| /* SPDX-License-Identifier: BSD-2-Clause */ |
| /******************************************************************************* |
| * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG |
| * All rights reserved. |
| *******************************************************************************/ |
| |
| #ifdef HAVE_CONFIG_H |
| #include <config.h> |
| #endif |
| |
| #include <stdlib.h> |
| |
| #include "tss2_esys.h" |
| |
| #include "esys_iutil.h" |
| #define LOGMODULE test |
| #include "util/log.h" |
| #include "util/aux_util.h" |
| |
| /** This test is intended to test the ESYS commands PolicyAuthValue, |
| * PolicyCommandCode, Esys_PolicyGetDigest, and NV_ChangeAuth. |
| * |
| * First in a trial session the policy value to ensure that the auth value |
| * is included in the policy session used for NV_ChangeAuth is |
| * computed. |
| * A NV ram space with this policy is defined afterwards. |
| * With a real policy session the auth value of this NV ram space |
| * will be changed. |
| * |
| * Tested ESYS commands: |
| * - Esys_FlushContext() (M) |
| * - Esys_NV_ChangeAuth() (M) |
| * - Esys_NV_DefineSpace() (M) |
| * - Esys_NV_UndefineSpace() (M) |
| * - Esys_PolicyAuthValue() (M) |
| * - Esys_PolicyCommandCode() (M) |
| * - Esys_PolicyGetDigest() (M) |
| * - Esys_StartAuthSession() (M) |
| * |
| * @param[in,out] esys_context The ESYS_CONTEXT. |
| * @retval EXIT_FAILURE |
| * @retval EXIT_SUCCESS |
| */ |
| |
| int |
| test_esys_policy_nv_changeauth(ESYS_CONTEXT * esys_context) |
| { |
| TSS2_RC r; |
| ESYS_TR nvHandle = ESYS_TR_NONE; |
| ESYS_TR policySession = ESYS_TR_NONE; |
| |
| TPM2B_DIGEST *policyDigestTrial = NULL; |
| |
| /* |
| * Firth the policy value for changing the auth value of an NV index has to be |
| * determined with a policy trial session. |
| */ |
| ESYS_TR sessionTrial = ESYS_TR_NONE; |
| TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, |
| .keyBits = {.aes = 128}, |
| .mode = {.aes = TPM2_ALG_CFB} |
| }; |
| TPM2B_NONCE nonceCallerTrial = { |
| .size = 20, |
| .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11, |
| 21, 22, 23, 24, 25, 26, 27, 28, 29, 30} |
| }; |
| |
| r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, |
| ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, |
| &nonceCallerTrial, |
| TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1, |
| &sessionTrial); |
| goto_if_error(r, "Error: During initialization of policy trial session", error); |
| |
| r = Esys_PolicyAuthValue(esys_context, |
| sessionTrial, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE |
| ); |
| goto_if_error(r, "Error: PolicyAuthValue", error); |
| |
| r = Esys_PolicyCommandCode(esys_context, |
| sessionTrial, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| TPM2_CC_NV_ChangeAuth |
| ); |
| goto_if_error(r, "Error: PolicyCommandCode", error); |
| |
| r = Esys_PolicyGetDigest(esys_context, |
| sessionTrial, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| &policyDigestTrial |
| ); |
| goto_if_error(r, "Error: PolicyGetDigest", error); |
| |
| r = Esys_FlushContext(esys_context, sessionTrial); |
| goto_if_error(r, "Flushing context", error); |
| |
| TPM2B_AUTH auth = {.size = 20, |
| .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, |
| 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; |
| |
| TPM2B_NV_PUBLIC publicInfo = { |
| .size = 0, |
| .nvPublic = { |
| .nvIndex =TPM2_NV_INDEX_FIRST, |
| .nameAlg = TPM2_ALG_SHA1, |
| .attributes = ( |
| TPMA_NV_OWNERWRITE | |
| TPMA_NV_AUTHWRITE | |
| TPMA_NV_WRITE_STCLEAR | |
| TPMA_NV_READ_STCLEAR | |
| TPMA_NV_AUTHREAD | |
| TPMA_NV_OWNERREAD |
| ), |
| .authPolicy = *policyDigestTrial, |
| .dataSize = 32, |
| } |
| }; |
| |
| |
| r = Esys_NV_DefineSpace(esys_context, |
| ESYS_TR_RH_OWNER, |
| ESYS_TR_PASSWORD, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| &auth, |
| &publicInfo, |
| &nvHandle); |
| |
| goto_if_error(r, "Error esys define nv space", error); |
| |
