { t.Fatal("The instance should be able to create a simulation context.") } - if *handle == ContextHandle([16]byte{0}) { + if *handle == client.ContextHandle([16]byte{0}) { t.Fatal("Incorrect simulation context handle.") } } else { @@ -91,7 +93,7 @@ func getInitialContextHandle(d TestDPEInstance, c DPEClient, t *testing.T, simul } } else { //default context - handle = &DefaultContextHandle + handle = &client.DefaultContextHandle } return handle diff --git a/verification/negativeCases.go b/verification/testing/negativeCases.go similarity index 55% rename from verification/negativeCases.go rename to verification/testing/negativeCases.go index 128e7242..37450734 100644 --- a/verification/negativeCases.go +++ b/verification/testing/negativeCases.go @@ -5,20 +5,22 @@ package verification import ( "errors" "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // InvalidHandle is a sample DPE handle which is very unlikely to be valid -var InvalidHandle = ContextHandle{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} +var InvalidHandle = client.ContextHandle{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15} // TestInvalidHandle checks whether error is reported when non-existent handle // is passed as input to DPE commands. // Exceptions are - GetProfile, InitializeContext, GetCertificateChain, commands // which do not need context handle as input parameter. -func TestInvalidHandle(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestInvalidHandle(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { ctx := getInitialContextHandle(d, c, t, true) - defer c.DestroyContext(ctx, DestroyDescendants) + defer c.DestroyContext(ctx, client.DestroyDescendants) - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } @@ -26,44 +28,44 @@ func TestInvalidHandle(d TestDPEInstance, c DPEClient, t *testing.T) { // Check DeriveChild with invalid handle if _, err := c.DeriveChild(&InvalidHandle, make([]byte, digestLen), 0, 0, 0); err == nil { - t.Errorf("[ERROR]: DeriveChild should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. DeriveChild should return %q, but returned %q", StatusInvalidHandle, err) + t.Errorf("[ERROR]: DeriveChild should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. DeriveChild should return %q, but returned %q", client.StatusInvalidHandle, err) } // Check CertifyKey with invalid handle if _, err := c.CertifyKey(&InvalidHandle, make([]byte, digestLen), 0, 0); err == nil { - t.Errorf("[ERROR]: CertifyKey should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. CertifyKey should return %q, but returned %q", StatusInvalidHandle, err) + t.Errorf("[ERROR]: CertifyKey should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. CertifyKey should return %q, but returned %q", client.StatusInvalidHandle, err) } // Check Sign with invalid handle if _, err := c.Sign(&InvalidHandle, make([]byte, digestLen), 0, make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: Sign should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. Sign should return %q, but returned %q", StatusInvalidHandle, err) + t.Errorf("[ERROR]: Sign should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. Sign should return %q, but returned %q", client.StatusInvalidHandle, err) } // Check RotateContextHandle with invalid handle - if _, err := c.RotateContextHandle(&InvalidHandle, RotateContextHandleFlags(TargetIsDefault)); err == nil { - t.Errorf("[ERROR]: RotateContextHandle should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle should return %q, but returned %q", StatusInvalidHandle, err) + if _, err := c.RotateContextHandle(&InvalidHandle, client.RotateContextHandleFlags(client.TargetIsDefault)); err == nil { + t.Errorf("[ERROR]: RotateContextHandle should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle should return %q, but returned %q", client.StatusInvalidHandle, err) } // Check DestroyContext with invalid handle if err := c.DestroyContext(&InvalidHandle, 0); err == nil { - t.Errorf("[ERROR]: DestroyContext should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. DestroyContext should return %q, but returned %q", StatusInvalidHandle, err) + t.Errorf("[ERROR]: DestroyContext should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. DestroyContext should return %q, but returned %q", client.StatusInvalidHandle, err) } // Check ExtendTCI with invalid handle if _, err := c.ExtendTCI(&InvalidHandle, make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: ExtendTCI should return %q, but returned no error", StatusInvalidHandle) - } else if !errors.Is(err, StatusInvalidHandle) { - t.Errorf("[ERROR]: Incorrect error type. ExtendTCI