tpmclient: Move session helpers to test/integration/
Create common session-util.c|h files under test/integration/ and
move helpers from tpmclient into the new files. That way they
can be reused in all integration test and it will make
decomposition of tpmclient easier.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
diff --git a/Makefile-test.am b/Makefile-test.am
index 4af2e0a..887455d 100644
--- a/Makefile-test.am
+++ b/Makefile-test.am
@@ -263,15 +263,15 @@
test_tpmclient_tpmclient_int_SOURCES = \
test/tpmclient/DecryptEncrypt.c \
test/tpmclient/Entity.c test/tpmclient/kdfa.c \
- test/integration/main.c test/tpmclient/sample.h \
- test/tpmclient/StartAuthSession.c test/tpmclient/TpmCalcPHash.c \
- test/tpmclient/tpmclient.int.c test/tpmclient/tpmclient.h \
- test/tpmclient/TpmHandleToName.c test/tpmclient/SessionHmac.c
+ test/tpmclient/StartAuthSession.c test/tpmclient/SessionHmac.c \
+ test/tpmclient/tpmclient.int.c test/tpmclient/tpmclient.int.h \
+ test/integration/main.c
test_integration_libtest_utils_la_CFLAGS = $(AM_CFLAGS) $(TESTS_CFLAGS)
test_integration_libtest_utils_la_SOURCES = \
test/integration/context-util.c test/integration/context-util.h \
test/integration/sapi-util.c test/integration/sapi-util.h \
+ test/integration/session-util.c test/integration/session-util.h \
test/integration/test-options.c test/integration/test-options.h \
test/integration/test.h
diff --git a/test/integration/session-util.c b/test/integration/session-util.c
new file mode 100644
index 0000000..34f30f3
--- /dev/null
+++ b/test/integration/session-util.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2018, Intel Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "session-util.h"
+#include "sapi-util.h"
+#include "context-util.h"
+#include "util/tss2_endian.h"
+#define LOGMODULE test
+#include "util/log.h"
+
+TSS2_RC
+TpmCalcPHash(
+ TSS2_SYS_CONTEXT *sysContext,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TPMI_ALG_HASH authHash,
+ bool command,
+ TPM2B_DIGEST *pHash)
+{
+ TSS2_RC rval = TPM2_RC_SUCCESS;
+ TSS2_TCTI_CONTEXT *tcti_context;
+ UINT32 i;
+ TPM2B_NAME name1;
+ TPM2B_NAME name2;
+ TPM2B_MAX_BUFFER hashInput;
+ UINT8 *hashInputPtr;
+ size_t parametersSize;
+ const uint8_t *startParams;
+ TPM2_CC cmdCode;
+
+ name1.size = name2.size = 0;
+ hashInput.size = 0;
+ rval = Tss2_Sys_GetTctiContext(sysContext, &tcti_context);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ if (command) {
+ rval = TpmHandleToName(tcti_context, handle1, &name1);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ rval = Tss2_Sys_GetCpBuffer(sysContext, ¶metersSize, &startParams);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ rval = TpmHandleToName(tcti_context, handle2, &name2);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+ } else {
+ rval = Tss2_Sys_GetRpBuffer(sysContext, ¶metersSize, &startParams);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ hashInputPtr = &(hashInput.buffer[hashInput.size]);
+ /* This is response code. Assuming 0 (success) */
+ *(UINT32 *)hashInputPtr = 0;
+ hashInput.size += 4;
+ }
+
+ rval = Tss2_Sys_GetCommandCode(sysContext, (UINT8 *)&cmdCode);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ hashInputPtr = &(hashInput.buffer[hashInput.size]);
+ *(UINT32 *)hashInputPtr = cmdCode;
+ hashInput.size += 4;
+
