Examples with SecurityProviderTPMEmulator com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator used on opensource projects

Example 26 with SecurityProviderTPMEmulator

use of com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator in project azure-iot-sdk-java by Azure.

the class SecurityProviderTPMEmulatorTest method getterReturnsRegistrationIdIfFound.

// SRS_SecurityProviderTPMEmulator_25_006: [ This method shall return registration Id if it was provided. ]
@Test
public void getterReturnsRegistrationIdIfFound() throws Exception {
    // arrange
    createPersistentPrimaryExpectations();
    createPersistentPrimaryExpectations();
    SecurityProviderTPMEmulator securityProviderTPMEmulator = new SecurityProviderTPMEmulator(VALID_REGISTRATION_IDS[0]);
    // act
    String testRegId = securityProviderTPMEmulator.getRegistrationId();
    // assert
    assertEquals(VALID_REGISTRATION_IDS[0], testRegId);
}

Example 27 with SecurityProviderTPMEmulator

use of com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator in project azure-iot-sdk-java by Azure.

the class SecurityProviderTPMEmulatorTest method getEndorsementKeySucceeds.

// SRS_SecurityProviderTPMEmulator_25_032: [ This method shall return the TPM2B_PUBLIC form of EK. ]
@Test
public void getEndorsementKeySucceeds() throws Exception {
    // arrange
    createPersistentPrimaryExpectations();
    createPersistentPrimaryExpectations();
    SecurityProviderTPMEmulator securityProviderTPMEmulator = new SecurityProviderTPMEmulator();
    // act //assert
    TestCase.assertNotNull(securityProviderTPMEmulator.getEndorsementKey());
}

Example 28 with SecurityProviderTPMEmulator

use of com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator in project azure-iot-sdk-java by Azure.

the class SecurityProviderTPMEmulatorTest method activateIdentityKeySucceeds.

// SRS_SecurityProviderTPMEmulator_25_009: [ This method shall start Authorization session with TPM. ]
// SRS_SecurityProviderTPMEmulator_25_011: [ This method shall set the policy secret on to TPM using the endorsement. ]
// SRS_SecurityProviderTPMEmulator_25_012: [ This method shall activate the credential for the session. ]
// SRS_SecurityProviderTPMEmulator_25_014: [ This method shall import the activated credential onto TPM. ]
// SRS_SecurityProviderTPMEmulator_25_016: [ This method shall load SRK onto TPM. ]
// SRS_SecurityProviderTPMEmulator_25_018: [ This method shall clear the persistent for key role "ID Key" . ]
// SRS_SecurityProviderTPMEmulator_25_019: [ This method Evict Control once done . ]
// SRS_SecurityProviderTPMEmulator_25_020: [ This method Flush the context once done . ]
// SRS_SecurityProviderTPMEmulator_25_022: [ This method shall create TPMS_SENSITIVE_CREATE for the inner wrap key . ]
// SRS_SecurityProviderTPMEmulator_25_024: [ This method shall load the created response private onto TPM. ]
// SRS_SecurityProviderTPMEmulator_25_026: [ This method shall Encrypt Decrypt the symmetric Key. ]
// SRS_SecurityProviderTPMEmulator_25_028: [ This method shall flush the context for the symmetric Key. ]
@Test
public void activateIdentityKeySucceeds() throws Exception {
    // arrange
    final byte[] testKey = "testKey".getBytes(StandardCharsets.UTF_8);
    createPersistentPrimaryExpectations();
    createPersistentPrimaryExpectations();
    SecurityProviderTPMEmulator securityProviderTPMEmulator = new SecurityProviderTPMEmulator();
    new NonStrictExpectations() {

