You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
174 lines
5.5 KiB
174 lines
5.5 KiB
/* SPDX-License-Identifier: BSD-2-Clause */
|
|
/*******************************************************************************
|
|
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
|
|
* All rights reserved.
|
|
*******************************************************************************/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include "tss2_fapi.h"
|
|
|
|
#include "test-fapi.h"
|
|
#include "fapi_util.h"
|
|
#include "fapi_int.h"
|
|
|
|
#include "esys_iutil.h"
|
|
#define LOGMODULE test
|
|
#include "util/log.h"
|
|
#include "util/aux_util.h"
|
|
|
|
#define PASSWORD "abc"
|
|
#define SIGN_TEMPLATE "sign,noDa"
|
|
|
|
|
|
static TSS2_RC
|
|
auth_callback(
|
|
FAPI_CONTEXT *context,
|
|
char const *description,
|
|
char **auth,
|
|
void *userData)
|
|
{
|
|
(void)description;
|
|
(void)userData;
|
|
*auth = strdup(PASSWORD);
|
|
return_if_null(*auth, "Out of memory.", TSS2_FAPI_RC_MEMORY);
|
|
return TSS2_RC_SUCCESS;
|
|
}
|
|
|
|
/** Test the FAPI functions for TpmBlobs and certificates.
|
|
*
|
|
* Tested FAPI commands:
|
|
* - Fapi_Provision()
|
|
* - Fapi_SetAuthCB()
|
|
* - Fapi_CreateKey()
|
|
* - Fapi_GetTpmBlobs()
|
|
* - Fapi_Sign()
|
|
* - Fapi_VerifySignature()
|
|
* - Fapi_SetCertificate()
|
|
* - Fapi_List()
|
|
* - Fapi_ChangeAuth()
|
|
* - Fapi_Delete()
|
|
*
|
|
* @param[in,out] context The FAPI_CONTEXT.
|
|
* @retval EXIT_FAILURE
|
|
* @retval EXIT_SUCCESS
|
|
*/
|
|
int
|
|
test_fapi_key_create_sign(FAPI_CONTEXT *context)
|
|
{
|
|
TSS2_RC r;
|
|
char *sigscheme = NULL;
|
|
|
|
const char *cert =
|
|
"-----BEGIN CERTIFICATE-----\n"
|
|
"MIIDBjCCAe4CCQDcvXBOEVM0UTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE\n"
|
|
"RTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\n"
|
|
"cyBQdHkgTHRkMB4XDTE5MDIyODEwNDkyM1oXDTM1MDgyNzEwNDkyM1owRTELMAkG\n"
|
|
"A1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\n"
|
|
"IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
|
|
"AKBi+iKwkgM55iCMwXrLCJlu7TzlMu/LlkyGrm99ip2B5+/Cl6a62d8pKelg6zkH\n"
|
|
"jI7+AAPteJiW4O+2qVWF8hJ5BXTjGtYbM0iZ6enCb8eyC54C7xVMc21ZIv3ob4Et\n"
|
|
"50ZOuzY2pfpzE3vIaXt1CkHlfyI/hdK+mM/dVvuCz5p3AIlHrEWS3rSNgWbCsB2E\n"
|
|
"TM55qSGKaLmtTbUvEKRF0TJrFLntfXkv10QD5pgn52+QV9k59OogqZOsDvkXzKPX\n"
|
|
"rXF+XC0gLiGBEGAr1dv9F03xMOtO77bQTdGOeC61Tip6Nb0V3ebMckZXwdFi+Nhe\n"
|
|
"FRuU33CaObtV6u5PZvSue/MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcamUPe8I\n"
|
|
"nMOHcv9x5lVN1joihVRmKc0QqNLFc6XpJY8+U5rGkZvOcDe9Da8L97wDNXpKmU/q\n"
|
|
"pprj3rT8l3v0Z5xs8Vdr8lxS6T5NhqQV0UCsn1x14gZJcE48y9/LazYi6Zcar+BX\n"
|
|
"Am4vewAV3HmQ8X2EctsRhXe4wlAq4slIfEWaaofa8ai7BzO9KwpMLsGPWoNetkB9\n"
|
|
"19+SFt0lFFOj/6vDw5pCpSd1nQlo1ug69mJYSX/wcGkV4t4LfGhV8jRPDsGs6I5n\n"
|
|
"ETHSN5KV1XCPYJmRCjFY7sIt1x4zN7JJRO9DVw+YheIlduVfkBiF+GlQgLlFTjrJ\n"
