CN101266571A

CN101266571A - Credible password module test case creation method and its test system

Info

Publication number: CN101266571A
Application number: CNA2008101045964A
Authority: CN
Inventors: 陈小峰; 冯登国; 张敏; 初晓博; 李�昊
Original assignee: Institute of Software of CAS
Current assignee: ZHONGKE INFORMATION SECURITY COMMON TECHNOLOGY NATIONAL ENGINEERING RESEARCH CENTER Co Ltd
Priority date: 2008-04-22
Filing date: 2008-04-22
Publication date: 2008-09-17
Anticipated expiration: 2028-04-22
Also published as: CN100583057C

Abstract

The invention discloses a method for generating a test case of a trusted cryptographic module and a test system thereof, belonging to the technical field of computers. The method of the present invention is: modeling inside the subsystem divided by trusted cryptographic modules, generating the extended finite state machine of the subsystem, and then generating test cases by extending the finite state machine; the test system of the present invention includes: a script analysis engine , results analysis engine and communication module. Compared with the prior art, the test case of the present invention can be generated in an automated manner, which avoids the problem that the manual test case cannot guarantee the integrity of the test and thus the reliability of the test result is not high, and the present invention provides The system is an automated test system, which reduces some manual intervention and saves costs.

Description

A test case generation method and test system for a trusted cryptographic module

技术领域 technical field

本发明涉及一种嵌入式系统的测试方法及其系统，尤其涉及一种可信密码模块的测试用例生成方法及其测试系统，属于计算机技术领域。The invention relates to a testing method of an embedded system and a system thereof, in particular to a method for generating a test case of a trusted cryptographic module and a testing system thereof, belonging to the technical field of computers.

背景技术 Background technique

可信计算平台技术是一种通过硬件信任根解决安全问题的新技术，可信平台模块(简称TPM)是可信计算平台的核心和基础，是可信计算平台推广和应用的关键。可信计算平台的发展与应用是和相应的技术规范分不开的，为了促进可信计算平台的发展，2003年，可信计算组织(Trusted Computing Group，简称TCG)给出了可信平台模块(Trusted PlatformModuel，简称TPM)1.2规范，详细界定了TPM的功能。同时为了促进国内可信计算平台产业的发展，国家商用密码管理办公室发布了国产可信密码模块(Trsuted CryphographicModule，简称TCM)的相关标准，详细界定了国产TCM的功能。为可信计算平台在国内的发展奠定了基础。Trusted computing platform technology is a new technology to solve security problems through hardware root of trust. Trusted platform module (TPM) is the core and foundation of trusted computing platform, and is the key to the promotion and application of trusted computing platform. The development and application of the trusted computing platform are inseparable from the corresponding technical specifications. In order to promote the development of the trusted computing platform, in 2003, the Trusted Computing Group (TCG) gave the trusted platform module (Trusted PlatformModuel, TPM for short) 1.2 specification defines the functions of TPM in detail. At the same time, in order to promote the development of the domestic trusted computing platform industry, the National Commercial Cryptography Management Office released the relevant standards of the domestic trusted cryptographic module (Trusted Cryphographic Module, referred to as TCM), which defined the functions of the domestic TCM in detail. It laid the foundation for the development of the trusted computing platform in China.

在可信平台模块的形式化分析和建模方面，Matthew Barrett对TPM的一些关键安全机制进行了形式化分析，其建立的模型主要是用于安全性分析。同时Danilo Bruschi等人对TPM的授权协议进行了形式化的分析，并且通过模型检测技术分析该协议存在的攻击方法。In terms of formal analysis and modeling of trusted platform modules, Matthew Barrett formally analyzed some key security mechanisms of TPM, and the models he established are mainly used for security analysis. At the same time, Danilo Bruschi and others conducted a formal analysis of the TPM authorization protocol, and analyzed the attack methods of the protocol through model detection technology.

可信密码模块的测试方法和测试系统对可信密码模块的功能和符合性方面的要求进行全面而完整的测试，需要一种完善的方案支持测试的实施。Ahmad-Reza Sadeghi等人针对TPM给出了一个详细的测试方案并且给出了测试结果，对测试的结果进行了详细的分析。The test method and test system of the trusted cryptographic module conduct comprehensive and complete tests on the functions and compliance requirements of the trusted cryptographic module, and a complete solution is needed to support the implementation of the test. Ahmad-Reza Sadeghi et al. gave a detailed test plan and test results for TPM, and analyzed the test results in detail.

所有这些针对TPM或者TCM的分析和测试方法都没有给出一个完整的系统，并且没有给出一种如何从规范生成测试用例的方法。All these analysis and testing methods for TPM or TCM do not give a complete system, and do not give a way how to generate test cases from specifications.

