1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************;
3 * Copyright (c) 2015, Intel Corporation
4 * All rights reserved.
5 ***********************************************************************;
6 */
7
8 #ifdef HAVE_CONFIG_H
9 #include <config.h>
10 #endif
11
12 #include <stdbool.h>
13 #include <inttypes.h>
14 #include <stdio.h>
15 #include <stdlib.h>
16 #include <string.h>
17
18 #include "tss2_sys.h"
19 #include "tss2_tcti_device.h"
20 #ifdef TCTI_MSSIM
21 #include "tss2_tcti_mssim.h"
22 #endif /* TCTI_MSSIM */
23 #ifdef TCTI_SWTPM
24 #include "tss2_tcti_swtpm.h"
25 #endif /* TCTI_SWTPM */
26
27 #include "../integration/context-util.h"
28 #include "../integration/sys-util.h"
29 #include "../integration/session-util.h"
30 #include "util/tss2_endian.h"
31 #include "sysapi_util.h"
32 #define LOGMODULE testtpmclient
33 #include "util/log.h"
34
35 /*
36 * TPM indices and sizes
37 */
38 #define NV_AUX_INDEX_SIZE 96
39 #define NV_PS_INDEX_SIZE 34
40
41 #define INDEX_AUX 0x01800003 /* NV Storage */
42 #define INDEX_LCP_OWN 0x01400001 /* Launch Policy Owner */
43 #define INDEX_LCP_SUP 0x01800001 /* Launch Policy Default (Supplier) */
44 #define TPM20_INDEX_TEST1 0x01500015
45 #define TPM20_INDEX_TEST2 0x01500016
46 #define TPM20_INDEX_PASSWORD_TEST 0x01500020
47
48 #define SESSIONS_COUNT 1
49
50
51 #define SET_PCR_SELECT_BIT( pcrSelection, pcr ) \
52 (pcrSelection).pcrSelect[( (pcr)/8 )] |= ( 1 << ( (pcr) % 8) );
53
54 #define CLEAR_PCR_SELECT_BITS( pcrSelection ) \
55 (pcrSelection).pcrSelect[0] = 0; \
56 (pcrSelection).pcrSelect[1] = 0; \
57 (pcrSelection).pcrSelect[2] = 0;
58
59 #define SET_PCR_SELECT_SIZE( pcrSelection, size ) \
60 (pcrSelection).sizeofSelect = size;
61
62
63 TSS2_SYS_CONTEXT *sysContext;
64
65 TSS2_TCTI_CONTEXT *resMgrTctiContext = 0;
66
67 #define INIT_SIMPLE_TPM2B_SIZE(type) (type).size = sizeof(type) - 2;
68 #define YES 1
69 #define NO 0
70
ErrorHandler(UINT32 rval,char * errorString,int errorStringSize)71 static void ErrorHandler(UINT32 rval, char *errorString, int errorStringSize)
72 {
73 UINT32 errorLevel = rval & TSS2_RC_LAYER_MASK;
74 char levelString[32];
75
76 switch (errorLevel)
77 {
78 case TSS2_TPM_RC_LAYER:
79 strcpy(levelString, "TPM");
80 break;
81 case TSS2_SYS_RC_LAYER:
82 strcpy(levelString, "System API");
83 break;
84 case TSS2_MU_RC_LAYER:
85 strcpy(levelString, "System API TPM encoded");
86 break;
87 case TSS2_TCTI_RC_LAYER:
88 strcpy(levelString, "TCTI");
89 break;
90 case TSS2_RESMGR_TPM_RC_LAYER:
91 strcpy(levelString, "Resource Mgr TPM encoded");
92 break;
93 case TSS2_RESMGR_RC_LAYER:
94 strcpy(levelString, "Resource Mgr");
95 break;
96 default:
97 strcpy(levelString, "Unknown Level");
98 break;
99 }
100
101 snprintf(errorString, errorStringSize, "%s Error: 0x%x\n", levelString, rval);
102 }
103
104 #define EXIT_SKIP 77
105
Cleanup_exit(int rc)106 static void Cleanup_exit(int rc)
107 {
108 if (resMgrTctiContext != NULL) {
109 tcti_teardown(resMgrTctiContext);
110 resMgrTctiContext = NULL;
111 }
112 exit(rc == EXIT_SKIP ? EXIT_SKIP : 1);
113 }
114
Cleanup()115 static void Cleanup()
116 {
117 Cleanup_exit(1);
118 }
119
InitSysContextFailure()120 static void InitSysContextFailure()
121 {
122 LOG_ERROR("InitSysContext failed, exiting...");
123 Cleanup();
124 }
125
126 #define ERROR_STR_LEN 200
127 #define CheckPassed(rval) { \
128 char error_string[ERROR_STR_LEN]; \
129 if ((rval) != TPM2_RC_SUCCESS) { \
130 ErrorHandler((rval), error_string, ERROR_STR_LEN); \
131 LOG_INFO("passing case: \tFAILED! %s (%s@%u)", \
132 error_string, __FUNCTION__, __LINE__ ); \
133 Cleanup_exit(rval); \
134 } else { \
135 LOG_INFO("passing case: \tPASSED! (%s@%u)", \
136 __FUNCTION__, __LINE__); \
137 } \
138 }
139
140 #define CheckFailed(rval, expected_rval) { \
141 char error_string[ERROR_STR_LEN]; \
142 if ((rval) != (expected_rval)) { \
143 ErrorHandler((rval), error_string, ERROR_STR_LEN); \
144 LOG_INFO("\tfailing case: FAILED! %s Ret code s/b: 0x%x, but was: 0x%x (%s@%u)", \
145 error_string, (expected_rval), (rval), __FUNCTION__, __LINE__ ); \
146 Cleanup_exit(rval); \
147 } else { \
148 LOG_INFO("\tfailing case: PASSED! (%s@%u)", \
149 __FUNCTION__, __LINE__); \
150 } \
151 }
152
TpmReset()153 static TSS2_RC TpmReset()
154 {
155 TSS2_RC rval = TSS2_RC_SUCCESS;
156
157 #ifdef TCTI_SWTPM
158 rval = Tss2_Tcti_Swtpm_Reset(resMgrTctiContext);
159
160 /* If TCTI is not swtpm, bad context is returned. */
161 if (rval != TSS2_TCTI_RC_BAD_CONTEXT) {
162 return rval;
163 } else {
164 LOG_WARNING("TPM Reset failed: wrong TCTI type retrying with mssim...");
165 }
166 #endif /* TCTI_SWTPM */
167
168 #ifdef TCTI_MSSIM
169 rval = (TSS2_RC)tcti_platform_command( resMgrTctiContext, MS_SIM_POWER_OFF );
170 if (rval == TSS2_RC_SUCCESS) {
171 rval = (TSS2_RC)tcti_platform_command( resMgrTctiContext, MS_SIM_POWER_ON );
172 }
173 #endif /* TCTI_MSSIM */
174 if (rval == TSS2_TCTI_RC_BAD_CONTEXT) {
175 rval = EXIT_SKIP;
176 }
177
178 return rval;
179 }
180
TestDictionaryAttackLockReset()181 static void TestDictionaryAttackLockReset()
182 {
183 UINT32 rval;
184 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
185
186 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
187 .sessionHandle = TPM2_RS_PW,
188 .sessionAttributes = 0,
189 .nonce={.size=0},
190 .hmac={.size=0}}}};
191
192 LOG_INFO("DICTIONARY ATTACK LOCK RESET TEST :" );
193
194 rval = Tss2_Sys_DictionaryAttackLockReset ( sysContext, TPM2_RH_LOCKOUT, &sessionsData, &sessionsDataOut );
195 CheckPassed( rval );
196 }
197
TestTpmStartup()198 static void TestTpmStartup()
199 {
200 UINT32 rval;
201
202 LOG_INFO("STARTUP TESTS:" );
203
204 /*
205 * First test the one-call interface.
206 */
207
208 /* First must do TPM reset. */
209 rval = TpmReset();
210 CheckPassed(rval);
211
212 /* This one should pass. */
213 rval = Tss2_Sys_Startup( sysContext, TPM2_SU_CLEAR );
214 CheckPassed(rval);
215
216 /* This one should fail. */
217 rval = Tss2_Sys_Startup( sysContext, TPM2_SU_CLEAR );
218 CheckFailed( rval, TPM2_RC_INITIALIZE );
219
220
221 /* Cycle power using simulator interface. */
222 rval = TpmReset();
223 CheckPassed(rval);
224
225
226 /*
227 * Now test the synchronous, non-one-call interface.
228 */
229 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM2_SU_CLEAR );
230 CheckPassed(rval);
231
232 /* Execute the command synchronously. */
233 rval = Tss2_Sys_Execute( sysContext );
234 CheckPassed( rval );
235
236 /* Cycle power using simulator interface. */
237 rval = TpmReset();
238 CheckPassed(rval);
239
240
241 /*
242 * Now test the asynchronous, non-one-call interface.
243 */
244 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM2_SU_CLEAR );
245 CheckPassed(rval);
246
247 /* Execute the command asynchronously. */
248 rval = Tss2_Sys_ExecuteAsync( sysContext );
249 CheckPassed(rval);
250
251 /*
252 * Get the command response. Wait a maximum of 20ms
253 * for response.
