Merge pull request #9 from boxboat/feature/tests-upstream

Add Tests

.gitignore

@@ -1,2 +1,7 @@
+# go binaries
 /tpm_attestor_server
 /tpm_attestor_agent
+/get_tpm_pubhash
+
+# jetbrains
+.idea

Makefile

@@ -1,3 +1,4 @@
-build: cmd/server/tpm_attestor/tpm_attestor.go cmd/agent/tpm_attestor/tpm_attestor.go
+build: cmd/server/tpm_attestor/tpm_attestor.go cmd/agent/tpm_attestor/tpm_attestor.go tools/get_tpm_pubhash/get_tpm_pubhash.go
 	GOOS=linux GOARCH=amd64 go build -o tpm_attestor_server cmd/server/tpm_attestor/tpm_attestor.go
 	GOOS=linux GOARCH=amd64 go build -o tpm_attestor_agent cmd/agent/tpm_attestor/tpm_attestor.go
+	GOOS=linux GOARCH=amd64 go build -o get_tpm_pubhash tools/get_tpm_pubhash/get_tpm_pubhash.go

ci/build.sh

@@ -0,0 +1,29 @@
+#!/bin/bash -e
+
+cd "$(dirname "$0")"
+
+export "FIXUID=$(id -u)"
+export "FIXGID=$(id -g)"
+
+function cleanup() {
+  docker-compose \
+    -f docker/docker-compose.yaml \
+    -p spire-tpm-plugin \
+    stop
+}
+
+trap cleanup EXIT
+
+docker-compose \
+  -f docker/docker-compose.yaml \
+  -p spire-tpm-plugin \
+  up \
+  --build \
+  -d
+
+docker exec \
+  -t \
+  -w "/home/docker/spire-tpm-plugin/" \
+  spire-tpm-plugin-ci \
+  fixuid \
+  make

ci/docker/Dockerfile

@@ -0,0 +1,33 @@
+FROM golang:latest AS go
+
+FROM ubuntu:20.04
+
+RUN addgroup --gid 1000 docker \
+    && adduser --uid 1000 --ingroup docker --home /home/docker --shell /bin/sh --disabled-password --gecos "" docker
+
+RUN apt-get update \
+    && apt-get install -y \
+        curl \
+        gcc \
+        libtspi-dev \
+        make \
+        pwgen \
+        tpm2-tools \
+        xxd
+
+RUN USER=docker \
+    && GROUP=docker \
+    && curl -SsL https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-amd64.tar.gz | tar -C /usr/local/bin -xzf - \
+    && chown root:root /usr/local/bin/fixuid \
+    && chmod 4755 /usr/local/bin/fixuid
+
+COPY fixuid.yml /etc/fixuid/config.yml
+
+COPY --from=go /usr/local/go /usr/local/go
+ENV PATH=$PATH:/usr/local/go/bin
+
+USER docker:docker
+WORKDIR /home/docker/spire-tpm-plugin
+CMD ["sh", "-c", "trap : TERM INT; ( while true; do sleep 0.1; done ) & wait"]
+
+RUN mkdir -p /home/docker/go

ci/docker/docker-compose.yaml

@@ -0,0 +1,15 @@
+version: "3.4"
+
+services:
+  go:
+    build:
+      context: ./
+      dockerfile: Dockerfile
+    container_name: spire-tpm-plugin-ci
+    user: ${FIXUID:-1000}:${FIXGID:-1000}
+    volumes:
+      - gopath:/home/docker/go
+      - ../../:/home/docker/spire-tpm-plugin
+
+volumes:
+  gopath:

ci/docker/fixuid.yml

@@ -0,0 +1,5 @@
+user: docker
+group: docker
+paths:
+  - /home/docker
+  - /home/docker/go

ci/reset.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+cd "$(dirname "$0")"
+
+export "FIXUID=$(id -u)"
+export "FIXGID=$(id -g)"
+
+docker-compose \
+  -f docker/docker-compose.yaml \
+  -p spire-tpm-plugin \
+  down \
+  -v

ci/test.sh

@@ -0,0 +1,48 @@
+#!/bin/bash -e
+
+cd "$(dirname "$0")"
+
+export "FIXUID=$(id -u)"
+export "FIXGID=$(id -g)"
+
+option="$1"
+if [ -z "$1" ]; then
+  option="all"
+fi
+
+test_dirs=()
+if [ "$option" = "plugin" ] || [ "$option" = "all" ]; then
+  test_dirs+=("pkg/agent")
+fi
+if [ "$option" = "tools" ] || [ "$option" = "all" ]; then
+  test_dirs+=("tools/get_tpm_pubhash")
+fi
+
+if [ "${#test_dirs[@]}" = "0" ]; then
+  echo "usage: $0 all|plugin|tools" >&2
+  exit 1
+fi
+
+function cleanup() {
+  docker-compose \
+    -f docker/docker-compose.yaml \
+    -p spire-tpm-plugin \
+    stop
+}
+
+trap cleanup EXIT
+
+docker-compose \
+  -f docker/docker-compose.yaml \
+  -p spire-tpm-plugin \
+  start
+
+for i in "${test_dirs[@]}"; do
+  echo "calling go test on dir: $i"
+  docker exec \
+    -t \
+    -w "/home/docker/spire-tpm-plugin/$i" \
+    spire-tpm-plugin-ci \
+    go test
+  echo ""
+done

ci/tpm2_ek_cert_generator/.gitignore

@@ -0,0 +1,4 @@
+__working_dir
+summaries
+tpm2_ekc.der.crt
+tpm2_ekc.pem.crt

ci/tpm2_ek_cert_generator/LICENSE

@@ -0,0 +1,19 @@
+Copyright 2019 Marco De Benedictis - Politecnico di Torino
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ci/tpm2_ek_cert_generator/Makefile

@@ -0,0 +1,4 @@
+target:
+	bash -e generate_ek_cert.sh
+clean:
+	rm -rf _tpm* public* summaries* tpm2_ekc* __working_dir*

ci/tpm2_ek_cert_generator/README.md

@@ -0,0 +1,10 @@
+# TPM 2.0 simulator EK cert generator
+
+Files in this directory have been adapted from [tpm2_ek_cert_generator](https://github.com/mrcdb/tpm2_ek_cert_generator) to generate and load EK certs into the simulator
+
+Packages required:
+
+- `make`
+- `pwgen`
+- `tpm2-tools`
+- `xxd`