xref: /aosp_15_r20/external/tpm2-tss/test/integration/esys-create-fail.int.c (revision 758e9fba6fc9adbf15340f70c73baee7b168b1c9) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdlib.h>
12 
13 #include "tss2_esys.h"
14 
15 #include "test-esapi.h"
16 #include "esys_iutil.h"
17 #define LOGMODULE test
18 #include "util/log.h"
19 #include "util/aux_util.h"
20 
21 /** This test is intended to test password authentication.
22  *
23  * We start by creating a primary key (Esys_CreatePrimary).
24  * Based in the primary several calls with NULL parameters,
25  * which should not be allowed, will be tested.
26  *
27  * Tested ESAPI commands:
28  *  - Esys_Create() (M)
29  *  - Esys_CreatePrimary() (M)
30  *  - Esys_FlushContext() (M)
31  *
32  * Used compiler defines: TEST_ECC
33  *
34  * @param[in,out] esys_context The ESYS_CONTEXT.
35  * @retval EXIT_FAILURE
36  * @retval EXIT_SUCCESS
37  */
38 
39 int
test_esys_create_fail(ESYS_CONTEXT * esys_context)40 test_esys_create_fail(ESYS_CONTEXT * esys_context)
41 {
42     TSS2_RC r;
43     ESYS_TR primaryHandle = ESYS_TR_NONE;
44 
45     TPM2B_PUBLIC *outPublic = NULL;
46     TPM2B_CREATION_DATA *creationData = NULL;
47     TPM2B_DIGEST *creationHash = NULL;
48     TPMT_TK_CREATION *creationTicket = NULL;
49     TPM2B_PUBLIC *outPublic2 = NULL;
50     TPM2B_PRIVATE *outPrivate2 = NULL;
51     TPM2B_CREATION_DATA *creationData2 = NULL;
52     TPM2B_DIGEST *creationHash2 = NULL;
53     TPMT_TK_CREATION *creationTicket2 = NULL;
54 
55     TPM2B_AUTH authValuePrimary = {
56         .size = 5,
57         .buffer = {1, 2, 3, 4, 5}
58     };
59 
60     TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
61         .size = 0,
62         .sensitive = {
63             .userAuth = {
64                  .size = 0,
65                  .buffer = {0 },
66              },
67             .data = {
68                  .size = 0,
69                  .buffer = {0},
70              },
71         },
72     };
73 
74     inSensitivePrimary.sensitive.userAuth = authValuePrimary;
75 
76 #ifdef TEST_ECC
77     TPM2B_PUBLIC inPublic = {
78         .size = 0,
79         .publicArea = {
80             .type = TPM2_ALG_ECC,
81             .nameAlg = TPM2_ALG_SHA256,
82             .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
83                                  TPMA_OBJECT_RESTRICTED |
84                                  TPMA_OBJECT_SIGN_ENCRYPT |
85                                  TPMA_OBJECT_FIXEDTPM |
86                                  TPMA_OBJECT_FIXEDPARENT |
87                                  TPMA_OBJECT_SENSITIVEDATAORIGIN),
88             .authPolicy = {
89                  .size = 0,
90              },
91             .parameters.eccDetail = {
92                  .symmetric = {
93                      .algorithm = TPM2_ALG_NULL,
94                      .keyBits.aes = 128,
95                      .mode.aes = TPM2_ALG_CFB,
96                  },
97                  .scheme = {
98                       .scheme = TPM2_ALG_ECDSA,
99                       .details = {
100                           .ecdsa = {.hashAlg  = TPM2_ALG_SHA256}},
101                   },
102                  .curveID = TPM2_ECC_NIST_P256,
103                  .kdf = {
104                       .scheme = TPM2_ALG_NULL,
105                       .details = {}}
106              },
107             .unique.ecc = {
108                  .x = {.size = 0,.buffer = {}},
109                  .y = {.size = 0,.buffer = {}},
110              },
111         },
112     };
113     LOG_INFO("\nECC key will be created.");
114 #else
115     TPM2B_PUBLIC inPublic = {
116         .size = 0,
117         .publicArea = {
118             .type = TPM2_ALG_RSA,
119             .nameAlg = TPM2_ALG_SHA256,
120             .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
121                                  TPMA_OBJECT_RESTRICTED |
122                                  TPMA_OBJECT_DECRYPT |
123                                  TPMA_OBJECT_FIXEDTPM |
124                                  TPMA_OBJECT_FIXEDPARENT |
125                                  TPMA_OBJECT_SENSITIVEDATAORIGIN),
126             .authPolicy = {
127                  .size = 0,
128              },
129             .parameters.rsaDetail = {
130                  .symmetric = {
131                      .algorithm = TPM2_ALG_AES,
132                      .keyBits.aes = 128,
133                      .mode.aes = TPM2_ALG_CFB},
134                  .scheme = {
135                       .scheme = TPM2_ALG_NULL
136                   },
137                  .keyBits = 2048,
138                  .exponent = 0,
139              },
140             .unique.rsa = {
141                  .size = 0,
142                  .buffer = {},
143              },
144         },
145     };
146     LOG_INFO("\nRSA key will be created.");
147 #endif /* TEST_ECC */
148 
149     TPM2B_DATA outsideInfo = {
150         .size = 0,
151         .buffer = {},
152     };
153 
154     TPML_PCR_SELECTION creationPCR = {
155         .count = 0,
156     };
157 
158     TPM2B_AUTH authValue = {
159         .size = 0,
160         .buffer = {}
161     };
162 
163     r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