        {
            TPM2B_PUBLIC.fromTpm((TpmBuffer) any);
            result = mockedTpm2BPublic;
            TPM2B_DATA.fromTpm((TpmBuffer) any);
            result = mockedTpm2BData;
            mockedTpm.StartAuthSession((TPM_HANDLE) any, (TPM_HANDLE) any, (byte[]) any, (byte[]) any, (TPM_SE) any, (TPMT_SYM_DEF) any, (TPM_ALG_ID) any);
            result = mockedStartAuthSessionResponse;
            mockedTpm.PolicySecret((TPM_HANDLE) any, (TPM_HANDLE) any, (byte[]) any, (byte[]) any, (byte[]) any, anyInt);
            mockedTpm._withSessions((TPM_HANDLE) any, mockedStartAuthSessionResponse.handle);
            mockedTpm.ActivateCredential((TPM_HANDLE) any, (TPM_HANDLE) any, (TPMS_ID_OBJECT) any, (byte[]) any);
            result = "innerWrapKey".getBytes(StandardCharsets.UTF_8);
            mockedTpm.Import((TPM_HANDLE) any, (byte[]) any, (TPMT_PUBLIC) any, (TPM2B_PRIVATE) any, (byte[]) any, (TPMT_SYM_DEF_OBJECT) any);
            result = mockedTpm2BPrivate;
            mockedTpm.Load((TPM_HANDLE) any, (TPM2B_PRIVATE) any, (TPMT_PUBLIC) any);
            result = mockedTpmHandle;
            // clearPersistentExpectations
            mockedTpm._allowErrors();
            mockedTpm.ReadPublic((TPM_HANDLE) any);
            result = mockedReadPublicResponse;
            mockedTpm._getLastResponseCode();
            result = TPM_RC.SUCCESS;
            mockedTpm.EvictControl((TPM_HANDLE) any, (TPM_HANDLE) any, (TPM_HANDLE) any);
            mockedTpm.EvictControl((TPM_HANDLE) any, (TPM_HANDLE) any, (TPM_HANDLE) any);
            mockedTpm.FlushContext((TPM_HANDLE) any);
            Deencapsulation.setField(mockedTpm2BData, "buffer", "len<10".getBytes(StandardCharsets.UTF_8));
            TpmHelpers.getTpmProperty(mockedTpm, TPM_PT.INPUT_BUFFER);
            result = 10;
            mockedTpm.Create((TPM_HANDLE) any, (TPMS_SENSITIVE_CREATE) any, (TPMT_PUBLIC) any, (byte[]) any, (TPMS_PCR_SELECTION[]) any);
            result = mockedCreateResponse;
            mockedTpm.Load((TPM_HANDLE) any, (TPM2B_PRIVATE) any, (TPMT_PUBLIC) any);
            result = mockedTpmHandle;
            mockedTpm.EncryptDecrypt((TPM_HANDLE) any, anyByte, (TPM_ALG_ID) any, (byte[]) any, (byte[]) any);
            result = mockedEncryptDecryptResponse;
            mockedTpm.FlushContext((TPM_HANDLE) any);
        }
    };
    // act
    securityProviderTPMEmulator.activateIdentityKey(testKey);
}

Example 29 with SecurityProviderTPMEmulator

use of com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator in project azure-iot-sdk-java by Azure.

the class SecurityProviderTPMEmulatorTest method activateIdentityKeyThrowsOnStartAuthSessionFail.

// SRS_SecurityProviderTPMEmulator_25_010: [ This method shall throw  SecurityProviderException if Authorization session with TPM could not be started. ]
@Test(expected = SecurityProviderException.class)
public void activateIdentityKeyThrowsOnStartAuthSessionFail() throws Exception {
    // arrange
    final byte[] testKey = "testKey".getBytes(StandardCharsets.UTF_8);
    createPersistentPrimaryExpectations();
    createPersistentPrimaryExpectations();
    SecurityProviderTPMEmulator securityProviderTPMEmulator = new SecurityProviderTPMEmulator();
    new NonStrictExpectations() {