+ rval = ConcatSizedByteBuffer(&hashInput, (TPM2B *)&name1);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ rval = ConcatSizedByteBuffer(&hashInput, (TPM2B *)&name2);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ if (hashInput.size + parametersSize > sizeof(hashInput.buffer))
+ return TSS2_SYS_RC_INSUFFICIENT_BUFFER;
+
+ for(i = 0; i < parametersSize; i++)
+ hashInput.buffer[hashInput.size + i ] = startParams[i];
+
+ hashInput.size += (UINT16)parametersSize;
+ LOGBLOB_DEBUG(&hashInput.buffer[0], hashInput.size, "PHASH input bytes=");
+
+ if (hashInput.size > sizeof(hashInput.buffer))
+ return TSS2_SYS_RC_INSUFFICIENT_BUFFER;
+
+ rval = hash(authHash, hashInput.buffer, hashInput.size, pHash);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
+
+ LOGBLOB_DEBUG(&pHash->buffer[0], pHash->size, "PHASH =");
+ return rval;
+}
+
+UINT32 TpmHandleToName(
+ TSS2_TCTI_CONTEXT *tcti_context,
+ TPM2_HANDLE handle,
+ TPM2B_NAME *name)
+{
+ TSS2_RC rval;
+ TPM2B_NAME qualified_name = TPM2B_NAME_INIT;
+ TPM2B_PUBLIC public;
+ TPM2B_NV_PUBLIC nvPublic;
+ TSS2_SYS_CONTEXT *sysContext;
+ UINT8 *namePtr = name->name;
+
+ if (!tcti_context || !name)
+ return TSS2_SYS_RC_BAD_VALUE;
+
+ switch(handle >> TPM2_HR_SHIFT)
+ {
+ case TPM2_HT_NV_INDEX:
+ sysContext = sapi_init_from_tcti_ctx(tcti_context);
+ if (sysContext == NULL)
+ return TSS2_SYS_RC_GENERAL_FAILURE;
+
+ nvPublic.size = 0;
+ rval = Tss2_Sys_NV_ReadPublic(sysContext, handle, 0,
+ &nvPublic, name, 0);
+ sapi_teardown(sysContext);
+ break;
+
+ case TPM2_HT_TRANSIENT:
+ case TPM2_HT_PERSISTENT:
+ sysContext = sapi_init_from_tcti_ctx(tcti_context);
+ if (sysContext == NULL)
+ return TSS2_SYS_RC_GENERAL_FAILURE;
+
+ public.size = 0;
+ rval = Tss2_Sys_ReadPublic(sysContext, handle, 0,
+ &public, name, &qualified_name, 0);
+ sapi_teardown(sysContext);
+ break;
+
+ default:
+ rval = TPM2_RC_SUCCESS;
+ name->size = sizeof(TPM2_HANDLE);
+ *(TPM2_HANDLE *)namePtr = BE_TO_HOST_32(handle);
+ }
+ return rval;
+}
diff --git a/test/integration/session-util.h b/test/integration/session-util.h
new file mode 100644
index 0000000..77fceee
--- /dev/null
+++ b/test/integration/session-util.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2017, Intel Corporation
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SESSION_UTIL_H_
+#define _SESSION_UTIL_H_
+
+#include <stdbool.h>
+#include "tss2_tpm2_types.h"
+#include "tss2_sys.h"
+
+/*
+ * Helper function used to calculate cpHash and rpHash
+ * if command is true cpHash is calculated,
+ * otherwise rpHash rpHash is calculated.
+ */
+TSS2_RC
+TpmCalcPHash(
+ TSS2_SYS_CONTEXT *sysContext,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TPMI_ALG_HASH auth_hash,
+ bool command,
+ TPM2B_DIGEST *result);
+
+UINT32
+TpmHandleToName(
+ TSS2_TCTI_CONTEXT *tcti_context,
+ TPM2_HANDLE handle,
+ TPM2B_NAME *name);
+#endif
diff --git a/test/tpmclient/SessionHmac.c b/test/tpmclient/SessionHmac.c
index d9aecec..0402f7f 100644
--- a/test/tpmclient/SessionHmac.c
+++ b/test/tpmclient/SessionHmac.c
@@ -31,29 +31,22 @@
#include "tss2_sys.h"
#include "../integration/sapi-util.h"
+#include "../integration/session-util.h"
#include "tpmclient.int.h"
#include "sysapi_util.h"
#include "util/tss2_endian.h"
#define LOGMODULE test
#include "util/log.h"
-//
-// This function calculates the session HMAC and updates session state.
