test/integration/esys-hierarchy-control.int.c - third_party/github.com/tpm2-software/tpm2-tss - Git at Google

 /* SPDX-License-Identifier: BSD-2-Clause */
 /*******************************************************************************
  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
  * All rights reserved.
  *******************************************************************************/

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <stdlib.h>

 #include "tss2_esys.h"

 #include "esys_iutil.h"
 #include "test-esys.h"
 #define LOGMODULE test
 #include "util/log.h"
 #include "util/aux_util.h"

 /** Test the ESYS function Esys_HierarchyControl.
  *
  * The owner hierarchy will be disabled and with Esys_CreatePrimary it will
  * be checked whether the owner hierarchy is disabled.
  *
  *\b Note: platform authorization needed.
  *
  * Tested ESYS commands:
  *  - Esys_CreatePrimary() (M)
  *  - Esys_FlushContext() (M)
  *  - Esys_HierarchyControl() (M)
  *
  * @param[in,out] esys_context The ESYS_CONTEXT.
  * @param[in] enable The hierarchy to enable or disable.
  * @retval EXIT_FAILURE
  * @retval EXIT_SKIP
  * @retval EXIT_SUCCESS
  */
 int
 test_esys_hierarchy_control(ESYS_CONTEXT * esys_context, ESYS_TR enable)
 {
     TSS2_RC r;

     ESYS_TR authHandle_handle = ESYS_TR_RH_PLATFORM;
     TPMI_YES_NO state = TPM2_NO;
     ESYS_TR primaryHandle = ESYS_TR_NONE;
     int failure_return = EXIT_FAILURE;

     TPM2B_PUBLIC *outPublic = NULL;
     TPM2B_CREATION_DATA *creationData = NULL;
     TPM2B_DIGEST *creationHash = NULL;
     TPMT_TK_CREATION *creationTicket = NULL;

     r = Esys_HierarchyControl(
         esys_context,
         authHandle_handle,
         ESYS_TR_PASSWORD,
         ESYS_TR_NONE,
         ESYS_TR_NONE,
         enable,
         state);

     if (number_rc(r) == TPM2_RC_BAD_AUTH) {
         /* Platform authorization not possible test will be skipped */
         LOG_WARNING("Platform authorization not possible.");
         return EXIT_SKIP;
     }

     goto_if_error(r, "Error: HierarchyControl", error);

     TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
         .size = 0,
         .sensitive = {
             .userAuth = {
                  .size = 0,
                  .buffer = {0 },
              },
             .data = {
                  .size = 0,
                  .buffer = {0},
              },
         },
     };

       TPM2B_PUBLIC inPublic = {
         .size = 0,
         .publicArea = {
             .type = TPM2_ALG_RSA,
             .nameAlg = TPM2_ALG_SHA256,
             .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
                                  TPMA_OBJECT_RESTRICTED |
                                  TPMA_OBJECT_DECRYPT |
                                  TPMA_OBJECT_FIXEDTPM |
                                  TPMA_OBJECT_FIXEDPARENT |
                                  TPMA_OBJECT_SENSITIVEDATAORIGIN),
             .authPolicy = {
                  .size = 0,
              },
             .parameters.rsaDetail = {
                  .symmetric = {
                      .algorithm = TPM2_ALG_AES,
                      .keyBits.aes = 128,
                      .mode.aes = TPM2_ALG_CFB},
                  .scheme = {
                       .scheme = TPM2_ALG_NULL
                   },
                  .keyBits = 2048,
                  .exponent = 0,
              },
             .unique.rsa = {
                  .size = 0,
                  .buffer = {},
              },
         },
     };
     LOG_INFO("\nRSA key will be created.");

     TPM2B_DATA outsideInfo = {
         .size = 0,
         .buffer = {},
     };

     TPML_PCR_SELECTION creationPCR = {
         .count = 0,
     };

     goto_if_error(r, "Error: TR_SetAuth", error);

     r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
                            ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
                            &outsideInfo, &creationPCR, &primaryHandle,
                            &outPublic, &creationData, &creationHash,
                            &creationTicket);

     goto_error_if_not_failed(r, "Error: Create Primary", error);

     state = TPM2_YES;

     r = Esys_HierarchyControl(
         esys_context,
         authHandle_handle,
         ESYS_TR_PASSWORD,
         ESYS_TR_NONE,
         ESYS_TR_NONE,
         enable,
         state);
     goto_if_error(r, "Error: HierarchyControl", error);

     r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
                            ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
                            &outsideInfo, &creationPCR, &primaryHandle,
                            &outPublic, &creationData, &creationHash,
                            &creationTicket);
     goto_if_error(r, "Error esys create primary", error);

     r = Esys_FlushContext(esys_context, primaryHandle);
     goto_if_error(r, "Error: FlushContext", error);

     Esys_Free(outPublic);
     Esys_Free(creationData);
     Esys_Free(creationHash);
     Esys_Free(creationTicket);
     return EXIT_SUCCESS;

  error:

     if (primaryHandle != ESYS_TR_NONE) {
         if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
             LOG_ERROR("Cleanup primaryHandle failed.");
         }
     }

     Esys_Free(outPublic);
     Esys_Free(creationData);
     Esys_Free(creationHash);
     Esys_Free(creationTicket);
     return failure_return;
 }

 int
 test_invoke_esys(ESYS_CONTEXT * esys_context) {
     int rc = test_esys_hierarchy_control(esys_context, ESYS_TR_RH_OWNER);
     if (rc)
         return rc;