        {
            TPM2B_PUBLIC.fromTpm((TpmBuffer) any);
            result = mockedTpm2BPublic;
            TPM2B_DATA.fromTpm((TpmBuffer) any);
            result = mockedTpm2BData;
            mockedTpm.StartAuthSession((TPM_HANDLE) any, (TPM_HANDLE) any, (byte[]) any, (byte[]) any, (TPM_SE) any, (TPMT_SYM_DEF) any, (TPM_ALG_ID) any);
            result = null;
        }
    };
    // act
    securityProviderTPMEmulator.activateIdentityKey(testKey);
}

Example 30 with SecurityProviderTPMEmulator

use of com.microsoft.azure.sdk.iot.provisioning.security.hsm.SecurityProviderTPMEmulator in project azure-iot-sdk-java by Azure.

the class ProvisioningCommon method getSecurityProviderInstance.

public SecurityProvider getSecurityProviderInstance(EnrollmentType enrollmentType, AllocationPolicy allocationPolicy, ReprovisionPolicy reprovisionPolicy, CustomAllocationDefinition customAllocationDefinition, List<String> iothubs, DeviceCapabilities deviceCapabilities) throws ProvisioningServiceClientException, GeneralSecurityException, SecurityProviderException {
    SecurityProvider securityProvider = null;
    TwinCollection tags = new TwinCollection();
    final String TEST_KEY_TAG = "testTag";
    final String TEST_VALUE_TAG = "testValue";
    tags.put(TEST_KEY_TAG, TEST_VALUE_TAG);
    final String TEST_KEY_DP = "testDP";
    final String TEST_VALUE_DP = "testDPValue";
    TwinCollection desiredProperties = new TwinCollection();
    desiredProperties.put(TEST_KEY_DP, TEST_VALUE_DP);
    TwinState twinState = new TwinState(tags, desiredProperties);
    if (enrollmentType == EnrollmentType.GROUP) {
        if (testInstance.attestationType == AttestationType.TPM) {
            throw new UnsupportedOperationException("Group enrollments cannot use tpm attestation");
        } else if (testInstance.attestationType == AttestationType.X509) {
            throw new UnsupportedOperationException("Test code hasn't been written to test Group x509 enrollments yet");
        } else if (testInstance.attestationType == AttestationType.SYMMETRIC_KEY) {
            testInstance.groupId = "java-provisioning-test-group-id-" + testInstance.attestationType.toString().toLowerCase().replace("_", "-") + "-" + UUID.randomUUID().toString();
            testInstance.enrollmentGroup = new EnrollmentGroup(testInstance.groupId, new SymmetricKeyAttestation(null, null));
            testInstance.enrollmentGroup.setInitialTwinFinal(twinState);
            testInstance.enrollmentGroup.setAllocationPolicy(allocationPolicy);
            testInstance.enrollmentGroup.setReprovisionPolicy(reprovisionPolicy);
            testInstance.enrollmentGroup.setCustomAllocationDefinition(customAllocationDefinition);
            testInstance.enrollmentGroup.setIotHubs(iothubs);
            testInstance.enrollmentGroup.setCapabilities(deviceCapabilities);
            testInstance.enrollmentGroup = testInstance.provisioningServiceClient.createOrUpdateEnrollmentGroup(testInstance.enrollmentGroup);
            Attestation attestation = testInstance.enrollmentGroup.getAttestation();
            assertTrue(attestation instanceof SymmetricKeyAttestation);
            assertNotNull(testInstance.enrollmentGroup.getInitialTwin());
            assertEquals(TEST_VALUE_TAG, testInstance.enrollmentGroup.getInitialTwin().getTags().get(TEST_KEY_TAG));
            assertEquals(TEST_VALUE_DP, testInstance.enrollmentGroup.getInitialTwin().getDesiredProperty().get(TEST_KEY_DP));
            SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation) attestation;
            byte[] derivedPrimaryKey = SecurityProviderSymmetricKey.ComputeDerivedSymmetricKey(symmetricKeyAttestation.getPrimaryKey().getBytes(StandardCharsets.UTF_8), testInstance.registrationId);
            securityProvider = new SecurityProviderSymmetricKey(derivedPrimaryKey, testInstance.registrationId);
