search

salrashid123 / signer

golang crypto.Signer for Trusted Platform Module (TPM) and Google Cloud KMS
Apache License 2.0
30 stars 10 forks source link

Add TPM tests #15

Closed ohkinozomu closed 6 months ago

ohkinozomu commented 6 months ago

I created the tests for TPM. If not needed, feel free to close this PR. Continuous testing is desirable, but it seems that GitHub Actions does not support TPM.

salrashid123 commented 6 months ago

thanks for the PR...tests are something i should invest in a lot more here :)

i think you can use the simulator here (i haven't used it before now but worth trying out

import (
    "testing"

    "github.com/google/go-tpm-tools/simulator"
    "github.com/stretchr/testify/require"
)

func TestTPMPublic(t *testing.T) {

    //tpmDevice, err := tpm2.OpenTPM()
    tpmDevice, err := simulator.Get()

also, i'm planning on removing the vault, kms and pem signers from this repo and focusing it just on the TPM (since that's probably the main thing people are after). I'll keep the same package and folder structure but just remove the other 'signers' nobody uses

ohkinozomu commented 6 months ago

I was not aware of github.com/google/go-tpm-tools/simulator. It's very useful. I've switched to using the simulator and added GitHub Actions.

salrashid123 commented 6 months ago

@ohkinozomu for ref: i also added test cases to these following sets incase your'e interested in these variation involving tpm and signers or jwt generation

i also added many more test cases to this repo but for some reason, the push to main doens't trigger the action incase you have any thoughts (i've never used workflows till this)

https://github.com/salrashid123/signer/blob/master/.github/workflows/test.yaml https://github.com/salrashid123/signer/actions/workflows/test.yaml

$ go test -v
=== RUN   TestTPMPublic
--- PASS: TestTPMPublic (0.04s)
=== RUN   TestTPMSignRSA
--- PASS: TestTPMSignRSA (0.01s)
=== RUN   TestTPMSignRSAFail
--- PASS: TestTPMSignRSAFail (0.02s)
=== RUN   TestTPMSignRSAPSS
--- PASS: TestTPMSignRSAPSS (0.06s)
=== RUN   TestTPMSignECC
--- PASS: TestTPMSignECC (0.00s)
=== RUN   TestTPMSignECCRAW
--- PASS: TestTPMSignECCRAW (0.00s)
=== RUN   TestTPMSignPolicy
--- PASS: TestTPMSignPolicy (0.06s)
=== RUN   TestTPMSignPolicyFail
--- PASS: TestTPMSignPolicyFail (0.01s)
PASS
ok      github.com/salrashid123/signer/tpm  0.237s

-- edit: i added a workflow trigger and ran it manually but not on push

ohkinozomu commented 6 months ago

@salrashid123 It was originally my mistake. It will probably be resolved by https://github.com/salrashid123/signer/pull/18.

salrashid123 commented 6 months ago

thanks; that triggered the workflow on merge