254 */
255 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
256 CheckPassed(rval);
257 }
258
TestTpmGetCapability()259 static void TestTpmGetCapability()
260 {
261 UINT32 rval;
262
263 char manuID[5] = " ";
264 char *manuIDPtr = &manuID[0];
265 TPMI_YES_NO moreData;
266 TPMS_CAPABILITY_DATA capabilityData;
267
268 LOG_INFO("GET_CAPABILITY TESTS:" );
269
270 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM2_CAP_TPM_PROPERTIES, TPM2_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
271 CheckPassed( rval );
272
273 *((UINT32 *)manuIDPtr) = BE_TO_HOST_32(capabilityData.data.tpmProperties.tpmProperty[0].value);
274 LOG_INFO("\t\tcount: %d, property: %x, manuId: %s",
275 capabilityData.data.tpmProperties.count,
276 capabilityData.data.tpmProperties.tpmProperty[0].property,
277 manuID );
278
279 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM2_CAP_TPM_PROPERTIES, TPM2_PT_MAX_COMMAND_SIZE, 1, &moreData, &capabilityData, 0 );
280 CheckPassed( rval );
281 LOG_INFO("\t\tcount: %d, property: %x, max cmd size: %d",
282 capabilityData.data.tpmProperties.count,
283 capabilityData.data.tpmProperties.tpmProperty[0].property,
284 capabilityData.data.tpmProperties.tpmProperty[0].value );
285
286
287 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM2_CAP_TPM_PROPERTIES, TPM2_PT_MAX_COMMAND_SIZE, 40, &moreData, &capabilityData, 0 );
288 CheckPassed( rval );
289 LOG_INFO("\t\tcount: %d, property: %x, max cmd size: %d",
290 capabilityData.data.tpmProperties.count,
291 capabilityData.data.tpmProperties.tpmProperty[0].property,
292 capabilityData.data.tpmProperties.tpmProperty[0].value );
293
294
295 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM2_CAP_TPM_PROPERTIES, TPM2_PT_MAX_RESPONSE_SIZE, 1, &moreData, &capabilityData, 0 );
296 CheckPassed( rval );
297 LOG_INFO("\t count: %d, property: %x, max response size: %d",
298 capabilityData.data.tpmProperties.count,
299 capabilityData.data.tpmProperties.tpmProperty[0].property,
300 capabilityData.data.tpmProperties.tpmProperty[0].value );
301
302 rval = Tss2_Sys_GetCapability( sysContext, 0, 0xff, TPM2_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
303 CheckFailed(rval, TPM2_RC_VALUE+TPM2_RC_1+TPM2_RC_P);
304 }
305
TestTpmClear()306 static void TestTpmClear()
307 {
308 UINT32 rval;
309 TPM2B_AUTH hmac = { .size = 0 };
310 TPM2B_NONCE nonce = { .size = 0 };
311 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
312
313 TSS2L_SYS_AUTH_COMMAND sessionsDataIn = { .count = 1, .auths = {{
314 .sessionHandle = TPM2_RS_PW,
315 .sessionAttributes = 0,
316 .nonce=nonce,
317 .hmac=hmac}}};
318
319 LOG_INFO("CLEAR and CLEAR CONTROL TESTS:" );
320
321 rval = Tss2_Sys_Clear ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, 0 );
322 CheckPassed( rval );
323
324 rval = Tss2_Sys_ClearControl ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, YES, &sessionsDataOut );
325 CheckPassed( rval );
326
327 rval = Tss2_Sys_Clear ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, 0 );
328 CheckFailed( rval, TPM2_RC_DISABLED );
329
330 rval = Tss2_Sys_ClearControl ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
331 CheckPassed( rval );
332
333 sessionsDataIn.auths[0].sessionAttributes = 0xff;
334 rval = Tss2_Sys_Clear ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, &sessionsDataOut );
335 CheckFailed( rval, TPM2_RC_9 + TPM2_RC_RESERVED_BITS );
336
337 rval = Tss2_Sys_ClearControl ( sysContext, TPM2_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
338 CheckFailed( rval, TPM2_RC_9 + TPM2_RC_RESERVED_BITS );
339 }
340
341 #define SESSIONS_ABOVE_MAX_ACTIVE 0
342 #define DEBUG_MAX_ACTIVE_SESSIONS 8
343 #define DEBUG_GAP_MAX 2*DEBUG_MAX_ACTIVE_SESSIONS
344
345 SESSION *sessions[SESSIONS_COUNT];
346
TestStartAuthSession()347 static void TestStartAuthSession()
348 {
349 UINT32 rval;
350 TPM2B_ENCRYPTED_SECRET encryptedSalt;
351 TPMT_SYM_DEF symmetric;
352 SESSION *authSession = NULL;
353 TPM2B_NONCE nonceCaller;
354 UINT16 i;
355 TPM2_HANDLE badSessionHandle = 0x03010000;
356
357 TPMS_AUTH_COMMAND sessionData;
358 TPM2B_NONCE nonce;
359
360
361 TPM2B_AUTH hmac;
362
363
364 /* Init sessionHandle */
365 sessionData.sessionHandle = badSessionHandle;
366
367 /* Init nonce. */
368 nonce.size = 0;
369 sessionData.nonce = nonce;
370
371 /* init hmac */
372 hmac.size = 0;
373 sessionData.hmac = hmac;
374
375 /* Init session attributes */
376 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
377
378 encryptedSalt.size = 0;
379
380 LOG_INFO("START_AUTH_SESSION TESTS:" );
381
382 symmetric.algorithm = TPM2_ALG_NULL;
383 symmetric.keyBits.sym = 0;
384 symmetric.mode.sym = 0;
385
386 nonceCaller.size = 0;
387
388 encryptedSalt.size = 0;
389
390 /* Init session */
391 rval = create_auth_session(&authSession, TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
392 CheckPassed( rval );
393
394 rval = Tss2_Sys_FlushContext( sysContext, authSession->sessionHandle );
395 CheckPassed( rval );
396 end_auth_session( authSession );
397
398 /* Init session */
399 rval = create_auth_session(&authSession, TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, 0xff, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
400 CheckFailed( rval, TPM2_RC_VALUE + TPM2_RC_P + TPM2_RC_3 );
401
402 /*
403 * Try starting a bunch to see if resource manager handles this correctly.
404 */
405 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
406 {
407 /* Init session struct */
408 rval = create_auth_session(&sessions[i], TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
409 CheckPassed( rval );
410 LOG_INFO("Number of sessions created: %d", i+1 );
411
412 }
413 /* clean up the sessions that I don't want here. */
414 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *)); i++ )
415 {
416 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
417 CheckPassed( rval );
418
419 end_auth_session(sessions[i]);
420 }
421
422 /* Now do some gap tests. */
423 rval = create_auth_session(&sessions[0], TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
424 CheckPassed( rval );
425
426 for( i = 1; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
427 {
428 rval = create_auth_session(&sessions[i], TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
429 CheckPassed( rval );
430
431 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
432 CheckPassed( rval );
433
434 end_auth_session(sessions[i]);
435 }
436 end_auth_session(sessions[0]);
437
438 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
439 {
440 rval = create_auth_session(&sessions[i], TPM2_RH_NULL, 0, TPM2_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY, &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
441 CheckPassed( rval );
442
443 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
444 CheckPassed( rval );
445
446 end_auth_session(sessions[i]);
447 }
448 }
449
TestChangeEps()450 static void TestChangeEps()
451 {
452 UINT32 rval;
453 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
454 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
455 .sessionHandle = TPM2_RS_PW,
456 .sessionAttributes = 0,
457 .nonce = {.size = 0},
458 .hmac = {.size = 0}}}};
459
460 LOG_INFO("CHANGE_EPS TESTS:" );
461
462 rval = Tss2_Sys_ChangeEPS( sysContext, TPM2_RH_PLATFORM, &sessionsData, &sessionsDataOut );
463 CheckPassed( rval );
464 }
465
TestChangePps()466 static void TestChangePps()
467 {
468 UINT32 rval;
469
470 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
471
472 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
473 .sessionHandle = TPM2_RS_PW,
474 .sessionAttributes = 0,
475 .nonce = {.size = 0},
476 .hmac = {.size = 0}}}};
477
478 LOG_INFO("CHANGE_PPS TESTS:" );
479
480 rval = Tss2_Sys_ChangePPS( sysContext, TPM2_RH_PLATFORM, &sessionsData, &sessionsDataOut );
481 CheckPassed( rval );
482 }
483
TestHierarchyChangeAuth()484 static void TestHierarchyChangeAuth()
485 {
486 UINT32 rval;
487 TPM2B_AUTH newAuth;
488 int i;
489
490 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
491 .sessionHandle = TPM2_RS_PW,
492 .sessionAttributes = 0,
493 .nonce = {.size = 0},
494 .hmac = {.size = 0}}}};
495
496 LOG_INFO("HIERARCHY_CHANGE_AUTH TESTS:" );
497
498 newAuth.size = 0;
499 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM2_RH_PLATFORM, &sessionsData, &newAuth, 0 );
500 CheckPassed( rval );
501
502 /* Init new auth */
503 newAuth.size = 20;
504 for( i = 0; i < newAuth.size; i++ )
505 newAuth.buffer[i] = i;
506
507 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM2_RH_PLATFORM, &sessionsData, &newAuth, 0 );
508 CheckPassed( rval );
509
510 sessionsData.auths[0].hmac = newAuth;
511 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM2_RH_PLATFORM, &sessionsData, &newAuth, 0 );
512 CheckPassed( rval );
513
514 /* Init new auth */
515 newAuth.size = 0;
516
517 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM2_RH_PLATFORM, &sessionsData, &newAuth, 0 );
518 CheckPassed( rval );
519
520 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM2_RH_PLATFORM, &sessionsData, &newAuth, 0 );
521 CheckFailed( rval, TPM2_RC_1 + TPM2_RC_S + TPM2_RC_BAD_AUTH );
522
523 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, 0, &sessionsData, &newAuth, 0 );
524 CheckFailed( rval, TPM2_RC_1 + TPM2_RC_VALUE );
525 }
526
527 #define PCR_0 0
528 #define PCR_1 1
529 #define PCR_2 2
530 #define PCR_3 3
531 #define PCR_4 4
532 #define PCR_5 5
533 #define PCR_6 6
534 #define PCR_7 7
535 #define PCR_8 8
536 #define PCR_9 9
537 #define PCR_10 10
538 #define PCR_11 11
539 #define PCR_12 12
540 #define PCR_13 13
541 #define PCR_14 14
542 #define PCR_15 15
543 #define PCR_16 16
544 #define PCR_17 17
545 #define PCR_18 18
546 #define PCR_SIZE 20
547
TestPcrExtend()548 static void TestPcrExtend()
549 {
550 UINT32 rval;
551 UINT16 i, digestSize;
552 TPML_PCR_SELECTION pcrSelection;
553 UINT32 pcrUpdateCounterBeforeExtend;
554 UINT32 pcrUpdateCounterAfterExtend;
555 UINT8 pcrBeforeExtend[PCR_SIZE];
556 TPM2B_EVENT eventData;
557 TPML_DIGEST pcrValues;
558 TPML_DIGEST_VALUES digests;
559 TPML_PCR_SELECTION pcrSelectionOut;
560 UINT8 pcrAfterExtend[20];
561 TSS2_TCTI_CONTEXT *tctiContext;
562
563 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
564 .sessionHandle = TPM2_RS_PW,
565 .sessionAttributes = 0,
566 .nonce = {.size = 0},
567 .hmac = {.size = 0}}}};
568
569 LOG_INFO("PCR_EXTEND, PCR_EVENT, PCR_ALLOCATE, and PCR_READ TESTS:" );
570
571 /* Init digests */
572 digests.count = 1;
573 digests.digests[0].hashAlg = TPM2_ALG_SHA1;
574 digestSize = GetDigestSize( digests.digests[0].hashAlg );
575
576 for( i = 0; i < digestSize; i++ )
577 {
578 digests.digests[0].digest.sha1[i] = (UINT8)(i % 256);
579 }
580
581 pcrSelection.count = 1;
582 pcrSelection.pcrSelections[0].hash = TPM2_ALG_SHA1;
583 pcrSelection.pcrSelections[0].sizeofSelect = 3;
584
585 /* Clear out PCR select bit field */
586 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
587 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
588 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
589
590 /* Now set the PCR you want to read */
591 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_17 );
592
593 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterBeforeExtend, &pcrSelectionOut, &pcrValues, 0 );
594 CheckPassed( rval );
595
