test/integration/esys-rsa-encrypt-decrypt.int.c - third_party/github.com/tpm2-software/tpm2-tss - Git at Google

 /* SPDX-License-Identifier: BSD-2-Clause */
 /*******************************************************************************
  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
  * All rights reserved.
  *******************************************************************************/

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <stdlib.h>

 #include "tss2_esys.h"

 #include "esys_iutil.h"
 #define LOGMODULE test
 #include "util/log.h"
 #include "util/aux_util.h"

 /** This test is intended to test RSA encryption / decryption.
  *  with password
  * authentication.
  * We create a RSA primary key (Esys_CreatePrimary) for every crypto action
  * This key will be used for encryption/decryption in with the schemes:
  * TPM2_ALG_NULL, TPM2_ALG_RSAES, and TPM2_ALG_OAEP
  *
  * Tested ESYS commands:
  *  - Esys_CreatePrimary() (M)
  *  - Esys_FlushContext() (M)
  *  - Esys_RSA_Decrypt() (M)
  *  - Esys_RSA_Encrypt() (M)
  *
  * @param[in,out] esys_context The ESYS_CONTEXT.
  * @retval EXIT_FAILURE
  * @retval EXIT_SUCCESS
  */

 int
 test_esys_rsa_encrypt_decrypt(ESYS_CONTEXT * esys_context)
 {
     TSS2_RC r;
     ESYS_TR primaryHandle = ESYS_TR_NONE;

     TPM2B_PUBLIC *outPublic = NULL;
     TPM2B_CREATION_DATA *creationData = NULL;
     TPM2B_DIGEST *creationHash = NULL;
     TPMT_TK_CREATION *creationTicket = NULL;
     TPM2B_PUBLIC_KEY_RSA *cipher = NULL;
     TPM2B_PUBLIC_KEY_RSA *plain2 = NULL;
     TPM2B_DATA * null_data = NULL;

     TPM2B_AUTH authValuePrimary = {
         .size = 5,
         .buffer = {1, 2, 3, 4, 5}
     };

     TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
         .size = 0,
         .sensitive = {
             .userAuth = {
                  .size = 0,
                  .buffer = {0},
              },
             .data = {
                  .size = 0,
                  .buffer = {0},
              },
         },
     };

     inSensitivePrimary.sensitive.userAuth = authValuePrimary;

     TPM2B_PUBLIC inPublic = {
         .size = 0,
         .publicArea = {
             .type = TPM2_ALG_RSA,
             .nameAlg = TPM2_ALG_SHA1,
             .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
                                  TPMA_OBJECT_DECRYPT |
                                  TPMA_OBJECT_FIXEDTPM |
                                  TPMA_OBJECT_FIXEDPARENT |
                                  TPMA_OBJECT_SENSITIVEDATAORIGIN),
             .authPolicy = {
                  .size = 0,
              },
             .parameters.rsaDetail = {
                  .symmetric = {
                      .algorithm = TPM2_ALG_NULL},
                  .scheme = { .scheme = TPM2_ALG_RSAES },
                  .keyBits = 2048,
                  .exponent = 0,
              },
             .unique.rsa = {
                  .size = 0,
                  .buffer = {},
              },
         },
     };

     LOG_INFO("\nRSA key will be created.");

     TPM2B_DATA outsideInfo = {
         .size = 0,
         .buffer = {},
     };

     TPML_PCR_SELECTION creationPCR = {
         .count = 0,
     };

     TPM2B_AUTH authValue = {
         .size = 0,
         .buffer = {}
     };

     r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
     goto_if_error(r, "Error: TR_SetAuth", error);

     RSRC_NODE_T *primaryHandle_node;

     for (int mode = 0; mode <= 2; mode++) {

         if (mode == 0) {
             inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
                 TPM2_ALG_NULL;
         } else if (mode == 1) {
             inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
                 TPM2_ALG_RSAES;
         } else if (mode == 2) {
             inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
                 TPM2_ALG_OAEP;
             inPublic.publicArea.parameters.rsaDetail.scheme.details.oaep.
                 hashAlg = TPM2_ALG_SHA1;
         }

         r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
                                ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
                                &inPublic, &outsideInfo, &creationPCR,
                                &primaryHandle, &outPublic, &creationData,
                                &creationHash, &creationTicket);
         goto_if_error(r, "Error esys create primary", error);
         Esys_Free(outPublic);
         Esys_Free(creationData);
         Esys_Free(creationHash);
         Esys_Free(creationTicket);

         r = esys_GetResourceObject(esys_context, primaryHandle,
                                    &primaryHandle_node);
         goto_if_error(r, "Error Esys GetResourceObject", error);

