1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 *******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <stdlib.h>
12
13 #include "tss2_esys.h"
14
15 #include "esys_iutil.h"
16 #include "test-esapi.h"
17 #define LOGMODULE test
18 #include "util/log.h"
19 #include "util/aux_util.h"
20
21 /** This test is intended to test Esys_Commit.
22 * based on an ECC key
23 * created with Esys_CreatePrimary Esys_Commit is called with a point
24 * from the primary key.
25 *
26 * Tested ESAPI commands:
27 * - Esys_Commit() (M)
28 * - Esys_CreatePrimary() (M)
29 * - Esys_FlushContext() (M)
30 * - Esys_StartAuthSession() (M)
31 *
32 * @param[in,out] esys_context The ESYS_CONTEXT.
33 * @retval EXIT_FAILURE
34 * @retval EXIT_SKIP
35 * @retval EXIT_SUCCESS
36 */
37
38 int
test_esys_commit(ESYS_CONTEXT * esys_context)39 test_esys_commit(ESYS_CONTEXT * esys_context)
40 {
41 TSS2_RC r;
42 ESYS_TR eccHandle = ESYS_TR_NONE;
43 ESYS_TR session = ESYS_TR_NONE;
44 int failure_return = EXIT_FAILURE;
45
46 TPM2B_PUBLIC *outPublic = NULL;
47 TPM2B_CREATION_DATA *creationData = NULL;
48 TPM2B_DIGEST *creationHash = NULL;
49 TPMT_TK_CREATION *creationTicket = NULL;
50
51 TPM2B_ECC_POINT *K = NULL;
52 TPM2B_ECC_POINT *L = NULL;
53 TPM2B_ECC_POINT *E = NULL;
54
55 TPMT_SYM_DEF symmetric = {
56 .algorithm = TPM2_ALG_AES,
57 .keyBits = { .aes = 128 },
58 .mode = {.aes = TPM2_ALG_CFB}
59 };
60 TPMA_SESSION sessionAttributes;
61 TPM2B_NONCE nonceCaller = {
62 .size = 20,
63 .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
64 };
65
66 memset(&sessionAttributes, 0, sizeof sessionAttributes);
67
68 r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
69 ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
70 &nonceCaller,
71 TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1,
72 &session);
73
74 goto_if_error(r, "Error: During initialization of session", error);
75
76 TPM2B_SENSITIVE_CREATE inSensitive = {
77 .size = 0,
78 .sensitive = {
79 .userAuth = {
80 .size = 0,
81 .buffer = {0}
82 },
83 .data = {
84 .size = 0,
85 .buffer = {0}
86 }
87 }
88 };
89 TPM2B_PUBLIC inPublicECC = {
90 .size = 0,
91 .publicArea = {
92 .type = TPM2_ALG_ECC,
93 .nameAlg = TPM2_ALG_SHA1,
94 .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
95 TPMA_OBJECT_SIGN_ENCRYPT |
96 TPMA_OBJECT_FIXEDTPM |
97 TPMA_OBJECT_FIXEDPARENT |
98 TPMA_OBJECT_SENSITIVEDATAORIGIN),
99 .authPolicy = {
100 .size = 0,
101 },
102 .parameters.eccDetail = {
103 .symmetric = {
104 .algorithm = TPM2_ALG_NULL,
105 .keyBits.aes = 128,
106 .mode.aes = TPM2_ALG_CFB,
107 },
108 .scheme = {
109 .scheme = TPM2_ALG_ECDAA,
110 .details = {.ecdh = {.hashAlg = TPM2_ALG_SHA1}
111 }
112 },
113 .curveID = TPM2_ECC_NIST_P256,
114 .kdf = {.scheme = TPM2_ALG_NULL }
115 },
116 .unique.ecc = {
117 .x = {.size = 0,.buffer = {}},
118 .y = {.size = 0,.buffer = {}}
119 }
120 ,
121 }
122 };
123 LOG_INFO("\nECC key will be created.");
124 TPM2B_PUBLIC inPublic = inPublicECC;
125
126 TPM2B_DATA outsideInfo = {
127 .size = 0,
128 .buffer = {}
129 ,
130 };
131
132 TPML_PCR_SELECTION creationPCR = {
133 .count = 0,
134 };
135
136 TPM2B_AUTH authValue = {
137 .size = 0,
138 .buffer = {}
139 };
140
141 r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
142 goto_if_error(r, "Error: TR_SetAuth", error);
143
144 r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, session,
145 ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive, &inPublic,
146 &outsideInfo, &creationPCR, &eccHandle,
147 &outPublic, &creationData, &creationHash,
148 &creationTicket);
149
150 if ((r & ~TSS2_RC_LAYER_MASK) == (TPM2_RC_SCHEME | TPM2_RC_P | TPM2_RC_2)) {
151 LOG_WARNING("Scheme ECDAA not supported by TPM.");
152 failure_return = EXIT_SKIP;
153 goto error;
154 }
155
156 goto_if_error(r, "Error esapi create primary", error);
157
158 TPM2B_ECC_POINT P1 = {0};
159 TPM2B_SENSITIVE_DATA s2 = {0};
160 TPM2B_ECC_PARAMETER y2 = {0};
161 UINT16 counter;
162 r = Esys_Commit(esys_context, eccHandle,
163 session, ESYS_TR_NONE, ESYS_TR_NONE,
164 &P1, &s2, &y2,
165 &K, &L, &E, &counter);
166 goto_if_error(r, "Error: Commit", error);
167
168 r = Esys_FlushContext(esys_context, eccHandle);
169 goto_if_error(r, "Flushing context", error);
170
171 eccHandle = ESYS_TR_NONE;
172
173 r = Esys_FlushContext(esys_context, session);
174 goto_if_error(r, "Error: FlushContext", error);
175
176 session = ESYS_TR_NONE;
177
178 Esys_Free(outPublic);
179 Esys_Free(creationData);
180 Esys_Free(creationHash);
181 Esys_Free(creationTicket);
182 Esys_Free(K);
183 Esys_Free(L);
184 Esys_Free(E);
185 return EXIT_SUCCESS;
186
187 error:
188 LOG_ERROR("\nError Code: %x\n", r);
189
190 if (eccHandle != ESYS_TR_NONE) {
191 if (Esys_FlushContext(esys_context, eccHandle) != TSS2_RC_SUCCESS) {
192 LOG_ERROR("Cleanup eccHandle failed.");
193 }
194 }
195
196 if (session != ESYS_TR_NONE) {
197 if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) {
198 LOG_ERROR("Cleanup session failed.");
199 }
200 }
201
202 Esys_Free(outPublic);
203 Esys_Free(creationData);
204 Esys_Free(creationHash);
205 Esys_Free(creationTicket);
206 Esys_Free(K);
207 Esys_Free(L);
208 Esys_Free(E);
209 return failure_return;
210 }
211
212 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)213 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
214 return test_esys_commit(esys_context);
215 }
216