Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tpm2-tss / d71ab7d558b81a25f9410a8e9069771d5450f5af / . / test / tpmclient / tpmclient.cpp
blob: 60aa61ea4d108a785a3a66d24ee7ceddcc2f648e [file] [log] [blame]
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]1//**********************************************************************;
2// Copyright (c) 2015, Intel Corporation
3// All rights reserved.
4//
5// Redistribution and use in source and binary forms, with or without
6// modification, are permitted provided that the following conditions are met:
7//
8// 1. Redistributions of source code must retain the above copyright notice,
9// this list of conditions and the following disclaimer.
10//
11// 2. Redistributions in binary form must reproduce the above copyright notice,
12// this list of conditions and the following disclaimer in the documentation
13// and/or other materials provided with the distribution.
14//
15// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
25// THE POSSIBILITY OF SUCH DAMAGE.
26//**********************************************************************;
27
28//
29// tpmclient.cpp : Defines the entry point for the console test application.
30//
31
32#ifdef _WIN32
33#include "stdafx.h"
34#else
35#include <stdarg.h>
36#endif
37
38#ifndef UNICODE
39#define UNICODE 1
40#endif
41
42#ifdef _WIN32
43// link with Ws2_32.lib
44#pragma comment(lib,"Ws2_32.lib")
45
46#include <winsock2.h>
47#include <ws2tcpip.h>
48#else
49#define sprintf_s snprintf
50#define sscanf_s sscanf
51#endif
52
53#include <stdio.h>
54#include <stdlib.h> // Needed for _wtoi
55#include <string.h>
56
57#include "tpm20.h"
58#include "sample.h"
59#include "resourcemgr.h"
60#include "tpmclient.h"
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]61
62// This is done to allow the tests to access fields
63// in the sysContext structure that are needed for
64// special test cases.
65//
66// ATTENTION: Normal applications should NEVER do this!!
67//
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]68#include "tss2_sysapi_util.h"
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]69
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]70#include "tpmsockets.h"
71#include "syscontext.h"
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]72#include "debug.h"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]73
74//
75// TPM indices and sizes
76//
77#define NV_AUX_INDEX_SIZE 96
78#define NV_PS_INDEX_SIZE 34
79#define NV_PO_INDEX_SIZE 34
80
81#define INDEX_AUX 0x01800003 // NV Storage
82#define INDEX_LCP_OWN 0x01400001 // Launch Policy Owner
83#define INDEX_LCP_SUP 0x01800001 // Launch Policy Default (Supplier)
84#define TPM20_INDEX_TEST1 0x01500015
85#define TPM20_INDEX_TEST2 0x01500016
86#define TPM20_INDEX_PASSWORD_TEST 0x01500020
87
88
89#define SET_PCR_SELECT_BIT( pcrSelection, pcr ) \
90 (pcrSelection).pcrSelect[( (pcr)/8 )] |= ( 1 << ( (pcr) % 8) );
91
92#define CLEAR_PCR_SELECT_BITS( pcrSelection ) \
93 (pcrSelection).pcrSelect[0] = 0; \
94 (pcrSelection).pcrSelect[1] = 0; \
95 (pcrSelection).pcrSelect[2] = 0;
96
97#define SET_PCR_SELECT_SIZE( pcrSelection, size ) \
98 (pcrSelection).sizeofSelect = size;
99
100char outFileName[200] = "";
101
102TPM_CC currentCommandCode;
103TPM_CC *currentCommandCodePtr = &currentCommandCode;
104
105#define errorStringSize 200
106char errorString[errorStringSize];
107
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]108UINT8 simulator = 1;
109
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]110UINT32 tpmMaxResponseLen = TPMBUF_LEN;
111
112UINT8 pcrAfterExtend[20];
113TPM_HANDLE loadedRsaKeyHandle;
114TPM_HANDLE loadedSha1KeyHandle;
115
116TPM2B_AUTH loadedSha1KeyAuth;
117
118TPM_HANDLE handle1024, handle2048sha1, handle2048rsa;
119
120UINT32 passCount = 1;
121UINT32 demoDelay = 0;
122int debugLevel = 0;
123int startAuthSessionTestOnly = 0;
124UINT8 indent = 0;
125
126TSS2_SYS_CONTEXT *sysContext;
127
128#define rmInterfaceConfigSize 250
129char rmInterfaceConfig[rmInterfaceConfigSize];
130
Will Arthurca8e7f32015-08-03 15:35:19 -0400[diff] [blame]131TSS2_TCTI_DRIVER_INFO resMgrInterfaceInfo = { "resMgr", "", InitSocketsTcti, TeardownSocketsTcti };
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]132
133TSS2_TCTI_CONTEXT *resMgrTctiContext = 0;
134TSS2_ABI_VERSION abiVersion = { TSSWG_INTEROP, TSS_SAPI_FIRST_FAMILY, TSS_SAPI_FIRST_LEVEL, TSS_SAPI_FIRST_VERSION };
135
136UINT32 tpmSpecVersion = 0;
137
138//
139// These are helper functions that are called through function pointers so that
140// they could be swapped easily to point to different functions.
141//
142// Currently they are set to functions that use the TPM to perform the function, but SW-only
143// implementations could be substituted as well.
144//
145UINT32 ( *ComputeSessionHmacPtr )(
146 TSS2_SYS_CONTEXT *sysContext,
147 TPMS_AUTH_COMMAND *cmdAuth, // Pointer to session input struct
148 TPM_HANDLE entityHandle, // Used to determine if we're accessing a different
149 // resource than the bound resoure.
150 TPM_RC responseCode, // Response code for the command, 0xffff for "none" is
151 // used to indicate that no response code is present
152 // (used for calculating command HMACs vs response HMACs).
153 TPM_HANDLE handle1, // First handle == 0xff000000 indicates no handle
154 TPM_HANDLE handle2, // Second handle == 0xff000000 indicates no handle
155 TPMA_SESSION sessionAttributes, // Current session attributes
156 TPM2B_DIGEST *result, // Where the result hash is saved.
157 TPM_RC sessionCmdRval
158 ) = TpmComputeSessionHmac;
159
160TPM_RC ( *GetSessionAlgIdPtr )( TPMI_SH_AUTH_SESSION authHandle, TPMI_ALG_HASH *sessionAlgId ) = GetSessionAlgId;
161
162TPM_RC ( *CalcPHash )( TSS2_SYS_CONTEXT *sysContext,TPM_HANDLE handle1, TPM_HANDLE handle2, TPMI_ALG_HASH authHash,
163 TPM_RC responseCode, TPM2B_DIGEST *pHash ) = TpmCalcPHash;
164
165UINT32 (*HmacFunctionPtr)( TPM_ALG_ID hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result ) = TpmHmac;
166
167UINT32 (*HashFunctionPtr)( TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result ) = TpmHash;
168
169UINT32 (*HandleToNameFunctionPtr)( TPM_HANDLE handle, TPM2B_NAME *name ) = TpmHandleToName;
170
171TPMI_SH_AUTH_SESSION StartPolicySession();
172
173TPMI_SH_AUTH_SESSION InitNvAuxPolicySession();
174
175FILE *outFp;
176
177//
178// Used by some high level sample routines to copy the results.
179//
180void copyData( UINT8 *to, UINT8 *from, UINT32 length )
181{
182 if( to != 0 && from != 0 )
183 memcpy( to, from, length );
184}
185
186int TpmClientPrintf( UINT8 type, const char *format, ...)
187{
188 va_list args;
189 int rval = 0;
190
191 OpenOutFile( &outFp );
192
193 if( outFp )
194 {
195 if( type == RM_PREFIX )
196 {
197 PrintRMDebugPrefix();
198 }
199
200 va_start( args, format );
201 rval = vfprintf( outFp, format, args );
202 va_end (args);
203
204 CloseOutFile( &outFp );
205 }
206 else
207 {
208 printf( "TpmClientPrintf failed\n" );
209 }
210
211 return rval;
212}
213
214TPM_RC CompareTPM2B( TPM2B *buffer1, TPM2B *buffer2 )
215{
216 if( buffer1->size != buffer2->size )
217 return TPM_RC_FAILURE;
218 for( int i = 0; i < buffer1->size; i++ )
219 {
220 if( buffer1->buffer[0] != buffer2->buffer[0] )
221 return TPM_RC_FAILURE;
222 }
223 return TPM_RC_SUCCESS;
224}
225
226void PrintSizedBufferOpen( TPM2B *sizedBuffer )
227{
228 int i;
229
230
231 OpenOutFile( &outFp );
232
233 if( outFp )
234 {
235 for( i = 0; i < sizedBuffer->size; i++ )
236 {
237 TpmClientPrintf( 0, "%2.2x ", sizedBuffer->buffer[i] );
238
239 if( ( (i+1) % 16 ) == 0 )
240 {
241 TpmClientPrintf( 0, "\n" );
242 }
243 }
244 TpmClientPrintf( 0, "\n" );
245
246 CloseOutFile( &outFp );
247 }
248 else
249 {
250 printf( "PrintSizedBufferOpen failed\n" );
251 }
252
253}
254
255void PrintSizedBuffer( TPM2B *sizedBuffer )
256{
257 int i;
258
259 for( i = 0; i < sizedBuffer->size; i++ )
260 {
261 TpmClientPrintf( 0, "%2.2x ", sizedBuffer->buffer[i] );
262
263 if( ( (i+1) % 16 ) == 0 )
264 {
265 TpmClientPrintf( 0, "\n" );
266 }
267 }
268 TpmClientPrintf( 0, "\n" );
269}
270
271#define LEVEL_STRING_SIZE 50
272
273void ErrorHandler( UINT32 rval )
274{
275 UINT32 errorLevel = rval & TSS2_ERROR_LEVEL_MASK;
276 char levelString[LEVEL_STRING_SIZE + 1];
277
278 switch( errorLevel )
279 {
280 case TSS2_TPM_ERROR_LEVEL:
281 strncpy( levelString, "TPM", LEVEL_STRING_SIZE );
282 break;
283 case TSS2_APP_ERROR_LEVEL:
284 strncpy( levelString, "Application", LEVEL_STRING_SIZE );
285 break;
286 case TSS2_SYS_ERROR_LEVEL:
287 strncpy( levelString, "System API", LEVEL_STRING_SIZE );
288 break;
289 case TSS2_SYS_PART2_ERROR_LEVEL:
290 strncpy( levelString, "System API TPM encoded", LEVEL_STRING_SIZE );
291 break;
292 case TSS2_TCTI_ERROR_LEVEL:
293 strncpy( levelString, "TCTI", LEVEL_STRING_SIZE );
294 break;
295 case TSS2_RESMGRTPM_ERROR_LEVEL:
296 strncpy( levelString, "Resource Mgr TPM encoded", LEVEL_STRING_SIZE );
297 break;
298 case TSS2_RESMGR_ERROR_LEVEL:
299 strncpy( levelString, "Resource Mgr", LEVEL_STRING_SIZE );
300 break;
301 case TSS2_DRIVER_ERROR_LEVEL:
302 strncpy( levelString, "Driver", LEVEL_STRING_SIZE );
303 break;
304 default:
305 strncpy( levelString, "Unknown Level", LEVEL_STRING_SIZE );
306 break;
307 }
308
309 sprintf_s( errorString, errorStringSize, "%s Error: 0x%x\n", levelString, rval );
310}
311
312char resMgrInterfaceName[] = "Resource Manager";
313
314TSS2_RC InitTctiResMgrContext( char *rmInterfaceConfig, TSS2_TCTI_CONTEXT **tctiContext, char *name )
315{
316 size_t size;
317
318 TSS2_RC rval;
319
320 rval = resMgrInterfaceInfo.initialize(NULL, &size, rmInterfaceConfig, 0, 0, &resMgrInterfaceName[0], 0 );
321 if( rval != TSS2_RC_SUCCESS )
322 return rval;
323
324 *tctiContext = (TSS2_TCTI_CONTEXT *)malloc(size);
325
326 if( *tctiContext )
327 {
328 rval = resMgrInterfaceInfo.initialize(*tctiContext, &size, rmInterfaceConfig, 0, 0, resMgrInterfaceName, 0 );
329 }
330 else
331 {
332 rval = TSS2_TCTI_RC_BAD_CONTEXT;
333 }
334 return rval;
335}
336
337TSS2_RC TeardownTctiResMgrContext( char *interfaceConfig, TSS2_TCTI_CONTEXT *tctiContext, char *name )
338{
339 return resMgrInterfaceInfo.teardown( tctiContext, interfaceConfig, name );
340}
341
342void Cleanup()
343{
344 fflush( stdout );
345
346 PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
347
348 TeardownTctiResMgrContext( rmInterfaceConfig, resMgrTctiContext, &resMgrInterfaceName[0] );
349
350#ifdef _WIN32
351 WSACleanup();
352#endif
353 exit(1);
354}
355
356void InitSysContextFailure()
357{
358 TpmClientPrintf( 0, "InitSysContext failed, exiting...\n" );
359 Cleanup();
360}
361
362void Delay( UINT16 delay)
363{
364 volatile UINT32 i, j;
365
366 for( j = 0; j < delay; j++ )
367 {
368 for( i = 0; i < 10000000; i++ )
369 ;
370 }
371}
372
373void CheckPassed( UINT32 rval )
374{
375 OpenOutFile( &outFp );
376 TpmClientPrintf( 0, "\tpassing case: " );
377 if ( rval != TPM_RC_SUCCESS) {
378 ErrorHandler( rval);
379 TpmClientPrintf( 0, "\tFAILED! %s\n", errorString );
380 Cleanup();
381 }
382 else
383 {
384 TpmClientPrintf( 0, "\tPASSED!\n" );
385 }
386
387 CloseOutFile( &outFp );
388 Delay(demoDelay);
389}
390
391TPMS_AUTH_COMMAND nullSessionData;
392TPMS_AUTH_RESPONSE nullSessionDataOut;
393TPMS_AUTH_COMMAND *nullSessionDataArray[1] = { &nullSessionData };
394TPMS_AUTH_RESPONSE *nullSessionDataOutArray[1] = { &nullSessionDataOut };
395TSS2_SYS_CMD_AUTHS nullSessionsData = { 1, &nullSessionDataArray[0] };
396TSS2_SYS_RSP_AUTHS nullSessionsDataOut = { 1, &nullSessionDataOutArray[0] };
397TPM2B_NONCE nullSessionNonce, nullSessionNonceOut;
398TPM2B_AUTH nullSessionHmac;
399
400void CheckFailed( UINT32 rval, UINT32 expectedTpmErrorCode )
401{
402 OpenOutFile( &outFp );
403 TpmClientPrintf( 0, "\tfailing case: " );
404 if ( rval != expectedTpmErrorCode) {
405 ErrorHandler( rval);
406 TpmClientPrintf( 0, "\tFAILED! Ret code s/b: %x, but was: %x\n", expectedTpmErrorCode, rval );
407 Cleanup();
408 }
409 else
410 {
411 TpmClientPrintf( 0, "\tPASSED!\n" );
412 }
413 fflush( stdout );
414 CloseOutFile( &outFp );
415 Delay(demoDelay);
416}
417
418TSS2_RC TpmReset()
419{
420 TSS2_RC rval = TSS2_RC_SUCCESS;
421
422 rval = (TSS2_RC)PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
423 if( rval == TSS2_RC_SUCCESS )
424 {
425 rval = (TSS2_RC)PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
426 }
427 return rval;
428}
429
430void GetTpmVersion()
431{
432 TSS2_RC rval = TSS2_RC_SUCCESS;
433 TPMS_CAPABILITY_DATA capabilityData;
434
435 rval = Tss2_Sys_GetCapability( sysContext, 0,
436 TPM_CAP_TPM_PROPERTIES, TPM_PT_REVISION,
437 1, 0, &capabilityData, 0 );
438 CheckPassed( rval );
439
440 if( capabilityData.data.tpmProperties.count == 1 &&
441 (capabilityData.data.tpmProperties.tpmProperty[0].property == TPM_PT_REVISION) )
442 {
443 tpmSpecVersion = capabilityData.data.tpmProperties.tpmProperty[0].value;
444 }
445 else
446 {
447 TpmClientPrintf( 0, "Failed to get TPM spec version!!\n" );
448 Cleanup();
449 }
450}
451
452
453void TestDictionaryAttackLockReset()
454{
455 UINT32 rval;
456 TPMS_AUTH_COMMAND sessionData;
457 TPMS_AUTH_RESPONSE sessionDataOut;
458 TSS2_SYS_CMD_AUTHS sessionsData;
459 TSS2_SYS_RSP_AUTHS sessionsDataOut;
460
461 TPMS_AUTH_COMMAND *sessionDataArray[1];
462 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
463
464 sessionDataArray[0] = &sessionData;
465 sessionDataOutArray[0] = &sessionDataOut;
466
467 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
468 sessionsData.cmdAuths = &sessionDataArray[0];
469
470 sessionsDataOut.rspAuthsCount = 1;
471
472 TpmClientPrintf( 0, "\nDICTIONARY ATTACK LOCK RESET TEST :\n" );
473
474 // Init authHandle
475 sessionData.sessionHandle = TPM_RS_PW;
476
477 // Init nonce.
478 sessionData.nonce.t.size = 0;
479
480 // init hmac
481 sessionData.hmac.t.size = 0;
482
483 // Init session attributes
484 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
485
486 sessionsData.cmdAuthsCount = 1;
487 sessionsData.cmdAuths[0] = &sessionData;
488
489 rval = Tss2_Sys_DictionaryAttackLockReset ( sysContext, TPM_RH_LOCKOUT, &sessionsData, &sessionsDataOut );
490 CheckPassed( rval );
491}
492
493TSS2_RC StartPolicySession( TPMI_SH_AUTH_SESSION *sessionHandle )
494{
495 UINT8 i;
496 TPM2B_NONCE nonceCaller, nonceTpm;
497 TPM2B_ENCRYPTED_SECRET salt;
498 TPMT_SYM_DEF symmetric;
499 UINT16 digestSize;
500 UINT32 rval;
501
502 digestSize = GetDigestSize( TPM_ALG_SHA1 );
503 nonceCaller.t.size = digestSize;
504 for( i = 0; i < nonceCaller.t.size; i++ )
505 nonceCaller.t.buffer[i] = 0;
506
507 salt.t.size = 0;
508 symmetric.algorithm = TPM_ALG_NULL;
509
510 // Create policy session
511 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_NULL, 0, &nonceCaller, &salt,
512 TPM_SE_POLICY, &symmetric, TPM_ALG_SHA1, sessionHandle, &nonceTpm, 0 );
513 return( rval );
514}
515
516void TestTpmStartup()
517{
518 UINT32 rval;
519
520 TpmClientPrintf( 0, "\nSTARTUP TESTS:\n" );
521
522 //
523 // First test the one-call interface.
524 //
525
526 // First must do TPM reset.
527 rval = TpmReset();
528 CheckPassed(rval);
529
530 // This one should pass.
531 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
532 CheckPassed(rval);
533
534 // This one should fail.
535 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
536 CheckFailed( rval, TPM_RC_INITIALIZE );
537
538
539 // Cycle power using simulator interface.
540 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
541 CheckPassed( rval );
542 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
543 CheckPassed( rval );
544
545
546 //
547 // Now test the syncronous, non-one-call interface.
548 //
549 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
550 CheckPassed(rval);
551
552 // Execute the command syncronously.
553 rval = Tss2_Sys_Execute( sysContext );
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]554 CheckPassed( rval );
555
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]556 // Cycle power using simulator interface.
557 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
558 CheckPassed( rval );
559 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
560 CheckPassed( rval );
561
562
563 //
564 // Now test the asyncronous, non-one-call interface.
565 //
566 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
567 CheckPassed(rval);
568
569 // Execute the command asyncronously.
570 rval = Tss2_Sys_ExecuteAsync( sysContext );
571 CheckPassed(rval);
572
573 // Get the command response. Wait a maximum of 20ms
574 // for response.
575 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
576 CheckPassed(rval);
577}
578
579void TestSapiApis()
580{
581 UINT32 rval;
582 TPM2B_MAX_BUFFER outData = { { MAX_DIGEST_BUFFER, } };
583 TPM_RC testResult;
584
585 TpmClientPrintf( 0, "\nGET TEST RESULT TESTS:\n" );
586
587 //
588 // First test the one-call interface.
589 //
590 rval = Tss2_Sys_GetTestResult( sysContext, 0, &outData, &testResult, 0 );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]591 CheckPassed(rval); // #1
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]592
593 //
594 // Now test the syncronous, non-one-call interface.
595 //
596 rval = Tss2_Sys_GetTestResult_Prepare( sysContext );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]597 CheckPassed(rval); // #2
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]598
599 // Execute the command syncronously.
600 rval = Tss2_Sys_Execute( sysContext );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]601 CheckPassed(rval);// #3
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]602
603 // Get the command results
604 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]605 CheckPassed(rval); // #4
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]606
607 //
608 // Now test the asyncronous, non-one-call interface.
609 //
610 rval = Tss2_Sys_GetTestResult_Prepare( sysContext );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]611 CheckPassed(rval); // #5
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]612
613 // Execute the command asyncronously.
614 rval = Tss2_Sys_ExecuteAsync( sysContext );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]615 CheckPassed(rval); // #6
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]616
617 // Get the command response. Wait a maximum of 20ms
618 // for response.
619 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]620 CheckPassed(rval); // #7
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]621
622 // Get the command results
623 rval = Tss2_Sys_GetTestResult_Complete( sysContext, &outData, &testResult );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]624 CheckPassed(rval); // #8
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]625
626 // Check case of ExecuteFinish receving TPM error code.
627 // Subsequent _Complete call should fail with SEQUENCE error.
628 rval = TpmReset();
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]629 CheckPassed(rval); // #9
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]630
631 rval = Tss2_Sys_GetCapability_Prepare( sysContext,
632 TPM_CAP_TPM_PROPERTIES, TPM_PT_ACTIVE_SESSIONS_MAX,
633 1 );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]634 CheckPassed(rval); // #10
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]635
636 // Execute the command asyncronously.
637 rval = Tss2_Sys_ExecuteAsync( sysContext );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]638 CheckPassed(rval); // #11
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]639
640 // Get the command response. Wait a maximum of 20ms
641 // for response.
642 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]643 CheckFailed( rval, TPM_RC_INITIALIZE ); // #12
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]644
645 // Get the command results
646 rval = Tss2_Sys_GetCapability_Complete( sysContext, 0, 0 );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]647 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #13
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]648
649 rval = Tss2_Sys_Startup( sysContext, TPM_SU_CLEAR );
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]650 CheckPassed(rval); // #14
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]651}
652
653
654void TestTpmSelftest()
655{
656 UINT32 rval;
657
658 TpmClientPrintf( 0, "\nSELFTEST TESTS:\n" );
659
660 rval = Tss2_Sys_SelfTest( sysContext, 0, YES, 0);
661 CheckPassed( rval );
662
663 rval = Tss2_Sys_SelfTest( sysContext, 0, NO, 0);
664 CheckPassed( rval );
665
666 rval = Tss2_Sys_SelfTest( sysContext, 0, YES, 0);
667 CheckPassed( rval );
668
669}
670
671void TestTpmGetCapability()
672{
673 UINT32 rval;
674
675 char manuID[5] = " ";
676 char *manuIDPtr = &manuID[0];
677 TPMI_YES_NO moreData;
678 TPMS_CAPABILITY_DATA capabilityData;
679
680 TpmClientPrintf( 0, "\nGET_CAPABILITY TESTS:\n" );
681
682 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
683 CheckPassed( rval );
684
685 *( (UINT32 *)manuIDPtr ) = CHANGE_ENDIAN_DWORD( capabilityData.data.tpmProperties.tpmProperty[0].value );
686 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, manuId: %s\n",
687 capabilityData.data.tpmProperties.count,
688 capabilityData.data.tpmProperties.tpmProperty[0].property,
689 manuID );
690
691 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_COMMAND_SIZE, 1, &moreData, &capabilityData, 0 );
692 CheckPassed( rval );
693 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, max cmd size: %d\n",
694 capabilityData.data.tpmProperties.count,
695 capabilityData.data.tpmProperties.tpmProperty[0].property,
696 capabilityData.data.tpmProperties.tpmProperty[0].value );
697
698
699 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_COMMAND_SIZE, 40, &moreData, &capabilityData, 0 );
700 CheckPassed( rval );
701 TpmClientPrintf( 0, "\t\tcount: %d, property: %x, max cmd size: %d\n",
702 capabilityData.data.tpmProperties.count,
703 capabilityData.data.tpmProperties.tpmProperty[0].property,
704 capabilityData.data.tpmProperties.tpmProperty[0].value );
705
706
707 rval = Tss2_Sys_GetCapability( sysContext, 0, TPM_CAP_TPM_PROPERTIES, TPM_PT_MAX_RESPONSE_SIZE, 1, &moreData, &capabilityData, 0 );
708 CheckPassed( rval );
709 TpmClientPrintf( 0, "\t count: %d, property: %x, max response size: %d\n",
710 capabilityData.data.tpmProperties.count,
711 capabilityData.data.tpmProperties.tpmProperty[0].property,
712 capabilityData.data.tpmProperties.tpmProperty[0].value );
713
714 rval = Tss2_Sys_GetCapability( sysContext, 0, 0xff, TPM_PT_MANUFACTURER, 1, &moreData, &capabilityData, 0 );
715
716 if( tpmSpecVersion == 115 || tpmSpecVersion == 119 )
717 {
718 CheckFailed( rval, TPM_RC_VALUE );
719 }
720 else
721 {
722 CheckFailed( rval, TPM_RC_VALUE+TPM_RC_1+TPM_RC_P );
723 }
724}
725
726void TestTpmClear()
727{
728 UINT32 rval;
729 TPM2B_AUTH hmac;
730 TPMS_AUTH_COMMAND sessionData;
731 TPMS_AUTH_RESPONSE sessionDataOut;
732 TPM2B_NONCE nonce;
733 TSS2_SYS_CMD_AUTHS sessionsDataIn;
734 TSS2_SYS_RSP_AUTHS sessionsDataOut;
735
736 TPMS_AUTH_COMMAND *sessionDataArray[1];
737 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
738
739 sessionDataArray[0] = &sessionData;
740 sessionDataOutArray[0] = &sessionDataOut;
741
742 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
743 sessionsDataIn.cmdAuths = &sessionDataArray[0];
744
745 sessionsDataOut.rspAuthsCount = 1;
746 sessionsDataOut.rspAuths[0] = &sessionDataOut;
747
748 TpmClientPrintf( 0, "\nCLEAR and CLEAR CONTROL TESTS:\n" );
749
750 // Init sessionHandle
751 sessionData.sessionHandle = TPM_RS_PW;
752
753 // Init nonce.
754 nonce.t.size = 0;
755 sessionData.nonce = nonce;
756
757 // init hmac
758 hmac.t.size = 0;
759 sessionData.hmac = hmac;
760
761 // Init session attributes
762 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
763
764 sessionsDataIn.cmdAuthsCount = 1;
765 sessionsDataIn.cmdAuths[0] = &sessionData;
766
767 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, 0 );
768 CheckPassed( rval );
769
770 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, YES, &sessionsDataOut );
771 CheckPassed( rval );
772
773 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, 0 );
774 CheckFailed( rval, TPM_RC_DISABLED );
775
776 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
777 CheckPassed( rval );
778
779 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0xff;
780 sessionsDataIn.cmdAuths[0] = &sessionData;
781 rval = Tss2_Sys_Clear ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, &sessionsDataOut );
782 CheckFailed( rval, TPM_RC_9 + TPM_RC_RESERVED_BITS );
783
784 rval = Tss2_Sys_ClearControl ( sysContext, TPM_RH_PLATFORM, &sessionsDataIn, NO, &sessionsDataOut );
785 CheckFailed( rval, TPM_RC_9 + TPM_RC_RESERVED_BITS );
786
787 hmac.t.size = 0;
788
789
790}
791
792#ifdef DEBUG_GAP_HANDLING
793
794#define SESSIONS_ABOVE_MAX_ACTIVE 1
795// SESSION sessions[DEBUG_GAP_MAX*3];
796 SESSION *sessions[300];
797#else
798
799#define SESSIONS_ABOVE_MAX_ACTIVE 0
800#define DEBUG_MAX_ACTIVE_SESSIONS 8
801#define DEBUG_GAP_MAX 2*DEBUG_MAX_ACTIVE_SESSIONS
802 SESSION *sessions[5];
803
804#endif
805
806void TestStartAuthSession()
807{
808 UINT32 rval;
809 TPM2B_ENCRYPTED_SECRET encryptedSalt;
810 TPMT_SYM_DEF symmetric;
811 SESSION *authSession;
812 TPM2B_NONCE nonceCaller;
813 UINT16 i, debugGapMax = DEBUG_GAP_MAX, debugMaxActiveSessions = DEBUG_MAX_ACTIVE_SESSIONS;
814 TPMA_LOCALITY locality;
815 TPM_HANDLE badSessionHandle = 0x03010000;
816
817 TPMS_AUTH_COMMAND sessionData;
818 TPM2B_NONCE nonce;
819 TSS2_SYS_CMD_AUTHS sessionsDataIn;
820
821 TPMS_AUTH_COMMAND *sessionDataArray[1];
822
823 TPM2B_AUTH hmac;
824
825 TPMS_CONTEXT evictedSessionContext;
826 TPM_HANDLE evictedHandle;
827
828 sessionDataArray[0] = &sessionData;
829
830 sessionsDataIn.cmdAuths = &sessionDataArray[0];
831
832 sessionsDataIn.cmdAuthsCount = 1;
833
834 // Init sessionHandle
835 sessionData.sessionHandle = badSessionHandle;
836
837 // Init nonce.
838 nonce.t.size = 0;
839 sessionData.nonce = nonce;
840
841 // init hmac
842 hmac.t.size = 0;
843 sessionData.hmac = hmac;
844
845 // Init session attributes
846 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
847
848 encryptedSalt.t.size = 0;
849
850 TpmClientPrintf( 0, "\nSTART_AUTH_SESSION TESTS:\n" );
851
852 symmetric.algorithm = TPM_ALG_NULL;
853 symmetric.keyBits.sym = 0;
854 symmetric.mode.sym = 0;
855
856 nonceCaller.t.size = 0;
857
858 encryptedSalt.t.size = 0;
859
860 // Init session
861 rval = StartAuthSessionWithParams( &authSession, TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
862 CheckPassed( rval );
863
864 rval = Tss2_Sys_FlushContext( sysContext, authSession->sessionHandle );
865 CheckPassed( rval );
866 EndAuthSession( authSession );
867
868 // Init session
869 rval = StartAuthSessionWithParams( &authSession, TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, 0xff, &symmetric, TPM_ALG_SHA256 );
870 CheckFailed( rval, TPM_RC_VALUE + TPM_RC_P + TPM_RC_3 );
871
872 // Try starting a bunch to see if resource manager handles this correctly.
873
874#ifdef DEBUG_GAP_HANDLING
875 for( i = 0; i < debugMaxActiveSessions*3; i++ )
876#else
877 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
878#endif
879 {
880// TpmClientPrintf( 0, "i = 0x%4.4x\n", i );
881
882 // Init session struct
883 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
884 CheckPassed( rval );
885 TpmClientPrintf( 0, "Number of sessions created: %d\n\n", i );
886
887#ifdef DEBUG_GAP_HANDLING
888 if( i == 0 )
889 {
890 // Save evicted session's context so we can use it for a test.
891 rval = Tss2_Sys_ContextSave( sysContext, sessions[i]->sessionHandle, &evictedSessionContext );
892 CheckPassed( rval );
893 }
894#endif
895 }
896
897#ifdef DEBUG_GAP_HANDLING
898 TpmClientPrintf( 0, "loading evicted session's context\n" );
899 // Now try loading an evicted session's context.
900 // NOTE: simulator versions 01.19 and earlier this test will fail due to a
901 // simulator bug (unless patches have been applied).
902 rval = Tss2_Sys_ContextLoad( sysContext, &evictedSessionContext, &evictedHandle );
903 CheckFailed( rval, TPM_RC_HANDLE + TPM_RC_P + ( 1 << 8 ));
904#endif
905
906 // Now try two ways of using a bad session handle. Both should fail.
907
908 // first way is to use as command parameter.
909 *(UINT8 *)( (void *)&locality ) = 0;
910 locality.TPM_LOC_THREE = 1;
911 rval = Tss2_Sys_PolicyLocality( sysContext, badSessionHandle, 0, locality, 0 );
912 CheckFailed( rval, TSS2_RESMGRTPM_ERROR_LEVEL + TPM_RC_HANDLE + ( 1 << 8 ) );
913
914 // Second way is to use as handle in session area.
915 rval = Tss2_Sys_PolicyLocality( sysContext, sessions[0]->sessionHandle, &sessionsDataIn, locality, 0 );
916 CheckFailed( rval, TSS2_RESMGRTPM_ERROR_LEVEL + TPM_RC_VALUE + TPM_RC_S + ( 1 << 8 ) );
917
918 // clean up the sessions that I don't want here.
919#ifdef DEBUG_GAP_HANDLING
920 for( i = 0; i < ( debugMaxActiveSessions*3); i++ )
921#else
922 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *)); i++ )
923#endif
924 {
925// TpmClientPrintf( 0, "i(2) = 0x%4.4x\n", i );
926 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
927
928 rval = EndAuthSession( sessions[i] );
929 }
930
931 // Now do some gap tests.
932 rval = StartAuthSessionWithParams( &sessions[0], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
933 CheckPassed( rval );
934
935#ifdef DEBUG_GAP_HANDLING
936// for( i = 1; i < debugGapMax/2; i++ )
937 for( i = 1; i < 300; i++ )
938#else
939 for( i = 1; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
940#endif
941 {
942// TpmClientPrintf( 0, "i(3) = 0x%4.4x\n", i );
943
944 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
945 CheckPassed( rval );
946
947 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
948 CheckPassed( rval );
949
950 rval = EndAuthSession( sessions[i] );
951 CheckPassed( rval );
952 }
953
954#ifdef DEBUG_GAP_HANDLING
955 // Now do some gap tests.
956 rval = StartAuthSessionWithParams( &sessions[8], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
957 CheckPassed( rval );
958#endif
959
960#ifdef DEBUG_GAP_HANDLING
961 for( i = 9; i < debugGapMax; i++ )
962#else
963 for( i = 0; i < ( sizeof(sessions) / sizeof (SESSION *) ); i++ )
964#endif
965 {
966// TpmClientPrintf( 0, "i(4) = 0x%4.4x\n", i );
967 rval = StartAuthSessionWithParams( &sessions[i], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
968 CheckPassed( rval );
969
970 rval = Tss2_Sys_FlushContext( sysContext, sessions[i]->sessionHandle );
971 CheckPassed( rval );
972
973 rval = EndAuthSession( sessions[i] );
974 CheckPassed( rval );
975
976 }
977
978#ifdef DEBUG_GAP_HANDLING
979 for( i = 0; i < 5; i++ )
980 {
981// TpmClientPrintf( 0, "i(5) = 0x%4.4x\n", i );
982 rval = StartAuthSessionWithParams( &sessions[i+16], TPM_RH_NULL, 0, TPM_RH_PLATFORM, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
983 CheckPassed( rval );
984 }
985
986 for( i = 0; i < 5; i++ )
987 {
988// TpmClientPrintf( 0, "i(6) = 0x%4.4x\n", i );
989 rval = Tss2_Sys_FlushContext( sysContext, sessions[i+16]->sessionHandle );
990 CheckPassed( rval );
991
992 rval = EndAuthSession( sessions[i+16] );
993 CheckPassed( rval );
994 }
995
996 rval = Tss2_Sys_FlushContext( sysContext, sessions[0]->sessionHandle );
997 CheckPassed( rval );
998
999 rval = EndAuthSession( sessions[0] );
1000 CheckPassed( rval );
1001
1002 rval = Tss2_Sys_FlushContext( sysContext, sessions[8]->sessionHandle );
1003 CheckPassed( rval );
1004
1005 rval = EndAuthSession( sessions[8] );
1006 CheckPassed( rval );
1007#endif
1008
1009}
1010
1011void TestChangeEps()
1012{
1013 UINT32 rval;
1014 TSS2_SYS_CMD_AUTHS sessionsData;
1015 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1016
1017 TPMS_AUTH_COMMAND sessionData;
1018 TPMS_AUTH_RESPONSE sessionDataOut;
1019
1020 TPMS_AUTH_COMMAND *sessionDataArray[1];
1021 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1022
1023 sessionDataArray[0] = &sessionData;
1024 sessionDataOutArray[0] = &sessionDataOut;
1025
1026 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1027 sessionsData.cmdAuths = &sessionDataArray[0];
1028
1029 sessionsDataOut.rspAuthsCount = 1;
1030
1031 TpmClientPrintf( 0, "\nCHANGE_EPS TESTS:\n" );
1032
1033 sessionsData.cmdAuthsCount = 1;
1034
1035 // Init authHandle
1036 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
1037
1038 // Init nonce.
1039 sessionsData.cmdAuths[0]->nonce.t.size = 0;
1040
1041 // init hmac
1042 sessionsData.cmdAuths[0]->hmac.t.size = 0;
1043
1044 // Init session attributes
1045 *( (UINT8 *)((void *)&sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
1046
1047 rval = Tss2_Sys_ChangeEPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1048 CheckPassed( rval );
1049
1050 sessionsData.cmdAuths[0]->hmac.t.size = 0x10;
1051
1052 rval = Tss2_Sys_ChangeEPS( sysContext, TPM_RH_PLATFORM, &sessionsData, 0 );
1053 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1054}
1055
1056void TestChangePps()
1057{
1058 UINT32 rval;
1059 TSS2_SYS_CMD_AUTHS sessionsData;
1060
1061 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1062
1063 TPMS_AUTH_COMMAND sessionData;
1064 TPMS_AUTH_RESPONSE sessionDataOut;
1065
1066 TPMS_AUTH_COMMAND *sessionDataArray[1];
1067 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1068
1069 sessionDataArray[0] = &sessionData;
1070 sessionDataOutArray[0] = &sessionDataOut;
1071
1072 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1073 sessionsData.cmdAuths = &sessionDataArray[0];
1074
1075 sessionsDataOut.rspAuthsCount = 1;
1076
1077 TpmClientPrintf( 0, "\nCHANGE_PPS TESTS:\n" );
1078
1079 sessionsData.cmdAuthsCount = 1;
1080
1081 // Init authHandle
1082 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
1083
1084 // Init nonce.
1085 sessionsData.cmdAuths[0]->nonce.t.size = 0;
1086
1087 // init hmac
1088 sessionsData.cmdAuths[0]->hmac.t.size = 0;
1089
1090 // Init session attributes
1091 *( (UINT8 *)((void *)&sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
1092
1093 rval = Tss2_Sys_ChangePPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1094 CheckPassed( rval );
1095
1096 sessionsData.cmdAuths[0]->hmac.t.size = 0x10;
1097
1098 rval = Tss2_Sys_ChangePPS( sysContext, TPM_RH_PLATFORM, &sessionsData, &sessionsDataOut );
1099 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1100}
1101
1102void TestHierarchyChangeAuth()
1103{
1104 UINT32 rval;
1105 TPM2B_AUTH newAuth;
1106 TPMS_AUTH_COMMAND sessionData;
1107 TSS2_SYS_CMD_AUTHS sessionsData;
1108 int i;
1109
1110 TPMS_AUTH_COMMAND *sessionDataArray[1];
1111
1112 sessionDataArray[0] = &sessionData;
1113
1114 sessionsData.cmdAuths = &sessionDataArray[0];
1115
1116 TpmClientPrintf( 0, "\nHIERARCHY_CHANGE_AUTH TESTS:\n" );
1117
1118 // Init authHandle
1119 sessionData.sessionHandle = TPM_RS_PW;
1120
1121 // Init nonce.
1122 sessionData.nonce.t.size = 0;
1123
1124 // init hmac
1125 sessionData.hmac.t.size = 0;
1126
1127 // Init session attributes
1128 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1129
1130 sessionsData.cmdAuthsCount = 1;
1131 sessionsData.cmdAuths[0] = &sessionData;
1132
1133 newAuth.t.size = 0;
1134 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1135 CheckPassed( rval );
1136
1137 // Init new auth
1138 newAuth.t.size = 20;
1139 for( i = 0; i < newAuth.t.size; i++ )
1140 newAuth.t.buffer[i] = i;
1141
1142 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1143 CheckPassed( rval );
1144
1145 sessionData.hmac = newAuth;
1146 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1147 CheckPassed( rval );
1148
1149 // Init new auth
1150 newAuth.t.size = 0;
1151
1152 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1153 CheckPassed( rval );
1154
1155 sessionsData.cmdAuths[0] = &sessionData;
1156 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, TPM_RH_PLATFORM, &sessionsData, &newAuth, 0 );
1157 CheckFailed( rval, TPM_RC_1 + TPM_RC_S + TPM_RC_BAD_AUTH );
1158
1159 rval = Tss2_Sys_HierarchyChangeAuth( sysContext, 0, &sessionsData, &newAuth, 0 );
1160 CheckFailed( rval, TPM_RC_1 + TPM_RC_VALUE );
1161}
1162
1163#define PCR_0 0
1164#define PCR_1 1
1165#define PCR_2 2
1166#define PCR_3 3
1167#define PCR_4 4
1168#define PCR_5 5
1169#define PCR_6 6
1170#define PCR_7 7
1171#define PCR_8 8
1172#define PCR_9 9
1173#define PCR_10 10
1174#define PCR_11 11
1175#define PCR_12 12
1176#define PCR_13 13
1177#define PCR_14 14
1178#define PCR_15 15
1179#define PCR_16 16
1180#define PCR_17 17
1181#define PCR_18 18
1182
1183#define PCR_SIZE 20
1184
1185void TestPcrExtend()
1186{
1187 UINT32 rval;
1188 TPMS_AUTH_COMMAND sessionData;
1189 TSS2_SYS_CMD_AUTHS sessionsData;
1190 UINT16 i, digestSize;
1191 TPML_PCR_SELECTION pcrSelection;
1192 UINT32 pcrUpdateCounterBeforeExtend;
1193 UINT32 pcrUpdateCounterAfterExtend;
1194 UINT8 pcrBeforeExtend[PCR_SIZE];
1195 TPM2B_EVENT eventData;
1196 TPML_DIGEST pcrValues;
1197 TPML_DIGEST_VALUES digests;
1198 TPML_PCR_SELECTION pcrSelectionOut;
1199
1200 TPMS_AUTH_COMMAND *sessionDataArray[1];
1201
1202 sessionDataArray[0] = &sessionData;
1203 sessionsData.cmdAuths = &sessionDataArray[0];
1204
1205 TpmClientPrintf( 0, "\nPCR_EXTEND, PCR_EVENT, PCR_ALLOCATE, and PCR_READ TESTS:\n" );
1206
1207 // Init authHandle
1208 sessionData.sessionHandle = TPM_RS_PW;
1209
1210 // Init nonce.
1211 sessionData.nonce.t.size = 0;
1212
1213 // init hmac
1214 sessionData.hmac.t.size = 0;
1215
1216 // Init session attributes
1217 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1218
1219 // Init digests
1220 digests.count = 1;
1221 digests.digests[0].hashAlg = TPM_ALG_SHA1;
1222 digestSize = GetDigestSize( digests.digests[0].hashAlg );
1223
1224 for( i = 0; i < digestSize; i++ )
1225 {
1226 digests.digests[0].digest.sha1[i] = (UINT8)(i % 256);
1227 }
1228
1229 pcrSelection.count = 1;
1230 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA1;
1231 pcrSelection.pcrSelections[0].sizeofSelect = 3;
1232
1233 // Clear out PCR select bit field
1234 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
1235 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
1236 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
1237
1238 // Now set the PCR you want to read
1239 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_17 );
1240
1241 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterBeforeExtend, &pcrSelectionOut, &pcrValues, 0 );
1242 CheckPassed( rval );
1243
1244 if( pcrValues.digests[0].t.size <= PCR_SIZE &&
1245 pcrValues.digests[0].t.size <= sizeof( pcrValues.digests[0].t.buffer ) )
1246 memcpy( &( pcrBeforeExtend[0] ), &( pcrValues.digests[0].t.buffer[0] ), pcrValues.digests[0].t.size );
1247
1248 sessionsData.cmdAuthsCount = 1;
1249 sessionsData.cmdAuths[0] = &sessionData;
1250
1251 rval = Tss2_Sys_PCR_Extend( sysContext, PCR_17, &sessionsData, &digests, 0 );
1252 CheckPassed( rval );
1253
1254 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, &pcrSelectionOut, &pcrValues, 0 );
1255 CheckPassed( rval );
1256
1257 memcpy( &( pcrAfterExtend[0] ), &( pcrValues.digests[0].t.buffer[0] ), pcrValues.digests[0].t.size );
1258
1259 if( pcrUpdateCounterBeforeExtend == pcrUpdateCounterAfterExtend )
1260 {
1261 TpmClientPrintf( 0, "ERROR!! pcrUpdateCounter didn't change value\n" );
1262 Cleanup();
1263 }
1264
1265 if( 0 == memcmp( &( pcrBeforeExtend[0] ), &( pcrAfterExtend[0] ), 20 ) )
1266 {
1267 TpmClientPrintf( 0, "ERROR!! PCR didn't change value\n" );
1268 Cleanup();
1269 }
1270
1271 pcrSelection.pcrSelections[0].sizeofSelect = 4;
1272
1273 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrSelection, &pcrUpdateCounterAfterExtend, 0, 0, 0 );
1274 CheckFailed( rval, TPM_RC_1 + TPM_RC_P + TPM_RC_VALUE );
1275
1276 eventData.t.size = 4;
1277 eventData.t.buffer[0] = 0;
1278 eventData.t.buffer[1] = 0xff;
1279 eventData.t.buffer[2] = 0x55;
1280 eventData.t.buffer[3] = 0xaa;
1281
1282 rval = Tss2_Sys_PCR_Event( sysContext, PCR_18, &sessionsData, &eventData, &digests, 0 );
1283 CheckPassed( rval );
1284}
1285
1286void TestGetRandom()
1287{
1288 UINT32 rval;
1289 TPM2B_DIGEST randomBytes1, randomBytes2;
1290
1291 TpmClientPrintf( 0, "\nGET_RANDOM TESTS:\n" );
1292
1293 rval = Tss2_Sys_GetRandom( sysContext, 0, 20, &randomBytes1, 0 );
1294 CheckPassed( rval );
1295
1296 rval = Tss2_Sys_GetRandom( sysContext, 0, 20, &randomBytes2, 0 );
1297 CheckPassed( rval );
1298
1299 if( 0 == memcmp( &randomBytes1, &randomBytes2, 20 ) )
1300 {
1301 TpmClientPrintf( 0, "ERROR!! Random value is the same\n" );
1302 Cleanup();
1303 }
1304}
1305
1306void TestShutdown()
1307{
1308 UINT32 rval;
1309 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1310
1311 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1312 TPMS_AUTH_RESPONSE sessionDataOut;
1313
1314 sessionDataOutArray[0] = &sessionDataOut;
1315
1316 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1317
1318 sessionsDataOut.rspAuthsCount = 1;
1319
1320 TpmClientPrintf( 0, "\nSHUTDOWN TESTS:\n" );
1321
1322 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM_SU_STATE, &sessionsDataOut );
1323 CheckPassed( rval );
1324
1325 rval = Tss2_Sys_Shutdown( sysContext, 0, TPM_SU_CLEAR, &sessionsDataOut );
1326 CheckPassed( rval );
1327
1328 if( !( tpmSpecVersion == 115 || tpmSpecVersion == 119 ) )
1329 {
1330 rval = Tss2_Sys_Shutdown( sysContext, 0, 0xff, 0 );
1331 CheckFailed( rval, TPM_RC_VALUE+TPM_RC_1+TPM_RC_P );
1332 }
1333}
1334
1335void TestNV()
1336{
1337 UINT32 rval;
1338 TPM2B_NV_PUBLIC publicInfo;
1339 TPM2B_AUTH nvAuth;
1340 TPMS_AUTH_COMMAND sessionData;
1341 TPMS_AUTH_RESPONSE sessionDataOut;
1342 TSS2_SYS_CMD_AUTHS sessionsData;
1343 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1344 int i;
1345 TPM2B_MAX_NV_BUFFER nvWriteData;
1346 TPM2B_MAX_NV_BUFFER nvData;
1347
1348 TPM2B_NV_PUBLIC nvPublic;
1349 TPM2B_NAME nvName;
1350
1351 TPMS_AUTH_COMMAND *sessionDataArray[1];
1352 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1353
1354 sessionDataArray[0] = &sessionData;
1355 sessionDataOutArray[0] = &sessionDataOut;
1356
1357 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1358 sessionsData.cmdAuths = &sessionDataArray[0];
1359
1360 sessionsDataOut.rspAuthsCount = 1;
1361
1362 TpmClientPrintf( 0, "\nNV INDEX TESTS:\n" );
1363
1364 nvAuth.t.size = 20;
1365 for( i = 0; i < nvAuth.t.size; i++ )
1366 nvAuth.t.buffer[i] = (UINT8)i;
1367
1368 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
1369 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
1370 sizeof( UINT16 );
1371 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST1;
1372 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
1373
1374 // First zero out attributes.
1375 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
1376
1377 // Now set the attributes.
1378 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1379 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1380 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITE_STCLEAR = 1;
1381 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1382 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1383 publicInfo.t.nvPublic.authPolicy.t.size = 0;
1384 publicInfo.t.nvPublic.dataSize = 32;
1385
1386 sessionData.sessionHandle = TPM_RS_PW;
1387
1388 // Init nonce.
1389 sessionData.nonce.t.size = 0;
1390
1391 // init hmac
1392 sessionData.hmac.t.size = 0;
1393
1394 // Init session attributes
1395 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1396
1397 sessionsData.cmdAuthsCount = 1;
1398 sessionsData.cmdAuths[0] = &sessionData;
1399
1400 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1401 CheckFailed( rval, TPM_RC_2 + TPM_RC_HANDLE );
1402
1403 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1404 CheckPassed( rval );
1405
1406 nvPublic.t.size = 0;
1407 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1408 CheckPassed( rval );
1409
1410 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1411 CheckFailed( rval, TPM_RC_NV_UNINITIALIZED );
1412
1413 // Should fail since index is already defined.
1414 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1415 CheckFailed( rval, TPM_RC_NV_DEFINED );
1416
1417 nvWriteData.t.size = 4;
1418 for( i = 0; i < nvWriteData.t.size; i++ )
1419 nvWriteData.t.buffer[i] = 0xff - i;
1420
1421#if 1
1422 //
1423 // Following, at one point, was commented out so that NVDefine will work on successive
1424 // invocations of client app.
1425 //
1426 // Noticed on 12/13/12, this doesn't seem to be necessary anymore. Maybe something else
1427 // I did fixed it.
1428 //
1429 // Seems to be a bug in TPM 2.0 simulator that if:
1430 // First pass of tpmclient.exe after restarting TPM 2.0 simulator will work fine.
1431 // If NVWrite is done, subsequent invocations of tpmclient.exe will ALWAYS fail on
1432 // first call to Tpm2NVDefineSpace with 0x2cb error. Removing NVWrite removes this.
1433 // And restarting TPM 2.0 simulator will make it work the first time and fail
1434 // subsequent times.
1435 // Removing NVWrite works around this problem.
1436 //
1437 rval = Tss2_Sys_NV_Write( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1438 CheckPassed( rval );
1439
1440 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1441 CheckPassed( rval );
1442
1443 rval = Tss2_Sys_NV_WriteLock( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &sessionsDataOut );
1444 CheckPassed( rval );
1445
1446 rval = Tss2_Sys_NV_Write( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
1447 CheckFailed( rval, TPM_RC_NV_LOCKED );
1448#endif
1449
1450 // Now undefine the index.
1451 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1452 CheckPassed( rval );
1453
1454 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
1455 CheckPassed( rval );
1456
1457 // Now undefine the index so that next run will work correctly.
1458 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1459 CheckPassed( rval );
1460
1461 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 0;
1462 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 0;
1463 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERREAD = 1;
1464 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERWRITE = 1;
1465 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 0;
1466 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1467 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST2;
1468 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
1469 CheckPassed( rval );
1470
1471 nvPublic.t.size = 0;
1472 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST2, 0, &nvPublic, &nvName, 0 );
1473 CheckPassed( rval );
1474
1475 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST2, &sessionsData, 32, 0, &nvData, 0 );
1476 CheckFailed( rval, TPM_RC_NV_AUTHORIZATION );
1477
1478 // Now undefine the index.
1479 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
1480 CheckPassed( rval );
1481
1482 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_OWNER, &sessionsData, &nvAuth, &publicInfo, 0 );
1483 CheckPassed( rval );
1484
1485 // Now undefine the index so that next run will work correctly.
1486 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_OWNER, TPM20_INDEX_TEST2, &sessionsData, 0 );
1487 CheckPassed( rval );
1488
1489#if 0
1490 TpmClientPrintf( 0, "\nStart of NVUndefineSpaceSpecial test\n" );
1491
1492 // Init nonceNewer
1493 digestSize = GetDigestSize( TPM_ALG_SHA1 );
1494 nonceNewer.t.size = digestSize;
1495 for( i = 0; i < nonceNewer.t.size; i++ )
1496 nonceNewer.t.buffer[i] = 0;
1497
1498 // Init salt
1499 salt.t.size = 0;
1500
1501 // Init symmetric.
1502 symmetric.algorithm = TPM_ALG_NULL;
1503 symmetric.keyBits.sym = 0;
1504 symmetric.mode.sym = 0;
1505 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_PLATFORM, 0, &nonceNewer, &salt,
1506 TPM_SE_TRIAL, &symmetric, TPM_ALG_SHA1, &nvSessionHandle, &nvSessionNonce );
1507 CheckPassed( rval );
1508
1509 nvSessionHandle = ( ( TPM20_StartAuthSession_Out *)(TpmOutBuff) )->sessionHandle;
1510
1511 rval = Tss2_Sys_PolicyCommandCode ( sysContext, nvSessionHandle, 0, TPM_CC_NV_UndefineSpaceSpecial, 0 );
1512 CheckPassed( rval );
1513
1514 rval = Tss2_Sys_PolicyGetDigest( sysContext, nvSessionHandle, 0, &nvAuth1, 0 );
1515 CheckPassed( rval );
1516
1517 rval = Tss2_Sys_FlushContext( sysContext, nvSessionHandle );
1518
1519 nvAuth1 = (TPM2B_AUTH *)&( ( ( TPM20_PolicyGetDigest_Out *)(TpmOutBuff) )->otherData );
1520 publicInfo.t.nvPublic.authPolicy.t.size = nvAuth1->t.size;
1521 memcpy( &( publicInfo.t.nvPublic.authPolicy.t.buffer[0] ),c
1522 &( nvAuth1->t.buffer[0] ),
1523 publicInfo.t.nvPublic.authPolicy.t.size );
1524
1525 publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
1526 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1527 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1528 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERREAD = 0;
1529 publicInfo.t.nvPublic.attributes.TPMA_NV_OWNERWRITE = 0;
1530 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1531 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1532
1533 InitNullSession( &nvSession );
1534
1535 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
1536 CheckPassed( rval );
1537
1538 rval = Tss2_Sys_StartAuthSession ( sysContext, TPM_RH_NULL, TPM_RH_PLATFORM, 0, &nonceCaller, &salt,
1539 TPM_SE_POLICY, &symmetric, TPM_ALG_SHA1, &nvSessionHandle, &nvSessionNonce );
1540 CheckPassed( rval );
1541
1542 nvSession.sessionHandle = nvSessionHandle = ( ( TPM20_StartAuthSession_Out *)(TpmOutBuff) )->sessionHandle;
1543
1544 rval = Tss2_Sys_PolicyCommandCode ( sysContext, nvSessionHandle, 0, TPM_CC_NV_UndefineSpaceSpecial, 0 );
1545 CheckPassed( rval );
1546
1547 nvSession->hmac = publicInfo.t.nvPublic.authPolicy;
1548
1549 nvSessions.cmdAuthsCount = 2;
1550 nvSessions.session[0] = nvSession;
1551
1552 rval = Tss2_Sys_NVUndefineSpaceSpecial( sysContext, TPM20_INDEX_TEST2, TPM_RH_PLATFORM, &nvSessions, &sessionsData );
1553 CheckPassed( rval );
1554#endif
1555}
1556
1557void TestHierarchyControl()
1558{
1559 UINT32 rval;
1560 TPM2B_NV_PUBLIC publicInfo;
1561 TPM2B_AUTH nvAuth;
1562 TPMS_AUTH_COMMAND sessionData;
1563 TPMS_AUTH_RESPONSE sessionDataOut;
1564 TSS2_SYS_CMD_AUTHS sessionsData;
1565 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1566 int i;
1567 TPM2B_NAME nvName;
1568 TPM2B_NV_PUBLIC nvPublic;
1569 TPM2B_MAX_NV_BUFFER nvData;
1570
1571 TPMS_AUTH_COMMAND *sessionDataArray[1];
1572 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1573
1574 sessionDataArray[0] = &sessionData;
1575 sessionDataOutArray[0] = &sessionDataOut;
1576
1577 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1578 sessionsData.cmdAuths = &sessionDataArray[0];
1579
1580 sessionsDataOut.rspAuthsCount = 1;
1581
1582 TpmClientPrintf( 0, "\nHIERARCHY CONTROL TESTS:\n" );
1583
1584 nvAuth.t.size = 20;
1585 for( i = 0; i < nvAuth.t.size; i++ )
1586 nvAuth.t.buffer[i] = i;
1587
1588 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
1589 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
1590 sizeof( UINT16 );
1591 publicInfo.t.nvPublic.nvIndex = TPM20_INDEX_TEST1;
1592 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
1593
1594 // First zero out attributes.
1595 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
1596
1597 // Now set the attributes.
1598 publicInfo.t.nvPublic.attributes.TPMA_NV_PPREAD = 1;
1599 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1600 publicInfo.t.nvPublic.attributes.TPMA_NV_PPWRITE = 1;
1601 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITE_STCLEAR = 1;
1602 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
1603 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
1604 publicInfo.t.nvPublic.authPolicy.t.size = 0;
1605 publicInfo.t.nvPublic.dataSize = 32;
1606
1607 sessionData.sessionHandle = TPM_RS_PW;
1608
1609 // Init nonce.
1610 sessionData.nonce.t.size = 0;
1611
1612 // init hmac
1613 sessionData.hmac.t.size = 0;
1614
1615 // Init session attributes
1616 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1617
1618 sessionsData.cmdAuthsCount = 1;
1619 sessionsData.cmdAuths[0] = &sessionData;
1620
1621 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &sessionsData, &nvAuth, &publicInfo, 0 );
1622 CheckPassed( rval );
1623
1624 // Test SAPI for case where nvPublic.t.size != 0
1625 nvPublic.t.size = 0xff;
1626 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1627 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
1628
1629 nvPublic.t.size = 0;
1630 rval = Tss2_Sys_NV_ReadPublic( sysContext, TPM20_INDEX_TEST1, 0, &nvPublic, &nvName, 0 );
1631 CheckPassed( rval );
1632
1633 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1634 CheckFailed( rval, TPM_RC_NV_UNINITIALIZED );
1635
1636 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, NO, &sessionsDataOut );
1637 CheckPassed( rval );
1638
1639 rval = Tss2_Sys_NV_Read( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 32, 0, &nvData, &sessionsDataOut );
1640 CheckFailed( rval, TPM_RC_1 + TPM_RC_HIERARCHY );
1641
1642 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, YES, &sessionsDataOut );
1643 CheckFailed( rval, TPM_RC_1 + TPM_RC_HIERARCHY );
1644
1645 // Need to do TPM reset and Startup to re-enable platform hierarchy.
1646 rval = TpmReset();
1647 CheckPassed(rval);
1648
1649 rval = Tss2_Sys_Startup ( sysContext, TPM_SU_CLEAR );
1650 CheckPassed( rval );
1651
1652 rval = Tss2_Sys_HierarchyControl( sysContext, TPM_RH_PLATFORM, &sessionsData, TPM_RH_PLATFORM, YES, &sessionsDataOut );
1653 CheckPassed( rval );
1654
1655 // Now undefine the index so that next run will work correctly.
1656 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &sessionsData, 0 );
1657 CheckPassed( rval );
1658}
1659
1660TPM2B_PUBLIC inPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
1661
1662void TestCreate(){
1663 UINT32 rval;
1664 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
1665 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
1666 TPML_PCR_SELECTION creationPCR;
1667 TPMS_AUTH_COMMAND sessionData;
1668 TPMS_AUTH_RESPONSE sessionDataOut;
1669 TSS2_SYS_CMD_AUTHS sessionsData;
1670
1671 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1672 TPM2B_NAME name = { { sizeof( TPM2B_NAME ) - 2, } };
1673 TPM2B_NAME name1 = { { sizeof( TPM2B_NAME ) - 2, } };
1674 TPM2B_PRIVATE outPrivate = { { sizeof( TPM2B_PRIVATE ) - 2, } };
1675 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
1676 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
1677 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
1678 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
1679
1680 TPMS_AUTH_COMMAND *sessionDataArray[1];
1681 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1682
1683 sessionDataArray[0] = &sessionData;
1684 sessionDataOutArray[0] = &sessionDataOut;
1685
1686 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1687 sessionsData.cmdAuths = &sessionDataArray[0];
1688
1689 sessionsDataOut.rspAuthsCount = 1;
1690
1691 TpmClientPrintf( 0, "\nCREATE, CREATE PRIMARY, and LOAD TESTS:\n" );
1692
1693 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1694 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1695 inSensitive.t.sensitive.data.t.size = 0;
1696 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
1697
1698 inPublic.t.publicArea.type = TPM_ALG_RSA;
1699 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
1700
1701 // First clear attributes bit field.
1702 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
1703 inPublic.t.publicArea.objectAttributes.restricted = 1;
1704 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
1705 inPublic.t.publicArea.objectAttributes.decrypt = 1;
1706 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
1707 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
1708 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
1709
1710 inPublic.t.publicArea.authPolicy.t.size = 0;
1711
1712 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
1713 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
1714 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
1715 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
1716 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
1717 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
1718
1719 inPublic.t.publicArea.unique.rsa.t.size = 0;
1720
1721 outsideInfo.t.size = 0;
1722 creationPCR.count = 0;
1723
1724 sessionData.sessionHandle = TPM_RS_PW;
1725
1726 // Init nonce.
1727 sessionData.nonce.t.size = 0;
1728
1729 // init hmac
1730 sessionData.hmac.t.size = 0;
1731
1732 // Init session attributes
1733 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1734
1735 sessionsData.cmdAuthsCount = 1;
1736 sessionsData.cmdAuths[0] = &sessionData;
1737
1738 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
1739
1740 // Do SAPI test for non-zero sized outPublic
1741 outPublic.t.size = 0xff;
1742 creationData.t.size = 0;
1743 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1744 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1745 &creationTicket, &name, &sessionsDataOut );
1746 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
1747
1748 rval = Tss2_Sys_FlushContext( sysContext, handle2048rsa );
1749 CheckPassed( rval );
1750#if 0
1751 // Do SAPI test for non-zero sized creationData
1752 outPublic.t.size = 0;
1753 creationData.t.size = 0x10;
1754 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1755 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1756 &creationTicket, &name, &sessionsDataOut );
1757 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
1758#endif
1759
1760 outPublic.t.size = 0;
1761 creationData.t.size = sizeof( TPM2B_CREATION_DATA ) - 2;
1762 outPublic.t.publicArea.authPolicy.t.size = sizeof( TPM2B_DIGEST ) - 2;
1763 outPublic.t.publicArea.unique.keyedHash.t.size = sizeof( TPM2B_DIGEST ) - 2;
1764 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
1765 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
1766 &creationTicket, &name, &sessionsDataOut );
1767 CheckPassed( rval );
1768
1769 TpmClientPrintf( 0, "\nNew key successfully created in platform hierarchy (RSA 2048). Handle: 0x%8.8x\n",
1770 handle2048rsa );
1771
1772 sessionData.hmac.t.size = 2;
1773 sessionData.hmac.t.buffer[0] = 0x00;
1774 sessionData.hmac.t.buffer[1] = 0xff;
1775
1776 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
1777 inPublic.t.publicArea.objectAttributes.decrypt = 0;
1778 inPublic.t.publicArea.objectAttributes.sign = 1;
1779
1780 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
1781 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA1;
1782
1783 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
1784
1785 outsideInfo.t.size = 0;
1786 outPublic.t.size = 0;
1787 creationData.t.size = 0;
1788 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
1789 &outsideInfo, &creationPCR,
1790 &outPrivate, &outPublic, &creationData,
1791 &creationHash, &creationTicket, &sessionsDataOut );
1792 CheckPassed( rval );
1793
1794 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, &sessionsData, &outPrivate, &outPublic,
1795 &loadedSha1KeyHandle, &name, &sessionsDataOut);
1796 CheckPassed( rval );
1797
1798 rval = (*HandleToNameFunctionPtr)( loadedSha1KeyHandle, &name1 );
1799 CheckPassed( rval );
1800 OpenOutFile( &outFp );
1801 TpmClientPrintf( 0, "Name of loaded key: " );
1802 PrintSizedBuffer( (TPM2B *)&name1 );
1803 CloseOutFile( &outFp );
1804
1805 rval = CompareTPM2B( &name.b, &name1.b );
1806 CheckPassed( rval );
1807
1808 TpmClientPrintf( 0, "\nLoaded key handle: %8.8x\n", loadedSha1KeyHandle );
1809}
1810
1811void TestEvict()
1812{
1813 TPM_RC rval = TPM_RC_SUCCESS;
1814 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
1815 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
1816 TPML_PCR_SELECTION creationPCR;
1817 TPMS_AUTH_COMMAND sessionData;
1818 TPMS_AUTH_RESPONSE sessionDataOut;
1819 TSS2_SYS_CMD_AUTHS sessionsData;
1820 TSS2_SYS_RSP_AUTHS sessionsDataOut;
1821
1822 TPM2B_PRIVATE outPrivate = { { sizeof( TPM2B_PRIVATE ) - 2, } };
1823 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
1824 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
1825 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
1826 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
1827
1828 TPMS_AUTH_COMMAND *sessionDataArray[1];
1829 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
1830
1831 TSS2_TCTI_CONTEXT *otherResMgrTctiContext = 0;
1832 TSS2_SYS_CONTEXT *otherSysContext;
1833 char otherResMgrInterfaceName[] = "Other Resource Manager";
1834
1835 sessionDataArray[0] = &sessionData;
1836 sessionDataOutArray[0] = &sessionDataOut;
1837
1838 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
1839 sessionsData.cmdAuths = &sessionDataArray[0];
1840 sessionsData.cmdAuthsCount = 1;
1841
1842 sessionsDataOut.rspAuthsCount = 1;
1843
1844 outsideInfo.t.size = 0;
1845 creationPCR.count = 0;
1846
1847 TpmClientPrintf( 0, "\nEVICT CONTROL TESTS:\n" );
1848
1849 // Make transient key persistent.
1850 sessionData.sessionHandle = TPM_RS_PW;
1851
1852 // Init nonce.
1853 sessionData.nonce.t.size = 0;
1854
1855 // init hmac
1856 sessionData.hmac.t.size = 0;
1857
1858 // Init session attributes
1859 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1860
1861 rval = Tss2_Sys_EvictControl( sysContext, TPM_RH_PLATFORM, handle2048rsa, &sessionsData, 0x81800000, &sessionsDataOut );
1862 CheckPassed( rval );
1863
1864 sessionData.sessionHandle = TPM_RS_PW;
1865
1866 // Init nonce.
1867 sessionData.nonce.t.size = 0;
1868
1869 // Init session attributes
1870 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1871
1872 // Create new key under persistent one.
1873 sessionData.hmac.t.size = 2;
1874 sessionData.hmac.t.buffer[0] = 0x00;
1875 sessionData.hmac.t.buffer[1] = 0xff;
1876
1877 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
1878 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
1879 inPublic.t.publicArea.objectAttributes.decrypt = 0;
1880 inPublic.t.publicArea.objectAttributes.sign = 1;
1881
1882 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC;
1883 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA1;
1884
1885 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
1886
1887 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1888 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
1889 inSensitive.t.sensitive.data.t.size = 0;
1890 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
1891
1892 outsideInfo.t.size = 0;
1893 outPublic.t.size = 0;
1894 creationData.t.size = 0;
1895
1896 // Try creating a key under the persistent key using a different context.
1897
1898 rval = InitTctiResMgrContext( rmInterfaceConfig, &otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
1899 if( rval != TSS2_RC_SUCCESS )
1900 {
1901 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
1902 Cleanup();
1903 return;
1904 }
1905 else
1906 {
1907 (( TSS2_TCTI_CONTEXT_INTEL *)otherResMgrTctiContext )->status.debugMsgLevel = debugLevel;
1908 }
1909
1910 otherSysContext = InitSysContext( 0, otherResMgrTctiContext, &abiVersion );
1911 if( otherSysContext == 0 )
1912 {
1913 InitSysContextFailure();
1914 }
1915
1916 rval = Tss2_Sys_Create( otherSysContext, 0x81800000, &sessionsData, &inSensitive, &inPublic,
1917 &outsideInfo, &creationPCR,
1918 &outPrivate, &outPublic, &creationData,
1919 &creationHash, &creationTicket, &sessionsDataOut );
1920 CheckPassed( rval );
1921
1922 rval = TeardownTctiResMgrContext( rmInterfaceConfig, otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
1923 CheckPassed( rval );
1924
1925 TeardownSysContext( &otherSysContext );
1926
1927 outsideInfo.t.size = 0;
1928 outPublic.t.size = 0;
1929 creationData.t.size = 0;
1930
1931 // Try creating a key under the transient key. This should work, too.
1932 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
1933 &outsideInfo, &creationPCR,
1934 &outPrivate, &outPublic, &creationData,
1935 &creationHash, &creationTicket, &sessionsDataOut );
1936 CheckPassed( rval );
1937
1938 // Reset persistent key to be transitent.
1939 sessionData.hmac.t.size = 0;
1940 rval = Tss2_Sys_EvictControl( sysContext, TPM_RH_PLATFORM, 0x81800000, &sessionsData, 0x81800000, &sessionsDataOut );
1941 CheckPassed( rval );
1942}
1943
1944TPM_RC DefineNvIndex( TPMI_RH_PROVISION authHandle, TPMI_SH_AUTH_SESSION sessionAuthHandle, TPM2B_AUTH *auth, TPM2B_DIGEST *authPolicy,
1945 TPMI_RH_NV_INDEX nvIndex, TPMI_ALG_HASH nameAlg, TPMA_NV attributes, UINT16 size )
1946{
1947 TPM_RC rval = TPM_RC_SUCCESS;
1948 TPM2B_NV_PUBLIC publicInfo;
1949
1950 // Command and response session data structures.
1951 TPMS_AUTH_COMMAND sessionData = { sessionAuthHandle, };
1952 TPMS_AUTH_RESPONSE sessionDataOut;
1953 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
1954 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
1955 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
1956 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
1957 // Init nonce.
1958 sessionData.nonce.t.size = 0;
1959 // init hmac
1960 sessionData.hmac.t.size = 0;
1961 // Init session attributes
1962 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
1963
1964 attributes.TPMA_NV_ORDERLY = 1;
1965
1966 // Init public info structure.
1967 publicInfo.t.nvPublic.attributes = attributes;
1968 CopySizedByteBuffer( &publicInfo.t.nvPublic.authPolicy.b, &authPolicy->b );
1969 publicInfo.t.nvPublic.dataSize = size;
1970 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
1971 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
1972 sizeof( UINT16 );
1973 publicInfo.t.nvPublic.nvIndex = nvIndex;
1974 publicInfo.t.nvPublic.nameAlg = nameAlg;
1975
1976 // Create the index
1977 rval = Tss2_Sys_NV_DefineSpace( sysContext, authHandle, &sessionsData, auth, &publicInfo, &sessionsDataOut );
1978
1979 return rval;
1980}
1981
1982typedef struct {
1983 char name[50];
1984 TPM_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *trialPolicySession, TPM2B_DIGEST *policyDigest );
1985 TPM_RC (*createObjectFn )( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest );
1986 TPM_RC (*testPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession );
1987} POLICY_TEST_SETUP;
1988
1989TPM_RC BuildPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession,
1990 TPM_RC (*buildPolicyFn )( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest ),
1991 TPM2B_DIGEST *policyDigest, bool trialSession )
1992{
1993 // NOTE: this policySession will be either a trial or normal policy session
1994 // depending on the value of the passed in trialSession parameter.
1995 TPM2B_ENCRYPTED_SECRET encryptedSalt = { {0}, };
1996 TPMT_SYM_DEF symmetric;
1997 TPM_RC rval;
1998 TPM2B_NONCE nonceCaller;
1999
2000 nonceCaller.t.size = 0;
2001
2002 // Start policy session.
2003 symmetric.algorithm = TPM_ALG_NULL;
2004 rval = StartAuthSessionWithParams( policySession, TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, trialSession ? TPM_SE_TRIAL : TPM_SE_POLICY , &symmetric, TPM_ALG_SHA256 );
2005 if( rval != TPM_RC_SUCCESS )
2006 return rval;
2007
2008 // Send policy command.
2009 rval = ( *buildPolicyFn )( sysContext, *policySession, policyDigest );
2010 CheckPassed( rval );
2011
2012 // Get policy hash.
2013 rval = Tss2_Sys_PolicyGetDigest( sysContext, (*policySession)->sessionHandle,
2014 0, policyDigest, 0 );
2015 CheckPassed( rval );
2016
2017 if( trialSession )
2018 {
2019 // Need to flush the session here.
2020 rval = Tss2_Sys_FlushContext( sysContext, (*policySession)->sessionHandle );
2021 CheckPassed( rval );
2022
2023 // And remove the session from sessions table.
2024 rval = EndAuthSession( *policySession );
2025 CheckPassed( rval );
2026 }
2027
2028 return rval;
2029}
2030
2031TPM_RC CreateNVIndex( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
2032{
2033 TPM_RC rval = TPM_RC_SUCCESS;
2034 TPMA_LOCALITY locality;
2035 TPM2B_ENCRYPTED_SECRET encryptedSalt = { {0}, };
2036 TPMT_SYM_DEF symmetric;
2037 TPMA_NV nvAttributes;
2038 TPM2B_AUTH nvAuth;
2039 TPM2B_NONCE nonceCaller;
2040
2041 nonceCaller.t.size = 0;
2042
2043 // Since locality is a fairly simple command and we can guarantee
2044 // its correctness, we don't need a trial session for this.
2045
2046 // Start real policy session
2047 symmetric.algorithm = TPM_ALG_NULL;
2048 rval = StartAuthSessionWithParams( policySession, TPM_RH_NULL,
2049 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY,
2050 &symmetric, TPM_ALG_SHA256 );
2051 CheckPassed( rval );
2052
2053 // Send PolicyLocality command
2054 *(UINT8 *)( (void *)&locality ) = 0;
2055 locality.TPM_LOC_THREE = 1;
2056 rval = Tss2_Sys_PolicyLocality( sysContext, (*policySession)->sessionHandle,
2057 0, locality, 0 );
2058 CheckPassed( rval );
2059
2060 // Read policyHash
2061 rval = Tss2_Sys_PolicyGetDigest( sysContext,
2062 (*policySession)->sessionHandle, 0, policyDigest, 0 );
2063 CheckPassed( rval );
2064
2065 nvAuth.t.size = 0;
2066
2067 // Now set the attributes.
2068 *(UINT32 *)( (void *)&nvAttributes ) = 0;
2069 nvAttributes.TPMA_NV_POLICYREAD = 1;
2070 nvAttributes.TPMA_NV_POLICYWRITE = 1;
2071 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
2072
2073 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, policyDigest,
2074 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA256, nvAttributes, 32 );
2075 CheckPassed( rval );
2076
2077 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
2078 CheckPassed( rval );
2079
2080 return rval;
2081}
2082
2083
2084TPM_RC TestLocality( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2085{
2086 TSS2_RC rval = TPM_RC_SUCCESS;
2087 TSS2_SYS_CMD_AUTHS sessionsData;
2088 TPM2B_MAX_NV_BUFFER nvWriteData;
2089 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, };
2090 TPMS_AUTH_COMMAND sessionData;
2091 TPMS_AUTH_RESPONSE sessionDataOut;
2092
2093 TPMS_AUTH_COMMAND *sessionDataArray[1];
2094 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2095
2096 sessionDataArray[0] = &sessionData;
2097 sessionDataOutArray[0] = &sessionDataOut;
2098
2099 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2100 sessionsData.cmdAuths = &sessionDataArray[0];
2101
2102 // Init write data.
2103 nvWriteData.t.size = 0;
2104
2105 sessionsData.cmdAuthsCount = 1;
2106 sessionsData.cmdAuths[0]->sessionHandle = policySession->sessionHandle;
2107 sessionsData.cmdAuths[0]->nonce.t.size = 0;
2108 sessionsData.cmdAuths[0]->hmac.t.size = 0;
2109
2110 *(UINT8 *)( (void *)&( sessionsData.cmdAuths[0]->sessionAttributes ) ) = 0;
2111 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
2112
2113 rval = SetLocality( sysContext, 2 );
2114 CheckPassed( rval );
2115
2116 // Do NV write using open session's policy.
2117 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2118 TPM20_INDEX_PASSWORD_TEST,
2119 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2120 CheckFailed( rval, TPM_RC_LOCALITY );
2121
2122 rval = SetLocality( sysContext, 3 );
2123 CheckPassed( rval );
2124
2125 // Do NV write using open session's policy.
2126 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2127 TPM20_INDEX_PASSWORD_TEST,
2128 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2129 CheckPassed( rval );
2130
2131 // Do another NV write using open session's policy.
2132 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST,
2133 TPM20_INDEX_PASSWORD_TEST,
2134 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
2135 CheckFailed( rval, TPM_RC_POLICY_FAIL + TPM_RC_S + TPM_RC_1 );
2136
2137 // Delete NV index
2138 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
2139 sessionsData.cmdAuths[0]->nonce.t.size = 0;
2140 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
2141 sessionData.hmac.t.size = 0;
2142
2143 // Now undefine the index.
2144 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM,
2145 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
2146 CheckPassed( rval );
2147
2148 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
2149 CheckPassed( rval );
2150
2151 return rval;
2152}
2153
2154UINT8 passwordPCRTestPassword[] = "password PCR";
2155UINT8 dataBlob[] = "some data";
2156TPM_HANDLE blobHandle;
2157TPM2B_AUTH blobAuth;
2158
2159TPM_RC BuildPasswordPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2160{
2161 TPM_RC rval = TPM_RC_SUCCESS;
2162
2163 rval = Tss2_Sys_PolicyPassword( sysContext, policySession->sessionHandle, 0, 0 );
2164 CheckPassed( rval );
2165
2166 return rval;
2167}
2168
2169TPM_RC BuildAuthValuePolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2170{
2171 TPM_RC rval = TPM_RC_SUCCESS;
2172
2173 rval = Tss2_Sys_PolicyAuthValue( sysContext, policySession->sessionHandle, 0, 0 );
2174 CheckPassed( rval );
2175
2176 return rval;
2177}
2178
2179
2180TPM_RC BuildPasswordPcrPolicy( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession, TPM2B_DIGEST *policyDigest )
2181{
2182 TPM_RC rval = TPM_RC_SUCCESS;
2183 TPM2B_DIGEST pcrDigest;
2184 TPML_PCR_SELECTION pcrs;
2185 TPML_DIGEST pcrValues;
2186 UINT32 pcrUpdateCounter;
2187 TPML_PCR_SELECTION pcrSelectionOut;
2188
2189 pcrDigest.t.size = 0;
2190 rval = Tss2_Sys_PolicyPassword( sysContext, policySession->sessionHandle, 0, 0 );
2191 CheckPassed( rval );
2192
2193 pcrs.count = 1;
2194 pcrs.pcrSelections[0].hash = TPM_ALG_SHA1;
2195 pcrs.pcrSelections[0].sizeofSelect = 3;
2196 pcrs.pcrSelections[0].pcrSelect[0] = 0;
2197 pcrs.pcrSelections[0].pcrSelect[1] = 0;
2198 pcrs.pcrSelections[0].pcrSelect[2] = 0;
2199 SET_PCR_SELECT_BIT( pcrs.pcrSelections[0], PCR_0 );
2200 SET_PCR_SELECT_BIT( pcrs.pcrSelections[0], PCR_3 );
2201
2202 //
2203 // Compute pcrDigest
2204 //
2205 // Read PCRs
2206 rval = Tss2_Sys_PCR_Read( sysContext, 0, &pcrs, &pcrUpdateCounter, &pcrSelectionOut, &pcrValues, 0 );
2207 CheckPassed( rval );
2208 // Hash them together
2209 rval = TpmHashSequence( policySession->authHash, pcrValues.count, &pcrValues.digests[0], &pcrDigest );
2210
2211 rval = Tss2_Sys_PolicyPCR( sysContext, policySession->sessionHandle, 0, &pcrDigest, &pcrs, 0 );
2212 CheckPassed( rval );
2213
2214 return rval;
2215}
2216
2217
2218TPM_RC CreateDataBlob( TSS2_SYS_CONTEXT *sysContext, SESSION **policySession, TPM2B_DIGEST *policyDigest )
2219{
2220 TPM_RC rval = TPM_RC_SUCCESS;
2221 TPMS_AUTH_COMMAND cmdAuth;
2222 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2223 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2224 TPM2B_SENSITIVE_CREATE inSensitive;
2225 TPM2B_PUBLIC inPublic;
2226 TPM2B_DATA outsideInfo = { { 0, } };
2227 TPML_PCR_SELECTION creationPcr = { 0 };
2228 TPM2B_PUBLIC outPublic;
2229 TPM2B_CREATION_DATA creationData;
2230 TPM_HANDLE srkHandle;
2231 TPM2B_DIGEST creationHash;
2232 TPMT_TK_CREATION creationTicket;
2233 TPM2B_NAME srkName, blobName;
2234 TPM2B_DIGEST data;
2235 TPM2B_PRIVATE outPrivate;
2236
2237 cmdAuth.sessionHandle = TPM_RS_PW;
2238 cmdAuth.nonce.t.size = 0;
2239 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2240 cmdAuth.hmac.t.size = 0;
2241
2242 inSensitive.t.sensitive.userAuth.t.size = 0;
2243 inSensitive.t.sensitive.data.t.size = 0;
2244
2245 inPublic.t.publicArea.type = TPM_ALG_RSA;
2246 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
2247 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
2248 inPublic.t.publicArea.objectAttributes.restricted = 1;
2249 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
2250 inPublic.t.publicArea.objectAttributes.decrypt = 1;
2251 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
2252 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
2253 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
2254 inPublic.t.publicArea.authPolicy.t.size = 0;
2255 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
2256 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
2257 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CBC;
2258 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
2259 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
2260 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
2261 inPublic.t.publicArea.unique.rsa.t.size = 0;
2262
2263 outPublic.t.size = 0;
2264 creationData.t.size = 0;
2265 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &cmdAuthArray,
2266 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
2267 &srkHandle, &outPublic, &creationData, &creationHash,
2268 &creationTicket, &srkName, 0 );
2269 CheckPassed( rval );
2270
2271 cmdAuth.sessionHandle = TPM_RS_PW;
2272
2273 inSensitive.t.sensitive.userAuth.t.size = 0;
2274 blobAuth.t.size = sizeof( passwordPCRTestPassword );
2275 memcpy( &blobAuth.t.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
2276 CopySizedByteBuffer( &(inSensitive.t.sensitive.userAuth.b ), &blobAuth.b );
2277 data.t.size = sizeof( dataBlob );
2278 memcpy( &data.t.buffer, dataBlob, sizeof( dataBlob ) );
2279 CopySizedByteBuffer( &(inSensitive.t.sensitive.data.b ), &data.b );
2280
2281 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
2282 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA256;
2283 inPublic.t.publicArea.objectAttributes.restricted = 0;
2284 inPublic.t.publicArea.objectAttributes.decrypt = 0;
2285 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 0;
2286 CopySizedByteBuffer( &( inPublic.t.publicArea.authPolicy.b), &( policyDigest->b ) );
2287 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
2288 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
2289
2290 outPublic.t.size = 0;
2291 creationData.t.size = 0;
2292 rval = Tss2_Sys_Create( sysContext, srkHandle, &cmdAuthArray,
2293 &inSensitive, &inPublic, &outsideInfo, &creationPcr,
2294 &outPrivate, &outPublic, &creationData, &creationHash,
2295 &creationTicket, 0 );
2296 CheckPassed( rval );
2297
2298 // Now we need to load the object.
2299 rval = Tss2_Sys_Load( sysContext, srkHandle, &cmdAuthArray, &outPrivate, &outPublic, &blobHandle, &blobName, 0 );
2300 CheckPassed( rval );
2301
2302 return rval;
2303}
2304
2305TPM_RC AuthValueUnseal( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2306{
2307 TPM_RC rval = TPM_RC_SUCCESS;
2308 TPM2B_SENSITIVE_DATA outData;
2309 TPMS_AUTH_COMMAND cmdAuth;
2310 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2311 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2312
2313 cmdAuth.sessionHandle = policySession->sessionHandle;
2314 cmdAuth.nonce.t.size = 0;
2315 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2316 cmdAuth.sessionAttributes.continueSession = 1;
2317 cmdAuth.hmac.t.size = 0;
2318
2319 // Now try to unseal the blob without setting the HMAC.
2320 // This test should fail.
2321 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2322 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
2323
2324 // Clear DA lockout.
2325 TestDictionaryAttackLockReset();
2326
2327 //
2328 // Now try to unseal the blob after setting the HMAC.
2329 // This test should pass.
2330 //
2331
2332 // First, call Prepare.
2333 rval = Tss2_Sys_Unseal_Prepare( sysContext, blobHandle );
2334 CheckPassed( rval );
2335
2336 rval = AddEntity( blobHandle, &blobAuth );
2337 CheckPassed( rval );
2338
2339 // Roll nonces for command.
2340 RollNonces( policySession, &cmdAuth.nonce );
2341
2342 // Now generate the HMAC.
2343 rval = ComputeCommandHmacs( sysContext,
2344 blobHandle,
2345 TPM_HT_NO_HANDLE, &cmdAuthArray, 1 );
2346 CheckPassed( rval );
2347
2348 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2349 CheckPassed( rval );
2350
2351 rval = DeleteEntity( blobHandle );
2352 CheckPassed( rval );
2353
2354 // Add test to make sure we unsealed correctly.
2355
2356 // Now we'll want to flush the data blob and remove it
2357 // from resource manager tables.
2358 rval = Tss2_Sys_FlushContext( sysContext, blobHandle );
2359 CheckPassed( rval );
2360
2361 return rval;
2362}
2363
2364TPM_RC PasswordUnseal( TSS2_SYS_CONTEXT *sysContext, SESSION *policySession )
2365{
2366 TPM_RC rval = TPM_RC_SUCCESS;
2367 TPM2B_SENSITIVE_DATA outData;
2368 TPMS_AUTH_COMMAND cmdAuth;
2369 TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
2370 TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
2371
2372 cmdAuth.sessionHandle = policySession->sessionHandle;
2373 cmdAuth.nonce.t.size = 0;
2374 *( (UINT8 *)((void *)&cmdAuth.sessionAttributes ) ) = 0;
2375 cmdAuth.sessionAttributes.continueSession = 1;
2376 cmdAuth.hmac.t.size = 0;
2377
2378 // Now try to unseal the blob without setting the password.
2379 // This test should fail.
2380 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2381 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
2382
2383 // Clear DA lockout.
2384 TestDictionaryAttackLockReset();
2385
2386 // Now try to unseal the blob after setting the password.
2387 // This test should pass.
2388 cmdAuth.hmac.t.size = sizeof( passwordPCRTestPassword );
2389 memcpy( &cmdAuth.hmac.t.buffer, passwordPCRTestPassword, sizeof( passwordPCRTestPassword ) );
2390 rval = Tss2_Sys_Unseal( sysContext, blobHandle, &cmdAuthArray, &outData, 0 );
2391 CheckPassed( rval );
2392
2393 // Add test to make sure we unsealed correctly.
2394
2395 // Now we'll want to flush the data blob and remove it
2396 // from resource manager tables.
2397 rval = Tss2_Sys_FlushContext( sysContext, blobHandle );
2398 CheckPassed( rval );
2399
2400 return rval;
2401}
2402
2403POLICY_TEST_SETUP policyTestSetups[] =
2404{
2405 // NOTE: Since locality is a fairly simple command and we
2406 // can guarantee its correctness, we don't need a trial
2407 // session for this. buildPolicyFn pointer can be 0 in
2408 // this case.
2409 { "LOCALITY", 0, CreateNVIndex, TestLocality },
2410 { "PASSWORD", BuildPasswordPolicy, CreateDataBlob, PasswordUnseal },
2411 { "PASSWORD/PCR", BuildPasswordPcrPolicy, CreateDataBlob, PasswordUnseal },
2412 { "AUTHVALUE", BuildAuthValuePolicy, CreateDataBlob, AuthValueUnseal },
2413 // TBD...
2414};
2415
2416void TestPolicy()
2417{
2418 UINT32 rval;
2419 unsigned int i;
2420 SESSION *policySession = 0;
2421
2422 TpmClientPrintf( 0, "\nPOLICY TESTS:\n" );
2423
2424 for( i = 0; i < ( sizeof( policyTestSetups ) / sizeof( POLICY_TEST_SETUP ) ); i++ )
2425 {
2426 TPM2B_DIGEST policyDigest;
2427
2428 rval = TPM_RC_SUCCESS;
2429
2430 TpmClientPrintf( 0, "Policy Test: %s\n", policyTestSetups[i].name );
2431
2432 // Create trial policy session and run policy commands, in order to create policyDigest.
2433 if( policyTestSetups[i].buildPolicyFn != 0)
2434 {
2435 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, true );
2436 CheckPassed( rval );
2437 }
2438
2439 // Create entity that will use that policyDigest as authPolicy.
2440 if( policyTestSetups[i].createObjectFn != 0 )
2441 {
2442 rval = ( *policyTestSetups[i].createObjectFn )( sysContext, &policySession, &policyDigest);
2443 CheckPassed( rval );
2444 }
2445
2446 // Create real policy session and run policy commands; after this we're ready
2447 // to authorize actions on the entity.
2448 if( policyTestSetups[i].buildPolicyFn != 0)
2449 {
2450 rval = BuildPolicy( sysContext, &policySession, policyTestSetups[i].buildPolicyFn, &policyDigest, false );
2451 CheckPassed( rval );
2452 }
2453
2454 if( policySession )
2455 {
2456 // Now do tests by authorizing actions on the entity.
2457 rval = ( *policyTestSetups[i].testPolicyFn)( sysContext, policySession );
2458 CheckPassed( rval );
2459
2460 // Need to flush the session here.
2461 rval = Tss2_Sys_FlushContext( sysContext, policySession->sessionHandle );
2462 CheckPassed( rval );
2463
2464 // And remove the session from test app session table.
2465 rval = EndAuthSession( policySession );
2466 }
2467 else
2468 {
2469 CheckFailed( rval, 0xffffffff );
2470 }
2471
2472 CheckPassed( rval );
2473 }
2474}
2475
2476#define MAX_TEST_SEQUENCES 10
2477void TestHash()
2478{
2479 UINT32 rval;
2480 TPM2B_AUTH auth;
2481 TPMI_DH_OBJECT sequenceHandle[MAX_TEST_SEQUENCES];
2482 TPMS_AUTH_COMMAND sessionData, sessionData1;
2483 TPMS_AUTH_RESPONSE sessionDataOut, sessionDataOut1;
2484 TSS2_SYS_CMD_AUTHS sessionsData;
2485 int i;
2486 TPM2B_MAX_BUFFER dataToHash;
2487
2488 UINT8 memoryToHash[] =
2489 {
2490 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2491 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2492 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2493 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2494 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2495 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2496 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2497 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2498 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2499 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2500 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2501 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2502 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2503 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2504 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2505 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2506 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2507 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2508 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2509 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2510 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2511 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2512 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2513 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2514 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2515 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2516 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2517 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2518 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2519 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2520 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2521 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2522 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2523 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2524 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2525 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2526 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2527 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2528 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2529 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2530 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2531 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2532 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2533 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2534 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2535 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2537 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2538 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2539 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2540 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2541 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2542 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2543 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2544 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2545 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2546 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2547 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2548 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2549 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2550 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2551 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2552 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2553 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2554 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
2555 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
2556 0xde, 0xad, 0xbe, 0xef
2557 };
2558
2559 // Known good hash of above memory.
2560 UINT8 goodHashValue[] =
2561 { 0xB3, 0xFD, 0x6A, 0xD2, 0x9F, 0xD0, 0x13, 0x52, 0xBA, 0xFC,
2562 0x8B, 0x22, 0xC9, 0x6D, 0x88, 0x42, 0xA3, 0x3C, 0xB0, 0xC9 };
2563
2564 // Hash to be calculated by TPM.
2565 TPM2B_DIGEST result;
2566 TPMT_TK_HASHCHECK validation;
2567 TSS2_SYS_RSP_AUTHS sessionsDataOut;
2568
2569 TPMS_AUTH_COMMAND *sessionDataArray[2];
2570 TPMS_AUTH_RESPONSE *sessionDataOutArray[2];
2571
2572 sessionDataArray[0] = &sessionData;
2573 sessionDataOutArray[0] = &sessionDataOut;
2574 sessionDataArray[1] = &sessionData1;
2575 sessionDataOutArray[1] = &sessionDataOut1;
2576
2577 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2578 sessionsData.cmdAuths = &sessionDataArray[0];
2579
2580 sessionsDataOut.rspAuthsCount = 1;
2581
2582 TpmClientPrintf( 0, "\nHASH TESTS:\n" );
2583
2584 auth.t.size = 2;
2585 auth.t.buffer[0] = 0;
2586 auth.t.buffer[1] = 0xff;
2587 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[0], 0 );
2588 CheckPassed( rval );
2589
2590 // Init authHandle
2591 sessionData.sessionHandle = TPM_RS_PW;
2592
2593 // Init nonce.
2594 sessionData.nonce.t.size = 0;
2595
2596 // init hmac
2597 sessionData.hmac = auth;
2598
2599 // Init session attributes
2600 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2601
2602 sessionsData.cmdAuthsCount = 1;
2603 sessionsData.cmdAuths[0] = &sessionData;
2604
2605 dataToHash.t.size = MAX_DIGEST_BUFFER;
2606 memcpy( &dataToHash.t.buffer[0], &memoryToHash[0], dataToHash.t.size );
2607
2608 rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash, &sessionsDataOut );
2609 CheckPassed( rval );
2610
2611 // Now try starting a bunch of sequences to see what happens.
2612 // This checks that the resource manager properly saves and restores the context
2613 // of the interrupted original sequence.
2614 for( i = 1; i < 5; i++ )
2615 {
2616 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[i], 0 );
2617 CheckPassed( rval );
2618 }
2619
2620 // Now end the created sequences.
2621 dataToHash.t.size = 0;
2622 for( i = 1; i < 5; i++ )
2623 {
2624 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[i], &sessionsData, &dataToHash,
2625 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2626 CheckPassed( rval );
2627 }
2628
2629 // Now try to finish the interrupted sequence.
2630 rval = Tss2_Sys_SequenceUpdate ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash, &sessionsDataOut );
2631 CheckPassed( rval );
2632
2633 dataToHash.t.size = sizeof( memoryToHash ) - MAX_DIGEST_BUFFER;
2634 memcpy( &dataToHash.t.buffer[0], &memoryToHash[MAX_DIGEST_BUFFER], dataToHash.t.size );
2635 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[0], &sessionsData, &dataToHash,
2636 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2637 CheckPassed( rval );
2638
2639 // Test the resulting hash.
2640 if( memcmp( (void *)&( result.t.buffer[0] ), (void *)&( goodHashValue[0] ), result.t.size ) )
2641 {
2642 TpmClientPrintf( 0, "ERROR!! resulting hash is incorrect.\n" );
2643 Cleanup();
2644 }
2645
2646 // Now try starting a bunch of sequences to see what happens.
2647 // This stresses the resource manager.
2648 for( i = 0; i < MAX_TEST_SEQUENCES; i++ )
2649 {
2650 rval = Tss2_Sys_HashSequenceStart ( sysContext, 0, &auth, TPM_ALG_SHA1, &sequenceHandle[i], 0 );
2651 CheckPassed( rval );
2652 }
2653
2654 // Now end them all
2655 dataToHash.t.size = 0;
2656 for( i = (MAX_TEST_SEQUENCES - 1); i >= 0; i-- )
2657// for( i = 0; i < MAX_TEST_SEQUENCES; i++ )
2658 {
2659 rval = Tss2_Sys_SequenceComplete ( sysContext, sequenceHandle[i], &sessionsData, &dataToHash,
2660 TPM_RH_PLATFORM, &result, &validation, &sessionsDataOut );
2661 CheckPassed( rval );
2662 }
2663}
2664
2665void TestQuote()
2666{
2667 UINT32 rval;
2668 TPM2B_DATA qualifyingData;
2669 UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
2670 TPMT_SIG_SCHEME inScheme;
2671 TPML_PCR_SELECTION pcrSelection;
2672 TPMS_AUTH_COMMAND sessionData;
2673 TPMS_AUTH_RESPONSE sessionDataOut;
2674 TSS2_SYS_CMD_AUTHS sessionsData;
2675 TSS2_SYS_RSP_AUTHS sessionsDataOut;
2676 TPM2B_ATTEST quoted;
2677 TPMT_SIGNATURE signature;
2678
2679 TPMS_AUTH_COMMAND *sessionDataArray[1];
2680 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2681
2682 sessionDataArray[0] = &sessionData;
2683 sessionDataOutArray[0] = &sessionDataOut;
2684
2685 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
2686 sessionsData.cmdAuths = &sessionDataArray[0];
2687
2688 sessionsDataOut.rspAuthsCount = 1;
2689
2690 TpmClientPrintf( 0, "\nQUOTE CONTROL TESTS:\n" );
2691
2692 // Init authHandle
2693 sessionData.sessionHandle = TPM_RS_PW;
2694
2695 // Init nonce.
2696 sessionData.nonce.t.size = 0;
2697
2698 // init hmac
2699 sessionData.hmac.t.size = 2;
2700 sessionData.hmac.t.buffer[0] = 0x00;
2701 sessionData.hmac.t.buffer[1] = 0xff;
2702
2703 // Init session attributes
2704 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
2705
2706 qualifyingData.t.size = sizeof( qualDataString );
2707 memcpy( &( qualifyingData.t.buffer[0] ), qualDataString, sizeof( qualDataString ) );
2708
2709 inScheme.scheme = TPM_ALG_NULL;
2710
2711 pcrSelection.count = 1;
2712 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA1;
2713 pcrSelection.pcrSelections[0].sizeofSelect = 3;
2714
2715 // Clear out PCR select bit field
2716 pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
2717 pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
2718 pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
2719
2720 // Now set the PCR you want
2721 pcrSelection.pcrSelections[0].pcrSelect[( PCR_17/8 )] = ( 1 << ( PCR_18 % 8) );
2722
2723 sessionsData.cmdAuthsCount = 1;
2724 sessionsData.cmdAuths[0] = &sessionData;
2725
2726 // Test with wrong type of key.
2727 rval = Tss2_Sys_Quote ( sysContext, loadedSha1KeyHandle, &sessionsData, &qualifyingData, &inScheme,
2728 &pcrSelection, &quoted, &signature, &sessionsDataOut );
2729 CheckPassed( rval );
2730
2731 // Create signing key
2732
2733
2734 // Now test quote operation
2735// Tpm20Quote ( ??TPMI_DH_OBJECT signHandle, TPM2B_DATA *qualifyingData,
2736// TPMT_SIG_SCHEME *inScheme, TPML_PCR_SELECTION *pcrSelect,
2737// TPMS_AUTH_COMMAND *sessionsData)
2738
2739}
2740
2741void ProvisionOtherIndices()
2742{
2743 UINT32 rval;
2744 TPMI_SH_AUTH_SESSION otherIndicesPolicyAuthHandle;
2745 TPM2B_DIGEST nvPolicyHash;
2746 TPM2B_AUTH nvAuth;
2747 TPMS_AUTH_COMMAND otherIndicesSessionData;
2748 TPMS_AUTH_RESPONSE otherIndicesSessionDataOut;
2749 TSS2_SYS_CMD_AUTHS otherIndicesSessionsData;
2750 TSS2_SYS_RSP_AUTHS otherIndicesSessionsDataOut;
2751 TPM2B_NV_PUBLIC publicInfo;
2752
2753 TPMS_AUTH_COMMAND *sessionDataArray[1];
2754 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2755
2756 sessionDataArray[0] = &otherIndicesSessionData;
2757 sessionDataOutArray[0] = &otherIndicesSessionDataOut;
2758
2759 otherIndicesSessionsDataOut.rspAuths = &sessionDataOutArray[0];
2760 otherIndicesSessionsData.cmdAuths = &sessionDataArray[0];
2761
2762 otherIndicesSessionsDataOut.rspAuthsCount = 1;
2763
2764 TpmClientPrintf( 0, "\nPROVISION OTHER NV INDICES:\n" );
2765
2766 //
2767 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
2768 // Do this by setting up two policies and ORing them together when creating AuxIndex:
2769 // 1. PolicyLocality(3) && PolicyCommand(NVWrite)
2770 // 2. EmptyAuth policy && PolicyCommand(NVRead)
2771 // Page 126 of Part 1 describes how to do this.
2772 //
2773
2774 // Steps:
2775 rval = StartPolicySession( &otherIndicesPolicyAuthHandle );
2776 CheckPassed( rval );
2777
2778 // 3. GetPolicyDigest and save it
2779 rval = Tss2_Sys_PolicyGetDigest( sysContext, otherIndicesPolicyAuthHandle, 0, &nvPolicyHash, 0 );
2780 CheckPassed( rval );
2781
2782 // Now save the policy digest from the first OR branch.
2783 DEBUG_PRINT_BUFFER( &( nvPolicyHash.t.buffer[0] ), nvPolicyHash.t.size );
2784
2785 // 4. CreateNvIndex
2786 otherIndicesSessionData.sessionHandle = TPM_RS_PW;
2787
2788 // Init nonce.
2789 otherIndicesSessionData.nonce.t.size = 0;
2790
2791 // init hmac
2792 otherIndicesSessionData.hmac.t.size = 0;
2793
2794 // init nvAuth
2795 nvAuth.t.size = 0;
2796
2797 // Init session attributes
2798 *( (UINT8 *)((void *)&otherIndicesSessionData.sessionAttributes ) ) = 0;
2799
2800 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
2801 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
2802 sizeof( UINT16 );
2803 publicInfo.t.nvPublic.nvIndex = INDEX_LCP_SUP;
2804 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
2805
2806 // First zero out attributes.
2807 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
2808
2809 // Now set the attributes.
2810 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
2811 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHWRITE = 1;
2812 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
2813 // Following commented out for convenience during development.
2814 // publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
2815 publicInfo.t.nvPublic.attributes.TPMA_NV_WRITEDEFINE = 1;
2816 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
2817
2818 publicInfo.t.nvPublic.authPolicy.t.size = 0;
2819 publicInfo.t.nvPublic.dataSize = NV_PS_INDEX_SIZE;
2820
2821 otherIndicesSessionsData.cmdAuthsCount = 1;
2822 otherIndicesSessionsData.cmdAuths[0] = &otherIndicesSessionData;
2823
2824 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &otherIndicesSessionsData,
2825 &nvAuth, &publicInfo, &otherIndicesSessionsDataOut );
2826 CheckPassed( rval );
2827
2828 publicInfo.t.nvPublic.nvIndex = INDEX_LCP_OWN;
2829 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &otherIndicesSessionsData,
2830 &nvAuth, &publicInfo, &otherIndicesSessionsDataOut );
2831 CheckPassed( rval );
2832
2833 // Now teardown session
2834 rval = Tss2_Sys_FlushContext( sysContext, otherIndicesPolicyAuthHandle );
2835 CheckPassed( rval );
2836}
2837
2838
2839TSS2_RC InitNvAuxPolicySession( TPMI_SH_AUTH_SESSION *nvAuxPolicySessionHandle )
2840{
2841 TPMA_LOCALITY locality;
2842 TPM_RC rval;
2843
2844 rval = StartPolicySession( nvAuxPolicySessionHandle );
2845 CheckPassed( rval );
2846
2847 // 2. PolicyLocality(3)
2848 *(UINT8 *)((void *)&locality) = 0;
2849 locality.TPM_LOC_THREE = 1;
2850 locality.TPM_LOC_FOUR = 1;
2851 rval = Tss2_Sys_PolicyLocality( sysContext, *nvAuxPolicySessionHandle, 0, locality, 0 );
2852
2853 return( rval );
2854}
2855
2856void ProvisionNvAux()
2857{
2858 UINT32 rval;
2859 TPMI_SH_AUTH_SESSION nvAuxPolicyAuthHandle;
2860 TPM2B_DIGEST nvPolicyHash;
2861 TPM2B_AUTH nvAuth;
2862 TPMS_AUTH_COMMAND nvAuxSessionData;
2863 TPMS_AUTH_RESPONSE nvAuxSessionDataOut;
2864 TSS2_SYS_CMD_AUTHS nvAuxSessionsData;
2865 TSS2_SYS_RSP_AUTHS nvAuxSessionsDataOut;
2866 TPM2B_NV_PUBLIC publicInfo;
2867
2868 TPMS_AUTH_COMMAND *sessionDataArray[1];
2869 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
2870
2871 sessionDataArray[0] = &nvAuxSessionData;
2872 sessionDataOutArray[0] = &nvAuxSessionDataOut;
2873
2874 nvAuxSessionsDataOut.rspAuths = &sessionDataOutArray[0];
2875 nvAuxSessionsData.cmdAuths = &sessionDataArray[0];
2876
2877 nvAuxSessionsDataOut.rspAuthsCount = 1;
2878
2879 TpmClientPrintf( 0, "\nPROVISION NV AUX:\n" );
2880
2881 //
2882 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
2883 // Do this by setting up two policies and ORing them together when creating AuxIndex:
2884 // 1. PolicyLocality(3) && PolicyCommand(NVWrite)
2885 // 2. EmptyAuth policy && PolicyCommand(NVRead)
2886 // Page 126 of Part 1 describes how to do this.