should return %q, but returned %q", StatusInvalidHandle, err) + t.Errorf("[ERROR]: ExtendTCI should return %q, but returned no error", client.StatusInvalidHandle) + } else if !errors.Is(err, client.StatusInvalidHandle) { + t.Errorf("[ERROR]: Incorrect error type. ExtendTCI should return %q, but returned %q", client.StatusInvalidHandle, err) } } @@ -71,7 +73,7 @@ func TestInvalidHandle(d TestDPEInstance, c DPEClient, t *testing.T) { // locality issues DPE commands in another locality. // Exceptions are - GetProfile, InitializeContext, GetCertificateChain, commands // which do not need context handle as input and hence locality is irrelevant. -func TestWrongLocality(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestWrongLocality(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { if !d.HasLocalityControl() { t.Skipf("Target does not have locality control") } @@ -82,10 +84,10 @@ func TestWrongLocality(d TestDPEInstance, c DPEClient, t *testing.T) { defer d.SetLocality(currentLocality) // Get default context handle - handle := &DefaultContextHandle + handle := &client.DefaultContextHandle // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } @@ -94,44 +96,44 @@ func TestWrongLocality(d TestDPEInstance, c DPEClient, t *testing.T) { // Check DeriveChild from wrong context if _, err := c.DeriveChild(handle, make([]byte, digestLen), 0, 0, 0); err == nil { - t.Errorf("[ERROR]: DeriveChild should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. DeriveChild should return %q, but returned %q", StatusInvalidLocality, err) + t.Errorf("[ERROR]: DeriveChild should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. DeriveChild should return %q, but returned %q", client.StatusInvalidLocality, err) } // Check CertifyKey from wrong locality if _, err := c.CertifyKey(handle, make([]byte, digestLen), 0, 0); err == nil { - t.Errorf("[ERROR]: CertifyKey should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. CertifyKey should return %q, but returned %q", StatusInvalidLocality, err) + t.Errorf("[ERROR]: CertifyKey should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. CertifyKey should return %q, but returned %q", client.StatusInvalidLocality, err) } // Check Sign from wrong locality if _, err := c.Sign(handle, make([]byte, digestLen), 0, make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: Sign should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. Sign should return %q, but returned %q", StatusInvalidLocality, err) + t.Errorf("[ERROR]: Sign should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. Sign should return %q, but returned %q", client.StatusInvalidLocality, err) } // Check RotateContextHandle from wrong locality - if _, err := c.RotateContextHandle(handle, RotateContextHandleFlags(TargetIsDefault)); err == nil { - t.Errorf("[ERROR]: RotateContextHandle should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle should return %q, but returned %q", StatusInvalidLocality, err) + if _, err := c.RotateContextHandle(handle, client.RotateContextHandleFlags(client.TargetIsDefault)); err == nil { + t.Errorf("[ERROR]: RotateContextHandle should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle should return %q, but returned %q", client.StatusInvalidLocality, err) } // Check DestroyContext from wrong locality if err := c.DestroyContext(handle, 0); err == nil { - t.Errorf("[ERROR]: DestroyContext should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. DestroyContext should return %q, but returned %q", StatusInvalidLocality, err) + t.Errorf("[ERROR]: DestroyContext should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. DestroyContext should return %q, but returned %q", client.StatusInvalidLocality, err) } // Check ExtendTCI from wrong locality if _, err := c.ExtendTCI(handle, make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: ExtendTCI should return %q, but returned no error", StatusInvalidLocality) - } else if !errors.Is(err, StatusInvalidLocality) { - t.Errorf("[ERROR]: Incorrect error type. ExtendTCI should return %q, but returned %q", StatusInvalidLocality, err) + t.Errorf("[ERROR]: ExtendTCI should return %q, but returned no error", client.StatusInvalidLocality) + } else if !errors.Is(err, client.StatusInvalidLocality) { + t.Errorf("[ERROR]: Incorrect error type. ExtendTCI should return %q, but returned %q", client.StatusInvalidLocality, err) } } @@ -139,27 +141,27 @@ func TestWrongLocality(d TestDPEInstance, c DPEClient, t *testing.T) { // that are turned off in DPE. // DPE commands - RotateContextHandle, ExtendTCI, require support to be enabled in DPE profile // before being called. -func