-//
UINT32 TpmComputeSessionHmac(
TSS2_SYS_CONTEXT *sysContext,
- TPMS_AUTH_COMMAND *pSessionDataIn, // Pointer to session input struct
- TPM2_HANDLE entityHandle, // Used to determine if we're accessing a different
- // resource than the bound resource.
- TSS2_RC responseCode, // Response code for the command, 0xffff for "none" is
- // used to indicate that no response code is present
- // (used for calculating command HMACs vs response HMACs).
- TPM2_HANDLE handle1, // First handle == 0xff000000 indicates no handle
- TPM2_HANDLE handle2, // Second handle == 0xff000000 indicates no handle
- TPMA_SESSION sessionAttributes, // Current session attributes
- TPM2B_DIGEST *result, // Where the result hash is saved.
- TSS2_RC sessionCmdRval
- )
+ TPMS_AUTH_COMMAND *pSessionDataIn,
+ TPM2_HANDLE entityHandle,
+ bool command,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TPMA_SESSION sessionAttributes,
+ TPM2B_DIGEST *result)
{
TPM2B_MAX_BUFFER hmacKey;
TPM2B_DIGEST *bufferList[7];
@@ -69,16 +62,14 @@
hmacKey.size = 0;
- rval = GetSessionStruct( pSessionDataIn->sessionHandle, &pSession );
- if( rval != TPM2_RC_SUCCESS )
- {
+ rval = GetSessionStruct(pSessionDataIn->sessionHandle, &pSession);
+ if (rval != TPM2_RC_SUCCESS)
return rval;
- }
- INIT_SIMPLE_TPM2B_SIZE( pHash );
- rval = TpmCalcPHash(sysContext, handle1, handle2, pSession->authHash,
- responseCode, &pHash);
- if( rval != TPM2_RC_SUCCESS )
+ INIT_SIMPLE_TPM2B_SIZE(pHash);
+ rval = TpmCalcPHash(sysContext, handle1, handle2,
+ pSession->authHash, command, &pHash);
+ if (rval != TPM2_RC_SUCCESS)
return rval;
// Use entityHandle to get authValue, if any.
@@ -148,26 +139,18 @@
- if( ( responseCode != TPM2_RC_NO_RESPONSE ) &&
- ( cmdCode == TPM2_CC_NV_Write ||
- cmdCode == TPM2_CC_NV_Increment ||
- cmdCode == TPM2_CC_NV_SetBits )
- )
- {
+ if (command && (cmdCode == TPM2_CC_NV_Write ||
+ cmdCode == TPM2_CC_NV_Increment ||
+ cmdCode == TPM2_CC_NV_SetBits)) {
rval = GetEntity( entityHandle, &nvEntity );
- if( rval != TPM2_RC_SUCCESS )
- {
+
+ if(rval != TPM2_RC_SUCCESS)
return rval;
- }
- else
- {
- // Only change session's nvNameChanged parameter when
- // the NV index's name changes due to a write.
- if( nvEntity->nvNameChanged == 0 )
- {
- pSession->nvNameChanged = 1;
- nvEntity->nvNameChanged = 1;
- }
+ // Only change session's nvNameChanged parameter when
+ // the NV index's name changes due to a write.
+ if (nvEntity->nvNameChanged == 0) {
+ pSession->nvNameChanged = 1;
+ nvEntity->nvNameChanged = 1;
}
}
@@ -175,9 +158,11 @@
}
-TSS2_RC ComputeCommandHmacs( TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle1,
- TPM2_HANDLE handle2, TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn,
- TSS2_RC sessionCmdRval )
+TSS2_RC ComputeCommandHmacs(
+ TSS2_SYS_CONTEXT *sysContext,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn)
{
uint8_t i;
TSS2_RC rval = TPM2_RC_SUCCESS;
@@ -186,57 +171,60 @@
// Note: from Part 1, table 6, Use of Authorization/Session Blocks, we
// can have at most two HMAC sessions per command.
