Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / test / integration / fapi-key-create-primary-sign.int.c
blob: a85fbb4602ffc3ed4fcf01007d0409772d034038 [file] [log] [blame]
/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <string.h>
#include "tss2_fapi.h"
#include "test-fapi.h"
#include "fapi_util.h"
#include "fapi_int.h"
#include "esys_iutil.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
#define PASSWORD "abc"
#define SIGN_TEMPLATE "sign,noDa"
#ifndef FAPI_PROFILE
#define FAPI_PROFILE "P_ECC"
#endif /* FAPI_PROFILE */
json_object *
get_json_hex_string(const uint8_t *buffer, size_t size)
{
char hex_string[size * 2 + 1];
for (size_t i = 0, off = 0; i < size; i++, off += 2) {
sprintf(&hex_string[off], "%02x", buffer[i]);
}
hex_string[(size) * 2] = '\0';
json_object *jso = json_object_new_string(hex_string);
return jso;
}
static TSS2_RC
auth_callback(
char const *objectPath,
char const *description,
const char **auth,
void *userData)
{
UNUSED(description);
UNUSED(userData);
if (!objectPath) {
return_error(TSS2_FAPI_RC_BAD_VALUE, "No path.");
}
*auth = PASSWORD;
return TSS2_RC_SUCCESS;
}
/** Test signing with a primary key with an auth value
*
* Tested FAPI commands:
* - Fapi_Provision()
* - Fapi_SetAuthCB()
* - Fapi_CreateKey()
* - Fapi_GetTpmBlobs()
* - Fapi_Sign()
* - Fapi_VerifySignature()
* - Fapi_SetCertificate()
* - Fapi_List()
* - Fapi_Delete()
*
* @param[in,out] context The FAPI_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_fapi_key_create_sign(FAPI_CONTEXT *context)
{
TSS2_RC r;
char *sigscheme = NULL;
const char *cert =
"-----BEGIN CERTIFICATE-----\n"
"MIIDBjCCAe4CCQDcvXBOEVM0UTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE\n"
"RTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\n"
"cyBQdHkgTHRkMB4XDTE5MDIyODEwNDkyM1oXDTM1MDgyNzEwNDkyM1owRTELMAkG\n"
"A1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\n"
"IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
"AKBi+iKwkgM55iCMwXrLCJlu7TzlMu/LlkyGrm99ip2B5+/Cl6a62d8pKelg6zkH\n"
"jI7+AAPteJiW4O+2qVWF8hJ5BXTjGtYbM0iZ6enCb8eyC54C7xVMc21ZIv3ob4Et\n"
"50ZOuzY2pfpzE3vIaXt1CkHlfyI/hdK+mM/dVvuCz5p3AIlHrEWS3rSNgWbCsB2E\n"
"TM55qSGKaLmtTbUvEKRF0TJrFLntfXkv10QD5pgn52+QV9k59OogqZOsDvkXzKPX\n"
"rXF+XC0gLiGBEGAr1dv9F03xMOtO77bQTdGOeC61Tip6Nb0V3ebMckZXwdFi+Nhe\n"
"FRuU33CaObtV6u5PZvSue/MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcamUPe8I\n"
"nMOHcv9x5lVN1joihVRmKc0QqNLFc6XpJY8+U5rGkZvOcDe9Da8L97wDNXpKmU/q\n"
"pprj3rT8l3v0Z5xs8Vdr8lxS6T5NhqQV0UCsn1x14gZJcE48y9/LazYi6Zcar+BX\n"
"Am4vewAV3HmQ8X2EctsRhXe4wlAq4slIfEWaaofa8ai7BzO9KwpMLsGPWoNetkB9\n"
"19+SFt0lFFOj/6vDw5pCpSd1nQlo1ug69mJYSX/wcGkV4t4LfGhV8jRPDsGs6I5n\n"
"ETHSN5KV1XCPYJmRCjFY7sIt1x4zN7JJRO9DVw+YheIlduVfkBiF+GlQgLlFTjrJ\n"
"VrpSGMIFSu301A==\n"
