• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdlib.h>
12 
13 #include "tss2_esys.h"
14 
15 #include "esys_iutil.h"
16 #include "test-esapi.h"
17 #define LOGMODULE test
18 #include "util/log.h"
19 #include "util/aux_util.h"
20 
21 /** Test the commands Esys_PCR_SetAuthValue and Esys_PCR_SetAuthPolicy.
22  *
23  *\b Note: platform authorization needed.
24  *
25  * Tested ESAPI commands:
26  *  - Esys_PCR_SetAuthPolicy() (O)
27  *  - Esys_PCR_SetAuthValue() (O)
28  *
29  * @param[in,out] esys_context The ESYS_CONTEXT.
30  * @retval EXIT_FAILURE
31  * @retval EXIT_SKIP
32  * @retval EXIT_SUCCESS
33  */
34 
35 int
test_esys_pcr_auth_value(ESYS_CONTEXT * esys_context)36 test_esys_pcr_auth_value(ESYS_CONTEXT * esys_context)
37 {
38     TSS2_RC r;
39     int failure_return = EXIT_FAILURE;
40 
41     /*
42      * PCR register 20 belongs to the policy group and the auth value group.
43      * PCRs of these groups can be used for SetAuthValue and SetAuthPolicy.
44      */
45     ESYS_TR  pcrHandle_handle = 20;
46 
47     TPM2B_DIGEST auth = {
48         .size = 20,
49         .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
50                    11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
51     };
52 
53     r = Esys_PCR_SetAuthValue(
54         esys_context,
55         pcrHandle_handle,
56         ESYS_TR_PASSWORD,
57         ESYS_TR_NONE,
58         ESYS_TR_NONE,
59         &auth
60         );
61 
62 
63     if ((r == TPM2_RC_COMMAND_CODE) ||
64         (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) ||
65         (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) {
66         LOG_WARNING("Command TPM2_PCR_SetAuthValue not supported by TPM.");
67         failure_return = EXIT_SKIP;
68         goto error;
69     }
70 
71     goto_if_error(r, "Error: PCR_SetAuthValue", error);
72 
73     TPM2B_DIGEST authPolicy = {
74         .size = 20,
75         .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
76                    11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
77     };
78 
79     r = Esys_PCR_SetAuthPolicy(
80         esys_context,
81         ESYS_TR_RH_PLATFORM,
82         ESYS_TR_PASSWORD,
83         ESYS_TR_NONE,
84         ESYS_TR_NONE,
85         &authPolicy,
86         TPM2_ALG_SHA1,
87         pcrHandle_handle);
88 
89     if ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH) {
90         /* Platform authorization not possible test will be skipped */
91         LOG_WARNING("Platform authorization not possible.");
92         failure_return = EXIT_SKIP;
93     }
94 
95     goto_if_error(r, "Error: PCR_SetAuthPolicy", error);
96 
97     return EXIT_SUCCESS;
98 
99  error:
100     return failure_return;
101 }
102 
103 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)104 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
105     return test_esys_pcr_auth_value(esys_context);
106 }
107