- for( i = 0; ( i < 2 ) && ( i < pSessionsDataIn->count ); i++ )
- {
- authPtr = &( pSessionsDataIn->auths[i].hmac );
+ for (i = 0; i < 2 && i < pSessionsDataIn->count; i++) {
+ authPtr = &(pSessionsDataIn->auths[i].hmac);
entityHandle = handle1;
- if( authPtr != 0 )
- {
- rval = TpmComputeSessionHmac( sysContext, &pSessionsDataIn->auths[i],
- entityHandle, TPM2_RC_NO_RESPONSE, handle1, handle2,
- pSessionsDataIn->auths[i].sessionAttributes,
- authPtr, sessionCmdRval );
- if( rval != TPM2_RC_SUCCESS )
- break;
- }
- }
+ if (!authPtr)
+ break;
+ rval = TpmComputeSessionHmac(sysContext,
+ &pSessionsDataIn->auths[i],
+ entityHandle,
+ true,
+ handle1,
+ handle2,
+ pSessionsDataIn->auths[i].sessionAttributes,
+ authPtr);
+ if (rval != TPM2_RC_SUCCESS)
+ break;
+ }
return rval;
}
-
-TSS2_RC CheckResponseHMACs( TSS2_SYS_CONTEXT *sysContext, TSS2_RC responseCode,
- TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn, TPM2_HANDLE handle1, TPM2_HANDLE handle2,
- TSS2L_SYS_AUTH_RESPONSE *pSessionsDataOut )
+TSS2_RC CheckResponseHMACs(
+ TSS2_SYS_CONTEXT *sysContext,
+ TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TSS2L_SYS_AUTH_RESPONSE *pSessionsDataOut)
{
TPM2_HANDLE entityHandle = TPM2_HT_NO_HANDLE;
TPM2B_DIGEST auth;
TSS2_RC rval = TPM2_RC_SUCCESS;
uint8_t i;
- // Check response HMACs, if any.
- if( responseCode == TPM2_RC_SUCCESS )
- {
- for( i = 0; ( i < 2 ) && ( i < pSessionsDataIn->count ); i++ )
+ for (i = 0; i < 2 && i < pSessionsDataIn->count; i++) {
+ entityHandle = handle1;
+
+ if ((pSessionsDataIn->auths[i].sessionHandle >> TPM2_HR_SHIFT) == TPM2_HT_HMAC_SESSION)
{
- entityHandle = handle1;
-
- if( ( pSessionsDataIn->auths[i].sessionHandle >> TPM2_HR_SHIFT ) == TPM2_HT_HMAC_SESSION )
- {
- rval = TpmComputeSessionHmac( sysContext,
- &pSessionsDataIn->auths[i], entityHandle,
- responseCode, handle1, handle2,
+ rval = TpmComputeSessionHmac(sysContext,
+ &pSessionsDataIn->auths[i],
+ entityHandle,
+ false,
+ handle1,
+ handle2,
pSessionsDataOut->auths[i].sessionAttributes,
- &auth, TPM2_RC_SUCCESS );
- if( rval != TPM2_RC_SUCCESS )
- return rval;
+ &auth);
+ if (rval != TPM2_RC_SUCCESS)
+ return rval;
- rval = CompareSizedByteBuffer((TPM2B *)&auth, (TPM2B *)&pSessionsDataOut->auths[i].hmac);
- if( rval != TPM2_RC_SUCCESS )
- return APPLICATION_HMAC_ERROR(i+1);
- }
+ rval = CompareSizedByteBuffer((TPM2B *)&auth, (TPM2B *)&pSessionsDataOut->auths[i].hmac);
+ if (rval != TPM2_RC_SUCCESS)
+ return APPLICATION_HMAC_ERROR(i+1);
}
}
+
return rval;
}
diff --git a/test/tpmclient/TpmCalcPHash.c b/test/tpmclient/TpmCalcPHash.c
deleted file mode 100644
index 83e8c28..0000000
--- a/test/tpmclient/TpmCalcPHash.c
+++ /dev/null
@@ -1,162 +0,0 @@
-//**********************************************************************;
-// Copyright (c) 2015, Intel Corporation
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice,
-// this list of conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-// this list of conditions and the following disclaimer in the documentation
-// and/or other materials provided with the distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-// THE POSSIBILITY OF SUCH DAMAGE.
-//**********************************************************************;
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "tss2_tpm2_types.h"
-
-#include "../integration/sapi-util.h"
-#include "tpmclient.int.h"
-#include "sysapi_util.h"
-#include "util/tss2_endian.h"
-#define LOGMODULE test
-#include "util/log.h"
-
-//
-// This function is a helper function used to calculate cpHash and rpHash.