596 if( pcrValues.digests[0].size <= PCR_SIZE &&
597 pcrValues.digests[0].size <= sizeof( pcrValues.digests[0].buffer ) )
598 memcpy( &( pcrBeforeExtend[0] ), &( pcrValues.digests[0].buffer[0] ), pcrValues.digests[0].size );
599
600 /* Set locality 3 to enable PCR extend with PCR 17 */
601 rval = Tss2_Sys_GetTctiContext(sysContext, &tctiContext);
602 CheckPassed(rval);
603
604 rval = Tss2_Tcti_SetLocality(tctiContext, 3);
605 CheckPassed(rval);
606
607 rval = Tss2_Sys_PCR_Extend( sysContext, PCR_17, &sessionsData, &digests, 0 );
608 CheckPassed( rval );
609
610 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, &pcrSelectionOut, &pcrValues, 0 );
611 CheckPassed( rval );
612
613 memcpy( &( pcrAfterExtend[0] ), &( pcrValues.digests[0].buffer[0] ), pcrValues.digests[0].size );
614
615 if( pcrUpdateCounterBeforeExtend == pcrUpdateCounterAfterExtend )
616 {
617 LOG_ERROR("ERROR!! pcrUpdateCounter didn't change value" );
618 Cleanup();
619 }
620
621 if( 0 == memcmp( &( pcrBeforeExtend[0] ), &( pcrAfterExtend[0] ), 20 ) )
622 {
623 LOG_ERROR("ERROR!! PCR didn't change value" );
624 Cleanup();
625 }
626
627 pcrSelection.pcrSelections[0].sizeofSelect = 255;
628
629 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, 0, 0, 0 );
630 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
631
632 eventData.size = 4;
633 eventData.buffer[0] = 0;
634 eventData.buffer[1] = 0xff;
635 eventData.buffer[2] = 0x55;
636 eventData.buffer[3] = 0xaa;
637
638 rval = Tss2_Sys_PCR_Event( sysContext, PCR_18, &sessionsData, &eventData, &digests, 0 );
639 CheckPassed( rval );
640
641 /* Reset locality and check whether extend PCR 17 is no possible */
642 rval = Tss2_Tcti_SetLocality(tctiContext, 0);
643 CheckPassed( rval );
644
645 rval = Tss2_Sys_PCR_Extend( sysContext, PCR_17, &sessionsData, &digests, 0 );
646 CheckFailed( rval, TPM2_RC_LOCALITY );
647 }
648
TestShutdown()649 static void TestShutdown()
650 {
651 UINT32 rval;
652 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
653
654 LOG_INFO("SHUTDOWN TESTS:" );
655
656 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM2_SU_STATE, &sessionsDataOut );
657 CheckPassed( rval );
658
659 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM2_SU_CLEAR, &sessionsDataOut );
660 CheckPassed( rval );
661
662 rval = Tss2_Sys_Shutdown( sysContext, 0, 0xff, 0 );
663 CheckFailed( rval, TPM2_RC_VALUE+TPM2_RC_1+TPM2_RC_P );
664 }
665
TestNV()666 static void TestNV()
667 {
668 UINT32 rval;
669 TPM2B_NV_PUBLIC publicInfo;
670 TPM2B_AUTH nvAuth;
671 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
672 int i;
673 TPM2B_MAX_NV_BUFFER nvWriteData;
674 TPM2B_MAX_NV_BUFFER nvData;
675
676 TPM2B_NV_PUBLIC nvPublic;
677 TPM2B_NAME nvName;
678
679 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
680 .sessionHandle = TPM2_RS_PW,
681 .sessionAttributes = 0,
682 .nonce = {.size = 0},
683 .hmac = {.size = 0}}}};
684
685 LOG_INFO("NV INDEX TESTS:" );
686
687 nvAuth.size = 20;
688 for( i = 0; i < nvAuth.size; i++ ) {
689 nvAuth.buffer[i] = (UINT8)i;
690 }
691
692 publicInfo.size = 0;
693 publicInfo.nvPublic.nvIndex = TPM20_INDEX_TEST1;
694 publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA1;
695
696 /* First zero out attributes. */
697 *(UINT32 *)&( publicInfo.nvPublic.attributes ) = 0;
698
699 /* Now set the attributes. */
700 publicInfo.nvPublic.attributes |= TPMA_NV_PPREAD;
701 publicInfo.nvPublic.attributes |= TPMA_NV_PPWRITE;
702 publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
703 publicInfo.nvPublic.attributes |= TPMA_NV_PLATFORMCREATE;
704 publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
705 publicInfo.nvPublic.authPolicy.size = 0;
706 publicInfo.nvPublic.dataSize = 32;
707
708 INIT_SIMPLE_TPM2B_SIZE( nvData );
709 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
710 CheckFailed( rval, TPM2_RC_2 + TPM2_RC_HANDLE );
711
712 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
713 CheckPassed( rval );
714
715 nvPublic.size = 0;
716 INIT_SIMPLE_TPM2B_SIZE( nvName );
717 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
718 CheckPassed( rval );
719
720 INIT_SIMPLE_TPM2B_SIZE( nvData );
721 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
722 CheckFailed( rval, TPM2_RC_NV_UNINITIALIZED );
723
724 /* Should fail since index is already defined. */
725 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
726 CheckFailed( rval, TPM2_RC_NV_DEFINED );
727
728 nvWriteData.size = 4;
729 for( i = 0; i < nvWriteData.size; i++ )
730 nvWriteData.buffer[i] = 0xff - i;
731
732 #if 1
733 /*
734 * The following, at one point, was commented out so that NVDefine will
735 * work on successive invocations of client app.
736 *
737 * Noticed on 12/13/12, this doesn't seem to be necessary anymore.
738 * Maybe something else fixed it.
739 *
740 * Seems to be a bug in TPM 2.0 simulator that if:
741 * First pass of tpmclient.exe after restarting TPM 2.0 simulator will
742 * work fine.
743 * If NVWrite is done, subsequent invocations of tpmclient.exe will
744 * ALWAYS fail on the first call to Tpm2NVDefineSpace with 0x2cb error.
745 * Removing NVWrite fixes this.
746 * And restarting TPM 2.0 simulator will make it work the first time
747 * and fail subsequent times.
748 * Removing NVWrite works around this problem.
749 */
750 rval = Tss2_Sys_NV_Write( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
751 CheckPassed( rval );
752
753 INIT_SIMPLE_TPM2B_SIZE( nvData );
754 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
755 CheckPassed( rval );
756
757 rval = Tss2_Sys_NV_WriteLock( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &sessionsDataOut );
758 CheckPassed( rval );
759
760 rval = Tss2_Sys_NV_Write( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
761 CheckFailed( rval, TPM2_RC_NV_LOCKED );
762 #endif
763
764 /* Now undefine the index. */
765 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
766 CheckPassed( rval );
767
768 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
769 CheckPassed( rval );
770
771 /* Now undefine the index so that next run will work correctly. */
772 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
773 CheckPassed( rval );
774
775 publicInfo.nvPublic.attributes &= ~TPMA_NV_PPREAD;
776 publicInfo.nvPublic.attributes &= ~TPMA_NV_PPWRITE;
777 publicInfo.nvPublic.attributes |= TPMA_NV_OWNERREAD;
778 publicInfo.nvPublic.attributes |= TPMA_NV_OWNERWRITE;
779 publicInfo.nvPublic.attributes &= ~TPMA_NV_PLATFORMCREATE;
780 publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
781 publicInfo.nvPublic.nvIndex = TPM20_INDEX_TEST2;
782 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
783 CheckPassed( rval );
784
785 nvPublic.size = 0;
786 INIT_SIMPLE_TPM2B_SIZE( nvName );
787 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST2, 0, &nvPublic, &nvName, 0 );
788 CheckPassed( rval );
789
790 INIT_SIMPLE_TPM2B_SIZE( nvData );
791 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST2, &sessionsData, 32, 0, &nvData, 0 );
792 CheckFailed( rval, TPM2_RC_NV_AUTHORIZATION );
793
794 /* Now undefine the index. */
795 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
796 CheckPassed( rval );
797
798 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
799 CheckPassed( rval );
800
801 /* Now undefine the index so that next run will work correctly. */
802 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
803 CheckPassed( rval );
804 }
805
TestHierarchyControl()806 static void TestHierarchyControl()
807 {
808 UINT32 rval;
809 TPM2B_NV_PUBLIC publicInfo;
810 TPM2B_AUTH nvAuth;
811 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
812 int i;
813 TPM2B_NAME nvName;
814 TPM2B_NV_PUBLIC nvPublic;
815 TPM2B_MAX_NV_BUFFER nvData;
816
817 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
818 .sessionHandle = TPM2_RS_PW,
819 .sessionAttributes = 0,
820 .nonce = {.size = 0},
821 .hmac = {.size = 0}}}};
822
823 LOG_INFO("HIERARCHY CONTROL TESTS:" );
824
825 nvAuth.size = 20;
826 for( i = 0; i < nvAuth.size; i++ ) {
827 nvAuth.buffer[i] = i;
828 }
829
830 publicInfo.size = 0;
831 publicInfo.nvPublic.nvIndex = TPM20_INDEX_TEST1;
832 publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA1;
833
834 /* First zero out attributes. */
835 *(UINT32 *)&( publicInfo.nvPublic.attributes ) = 0;
836
837 /* Now set the attributes. */
838 publicInfo.nvPublic.attributes |= TPMA_NV_PPREAD;
839 publicInfo.nvPublic.attributes |= TPMA_NV_PPWRITE;
840 publicInfo.nvPublic.attributes |= TPMA_NV_PPWRITE;
841 publicInfo.nvPublic.attributes |= TPMA_NV_WRITE_STCLEAR;
842 publicInfo.nvPublic.attributes |= TPMA_NV_PLATFORMCREATE;
843 publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
844 publicInfo.nvPublic.authPolicy.size = 0;
845 publicInfo.nvPublic.dataSize = 32;
846
847 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
848 CheckPassed( rval );
849
850 /* Test SYS for case where nvPublic.size != 0 */
851 nvPublic.size = 0xff;
852 INIT_SIMPLE_TPM2B_SIZE( nvName );
853 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
854 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
855
856 nvPublic.size = 0;
857 INIT_SIMPLE_TPM2B_SIZE( nvName );
858 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
859 CheckPassed( rval );
860
861 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
862 CheckFailed( rval, TPM2_RC_NV_UNINITIALIZED );
863
864 rval = Tss2_Sys_HierarchyControl( sysContext, TPM2_RH_PLATFORM, &sessionsData, TPM2_RH_PLATFORM, NO, &sessionsDataOut );
865 CheckPassed( rval );
866
867 rval = Tss2_Sys_NV_Read( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
868 CheckFailed( rval, TPM2_RC_1 + TPM2_RC_HIERARCHY );
869
870 rval = Tss2_Sys_HierarchyControl( sysContext, TPM2_RH_PLATFORM, &sessionsData, TPM2_RH_PLATFORM, YES, &sessionsDataOut );
871 CheckFailed( rval, TPM2_RC_1 + TPM2_RC_HIERARCHY );
872
873 /* Need to do TPM reset and Startup to re-enable platform hierarchy. */
874 rval = TpmReset();
875 CheckPassed(rval);
876
877 rval = Tss2_Sys_Startup ( sysContext, TPM2_SU_CLEAR );
878 CheckPassed( rval );
879
880 rval = Tss2_Sys_HierarchyControl( sysContext, TPM2_RH_PLATFORM, &sessionsData, TPM2_RH_PLATFORM, YES, &sessionsDataOut );
881 CheckPassed( rval );
882
883 /* Now undefine the index so that next run will work correctly. */
884 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
885 CheckPassed( rval );
886 }
887
888 typedef struct {
889 char name[50];
890 TSS2_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *trialPolicySession, TPM2B_DIGEST *policyDigest );
891 TSS2_RC (*createObjectFn )( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest );
892 TSS2_RC (*testPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession );
893 } POLICY_TEST_SETUP;
894
BuildPolicy(TSS2_SYS_CONTEXT * sysContext,SESSION ** policySession,TSS2_RC (* buildPolicyFn)(TSS2_SYS_CONTEXT * sysContext,SESSION * policySession,TPM2B_DIGEST * policyDigest),TPM2B_DIGEST * policyDigest,bool trialSession)895 static TSS2_RC BuildPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession,
896 TSS2_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest ),
897 TPM2B_DIGEST *policyDigest, bool trialSession )
898 {
899 /*
900 * NOTE: this policySession will be either a trial or normal policy session
901 * depending on the value of the passed in trialSession parameter.