        }
    } else if (enrollmentType == EnrollmentType.INDIVIDUAL) {
        testInstance.provisionedDeviceId = "Some-Provisioned-Device-" + testInstance.attestationType + "-" + UUID.randomUUID().toString();
        if (testInstance.attestationType == AttestationType.TPM) {
            securityProvider = new SecurityProviderTPMEmulator(testInstance.registrationId, MAX_TPM_CONNECT_RETRY_ATTEMPTS);
            Attestation attestation = new TpmAttestation(new String(encodeBase64(((SecurityProviderTpm) securityProvider).getEndorsementKey())));
            createTestIndividualEnrollment(attestation, allocationPolicy, reprovisionPolicy, customAllocationDefinition, iothubs, twinState, deviceCapabilities);
        } else if (testInstance.attestationType == AttestationType.X509) {
            X509CertificateGenerator certificateGenerator = new X509CertificateGenerator(testInstance.registrationId);
            String leafPublicPem = certificateGenerator.getPublicCertificate();
            String leafPrivateKey = certificateGenerator.getPrivateKey();
            Collection<String> signerCertificates = new LinkedList<>();
            Attestation attestation = X509Attestation.createFromClientCertificates(leafPublicPem);
            createTestIndividualEnrollment(attestation, allocationPolicy, reprovisionPolicy, customAllocationDefinition, iothubs, twinState, deviceCapabilities);
            securityProvider = new SecurityProviderX509Cert(leafPublicPem, leafPrivateKey, signerCertificates);
        } else if (testInstance.attestationType == AttestationType.SYMMETRIC_KEY) {
            Attestation attestation = new SymmetricKeyAttestation(null, null);
            createTestIndividualEnrollment(attestation, allocationPolicy, reprovisionPolicy, customAllocationDefinition, iothubs, twinState, deviceCapabilities);
            assertTrue(CorrelationDetailsLoggingAssert.buildExceptionMessageDpsIndividualOrGroup("Expected symmetric key attestation", getHostName(provisioningServiceConnectionString), testInstance.groupId, testInstance.registrationId), testInstance.individualEnrollment.getAttestation() instanceof SymmetricKeyAttestation);
            SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation) testInstance.individualEnrollment.getAttestation();
            securityProvider = new SecurityProviderSymmetricKey(symmetricKeyAttestation.getPrimaryKey().getBytes(StandardCharsets.UTF_8), testInstance.registrationId);
        }
        Assert.assertEquals(CorrelationDetailsLoggingAssert.buildExceptionMessageDpsIndividualOrGroup("Unexpected device id assigned", getHostName(provisioningServiceConnectionString), testInstance.groupId, testInstance.registrationId), testInstance.provisionedDeviceId, testInstance.individualEnrollment.getDeviceId());
        assertNotNull(CorrelationDetailsLoggingAssert.buildExceptionMessageDpsIndividualOrGroup("Expected twin to not be null", getHostName(provisioningServiceConnectionString), testInstance.groupId, testInstance.registrationId), testInstance.individualEnrollment.getInitialTwin());
        Assert.assertEquals(CorrelationDetailsLoggingAssert.buildExceptionMessageDpsIndividualOrGroup("Unexpected tags found", getHostName(provisioningServiceConnectionString), testInstance.groupId, testInstance.registrationId), TEST_VALUE_TAG, testInstance.individualEnrollment.getInitialTwin().getTags().get(TEST_KEY_TAG));
        Assert.assertEquals(CorrelationDetailsLoggingAssert.buildExceptionMessageDpsIndividualOrGroup("Unexpected desired properties", getHostName(provisioningServiceConnectionString), testInstance.groupId, testInstance.registrationId), TEST_VALUE_DP, testInstance.individualEnrollment.getInitialTwin().getDesiredProperty().get(TEST_KEY_DP));
    }
    return securityProvider;
}