发明内容 Contents of the invention

针对可信密码模块的测试需求，本发明提供了一种可信密码模块的测试用例生成方法及其测试系统，其通过利用扩展有限状态机对可信密码模块进行建模，然后通过扩展有限状态机生成测试用例，将测试用例输入到测试系统中对可信密码模块进行完整的测试，本发明提高了测试的准确性和覆盖率，本发明提出的方法与系统能解决如下的问题：Aiming at the test requirements of trusted cryptographic modules, the present invention provides a method for generating test cases of trusted cryptographic modules and a testing system thereof, which uses extended finite state machines to model trusted cryptographic modules, and then expands finite state The test case is generated by the computer, and the test case is input into the test system to carry out a complete test on the trusted cryptographic module. The present invention improves the accuracy and coverage of the test. The method and system proposed by the present invention can solve the following problems:

(1)可信密码模块的形式化建模(1) Formal modeling of trusted cryptographic modules

目前国家商用密码管理办公室给出的TCM规范是描述性的，容易造成歧义，不利于产品开发，因此给出一个准确的形式化模型是十分必要的，同时准确的形式化模型可以给TCM的功能验证、分析以及形式化测试提供基础。At present, the TCM specification given by the National Commercial Encryption Management Office is descriptive, which is easy to cause ambiguity and is not conducive to product development. Therefore, it is very necessary to provide an accurate formal model, and an accurate formal model can give TCM functions Verification, analysis, and formal testing provide the basis.

(2)一致性测试的测试用例的数量和质量问题(2) Quantity and quality of test cases for conformance testing

目前针对可信密码模块的测试用例都是手工来完成的，而手工测试最大的问题在于测试的完整性和覆盖度问题无法解决，从而造成测试结果的可信度不高。此外，测试用例的有效性将直接影响TCM的测试效率和测试成本，如何实现测试用例的自动生成成为亟需解决的问题。At present, the test cases for trusted cryptographic modules are all done manually, and the biggest problem of manual testing is that the integrity and coverage of the test cannot be solved, resulting in low credibility of the test results. In addition, the validity of test cases will directly affect the test efficiency and test cost of TCM. How to realize the automatic generation of test cases becomes an urgent problem to be solved.

(3)可信密码模块的测试缺少自动化测试方案的支持(3) The testing of trusted cryptographic modules lacks the support of automated testing schemes

由于TCM规范涉及的内容广泛，纯手工的的测试需要大量的人力和物力，迫切需要一种自动化的测试方案以支持测试的自动化，并提供相应的支撑系统。Because the TCM specification involves a wide range of content, purely manual testing requires a lot of manpower and material resources, and there is an urgent need for an automated testing solution to support the automation of testing and provide a corresponding support system.

测试用例的生成方法的步骤包括：The steps of the test case generation method include:

1、可信密码模块系统的划分1. Division of trusted cryptographic module systems

可信密码模块是一个完整的信息系统，其内部由多个有相互联系但并不十分紧密的系统构成，首先根据可信密码模块系统内的功能进行划分，建立划分后的各个子系统的依赖图。划分的粒度由具体情况而定；The trusted cryptographic module is a complete information system, which is composed of multiple interrelated but not very close systems. First, it is divided according to the functions of the trusted cryptographic module system, and the dependencies of each subsystem after division are established. picture. The granularity of division depends on the specific situation;

2、子系统的扩展有限状态机的生成2. Generation of extended finite state machines for subsystems

在第1步子系统划分的基础上，针对各个子系统进行系统内部的建模，建立各个命令之间的关系，生成子系统的扩展有限状态机；On the basis of the division of the subsystems in the first step, the internal modeling of the system is carried out for each subsystem, the relationship between each command is established, and the extended finite state machine of the subsystem is generated;

3、测试用例的生成3. Generation of test cases

根据生成的扩展有限状态机生成测试用例。Generate test cases based on the generated extended finite state machine.

较佳地，第2步中生成扩展有限状态机可以采用如下的步骤和方法Preferably, in step 2, the extended finite state machine can be generated using the following steps and methods

1)对子系统内部的状态进行划分，形成子系统内部的状态；1) Divide the internal state of the subsystem to form the internal state of the subsystem;

2)建立子系统内的命令之间的执行顺序依赖图，2) Establish the execution sequence dependency graph between the commands in the subsystem,

3)根据子系统内的状态，从初始状态出发，按照命令的执行先后顺序，在对应的状态上应用某个可执行命令，造成状态的迁移，从而提取出迁移路径；3) According to the state in the subsystem, starting from the initial state, according to the execution order of the commands, apply an executable command on the corresponding state to cause state migration, thereby extracting the migration path;

4)根据第1)、3)步生成的状态和迁移路径，即可形成扩展有限状态机。4) According to the states and migration paths generated in steps 1) and 3), an extended finite state machine can be formed.

较佳地，第1)步中的状态划分可以采用一种基于类型的状态划分方法，该状态提取方法如下描述：Preferably, the state division in step 1) can adopt a type-based state division method, and the state extraction method is described as follows:

设决定状态空间的状态变量为x₁.x_i.x_n，A₁..A_j..A_l，其中x_i表示的是单值变量，类型分别为T₁，...，T_n，而A_j是一个集合变量，集合中的元素类型为TT₁，...，TT_l(类型决定了变量的取值空间，本发明不区分类型和取值空间)Let the state variables that determine the state space be x ₁ _.xi .x _n , A ₁ ..A _j ..A _l , where _xi represents a single-valued variable whose types are T ₁ ,...,T _n , and A _j is a set variable, and the element types in the set are TT ₁ ,..., TT ₁ (the type determines the value space of the variable, and the present invention does not distinguish type and value space)

(a)初始状态空间为

(a) The initial state space is

(b)状态的细分(b) Subdivision of states

下面根据状态变量的不同对状态进行细分：The following subdivides the state according to the state variables:

■单值变量■Single value variable

基于一定的策略对单值变量x_i的取值进行划分，如边界值分析法，类别划分方法。通过这种方法可以将状态进一步的细分。基于策略policy，对状态S关于状态变量x_i的划分定义为：Based on a certain strategy, the value of the single-valued variable x _i is divided, such as boundary value analysis method and category division method. In this way, the state can be further subdivided. Based on the strategy policy, the division of the state S with respect to the state variable x _i is defined as:

其中AS_j表示状态S经过状态变量x_i细分之后的子状态，P_j是对x_i变量进行约束的谓词逻辑，如x_i＞＝0；AS_j1(x_i)表示状态AS_j1中状态变量x_i的取值空间。Among them, AS _j represents the sub-state of state S subdivided by state variable x _i , and P _j is the predicate logic that constrains variable x _i , such as x _i ＞=0; AS _j1 (xi ₎ represents the state in state AS _j1 The value space of variable x _i .

■集合变量■Collection variable

对集合变量，采用基于类型的划分方法进行状态空间的划分，先定义集合划分的概念：For set variables, use the type-based partition method to divide the state space, first define the concept of set partition:

定义3.2设A是一个非空集合，如果存在一个A的子集族π，满足以下条件：Definition 3.2 Suppose A is a non-empty set, if there is a subset family π of A, satisfy the following conditions:

2)π中任意两个元素不相交；2) Any two elements in π are disjoint;

3)π中所有元素的并集等于A；3) The union of all elements in π is equal to A;

则称π为集合A的一个划分。Then π is called a partition of the set A.

■组合状态变量■ Combined state variables

如果内部存在的状态变量既包含单值变量x₁，...x_n，又包含集合变量A₁，...，A_l，那么最后的状态空间是各个变量之间的完全组合。得到的状态数为If the internal state variables include both single-valued variables x ₁ , ... x _n , and set variables A ₁ , ..., A _l , then the final state space is a complete combination of variables. The state number obtained is

${Π Π}_{i i = = 11,, j j = = 11}^{i i = = n no,, j j = = 11} {m m}_{i i} \times \times ((22^{{k k}_{j j}} - - 11))$

(c)状态的缩减(c) Reduction of state

从上面的分析可以看出，如果状态变量的个数比较多，那么其存在的状态空间将会急剧增加，一种解决办法是在状态细分这一步中，控制各个状态变量的划分粒度；另一种解决办法是根据需求(如测试需求)对最后产生的状态空间进行限制，下面通过TCM状态的提取来说明基于类型的状态划分方法。From the above analysis, it can be seen that if the number of state variables is large, the existing state space will increase sharply. One solution is to control the division granularity of each state variable in the step of state subdivision; another One solution is to limit the final state space according to requirements (such as test requirements). The following describes the type-based state division method through the extraction of TCM states.

较佳地，第(b)步中可以采用如下的一种基于函数的集合划分方法。Preferably, the following function-based set division method can be used in step (b).

若存在由集合T到类型V的函数f：T→V，且类型V是有限集，ran(f)＝{v₁，v₂...v_n}。则类型T的函数值划分If there is a function f from a set T to a type V: T→V, and the type V is a finite set, ran(f)={v ₁ , v ₂ ...v _n }. Then the function value division of type T

$π π = = {{{{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{11}}},, {{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{22}}},, . . . . . .,, {{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{n no}}}}} . .$

因此函数f按照状态集合变量A_j可对状态S进行划分，得到划分后的结果为：Therefore, the function f can divide the state S according to the state set variable A _j , and the divided result is:

$Partition Partition ((S S,, {A A}_{j j},, f f)) = = {{{BS BS}_{11},, . . . . . .,, {BS BS}_{{k k}_{j j}} | | {{&ForAll; &ForAll; t t : : t t &Element; &Element; {BS BS}_{11} (({A A}_{j j})) | | f f (({BS BS}_{11} (({A A}_{j j})))) = = {v v}_{11}}} . . . . . . {{&ForAll; &ForAll; t t : : t t &Element; &Element; {BS BS}_{{k k}_{j j}} (({A A}_{j j})) | | f f (({BS BS}_{{k k}_{j j}} (({A A}_{j j})))) = = {v v}_{{k k}_{j j}}}}}}$

其中BS₁(A_j)表示状态BS₁中集合变量A_j的取值空间中类型为TT_j的元素集合。各个划分之间互相组合得到最后的状态空间。划分之间进行状态组合得到状态空间的个数为：Where BS ₁ (A _j ) represents the set of elements of type TT _j in the value space of the set variable A _j in state BS ₁ . Each partition is combined with each other to obtain the final state space. The number of state spaces obtained by combining states between partitions is:

${C C}_{{k k}_{j j}}^{11} + + {C C}_{{k k}_{j j}}^{22} + + . . . . . . + + {C C}_{{k k}_{j j}}^{{k k}_{j j}} = = 22^{{k k}_{j j}} - - 11 . .$

较佳地，第3步中生成测试用例时可以按照状态或者迁移标准为依据生成测试用例。Preferably, when generating test cases in step 3, test cases can be generated according to status or migration criteria.

测试系统主要包括：The test system mainly includes:

1、脚本解析引擎：分析描述测试用例的脚本，并对其进行解析，调用可信密码模块的命令执行脚本；1. Script analysis engine: analyze and analyze the script describing the test case, and execute the script by calling the command of the trusted cryptographic module;

2、结果分析引擎：对测试生成的结果进行分析，产生合适的统计数据和统计报表，并生成综合报告文档；2. Result analysis engine: analyze the results generated by the test, generate appropriate statistical data and statistical reports, and generate comprehensive report documents;

3、通信模块：与可信密码模块和数据库进行通信。3. Communication module: communicate with trusted cryptographic modules and databases.

较佳地，脚本解析引擎所能识别的测试脚本语言采用一种过程语言，具体的脚本语言可自行设计实现。Preferably, the test script language recognized by the script analysis engine adopts a procedural language, and the specific script language can be designed and implemented by itself.

较佳地，可信密码模块与测试系统可以分布在不同的网络上，由通信模块完成数据的交互与采集。Preferably, the trusted cryptographic module and the test system can be distributed on different networks, and the communication module completes data interaction and collection.

将生成的测试用例输入到测试系统中(以脚本的形式)，由脚本解析引擎解释执行测试用例就可以实现对测试用例进行测试。The generated test cases are input into the test system (in the form of scripts), and the test cases can be tested by the script analysis engine to interpret and execute the test cases.

本发明的积极效果：Positive effect of the present invention:

采用本发明之后，测试用例可以以自动化的方式生成，避免了手工测试用例无法保证测试完整性无法保证从而造成测试结果的可信度不高的问题。并且本发明给出的系统是一个自动化的测试系统，减少了一些人工的干预，节省了成本。After adopting the invention, the test case can be generated in an automatic manner, avoiding the problem that the manual test case cannot guarantee the integrity of the test and thus the reliability of the test result is not high. Moreover, the system provided by the present invention is an automatic test system, which reduces some manual interventions and saves costs.

附图说明 Description of drawings

图1为可信密码模块测试用例生成方法；Fig. 1 is a trusted cryptographic module test case generation method;

图2为系统抽象状态和初始化定义；Figure 2 is the system abstract state and initialization definition;

图3为密钥生成，载入，载出操作模式；Figure 3 is the operation mode of key generation, loading, and loading;

图4为封装和解封操作模式；Figure 4 is the encapsulation and decapsulation operation mode;

图5为状态迁移的提取算法；Fig. 5 is the extraction algorithm of state transition;

图6为密码子系统的EFSM图；Figure 6 is an EFSM diagram of the codon system;

图7为可信密码模块测试系统结构图；Fig. 7 is a structural diagram of a trusted cryptographic module testing system;

图8为TCM各个子系统依赖关系图；FIG. 8 is a dependency diagram of each subsystem of the TCM;

图9为密码子系统内的命令依赖关系。Figure 9 shows the command dependencies within the cryptosystem.