164     goto_if_error(r, "Error: TR_SetAuth", error);
165 
166     RSRC_NODE_T *primaryHandle_node;
167 
168     r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
169                            ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
170                            &inPublic,
171                            &outsideInfo, &creationPCR, &primaryHandle,
172                            &outPublic, &creationData, &creationHash,
173                            &creationTicket);
174     goto_if_error(r, "Error esys create primary", error);
175 
176     r = esys_GetResourceObject(esys_context, primaryHandle,
177                                &primaryHandle_node);
178     goto_if_error(r, "Error Esys GetResourceObject", error);
179 
180     LOG_INFO("Created Primary with handle 0x%08x...",
181              primaryHandle_node->rsrc.handle);
182 
183     r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary);
184     goto_if_error(r, "Error: TR_SetAuth", error);
185 
186     r = Esys_Create(esys_context,
187                     primaryHandle,
188                     ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
189                     NULL,
190                     NULL,
191                     NULL,
192                     NULL,
193                     &outPrivate2,
194                     &outPublic2,
195                     &creationData2, &creationHash2, &creationTicket2);
196     goto_error_if_not_failed(r, "Error esys create did not fail with NULL parameters",
197                              error);
198 
199     r = Esys_Create_Finish(NULL,
200                            &outPrivate2,
201                            &outPublic2,
202                            &creationData2, &creationHash2, &creationTicket2);
203 
204     goto_error_if_not_failed(
205         r, "Error esys create finish with NULL context did not fail",
206         error);
207 
208     r = Esys_FlushContext(esys_context, primaryHandle);
209     goto_if_error(r, "Error during FlushContext", error);
210 
211     TPM2B_SENSITIVE_CREATE inSensitive2 = {
212         .size = 0,
213         .sensitive = {
214             .userAuth = {
215                  .size = 0,
216                  .buffer = {}
217              },
218             .data = {
219                  .size = 0,
220                  .buffer = {}
221              }
222         }
223     };
224 
225     TPM2B_PUBLIC inPublic2 = {
226         .size = 0,
227         .publicArea = {
228             .type = TPM2_ALG_RSA,
229             .nameAlg = TPM2_ALG_SHA256,
230             .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
231                                  TPMA_OBJECT_RESTRICTED |
232                                  TPMA_OBJECT_DECRYPT |
233                                  TPMA_OBJECT_FIXEDTPM |
234                                  TPMA_OBJECT_FIXEDPARENT |
235                                  TPMA_OBJECT_SENSITIVEDATAORIGIN),
236 
237             .authPolicy = {
238                  .size = 0,
239              },
240             .parameters.rsaDetail = {
241                  .symmetric = {
242                      .algorithm = TPM2_ALG_AES,
243                      .keyBits.aes = 128,
244                      .mode.aes = TPM2_ALG_CFB
245                  },
246                  .scheme = {
247                       .scheme =
248                       TPM2_ALG_NULL,
249                   },
250                  .keyBits = 2048,
251                  .exponent = 0
252              },
253             .unique.rsa = {
254                  .size = 0,
255                  .buffer = {}
256                  ,
257              }
258         }
259     };
260 
261     TPM2B_DATA outsideInfo2 = {
262         .size = 0,
263         .buffer = {}
264         ,
265     };
266 
267     TPML_PCR_SELECTION creationPCR2 = {
268         .count = 0,
269     };
270 
271     r = Esys_Create(esys_context,
272                     ESYS_TR_NONE,
273                     ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
274                     &inSensitive2,
275                     &inPublic2,
276                     &outsideInfo2,
277                     &creationPCR2,
278                     &outPrivate2,
279                     &outPublic2,
280                     &creationData2, &creationHash2, &creationTicket2);
281     goto_error_if_not_failed(r, "Error esys create did not fail with bad value parameters", error);
282 
283     Esys_Free(outPublic);
284     Esys_Free(creationData);
285     Esys_Free(creationHash);
286     Esys_Free(creationTicket);
287     return EXIT_SUCCESS;
288 
289  error:
290 
291     if (primaryHandle != ESYS_TR_NONE) {
292         if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
293             LOG_ERROR("Cleanup primaryHandle failed.");
294         }
295     }
296     Esys_Free(outPublic);
297     Esys_Free(creationData);
298     Esys_Free(creationHash);
299     Esys_Free(creationTicket);
300     return EXIT_FAILURE;
301 }
302 
303 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)304 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
305     return test_esys_create_fail(esys_context);
306 }
307