Google Git
Sign in
android / platform / external / tpm2-tss / bb517eb4 / . / test / integration / esys-verify-signature.int.c
blob: 8b6000d4b7aa54c502ff39aa69df17c0e0ea82b9 [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2 */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#include <stdlib.h>
#include "tss2_esys.h"
#include "tss2_mu.h"
#include "esys_iutil.h"
#define LOGMODULE test
#include "util/log.h"
/*
* This test is intended to test the ESAPI signing and signature verification.
*/
int
test_invoke_esapi(ESYS_CONTEXT * esys_context)
{
TSS2_RC r;
/*
* 1. Create Primary. This primary will be used as signing key.
*/
TPM2B_AUTH authValuePrimary = {
.size = 5,
.buffer = {1, 2, 3, 4, 5}
};
TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
.size = 4,
.sensitive = {
.userAuth = authValuePrimary,
.data = {
.size = 0,
.buffer = {0},
},
},
};
TPM2B_PUBLIC inPublic = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_SIGN_ENCRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN),
.authPolicy = {
.size = 0,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_NULL,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB},
.scheme = {
.scheme = TPM2_ALG_RSAPSS,
.details = {
.rsapss = { .hashAlg = TPM2_ALG_SHA1 }
}
},
.keyBits = 2048,
.exponent = 65537,
},
.unique.rsa = {
.size = 0,
.buffer = {},
},
},
};
LOG_INFO("\nRSA key will be created.");
TPM2B_DATA outsideInfo = {
.size = 0,
.buffer = {},
};
TPML_PCR_SELECTION creationPCR = {
.count = 0,
};
TPM2B_AUTH authValue = {
.size = 0,
.buffer = {}
};
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
goto_if_error(r, "Error: TR_SetAuth", error);
ESYS_TR primaryHandle_handle;
TPM2B_PUBLIC *outPublic;
TPM2B_CREATION_DATA *creationData;
TPM2B_DIGEST *creationHash;
TPMT_TK_CREATION *creationTicket;
r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
ESYS_TR_NONE, ESYS_TR_NONE,
&inSensitivePrimary, &inPublic,
&outsideInfo, &creationPCR, &primaryHandle_handle,
&outPublic, &creationData, &creationHash,
&creationTicket);
goto_if_error(r, "Error esys create primary", error);
TPM2B_NAME *nameKeySign;
TPM2B_NAME *keyQualifiedName;
r = Esys_ReadPublic(esys_context,
primaryHandle_handle,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&outPublic,
&nameKeySign,
&keyQualifiedName);
goto_if_error(r, "Error: ReadPublic", error);
TPMT_SIG_SCHEME inScheme = { .scheme = TPM2_ALG_NULL };
TPMT_TK_HASHCHECK hash_validation = {
.tag = TPM2_ST_HASHCHECK,
.hierarchy = TPM2_RH_OWNER,
.digest = {0}
};
TPMT_SIGNATURE *signature;
/* SHA1 digest for PCR register with zeros */
TPM2B_DIGEST pcr_digest_zero = {
.size = 20,
.buffer = { 0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f }
};
/*
* 1. Sign pcr_digest_zero and verfiy the signature.
*/
r = Esys_Sign(
esys_context,
primaryHandle_handle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE,
&pcr_digest_zero,
&inScheme,
&hash_validation,
&signature);
goto_if_error(r, "Error: Sign", error);
TPMT_TK_VERIFIED *validation;
r = Esys_VerifySignature(
esys_context,
primaryHandle_handle,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&pcr_digest_zero,
signature,
&validation);
goto_if_error(r, "Error: Sign", error);
r = Esys_FlushContext(esys_context, primaryHandle_handle);
goto_if_error(r, "Error: FlushContext", error);
return EXIT_SUCCESS;
error:
return EXIT_FAILURE;
}