具体实施方式 Detailed ways

下面结合附图详细描述本发明的具体实施方式。Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

首先对可信密码模块的子系统进行划分，根据各个子系统实现的功能进行严格划分，这样各个划分后的子系统依赖程度低；这里可信密码模块可以分为如下各个子系统：密码子系统，TCM管理子系统，平台身份表识管理子系统，存储保护子系统，标识和鉴别子系统，完整性保护子系统，可信路径子系统。First, divide the subsystems of the trusted cryptographic module, and strictly divide them according to the functions realized by each subsystem, so that the dependence of each partitioned subsystem is low; here, the trusted cryptographic module can be divided into the following subsystems: cryptographic subsystem , TCM management subsystem, platform identity management subsystem, storage protection subsystem, identification and authentication subsystem, integrity protection subsystem, trusted path subsystem.

各个子系统之间的依赖关系如图8所示，其中箭头指向表示依赖关系，如密码子系统指向完整性保护子系统，表示密码子系统依赖完整性保护子系统。The dependency relationship between various subsystems is shown in Figure 8, where the arrow points to indicate the dependency relationship, for example, the cryptographic subsystem points to the integrity protection subsystem, indicating that the cryptographic subsystem depends on the integrity protection subsystem.

其次分别对各个子系统进行EFSM建模，下面以可信密码模块的密码子系统为例说明测试用例的生成方法，以TCM的密码子系统作为建模的对象。Secondly, EFSM modeling is carried out for each subsystem respectively. The cryptographic subsystem of the trusted cryptographic module is used as an example to illustrate the method of generating test cases, and the cryptographic subsystem of TCM is used as the object of modeling.

在具体建模过程中，由于TCM规范中指定的具体数据结构比较复杂，需要进行一定程度的数据抽象。从状态上看，TCM的初始状态是已经建立了属主身份(Take Owner)，并且TCM中将会保存有密钥的相关信息，最重要的是密钥的句柄以及密钥的属性(如类型)，引入如下的抽象数据类型和全局变量。In the specific modeling process, due to the complex specific data structure specified in the TCM specification, a certain degree of data abstraction is required. From the status point of view, the initial state of the TCM is that the owner identity (Take Owner) has been established, and the relevant information of the key will be stored in the TCM, the most important is the handle of the key and the attributes of the key (such as type ), introduce the following abstract data types and global variables.

[KeyHandle，KeyType][KeyHandle, KeyType]

maxcount：N；maxcount: N;

KeyType：＝TCM_STORAGE|TCM_SIGN|TCM_BIND；KeyType: =TCM_STORAGE|TCM_SIGN|TCM_BIND;

其中KeyHandle是TCM内部密钥的句柄类型；KeyType是密钥的类型，有三种不同的密钥类型。Among them, KeyHandle is the handle type of the TCM internal key; KeyType is the type of the key, and there are three different key types.

从操作上看，主要有创建密钥，销毁密钥，使用密钥等操作。密码子系统抽象状态以及系统初始化定义的描述如图2所示，其中函数keyHasType将密钥句柄映射成不同的密钥类型，初始时TCM内部有存储根密钥SRK。密钥生成，载入，载出操作模式如图3所示。From the operation point of view, there are mainly operations such as creating keys, destroying keys, and using keys. The description of the abstract state of the cryptographic subsystem and the definition of system initialization is shown in Figure 2, where the function keyHasType maps key handles to different key types. Initially, there is a storage root key SRK inside the TCM. Key generation, loading, and loading out operation modes are shown in Figure 3.

图4给出了TCM的封装操作以及解封操作的操作模式，其他关于TCM密钥的操作如解密，签名操作可用类似的形式给出。Figure 4 shows the TCM encapsulation operation and the operation mode of the decapsulation operation. Other operations related to the TCM key such as decryption and signature operations can be given in a similar form.

下面通过状态划分和迁移提取给出对应的扩展有限状态机(EFSM)图。密码子系统内的状态根据Z规格说明的抽象状态进行划分。The corresponding extended finite state machine (EFSM) diagram is given below through state division and transition extraction. The states within the cryptosystem are partitioned according to the abstract states described by the Z-spec.

1、密码子系统内状态的划分1. The division of states in the cryptosystem

在图2，图3给出的Z语言规格说明中，只有一个集合变量keys，并且存在一个约束函数keyHasType。In the Z language specification shown in Figure 2 and Figure 3, there is only one set variable keys, and there is a constraint function keyHasType.

(1)第一步：给出初始状态(1) The first step: give the initial state

${S S}_{Initial Initial} \overset{Δ Δ}{= =} {{keys keys | | # # keys keys \leq \leq max max count count}};;$

(2)第二步：状态的细分(集合变量)(2) The second step: subdivision of state (collection variables)

Partition(S_Initial，keys，keyHasType)＝{S_Sign，S_Storage，S_Bind}Partition(S _Initial , keys, keyHasType) = {S _Sign , S _Storage , S _Bind }

其中S_sign内的所有元素密钥句柄都为签名密钥，其他的定义类似。All element key handles in S _sign are signature keys, and other definitions are similar.