902 */
903 TPM2B_ENCRYPTED_SECRET encryptedSalt = {0,};
904 TPMT_SYM_DEF symmetric;
905 TSS2_RC rval;
906 TPM2B_NONCE nonceCaller;
907
908 nonceCaller.size = 0;
909
910 /* Start policy session. */
911 symmetric.algorithm = TPM2_ALG_NULL;
912 rval = create_auth_session(policySession, TPM2_RH_NULL, 0, TPM2_RH_NULL, 0, &nonceCaller, &encryptedSalt, trialSession ? TPM2_SE_TRIAL : TPM2_SE_POLICY , &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
913 if( rval != TPM2_RC_SUCCESS )
914 return rval;
915
916 /* Send policy command. */
917 rval = ( *buildPolicyFn )( sysContext, *policySession, policyDigest );
918 CheckPassed( rval );
919
920 /* Get policy hash. */
921 INIT_SIMPLE_TPM2B_SIZE( *policyDigest );
922 rval = Tss2_Sys_PolicyGetDigest( sysContext, (*policySession)->sessionHandle,
923 0, policyDigest, 0 );
924 CheckPassed( rval );
925
926 if( trialSession )
927 {
928 /* Need to flush the session here. */
929 rval = Tss2_Sys_FlushContext( sysContext, (*policySession)->sessionHandle );
930 CheckPassed( rval );
931
932 /* And remove the session from sessions table. */
933 end_auth_session( *policySession );
934 }
935
936 return rval;
937 }
938
CreateNVIndex(TSS2_SYS_CONTEXT * sysContext,SESSION ** policySession,TPM2B_DIGEST * policyDigest)939 static TSS2_RC CreateNVIndex( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
940 {
941 TSS2_RC rval = TPM2_RC_SUCCESS;
942 TPMA_LOCALITY locality;
943 TPM2B_ENCRYPTED_SECRET encryptedSalt = {0};
944 TPMT_SYM_DEF symmetric;
945 TPMA_NV nvAttributes;
946 TPM2B_AUTH nvAuth;
947 TPM2B_NONCE nonceCaller;
948
949 nonceCaller.size = 0;
950
951 /*
952 * Since locality is a fairly simple command and we can guarantee
953 * its correctness, we don't need a trial session for this.
954 */
955
956 /* Start real policy session */
957 symmetric.algorithm = TPM2_ALG_NULL;
958 rval = create_auth_session(policySession, TPM2_RH_NULL,
959 0, TPM2_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM2_SE_POLICY,
960 &symmetric, TPM2_ALG_SHA256, resMgrTctiContext );
961 CheckPassed( rval );
962
963 /* Send PolicyLocality command */
964 *(UINT8 *)( (void *)&locality ) = 0;
965 locality |= TPMA_LOCALITY_TPM2_LOC_THREE;
966 rval = Tss2_Sys_PolicyLocality( sysContext, (*policySession)->sessionHandle,
967 0, locality, 0 );
968 CheckPassed( rval );
969
970 /* Read policyHash */
971 INIT_SIMPLE_TPM2B_SIZE( *policyDigest );
972 rval = Tss2_Sys_PolicyGetDigest( sysContext,
973 (*policySession)->sessionHandle, 0, policyDigest, 0 );
974 CheckPassed( rval );
975
976 nvAuth.size = 0;
977
978 /* Now set the attributes. */
979 *(UINT32 *)( (void *)&nvAttributes ) = 0;
980 nvAttributes |= TPMA_NV_POLICYREAD;
981 nvAttributes |= TPMA_NV_POLICYWRITE;
982 nvAttributes |= TPMA_NV_PLATFORMCREATE;
983
984 rval = DefineNvIndex( sysContext, TPM2_RH_PLATFORM, &nvAuth, policyDigest,
985 TPM20_INDEX_PASSWORD_TEST, TPM2_ALG_SHA256, nvAttributes, 32 );
986 CheckPassed( rval );
987
988 rval = AddEntity(TPM20_INDEX_PASSWORD_TEST, &nvAuth);
989 CheckPassed(rval);
990
991 return rval;
992 }
993
994
TestLocality(TSS2_SYS_CONTEXT * sysContext,SESSION * policySession)995 static TSS2_RC TestLocality( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
996 {
997 TSS2_RC rval = TPM2_RC_SUCCESS;
998 TPM2B_MAX_NV_BUFFER nvWriteData;
999 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut = { 1, };
1000 TSS2_TCTI_CONTEXT *tctiContext;
1001 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{
1002 .sessionHandle = policySession->sessionHandle,
1003 .sessionAttributes = TPMA_SESSION_CONTINUESESSION,
1004 .nonce = {.size = 0},
1005 .hmac = {.size = 0}}}};
1006
1007
1008 /* Init write data. */
1009 nvWriteData.size = 0;
1010
1011 rval = Tss2_Sys_GetTctiContext(sysContext, &tctiContext);
1012 CheckPassed(rval);
1013
1014 rval = Tss2_Tcti_SetLocality(tctiContext, 2);
1015 CheckPassed(rval);
1016
1017 /* Do NV write using open session's policy. */
1018 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
1019 TPM20_INDEX_PASSWORD_TEST,
1020 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1021 CheckFailed( rval, TPM2_RC_LOCALITY );
1022
1023 rval = Tss2_Tcti_SetLocality(tctiContext, 3);
1024 CheckPassed( rval );
1025
1026 /* Do NV write using open session's policy. */
1027 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
1028 TPM20_INDEX_PASSWORD_TEST,
1029 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1030 CheckPassed( rval );
1031
1032 /* Do another NV write using open session's policy. */
1033 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
1034 TPM20_INDEX_PASSWORD_TEST,
1035 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1036 CheckFailed( rval, TPM2_RC_POLICY_FAIL + TPM2_RC_S + TPM2_RC_1 );
1037
1038 /* Delete NV index */
1039 sessionsData.auths[0].sessionHandle = TPM2_RS_PW;
1040 sessionsData.auths[0].nonce.size = 0;
1041 sessionsData.auths[0].nonce.buffer[0] = 0xa5;
1042 sessionsData.auths[0].hmac.size = 0;
1043
1044 /* Now undefine the index. */
1045 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM,
1046 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
1047 CheckPassed( rval );
1048
1049 DeleteEntity(TPM20_INDEX_PASSWORD_TEST);
1050
1051 /* Reset locality */
1052 rval = Tss2_Tcti_SetLocality(tctiContext, 0);
1053 CheckPassed( rval );
1054
1055 return rval;
1056 }
1057
1058 UINT8 passwordPCRTestPassword[] = "password PCR";
1059 UINT8 dataBlob[] = "some data";
1060 TPM2_HANDLE blobHandle;
1061 TPM2B_AUTH blobAuth;
1062
BuildPasswordPolicy(TSS2_SYS_CONTEXT * sysContext,SESSION * policySession,TPM2B_DIGEST * policyDigest)1063 static TSS2_RC BuildPasswordPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
1064 {
1065 TSS2_RC rval = TPM2_RC_SUCCESS;
1066
1067 rval = Tss2_Sys_PolicyPassword( sysContext, policySession->sessionHandle, 0, 0 );
1068 CheckPassed( rval );
1069
1070 return rval;
1071 }
1072
CreateDataBlob(TSS2_SYS_CONTEXT * sysContext,SESSION ** policySession,TPM2B_DIGEST * policyDigest)1073 static TSS2_RC CreateDataBlob( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
1074 {
1075 TSS2_RC rval = TPM2_RC_SUCCESS;
1076 TPM2B_SENSITIVE_CREATE inSensitive;
1077 TPM2B_PUBLIC inPublic;
1078 TPM2B_DATA outsideInfo = {0,};
1079 TPML_PCR_SELECTION creationPcr = { 0 };
1080 TPM2B_PUBLIC outPublic;
1081 TPM2B_CREATION_DATA creationData;
1082 TPM2_HANDLE srkHandle;
1083 TPM2B_DIGEST creationHash;
1084 TPMT_TK_CREATION creationTicket;
1085 TPM2B_NAME srkName, blobName;
1086 TPM2B_DIGEST data;
1087 TPM2B_PRIVATE outPrivate;
1088
1089 TSS2L_SYS_AUTH_COMMAND cmdAuthArray = { .count = 1, .auths = {{
1090 .sessionHandle = TPM2_RS_PW,
1091 .sessionAttributes = 0,
1092 .nonce = {.size = 0},
1093 .hmac = {.size = 0}}}};
1094
1095 inSensitive.size = 0;
1096 inSensitive.sensitive.userAuth.size = 0;
1097 inSensitive.sensitive.data.size = 0;
1098
1099 inPublic.size = 0;
1100 inPublic.publicArea.type = TPM2_ALG_RSA;
1101 inPublic.publicArea.nameAlg = TPM2_ALG_SHA1;
1102 *(UINT32 *)&( inPublic.publicArea.objectAttributes) = 0;
1103 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_RESTRICTED;
1104 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH;
1105 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_DECRYPT;
1106 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_FIXEDTPM;
1107 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_FIXEDPARENT;
1108 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
1109 inPublic.publicArea.authPolicy.size = 0;
1110 inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM2_ALG_AES;
1111 inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
1112 inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM2_ALG_CBC;
1113 inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM2_ALG_NULL;
1114 inPublic.publicArea.parameters.rsaDetail.keyBits = 2048;
1115 inPublic.publicArea.parameters.rsaDetail.exponent = 0;
1116 inPublic.publicArea.unique.rsa.size = 0;
1117
1118 outPublic.size = 0;
1119 creationData.size = 0;
1120 INIT_SIMPLE_TPM2B_SIZE( creationHash );
1121 INIT_SIMPLE_TPM2B_SIZE( srkName );
1122 rval = Tss2_Sys_CreatePrimary( sysContext, TPM2_RH_PLATFORM, &cmdAuthArray,
1123 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
1124 &srkHandle, &outPublic, &creationData, &creationHash,
1125 &creationTicket, &srkName, 0 );
1126 CheckPassed( rval );
1127
1128 cmdAuthArray.auths[0].sessionHandle = TPM2_RS_PW;
1129
1130 inSensitive.sensitive.userAuth.size = 0;
1131 blobAuth.size = sizeof( passwordPCRTestPassword );
1132 memcpy( &blobAuth.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
1133 CopySizedByteBuffer((TPM2B *)&inSensitive.sensitive.userAuth, (TPM2B *)&blobAuth);
1134 data.size = sizeof( dataBlob );
1135 memcpy( &data.buffer, dataBlob, sizeof( dataBlob ) );
1136 CopySizedByteBuffer((TPM2B *)&inSensitive.sensitive.data, (TPM2B *)&data);
1137
1138 inPublic.publicArea.type = TPM2_ALG_KEYEDHASH;
1139 inPublic.publicArea.nameAlg = TPM2_ALG_SHA256;
1140 inPublic.publicArea.objectAttributes &= ~TPMA_OBJECT_RESTRICTED;
1141 inPublic.publicArea.objectAttributes &= ~TPMA_OBJECT_DECRYPT;
1142 inPublic.publicArea.objectAttributes &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN;
1143 CopySizedByteBuffer((TPM2B *)&inPublic.publicArea.authPolicy, (TPM2B *)policyDigest);
1144 inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_NULL;
1145 inPublic.publicArea.unique.keyedHash.size = 0;
1146
1147 outPublic.size = 0;
1148 creationData.size = 0;
1149 INIT_SIMPLE_TPM2B_SIZE( outPrivate );
1150 INIT_SIMPLE_TPM2B_SIZE( creationHash );
1151 rval = Tss2_Sys_Create( sysContext, srkHandle, &cmdAuthArray,
1152 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
1153 &outPrivate, &outPublic, &creationData, &creationHash,
1154 &creationTicket, 0 );
1155 CheckPassed( rval );
