-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Derivechild support #250
Derivechild support #250
Conversation
verification/verification.go
Outdated
"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509", "IsCA"}, | ||
"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509", "IsCA", "RotateContext", "ExtendTci"}, | ||
} | ||
var CertifyKeyWithoutExtendTciTestCase = TestCase{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Can you make this test the base CertifyKey test, and then add one that is CertifyKeyWithExtendTci
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, only DiceTcb validation withDerived child requires ExtendTci, so added separate testcase for it in normal/simulator mode
verification/deriveChild.go
Outdated
// Privilege escalation of child | ||
// Adding new privileges to child that parent does NOT possess will cause failure | ||
_, err = c.DeriveChild(handle, | ||
make([]byte, digestLen), | ||
DeriveChildFlags(InputAllowX509|InputAllowCA), | ||
0, 0) | ||
if err == nil { | ||
t.Errorf("[ERROR]: Should return %q, but returned no error", StatusInvalidArgument) | ||
} else if !errors.Is(err, StatusInvalidArgument) { | ||
t.Errorf("[ERROR]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) | ||
} | ||
|
||
// Privilege escalation for commands run in child context | ||
// Similarly, when commands like CertifyKey try to make use of features that are unsupported | ||
// by child context, it will fail. | ||
if _, err = c.CertifyKey(handle, make([]byte, digestLen), CertifyKeyX509, CertifyAddIsCA); err == nil { | ||
t.Errorf("[ERROR]: Should return %q, but returned no error", StatusInvalidArgument) | ||
} else if !errors.Is(err, StatusInvalidArgument) { | ||
t.Errorf("[ERROR]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should the privilege escalation tests go in a separate test case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
verification/deriveChild.go
Outdated
// Internal input flags | ||
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), InternalInputDice, 0, 0); err != nil { | ||
t.Errorf("[Error]: Error while making child context handle as default handle: %s", err) | ||
} | ||
handle = &resp.NewContextHandle | ||
|
||
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), InternalInputInfo, 0, 0); err != nil { | ||
t.Errorf("[Error]: Error while making child context handle as default handle: %s", err) | ||
} | ||
handle = &resp.NewContextHandle |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should put these in a separate test case since not all implementation will support internal inputs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
// Finally, restore locality of handle for other tests | ||
prevLocality := currentLocality | ||
d.SetLocality(otherLocality) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not every test target has external locality control. We should move anything that requires locality control to a different test case and skip it if !d.HasLocalityControl()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have made it a separate test target. Added this check too.
if !d.HasLocalityControl() {
t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...")
}
// Child context handle returned will be the default context handle when MakeDefault flag is set | ||
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), MakeDefault, 0, 0); err != nil { | ||
t.Errorf("[ERROR]: Error while creating child context handle: %s", err) | ||
} | ||
handle = &resp.NewContextHandle | ||
if resp.NewContextHandle != DefaultContextHandle { | ||
t.Fatalf("[FATAL]: Incorrect handle. Should return %v, but returned %v", DefaultContextHandle, *handle) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anything that permanently modifies the DPE tree (requiring a reset) should be moved to a separate test case.
In this case, this will create a new retired node which can't be removed until next reset.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is made a separate test case and is moved out of list of common testcases - i.e. "AllTestCases" list
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make a separate list (similar to AllTestCases) called something like IrreversibleTestCases
. And add any test case to that list which permenantly modifies the DPE tree?
This will make it easier for a target (other than the simulator) with reset control to run these tests separately, resetting DPE in between each one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the list, so far there are just two tests DeriveChild and DeriveChild in Simulation mode that alter DPE tree.
verification/certifyKey.go
Outdated
func TestDiceTcbInfoSimulation(d TestDPEInstance, c DPEClient, t *testing.T) { | ||
testDiceTcbInfo(d, c, t, true) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made as a separate test case because, TestDiceTcbInfo requires derived context for various fields validation. Deriving child context requires to use MakeDefault, ChangeLocality(for Sim mode) when used as a part of "AllTestCases". So made it as separate testcase.
verification/certifyKey.go
Outdated
) | ||
|
||
type TcgMultiTcbInfo = []DiceTcbInfo | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved to certs.go to remove cluttering
verification/certifyKey.go
Outdated
// - the "type" field must contain 4-byte tciType is provided by a client to DeriveChild. | ||
// - the "fwid" field must contain cumulative TCI measurement. | ||
func testDiceTcbInfo(d TestDPEInstance, c DPEClient, t *testing.T, simulation bool) { | ||
handle := getInitialContextHandle(d, c, t, simulation) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do field validation for MultiTcb extension
verification/certifyKey.go
Outdated
if err != nil { | ||
t.Error(err) | ||
func checkPubKey(t *testing.T, p Profile, pubkey any, response CertifiedKey) { | ||
var pubKeyInResponse ecdsa.PublicKey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Existing function
verification/certifyKey.go
Outdated
t.Error(err) | ||
// Checks whether the context handle is unchanged after certifyKey command when default context handle is used. | ||
func checkCertifyKeyRespHandle(res CertifiedKey, t *testing.T, handle *ContextHandle) { | ||
if *handle != DefaultContextHandle { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Existing function
// Child context handle returned will be the default context handle when MakeDefault flag is set | ||
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), MakeDefault, 0, 0); err != nil { | ||
t.Errorf("[ERROR]: Error while creating child context handle: %s", err) | ||
} | ||
handle = &resp.NewContextHandle | ||
if resp.NewContextHandle != DefaultContextHandle { | ||
t.Fatalf("[FATAL]: Incorrect handle. Should return %v, but returned %v", DefaultContextHandle, *handle) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make a separate list (similar to AllTestCases) called something like IrreversibleTestCases
. And add any test case to that list which permenantly modifies the DPE tree?
This will make it easier for a target (other than the simulator) with reset control to run these tests separately, resetting DPE in between each one.
verification/deriveChild.go
Outdated
// Validates DerivedChild command with ChangeLocality flag. | ||
func TestChangeLocality(d TestDPEInstance, c DPEClient, t *testing.T) { | ||
if !d.HasLocalityControl() { | ||
t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...") | |
t.Skip("WARNING: DPE target does not have control over locality. Skipping this test...") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed this
Done in #305 |
Hi @jhand2 and @sree-revoori1
Tests check for
Can you please review the derive child command changes?
This I recreated the PR to rebase and fix a bug that I found while initializing handle.
This snippet was added in commit 8a56b14#diff-613d35b2e9d525cc6cf3d0df2be4c4c5cd8ec0813b72b02871620bda867bce7f