Skip to content

Commit

Permalink
feat: add HierarchyChangeAuth command (#357)
Browse files Browse the repository at this point in the history
see definition in Part 3, Commands, section 24.8
  • Loading branch information
novag authored May 14, 2024
1 parent 5c2f088 commit 58e3e47
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 0 deletions.
65 changes: 65 additions & 0 deletions tpm2/test/hierarchy_change_auth_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package tpm2test

import (
"errors"
"testing"

. "github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpm2/transport/simulator"
)

func TestHierarchyChangeAuth(t *testing.T) {
thetpm, err := simulator.OpenSimulator()
if err != nil {
t.Fatalf("could not connect to TPM simulator: %v", err)
}
defer thetpm.Close()

authKey := []byte("authkey")
newAuthKey := []byte("newAuthKey")

t.Run("HierarchyChangeAuthOwner", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: TPMRHOwner,
NewAuth: TPM2BAuth{
Buffer: authKey,
},
}

_, err := hca.Execute(thetpm)
if err != nil {
t.Errorf("failed HierarchyChangeAuth: %v", err)
}
})

t.Run("HierarchyChangeAuthOwnerUnauth", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: TPMRHOwner,
NewAuth: TPM2BAuth{
Buffer: newAuthKey,
},
}

_, err := hca.Execute(thetpm)
if !errors.Is(err, TPMRCBadAuth) {
t.Errorf("failed HierarchyChangeAuthWithoutAuth: want TPM_RC_BAD_AUTH, got %v", err)
}
})

t.Run("HierarchyChangeAuthOwnerAuth", func(t *testing.T) {
hca := HierarchyChangeAuth{
AuthHandle: AuthHandle{
Handle: TPMRHOwner,
Auth: PasswordAuth(authKey),
},
NewAuth: TPM2BAuth{
Buffer: newAuthKey,
},
}

_, err := hca.Execute(thetpm)
if err != nil {
t.Errorf("failed HierarchyChangeAuthWithAuth: %v", err)
}
})
}
24 changes: 24 additions & 0 deletions tpm2/tpm2.go
Original file line number Diff line number Diff line change
Expand Up @@ -1518,6 +1518,30 @@ func (cmd Clear) Execute(t transport.TPM, s ...Session) (*ClearResponse, error)
// ClearResponse is the response from TPM2_Clear.
type ClearResponse struct{}

// HierarchyChangeAuth is the input to TPM2_HierarchyChangeAuth.
// See definition in Part 3, Commands, section 24.8
type HierarchyChangeAuth struct {
// TPM_RH_ENDORSEMENT, TPM_RH_LOCKOUT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}
AuthHandle handle `gotpm:"handle,auth"`
// new authorization value
NewAuth TPM2BAuth
}

// Command implements the Command interface.
func (HierarchyChangeAuth) Command() TPMCC { return TPMCCHierarchyChanegAuth }

// Execute executes the command and returns the response.
func (cmd HierarchyChangeAuth) Execute(t transport.TPM, s ...Session) (*HierarchyChangeAuthResponse, error) {
var rsp HierarchyChangeAuthResponse
if err := execute[HierarchyChangeAuthResponse](t, cmd, &rsp, s...); err != nil {
return nil, err
}
return &rsp, nil
}

// HierarchyChangeAuthResponse is the response from TPM2_HierarchyChangeAuth.
type HierarchyChangeAuthResponse struct{}

// ContextSave is the input to TPM2_ContextSave.
// See definition in Part 3, Commands, section 28.2
type ContextSave struct {
Expand Down

0 comments on commit 58e3e47

Please sign in to comment.