1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 *******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <stdlib.h>
12
13 #include "tss2_esys.h"
14
15 #include "esys_iutil.h"
16 #define LOGMODULE test
17 #include "util/log.h"
18 #include "util/aux_util.h"
19
20 /** Test the ESAPI commands: HMAC_Start, SequenceUpdate, and SequenceComplete.
21 *
22 * The HMAC key is created by using Esys_CreatePrimary.
23 *
24 * Tested ESAPI commands:
25 * - Esys_CreatePrimary() (M)
26 * - Esys_FlushContext() (M)
27 * - Esys_HMAC_Start() (M)
28 * - Esys_SequenceComplete() (M)
29 * - Esys_SequenceUpdate() (M)
30 * - Esys_StartAuthSession() (M)
31 *
32 * Used compiler defines: TEST_SESSION
33 *
34 * @param[in,out] esys_context The ESYS_CONTEXT.
35 * @retval EXIT_FAILURE
36 * @retval EXIT_SUCCESS
37 */
38
39 int
test_esys_hmacsequencestart(ESYS_CONTEXT * esys_context)40 test_esys_hmacsequencestart(ESYS_CONTEXT * esys_context)
41 {
42 TSS2_RC r;
43 ESYS_TR primaryHandle = ESYS_TR_NONE;
44
45 TPM2B_PUBLIC *outPublic = NULL;
46 TPM2B_CREATION_DATA *creationData = NULL;
47 TPM2B_DIGEST *creationHash = NULL;
48 TPMT_TK_CREATION *creationTicket = NULL;
49
50 TPM2B_DIGEST *result = NULL;
51 TPMT_TK_HASHCHECK *validation = NULL;
52
53 #ifdef TEST_SESSION
54 ESYS_TR session = ESYS_TR_NONE;
55 TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
56 .keyBits = {.aes = 128},
57 .mode = {.aes = TPM2_ALG_CFB}
58 };
59 TPMA_SESSION sessionAttributes;
60 TPM2B_NONCE nonceCaller = {
61 .size = 20,
62 .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
63 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
64 };
65
66 memset(&sessionAttributes, 0, sizeof sessionAttributes);
67
68 r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
69 ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
70 &nonceCaller,
71 TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
72 &session);
73
74 goto_if_error(r, "Error: During initialization of session", error);
75 #endif /* TEST_SESSION */
76
77 TPM2B_AUTH authValuePrimary = {
78 .size = 5,
79 .buffer = {1, 2, 3, 4, 5}
80 };
81
82 TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
83 .size = 0,
84 .sensitive = {
85 .userAuth = {
86 .size = 0,
87 .buffer = {0 },
88 },
89 .data = {
90 .size = 0,
91 .buffer = {0},
92 },
93 },
94 };
95 inSensitivePrimary.sensitive.userAuth = authValuePrimary;
96 TPM2B_PUBLIC inPublic = { 0 };
97
98 TPM2B_DATA outsideInfo = {
99 .size = 0,
100 .buffer = {},
101 };
102 TPML_PCR_SELECTION creationPCR = {
103 .count = 0,
104 };
105
106 inPublic.publicArea.nameAlg = TPM2_ALG_SHA1;
107 inPublic.publicArea.type = TPM2_ALG_KEYEDHASH;
108 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SIGN_ENCRYPT;
109 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH;
110 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
111 inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_HMAC;
112 inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM2_ALG_SHA1;
113
114 TPM2B_AUTH auth = {.size = 20,
115 .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
116 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}};
117
118 r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
119 ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
120 &inPublic, &outsideInfo, &creationPCR,
121 &primaryHandle, &outPublic, &creationData,
122 &creationHash, &creationTicket);
123 goto_if_error(r, "Error: CreatePrimary", error);
124
125 r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary);
126 goto_if_error(r, "Error: TR_SetAuth", error);
127
128 TPMI_ALG_HASH hashAlg = TPM2_ALG_SHA1;
129 ESYS_TR sequenceHandle;
130
131 r = Esys_HMAC_Start(esys_context,
132 primaryHandle,
133 #ifdef TEST_SESSION
