File: keytest.go

package info (click to toggle)
golang-github-foxboron-go-tpm-keyfiles 0.0~git20241207.04534a2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, trixie
  • size: 216 kB
  • sloc: makefile: 9
file content (93 lines) | stat: -rw-r--r-- 2,630 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
package keytest

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/rsa"
	"testing"

	keyfile "github.com/foxboron/go-tpm-keyfiles"
	"github.com/google/go-tpm/tpm2"
	"github.com/google/go-tpm/tpm2/transport"
)

type KeyFunc func(t *testing.T, tpm transport.TPMCloser, keytype tpm2.TPMAlgID, bits int, ownerauth []byte, userauth []byte, comment string) (*keyfile.TPMKey, error)

func MkRSA(t *testing.T, bits int) rsa.PrivateKey {
	t.Helper()
	pk, err := rsa.GenerateKey(rand.Reader, bits)
	if err != nil {
		t.Fatalf("failed to generate rsa key: %v", err)
	}
	return *pk
}

func MkECDSA(t *testing.T, a elliptic.Curve) ecdsa.PrivateKey {
	t.Helper()
	pk, err := ecdsa.GenerateKey(a, rand.Reader)
	if err != nil {
		t.Fatalf("failed to generate ecdsa key: %v", err)
	}
	return *pk
}

// Test helper for CreateKey
func MkKey(t *testing.T, tpm transport.TPMCloser, keytype tpm2.TPMAlgID, bits int, ownerauth []byte, userauth []byte, comment string) (*keyfile.TPMKey, error) {
	t.Helper()
	return keyfile.NewLoadableKey(
		tpm, keytype, bits, []byte(nil),
		keyfile.WithUserAuth(userauth),
		keyfile.WithDescription(comment),
	)
}

// Helper to make an importable key
func MkImportableKey(t *testing.T, tpm transport.TPMCloser, keytype tpm2.TPMAlgID, bits int, ownerauth []byte, userauth []byte, comment string) (*keyfile.TPMKey, error) {
	t.Helper()
	var pk any
	switch keytype {
	case tpm2.TPMAlgECC:
		switch bits {
		case 256:
			pk = MkECDSA(t, elliptic.P256())
		case 384:
			pk = MkECDSA(t, elliptic.P384())
		case 521:
			pk = MkECDSA(t, elliptic.P521())
		}
	case tpm2.TPMAlgRSA:
		pk = MkRSA(t, bits)
	}

	// We need to always have a parent public, fetch the SRK one.
	sess := keyfile.NewTPMSession(tpm)
	h, srkpub, err := keyfile.CreateSRK(sess, tpm2.TPMRHOwner, []byte(""))
	if err != nil {
		t.Fatalf("failed creating srk for importable key: %v", err)
	}
	keyfile.FlushHandle(tpm, h)

	return keyfile.NewImportablekey(srkpub, pk,
		keyfile.WithUserAuth(userauth),
		keyfile.WithDescription(comment))
}

// Ensure we can try the entire conversion flows from imported key -> loadable key
func MkImportableToLoadableKey(t *testing.T, tpm transport.TPMCloser, keytype tpm2.TPMAlgID, bits int, ownerauth []byte, userauth []byte, comment string) (*keyfile.TPMKey, error) {
	t.Helper()
	k, err := MkImportableKey(t, tpm, keytype, bits, ownerauth, userauth, comment)
	if err != nil {
		return nil, err
	}
	return keyfile.ImportTPMKey(tpm, k, ownerauth)
}

// Give us some random bytes
func MustRand(size int) []byte {
	b := make([]byte, size)
	if _, err := rand.Read(b); err != nil {
		panic(err)
	}
	return b
}