-//
-// NOTE: for calculating cpHash, set responseCode to TPM2_RC_NO_RESPONSE; this
-// tells the function to leave it out of the calculation.
-//
-TSS2_RC TpmCalcPHash( TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle1, TPM2_HANDLE handle2,
- TPMI_ALG_HASH authHash, TSS2_RC responseCode, TPM2B_DIGEST *pHash )
-{
- TSS2_RC rval = TPM2_RC_SUCCESS;
- UINT32 i;
- TPM2B_NAME name1;
- TPM2B_NAME name2;
- TPM2B_MAX_BUFFER hashInput; // Byte stream to be hashed to create pHash
- UINT8 *hashInputPtr;
- size_t parametersSize;
- const uint8_t *startParams;
- TPM2_CC cmdCode;
-
- name1.size = name2.size = 0;
-
- // Calculate pHash
- //
-
- // Only get names for commands
- if( responseCode == TPM2_RC_NO_RESPONSE )
- {
- if( handle1 == TPM2_HT_NO_HANDLE )
- {
- name1.size = 0;
- }
- else
- {
- // Get names for the handles
- rval = TpmHandleToName( handle1, &name1 );
- if( rval != TPM2_RC_SUCCESS )
- return rval;
- }
- }
- LOGBLOB_DEBUG(&name1.name[0], name1.size, "NAME1 =");
-
- // Only get names for commands
- if( responseCode == TPM2_RC_NO_RESPONSE )
- {
- rval = Tss2_Sys_GetCpBuffer( sysContext, ¶metersSize, &startParams);
- if( rval != TPM2_RC_SUCCESS )
- return rval;
-
- if( handle2 == TPM2_HT_NO_HANDLE )
- {
- name2.size = 0;
- }
- else
- {
- rval = TpmHandleToName( handle2, &name2 );
- if( rval != TPM2_RC_SUCCESS )
- return rval;
- }
- }
- else
- {
- rval = Tss2_Sys_GetRpBuffer( sysContext, ¶metersSize, &startParams);
- if( rval != TPM2_RC_SUCCESS )
- return rval;
- }
-
- LOGBLOB_DEBUG(&name2.name[0], name2.size, "NAME2 =");
-
- // Create pHash input byte stream: first add response code, if any.
- hashInput.size = 0;
- if( responseCode != TPM2_RC_NO_RESPONSE )
- {
- hashInputPtr = &( hashInput.buffer[hashInput.size] );
- *(UINT32 *)hashInputPtr = BE_TO_HOST_32(responseCode);
- hashInput.size += 4;
- }
-
- // Create pHash input byte stream: now add command code.
- rval = Tss2_Sys_GetCommandCode( sysContext, (UINT8 *)&cmdCode );
- if( rval != TPM2_RC_SUCCESS )
- return rval;
-
- hashInputPtr = &( hashInput.buffer[hashInput.size] );
- *(UINT32 *)hashInputPtr = cmdCode;
- hashInput.size += 4;
-
- // Create pHash input byte stream: now add in names for the handles.
- rval = ConcatSizedByteBuffer(&hashInput, (TPM2B *)&name1);
- if( rval != TPM2_RC_SUCCESS )
- return rval;
-
- rval = ConcatSizedByteBuffer(&hashInput, (TPM2B *)&name2);
- if( rval != TPM2_RC_SUCCESS )
- return rval;
-
- if( ( hashInput.size + parametersSize ) <= sizeof( hashInput.buffer ) )
- {
- // Create pHash input byte stream: now add in parameters byte stream
- for( i = 0; i < parametersSize; i++ )
- hashInput.buffer[hashInput.size + i ] = startParams[i];
- hashInput.size += (UINT16)parametersSize;
- }
- else
- {
- return( APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER ) );
-
- }
- LOGBLOB_DEBUG(&hashInput.buffer[0], hashInput.size, "PHASH input bytes=");
-
- // Now hash the whole mess.
