1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 *******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <stdlib.h>
12
13 #include "tss2_esys.h"
14
15 #include "esys_iutil.h"
16 #define LOGMODULE test
17 #include "util/log.h"
18 #include "util/aux_util.h"
19
20 /** This test is intended to test EvictControl and ESAPI Serialization.
21 *
22 * We start by creating a primary key (Esys_CreatePrimary). Based on this
23 * key a persistent object is created (Esys_EvictControl). The resource of
24 * this object will be serialized and deserialized with the corresponding
25 * ESAPI functions (Esys_TR_Serialize, Esys_TR_Deserialize).
26 * To check whether the deserialization was successful a new object will
27 * be created with the handle returned by the deserialize function.
28 *
29 * Tested ESAPI commands:
30 * - Esys_Create() (M)
31 * - Esys_CreatePrimary() (M)
32 * - Esys_EvictControl() (M)
33 * - Esys_FlushContext() (M)
34 *
35 * @param[in,out] esys_context The ESYS_CONTEXT.
36 * @retval EXIT_FAILURE
37 * @retval EXIT_SUCCESS
38 */
39
40 int
test_esys_evict_control_serialization(ESYS_CONTEXT * esys_context)41 test_esys_evict_control_serialization(ESYS_CONTEXT * esys_context)
42 {
43 TSS2_RC r;
44 ESYS_TR primaryHandle = ESYS_TR_NONE;
45 ESYS_TR persistent_handle1 = ESYS_TR_NONE;
46
47 TPM2B_PUBLIC *outPublic = NULL;
48 TPM2B_CREATION_DATA *creationData = NULL;
49 TPM2B_DIGEST *creationHash = NULL;
50 TPMT_TK_CREATION *creationTicket = NULL;
51 TPM2B_PUBLIC *outPublic2 = NULL;
52 TPM2B_PRIVATE *outPrivate2 = NULL;
53 TPM2B_CREATION_DATA *creationData2 = NULL;
54 TPM2B_DIGEST *creationHash2 = NULL;
55 TPMT_TK_CREATION *creationTicket2 = NULL;
56
57 TPM2B_AUTH authValuePrimary = {
58 .size = 5,
59 .buffer = {1, 2, 3, 4, 5}
60 };
61
62 TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
63 .size = 0,
64 .sensitive = {
65 .userAuth = {
66 .size = 0,
67 .buffer = {0 },
68 },
69 .data = {
70 .size = 0,
71 .buffer = {0},
72 },
73 },
74 };
75
76 inSensitivePrimary.sensitive.userAuth = authValuePrimary;
77
78 TPM2B_PUBLIC inPublic = {
79 .size = 0,
80 .publicArea = {
81 .type = TPM2_ALG_RSA,
82 .nameAlg = TPM2_ALG_SHA256,
83 .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
84 TPMA_OBJECT_RESTRICTED |
85 TPMA_OBJECT_DECRYPT |
86 TPMA_OBJECT_FIXEDTPM |
87 TPMA_OBJECT_FIXEDPARENT |
88 TPMA_OBJECT_SENSITIVEDATAORIGIN),
89 .authPolicy = {
90 .size = 0,
91 },
92 .parameters.rsaDetail = {
93 .symmetric = {
94 .algorithm = TPM2_ALG_AES,
95 .keyBits.aes = 128,
96 .mode.aes = TPM2_ALG_CFB},
97 .scheme = {
98 .scheme = TPM2_ALG_NULL
99 },
100 .keyBits = 2048,
101 .exponent = 0,
102 },
103 .unique.rsa = {
104 .size = 0,
105 .buffer = {},
106 },
107 },
108 };
109 LOG_INFO("\nRSA key will be created.");
110
111 TPM2B_DATA outsideInfo = {
112 .size = 0,
113 .buffer = {},
114 };
115
116 TPML_PCR_SELECTION creationPCR = {
117 .count = 0,
118 };
119
120 TPM2B_AUTH authValue = {
121 .size = 0,
122 .buffer = {}
123 };
124
125 r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
126 goto_if_error(r, "Error: TR_SetAuth", error);
127
128 RSRC_NODE_T *primaryHandle_node;
129
130 r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
131 ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
132 &outsideInfo, &creationPCR, &primaryHandle,
133 &outPublic, &creationData, &creationHash,
134 &creationTicket);
135 goto_if_error(r, "Error esys create primary", error);
136
137 r = esys_GetResourceObject(esys_context, primaryHandle,
138 &primaryHandle_node);
139 goto_if_error(r, "Error Esys GetResourceObject", error);
140
141 LOG_INFO("Created Primary with handle 0x%08x...",
142 primaryHandle_node->rsrc.handle);
143
144 r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary);
145 goto_if_error(r, "Error: TR_SetAuth", error);
146
147 TPM2_HANDLE permanentHandle = TPM2_PERSISTENT_FIRST;
148 ESYS_TR persistent_handle2;
149