(3)第三步：状态的组合(3) The third step: Combination of states

状态组合数 $n = C_{3}^{2} + C_{3}^{1} + C_{3}^{3} = 2^{n} - 1 = 7$ Number of state combinations $no = C_{3}^{2} + C_{3}^{1} + C_{3}^{3} = 2^{no} - 1 = 7$

因此最后给出的状态为：So the final state given is:

s₁＝{S_Sign}，s₂＝{S_Storage}，s₃＝{S_Bind}，s₄＝{S_Sign，S_Storage}，s₅＝{S_Storage，S_Bind}，s ₁ ={S _Sign }, s ₂ ={S _Storage }, s ₃ ={S _Bind }, s ₄ ={S _Sign ,S _Storage }, s ₅ ={S _Storage ,S _Bind },

s₆＝{S_Bind，S_Sign}，s₇＝{S_Bind，S_Sign，S_Storage}s ₆ ={S _Bind , S _Sign }, s ₇ ={S _Bind , S _Sign , S _Storage }

(4)第四步：状态的缩减(4) The fourth step: state reduction

如果加上约束条件 $P (S) \overset{Δ}{=} {S | &ForAll; key &Element; keys, keyHasType (key) = TCM_SIGN},$ 状态空间可以缩减为4个，分别为s₁，s₄，s₆，s₇。If the constraints $P (S) \overset{Δ}{=} {S | &ForAll; key &Element; keys, keyHasType (key) = TCM_SIGN},$ The state space can be reduced to four, which are s ₁ , s ₄ , s ₆ , and s ₇ .

2、建立密码子系统内的命令依赖关系2. Establish command dependencies within the cryptosystem

命令依赖关系如图9所示，其中箭头指向标识依赖关系，如TCMSeal指向TCMlocalkey表示TCMSeal依赖TCMlocalkey。The command dependencies are shown in Figure 9, where the arrows point to identify the dependencies, for example, TCMSeal points to TCMlocalkey, indicating that TCMSeal depends on TCMlocalkey.

3、迁移的提取3. Migration extraction

图5给出了状态迁移的提取算法。Fig. 5 shows the extraction algorithm of state transition.

其中def(s)＝{key|key∈s}，S为内部状态的集合，OP表示TCM操作的集合，在密码子系统中，where def(s)={key|key∈s}, S is the set of internal states, OP represents the set of TCM operations, in the cryptographic subsystem,

OP＝{TCMCreateKey，TCMLoadKey，TCMEvictKey，TCMSeal，OP={TCMCreateKey, TCMLoadKey, TCMEvictKey, TCMSeal,

TCMUnSeal，TCMSign，TCMVerify，TCMEncrypt，TCMDecrypt}TCMUnSeal, TCMSign, TCMVerify, TCMEncrypt, TCMDecrypt}

4、最后得到的EFSM图如图6所示：4. The final EFSM diagram is shown in Figure 6:

具体的状态含义以及状态迁移见表1，表2所示，表1，表2中只给出了其中的一条路径的迁移，其他路径的迁移是类似的。在迁移的标记(s-x，P/op，y-＞s′)中，s表示当前状态，x′表示迁移后的状态，x表示输入，P表示转移的条件，op表示转移中的操作，y表示输出。其中涉及到的符号有，输入变量集合：x_tag，x_ordinal，x_KeyHandle，x_keyType；输出变量集合：y_tag，y_retValue，y_ordinal，y_keyHandle，y_keyType。输入命令有：TCM_CWK(产生密钥)，TCM_EK，TCM_LK，TCM_UB，TCM_Seal，TCM_UnSeal，TCM_Sign，符号y_tag(value)表示对变量y_tag赋值value。环境变量和全局变量集合：keys(TCM中的句柄集合)等。See Table 1 and Table 2 for specific state meanings and state transitions. Tables 1 and 2 only show the migration of one of the paths, and the migration of other paths is similar. In the migration mark (sx, P/op, y->s'), s represents the current state, x' represents the state after migration, x represents the input, P represents the condition of the transfer, op represents the operation in the transfer, y Indicates the output. The symbols involved are: input variable set: x _tag , x _ordinal , x _KeyHandle , x _keyType ; output variable set: y _tag , y _retValue , y _ordinal , y _keyHandle , y _keyType . The input commands include: TCM_CWK (generating a key), TCM_EK, TCM_LK, TCM_UB, TCM_Seal, TCM_UnSeal, TCM_Sign, and the symbol y _tag (value) means assigning a value to the variable y _tag . Environment variable and global variable collection: keys (handle collection in TCM), etc.

