Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / integration / fapi-key-create-policy-pcr-sign.int.c
blob: e28d39163867d6848c1a6e755d9357c20f07e08a [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
#include <json-c/json.h>
#include <json-c/json_util.h>
#include "tss2_fapi.h"
#include "test-fapi.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
#define PASSWORD NULL
#define SIGN_TEMPLATE "sign,noDa"
/** Test the FAPI functions for PolicyPCR with key creation and usage.
*
* Tested FAPI commands:
* - Fapi_Provision()
* - Fapi_Import()
* - Fapi_CreateKey()
* - Fapi_Sign()
* - Fapi_ExportPolicy()
* - Fapi_Delete()
* - Fapi_Import()
* - Fapi_List()
*
* Tested Policies:
* - PolicyPcr (with currentPCRs set)
*
* @param[in,out] context The FAPI_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT *context)
{
TSS2_RC r;
char *policy_name = "/policy/pol_pcr16_0";
char *policy_pcr_read = "/policy/pol_pcr16_read";
char *policy_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0.json";
char *policy_pcr_read_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_read.json";
FILE *stream = NULL;
char *json_policy = NULL;
long policy_size;
uint8_t *signature = NULL;
char *publicKey = NULL;
char *certificate = NULL;
char *policy = NULL;
char *path_list = NULL;
r = Fapi_Provision(context, NULL, NULL, NULL);
goto_if_error(r, "Error Fapi_Provision", error);
r = pcr_reset(context, 16);
goto_if_error(r, "Error pcr_reset", error);
stream = fopen(policy_file, "r");
if (!stream) {
LOG_ERROR("File %s does not exist", policy_file);
goto error;
}
fseek(stream, 0L, SEEK_END);
policy_size = ftell(stream);
fclose(stream);
json_policy = malloc(policy_size + 1);
goto_if_null(json_policy,
"Could not allocate memory for the JSON policy",
TSS2_FAPI_RC_MEMORY, error);
stream = fopen(policy_file, "r");
ssize_t ret = read(fileno(stream), json_policy, policy_size);
if (ret != policy_size) {
LOG_ERROR("IO error %s.", policy_file);
goto error;
}
json_policy[policy_size] = '\0';
r = Fapi_Import(context, policy_name, json_policy);
goto_if_error(r, "Error Fapi_Import", error);
r = Fapi_CreateKey(context, "/HS/SRK/mySignKey", SIGN_TEMPLATE,
policy_name, PASSWORD);
goto_if_error(r, "Error Fapi_CreateKey", error);
r = Fapi_SetCertificate(context, "HS/SRK/mySignKey", "-----BEGIN "\
"CERTIFICATE-----[...]-----END CERTIFICATE-----");
goto_if_error(r, "Error Fapi_SetCertificate", error);
size_t signatureSize = 0;
TPM2B_DIGEST digest = {
.size = 20,
.buffer = {
0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f
}
};
r = Fapi_Sign(context, "/HS/SRK/mySignKey", NULL,
&digest.buffer[0], digest.size, &signature, &signatureSize,
&publicKey, &certificate);
goto_if_error(r, "Error Fapi_Sign", error);
ASSERT(signature != NULL);
ASSERT(publicKey != NULL);
ASSERT(certificate != NULL);
ASSERT(strlen(publicKey) > ASSERT_SIZE);
ASSERT(strlen(certificate) > ASSERT_SIZE);
r = Fapi_ExportPolicy(context, "HS/SRK/mySignKey", &policy);
goto_if_error(r, "Error Fapi_ExportPolicy", error);
ASSERT(policy != NULL);
ASSERT(strlen(policy) > ASSERT_SIZE);
fprintf(stderr, "\nPolicy from key:\n%s\n", policy);
SAFE_FREE(policy);
policy = NULL;