TestUnsupportedCommand(d TestDPEInstance, c DPEClient, t *testing.T) { - ctx := &DefaultContextHandle +func TestUnsupportedCommand(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { + ctx := &client.DefaultContextHandle - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } digestLen := profile.GetDigestSize() // Check whether RotateContextHandle is unsupported by DPE profile - if _, err := c.RotateContextHandle(ctx, RotateContextHandleFlags(TargetIsDefault)); err == nil { - t.Errorf("[ERROR]: RotateContextHandle is not supported by DPE, should return %q, but returned no error", StatusInvalidCommand) - } else if !errors.Is(err, StatusInvalidCommand) { - t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle is not supported by DPE, should return %q, but returned %q", StatusInvalidCommand, err) + if _, err := c.RotateContextHandle(ctx, client.RotateContextHandleFlags(client.TargetIsDefault)); err == nil { + t.Errorf("[ERROR]: RotateContextHandle is not supported by DPE, should return %q, but returned no error", client.StatusInvalidCommand) + } else if !errors.Is(err, client.StatusInvalidCommand) { + t.Errorf("[ERROR]: Incorrect error type. RotateContextHandle is not supported by DPE, should return %q, but returned %q", client.StatusInvalidCommand, err) } // Check whether ExtendTCI is unsupported by DPE profile if _, err := c.ExtendTCI(ctx, make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: ExtendTCI is not supported by DPE, should return %q, but returned no error", StatusInvalidCommand) - } else if !errors.Is(err, StatusInvalidCommand) { - t.Errorf("[ERROR]: Incorrect error type. ExtendTCI is not supported by DPE, should return %q, but returned %q", StatusInvalidCommand, err) + t.Errorf("[ERROR]: ExtendTCI is not supported by DPE, should return %q, but returned no error", client.StatusInvalidCommand) + } else if !errors.Is(err, client.StatusInvalidCommand) { + t.Errorf("[ERROR]: Incorrect error type. ExtendTCI is not supported by DPE, should return %q, but returned %q", client.StatusInvalidCommand, err) } } @@ -174,75 +176,75 @@ func TestUnsupportedCommand(d TestDPEInstance, c DPEClient, t *testing.T) { // IsSymmetric : Allows caller to request for symmetric signing // InternalInfo : Allows caller to derive child context with InternalInfo // InternalDice : Allows caller to derive child context with InternalDice -func TestUnsupportedCommandFlag(d TestDPEInstance, c DPEClient, t *testing.T) { - handle := &DefaultContextHandle +func TestUnsupportedCommandFlag(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { + handle := &client.DefaultContextHandle - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } digestLen := profile.GetDigestSize() // Check whether error is returned since simulation context initialization is unsupported by DPE profile - if _, err := c.InitializeContext(InitIsSimulation); err == nil { - t.Errorf("[ERROR]: Simulation is not supported by DPE, InitializeContext should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. Simulation is not supported by DPE, InitializeContext supported by DPE, should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.InitializeContext(client.InitIsSimulation); err == nil { + t.Errorf("[ERROR]: Simulation is not supported by DPE, InitializeContext should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. Simulation is not supported by DPE, InitializeContext supported by DPE, should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since CA certificate request is unsupported by DPE profile - if _, err := c.CertifyKey(handle, make([]byte, digestLen), CertifyKeyX509, CertifyAddIsCA); err == nil { - t.Errorf("[ERROR]: IS_CA is not supported by DPE, CertifyKey should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. IS_CA is not supported by DPE, CertifyKey should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.CertifyKey(handle, make([]byte, digestLen), client.CertifyKeyX509, client.CertifyAddIsCA); err == nil { + t.Errorf("[ERROR]: IS_CA is not supported by DPE, CertifyKey should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. IS_CA is not supported by DPE, CertifyKey should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since CSR format is unsupported by DPE profile - if _, err := c.CertifyKey(handle, make([]byte, digestLen), CertifyKeyCsr, 0); err == nil { - t.Errorf("[ERROR]: CSR format is not supported by DPE, CertifyKey should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. CSR format is not supported by DPE, CertifyKey should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.CertifyKey(handle, make([]byte, digestLen), client.CertifyKeyCsr, 