表1EFSM状态描述Table 1 EFSM status description

状态 state 描述 describe 状态 state 描述 describe s₀ s ₀ 初始状态，已经TakeOwner，拥有SRK，并且TCM是enabled，处于TCM的s1操作状态 Initial state, already TakeOwner, has SRK, and TCM is enabled, in the s1 operation state of TCM s₁ s ₁ TCM内部都是加密密钥 Inside the TCM are encryption keys s₂ s ₂ TCM内部都是签名密钥 Inside the TCM is the signature key s₃ s ₃ TCM内部都是存储密钥 Inside the TCM are storage keys s₄ s ₄ 既有加密密钥，也有存储密钥 Both encryption key and storage key s₅ s ₅ 内部既有签名密钥，又有存储密钥 There are both signing keys and storage keys inside s₆ s ₆ 既有加密密钥，又有签名密钥 Both encryption key and signing key s₇ s ₇ 同时有加密密钥，签名密钥，存储密钥 There are encryption key, signature key and storage key at the same time

表2状态转换表Table 2 State Transition Table

状态迁移 state transition 描述 describe t1 t1 {s₀-TCM_CWK，P_t3/＜y_retValue(0)，y_ordinal(TCM_CWK)，y_tag(RspTag)，y_keyType(x_keyType)＞，0-＞s₀}其中P_t3＝x_tag(auth1Tag)，x_keyHandle∈keys){s ₀ -TCM_CWK, P _t3 /<y _retValue (0), y _ordinal (TCM_CWK), y _tag (RspTag), y _keyType (x _keyType )>, 0->s ₀ } where P _t3 = x _tag (auth1Tag ), x _keyHandle ∈ keys) t2，t6，t11 t2, t6, t11 {s₂(s₅，s₇)-TCM_EK，P_t2/＜y_retValue(0)，y_ordinal(TCM_EK)，y_tag(RSPTag)＞，0-＞s₀(s₂，s₅)}其中P_t2＝＜x_tag(reqAuth)，x_keyHandle∈keys＞{s ₂ (s ₅ , s ₇ )-TCM_EK, P _t2 /<y _retValue (0), y _ordinal (TCM_EK), y _tag (RSPTag)>, 0->s ₀ (s ₂ , s ₅ )} where P _t2 =< x _tag (reqAuth), x _keyHandle ∈ keys > t3，t5，t10 t3, t5, t10 {s₀(s₂，s₅)-TCM_LK，P_t3/＜y_retVatue(0)，y_ordinal(TCM_LK)，y_tag(resAuth1)＞，其0-＞s₂(s₅，s₇)}中P_t3＝(x_tag(reqAuth1)，x_pkeyHandle∈keys，x_keyType(SignKey)){s ₀ (s ₂ , s ₅ )-TCM_LK, P _t3 /<y _retVatue (0), y _ordinal (TCM_LK), y _tag (resAuth1)>, its 0->s ₂ (s ₅ , s ₇ )} where P _t3 = (x _tag (reqAuth1), x _pkeyHandle ∈ keys, x _keyType (SignKey)) t4，t7，t12 t4, t7, t12 {s₂(s₅，s₇)-TCM_Sign，P_t16/＜y_tag(rspAuth2)，y_retValue(0)，y_ordinal(TCM_Sign)＞，0-＞s₂(s₅，s₇)}其中P_t16＝(x_tag(reqAuth2)){s ₂ (s ₅ , s ₇ )-TCM_Sign, P _t16 /<y _tag (rspAuth2), y _retValue (0), y _ordinal (TCM_Sign)>, 0->s ₂ (s ₅ , s ₇ )} where P _t16 = (x _tag (reqAuth2)) t8，t13 t8, t13 {s₅(s₇)-TCM_Seal，P_t10/＜y_tag(rspAuth1)，y_retValue(0)＞，0-＞s₅(s₇)}其中P_t10＝(x_tag(reqAuth1)，x_keyHandle∈keys∧x_keyType(TCM_STORAGE)){s ₅ (s ₇ )-TCM_Seal, P _t10 /<y _tag (rspAuth1), y _retValue (0)>, 0->s ₅ (s ₇ )} where P _t10 = (x _tag (reqAuth1), x _keyHandle ∈keys∧x _keyType (TCM_STORAGE)) t9，t14 t9, t14 {s₅(s₇)-TCM_UnSeal，P_t11/＜y_tag(rspAuth2)，y_retValue(0)，y_ordinat(TCM_UnSeal)＞，0-＞s₅(s₇)}其中P_t11＝x_tag(reqAuth2)){s ₅ (s ₇ )-TCM_UnSeal, P _t11 /<y _tag (rspAuth2), y _retValue (0), y _ordinat (TCM_UnSeal)>, 0->s ₅ (s ₇ )} where P _t11 = x _tag ( reqAuth2)) t15 t15 {s₇-TCM_UB，P_t9/＜y_tag(repAuth1)，y_retVatue(0)，y_ordinal(TCM_UB)＞，0-＞s₇}其中P_t9＝(x_tag(reqAuth1)，x_KeyHandle∈keys){s ₇ -TCM_UB, P _t9 /<y _tag (repAuth1), y _retVatue (0), y _ordinal (TCM_UB)>, 0->s ₇ } where P _t9 = (x _tag (reqAuth1), x _KeyHandle ∈ keys )