         LOG_INFO("Created Primary with handle 0x%08x...",
                  primaryHandle_node->rsrc.handle);

         r = Esys_TR_SetAuth(esys_context, primaryHandle,
                             &authValuePrimary);
         goto_if_error(r, "Error: TR_SetAuth", error);

         size_t plain_size = 3;
         TPM2B_PUBLIC_KEY_RSA plain = {.size = plain_size,.buffer = {1, 2, 3}
         };
         TPMT_RSA_DECRYPT scheme;

         if (mode == 0) {
             scheme.scheme = TPM2_ALG_NULL;
         } else if (mode == 1) {
             scheme.scheme = TPM2_ALG_RSAES;
         } else if (mode == 2) {
             scheme.scheme = TPM2_ALG_OAEP;
             scheme.details.oaep.hashAlg = TPM2_ALG_SHA1;
         }
         r = Esys_RSA_Encrypt(esys_context, primaryHandle, ESYS_TR_NONE,
                              ESYS_TR_NONE, ESYS_TR_NONE, &plain, &scheme,
                              null_data, &cipher);
         goto_if_error(r, "Error esys rsa encrypt", error);

         Esys_Free(null_data);

         r = Esys_RSA_Decrypt(esys_context, primaryHandle,
                              ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
                              cipher, &scheme, null_data, &plain2);
         goto_if_error(r, "Error esys rsa decrypt", error);

         Esys_Free(null_data);
         Esys_Free(cipher);

         if (mode > 0 && memcmp(&plain.buffer[0], &plain2->buffer[0], plain_size)) {
             LOG_ERROR("plain texts are not equal for mode %i", mode);
             goto error;
         }

         r = Esys_FlushContext(esys_context, primaryHandle);
         goto_if_error(r, "Error: FlushContext", error);
         Esys_Free(plain2);
     }

     return EXIT_SUCCESS;

  error:

     if (primaryHandle != ESYS_TR_NONE) {
         if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
             LOG_ERROR("Cleanup primaryHandle failed.");
         }
     }

     Esys_Free(outPublic);
     Esys_Free(creationData);
     Esys_Free(creationHash);
     Esys_Free(creationTicket);
     Esys_Free(cipher);
     Esys_Free(plain2);
     Esys_Free(null_data);
     return EXIT_FAILURE;
 }

 int
 test_invoke_esys(ESYS_CONTEXT * esys_context) {
     return test_esys_rsa_encrypt_decrypt(esys_context);
 }
	/* SPDX-License-Identifier: BSD-2-Clause */
	/*******************************************************************************
	* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
	* All rights reserved.
	*******************************************************************************/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>

	#include "tss2_esys.h"

	#include "esys_iutil.h"
	#define LOGMODULE test
	#include "util/log.h"
	#include "util/aux_util.h"

	/** This test is intended to test RSA encryption / decryption.
	* with password
	* authentication.
	* We create a RSA primary key (Esys_CreatePrimary) for every crypto action
	* This key will be used for encryption/decryption in with the schemes:
	* TPM2_ALG_NULL, TPM2_ALG_RSAES, and TPM2_ALG_OAEP
	*
	* Tested ESYS commands:
	* - Esys_CreatePrimary() (M)
	* - Esys_FlushContext() (M)
	* - Esys_RSA_Decrypt() (M)
	* - Esys_RSA_Encrypt() (M)
	*
	* @param[in,out] esys_context The ESYS_CONTEXT.
	* @retval EXIT_FAILURE
	* @retval EXIT_SUCCESS
	*/

	int
	test_esys_rsa_encrypt_decrypt(ESYS_CONTEXT * esys_context)
	{
	TSS2_RC r;
	ESYS_TR primaryHandle = ESYS_TR_NONE;

	TPM2B_PUBLIC *outPublic = NULL;
	TPM2B_CREATION_DATA *creationData = NULL;
	TPM2B_DIGEST *creationHash = NULL;
	TPMT_TK_CREATION *creationTicket = NULL;
	TPM2B_PUBLIC_KEY_RSA *cipher = NULL;
	TPM2B_PUBLIC_KEY_RSA *plain2 = NULL;
	TPM2B_DATA * null_data = NULL;

	TPM2B_AUTH authValuePrimary = {
	.size = 5,
	.buffer = {1, 2, 3, 4, 5}
	};

	TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
	.size = 0,
	.sensitive = {
	.userAuth = {
	.size = 0,
	.buffer = {0},
	},
	.data = {
	.size = 0,
	.buffer = {0},
	},
	},
	};

	inSensitivePrimary.sensitive.userAuth = authValuePrimary;