0); err == nil { + t.Errorf("[ERROR]: CSR format is not supported by DPE, CertifyKey should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. CSR format is not supported by DPE, CertifyKey should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since X509 format is unsupported by DPE profile - if _, err := c.CertifyKey(handle, make([]byte, digestLen), CertifyKeyX509, 0); err == nil { - t.Errorf("[ERROR]: X509 format is not supported by DPE, CertifyKey should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. X509 format is not supported by DPE, CertifyKey should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.CertifyKey(handle, make([]byte, digestLen), client.CertifyKeyX509, 0); err == nil { + t.Errorf("[ERROR]: X509 format is not supported by DPE, CertifyKey should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. X509 format is not supported by DPE, CertifyKey should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since symmetric signing is unsupported by DPE profile - if _, err := c.Sign(handle, make([]byte, digestLen), SignFlags(IsSymmetric), make([]byte, digestLen)); err == nil { - t.Errorf("[ERROR]: Symmetric signing is not supported by DPE, Sign should return %q, but returned no error", StatusInvalidArgument) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. Symmetric signing is not supported by DPE, Sign should return %q, but returned %q", StatusInvalidArgument, err) + if _, err := c.Sign(handle, make([]byte, digestLen), client.SignFlags(client.IsSymmetric), make([]byte, digestLen)); err == nil { + t.Errorf("[ERROR]: Symmetric signing is not supported by DPE, Sign should return %q, but returned no error", client.StatusInvalidArgument) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. Symmetric signing is not supported by DPE, Sign should return %q, but returned %q", client.StatusInvalidArgument, err) } // Check whether error is returned since InternalInfo usage is unsupported by DPE profile - if _, err := c.DeriveChild(handle, make([]byte, digestLen), DeriveChildFlags(InternalInputInfo), 0, 0); err == nil { - t.Errorf("[ERROR]:InternalInfo is not supported by DPE, DeriveChild should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. InternalInfo is not supported by DPE, DeriveChild should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.DeriveChild(handle, make([]byte, digestLen), client.DeriveChildFlags(client.InternalInputInfo), 0, 0); err == nil { + t.Errorf("[ERROR]:InternalInfo is not supported by DPE, DeriveChild should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. InternalInfo is not supported by DPE, DeriveChild should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since InternalDice usgae is unsupported by DPE profile - if _, err := c.DeriveChild(handle, make([]byte, digestLen), DeriveChildFlags(InternalInputDice), 0, 0); err == nil { - t.Errorf("[ERROR]:InternalDice is not supported by DPE, DeriveChild should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. InternalDice is not supported by DPE, DeriveChild should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.DeriveChild(handle, make([]byte, digestLen), client.DeriveChildFlags(client.InternalInputDice), 0, 0); err == nil { + t.Errorf("[ERROR]:InternalDice is not supported by DPE, DeriveChild should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. InternalDice is not supported by DPE, DeriveChild should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since InternalInfo usage is unsupported by DPE profile - if _, err := c.DeriveChild(handle, make([]byte, digestLen), DeriveChildFlags(InputAllowCA), 0, 0); err == nil { - t.Errorf("[ERROR]:IS_CA is not supported by DPE, DeriveChild should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. IS_CA is not supported by DPE, DeriveChild should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.DeriveChild(handle, make([]byte, digestLen), client.DeriveChildFlags(client.InputAllowCA), 0, 0); err == nil { + t.Errorf("[ERROR]:IS_CA is not supported by DPE, DeriveChild should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. IS_CA is not supported by DPE, DeriveChild should return %q, but returned %q", client.StatusArgumentNotSupported, err) } // Check whether error is returned since InternalDice usgae is unsupported by DPE profile - if _, err := c.DeriveChild(handle, make([]byte, digestLen), DeriveChildFlags(InputAllowX509), 0, 0); err == nil { - t.Errorf("[ERROR]:X509 is not supported by DPE, DeriveChild should return %q, but returned no error", StatusArgumentNotSupported) - } else if !errors.Is(err, StatusArgumentNotSupported) { - t.Errorf("[ERROR]: Incorrect