Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Derivechild support #250

Closed
wants to merge 23 commits into from
Closed

Conversation

hpya93
Copy link
Contributor

@hpya93 hpya93 commented Nov 2, 2023

Hi @jhand2 and @sree-revoori1
Tests check for

  • Effect of DeriveChild on MultiTcb of CertifiedKey certificate - TCItype, TargetLoc, TCI_CUMULATIVE etc
  • Derive Child tests - Wrong Locality, Usage of different combination of flags, Privilege escalation checks etc.
    Can you please review the derive child command changes?
    This I recreated the PR to rebase and fix a bug that I found while initializing handle.

This snippet was added in commit 8a56b14#diff-613d35b2e9d525cc6cf3d0df2be4c4c5cd8ec0813b72b02871620bda867bce7f

	var ctx ContextHandle   // This handle is used
	if use_simulation {
		if d.GetSupport().Simulation {
			handle, err := client.InitializeContext(InitIsSimulation)  // This handle has no use, it must have been reassigned to ctx
			if err != nil {
				t.Fatal("The instance should be able to create a simulation context.")
			}
			// Could prove difficult to prove it is a cryptographically secure random.
			if *handle == ContextHandle([16]byte{0}) {
				t.Fatal("Incorrect simulation context handle.")
			}

			defer client.DestroyContext(handle, 0)
		} else {
			t.Errorf("[ERROR]:  DPE instance doesn't support simulation contexts.")
		}
	} else {
		//default context
		ctx = [16]byte{0}
	}

"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509", "IsCA"},
"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509", "IsCA", "RotateContext", "ExtendTci"},
}
var CertifyKeyWithoutExtendTciTestCase = TestCase{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Can you make this test the base CertifyKey test, and then add one that is CertifyKeyWithExtendTci

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, only DiceTcb validation withDerived child requires ExtendTci, so added separate testcase for it in normal/simulator mode

Comment on lines 119 to 138
// Privilege escalation of child
// Adding new privileges to child that parent does NOT possess will cause failure
_, err = c.DeriveChild(handle,
make([]byte, digestLen),
DeriveChildFlags(InputAllowX509|InputAllowCA),
0, 0)
if err == nil {
t.Errorf("[ERROR]: Should return %q, but returned no error", StatusInvalidArgument)
} else if !errors.Is(err, StatusInvalidArgument) {
t.Errorf("[ERROR]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err)
}

// Privilege escalation for commands run in child context
// Similarly, when commands like CertifyKey try to make use of features that are unsupported
// by child context, it will fail.
if _, err = c.CertifyKey(handle, make([]byte, digestLen), CertifyKeyX509, CertifyAddIsCA); err == nil {
t.Errorf("[ERROR]: Should return %q, but returned no error", StatusInvalidArgument)
} else if !errors.Is(err, StatusInvalidArgument) {
t.Errorf("[ERROR]: Incorrect error type. Should return %q, but returned %q", StatusInvalidArgument, err)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the privilege escalation tests go in a separate test case?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Comment on lines 108 to 117
// Internal input flags
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), InternalInputDice, 0, 0); err != nil {
t.Errorf("[Error]: Error while making child context handle as default handle: %s", err)
}
handle = &resp.NewContextHandle

if resp, err = c.DeriveChild(handle, make([]byte, digestLen), InternalInputInfo, 0, 0); err != nil {
t.Errorf("[Error]: Error while making child context handle as default handle: %s", err)
}
handle = &resp.NewContextHandle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should put these in a separate test case since not all implementation will support internal inputs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done


// Finally, restore locality of handle for other tests
prevLocality := currentLocality
d.SetLocality(otherLocality)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not every test target has external locality control. We should move anything that requires locality control to a different test case and skip it if !d.HasLocalityControl()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have made it a separate test target. Added this check too.

	if !d.HasLocalityControl() {
		t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...")
	}

verification/deriveChild.go Show resolved Hide resolved
Comment on lines +29 to +36
// Child context handle returned will be the default context handle when MakeDefault flag is set
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), MakeDefault, 0, 0); err != nil {
t.Errorf("[ERROR]: Error while creating child context handle: %s", err)
}
handle = &resp.NewContextHandle
if resp.NewContextHandle != DefaultContextHandle {
t.Fatalf("[FATAL]: Incorrect handle. Should return %v, but returned %v", DefaultContextHandle, *handle)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anything that permanently modifies the DPE tree (requiring a reset) should be moved to a separate test case.