	TPM2B_PUBLIC inPublic = {
	.size = 0,
	.publicArea = {
	.type = TPM2_ALG_RSA,
	.nameAlg = TPM2_ALG_SHA1,
	.objectAttributes = (TPMA_OBJECT_USERWITHAUTH \|
	TPMA_OBJECT_DECRYPT \|
	TPMA_OBJECT_FIXEDTPM \|
	TPMA_OBJECT_FIXEDPARENT \|
	TPMA_OBJECT_SENSITIVEDATAORIGIN),
	.authPolicy = {
	.size = 0,
	},
	.parameters.rsaDetail = {
	.symmetric = {
	.algorithm = TPM2_ALG_NULL},
	.scheme = { .scheme = TPM2_ALG_RSAES },
	.keyBits = 2048,
	.exponent = 0,
	},
	.unique.rsa = {
	.size = 0,
	.buffer = {},
	},
	},
	};

	LOG_INFO("\nRSA key will be created.");

	TPM2B_DATA outsideInfo = {
	.size = 0,
	.buffer = {},
	};

	TPML_PCR_SELECTION creationPCR = {
	.count = 0,
	};

	TPM2B_AUTH authValue = {
	.size = 0,
	.buffer = {}
	};

	r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
	goto_if_error(r, "Error: TR_SetAuth", error);

	RSRC_NODE_T *primaryHandle_node;

	for (int mode = 0; mode <= 2; mode++) {

	if (mode == 0) {
	inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
	TPM2_ALG_NULL;
	} else if (mode == 1) {
	inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
	TPM2_ALG_RSAES;
	} else if (mode == 2) {
	inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
	TPM2_ALG_OAEP;
	inPublic.publicArea.parameters.rsaDetail.scheme.details.oaep.
	hashAlg = TPM2_ALG_SHA1;
	}

	r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
	ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
	&inPublic, &outsideInfo, &creationPCR,
	&primaryHandle, &outPublic, &creationData,
	&creationHash, &creationTicket);
	goto_if_error(r, "Error esys create primary", error);
	Esys_Free(outPublic);
	Esys_Free(creationData);
	Esys_Free(creationHash);
	Esys_Free(creationTicket);

	r = esys_GetResourceObject(esys_context, primaryHandle,
	&primaryHandle_node);
	goto_if_error(r, "Error Esys GetResourceObject", error);

	LOG_INFO("Created Primary with handle 0x%08x...",
	primaryHandle_node->rsrc.handle);

	r = Esys_TR_SetAuth(esys_context, primaryHandle,
	&authValuePrimary);
	goto_if_error(r, "Error: TR_SetAuth", error);

	size_t plain_size = 3;
	TPM2B_PUBLIC_KEY_RSA plain = {.size = plain_size,.buffer = {1, 2, 3}
	};
	TPMT_RSA_DECRYPT scheme;

	if (mode == 0) {
	scheme.scheme = TPM2_ALG_NULL;
	} else if (mode == 1) {
	scheme.scheme = TPM2_ALG_RSAES;
	} else if (mode == 2) {
	scheme.scheme = TPM2_ALG_OAEP;
	scheme.details.oaep.hashAlg = TPM2_ALG_SHA1;
	}
	r = Esys_RSA_Encrypt(esys_context, primaryHandle, ESYS_TR_NONE,
	ESYS_TR_NONE, ESYS_TR_NONE, &plain, &scheme,
	null_data, &cipher);
	goto_if_error(r, "Error esys rsa encrypt", error);

	Esys_Free(null_data);

	r = Esys_RSA_Decrypt(esys_context, primaryHandle,
	ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
	cipher, &scheme, null_data, &plain2);
	goto_if_error(r, "Error esys rsa decrypt", error);

	Esys_Free(null_data);
	Esys_Free(cipher);

	if (mode > 0 && memcmp(&plain.buffer[0], &plain2->buffer[0], plain_size)) {
	LOG_ERROR("plain texts are not equal for mode %i", mode);
	goto error;
	}

	r = Esys_FlushContext(esys_context, primaryHandle);
	goto_if_error(r, "Error: FlushContext", error);
	Esys_Free(plain2);
	}

	return EXIT_SUCCESS;

	error:

	if (primaryHandle != ESYS_TR_NONE) {
	if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
	LOG_ERROR("Cleanup primaryHandle failed.");
	}
	}

	Esys_Free(outPublic);
	Esys_Free(creationData);
	Esys_Free(creationHash);
	Esys_Free(creationTicket);
	Esys_Free(cipher);
	Esys_Free(plain2);
	Esys_Free(null_data);
	return EXIT_FAILURE;
	}

	int
	test_invoke_esys(ESYS_CONTEXT * esys_context) {
	return test_esys_rsa_encrypt_decrypt(esys_context);
	}