- if( hashInput.size > sizeof( hashInput.buffer ) )
- {
- rval = APPLICATION_ERROR( TSS2_BASE_RC_INSUFFICIENT_BUFFER );
- }
- else
- {
- rval = hash(authHash, hashInput.buffer, hashInput.size, pHash);
- if (rval != TPM2_RC_SUCCESS)
- return rval;
- LOGBLOB_DEBUG(&pHash->buffer[0], pHash->size, "PHASH =");
- }
-
- return rval;
-}
diff --git a/test/tpmclient/TpmHandleToName.c b/test/tpmclient/TpmHandleToName.c
deleted file mode 100644
index 6f61f7b..0000000
--- a/test/tpmclient/TpmHandleToName.c
+++ /dev/null
@@ -1,85 +0,0 @@
-//**********************************************************************;
-// Copyright (c) 2015, Intel Corporation
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice,
-// this list of conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-// this list of conditions and the following disclaimer in the documentation
-// and/or other materials provided with the distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-// THE POSSIBILITY OF SUCH DAMAGE.
-//**********************************************************************;
-
-#include "tss2_tpm2_types.h"
-
-#include "tpmclient.int.h"
-#include "sysapi_util.h"
-#include "../integration/context-util.h"
-#include "util/tss2_endian.h"
-
-UINT32 TpmHandleToName( TPM2_HANDLE handle, TPM2B_NAME *name )
-{
- TSS2_RC rval;
- TPM2B_NAME qualifiedName;
- TPM2B_PUBLIC public;
- TPM2B_NV_PUBLIC nvPublic;
- TSS2_SYS_CONTEXT *sysContext;
- UINT8 *namePtr = name->name;
-
- // Initialize name to zero length in case of failure.
- INIT_SIMPLE_TPM2B_SIZE( *name );
- INIT_SIMPLE_TPM2B_SIZE( qualifiedName );
-
- if( handle == ( TPM2_HT_NO_HANDLE ) )
- {
- name->size = 0;
- rval = TPM2_RC_SUCCESS;
- }
- else
- {
- switch( handle >> TPM2_HR_SHIFT )
- {
- case TPM2_HT_NV_INDEX:
- sysContext = sapi_init_from_tcti_ctx(resMgrTctiContext);
- if (sysContext == NULL)
- return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;
-
- nvPublic.size = 0;
- rval = Tss2_Sys_NV_ReadPublic( sysContext, handle, 0, &nvPublic, name, 0 );
- sapi_teardown(sysContext);
- break;
-
- case TPM2_HT_TRANSIENT:
- case TPM2_HT_PERSISTENT:
- sysContext = sapi_init_from_tcti_ctx(resMgrTctiContext);
- if (sysContext == NULL)
- return TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED;
-
- public.size = 0;
- rval = Tss2_Sys_ReadPublic( sysContext, handle, 0, &public, name, &qualifiedName, 0 );
- sapi_teardown(sysContext);
- break;
-
- default:
- rval = TPM2_RC_SUCCESS;
- name->size = sizeof(TPM2_HANDLE);
- *(TPM2_HANDLE *)namePtr = BE_TO_HOST_32(handle);
- }
- }
- return rval;
-}
diff --git a/test/tpmclient/tpmclient.int.c b/test/tpmclient/tpmclient.int.c
index e67111f..83c0a73 100644
--- a/test/tpmclient/tpmclient.int.c
+++ b/test/tpmclient/tpmclient.int.c
@@ -37,6 +37,7 @@
#include "../integration/context-util.h"
#include "../integration/sapi-util.h"
+#include "../integration/session-util.h"
#include "tpmclient.int.h"
#include "util/tss2_endian.h"
#include "sysapi_util.h"
@@ -2237,8 +2238,9 @@
// Get the name of the NV index.
rval = TpmHandleToName(
+ resMgrTctiContext,
TPM20_INDEX_PASSWORD_TEST,
- &nvName );
+ &nvName);
CheckPassed( rval );
@@ -2272,7 +2274,9 @@
// Get the name of the session and save it in
// the nvSession structure.
- rval = TpmHandleToName( nvSession->sessionHandle,
+ rval = TpmHandleToName(
+ resMgrTctiContext,
+ nvSession->sessionHandle,
&(nvSession->name) );
CheckPassed( rval );
@@ -2313,32 +2317,35 @@
// Complete command authorization area, by computing
// HMAC and setting it in nvCmdAuths.