     /*
      * Test that backwards compat API change is still working, see:
      *   - https://github.com/tpm2-software/tpm2-tss/issues/1750
      */
     return test_esys_hierarchy_control(esys_context, TPM2_RH_OWNER);
 }
	/* SPDX-License-Identifier: BSD-2-Clause */
	/*******************************************************************************
	* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
	* All rights reserved.
	*******************************************************************************/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>

	#include "tss2_esys.h"

	#include "esys_iutil.h"
	#include "test-esys.h"
	#define LOGMODULE test
	#include "util/log.h"
	#include "util/aux_util.h"

	/** Test the ESYS function Esys_HierarchyControl.
	*
	* The owner hierarchy will be disabled and with Esys_CreatePrimary it will
	* be checked whether the owner hierarchy is disabled.
	*
	*\b Note: platform authorization needed.
	*
	* Tested ESYS commands:
	* - Esys_CreatePrimary() (M)
	* - Esys_FlushContext() (M)
	* - Esys_HierarchyControl() (M)
	*
	* @param[in,out] esys_context The ESYS_CONTEXT.
	* @param[in] enable The hierarchy to enable or disable.
	* @retval EXIT_FAILURE
	* @retval EXIT_SKIP
	* @retval EXIT_SUCCESS
	*/
	int
	test_esys_hierarchy_control(ESYS_CONTEXT * esys_context, ESYS_TR enable)
	{
	TSS2_RC r;

	ESYS_TR authHandle_handle = ESYS_TR_RH_PLATFORM;
	TPMI_YES_NO state = TPM2_NO;
	ESYS_TR primaryHandle = ESYS_TR_NONE;
	int failure_return = EXIT_FAILURE;

	TPM2B_PUBLIC *outPublic = NULL;
	TPM2B_CREATION_DATA *creationData = NULL;
	TPM2B_DIGEST *creationHash = NULL;
	TPMT_TK_CREATION *creationTicket = NULL;

	r = Esys_HierarchyControl(
	esys_context,
	authHandle_handle,
	ESYS_TR_PASSWORD,
	ESYS_TR_NONE,
	ESYS_TR_NONE,
	enable,
	state);

	if (number_rc(r) == TPM2_RC_BAD_AUTH) {
	/* Platform authorization not possible test will be skipped */
	LOG_WARNING("Platform authorization not possible.");
	return EXIT_SKIP;
	}

	goto_if_error(r, "Error: HierarchyControl", error);

	TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
	.size = 0,
	.sensitive = {
	.userAuth = {
	.size = 0,
	.buffer = {0 },
	},
	.data = {
	.size = 0,
	.buffer = {0},
	},
	},
	};

	TPM2B_PUBLIC inPublic = {
	.size = 0,
	.publicArea = {
	.type = TPM2_ALG_RSA,
	.nameAlg = TPM2_ALG_SHA256,
	.objectAttributes = (TPMA_OBJECT_USERWITHAUTH \|
	TPMA_OBJECT_RESTRICTED \|
	TPMA_OBJECT_DECRYPT \|
	TPMA_OBJECT_FIXEDTPM \|
	TPMA_OBJECT_FIXEDPARENT \|
	TPMA_OBJECT_SENSITIVEDATAORIGIN),
	.authPolicy = {
	.size = 0,
	},
	.parameters.rsaDetail = {
	.symmetric = {
	.algorithm = TPM2_ALG_AES,
	.keyBits.aes = 128,
	.mode.aes = TPM2_ALG_CFB},
	.scheme = {
	.scheme = TPM2_ALG_NULL
	},
	.keyBits = 2048,
	.exponent = 0,
	},
	.unique.rsa = {
	.size = 0,
	.buffer = {},
	},
	},
	};
	LOG_INFO("\nRSA key will be created.");

	TPM2B_DATA outsideInfo = {
	.size = 0,
	.buffer = {},
	};

	TPML_PCR_SELECTION creationPCR = {
	.count = 0,
	};

	goto_if_error(r, "Error: TR_SetAuth", error);

	r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
	ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
	&outsideInfo, &creationPCR, &primaryHandle,
	&outPublic, &creationData, &creationHash,
	&creationTicket);

	goto_error_if_not_failed(r, "Error: Create Primary", error);

	state = TPM2_YES;

	r = Esys_HierarchyControl(
	esys_context,
	authHandle_handle,
	ESYS_TR_PASSWORD,
	ESYS_TR_NONE,
	ESYS_TR_NONE,
	enable,
	state);
	goto_if_error(r, "Error: HierarchyControl", error);

	r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
	ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
	&outsideInfo, &creationPCR, &primaryHandle,
	&outPublic, &creationData, &creationHash,
	&creationTicket);
	goto_if_error(r, "Error esys create primary", error);

	r = Esys_FlushContext(esys_context, primaryHandle);
	goto_if_error(r, "Error: FlushContext", error);

	Esys_Free(outPublic);
	Esys_Free(creationData);
	Esys_Free(creationHash);
	Esys_Free(creationTicket);
	return EXIT_SUCCESS;

	error:

	if (primaryHandle != ESYS_TR_NONE) {
	if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
	LOG_ERROR("Cleanup primaryHandle failed.");
	}
	}

	Esys_Free(outPublic);
	Esys_Free(creationData);
	Esys_Free(creationHash);
	Esys_Free(creationTicket);
	return failure_return;
	}

	int
	test_invoke_esys(ESYS_CONTEXT * esys_context) {
	int rc = test_esys_hierarchy_control(esys_context, ESYS_TR_RH_OWNER);
	if (rc)
	return rc;

	/*
	* Test that backwards compat API change is still working, see:
	* - https://github.com/tpm2-software/tpm2-tss/issues/1750
	*/
	return test_esys_hierarchy_control(esys_context, TPM2_RH_OWNER);
	}