Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / integration / fapi-ext-public-key.int.c
blob: 62375e15e379f20ddb5260c1e5b0f655214acf1e [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include <inttypes.h>
#include "tss2_fapi.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
#include "test-fapi.h"
/** Test the FAPI functions use an external public key for signature and quote verify without TPM.
*
* Tested FAPI commands:
* - Fapi_Import()
* - Fapi_VerifySignature()
* - Fapi_SetCertificate()
* - Fapi_GetCertificate()
* - Fapi_List()
* - Fapi_VerifyQuote()
* - Fapi_Delete()
*
* @param[in,out] context The FAPI_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_fapi_ext_public_key(FAPI_CONTEXT *context)
{
TSS2_RC r;
BIO *bufio = NULL;
EVP_PKEY *evp_key = NULL;
RSA *rsa_key = NULL;
/* Key will be used for non TPM signature verfication. */
char *pubkey_pem =
"-----BEGIN PUBLIC KEY-----\n"
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUymzBzI3LcxRpqJkiP0Ks7qp1UZH\n"
"93mYpmfUJBjK6anQawTyy8k87MteUdP5IPy47gzsO7sFcbWCoVZ8LvoQUw==\n"
"-----END PUBLIC KEY-----\n";
/* Quote info will be used for non TPM signature verfication. */
const char *quote_info =
"{\n"
" \"sig_scheme\":{\n"
" \"scheme\":\"ECDSA\",\n"
" \"details\":{\n"
" \"hashAlg\":\"SHA256\"\n"
" }\n"
" },\n"
" \"attest\":{\n"
" \"magic\":\"VALUE\",\n"
" \"type\":\"ATTEST_QUOTE\",\n"
" \"qualifiedSigner\":\"000b6f2f5ee244f7af20dbdfdf0a7dd21ef28afd9c3f377758f9ace6e29e64fc0ccf\",\n"
" \"extraData\":\"6768033e216468247bd031a0a2d9876d79818f8f\",\n"
" \"clockInfo\":{\n"
" \"clock\":4607,\n"
" \"resetCount\":2327013047,\n"
" \"restartCount\":1164757112,\n"
" \"safe\":\"YES\"\n"
" },\n"
" \"firmwareVersion\":[\n"
" 635916457,\n"
" 1185938286\n"
" ],\n"
" \"attested\":{\n"
" \"pcrSelect\":[\n"
" {\n"
" \"hash\":\"SHA256\",\n"
" \"pcrSelect\":[\n"
" 16\n"
" ]\n"
" }\n"
" ],\n"
" \"pcrDigest\":\"224eb2f4e5625ecb4a31cb7df43282ef6293c97a840a33415a3afe069535fa9b\"\n"
" }\n"
" }\n"
"}\n";
/* Test signature will be used for non TPM signature verfication. */
size_t test_signature_size = 71;
const uint8_t test_signature[71] = {
0x30, 0x45, 0x02, 0x21, 0x00, 0x8a, 0x00, 0x01,
0x6b, 0x79, 0xe2, 0x50, 0x84, 0x52, 0xc3, 0x40,
0xbb, 0x6c, 0xb4, 0xcb, 0x31, 0x42, 0xa2, 0xe5,
0x8b, 0x36, 0x35, 0x46, 0x8d, 0x8c, 0x3e, 0x59,
0xda, 0x0e, 0x83, 0x7e, 0x3b, 0x02, 0x20, 0x77,
0xb1, 0xe6, 0xa8, 0xab, 0x0e, 0x5f, 0x72, 0x28,
0x3e, 0x35, 0xe5, 0x91, 0x5b, 0x13, 0x35, 0xfe,
0x44, 0x54, 0xa4, 0x79, 0x63, 0x2a, 0x94, 0xd5,
0xaa, 0x07, 0xce, 0xba, 0xc6, 0x56, 0x85
};
/* Qualifying data will be used for non TPM signature verfication. */
uint8_t qualifying_data[20] = {
0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f
};
const char *pub_pem =
"-----BEGIN PUBLIC KEY-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGL6IrCSAznmIIzBessI\n"