In this case, this will create a new retired node which can't be removed until next reset.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is made a separate test case and is moved out of list of common testcases - i.e. "AllTestCases" list

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make a separate list (similar to AllTestCases) called something like IrreversibleTestCases. And add any test case to that list which permenantly modifies the DPE tree?

This will make it easier for a target (other than the simulator) with reset control to run these tests separately, resetting DPE in between each one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the list, so far there are just two tests DeriveChild and DeriveChild in Simulation mode that alter DPE tree.

func TestDiceTcbInfoSimulation(d TestDPEInstance, c DPEClient, t *testing.T) {
testDiceTcbInfo(d, c, t, true)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made as a separate test case because, TestDiceTcbInfo requires derived context for various fields validation. Deriving child context requires to use MakeDefault, ChangeLocality(for Sim mode) when used as a part of "AllTestCases". So made it as separate testcase.

)

type TcgMultiTcbInfo = []DiceTcbInfo

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved to certs.go to remove cluttering

// - the "type" field must contain 4-byte tciType is provided by a client to DeriveChild.
// - the "fwid" field must contain cumulative TCI measurement.
func testDiceTcbInfo(d TestDPEInstance, c DPEClient, t *testing.T, simulation bool) {
handle := getInitialContextHandle(d, c, t, simulation)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do field validation for MultiTcb extension

if err != nil {
t.Error(err)
func checkPubKey(t *testing.T, p Profile, pubkey any, response CertifiedKey) {
var pubKeyInResponse ecdsa.PublicKey
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Existing function

t.Error(err)
// Checks whether the context handle is unchanged after certifyKey command when default context handle is used.
func checkCertifyKeyRespHandle(res CertifiedKey, t *testing.T, handle *ContextHandle) {
if *handle != DefaultContextHandle {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Existing function

verification/certifyKey.go Outdated Show resolved Hide resolved
verification/certifyKey.go Outdated Show resolved Hide resolved
verification/certifyKey.go Outdated Show resolved Hide resolved
verification/certifyKey.go Outdated Show resolved Hide resolved
verification/certifyKey.go Outdated Show resolved Hide resolved
verification/certs.go Outdated Show resolved Hide resolved
verification/certs.go Outdated Show resolved Hide resolved
verification/extendTCI.go Outdated Show resolved Hide resolved
Comment on lines +29 to +36
// Child context handle returned will be the default context handle when MakeDefault flag is set
if resp, err = c.DeriveChild(handle, make([]byte, digestLen), MakeDefault, 0, 0); err != nil {
t.Errorf("[ERROR]: Error while creating child context handle: %s", err)
}
handle = &resp.NewContextHandle
if resp.NewContextHandle != DefaultContextHandle {
t.Fatalf("[FATAL]: Incorrect handle. Should return %v, but returned %v", DefaultContextHandle, *handle)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make a separate list (similar to AllTestCases) called something like IrreversibleTestCases. And add any test case to that list which permenantly modifies the DPE tree?

This will make it easier for a target (other than the simulator) with reset control to run these tests separately, resetting DPE in between each one.

// Validates DerivedChild command with ChangeLocality flag.
func TestChangeLocality(d TestDPEInstance, c DPEClient, t *testing.T) {
if !d.HasLocalityControl() {
t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
t.Skip("WARNING: DPE profile does not have control over locality. Skipping this test...")
t.Skip("WARNING: DPE target does not have control over locality. Skipping this test...")

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed this

@sree-revoori1
Copy link
Contributor

Done in #305

@hpya93 hpya93 deleted the derivechild_support branch March 5, 2024 02:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants