Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2-tss / 2efe29185172c7f5aae583fa3e150538dcc7a74b / . / test / tpmclient / tpmclient.cpp
blob: d5df47f9cbfbe6f5aeb0f87c37d00b697f4ff1be [file] [log] [blame]
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]1//**********************************************************************;
2// Copyright (c) 2015, Intel Corporation
3// All rights reserved.
4//
5// Redistribution and use in source and binary forms, with or without
6// modification, are permitted provided that the following conditions are met:
7//
8// 1. Redistributions of source code must retain the above copyright notice,
9// this list of conditions and the following disclaimer.
10//
11// 2. Redistributions in binary form must reproduce the above copyright notice,
12// this list of conditions and the following disclaimer in the documentation
13// and/or other materials provided with the distribution.
14//
15// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
25// THE POSSIBILITY OF SUCH DAMAGE.
26//**********************************************************************;
27
28//
29// tpmclient.cpp : Defines the entry point for the console test application.
30//
31
32#ifdef _WIN32
33#include "stdafx.h"
34#else
35#include <stdarg.h>
36#endif
37
38#ifndef UNICODE
39#define UNICODE 1
40#endif
41
42#ifdef _WIN32
43// link with Ws2_32.lib
44#pragma comment(lib,"Ws2_32.lib")
45
46#include <winsock2.h>
47#include <ws2tcpip.h>
48#else
49#define sprintf_s snprintf
50#define sscanf_s sscanf
51#endif
52
53#include <stdio.h>
54#include <stdlib.h> // Needed for _wtoi
55#include <string.h>
56
57#include "tpm20.h"
58#include "sample.h"
59#include "resourcemgr.h"
60#include "tpmclient.h"
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]61
62// This is done to allow the tests to access fields
63// in the sysContext structure that are needed for
64// special test cases.
65//
66// ATTENTION: Normal applications should NEVER do this!!
67//
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]68#include "tss2_sysapi_util.h"
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]69
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]70#include "tpmsockets.h"
71#include "syscontext.h"
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]72#include "debug.h"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]73
74//
75// TPM indices and sizes
76//
77#define NV_AUX_INDEX_SIZE 96
78#define NV_PS_INDEX_SIZE 34
79#define NV_PO_INDEX_SIZE 34
80
81#define INDEX_AUX 0x01800003 // NV Storage
82#define INDEX_LCP_OWN 0x01400001 // Launch Policy Owner
83#define INDEX_LCP_SUP 0x01800001 // Launch Policy Default (Supplier)
84#define TPM20_INDEX_TEST1 0x01500015
85#define TPM20_INDEX_TEST2 0x01500016
86#define TPM20_INDEX_PASSWORD_TEST 0x01500020
87
88
89#define SET_PCR_SELECT_BIT( pcrSelection, pcr ) \
90 (pcrSelection).pcrSelect[( (pcr)/8 )] |= ( 1 << ( (pcr) % 8) );
91
92#define CLEAR_PCR_SELECT_BITS( pcrSelection ) \
93 (pcrSelection).pcrSelect[0] = 0; \
94 (pcrSelection).pcrSelect[1] = 0; \
95 (pcrSelection).pcrSelect[2] = 0;
96
97#define SET_PCR_SELECT_SIZE( pcrSelection, size ) \
98 (pcrSelection).sizeofSelect = size;
99
100char outFileName[200] = "";
101
102TPM_CC currentCommandCode;
103TPM_CC *currentCommandCodePtr = &currentCommandCode;
104
105#define errorStringSize 200
106char errorString[errorStringSize];
107
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]108UINT8 simulator = 1;
109
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]110UINT32 tpmMaxResponseLen = TPMBUF_LEN;
111
112UINT8 pcrAfterExtend[20];
113TPM_HANDLE loadedRsaKeyHandle;
114TPM_HANDLE loadedSha1KeyHandle;
115
116TPM2B_AUTH loadedSha1KeyAuth;
117
118TPM_HANDLE handle1024, handle2048sha1, handle2048rsa;
119
120UINT32 passCount = 1;
121UINT32 demoDelay = 0;
122int debugLevel = 0;
123int startAuthSessionTestOnly = 0;
124UINT8 indent = 0;
125
126TSS2_SYS_CONTEXT *sysContext;
127
128#define rmInterfaceConfigSize 250
129char rmInterfaceConfig[rmInterfaceConfigSize];
130
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]131TSS2_TCTI_DRIVER_INFO resMgrInterfaceInfo = { "resMgr", "", InitSocketsTcti, TeardownSocketsTcti };
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]132
133TSS2_TCTI_CONTEXT *resMgrTctiContext = 0;
134TSS2_ABI_VERSION abiVersion = { TSSWG_INTEROP, TSS_SAPI_FIRST_FAMILY, TSS_SAPI_FIRST_LEVEL, TSS_SAPI_FIRST_VERSION };
135
136UINT32 tpmSpecVersion = 0;
137
138//
139// These are helper functions that are called through function pointers so that
140// they could be swapped easily to point to different functions.
141//
142// Currently they are set to functions that use the TPM to perform the function, but SW-only
143// implementations could be substituted as well.
144//
145UINT32 ( *ComputeSessionHmacPtr )(
146 TSS2_SYS_CONTEXT *sysContext,
147 TPMS_AUTH_COMMAND *cmdAuth, // Pointer to session input struct
148 TPM_HANDLE entityHandle, // Used to determine if we're accessing a different
149 // resource than the bound resoure.
150 TPM_RC responseCode, // Response code for the command, 0xffff for "none" is
151 // used to indicate that no response code is present
152 // (used for calculating command HMACs vs response HMACs).
153 TPM_HANDLE handle1, // First handle == 0xff000000 indicates no handle
154 TPM_HANDLE handle2, // Second handle == 0xff000000 indicates no handle
155 TPMA_SESSION sessionAttributes, // Current session attributes
156 TPM2B_DIGEST *result, // Where the result hash is saved.
157 TPM_RC sessionCmdRval
158 ) = TpmComputeSessionHmac;
159
160TPM_RC ( *GetSessionAlgIdPtr )( TPMI_SH_AUTH_SESSION authHandle, TPMI_ALG_HASH *sessionAlgId ) = GetSessionAlgId;
161
162TPM_RC ( *CalcPHash )( TSS2_SYS_CONTEXT *sysContext,TPM_HANDLE handle1, TPM_HANDLE handle2, TPMI_ALG_HASH authHash,
163 TPM_RC responseCode, TPM2B_DIGEST *pHash ) = TpmCalcPHash;
164
165UINT32 (*HmacFunctionPtr)( TPM_ALG_ID hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result ) = TpmHmac;
166
167UINT32 (*HashFunctionPtr)( TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result ) = TpmHash;
168
169UINT32 (*HandleToNameFunctionPtr)( TPM_HANDLE handle, TPM2B_NAME *name ) = TpmHandleToName;
170
171TPMI_SH_AUTH_SESSION StartPolicySession();
172
173TPMI_SH_AUTH_SESSION InitNvAuxPolicySession();
174
175FILE *outFp;
176
177//
178// Used by some high level sample routines to copy the results.
179//
180void copyData( UINT8 *to, UINT8 *from, UINT32 length )
181{
182 if( to != 0 && from != 0 )
183 memcpy( to, from, length );
184}
185
186int TpmClientPrintf( UINT8 type, const char *format, ...)
187{
188 va_list args;
189 int rval = 0;
190
191 OpenOutFile( &outFp );
192
193 if( outFp )
194 {
195 if( type == RM_PREFIX )
196 {
197 PrintRMDebugPrefix();
198 }
199
200 va_start( args, format );
201 rval = vfprintf( outFp, format, args );
202 va_end (args);
203
204 CloseOutFile( &outFp );
205 }
206 else
207 {
208 printf( "TpmClientPrintf failed\n" );
209 }
210
211 return rval;
212}
213
214TPM_RC CompareTPM2B( TPM2B *buffer1, TPM2B *buffer2 )
215{
216 if( buffer1->size != buffer2->size )
217 return TPM_RC_FAILURE;
218 for( int i = 0; i < buffer1->size; i++ )
219 {
220 if( buffer1->buffer[0] != buffer2->buffer[0] )
221 return TPM_RC_FAILURE;
222 }
223 return TPM_RC_SUCCESS;
224}
225
226void PrintSizedBufferOpen( TPM2B *sizedBuffer )
227{
228 int i;
229
230
231 OpenOutFile( &outFp );
232
233 if( outFp )
234 {
235 for( i = 0; i < sizedBuffer->size; i++ )
236 {
237 TpmClientPrintf( 0, "%2.2x ", sizedBuffer->buffer[i] );
238
239 if( ( (i+1) % 16 ) == 0 )
240 {
241 TpmClientPrintf( 0, "\n" );
242 }
243 }
244 TpmClientPrintf( 0, "\n" );
245
246 CloseOutFile( &outFp );
247 }
248 else
249 {
250 printf( "PrintSizedBufferOpen failed\n" );
251 }
252
253}
254
255void PrintSizedBuffer( TPM2B *sizedBuffer )
256{
257 int i;
258
259 for( i = 0; i < sizedBuffer->size; i++ )
260 {
261 TpmClientPrintf( 0, "%2.2x ", sizedBuffer->buffer[i] );
262
263 if( ( (i+1) % 16 ) == 0 )
264 {
265 TpmClientPrintf( 0, "\n" );
266 }
267 }
268 TpmClientPrintf( 0, "\n" );
269}
270
271#define LEVEL_STRING_SIZE 50
272
273void ErrorHandler( UINT32 rval )
274{
275 UINT32 errorLevel = rval & TSS2_ERROR_LEVEL_MASK;
276 char levelString[LEVEL_STRING_SIZE + 1];
277
278 switch( errorLevel )
279 {
280 case TSS2_TPM_ERROR_LEVEL:
281 strncpy( levelString, "TPM", LEVEL_STRING_SIZE );
282 break;
283 case TSS2_APP_ERROR_LEVEL:
284 strncpy( levelString, "Application", LEVEL_STRING_SIZE );
285 break;
286 case TSS2_SYS_ERROR_LEVEL:
287 strncpy( levelString, "System API", LEVEL_STRING_SIZE );
288 break;
289 case TSS2_SYS_PART2_ERROR_LEVEL:
290 strncpy( levelString, "System API TPM encoded", LEVEL_STRING_SIZE );
291 break;
292 case TSS2_TCTI_ERROR_LEVEL:
293 strncpy( levelString, "TCTI", LEVEL_STRING_SIZE );
294 break;
295 case TSS2_RESMGRTPM_ERROR_LEVEL:
296 strncpy( levelString, "Resource Mgr TPM encoded", LEVEL_STRING_SIZE );
297 break;
298 case TSS2_RESMGR_ERROR_LEVEL:
299 strncpy( levelString, "Resource Mgr", LEVEL_STRING_SIZE );
300 break;
301 case TSS2_DRIVER_ERROR_LEVEL:
302 strncpy( levelString, "Driver", LEVEL_STRING_SIZE );
303 break;
304 default:
305 strncpy( levelString, "Unknown Level", LEVEL_STRING_SIZE );
306 break;
307 }
308
309 sprintf_s( errorString, errorStringSize, "%s Error: 0x%x\n", levelString, rval );
310}
311
312char resMgrInterfaceName[] = "Resource Manager";
313
314TSS2_RC InitTctiResMgrContext( char *rmInterfaceConfig, TSS2_TCTI_CONTEXT **tctiContext, char *name )
315{
316 size_t size;
317
318 TSS2_RC rval;
319
320 rval = resMgrInterfaceInfo.initialize(NULL, &size, rmInterfaceConfig, 0, 0, &resMgrInterfaceName[0], 0 );
321 if( rval != TSS2_RC_SUCCESS )
322 return rval;
323
324 *tctiContext = (TSS2_TCTI_CONTEXT *)malloc(size);
325
326 if( *tctiContext )
327 {
328 rval = resMgrInterfaceInfo.initialize(*tctiContext, &size, rmInterfaceConfig, 0, 0, resMgrInterfaceName, 0 );
329 }
330 else
331 {
332 rval = TSS2_TCTI_RC_BAD_CONTEXT;
333 }
334 return rval;
335}
336
337TSS2_RC TeardownTctiResMgrContext( char *interfaceConfig, TSS2_TCTI_CONTEXT *tctiContext, char *name )
338{
339 return resMgrInterfaceInfo.teardown( tctiContext, interfaceConfig, name );
340}
341
342void Cleanup()
343{
344 fflush( stdout );
345
346 PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
347
348 TeardownTctiResMgrContext( rmInterfaceConfig, resMgrTctiContext, &resMgrInterfaceName[0] );
349
350#ifdef _WIN32
351 WSACleanup();
352#endif
353 exit(1);
354}
355
356void InitSysContextFailure()
357{
358 TpmClientPrintf( 0, "InitSysContext failed, exiting...\n" );
359 Cleanup();
360}
361
362void Delay( UINT16 delay)
363{
364 volatile UINT32 i, j;
365
366 for( j = 0; j < delay; j++ )
367 {
368 for( i = 0; i < 10000000; i++ )
369 ;
370 }
371}
372
373void CheckPassed( UINT32 rval )
374{
375 OpenOutFile( &outFp );
376 TpmClientPrintf( 0, "\tpassing case: " );
377 if ( rval != TPM_RC_SUCCESS) {
378 ErrorHandler( rval);
379 TpmClientPrintf( 0, "\tFAILED! %s\n", errorString );
380 Cleanup();
381 }
382 else
383 {
384 TpmClientPrintf( 0, "\tPASSED!\n" );
385 }
386
387 CloseOutFile( &outFp );
388 Delay(demoDelay);
389}
390
391TPMS_AUTH_COMMAND nullSessionData;
392TPMS_AUTH_RESPONSE nullSessionDataOut;
393TPMS_AUTH_COMMAND *nullSessionDataArray[1] = { &nullSessionData };
394TPMS_AUTH_RESPONSE *nullSessionDataOutArray[1] = { &nullSessionDataOut };
395TSS2_SYS_CMD_AUTHS nullSessionsData = { 1, &nullSessionDataArray[0] };
396TSS2_SYS_RSP_AUTHS nullSessionsDataOut = { 1, &nullSessionDataOutArray[0] };
397TPM2B_NONCE nullSessionNonce, nullSessionNonceOut;
398TPM2B_AUTH nullSessionHmac;
399
400void CheckFailed( UINT32 rval, UINT32 expectedTpmErrorCode )
401{
402 OpenOutFile( &outFp );
403 TpmClientPrintf( 0, "\tfailing case: " );
404 if ( rval != expectedTpmErrorCode) {
405 ErrorHandler( rval);
406 TpmClientPrintf( 0, "\tFAILED! Ret code s/b: %x, but was: %x\n", expectedTpmErrorCode, rval );
407 Cleanup();
408 }
409 else
410 {
411 TpmClientPrintf( 0, "\tPASSED!\n" );
412 }
413 fflush( stdout );
414 CloseOutFile( &outFp );
415 Delay(demoDelay);
416}
417
418TSS2_RC TpmReset()
419{
420 TSS2_RC rval = TSS2_RC_SUCCESS;
421
422 rval = (TSS2_RC)PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
423 if( rval == TSS2_RC_SUCCESS )
424 {
425 rval = (TSS2_RC)PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
426 }
427 return rval;
428}
429
430void GetTpmVersion()
431{
432 TSS2_RC rval = TSS2_RC_SUCCESS;
433 TPMS_CAPABILITY_DATA capabilityData;
434
435 rval = Tss2_Sys_GetCapability( sysContext, 0,
436 TPM_CAP_TPM_PROPERTIES, TPM_PT_REVISION,
437 1, 0, &capabilityData, 0 );
438 CheckPassed( rval );
439
440 if( capabilityData.data.tpmProperties.count == 1 &&
441 (capabilityData.data.tpmProperties.tpmProperty[0].property == TPM_PT_REVISION) )
442 {
443 tpmSpecVersion = capabilityData.data.tpmProperties.tpmProperty[0].value;
444 }
445 else
446 {
447 TpmClientPrintf( 0, "Failed to get TPM spec version!!\n" );
448 Cleanup();
449 }
450}
451
452
453void TestDictionaryAttackLockReset()
454{
455 UINT32 rval;
456 TPMS_AUTH_COMMAND sessionData;
457 TPMS_AUTH_RESPONSE sessionDataOut;
458 TSS2_SYS_CMD_AUTHS sessionsData;
459 TSS2_SYS_RSP_AUTHS sessionsDataOut;
460
461 TPMS_AUTH_COMMAND *sessionDataArray[1];
462 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
463
464 sessionDataArray[0] = &sessionData;
465 sessionDataOutArray[0] = &sessionDataOut;
466
467 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
468 sessionsData.cmdAuths = &sessionDataArray[0];
469
470 sessionsDataOut.rspAuthsCount = 1;
471
472 TpmClientPrintf( 0, "\nDICTIONARY ATTACK LOCK RESET TEST :\n" );
473
474 // Init authHandle
475 sessionData.sessionHandle = TPM_RS_PW;
476
477 // Init nonce.
478 sessionData.nonce.t.size = 0;
479
480 // init hmac
481 sessionData.hmac.t.size = 0;
482
483 // Init session attributes
484 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
485
486 sessionsData.cmdAuthsCount = 1;
487 sessionsData.cmdAuths[0] = &sessionData;
488
489 rval = Tss2_Sys_DictionaryAttackLockReset ( sysContext, TPM_RH_LOCKOUT, &sessionsData, &sessionsDataOut );
490 CheckPassed( rval );
491}
492
493TSS2_RC StartPolicySession( TPMI_SH_AUTH_SESSION *sessionHandle )
494{
495 UINT8 i;
496 TPM2B_NONCE nonceCaller, nonceTpm;
497 TPM2B_ENCRYPTED_SECRET salt;
498 TPMT_SYM_DEF symmetric;
499 UINT16 digestSize;
500 UINT32 rval;
501
502 digestSize = GetDigestSize( TPM_ALG_SHA1 );
503 nonceCaller.t.size = digestSize;
504 for( i = 0; i < nonceCaller.t.size; i++ )
505 nonceCaller.t.buffer[i] = 0;
506
507 salt.t.size = 0;
508 symmetric.algorithm = TPM_ALG_NULL;
509
510 // Create policy session
511 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_NULL, 0, &nonceCaller, &salt,
512 TPM_SE_POLICY, &symmetric, TPM_ALG_SHA1, sessionHandle, &nonceTpm, 0 );
513 return( rval );
514}
515
516void TestTpmStartup()
517{
518 UINT32 rval;
519
520 TpmClientPrintf( 0, "\nSTARTUP TESTS:\n" );
521
522 //
523 // First test the one-call interface.
524 //
525
526 // First must do TPM reset.
527 rval = TpmReset();
528 CheckPassed(rval);
529
530 // This one should pass.
531 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
532 CheckPassed(rval);
533
534 // This one should fail.
535 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
536 CheckFailed( rval, TPM_RC_INITIALIZE );
537
538
539 // Cycle power using simulator interface.
540 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
541 CheckPassed( rval );
542 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
543 CheckPassed( rval );
544
545
546 //
547 // Now test the syncronous, non-one-call interface.
548 //
549 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
550 CheckPassed(rval);
551
552 // Execute the command syncronously.
553 rval = Tss2_Sys_Execute( sysContext );
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]554 CheckPassed( rval );
555
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]556 // Cycle power using simulator interface.
557 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
558 CheckPassed( rval );
559 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
560 CheckPassed( rval );
561
562
563 //
564 // Now test the asyncronous, non-one-call interface.
565 //
566 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
567 CheckPassed(rval);
568
569 // Execute the command asyncronously.
570 rval = Tss2_Sys_ExecuteAsync( sysContext );
571 CheckPassed(rval);
572
573 // Get the command response. Wait a maximum of 20ms
574 // for response.
575 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
576 CheckPassed(rval);
577}
578
579void TestSapiApis()
580{
581 UINT32 rval;
582 TPM2B_MAX_BUFFER outData = { { MAX_DIGEST_BUFFER, } };
583 TPM_RC testResult;
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]584 TSS2_SYS_CONTEXT *testSysContext;
585 TPM2B_PUBLIC outPublic;
586 TPM2B_NAME name;
587 TPM2B_NAME qualifiedName;
588 TPM2B_PRIVATE inPrivate;
589 UINT8 commandCode[4];
590 size_t rpBufferUsedSize;
591 const uint8_t *rpBuffer;
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]592
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]593 TpmClientPrintf( 0, "\nSAPI API TESTS:\n" );
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]594
595 //
596 // First test the one-call interface.
597 //
598 rval = Tss2_Sys_GetTestResult( sysContext, 0, &outData, &testResult, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]599 CheckPassed(rval); // #1
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]600
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]601 // Check for BAD_SEQUENCE error.
602 rval = Tss2_Sys_ExecuteAsync( sysContext );
603 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #2
604
605 // Check for BAD_SEQUENCE error.
606 rval = Tss2_Sys_Execute( sysContext );
607 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #3
608
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]609 //
610 // Now test the syncronous, non-one-call interface.
611 //
612 rval = Tss2_Sys_GetTestResult_Prepare( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]613 CheckPassed(rval); // #4
614
615 // Check for BAD_REFERENCE error.
616 rval = Tss2_Sys_Execute( 0 );
617 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #5
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]618
619 // Execute the command syncronously.
620 rval = Tss2_Sys_Execute( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]621 CheckPassed(rval); // #6
622
623 // Check for BAD_SEQUENCE error.
624 rval = Tss2_Sys_Execute( sysContext );
625 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #7
626
627 // Check for BAD_SEQUENCE error.
628 rval = Tss2_Sys_ExecuteAsync( sysContext );
629 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #8
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]630
631 // Get the command results
632 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]633 CheckPassed(rval); // #9
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]634
635 //
636 // Now test the asyncronous, non-one-call interface.
637 //
638 rval = Tss2_Sys_GetTestResult_Prepare( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]639 CheckPassed(rval); // #10
640
641 // Test XXXX_Complete for bad sequence: after _Prepare
642 // and before ExecuteFinish
643 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
644 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #11
645
646 // Check for BAD_REFERENCE error.
647 rval = Tss2_Sys_ExecuteAsync( 0 );
648 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #12
649
650 // Test ExecuteFinish for BAD_SEQUENCE
651 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
652 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #13
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]653
654 // Execute the command asyncronously.
655 rval = Tss2_Sys_ExecuteAsync( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]656 CheckPassed(rval); // #14
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]657
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]658 // Check for BAD_SEQUENCE error.
659 rval = Tss2_Sys_ExecuteAsync( sysContext );
660 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #15
661
662 // Check for BAD_SEQUENCE error.
663 rval = Tss2_Sys_Execute( sysContext );
664 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #16
665
666 // Test ExecuteFinish for BAD_REFERENCE
667 rval = Tss2_Sys_ExecuteFinish( 0, TSS2_TCTI_TIMEOUT_BLOCK );
668 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #17
669
670 // Test XXXX_Complete for bad sequence: after _Prepare
671 // and before ExecuteFinish
672 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
673 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #18
674
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]675 // Get the command response. Wait a maximum of 20ms
676 // for response.
677 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]678 CheckPassed(rval); // #19
679
680 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
681 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #20
682
683 // Check for BAD_SEQUENCE error.
684 rval = Tss2_Sys_ExecuteAsync( sysContext );
685 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #21
686
687 // Check for BAD_SEQUENCE error.
688 rval = Tss2_Sys_Execute( sysContext );
689 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #22
690
691 // Test _Complete for bad reference cases.
692 rval = Tss2_Sys_GetTestResult_Complete( 0, &outData, &testResult );
693 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #23
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]694
695 // Get the command results
696 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]697 CheckPassed(rval); // #24
698
699 // Now test case for ExecuteFinish and one-call where there's not enough room
700 // for the TPM response.
701 //
702 testSysContext = InitSysContext( sizeof( TPM20_Header_In ) + sizeof(TPM_HANDLE),
703 resMgrTctiContext, &abiVersion );
704 if( testSysContext == 0 )
705 {
706 InitSysContextFailure();
707 }
708
709 // Test GetCommandCode for bad sequence
710 rval = Tss2_Sys_GetCommandCode( testSysContext, &commandCode );
711 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #25
712
713 rval = Tss2_Sys_GetRpBuffer( testSysContext, &rpBufferUsedSize, &rpBuffer );
714 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #26
715
716 rval = Tss2_Sys_ReadPublic_Prepare( testSysContext, handle2048rsa );
717 CheckPassed(rval); // #27
718
719 // Execute the command syncronously.
720 rval = Tss2_Sys_ExecuteAsync( testSysContext );
721 CheckPassed( rval ); // #28
722
723 // Test _Complete for bad sequence case when ExecuteFinish has never
724 // been done on a context.
725 rval = Tss2_Sys_ReadPublic_Complete( testSysContext, &outPublic, &name, &qualifiedName );
726 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #29
727
728 rval = Tss2_Sys_ExecuteFinish( testSysContext, TSS2_TCTI_TIMEOUT_BLOCK );
729 CheckFailed( rval, TSS2_TCTI_RC_INSUFFICIENT_BUFFER ); // #30
730
731 rval = Tss2_Sys_ExecuteFinish( testSysContext, TSS2_TCTI_TIMEOUT_BLOCK );
732 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #31
733
734 rval = Tss2_Sys_ReadPublic_Prepare( testSysContext, handle2048rsa );
735 CheckPassed(rval); // #32
736
737 // Execute the command syncronously.
738 rval = Tss2_Sys_Execute( testSysContext );
739 CheckFailed( rval, TSS2_TCTI_RC_INSUFFICIENT_BUFFER ); // #33
740
741 rval = Tss2_Sys_ExecuteFinish( testSysContext, TSS2_TCTI_TIMEOUT_BLOCK );
742 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #34
743
744 // Make sure that comms with TPM still work.
745 rval = Tss2_Sys_ReadPublic_Prepare( sysContext, handle2048rsa );
746 CheckPassed(rval); // #35
747
748 // Execute the command syncronously.
749 rval = Tss2_Sys_Execute( sysContext );
750 CheckPassed( rval ); // #36
751
752 rval = Tss2_Sys_ReadPublic( testSysContext, handle2048rsa, 0,
753 &outPublic, &name, &qualifiedName, 0 );
754 CheckFailed( rval, TSS2_TCTI_RC_INSUFFICIENT_BUFFER ); // #37
755
756 // Make sure that comms with TPM still work.
757 outPublic.t.size = name.t.size = qualifiedName.t.size = 0;
758 rval = Tss2_Sys_ReadPublic( sysContext, handle2048rsa, 0,
759 &outPublic, &name, &qualifiedName, 0 );
760 CheckPassed( rval ); // #38
761
762 TeardownSysContext( &testSysContext );
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]763
764 // Check case of ExecuteFinish receving TPM error code.
765 // Subsequent _Complete call should fail with SEQUENCE error.
766 rval = TpmReset();
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]767 CheckPassed(rval); // #39
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]768
769 rval = Tss2_Sys_GetCapability_Prepare( sysContext,
770 TPM_CAP_TPM_PROPERTIES, TPM_PT_ACTIVE_SESSIONS_MAX,
771 1 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]772 CheckPassed(rval); // #40
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]773
774 // Execute the command asyncronously.
775 rval = Tss2_Sys_ExecuteAsync( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]776 CheckPassed(rval); // #41
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]777
778 // Get the command response. Wait a maximum of 20ms
779 // for response.
780 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]781 CheckFailed( rval, TPM_RC_INITIALIZE ); // #42
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]782
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]783 // Test _Complete for case when ExecuteFinish had an error.
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]784 rval = Tss2_Sys_GetCapability_Complete( sysContext, 0, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]785 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #43
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]786
787 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]788 CheckPassed(rval); // #44
789
790 rval = Tss2_Sys_GetRpBuffer( 0, &rpBufferUsedSize, &rpBuffer );
791 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #45
792
793 rval = Tss2_Sys_GetRpBuffer( sysContext, 0, &rpBuffer );
794 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #46
795
796 rval = Tss2_Sys_GetRpBuffer( sysContext, &rpBufferUsedSize, 0 );
797 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #47
798
799 rval = Tss2_Sys_GetRpBuffer( sysContext, &rpBufferUsedSize, &rpBuffer );
800 CheckPassed( rval ); // #48
801
802 // Now test case for ExecuteFinish where TPM returns
803 // an error. ExecuteFinish should return same error
804 // as TPM.
805 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
806 CheckPassed(rval); // #49
807
808 // Execute the command ayncronously.
809 rval = Tss2_Sys_ExecuteAsync( sysContext );
810 CheckPassed( rval ); // #50
811
812 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
813 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #51
814
815 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
816 CheckFailed( rval, TPM_RC_INITIALIZE ); // #51
817
818 // Now test case for ExecuteFinish where TPM returns
819 // an error. ExecuteFinish should return same error
820 // as TPM.
821 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
822 CheckPassed(rval); // #52
823
824 rval = Tss2_Sys_GetRpBuffer( sysContext, &rpBufferUsedSize, &rpBuffer );
825 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #53
826
827 // Execute the command ayncronously.
828 rval = Tss2_Sys_Execute( sysContext );
829 CheckFailed( rval, TPM_RC_INITIALIZE ); // #54
830
831 rval = Tss2_Sys_GetRpBuffer( sysContext, &rpBufferUsedSize, &rpBuffer );
832 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #55
833
834 // Test one-call for null sysContext pointer.
835 rval = Tss2_Sys_Startup( 0, TPM_SU_CLEAR );
836 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #56
837
838
839
840 // Test one-call for NULL input parameter that should be a
841 // pointer.
842 rval = Tss2_Sys_Load( sysContext, 0, 0, (TPM2B_PRIVATE *)0,
843 (TPM2B_PUBLIC *)0, (TPM_HANDLE *)0, (TPM2B_NAME *)0, 0 );
844 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #54
845
846 rval = Tss2_Sys_Load( sysContext, 0, 0, 0,
847 (TPM2B_PUBLIC *)0, (TPM_HANDLE *)0, (TPM2B_NAME *)0, 0 );
848 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #55
849
850 // Test GetCommandCode for bad reference
851 rval = Tss2_Sys_GetCommandCode( 0, &commandCode );
852 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #56
853
854 rval = Tss2_Sys_GetCommandCode( sysContext, 0 );
855 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #57
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]856}
857
858
859void TestTpmSelftest()
860{
861 UINT32 rval;
862
863 TpmClientPrintf( 0, "\nSELFTEST TESTS:\n" );
864
865 rval = Tss2_Sys_SelfTest( sysContext, 0, YES, 0);
866 CheckPassed( rval );
867
868 rval = Tss2_Sys_SelfTest( sysContext, 0, NO, 0);
869 CheckPassed( rval );
870
871 rval = Tss2_Sys_SelfTest( sysContext, 0, YES, 0);
872 CheckPassed( rval );
873
874}
875
876void TestTpmGetCapability()
877{
878 UINT32 rval;
879
880 char manuID[5] = " ";
881 char *manuIDPtr = &manuID[0];
882 TPMI_YES_NO moreData;
883 TPMS_CAPABILITY_DATA capabilityData;
884
885 TpmClientPrintf( 0, "\nGET_CAPABILITY TESTS:\n" );
886
887 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
888 CheckPassed( rval );
889
890 *( (UINT32 *)manuIDPtr ) = CHANGE_ENDIAN_DWORD( capabilityData.data.tpmProperties.tpmProperty[0].value );
891 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, manuId: %s\n",
892 capabilityData.data.tpmProperties.count,
893 capabilityData.data.tpmProperties.tpmProperty[0].property,
894 manuID );
895
896 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_COMMAND_SIZE, 1, &moreData, &capabilityData, 0 );
897 CheckPassed( rval );
898 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, max cmd size: %d\n",
899 capabilityData.data.tpmProperties.count,
900 capabilityData.data.tpmProperties.tpmProperty[0].property,
901 capabilityData.data.tpmProperties.tpmProperty[0].value );
902
903
904 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_COMMAND_SIZE, 40, &moreData, &capabilityData, 0 );
905 CheckPassed( rval );
906 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, max cmd size: %d\n",
907 capabilityData.data.tpmProperties.count,
908 capabilityData.data.tpmProperties.tpmProperty[0].property,
909 capabilityData.data.tpmProperties.tpmProperty[0].value );
910
911
912 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_RESPONSE_SIZE, 1, &moreData, &capabilityData, 0 );
913 CheckPassed( rval );
914 TpmClientPrintf( 0, "\t count: %d, property: %x, max response size: %d\n",
915 capabilityData.data.tpmProperties.count,
916 capabilityData.data.tpmProperties.tpmProperty[0].property,
917 capabilityData.data.tpmProperties.tpmProperty[0].value );
918
919 rval = Tss2_Sys_GetCapability( sysContext, 0, 0xff, TPM_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
920
921 if( tpmSpecVersion == 115 || tpmSpecVersion == 119 )
922 {
923 CheckFailed( rval, TPM_RC_VALUE );
924 }
925 else
926 {
927 CheckFailed( rval, TPM_RC_VALUE+TPM_RC_1+TPM_RC_P );
928 }
929}
930
931void TestTpmClear()
932{
933 UINT32 rval;
934 TPM2B_AUTH hmac;
935 TPMS_AUTH_COMMAND sessionData;
936 TPMS_AUTH_RESPONSE sessionDataOut;
937 TPM2B_NONCE nonce;
938 TSS2_SYS_CMD_AUTHS sessionsDataIn;
939 TSS2_SYS_RSP_AUTHS sessionsDataOut;
940
941 TPMS_AUTH_COMMAND *sessionDataArray[1];
942 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
943
944 sessionDataArray[0] = &sessionData;
945 sessionDataOutArray[0] = &sessionDataOut;
946
947 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
948 sessionsDataIn.cmdAuths = &sessionDataArray[0];
949
950 sessionsDataOut.rspAuthsCount = 1;
951 sessionsDataOut.rspAuths[0] = &sessionDataOut;
952
953 TpmClientPrintf( 0, "\nCLEAR and CLEAR CONTROL TESTS:\n" );
954
955 // Init sessionHandle
956 sessionData.sessionHandle = TPM_RS_PW;
957
958 // Init nonce.
959 nonce.t.size = 0;
960 sessionData.nonce = nonce;
961
962 // init hmac
963 hmac.t.size = 0;
964 sessionData.hmac = hmac;
965
966 // Init session attributes
967 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
968
969 sessionsDataIn.cmdAuthsCount = 1;
970 sessionsDataIn.cmdAuths[0] = &sessionData;
971
972 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, 0 );
973 CheckPassed( rval );
974
975 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, YES, &sessionsDataOut );
976 CheckPassed( rval );
977
978 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, 0 );
979 CheckFailed( rval, TPM_RC_DISABLED );
980
981 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
982 CheckPassed( rval );
983
984 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0xff;
985 sessionsDataIn.cmdAuths[0] = &sessionData;
986 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, &sessionsDataOut );
987 CheckFailed( rval, TPM_RC_9 + TPM_RC_RESERVED_BITS );
988
989 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
990 CheckFailed( rval, TPM_RC_9 + TPM_RC_RESERVED_BITS );
991
992 hmac.t.size = 0;
993
994
995}
996
997#ifdef DEBUG_GAP_HANDLING
998
999#define SESSIONS_ABOVE_MAX_ACTIVE 1
1000// SESSION sessions[DEBUG_GAP_MAX*3];
1001 SESSION *sessions[300];
1002#else
1003
1004#define SESSIONS_ABOVE_MAX_ACTIVE 0
1005#define DEBUG_MAX_ACTIVE_SESSIONS 8
1006#define DEBUG_GAP_MAX 2*DEBUG_MAX_ACTIVE_SESSIONS
1007 SESSION *sessions[5];
1008
1009#endif
1010
1011void TestStartAuthSession()
1012{
1013 UINT32 rval;
1014 TPM2B_ENCRYPTED_SECRET encryptedSalt;
1015 TPMT_SYM_DEF symmetric;
1016 SESSION *authSession;
1017 TPM2B_NONCE nonceCaller;
1018 UINT16 i, debugGapMax = DEBUG_GAP_MAX, debugMaxActiveSessions = DEBUG_MAX_ACTIVE_SESSIONS;
1019 TPMA_LOCALITY locality;
1020 TPM_HANDLE badSessionHandle = 0x03010000;
1021
1022 TPMS_AUTH_COMMAND sessionData;
1023 TPM2B_NONCE nonce;
1024 TSS2_SYS_CMD_AUTHS sessionsDataIn;
1025
1026 TPMS_AUTH_COMMAND *sessionDataArray[1];
1027
1028 TPM2B_AUTH hmac;
1029
1030 TPMS_CONTEXT evictedSessionContext;
1031 TPM_HANDLE evictedHandle;
1032
1033 sessionDataArray[0] = &sessionData;
1034
1035 sessionsDataIn.cmdAuths = &sessionDataArray[0];
1036
1037 sessionsDataIn.cmdAuthsCount = 1;
1038
1039 // Init sessionHandle
1040 sessionData.sessionHandle = badSessionHandle;
1041
1042 // Init nonce.
1043 nonce.t.size = 0;
1044 sessionData.nonce = nonce;
1045
1046 // init hmac
1047 hmac.t.size = 0;
1048 sessionData.hmac = hmac;
1049
1050 // Init session attributes
1051 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1052
1053 encryptedSalt.t.size = 0;
1054
1055 TpmClientPrintf( 0, "\nSTART_AUTH_SESSION TESTS:\n" );
1056
1057 symmetric.algorithm = TPM_ALG_NULL;
1058 symmetric.keyBits.sym = 0;
1059 symmetric.mode.sym = 0;
1060
1061 nonceCaller.t.size = 0;
1062
1063 encryptedSalt.t.size = 0;
1064
1065 // Init session
1066 rval = StartAuthSessionWithParams( &authSession, TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1067 CheckPassed( rval );
1068
1069 rval = Tss2_Sys_FlushContext( sysContext, authSession->sessionHandle );
1070 CheckPassed( rval );
1071 EndAuthSession( authSession );
1072
1073 // Init session
1074 rval = StartAuthSessionWithParams( &authSession, TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, 0xff, &symmetric, TPM_ALG_SHA256 );
1075 CheckFailed( rval, TPM_RC_VALUE + TPM_RC_P + TPM_RC_3 );
1076
1077 // Try starting a bunch to see if resource manager handles this correctly.
1078
1079#ifdef DEBUG_GAP_HANDLING
1080 for( i = 0; i < debugMaxActiveSessions*3; i++ )
1081#else
1082 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
1083#endif
1084 {
1085// TpmClientPrintf( 0, "i = 0x%4.4x\n", i );
1086
1087 // Init session struct
1088 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1089 CheckPassed( rval );
1090 TpmClientPrintf( 0, "Number of sessions created: %d\n\n", i );
1091
1092#ifdef DEBUG_GAP_HANDLING
1093 if( i == 0 )
1094 {
1095 // Save evicted session's context so we can use it for a test.
1096 rval = Tss2_Sys_ContextSave( sysContext, sessions[i]->sessionHandle, &evictedSessionContext );
1097 CheckPassed( rval );
1098 }
1099#endif
1100 }
1101
1102#ifdef DEBUG_GAP_HANDLING
1103 TpmClientPrintf( 0, "loading evicted session's context\n" );
1104 // Now try loading an evicted session's context.
1105 // NOTE: simulator versions 01.19 and earlier this test will fail due to a
1106 // simulator bug (unless patches have been applied).
1107 rval = Tss2_Sys_ContextLoad( sysContext, &evictedSessionContext, &evictedHandle );
1108 CheckFailed( rval, TPM_RC_HANDLE + TPM_RC_P + ( 1 << 8 ));
1109#endif
1110
1111 // Now try two ways of using a bad session handle. Both should fail.
1112
1113 // first way is to use as command parameter.
1114 *(UINT8 *)( (void *)&locality ) = 0;
1115 locality.TPM_LOC_THREE = 1;
1116 rval = Tss2_Sys_PolicyLocality( sysContext, badSessionHandle, 0, locality, 0 );
1117 CheckFailed( rval, TSS2_RESMGRTPM_ERROR_LEVEL + TPM_RC_HANDLE + ( 1 << 8 ) );
1118
1119 // Second way is to use as handle in session area.
1120 rval = Tss2_Sys_PolicyLocality( sysContext, sessions[0]->sessionHandle, &sessionsDataIn, locality, 0 );
1121 CheckFailed( rval, TSS2_RESMGRTPM_ERROR_LEVEL + TPM_RC_VALUE + TPM_RC_S + ( 1 << 8 ) );
1122
1123 // clean up the sessions that I don't want here.
1124#ifdef DEBUG_GAP_HANDLING
1125 for( i = 0; i < ( debugMaxActiveSessions*3); i++ )
1126#else
1127 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *)); i++ )
1128#endif
1129 {
1130// TpmClientPrintf( 0, "i(2) = 0x%4.4x\n", i );
1131 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
1132
1133 rval = EndAuthSession( sessions[i] );
1134 }
1135
1136 // Now do some gap tests.
1137 rval = StartAuthSessionWithParams( &sessions[0], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1138 CheckPassed( rval );
1139
1140#ifdef DEBUG_GAP_HANDLING
1141// for( i = 1; i < debugGapMax/2; i++ )
1142 for( i = 1; i < 300; i++ )
1143#else
1144 for( i = 1; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
1145#endif
1146 {
1147// TpmClientPrintf( 0, "i(3) = 0x%4.4x\n", i );
1148
1149 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1150 CheckPassed( rval );
1151
1152 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
1153 CheckPassed( rval );
1154
1155 rval = EndAuthSession( sessions[i] );
1156 CheckPassed( rval );
1157 }
1158
1159#ifdef DEBUG_GAP_HANDLING
1160 // Now do some gap tests.
1161 rval = StartAuthSessionWithParams( &sessions[8], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1162 CheckPassed( rval );
1163#endif
1164
1165#ifdef DEBUG_GAP_HANDLING
1166 for( i = 9; i < debugGapMax; i++ )
1167#else
1168 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
1169#endif
1170 {
1171// TpmClientPrintf( 0, "i(4) = 0x%4.4x\n", i );
1172 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1173 CheckPassed( rval );
1174
1175 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
1176 CheckPassed( rval );
1177
1178 rval = EndAuthSession( sessions[i] );
1179 CheckPassed( rval );
1180
1181 }
1182
1183#ifdef DEBUG_GAP_HANDLING
1184 for( i = 0; i < 5; i++ )
1185 {
1186// TpmClientPrintf( 0, "i(5) = 0x%4.4x\n", i );
1187 rval = StartAuthSessionWithParams( &sessions[i+16], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
1188 CheckPassed( rval );
1189 }
1190
1191 for( i = 0; i < 5; i++ )
1192 {
1193// TpmClientPrintf( 0, "i(6) = 0x%4.4x\n", i );
1194 rval = Tss2_Sys_FlushContext( sysContext, sessions[i+16]->sessionHandle );
1195 CheckPassed( rval );
1196
1197 rval = EndAuthSession( sessions[i+16] );
1198 CheckPassed( rval );
1199 }
1200
1201 rval = Tss2_Sys_FlushContext( sysContext, sessions[0]->sessionHandle );
1202 CheckPassed( rval );
1203
1204 rval = EndAuthSession( sessions[0] );
1205 CheckPassed( rval );
1206
1207 rval = Tss2_Sys_FlushContext( sysContext, sessions[8]->sessionHandle );
1208 CheckPassed( rval );
1209
1210 rval = EndAuthSession( sessions[8] );
1211 CheckPassed( rval );
1212#endif
1213
1214}
1215
1216void TestChangeEps()
1217{
1218 UINT32 rval;
1219 TSS2_SYS_CMD_AUTHS sessionsData;
1220 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1221
1222 TPMS_AUTH_COMMAND sessionData;
1223 TPMS_AUTH_RESPONSE sessionDataOut;
1224
1225 TPMS_AUTH_COMMAND *sessionDataArray[1];
1226 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1227
1228 sessionDataArray[0] = &sessionData;
1229 sessionDataOutArray[0] = &sessionDataOut;
1230
1231 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1232 sessionsData.cmdAuths = &sessionDataArray[0];
1233
1234 sessionsDataOut.rspAuthsCount = 1;
1235
1236 TpmClientPrintf( 0, "\nCHANGE_EPS TESTS:\n" );
1237
1238 sessionsData.cmdAuthsCount = 1;
1239
1240 // Init authHandle
1241 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
1242
1243 // Init nonce.
1244 sessionsData.cmdAuths[0]->nonce.t.size = 0;
1245
1246 // init hmac
1247 sessionsData.cmdAuths[0]->hmac.t.size = 0;
1248
1249 // Init session attributes
1250 *( (UINT8 *)((void *)&sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
1251
1252 rval = Tss2_Sys_ChangeEPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1253 CheckPassed( rval );
1254
1255 sessionsData.cmdAuths[0]->hmac.t.size = 0x10;
1256
1257 rval = Tss2_Sys_ChangeEPS( sysContext, TPM_RH_PLATFORM, &sessionsData, 0 );
1258 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1259}
1260
1261void TestChangePps()
1262{
1263 UINT32 rval;
1264 TSS2_SYS_CMD_AUTHS sessionsData;
1265
1266 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1267
1268 TPMS_AUTH_COMMAND sessionData;
1269 TPMS_AUTH_RESPONSE sessionDataOut;
1270
1271 TPMS_AUTH_COMMAND *sessionDataArray[1];
1272 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1273
1274 sessionDataArray[0] = &sessionData;
1275 sessionDataOutArray[0] = &sessionDataOut;
1276
1277 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1278 sessionsData.cmdAuths = &sessionDataArray[0];
1279
1280 sessionsDataOut.rspAuthsCount = 1;
1281
1282 TpmClientPrintf( 0, "\nCHANGE_PPS TESTS:\n" );
1283
1284 sessionsData.cmdAuthsCount = 1;
1285
1286 // Init authHandle
1287 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
1288
1289 // Init nonce.
1290 sessionsData.cmdAuths[0]->nonce.t.size = 0;
1291
1292 // init hmac
1293 sessionsData.cmdAuths[0]->hmac.t.size = 0;
1294
1295 // Init session attributes
1296 *( (UINT8 *)((void *)&sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
1297
1298 rval = Tss2_Sys_ChangePPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1299 CheckPassed( rval );
1300
1301 sessionsData.cmdAuths[0]->hmac.t.size = 0x10;
1302
1303 rval = Tss2_Sys_ChangePPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1304 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1305}
1306
1307void TestHierarchyChangeAuth()
1308{
1309 UINT32 rval;
1310 TPM2B_AUTH newAuth;
1311 TPMS_AUTH_COMMAND sessionData;
1312 TSS2_SYS_CMD_AUTHS sessionsData;
1313 int i;
1314
1315 TPMS_AUTH_COMMAND *sessionDataArray[1];
1316
1317 sessionDataArray[0] = &sessionData;
1318
1319 sessionsData.cmdAuths = &sessionDataArray[0];
1320
1321 TpmClientPrintf( 0, "\nHIERARCHY_CHANGE_AUTH TESTS:\n" );
1322
1323 // Init authHandle
1324 sessionData.sessionHandle = TPM_RS_PW;
1325
1326 // Init nonce.
1327 sessionData.nonce.t.size = 0;
1328
1329 // init hmac
1330 sessionData.hmac.t.size = 0;
1331
1332 // Init session attributes
1333 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1334
1335 sessionsData.cmdAuthsCount = 1;
1336 sessionsData.cmdAuths[0] = &sessionData;
1337
1338 newAuth.t.size = 0;
1339 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1340 CheckPassed( rval );
1341
1342 // Init new auth
1343 newAuth.t.size = 20;
1344 for( i = 0; i < newAuth.t.size; i++ )
1345 newAuth.t.buffer[i] = i;
1346
1347 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1348 CheckPassed( rval );
1349
1350 sessionData.hmac = newAuth;
1351 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1352 CheckPassed( rval );
1353
1354 // Init new auth
1355 newAuth.t.size = 0;
1356
1357 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1358 CheckPassed( rval );
1359
1360 sessionsData.cmdAuths[0] = &sessionData;
1361 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1362 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1363
1364 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, 0, &sessionsData, &newAuth, 0 );
1365 CheckFailed( rval, TPM_RC_1 + TPM_RC_VALUE );
1366}
1367
1368#define PCR_0 0
1369#define PCR_1 1
1370#define PCR_2 2
1371#define PCR_3 3
1372#define PCR_4 4
1373#define PCR_5 5
1374#define PCR_6 6
1375#define PCR_7 7
1376#define PCR_8 8
1377#define PCR_9 9
1378#define PCR_10 10
1379#define PCR_11 11
1380#define PCR_12 12
1381#define PCR_13 13
1382#define PCR_14 14
1383#define PCR_15 15
1384#define PCR_16 16
1385#define PCR_17 17
1386#define PCR_18 18
1387
1388#define PCR_SIZE 20
1389
1390void TestPcrExtend()
1391{
1392 UINT32 rval;
1393 TPMS_AUTH_COMMAND sessionData;
1394 TSS2_SYS_CMD_AUTHS sessionsData;
1395 UINT16 i, digestSize;
1396 TPML_PCR_SELECTION pcrSelection;
1397 UINT32 pcrUpdateCounterBeforeExtend;
1398 UINT32 pcrUpdateCounterAfterExtend;
1399 UINT8 pcrBeforeExtend[PCR_SIZE];
1400 TPM2B_EVENT eventData;
1401 TPML_DIGEST pcrValues;
1402 TPML_DIGEST_VALUES digests;
1403 TPML_PCR_SELECTION pcrSelectionOut;
1404
1405 TPMS_AUTH_COMMAND *sessionDataArray[1];
1406
1407 sessionDataArray[0] = &sessionData;
1408 sessionsData.cmdAuths = &sessionDataArray[0];
1409
1410 TpmClientPrintf( 0, "\nPCR_EXTEND, PCR_EVENT, PCR_ALLOCATE, and PCR_READ TESTS:\n" );
1411
1412 // Init authHandle
1413 sessionData.sessionHandle = TPM_RS_PW;
1414
1415 // Init nonce.
1416 sessionData.nonce.t.size = 0;
1417
1418 // init hmac
1419 sessionData.hmac.t.size = 0;
1420
1421 // Init session attributes
1422 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1423
1424 // Init digests
1425 digests.count = 1;
1426 digests.digests[0].hashAlg = TPM_ALG_SHA1;
1427 digestSize = GetDigestSize( digests.digests[0].hashAlg );
1428
1429 for( i = 0; i < digestSize; i++ )
1430 {
1431 digests.digests[0].digest.sha1[i] = (UINT8)(i % 256);
1432 }
1433
1434 pcrSelection.count = 1;
1435 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA1;
1436 pcrSelection.pcrSelections[0].sizeofSelect = 3;
1437
1438 // Clear out PCR select bit field
1439 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
1440 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
1441 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
1442
1443 // Now set the PCR you want to read
1444 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_17 );
1445
1446 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterBeforeExtend, &pcrSelectionOut, &pcrValues, 0 );
1447 CheckPassed( rval );
1448
1449 if( pcrValues.digests[0].t.size <= PCR_SIZE &&
1450 pcrValues.digests[0].t.size <= sizeof( pcrValues.digests[0].t.buffer ) )
1451 memcpy( &( pcrBeforeExtend[0] ), &( pcrValues.digests[0].t.buffer[0] ), pcrValues.digests[0].t.size );
1452
1453 sessionsData.cmdAuthsCount = 1;
1454 sessionsData.cmdAuths[0] = &sessionData;
1455
1456 rval = Tss2_Sys_PCR_Extend( sysContext, PCR_17, &sessionsData, &digests, 0 );
1457 CheckPassed( rval );
1458
1459 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, &pcrSelectionOut, &pcrValues, 0 );
1460 CheckPassed( rval );
1461
1462 memcpy( &( pcrAfterExtend[0] ), &( pcrValues.digests[0].t.buffer[0] ), pcrValues.digests[0].t.size );
1463
1464 if( pcrUpdateCounterBeforeExtend == pcrUpdateCounterAfterExtend )
1465 {
1466 TpmClientPrintf( 0, "ERROR!! pcrUpdateCounter didn't change value\n" );
1467 Cleanup();
1468 }
1469
1470 if( 0 == memcmp( &( pcrBeforeExtend[0] ), &( pcrAfterExtend[0] ), 20 ) )
1471 {
1472 TpmClientPrintf( 0, "ERROR!! PCR didn't change value\n" );
1473 Cleanup();
1474 }
1475
1476 pcrSelection.pcrSelections[0].sizeofSelect = 4;
1477
1478 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, 0, 0, 0 );
1479 CheckFailed( rval, TPM_RC_1 + TPM_RC_P + TPM_RC_VALUE );
1480
1481 eventData.t.size = 4;
1482 eventData.t.buffer[0] = 0;
1483 eventData.t.buffer[1] = 0xff;
1484 eventData.t.buffer[2] = 0x55;
1485 eventData.t.buffer[3] = 0xaa;
1486
1487 rval = Tss2_Sys_PCR_Event( sysContext, PCR_18, &sessionsData, &eventData, &digests, 0 );
1488 CheckPassed( rval );
1489}
1490
1491void TestGetRandom()
1492{
1493 UINT32 rval;
1494 TPM2B_DIGEST randomBytes1, randomBytes2;
1495
1496 TpmClientPrintf( 0, "\nGET_RANDOM TESTS:\n" );
1497
1498 rval = Tss2_Sys_GetRandom( sysContext, 0, 20, &randomBytes1, 0 );
1499 CheckPassed( rval );
1500
1501 rval = Tss2_Sys_GetRandom( sysContext, 0, 20, &randomBytes2, 0 );
1502 CheckPassed( rval );
1503
1504 if( 0 == memcmp( &randomBytes1, &randomBytes2, 20 ) )
1505 {
1506 TpmClientPrintf( 0, "ERROR!! Random value is the same\n" );
1507 Cleanup();
1508 }
1509}
1510
1511void TestShutdown()
1512{
1513 UINT32 rval;
1514 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1515
1516 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1517 TPMS_AUTH_RESPONSE sessionDataOut;
1518
1519 sessionDataOutArray[0] = &sessionDataOut;
1520
1521 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1522
1523 sessionsDataOut.rspAuthsCount = 1;
1524
1525 TpmClientPrintf( 0, "\nSHUTDOWN TESTS:\n" );
1526
1527 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM_SU_STATE, &sessionsDataOut );
1528 CheckPassed( rval );
1529
1530 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM_SU_CLEAR, &sessionsDataOut );
1531 CheckPassed( rval );
1532
1533 if( !( tpmSpecVersion == 115 || tpmSpecVersion == 119 ) )
1534 {
1535 rval = Tss2_Sys_Shutdown( sysContext, 0, 0xff, 0 );
1536 CheckFailed( rval, TPM_RC_VALUE+TPM_RC_1+TPM_RC_P );
1537 }
1538}
1539
1540void TestNV()
1541{
1542 UINT32 rval;
1543 TPM2B_NV_PUBLIC publicInfo;
1544 TPM2B_AUTH nvAuth;
1545 TPMS_AUTH_COMMAND sessionData;
1546 TPMS_AUTH_RESPONSE sessionDataOut;
1547 TSS2_SYS_CMD_AUTHS sessionsData;
1548 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1549 int i;
1550 TPM2B_MAX_NV_BUFFER nvWriteData;
1551 TPM2B_MAX_NV_BUFFER nvData;
1552
1553 TPM2B_NV_PUBLIC nvPublic;
1554 TPM2B_NAME nvName;
1555
1556 TPMS_AUTH_COMMAND *sessionDataArray[1];
1557 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1558
1559 sessionDataArray[0] = &sessionData;
1560 sessionDataOutArray[0] = &sessionDataOut;
1561
1562 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1563 sessionsData.cmdAuths = &sessionDataArray[0];
1564
1565 sessionsDataOut.rspAuthsCount = 1;
1566
1567 TpmClientPrintf( 0, "\nNV INDEX TESTS:\n" );
1568
1569 nvAuth.t.size = 20;
1570 for( i = 0; i < nvAuth.t.size; i++ )
1571 nvAuth.t.buffer[i] = (UINT8)i;
1572
1573 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
1574 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
1575 sizeof( UINT16 );
1576 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST1;
1577 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
1578
1579 // First zero out attributes.
1580 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
1581
1582 // Now set the attributes.
1583 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1584 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1585 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITE_STCLEAR = 1;
1586 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1587 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1588 publicInfo.t.nvPublic.authPolicy.t.size = 0;
1589 publicInfo.t.nvPublic.dataSize = 32;
1590
1591 sessionData.sessionHandle = TPM_RS_PW;
1592
1593 // Init nonce.
1594 sessionData.nonce.t.size = 0;
1595
1596 // init hmac
1597 sessionData.hmac.t.size = 0;
1598
1599 // Init session attributes
1600 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1601
1602 sessionsData.cmdAuthsCount = 1;
1603 sessionsData.cmdAuths[0] = &sessionData;
1604
1605 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1606 CheckFailed( rval, TPM_RC_2 + TPM_RC_HANDLE );
1607
1608 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1609 CheckPassed( rval );
1610
1611 nvPublic.t.size = 0;
1612 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1613 CheckPassed( rval );
1614
1615 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1616 CheckFailed( rval, TPM_RC_NV_UNINITIALIZED );
1617
1618 // Should fail since index is already defined.
1619 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1620 CheckFailed( rval, TPM_RC_NV_DEFINED );
1621
1622 nvWriteData.t.size = 4;
1623 for( i = 0; i < nvWriteData.t.size; i++ )
1624 nvWriteData.t.buffer[i] = 0xff - i;
1625
1626#if 1
1627 //
1628 // Following, at one point, was commented out so that NVDefine will work on successive
1629 // invocations of client app.
1630 //
1631 // Noticed on 12/13/12, this doesn't seem to be necessary anymore. Maybe something else
1632 // I did fixed it.
1633 //
1634 // Seems to be a bug in TPM 2.0 simulator that if:
1635 // First pass of tpmclient.exe after restarting TPM 2.0 simulator will work fine.
1636 // If NVWrite is done, subsequent invocations of tpmclient.exe will ALWAYS fail on
1637 // first call to Tpm2NVDefineSpace with 0x2cb error. Removing NVWrite removes this.
1638 // And restarting TPM 2.0 simulator will make it work the first time and fail
1639 // subsequent times.
1640 // Removing NVWrite works around this problem.
1641 //
1642 rval = Tss2_Sys_NV_Write( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1643 CheckPassed( rval );
1644
1645 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1646 CheckPassed( rval );
1647
1648 rval = Tss2_Sys_NV_WriteLock( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &sessionsDataOut );
1649 CheckPassed( rval );
1650
1651 rval = Tss2_Sys_NV_Write( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1652 CheckFailed( rval, TPM_RC_NV_LOCKED );
1653#endif
1654
1655 // Now undefine the index.
1656 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1657 CheckPassed( rval );
1658
1659 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
1660 CheckPassed( rval );
1661
1662 // Now undefine the index so that next run will work correctly.
1663 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1664 CheckPassed( rval );
1665
1666 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 0;
1667 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 0;
1668 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERREAD = 1;
1669 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERWRITE = 1;
1670 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 0;
1671 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1672 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST2;
1673 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
1674 CheckPassed( rval );
1675
1676 nvPublic.t.size = 0;
1677 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST2, 0, &nvPublic, &nvName, 0 );
1678 CheckPassed( rval );
1679
1680 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST2, &sessionsData, 32, 0, &nvData, 0 );
1681 CheckFailed( rval, TPM_RC_NV_AUTHORIZATION );
1682
1683 // Now undefine the index.
1684 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
1685 CheckPassed( rval );
1686
1687 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
1688 CheckPassed( rval );
1689
1690 // Now undefine the index so that next run will work correctly.
1691 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
1692 CheckPassed( rval );
1693
1694#if 0
1695 TpmClientPrintf( 0, "\nStart of NVUndefineSpaceSpecial test\n" );
1696
1697 // Init nonceNewer
1698 digestSize = GetDigestSize( TPM_ALG_SHA1 );
1699 nonceNewer.t.size = digestSize;
1700 for( i = 0; i < nonceNewer.t.size; i++ )
1701 nonceNewer.t.buffer[i] = 0;
1702
1703 // Init salt
1704 salt.t.size = 0;
1705
1706 // Init symmetric.
1707 symmetric.algorithm = TPM_ALG_NULL;
1708 symmetric.keyBits.sym = 0;
1709 symmetric.mode.sym = 0;
1710 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_PLATFORM, 0, &nonceNewer, &salt,
1711 TPM_SE_TRIAL, &symmetric, TPM_ALG_SHA1, &nvSessionHandle, &nvSessionNonce );
1712 CheckPassed( rval );
1713
1714 nvSessionHandle = ( ( TPM20_StartAuthSession_Out *)(TpmOutBuff) )->sessionHandle;
1715
1716 rval = Tss2_Sys_PolicyCommandCode ( sysContext, nvSessionHandle, 0, TPM_CC_NV_UndefineSpaceSpecial, 0 );
1717 CheckPassed( rval );
1718
1719 rval = Tss2_Sys_PolicyGetDigest( sysContext, nvSessionHandle, 0, &nvAuth1, 0 );
1720 CheckPassed( rval );
1721
1722 rval = Tss2_Sys_FlushContext( sysContext, nvSessionHandle );
1723
1724 nvAuth1 = (TPM2B_AUTH *)&( ( ( TPM20_PolicyGetDigest_Out *)(TpmOutBuff) )->otherData );
1725 publicInfo.t.nvPublic.authPolicy.t.size = nvAuth1->t.size;
1726 memcpy( &( publicInfo.t.nvPublic.authPolicy.t.buffer[0] ),c
1727 &( nvAuth1->t.buffer[0] ),
1728 publicInfo.t.nvPublic.authPolicy.t.size );
1729
1730 publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
1731 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1732 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1733 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERREAD = 0;
1734 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERWRITE = 0;
1735 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1736 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1737
1738 InitNullSession( &nvSession );
1739
1740 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1741 CheckPassed( rval );
1742
1743 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_PLATFORM, 0, &nonceCaller, &salt,
1744 TPM_SE_POLICY, &symmetric, TPM_ALG_SHA1, &nvSessionHandle, &nvSessionNonce );
1745 CheckPassed( rval );
1746
1747 nvSession.sessionHandle = nvSessionHandle = ( ( TPM20_StartAuthSession_Out *)(TpmOutBuff) )->sessionHandle;
1748
1749 rval = Tss2_Sys_PolicyCommandCode ( sysContext, nvSessionHandle, 0, TPM_CC_NV_UndefineSpaceSpecial, 0 );
1750 CheckPassed( rval );
1751
1752 nvSession->hmac = publicInfo.t.nvPublic.authPolicy;
1753
1754 nvSessions.cmdAuthsCount = 2;
1755 nvSessions.session[0] = nvSession;
1756
1757 rval = Tss2_Sys_NVUndefineSpaceSpecial( sysContext, TPM20_INDEX_TEST2, TPM_RH_PLATFORM, &nvSessions, &sessionsData );
1758 CheckPassed( rval );
1759#endif
1760}
1761
1762void TestHierarchyControl()
1763{
1764 UINT32 rval;
1765 TPM2B_NV_PUBLIC publicInfo;
1766 TPM2B_AUTH nvAuth;
1767 TPMS_AUTH_COMMAND sessionData;
1768 TPMS_AUTH_RESPONSE sessionDataOut;
1769 TSS2_SYS_CMD_AUTHS sessionsData;
1770 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1771 int i;
1772 TPM2B_NAME nvName;
1773 TPM2B_NV_PUBLIC nvPublic;
1774 TPM2B_MAX_NV_BUFFER nvData;
1775
1776 TPMS_AUTH_COMMAND *sessionDataArray[1];
1777 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1778
1779 sessionDataArray[0] = &sessionData;
1780 sessionDataOutArray[0] = &sessionDataOut;
1781
1782 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1783 sessionsData.cmdAuths = &sessionDataArray[0];
1784
1785 sessionsDataOut.rspAuthsCount = 1;
1786
1787 TpmClientPrintf( 0, "\nHIERARCHY CONTROL TESTS:\n" );
1788
1789 nvAuth.t.size = 20;
1790 for( i = 0; i < nvAuth.t.size; i++ )
1791 nvAuth.t.buffer[i] = i;
1792
1793 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
1794 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
1795 sizeof( UINT16 );
1796 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST1;
1797 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
1798
1799 // First zero out attributes.
1800 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
1801
1802 // Now set the attributes.
1803 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1804 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1805 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1806 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITE_STCLEAR = 1;
1807 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1808 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1809 publicInfo.t.nvPublic.authPolicy.t.size = 0;
1810 publicInfo.t.nvPublic.dataSize = 32;
1811
1812 sessionData.sessionHandle = TPM_RS_PW;
1813
1814 // Init nonce.
1815 sessionData.nonce.t.size = 0;
1816
1817 // init hmac
1818 sessionData.hmac.t.size = 0;
1819
1820 // Init session attributes
1821 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1822
1823 sessionsData.cmdAuthsCount = 1;
1824 sessionsData.cmdAuths[0] = &sessionData;
1825
1826 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
1827 CheckPassed( rval );
1828
1829 // Test SAPI for case where nvPublic.t.size != 0
1830 nvPublic.t.size = 0xff;
1831 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1832 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
1833
1834 nvPublic.t.size = 0;
1835 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1836 CheckPassed( rval );
1837
1838 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1839 CheckFailed( rval, TPM_RC_NV_UNINITIALIZED );
1840
1841 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, NO, &sessionsDataOut );
1842 CheckPassed( rval );
1843
1844 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1845 CheckFailed( rval, TPM_RC_1 + TPM_RC_HIERARCHY );
1846
1847 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, YES, &sessionsDataOut );
1848 CheckFailed( rval, TPM_RC_1 + TPM_RC_HIERARCHY );
1849
1850 // Need to do TPM reset and Startup to re-enable platform hierarchy.
1851 rval = TpmReset();
1852 CheckPassed(rval);
1853
1854 rval = Tss2_Sys_Startup ( sysContext, TPM_SU_CLEAR );
1855 CheckPassed( rval );
1856
1857 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, YES, &sessionsDataOut );
1858 CheckPassed( rval );
1859
1860 // Now undefine the index so that next run will work correctly.
1861 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1862 CheckPassed( rval );
1863}
1864
1865TPM2B_PUBLIC inPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
1866
1867void TestCreate(){
1868 UINT32 rval;
1869 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
1870 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
1871 TPML_PCR_SELECTION creationPCR;
1872 TPMS_AUTH_COMMAND sessionData;
1873 TPMS_AUTH_RESPONSE sessionDataOut;
1874 TSS2_SYS_CMD_AUTHS sessionsData;
1875
1876 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1877 TPM2B_NAME name = { { sizeof( TPM2B_NAME ) - 2, } };
1878 TPM2B_NAME name1 = { { sizeof( TPM2B_NAME ) - 2, } };
1879 TPM2B_PRIVATE outPrivate = { { sizeof( TPM2B_PRIVATE ) - 2, } };
1880 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
1881 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
1882 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
1883 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
1884
1885 TPMS_AUTH_COMMAND *sessionDataArray[1];
1886 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1887
1888 sessionDataArray[0] = &sessionData;
1889 sessionDataOutArray[0] = &sessionDataOut;
1890
1891 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1892 sessionsData.cmdAuths = &sessionDataArray[0];
1893
1894 sessionsDataOut.rspAuthsCount = 1;
1895
1896 TpmClientPrintf( 0, "\nCREATE, CREATE PRIMARY, and LOAD TESTS:\n" );
1897
1898 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1899 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1900 inSensitive.t.sensitive.data.t.size = 0;
1901 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
1902
1903 inPublic.t.publicArea.type = TPM_ALG_RSA;
1904 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
1905
1906 // First clear attributes bit field.
1907 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
1908 inPublic.t.publicArea.objectAttributes.restricted = 1;
1909 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
1910 inPublic.t.publicArea.objectAttributes.decrypt = 1;
1911 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
1912 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
1913 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
1914
1915 inPublic.t.publicArea.authPolicy.t.size = 0;
1916
1917 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
1918 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
1919 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
1920 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
1921 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
1922 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
1923
1924 inPublic.t.publicArea.unique.rsa.t.size = 0;
1925
1926 outsideInfo.t.size = 0;
1927 creationPCR.count = 0;
1928
1929 sessionData.sessionHandle = TPM_RS_PW;
1930
1931 // Init nonce.
1932 sessionData.nonce.t.size = 0;
1933
1934 // init hmac
1935 sessionData.hmac.t.size = 0;
1936
1937 // Init session attributes
1938 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1939
1940 sessionsData.cmdAuthsCount = 1;
1941 sessionsData.cmdAuths[0] = &sessionData;
1942
1943 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
1944
1945 // Do SAPI test for non-zero sized outPublic
1946 outPublic.t.size = 0xff;
1947 creationData.t.size = 0;
1948 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1949 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1950 &creationTicket, &name, &sessionsDataOut );
1951 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
1952
1953 rval = Tss2_Sys_FlushContext( sysContext, handle2048rsa );
1954 CheckPassed( rval );
1955#if 0
1956 // Do SAPI test for non-zero sized creationData
1957 outPublic.t.size = 0;
1958 creationData.t.size = 0x10;
1959 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1960 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1961 &creationTicket, &name, &sessionsDataOut );
1962 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
1963#endif
1964
1965 outPublic.t.size = 0;
1966 creationData.t.size = sizeof( TPM2B_CREATION_DATA ) - 2;
1967 outPublic.t.publicArea.authPolicy.t.size = sizeof( TPM2B_DIGEST ) - 2;
1968 outPublic.t.publicArea.unique.keyedHash.t.size = sizeof( TPM2B_DIGEST ) - 2;
1969 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1970 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1971 &creationTicket, &name, &sessionsDataOut );
1972 CheckPassed( rval );
1973
1974 TpmClientPrintf( 0, "\nNew key successfully created in platform hierarchy (RSA 2048). Handle: 0x%8.8x\n",
1975 handle2048rsa );
1976
1977 sessionData.hmac.t.size = 2;
1978 sessionData.hmac.t.buffer[0] = 0x00;
1979 sessionData.hmac.t.buffer[1] = 0xff;
1980
1981 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
1982 inPublic.t.publicArea.objectAttributes.decrypt = 0;
1983 inPublic.t.publicArea.objectAttributes.sign = 1;
1984
1985 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
1986 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA1;
1987
1988 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
1989
1990 outsideInfo.t.size = 0;
1991 outPublic.t.size = 0;
1992 creationData.t.size = 0;
1993 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
1994 &outsideInfo, &creationPCR,
1995 &outPrivate, &outPublic, &creationData,
1996 &creationHash, &creationTicket, &sessionsDataOut );
1997 CheckPassed( rval );
1998
1999 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, &sessionsData, &outPrivate, &outPublic,
2000 &loadedSha1KeyHandle, &name, &sessionsDataOut);
2001 CheckPassed( rval );
2002
2003 rval = (*HandleToNameFunctionPtr)( loadedSha1KeyHandle, &name1 );
2004 CheckPassed( rval );
2005 OpenOutFile( &outFp );
2006 TpmClientPrintf( 0, "Name of loaded key: " );
2007 PrintSizedBuffer( (TPM2B *)&name1 );
2008 CloseOutFile( &outFp );
2009
2010 rval = CompareTPM2B( &name.b, &name1.b );
2011 CheckPassed( rval );
2012
2013 TpmClientPrintf( 0, "\nLoaded key handle: %8.8x\n", loadedSha1KeyHandle );
2014}
2015
2016void TestEvict()
2017{
2018 TPM_RC rval = TPM_RC_SUCCESS;
2019 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
2020 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
2021 TPML_PCR_SELECTION creationPCR;
2022 TPMS_AUTH_COMMAND sessionData;
2023 TPMS_AUTH_RESPONSE sessionDataOut;
2024 TSS2_SYS_CMD_AUTHS sessionsData;
2025 TSS2_SYS_RSP_AUTHS sessionsDataOut;
2026
2027 TPM2B_PRIVATE outPrivate = { { sizeof( TPM2B_PRIVATE ) - 2, } };
2028 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
2029 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
2030 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
2031 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
2032
2033 TPMS_AUTH_COMMAND *sessionDataArray[1];
2034 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2035
2036 TSS2_TCTI_CONTEXT *otherResMgrTctiContext = 0;
2037 TSS2_SYS_CONTEXT *otherSysContext;
2038 char otherResMgrInterfaceName[] = "Other Resource Manager";
2039
2040 sessionDataArray[0] = &sessionData;
2041 sessionDataOutArray[0] = &sessionDataOut;
2042
2043 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2044 sessionsData.cmdAuths = &sessionDataArray[0];
2045 sessionsData.cmdAuthsCount = 1;
2046
2047 sessionsDataOut.rspAuthsCount = 1;
2048
2049 outsideInfo.t.size = 0;
2050 creationPCR.count = 0;
2051
2052 TpmClientPrintf( 0, "\nEVICT CONTROL TESTS:\n" );
2053
2054 // Make transient key persistent.
2055 sessionData.sessionHandle = TPM_RS_PW;
2056
2057 // Init nonce.
2058 sessionData.nonce.t.size = 0;
2059
2060 // init hmac
2061 sessionData.hmac.t.size = 0;
2062
2063 // Init session attributes
2064 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2065
2066 rval = Tss2_Sys_EvictControl( sysContext, TPM_RH_PLATFORM, handle2048rsa, &sessionsData, 0x81800000, &sessionsDataOut );
2067 CheckPassed( rval );
2068
2069 sessionData.sessionHandle = TPM_RS_PW;
2070
2071 // Init nonce.
2072 sessionData.nonce.t.size = 0;
2073
2074 // Init session attributes
2075 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2076
2077 // Create new key under persistent one.
2078 sessionData.hmac.t.size = 2;
2079 sessionData.hmac.t.buffer[0] = 0x00;
2080 sessionData.hmac.t.buffer[1] = 0xff;
2081
2082 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
2083 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
2084 inPublic.t.publicArea.objectAttributes.decrypt = 0;
2085 inPublic.t.publicArea.objectAttributes.sign = 1;
2086
2087 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
2088 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA1;
2089
2090 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
2091
2092 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
2093 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
2094 inSensitive.t.sensitive.data.t.size = 0;
2095 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
2096
2097 outsideInfo.t.size = 0;
2098 outPublic.t.size = 0;
2099 creationData.t.size = 0;
2100
2101 // Try creating a key under the persistent key using a different context.
2102
2103 rval = InitTctiResMgrContext( rmInterfaceConfig, &otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
2104 if( rval != TSS2_RC_SUCCESS )
2105 {
2106 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
2107 Cleanup();
2108 return;
2109 }
2110 else
2111 {
2112 (( TSS2_TCTI_CONTEXT_INTEL *)otherResMgrTctiContext )->status.debugMsgLevel = debugLevel;
2113 }
2114
2115 otherSysContext = InitSysContext( 0, otherResMgrTctiContext, &abiVersion );
2116 if( otherSysContext == 0 )
2117 {
2118 InitSysContextFailure();
2119 }
2120
2121 rval = Tss2_Sys_Create( otherSysContext, 0x81800000, &sessionsData, &inSensitive, &inPublic,
2122 &outsideInfo, &creationPCR,
2123 &outPrivate, &outPublic, &creationData,
2124 &creationHash, &creationTicket, &sessionsDataOut );
2125 CheckPassed( rval );
2126
2127 rval = TeardownTctiResMgrContext( rmInterfaceConfig, otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
2128 CheckPassed( rval );
2129
2130 TeardownSysContext( &otherSysContext );
2131
2132 outsideInfo.t.size = 0;
2133 outPublic.t.size = 0;
2134 creationData.t.size = 0;
2135
2136 // Try creating a key under the transient key. This should work, too.
2137 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
2138 &outsideInfo, &creationPCR,
2139 &outPrivate, &outPublic, &creationData,
2140 &creationHash, &creationTicket, &sessionsDataOut );
2141 CheckPassed( rval );
2142
2143 // Reset persistent key to be transitent.
2144 sessionData.hmac.t.size = 0;
2145 rval = Tss2_Sys_EvictControl( sysContext, TPM_RH_PLATFORM, 0x81800000, &sessionsData, 0x81800000, &sessionsDataOut );
2146 CheckPassed( rval );
2147}
2148
2149TPM_RC DefineNvIndex( TPMI_RH_PROVISION authHandle, TPMI_SH_AUTH_SESSION sessionAuthHandle, TPM2B_AUTH *auth, TPM2B_DIGEST *authPolicy,
2150 TPMI_RH_NV_INDEX nvIndex, TPMI_ALG_HASH nameAlg, TPMA_NV attributes, UINT16 size )
2151{
2152 TPM_RC rval = TPM_RC_SUCCESS;
2153 TPM2B_NV_PUBLIC publicInfo;
2154
2155 // Command and response session data structures.
2156 TPMS_AUTH_COMMAND sessionData = { sessionAuthHandle, };
2157 TPMS_AUTH_RESPONSE sessionDataOut;
2158 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
2159 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
2160 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
2161 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
2162 // Init nonce.
2163 sessionData.nonce.t.size = 0;
2164 // init hmac
2165 sessionData.hmac.t.size = 0;
2166 // Init session attributes
2167 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2168
2169 attributes.TPMA_NV_ORDERLY = 1;
2170
2171 // Init public info structure.
2172 publicInfo.t.nvPublic.attributes = attributes;
2173 CopySizedByteBuffer( &publicInfo.t.nvPublic.authPolicy.b, &authPolicy->b );
2174 publicInfo.t.nvPublic.dataSize = size;
2175 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
2176 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
2177 sizeof( UINT16 );
2178 publicInfo.t.nvPublic.nvIndex = nvIndex;
2179 publicInfo.t.nvPublic.nameAlg = nameAlg;
2180
2181 // Create the index
2182 rval = Tss2_Sys_NV_DefineSpace( sysContext, authHandle, &sessionsData, auth, &publicInfo, &sessionsDataOut );
2183
2184 return rval;
2185}
2186
2187typedef struct {
2188 char name[50];
2189 TPM_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *trialPolicySession, TPM2B_DIGEST *policyDigest );
2190 TPM_RC (*createObjectFn )( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest );
2191 TPM_RC (*testPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession );
2192} POLICY_TEST_SETUP;
2193
2194TPM_RC BuildPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession,
2195 TPM_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest ),
2196 TPM2B_DIGEST *policyDigest, bool trialSession )
2197{
2198 // NOTE: this policySession will be either a trial or normal policy session
2199 // depending on the value of the passed in trialSession parameter.
2200 TPM2B_ENCRYPTED_SECRET encryptedSalt = { {0}, };
2201 TPMT_SYM_DEF symmetric;
2202 TPM_RC rval;
2203 TPM2B_NONCE nonceCaller;
2204
2205 nonceCaller.t.size = 0;
2206
2207 // Start policy session.
2208 symmetric.algorithm = TPM_ALG_NULL;
2209 rval = StartAuthSessionWithParams( policySession, TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, trialSession ? TPM_SE_TRIAL : TPM_SE_POLICY , &symmetric, TPM_ALG_SHA256 );
2210 if( rval != TPM_RC_SUCCESS )
2211 return rval;
2212
2213 // Send policy command.
2214 rval = ( *buildPolicyFn )( sysContext, *policySession, policyDigest );
2215 CheckPassed( rval );
2216
2217 // Get policy hash.
2218 rval = Tss2_Sys_PolicyGetDigest( sysContext, (*policySession)->sessionHandle,
2219 0, policyDigest, 0 );
2220 CheckPassed( rval );
2221
2222 if( trialSession )
2223 {
2224 // Need to flush the session here.
2225 rval = Tss2_Sys_FlushContext( sysContext, (*policySession)->sessionHandle );
2226 CheckPassed( rval );
2227
2228 // And remove the session from sessions table.
2229 rval = EndAuthSession( *policySession );
2230 CheckPassed( rval );
2231 }
2232
2233 return rval;
2234}
2235
2236TPM_RC CreateNVIndex( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
2237{
2238 TPM_RC rval = TPM_RC_SUCCESS;
2239 TPMA_LOCALITY locality;
2240 TPM2B_ENCRYPTED_SECRET encryptedSalt = { {0}, };
2241 TPMT_SYM_DEF symmetric;
2242 TPMA_NV nvAttributes;
2243 TPM2B_AUTH nvAuth;
2244 TPM2B_NONCE nonceCaller;
2245
2246 nonceCaller.t.size = 0;
2247
2248 // Since locality is a fairly simple command and we can guarantee
2249 // its correctness, we don't need a trial session for this.
2250
2251 // Start real policy session
2252 symmetric.algorithm = TPM_ALG_NULL;
2253 rval = StartAuthSessionWithParams( policySession, TPM_RH_NULL,
2254 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY,
2255 &symmetric, TPM_ALG_SHA256 );
2256 CheckPassed( rval );
2257
2258 // Send PolicyLocality command
2259 *(UINT8 *)( (void *)&locality ) = 0;
2260 locality.TPM_LOC_THREE = 1;
2261 rval = Tss2_Sys_PolicyLocality( sysContext, (*policySession)->sessionHandle,
2262 0, locality, 0 );
2263 CheckPassed( rval );
2264
2265 // Read policyHash
2266 rval = Tss2_Sys_PolicyGetDigest( sysContext,
2267 (*policySession)->sessionHandle, 0, policyDigest, 0 );
2268 CheckPassed( rval );
2269
2270 nvAuth.t.size = 0;
2271
2272 // Now set the attributes.
2273 *(UINT32 *)( (void *)&nvAttributes ) = 0;
2274 nvAttributes.TPMA_NV_POLICYREAD = 1;
2275 nvAttributes.TPMA_NV_POLICYWRITE = 1;
2276 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
2277
2278 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, policyDigest,
2279 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA256, nvAttributes, 32 );
2280 CheckPassed( rval );
2281
2282 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
2283 CheckPassed( rval );
2284
2285 return rval;
2286}
2287
2288
2289TPM_RC TestLocality( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2290{
2291 TSS2_RC rval = TPM_RC_SUCCESS;
2292 TSS2_SYS_CMD_AUTHS sessionsData;
2293 TPM2B_MAX_NV_BUFFER nvWriteData;
2294 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, };
2295 TPMS_AUTH_COMMAND sessionData;
2296 TPMS_AUTH_RESPONSE sessionDataOut;
2297
2298 TPMS_AUTH_COMMAND *sessionDataArray[1];
2299 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2300
2301 sessionDataArray[0] = &sessionData;
2302 sessionDataOutArray[0] = &sessionDataOut;
2303
2304 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2305 sessionsData.cmdAuths = &sessionDataArray[0];
2306
2307 // Init write data.
2308 nvWriteData.t.size = 0;
2309
2310 sessionsData.cmdAuthsCount = 1;
2311 sessionsData.cmdAuths[0]->sessionHandle = policySession->sessionHandle;
2312 sessionsData.cmdAuths[0]->nonce.t.size = 0;
2313 sessionsData.cmdAuths[0]->hmac.t.size = 0;
2314
2315 *(UINT8 *)( (void *)&( sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
2316 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
2317
2318 rval = SetLocality( sysContext, 2 );
2319 CheckPassed( rval );
2320
2321 // Do NV write using open session's policy.
2322 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2323 TPM20_INDEX_PASSWORD_TEST,
2324 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2325 CheckFailed( rval, TPM_RC_LOCALITY );
2326
2327 rval = SetLocality( sysContext, 3 );
2328 CheckPassed( rval );
2329
2330 // Do NV write using open session's policy.
2331 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2332 TPM20_INDEX_PASSWORD_TEST,
2333 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2334 CheckPassed( rval );
2335
2336 // Do another NV write using open session's policy.
2337 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2338 TPM20_INDEX_PASSWORD_TEST,
2339 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2340 CheckFailed( rval, TPM_RC_POLICY_FAIL + TPM_RC_S + TPM_RC_1 );
2341
2342 // Delete NV index
2343 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
2344 sessionsData.cmdAuths[0]->nonce.t.size = 0;
2345 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
2346 sessionData.hmac.t.size = 0;
2347
2348 // Now undefine the index.
2349 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM,
2350 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
2351 CheckPassed( rval );
2352
2353 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
2354 CheckPassed( rval );
2355
2356 return rval;
2357}
2358
2359UINT8 passwordPCRTestPassword[] = "password PCR";
2360UINT8 dataBlob[] = "some data";
2361TPM_HANDLE blobHandle;
2362TPM2B_AUTH blobAuth;
2363
2364TPM_RC BuildPasswordPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2365{
2366 TPM_RC rval = TPM_RC_SUCCESS;
2367
2368 rval = Tss2_Sys_PolicyPassword( sysContext, policySession->sessionHandle, 0, 0 );
2369 CheckPassed( rval );
2370
2371 return rval;
2372}
2373
2374TPM_RC BuildAuthValuePolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2375{
2376 TPM_RC rval = TPM_RC_SUCCESS;
2377
2378 rval = Tss2_Sys_PolicyAuthValue( sysContext, policySession->sessionHandle, 0, 0 );
2379 CheckPassed( rval );
2380
2381 return rval;
2382}
2383
2384
2385TPM_RC BuildPasswordPcrPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2386{
2387 TPM_RC rval = TPM_RC_SUCCESS;
2388 TPM2B_DIGEST pcrDigest;
2389 TPML_PCR_SELECTION pcrs;
2390 TPML_DIGEST pcrValues;
2391 UINT32 pcrUpdateCounter;
2392 TPML_PCR_SELECTION pcrSelectionOut;
2393
2394 pcrDigest.t.size = 0;
2395 rval = Tss2_Sys_PolicyPassword( sysContext, policySession->sessionHandle, 0, 0 );
2396 CheckPassed( rval );
2397
2398 pcrs.count = 1;
2399 pcrs.pcrSelections[0].hash = TPM_ALG_SHA1;
2400 pcrs.pcrSelections[0].sizeofSelect = 3;
2401 pcrs.pcrSelections[0].pcrSelect[0] = 0;
2402 pcrs.pcrSelections[0].pcrSelect[1] = 0;
2403 pcrs.pcrSelections[0].pcrSelect[2] = 0;
2404 SET_PCR_SELECT_BIT( pcrs.pcrSelections[0], PCR_0 );
2405 SET_PCR_SELECT_BIT( pcrs.pcrSelections[0], PCR_3 );
2406
2407 //
2408 // Compute pcrDigest
2409 //
2410 // Read PCRs
2411 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrs, &pcrUpdateCounter, &pcrSelectionOut, &pcrValues, 0 );
2412 CheckPassed( rval );
2413 // Hash them together
2414 rval = TpmHashSequence( policySession->authHash, pcrValues.count, &pcrValues.digests[0], &pcrDigest );
2415
2416 rval = Tss2_Sys_PolicyPCR( sysContext, policySession->sessionHandle, 0, &pcrDigest, &pcrs, 0 );
2417 CheckPassed( rval );
2418
2419 return rval;
2420}
2421
2422
2423TPM_RC CreateDataBlob( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
2424{
2425 TPM_RC rval = TPM_RC_SUCCESS;
2426 TPMS_AUTH_COMMAND cmdAuth;
2427 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2428 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2429 TPM2B_SENSITIVE_CREATE inSensitive;
2430 TPM2B_PUBLIC inPublic;
2431 TPM2B_DATA outsideInfo = { { 0, } };
2432 TPML_PCR_SELECTION creationPcr = { 0 };
2433 TPM2B_PUBLIC outPublic;
2434 TPM2B_CREATION_DATA creationData;
2435 TPM_HANDLE srkHandle;
2436 TPM2B_DIGEST creationHash;
2437 TPMT_TK_CREATION creationTicket;
2438 TPM2B_NAME srkName, blobName;
2439 TPM2B_DIGEST data;
2440 TPM2B_PRIVATE outPrivate;
2441
2442 cmdAuth.sessionHandle = TPM_RS_PW;
2443 cmdAuth.nonce.t.size = 0;
2444 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2445 cmdAuth.hmac.t.size = 0;
2446
2447 inSensitive.t.sensitive.userAuth.t.size = 0;
2448 inSensitive.t.sensitive.data.t.size = 0;
2449
2450 inPublic.t.publicArea.type = TPM_ALG_RSA;
2451 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
2452 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
2453 inPublic.t.publicArea.objectAttributes.restricted = 1;
2454 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
2455 inPublic.t.publicArea.objectAttributes.decrypt = 1;
2456 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
2457 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
2458 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
2459 inPublic.t.publicArea.authPolicy.t.size = 0;
2460 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
2461 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
2462 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CBC;
2463 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
2464 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
2465 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
2466 inPublic.t.publicArea.unique.rsa.t.size = 0;
2467
2468 outPublic.t.size = 0;
2469 creationData.t.size = 0;
2470 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &cmdAuthArray,
2471 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
2472 &srkHandle, &outPublic, &creationData, &creationHash,
2473 &creationTicket, &srkName, 0 );
2474 CheckPassed( rval );
2475
2476 cmdAuth.sessionHandle = TPM_RS_PW;
2477
2478 inSensitive.t.sensitive.userAuth.t.size = 0;
2479 blobAuth.t.size = sizeof( passwordPCRTestPassword );
2480 memcpy( &blobAuth.t.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
2481 CopySizedByteBuffer( &(inSensitive.t.sensitive.userAuth.b ), &blobAuth.b );
2482 data.t.size = sizeof( dataBlob );
2483 memcpy( &data.t.buffer, dataBlob, sizeof( dataBlob ) );
2484 CopySizedByteBuffer( &(inSensitive.t.sensitive.data.b ), &data.b );
2485
2486 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
2487 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA256;
2488 inPublic.t.publicArea.objectAttributes.restricted = 0;
2489 inPublic.t.publicArea.objectAttributes.decrypt = 0;
2490 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 0;
2491 CopySizedByteBuffer( &( inPublic.t.publicArea.authPolicy.b), &( policyDigest->b ) );
2492 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
2493 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
2494
2495 outPublic.t.size = 0;
2496 creationData.t.size = 0;
2497 rval = Tss2_Sys_Create( sysContext, srkHandle, &cmdAuthArray,
2498 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
2499 &outPrivate, &outPublic, &creationData, &creationHash,
2500 &creationTicket, 0 );
2501 CheckPassed( rval );
2502
2503 // Now we need to load the object.
2504 rval = Tss2_Sys_Load( sysContext, srkHandle, &cmdAuthArray, &outPrivate, &outPublic, &blobHandle, &blobName, 0 );
2505 CheckPassed( rval );
2506
2507 return rval;
2508}
2509
2510TPM_RC AuthValueUnseal( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2511{
2512 TPM_RC rval = TPM_RC_SUCCESS;
2513 TPM2B_SENSITIVE_DATA outData;
2514 TPMS_AUTH_COMMAND cmdAuth;
2515 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2516 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2517
2518 cmdAuth.sessionHandle = policySession->sessionHandle;
2519 cmdAuth.nonce.t.size = 0;
2520 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2521 cmdAuth.sessionAttributes.continueSession = 1;
2522 cmdAuth.hmac.t.size = 0;
2523
2524 // Now try to unseal the blob without setting the HMAC.
2525 // This test should fail.
2526 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2527 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
2528
2529 // Clear DA lockout.
2530 TestDictionaryAttackLockReset();
2531
2532 //
2533 // Now try to unseal the blob after setting the HMAC.
2534 // This test should pass.
2535 //
2536
2537 // First, call Prepare.
2538 rval = Tss2_Sys_Unseal_Prepare( sysContext, blobHandle );
2539 CheckPassed( rval );
2540
2541 rval = AddEntity( blobHandle, &blobAuth );
2542 CheckPassed( rval );
2543
2544 // Roll nonces for command.
2545 RollNonces( policySession, &cmdAuth.nonce );
2546
2547 // Now generate the HMAC.
2548 rval = ComputeCommandHmacs( sysContext,
2549 blobHandle,
2550 TPM_HT_NO_HANDLE, &cmdAuthArray, 1 );
2551 CheckPassed( rval );
2552
2553 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2554 CheckPassed( rval );
2555
2556 rval = DeleteEntity( blobHandle );
2557 CheckPassed( rval );
2558
2559 // Add test to make sure we unsealed correctly.
2560
2561 // Now we'll want to flush the data blob and remove it
2562 // from resource manager tables.
2563 rval = Tss2_Sys_FlushContext( sysContext, blobHandle );
2564 CheckPassed( rval );
2565
2566 return rval;
2567}
2568
2569TPM_RC PasswordUnseal( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2570{
2571 TPM_RC rval = TPM_RC_SUCCESS;
2572 TPM2B_SENSITIVE_DATA outData;
2573 TPMS_AUTH_COMMAND cmdAuth;
2574 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2575 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2576
2577 cmdAuth.sessionHandle = policySession->sessionHandle;
2578 cmdAuth.nonce.t.size = 0;
2579 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2580 cmdAuth.sessionAttributes.continueSession = 1;
2581 cmdAuth.hmac.t.size = 0;
2582
2583 // Now try to unseal the blob without setting the password.
2584 // This test should fail.
2585 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2586 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
2587
2588 // Clear DA lockout.
2589 TestDictionaryAttackLockReset();
2590
2591 // Now try to unseal the blob after setting the password.
2592 // This test should pass.
2593 cmdAuth.hmac.t.size = sizeof( passwordPCRTestPassword );
2594 memcpy( &cmdAuth.hmac.t.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
2595 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2596 CheckPassed( rval );
2597
2598 // Add test to make sure we unsealed correctly.
2599
2600 // Now we'll want to flush the data blob and remove it
2601 // from resource manager tables.
2602 rval = Tss2_Sys_FlushContext( sysContext, blobHandle );
2603 CheckPassed( rval );
2604
2605 return rval;
2606}
2607
2608POLICY_TEST_SETUP policyTestSetups[] =
2609{
2610 // NOTE: Since locality is a fairly simple command and we
2611 // can guarantee its correctness, we don't need a trial
2612 // session for this. buildPolicyFn pointer can be 0 in
2613 // this case.
2614 { "LOCALITY", 0, CreateNVIndex, TestLocality },
2615 { "PASSWORD", BuildPasswordPolicy, CreateDataBlob, PasswordUnseal },
2616 { "PASSWORD/PCR", BuildPasswordPcrPolicy, CreateDataBlob, PasswordUnseal },
2617 { "AUTHVALUE", BuildAuthValuePolicy, CreateDataBlob, AuthValueUnseal },
2618 // TBD...
2619};
2620
2621void TestPolicy()
2622{
2623 UINT32 rval;
2624 unsigned int i;
2625 SESSION *policySession = 0;
2626
2627 TpmClientPrintf( 0, "\nPOLICY TESTS:\n" );
2628
2629 for( i = 0; i < ( sizeof( policyTestSetups ) / sizeof( POLICY_TEST_SETUP ) ); i++ )
2630 {
2631 TPM2B_DIGEST policyDigest;
2632
2633 rval = TPM_RC_SUCCESS;
2634
2635 TpmClientPrintf( 0, "Policy Test: %s\n", policyTestSetups[i].name );
2636
2637 // Create trial policy session and run policy commands, in order to create policyDigest.
2638 if( policyTestSetups[i].buildPolicyFn != 0)
2639 {
2640 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, true );
2641 CheckPassed( rval );
2642 }
2643
2644 // Create entity that will use that policyDigest as authPolicy.
2645 if( policyTestSetups[i].createObjectFn != 0 )
2646 {
2647 rval = ( *policyTestSetups[i].createObjectFn )( sysContext, &policySession, &policyDigest);
2648 CheckPassed( rval );
2649 }
2650
2651 // Create real policy session and run policy commands; after this we're ready
2652 // to authorize actions on the entity.
2653 if( policyTestSetups[i].buildPolicyFn != 0)
2654 {
2655 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, false );
2656 CheckPassed( rval );
2657 }
2658
2659 if( policySession )
2660 {
2661 // Now do tests by authorizing actions on the entity.
2662 rval = ( *policyTestSetups[i].testPolicyFn)( sysContext, policySession );
2663 CheckPassed( rval );
2664
2665 // Need to flush the session here.
2666 rval = Tss2_Sys_FlushContext( sysContext, policySession->sessionHandle );
2667 CheckPassed( rval );
2668
2669 // And remove the session from test app session table.
2670 rval = EndAuthSession( policySession );
2671 }
2672 else
2673 {
2674 CheckFailed( rval, 0xffffffff );
2675 }
2676
2677 CheckPassed( rval );
2678 }
2679}
2680
2681#define MAX_TEST_SEQUENCES 10
2682void TestHash()
2683{
2684 UINT32 rval;
2685 TPM2B_AUTH auth;
2686 TPMI_DH_OBJECT sequenceHandle[MAX_TEST_SEQUENCES];
2687 TPMS_AUTH_COMMAND sessionData, sessionData1;
2688 TPMS_AUTH_RESPONSE sessionDataOut, sessionDataOut1;
2689 TSS2_SYS_CMD_AUTHS sessionsData;
2690 int i;
2691 TPM2B_MAX_BUFFER dataToHash;
2692
2693 UINT8 memoryToHash[] =
2694 {
2695 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2696 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2697 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2698 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2699 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2700 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2701 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2702 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2703 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2704 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2705 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2706 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2707 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2708 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2709 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2710 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2711 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2712 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2713 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2714 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2715 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2716 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2717 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2718 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2719 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2720 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2721 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2722 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2723 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2724 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2725 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2726 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2727 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2728 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2729 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2730 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2731 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2732 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2733 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2734 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2735 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2736 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2737 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2738 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2739 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2740 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2741 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2742 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2743 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2744 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2745 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2746 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2747 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2748 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2749 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2750 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2751 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2752 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2753 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2754 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2755 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2756 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2757 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2758 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2759 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2760 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2761 0xde, 0xad, 0xbe, 0xef
2762 };
2763
2764 // Known good hash of above memory.
2765 UINT8 goodHashValue[] =
2766 { 0xB3, 0xFD, 0x6A, 0xD2, 0x9F, 0xD0, 0x13, 0x52, 0xBA, 0xFC,
2767 0x8B, 0x22, 0xC9, 0x6D, 0x88, 0x42, 0xA3, 0x3C, 0xB0, 0xC9 };
2768
2769 // Hash to be calculated by TPM.
2770 TPM2B_DIGEST result;
2771 TPMT_TK_HASHCHECK validation;
2772 TSS2_SYS_RSP_AUTHS sessionsDataOut;
2773
2774 TPMS_AUTH_COMMAND *sessionDataArray[2];
2775 TPMS_AUTH_RESPONSE *sessionDataOutArray[2];
2776
2777 sessionDataArray[0] = &sessionData;
2778 sessionDataOutArray[0] = &sessionDataOut;
2779 sessionDataArray[1] = &sessionData1;
2780 sessionDataOutArray[1] = &sessionDataOut1;
2781
2782 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2783 sessionsData.cmdAuths = &sessionDataArray[0];
2784
2785 sessionsDataOut.rspAuthsCount = 1;
2786
2787 TpmClientPrintf( 0, "\nHASH TESTS:\n" );
2788
2789 auth.t.size = 2;
2790 auth.t.buffer[0] = 0;
2791 auth.t.buffer[1] = 0xff;
2792 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[0], 0 );
2793 CheckPassed( rval );
2794
2795 // Init authHandle
2796 sessionData.sessionHandle = TPM_RS_PW;
2797
2798 // Init nonce.
2799 sessionData.nonce.t.size = 0;
2800
2801 // init hmac
2802 sessionData.hmac = auth;
2803
2804 // Init session attributes
2805 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2806
2807 sessionsData.cmdAuthsCount = 1;
2808 sessionsData.cmdAuths[0] = &sessionData;
2809
2810 dataToHash.t.size = MAX_DIGEST_BUFFER;
2811 memcpy( &dataToHash.t.buffer[0], &memoryToHash[0], dataToHash.t.size );
2812
2813 rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash, &sessionsDataOut );
2814 CheckPassed( rval );
2815
2816 // Now try starting a bunch of sequences to see what happens.
2817 // This checks that the resource manager properly saves and restores the context
2818 // of the interrupted original sequence.
2819 for( i = 1; i < 5; i++ )
2820 {
2821 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[i], 0 );
2822 CheckPassed( rval );
2823 }
2824
2825 // Now end the created sequences.
2826 dataToHash.t.size = 0;
2827 for( i = 1; i < 5; i++ )
2828 {
2829 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[i], &sessionsData, &dataToHash,
2830 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2831 CheckPassed( rval );
2832 }
2833
2834 // Now try to finish the interrupted sequence.
2835 rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash, &sessionsDataOut );
2836 CheckPassed( rval );
2837
2838 dataToHash.t.size = sizeof( memoryToHash ) - MAX_DIGEST_BUFFER;
2839 memcpy( &dataToHash.t.buffer[0], &memoryToHash[MAX_DIGEST_BUFFER], dataToHash.t.size );
2840 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash,
2841 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2842 CheckPassed( rval );
2843
2844 // Test the resulting hash.
2845 if( memcmp( (void *)&( result.t.buffer[0] ), (void *)&( goodHashValue[0] ), result.t.size ) )
2846 {
2847 TpmClientPrintf( 0, "ERROR!! resulting hash is incorrect.\n" );
2848 Cleanup();
2849 }
2850
2851 // Now try starting a bunch of sequences to see what happens.
2852 // This stresses the resource manager.
2853 for( i = 0; i < MAX_TEST_SEQUENCES; i++ )
2854 {
2855 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[i], 0 );
2856 CheckPassed( rval );
2857 }
2858
2859 // Now end them all
2860 dataToHash.t.size = 0;
2861 for( i = (MAX_TEST_SEQUENCES - 1); i >= 0; i-- )
2862// for( i = 0; i < MAX_TEST_SEQUENCES; i++ )
2863 {
2864 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[i], &sessionsData, &dataToHash,
2865 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2866 CheckPassed( rval );
2867 }
2868}
2869
2870void TestQuote()
2871{
2872 UINT32 rval;
2873 TPM2B_DATA qualifyingData;
2874 UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
2875 TPMT_SIG_SCHEME inScheme;
2876 TPML_PCR_SELECTION pcrSelection;
2877 TPMS_AUTH_COMMAND sessionData;
2878 TPMS_AUTH_RESPONSE sessionDataOut;
2879 TSS2_SYS_CMD_AUTHS sessionsData;
2880 TSS2_SYS_RSP_AUTHS sessionsDataOut;
2881 TPM2B_ATTEST quoted;
2882 TPMT_SIGNATURE signature;
2883
2884 TPMS_AUTH_COMMAND *sessionDataArray[1];
2885 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2886
2887 sessionDataArray[0] = &sessionData;
2888 sessionDataOutArray[0] = &sessionDataOut;
2889
2890 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2891 sessionsData.cmdAuths = &sessionDataArray[0];
2892
2893 sessionsDataOut.rspAuthsCount = 1;
2894
2895 TpmClientPrintf( 0, "\nQUOTE CONTROL TESTS:\n" );
2896
2897 // Init authHandle
2898 sessionData.sessionHandle = TPM_RS_PW;
2899
2900 // Init nonce.
2901 sessionData.nonce.t.size = 0;
2902
2903 // init hmac
2904 sessionData.hmac.t.size = 2;
2905 sessionData.hmac.t.buffer[0] = 0x00;
2906 sessionData.hmac.t.buffer[1] = 0xff;
2907
2908 // Init session attributes
2909 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2910
2911 qualifyingData.t.size = sizeof( qualDataString );
2912 memcpy( &( qualifyingData.t.buffer[0] ), qualDataString, sizeof( qualDataString ) );
2913
2914 inScheme.scheme = TPM_ALG_NULL;
2915
2916 pcrSelection.count = 1;
2917 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA1;
2918 pcrSelection.pcrSelections[0].sizeofSelect = 3;
2919
2920 // Clear out PCR select bit field
2921 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
2922 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
2923 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
2924
2925 // Now set the PCR you want
2926 pcrSelection.pcrSelections[0].pcrSelect[( PCR_17/8 )] = ( 1 << ( PCR_18 % 8) );
2927
2928 sessionsData.cmdAuthsCount = 1;
2929 sessionsData.cmdAuths[0] = &sessionData;
2930
2931 // Test with wrong type of key.
2932 rval = Tss2_Sys_Quote ( sysContext, loadedSha1KeyHandle, &sessionsData, &qualifyingData, &inScheme,
2933 &pcrSelection, &quoted, &signature, &sessionsDataOut );
2934 CheckPassed( rval );
2935
2936 // Create signing key
2937
2938
2939 // Now test quote operation
2940// Tpm20Quote ( ??TPMI_DH_OBJECT signHandle, TPM2B_DATA *qualifyingData,
2941// TPMT_SIG_SCHEME *inScheme, TPML_PCR_SELECTION *pcrSelect,
2942// TPMS_AUTH_COMMAND *sessionsData)
2943
2944}
2945
2946void ProvisionOtherIndices()
2947{
2948 UINT32 rval;
2949 TPMI_SH_AUTH_SESSION otherIndicesPolicyAuthHandle;
2950 TPM2B_DIGEST nvPolicyHash;
2951 TPM2B_AUTH nvAuth;
2952 TPMS_AUTH_COMMAND otherIndicesSessionData;
2953 TPMS_AUTH_RESPONSE otherIndicesSessionDataOut;
2954 TSS2_SYS_CMD_AUTHS otherIndicesSessionsData;
2955 TSS2_SYS_RSP_AUTHS otherIndicesSessionsDataOut;
2956 TPM2B_NV_PUBLIC publicInfo;
2957
2958 TPMS_AUTH_COMMAND *sessionDataArray[1];
2959 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2960
2961 sessionDataArray[0] = &otherIndicesSessionData;
2962 sessionDataOutArray[0] = &otherIndicesSessionDataOut;
2963
2964 otherIndicesSessionsDataOut.rspAuths = &sessionDataOutArray[0];
2965 otherIndicesSessionsData.cmdAuths = &sessionDataArray[0];
2966
2967 otherIndicesSessionsDataOut.rspAuthsCount = 1;
2968
2969 TpmClientPrintf( 0, "\nPROVISION OTHER NV INDICES:\n" );
2970
2971 //
2972 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
2973 // Do this by setting up two policies and ORing them together when creating AuxIndex:
2974 // 1. PolicyLocality(3) && PolicyCommand(NVWrite)
2975 // 2. EmptyAuth policy && PolicyCommand(NVRead)
2976 // Page 126 of Part 1 describes how to do this.
2977 //
2978
2979 // Steps:
2980 rval = StartPolicySession( &otherIndicesPolicyAuthHandle );
2981 CheckPassed( rval );
2982
2983 // 3. GetPolicyDigest and save it
2984 rval = Tss2_Sys_PolicyGetDigest( sysContext, otherIndicesPolicyAuthHandle, 0, &nvPolicyHash, 0 );
2985 CheckPassed( rval );
2986
2987 // Now save the policy digest from the first OR branch.
2988 DEBUG_PRINT_BUFFER( &( nvPolicyHash.t.buffer[0] ), nvPolicyHash.t.size );
2989
2990 // 4. CreateNvIndex
2991 otherIndicesSessionData.sessionHandle = TPM_RS_PW;
2992
2993 // Init nonce.
2994 otherIndicesSessionData.nonce.t.size = 0;
2995
2996 // init hmac
2997 otherIndicesSessionData.hmac.t.size = 0;
2998
2999 // init nvAuth
3000 nvAuth.t.size = 0;
3001
3002 // Init session attributes
3003 *( (UINT8 *)((void *)&otherIndicesSessionData.sessionAttributes ) ) = 0;
3004
3005 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
3006 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
3007 sizeof( UINT16 );
3008 publicInfo.t.nvPublic.nvIndex = INDEX_LCP_SUP;
3009 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
3010
3011 // First zero out attributes.
3012 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
3013
3014 // Now set the attributes.
3015 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
3016 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHWRITE = 1;
3017 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
3018 // Following commented out for convenience during development.
3019 // publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
3020 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITEDEFINE = 1;
3021 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
3022
3023 publicInfo.t.nvPublic.authPolicy.t.size = 0;
3024 publicInfo.t.nvPublic.dataSize = NV_PS_INDEX_SIZE;
3025
3026 otherIndicesSessionsData.cmdAuthsCount = 1;
3027 otherIndicesSessionsData.cmdAuths[0] = &otherIndicesSessionData;
3028
3029 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &otherIndicesSessionsData,
3030 &nvAuth, &publicInfo, &otherIndicesSessionsDataOut );
3031 CheckPassed( rval );
3032
3033 publicInfo.t.nvPublic.nvIndex = INDEX_LCP_OWN;
3034 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &otherIndicesSessionsData,
3035 &nvAuth, &publicInfo, &otherIndicesSessionsDataOut );
3036 CheckPassed( rval );
3037
3038 // Now teardown session
3039 rval = Tss2_Sys_FlushContext( sysContext, otherIndicesPolicyAuthHandle );
3040 CheckPassed( rval );
3041}
3042
3043
3044TSS2_RC InitNvAuxPolicySession( TPMI_SH_AUTH_SESSION *nvAuxPolicySessionHandle )
3045{
3046 TPMA_LOCALITY locality;
3047 TPM_RC rval;
3048
3049 rval = StartPolicySession( nvAuxPolicySessionHandle );
3050 CheckPassed( rval );
3051
3052 // 2. PolicyLocality(3)
3053 *(UINT8 *)((void *)&locality) = 0;
3054 locality.TPM_LOC_THREE = 1;
3055 locality.TPM_LOC_FOUR = 1;
3056 rval = Tss2_Sys_PolicyLocality( sysContext, *nvAuxPolicySessionHandle, 0, locality, 0 );
3057
3058 return( rval );
3059}
3060
3061void ProvisionNvAux()
3062{
3063 UINT32 rval;
3064 TPMI_SH_AUTH_SESSION nvAuxPolicyAuthHandle;
3065 TPM2B_DIGEST nvPolicyHash;
3066 TPM2B_AUTH nvAuth;
3067 TPMS_AUTH_COMMAND nvAuxSessionData;
3068 TPMS_AUTH_RESPONSE nvAuxSessionDataOut;
3069 TSS2_SYS_CMD_AUTHS nvAuxSessionsData;
3070 TSS2_SYS_RSP_AUTHS nvAuxSessionsDataOut;
3071 TPM2B_NV_PUBLIC publicInfo;
3072
3073 TPMS_AUTH_COMMAND *sessionDataArray[1];
3074 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3075
3076 sessionDataArray[0] = &nvAuxSessionData;
3077 sessionDataOutArray[0] = &nvAuxSessionDataOut;
3078
3079 nvAuxSessionsDataOut.rspAuths = &sessionDataOutArray[0];
3080 nvAuxSessionsData.cmdAuths = &sessionDataArray[0];
3081
3082 nvAuxSessionsDataOut.rspAuthsCount = 1;
3083
3084 TpmClientPrintf( 0, "\nPROVISION NV AUX:\n" );
3085
3086 //
3087 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
3088 // Do this by setting up two policies and ORing them together when creating AuxIndex:
3089 // 1. PolicyLocality(3) && PolicyCommand(NVWrite)
3090 // 2. EmptyAuth policy && PolicyCommand(NVRead)
3091 // Page 126 of Part 1 describes how to do this.
3092 //
3093
3094 // Steps:
3095 rval = InitNvAuxPolicySession( &nvAuxPolicyAuthHandle );
3096 CheckPassed( rval );
3097
3098 // 3. GetPolicyDigest and save it
3099 rval = Tss2_Sys_PolicyGetDigest( sysContext, nvAuxPolicyAuthHandle, 0, &nvPolicyHash, 0 );
3100 CheckPassed( rval );
3101
3102 // Now save the policy digest.
3103 DEBUG_PRINT_BUFFER( &( nvPolicyHash.t.buffer[0] ), nvPolicyHash.t.size );
3104
3105 // 4. CreateNvIndex
3106 nvAuxSessionData.sessionHandle = TPM_RS_PW;
3107
3108 // Init nonce.
3109 nvAuxSessionData.nonce.t.size = 0;
3110
3111 // init hmac
3112 nvAuxSessionData.hmac.t.size = 0;
3113
3114 // init nvAuth
3115 nvAuth.t.size = 0;
3116
3117 // Init session attributes
3118 *( (UINT8 *)((void *)&nvAuxSessionData.sessionAttributes ) ) = 0;
3119
3120 nvAuxSessionsData.cmdAuthsCount = 1;
3121 nvAuxSessionsData.cmdAuths[0] = &nvAuxSessionData;
3122
3123 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
3124 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
3125 sizeof( UINT16 );
3126 publicInfo.t.nvPublic.nvIndex = INDEX_AUX;
3127 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
3128
3129 // First zero out attributes.
3130 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
3131
3132 // Now set the attributes.
3133 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
3134 publicInfo.t.nvPublic.attributes.TPMA_NV_POLICYWRITE = 1;
3135 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
3136 // Following commented out for convenience during development.
3137 // publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
3138
3139 publicInfo.t.nvPublic.authPolicy.t.size = GetDigestSize( TPM_ALG_SHA1 );
3140 memcpy( (UINT8 *)&( publicInfo.t.nvPublic.authPolicy.t.buffer ), (UINT8 *)&(nvPolicyHash.t.buffer[0]),
3141 nvPolicyHash.t.size );
3142
3143 publicInfo.t.nvPublic.dataSize = NV_AUX_INDEX_SIZE;
3144
3145 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &nvAuxSessionsData,
3146 &nvAuth, &publicInfo, &nvAuxSessionsDataOut );
3147 CheckPassed( rval );
3148
3149 // Now teardown session
3150 rval = Tss2_Sys_FlushContext( sysContext, nvAuxPolicyAuthHandle );
3151 CheckPassed( rval );
3152}
3153
3154void TpmAuxWrite( int locality)
3155{
3156 TSS2_RC rval;
3157 int i;
3158 TPMI_SH_AUTH_SESSION nvAuxPolicyAuthHandle;
3159 TPM2B_MAX_NV_BUFFER nvWriteData;
3160
3161 rval = InitNvAuxPolicySession( &nvAuxPolicyAuthHandle );
3162 CheckPassed( rval );
3163
3164 // Now we're going to test it.
3165 nvWriteData.t.size = 4;
3166 for( i = 0; i < nvWriteData.t.size; i++ )
3167 nvWriteData.t.buffer[i] = 0xff - i;
3168
3169 nullSessionData.sessionHandle = nvAuxPolicyAuthHandle;
3170
3171 // Make sure that session terminates after NVWrite completes.
3172 nullSessionData.sessionAttributes.continueSession = 0;
3173
3174 rval = SetLocality( sysContext, locality );
3175 CheckPassed( rval );
3176
3177 nullSessionsData.cmdAuthsCount = 1;
3178 nullSessionsData.cmdAuths[0] = &nullSessionData;
3179
3180 rval = Tss2_Sys_NV_Write( sysContext, INDEX_AUX, INDEX_AUX, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
3181
3182 {
3183 TSS2_RC setLocalityRval;
3184 setLocalityRval = SetLocality( sysContext, 3 );
3185 CheckPassed( setLocalityRval );
3186 }
3187
3188 if( locality == 3 || locality == 4 )
3189 {
3190 CheckPassed( rval );
3191
3192 // No teardown of session needed, since the authorization was
3193 // successful.
3194 }
3195 else
3196 {
3197 CheckFailed( rval, TPM_RC_LOCALITY );
3198
3199 // Now teardown session
3200 rval = Tss2_Sys_FlushContext( sysContext, nvAuxPolicyAuthHandle );
3201 CheckPassed( rval );
3202 }
3203}
3204
3205void TpmAuxReadWriteTest()
3206{
3207 UINT32 rval;
3208 int testLocality;
3209 TPM2B_MAX_NV_BUFFER nvData;
3210
3211 TpmClientPrintf( 0, "TPM AUX READ/WRITE TEST\n" );
3212
3213 nullSessionData.sessionAttributes.continueSession = 0;
3214
3215 // Try writing it from all localities. Only locality 3 should work.
3216 for( testLocality = 0; testLocality < 5; testLocality++ )
3217 {
3218 TpmAuxWrite( testLocality );
3219 }
3220
3221 nullSessionData.sessionHandle = TPM_RS_PW;
3222
3223 nullSessionsData.cmdAuths[0] = &nullSessionData;
3224
3225 // Try reading it from all localities. They all should work.
3226 for( testLocality = 0; testLocality < 5; testLocality++ )
3227 {
3228 rval = SetLocality( sysContext, testLocality );
3229 CheckPassed( rval );
3230
3231 rval = Tss2_Sys_NV_Read( sysContext, INDEX_AUX, INDEX_AUX, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3232 CheckPassed( rval );
3233
3234 rval = SetLocality( sysContext, 3 );
3235 CheckPassed( rval );
3236 }
3237}
3238
3239void TpmOtherIndicesReadWriteTest()
3240{
3241 UINT32 rval;
3242 TPM2B_MAX_NV_BUFFER nvWriteData;
3243 int i;
3244 TPM2B_MAX_NV_BUFFER nvData;
3245
3246 nullSessionData.sessionHandle = TPM_RS_PW;
3247
3248 TpmClientPrintf( 0, "TPM OTHER READ/WRITE TEST\n" );
3249
3250 nvWriteData.t.size = 4;
3251 for( i = 0; i < nvWriteData.t.size; i++ )
3252 nvWriteData.t.buffer[i] = 0xff - i;
3253
3254 nullSessionsData.cmdAuthsCount = 1;
3255 nullSessionsData.cmdAuths[0] = &nullSessionData;
3256
3257 rval = Tss2_Sys_NV_Write( sysContext, INDEX_LCP_SUP, INDEX_LCP_SUP, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
3258 CheckPassed( rval );
3259
3260 rval = Tss2_Sys_NV_Write( sysContext, INDEX_LCP_OWN, INDEX_LCP_OWN, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
3261 CheckPassed( rval );
3262
3263 rval = Tss2_Sys_NV_Read( sysContext, INDEX_LCP_SUP, INDEX_LCP_SUP, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3264 CheckPassed( rval );
3265
3266 rval = Tss2_Sys_NV_Read( sysContext, INDEX_LCP_OWN, INDEX_LCP_OWN, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3267 CheckPassed( rval );
3268}
3269
3270void NvIndexProto()
3271{
3272 UINT32 rval;
3273
3274 TpmClientPrintf( 0, "\nNV INDEX PROTOTYPE TESTS:\n" );
3275
3276
3277 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
3278 // PS index: Write and read are unrestricted until TPM2_WriteLock. After that content is write protected
3279 // PO index: Write is restricted by ownerAuth; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
3280
3281 // Now we need to configure NV indices
3282 ProvisionNvAux();
3283
3284 ProvisionOtherIndices();
3285
3286 TpmAuxReadWriteTest();
3287
3288 TpmOtherIndicesReadWriteTest();
3289
3290 // Now undefine the aux index, so that subsequent test passes will work.
3291 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_AUX, &nullSessionsData, &nullSessionsDataOut );
3292 CheckPassed( rval );
3293
3294 // Now undefine the other indices, so that subsequent test passes will work.
3295 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_LCP_SUP, &nullSessionsData, &nullSessionsDataOut );
3296 CheckPassed( rval );
3297
3298 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_LCP_OWN, &nullSessionsData, &nullSessionsDataOut );
3299 CheckPassed( rval );
3300}
3301
3302void TestPcrAllocate()
3303{
3304 UINT32 rval;
3305 TPML_PCR_SELECTION pcrSelection;
3306 TPMS_AUTH_COMMAND sessionData;
3307 TPMS_AUTH_RESPONSE sessionDataOut;
3308 TSS2_SYS_CMD_AUTHS sessionsData;
3309 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3310 TPMI_YES_NO allocationSuccess;
3311 UINT32 maxPcr;
3312 UINT32 sizeNeeded;
3313 UINT32 sizeAvailable;
3314
3315 TPMS_AUTH_COMMAND *sessionDataArray[1];
3316 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3317
3318 sessionDataArray[0] = &sessionData;
3319 sessionDataOutArray[0] = &sessionDataOut;
3320
3321 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3322 sessionsData.cmdAuths = &sessionDataArray[0];
3323
3324 sessionsDataOut.rspAuthsCount = 1;
3325
3326 TpmClientPrintf( 0, "\nPCR ALLOCATE TEST :\n" );
3327
3328 // Init authHandle
3329 sessionData.sessionHandle = TPM_RS_PW;
3330
3331 // Init nonce.
3332 sessionData.nonce.t.size = 0;
3333
3334 // init hmac
3335 sessionData.hmac.t.size = 0;
3336
3337 // Init session attributes
3338 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3339
3340 pcrSelection.count = 0;
3341
3342 sessionsData.cmdAuthsCount = 1;
3343 sessionsData.cmdAuths[0] = &sessionData;
3344
3345 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM_RH_PLATFORM, &sessionsData, &pcrSelection,
3346 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
3347 CheckPassed( rval );
3348
3349 pcrSelection.count = 3;
3350 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA256;
3351 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[0] );
3352 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[0], 3 );
3353 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_5 );
3354 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_7 );
3355 pcrSelection.pcrSelections[1].hash = TPM_ALG_SHA384;
3356 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[1] );
3357 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[1], 3 );
3358 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_5 );
3359 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_8 );
3360 pcrSelection.pcrSelections[2].hash = TPM_ALG_SHA256;
3361 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[2] );
3362 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[2], 3 );
3363 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[2], PCR_6 );
3364
3365 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM_RH_PLATFORM, &sessionsData, &pcrSelection,
3366 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
3367 CheckPassed( rval );
3368}
3369
3370void TestUnseal()
3371{
3372 UINT32 rval;
3373 TPMS_AUTH_COMMAND sessionData;
3374 TPMS_AUTH_RESPONSE sessionDataOut;
3375 TSS2_SYS_CMD_AUTHS sessionsData;
3376 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3377 TPM2B_SENSITIVE_CREATE inSensitive;
3378 TPML_PCR_SELECTION creationPCR;
3379 TPM2B_DATA outsideInfo;
3380 TPM2B_PUBLIC inPublic;
3381 TPM_HANDLE loadedObjectHandle;
3382
3383 TPMS_AUTH_COMMAND *sessionDataArray[1];
3384 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3385
3386 sessionDataArray[0] = &sessionData;
3387 sessionDataOutArray[0] = &sessionDataOut;
3388
3389 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3390 sessionsData.cmdAuths = &sessionDataArray[0];
3391
3392 sessionsDataOut.rspAuthsCount = 1;
3393
3394 TPM2B_PRIVATE outPrivate;
3395 TPM2B_PUBLIC outPublic;
3396 TPM2B_CREATION_DATA creationData;
3397 TPM2B_DIGEST creationHash;
3398 TPMT_TK_CREATION creationTicket;
3399 TPM2B_NAME name;
3400 TPM2B_SENSITIVE_DATA outData;
3401
3402
3403 const char authStr[] = "test";
3404 const char sensitiveData[] = "this is sensitive";
3405
3406 TpmClientPrintf( 0, "\nUNSEAL TEST :\n" );
3407
3408 sessionData.sessionHandle = TPM_RS_PW;
3409
3410 // Init nonce.
3411 sessionData.nonce.t.size = 0;
3412
3413 sessionData.hmac.t.size = 2;
3414 sessionData.hmac.t.buffer[0] = 0x00;
3415 sessionData.hmac.t.buffer[1] = 0xff;
3416
3417 // Init session attributes
3418 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3419
3420 inSensitive.t.sensitive.userAuth.t.size = sizeof( authStr ) - 1;
3421 memcpy( &( inSensitive.t.sensitive.userAuth.t.buffer[0] ), authStr, sizeof( authStr ) - 1 );
3422 inSensitive.t.sensitive.data.t.size = sizeof( sensitiveData ) - 1;
3423 memcpy( &( inSensitive.t.sensitive.data.t.buffer[0] ), sensitiveData, sizeof( sensitiveData ) - 1 );
3424
3425 inPublic.t.publicArea.authPolicy.t.size = 0;
3426
3427 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
3428
3429 outsideInfo.t.size = 0;
3430 creationPCR.count = 0;
3431
3432 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
3433 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
3434
3435 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
3436 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
3437
3438 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
3439
3440 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
3441
3442 outsideInfo.t.size = 0;
3443
3444 sessionsData.cmdAuthsCount = 1;
3445 sessionsData.cmdAuths[0] = &sessionData;
3446
3447 outPublic.t.size = 0;
3448 creationData.t.size = 0;
3449 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
3450 &outsideInfo, &creationPCR,
3451 &outPrivate, &outPublic, &creationData,
3452 &creationHash, &creationTicket, &sessionsDataOut );
3453 CheckPassed( rval );
3454
3455 rval = Tss2_Sys_LoadExternal ( sysContext, 0, 0, &outPublic,
3456 TPM_RH_PLATFORM, &loadedObjectHandle, &name, 0 );
3457 CheckPassed( rval );
3458
3459 rval = Tss2_Sys_FlushContext( sysContext, loadedObjectHandle );
3460 CheckPassed( rval );
3461
3462 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, &sessionsData, &outPrivate, &outPublic,
3463 &loadedObjectHandle, &name, &sessionsDataOut);
3464 CheckPassed( rval );
3465
3466 sessionData.hmac.t.size = sizeof( authStr ) - 1;
3467 memcpy( &( sessionData.hmac.t.buffer[0] ), authStr, sizeof( authStr ) - 1 );
3468
3469 rval = Tss2_Sys_Unseal( sysContext, loadedObjectHandle, &sessionsData, &outData, &sessionsDataOut );
3470
3471 rval = Tss2_Sys_FlushContext( sysContext, loadedObjectHandle );
3472 CheckPassed( rval );
3473
3474 CheckPassed( rval );
3475}
3476
3477
3478void CreatePasswordTestNV( TPMI_RH_NV_INDEX nvIndex, char * password )
3479{
3480 UINT32 rval;
3481 int i;
3482 TPMS_AUTH_COMMAND sessionData;
3483 TPMS_AUTH_RESPONSE sessionDataOut;
3484 TSS2_SYS_CMD_AUTHS sessionsData;
3485 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3486 TPM2B_NV_PUBLIC publicInfo;
3487 TPM2B_AUTH nvAuth;
3488
3489 TPMS_AUTH_COMMAND *sessionDataArray[1];
3490 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3491
3492 sessionDataArray[0] = &sessionData;
3493 sessionDataOutArray[0] = &sessionDataOut;
3494
3495 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3496 sessionsData.cmdAuths = &sessionDataArray[0];
3497
3498 sessionData.sessionHandle = TPM_RS_PW;
3499
3500 // Init nonce.
3501 sessionData.nonce.t.size = 0;
3502
3503 // init hmac
3504 sessionData.hmac.t.size = 0;
3505
3506 // Init session attributes
3507 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3508
3509 sessionsDataOut.rspAuthsCount = 1;
3510
3511 sessionsData.cmdAuthsCount = 1;
3512 sessionsData.cmdAuths[0] = &sessionData;
3513
3514 nvAuth.t.size = strlen( password );
3515 for( i = 0; i < nvAuth.t.size; i++ )
3516 nvAuth.t.buffer[i] = password[i];
3517
3518 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
3519 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
3520 sizeof( UINT16 );
3521 publicInfo.t.nvPublic.nvIndex = nvIndex;
3522 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
3523
3524 // First zero out attributes.
3525 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
3526
3527 // Now set the attributes.
3528 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
3529 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHWRITE = 1;
3530 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
3531 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
3532 publicInfo.t.nvPublic.authPolicy.t.size = 0;
3533 publicInfo.t.nvPublic.dataSize = 32;
3534
3535 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM,
3536 &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
3537 CheckPassed( rval );
3538}
3539
3540// Password used to authorize access to the NV index.
3541char password[] = "test password";
3542
3543void PasswordTest()
3544{
3545 UINT32 rval;
3546 int i;
3547
3548 // Authorization structure for command.
3549 TPMS_AUTH_COMMAND sessionData;
3550
3551 // Authorization structure for response.
3552 TPMS_AUTH_RESPONSE sessionDataOut;
3553
3554 // Create and init authorization area for command:
3555 // only 1 authorization area.
3556 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
3557
3558 // Create authorization area for response:
3559 // only 1 authorization area.
3560 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
3561
3562 // Authorization array for command (only has one auth structure).
3563 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
3564
3565 // Authorization array for response (only has one auth structure).
3566 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
3567 TPM2B_MAX_NV_BUFFER nvWriteData;
3568
3569 TpmClientPrintf( 0, "\nPASSWORD TESTS:\n" );
3570
3571 // Create an NV index that will use password
3572 // authorizations the password will be
3573 // "test password".
3574 CreatePasswordTestNV( TPM20_INDEX_PASSWORD_TEST, password );
3575
3576 //
3577 // Initialize the command authorization area.
3578 //
3579
3580 // Init sessionHandle, nonce, session
3581 // attributes, and hmac (password).
3582 sessionData.sessionHandle = TPM_RS_PW;
3583 // Set zero sized nonce.
3584 sessionData.nonce.t.size = 0;
3585 // sessionAttributes is a bit field. To initialize
3586 // it to 0, cast to a pointer to UINT8 and
3587 // write 0 to that pointer.
3588 *( (UINT8 *)&sessionData.sessionAttributes ) = 0;
3589
3590 // Init password (HMAC field in authorization structure).
3591 sessionData.hmac.t.size = strlen( password );
3592 memcpy( &( sessionData.hmac.t.buffer[0] ),
3593 &( password[0] ), sessionData.hmac.t.size );
3594
3595 // Initialize write data.
3596 nvWriteData.t.size = 4;
3597 for( i = 0; i < nvWriteData.t.size; i++ )
3598 nvWriteData.t.buffer[i] = 0xff - i;
3599
3600 // Attempt write with the correct password.
3601 // It should pass.
3602 rval = Tss2_Sys_NV_Write( sysContext,
3603 TPM20_INDEX_PASSWORD_TEST,
3604 TPM20_INDEX_PASSWORD_TEST,
3605 &sessionsData, &nvWriteData, 0,
3606 &sessionsDataOut );
3607 // Check that the function passed as
3608 // expected. Otherwise, exit.
3609 CheckPassed( rval );
3610
3611 // Alter the password so it's incorrect.
3612 sessionData.hmac.t.buffer[4] = 0xff;
3613 rval = Tss2_Sys_NV_Write( sysContext,
3614 TPM20_INDEX_PASSWORD_TEST,
3615 TPM20_INDEX_PASSWORD_TEST,
3616 &sessionsData, &nvWriteData, 0,
3617 &sessionsDataOut );
3618 // Check that the function failed as expected,
3619 // since password was incorrect. If wrong
3620 // response code received, exit.
3621 CheckFailed( rval,
3622 TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
3623
3624 // Change hmac to null one, since null auth is
3625 // used to undefine the index.
3626 sessionData.hmac.t.size = 0;
3627
3628 // Now undefine the index.
3629 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM,
3630 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
3631 CheckPassed( rval );
3632}
3633
3634
3635void SimplePolicyTest()
3636{
3637 UINT32 rval, sessionCmdRval;
3638 TPM2B_AUTH nvAuth;
3639 SESSION *nvSession, *trialPolicySession;
3640 TPMA_NV nvAttributes;
3641 TPM2B_DIGEST authPolicy;
3642 TPM2B_NAME nvName;
3643 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
3644 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
3645 int i;
3646 TPM2B_ENCRYPTED_SECRET encryptedSalt;
3647 TPMT_SYM_DEF symmetric;
3648 TPMA_SESSION sessionAttributes;
3649
3650 // Command authorization area: one password session.
3651 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
3652 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
3653 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
3654
3655 // Response authorization area.
3656 TPMS_AUTH_RESPONSE nvRspAuth;
3657 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
3658 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
3659 TPM_ALG_ID sessionAlg = TPM_ALG_SHA256;
3660 TPM2B_NONCE nonceCaller;
3661
3662 nonceCaller.t.size = 0;
3663
3664 TpmClientPrintf( 0, "\nSIMPLE POLICY TEST:\n" );
3665
3666 //
3667 // Create NV index.
3668 //
3669
3670 // Setup the NV index's authorization value.
3671 nvAuth.t.size = 0;
3672
3673 // Zero sized encrypted salt, since the session
3674 // is unsalted.
3675 encryptedSalt.t.size = 0;
3676
3677 // No symmetric algorithm.
3678 symmetric.algorithm = TPM_ALG_NULL;
3679
3680 //
3681 // Create the NV index's authorization policy
3682 // using a trial policy session.
3683 //
3684 rval = StartAuthSessionWithParams( &trialPolicySession, TPM_RH_NULL,
3685 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_TRIAL,
3686 &symmetric, sessionAlg );
3687 CheckPassed( rval );
3688
3689 rval = Tss2_Sys_PolicyAuthValue( sysContext, trialPolicySession->sessionHandle, 0, 0 );
3690 CheckPassed( rval );
3691
3692 // Get policy digest.
3693 rval = Tss2_Sys_PolicyGetDigest( sysContext, trialPolicySession->sessionHandle,
3694 0, &authPolicy, 0 );
3695 CheckPassed( rval );
3696
3697 // End the trial session by flushing it.
3698 rval = Tss2_Sys_FlushContext( sysContext, trialPolicySession->sessionHandle );
3699 CheckPassed( rval );
3700
3701 // And remove the trial policy session from sessions table.
3702 rval = EndAuthSession( trialPolicySession );
3703 CheckPassed( rval );
3704
3705 // Now set the NV index's attributes:
3706 // policyRead, authWrite, and platormCreate.
3707 *(UINT32 *)( (void *)&nvAttributes ) = 0;
3708 nvAttributes.TPMA_NV_POLICYREAD = 1;
3709 nvAttributes.TPMA_NV_POLICYWRITE = 1;
3710 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
3711
3712 // Create the NV index.
3713 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
3714 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
3715 sessionAlg, nvAttributes, 32 );
3716 CheckPassed( rval );
3717
3718 // Add index and associated authorization value to
3719 // entity table. This helps when we need
3720 // to calculate HMACs.
3721 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
3722 CheckPassed( rval );
3723
3724 // Get the name of the NV index.
3725 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST,
3726 &nvName );
3727 CheckPassed( rval );
3728
3729 //
3730 // Start real (non-trial) policy authorization session:
3731 // it's an unbound and unsalted session, no symmetric
3732 // encryption algorithm, and SHA256 is the session's
3733 // hash algorithm.
3734 //
3735
3736 // Zero sized encrypted salt, since the session
3737 // is unsalted.
3738 encryptedSalt.t.size = 0;
3739
3740 // No symmetric algorithm.
3741 symmetric.algorithm = TPM_ALG_NULL;
3742
3743 // Create the session.
3744 // Session state (session handle, nonces, etc.) gets
3745 // saved into nvSession structure for later use.
3746 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
3747 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY,
3748 &symmetric, sessionAlg );
3749 CheckPassed( rval );
3750
3751 // Get the name of the session and save it in
3752 // the nvSession structure.
3753 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
3754 &nvSession->name );
3755 CheckPassed( rval );
3756
3757 // Initialize NV write data.
3758 nvWriteData.t.size = sizeof( dataToWrite );
3759 for( i = 0; i < nvWriteData.t.size; i++ )
3760 {
3761 nvWriteData.t.buffer[i] = dataToWrite[i];
3762 }
3763
3764 //
3765 // Now setup for writing the NV index.
3766 //
3767
3768 rval = Tss2_Sys_PolicyAuthValue( sysContext, nvSession->sessionHandle, 0, 0 );
3769 CheckPassed( rval );
3770
3771 // Get policy digest.
3772 rval = Tss2_Sys_PolicyGetDigest( sysContext, trialPolicySession->sessionHandle,
3773 0, &authPolicy, 0 );
3774 CheckPassed( rval );
3775
3776 // First call prepare in order to create cpBuffer.
3777 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3778 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
3779 CheckPassed( rval );
3780
3781 // Configure command authorization area, except for HMAC.
3782 nvCmdAuths.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
3783 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
3784 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
3785 *( (UINT8 *)((void *)&sessionAttributes ) ) = 0;
3786 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
3787 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
3788
3789 // Roll nonces for command
3790 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3791
3792 // Complete command authorization area, by computing
3793 // HMAC and setting it in nvCmdAuths.
3794 rval = ComputeCommandHmacs( sysContext,
3795 TPM20_INDEX_PASSWORD_TEST,
3796 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3797 TPM_RC_FAILURE );
3798 CheckPassed( rval );
3799
3800 // Finally!! Write the data to the NV index.
3801 // If the command is successful, the command
3802 // HMAC was correct.
3803 sessionCmdRval = Tss2_Sys_NV_Write( sysContext,
3804 TPM20_INDEX_PASSWORD_TEST,
3805 TPM20_INDEX_PASSWORD_TEST,
3806 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
3807 CheckPassed( sessionCmdRval );
3808
3809 // Roll nonces for response
3810 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3811
3812 if( sessionCmdRval == TPM_RC_SUCCESS )
3813 {
3814 // If the command was successful, check the
3815 // response HMAC to make sure that the
3816 // response was received correctly.
3817 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3818 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3819 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3820 CheckPassed( rval );
3821 }
3822
3823 rval = Tss2_Sys_PolicyAuthValue( sysContext, nvSession->sessionHandle, 0, 0 );
3824 CheckPassed( rval );
3825
3826 // First call prepare in order to create cpBuffer.
3827 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3828 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
3829 CheckPassed( rval );
3830
3831 // Roll nonces for command
3832 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3833
3834 // End the session after next command.
3835 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
3836
3837 // Complete command authorization area, by computing
3838 // HMAC and setting it in nvCmdAuths.
3839 rval = ComputeCommandHmacs( sysContext,
3840 TPM20_INDEX_PASSWORD_TEST,
3841 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3842 TPM_RC_FAILURE );
3843 CheckPassed( rval );
3844
3845 // And now read the data back.
3846 // If the command is successful, the command
3847 // HMAC was correct.
3848 sessionCmdRval = Tss2_Sys_NV_Read( sysContext,
3849 TPM20_INDEX_PASSWORD_TEST,
3850 TPM20_INDEX_PASSWORD_TEST,
3851 &nvCmdAuths, sizeof( dataToWrite ), 0,
3852 &nvReadData, &nvRspAuths );
3853 CheckPassed( sessionCmdRval );
3854
3855 // Roll nonces for response
3856 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3857
3858 if( sessionCmdRval == TPM_RC_SUCCESS )
3859 {
3860 // If the command was successful, check the
3861 // response HMAC to make sure that the
3862 // response was received correctly.
3863 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3864 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3865 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3866 CheckPassed( rval );
3867 }
3868
3869 // Check that write and read data are equal.
3870 if( memcmp( (void *)&nvReadData.t.buffer[0],
3871 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
3872 {
3873 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
3874 Cleanup();
3875 }
3876
3877 //
3878 // Now cleanup: undefine the NV index and delete
3879 // the NV index's entity table entry.
3880 //
3881
3882 // Setup authorization for undefining the NV index.
3883 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
3884 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
3885 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
3886
3887 // Undefine the NV index.
3888 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
3889 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
3890 &nvCmdAuths, 0 );
3891 CheckPassed( rval );
3892
3893 // Delete the NV index's entry in the entity table.
3894 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
3895 CheckPassed( rval );
3896}
3897
3898void SimpleHmacTest()
3899{
3900 UINT32 rval, sessionCmdRval;
3901 TPM2B_AUTH nvAuth;
3902 SESSION *nvSession;
3903 TPMA_NV nvAttributes;
3904 TPM2B_DIGEST authPolicy;
3905 TPM2B_NAME nvName;
3906 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
3907 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
3908 char sharedSecret[] = "shared secret";
3909 int i;
3910 TPM2B_ENCRYPTED_SECRET encryptedSalt;
3911 TPMT_SYM_DEF symmetric;
3912 TPMA_SESSION sessionAttributes;
3913
3914 // Command authorization area: one password session.
3915 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
3916 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
3917 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
3918
3919 // Response authorization area.
3920 TPMS_AUTH_RESPONSE nvRspAuth;
3921 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
3922 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
3923 TPM2B_NONCE nonceCaller;
3924
3925 nonceCaller.t.size = 0;
3926
3927 TpmClientPrintf( 0, "\nSIMPLE HMAC SESSION TEST:\n" );
3928
3929 //
3930 // Create NV index.
3931 //
3932
3933 // Setup the NV index's authorization value.
3934 nvAuth.t.size = strlen( sharedSecret );
3935 for( i = 0; i < nvAuth.t.size; i++ )
3936 nvAuth.t.buffer[i] = sharedSecret[i];
3937
3938 // Set NV index's authorization policy
3939 // to zero sized policy since we won't be
3940 // using policy to authorize.
3941 authPolicy.t.size = 0;
3942
3943 // Now set the NV index's attributes:
3944 // policyRead, authWrite, and platormCreate.
3945 *(UINT32 *)( (void *)&nvAttributes ) = 0;
3946 nvAttributes.TPMA_NV_AUTHREAD = 1;
3947 nvAttributes.TPMA_NV_AUTHWRITE = 1;
3948 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
3949
3950 // Create the NV index.
3951 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
3952 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
3953 TPM_ALG_SHA256, nvAttributes, 32 );
3954 CheckPassed( rval );
3955
3956 // Add index and associated authorization value to
3957 // entity table. This helps when we need
3958 // to calculate HMACs.
3959 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
3960 CheckPassed( rval );
3961
3962 // Get the name of the NV index.
3963 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST,
3964 &nvName );
3965 CheckPassed( rval );
3966
3967 //
3968 // Start HMAC authorization session: it's an
3969 // unbound and unsalted session, no symmetric
3970 // encryption algorithm, and SHA256 is the session's
3971 // hash algorithm.
3972 //
3973
3974 // Zero sized encrypted salt, since the session
3975 // is unsalted.
3976 encryptedSalt.t.size = 0;
3977
3978 // No symmetric algorithm.
3979 symmetric.algorithm = TPM_ALG_NULL;
3980
3981 // Create the session.
3982 // Session state (session handle, nonces, etc.) gets
3983 // saved into nvSession structure for later use.
3984 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
3985 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
3986 &symmetric, TPM_ALG_SHA256 );
3987 CheckPassed( rval );
3988
3989 // Get the name of the session and save it in
3990 // the nvSession structure.
3991 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
3992 &nvSession->name );
3993 CheckPassed( rval );
3994
3995 // Initialize NV write data.
3996 nvWriteData.t.size = sizeof( dataToWrite );
3997 for( i = 0; i < nvWriteData.t.size; i++ )
3998 {
3999 nvWriteData.t.buffer[i] = dataToWrite[i];
4000 }
4001
4002 //
4003 // Now setup for writing the NV index.
4004 //
4005
4006 // First call prepare in order to create cpBuffer.
4007 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
4008 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4009 CheckPassed( rval );
4010
4011 // Configure command authorization area, except for HMAC.
4012 nvCmdAuths.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
4013 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
4014 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4015 *( (UINT8 *)(&sessionAttributes ) ) = 0;
4016 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
4017 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
4018
4019 // Roll nonces for command
4020 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4021
4022 // Complete command authorization area, by computing
4023 // HMAC and setting it in nvCmdAuths.
4024 rval = ComputeCommandHmacs( sysContext,
4025 TPM20_INDEX_PASSWORD_TEST,
4026 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4027 TPM_RC_FAILURE );
4028 CheckPassed( rval );
4029
4030 // Finally!! Write the data to the NV index.
4031 // If the command is successful, the command
4032 // HMAC was correct.
4033 sessionCmdRval = Tss2_Sys_NV_Write( sysContext,
4034 TPM20_INDEX_PASSWORD_TEST,
4035 TPM20_INDEX_PASSWORD_TEST,
4036 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
4037 CheckPassed( sessionCmdRval );
4038
4039 // Roll nonces for response
4040 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4041
4042 if( sessionCmdRval == TPM_RC_SUCCESS )
4043 {
4044 // If the command was successful, check the
4045 // response HMAC to make sure that the
4046 // response was received correctly.
4047 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
4048 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4049 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4050 CheckPassed( rval );
4051 }
4052
4053 // First call prepare in order to create cpBuffer.
4054 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
4055 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
4056 CheckPassed( rval );
4057
4058 // Roll nonces for command
4059 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4060
4061 // End the session after next command.
4062 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
4063
4064 // Complete command authorization area, by computing
4065 // HMAC and setting it in nvCmdAuths.
4066 rval = ComputeCommandHmacs( sysContext,
4067 TPM20_INDEX_PASSWORD_TEST,
4068 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4069 TPM_RC_FAILURE );
4070 CheckPassed( rval );
4071
4072 // And now read the data back.
4073 // If the command is successful, the command
4074 // HMAC was correct.
4075 sessionCmdRval = Tss2_Sys_NV_Read( sysContext,
4076 TPM20_INDEX_PASSWORD_TEST,
4077 TPM20_INDEX_PASSWORD_TEST,
4078 &nvCmdAuths, sizeof( dataToWrite ), 0,
4079 &nvReadData, &nvRspAuths );
4080 CheckPassed( sessionCmdRval );
4081
4082 // Roll nonces for response
4083 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4084
4085 if( sessionCmdRval == TPM_RC_SUCCESS )
4086 {
4087 // If the command was successful, check the
4088 // response HMAC to make sure that the
4089 // response was received correctly.
4090 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
4091 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4092 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4093 CheckPassed( rval );
4094 }
4095
4096 // Check that write and read data are equal.
4097 if( memcmp( (void *)&nvReadData.t.buffer[0],
4098 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
4099 {
4100 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
4101 Cleanup();
4102 }
4103
4104 //
4105 // Now cleanup: undefine the NV index and delete
4106 // the NV index's entity table entry.
4107 //
4108
4109 // Setup authorization for undefining the NV index.
4110 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4111 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
4112 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
4113
4114 // Undefine the NV index.
4115 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
4116 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
4117 &nvCmdAuths, 0 );
4118 CheckPassed( rval );
4119
4120 // Delete the NV index's entry in the entity table.
4121 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
4122 CheckPassed( rval );
4123
4124 rval = EndAuthSession( nvSession );
4125
4126 CheckPassed( rval );
4127}
4128
4129
4130void SimpleHmacOrPolicyTest( bool hmacTest )
4131{
4132 UINT32 rval, sessionCmdRval;
4133 TPM2B_AUTH nvAuth;
4134 SESSION *nvSession, *trialPolicySession;
4135 TPMA_NV nvAttributes;
4136 TPM2B_DIGEST authPolicy;
4137 TPM2B_NAME nvName;
4138 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
4139 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
4140 char sharedSecret[] = "shared secret";
4141 int i;
4142 TPM2B_ENCRYPTED_SECRET encryptedSalt;
4143 TPMT_SYM_DEF symmetric;
4144 TPMA_SESSION sessionAttributes;
4145 TPM_SE tpmSe;
4146 char *testString;
4147 char testStringHmac[] = "HMAC";
4148 char testStringPolicy[] = "POLICY";
4149
4150 // Command authorization area: one password session.
4151 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
4152 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
4153 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
4154
4155 // Response authorization area.
4156 TPMS_AUTH_RESPONSE nvRspAuth;
4157 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
4158 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
4159
4160 TSS2_SYS_CONTEXT *simpleTestContext;
4161 TPM2B_NONCE nonceCaller;
4162
4163 nonceCaller.t.size = 0;
4164
4165 if( hmacTest )
4166 testString = testStringHmac;
4167 else
4168 testString = testStringPolicy;
4169
4170 TpmClientPrintf( 0, "\nSIMPLE %s SESSION TEST:\n", testString );
4171
4172 // Create sysContext structure.
4173 simpleTestContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
4174 if( simpleTestContext == 0 )
4175 {
4176 InitSysContextFailure();
4177 }
4178
4179 // Setup the NV index's authorization value.
4180 nvAuth.t.size = strlen( sharedSecret );
4181 for( i = 0; i < nvAuth.t.size; i++ )
4182 nvAuth.t.buffer[i] = sharedSecret[i];
4183
4184 //
4185 // Create NV index.
4186 //
4187 if( hmacTest )
4188 {
4189 // Setup the NV index's authorization value.
4190 nvAuth.t.size = strlen( sharedSecret );
4191 for( i = 0; i < nvAuth.t.size; i++ )
4192 nvAuth.t.buffer[i] = sharedSecret[i];
4193
4194 // Set NV index's authorization policy
4195 // to zero sized policy since we won't be
4196 // using policy to authorize.
4197
4198 authPolicy.t.size = 0;
4199 }
4200 else
4201 {
4202 // Zero sized encrypted salt, since the session
4203 // is unsalted.
4204
4205 encryptedSalt.t.size = 0;
4206
4207 // No symmetric algorithm.
4208 symmetric.algorithm = TPM_ALG_NULL;
4209
4210 //
4211 // Create the NV index's authorization policy
4212 // using a trial policy session.
4213 //
4214 rval = StartAuthSessionWithParams( &trialPolicySession,
4215 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt,
4216 TPM_SE_TRIAL,
4217 &symmetric, TPM_ALG_SHA256 );
4218 CheckPassed( rval );
4219
4220 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4221 trialPolicySession->sessionHandle, 0, 0 );
4222 CheckPassed( rval );
4223
4224 // Get policy digest.
4225 rval = Tss2_Sys_PolicyGetDigest( simpleTestContext,
4226 trialPolicySession->sessionHandle,
4227 0, &authPolicy, 0 );
4228 CheckPassed( rval );
4229
4230 // End the trial session by flushing it.
4231 rval = Tss2_Sys_FlushContext( simpleTestContext,
4232 trialPolicySession->sessionHandle );
4233 CheckPassed( rval );
4234
4235 // And remove the trial policy session from
4236 // sessions table.
4237 rval = EndAuthSession( trialPolicySession );
4238 CheckPassed( rval );
4239 }
4240
4241 // Now set the NV index's attributes:
4242 // policyRead, authWrite, and platormCreate.
4243 *(UINT32 *)( &nvAttributes ) = 0;
4244 if( hmacTest )
4245 {
4246 nvAttributes.TPMA_NV_AUTHREAD = 1;
4247 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4248 }
4249 else
4250 {
4251 nvAttributes.TPMA_NV_POLICYREAD = 1;
4252 nvAttributes.TPMA_NV_POLICYWRITE = 1;
4253 }
4254 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4255
4256 // Create the NV index.
4257 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
4258 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
4259 TPM_ALG_SHA256, nvAttributes, 32 );
4260 CheckPassed( rval );
4261
4262 // Add index and associated authorization value to
4263 // entity table. This helps when we need
4264 // to calculate HMACs.
4265 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
4266 CheckPassed( rval );
4267
4268 // Get the name of the NV index.
4269 rval = (*HandleToNameFunctionPtr)(
4270 TPM20_INDEX_PASSWORD_TEST,
4271 &nvName );
4272 CheckPassed( rval );
4273
4274
4275 //
4276 // Start HMAC or real (non-trial) policy authorization session:
4277 // it's an unbound and unsalted session, no symmetric
4278 // encryption algorithm, and SHA256 is the session's
4279 // hash algorithm.
4280 //
4281
4282 // Zero sized encrypted salt, since the session
4283 // is unsalted.
4284 encryptedSalt.t.size = 0;
4285
4286 // No symmetric algorithm.
4287 symmetric.algorithm = TPM_ALG_NULL;
4288
4289 // Create the session, hmac or policy depending
4290 // on hmacTest.
4291 // Session state (session handle, nonces, etc.) gets
4292 // saved into nvSession structure for later use.
4293 if( hmacTest )
4294 tpmSe = TPM_SE_HMAC;
4295 else
4296 tpmSe = TPM_SE_POLICY;
4297
4298 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
4299 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, tpmSe,
4300 &symmetric, TPM_ALG_SHA256 );
4301 CheckPassed( rval );
4302
4303 // Get the name of the session and save it in
4304 // the nvSession structure.
4305 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
4306 &(nvSession->name) );
4307 CheckPassed( rval );
4308
4309 // Initialize NV write data.
4310 nvWriteData.t.size = sizeof( dataToWrite );
4311 for( i = 0; i < nvWriteData.t.size; i++ )
4312 {
4313 nvWriteData.t.buffer[i] = dataToWrite[i];
4314 }
4315
4316 //
4317 // Now setup for writing the NV index.
4318 //
4319 if( !hmacTest )
4320 {
4321 // Send policy command.
4322 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4323 nvSession->sessionHandle, 0, 0 );
4324 CheckPassed( rval );
4325 }
4326
4327 // First call prepare in order to create cpBuffer.
4328 rval = Tss2_Sys_NV_Write_Prepare( simpleTestContext,
4329 TPM20_INDEX_PASSWORD_TEST,
4330 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4331 CheckPassed( rval );
4332
4333 // Configure command authorization area, except for HMAC.
4334 nvCmdAuths.cmdAuths[0]->sessionHandle =
4335 nvSession->sessionHandle;
4336 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
4337 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4338 *( (UINT8 *)(&sessionAttributes ) ) = 0;
4339 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
4340 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
4341
4342 // Roll nonces for command
4343 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4344
4345 // Complete command authorization area, by computing
4346 // HMAC and setting it in nvCmdAuths.
4347 rval = ComputeCommandHmacs( simpleTestContext,
4348 TPM20_INDEX_PASSWORD_TEST,
4349 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4350 TPM_RC_FAILURE );
4351 CheckPassed( rval );
4352
4353 // Finally!! Write the data to the NV index.
4354 // If the command is successful, the command
4355 // HMAC was correct.
4356 sessionCmdRval = Tss2_Sys_NV_Write( simpleTestContext,
4357 TPM20_INDEX_PASSWORD_TEST,
4358 TPM20_INDEX_PASSWORD_TEST,
4359 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
4360 CheckPassed( sessionCmdRval );
4361
4362 // Roll nonces for response
4363 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4364
4365 if( sessionCmdRval == TPM_RC_SUCCESS )
4366 {
4367 // If the command was successful, check the
4368 // response HMAC to make sure that the
4369 // response was received correctly.
4370 rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
4371 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4372 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4373 CheckPassed( rval );
4374 }
4375
4376 if( !hmacTest )
4377 {
4378 // Send policy command.
4379 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4380 nvSession->sessionHandle, 0, 0 );
4381 CheckPassed( rval );
4382 }
4383 // First call prepare in order to create cpBuffer.
4384 rval = Tss2_Sys_NV_Read_Prepare( simpleTestContext,
4385 TPM20_INDEX_PASSWORD_TEST,
4386 TPM20_INDEX_PASSWORD_TEST,
4387 sizeof( dataToWrite ), 0 );
4388 CheckPassed( rval );
4389
4390 // Roll nonces for command
4391 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4392
4393 // End the session after next command.
4394 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
4395
4396 // Complete command authorization area, by computing
4397 // HMAC and setting it in nvCmdAuths.
4398 rval = ComputeCommandHmacs( simpleTestContext,
4399 TPM20_INDEX_PASSWORD_TEST,
4400 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4401 TPM_RC_FAILURE );
4402 CheckPassed( rval );
4403
4404 // And now read the data back.
4405 // If the command is successful, the command
4406 // HMAC was correct.
4407 sessionCmdRval = Tss2_Sys_NV_Read( simpleTestContext,
4408 TPM20_INDEX_PASSWORD_TEST,
4409 TPM20_INDEX_PASSWORD_TEST,
4410 &nvCmdAuths, sizeof( dataToWrite ), 0,
4411 &nvReadData, &nvRspAuths );
4412 CheckPassed( sessionCmdRval );
4413
4414 // Roll nonces for response
4415 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4416
4417 if( sessionCmdRval == TPM_RC_SUCCESS )
4418 {
4419 // If the command was successful, check the
4420 // response HMAC to make sure that the
4421 // response was received correctly.
4422 rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
4423 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4424 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4425 CheckPassed( rval );
4426 }
4427
4428 // Check that write and read data are equal.
4429 if( memcmp( (void *)&nvReadData.t.buffer[0],
4430 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
4431 {
4432 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
4433 Cleanup();
4434 }
4435
4436 //
4437 // Now cleanup: undefine the NV index and delete
4438 // the NV index's entity table entry.
4439 //
4440
4441 // Setup authorization for undefining the NV index.
4442 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4443 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
4444 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
4445
4446 // Undefine the NV index.
4447 rval = Tss2_Sys_NV_UndefineSpace( simpleTestContext,
4448 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
4449 &nvCmdAuths, 0 );
4450 CheckPassed( rval );
4451
4452 // Delete the NV index's entry in the entity table.
4453 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
4454 CheckPassed( rval );
4455
4456 // Remove the real session from sessions table.
4457 rval = EndAuthSession( nvSession );
4458
4459 CheckPassed( rval );
4460
4461 TeardownSysContext( &simpleTestContext );
4462}
4463
4464
4465typedef struct {
4466 TPMI_DH_OBJECT tpmKey;
4467 TPMI_DH_ENTITY bound;
4468 TPM2B_MAX_BUFFER *salt;
4469 char hmacTestDescription[50];
4470} HMAC_TEST_SETUP;
4471
4472TPM2B_MAX_BUFFER nullSalt = { { 0, { 0xa4 } }, };
4473TPM2B_MAX_BUFFER nonNullSalt = { { 2, { 0xa5, 0 } } };
4474
4475HMAC_TEST_SETUP hmacTestSetups[] =
4476{
4477 { TPM_RH_NULL, TPM_RH_NULL, &nullSalt, "UNBOUND/UNSALTED SESSION TEST" },
4478 { TPM_RH_NULL, TPM20_INDEX_PASSWORD_TEST, &nullSalt, "BOUND SESSION TEST" },
4479 { 0, TPM_RH_NULL, &nonNullSalt, "SALTED SESSION TEST" },
4480 { 0, TPM20_INDEX_PASSWORD_TEST, &nonNullSalt, "BOUND/SALTED SESSION TEST" },
4481};
4482
4483#define PLAINTEXT_SESSION 0
4484#define DECRYPT_SESSION 1
4485#define ENCRYPT_SESSION 2
4486
4487//UINT8 decryptEncryptSetups[] = { PLAINTEXT_SESSION, DECRYPT_SESSION, ENCRYPT_SESSION };
4488UINT8 decryptEncryptSetups[] = { PLAINTEXT_SESSION };
4489
4490#define CFB_MODE 0
4491#define XOR_MODE 1
4492
4493void HmacSessionTest()
4494{
4495 UINT32 rval;
4496 unsigned int i, j, k, decryptEncryptMode;
4497 TPM2B_MAX_NV_BUFFER nvWriteData;
4498 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
4499 TPM2B_NAME nvName;
4500 TPM_RC sessionCmdRval;
4501
4502 SESSION *nvSession;
4503 TSS2_SYS_CONTEXT *rdSysContext;
4504 TSS2_SYS_CONTEXT *wrSysContext;
4505 TPM2B_AUTH nvAuth;
4506 TPMT_SYM_DEF symmetric;
4507 TPM2B_NONCE nonceOlder;
4508
4509 // Create two sysContext structures.
4510 rdSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
4511 if( rdSysContext == 0 )
4512 {
4513 InitSysContextFailure();
4514 }
4515
4516 wrSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
4517 if( wrSysContext == 0 )
4518 {
4519 InitSysContextFailure();
4520 }
4521
4522 char sharedSecret[] = "shared secret";
4523
4524 char buffer1contents[] = "test";
4525 char buffer2contents[] = "string";
4526
4527 TPM2B_MAX_BUFFER buffer1;
4528 TPM2B_MAX_BUFFER buffer2;
4529
4530// TPM2B_IV ivIn, ivOut;
4531 TPM2B_MAX_NV_BUFFER nvData;
4532 TPM2B_ENCRYPTED_SECRET encryptedSalt;
4533
4534 encryptedSalt.t.size = 0;
4535// ivIn.t.size = 0;
4536// ivOut.t.size = 0;
4537
4538 buffer1.t.size = strlen( buffer1contents );
4539 memcpy (buffer1.t.buffer, buffer1contents, buffer1.t.size );
4540 buffer2.t.size = strlen( buffer2contents );
4541 memcpy (buffer2.t.buffer, buffer2contents, buffer2.t.size );
4542
4543
4544 for( j = 0; j < sizeof( hmacTestSetups ) / sizeof( HMAC_TEST_SETUP ); j++ )
4545 {
4546 if( hmacTestSetups[j].salt == &nonNullSalt )
4547 {
4548 hmacTestSetups[j].tpmKey = handle2048rsa;
4549 }
4550 }
4551 TpmClientPrintf( 0, "\nHMAC SESSION TESTS:\n" );
4552
4553 for( j = 0; j < sizeof( hmacTestSetups ) / sizeof( HMAC_TEST_SETUP ); j++ )
4554 {
4555 // Iterate through variations of decrypt and encrypt sessions.
4556 for( k = 0; k < sizeof( decryptEncryptSetups ); k++ )
4557 {
4558 for( decryptEncryptMode = CFB_MODE; decryptEncryptMode < XOR_MODE; decryptEncryptMode++ )
4559 {
4560 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
4561 TPMS_AUTH_RESPONSE sessionDataOut;
4562 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
4563 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
4564 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
4565 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
4566
4567 TPMT_RSA_DECRYPT inScheme;
4568 TPM2B_DATA label;
4569 TPM2B_DIGEST authPolicy;
4570 TPMA_NV nvAttributes;
4571
4572 TpmClientPrintf( 0, "\n\n%s:\n", hmacTestSetups[j].hmacTestDescription );
4573
4574 if( hmacTestSetups[j].tpmKey != TPM_RH_NULL )
4575 {
4576 sessionsData.cmdAuths[0]->hmac = loadedSha1KeyAuth;
4577 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4578 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4579 *( (UINT8 *)(&sessionData.sessionAttributes ) ) = 0;
4580
4581 inScheme.scheme = TPM_ALG_OAEP;
4582 inScheme.details.oaep.hashAlg = TPM_ALG_SHA1;
4583 memcpy( &( label.b.buffer ), "SECRET", 1 + strlen( "SECRET" ) );
4584 label.t.size = strlen( "SECRET" ) + 1;
4585
4586 // Encrypt salt with tpmKey.
4587 rval = Tss2_Sys_RSA_Encrypt( sysContext, handle2048rsa,
4588 0, (TPM2B_PUBLIC_KEY_RSA *)( hmacTestSetups[j].salt ),
4589 &inScheme, &label, (TPM2B_PUBLIC_KEY_RSA *)&encryptedSalt, 0 );
4590 CheckPassed( rval );
4591 }
4592
4593 // init hmac
4594 sessionData.hmac.t.size = 0;
4595
4596 // NOW CREATE THE INDEX
4597 authPolicy.t.size = 0;
4598
4599 nvAuth.t.size = strlen( sharedSecret );
4600 for( i = 0; i < nvAuth.t.size; i++ )
4601 nvAuth.t.buffer[i] = sharedSecret[i];
4602
4603 // Now set the attributes.
4604 *(UINT32 *)( &nvAttributes ) = 0;
4605 nvAttributes.TPMA_NV_AUTHREAD = 1;
4606 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4607 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4608
Will-nuc3ebfeb92015-10-29 15:53:27 -0400[diff] [blame]4609 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4610 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4611 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4612 sessionData.hmac.t.size = 0;
4613
4614 // Undefine the index in case a previous test failure left it defined.
4615 rval = Tss2_Sys_NV_UndefineSpace( wrSysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
4616
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]4617 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, &authPolicy,
4618 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA1, nvAttributes, 32 );
4619 CheckPassed( rval );
4620
4621 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
4622 CheckPassed( rval );
4623
4624 // Get the name using TPM function.
4625 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST, &nvName );
4626 CheckPassed( rval );
4627
4628 //
4629 // Start session
4630 //
4631 nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
4632 for( i = 0; i < nonceOlder.t.size; i++ )
4633 nonceOlder.t.buffer[i] = 0;
4634
4635 if( decryptEncryptSetups[k] == PLAINTEXT_SESSION )
4636 {
4637 symmetric.algorithm = TPM_ALG_NULL;
4638 }
4639 else if( decryptEncryptSetups[k] == DECRYPT_SESSION || decryptEncryptSetups[k] == ENCRYPT_SESSION )
4640 {
4641 if( decryptEncryptMode == CFB_MODE )
4642 {
4643 symmetric.algorithm = TPM_ALG_AES;
4644 symmetric.keyBits.aes = 128;
4645 symmetric.mode.aes = TPM_ALG_CFB;
4646 }
4647 else if( decryptEncryptMode == XOR_MODE )
4648 {
4649 symmetric.algorithm = TPM_ALG_XOR;
4650 symmetric.keyBits.exclusiveOr = TPM_ALG_SHA256;
4651 }
4652 }
4653
4654 rval = StartAuthSessionWithParams( &nvSession, hmacTestSetups[j].tpmKey,
4655 hmacTestSetups[j].salt, hmacTestSetups[j].bound, &nvAuth, &nonceOlder, &encryptedSalt,
4656 TPM_SE_HMAC, &symmetric, TPM_ALG_SHA1 );
4657 CheckPassed( rval );
4658
4659 // Get and print name of the session.
4660 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle, &nvSession->name );
4661 CheckPassed( rval );
4662
4663 OpenOutFile( &outFp );
4664 TpmClientPrintf( 0, "Name of authSession: " );
4665 PrintSizedBuffer( (TPM2B *)&nvSession->name );
4666 CloseOutFile( &outFp );
4667
4668 // Init write data.
4669 nvWriteData.t.size = sizeof( dataToWrite );
4670
4671 for( i = 0; i < nvWriteData.t.size; i++ )
4672 {
4673 nvWriteData.t.buffer[i] = dataToWrite[i];
4674 }
4675
4676 if( decryptEncryptSetups[k] == DECRYPT_SESSION )
4677 {
4678 if( decryptEncryptMode == CFB_MODE )
4679 {
4680// rval = EncryptCFB( &nvSession, &( nvWriteData.b ) );
4681 }
4682 else if( decryptEncryptMode == XOR_MODE )
4683 {
4684// rval = EncryptXOR( &nvSession, &( nvWriteData.b ) );
4685 }
4686 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 1;
4687 }
4688 else
4689 {
4690 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4691 }
4692 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4693
4694 CheckPassed( rval );
4695
4696 sessionsData.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
4697 sessionsData.cmdAuths[0]->nonce.t.size = 1;
4698 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4699
4700 // Roll nonces for command
4701 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4702
4703 // Now try writing with bad HMAC.
4704 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4705 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4706 CheckPassed( rval );
4707
4708 rval = ComputeCommandHmacs( wrSysContext,
4709 TPM20_INDEX_PASSWORD_TEST,
4710 TPM20_INDEX_PASSWORD_TEST, &sessionsData, TPM_RC_FAILURE );
4711 CheckPassed( rval );
4712
4713 // Diddle with HMAC to force failure
4714 sessionsData.cmdAuths[0]->hmac.t.buffer[0] =
4715 ~( sessionsData.cmdAuths[0]->hmac.t.buffer[0] );
4716
4717 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4718 TPM20_INDEX_PASSWORD_TEST,
4719 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4720 CheckFailed( sessionCmdRval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
4721
4722 // Since command failed, no need to roll nonces.
4723
4724 TestDictionaryAttackLockReset();
4725
4726 // Now try writing with good HMAC.
4727
4728 // Do stage 1 of NVRead, followed by stage 1 and 2 of NVWrite, followed by
4729 // stage 2 of NVRead. This tests that the staged processing is thread-safe.
4730 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4731 rval = Tss2_Sys_NV_Read_Prepare( rdSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
4732 CheckPassed( rval );
4733
4734 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
4735 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST,
4736 &nvWriteData, 0 );
4737 CheckPassed( rval );
4738
4739 rval = ComputeCommandHmacs( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4740 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4741 CheckPassed( rval );
4742
4743 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext,
4744 TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4745 CheckPassed( sessionCmdRval );
4746 if( sessionCmdRval == TPM_RC_SUCCESS )
4747 {
4748 // Roll nonces for response
4749 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4750
4751 rval = CheckResponseHMACs( wrSysContext, sessionCmdRval,
4752 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4753 CheckPassed( rval );
4754 }
4755
4756 // Roll nonces for command
4757 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4758
4759 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4760 rval = ComputeCommandHmacs( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4761 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4762 CheckPassed( rval );
4763
4764 if( decryptEncryptSetups[k] == ENCRYPT_SESSION )
4765 {
4766 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 1;
4767 }
4768 else
4769 {
4770 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4771 }
4772 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4773
4774 sessionCmdRval = Tss2_Sys_NV_Read( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4775 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sizeof( dataToWrite ), 0, &nvData, &sessionsDataOut );
4776 CheckPassed( sessionCmdRval );
4777 if( sessionCmdRval == TPM_RC_SUCCESS )
4778 {
4779 // Roll nonces for response
4780 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4781
4782 rval = CheckResponseHMACs( rdSysContext, sessionCmdRval,
4783 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4784 CheckPassed( rval );
4785
4786 if( decryptEncryptSetups[k] == ENCRYPT_SESSION )
4787 {
4788 if( decryptEncryptMode == CFB_MODE )
4789 {
4790// rval = EncryptCFB( nvSession, &( nvData.b ) );
4791 }
4792 else if( decryptEncryptMode == XOR_MODE )
4793 {
4794// rval = EncryptXOR( nvSession, &( nvData.b ) );
4795 }
4796 CheckPassed( rval );
4797 }
4798
4799 // Check that write actually worked.
4800 rval = CompareTPM2B( &(nvWriteData.b), &(nvData.b) );
4801 CheckPassed( rval );
4802 }
4803
4804 //
4805 // NOTE: When running against version of the simulator for TPM spec versions later
4806 // than version 0.98, in order for the session to act as a bound session when accessing
4807 // the bind entity, we will need to restart the session here since the name of the bound
4808 // entity changed.
4809 //
4810 if( hmacTestSetups[j].bound != TPM_RH_NULL )
4811 {
4812 rval = EndAuthSession( nvSession );
4813 CheckPassed( rval );
4814
4815 //
4816 // Start session
4817 //
4818 nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
4819 for( i = 0; i < nonceOlder.t.size; i++ )
4820 nonceOlder.t.buffer[i] = 0;
4821
4822 symmetric.algorithm = TPM_ALG_AES;
4823 symmetric.keyBits.aes = 128;
4824 symmetric.mode.aes = TPM_ALG_CFB;
4825
4826 rval = StartAuthSessionWithParams( &nvSession, hmacTestSetups[j].tpmKey, hmacTestSetups[j].salt, hmacTestSetups[j].bound, &nvAuth, &nonceOlder, &encryptedSalt, TPM_SE_HMAC, &symmetric, TPM_ALG_SHA1 );
4827 CheckPassed( rval );
4828
4829 CopySizedByteBuffer( &( nvSession->authValueBind.b ), &( nvAuth.b ) );
4830
4831 // Now try writing with good HMAC.
4832 sessionsData.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
4833 sessionsData.cmdAuths[0]->nonce.t.size = 1;
4834 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4835 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
4836 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 1;
4837
4838 // TBD: Need to encrypt data before sending.
4839
4840 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4841 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4842 CheckPassed( rval );
4843
4844 // Roll nonces for command
4845 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4846
4847 rval = ComputeCommandHmacs( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4848 TPM20_INDEX_PASSWORD_TEST, &sessionsData, TPM_RC_FAILURE );
4849 CheckPassed( rval );
4850
4851 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4852 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4853 CheckPassed( sessionCmdRval );
4854 if( sessionCmdRval == TPM_RC_SUCCESS )
4855 {
4856 // Roll nonces for response
4857 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4858
4859 rval = CheckResponseHMACs( wrSysContext, sessionCmdRval,
4860 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4861 CheckPassed( rval );
4862 }
4863
4864 // Need to do GetSessionAuditDigest to check that audit digest changed.
4865
4866 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4867 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 1;
4868 sessionsData.cmdAuths[0]->sessionAttributes.audit = 1;
4869
4870 rval = Tss2_Sys_NV_Read_Prepare( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4871 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
4872 CheckPassed( rval );
4873
4874 // Roll nonces for command
4875 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4876
4877 rval = ComputeCommandHmacs( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4878 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4879 CheckPassed( rval );
4880
4881 sessionCmdRval = Tss2_Sys_NV_Read( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4882 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sizeof( dataToWrite ), 0, &nvData, &sessionsDataOut );
4883 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4884 sessionsData.cmdAuths[0]->sessionAttributes.audit = 0;
4885 if( sessionCmdRval == TPM_RC_SUCCESS )
4886 {
4887 // Roll nonces for response
4888 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4889
4890 rval = CheckResponseHMACs( rdSysContext, sessionCmdRval,
4891 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4892 CheckPassed( rval );
4893 }
4894
4895 // TBD: Need to decrypt response data.
4896
4897 CheckPassed( rval );
4898 // TBD: Need to do GetSessionAuditDigest to check that audit digest changed.
4899 }
4900
4901 // Removed comparison for now until we figure out how to properly
4902 // encrypt data before writing to NV index.
4903 // rval = CompareTPM2B( &(nvWriteData.b), &(nvData.b) );
4904 // CheckPassed( rval );
4905
4906 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4907 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4908 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4909 sessionData.hmac.t.size = 0;
4910 // Now undefine the index.
4911 rval = Tss2_Sys_NV_UndefineSpace( wrSysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
4912 CheckPassed( rval );
4913 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
4914 CheckPassed( rval );
4915 rval = EndAuthSession( nvSession );
4916 CheckPassed( rval );
4917 }
4918 }
4919 }
4920
4921 TeardownSysContext( &wrSysContext );
4922 TeardownSysContext( &rdSysContext );
4923
4924}
4925
4926UINT32 writeDataString = 0xdeadbeef;
4927
4928void TestEncryptDecryptSession()
4929{
4930 TSS2_RC rval = TSS2_RC_SUCCESS;
4931 SESSION *encryptDecryptSession;
4932 TPMT_SYM_DEF symmetric;
4933 TPM2B_MAX_NV_BUFFER writeData, encryptedWriteData;
4934 TPM2B_MAX_NV_BUFFER encryptedReadData, decryptedReadData,
4935 readData;
4936 size_t decryptParamSize;
4937 uint8_t *decryptParamBuffer;
4938 size_t encryptParamSize;
4939 uint8_t *encryptParamBuffer;
4940 TPM2B_AUTH nvAuth;
4941 TPM2B_DIGEST authPolicy;
4942 TPMA_NV nvAttributes;
4943 int i;
4944 TPMA_SESSION sessionAttributes;
4945 TPM2B_NONCE nonceCaller;
4946
4947 nonceCaller.t.size = 0;
4948
4949 // Authorization structure for undefine command.
4950 TPMS_AUTH_COMMAND nvUndefineAuth;
4951
4952 // Create and init authorization area for undefine command:
4953 // only 1 authorization area.
4954 TPMS_AUTH_COMMAND *nvUndefineAuthArray[1] = { &nvUndefineAuth };
4955
4956 // Authorization array for command (only has one auth structure).
4957 TSS2_SYS_CMD_AUTHS nvUndefineAuths = { 1, &nvUndefineAuthArray[0] };
4958
4959 TpmClientPrintf( 0, "\n\nDECRYPT/ENCRYPT SESSION TESTS:\n" );
4960
4961 writeData.t.size = sizeof( writeDataString );
4962 memcpy( (void *)&writeData.t.buffer, (void *)&writeDataString,
4963 sizeof( writeDataString ) );
4964
4965
4966 // Create NV index with empty auth value.
4967 *(UINT32 *)( (void *)&nvAttributes ) = 0;
4968 nvAttributes.TPMA_NV_AUTHREAD = 1;
4969 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4970 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4971
4972 // No authorization required.
4973 authPolicy.t.size = 0;
4974 nvAuth.t.size = 0;
4975 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
4976 &nvAuth, &authPolicy, TPM20_INDEX_TEST1,
4977 TPM_ALG_SHA1, nvAttributes,
4978 sizeof( writeDataString ) );
4979
4980 //
4981 // 1st pass with CFB mode.
4982 // 2nd pass with XOR mode.
4983 //
4984 for( i = 0; i < 2; i++ )
4985 {
4986 // Authorization structure for NV
4987 // read/write commands.
4988 TPMS_AUTH_COMMAND nvRdWrCmdAuth;
4989
4990 // Authorization structure for
4991 // encrypt/decrypt session.
4992 TPMS_AUTH_COMMAND decryptEncryptSessionCmdAuth;
4993
4994 // Create and init authorization area for
4995 // NV read/write commands:
4996 // 2 authorization areas.
4997 TPMS_AUTH_COMMAND *nvRdWrCmdAuthArray[2] =
4998 { &nvRdWrCmdAuth, &decryptEncryptSessionCmdAuth };
4999
5000 // Authorization array for commands
5001 // (has two auth structures).
5002 TSS2_SYS_CMD_AUTHS nvRdWrCmdAuths =
5003 { 2, &nvRdWrCmdAuthArray[0] };
5004
5005 // Authorization structure for NV read/write responses.
5006 TPMS_AUTH_RESPONSE nvRdWrRspAuth;
5007 // Authorization structure for decrypt/encrypt
5008 // session responses.
5009 TPMS_AUTH_RESPONSE decryptEncryptSessionRspAuth;
5010
5011 // Create and init authorization area for NV
5012 // read/write responses: 2 authorization areas.
5013 TPMS_AUTH_RESPONSE *nvRdWrRspAuthArray[2] =
5014 { &nvRdWrRspAuth, &decryptEncryptSessionRspAuth };
5015 // Authorization array for responses
5016 // (has two auth structures).
5017 TSS2_SYS_RSP_AUTHS nvRdWrRspAuths =
5018 { 2, &nvRdWrRspAuthArray[0] };
5019
5020 // Setup session parameters.
5021 if( i == 0 )
5022 {
5023 // AES encryption/decryption and CFB mode.
5024 symmetric.algorithm = TPM_ALG_AES;
5025 symmetric.keyBits.aes = 128;
5026 symmetric.mode.aes = TPM_ALG_CFB;
5027 }
5028 else
5029 {
5030 // XOR encryption/decryption.
5031 symmetric.algorithm = TPM_ALG_XOR;
5032 symmetric.keyBits.exclusiveOr = TPM_ALG_SHA256;
5033 }
5034
5035 // Start policy session for decrypt/encrypt session.
5036 rval = StartAuthSessionWithParams( &encryptDecryptSession,
5037 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_POLICY,
5038 &symmetric, TPM_ALG_SHA256 );
5039 CheckPassed( rval );
5040
5041 //
5042 // Write TPM index with encrypted parameter used
5043 // as the data to write. Set session for encrypt.
5044 // Use asyncronous APIs to do this.
5045 //
5046 // 1st time: use null buffer, 2nd time use populated one;
5047 // this tests different cases for SetDecryptParam function.
5048 //
5049
5050 // Prepare the input parameters, using unencypted
5051 // write data. This will be encrypted before the
5052 // command is sent to the TPM.
5053 rval = Tss2_Sys_NV_Write_Prepare( sysContext,
5054 TPM20_INDEX_TEST1, TPM20_INDEX_TEST1,
5055 ( i == 0 ? (TPM2B_MAX_NV_BUFFER *)0 : &writeData ),
5056 0 );
5057 CheckPassed( rval );
5058
5059 // Set up password authorization session structure.
5060 nvRdWrCmdAuth.sessionHandle = TPM_RS_PW;
5061 nvRdWrCmdAuth.nonce.t.size = 0;
5062 *( (UINT8 *)((void *)&nvRdWrCmdAuth.sessionAttributes ) ) = 0;
5063 nvRdWrCmdAuth.hmac.t.size = nvAuth.t.size;
5064 memcpy( (void *)&nvRdWrCmdAuth.hmac.t.buffer[0],
5065 (void *)&nvAuth.t.buffer[0],
5066 nvRdWrCmdAuth.hmac.t.size );
5067
5068 // Set up encrypt/decrypt session structure.
5069 decryptEncryptSessionCmdAuth.sessionHandle =
5070 encryptDecryptSession->sessionHandle;
5071 decryptEncryptSessionCmdAuth.nonce.t.size = 0;
5072 *( (UINT8 *)((void *)&sessionAttributes ) ) = 0;
5073 decryptEncryptSessionCmdAuth.sessionAttributes =
5074 sessionAttributes;
5075 decryptEncryptSessionCmdAuth.sessionAttributes.continueSession
5076 = 1;
5077 decryptEncryptSessionCmdAuth.sessionAttributes.decrypt = 1;
5078 decryptEncryptSessionCmdAuth.hmac.t.size = 0;
5079
5080 rval = Tss2_Sys_SetCmdAuths( sysContext, &nvRdWrCmdAuths );
5081 CheckPassed( rval );
5082
5083 // Get decrypt parameter.
5084 rval = Tss2_Sys_GetDecryptParam( sysContext,
5085 &decryptParamSize,
5086 (const uint8_t **)&decryptParamBuffer );
5087 CheckPassed( rval );
5088
5089 if( i == 0 )
5090 {
5091 // 1st pass: test case of Prepare inputting a NULL decrypt
5092 // param; decryptParamSize should be 0.
5093 if( decryptParamSize != 0 )
5094 {
5095 TpmClientPrintf( 0, "ERROR!! decryptParamSize != 0\n" );
5096 Cleanup();
5097 }
5098 }
5099
5100 // Roll nonces for command.
5101 RollNonces( encryptDecryptSession,
5102 &decryptEncryptSessionCmdAuth.nonce );
5103
5104 // Encrypt write data.
5105 rval = EncryptCommandParam( encryptDecryptSession,
5106 (TPM2B_MAX_BUFFER *)&encryptedWriteData,
5107 (TPM2B_MAX_BUFFER *)&writeData, &nvAuth );
5108 CheckPassed( rval );
5109
5110 // Now set decrypt parameter.
5111 rval = Tss2_Sys_SetDecryptParam( sysContext,
5112 (uint8_t )encryptedWriteData.t.size,
5113 (uint8_t *)&encryptedWriteData.t.buffer[0] );
5114 CheckPassed( rval );
5115
5116 // Now write the data to the NV index.
5117 rval = Tss2_Sys_ExecuteAsync( sysContext );
5118 CheckPassed( rval );
5119
5120 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
5121 CheckPassed( rval );
5122
5123 rval = Tss2_Sys_GetRspAuths( sysContext, &nvRdWrRspAuths );
5124 CheckPassed( rval );
5125
5126 // Roll the nonces for response
5127 RollNonces( encryptDecryptSession,
5128 &nvRdWrRspAuths.rspAuths[1]->nonce );
5129
5130
5131 // Don't need nonces for anything else, so roll
5132 // the nonces for next command.
5133 RollNonces( encryptDecryptSession,
5134 &decryptEncryptSessionCmdAuth.nonce );
5135
5136 // Now read the data without encrypt set.
5137 nvRdWrCmdAuths.cmdAuthsCount = 1;
5138 nvRdWrRspAuths.rspAuthsCount = 1;
5139 rval = Tss2_Sys_NV_Read( sysContext, TPM20_INDEX_TEST1,
5140 TPM20_INDEX_TEST1, &nvRdWrCmdAuths,
5141 sizeof( writeDataString ), 0, &readData,
5142 &nvRdWrRspAuths );
5143 CheckPassed( rval );
5144 nvRdWrCmdAuths.cmdAuthsCount = 2;
5145 nvRdWrRspAuths.rspAuthsCount = 2;
5146
5147 // Roll the nonces for response
5148 RollNonces( encryptDecryptSession,
5149 &nvRdWrRspAuths.rspAuths[1]->nonce );
5150
5151 // Check that write and read data are equal. This
5152 // verifies that the decrypt session was setup correctly.
5153 // If it wasn't, the data stored in the TPM would still
5154 // be encrypted, and this test would fail.
5155 if( memcmp( (void *)&readData.t.buffer[0],
5156 (void *)&writeData.t.buffer[0], readData.t.size ) )
5157 {
5158 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
5159 Cleanup();
5160 }
5161
5162 //
5163 // Read TPM index with encrypt session; use
5164 // syncronous APIs to do this.
5165 //
5166
5167 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_TEST1,
5168 TPM20_INDEX_TEST1, sizeof( writeDataString ), 0 );
5169 CheckPassed( rval );
5170
5171 // Roll the nonces for next command.
5172 RollNonces( encryptDecryptSession,
5173 &decryptEncryptSessionCmdAuth.nonce );
5174
5175 decryptEncryptSessionCmdAuth.sessionAttributes.decrypt = 0;
5176 decryptEncryptSessionCmdAuth.sessionAttributes.encrypt = 1;
5177 decryptEncryptSessionCmdAuth.sessionAttributes.continueSession =
5178 1;
5179
5180 rval = Tss2_Sys_SetCmdAuths( sysContext, &nvRdWrCmdAuths );
5181 CheckPassed( rval );
5182
5183 //
5184 // Now Read the data.
5185 //
5186 rval = Tss2_Sys_Execute( sysContext );
5187 CheckPassed( rval );
5188
5189 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize,
5190 (const uint8_t **)&encryptParamBuffer );
5191 CheckPassed( rval );
5192
5193 rval = Tss2_Sys_GetRspAuths( sysContext, &nvRdWrRspAuths );
5194 CheckPassed( rval );
5195
5196 // Roll the nonces for response
5197 RollNonces( encryptDecryptSession,
5198 &nvRdWrRspAuths.rspAuths[1]->nonce );
5199
5200 // Decrypt read data.
5201 encryptedReadData.t.size = encryptParamSize;
5202 memcpy( (void *)&encryptedReadData.t.buffer[0],
5203 (void *)encryptParamBuffer, encryptParamSize );
5204 rval = DecryptResponseParam( encryptDecryptSession,
5205 (TPM2B_MAX_BUFFER *)&decryptedReadData,
5206 (TPM2B_MAX_BUFFER *)&encryptedReadData, &nvAuth );
5207 CheckPassed( rval );
5208
5209 // Roll the nonces.
5210 RollNonces( encryptDecryptSession,
5211 &nvRdWrRspAuths.rspAuths[1]->nonce );
5212
5213 rval = Tss2_Sys_SetEncryptParam( sysContext,
5214 (uint8_t)decryptedReadData.t.size,
5215 (uint8_t *)&decryptedReadData.t.buffer[0] );
5216 CheckPassed( rval );
5217
5218 // Get the command results, in this case the read data.
5219 rval = Tss2_Sys_NV_Read_Complete( sysContext, &readData );
5220 CheckPassed( rval );
5221
5222 TpmClientPrintf( 0, "Decrypted read data = " );
5223 DEBUG_PRINT_BUFFER( &readData.t.buffer[0], (UINT32 )readData.t.size );
5224
5225 // Check that write and read data are equal.
5226 if( memcmp( (void *)&readData.t.buffer[0],
5227 (void *)&writeData.t.buffer[0], readData.t.size ) )
5228 {
5229 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
5230 Cleanup();
5231 }
5232
5233 rval = Tss2_Sys_FlushContext( sysContext,
5234 encryptDecryptSession->sessionHandle );
5235 CheckPassed( rval );
5236
5237 rval = EndAuthSession( encryptDecryptSession );
5238 CheckPassed( rval );
5239 }
5240
5241 // Set authorization for NV undefine command.
5242 nvUndefineAuth.sessionHandle = TPM_RS_PW;
5243 nvUndefineAuth.nonce.t.size = 0;
5244 *( (UINT8 *)((void *)&nvUndefineAuth.sessionAttributes ) ) = 0;
5245 nvUndefineAuth.hmac.t.size = 0;
5246
5247 // Undefine NV index.
5248 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
5249 TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &nvUndefineAuths, 0 );
5250 CheckPassed( rval );
5251}
5252
5253
5254void TestRsaEncryptDecrypt()
5255{
5256 TPM2B_SENSITIVE_CREATE inSensitive;
5257 TPM2B_PUBLIC inPublic;
5258 TPMS_AUTH_COMMAND sessionData;
5259 TPMS_AUTH_RESPONSE sessionDataOut;
5260 TPM2B_DATA outsideInfo;
5261 TPML_PCR_SELECTION creationPCR;
5262 TPM_RC rval;
5263 TPM2B_PRIVATE outPrivate;
5264 TPM2B_PUBLIC outPublic;
5265 TPM2B_CREATION_DATA creationData;
5266 TPM2B_DIGEST creationHash;
5267 TPMT_TK_CREATION creationTicket;
5268 TPM2B_NAME rsaKeyName;
5269
5270 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
5271 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
5272
5273 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
5274 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
5275
5276 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
5277 inSensitive.t.sensitive.data.t.size = 0;
5278
5279 // Init nonce.
5280 sessionData.nonce.t.size = 0;
5281
5282 // init hmac
5283 sessionData.hmac.t.size = 0;
5284
5285 // Init session attributes
5286 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
5287
5288 // Create public/private key pair.
5289 inPublic.t.publicArea.type = TPM_ALG_RSA;
5290 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
5291 *(UINT32 *)( (void *)&( inPublic.t.publicArea.objectAttributes ) ) = 0;
5292 inPublic.t.publicArea.objectAttributes.decrypt = 1;
5293 inPublic.t.publicArea.authPolicy.t.size = 0;
5294
5295 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
5296 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
5297 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CTR;
5298 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
5299 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
5300 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
5301 inPublic.t.publicArea.unique.rsa.t.size = 0;
5302
5303 outsideInfo.t.size = 0;
5304 outPublic.t.size = 0;
5305 creationData.t.size = 0;
5306 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
5307 &outsideInfo, &creationPCR,
5308 &outPrivate, &outPublic, &creationData,
5309 &creationHash, &creationTicket, &sessionsDataOut );
5310
5311 CheckPassed( rval );
5312
5313 // Load private key into TPM
5314 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, 0, &outPrivate, &outPublic,
5315 &loadedSha1KeyHandle, &rsaKeyName, &sessionsDataOut);
5316 CheckPassed( rval );
5317
5318
5319
5320 // Encrypt message with public key
5321
5322 // Print encrypted message.
5323
5324 // Decrypt message with private key.
5325
5326 // Print decrypted message.
5327
5328}
5329
5330
5331void GetSetDecryptParamTests()
5332{
5333 TPM2B_MAX_NV_BUFFER nvWriteData = { { 4, { 0xde, 0xad, 0xbe, 0xef, } } };
5334 TPM2B_MAX_NV_BUFFER nvWriteData1 = { { 4, { 0x01, 0x01, 0x02, 0x03, } } };
5335 const uint8_t *decryptParamBuffer;
5336 size_t decryptParamSize;
5337 size_t cpBufferUsedSize1, cpBufferUsedSize2;
5338 const uint8_t *cpBuffer1, *cpBuffer2;
5339 TSS2_RC rval;
5340 int i;
5341 TSS2_SYS_CONTEXT *decryptParamTestSysContext;
5342
5343 TpmClientPrintf( 0, "\nGET/SET DECRYPT PARAM TESTS:\n" );
5344
5345 // Create two sysContext structures.
5346 decryptParamTestSysContext = InitSysContext( MAX_NV_BUFFER_SIZE, resMgrTctiContext, &abiVersion );
5347 if( decryptParamTestSysContext == 0 )
5348 {
5349 InitSysContextFailure();
5350 }
5351
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5352 // Test for bad sequence: Tss2_Sys_GetDecryptParam
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5353 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5354 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5355
5356 // Test for bad sequence: Tss2_Sys_SetDecryptParam
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5357 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5358 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5359
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5360 // NOTE: Two tests for BAD_SEQUENCE for GetDecryptParam and SetDecryptParam after ExecuteAsync
5361 // are in the GetSetEncryptParamTests function, just because it's easier to do this way.
5362
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5363 // Do Prepare.
5364 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5365 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
5366 CheckPassed( rval );
5367
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5368 // Test for bad reference: Tss2_Sys_GetDecryptParam
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5369 rval = Tss2_Sys_GetDecryptParam( 0, &decryptParamSize, &decryptParamBuffer );
5370 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5371
5372 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, 0, &decryptParamBuffer );
5373 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5374
5375 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, 0 );
5376 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5377
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5378
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5379 // Test for bad reference: Tss2_Sys_SetDecryptParam
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5380 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, 0 );
5381 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5382
5383 rval = Tss2_Sys_SetDecryptParam( 0, 4, 0 );
5384 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5385
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5386
5387 // Test for bad size.
5388 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 5, &( nvWriteData.t.buffer[0] ) );
5389 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5390
5391 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 3, &( nvWriteData.t.buffer[0] ) );
5392 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5393
5394 // Test for good size.
5395 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5396 CheckPassed( rval );
5397
5398 // Make sure that the set operation really did the right thing.
5399 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5400 CheckPassed( rval );
5401 for( i = 0; i < 4; i++ )
5402 {
5403 if( decryptParamBuffer[i] != nvWriteData.t.buffer[i] )
5404 {
5405 TpmClientPrintf( 0, "ERROR!! decryptParamBuffer[%d] s/b: %2.2x, was: %2.2x\n", i, nvWriteData.t.buffer[i], decryptParamBuffer[i] );
5406 Cleanup();
5407 }
5408 }
5409
5410 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize1, &cpBuffer1 );
5411 CheckPassed( rval );
5412
5413 OpenOutFile( &outFp );
5414#ifdef DEBUG
5415 TpmClientPrintf( 0, "cpBuffer = ");
5416#endif
5417 DEBUG_PRINT_BUFFER( (UINT8 *)cpBuffer1, cpBufferUsedSize1 );
5418 CloseOutFile( &outFp );
5419
5420 // Test for no decrypt param.
5421 rval = Tss2_Sys_NV_Read_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, sizeof( nvWriteData ) - 2, 0 );
5422 CheckPassed( rval );
5423
5424 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5425 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
5426
5427 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5428 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
5429
5430 // Null decrypt param.
5431 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5432 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
5433 CheckPassed( rval );
5434
5435 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5436 CheckPassed( rval );
5437
5438 // Check that size == 0.
5439 if( decryptParamSize != 0 )
5440 {
5441 TpmClientPrintf( 0, "ERROR!! decryptParamSize s/b: 0, was: %u\n", (unsigned int)decryptParamSize );
5442 Cleanup();
5443 }
5444
5445 // Test for insufficient size.
5446 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2 );
5447 CheckPassed( rval );
5448 nvWriteData.t.size = MAX_NV_BUFFER_SIZE -
5449 CHANGE_ENDIAN_DWORD( ( (TPM20_Header_In *)( ( (_TSS2_SYS_CONTEXT_BLOB *)decryptParamTestSysContext )->tpmInBuffPtr ) )->commandSize ) +
5450 1;
5451 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, nvWriteData.t.size, &( nvWriteData.t.buffer[0] ) );
5452 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
5453
5454 // Test that one less will work. This tests that we're checking the correct corner case.
5455 nvWriteData.t.size -= 1;
5456 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, nvWriteData.t.size, &( nvWriteData.t.buffer[0] ) );
5457 CheckPassed( rval );
5458
5459
5460 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5461 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
5462 CheckPassed( rval );
5463
5464 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5465 CheckPassed( rval );
5466
5467 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5468 CheckPassed( rval );
5469
5470 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2 );
5471 CheckPassed( rval );
5472
5473 OpenOutFile( &outFp );
5474#ifdef DEBUG
5475 TpmClientPrintf( 0, "cpBuffer = ");
5476#endif
5477 DEBUG_PRINT_BUFFER( (UINT8 *)cpBuffer2, cpBufferUsedSize2 );
5478 CloseOutFile( &outFp );
5479
5480 if( cpBufferUsedSize1 != cpBufferUsedSize2 )
5481 {
5482 TpmClientPrintf( 0, "ERROR!! cpBufferUsedSize1(%x) != cpBufferUsedSize2(%x)\n", (UINT32)cpBufferUsedSize1, (UINT32)cpBufferUsedSize2 );
5483 Cleanup();
5484 }
5485 for( i = 0; i < (int)cpBufferUsedSize1; i++ )
5486 {
5487 if( cpBuffer1[i] != cpBuffer2[i] )
5488 {
5489 TpmClientPrintf( 0, "ERROR!! cpBufferUsedSize1[%d] s/b: %2.2x, was: %2.2x\n", i, cpBuffer1[i], cpBuffer2[i] );
5490 Cleanup();
5491 }
5492 }
5493
5494 // Test case of zero sized decrypt param, another case of bad size.
5495 nvWriteData1.t.size = 0;
5496 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5497 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
5498 CheckPassed( rval );
5499
5500 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 1, &( nvWriteData.t.buffer[0] ) );
5501 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5502
5503 TeardownSysContext( &decryptParamTestSysContext );
5504}
5505
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5506void SysInitializeTests()
5507{
5508 TSS2_RC rval = TSS2_RC_SUCCESS;
5509
5510 // NOTE: this should never be done in real applications.
5511 // It is only done here for test purposes.
5512 TSS2_TCTI_CONTEXT_INTEL tctiContextIntel;
5513
5514 TSS2_TCTI_CONTEXT *tctiContext = (TSS2_TCTI_CONTEXT *)&tctiContextIntel;
5515
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5516 TpmClientPrintf( 0, "\nSYS INITIALIZE TESTS:\n" );
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5517
5518 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)0, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)1 );
5519 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5520
5521 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)0, (TSS2_ABI_VERSION *)1 );
5522 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5523
5524 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)0 );
5525 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5526
5527 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)1 );
5528 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_CONTEXT );
5529
5530 // NOTE: don't do this in real applications.
5531 tctiContextIntel.transmit = (TCTI_TRANSMIT_PTR)0;
5532 tctiContextIntel.receive = (TCTI_RECEIVE_PTR)1;
5533
5534 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, sizeof( _TSS2_SYS_CONTEXT_BLOB ), (TSS2_TCTI_CONTEXT *)&tctiContextIntel, (TSS2_ABI_VERSION *)1 );
5535 CheckFailed( rval, TSS2_SYS_RC_BAD_TCTI_STRUCTURE );
5536
5537 // NOTE: don't do this in real applications.
5538 tctiContextIntel.transmit = (TCTI_TRANSMIT_PTR)1;
5539 tctiContextIntel.receive = (TCTI_RECEIVE_PTR)0;
5540
5541 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, sizeof( _TSS2_SYS_CONTEXT_BLOB ), (TSS2_TCTI_CONTEXT *)&tctiContextIntel, (TSS2_ABI_VERSION *)1 );
5542 CheckFailed( rval, TSS2_SYS_RC_BAD_TCTI_STRUCTURE );
5543}
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5544
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5545void SysFinalizeTests()
5546{
5547 TSS2_RC rval = TSS2_RC_SUCCESS;
5548
5549 TpmClientPrintf( 0, "\nSYS FINALIZE TESTS:\n" );
5550
5551 rval = Tss2_Sys_Finalize( 0 );
5552 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5553
5554 // Note: other cases tested by other tests.
5555}
5556
5557void GetContextSizeTests()
5558{
5559 TSS2_RC rval = TSS2_RC_SUCCESS;
5560 TSS2_SYS_CONTEXT *testSysContext;
5561
5562 TpmClientPrintf( 0, "\nSYS GETCONTEXTSIZE TESTS:\n" );
5563
5564 testSysContext = InitSysContext( 9, resMgrTctiContext, &abiVersion );
5565 if( testSysContext == 0 )
5566 {
5567 InitSysContextFailure();
5568 }
5569
5570 rval = Tss2_Sys_Startup( testSysContext, TPM_SU_CLEAR );
5571 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
5572
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame]5573 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5574 CheckPassed( rval );
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5575
5576 // Note: other cases tested by other tests.
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame]5577
5578 TeardownSysContext( &testSysContext );
5579}
5580
5581void GetTctiContextTests()
5582{
5583 TSS2_RC rval = TSS2_RC_SUCCESS;
5584 TSS2_SYS_CONTEXT *testSysContext;
5585 TSS2_TCTI_CONTEXT *tctiContext;
5586
5587 TpmClientPrintf( 0, "\nSYS GETTCTICONTEXT TESTS:\n" );
5588
5589 testSysContext = InitSysContext( 9, resMgrTctiContext, &abiVersion );
5590 if( testSysContext == 0 )
5591 {
5592 InitSysContextFailure();
5593 }
5594
5595 rval = Tss2_Sys_GetTctiContext( testSysContext, 0 );
5596 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5597
5598 rval = Tss2_Sys_GetTctiContext( 0, &tctiContext );
5599 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5600
5601 TeardownSysContext( &testSysContext );
5602}
5603
5604void PrepareTests()
5605{
5606 TSS2_RC rval = TSS2_RC_SUCCESS;
5607 TSS2_SYS_CONTEXT *testSysContext;
5608
5609 TpmClientPrintf( 0, "\nSYS PREPARE TESTS:\n" );
5610
5611 testSysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
5612 if( testSysContext == 0 )
5613 {
5614 InitSysContextFailure();
5615 }
5616
5617 // Test for bad reference.
5618 rval = Tss2_Sys_GetTestResult_Prepare( 0 );
5619 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5620
5621 // Test for bad sequence: after ExecuteAsync
5622 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5623 CheckPassed( rval );
5624
5625 rval = Tss2_Sys_ExecuteAsync( testSysContext );
5626 CheckPassed( rval );
5627
5628 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5629 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5630
5631 rval = Tss2_Sys_ExecuteFinish( testSysContext, -1 );
5632 CheckPassed( rval );
5633
5634 // Test for bad sequence: after Execute
5635 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5636 CheckPassed( rval );
5637
5638 rval = Tss2_Sys_Execute( testSysContext );
5639 CheckPassed( rval );
5640
5641 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5642 CheckPassed( rval );
5643
5644 TeardownSysContext( &testSysContext );
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5645}
5646
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5647void RmZeroSizedResponseTest()
5648{
5649 SESSION *encryptSession;
5650 TPM2B_NONCE nonceCaller;
5651 TPMT_SYM_DEF symmetric;
5652 TSS2_RC rval = TSS2_RC_SUCCESS;
5653
5654 //
5655 // Tests what happens in RM when receive comes back with 0 sized response.
5656 // This happens when a command is sent to the simulator but the simulator
5657 // isn't "powered on".
5658 // Added this test because this took me a while to understand, and I
5659 // never want to have to debug this again.
5660 //
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5661
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5662 TpmClientPrintf( 0, "\nRM ZERO SIZED RESPONSE TEST:\n" );
5663
5664 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
5665
5666 nonceCaller.t.size = 1;
5667 nonceCaller.t.buffer[0] = 0xa5;
5668
5669 // AES encryption/decryption and CFB mode.
5670 symmetric.algorithm = TPM_ALG_AES;
5671 symmetric.keyBits.aes = 128;
5672 symmetric.mode.aes = TPM_ALG_CFB;
5673
5674 // Start policy session for encrypt session.
5675 rval = StartAuthSessionWithParams( &encryptSession,
5676 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5677 &symmetric, TPM_ALG_SHA256 );
5678 CheckFailed( rval, TSS2_TCTI_RC_IO_ERROR );
5679}
5680
5681
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5682void CmdRspAuthsTests()
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5683{
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5684 SESSION *encryptSession, *decryptSession, *auditSession;
5685 TPM2B_NONCE nonceCaller, nonceTpm;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5686 TPMT_SYM_DEF symmetric;
5687 TSS2_RC rval = TSS2_RC_SUCCESS;
5688 int i;
5689 TPM2B_ENCRYPTED_SECRET encryptedSalt;
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5690 UINT32 savedMaxCommandSize, savedResponseSize;
5691
5692 TSS2_SYS_CONTEXT *otherSysContext;
5693 TPM_HANDLE testSessionHandle;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5694
5695 TPMS_AUTH_COMMAND encryptCmdAuth, decryptCmdAuth, auditCmdAuth;
5696 TPMS_AUTH_COMMAND *cmdAuthArray[3] = { &encryptCmdAuth, &decryptCmdAuth, &auditCmdAuth };
5697 TSS2_SYS_CMD_AUTHS cmdAuths = { 3, &cmdAuthArray[0] };
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5698
5699 TPMS_AUTH_RESPONSE encryptRspAuth, decryptRspAuth, auditRspAuth;
5700 TPMS_AUTH_RESPONSE *rspAuthArray[3] =
5701 { &encryptRspAuth, &decryptRspAuth, &auditRspAuth };
5702 TSS2_SYS_RSP_AUTHS rspAuths = { 3, &rspAuthArray[0] };
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5703
5704 TpmClientPrintf( 0, "\nSETCMDAUTHS TESTS:\n" );
5705
5706 nonceCaller.t.size = SHA256_DIGEST_SIZE;
5707
5708 for( i = 0; i < nonceCaller.t.size; i++ )
5709 {
5710 nonceCaller.t.buffer[i] = 0xa5;
5711 }
5712
5713 // AES encryption/decryption and CFB mode.
5714 symmetric.algorithm = TPM_ALG_AES;
5715 symmetric.keyBits.aes = 128;
5716 symmetric.mode.aes = TPM_ALG_CFB;
5717
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5718 // Start encrypt session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5719 rval = StartAuthSessionWithParams( &encryptSession,
5720 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5721 &symmetric, TPM_ALG_SHA256 );
5722 CheckPassed( rval ); // #1
5723
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5724 // Start decrypt session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5725 rval = StartAuthSessionWithParams( &decryptSession,
5726 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5727 &symmetric, TPM_ALG_SHA256 );
5728 CheckPassed( rval ); // #2
5729
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5730 // Start audit session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5731 rval = StartAuthSessionWithParams( &auditSession,
5732 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5733 &symmetric, TPM_ALG_SHA256 );
5734 CheckPassed( rval ); // #3
5735
5736 encryptCmdAuth.sessionHandle = encryptSession->sessionHandle;
5737 encryptCmdAuth.nonce.t.size = 0;
5738 *( (UINT8 *)((void *)&encryptCmdAuth.sessionAttributes ) ) = 0;
5739 encryptCmdAuth.sessionAttributes.encrypt = 1;
5740 encryptCmdAuth.hmac.t.size = 0;
5741
5742 decryptCmdAuth.sessionHandle = decryptSession->sessionHandle;
5743 decryptCmdAuth.nonce.t.size = 0;
5744 *( (UINT8 *)((void *)&decryptCmdAuth.sessionAttributes ) ) = 0;
5745 decryptCmdAuth.sessionAttributes.decrypt = 1;
5746 decryptCmdAuth.hmac.t.size = 0;
5747
5748 auditCmdAuth.sessionHandle = auditSession->sessionHandle;
5749 auditCmdAuth.nonce.t.size = 0;
5750 *( (UINT8 *)((void *)&auditCmdAuth.sessionAttributes ) ) = 0;
5751 auditCmdAuth.sessionAttributes.audit = 1;
5752 auditCmdAuth.hmac.t.size = 0;
5753
5754 // Test for bad sequence.
5755 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5756 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #4
5757
5758 encryptedSalt.t.size = 0;
5759 rval = Tss2_Sys_StartAuthSession_Prepare( sysContext,
5760 TPM_RH_NULL, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5761 &symmetric, TPM_ALG_SHA256 );
5762 CheckPassed( rval ); // #5
5763
5764 // Test for bad reference.
5765 rval = Tss2_Sys_SetCmdAuths( 0, &cmdAuths );
5766 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #6
5767
5768 rval = Tss2_Sys_SetCmdAuths( sysContext, 0 );
5769 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #7
5770
5771 // Test for count == 0; this should pass.
5772 cmdAuths.cmdAuthsCount= 0;
5773 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5774 CheckPassed( rval ); // #8
5775
5776 // Test for bad value.
5777 cmdAuths.cmdAuthsCount= 3;
5778 cmdAuthArray[0] = 0;
5779 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5780 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #9
5781
5782 cmdAuthArray[0] = &encryptCmdAuth;
5783 cmdAuthArray[1] = 0;
5784 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5785 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #10
5786
5787 cmdAuthArray[1] = &decryptCmdAuth;
5788 cmdAuthArray[2] = 0;
5789 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5790 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #11
5791 cmdAuthArray[2] = &auditCmdAuth;
5792
5793 // Test for insufficient context.
5794 cmdAuths.cmdAuthsCount= 0;
5795 savedMaxCommandSize = ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize;
5796 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE ) - 1;
5797 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5798 CheckPassed( rval ); // #12
5799
5800 cmdAuths.cmdAuthsCount= 0;
5801 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE );
5802 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5803 CheckPassed( rval );// #13
5804
5805 cmdAuths.cmdAuthsCount= 3;
5806 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE );
5807 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5808 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER ); // #14
5809
5810 // Do successful one; use this to get size of command.
5811 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = savedMaxCommandSize;
5812 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5813 CheckPassed( rval ); // #15
5814
5815 // Then set maxCommandSize to the the previously gotten commandSize - 1. This should fail.
5816 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = GetCommandSize( sysContext ) - 1;
5817 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5818 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER ); // #16
5819
5820 // Reset size of sysContext.
5821 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = savedMaxCommandSize;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5822
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5823 // Setup for response auths test.
5824 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = CHANGE_ENDIAN_DWORD( savedMaxCommandSize );
5825 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5826 CheckPassed( rval ); // #15
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5827
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5828 TpmClientPrintf( 0, "\nGETRSPAUTHS TESTS:\n" );
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5829
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5830 // Test for bad sequence.
5831 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5832 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #1
5833
5834 otherSysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
5835 if( otherSysContext == 0 )
5836 {
5837 InitSysContextFailure();
5838 }
5839
5840 //
5841 // Test for command that failed: invalid handle.
5842 //
5843 rval = Tss2_Sys_StartAuthSession_Prepare( otherSysContext,
5844 0xffffffff, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5845 &symmetric, TPM_ALG_SHA256 );
5846 CheckPassed( rval ); // #2
5847
5848 rval = Tss2_Sys_Execute( otherSysContext );
5849 CheckFailed( rval, TPM_RC_VALUE | TPM_RC_1 | TPM_RC_H ); // #3
5850
5851 rval = Tss2_Sys_GetRspAuths( otherSysContext, &rspAuths );
5852 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #4
5853
5854 //
5855 // Test for command that can never take sessions.
5856 //
5857 rval = Tss2_Sys_ReadClock_Prepare( otherSysContext );
5858 CheckPassed( rval ); // #5
5859
5860 rval = Tss2_Sys_Execute( otherSysContext );
5861 CheckPassed( rval ); // #6
5862
5863 rval = Tss2_Sys_GetRspAuths( otherSysContext, &rspAuths );
5864 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #7
5865
5866 // Setup for testing for bad references and other conditions.
5867 rval = Tss2_Sys_StartAuthSession_Prepare( sysContext,
5868 TPM_RH_NULL, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5869 &symmetric, TPM_ALG_SHA256 );
5870 CheckPassed( rval ); // #8
5871
5872 cmdAuths.cmdAuthsCount = 2;
5873 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5874 CheckPassed( rval ); // #9
5875
5876 rval = Tss2_Sys_Execute( sysContext );
5877 CheckPassed( rval ); // #10
5878
5879 // Test for bad reference.
5880 rval = Tss2_Sys_GetRspAuths( 0, &rspAuths );
5881 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #11
5882
5883 rval = Tss2_Sys_GetRspAuths( sysContext, 0 );
5884 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #12
5885
5886 // Test for bad count.
5887 rspAuths.rspAuthsCount = 0;
5888 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5889 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #13
5890
5891 // Test for non-matching count: specified count doesn't
5892 // match returned count.
5893 rspAuths.rspAuthsCount = 1;
5894 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5895 CheckFailed( rval, TSS2_SYS_RC_INVALID_SESSIONS ); // #14
5896
5897 // Test for non-matching count: cmd auth count doesn't
5898 // match returned auth count.
5899 rspAuths.rspAuthsCount = 3;
5900 savedResponseSize = CHANGE_ENDIAN_DWORD( ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize );
5901 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize - 5 );
5902 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5903 CheckFailed( rval, TSS2_SYS_RC_INVALID_SESSIONS ); // #15
5904
5905 // Test for malformed response.
5906 rspAuths.rspAuthsCount = 2;
5907 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize - 7 );
5908 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5909 CheckFailed( rval, TSS2_SYS_RC_MALFORMED_RESPONSE ); // #16
5910
5911 // Ths one should pass.
5912 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize );
5913 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5914 CheckPassed( rval ); // #17
5915
5916 // Check for bad sequence.
5917 rval = Tss2_Sys_StartAuthSession_Complete( sysContext,
5918 &testSessionHandle, &nonceTpm );
5919 CheckPassed( rval ); // #17
5920
5921 // Others?
5922
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5923}
5924
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5925void GetSetEncryptParamTests()
5926{
5927 TPM2B_MAX_NV_BUFFER nvWriteData = { { 4, { 0xde, 0xad, 0xbe, 0xef, } } };
5928 const uint8_t *encryptParamBuffer;
5929 const uint8_t encryptParamBuffer1[4] = { 01, 02, 03, 04 };
5930 size_t encryptParamSize;
5931 TSS2_RC rval;
5932 int i;
5933 TPM2B_DIGEST authPolicy;
5934 TPMA_NV nvAttributes;
5935 TPM2B_AUTH nvAuth;
5936
5937 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
5938 TPMS_AUTH_RESPONSE sessionDataOut;
5939 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
5940 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
5941 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
5942 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
5943
5944 TPM2B_MAX_NV_BUFFER nvReadData;
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5945 const uint8_t *cpBuffer;
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5946
5947 TpmClientPrintf( 0, "\nGET/SET ENCRYPT PARAM TESTS:\n" );
5948
5949 // Do Prepare.
5950 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
5951 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5952 CheckPassed( rval ); // #1
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5953
5954 // Test for bad sequence
5955 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5956 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #2
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5957
5958 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, &( nvWriteData.t.buffer[0] ) );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5959 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #3
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5960
5961 // Create NV index
5962
5963 // Set empty policy and auth value.
5964 authPolicy.t.size = 0;
5965 nvAuth.t.size = 0;
5966
5967 // Now set the attributes.
5968 *(UINT32 *)( (void *)&nvAttributes ) = 0;
5969 nvAttributes.TPMA_NV_AUTHREAD = 1;
5970 nvAttributes.TPMA_NV_AUTHWRITE = 1;
5971 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
5972
5973 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, &authPolicy,
5974 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA1, nvAttributes, 32 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5975 CheckPassed( rval ); // #4
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5976
5977 // Write the index.
5978 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
5979 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5980 CheckPassed( rval ); // #5
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5981
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5982 // NOTE: add GetCpBuffer tests here, just because its easier.
5983 rval = Tss2_Sys_GetCpBuffer( 0, (size_t *)4, (const uint8_t **)4 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5984 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #6
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5985
5986 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)0, (const uint8_t **)4 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5987 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #7
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5988
5989 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)4, (const uint8_t **)0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5990 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #8
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5991
5992
5993 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5994 CheckPassed( rval ); // #9
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5995
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5996 rval = Tss2_Sys_ExecuteAsync( sysContext );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]5997 CheckPassed( rval ); // #10
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]5998
5999 // NOTE: Stick two tests for BAD_SEQUENCE for GetDecryptParam and SetDecryptParam here, just
6000 // because it's easier to do this way.
6001 rval = Tss2_Sys_GetDecryptParam( sysContext, (size_t *)4, (const uint8_t **)4 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6002 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #11
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]6003
6004 rval = Tss2_Sys_SetDecryptParam( sysContext, 10, (uint8_t *)4 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6005 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #12
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]6006
6007 // NOTE: Stick test for BAD_SEQUENCE for GetCpBuffer here, just
6008 // because it's easier to do this way.
6009 rval = Tss2_Sys_GetCpBuffer( sysContext, (size_t *)4, &cpBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6010 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #13
wcarthurea1d3452015-11-11 09:39:35 -0500[diff] [blame]6011
6012 // Now finish the write command so that TPM isn't stuck trying
6013 // to send a response.
6014 rval = Tss2_Sys_ExecuteFinish( sysContext, -1 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6015 CheckPassed( rval ); // #14
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6016
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6017 // Test GetEncryptParam for no encrypt param case.
6018 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
6019 CheckFailed( rval, TSS2_SYS_RC_NO_ENCRYPT_PARAM ); // #15
6020
6021 // Test SetEncryptParam for no encrypt param case.
6022 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
6023 CheckFailed( rval, TSS2_SYS_RC_NO_ENCRYPT_PARAM ); // #16
6024
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6025 // Now read it and do tests on get/set encrypt functions
6026 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, 4, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6027 CheckPassed( rval ); // #17
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6028
6029 rval = Tss2_Sys_NV_Read( sysContext, TPM20_INDEX_PASSWORD_TEST,
6030 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 4, 0, &nvReadData, &sessionsDataOut );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6031 CheckPassed( rval ); // #18
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6032
6033 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6034 CheckPassed( rval ); // #19
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6035
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6036 // Test case of encryptParamSize being too small.
6037 encryptParamSize--;
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6038 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6039 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE ); // #20
6040 encryptParamSize += 2;
6041
6042 // Size too large...should pass, but doesn't.
6043 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
6044 CheckPassed( rval ); // #21
6045
6046 encryptParamSize--;
6047 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
6048 CheckPassed( rval ); // #22
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6049
6050 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6051 CheckPassed( rval ); // #23
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6052
6053 // Test that encryptParamBuffer is the same as encryptParamBuffer1
6054 for( i = 0; i < 4; i++ )
6055 {
6056 if( encryptParamBuffer[i] != encryptParamBuffer1[i] )
6057 {
6058 TpmClientPrintf( 0, "ERROR!! encryptParamBuffer[%d] s/b: %2.2x, was: %2.2x\n", i, encryptParamBuffer[i], encryptParamBuffer1[i] );
6059 Cleanup();
6060 }
6061 }
6062
6063 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6064 CheckPassed( rval ); // #24
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6065
6066
6067 // Test for bad reference
6068 rval = Tss2_Sys_GetEncryptParam( 0, &encryptParamSize, &encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6069 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #25
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6070
6071 rval = Tss2_Sys_GetEncryptParam( sysContext, 0, &encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6072 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #26
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6073
6074 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6075 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #27
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6076
6077 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, 0 );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6078 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #28
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6079
6080 rval = Tss2_Sys_SetEncryptParam( 0, 4, encryptParamBuffer );
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6081 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #29
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6082}
6083
6084void TestRM()
6085{
6086 TSS2_TCTI_CONTEXT *otherResMgrTctiContext = 0;
6087 TSS2_SYS_CONTEXT *otherSysContext;
6088 TPM2B_SENSITIVE_CREATE inSensitive;
6089 TPM2B_PUBLIC inPublic;
6090 TPM2B_DATA outsideInfo;
6091 TPML_PCR_SELECTION creationPCR;
6092 TPMS_AUTH_COMMAND sessionData;
6093 TPMS_AUTH_RESPONSE sessionDataOut;
6094 TSS2_SYS_CMD_AUTHS sessionsData;
6095
6096 TSS2_SYS_RSP_AUTHS sessionsDataOut;
6097 TPM2B_NAME name;
6098 TPM2B_PRIVATE outPrivate;
6099 TPM2B_PUBLIC outPublic;
6100 TPM2B_CREATION_DATA creationData;
6101 TPM2B_DIGEST creationHash;
6102 TPMT_TK_CREATION creationTicket;
6103
6104 TPMS_AUTH_COMMAND *sessionDataArray[1];
6105 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
6106 TSS2_RC rval = TSS2_RC_SUCCESS;
6107
6108 TPMS_CONTEXT context;
6109 TSS2_TCTI_CONTEXT *tctiContext;
6110
6111 TPMI_DH_CONTEXT loadedHandle, newHandle, newNewHandle, newHandleDummy;
6112 TPMS_CONTEXT newContext;
6113 char otherResMgrInterfaceName[] = "Test RM Resource Manager";
6114
6115 TpmClientPrintf( 0, "\nRM TESTS:\n" );
6116
6117 sessionDataArray[0] = &sessionData;
6118 sessionDataOutArray[0] = &sessionDataOut;
6119
6120 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
6121 sessionsData.cmdAuths = &sessionDataArray[0];
6122
6123 sessionsDataOut.rspAuthsCount = 1;
6124 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6125 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6126 inSensitive.t.sensitive.data.t.size = 0;
6127 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
6128
6129 inPublic.t.publicArea.type = TPM_ALG_RSA;
6130 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
6131
6132 // First clear attributes bit field.
6133 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
6134 inPublic.t.publicArea.objectAttributes.restricted = 1;
6135 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
6136 inPublic.t.publicArea.objectAttributes.decrypt = 1;
6137 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
6138 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
6139 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
6140
6141 inPublic.t.publicArea.authPolicy.t.size = 0;
6142
6143 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
6144 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
6145 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
6146 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
6147 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
6148 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
6149
6150 inPublic.t.publicArea.unique.rsa.t.size = 0;
6151
6152 outsideInfo.t.size = 0;
6153 creationPCR.count = 0;
6154
6155 sessionData.sessionHandle = TPM_RS_PW;
6156
6157 // Init nonce.
6158 sessionData.nonce.t.size = 0;
6159
6160 // init hmac
6161 sessionData.hmac.t.size = 0;
6162
6163 // Init session attributes
6164 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
6165
6166 sessionsData.cmdAuthsCount = 1;
6167 sessionsData.cmdAuths[0] = &sessionData;
6168
6169 rval = InitTctiResMgrContext( rmInterfaceConfig, &otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
6170 if( rval != TSS2_RC_SUCCESS )
6171 {
6172 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
6173 Cleanup();
6174 return;
6175 }
6176 else
6177 {
6178 (( TSS2_TCTI_CONTEXT_INTEL *)otherResMgrTctiContext )->status.debugMsgLevel = debugLevel;
6179 }
6180
6181 otherSysContext = InitSysContext( 0, otherResMgrTctiContext, &abiVersion );
6182 if( otherSysContext == 0 )
6183 {
6184 InitSysContextFailure();
6185 }
6186
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]6187 // TEST WITH AN INVALID COMMAND CODE.
6188
6189 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
6190 CheckPassed(rval);
6191
6192 //
6193 // Alter the CC by altering the CC field in sysContext.
6194 //
6195 // WARNING: This is something only a test application should do. Do
6196 // not use this as sample code.
6197 //
6198 ((TPM20_Header_In *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmInBuffPtr) )->commandCode = TPM_CC_FIRST - 1;
6199 rval = Tss2_Sys_Execute( sysContext );
6200 CheckFailed( rval, TPM_RC_COMMAND_CODE );
6201
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6202 // TEST OWNERSHIP
6203
6204 // Try to access a key created by the first TCTI context.
6205 sessionData.hmac.t.size = 2;
6206 sessionData.hmac.t.buffer[0] = 0x00;
6207 sessionData.hmac.t.buffer[1] = 0xff;
6208
6209 inPublic.t.publicArea.type = TPM_ALG_RSA;
6210 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
6211
6212 // First clear attributes bit field.
6213 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
6214 inPublic.t.publicArea.objectAttributes.restricted = 1;
6215 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
6216 inPublic.t.publicArea.objectAttributes.decrypt = 1;
6217 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
6218 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
6219 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
6220
6221 inPublic.t.publicArea.authPolicy.t.size = 0;
6222
6223 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
6224 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
6225 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
6226 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
6227 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
6228 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
6229
6230 inPublic.t.publicArea.unique.rsa.t.size = 0;
6231
6232 outsideInfo.t.size = 0;
6233
6234 // This one should fail, because a different context is trying to use the primary object.
6235 outPublic.t.size = 0;
6236 creationData.t.size = 0;
6237 rval = Tss2_Sys_Create( otherSysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
6238 &outsideInfo, &creationPCR,
6239 &outPrivate, &outPublic, &creationData,
6240 &creationHash, &creationTicket, &sessionsDataOut );
6241 CheckFailed( rval, TSS2_RESMGR_UNOWNED_HANDLE );
6242
6243 // This one should pass, because the same context is allowed to save the context.
6244 rval = Tss2_Sys_ContextSave( sysContext, handle2048rsa, &context );
6245 CheckPassed( rval );
6246
6247 // This one should pass, since we saved the context first.
6248 rval = Tss2_Sys_ContextLoad( otherSysContext, &context, &loadedHandle );
6249 CheckPassed( rval );
6250
6251 rval = Tss2_Sys_FlushContext( otherSysContext, loadedHandle );
6252 CheckPassed( rval );
6253
6254 // NOW, DO SOME LOCALITY TESTS
6255
6256 // Test with null tctiContext ptr.
6257 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( 0, 0 );
6258 CheckFailed( rval, TSS2_TCTI_RC_BAD_REFERENCE );
6259
6260 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( otherResMgrTctiContext, 0 );
6261 CheckPassed( rval );
6262
6263 // Now try changing localities between send and receive.
6264 rval = Tss2_Sys_ContextLoad( otherSysContext, &context, &loadedHandle );
6265 CheckPassed( rval );
6266
6267 rval = Tss2_Sys_FlushContext_Prepare( otherSysContext, loadedHandle );
6268 CheckPassed( rval );
6269
6270 rval = Tss2_Sys_ExecuteAsync( otherSysContext );
6271 CheckPassed( rval );
6272
6273 // This should fail because locality is changing between send and receive.
6274 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( otherResMgrTctiContext, 1 );
6275 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6276
6277 rval = Tss2_Sys_ExecuteFinish( otherSysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6278 CheckPassed( rval );
6279
6280 // NOW, DO SOME CANCEL TESTS
6281
6282 rval = Tss2_Sys_GetTctiContext( sysContext, &tctiContext );
6283 CheckPassed( rval );
6284
6285 // Try cancel with null tctiContext ptr.
6286 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( 0 );
6287 CheckFailed( rval, TSS2_TCTI_RC_BAD_REFERENCE );
6288
6289 // Try cancel when no commands are pending.
6290 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( otherResMgrTctiContext );
6291 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6292
6293 // Then try cancel with a pending command: send cancel before blocking _Finish call.
6294 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
6295 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6296 &outsideInfo, &creationPCR );
6297 CheckPassed( rval );
6298
6299 //
6300 // NOTE: there are race conditions in tests that use cancel and
6301 // are expecting to receive the CANCEL response code. The tests
6302 // typically pass, but may occasionally fail on the order of
6303 // 1 out of 500 or so test passes.
6304 //
6305 // The OS could delay the test app long enough for the TPM to
6306 // complete the CreatePrimary before the test app gets to run
6307 // again. To make these tests robust would require some way to
6308 // create a critical section in the test app.
6309 //
6310 sessionData.hmac.t.size = 0;
6311 sessionData.nonce.t.size = 0;
6312 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6313 CheckPassed( rval );
6314
6315 rval = Tss2_Sys_ExecuteAsync( sysContext );
6316 CheckPassed( rval );
6317
6318 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)tctiContext)->cancel)( tctiContext );
6319 CheckPassed( rval );
6320
6321 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6322 CheckFailed( rval, TPM_RC_CANCELED );
6323
6324 // Then try cancel with a pending command: send cancel after non-blocking _Finish call.
6325 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6326 &outsideInfo, &creationPCR );
6327 CheckPassed( rval );
6328
6329 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6330 CheckPassed( rval );
6331
6332 rval = Tss2_Sys_ExecuteAsync( sysContext );
6333 CheckPassed( rval );
6334
6335 rval = Tss2_Sys_ExecuteFinish( sysContext, 0 );
6336 CheckFailed( rval, TSS2_TCTI_RC_TRY_AGAIN );
6337
6338 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)tctiContext)->cancel)( tctiContext );
6339 CheckPassed( rval );
6340
6341 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6342 CheckFailed( rval, TPM_RC_CANCELED );
6343
6344 // Then try cancel from a different connection: it should just get a sequence error.
6345 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6346 &outsideInfo, &creationPCR );
6347 CheckPassed( rval );
6348
6349 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6350 CheckPassed( rval );
6351
6352 rval = Tss2_Sys_ExecuteAsync( sysContext );
6353 CheckPassed( rval );
6354
6355 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( otherResMgrTctiContext );
6356 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6357
6358 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6359 CheckPassed( rval );
6360
6361 outPublic.t.size = 0;
6362 creationData.t.size = 0;
6363 rval = Tss2_Sys_CreatePrimary_Complete( sysContext, &newHandle, &outPublic, &creationData,
6364 &creationHash, &creationTicket, &name );
6365 CheckPassed( rval );
6366
6367 //
6368 // Now try saving context for object and loading it using a different connection.
6369 //
6370
6371 // First save context.
6372 rval = Tss2_Sys_ContextSave( sysContext, newHandle, &newContext );
6373 CheckPassed( rval );
6374
6375 //
6376 // Now create an object with different hierarchy. This will make sure that
6377 // RM is getting correct hierarchy in it's table.
6378 // NOTE: this test can only be verified by looking at RM output.
6379 //
6380 outPublic.t.size = 0;
6381 creationData.t.size = 0;
6382 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_ENDORSEMENT, &sessionsData, &inSensitive, &inPublic,
6383 &outsideInfo, &creationPCR, &newHandleDummy, &outPublic, &creationData, &creationHash,
6384 &creationTicket, &name, &sessionsDataOut );
6385 CheckPassed( rval );
6386
6387 // Now try loading the context using a different connection.
6388 rval = Tss2_Sys_ContextLoad( otherSysContext, &newContext, &newNewHandle );
6389 CheckPassed( rval );
6390
6391 // Flush original connection's object.
6392 rval = Tss2_Sys_FlushContext( sysContext, newHandle );
6393 CheckPassed( rval );
6394
6395 // Now try flushing new object from wrong connection. Shouldn't be able to.
6396 rval = Tss2_Sys_FlushContext( sysContext, newNewHandle );
6397 CheckFailed( rval, TSS2_RESMGR_UNOWNED_HANDLE );
6398
6399 // Now flush new object from other connection. Should work.
6400 rval = Tss2_Sys_FlushContext( otherSysContext, newNewHandle );
6401 CheckPassed( rval );
6402
6403 // Now flush dummy object.
6404 rval = Tss2_Sys_FlushContext( sysContext, newHandleDummy );
6405 CheckPassed( rval );
6406
6407 rval = TeardownTctiResMgrContext( rmInterfaceConfig, otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
6408 CheckPassed( rval );
6409
6410 TeardownSysContext( &otherSysContext );
6411}
6412
6413void EcEphemeralTest()
6414{
6415 TSS2_RC rval = TSS2_RC_SUCCESS;
6416 TPM2B_ECC_POINT Q;
6417 UINT16 counter;
6418
6419 TpmClientPrintf( 0, "\nEC Ephemeral TESTS:\n" );
6420
6421 // Test SAPI for case of Q size field not being set to 0.
6422 Q.t.size = 0xff;
6423 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM_ECC_BN_P256, &Q, &counter, 0 );
6424 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
6425
6426 Q.t.size = 0;
6427 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM_ECC_BN_P256, &Q, &counter, 0 );
6428 CheckPassed( rval );
6429}
6430
6431
6432void AbiVersionTests()
6433{
6434 UINT32 contextSize = 1000;
6435 TSS2_RC rval;
6436 TSS2_SYS_CONTEXT *sysContext;
6437 TSS2_ABI_VERSION tstAbiVersion = { TSSWG_INTEROP, TSS_SAPI_FIRST_FAMILY, TSS_SAPI_FIRST_LEVEL, TSS_SAPI_FIRST_VERSION };
6438
6439 TpmClientPrintf( 0, "\nABI NEGOTIATION TESTS:\n" );
6440
6441 // Get the size needed for system context structure.
6442 contextSize = Tss2_Sys_GetContextSize( contextSize );
6443
6444 // Allocate the space for the system context structure.
6445 sysContext = (TSS2_SYS_CONTEXT *)malloc( contextSize );
6446
6447 if( sysContext != 0 )
6448 {
6449 // Initialized the system context structure.
6450 tstAbiVersion.tssCreator = 0xF0000000;
6451 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6452 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6453
6454 tstAbiVersion.tssCreator = TSSWG_INTEROP;
6455 tstAbiVersion.tssFamily = 0xF0000000;
6456 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6457 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6458
6459 tstAbiVersion.tssFamily = TSS_SAPI_FIRST_FAMILY;
6460 tstAbiVersion.tssLevel = 0xF0000000;
6461 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6462 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6463
6464 tstAbiVersion.tssLevel = TSS_SAPI_FIRST_LEVEL;
6465 tstAbiVersion.tssVersion = 0xF0000000;
6466 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6467 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6468 }
6469 free( sysContext );
6470}
6471
6472
6473#ifdef __cplusplus
6474extern "C" {
6475#endif
6476
6477extern int dummy_test();
6478
6479#ifdef __cplusplus
6480}
6481#endif
6482
6483extern TSS2_RC SocketSendTpmCommand(
6484 TSS2_TCTI_CONTEXT *tctiContext, /* in */
6485 size_t command_size, /* in */
6486 uint8_t *command_buffer /* in */
6487 );
6488
6489TSS2_RC SocketReceiveTpmResponse(
6490 TSS2_TCTI_CONTEXT *tctiContext, /* in */
6491 size_t *response_size, /* out */
6492 unsigned char *response_buffer, /* in */
6493 int32_t timeout
6494 );
6495
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6496void TestCreate1()
6497{
6498 UINT32 rval;
6499 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
6500 TPM2B_PUBLIC inPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
6501 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
6502 TPML_PCR_SELECTION creationPCR;
6503
6504 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
6505 TPMS_AUTH_RESPONSE sessionDataOut;
6506 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
6507 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
6508 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
6509 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
6510
6511 TPM2B_NAME name = { { sizeof( TPM2B_NAME ) - 2, } };
6512 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
6513 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
6514 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
6515 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
6516
6517 sessionDataArray[0] = &sessionData;
6518 sessionDataOutArray[0] = &sessionDataOut;
6519
6520 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
6521 sessionsData.cmdAuths = &sessionDataArray[0];
6522
6523 sessionsDataOut.rspAuthsCount = 1;
6524
Will-nuc9ab34612015-10-29 17:02:47 -0400[diff] [blame]6525 printf( "\nCREATE PRIMARY, encrypt and decrypt TESTS:\n" );
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6526
6527 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6528 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6529 inSensitive.t.sensitive.data.t.size = 0;
6530 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
6531
6532 inPublic.t.publicArea.type = TPM_ALG_RSA;
6533 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
6534
6535 // First clear attributes bit field.
6536 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
6537 inPublic.t.publicArea.objectAttributes.restricted = 1;
6538 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
6539 inPublic.t.publicArea.objectAttributes.decrypt = 1;
6540 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
6541 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
6542 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
6543
6544 inPublic.t.publicArea.authPolicy.t.size = 0;
6545
6546 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
6547 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
6548 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
6549 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
6550 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
6551 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
6552
6553 inPublic.t.publicArea.unique.rsa.t.size = 0;
6554
6555 outsideInfo.t.size = 0;
6556 creationPCR.count = 0;
6557
6558 sessionData.sessionHandle = TPM_RS_PW;
6559
6560 // Init nonce.
6561 sessionData.nonce.t.size = 0;
6562
6563 // init hmac
6564 sessionData.hmac.t.size = 0;
6565
6566 // Init session attributes
6567 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
6568
6569 sessionsData.cmdAuthsCount = 1;
6570 sessionsData.cmdAuths[0] = &sessionData;
6571
6572 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
6573
6574 // Do SAPI test for non-zero sized outPublic
6575 outPublic.t.size = 0xff;
6576 creationData.t.size = 0;
6577 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_OWNER, &sessionsData, &inSensitive, &inPublic,
6578 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6579 &creationTicket, &name, &sessionsDataOut );
6580 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
6581
6582#if 0
6583 // Do SAPI test for non-zero sized creationData
6584 outPublic.t.size = 0;
6585 creationData.t.size = 0x10;
6586 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
6587 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6588 &creationTicket, &name, &sessionsDataOut );
6589 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
6590#endif
6591
6592 outPublic.t.size = 0;
6593 creationData.t.size = sizeof( TPM2B_CREATION_DATA ) - 2;
6594 outPublic.t.publicArea.authPolicy.t.size = sizeof( TPM2B_DIGEST ) - 2;
6595 outPublic.t.publicArea.unique.keyedHash.t.size = sizeof( TPM2B_DIGEST ) - 2;
6596 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_OWNER, &sessionsData, &inSensitive, &inPublic,
6597 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6598 &creationTicket, &name, &sessionsDataOut );
6599 CheckPassed( rval );
6600
6601 printf( "\nNew key successfully created in owner hierarchy (RSA 2048). Handle: 0x%8.8x\n",
6602 handle2048rsa );
6603 printf( "Name of created primary key: " );
6604 PrintSizedBuffer( (TPM2B *)&name );
6605
6606 char buffer1contents[] = "test";
6607 //char buffer2contents[] = "string";
6608
6609 TPMI_DH_OBJECT keyHandle = handle2048rsa;
6610 TPMT_RSA_DECRYPT inScheme;
6611 TPM2B_PUBLIC_KEY_RSA message;
6612 TPM2B_PUBLIC_KEY_RSA outData;
6613
6614 message.t.size = strlen(buffer1contents);
6615 memcpy(message.t.buffer, buffer1contents, message.t.size);
6616
6617 inScheme.scheme = TPM_ALG_NULL;
6618
6619 //printf("keyHandle: %x\n", keyHandle);
6620 rval = Tss2_Sys_RSA_Encrypt(sysContext, keyHandle, &sessionsData, &message, &inScheme, &outsideInfo, &outData, &sessionsDataOut);
6621 if( tpmSpecVersion >= 124 )
6622 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_HANDLE );
6623 else
6624 CheckFailed( rval, TPM_RC_1 + TPM_RC_HANDLE );
6625
6626 rval = Tss2_Sys_RSA_Encrypt(sysContext, keyHandle, 0, &message, &inScheme, &outsideInfo, &outData, &sessionsDataOut);
6627 CheckPassed( rval );
6628
6629 for (int i=0; i<message.t.size; i++)
6630 printf("\nlabel size:%d, label buffer:%x, outData size:%d, outData buffer:%x, msg size:%d, msg buffer:%x", outsideInfo.t.size, outsideInfo.t.buffer[i], outData.t.size, outData.t.buffer[i], message.t.size, message.t.buffer[i]);
6631 CheckPassed(rval);
6632}
6633
6634
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6635void TpmTest()
6636{
6637 TSS2_RC rval = TSS2_RC_SUCCESS;
6638 UINT32 i;
6639
6640 nullSessionsDataOut.rspAuthsCount = 1;
6641 nullSessionsDataOut.rspAuths[0]->nonce = nullSessionNonceOut;
6642 nullSessionsDataOut.rspAuths[0]->hmac = nullSessionHmac;
6643 nullSessionNonceOut.t.size = 0;
6644 nullSessionNonce.t.size = 0;
6645
6646 loadedSha1KeyAuth.t.size = 2;
6647 loadedSha1KeyAuth.t.buffer[0] = 0x00;
6648 loadedSha1KeyAuth.t.buffer[1] = 0xff;
6649
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6650 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
6651 CheckPassed( rval );
6652
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6653 InitEntities();
6654
6655 InitNullSession( &nullSessionData);
6656
6657 AbiVersionTests();
6658
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]6659 SysInitializeTests();
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6660
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]6661 SysFinalizeTests();
6662
6663 GetContextSizeTests();
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame]6664
6665 GetTctiContextTests();
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]6666
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6667 GetSetDecryptParamTests();
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6668
6669#ifdef _WIN32
6670 // This test can only be run agains the simulator
6671 RmZeroSizedResponseTest();
6672#endif
6673
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6674 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
6675 CheckPassed( rval );
6676
6677 rval = PlatformCommand( resMgrTctiContext, MS_SIM_NV_ON );
6678 CheckPassed( rval );
6679
6680 TestTpmStartup();
6681
6682 GetTpmVersion();
6683
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]6684 CmdRspAuthsTests();
6685
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame]6686 PrepareTests();
6687
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6688 // Clear DA lockout.
6689 TestDictionaryAttackLockReset();
6690
6691 TestTpmSelftest();
6692
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6693 TestDictionaryAttackLockReset();
6694
6695 TestCreate();
6696
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6697 TestCreate1();
6698
wcarthur2efe2912015-11-16 11:19:42 -0500[diff] [blame^]6699 TestSapiApis();
6700
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6701 if( startAuthSessionTestOnly == 1 )
6702 {
6703 TestStartAuthSession();
6704 goto endTests;
6705 }
6706
6707 TestHierarchyControl();
6708
6709 NvIndexProto();
6710
6711 GetSetEncryptParamTests();
6712
6713 TestEncryptDecryptSession();
6714
6715 SimpleHmacOrPolicyTest( true );
6716
6717 SimpleHmacOrPolicyTest( false );
6718
6719 for( i = 1; i <= (UINT32)passCount; i++ )
6720 {
6721 TpmClientPrintf( 0, "\n****** PASS #: %d ******\n\n", i );
6722
6723 TestTpmGetCapability();
6724
6725 TestPcrExtend();
6726
6727 TestHash();
6728
6729 TestPolicy();
6730
6731 TestTpmClear();
6732
6733 TestChangeEps();
6734
6735 TestChangePps();
6736
6737 TestHierarchyChangeAuth();
6738
6739 TestGetRandom();
6740
6741 if( i < 2 )
6742 TestShutdown();
6743
6744 TestNV();
6745
6746 TestCreate();
6747
6748 TestEvict();
6749
6750 NvIndexProto();
6751
6752 PasswordTest();
6753
6754 HmacSessionTest();
6755
6756 TestQuote();
6757
6758 TestDictionaryAttackLockReset();
6759
6760 TestPcrAllocate();
6761
6762 TestUnseal();
6763
6764 TestRM();
6765
6766 EcEphemeralTest();
6767#if 0
6768 TestRsaEncryptDecrypt();
6769#endif
6770 }
6771
6772 // Clear out RM entries for objects.
6773 rval = Tss2_Sys_FlushContext( sysContext, handle2048rsa );
6774 CheckPassed( rval );
6775 rval = Tss2_Sys_FlushContext( sysContext, loadedSha1KeyHandle );
6776 CheckPassed( rval );
6777
6778endTests:
6779 PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
6780}
6781
6782
6783char version[] = "0.90";
6784
6785void PrintHelp()
6786{
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6787 printf( "TPM client test app, Version %s\nUsage: tpmclient [-rmhost hostname|ip_addr] [-rmport port] [-passes passNum] [-demoDelay delay] [-dbg dbgLevel] [-startAuthSessionTest]\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6788 "\n"
6789 "where:\n"
6790 "\n"
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6791 "-rmhost specifies the host IP address for the system running the resource manager (default: %s)\n"
6792 "-rmport specifies the port number for the system running the resource manager (default: %d)\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6793 "-passes specifies the number of test passes (default: 1)\n"
6794 "-demoDelay specifies a delay in units of loops, not time (default: 0)\n"
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6795 "-dbg specifies level of debug messages:\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6796 " 0 (high level test results)\n"
6797 " 1 (test app send/receive byte streams)\n"
6798 " 2 (resource manager send/receive byte streams)\n"
6799 " 3 (resource manager tables)\n"
6800 "-startAuthSessionTest enables some special tests of the resource manager for starting sessions\n"
6801#ifdef SHARED_OUT_FILE
6802 "-out selects the output file (default is stdout)\n"
6803#endif
6804 , version, DEFAULT_HOSTNAME, DEFAULT_RESMGR_TPM_PORT );
6805}
6806
6807int main(int argc, char* argv[])
6808{
6809 char hostName[HOSTNAME_LENGTH] = DEFAULT_HOSTNAME;
6810 int port = DEFAULT_RESMGR_TPM_PORT;
6811 int count;
6812 TSS2_RC rval;
6813
6814 setvbuf (stdout, NULL, _IONBF, BUFSIZ);
6815#ifdef SHARED_OUT_FILE
6816 if( argc > 12 )
6817#else
6818 if( argc > 10 )
6819#endif
6820 {
6821 PrintHelp();
6822 return 1;
6823 }
6824 else
6825 {
6826 for( count = 1; count < argc; count++ )
6827 {
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6828 if( 0 == strcmp( argv[count], "-rmhost" ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6829 {
6830 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6831 if( count >= argc || ( strlen( argv[count] ) + 1 <= HOSTNAME_LENGTH ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6832 {
6833 if( 1 != sscanf( argv[count], "%199s", &hostName[0] ) )
6834 {
6835 PrintHelp();
6836 return 1;
6837 }
6838 }
6839 else
6840 {
6841 PrintHelp();
6842 return 1;
6843 }
6844 }
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6845 else if( 0 == strcmp( argv[count], "-rmport" ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6846 {
6847 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6848 if( count >= argc || 1 != sscanf_s( argv[count], "%d", &port ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6849 {
6850 PrintHelp();
6851 return 1;
6852 }
6853 }
6854 else if( 0 == strcmp( argv[count], "-passes" ) )
6855 {
6856 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6857 if( count >= argc || 1 != sscanf_s( argv[count], "%x", &passCount ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6858 {
6859 PrintHelp();
6860 return 1;
6861 }
6862 }
6863 else if( 0 == strcmp( argv[count], "-demoDelay" ) )
6864 {
6865 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6866 if( count >= argc || 1 != sscanf_s( argv[count], "%x", &demoDelay ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6867 {
6868 PrintHelp();
6869 return 1;
6870 }
6871 }
6872 else if( 0 == strcmp( argv[count], "-dbg" ) )
6873 {
6874 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6875 if( count >= argc || 1 != sscanf_s( argv[count], "%d", &debugLevel ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6876 {
6877 PrintHelp();
6878 return 1;
6879 }
6880 }
6881 else if( 0 == strcmp( argv[count], "-startAuthSessionTest" ) )
6882 {
6883 startAuthSessionTestOnly = 1;
6884 }
6885#ifdef SHARED_OUT_FILE
6886 else if( 0 == strcmp( argv[count], "-out" ) )
6887 {
6888 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6889 if( count >= argc || 1 != sscanf_s( argv[count], "%199s", &outFileName, sizeof( outFileName ) ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6890 {
6891 PrintHelp();
6892 return 1;
6893 }
6894 else
6895 {
6896 OpenOutFile( &outFp );
6897
6898 if( outFp == 0 )
6899 {
6900 printf( "Unable to open file, %s\n", &outFileName[0] );
6901 PrintHelp();
6902 return 1;
6903 }
6904 CloseOutFile( &outFp );
6905 }
6906 }
6907#endif
6908 else
6909 {
6910 PrintHelp();
6911 return 1;
6912 }
6913 }
6914 }
6915
6916 if( 0 == strcmp( outFileName, "" ) )
6917 {
6918 outFp = stdout;
6919 }
6920 else
6921 {
6922 outFp = 0;
6923 }
6924
6925 sprintf_s( rmInterfaceConfig, rmInterfaceConfigSize, "%s %d ", hostName, port );
6926
6927 rval = InitTctiResMgrContext( rmInterfaceConfig, &resMgrTctiContext, &resMgrInterfaceName[0] );
6928 if( rval != TSS2_RC_SUCCESS )
6929 {
6930 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6931#ifdef _WIN32
6932 WSACleanup();
6933#endif
6934 if( resMgrTctiContext != 0 )
6935 free( resMgrTctiContext );
6936
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6937 return( 1 );
6938 }
6939 else
6940 {
6941 (( TSS2_TCTI_CONTEXT_INTEL *)resMgrTctiContext )->status.debugMsgLevel = debugLevel;
6942 }
6943
6944 sysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
6945 if( sysContext == 0 )
6946 {
6947 InitSysContextFailure();
6948 }
6949 else
6950 {
6951 TpmTest();
6952
6953 rval = TeardownTctiResMgrContext( rmInterfaceConfig, resMgrTctiContext, &resMgrInterfaceName[0] );
6954 CheckPassed( rval );
6955
6956 TeardownSysContext( &sysContext );
6957 }
6958
6959 return 0;
6960}
6961
6962