"mW7tPOUy78uWTIaub32KnYHn78KXprrZ3ykp6WDrOQeMjv4AA+14mJbg77apVYXy\n"
"EnkFdOMa1hszSJnp6cJvx7ILngLvFUxzbVki/ehvgS3nRk67Njal+nMTe8hpe3UK\n"
"QeV/Ij+F0r6Yz91W+4LPmncAiUesRZLetI2BZsKwHYRMznmpIYpoua1NtS8QpEXR\n"
"MmsUue19eS/XRAPmmCfnb5BX2Tn06iCpk6wO+RfMo9etcX5cLSAuIYEQYCvV2/0X\n"
"TfEw607vttBN0Y54LrVOKno1vRXd5sxyRlfB0WL42F4VG5TfcJo5u1Xq7k9m9K57\n"
"8wIDAQAB\n"
"-----END PUBLIC KEY-----\n";
const char *priv_pem =
"-----BEGIN PRIVATE KEY-----\n"
"MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCgYvoisJIDOeYg\n"
"jMF6ywiZbu085TLvy5ZMhq5vfYqdgefvwpemutnfKSnpYOs5B4yO/gAD7XiYluDv\n"
"tqlVhfISeQV04xrWGzNImenpwm/HsgueAu8VTHNtWSL96G+BLedGTrs2NqX6cxN7\n"
"yGl7dQpB5X8iP4XSvpjP3Vb7gs+adwCJR6xFkt60jYFmwrAdhEzOeakhimi5rU21\n"
"LxCkRdEyaxS57X15L9dEA+aYJ+dvkFfZOfTqIKmTrA75F8yj161xflwtIC4hgRBg\n"
"K9Xb/RdN8TDrTu+20E3RjngutU4qejW9Fd3mzHJGV8HRYvjYXhUblN9wmjm7Veru\n"
"T2b0rnvzAgMBAAECggEBAIwHvoJ5DRJ6A50Zp3dROxHTEphfOEi6xF/OGxBGWLbK\n"
"C7l+eS9d5gj8BJa5QsXI/IR/6X2EYQ1AdeV04oVD7CUKuqPiALU8jFrv3pV0aGm+\n"
"3nu37gv3crPe5jkvLeNoM4tkA/oCXom63SDuyoG6nxkHiSdatLlaJUse4em3vRAL\n"
"QivziZIMyswcleMe0xAoMi7LO+nUFFxBS8/xGya0vsU0dsMQEl1SRITv1VCXmPQD\n"
"T4dEI4+1cufv6Ax0EDbFKmnjyiGTjOeQKrGIqETUSQolbg5PgL1XZehaaxM822OY\n"
"Qpnp5T0XhUEmVrOb2Wrboj+dC/2tgAN/fWXjAAxnm2ECgYEA02UTZuZ+QnD6tqo3\n"
"/y3n5kaM9uA2mdOIqgECI9psGF1IBIC/iP2diKyuvmQL8hzymComb5YzZl3TOAga\n"
"WHQYbIeU3JhnYTG75/Dv5Zh32H4NjkIJHT2/8LUM25Ove9u6QAniVgIQpBZ47LjX\n"
"9jHjTYCW5n79qNSfu0egYJUvypECgYEAwjqWzzEINqnX/xIVCoB4XpuDuSdkM0JW\n"
"MZDIH9xHjZPp07/5XYEoITylk6Zwbh+djvWDNP4gzPtuK26VsqrNxoWMsFZeXn6U\n"
"xSOYL2UNCZiOgchdZCOr+6r8LRUuo8xHjbawVoJVK1+tZ2WsR3ilt3Gw34O8Z5ep\n"
"f4v7GOXw+EMCgYAUHjFrgJIRhqkFi0uK+HZyXtJ5iDsKBqyh6Tin6tiQtQfujcYs\n"
"pl5ArJZwvhq47vJTcud3hSbdHh7E3ViMhHfylDChkct833vPhgl+ozT8oHpvyG8P\n"
"nlnO8ZwIpZR0yCOAhrBImSe2RgE6HhlHb9X/ATbbNsizMZEGBLoJlwkWUQKBgQCy\n"
"4U7fh2LvJUF+82JZh7RUPZn1Pmg0JVZI0/TcEv37UEy77kR1b2xMIBTGhTVq1sc/\n"
"ULIEbkA7SR1P9sr7//8AZSMLjJ/hG2dcoMmabNCzE8O7l5MblRbh87nIs4d+57bG\n"
"t4h0RBi4l6eWYLdoI59L8fNaB3PPXIiIpZ0eczeZDQKBgQC2vuFYpUZqDb9CaJsn\n"
"Luee6P6n5v3ZBTAT4E+GG1kWS28BiebcCuLKNAY4ZtLo08ozaTWcMxooOTeka2ux\n"
"fQDE4M/LTNpam8QOJ2hqECF5a0uBYNcbmaGtfA9KwIgwCZZYuwb5IDq/DRPuR690\n"
"i8Kp6jR2wY0suObmZHKvbCB1Dw==\n"
"-----END PRIVATE KEY-----\n";
const char *cert =
"-----BEGIN CERTIFICATE-----\n"
"MIIDBjCCAe4CCQDcvXBOEVM0UTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE\n"
"RTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\n"
"cyBQdHkgTHRkMB4XDTE5MDIyODEwNDkyM1oXDTM1MDgyNzEwNDkyM1owRTELMAkG\n"
"A1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\n"
"IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
"AKBi+iKwkgM55iCMwXrLCJlu7TzlMu/LlkyGrm99ip2B5+/Cl6a62d8pKelg6zkH\n"
"jI7+AAPteJiW4O+2qVWF8hJ5BXTjGtYbM0iZ6enCb8eyC54C7xVMc21ZIv3ob4Et\n"
"50ZOuzY2pfpzE3vIaXt1CkHlfyI/hdK+mM/dVvuCz5p3AIlHrEWS3rSNgWbCsB2E\n"
"TM55qSGKaLmtTbUvEKRF0TJrFLntfXkv10QD5pgn52+QV9k59OogqZOsDvkXzKPX\n"
"rXF+XC0gLiGBEGAr1dv9F03xMOtO77bQTdGOeC61Tip6Nb0V3ebMckZXwdFi+Nhe\n"
"FRuU33CaObtV6u5PZvSue/MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcamUPe8I\n"
"nMOHcv9x5lVN1joihVRmKc0QqNLFc6XpJY8+U5rGkZvOcDe9Da8L97wDNXpKmU/q\n"
"pprj3rT8l3v0Z5xs8Vdr8lxS6T5NhqQV0UCsn1x14gZJcE48y9/LazYi6Zcar+BX\n"
"Am4vewAV3HmQ8X2EctsRhXe4wlAq4slIfEWaaofa8ai7BzO9KwpMLsGPWoNetkB9\n"
"19+SFt0lFFOj/6vDw5pCpSd1nQlo1ug69mJYSX/wcGkV4t4LfGhV8jRPDsGs6I5n\n"
"ETHSN5KV1XCPYJmRCjFY7sIt1x4zN7JJRO9DVw+YheIlduVfkBiF+GlQgLlFTjrJ\n"
"VrpSGMIFSu301A==\n"
"-----END CERTIFICATE-----\n";
char *cert2 = NULL;
char *path_list = NULL;
r = Fapi_Import(context, "myExtPubKey", pub_pem);
goto_if_error(r, "Error Fapi_Import", error);
bufio = BIO_new_mem_buf((void *)priv_pem, strlen(priv_pem));
evp_key = PEM_read_bio_PrivateKey(bufio, NULL, NULL, NULL);
rsa_key = EVP_PKEY_get1_RSA(evp_key);
if (!bufio || !evp_key || !rsa_key) {
LOG_ERROR("Generation of test key failed.");
goto error;
}
uint8_t digest[20] = {
0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d
};
uint8_t signature[256];
unsigned int signatureLength = 256;
if (!RSA_sign(NID_sha1, digest, 20, signature, &signatureLength, rsa_key)) {
LOG_ERROR("Test RSA_sign failed.");
goto error;
}
r = Fapi_VerifySignature(context, "/ext/myExtPubKey", digest, 20,
signature, 256);
goto_if_error(r, "Error Fapi_VerifySignature", error);
r = Fapi_SetCertificate(context, "/ext/myExtPubKey", cert);
goto_if_error(r, "Error Fapi_SetCertificate", error);
r = Fapi_GetCertificate(context, "/ext/myExtPubKey", &cert2);
goto_if_error(r, "Error Fapi_SetCertificate", error);
ASSERT(cert2 != NULL);
ASSERT(strlen(cert2) > ASSERT_SIZE);
if (strcmp(cert, cert2) != 0) {
goto_if_error(r, "Different certificates", error);
}
r = Fapi_List(context, "", &path_list);
LOG_INFO("Pathlist: %s", path_list);
goto_if_error(r, "Error Fapi_List", error);
ASSERT(path_list != NULL);
ASSERT(strcmp(path_list, "/ext/myExtPubKey") == 0);
/* Test VerfiyQuote in non TPM mode. */
r = Fapi_Import(context, "/ext/myExtPubKey", pubkey_pem);
goto_if_error(r, "Error Fapi_Import", error);
r = Fapi_VerifyQuote(context, "/ext/myExtPubKey",
qualifying_data, 20, quote_info,
test_signature, test_signature_size, NULL);
goto_if_error(r, "Error Fapi_Verfiy_Quote", error);
fprintf(stderr, "\nPathList:\n%s\n", path_list);
r = Fapi_Delete(context, "/ext");
goto_if_error(r, "Error Fapi_Delete", error);
if (bufio) {
BIO_free(bufio);
}
if (evp_key) {
EVP_PKEY_free(evp_key);
}
if (rsa_key) {
RSA_free(rsa_key);
}
SAFE_FREE(path_list);
SAFE_FREE(cert2);
return EXIT_SUCCESS;
error:
Fapi_Delete(context, "/");
if (bufio) {
BIO_free(bufio);
}
if (evp_key) {
EVP_PKEY_free(evp_key);
}
if (rsa_key) {
RSA_free(rsa_key);
}
SAFE_FREE(path_list);
SAFE_FREE(cert2);
return EXIT_FAILURE;
}
int
test_invoke_fapi(FAPI_CONTEXT *fapi_context)
{
return test_fapi_ext_public_key(fapi_context);
}