test: Add integration test to create RSA 2k, AES 128 CFB primary key.
This is one of the first things that the tpmclient test program does.
Figured it's a pretty easy test to move into the test harness. The
tpmclient program must do this regardless since this key is used in
nearly all subsequent tests that involve key operations.
Nearly every test that requires keys requires a primary key be created
and loaded. What this test does is effectively required by a whole class
of tests and so implementing it in the test library makes sense.
Signed-off-by: Philip Tricca <philip.b.tricca@intel.com>
diff --git a/Makefile.am b/Makefile.am
index 8012dd1..392287f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -60,6 +60,7 @@
if SIMULATOR_BIN
TESTS_INTEGRATION = \
test/integration/asymmetric-encrypt-decrypt.int \
+ test/integration/create-primary-rsa-2048-aes-128-cfb.int \
test/integration/get-random.int \
test/integration/pcr-extension.int \
test/integration/self-test.int \
@@ -182,15 +183,21 @@
test/tpmclient/tpmclient_wo_rm.h test/tpmclient/TpmHandleToName.c \
test/tpmclient/TpmHash.c test/tpmclient/TpmHmac.c
-test_integration_libtest_utils_la_SOURCES = test/integration/context-util.c \
- test/integration/context-util.h test/integration/test-options.c \
- test/integration/test-options.h
+test_integration_libtest_utils_la_SOURCES = \
+ test/integration/context-util.c test/integration/context-util.h \
+ test/integration/sapi-util.c test/integration/sapi-util.h \
+ test/integration/test-options.c test/integration/test-options.h
test_integration_asymmetric_encrypt_decrypt_int_LDADD = $(TESTS_LDADD)
test_integration_asymmetric_encrypt_decrypt_int_SOURCES = \
test/integration/asymmetric-encrypt-decrypt.int.c \
test/integration/main.c
+test_integration_create_primary_rsa_2048_aes_128_cfb_int_LDADD = $(TESTS_LDADD)
+test_integration_create_primary_rsa_2048_aes_128_cfb_int_SOURCES = \
+ test/integration/create-primary-rsa-2048-aes-128-cfb.int.c \
+ test/integration/main.c
+
test_integration_get_random_int_LDADD = $(TESTS_LDADD)
test_integration_get_random_int_SOURCES = test/integration/get-random.int.c \
test/integration/main.c
diff --git a/test/integration/create-primary-rsa-2048-aes-128-cfb.int.c b/test/integration/create-primary-rsa-2048-aes-128-cfb.int.c
new file mode 100644
index 0000000..3809efc
--- /dev/null
+++ b/test/integration/create-primary-rsa-2048-aes-128-cfb.int.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2017, Intel Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "log.h"
+#include "sapi-util.h"
+#include "test.h"
+
+int
+test_invoke (TSS2_SYS_CONTEXT *sapi_context)
+{
+ TPM_HANDLE handle = 0;
+
+ return create_primary_rsa_2048_aes_128_cfb (sapi_context, &handle);
+}
diff --git a/test/integration/sapi-util.c b/test/integration/sapi-util.c
new file mode 100644
index 0000000..351f6be
--- /dev/null
+++ b/test/integration/sapi-util.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017, Intel Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "log.h"
+#include "sapi-util.h"
+/*
+ * Use te provide SAPI context to create & load a primary key. The key will
+ * be a 2048 bit (restricted decryption) RSA key. The associated symmetric
+ * key is a 128 bit AES (CFB mode) key.
+ */
+TSS2_RC
+create_primary_rsa_2048_aes_128_cfb (
+ TSS2_SYS_CONTEXT *sapi_context,
+ TPM_HANDLE *handle)
+{
+ TSS2_RC rc = TSS2_RC_SUCCESS;
+ TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
+ TPM2B_PUBLIC in_public = { 0 };
+ TPM2B_DATA outside_info = { 0 };
+ TPML_PCR_SELECTION creation_pcr = { 0 };
+ TPM2B_PUBLIC out_public = { 0 };
+ TPM2B_CREATION_DATA creation_data = { 0 };
+ TPM2B_DIGEST creation_hash = TPM2B_DIGEST_INIT;
+ TPMT_TK_CREATION creation_ticket = { 0 };
+ TPM2B_NAME name = TPM2B_NAME_INIT;
+ /* session parameters */
+ /* command session info */
+ TPMS_AUTH_COMMAND session_cmd = { .sessionHandle = TPM_RS_PW };
+ TPMS_AUTH_COMMAND *session_cmd_array[1] = { &session_cmd };
+ TSS2_SYS_CMD_AUTHS sessions_cmd = {
+ .cmdAuths = session_cmd_array,
+ .cmdAuthsCount = 1
+ };
+ /* response session info */
+ TPMS_AUTH_RESPONSE session_rsp = { 0 };
+ TPMS_AUTH_RESPONSE *session_rsp_array[1] = { &session_rsp };
+ TSS2_SYS_RSP_AUTHS sessions_rsp = {
+ .rspAuths = session_rsp_array,
+ .rspAuthsCount = 1
+ };
+
+ if (sapi_context == NULL || handle == NULL) {
+ return TSS2_APP_RC_BAD_REFERENCE;
+ }
+ in_public.t.publicArea.type = TPM_ALG_RSA;
+ in_public.t.publicArea.nameAlg = TPM_ALG_SHA256;
+ in_public.t.publicArea.objectAttributes.restricted = 1;
+ in_public.t.publicArea.objectAttributes.userWithAuth = 1;
+ in_public.t.publicArea.objectAttributes.decrypt = 1;
+ in_public.t.publicArea.objectAttributes.fixedTPM = 1;
+ in_public.t.publicArea.objectAttributes.fixedParent = 1;
+ in_public.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
+
+ in_public.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
+ in_public.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
+ in_public.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
+ in_public.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
+ in_public.t.publicArea.parameters.rsaDetail.keyBits = 2048;
+
+ print_log ("CreatePrimary RSA 2048, AES 128 CFB");
+ rc = Tss2_Sys_CreatePrimary (sapi_context,
+ TPM_RH_OWNER,
+ &sessions_cmd,
+ &in_sensitive,
+ &in_public,
+ &outside_info,
+ &creation_pcr,
+ handle,
+ &out_public,
+ &creation_data,
+ &creation_hash,
+ &creation_ticket,
+ &name,
+ &sessions_rsp);
+ if (rc == TPM_RC_SUCCESS) {
+ print_log ("success");
+ } else {
+ print_fail ("CreatePrimary FAILED! Response Code : 0x%x", rc);
+ }
+
+ return rc;
+}
diff --git a/test/integration/sapi-util.h b/test/integration/sapi-util.h
new file mode 100644
index 0000000..b766e52
--- /dev/null
+++ b/test/integration/sapi-util.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017, Intel Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef TEST_INTEGRATION_SAPI_UTIL_H
+#define TEST_INTEGRATION_SAPI_UTIL_H
+
+#include "sapi/tpm20.h"
+/*
+ * Definition of TSS2_RC values returned by application level stuff. We use
+ * this "level" for errors returned by functions in the integration test
+ * harness.
+ */
+#define TSS2_APP_ERROR(base_rc) (TSS2_APP_ERROR_LEVEL | base_rc)
+#define TSS2_APP_RC_BAD_REFERENCE TSS2_APP_ERROR (TSS2_BASE_RC_BAD_REFERENCE)
+/*
+ * tpm2b default initializers, these set the size to the max for the default
+ * structure and zero's the data area.
+ */
+#define TPM2B_SIZE(type) (sizeof (type) - 2)
+#define TPM2B_NAMED_INIT(type, field) \
+ { \
+ .t = { \
+ .size = TPM2B_SIZE (type), \
+ .field = { 0 } \
+ } \
+ }
+#define TPM2B_DIGEST_INIT TPM2B_NAMED_INIT (TPM2B_DIGEST, buffer)
+#define TPM2B_NAME_INIT TPM2B_NAMED_INIT (TPM2B_NAME, name)
+/*
+ * Use te provide SAPI context to create & load a primary key. The key will
+ * be a 2048 bit (restricted decryption) RSA key. The associated symmetric
+ * key is a 128 bit AES (CFB mode) key.
+ */
+TSS2_RC
+create_primary_rsa_2048_aes_128_cfb (
+ TSS2_SYS_CONTEXT *sapi_context,
+ TPM_HANDLE *handle);
+
+#endif /* TEST_INTEGRATION_SAPI_UTIL_H */
