king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd5f7aa4152'
${ noResults }
v811_spc009/external/tpm2-tss/test/integration/esys-import.int.c

525 lines
16 KiB
Raw Blame History

/* SPDX-License-Identifier: BSD-2-Clause */
/*******************************************************************************
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*******************************************************************************/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include "tss2_esys.h"
#include "tss2_mu.h"
#include "esys_iutil.h"
#define LOGMODULE test
#include "util/log.h"
#include "util/aux_util.h"
/** This test is intended to test the ESAPI commands Duplicate and Import.
*
* We start by creating a primary key (Esys_CreatePrimary).
* This primary key will be used as parent key for the Duplicate
* command. A second primary key will be the parent key of the
* duplicated key. In the last step the key is imported with the
* first primary key as parent key (Esys_Import).
*
* Tested ESAPI commands:
* - Esys_Create() (M)
* - Esys_CreatePrimary() (M)
* - Esys_Duplicate() (M)
* - Esys_FlushContext() (M)
* - Esys_Import() (M)
* - Esys_Load() (M)
* - Esys_PolicyAuthValue() (M)
* - Esys_PolicyCommandCode() (M)
* - Esys_PolicyGetDigest() (M)
* - Esys_ReadPublic() (M)
* - Esys_StartAuthSession() (M)
*
* @param[in,out] esys_context The ESYS_CONTEXT.
* @retval EXIT_FAILURE
* @retval EXIT_SUCCESS
*/
int
test_esys_import(ESYS_CONTEXT * esys_context)
{
TSS2_RC r;
ESYS_TR primaryHandle = ESYS_TR_NONE;
ESYS_TR primaryHandle2 = ESYS_TR_NONE;
ESYS_TR loadedKeyHandle = ESYS_TR_NONE;
ESYS_TR policySession = ESYS_TR_NONE;
TPM2B_DIGEST *policyDigestTrial = NULL;
TPM2B_PUBLIC *outPublic = NULL;
TPM2B_CREATION_DATA *creationData = NULL;
TPM2B_DIGEST *creationHash = NULL;
TPMT_TK_CREATION *creationTicket = NULL;
TPM2B_PUBLIC *outPublic2 = NULL;
TPM2B_PRIVATE *outPrivate2 = NULL;
TPM2B_CREATION_DATA *creationData2 = NULL;
TPM2B_DIGEST *creationHash2 = NULL;
TPMT_TK_CREATION *creationTicket2 = NULL;
TPM2B_DATA *encryptionKeyOut = NULL;
TPM2B_PRIVATE *duplicate = NULL;
TPM2B_ENCRYPTED_SECRET *outSymSeed = NULL;
TPM2B_PUBLIC *keyPublic = NULL;
TPM2B_NAME *keyName = NULL;
TPM2B_NAME *keyQualifiedName = NULL;
TPM2B_NAME *nameKeySign = NULL;
TPM2B_PRIVATE *outPrivate = NULL;
/*
* Firth the policy value to be able to use Esys_Duplicate for an object has to be
* determined with a policy trial session.