|
|
"VrpSGMIFSu301A==\n"
|
|
"-----END CERTIFICATE-----\n";
|
|
|
|
uint8_t *signature = NULL;
|
|
char *publicKey = NULL;
|
|
uint8_t *publicblob = NULL;
|
|
uint8_t *privateblob = NULL;
|
|
char *path_list = NULL;
|
|
size_t publicsize;
|
|
size_t privatesize;
|
|
|
|
if (strcmp("P_ECC", fapi_profile) != 0)
|
|
sigscheme = "RSA_PSS";
|
|
|
|
/* We need to reset the passwords again, in order to not brick physical TPMs */
|
|
r = Fapi_Provision(context, NULL, PASSWORD, NULL);
|
|
goto_if_error(r, "Error Fapi_Provision", error);
|
|
|
|
r = Fapi_SetAuthCB(context, auth_callback, NULL);
|
|
goto_if_error(r, "Error SetPolicyAuthCallback", error);
|
|
|
|
r = Fapi_CreateKey(context, "HS/SRK/mySignKey", SIGN_TEMPLATE, "",
|
|
PASSWORD);
|
|
goto_if_error(r, "Error Fapi_CreateKey_Async", error);
|
|
|
|
goto_if_error(r, "Error Fapi_CreateKey_Finish", error);
|
|
size_t signatureSize = 0;
|
|
|
|
TPM2B_DIGEST digest = {
|
|
.size = 32,
|
|
.buffer = {
|
|
0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
|
|
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
|
|
0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
|
|
0x67, 0x68
|
|
}
|
|
};
|
|
|
|
r = Fapi_GetTpmBlobs(context, "HS/SRK/mySignKey", &publicblob,
|
|
&publicsize,
|
|
&privateblob, &privatesize, NULL);
|
|
goto_if_error(r, "Error Fapi_GetTpmBlobs", error);
|
|
|
|
r = Fapi_Sign(context, "HS/SRK/mySignKey", sigscheme,
|
|
&digest.buffer[0], digest.size, &signature, &signatureSize,
|
|
&publicKey, NULL);
|
|
goto_if_error(r, "Error Fapi_Sign", error);
|
|
|
|
r = Fapi_VerifySignature(context, "HS/SRK/mySignKey",
|
|
&digest.buffer[0], digest.size, signature, signatureSize);
|
|
goto_if_error(r, "Error Fapi_VerifySignature", error);
|
|
|
|
|
|
r = Fapi_SetCertificate(context, "HS/SRK/mySignKey", cert);
|
|
goto_if_error(r, "Error Fapi_SetCertificate", error);
|
|
|
|
r = Fapi_List(context, "/", &path_list);
|
|
goto_if_error(r, "Error Fapi_Delete", error);
|
|
|
|
fprintf(stderr, "\nPathList:\n%s\n", path_list);
|
|
|
|
/* We need to reset the passwords again, in order to not brick physical TPMs */
|
|
r = Fapi_ChangeAuth(context, "/HS", NULL);
|
|
goto_if_error(r, "Error Fapi_ChangeAuth", error);
|
|
|
|
r = Fapi_Delete(context, "/");
|
|
goto_if_error(r, "Error Fapi_Delete", error);
|
|
|
|
SAFE_FREE(path_list);
|
|
SAFE_FREE(publicblob);
|
|
SAFE_FREE(privateblob);
|
|
SAFE_FREE(publicKey);
|
|
SAFE_FREE(signature);
|
|
return EXIT_SUCCESS;
|
|
|
|
error:
|
|
Fapi_Delete(context, "/HS/SRK");
|
|
SAFE_FREE(path_list);
|
|
SAFE_FREE(publicblob);
|
|
SAFE_FREE(privateblob);
|
|
SAFE_FREE(publicKey);
|
|
SAFE_FREE(signature);
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
int
|
|
test_invoke_fapi(FAPI_CONTEXT *fapi_context)
|
|
{
|
|
return test_fapi_key_create_sign(fapi_context);
|
|
}
|