Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2/3] Keydata v3 scope changes #270

Merged
merged 49 commits into from
Feb 28, 2024
Merged

[2/3] Keydata v3 scope changes #270

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
74f8b08
platform.go: add role field to PlatformKeyData
sespiros Oct 16, 2023
4645ce8
keydata.go, keydata_legacy.go: refactor handling of authorized snap m…
sespiros Oct 16, 2023
ed975b3
keydata_test.go: fix mockProtectKeys after scope changes
sespiros Jan 23, 2024
a76f332
bootenv: move keydata model authorization to separate package
sespiros Oct 16, 2023
cc16a83
keydata.go: add role field in secboot.keydata
sespiros Oct 16, 2023
1af77a7
crypt.go: make SkipSnapModelCheck the default behaviour
sespiros Jan 23, 2024
bfe8980
keydata_test.go: fix legacy test for the new role field
sespiros Oct 27, 2023
6c9fb0f
bootenv/keydata.go: initialize model digest hash algorithm
sespiros Oct 27, 2023
84e6d65
bootenv/keydata.go: add kdfAlg, baseVersion fields in additionalData
sespiros Oct 27, 2023
48fab3f
bootenv: add tests for keyDataScope
sespiros Oct 27, 2023
a214639
bootenv/keydata.go: add doc comments
sespiros Jan 16, 2024
78e3364
crypt_test.go: rename primaryKey to diskUnlockKey
sespiros Jan 17, 2024
a6e3520
crypt_test.go, keydata*test.go: modify tests for new keydata format
sespiros Jan 22, 2024
f9a7f8e
bootenv: add tests for MakeAdditionalData
sespiros Jan 22, 2024
8810ae5
snap_test.go: add test for computeSnapModelHash
sespiros Jan 23, 2024
dad82f9
bootenv/keydata_test.go: add tests for hashAlg/ecdsaPublicKey marshal…
sespiros Jan 23, 2024
d9b9a2a
bootenv/keydata_test.go: add a test for wrong key supplied to SetAuth…
sespiros Jan 23, 2024
2e4c29a
bootenv/keydata_test.go: add a test for wrong key supplied to SetAuth…
sespiros Jan 23, 2024
f2ffc65
bootenv/keydata_test.go: add test for deterministic derivation of ell…
sespiros Jan 23, 2024
2f0e295
bootenv: add scope tests
sespiros Jan 31, 2024
4c10b40
bootenv/keydata_test.go: add deriveSigner tests with fixed keys
sespiros Feb 27, 2024
0521626
keydata_legacy.go: rename primaryKey to auxKey in unmarshalV1KeyPayload
sespiros Feb 27, 2024
6625be3
keydata.go: expand doc comment for AuthorizedSnapModels
sespiros Feb 27, 2024
767ac13
bootenv: make additionalData private
sespiros Feb 27, 2024
dae8903
bootenv/keydata.go: expand MakeAdditionalData comment
sespiros Feb 27, 2024
d42e414
bootenv: move unmarshalHashAlg to export_test.go
sespiros Feb 27, 2024
8e77c31
bootenv: change baseVersion to generation
sespiros Feb 27, 2024
b1e8248
bootenv/keydata.go: add doc comments for KeyDataScopeParams fields
sespiros Feb 27, 2024
8299964
multiple: fix wording for comments mentioning ASN1
sespiros Feb 27, 2024
8cec665
keydata_test.go: add extra checks in TestNewKeyDataScopeSuccess
sespiros Feb 27, 2024
8177fbc
bootenv/keydata_test.go: add small style change
sespiros Feb 27, 2024
6bc4186
bootenv: move NewPrimaryKey to keydata_test.go
sespiros Feb 27, 2024
da49e74
bootenv: convert MakeAdditionalData tests to fixed
sespiros Feb 27, 2024
f65f537
bootenv/keydata_test.go: add extra checks for TestSetAuthorizedSnapMo…
sespiros Feb 27, 2024
0cd840a
bootenv/keydata_test.go: cleanup tests
sespiros Feb 27, 2024
159895f
bootenv/keydata_test.go: consistent variable names in tests
sespiros Feb 27, 2024
e6408fd
bootenv/keydata_test.go: add extra checks for TestSetAuthorizedBootModes
sespiros Feb 27, 2024
284ebca
keydata_test.go: rename diskUnlockKey to unlockKey
sespiros Feb 27, 2024
2a5277c
keydata_test.go: remove TestRecoverLegacyKeyWithPassphrase
sespiros Feb 27, 2024
c12c559
keydata_test.go: add TestChangePassphraseWrongPassphrase again
sespiros Feb 27, 2024
6051c17
bootenv: refactor use of currentBootMode and currentModel in tests
sespiros Feb 27, 2024
8f2f770
bootenv: rename to bootscope
sespiros Feb 27, 2024
27bdb5f
bootscope: rename env.go to scope.go and add package doc comment
sespiros Feb 27, 2024
65291ec
bootscope: rename MakeAdditionalData to MakeAEADAdditionalData
sespiros Feb 27, 2024
07bab29
bootscope/export_test.go: remove unmarshalHashAlg
sespiros Feb 27, 2024
6a0df9b
bootscope/keydata_test.go: remove tests for mockPlatformKeyDataHandler
sespiros Feb 27, 2024
29521d8
keydata_test.go: move and rename TestSnapModelAuthErrorHandling
sespiros Feb 27, 2024
576b3cf
bootscope/keydata_test.go: fix typo
sespiros Feb 27, 2024
7957f52
bootscope/keydata: add marshal and unmarshal JSON for KeyDataScope
sespiros Feb 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions bootscope/bootscope_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
// -*- Mode: Go; indent-tabs-mode: t -*-

/*
* Copyright (C) 2023 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

package bootscope

import (
"testing"

. "gopkg.in/check.v1"
)

func Test(t *testing.T) { TestingT(t) }
81 changes: 81 additions & 0 deletions bootscope/export_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
// -*- Mode: Go; indent-tabs-mode: t -*-

/*
* Copyright (C) 2023 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

package bootscope

import (
"bytes"
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/x509"
"sync/atomic"

"github.com/snapcore/secboot"
internal_crypto "github.com/snapcore/secboot/internal/crypto"
)

var (
ComputeSnapModelHash = computeSnapModelHash
)

func ClearBootModeAndModel() {
currentModel = atomic.Value{}
currentBootMode = atomic.Value{}
}

func (d *KeyDataScope) TestSetVersion(version int) {
d.data.Version = version
}

func (d *KeyDataScope) TestMatch(KDFAlg crypto.Hash, keyIdentifier []byte) bool {
der, err := x509.MarshalPKIXPublicKey(d.data.PublicKey.PublicKey)
if err != nil {
return false
}

h := KDFAlg.New()
h.Write(der)
return bytes.Equal(h.Sum(nil), keyIdentifier)
}

func (d *KeyDataScope) DeriveSigner(key secboot.PrimaryKey, role string) (crypto.Signer, error) {
return d.deriveSigner(key, role)
}

func NewHashAlg(alg crypto.Hash) hashAlg {
return hashAlg(alg)
}

func NewEcdsaPublicKey(rand []byte) (ecdsaPublicKey, error) {
var pk ecdsaPublicKey

privateKey, err := internal_crypto.GenerateECDSAKey(elliptic.P256(), bytes.NewReader(rand))
if err != nil {
return pk, err
}

pk.PublicKey = privateKey.Public().(*ecdsa.PublicKey)

return pk, nil
}

func (d *KeyDataScope) Data() keyDataScope {
return d.data
}
Loading
Loading