150 r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, primaryHandle,
151 ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
152 permanentHandle, &persistent_handle1);
153 goto_if_error(r, "Error Esys EvictControl", error);
154
155 size_t buffer_size;
156 uint8_t *buffer;
157
158 r = Esys_TR_Serialize(esys_context, persistent_handle1, &buffer, &buffer_size);
159 goto_if_error(r, "Error Esys_TR_Serialize", error);
160
161 r = Esys_TR_Deserialize(esys_context, buffer, buffer_size, &persistent_handle2);
162 goto_if_error(r, "Error Esys_TR_Deserialize", error);
163
164 free(buffer);
165
166 TPM2B_AUTH authKey2 = {
167 .size = 6,
168 .buffer = {6, 7, 8, 9, 10, 11}
169 };
170
171 TPM2B_SENSITIVE_CREATE inSensitive2 = {
172 .size = 0,
173 .sensitive = {
174 .userAuth = {
175 .size = 0,
176 .buffer = {0}
177 },
178 .data = {
179 .size = 0,
180 .buffer = {}
181 }
182 }
183 };
184
185 inSensitive2.sensitive.userAuth = authKey2;
186
187 TPM2B_PUBLIC inPublic2 = {
188 .size = 0,
189 .publicArea = {
190 .type = TPM2_ALG_RSA,
191 .nameAlg = TPM2_ALG_SHA256,
192 .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
193 TPMA_OBJECT_RESTRICTED |
194 TPMA_OBJECT_DECRYPT |
195 TPMA_OBJECT_FIXEDTPM |
196 TPMA_OBJECT_FIXEDPARENT |
197 TPMA_OBJECT_SENSITIVEDATAORIGIN),
198
199 .authPolicy = {
200 .size = 0,
201 },
202 .parameters.rsaDetail = {
203 .symmetric = {
204 .algorithm = TPM2_ALG_AES,
205 .keyBits.aes = 128,
206 .mode.aes = TPM2_ALG_CFB
207 },
208 .scheme = {
209 .scheme =
210 TPM2_ALG_NULL,
211 },
212 .keyBits = 2048,
213 .exponent = 0
214 },
215 .unique.rsa = {
216 .size = 0,
217 .buffer = {}
218 ,
219 }
220 }
221 };
222
223 TPM2B_DATA outsideInfo2 = {
224 .size = 0,
225 .buffer = {}
226 ,
227 };
228
229 TPML_PCR_SELECTION creationPCR2 = {
230 .count = 0,
231 };
232
233 r = Esys_TR_SetAuth(esys_context, persistent_handle2, &authValuePrimary);
234 goto_if_error(r, "Error: TR_SetAuth", error);
235
236 r = Esys_Create(esys_context,
237 persistent_handle2,
238 ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
239 &inSensitive2,
240 &inPublic2,
241 &outsideInfo2,
242 &creationPCR2,
243 &outPrivate2,
244 &outPublic2,
245 &creationData2, &creationHash2, &creationTicket2);
246 goto_if_error(r, "Error esys create with new handle from evict object",
247 error);
248
249 r = Esys_FlushContext(esys_context, primaryHandle);
250 goto_if_error(r, "Error during FlushContext", error);
251
252 r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, persistent_handle1,
253 ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
254 permanentHandle, &persistent_handle1);
255 goto_if_error(r, "Error Esys EvictControl", error);
256
257 Esys_Free(outPublic);
258 Esys_Free(creationData);
259 Esys_Free(creationHash);
260 Esys_Free(creationTicket);
261 Esys_Free(outPublic2);
262 Esys_Free(outPrivate2);
263 Esys_Free(creationData2);
264 Esys_Free(creationHash2);
265 Esys_Free(creationTicket2);
266 return EXIT_SUCCESS;
267
268 error:
269
270 if (persistent_handle1 != ESYS_TR_NONE) {
271 if (Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, persistent_handle1,
272 ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
273 permanentHandle, &persistent_handle1) != TSS2_RC_SUCCESS) {
274 LOG_ERROR("Cleanup EvictControl failed");
275
276 }
277 }
278
279 if (primaryHandle != ESYS_TR_NONE) {
280 if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
281 LOG_ERROR("Cleanup primaryHandle failed.");
282 }
283 }
284
285 Esys_Free(outPublic);
286 Esys_Free(creationData);
287 Esys_Free(creationHash);
288 Esys_Free(creationTicket);
289 Esys_Free(outPublic2);
290 Esys_Free(outPrivate2);
291 Esys_Free(creationData2);
292 Esys_Free(creationHash2);
293 Esys_Free(creationTicket2);
294 return EXIT_FAILURE;
295 }
296
297 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)298 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
299 return test_esys_evict_control_serialization(esys_context);
300 }
301