From f4c8bf98f5cae0c424654006e1633794342022ff Mon Sep 17 00:00:00 2001 From: Matthew Tsai Date: Mon, 27 Jun 2022 18:58:36 +0000 Subject: [PATCH] Fixed test, nits and added additional comments on maxListLength --- direct/tpm2/combined_context_test.go | 99 ++++++++++++++-------------- direct/tpm2/reflect.go | 4 +- 2 files changed, 52 insertions(+), 51 deletions(-) diff --git a/direct/tpm2/combined_context_test.go b/direct/tpm2/combined_context_test.go index d56727dd..89db30cc 100644 --- a/direct/tpm2/combined_context_test.go +++ b/direct/tpm2/combined_context_test.go @@ -7,112 +7,111 @@ import ( "github.com/google/go-tpm/direct/structures/tpm" "github.com/google/go-tpm/direct/structures/tpm2b" "github.com/google/go-tpm/direct/structures/tpma" + "github.com/google/go-tpm/direct/structures/tpml" "github.com/google/go-tpm/direct/structures/tpms" "github.com/google/go-tpm/direct/structures/tpmt" "github.com/google/go-tpm/direct/structures/tpmu" + "github.com/google/go-tpm/direct/transport" "github.com/google/go-tpm/direct/transport/simulator" ) -func CombinedContextTest(t *testing.T) { +func ReadPublicName(t *testing.T, handle tpm.Handle, thetpm transport.TPM) tpm2b.Name { + readPublic := ReadPublic{ + ObjectHandle: handle, + } + + rspRP, err := readPublic.Execute(thetpm) + if err != nil { + t.Fatalf("Failed to read public: %v", err) + } + + return rspRP.Name +} + +func TestCombinedContext(t *testing.T) { thetpm, err := simulator.OpenSimulator() if err != nil { t.Fatalf("could not connect to TPM simulator: %v", err) } defer thetpm.Close() + PCR7, err := CreatePCRSelection([]int{7}) + if err != nil { + t.Fatalf("Failed to create PCRSelection") + } + createPrimary := CreatePrimary{ PrimaryHandle: tpm.RHOwner, + InPublic: tpm2b.Public{ PublicArea: tpmt.Public{ - Type: tpm.AlgECC, + Type: tpm.AlgRSA, NameAlg: tpm.AlgSHA256, ObjectAttributes: tpma.Object{ + SignEncrypt: true, FixedTPM: true, FixedParent: true, SensitiveDataOrigin: true, UserWithAuth: true, - SignEncrypt: true, }, Parameters: tpmu.PublicParms{ - ECCDetail: &tpms.ECCParms{ - Scheme: tpmt.ECCScheme{ - Scheme: tpm.AlgECDSA, + RSADetail: &tpms.RSAParms{ + Scheme: tpmt.RSAScheme{ + Scheme: tpm.AlgRSASSA, Details: tpmu.AsymScheme{ - ECDSA: &tpms.SigSchemeECDSA{ + RSASSA: &tpms.SigSchemeRSASSA{ HashAlg: tpm.AlgSHA256, }, }, }, - CurveID: tpm.ECCNistP256, + KeyBits: 2048, }, }, }, }, - } - - rspCP, err := createPrimary.Execute(thetpm) - if err != nil { - t.Fatalf("CreatePrimary failed: %v", err) - } - - flushContextCP := FlushContext{FlushHandle: rspCP.ObjectHandle} - defer flushContextCP.Execute(thetpm) - - cl := CreateLoaded{ - ParentHandle: rspCP.ObjectHandle, - InPublic: tpm2b.Template{ - Template: tpmt.Public{ - Type: tpm.AlgKeyedHash, - NameAlg: tpm.AlgSHA256, - ObjectAttributes: tpma.Object{ - SensitiveDataOrigin: true, - UserWithAuth: true, - Decrypt: true, - Restricted: true, - }, - Parameters: tpmu.PublicParms{ - KeyedHashDetail: &tpms.KeyedHashParms{ - Scheme: tpmt.KeyedHashScheme{ - Scheme: tpm.AlgXOR, - Details: tpmu.SchemeKeyedHash{ - XOR: &tpms.SchemeXOR{ - HashAlg: tpm.AlgSHA256, - KDF: tpm.AlgKDF1SP800108, - }, - }, - }, - }, + CreationPCR: tpml.PCRSelection{ + PCRSelections: []tpms.PCRSelection{ + { + Hash: tpm.AlgSHA1, + PCRSelect: PCR7, }, }, }, } - rspCrL, err := cl.Execute(thetpm) + rspCP, err := createPrimary.Execute(thetpm) if err != nil { - t.Fatalf("could not create derivation parent: %v:", err) + t.Fatalf("could not create key: %v", err) } + flushContextObject := FlushContext{FlushHandle: rspCP.ObjectHandle} + defer flushContextObject.Execute(thetpm) + contextSave := ContextSave{ - SaveHandle: rspCrL.ObjectHandle, + SaveHandle: rspCP.ObjectHandle, } + rspCS, err := contextSave.Execute(thetpm) if err != nil { t.Fatalf("ContextSave failed: %v", err) } - flushContextCL := FlushContext{FlushHandle: rspCrL.ObjectHandle} - flushContextCL.Execute(thetpm) - contextLoad := ContextLoad{ Context: rspCS.Context, } - rspCoL, err := contextLoad.Execute(thetpm) + rspCL, err := contextLoad.Execute(thetpm) if err != nil { t.Fatalf("ContextLoad failed: %v", err) } - if !cmp.Equal(rspCoL.LoadedHandle, rspCrL.ObjectHandle) { + flushContextLoaded := FlushContext{FlushHandle: rspCL.LoadedHandle} + defer flushContextLoaded.Execute(thetpm) + + rspCLName := ReadPublicName(t, rspCL.LoadedHandle, thetpm) + rspCPName := ReadPublicName(t, rspCP.ObjectHandle, thetpm) + + if !cmp.Equal(rspCLName, rspCPName) { t.Error("Mismatch between public returned from ContextLoad & CreateLoaded") } } diff --git a/direct/tpm2/reflect.go b/direct/tpm2/reflect.go index 198c1965..ff57dbd7 100644 --- a/direct/tpm2/reflect.go +++ b/direct/tpm2/reflect.go @@ -20,7 +20,9 @@ import ( const ( // Chosen based on MAX_DIGEST_BUFFER, the length of the longest // reasonable list returned by the reference implementation. - maxListLength uint32 = 1024 + // The maxListLength must be greater than MAX_CONTEXT_SIZE = 1344, + // in order to allow for the unmarshalling of Context. + maxListLength uint32 = 4096 ) // execute sends the provided command and returns the TPM's response.