1156
1157 /* Now we need to load the object. */
1158 INIT_SIMPLE_TPM2B_SIZE( blobName );
1159 rval = Tss2_Sys_Load( sysContext, srkHandle, &cmdAuthArray, &outPrivate, &outPublic, &blobHandle, &blobName, 0 );
1160 CheckPassed( rval );
1161
1162 return rval;
1163 }
1164
PasswordUnseal(TSS2_SYS_CONTEXT * sysContext,SESSION * policySession)1165 static TSS2_RC PasswordUnseal( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
1166 {
1167 TSS2_RC rval = TPM2_RC_SUCCESS;
1168 TPM2B_SENSITIVE_DATA outData;
1169 TSS2L_SYS_AUTH_COMMAND cmdAuthArray = { .count = 1, .auths = {{
1170 .sessionHandle = policySession->sessionHandle,
1171 .sessionAttributes = TPMA_SESSION_CONTINUESESSION,
1172 .nonce = {.size = 0},
1173 .hmac = {.size = 0}}}};
1174
1175 /*
1176 * Now try to unseal the blob without setting the password.
1177 * This test should fail.
1178 */
1179 INIT_SIMPLE_TPM2B_SIZE( outData );
1180 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
1181 CheckFailed( rval, TPM2_RC_S + TPM2_RC_1 + TPM2_RC_AUTH_FAIL );
1182
1183 /* Clear DA lockout. */
1184 TestDictionaryAttackLockReset();
1185
1186 /*
1187 * Now try to unseal the blob after setting the password.
1188 * This test should pass.
1189 */
1190 INIT_SIMPLE_TPM2B_SIZE( outData );
1191 cmdAuthArray.auths[0].hmac.size = sizeof( passwordPCRTestPassword );
1192 memcpy( &cmdAuthArray.auths[0].hmac.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
1193 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
1194 CheckPassed( rval );
1195
1196 /* Add test to make sure we unsealed correctly. */
1197
1198 /*
1199 * Now we'll want to flush the data blob and remove it
1200 * from resource manager tables.
1201 */
1202 rval = Tss2_Sys_FlushContext( sysContext, blobHandle );
1203 CheckPassed( rval );
1204
1205 return rval;
1206 }
1207
1208 POLICY_TEST_SETUP policyTestSetups[] =
1209 {
1210 /*
1211 * NOTE: Since locality is a fairly simple command and we
1212 * can guarantee its correctness, we don't need a trial
1213 * session for this. buildPolicyFn pointer can be 0 in
1214 * this case.
1215 */
1216 { "LOCALITY", 0, CreateNVIndex, TestLocality },
1217 { "PASSWORD", BuildPasswordPolicy, CreateDataBlob, PasswordUnseal },
1218 };
1219
TestPolicy()1220 static void TestPolicy()
1221 {
1222 UINT32 rval;
1223 unsigned int i;
1224 SESSION *policySession = 0;
1225
1226 LOG_INFO("POLICY TESTS:" );
1227
1228 for( i = 0; i < ( sizeof( policyTestSetups ) / sizeof( POLICY_TEST_SETUP ) ); i++ )
1229 {
1230 TPM2B_DIGEST policyDigest;
1231
1232 policyDigest.size = 0;
1233
1234 rval = TPM2_RC_SUCCESS;
1235
1236 LOG_INFO("Policy Test: %s", policyTestSetups[i].name );
1237
1238 /* Create trial policy session and run policy commands, in order to create policyDigest. */
1239 if( policyTestSetups[i].buildPolicyFn != 0)
1240 {
1241 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, true );
1242 CheckPassed( rval );
1243 LOGBLOB_DEBUG(&(policyDigest.buffer[0]), policyDigest.size, "Built policy digest:");
1244 }
1245
1246 /* Create entity that will use that policyDigest as authPolicy. */
1247 if( policyTestSetups[i].createObjectFn != 0 )
1248 {
1249 LOGBLOB_DEBUG(&(policyDigest.buffer[0]), policyDigest.size,
1250 "Policy digest used to create object:");
1251
1252 rval = ( *policyTestSetups[i].createObjectFn )( sysContext, &policySession, &policyDigest);
1253 CheckPassed( rval );
1254 }
1255
1256 /*
1257 * Create real policy session and run policy commands; after this
1258 * we're ready to authorize actions on the entity.
1259 */
1260 if( policyTestSetups[i].buildPolicyFn != 0)
1261 {
1262 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, false );
1263 CheckPassed( rval );
1264 LOGBLOB_DEBUG(&(policyDigest.buffer[0]), policyDigest.size,
1265 "Command policy digest: ");
1266 }
1267
1268 if( policySession )
1269 {
1270 /* Now do tests by authorizing actions on the entity. */
1271 rval = ( *policyTestSetups[i].testPolicyFn)( sysContext, policySession );
1272 CheckPassed( rval );
1273
1274 /* Need to flush the session here. */
1275 rval = Tss2_Sys_FlushContext( sysContext, policySession->sessionHandle );
1276 CheckPassed( rval );
1277
1278 /* And remove the session from test app session table. */
1279 end_auth_session( policySession );
1280 }
1281 else
1282 {
1283 CheckFailed( rval, 0xffffffff );
1284 }
1285 }
1286 }
1287
1288 #define MAX_TEST_SEQUENCES 10
TestHash()1289 static void TestHash()
1290 {
1291 UINT32 rval;
1292 TPM2B_AUTH auth;
1293 TPMI_DH_OBJECT sequenceHandle[MAX_TEST_SEQUENCES];
1294 TSS2L_SYS_AUTH_COMMAND sessionsData;
1295 TPM2B_MAX_BUFFER dataToHash;
1296 TPM2B_DIGEST result;
1297 TPMT_TK_HASHCHECK validation;
1298 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1299 UINT8 memoryToHash[] =
1300 {
1301 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1302 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1303 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1304 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1305 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1306 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1307 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1308 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1309 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1310 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1311 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1312 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1313 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1314 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1315 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1316 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1317 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1318 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1319 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1320 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1322 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1323 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1324 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1325 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1326 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1327 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1328 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1329 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1330 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1331 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1332 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1333 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1334 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1335 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1336 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1337 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1338 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1340 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1341 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1342 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1343 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1344 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1345 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1346 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1347 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1348 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1349 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1350 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1351 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1352 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1353 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1354 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1355 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1356 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1357 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1358 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1359 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1360 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1361 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1362 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1363 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1364 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1365 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1366 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
1367 0xde, 0xad, 0xbe, 0xef };
1368
1369 UINT8 goodHashValue[] =
1370 { 0xB3, 0xFD, 0x6A, 0xD2, 0x9F, 0xD0, 0x13, 0x52, 0xBA, 0xFC,
1371 0x8B, 0x22, 0xC9, 0x6D, 0x88, 0x42, 0xA3, 0x3C, 0xB0, 0xC9 };
1372
1373 LOG_INFO("HASH TESTS:" );
1374
1375 auth.size = 2;
1376 auth.buffer[0] = 0;
1377 auth.buffer[1] = 0xff;
1378 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM2_ALG_SHA1, &sequenceHandle[0], 0 );
1379 CheckPassed( rval );
1380
1381 sessionsData.auths[0].sessionHandle = TPM2_RS_PW;
1382 sessionsData.auths[0].nonce.size = 0;
1383 sessionsData.auths[0].hmac = auth;
1384 sessionsData.auths[0].sessionAttributes = 0;
1385 sessionsData.count = 1;
1386
1387 dataToHash.size = TPM2_MAX_DIGEST_BUFFER;
1388 memcpy( &dataToHash.buffer[0], &memoryToHash[0], dataToHash.size );
1389
1390 rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash, &sessionsDataOut );
1391 CheckPassed( rval );
1392 dataToHash.size = sizeof( memoryToHash ) - TPM2_MAX_DIGEST_BUFFER;
1393 memcpy( &dataToHash.buffer[0], &memoryToHash[TPM2_MAX_DIGEST_BUFFER], dataToHash.size );
1394 INIT_SIMPLE_TPM2B_SIZE( result );
1395 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash,
1396 TPM2_RH_PLATFORM, &result, &validation, &sessionsDataOut );
1397 CheckPassed( rval );
1398