r = Fapi_ExportPolicy(context, policy_name, &policy);
goto_if_error(r, "Error Fapi_ExportPolicy", error);
ASSERT(policy != NULL);
ASSERT(strlen(policy) > ASSERT_SIZE);
fprintf(stderr, "\nPolicy from policy file:\n%s\n", policy);
/* Run test with current PCRs defined in policy */
r = Fapi_Delete(context, "/HS/SRK/mySignKey");
goto_if_error(r, "Error Fapi_Delete", error);
fclose(stream);
stream = fopen(policy_pcr_read_file, "r");
if (!stream) {
LOG_ERROR("File %s does not exist", policy_pcr_read_file);
goto error;
}
fseek(stream, 0L, SEEK_END);
policy_size = ftell(stream);
fclose(stream);
SAFE_FREE(json_policy);
SAFE_FREE(signature);
SAFE_FREE(publicKey);
SAFE_FREE(certificate);
SAFE_FREE(policy);
SAFE_FREE(path_list);
json_policy = malloc(policy_size + 1);
goto_if_null(json_policy,
"Could not allocate memory for the JSON policy",
TSS2_FAPI_RC_MEMORY, error);
stream = fopen(policy_pcr_read_file, "r");
ret = read(fileno(stream), json_policy, policy_size);
if (ret != policy_size) {
LOG_ERROR("IO error %s.", policy_pcr_read_file);
goto error;
}
json_policy[policy_size] = '\0';
r = Fapi_Import(context, policy_pcr_read, json_policy);
goto_if_error(r, "Error Fapi_Import", error);
r = Fapi_CreateKey(context, "/HS/SRK/mySignKey", SIGN_TEMPLATE,
policy_pcr_read, PASSWORD);
goto_if_error(r, "Error Fapi_CreateKey", error);
signatureSize = 0;
r = Fapi_SetCertificate(context, "HS/SRK/mySignKey", "-----BEGIN " \
"CERTIFICATE-----[...]-----END CERTIFICATE-----");
goto_if_error(r, "Error Fapi_CreateKey", error);
signature = NULL;
publicKey = NULL;
certificate = NULL;
r = Fapi_Sign(context, "/HS/SRK/mySignKey", NULL,
&digest.buffer[0], digest.size, &signature, &signatureSize,
&publicKey, &certificate);
goto_if_error(r, "Error Fapi_Sign", error);
ASSERT(signature != NULL);
ASSERT(publicKey != NULL);
ASSERT(certificate != NULL);
ASSERT(strlen(publicKey) > ASSERT_SIZE);
ASSERT(strlen(certificate) > ASSERT_SIZE);
policy = NULL;
r = Fapi_ExportPolicy(context, "HS/SRK/mySignKey", &policy);
goto_if_error(r, "Error Fapi_ExportPolicy", error);
ASSERT(policy != NULL);
ASSERT(strlen(policy) > ASSERT_SIZE);
fprintf(stderr, "\nPolicy from key:\n%s\n", policy);
SAFE_FREE(policy);
SAFE_FREE(certificate);
policy = NULL;
r = Fapi_ExportPolicy(context, policy_pcr_read, &policy);
goto_if_error(r, "Error Fapi_ExportPolicy", error);
ASSERT(policy != NULL);
ASSERT(strlen(policy) > ASSERT_SIZE);
fprintf(stderr, "\nPolicy from policy file:\n%s\n", policy);
r = Fapi_List(context, "", &path_list);
goto_if_error(r, "Error Fapi_Delete", error);
ASSERT(path_list != NULL);
ASSERT(strlen(path_list) > ASSERT_SIZE);
r = Fapi_Delete(context, "/");
goto_if_error(r, "Error Fapi_Delete", error);
fprintf(stderr, "\nPathList:\n%s\n", path_list);
SAFE_FREE(json_policy);
SAFE_FREE(signature);
SAFE_FREE(publicKey);
SAFE_FREE(certificate);
SAFE_FREE(policy);
SAFE_FREE(path_list);
return EXIT_SUCCESS;
error:
Fapi_Delete(context, "/");
SAFE_FREE(json_policy);
SAFE_FREE(signature);
SAFE_FREE(publicKey);
SAFE_FREE(certificate);
SAFE_FREE(policy);
SAFE_FREE(path_list);
return EXIT_FAILURE;
}
int
test_invoke_fapi(FAPI_CONTEXT *fapi_context)
{
return test_fapi_key_create_policy_pcr_sign(fapi_context);
}