xref: /aosp_15_r20/external/tpm2-tss/test/integration/fapi-key-create-policy-or-sign.int.c (revision 758e9fba6fc9adbf15340f70c73baee7b168b1c9) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdbool.h>
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <errno.h>
16 #include <fcntl.h>
17 #include <unistd.h>
18 
19 #include "tss2_fapi.h"
20 
21 #include "test-fapi.h"
22 
23 #define LOGMODULE test
24 #include "util/log.h"
25 #include "util/aux_util.h"
26 
27 #define PASSWORD NULL
28 #define SIGN_TEMPLATE  "sign,noDa"
29 
30 static bool cb_called = false;
31 
32 static TSS2_RC
branch_callback(FAPI_CONTEXT * context,char const * description,char const ** branchNames,size_t numBranches,size_t * selectedBranch,void * userData)33 branch_callback(
34     FAPI_CONTEXT *context,
35     char   const *description,
36     char  const **branchNames,
37     size_t        numBranches,
38     size_t       *selectedBranch,
39     void         *userData)
40 {
41     (void) description;
42     (void) userData;
43 
44     if (numBranches != 2) {
45         LOG_ERROR("Wrong number of branches");
46         return TSS2_FAPI_RC_GENERAL_FAILURE;
47     }
48 
49     if (!strcmp(branchNames[0], "branch0"))
50         *selectedBranch = 0;
51     else if (!strcmp(branchNames[1], "branch0"))
52         *selectedBranch = 1;
53     else {
54         LOG_ERROR("BranchName not found. Got \"%s\" and \"%s\"",
55                   branchNames[0], branchNames[1]);
56         return TSS2_FAPI_RC_GENERAL_FAILURE;
57     }
58 
59     cb_called = true;
60     return TSS2_RC_SUCCESS;
61 }
62 
63 
64 /** Test the FAPI for PolicyOr using signing.
65  *
66  * Tested FAPI commands:
67  *  - Fapi_Provision()
68  *  - Fapi_Import()
69  *  - Fapi_CreateKey()
70  *  - Fapi_SetBranchCB()
71  *  - Fapi_Sign()
72  *  - Fapi_Delete()
73  *
74  * Tested Policies:
75  *  - PolicyOr
76  *  - PolicyPcr
77  *
78  * @param[in,out] context The FAPI_CONTEXT.
79  * @retval EXIT_FAILURE
80  * @retval EXIT_SUCCESS
81  */
82 int
test_fapi_key_create_policy_or_sign(FAPI_CONTEXT * context)83 test_fapi_key_create_policy_or_sign(FAPI_CONTEXT *context)
84 {
85     TSS2_RC r;
86     char *policy_name = "/policy/pol_pcr16_0_or";
87     char *policy_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0_or.json";
88     FILE *stream = NULL;
89     char *json_policy = NULL;
90     uint8_t *signature = NULL;
91     char    *publicKey = NULL;
92     long policy_size;
93 
94     r = Fapi_Provision(context, NULL, NULL, NULL);
95     goto_if_error(r, "Error Fapi_Provision", error);
96 
97     r = pcr_reset(context, 16);
98     goto_if_error(r, "Error pcr_reset", error);
99 
100     stream = fopen(policy_file, "r");
101     if (!stream) {
102         LOG_ERROR("File %s does not exist", policy_file);
103         goto error;
104     }
105     fseek(stream, 0L, SEEK_END);
106     policy_size = ftell(stream);
107     fclose(stream);
108     json_policy = malloc(policy_size + 1);
109     goto_if_null(json_policy,
110             "Could not allocate memory for the JSON policy",
111             TSS2_FAPI_RC_MEMORY, error);
112     stream = fopen(policy_file, "r");
113     ssize_t ret = read(fileno(stream), json_policy, policy_size);
114     if (ret != policy_size) {
115         LOG_ERROR("IO error %s.", policy_file);
116         goto error;
117     }
118     json_policy[policy_size] = '\0';
119 
120     r = Fapi_Import(context, policy_name, json_policy);
121     goto_if_error(r, "Error Fapi_Import", error);
122 
123     r = Fapi_CreateKey(context, "/HS/SRK/mySignKey", SIGN_TEMPLATE,
124                        policy_name, PASSWORD);
125     goto_if_error(r, "Error Fapi_CreateKey", error);
126     size_t signatureSize = 0;
127 
128     TPM2B_DIGEST digest = {
129         .size = 20,
130         .buffer = {
131             0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
132             0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f
133         }
134     };
135 
136     r = Fapi_SetBranchCB(context, branch_callback, NULL);
137     goto_if_error(r, "Error SetPolicybranchselectioncallback", error);
138 
139     r = Fapi_Sign(context, "/HS/SRK/mySignKey", NULL,
140                   &digest.buffer[0], digest.size, &signature, &signatureSize,
141                   &publicKey, NULL);
142     goto_if_error(r, "Error Fapi_Sign", error);
143 
144     r = Fapi_Delete(context, "/HS/SRK");
145     goto_if_error(r, "Error Fapi_Delete", error);
146 
147     SAFE_FREE(json_policy);
148     SAFE_FREE(signature);
149     SAFE_FREE(publicKey);
150 
151     if (!cb_called) {
152         LOG_ERROR("Branch selection callback was not called.");
153         return EXIT_FAILURE;
154     }
155 
156     return EXIT_SUCCESS;
157 
158 error:
159     SAFE_FREE(json_policy);
160     SAFE_FREE(signature);
161     SAFE_FREE(publicKey);
162     return EXIT_FAILURE;
163 }
164 
165 int
test_invoke_fapi(FAPI_CONTEXT * fapi_context)166 test_invoke_fapi(FAPI_CONTEXT *fapi_context)
167 {
168     return test_fapi_key_create_policy_or_sign(fapi_context);
169 }
170