1399 /* Test the resulting hash. */
1400 if (memcmp(result.buffer, goodHashValue, result.size)) {
1401 LOG_ERROR("ERROR!! resulting hash is incorrect." );
1402 Cleanup();
1403 }
1404 }
1405
TestQuote()1406 static void TestQuote()
1407 {
1408 UINT32 rval;
1409 TPM2B_DATA qualifyingData;
1410 UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
1411 TPMT_SIG_SCHEME inScheme;
1412 TPML_PCR_SELECTION pcrSelection;
1413 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1414 TPM2B_ATTEST quoted;
1415 TPMT_SIGNATURE signature;
1416 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1,
1417 .auths = {{
1418 .sessionHandle = TPM2_RS_PW,
1419 .sessionAttributes = 0,
1420 .nonce = { .size = 0 },
1421 .hmac = { .size = 0, .buffer={0x00} },
1422 }},
1423 };
1424 TPM2_HANDLE handle, handle_parent;
1425
1426 LOG_INFO("QUOTE CONTROL TESTS:" );
1427
1428 qualifyingData.size = sizeof( qualDataString );
1429 memcpy( &( qualifyingData.buffer[0] ), qualDataString, sizeof( qualDataString ) );
1430
1431 inScheme.scheme = TPM2_ALG_NULL;
1432
1433 pcrSelection.count = 1;
1434 pcrSelection.pcrSelections[0].hash = TPM2_ALG_SHA256;
1435 pcrSelection.pcrSelections[0].sizeofSelect = 3;
1436
1437 /* Clear out PCR select bit field */
1438 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
1439 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
1440 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
1441
1442 /* Now set the PCR you want */
1443 pcrSelection.pcrSelections[0].pcrSelect[( PCR_17/8 )] = ( 1 << ( PCR_18 % 8) );
1444
1445 rval = create_primary_rsa_2048_aes_128_cfb(sysContext, &handle_parent);
1446 CheckPassed( rval );
1447
1448 rval = create_keyedhash_key (sysContext, handle_parent, &handle);
1449 CheckPassed( rval );
1450
1451 /* Test with wrong type of key. */
1452 INIT_SIMPLE_TPM2B_SIZE( quoted );
1453 rval = Tss2_Sys_Quote ( sysContext, handle, &sessionsData, &qualifyingData, &inScheme,
1454 &pcrSelection, "ed, &signature, &sessionsDataOut );
1455 CheckPassed( rval );
1456
1457 rval = Tss2_Sys_FlushContext(sysContext, handle);
1458 CheckPassed( rval );
1459
1460 rval = Tss2_Sys_FlushContext(sysContext, handle_parent);
1461 CheckPassed( rval );
1462 }
1463
1464 TSS2L_SYS_AUTH_COMMAND nullSessionsData = { 1, { 0 } };
1465 TSS2L_SYS_AUTH_RESPONSE nullSessionsDataOut = { 0, { 0 } };
1466 TPM2B_NONCE nullSessionNonce, nullSessionNonceOut;
1467 TPM2B_AUTH nullSessionHmac;
1468
TestPcrAllocate()1469 static void TestPcrAllocate()
1470 {
1471 UINT32 rval;
1472 TPML_PCR_SELECTION pcrSelection;
1473 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1474 TPMI_YES_NO allocationSuccess;
1475 UINT32 maxPcr;
1476 UINT32 sizeNeeded;
1477 UINT32 sizeAvailable;
1478
1479 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{
1480 .sessionHandle = TPM2_RS_PW,
1481 .sessionAttributes = 0,
1482 .nonce={.size=0},
1483 .hmac={.size=0}}}};
1484
1485 LOG_INFO("PCR ALLOCATE TEST :" );
1486
1487 pcrSelection.count = 0;
1488
1489 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM2_RH_PLATFORM, &sessionsData, &pcrSelection,
1490 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
1491 CheckPassed( rval );
1492
1493 pcrSelection.count = 3;
1494 pcrSelection.pcrSelections[0].hash = TPM2_ALG_SHA256;
1495 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[0] );
1496 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[0], 3 );
1497 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_5 );
1498 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_7 );
1499 pcrSelection.pcrSelections[1].hash = TPM2_ALG_SHA384;
1500 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[1] );
1501 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[1], 3 );
1502 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_5 );
1503 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_8 );
1504 pcrSelection.pcrSelections[2].hash = TPM2_ALG_SHA256;
1505 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[2] );
1506 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[2], 3 );
1507 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[2], PCR_6 );
1508
1509 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM2_RH_PLATFORM, &sessionsData, &pcrSelection,
1510 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
1511 CheckPassed( rval );
1512 }
1513
TestUnseal()1514 static void TestUnseal()
1515 {
1516 UINT32 rval;
1517 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1518 TPM2B_SENSITIVE_CREATE inSensitive;
1519 TPML_PCR_SELECTION creationPCR;
1520 TPM2B_DATA outsideInfo;
1521 TPM2B_PUBLIC inPublic;
1522 TPM2_HANDLE loadedObjectHandle, handle_parent;
1523
1524 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1,
1525 .auths= {{
1526 .sessionHandle = TPM2_RS_PW,
1527 .sessionAttributes = 0,
1528 .nonce={.size=0},
1529 .hmac={.size=0, .buffer={0x00}}
1530 }},
1531 };
1532
1533 TPM2B_PRIVATE outPrivate;
1534 TPM2B_PUBLIC outPublic;
1535 TPM2B_CREATION_DATA creationData;
1536 TPM2B_DIGEST creationHash;
1537 TPMT_TK_CREATION creationTicket;
1538 TPM2B_NAME name;
1539 TPM2B_SENSITIVE_DATA outData;
1540
1541
1542 const char authStr[] = "test";
1543 const char sensitiveData[] = "this is sensitive";
1544
1545 LOG_INFO("UNSEAL TEST :" );
1546
1547 inSensitive.size = 0;
1548 inSensitive.sensitive.userAuth.size = sizeof( authStr ) - 1;
1549 memcpy( &( inSensitive.sensitive.userAuth.buffer[0] ), authStr, sizeof( authStr ) - 1 );
1550 inSensitive.sensitive.data.size = sizeof( sensitiveData ) - 1;
1551 memcpy( &( inSensitive.sensitive.data.buffer[0] ), sensitiveData, sizeof( sensitiveData ) - 1 );
1552
1553 inPublic.size = 0;
1554 inPublic.publicArea.authPolicy.size = 0;
1555
1556 inPublic.publicArea.unique.keyedHash.size = 0;
1557
1558 outsideInfo.size = 0;
1559 creationPCR.count = 0;
1560
1561 inPublic.publicArea.type = TPM2_ALG_KEYEDHASH;
1562 inPublic.publicArea.nameAlg = TPM2_ALG_SHA1;
1563
1564 *(UINT32 *)&( inPublic.publicArea.objectAttributes) = 0;
1565 inPublic.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH;
1566
1567 inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_NULL;
1568
1569 inPublic.publicArea.unique.keyedHash.size = 0;
1570
1571 outsideInfo.size = 0;
1572
1573 outPublic.size = 0;
1574 creationData.size = 0;
1575
1576 rval = create_primary_rsa_2048_aes_128_cfb(sysContext, &handle_parent);
1577 CheckPassed( rval );
1578
1579 INIT_SIMPLE_TPM2B_SIZE( creationHash );
1580 INIT_SIMPLE_TPM2B_SIZE( outPrivate );
1581 rval = Tss2_Sys_Create( sysContext, handle_parent, &sessionsData, &inSensitive, &inPublic,
1582 &outsideInfo, &creationPCR,
1583 &outPrivate, &outPublic, &creationData,
1584 &creationHash, &creationTicket, &sessionsDataOut );
1585 CheckPassed( rval );
1586
1587 INIT_SIMPLE_TPM2B_SIZE( name );
1588 rval = Tss2_Sys_LoadExternal ( sysContext, 0, 0, &outPublic,
1589 TPM2_RH_PLATFORM, &loadedObjectHandle, &name, 0 );
1590 CheckPassed( rval );
1591
1592 rval = Tss2_Sys_FlushContext( sysContext, loadedObjectHandle );
1593 CheckPassed( rval );
1594
1595 INIT_SIMPLE_TPM2B_SIZE( name );
1596 rval = Tss2_Sys_Load (sysContext, handle_parent, &sessionsData, &outPrivate, &outPublic,
1597 &loadedObjectHandle, &name, &sessionsDataOut);
1598 CheckPassed(rval);
1599
1600 sessionsData.auths[0].hmac.size = sizeof( authStr ) - 1;
1601 memcpy( &( sessionsData.auths[0].hmac.buffer[0] ), authStr, sizeof( authStr ) - 1 );
1602
1603 INIT_SIMPLE_TPM2B_SIZE( outData );
1604 rval = Tss2_Sys_Unseal( sysContext, loadedObjectHandle, &sessionsData, &outData, &sessionsDataOut );
1605 CheckPassed(rval);
1606
1607 rval = Tss2_Sys_FlushContext(sysContext, loadedObjectHandle);
1608 CheckPassed(rval);
1609
1610 rval = Tss2_Sys_FlushContext(sysContext, handle_parent);
1611 CheckPassed(rval);
1612 }
1613
1614
CreatePasswordTestNV(TPMI_RH_NV_INDEX nvIndex,char * password)1615 static void CreatePasswordTestNV( TPMI_RH_NV_INDEX nvIndex, char * password )
1616 {
1617 UINT32 rval;
1618 int i;
1619 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1620 TPM2B_NV_PUBLIC publicInfo;
1621 TPM2B_AUTH nvAuth;
1622
1623
1624 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{
1625 .sessionHandle = TPM2_RS_PW,
1626 .sessionAttributes = 0,
1627 .nonce={.size=0},
1628 .hmac={.size=0}}}};
1629
1630 nvAuth.size = strlen( password );
1631 for( i = 0; i < nvAuth.size; i++ ) {
1632 nvAuth.buffer[i] = password[i];
1633 }
1634
1635 publicInfo.size = 0;
1636 publicInfo.nvPublic.nvIndex = nvIndex;
1637 publicInfo.nvPublic.nameAlg = TPM2_ALG_SHA1;
1638
1639 /* First zero out attributes. */
1640 *(UINT32 *)&( publicInfo.nvPublic.attributes ) = 0;
1641
1642 /* Now set the attributes. */
1643 publicInfo.nvPublic.attributes |= TPMA_NV_AUTHREAD;
1644 publicInfo.nvPublic.attributes |= TPMA_NV_AUTHWRITE;
1645 publicInfo.nvPublic.attributes |= TPMA_NV_PLATFORMCREATE;
1646 publicInfo.nvPublic.attributes |= TPMA_NV_ORDERLY;
1647 publicInfo.nvPublic.authPolicy.size = 0;
1648 publicInfo.nvPublic.dataSize = 32;
1649
1650 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM2_RH_PLATFORM,
1651 &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1652 CheckPassed( rval );
1653 }
1654
PasswordTest()1655 static void PasswordTest()
1656 {
1657 char *password = "test password";
1658 UINT32 rval;
1659 int i;
1660
1661 /* Authorization array for response. */
1662 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1663
1664 /* Authorization array for command (only has one auth structure). */
1665 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{
1666 .sessionHandle = TPM2_RS_PW,
1667 .sessionAttributes = 0,
1668 .nonce={.size=0},
1669 .hmac={.size=0}}}};
1670
1671 TPM2B_MAX_NV_BUFFER nvWriteData;
1672
1673 LOG_INFO("PASSWORD TESTS:" );
1674
1675 /*
1676 * Create an NV index that will use password authorizations.
1677 * The password will be "test password".
1678 */
1679 CreatePasswordTestNV( TPM20_INDEX_PASSWORD_TEST, password );
1680
1681 /* Init password (HMAC field in authorization structure). */
1682 sessionsData.auths[0].hmac.size = strlen( password );
1683 memcpy( &( sessionsData.auths[0].hmac.buffer[0] ),
1684 &( password[0] ), sessionsData.auths[0].hmac.size );
1685
1686 /* Initialize write data. */
1687 nvWriteData.size = 4;
1688 for( i = 0; i < nvWriteData.size; i++ )
1689 nvWriteData.buffer[i] = 0xff - i;
1690
1691 /*
1692 * Attempt write with the correct password.
1693 * It should pass.
1694 */
1695 do {
1696 rval = Tss2_Sys_NV_Write( sysContext,
1697 TPM20_INDEX_PASSWORD_TEST,
1698 TPM20_INDEX_PASSWORD_TEST,
1699 &sessionsData, &nvWriteData, 0,
1700 &sessionsDataOut );
1701 } while (rval == TPM2_RC_RETRY);
1702 /*
1703 * Check that the function passed as
1704 * expected. Otherwise, exit.
1705 */
1706 CheckPassed( rval );
1707
1708 /* Alter the password so it's incorrect. */
1709 sessionsData.auths[0].hmac.buffer[4] = 0xff;
1710 rval = Tss2_Sys_NV_Write( sysContext,
1711 TPM20_INDEX_PASSWORD_TEST,
1712 TPM20_INDEX_PASSWORD_TEST,
1713 &sessionsData, &nvWriteData, 0,
1714 &sessionsDataOut );
1715 /*
1716 * Check that the function failed as expected,
1717 * since password was incorrect. If wrong
1718 * response code received, exit.
1719 */
1720 CheckFailed( rval,
1721 TPM2_RC_S + TPM2_RC_1 + TPM2_RC_AUTH_FAIL );
1722
1723 /*
1724 * Change hmac to null one, since null auth is
1725 * used to undefine the index.
1726 */
1727 sessionsData.auths[0].hmac.size = 0;
1728
1729 /* Now undefine the index. */
1730 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM,
1731 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
1732 CheckPassed( rval );
1733 }
1734
GetSetDecryptParamTests()1735 static void GetSetDecryptParamTests()
1736 {
1737 TPM2B_MAX_NV_BUFFER nvWriteData = {4, { 0xde, 0xad, 0xbe, 0xef,} };
1738 TPM2B_MAX_NV_BUFFER nvWriteData1 = {4, { 0x01, 0x01, 0x02, 0x03,} };
1739 const uint8_t *decryptParamBuffer;
1740 size_t decryptParamSize;
1741 size_t cpBufferUsedSize1, cpBufferUsedSize2;
1742 const uint8_t *cpBuffer1, *cpBuffer2;
1743 TSS2_RC rval;
1744 int i;
1745 TSS2_SYS_CONTEXT *decryptParamTestSysContext;
1746
1747 LOG_INFO("GET/SET DECRYPT PARAM TESTS:" );
1748
1749 /* Create two sysContext structures. */
1750 decryptParamTestSysContext = sys_init_from_tcti_ctx(resMgrTctiContext);
1751 if (decryptParamTestSysContext == NULL)
1752 InitSysContextFailure();
1753
1754 /* Test for bad sequence: Tss2_Sys_GetDecryptParam */
1755 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
1756 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
1757
1758 /* Test for bad sequence: Tss2_Sys_SetDecryptParam */
1759 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.buffer[0] ) );
1760 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
1761
1762 /*
1763 * NOTE: Two tests for BAD_SEQUENCE for GetDecryptParam and
1764 * SetDecryptParam after ExecuteAsync are in the GetSetEncryptParamTests
1765 * function, just because it's easier to do this way.
1766 */
1767
1768 /* Do Prepare. */
1769 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
1770 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
1771 CheckPassed( rval );
1772
1773 /* Test for bad reference: Tss2_Sys_GetDecryptParam */
1774 rval = Tss2_Sys_GetDecryptParam( 0, &decryptParamSize, &decryptParamBuffer );
1775 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
1776
1777 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, 0, &decryptParamBuffer );
1778 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
1779
1780 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, 0 );
1781 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
1782
1783
1784 /* Test for bad reference: Tss2_Sys_SetDecryptParam */
1785 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, 0 );
1786 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
1787
1788 rval = Tss2_Sys_SetDecryptParam( 0, 4, 0 );
1789 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
1790
1791
1792 /* Test for bad size. */
1793 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 5, &( nvWriteData.buffer[0] ) );
1794 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
1795
1796 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 3, &( nvWriteData.buffer[0] ) );
1797 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
1798
1799 /* Test for good size. */
1800 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.buffer[0] ) );
1801 CheckPassed( rval );
1802
1803 /* Make sure that the set operation really did the right thing. */
1804 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
1805 CheckPassed( rval );
1806 for( i = 0; i < 4; i++ )
1807 {
1808 if( decryptParamBuffer[i] != nvWriteData.buffer[i] )
1809 {
1810 LOG_ERROR("ERROR!! decryptParamBuffer[%d] s/b: %2.2x, was: %2.2x", i, nvWriteData.buffer[i], decryptParamBuffer[i] );
1811 Cleanup();
1812 }
1813 }
1814
1815 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize1, &cpBuffer1 );
1816 CheckPassed( rval );
1817
1818 LOGBLOB_DEBUG((UINT8 *)cpBuffer1, cpBufferUsedSize1, "cpBuffer = ");
1819
1820 /* Test for no decrypt param. */
1821 rval = Tss2_Sys_NV_Read_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, sizeof( nvWriteData ) - 2, 0 );
1822 CheckPassed( rval );
1823
1824 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
1825 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
1826
1827 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.buffer[0] ) );
1828 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
1829
1830 /* Null decrypt param. */
1831 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
1832 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
1833 CheckPassed( rval );
1834
1835 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
1836 CheckPassed( rval );
1837
1838 /* Check that size == 0. */
1839 if( decryptParamSize != 0 )
1840 {
1841 LOG_ERROR("ERROR!! decryptParamSize s/b: 0, was: %u", (unsigned int)decryptParamSize );
1842 Cleanup();
1843 }
1844
1845 /* Test for insufficient size. */
1846 /* Create a buffer that is too large */
1847 size_t testBufferSize = TPM2_MAX_COMMAND_SIZE -
1848 BE_TO_HOST_32(((TPM20_Header_In *)(((_TSS2_SYS_CONTEXT_BLOB *)decryptParamTestSysContext)->cmdBuffer))->commandSize) + 1;
1849 UINT8 testBuffer [testBufferSize];
1850 memset(testBuffer, 0, testBufferSize);
1851 memcpy(testBuffer, nvWriteData.buffer, nvWriteData.size);
1852
1853 rval = Tss2_Sys_GetCpBuffer(decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2);
1854 CheckPassed(rval);
1855 rval = Tss2_Sys_SetDecryptParam(decryptParamTestSysContext, testBufferSize,
1856 testBuffer);
1857 CheckFailed(rval, TSS2_SYS_RC_INSUFFICIENT_CONTEXT);
1858
1859 /*
1860 * Test that one less will work.
1861 * This tests that we're checking the correct corner case.