error type. X509 is not supported by DPE, DeriveChild should return %q, but returned %q", StatusArgumentNotSupported, err) + if _, err := c.DeriveChild(handle, make([]byte, digestLen), client.DeriveChildFlags(client.InputAllowX509), 0, 0); err == nil { + t.Errorf("[ERROR]:X509 is not supported by DPE, DeriveChild should return %q, but returned no error", client.StatusArgumentNotSupported) + } else if !errors.Is(err, client.StatusArgumentNotSupported) { + t.Errorf("[ERROR]: Incorrect error type. X509 is not supported by DPE, DeriveChild should return %q, but returned %q", client.StatusArgumentNotSupported, err) } } diff --git a/verification/rotateContextHandle.go b/verification/testing/rotateContextHandle.go similarity index 61% rename from verification/rotateContextHandle.go rename to verification/testing/rotateContextHandle.go index 40769e7d..cbb037c4 100644 --- a/verification/rotateContextHandle.go +++ b/verification/testing/rotateContextHandle.go @@ -5,66 +5,68 @@ package verification import ( "errors" "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // TestRotateContextHandle tests the RotateContextHandle command -func TestRotateContextHandle(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestRotateContextHandle(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { simulation := false handle := getInitialContextHandle(d, c, t, simulation) // Check whether the rotated context handle is a random context handle - handle, err := c.RotateContextHandle(handle, RotateContextHandleFlags(0)) + handle, err := c.RotateContextHandle(handle, client.RotateContextHandleFlags(0)) if err != nil { t.Fatalf("[FATAL]: Could not rotate context handle: %v", err) } - if *handle == DefaultContextHandle { + if *handle == client.DefaultContextHandle { t.Errorf("[ERROR]: Expected random context handle but have got default context %v", handle) } // Rotate back the handle to default handle for subsequent tests // This works only when there is no default handle available - handle, err = c.RotateContextHandle(handle, TargetIsDefault) + handle, err = c.RotateContextHandle(handle, client.TargetIsDefault) if err != nil { t.Fatalf("[FATAL]: Could not rotate context handle: %v", err) } - if *handle != DefaultContextHandle { - t.Errorf("[ERROR]: TARGET_IS_DEFAULT is set, have got %v but want %v", handle, DefaultContextHandle) + if *handle != client.DefaultContextHandle { + t.Errorf("[ERROR]: TARGET_IS_DEFAULT is set, have got %v but want %v", handle, client.DefaultContextHandle) } // Check for error when a default context handle exists already and handle is rotated to default handle // Since, there cannot be more than one default context handle - _, err = c.RotateContextHandle(handle, TargetIsDefault) + _, err = c.RotateContextHandle(handle, client.TargetIsDefault) if err == nil { - t.Fatalf("[FATAL]: Should return %q for default context, but returned no error", StatusInvalidArgument) - } else if !errors.Is(err, StatusInvalidArgument) { - t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) + t.Fatalf("[FATAL]: Should return %q for default context, but returned no error", client.StatusInvalidArgument) + } else if !errors.Is(err, client.StatusInvalidArgument) { + t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err) } } // TestRotateContextHandleSimulation tests calling RotateContextHandle on // simulation contexts -func TestRotateContextHandleSimulation(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestRotateContextHandleSimulation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { simulation := true handle := getInitialContextHandle(d, c, t, simulation) defer func() { - c.DestroyContext(handle, DestroyDescendants) + c.DestroyContext(handle, client.DestroyDescendants) }() // Check whether the rotated context handle is a random context handle - handle, err := c.RotateContextHandle(handle, RotateContextHandleFlags(0)) + handle, err := c.RotateContextHandle(handle, client.RotateContextHandleFlags(0)) if err != nil { t.Fatalf("[FATAL]: Could not rotate context handle: %v", err) } - if *handle == DefaultContextHandle { + if *handle == client.DefaultContextHandle { t.Errorf("[ERROR]: Expected random context handle but have got default context %v", handle) } // In simulated context, the handle cannot be rotated to default handle // Since, it is not allowed to have a both of default and non-default context handles together - _, err = c.RotateContextHandle(handle, TargetIsDefault) + _, err = c.RotateContextHandle(handle, client.TargetIsDefault) if err == nil { - t.Fatalf("[FATAL]: Should return %q for simulation context, but returned no error", StatusInvalidArgument) - } else if !errors.Is(err, StatusInvalidArgument) { - t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) + t.Fatalf("[FATAL]: Should return %q for simulation context, but returned no error", client.StatusInvalidArgument) + } else if !errors.Is(err, client.StatusInvalidArgument) { + t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err) } } diff --git a/verification/sign.go b/verification/testing/sign.go similarity index 73% rename from verification/sign.go rename to verification/testing/sign.go index 26748ef8..b8a8656a 100644 --- a/verification/sign.go +++ b/verification/testing/sign.go @@ -10,6 +10,8 @@ import ( "errors" "math/big" "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // TestAsymmetricSigning obtains and validates signature of asymmetric signing. @@ -17,11 +19,11 @@ import ( // using public key in signing key certificate returned by CertifyKey command. // Inspite of the DPE profile supporting symmetric key, for symmetric signing it must be enabled // explicitly in Sign command flags. Else asymmetric signing is used as default. -func TestAsymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestAsymmetricSigning(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { useSimulation := false handle := getInitialContextHandle(d, c, t, useSimulation) // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } @@ -29,7 +31,7 @@ func TestAsymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { digestLen := profile.GetDigestSize() // Validate asymmetric signature generated - flags := SignFlags(0) + flags := client.SignFlags(0) seqLabel := make([]byte, digestLen) for i := range seqLabel { @@ -47,7 +49,7 @@ func TestAsymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { } // Get signing key certificate using CertifyKey command - certifiedKey, err := c.CertifyKey(handle, seqLabel, CertifyKeyX509, CertifyKeyFlags(0)) + certifiedKey, err := c.CertifyKey(handle, seqLabel, client.CertifyKeyX509, client.CertifyKeyFlags(0)) if err != nil { t.Fatalf("[FATAL]: Could not CertifyKey: %v", err) } @@ -83,31 +85,31 @@ func TestAsymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { // TestSignSimulation cheks command fails in simulated context because this context does not allow signing. // This is because simulation context does not allow using context's private key. -func TestSignSimulation(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestSignSimulation(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { useSimulation := true handle := getInitialContextHandle(d, c, t, useSimulation) defer func() { - c.DestroyContext(handle, DestroyDescendants) + c.DestroyContext(handle, client.DestroyDescendants) }() // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } digestLen := profile.GetDigestSize() - if _, err := c.Sign(handle, make([]byte, digestLen), SignFlags(IsSymmetric), make([]byte, digestLen)); err == nil { - t.Fatalf("[FATAL]: Should return %q, but returned no error", StatusInvalidArgument) - } else if !errors.Is(err, StatusInvalidArgument) { - t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) + if _, err := c.Sign(handle, make([]byte, digestLen), client.SignFlags(client.IsSymmetric), make([]byte, digestLen)); err == nil { + t.Fatalf("[FATAL]: Should return %q, but returned no error", client.StatusInvalidArgument) + } else if !errors.Is(err, client.StatusInvalidArgument) { + t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err) } - if _, err := c.Sign(handle, make([]byte, digestLen), SignFlags(0), make([]byte, digestLen)); err == nil { - t.Fatalf("[FATAL]: Should return %q, but returned no error", StatusInvalidArgument) - } else if !errors.Is(err, StatusInvalidArgument) { - t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) + if _, err := c.Sign(handle, make([]byte, digestLen), client.SignFlags(0), make([]byte, digestLen)); err == nil { + t.Fatalf("[FATAL]: Should return %q, but returned no error", client.StatusInvalidArgument) + } else if !errors.Is(err, client.StatusInvalidArgument) { + t.Fatalf("[FATAL]: Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err) } } @@ -116,12 +118,12 @@ func TestSignSimulation(d TestDPEInstance, c DPEClient, t *testing.T) { // This is because label is used by DPE in symmetric key derivation. // Invoking Sign command multiple times with same label and same content (TBS) should return same signature // but it should return different signatures for different labels despite having the same content (To Be Signed content). -func TestSymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestSymmetricSigning(d client.TestDPEInstance, c client.DPEClient, t *testing.T) { useSimulation := false handle := getInitialContextHandle(d, c, t, useSimulation) // Get digest size - profile, err := GetTransportProfile(d) + profile, err := client.