| TPM2B_AUTH newAuth = {.size = 20, |
| .buffer={30, 31, 32, 33, 34, 35, 36, 37, 38, 39, |
| 40, 41, 42, 43, 44, 45, 46, 47, 48, 49}}; |
| |
| TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, |
| .keyBits = {.aes = 128}, |
| .mode = {.aes = TPM2_ALG_CFB} |
| }; |
| TPM2B_NONCE policyNonceCaller = { |
| .size = 20, |
| .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11, |
| 21, 22, 23, 24, 25, 26, 27, 28, 29, 30} |
| }; |
| |
| r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, |
| ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, |
| &policyNonceCaller, |
| TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1, |
| &policySession); |
| goto_if_error(r, "Error: During initialization of policy trial session", error); |
| |
| |
| r = Esys_PolicyAuthValue(esys_context, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE |
| ); |
| goto_if_error(r, "Error: PolicyAuthValue", error); |
| |
| r = Esys_PolicyCommandCode(esys_context, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| TPM2_CC_NV_ChangeAuth |
| ); |
| goto_if_error(r, "Error: PolicyCommandCode", error); |
| |
| r = Esys_NV_ChangeAuth(esys_context, |
| nvHandle, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| &newAuth |
| ); |
| goto_if_error(r, "Error: NV_ChangeAuth", error); |
| |
| r = Esys_NV_UndefineSpace(esys_context, |
| ESYS_TR_RH_OWNER, |
| nvHandle, |
| ESYS_TR_PASSWORD, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE |
| ); |
| goto_if_error(r, "Error: NV_UndefineSpace", error); |
| |
| r = Esys_FlushContext(esys_context, policySession); |
| goto_if_error(r, "Flushing context", error); |
| |
| /* Check DefineSpace with auth equal NULL */ |
| |
| r = Esys_NV_DefineSpace(esys_context, |
| ESYS_TR_RH_OWNER, |
| ESYS_TR_PASSWORD, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| NULL, |
| &publicInfo, |
| &nvHandle); |
| |
| goto_if_error(r, "Error esys define nv space", error); |
| |
| r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, |
| ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, |
| &policyNonceCaller, |
| TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1, |
| &policySession); |
| goto_if_error(r, "Error: During initialization of policy trial session", error); |
| |
| |
| r = Esys_PolicyAuthValue(esys_context, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE |
| ); |
| goto_if_error(r, "Error: PolicyAuthValue", error); |
| |
| r = Esys_PolicyCommandCode(esys_context, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| TPM2_CC_NV_ChangeAuth |
| ); |
| goto_if_error(r, "Error: PolicyCommandCode", error); |
| |
| r = Esys_NV_ChangeAuth(esys_context, |
| nvHandle, |
| policySession, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE, |
| NULL |
| ); |
| goto_if_error(r, "Error: NV_ChangeAuth", error); |
| |
| r = Esys_NV_UndefineSpace(esys_context, |
| ESYS_TR_RH_OWNER, |
| nvHandle, |
| ESYS_TR_PASSWORD, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE |
| ); |
| goto_if_error(r, "Error: NV_UndefineSpace", error); |
| |
| r = Esys_FlushContext(esys_context, policySession); |
| goto_if_error(r, "Flushing context", error); |
| |
| Esys_Free(policyDigestTrial); |
| return EXIT_SUCCESS; |
| |
| error: |
| |
| if (sessionTrial != ESYS_TR_NONE) { |
| if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { |
| LOG_ERROR("Cleanup policySession failed."); |
| } |
| } |
| |
| if (policySession != ESYS_TR_NONE) { |
| if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { |
| LOG_ERROR("Cleanup policySession failed."); |
| } |
| } |
| |
| if (nvHandle != ESYS_TR_NONE) { |
| if (Esys_NV_UndefineSpace(esys_context, |
| ESYS_TR_RH_OWNER, |
| nvHandle, |
| ESYS_TR_PASSWORD, |
| ESYS_TR_NONE, |
| ESYS_TR_NONE) != TSS2_RC_SUCCESS) { |
| LOG_ERROR("Cleanup nvHandle failed."); |
| } |
| } |
| |
| Esys_Free(policyDigestTrial); |
| return EXIT_FAILURE; |
| } |
| |
| int |
| test_invoke_esys(ESYS_CONTEXT * esys_context) { |
| return test_esys_policy_nv_changeauth(esys_context); |
| } |