*/
ESYS_TR sessionTrial = ESYS_TR_NONE;
TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE nonceCallerTrial = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&nonceCallerTrial,
TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
&sessionTrial);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyAuthValue(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_PolicyCommandCode(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
TPM2_CC_Duplicate
);
goto_if_error(r, "Error: PolicyCommandCode", error);
r = Esys_PolicyGetDigest(esys_context,
sessionTrial,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&policyDigestTrial
);
goto_if_error(r, "Error: PolicyGetDigest", error);
TPM2B_AUTH authValuePrimary = {
.size = 5,
.buffer = {1, 2, 3, 4, 5}
};
TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
.size = 0,
.sensitive = {
.userAuth = {
.size = 0,
.buffer = {0 },
},
.data = {
.size = 0,
.buffer = {0},
},
},
};
inSensitivePrimary.sensitive.userAuth = authValuePrimary;
TPM2B_PUBLIC inPublic = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_DECRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN),
.authPolicy = {
.size = 0,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_AES,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB},
.scheme = {
.scheme = TPM2_ALG_NULL
},
.keyBits = 2048,
.exponent = 0,
},
.unique.rsa = {
.size = 0,
.buffer = {},
},
},
};
LOG_INFO("\nRSA key will be created.");
TPM2B_DATA outsideInfo = {
.size = 0,
.buffer = {},
};
TPML_PCR_SELECTION creationPCR = {
.count = 0,
};
TPM2B_AUTH authValue = {
.size = 0,
.buffer = {}
};
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
goto_if_error(r, "Error: TR_SetAuth", error);
RSRC_NODE_T *primaryHandle_node;
r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
ESYS_TR_NONE, ESYS_TR_NONE,
&inSensitivePrimary, &inPublic,
&outsideInfo, &creationPCR, &primaryHandle,
&outPublic, &creationData, &creationHash,
&creationTicket);
goto_if_error(r, "Error esys create primary", error);
Esys_Free(outPublic);
Esys_Free(creationData);
Esys_Free(creationHash);
Esys_Free(creationTicket);
r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
ESYS_TR_NONE, ESYS_TR_NONE,
&inSensitivePrimary, &inPublic,
&outsideInfo, &creationPCR, &primaryHandle2,
&outPublic, &creationData, &creationHash,
&creationTicket);
goto_if_error(r, "Error esys create primary", error);
r = esys_GetResourceObject(esys_context, primaryHandle,
&primaryHandle_node);
goto_if_error(r, "Error Esys GetResourceObject", error);
LOG_INFO("Created Primary with handle 0x%08x...",
primaryHandle_node->rsrc.handle);
r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary);
goto_if_error(r, "Error: TR_SetAuth", error);
TPM2B_AUTH authKey2 = {
.size = 6,
.buffer = {6, 7, 8, 9, 10, 11}
};
TPM2B_SENSITIVE_CREATE inSensitive2 = {
.size = 0,
.sensitive = {
.userAuth = {
.size = 0,
.buffer = {0}
},
.data = {
.size = 0,
.buffer = {}
}
}
};
inSensitive2.sensitive.userAuth = authKey2;
TPM2B_PUBLIC inPublic2 = {
.size = 0,
.publicArea = {
.type = TPM2_ALG_RSA,
.nameAlg = TPM2_ALG_SHA1,
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_RESTRICTED |
TPMA_OBJECT_DECRYPT |
TPMA_OBJECT_SENSITIVEDATAORIGIN),
.authPolicy = {
.size = 0,
},
.parameters.rsaDetail = {
.symmetric = {
.algorithm = TPM2_ALG_AES,
.keyBits.aes = 128,
.mode.aes = TPM2_ALG_CFB
},
.scheme = {
.scheme =
TPM2_ALG_NULL,
},
.keyBits = 2048,
.exponent = 0
},
.unique.rsa = {
.size = 0,
.buffer = {}
,
}
}
};
TPM2B_DATA outsideInfo2 = {
.size = 0,
.buffer = {}
,
};
TPML_PCR_SELECTION creationPCR2 = {
.count = 0,
};
inPublic2.publicArea.authPolicy = *policyDigestTrial;
r = Esys_Create(esys_context,
primaryHandle,
ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
&inSensitive2,
&inPublic2,
&outsideInfo2,
&creationPCR2,
&outPrivate2,
&outPublic2,
&creationData2, &creationHash2, &creationTicket2);
goto_if_error(r, "Error esys create ", error);
LOG_INFO("\nSecond key created.");
r = Esys_Load(esys_context,
primaryHandle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle);
goto_if_error(r, "Error esys load ", error);
LOG_INFO("\nSecond Key loaded.");