1862 */
1863 testBufferSize -= 1;
1864 rval = Tss2_Sys_SetDecryptParam(decryptParamTestSysContext, testBufferSize,
1865 testBuffer);
1866 CheckPassed(rval);
1867
1868 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
1869 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
1870 CheckPassed( rval );
1871
1872 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
1873 CheckPassed( rval );
1874
1875 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.buffer[0] ) );
1876 CheckPassed( rval );
1877
1878 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2 );
1879 CheckPassed( rval );
1880
1881 LOGBLOB_INFO((UINT8 *)cpBuffer2, cpBufferUsedSize2, "cpBuffer = ");
1882
1883 if( cpBufferUsedSize1 != cpBufferUsedSize2 )
1884 {
1885 LOG_ERROR("ERROR!! cpBufferUsedSize1(%x) != cpBufferUsedSize2(%x)", (UINT32)cpBufferUsedSize1, (UINT32)cpBufferUsedSize2 );
1886 Cleanup();
1887 }
1888 for( i = 0; i < (int)cpBufferUsedSize1; i++ )
1889 {
1890 if( cpBuffer1[i] != cpBuffer2[i] )
1891 {
1892 LOG_ERROR("ERROR!! cpBufferUsedSize1[%d] s/b: %2.2x, was: %2.2x", i, cpBuffer1[i], cpBuffer2[i] );
1893 Cleanup();
1894 }
1895 }
1896
1897 /* Test case of zero sized decrypt param, another case of bad size. */
1898 nvWriteData1.size = 0;
1899 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
1900 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
1901 CheckPassed( rval );
1902
1903 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 1, &( nvWriteData.buffer[0] ) );
1904 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
1905
1906 sys_teardown(decryptParamTestSysContext);
1907 }
1908
SysFinalizeTests()1909 static void SysFinalizeTests()
1910 {
1911 LOG_INFO("SYS FINALIZE TESTS:" );
1912
1913 Tss2_Sys_Finalize( 0 );
1914
1915 /* Note: other cases tested by other tests. */
1916 }
1917
GetContextSizeTests()1918 static void GetContextSizeTests()
1919 {
1920 TSS2_RC rval = TSS2_RC_SUCCESS;
1921 TSS2_SYS_CONTEXT *testSysContext;
1922
1923 LOG_INFO("SYS GETCONTEXTSIZE TESTS:" );
1924
1925 testSysContext = sys_init_from_tcti_ctx(resMgrTctiContext);
1926 if (testSysContext == NULL)
1927 InitSysContextFailure();
1928
1929 rval = Tss2_Sys_Startup(testSysContext, TPM2_SU_CLEAR);
1930 CheckPassed(rval);
1931
1932 rval = Tss2_Sys_GetTestResult_Prepare(testSysContext);
1933 CheckPassed(rval);
1934
1935 sys_teardown(testSysContext);
1936 }
1937
GetTctiContextTests()1938 static void GetTctiContextTests()
1939 {
1940 TSS2_RC rval = TSS2_RC_SUCCESS;
1941 TSS2_SYS_CONTEXT *testSysContext;
1942 TSS2_TCTI_CONTEXT *tctiContext;
1943
1944 LOG_INFO("SYS GETTCTICONTEXT TESTS:" );
1945
1946 testSysContext = sys_init_from_tcti_ctx(resMgrTctiContext);
1947 if (testSysContext == NULL)
1948 InitSysContextFailure();
1949
1950 rval = Tss2_Sys_GetTctiContext(testSysContext, 0);
1951 CheckFailed(rval, TSS2_SYS_RC_BAD_REFERENCE);
1952
1953 rval = Tss2_Sys_GetTctiContext(0, &tctiContext);
1954 CheckFailed(rval, TSS2_SYS_RC_BAD_REFERENCE);
1955
1956 sys_teardown(testSysContext);
1957 }
1958
GetSetEncryptParamTests()1959 static void GetSetEncryptParamTests()
1960 {
1961 TPM2B_MAX_NV_BUFFER nvWriteData = {4, { 0xde, 0xad, 0xbe, 0xef,} };
1962 const uint8_t *encryptParamBuffer;
1963 const uint8_t encryptParamBuffer1[4] = { 01, 02, 03, 04 };
1964 size_t encryptParamSize;
1965 TSS2_RC rval;
1966 int i;
1967 TPM2B_DIGEST authPolicy;
1968 TPMA_NV nvAttributes;
1969 TPM2B_AUTH nvAuth;
1970
1971 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
1972 TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths= {{
1973 .sessionHandle = TPM2_RS_PW }}};
1974
1975 TPM2B_MAX_NV_BUFFER nvReadData;
1976 const uint8_t *cpBuffer;
1977 _TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
1978
1979 LOG_INFO("GET/SET ENCRYPT PARAM TESTS:" );
1980
1981 /* Do Prepare. */
1982 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
1983 TPM20_INDEX_PASSWORD_TEST, 0, 0 );
1984 CheckPassed( rval ); /* #1 */
1985
1986 resp_header_from_cxt(ctx)->tag = TPM2_ST_SESSIONS;
1987
1988 /* Test for bad sequence */
1989 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
1990 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); /* #2 */
1991
1992 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, &( nvWriteData.buffer[0] ) );
1993 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); /* #3 */
1994
1995 /* Create NV index */
1996
1997 /* Set empty policy and auth value. */
1998 authPolicy.size = 0;
1999 nvAuth.size = 0;
2000
2001 /* Now set the attributes. */
2002 *(UINT32 *)( (void *)&nvAttributes ) = 0;
2003 nvAttributes |= TPMA_NV_AUTHREAD;
2004 nvAttributes |= TPMA_NV_AUTHWRITE;
2005 nvAttributes |= TPMA_NV_PLATFORMCREATE;
2006
2007 rval = DefineNvIndex( sysContext, TPM2_RH_PLATFORM, &nvAuth, &authPolicy,
2008 TPM20_INDEX_PASSWORD_TEST, TPM2_ALG_SHA1, nvAttributes, 32 );
2009 CheckPassed( rval ); /* #4 */
2010
2011 /* Write the index. */
2012 retry:
2013 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
2014 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
2015 CheckPassed( rval ); /* #5 */
2016
2017 /* NOTE: add GetCpBuffer tests here, just because it's easier. */
2018 rval = Tss2_Sys_GetCpBuffer( 0, (size_t *)4, (const uint8_t **)4 );
2019 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #6 */
2020
2021 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)0, (const uint8_t **)4 );
2022 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #7 */
2023
2024 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)4, (const uint8_t **)0 );
2025 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #8 */
2026
2027
2028 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
2029 CheckPassed( rval ); /* #9 */
2030
2031 rval = Tss2_Sys_ExecuteAsync( sysContext );
2032 CheckPassed( rval ); /* #10 */
2033
2034 /*
2035 * NOTE: Stick two tests for BAD_SEQUENCE for GetDecryptParam and
2036 * SetDecryptParam here, just because it's easier to do this way.
2037 */
2038 rval = Tss2_Sys_GetDecryptParam( sysContext, (size_t *)4, (const uint8_t **)4 );
2039 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); /* #11 */
2040
2041 rval = Tss2_Sys_SetDecryptParam( sysContext, 10, (uint8_t *)4 );
2042 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); /* #12 */
2043
2044 /*
2045 * NOTE: Stick test for BAD_SEQUENCE for GetCpBuffer here, just
2046 * because it's easier to do this way.
2047 */
2048 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)4, &cpBuffer );
2049 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); /* #13 */
2050
2051 /*
2052 * Now finish the write command so that TPM isn't stuck trying
2053 * to send a response.
2054 */
2055 rval = Tss2_Sys_ExecuteFinish( sysContext, -1 );
2056 if (rval == TPM2_RC_RETRY) {
2057 LOG_INFO ("got TPM2_RC_RETRY, trying again");
2058 goto retry;
2059 }
2060 CheckPassed( rval ); /* #14 */
2061
2062 /* Test GetEncryptParam for no encrypt param case. */
2063 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
2064 CheckFailed( rval, TSS2_SYS_RC_NO_ENCRYPT_PARAM ); /* #15 */
2065
2066 /* Test SetEncryptParam for no encrypt param case. */
2067 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
2068 CheckFailed( rval, TSS2_SYS_RC_NO_ENCRYPT_PARAM ); /* #16 */
2069
2070 /* Now read it and do tests on get/set encrypt functions */
2071 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, 4, 0 );
2072 CheckPassed( rval ); /* #17 */
2073
2074 INIT_SIMPLE_TPM2B_SIZE( nvReadData );
2075 rval = Tss2_Sys_NV_Read( sysContext, TPM20_INDEX_PASSWORD_TEST,
2076 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 4, 0, &nvReadData, &sessionsDataOut );
2077 CheckPassed( rval ); /* #18 */
2078
2079 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
2080 CheckPassed( rval ); /* #19 */
2081
2082 /* Test case of encryptParamSize being too small. */
2083 encryptParamSize--;
2084 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
2085 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE ); /* #20 */
2086 encryptParamSize += 2;
2087
2088 /* Size too large... */
2089 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
2090 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE ); /* #21 */
2091
2092 encryptParamSize--;
2093 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
2094 CheckPassed( rval ); /* #22 */
2095
2096 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
2097 CheckPassed( rval ); /* #23 */
2098
2099 /* Test that encryptParamBuffer is the same as encryptParamBuffer1 */
2100 for( i = 0; i < 4; i++ )
2101 {
2102 if( encryptParamBuffer[i] != encryptParamBuffer1[i] )
2103 {
2104 LOG_ERROR("ERROR!! encryptParamBuffer[%d] s/b: %2.2x, was: %2.2x", i, encryptParamBuffer[i], encryptParamBuffer1[i] );
2105 Cleanup();
2106 }
2107 }
2108
2109 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM2_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
2110 CheckPassed( rval ); /* #24 */
2111
2112
2113 /* Test for bad reference */
2114 rval = Tss2_Sys_GetEncryptParam( 0, &encryptParamSize, &encryptParamBuffer );
2115 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #25 */
2116
2117 rval = Tss2_Sys_GetEncryptParam( sysContext, 0, &encryptParamBuffer );
2118 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #26 */
2119
2120 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, 0 );
2121 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #27 */
2122
2123 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, 0 );
2124 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #28 */
2125
2126 rval = Tss2_Sys_SetEncryptParam( 0, 4, encryptParamBuffer );
2127 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); /* #29 */
2128 }
2129
EcEphemeralTest()2130 static void EcEphemeralTest()
2131 {
2132 TSS2_RC rval = TSS2_RC_SUCCESS;
2133 TPM2B_ECC_POINT Q;
2134 UINT16 counter;
2135
2136 LOG_INFO("EC Ephemeral TESTS:" );
2137
2138 /* Test SYS for case of Q size field not being set to 0. */
2139 INIT_SIMPLE_TPM2B_SIZE( Q );
2140 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM2_ECC_BN_P256, &Q, &counter, 0 );
2141 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
2142
2143 Q.size = 0;
2144 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM2_ECC_BN_P256, &Q, &counter, 0 );
2145 CheckPassed( rval );
2146 }
2147
2148 int
test_invoke(TSS2_SYS_CONTEXT * sys_context)2149 test_invoke (TSS2_SYS_CONTEXT *sys_context)
2150 {
2151 TSS2_RC rval = TSS2_RC_SUCCESS;
2152
2153 #if !defined(TCTI_SWTPM) && !defined(TCTI_MSSIM)
2154 /* SKIP */
2155 return EXIT_SKIP;
2156 #endif
2157
2158 sysContext = sys_context;
2159 rval = Tss2_Sys_GetTctiContext (sys_context, &resMgrTctiContext);
2160 if (rval != TSS2_RC_SUCCESS) {
2161 printf ("Failed to get TCTI context from sys_context: 0x%" PRIx32
2162 "\n", rval);
2163 return 1;
2164 }
2165
2166 nullSessionsData.auths[0].sessionHandle = TPM2_RS_PW;
2167 nullSessionsDataOut.count = 1;
2168 nullSessionsDataOut.auths[0].nonce = nullSessionNonceOut;
2169 nullSessionsDataOut.auths[0].hmac = nullSessionHmac;
2170 nullSessionNonceOut.size = 0;
2171 nullSessionNonce.size = 0;
2172
2173 rval = TpmReset();
2174 CheckPassed(rval);
2175
2176 SysFinalizeTests();
2177
2178 GetContextSizeTests();
2179
2180 GetTctiContextTests();
2181
2182 GetSetDecryptParamTests();
2183
2184 TestTpmStartup();
2185
2186 /*
2187 * Run this directly after Startup tests to test for
2188 * a resource mgr corner case with SaveContext.
2189 */
2190 TestStartAuthSession();
2191 /* Clear DA lockout. */
2192 TestDictionaryAttackLockReset();
2193 TestDictionaryAttackLockReset();
2194 TestHierarchyControl();
2195 GetSetEncryptParamTests();
2196 TestTpmGetCapability();
2197 TestPcrExtend();
2198 TestHash();
2199 TestPolicy();
2200 TestTpmClear();
2201 TestChangeEps();
2202 TestChangePps();
2203 TestHierarchyChangeAuth();
2204 TestShutdown();
2205 TestNV();
2206 PasswordTest();
2207 TestQuote();
2208 TestDictionaryAttackLockReset();
2209 TestPcrAllocate();
2210 TestUnseal();
2211 EcEphemeralTest();
2212 return 0;
2213 }
2214