最后通过EFSM图生成对应的测试用例，测试用例的生成遵循C.Bourhfir提出的生成方法[参考：Automatic executable test case generation for EFSM specified protocols，C.Bourhfir，R.Dssouli，E.Aboulhamid，and N.Rico，IWTCS’97，pp.75-90，1997]。Finally, the corresponding test case is generated through the EFSM diagram, and the generation of the test case follows the generation method proposed by C.Bourhfir [Reference: Automatic executable test case generation for EFSM specified protocols, C.Bourhfir, R.Dssouli, E.Aboulhamid, and N. Rico, IWTCS '97, pp.75-90, 1997].

测试系统的软件实现结构如图7所示，系统通过TDDL模块与可信密码模块进行交互，其中测试系统、数据库、以及可信密码模块可以分布于不同的网络，通过网络通信协议进行通信。The software implementation structure of the test system is shown in Figure 7. The system interacts with the trusted cryptographic module through the TDDL module. The test system, database, and trusted cryptographic module can be distributed in different networks and communicate through network communication protocols.

Claims

1. A test case generation method of a trusted cryptographic module, the steps of which are:

1) Divide the trusted cryptographic module into multiple subsystems;

2) Establish the command dependencies within the subsystem, thereby generating the extended finite state machine of the subsystem;

3) Generate the test case of the subsystem according to the generated extended finite state machine.

2. The method according to claim 1, wherein the subsystems are divided according to the functions of each system in the trusted cryptographic module system; the subsystems include: a cryptographic subsystem, a TCM management subsystem, and a platform identity management subsystem System, Storage Protection Subsystem, Identification and Authentication Subsystem, Integrity Protection Subsystem, Trusted Path Subsystem.

3. The method according to claim 1, characterized in that the command dependency relationship within the subsystem is established according to the command execution sequence within the subsystem.

4. The method according to claim 3, characterized in that the extended finite state machine generating method of the subsystem is:

1) Divide the state in the trusted cryptographic module subsystem to form the internal state of the subsystem;

2) According to the command dependencies inside the subsystem and the internal state of the subsystem, a migration path between states is formed;

3) Extract the migration path according to the relationship between the generated states;

4) Generate an extended finite state machine according to the internal state of the subsystem and the extracted transition path.

5. The method according to claim 4, wherein the method for dividing the state in the trusted cryptographic module subsystem is:

1) The initial state space is:

Among them, x ₁ .x _i .x _n , A ₁ ..A _j ..A _l are the state variables that determine the state space, and _xi represents a single-valued variable whose types are T ₁ ,..., T _n , A _j is a set variable, and the element types in the set are TT ₁ ,..., TT _l ;

2) Divide the state according to the different state variables;

3) Combining the divided state variables;

4) Reduce the combined state variables according to the constraints.

6. The method according to claim 5, characterized in that the single-valued variables are divided into state values using a division method based on strategy policy; the set variables are divided into state spaces using a type-based division method .

7. method as claimed in claim 5 is characterized in that adopting the set division method based on function to carry out the division of state space to described set variable: by the function f of set T to type V: T→V, and type V is Finite set, ran(f)={v ₁ , v ₂ ...v _n }, then the function values of type T are divided into:

π π = = {{{{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{11}}},, {{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{22}}},, . . . . . .,, {{&ForAll; &ForAll; t t : : T T | | f f ((t t)) = = {v v}_{n no}}}}} . .

8. The method according to claim 1, characterized in that the test case generation method proposed by C.Bourhfir is followed when the test case of the subsystem is generated according to the extended finite state machine generated.

9. A test system for detecting a test case as claimed in claim 1, comprising

Script parsing engine: analyze the script describing the test case, and parse it, call the command of the trusted cryptographic module to execute the script;

Result analysis engine: analyze the results generated by the test, generate statistical data and statistical reports, and generate comprehensive report documents;

Communication module: communicate with trusted cryptographic modules and databases.

10. The system according to claim 9, wherein the test script language recognizable by the script analysis engine is a procedural language.