1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3 * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4 * All rights reserved.
5 *******************************************************************************/
6
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <inttypes.h>
14 #include <string.h>
15 #include <errno.h>
16 #include <fcntl.h>
17 #include <unistd.h>
18
19
20 #include "tss2_fapi.h"
21
22 #include "test-fapi.h"
23
24 #define LOGMODULE test
25 #include "util/log.h"
26 #include "util/aux_util.h"
27
28 #define NV_SIZE 34
29 #define PASSWORD "abc"
30 #define SIGN_TEMPLATE "sign"
31
32 static TSS2_RC
auth_callback(FAPI_CONTEXT * context,char const * description,char ** auth,void * userData)33 auth_callback(
34 FAPI_CONTEXT *context,
35 char const *description,
36 char **auth,
37 void *userData)
38 {
39 (void)description;
40 (void)userData;
41 *auth = strdup(PASSWORD);
42 return_if_null(*auth, "Out of memory.", TSS2_FAPI_RC_MEMORY);
43 return TSS2_RC_SUCCESS;
44 }
45
46 static char *
read_policy(FAPI_CONTEXT * context,char * policy_name)47 read_policy(FAPI_CONTEXT *context, char *policy_name)
48 {
49 FILE *stream = NULL;
50 long policy_size;
51 char *json_policy = NULL;
52 char policy_file[1024];
53
54 if (snprintf(&policy_file[0], 1023, TOP_SOURCEDIR "/test/data/fapi/%s.json", policy_name) < 0)
55 return NULL;
56
57 stream = fopen(policy_file, "r");
58 if (!stream) {
59 LOG_ERROR("File %s does not exist", policy_file);
60 return NULL;
61 }
62 fseek(stream, 0L, SEEK_END);
63 policy_size = ftell(stream);
64 fclose(stream);
65 json_policy = malloc(policy_size + 1);
66 return_if_null(json_policy,
67 "Could not allocate memory for the JSON policy",
68 NULL);
69 stream = fopen(policy_file, "r");
70 ssize_t ret = read(fileno(stream), json_policy, policy_size);
71 if (ret != policy_size) {
72 LOG_ERROR("IO error %s.", policy_file);
73 return NULL;
74 }
75 json_policy[policy_size] = '\0';
76 return json_policy;
77 }
78
79 /** Test the FAPI PolicySecret and PolicyAuthValue handling.
80 *
81 * Tested FAPI commands:
82 * - Fapi_Provision()
83 * - Fapi_Import()
84 * - Fapi_CreateNv()
85 * - Fapi_CreateKey()
86 * - Fapi_Sign()
87 * - Fapi_SetAuthCB()
88 * - Fapi_Delete()
89 *
90 * Tested Policies:
91 * - PolicySecret
92 * - PolicyAuthValue
93 *
94 * @param[in,out] context The FAPI_CONTEXT.
95 * @retval EXIT_FAILURE
96 * @retval EXIT_SUCCESS
97 */
98 int
test_fapi_key_create_policy_secret_nv_sign(FAPI_CONTEXT * context)99 test_fapi_key_create_policy_secret_nv_sign(FAPI_CONTEXT *context)
100 {
101 TSS2_RC r;
102 char *nv_path_auth_object = "/nv/Owner/myNV";
103 char *policy_nv = "/policy/pol_auth_value";
104 char *policy_secret = "/policy/pol_secret";
105 char *sign_key = "/HS/SRK/mySignkey";
106 char *json_policy = NULL;
107
108 uint8_t *signature = NULL;
109 char *publicKey = NULL;
110
111 r = Fapi_Provision(context, NULL, NULL, NULL);
112 goto_if_error(r, "Error Fapi_Provision", error);
113
114 json_policy = read_policy(context, policy_nv);
115 if (!json_policy)
116 goto error;
117
118 r = Fapi_Import(context, policy_nv, json_policy);
119 goto_if_error(r, "Error Fapi_Import", error);
120
121 /* Create NV Object with policy which will be used for key authorization */
122 r = Fapi_CreateNv(context, nv_path_auth_object, "noda", 34, policy_nv, PASSWORD);
123 goto_if_error(r, "Error Fapi_CreateNv", error);
124
125 SAFE_FREE(json_policy);
126
127 json_policy = read_policy(context, policy_secret);
128 if (!json_policy)
129 goto error;
130
131 r = Fapi_Import(context, policy_secret, json_policy);
132 goto_if_error(r, "Error Fapi_Import", error);
133
134 r = Fapi_CreateKey(context, sign_key, SIGN_TEMPLATE,
135 policy_secret, "");
136 goto_if_error(r, "Error Fapi_CreateKey", error);
137
138 size_t signatureSize = 0;
139
140 TPM2B_DIGEST digest = {
141 .size = 32,
142 .buffer = {
143 0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
144 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
145 0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f,
146 0x41, 0x42
147 }
148 };
149
150 LOG_ERROR("***** START TEST ERROR ******");
151 r = Fapi_Sign(context, sign_key, NULL,
152 &digest.buffer[0], digest.size, &signature, &signatureSize,
153 &publicKey, NULL);
154
155 LOG_ERROR("***** END TEST ERROR ******");
156
157 if (r == TSS2_RC_SUCCESS)
158 goto error;
159
160 r = Fapi_SetAuthCB(context, auth_callback, "");
161 goto_if_error(r, "Error SetPolicyAuthCallback", error);
162
163 r = Fapi_Sign(context, sign_key, NULL,
164 &digest.buffer[0], digest.size, &signature, &signatureSize,
165 &publicKey, NULL);
166 goto_if_error(r, "Error Fapi_Sign", error);
167
168 r = Fapi_Delete(context, nv_path_auth_object);
169 goto_if_error(r, "Error Fapi_NV_Undefine", error);
170
171 r = Fapi_Delete(context, "/HS/SRK");
172 goto_if_error(r, "Error Fapi_Delete", error);
173
174 SAFE_FREE(signature);
175 SAFE_FREE(publicKey);
176 SAFE_FREE(json_policy);
177 return EXIT_SUCCESS;
178
179 error:
180 SAFE_FREE(signature);
181 SAFE_FREE(publicKey);
182 SAFE_FREE(json_policy);
183 return EXIT_FAILURE;
184 }
185
186 int
test_invoke_fapi(FAPI_CONTEXT * context)187 test_invoke_fapi(FAPI_CONTEXT *context)
188 {
189 return test_fapi_key_create_policy_secret_nv_sign(context);
190 }
191