"-----END CERTIFICATE-----\n";
uint8_t *signature = NULL;
char *publicKey = NULL;
char *certificate = NULL;
uint8_t *publicblob = NULL;
uint8_t *privateblob = NULL;
char *policy = NULL;
char *path_list = NULL;
size_t publicsize;
size_t privatesize;
json_object *jso = NULL;
if (strcmp("P_ECC", fapi_profile) != 0)
sigscheme = "RSA_PSS";
/* We need to reset the passwords again, in order to not brick physical TPMs */
r = Fapi_Provision(context, NULL, PASSWORD, NULL);
goto_if_error(r, "Error Fapi_Provision", error);
r = Fapi_SetAuthCB(context, auth_callback, NULL);
goto_if_error(r, "Error SetPolicyAuthCallback", error);
#ifdef PERSISTENT
r = Fapi_CreateKey(context, "HS/mySignKey", SIGN_TEMPLATE ",0x81000004", "",
PASSWORD);
#else
r = Fapi_CreateKey(context, "HS/mySignKey", SIGN_TEMPLATE "", "",
PASSWORD);
#endif
goto_if_error(r, "Error Fapi_CreateKey_Async", error);
goto_if_error(r, "Error Fapi_CreateKey_Finish", error);
size_t signatureSize = 0;
TPM2B_DIGEST digest = {
.size = 32,
.buffer = {
0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
0x67, 0x68
}
};
r = Fapi_GetTpmBlobs(context, "HS/mySignKey", &publicblob,
&publicsize,
&privateblob, &privatesize, &policy);
goto_if_error(r, "Error Fapi_GetTpmBlobs", error);
ASSERT(publicblob != NULL);
ASSERT(privateblob != NULL);
ASSERT(policy != NULL);
ASSERT(strlen(policy) == 0);
r = Fapi_SetCertificate(context, "HS/mySignKey", cert);
goto_if_error(r, "Error Fapi_SetCertificate", error);
r = Fapi_Sign(context, "HS/mySignKey", sigscheme,
&digest.buffer[0], digest.size, &signature, &signatureSize,
&publicKey, &certificate);
goto_if_error(r, "Error Fapi_Sign", error);
ASSERT(signature != NULL);
ASSERT(publicKey != NULL);
ASSERT(certificate != NULL);
ASSERT(strlen(publicKey) > ASSERT_SIZE);
ASSERT(strlen(certificate) > ASSERT_SIZE);
r = Fapi_VerifySignature(context, "HS/mySignKey",
&digest.buffer[0], digest.size, signature, signatureSize);
goto_if_error(r, "Error Fapi_VerifySignature", error);
/* We need to reset the passwords again, in order to not brick physical TPMs */
r = Fapi_ChangeAuth(context, "/HS", NULL);
goto_if_error(r, "Error Fapi_ChangeAuth", error);
r = Fapi_Delete(context, "/");
goto_if_error(r, "Error Fapi_Delete", error);
json_object_put(jso);
SAFE_FREE(path_list);
SAFE_FREE(publicblob);
SAFE_FREE(privateblob);
SAFE_FREE(policy);
SAFE_FREE(publicKey);
SAFE_FREE(signature);
SAFE_FREE(certificate);
return EXIT_SUCCESS;
error:
if (jso)
json_object_put(jso);
Fapi_Delete(context, "/");
SAFE_FREE(path_list);
SAFE_FREE(publicblob);
SAFE_FREE(privateblob);
SAFE_FREE(policy);
SAFE_FREE(publicKey);
SAFE_FREE(signature);
return EXIT_FAILURE;
}
int
test_invoke_fapi(FAPI_CONTEXT *fapi_context)
{
return test_fapi_key_create_sign(fapi_context);
}