r = Esys_TR_SetAuth(esys_context, loadedKeyHandle, &authKey2);
goto_if_error(r, "Error esys TR_SetAuth ", error);
r = Esys_ReadPublic(esys_context,
loadedKeyHandle,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&keyPublic,
&keyName,
&keyQualifiedName);
Esys_Free(keyPublic);
Esys_Free(keyName);
Esys_Free(keyQualifiedName);
goto_if_error(r, "Error esys ReadPublic", error);
TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}
};
TPM2B_NONCE policyNonceCaller = {
.size = 20,
.buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
};
r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&policyNonceCaller,
TPM2_SE_POLICY, &policySymmetric, TPM2_ALG_SHA1,
&policySession);
goto_if_error(r, "Error: During initialization of policy trial session", error);
r = Esys_PolicyAuthValue(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE
);
goto_if_error(r, "Error: PolicyAuthValue", error);
r = Esys_PolicyCommandCode(esys_context,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
TPM2_CC_Duplicate
);
goto_if_error(r, "Error: PolicyCommandCode", error);
TPM2B_DATA encryptionKey = {0};
TPMT_SYM_DEF_OBJECT symmetric = {.algorithm = TPM2_ALG_NULL,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}};
r = Esys_Duplicate(
esys_context,
loadedKeyHandle,
primaryHandle2,
policySession,
ESYS_TR_NONE,
ESYS_TR_NONE,
&encryptionKey,
&symmetric,
&encryptionKeyOut,
&duplicate,
&outSymSeed);
goto_if_error(r, "Error: Duplicate", error);
Esys_Free(outPublic);
r = Esys_ReadPublic(esys_context,
loadedKeyHandle,
ESYS_TR_NONE,
ESYS_TR_NONE,
ESYS_TR_NONE,
&outPublic,
&nameKeySign,
&keyQualifiedName);
goto_if_error(r, "Error: ReadPublic", error);
r = Esys_FlushContext(esys_context, loadedKeyHandle);
goto_if_error(r, "Flushing context", error);
loadedKeyHandle = ESYS_TR_NONE;
r = Esys_Import(
esys_context,
primaryHandle,
ESYS_TR_PASSWORD,
ESYS_TR_NONE,
ESYS_TR_NONE,
encryptionKeyOut,
outPublic,
duplicate,
outSymSeed,
&symmetric,
&outPrivate);
goto_if_error(r, "Error: Import", error);
r = Esys_FlushContext(esys_context, primaryHandle);
goto_if_error(r, "Flushing context", error);
primaryHandle = ESYS_TR_NONE;
r = Esys_FlushContext(esys_context, primaryHandle2);
goto_if_error(r, "Flushing context", error);
primaryHandle2 = ESYS_TR_NONE;
r = Esys_FlushContext(esys_context, sessionTrial);
goto_if_error(r, "Flushing context", error);
sessionTrial = ESYS_TR_NONE;
r = Esys_FlushContext(esys_context, policySession);
goto_if_error(r, "Flushing context", error);
Esys_Free(policyDigestTrial);
Esys_Free(outPublic);
Esys_Free(creationData);
Esys_Free(creationHash);
Esys_Free(creationTicket);
Esys_Free(outPublic2);
Esys_Free(outPrivate2);
Esys_Free(creationData2);
Esys_Free(creationHash2);
Esys_Free(creationTicket2);
Esys_Free(encryptionKeyOut);
Esys_Free(duplicate);
Esys_Free(outSymSeed);
Esys_Free(keyQualifiedName);
Esys_Free(nameKeySign);
Esys_Free(outPrivate);
return EXIT_SUCCESS;
error:
if (policySession != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup policySession failed.");
}
}
if (sessionTrial != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup sessionTrial failed.");
}
}
if (loadedKeyHandle != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup loadedKeyHandle failed.");
}
}
if (primaryHandle != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup primaryHandle failed.");
}
}
if (primaryHandle2 != ESYS_TR_NONE) {
if (Esys_FlushContext(esys_context, primaryHandle2) != TSS2_RC_SUCCESS) {
LOG_ERROR("Cleanup primaryHandle2 failed.");
}
}
Esys_Free(policyDigestTrial);
Esys_Free(outPublic);
Esys_Free(creationData);
Esys_Free(creationHash);
Esys_Free(creationTicket);
Esys_Free(outPublic2);
Esys_Free(outPrivate2);
Esys_Free(creationData2);
Esys_Free(creationHash2);
Esys_Free(creationTicket2);
Esys_Free(encryptionKeyOut);
Esys_Free(duplicate);
Esys_Free(outSymSeed);
Esys_Free(keyPublic);
Esys_Free(keyName);
Esys_Free(keyQualifiedName);
Esys_Free(nameKeySign);
Esys_Free(outPrivate);
return EXIT_FAILURE;
}
int
test_invoke_esapi(ESYS_CONTEXT * esys_context) {
return test_esys_import(esys_context);
}
Reference in new issue View Git Blame Copy Permalink