• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright (c) 2020, Intel Corporation
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdlib.h>
12 
13 #include "tss2_esys.h"
14 
15 #include "esys_iutil.h"
16 #include "test-esapi.h"
17 #define LOGDEFAULT LOGLEVEL_INFO
18 #define LOGMODULE test
19 #include "util/log.h"
20 #include "util/aux_util.h"
21 
22 /** Test auth verification in clear command
23  *
24  * After TPM2_Clear command is executed all auth values for
25  * owner, platofrm and lockout are set to empty buffers and
26  * the empty auth values should be used fot HMAC verification
27  * in the response.
28  *
29  * @param[in,out] esys_context The ESYS_CONTEXT.
30  * @retval EXIT_SUCCESS
31  * @retval EXIT_SKIP
32  * @retval EXIT_FAILURE
33  */
34 int
test_esys_clear_auth(ESYS_CONTEXT * esys_context)35 test_esys_clear_auth(ESYS_CONTEXT * esys_context)
36 {
37     TSS2_RC r;
38     ESYS_TR session = ESYS_TR_NONE;
39     int failure_return = EXIT_FAILURE;
40 
41     TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_XOR,
42                               .keyBits = { .exclusiveOr = TPM2_ALG_SHA1 },
43                               .mode = {.aes = TPM2_ALG_CFB}};
44 
45     /* Test lockout authorization */
46     LOG_DEBUG("Test LOCKOUT authorization");
47     LOG_DEBUG("Start Auth Session");
48     r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
49                               ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
50                               NULL,
51                               TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
52                               &session);
53     goto_if_error(r, "Error: During initialization of session", error);
54 
55     TPM2B_AUTH auth = {
56             .size = 16,
57             .buffer = "deadbeefdeadbeef",
58     };
59 
60     LOG_DEBUG("Set Auth");
61     r = Esys_HierarchyChangeAuth(esys_context, ESYS_TR_RH_LOCKOUT,
62                                  ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
63                                  &auth);
64 
65     goto_if_error(r, "Error: During Esys_ObjectChangeAuth", error);
66     Esys_TR_SetAuth(esys_context, ESYS_TR_RH_LOCKOUT, &auth);
67 
68     LOG_DEBUG("Clear");
69     r = Esys_Clear(esys_context, ESYS_TR_RH_LOCKOUT, session,
70                    ESYS_TR_NONE, ESYS_TR_NONE);
71     goto_if_error(r, "Error: During Esys_Clear", error);
72 
73     r = Esys_FlushContext(esys_context, session);
74     goto_if_error(r, "Error: During Esys_FlushContext", error);
75 
76     /* Test platform authorization */
77     LOG_DEBUG("Test PLATFORM authorization");
78     LOG_DEBUG("Start Auth Session");
79     r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
80                               ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
81                               NULL,
82                               TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
83                               &session);
84     goto_if_error(r, "Error: During initialization of session", error);
85 
86     LOG_DEBUG("Set Auth");
87     r = Esys_HierarchyChangeAuth(esys_context, ESYS_TR_RH_PLATFORM,
88                                  ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
89                                  &auth);
90 
91     if ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH ||
92         (r & ~TPM2_RC_N_MASK) == TPM2_RC_HIERARCHY) {
93         /* Platform authorization not possible test will be skipped */
94         LOG_WARNING("Platform authorization not possible.");
95         failure_return = EXIT_SKIP;
96         goto error;
97     }
98     goto_if_error(r, "Error: During Esys_ObjectChangeAuth", error);
99 
100     Esys_TR_SetAuth(esys_context, ESYS_TR_RH_PLATFORM, &auth);
101 
102     LOG_DEBUG("Clear");
103     r = Esys_Clear(esys_context, ESYS_TR_RH_PLATFORM, session,
104                    ESYS_TR_NONE, ESYS_TR_NONE);
105     goto_if_error(r, "Error: During Esys_Clear", error);
106 
107     r = Esys_FlushContext(esys_context, session);
108     goto_if_error(r, "Error: During Esys_FlushContext", error);
109 
110     Esys_TR_SetAuth(esys_context, ESYS_TR_RH_PLATFORM, &auth);
111 
112     LOG_DEBUG("Set Auth");
113     r = Esys_HierarchyChangeAuth(esys_context, ESYS_TR_RH_PLATFORM,
114                                  ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
115                                  NULL);
116 
117     goto_if_error(r, "Error: During Esys_ObjectChangeAuth", error);
118 
119     return EXIT_SUCCESS;
120 
121  error:
122     LOG_ERROR("\nError Code: %x\n", r);
123 
124     if (session != ESYS_TR_NONE) {
125         if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) {
126             LOG_ERROR("Cleanup session failed.");
127         }
128     }
129     return failure_return;
130 }
131 
132 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)133 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
134     return test_esys_clear_auth(esys_context);
135 }
136