test/integration/fapi-second-provisioning.int.c - third_party/github.com/tpm2-software/tpm2-tss - Git at Google

 /* SPDX-License-Identifier: BSD-2-Clause */
 /*******************************************************************************
  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
  * All rights reserved.
  *******************************************************************************/

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <stdlib.h>

 #include "tss2_fapi.h"
 #include "tss2_esys.h"

 #include "test-fapi.h"
 #include "fapi_util.h"
 #include "fapi_int.h"
 #include "tss2_esys.h"

 #include "esys_iutil.h"
 #define LOGMODULE test
 #include "util/log.h"
 #include "util/aux_util.h"
 #include "tss2_mu.h"
 #include "fapi_int.h"

 #define PASSWORD "abc"

 static TSS2_RC
 auth_callback(
     char const *objectPath,
     char const *description,
     const char **auth,
     void *userData)
 {
     (void)description;
     (void)userData;

     if (!objectPath) {
         return_error(TSS2_FAPI_RC_BAD_VALUE, "No path.");
     }

     *auth = PASSWORD;
     return TSS2_RC_SUCCESS;
 }

 /** Test the FAPI provisioning with passwords already set for endorsement and
  *  owner hierarchy.
  *
  * Tested FAPI commands:
  *  - Fapi_Provision()
  *  - Fapi_SetAuthCB()
  *  - Fapi_ChangeAuth()
  *  - Fapi_Delete()
  *
  * @param[in,out] context The FAPI_CONTEXT.
  * @retval EXIT_FAILURE
  * @retval EXIT_SUCCESS
  */
 int
 test_fapi_test_second_provisioning(FAPI_CONTEXT *context)
 {
     TSS2_RC r;

     /* We need to reset the passwords again, in order to not brick physical TPMs */
     r = Fapi_Provision(context, PASSWORD, PASSWORD, NULL);
     goto_if_error(r, "Error Fapi_Provision", error);

     r = pcr_reset(context, 16);
     goto_if_error(r, "Error pcr_reset", error);

     r = Fapi_SetAuthCB(context, auth_callback, NULL);
     goto_if_error(r, "Error SetPolicyAuthCallback", error);

     goto_if_error(r, "Error Fapi_NV_Undefine", error);

     Fapi_Finalize(&context);

     int rc = init_fapi("P_RSA2", &context);
     if (rc)
         goto error;

     /* Authentication should not work due to auth for hierarchy was set. */
     r = Fapi_Provision(context, NULL, NULL, NULL);

     if (r == TSS2_RC_SUCCESS) {
         goto_if_error(r, "Wrong authentication.", error);
     }
     if (r != TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN) {
         goto_if_error(r, "Wrong check auth value.", error);
     }

     /* Correct Provisioning with auth value for hierarchy from previous
        provisioning. The information whether a auth value is needed
        will be taken from hierarchy object of first provisioning. */
     r = Fapi_SetAuthCB(context, auth_callback, NULL);
     goto_if_error(r, "Error SetPolicyAuthCallback", error);

     r = Fapi_Provision(context, NULL, NULL, NULL);
     goto_if_error(r, "Error Fapi_Provision", error);

     r = Fapi_Delete(context, "/");
     goto_if_error(r, "Error Fapi_Delete", error);

     Fapi_Finalize(&context);
     rc = init_fapi("P_RSA2", &context);
     if (rc)
         goto error;

      /* Correct Provisioning with auth value for hierarchy from previous
        provisioning. Non information whether auth value is needed is
        available. */

     r = Fapi_SetAuthCB(context, auth_callback, NULL);
     goto_if_error(r, "Error SetPolicyAuthCallback", error);

     r = Fapi_Provision(context, NULL, NULL, NULL);
     goto_if_error(r, "Error Fapi_Provision", error);

     /* We need to reset the passwords again, in order to not brick physical TPMs */
     r = Fapi_ChangeAuth(context, "/HS", NULL);
     goto_if_error(r, "Error Fapi_ChangeAuth", error);

     r = Fapi_ChangeAuth(context, "/HE", NULL);
     goto_if_error(r, "Error Fapi_ChangeAuth", error);

     r = Fapi_Delete(context, "/");
     goto_if_error(r, "Error Fapi_Delete", error);

     Fapi_Finalize(&context);
     rc = init_fapi("P_ECC_sh_eh_policy", &context);
     if (rc)
         goto error;

     /* A policy will be assigned to owner and endorsement hierarchy. */

     r = Fapi_Provision(context, NULL, NULL, NULL);
     goto_if_error(r, "Error Fapi_Provision", error);

     Fapi_Finalize(&context);
     rc = init_fapi("P_ECC", &context);
     if (rc)
         goto error;

     /* Owner and endorsement hierarchy will be authorized via policy and
        policy will be reset. */
     r = Fapi_Provision(context, NULL, NULL, NULL);

     goto_if_error(r, "Error Fapi_Provision", error);

     Fapi_Delete(context, "/");

     return EXIT_SUCCESS;

 error:
     Fapi_Delete(context, "/");
     return EXIT_FAILURE;
 }

 int
 test_invoke_fapi(FAPI_CONTEXT *fapi_context)
 {
     return test_fapi_test_second_provisioning(fapi_context);
 }
	/* SPDX-License-Identifier: BSD-2-Clause */
	/*******************************************************************************
	* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
	* All rights reserved.
	*******************************************************************************/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>