- rval = ComputeCommandHmacs( simpleTestContext,
+ rval = ComputeCommandHmacs(
+ simpleTestContext,
TPM20_INDEX_PASSWORD_TEST,
- TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
- TPM2_RC_FAILURE );
- CheckPassed( rval );
+ TPM20_INDEX_PASSWORD_TEST,
+ &nvCmdAuths);
+ CheckPassed(rval);
// Finally!! Write the data to the NV index.
// If the command is successful, the command
// HMAC was correct.
- sessionCmdRval = Tss2_Sys_NV_Write( simpleTestContext,
+ sessionCmdRval = Tss2_Sys_NV_Write(simpleTestContext,
TPM20_INDEX_PASSWORD_TEST,
TPM20_INDEX_PASSWORD_TEST,
- &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
+ &nvCmdAuths, &nvWriteData, 0, &nvRspAuths);
CheckPassed(sessionCmdRval);
// Roll nonces for response
RollNonces( nvSession, &nvRspAuths.auths[0].nonce );
- if( sessionCmdRval == TPM2_RC_SUCCESS )
- {
+ if (sessionCmdRval == TPM2_RC_SUCCESS) {
// If the command was successful, check the
// response HMAC to make sure that the
// response was received correctly.
- rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
- &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
- TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
- CheckPassed( rval );
+ rval = CheckResponseHMACs(
+ simpleTestContext,
+ &nvCmdAuths,
+ TPM20_INDEX_PASSWORD_TEST,
+ TPM20_INDEX_PASSWORD_TEST,
+ &nvRspAuths);
+ CheckPassed(rval);
}
if( !hmacTest )
@@ -2363,11 +2370,12 @@
// Complete command authorization area, by computing
// HMAC and setting it in nvCmdAuths.
- rval = ComputeCommandHmacs( simpleTestContext,
+ rval = ComputeCommandHmacs(
+ simpleTestContext,
TPM20_INDEX_PASSWORD_TEST,
- TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
- TPM2_RC_FAILURE );
- CheckPassed( rval );
+ TPM20_INDEX_PASSWORD_TEST,
+ &nvCmdAuths);
+ CheckPassed(rval);
// And now read the data back.
// If the command is successful, the command
@@ -2383,15 +2391,17 @@
// Roll nonces for response
RollNonces( nvSession, &nvRspAuths.auths[0].nonce );
- if( sessionCmdRval == TPM2_RC_SUCCESS )
- {
+ if (sessionCmdRval == TPM2_RC_SUCCESS) {
// If the command was successful, check the
// response HMAC to make sure that the
// response was received correctly.
- rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
- &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
- TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
- CheckPassed( rval );
+ rval = CheckResponseHMACs(
+ simpleTestContext,
+ &nvCmdAuths,
+ TPM20_INDEX_PASSWORD_TEST,
+ TPM20_INDEX_PASSWORD_TEST,
+ &nvRspAuths );
+ CheckPassed(rval);
}
// Check that write and read data are equal.
diff --git a/test/tpmclient/tpmclient.int.h b/test/tpmclient/tpmclient.int.h
index 26bdba5..56ffb8d 100644
--- a/test/tpmclient/tpmclient.int.h
+++ b/test/tpmclient/tpmclient.int.h
@@ -31,6 +31,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <stdbool.h>
#include "tss2_tpm2_types.h"
#include "tss2_mu.h"
@@ -151,59 +152,32 @@
TSS2_RC GetSessionStruct( TPMI_SH_AUTH_SESSION authHandle, SESSION **pSession );
TSS2_RC GetSessionAlgId( TPMI_SH_AUTH_SESSION authHandle, TPMI_ALG_HASH *sessionAlgId );
TSS2_RC EndAuthSession( SESSION *session );
-TSS2_RC ComputeCommandHmacs( TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle1,
- TPM2_HANDLE handle2, TSS2L_SYS_AUTH_COMMAND *pSessionsData,
- TSS2_RC sessionCmdRval );
-
-extern INT16 sessionEntriesUsed;
-
-extern void InitSessionsTable();
-
-extern UINT32 ( *ComputeSessionHmacPtr )(
- TSS2_SYS_CONTEXT *sysContext,
- TPMS_AUTH_COMMAND *cmdAuth, // Pointer to session input struct
- TPM2_HANDLE entityHandle, // Used to determine if we're accessing a different
- // resource than the bound resource.