134 session,
135 #else
136 ESYS_TR_PASSWORD,
137 #endif
138 ESYS_TR_NONE,
139 ESYS_TR_NONE,
140 &auth,
141 hashAlg,
142 &sequenceHandle
143 );
144 goto_if_error(r, "Error: HashSequenceStart", error);
145
146 TPM2B_MAX_BUFFER buffer ={.size = 20,
147 .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
148 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}};
149 r = Esys_TR_SetAuth(esys_context, sequenceHandle, &auth);
150 goto_if_error(r, "Error esys TR_SetAuth ", error);
151
152 r = Esys_SequenceUpdate(esys_context,
153 sequenceHandle,
154 #ifdef TEST_SESSION
155 session,
156 #else
157 ESYS_TR_PASSWORD,
158 #endif
159 ESYS_TR_NONE,
160 ESYS_TR_NONE,
161 &buffer
162 );
163 goto_if_error(r, "Error: SequenceUpdate", error);
164
165 r = Esys_SequenceComplete(esys_context,
166 sequenceHandle,
167 #ifdef TEST_SESSION
168 session,
169 #else
170 ESYS_TR_PASSWORD,
171 #endif
172 ESYS_TR_NONE,
173 ESYS_TR_NONE,
174 &buffer,
175 TPM2_RH_OWNER,
176 &result,
177 &validation
178 );
179 goto_if_error(r, "Error: SequenceComplete", error);
180
181 #ifdef TEST_SESSION
182 r = Esys_FlushContext(esys_context, session);
183 goto_if_error(r, "Error: FlushContext", error);
184 #endif
185
186 Esys_Free(result);
187 Esys_Free(validation);
188
189 /* Check HMAC_Start with auth equal NULL */
190
191 #ifdef TEST_SESSION
192 r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
193 ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
194 &nonceCaller,
195 TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
196 &session);
197
198 goto_if_error(r, "Error: During initialization of session", error);
199 #endif /* TEST_SESSION */
200
201 r = Esys_HMAC_Start(esys_context,
202 primaryHandle,
203 #ifdef TEST_SESSION
204 session,
205 #else
206 ESYS_TR_PASSWORD,
207 #endif
208 ESYS_TR_NONE,
209 ESYS_TR_NONE,
210 NULL,
211 hashAlg,
212 &sequenceHandle
213 );
214 goto_if_error(r, "Error: HashSequenceStart", error);
215
216 r = Esys_SequenceUpdate(esys_context,
217 sequenceHandle,
218 #ifdef TEST_SESSION
219 session,
220 #else
221 ESYS_TR_PASSWORD,
222 #endif
223 ESYS_TR_NONE,
224 ESYS_TR_NONE,
225 &buffer
226 );
227 goto_if_error(r, "Error: SequenceUpdate", error);
228
229 r = Esys_SequenceComplete(esys_context,
230 sequenceHandle,
231 #ifdef TEST_SESSION
232 session,
233 #else
234 ESYS_TR_PASSWORD,
235 #endif
236 ESYS_TR_NONE,
237 ESYS_TR_NONE,
238 &buffer,
239 TPM2_RH_OWNER,
240 &result,
241 &validation
242 );
243 goto_if_error(r, "Error: SequenceComplete", error);
244
245 r = Esys_FlushContext(esys_context, primaryHandle);
246 goto_if_error(r, "Error: FlushContext", error);
247
248 #ifdef TEST_SESSION
249 r = Esys_FlushContext(esys_context, session);
250 goto_if_error(r, "Error: FlushContext", error);
251 #endif
252
253 Esys_Free(outPublic);
254 Esys_Free(creationData);
255 Esys_Free(creationHash);
256 Esys_Free(creationTicket);
257 Esys_Free(result);
258 Esys_Free(validation);
259 return EXIT_SUCCESS;
260
261 error:
262
263 if (primaryHandle != ESYS_TR_NONE) {
264 if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
265 LOG_ERROR("Cleanup primaryHandle failed.");
266 }
267 }
268
269 #ifdef TEST_SESSION
270 if (session != ESYS_TR_NONE) {
271 if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) {
272 LOG_ERROR("Cleanup session failed.");
273 }
274 }
275 #endif
276
277 Esys_Free(outPublic);
278 Esys_Free(creationData);
279 Esys_Free(creationHash);
280 Esys_Free(creationTicket);
281 Esys_Free(result);
282 Esys_Free(validation);
283 return EXIT_FAILURE;
284 }
285
286 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)287 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
288 return test_esys_hmacsequencestart(esys_context);
289 }
290