1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 *******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <stdlib.h>
12
13 #include "tss2_esys.h"
14
15 #include "esys_iutil.h"
16 #define LOGMODULE test
17 #include "util/log.h"
18 #include "util/aux_util.h"
19
20 /** This test is intended to test Esys_CreatePrimary with hmac verification.
21 *
22 * The test can be executed with RSA or ECC keys. ECC will be used if
23 * ECC is defined.
24 *
25 * Tested ESAPI commands:
26 * - Esys_CreatePrimary() (M)
27 * - Esys_FlushContext() (M)
28 * - Esys_StartAuthSession() (M)
29 *
30 * Used compiler defines: TEST_ECC
31 *
32 * @param[in,out] esys_context The ESYS_CONTEXT.
33 * @retval EXIT_FAILURE
34 * @retval EXIT_SUCCESS
35 */
36
37 int
test_esys_create_primary_hmac(ESYS_CONTEXT * esys_context)38 test_esys_create_primary_hmac(ESYS_CONTEXT * esys_context)
39 {
40 TSS2_RC r;
41 ESYS_TR objectHandle = ESYS_TR_NONE;
42 ESYS_TR session = ESYS_TR_NONE;
43 TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_NULL };
44
45 TPM2B_PUBLIC *outPublic = NULL;
46 TPM2B_CREATION_DATA *creationData = NULL;
47 TPM2B_DIGEST *creationHash = NULL;
48 TPMT_TK_CREATION *creationTicket = NULL;
49
50 r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
51 ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
52 NULL,
53 TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
54 &session);
55
56 goto_if_error(r, "Error: During initialization of session", error);
57
58 TPM2B_SENSITIVE_CREATE inSensitive = {
59 .size = 0,
60 .sensitive = {
61 .userAuth = {
62 .size = 0,
63 .buffer = {0}
64 ,
65 },
66 .data = {
67 .size = 0,
68 .buffer = {0}
69 }
70 }
71 };
72 #ifdef TEST_ECC
73 TPM2B_PUBLIC inPublicECC = {
74 .size = 0,
75 .publicArea = {
76 .type = TPM2_ALG_ECC,
77 .nameAlg = TPM2_ALG_SHA1,
78 .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
79 TPMA_OBJECT_RESTRICTED |
80 TPMA_OBJECT_SIGN_ENCRYPT |
81 TPMA_OBJECT_FIXEDTPM |
82 TPMA_OBJECT_FIXEDPARENT |
83 TPMA_OBJECT_SENSITIVEDATAORIGIN),
84 .authPolicy = {
85 .size = 0,
86 },
87 .parameters.eccDetail = {
88 .symmetric = {
89 .algorithm = TPM2_ALG_NULL,
90 .keyBits.aes = 128,
91 .mode.aes = TPM2_ALG_CFB,
92 },
93 .scheme = {
94 .scheme = TPM2_ALG_ECDSA,
95 .details = {.ecdsa =
96 {.hashAlg = TPM2_ALG_SHA1}
97 }
98 },
99 .curveID = TPM2_ECC_NIST_P256,
100 .kdf = {.scheme =
101 TPM2_ALG_NULL,.details = {}
102 }
103 },
104 .unique.ecc = {
105 .x = {.size = 0,.buffer = {}},
106 .y = {.size = 0,.buffer = {}}
107 }
108 ,
109 }
110 };
111 LOG_INFO("\nECC key will be created.");
112 TPM2B_PUBLIC inPublic = inPublicECC;
113
114 #else
115 TPM2B_PUBLIC inPublicRSA = {
116 .size = 0,
117 .publicArea = {
118 .type = TPM2_ALG_RSA,
119 .nameAlg = TPM2_ALG_SHA1,
120 .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
121 TPMA_OBJECT_RESTRICTED |
122 TPMA_OBJECT_DECRYPT |
123 TPMA_OBJECT_FIXEDTPM |
124 TPMA_OBJECT_FIXEDPARENT |
125 TPMA_OBJECT_SENSITIVEDATAORIGIN),
126 .authPolicy = {
127 .size = 0,
128 },
129 .parameters.rsaDetail = {
130 .symmetric = {
131 .algorithm = TPM2_ALG_AES,
132 .keyBits.aes = 128,
133 .mode.aes = TPM2_ALG_CFB,
134 },
135 .scheme = {
136 .scheme =
137 TPM2_ALG_NULL,
138 },
139 .keyBits = 2048,
140 .exponent = 0,
141 },
142 .unique.rsa = {
143 .size = 0,
144 .buffer = {}
145 ,
146 }
147 }
148 };
149 LOG_INFO("\nRSA key will be created.");
150 TPM2B_PUBLIC inPublic = inPublicRSA;
151 #endif
152
153 TPM2B_DATA outsideInfo = {
154 .size = 0,
155 .buffer = {}
156 ,
157 };
158
159 TPML_PCR_SELECTION creationPCR = {
160 .count = 0,
161 };
162
163 TPM2B_AUTH authValue = {
164 .size = 0,
165 .buffer = {}
166 };
167
168 r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
169 goto_if_error(r, "Error: TR_SetAuth", error);
170
171 RSRC_NODE_T *objectHandle_node;
172
173 r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, session,
174 ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive, &inPublic,
175 &outsideInfo, &creationPCR, &objectHandle,
176 &outPublic, &creationData, &creationHash,
177 &creationTicket);
178 goto_if_error(r, "Error esapi create primary", error);
179
180 r = esys_GetResourceObject(esys_context, objectHandle,
181 &objectHandle_node);
182 goto_if_error(r, "Error Esys GetResourceObject", error);
183 ESYS_TR tpmHandle = objectHandle_node->rsrc.handle;
184 LOG_INFO("Created Primary with TPM handle 0x%08x...", tpmHandle);
185
186 r = Esys_FlushContext(esys_context, objectHandle);
187 goto_if_error(r, "Error during FlushContext", error);
188
189 LOG_INFO("Done with handle 0x%08x...", tpmHandle);
190
191 r = Esys_FlushContext(esys_context, session);
192 goto_if_error(r, "Flushing context", error);
193
194 Esys_Free(outPublic);
195 Esys_Free(creationData);
196 Esys_Free(creationHash);
197 Esys_Free(creationTicket);
198 return EXIT_SUCCESS;
199
200 error:
201 LOG_ERROR("\nError Code: %x\n", r);
202
203 if (session != ESYS_TR_NONE) {
204 if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) {
205 LOG_ERROR("Cleanup session failed.");
206 }
207 }
208
209 if (objectHandle != ESYS_TR_NONE) {
210 if (Esys_FlushContext(esys_context, objectHandle) != TSS2_RC_SUCCESS) {
211 LOG_ERROR("Cleanup objectHandle failed.");
212 }
213 }
214
215 Esys_Free(outPublic);
216 Esys_Free(creationData);
217 Esys_Free(creationHash);
218 Esys_Free(creationTicket);
219 return EXIT_FAILURE;
220 }
221
222 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)223 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
224 return test_esys_create_primary_hmac(esys_context);
225 }
226