Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / integration / esys-policy-nv-changeauth.int.c
blob: c6e16ce4b95cf562c59abb008147d2360a4f8783 [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include "tss2_esys.h"
#include "esys_iutil.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
/** This test is intended to test the ESYS commands PolicyAuthValue,
* PolicyCommandCode, Esys_PolicyGetDigest, and NV_ChangeAuth.
*
* First in a trial session the policy value to ensure that the auth value
* is included in the policy session used for NV_ChangeAuth is
* computed.
* A NV ram space with this policy is defined afterwards.
* With a real policy session the auth value of this NV ram space
* will be changed.
*
* Tested ESYS commands:
* - Esys_FlushContext() (M)
* - Esys_NV_ChangeAuth() (M)
* - Esys_NV_DefineSpace() (M)
* - Esys_NV_UndefineSpace() (M)
* - Esys_PolicyAuthValue() (M)
* - Esys_PolicyCommandCode() (M)
* - Esys_PolicyGetDigest() (M)
* - Esys_StartAuthSession() (M)
*
* @param[in,out] esys_context The ESYS_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_esys_policy_nv_changeauth(ESYS_CONTEXT * esys_context)
{
TSS2_RC r;
ESYS_TR nvHandle = ESYS_TR_NONE;
ESYS_TR policySession = ESYS_TR_NONE;
TPM2B_DIGEST *policyDigestTrial = NULL;
/*
* Firth the policy value for changing the auth value of an NV index has to be
* determined with a policy trial session.
*/
ESYS_TR sessionTrial = ESYS_TR_NONE;
TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE nonceCallerTrial = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&nonceCallerTrial,
TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
&sessionTrial);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyAuthValue(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_PolicyCommandCode(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
TPM2_CC_NV_ChangeAuth
);
goto_if_error(r, "Error: PolicyCommandCode", error);
r = Esys_PolicyGetDigest(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&policyDigestTrial
);
goto_if_error(r, "Error: PolicyGetDigest", error);
r = Esys_FlushContext(esys_context, sessionTrial);
goto_if_error(r, "Flushing context", error);
TPM2B_AUTH auth = {.size = 20,
.buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
20, 21, 22, 23, 24, 25, 26, 27, 28, 29}};
TPM2B_NV_PUBLIC publicInfo = {
.size = 0,
.nvPublic = {
.nvIndex =TPM2_NV_INDEX_FIRST,
.nameAlg = TPM2_ALG_SHA1,
.attributes = (
TPMA_NV_OWNERWRITE |
TPMA_NV_AUTHWRITE |
TPMA_NV_WRITE_STCLEAR |
TPMA_NV_READ_STCLEAR |
TPMA_NV_AUTHREAD |
TPMA_NV_OWNERREAD
),
.authPolicy = *policyDigestTrial,
.dataSize = 32,
}
};
r = Esys_NV_DefineSpace(esys_context,
ESYS_TR_RH_OWNER,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE,
&auth,
&publicInfo,
&nvHandle);
goto_if_error(r, "Error esys define nv space", error);
TPM2B_AUTH newAuth = {.size = 20,
.buffer={30, 31, 32, 33, 34, 35, 36, 37, 38, 39,
40, 41, 42, 43, 44, 45, 46, 47, 48, 49}};
TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE policyNonceCaller = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&policyNonceCaller,
TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1,
&policySession);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyAuthValue(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_PolicyCommandCode(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
TPM2_CC_NV_ChangeAuth
);
goto_if_error(r, "Error: PolicyCommandCode", error);
r = Esys_NV_ChangeAuth(esys_context,
nvHandle,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
&newAuth
);
goto_if_error(r, "Error: NV_ChangeAuth", error);
r = Esys_NV_UndefineSpace(esys_context,
ESYS_TR_RH_OWNER,
nvHandle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: NV_UndefineSpace", error);
r = Esys_FlushContext(esys_context, policySession);
goto_if_error(r, "Flushing context", error);
/* Check DefineSpace with auth equal NULL */
r = Esys_NV_DefineSpace(esys_context,
ESYS_TR_RH_OWNER,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE,
NULL,
&publicInfo,
&nvHandle);
goto_if_error(r, "Error esys define nv space", error);
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&policyNonceCaller,
TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1,
&policySession);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyAuthValue(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_PolicyCommandCode(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
TPM2_CC_NV_ChangeAuth
);
goto_if_error(r, "Error: PolicyCommandCode", error);
r = Esys_NV_ChangeAuth(esys_context,
nvHandle,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
NULL
);
goto_if_error(r, "Error: NV_ChangeAuth", error);
r = Esys_NV_UndefineSpace(esys_context,
ESYS_TR_RH_OWNER,
nvHandle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: NV_UndefineSpace", error);
r = Esys_FlushContext(esys_context, policySession);
goto_if_error(r, "Flushing context", error);
Esys_Free(policyDigestTrial);
return EXIT_SUCCESS;
error:
if (sessionTrial != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup policySession failed.");
}
}
if (policySession != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup policySession failed.");
}
}
if (nvHandle != ESYS_TR_NONE) {
if (Esys_NV_UndefineSpace(esys_context,
ESYS_TR_RH_OWNER,
nvHandle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup nvHandle failed.");
}
}
Esys_Free(policyDigestTrial);
return EXIT_FAILURE;
}
int
test_invoke_esys(ESYS_CONTEXT * esys_context) {
return test_esys_policy_nv_changeauth(esys_context);
}