Google Git
Sign in
android / platform / external / tpm2-tss / bb517eb4 / . / test / integration / esys-policy-password.int.c
blob: 399a2b034c7cdc96b621e145eda81d8badf2d0ee [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2 */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
* rights reserved.
*******************************************************************************/
#include <stdlib.h>
#include "tss2_esys.h"
#include "esys_iutil.h"
#include "test-esapi.h"
#define LOGMODULE test
#include "util/log.h"
/*
* This test is intended to test the ESAPI command PolicyPassword.
* First in a trial session the policy value to ensure that auth value
* is included in the policy session used for authorization is
* computed.
* We start by creating a primary key (Esys_CreatePrimary) with this
* policy value and a certain authorization. Than a second key it created
* with a PoliyPassword policy session.
*/
int
test_invoke_esapi(ESYS_CONTEXT * esys_context)
{
TSS2_RC r;
/*
* Firth the policy value for changing the auth value of an NV index has to be
* determined with a policy trial session.
*/
ESYS_TR sessionTrial;
TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE nonceCallerTrial = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&nonceCallerTrial,
TPM2_SE_TRIAL, &symmetricTrial,
TPM2_ALG_SHA1, &sessionTrial);
goto_if_error(r, "Error: During initialization of policy trial session",
error);
r = Esys_PolicyPassword(
esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyPassword", error);
TPM2B_DIGEST *policyDigestTrial;
r = Esys_PolicyGetDigest(
esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&policyDigestTrial
);
goto_if_error(r, "Error: PolicyGetDigest", error);
TPM2B_PUBLIC inPublic = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_DECRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN),
.authPolicy = *policyDigestTrial,
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_AES,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB},
.scheme = {
.scheme = TPM2_ALG_NULL
},
.keyBits = 2048,
.exponent = 65537,
},
.unique.rsa = {
.size = 0,
.buffer = {},
},
},
};
TPM2B_AUTH authValuePrimary = {
.size = 5,
.buffer = {1, 2, 3, 4, 5}
};
TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
.size = 4,
.sensitive = {
.userAuth = {
.size = 0,
.buffer = {0 },
},
.data = {
.size = 0,
.buffer = {0},
},
},
};
inSensitivePrimary.sensitive.userAuth = authValuePrimary;
TPM2B_DATA outsideInfo = {
.size = 0,
.buffer = {},
};
TPML_PCR_SELECTION creationPCR = {
.count = 0,
};
TPM2B_AUTH authValue = {
.size = 0,
.buffer = {}
};
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
goto_if_error(r, "Error: TR_SetAuth", error);
ESYS_TR primaryHandle_handle;
TPM2B_PUBLIC *outPublic;
TPM2B_CREATION_DATA *creationData;
TPM2B_DIGEST *creationHash;
TPMT_TK_CREATION *creationTicket;
r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
&outsideInfo, &creationPCR, &primaryHandle_handle,
&outPublic, &creationData, &creationHash,
&creationTicket);
goto_if_error(r, "Error esys create primary", error);
ESYS_TR policySession;
TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE policyNonceCaller = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&policyNonceCaller,
TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1,
&policySession);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyPassword(
esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
goto_if_error(r, "Error: TR_SetAuth", error);
TPM2B_AUTH authKey2 = {
.size = 6,
.buffer = {6, 7, 8, 9, 10, 11}
};
TPM2B_SENSITIVE_CREATE inSensitive2 = {
.size = 1,
.sensitive = {
.userAuth = authKey2,
.data = {
.size = 0,
.buffer = {}
}
}
};
TPM2B_PUBLIC inPublic2 = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_DECRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN),
.authPolicy = {
.size = 0,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_AES,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB
},
.scheme = {
.scheme =
TPM2_ALG_NULL,
},
.keyBits = 2048,
.exponent = 65537
},
.unique.rsa = {
.size = 0,
.buffer = {}
,
}
}
};
TPM2B_DATA outsideInfo2 = {
.size = 0,
.buffer = {}
,
};
TPML_PCR_SELECTION creationPCR2 = {
.count = 0,
};
TPM2B_PUBLIC *outPublic2;
TPM2B_PRIVATE *outPrivate2;
TPM2B_CREATION_DATA *creationData2;
TPM2B_DIGEST *creationHash2;
TPMT_TK_CREATION *creationTicket2;
r = Esys_Create(esys_context,
primaryHandle_handle,
policySession, ESYS_TR_NONE, ESYS_TR_NONE,
&inSensitive2,
&inPublic2,
&outsideInfo2,
&creationPCR2,
&outPrivate2,
&outPublic2,
&creationData2, &creationHash2, &creationTicket2);
goto_if_error(r, "Error esys create ", error);
r = Esys_FlushContext(esys_context, primaryHandle_handle);
goto_if_error(r, "Error: FlushContext", error);
return EXIT_SUCCESS;
error:
return EXIT_FAILURE;
}