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } @@ -137,13 +139,13 @@ func TestSymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { tbs[i] = byte(i) } - signedData, err := c.Sign(handle, label, SignFlags(IsSymmetric), tbs) + signedData, err := c.Sign(handle, label, client.SignFlags(client.IsSymmetric), tbs) if err != nil { t.Fatalf("[FATAL]: Error while signing %v", err) } // Rerun with same label and compare signature emitted. - signedDataWithSameLabel, err := c.Sign(handle, label, SignFlags(IsSymmetric), tbs) + signedDataWithSameLabel, err := c.Sign(handle, label, client.SignFlags(client.IsSymmetric), tbs) if err != nil { t.Fatalf("[FATAL]: Error while signing %v", err) } @@ -159,7 +161,7 @@ func TestSymmetricSigning(d TestDPEInstance, c DPEClient, t *testing.T) { newLabel[i] = byte(0) } - signedDataWithDiffLabel, err := c.Sign(handle, newLabel, SignFlags(IsSymmetric), tbs) + signedDataWithDiffLabel, err := c.Sign(handle, newLabel, client.SignFlags(client.IsSymmetric), tbs) if err != nil { t.Fatalf("[FATAL]: Error while signing %v", err) } diff --git a/verification/simulator.go b/verification/testing/simulator.go similarity index 93% rename from verification/simulator.go rename to verification/testing/simulator.go index 1e3c47f6..5b0c1199 100644 --- a/verification/simulator.go +++ b/verification/testing/simulator.go @@ -13,6 +13,8 @@ import ( "reflect" "syscall" "time" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // Constants for configuring expected values from the DPE simulator @@ -22,8 +24,8 @@ const ( DPESimulatorAutoInitLocality uint32 = 0 DPESimulatorOtherLocality uint32 = 0x4f544852 DPESimulatorMaxTCINodes uint32 = 24 - DPESimulatorMajorProfileVersion uint16 = CurrentProfileMajorVersion - DPESimulatorMinorProfileVersion uint16 = CurrentProfileMinorVersion + DPESimulatorMajorProfileVersion uint16 = client.CurrentProfileMajorVersion + DPESimulatorMinorProfileVersion uint16 = client.CurrentProfileMinorVersion DPESimulatorVendorID uint32 = 0 DPESimulatorVendorSKU uint32 = 0 ) @@ -35,10 +37,10 @@ var TargetExe *string type DpeSimulator struct { exePath string cmd *exec.Cmd - supports Support + supports client.Support currentLocality uint32 isInitialized bool - Transport + client.Transport } // HasPowerControl returns whether the simulator can be started and stopped. @@ -160,7 +162,7 @@ func (s *DpeSimulator) SendCmd(buf []byte) ([]byte, error) { } // GetSupport gets supported DPE features from the simulator -func (s *DpeSimulator) GetSupport() *Support { +func (s *DpeSimulator) GetSupport() *client.Support { return &s.supports } @@ -221,7 +223,7 @@ func (s *DpeSimulator) GetProfileVendorSku() uint32 { } // GetSimulatorTarget gets the simulator target -func GetSimulatorTarget(supportNeeded []string, targetExe string) TestDPEInstance { +func GetSimulatorTarget(supportNeeded []string, targetExe string) client.TestDPEInstance { value := reflect.ValueOf(DpeSimulator{}.supports) fields := reflect.Indirect(value) @@ -234,8 +236,8 @@ func GetSimulatorTarget(supportNeeded []string, targetExe string) TestDPEInstanc } } } - support := fVal.Elem().Interface().(Support) - var instance TestDPEInstance = &DpeSimulator{exePath: targetExe, supports: support} + support := fVal.Elem().Interface().(client.Support) + var instance client.TestDPEInstance = &DpeSimulator{exePath: targetExe, supports: support} return instance } @@ -332,7 +334,7 @@ func GetSimulatorTargets() []TestTarget { } // Get the test target for simulator/emulator -func getTestTarget(supportNeeded []string) TestDPEInstance { +func getTestTarget(supportNeeded []string) client.TestDPEInstance { instance := GetSimulatorTarget(supportNeeded, *TargetExe) instance.SetLocality(DPESimulatorAutoInitLocality) return instance diff --git a/verification/tpm.go b/verification/testing/tpm.go similarity index 92% rename from verification/tpm.go rename to verification/testing/tpm.go index 85b1a252..323b374a 100644 --- a/verification/tpm.go +++ b/verification/testing/tpm.go @@ -13,6 +13,7 @@ import ( "math/big" "testing" + dpe "github.com/chipsalliance/caliptra-dpe/verification/client" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/simulator" "github.com/google/go-tpm/legacy/tpm2" @@ -64,22 +65,22 @@ func startTpmSession(t *testing.T, tpm io.ReadWriteCloser, alg tpm2.Algorithm) ( } // TestTpmPolicySigning tests using DPE to satisfy TPM PolicySigned -func TestTpmPolicySigning(d TestDPEInstance, c DPEClient, t *testing.T) { +func TestTpmPolicySigning(d dpe.TestDPEInstance, c dpe.DPEClient, t *testing.T) { simulation := false ctx := getInitialContextHandle(d, c, t, simulation) var ec tpm2.EllipticCurve var alg tpm2.Algorithm - profile, err := GetTransportProfile(d) + profile, err := dpe.GetTransportProfile(d) if err != nil { t.Fatalf("Could not get profile: %v", err) } digestLen := profile.GetDigestSize() - if digestLen == len(SHA256Digest{0}) { + if digestLen == len(dpe.SHA256Digest{0}) { alg = tpm2.AlgSHA256 ec = tpm2.CurveNISTP256 - } else if digestLen == len(SHA384Digest{0}) { + } else if digestLen == len(dpe.SHA384Digest{0}) { alg = tpm2.AlgSHA384 ec = tpm2.CurveNISTP384 } @@ -113,12 +114,12 @@ func TestTpmPolicySigning(d TestDPEInstance, c DPEClient, t *testing.T) { } // Get signed hash from DPE - signResp, err := c.Sign(ctx, seqLabel, SignFlags(0), digest) + signResp, err := c.Sign(ctx, seqLabel, dpe.SignFlags(0), digest) if err != nil { t.Fatalf("[FATAL]: Could not sign: %v", err) } - certifyKeyResp, err := c.CertifyKey(&(signResp.Handle), seqLabel, CertifyKeyX509, CertifyKeyFlags(0)) + certifyKeyResp, err := c.CertifyKey(&(signResp.Handle), seqLabel, dpe.CertifyKeyX509, dpe.CertifyKeyFlags(0)) if err != nil { t.Fatalf("[FATAL]: Could not CertifyKey: %v", err) } @@ -155,10 +156,10 @@ func getDigest(nonce []byte, expiry int32, digestLen int) []byte { toDigest := append(nonce, expBytes...) digest := make([]byte, digestLen) - if digestLen == len(SHA256Digest{0}) { + if digestLen == len(dpe.SHA256Digest{0}) { hash := sha256.Sum256(toDigest) digest = hash[:] - } else if digestLen == len(SHA384Digest{0}) { + } else if digestLen == len(dpe.SHA384Digest{0}) { hash := sha512.Sum384(toDigest) digest = hash[:] } diff --git a/verification/verification.go b/verification/testing/verification.go similarity index 91% rename from verification/verification.go rename to verification/testing/verification.go index 0ccea29e..772cba1f 100644 --- a/verification/verification.go +++ b/verification/testing/verification.go @@ -9,10 +9,12 @@ package verification import ( "testing" + + "github.com/chipsalliance/caliptra-dpe/verification/client" ) // DpeTestFunc is the function template that a DPE test case must implement -type DpeTestFunc func(d TestDPEInstance, c DPEClient, t *testing.T) +type DpeTestFunc func(d client.TestDPEInstance, c client.DPEClient, t *testing.T) // TestCase is metadata for a DPE test case type TestCase struct { @@ -21,11 +23,11 @@ type TestCase struct { SupportNeeded []string } -// TestTarget is a TestDPEInstance and corresponding list of test cases to run +// TestTarget is a client.TestDPEInstance and corresponding list of test cases to run // against that target. type TestTarget struct { Name string - D TestDPEInstance + D client.TestDPEInstance TestCases []TestCase } @@ -44,7 +46,7 @@ var CertifyKeyTestCase = TestCase{ "CertifyKey", TestCertifyKey, []string{"AutoInit", "X509", "IsCA"}, } -// CertifyKeyCsrTestCase tests CertifyKey with type = CSR +// client.CertifyKeyCsrTestCase tests CertifyKey with type = CSR var CertifyKeyCsrTestCase = TestCase{ "CertifyKeyCsr", TestCertifyKeyCsr, []string{"AutoInit", "Csr", "IsCA"}, } @@ -158,19 +160,19 @@ func RunTargetTestCases(target TestTarget, t *testing.T) { defer target.D.PowerOff() } - profile, err := GetTransportProfile(target.D) + profile, err := client.GetTransportProfile(target.D) if err != nil { t.Fatalf("Could not get profile: %v", err) } - c, err := NewClient(target.D, profile) + c, err := client.NewClient(target.D, profile) if err != nil { t.Fatalf("Could not initialize client: %v", err) } for _, test := range target.TestCases { t.Run(target.Name+"-"+test.Name, func(t *testing.T) { - if !HasSupportNeeded(target.D, test.SupportNeeded) { + if !client.HasSupportNeeded(target.D, test.SupportNeeded) { t.Skipf("Warning: Target does not have required support, skipping test.") } diff --git a/verification/verification_test.go b/verification/testing/verification_test.go old mode 100755 new mode 100644 similarity index 81% rename from verification/verification_test.go rename to verification/testing/verification_test.go index 3da20773..cdd57518 --- a/verification/verification_test.go +++ b/verification/testing/verification_test.go @@ -10,7 +10,7 @@ import ( // This will be called before running tests, and it assigns the socket path based on command line flag. func TestMain(m *testing.M) { - TargetExe = flag.String("sim", "../target/debug/simulator", "path to simulator executable") + TargetExe = flag.String("sim", "../../target/debug/simulator", "path to simulator executable") exitVal := m.Run() os.Exit(exitVal)