2887 //
2888
2889 // Steps:
2890 rval = InitNvAuxPolicySession( &nvAuxPolicyAuthHandle );
2891 CheckPassed( rval );
2892
2893 // 3. GetPolicyDigest and save it
2894 rval = Tss2_Sys_PolicyGetDigest( sysContext, nvAuxPolicyAuthHandle, 0, &nvPolicyHash, 0 );
2895 CheckPassed( rval );
2896
2897 // Now save the policy digest.
2898 DEBUG_PRINT_BUFFER( &( nvPolicyHash.t.buffer[0] ), nvPolicyHash.t.size );
2899
2900 // 4. CreateNvIndex
2901 nvAuxSessionData.sessionHandle = TPM_RS_PW;
2902
2903 // Init nonce.
2904 nvAuxSessionData.nonce.t.size = 0;
2905
2906 // init hmac
2907 nvAuxSessionData.hmac.t.size = 0;
2908
2909 // init nvAuth
2910 nvAuth.t.size = 0;
2911
2912 // Init session attributes
2913 *( (UINT8 *)((void *)&nvAuxSessionData.sessionAttributes ) ) = 0;
2914
2915 nvAuxSessionsData.cmdAuthsCount = 1;
2916 nvAuxSessionsData.cmdAuths[0] = &nvAuxSessionData;
2917
2918 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
2919 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
2920 sizeof( UINT16 );
2921 publicInfo.t.nvPublic.nvIndex = INDEX_AUX;
2922 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
2923
2924 // First zero out attributes.
2925 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
2926
2927 // Now set the attributes.
2928 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
2929 publicInfo.t.nvPublic.attributes.TPMA_NV_POLICYWRITE = 1;
2930 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
2931 // Following commented out for convenience during development.
2932 // publicInfo.t.nvPublic.attributes.TPMA_NV_POLICY_DELETE = 1;
2933
2934 publicInfo.t.nvPublic.authPolicy.t.size = GetDigestSize( TPM_ALG_SHA1 );
2935 memcpy( (UINT8 *)&( publicInfo.t.nvPublic.authPolicy.t.buffer ), (UINT8 *)&(nvPolicyHash.t.buffer[0]),
2936 nvPolicyHash.t.size );
2937
2938 publicInfo.t.nvPublic.dataSize = NV_AUX_INDEX_SIZE;
2939
2940 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM, &nvAuxSessionsData,
2941 &nvAuth, &publicInfo, &nvAuxSessionsDataOut );
2942 CheckPassed( rval );
2943
2944 // Now teardown session
2945 rval = Tss2_Sys_FlushContext( sysContext, nvAuxPolicyAuthHandle );
2946 CheckPassed( rval );
2947}
2948
2949void TpmAuxWrite( int locality)
2950{
2951 TSS2_RC rval;
2952 int i;
2953 TPMI_SH_AUTH_SESSION nvAuxPolicyAuthHandle;
2954 TPM2B_MAX_NV_BUFFER nvWriteData;
2955
2956 rval = InitNvAuxPolicySession( &nvAuxPolicyAuthHandle );
2957 CheckPassed( rval );
2958
2959 // Now we're going to test it.
2960 nvWriteData.t.size = 4;
2961 for( i = 0; i < nvWriteData.t.size; i++ )
2962 nvWriteData.t.buffer[i] = 0xff - i;
2963
2964 nullSessionData.sessionHandle = nvAuxPolicyAuthHandle;
2965
2966 // Make sure that session terminates after NVWrite completes.
2967 nullSessionData.sessionAttributes.continueSession = 0;
2968
2969 rval = SetLocality( sysContext, locality );
2970 CheckPassed( rval );
2971
2972 nullSessionsData.cmdAuthsCount = 1;
2973 nullSessionsData.cmdAuths[0] = &nullSessionData;
2974
2975 rval = Tss2_Sys_NV_Write( sysContext, INDEX_AUX, INDEX_AUX, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
2976
2977 {
2978 TSS2_RC setLocalityRval;
2979 setLocalityRval = SetLocality( sysContext, 3 );
2980 CheckPassed( setLocalityRval );
2981 }
2982
2983 if( locality == 3 || locality == 4 )
2984 {
2985 CheckPassed( rval );
2986
2987 // No teardown of session needed, since the authorization was
2988 // successful.
2989 }
2990 else
2991 {
2992 CheckFailed( rval, TPM_RC_LOCALITY );
2993
2994 // Now teardown session
2995 rval = Tss2_Sys_FlushContext( sysContext, nvAuxPolicyAuthHandle );
2996 CheckPassed( rval );
2997 }
2998}
2999
3000void TpmAuxReadWriteTest()
3001{
3002 UINT32 rval;
3003 int testLocality;
3004 TPM2B_MAX_NV_BUFFER nvData;
3005
3006 TpmClientPrintf( 0, "TPM AUX READ/WRITE TEST\n" );
3007
3008 nullSessionData.sessionAttributes.continueSession = 0;
3009
3010 // Try writing it from all localities. Only locality 3 should work.
3011 for( testLocality = 0; testLocality < 5; testLocality++ )
3012 {
3013 TpmAuxWrite( testLocality );
3014 }
3015
3016 nullSessionData.sessionHandle = TPM_RS_PW;
3017
3018 nullSessionsData.cmdAuths[0] = &nullSessionData;
3019
3020 // Try reading it from all localities. They all should work.
3021 for( testLocality = 0; testLocality < 5; testLocality++ )
3022 {
3023 rval = SetLocality( sysContext, testLocality );
3024 CheckPassed( rval );
3025
3026 rval = Tss2_Sys_NV_Read( sysContext, INDEX_AUX, INDEX_AUX, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3027 CheckPassed( rval );
3028
3029 rval = SetLocality( sysContext, 3 );
3030 CheckPassed( rval );
3031 }
3032}
3033
3034void TpmOtherIndicesReadWriteTest()
3035{
3036 UINT32 rval;
3037 TPM2B_MAX_NV_BUFFER nvWriteData;
3038 int i;
3039 TPM2B_MAX_NV_BUFFER nvData;
3040
3041 nullSessionData.sessionHandle = TPM_RS_PW;
3042
3043 TpmClientPrintf( 0, "TPM OTHER READ/WRITE TEST\n" );
3044
3045 nvWriteData.t.size = 4;
3046 for( i = 0; i < nvWriteData.t.size; i++ )
3047 nvWriteData.t.buffer[i] = 0xff - i;
3048
3049 nullSessionsData.cmdAuthsCount = 1;
3050 nullSessionsData.cmdAuths[0] = &nullSessionData;
3051
3052 rval = Tss2_Sys_NV_Write( sysContext, INDEX_LCP_SUP, INDEX_LCP_SUP, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
3053 CheckPassed( rval );
3054
3055 rval = Tss2_Sys_NV_Write( sysContext, INDEX_LCP_OWN, INDEX_LCP_OWN, &nullSessionsData, &nvWriteData, 0, &nullSessionsDataOut );
3056 CheckPassed( rval );
3057
3058 rval = Tss2_Sys_NV_Read( sysContext, INDEX_LCP_SUP, INDEX_LCP_SUP, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3059 CheckPassed( rval );
3060
3061 rval = Tss2_Sys_NV_Read( sysContext, INDEX_LCP_OWN, INDEX_LCP_OWN, &nullSessionsData, 4, 0, &nvData, &nullSessionsDataOut );
3062 CheckPassed( rval );
3063}
3064
3065void NvIndexProto()
3066{
3067 UINT32 rval;
3068
3069 TpmClientPrintf( 0, "\nNV INDEX PROTOTYPE TESTS:\n" );
3070
3071
3072 // AUX index: Write is controlled by TPM2_PolicyLocality; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
3073 // PS index: Write and read are unrestricted until TPM2_WriteLock. After that content is write protected
3074 // PO index: Write is restricted by ownerAuth; Read is controlled by authValue and is unrestricted since authValue is set to emptyBuffer
3075
3076 // Now we need to configure NV indices
3077 ProvisionNvAux();
3078
3079 ProvisionOtherIndices();
3080
3081 TpmAuxReadWriteTest();
3082
3083 TpmOtherIndicesReadWriteTest();
3084
3085 // Now undefine the aux index, so that subsequent test passes will work.
3086 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_AUX, &nullSessionsData, &nullSessionsDataOut );
3087 CheckPassed( rval );
3088
3089 // Now undefine the other indices, so that subsequent test passes will work.
3090 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_LCP_SUP, &nullSessionsData, &nullSessionsDataOut );
3091 CheckPassed( rval );
3092
3093 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, INDEX_LCP_OWN, &nullSessionsData, &nullSessionsDataOut );
3094 CheckPassed( rval );
3095}
3096
3097void TestPcrAllocate()
3098{
3099 UINT32 rval;
3100 TPML_PCR_SELECTION pcrSelection;
3101 TPMS_AUTH_COMMAND sessionData;
3102 TPMS_AUTH_RESPONSE sessionDataOut;
3103 TSS2_SYS_CMD_AUTHS sessionsData;
3104 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3105 TPMI_YES_NO allocationSuccess;
3106 UINT32 maxPcr;
3107 UINT32 sizeNeeded;
3108 UINT32 sizeAvailable;
3109
3110 TPMS_AUTH_COMMAND *sessionDataArray[1];
3111 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3112
3113 sessionDataArray[0] = &sessionData;
3114 sessionDataOutArray[0] = &sessionDataOut;
3115
3116 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3117 sessionsData.cmdAuths = &sessionDataArray[0];
3118
3119 sessionsDataOut.rspAuthsCount = 1;
3120
3121 TpmClientPrintf( 0, "\nPCR ALLOCATE TEST :\n" );
3122
3123 // Init authHandle
3124 sessionData.sessionHandle = TPM_RS_PW;
3125
3126 // Init nonce.
3127 sessionData.nonce.t.size = 0;
3128
3129 // init hmac
3130 sessionData.hmac.t.size = 0;
3131
3132 // Init session attributes
3133 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3134
3135 pcrSelection.count = 0;
3136
3137 sessionsData.cmdAuthsCount = 1;
3138 sessionsData.cmdAuths[0] = &sessionData;
3139
3140 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM_RH_PLATFORM, &sessionsData, &pcrSelection,
3141 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
3142 CheckPassed( rval );
3143
3144 pcrSelection.count = 3;
3145 pcrSelection.pcrSelections[0].hash = TPM_ALG_SHA256;
3146 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[0] );
3147 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[0], 3 );
3148 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_5 );
3149 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[0], PCR_7 );
3150 pcrSelection.pcrSelections[1].hash = TPM_ALG_SHA384;
3151 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[1] );
3152 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[1], 3 );
3153 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_5 );
3154 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[1], PCR_8 );
3155 pcrSelection.pcrSelections[2].hash = TPM_ALG_SHA256;
3156 CLEAR_PCR_SELECT_BITS( pcrSelection.pcrSelections[2] );
3157 SET_PCR_SELECT_SIZE( pcrSelection.pcrSelections[2], 3 );
3158 SET_PCR_SELECT_BIT( pcrSelection.pcrSelections[2], PCR_6 );
3159
3160 rval = Tss2_Sys_PCR_Allocate( sysContext, TPM_RH_PLATFORM, &sessionsData, &pcrSelection,
3161 &allocationSuccess, &maxPcr, &sizeNeeded, &sizeAvailable, &sessionsDataOut);
3162 CheckPassed( rval );
3163}
3164
3165void TestUnseal()
3166{
3167 UINT32 rval;
3168 TPMS_AUTH_COMMAND sessionData;
3169 TPMS_AUTH_RESPONSE sessionDataOut;
3170 TSS2_SYS_CMD_AUTHS sessionsData;
3171 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3172 TPM2B_SENSITIVE_CREATE inSensitive;
3173 TPML_PCR_SELECTION creationPCR;
3174 TPM2B_DATA outsideInfo;
3175 TPM2B_PUBLIC inPublic;
3176 TPM_HANDLE loadedObjectHandle;
3177
3178 TPMS_AUTH_COMMAND *sessionDataArray[1];
3179 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3180
3181 sessionDataArray[0] = &sessionData;
3182 sessionDataOutArray[0] = &sessionDataOut;
3183
3184 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3185 sessionsData.cmdAuths = &sessionDataArray[0];
3186
3187 sessionsDataOut.rspAuthsCount = 1;
3188
3189 TPM2B_PRIVATE outPrivate;
3190 TPM2B_PUBLIC outPublic;
3191 TPM2B_CREATION_DATA creationData;
3192 TPM2B_DIGEST creationHash;
3193 TPMT_TK_CREATION creationTicket;
3194 TPM2B_NAME name;
3195 TPM2B_SENSITIVE_DATA outData;
3196
3197
3198 const char authStr[] = "test";
3199 const char sensitiveData[] = "this is sensitive";
3200
3201 TpmClientPrintf( 0, "\nUNSEAL TEST :\n" );
3202
3203 sessionData.sessionHandle = TPM_RS_PW;
3204
3205 // Init nonce.
3206 sessionData.nonce.t.size = 0;
3207
3208 sessionData.hmac.t.size = 2;
3209 sessionData.hmac.t.buffer[0] = 0x00;
3210 sessionData.hmac.t.buffer[1] = 0xff;
3211
3212 // Init session attributes
3213 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3214
3215 inSensitive.t.sensitive.userAuth.t.size = sizeof( authStr ) - 1;
3216 memcpy( &( inSensitive.t.sensitive.userAuth.t.buffer[0] ), authStr, sizeof( authStr ) - 1 );
3217 inSensitive.t.sensitive.data.t.size = sizeof( sensitiveData ) - 1;
3218 memcpy( &( inSensitive.t.sensitive.data.t.buffer[0] ), sensitiveData, sizeof( sensitiveData ) - 1 );
3219
3220 inPublic.t.publicArea.authPolicy.t.size = 0;
3221
3222 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
3223
3224 outsideInfo.t.size = 0;
3225 creationPCR.count = 0;
3226
3227 inPublic.t.publicArea.type = TPM_ALG_KEYEDHASH;
3228 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
3229
3230 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
3231 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
3232
3233 inPublic.t.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
3234
3235 inPublic.t.publicArea.unique.keyedHash.t.size = 0;
3236
3237 outsideInfo.t.size = 0;
3238
3239 sessionsData.cmdAuthsCount = 1;
3240 sessionsData.cmdAuths[0] = &sessionData;
3241
3242 outPublic.t.size = 0;
3243 creationData.t.size = 0;
3244 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
3245 &outsideInfo, &creationPCR,
3246 &outPrivate, &outPublic, &creationData,
3247 &creationHash, &creationTicket, &sessionsDataOut );
3248 CheckPassed( rval );
3249
3250 rval = Tss2_Sys_LoadExternal ( sysContext, 0, 0, &outPublic,
3251 TPM_RH_PLATFORM, &loadedObjectHandle, &name, 0 );
3252 CheckPassed( rval );
3253
3254 rval = Tss2_Sys_FlushContext( sysContext, loadedObjectHandle );
3255 CheckPassed( rval );
3256
3257 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, &sessionsData, &outPrivate, &outPublic,
3258 &loadedObjectHandle, &name, &sessionsDataOut);
3259 CheckPassed( rval );
3260
3261 sessionData.hmac.t.size = sizeof( authStr ) - 1;
3262 memcpy( &( sessionData.hmac.t.buffer[0] ), authStr, sizeof( authStr ) - 1 );
3263
3264 rval = