Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add HierarchyChangeAuth command #357

Merged
merged 1 commit into from
May 14, 2024
Merged

feat: add HierarchyChangeAuth command #357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions tpm2/test/hierarchy_change_auth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package tpm2test

import (
"errors"
"testing"

. "github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpm2/transport/simulator"
)

func TestHierarchyChangeAuth(t *testing.T) {
thetpm, err := simulator.OpenSimulator()
if err != nil {
t.Fatalf("could not connect to TPM simulator: %v", err)
}
defer thetpm.Close()

authKey := []byte("authkey")
newAuthKey := []byte("newAuthKey")

t.Run("HierarchyChangeAuthOwner", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: TPMRHOwner,
NewAuth: TPM2BAuth{
Buffer: authKey,
},
}

_, err := hca.Execute(thetpm)
if err != nil {
t.Errorf("failed HierarchyChangeAuth: %v", err)
}
})

t.Run("HierarchyChangeAuthOwnerUnauth", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: TPMRHOwner,
NewAuth: TPM2BAuth{
Buffer: newAuthKey,
},
}

_, err := hca.Execute(thetpm)
if !errors.Is(err, TPMRCBadAuth) {
t.Errorf("failed HierarchyChangeAuthWithoutAuth: want TPM_RC_BAD_AUTH, got %v", err)
}
})

t.Run("HierarchyChangeAuthOwnerAuth", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: AuthHandle{
Handle: TPMRHOwner,
Auth: PasswordAuth(authKey),
},
NewAuth: TPM2BAuth{
Buffer: newAuthKey,
},
}

_, err := hca.Execute(thetpm)
if err != nil {
t.Errorf("failed HierarchyChangeAuthWithAuth: %v", err)
}
})
}
24 changes: 24 additions & 0 deletions tpm2/tpm2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1518,6 +1518,30 @@ func (cmd Clear) Execute(t transport.TPM, s ...Session) (*ClearResponse, error)
// ClearResponse is the response from TPM2_Clear.
type ClearResponse struct{}

// HierarchyChangeAuth is the input to TPM2_HierarchyChangeAuth.
// See definition in Part 3, Commands, section 24.8
type HierarchyChangeAuth struct {
// TPM_RH_ENDORSEMENT, TPM_RH_LOCKOUT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
AuthHandle handle `gotpm:"handle,auth"`
// new authorization value
NewAuth TPM2BAuth
}

// Command implements the Command interface.
func (HierarchyChangeAuth) Command() TPMCC { return TPMCCHierarchyChanegAuth }

// Execute executes the command and returns the response.
func (cmd HierarchyChangeAuth) Execute(t transport.TPM, s ...Session) (*HierarchyChangeAuthResponse, error) {
var rsp HierarchyChangeAuthResponse
if err := execute[HierarchyChangeAuthResponse](t, cmd, &rsp, s...); err != nil {
return nil, err
}
return &rsp, nil
}

// HierarchyChangeAuthResponse is the response from TPM2_HierarchyChangeAuth.
type HierarchyChangeAuthResponse struct{}

// ContextSave is the input to TPM2_ContextSave.
// See definition in Part 3, Commands, section 28.2
type ContextSave struct {
Expand Down