	#include "tss2_fapi.h"
	#include "tss2_esys.h"

	#include "test-fapi.h"
	#include "fapi_util.h"
	#include "fapi_int.h"
	#include "tss2_esys.h"

	#include "esys_iutil.h"
	#define LOGMODULE test
	#include "util/log.h"
	#include "util/aux_util.h"
	#include "tss2_mu.h"
	#include "fapi_int.h"

	#define PASSWORD "abc"

	static TSS2_RC
	auth_callback(
	char const *objectPath,
	char const *description,
	const char **auth,
	void *userData)
	{
	(void)description;
	(void)userData;

	if (!objectPath) {
	return_error(TSS2_FAPI_RC_BAD_VALUE, "No path.");
	}

	*auth = PASSWORD;
	return TSS2_RC_SUCCESS;
	}

	/** Test the FAPI provisioning with passwords already set for endorsement and
	* owner hierarchy.
	*
	* Tested FAPI commands:
	* - Fapi_Provision()
	* - Fapi_SetAuthCB()
	* - Fapi_ChangeAuth()
	* - Fapi_Delete()
	*
	* @param[in,out] context The FAPI_CONTEXT.
	* @retval EXIT_FAILURE
	* @retval EXIT_SUCCESS
	*/
	int
	test_fapi_test_second_provisioning(FAPI_CONTEXT *context)
	{
	TSS2_RC r;

	/* We need to reset the passwords again, in order to not brick physical TPMs */
	r = Fapi_Provision(context, PASSWORD, PASSWORD, NULL);
	goto_if_error(r, "Error Fapi_Provision", error);

	r = pcr_reset(context, 16);
	goto_if_error(r, "Error pcr_reset", error);

	r = Fapi_SetAuthCB(context, auth_callback, NULL);
	goto_if_error(r, "Error SetPolicyAuthCallback", error);

	goto_if_error(r, "Error Fapi_NV_Undefine", error);

	Fapi_Finalize(&context);

	int rc = init_fapi("P_RSA2", &context);
	if (rc)
	goto error;

	/* Authentication should not work due to auth for hierarchy was set. */
	r = Fapi_Provision(context, NULL, NULL, NULL);

	if (r == TSS2_RC_SUCCESS) {
	goto_if_error(r, "Wrong authentication.", error);
	}
	if (r != TSS2_FAPI_RC_AUTHORIZATION_UNKNOWN) {
	goto_if_error(r, "Wrong check auth value.", error);
	}

	/* Correct Provisioning with auth value for hierarchy from previous
	provisioning. The information whether a auth value is needed
	will be taken from hierarchy object of first provisioning. */
	r = Fapi_SetAuthCB(context, auth_callback, NULL);
	goto_if_error(r, "Error SetPolicyAuthCallback", error);

	r = Fapi_Provision(context, NULL, NULL, NULL);
	goto_if_error(r, "Error Fapi_Provision", error);

	r = Fapi_Delete(context, "/");
	goto_if_error(r, "Error Fapi_Delete", error);

	Fapi_Finalize(&context);
	rc = init_fapi("P_RSA2", &context);
	if (rc)
	goto error;

	/* Correct Provisioning with auth value for hierarchy from previous
	provisioning. Non information whether auth value is needed is
	available. */

	r = Fapi_SetAuthCB(context, auth_callback, NULL);
	goto_if_error(r, "Error SetPolicyAuthCallback", error);

	r = Fapi_Provision(context, NULL, NULL, NULL);
	goto_if_error(r, "Error Fapi_Provision", error);

	/* We need to reset the passwords again, in order to not brick physical TPMs */
	r = Fapi_ChangeAuth(context, "/HS", NULL);
	goto_if_error(r, "Error Fapi_ChangeAuth", error);

	r = Fapi_ChangeAuth(context, "/HE", NULL);
	goto_if_error(r, "Error Fapi_ChangeAuth", error);

	r = Fapi_Delete(context, "/");
	goto_if_error(r, "Error Fapi_Delete", error);

	Fapi_Finalize(&context);
	rc = init_fapi("P_ECC_sh_eh_policy", &context);
	if (rc)
	goto error;

	/* A policy will be assigned to owner and endorsement hierarchy. */

	r = Fapi_Provision(context, NULL, NULL, NULL);
	goto_if_error(r, "Error Fapi_Provision", error);

	Fapi_Finalize(&context);
	rc = init_fapi("P_ECC", &context);
	if (rc)
	goto error;

	/* Owner and endorsement hierarchy will be authorized via policy and
	policy will be reset. */
	r = Fapi_Provision(context, NULL, NULL, NULL);

	goto_if_error(r, "Error Fapi_Provision", error);

	Fapi_Delete(context, "/");

	return EXIT_SUCCESS;

	error:
	Fapi_Delete(context, "/");
	return EXIT_FAILURE;
	}

	int
	test_invoke_fapi(FAPI_CONTEXT *fapi_context)
	{
	return test_fapi_test_second_provisioning(fapi_context);
	}