Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / integration / esys-certify.int.c
blob: f95fa83b538ed33ba64613ebbb15137619f40cd5 [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include "tss2_esys.h"
#include "esys_iutil.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
/** This test is intended to test the command Esys_Certify.
*
* We create a RSA primary signing key which will be used as signing key
* and as object for the certify command.
*
* Tested ESYS commands:
* - Esys_Certify() (M)
* - Esys_CreatePrimary() (M)
* - Esys_FlushContext() (M)
*
* @param[in,out] esys_context The ESYS_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_esys_certify(ESYS_CONTEXT * esys_context)
{
TSS2_RC r;
ESYS_TR signHandle = ESYS_TR_NONE;
TPM2B_PUBLIC *outPublic = NULL;
TPM2B_CREATION_DATA *creationData = NULL;
TPM2B_DIGEST *creationHash = NULL;
TPMT_TK_CREATION *creationTicket = NULL;
TPM2B_ATTEST *certifyInfo = NULL;
TPMT_SIGNATURE *signature = NULL;
TPM2B_AUTH authValuePrimary = {
.size = 5,
.buffer = {1, 2, 3, 4, 5}
};
TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
.size = 0,
.sensitive = {
.userAuth = {
.size = 0,
.buffer = {0},
},
.data = {
.size = 0,
.buffer = {0},
},
},
};
inSensitivePrimary.sensitive.userAuth = authValuePrimary;
TPM2B_PUBLIC inPublic = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (
TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_SIGN_ENCRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN
),
.authPolicy = {
.size = 0,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_NULL,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB,
},
.scheme = {
.scheme = TPM2_ALG_RSASSA,
.details = { .rsassa = { .hashAlg = TPM2_ALG_SHA1 }},
},
.keyBits = 2048,
.exponent = 0,
},
.unique.rsa = {
.size = 0,
.buffer = {},
},
},
};
TPM2B_AUTH authValue = {
.size = 0,
.buffer = {}
};
TPM2B_DATA outsideInfo = {
.size = 0,
.buffer = {},
};
TPML_PCR_SELECTION creationPCR = {
.count = 0,
};
LOG_INFO("\nRSA key will be created.");
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
goto_if_error(r, "Error: TR_SetAuth", error);
r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
&inPublic, &outsideInfo, &creationPCR,
&signHandle, &outPublic, &creationData,
&creationHash, &creationTicket);
goto_if_error(r, "Error esys create primary", error);
TPM2B_DATA qualifyingData = {0};
TPMT_SIG_SCHEME inScheme = { .scheme = TPM2_ALG_NULL };
r = Esys_Certify (
esys_context,
signHandle,
signHandle,
ESYS_TR_PASSWORD,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
&qualifyingData,
&inScheme,
&certifyInfo,
&signature
);
goto_if_error(r, "Error: Certify", error);
r = Esys_FlushContext(esys_context,signHandle);
goto_if_error(r, "Error: FlushContext", error);
Esys_Free(outPublic);
Esys_Free(creationData);
Esys_Free(creationHash);
Esys_Free(creationTicket);
Esys_Free(certifyInfo);
Esys_Free(signature);
return EXIT_SUCCESS;
error:
if (signHandle != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup signHandle failed.");
}
}
Esys_Free(outPublic);
Esys_Free(creationData);
Esys_Free(creationHash);
Esys_Free(creationTicket);
Esys_Free(certifyInfo);
Esys_Free(signature);
return EXIT_FAILURE;
}
int
test_invoke_esys(ESYS_CONTEXT * esys_context) {
return test_esys_certify(esys_context);
}