eliott/Linux-Hello
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2034281ad7bd711c77fb959a39f6a6b2b494847c
Linux-Hello/linux-hello-daemon/examples/tpm_test.rs
eliott 2034281ad7 Prepare public release v0.1.0
2026-01-30 09:44:12 +01:00

113 lines
3.7 KiB
Rust
Raw Blame History

//! TPM Test Example
//!
//! Tests the TPM storage functionality
//!
//! Run with: cargo run --example tpm_test
//! Or with sudo: sudo -E cargo run --example tpm_test
use linux_hello_daemon::tpm::{get_tpm_storage, TpmStorage};
fn main() {
// Initialize logging
tracing_subscriber::fmt().with_env_filter("info").init();
println!("=== Linux Hello TPM Test ===\n");
// Get TPM storage
println!("1. Getting TPM storage...");
let mut storage = get_tpm_storage();
// Check availability
println!("2. Checking TPM availability...");
let available = storage.is_available();
println!(" TPM available: {}", available);
if !available {
println!("\n⚠️ TPM not available, will use software fallback");
}
// Initialize
println!("\n3. Initializing storage...");
match storage.initialize() {
Ok(()) => println!(" ✓ Storage initialized successfully"),
Err(e) => {
println!(" ✗ Failed to initialize: {}", e);
return;
}
}
// Test data
let test_user = "test_user";
let test_data = b"This is a test face embedding with 512 bytes of data. \
In a real scenario, this would be a 128 or 512 dimensional float vector \
representing the facial features extracted by a neural network. The data \
needs to be encrypted securely so that biometric information cannot be \
extracted even if the storage is compromised.";
println!("\n4. Creating user key for '{}'...", test_user);
match storage.create_user_key(test_user) {
Ok(()) => println!(" ✓ User key created"),
Err(e) => println!(" Note: {}", e), // May already exist
}
// Encrypt
println!("\n5. Encrypting {} bytes of test data...", test_data.len());
let encrypted = match storage.encrypt(test_user, test_data) {
Ok(enc) => {
println!(" ✓ Encryption successful");
println!(" - Ciphertext length: {} bytes", enc.ciphertext.len());
println!(" - IV length: {} bytes", enc.iv.len());
println!(" - TPM encrypted: {}", enc.tpm_encrypted);
enc
}
Err(e) => {
println!(" ✗ Encryption failed: {}", e);
return;
}
};
// Decrypt
println!("\n6. Decrypting data...");
let decrypted = match storage.decrypt(test_user, &encrypted) {
Ok(dec) => {
println!(" ✓ Decryption successful");
println!(" - Decrypted length: {} bytes", dec.len());
dec
}
Err(e) => {
println!(" ✗ Decryption failed: {}", e);
return;
}
};
// Verify
println!("\n7. Verifying data integrity...");
if decrypted == test_data {
println!(" ✓ Data matches! Roundtrip successful.");
} else {
println!(" ✗ Data mismatch! Something went wrong.");
println!(" Expected: {:?}", String::from_utf8_lossy(test_data));
println!(" Got: {:?}", String::from_utf8_lossy(&decrypted));
return;
}
// Cleanup
println!("\n8. Cleaning up test user key...");
match storage.remove_user_key(test_user) {
Ok(()) => println!(" ✓ User key removed"),
Err(e) => println!(" Note: {}", e),
}
println!("\n=== All tests passed! ===");
if encrypted.tpm_encrypted {
println!("\n🔐 Data was encrypted using hardware TPM!");
} else {
println!("\n🔑 Data was encrypted using software fallback (AES-256-GCM).");
println!(" For hardware TPM encryption, ensure:");
println!(" - TPM device exists (/dev/tpm0 or /dev/tpmrm0)");
println!(" - User has permission (member of 'tss' group)");
println!(" - Or run with sudo");
}
}
Reference in New Issue View Git Blame Copy Permalink