- TSS2_RC responseCode, // Response code for the command, 0xffff for "none" is
- // used to indicate that no response code is present
- // (used for calculating command HMACs vs response HMACs).
- TPM2_HANDLE handle1, // First handle == 0xff000000 indicates no handle
- TPM2_HANDLE handle2, // Second handle == 0xff000000 indicates no handle
- TPMA_SESSION sessionAttributes, // Current session attributes
- TPM2B_DIGEST *result, // Where the result hash is saved.
- TSS2_RC sessionCmdRval
- );
-
-
-extern TSS2_RC CheckResponseHMACs( TSS2_SYS_CONTEXT *sysContext,
- TSS2_RC responseCode,
- TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn, TPM2_HANDLE handle1, TPM2_HANDLE handle2,
- TSS2L_SYS_AUTH_RESPONSE *pSessionsDataOut );
+TSS2_RC ComputeCommandHmacs(
+ TSS2_SYS_CONTEXT *sysContext,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TSS2L_SYS_AUTH_COMMAND *pSessionsData);
TSS2_RC StartAuthSessionWithParams( SESSION **session, TPMI_DH_OBJECT tpmKey, TPM2B_MAX_BUFFER *salt,
TPMI_DH_ENTITY bind, TPM2B_AUTH *bindAuth, TPM2B_NONCE *nonceCaller, TPM2B_ENCRYPTED_SECRET *encryptedSalt,
TPM2_SE sessionType, TPMT_SYM_DEF *symmetric, TPMI_ALG_HASH algId, TSS2_TCTI_CONTEXT *tctiContext );
-//
-// This function calculates the session HMAC
-//
UINT32 TpmComputeSessionHmac(
TSS2_SYS_CONTEXT *sysContext,
- TPMS_AUTH_COMMAND *pSessionDataIn, // Pointer to session input struct
- TPM2_HANDLE entityHandle, // Used to determine if we're accessing a different
- // resource than the bound resource.
- TSS2_RC responseCode, // Response code for the command, 0xffff for "none" is
- // used to indicate that no response code is present
- // (used for calculating command HMACs vs response HMACs).
- TPM2_HANDLE handle1, // First handle == 0xff000000 indicates no handle
- TPM2_HANDLE handle2, // Second handle == 0xff000000 indicates no handle
- TPMA_SESSION sessionAttributes, // Current session attributes
- TPM2B_DIGEST *result, // Where the result hash is saved.
- TSS2_RC sessionCmdRval
- );
+ TPMS_AUTH_COMMAND *pSessionDataIn,
+ TPM2_HANDLE entityHandle,
+ bool command,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TPMA_SESSION sessionAttributes,
+ TPM2B_DIGEST *result);
-TSS2_RC TpmCalcPHash( TSS2_SYS_CONTEXT *sysContext, TPM2_HANDLE handle1,
- TPM2_HANDLE handle2, TPMI_ALG_HASH authHash, TSS2_RC responseCode, TPM2B_DIGEST *pHash );
+TSS2_RC CheckResponseHMACs(
+ TSS2_SYS_CONTEXT *sysContext,
+ TSS2L_SYS_AUTH_COMMAND *pSessionsDataIn,
+ TPM2_HANDLE handle1,
+ TPM2_HANDLE handle2,
+ TSS2L_SYS_AUTH_RESPONSE *pSessionsDataOut);
TSS2_RC EncryptCommandParam( SESSION *session, TPM2B_MAX_BUFFER *encryptedData, TPM2B_MAX_BUFFER *clearData, TPM2B_AUTH *authValue );
@@ -214,10 +188,6 @@
void RollNonces( SESSION *session, TPM2B_NONCE *newNonce );
-UINT32 TpmHandleToName( TPM2_HANDLE handle, TPM2B_NAME *name );
-
-int TpmClientPrintf( UINT8 type, const char *format, ...);
-
#define INIT_SIMPLE_TPM2B_SIZE(type) (type).size = sizeof(type) - 2;
#define YES 1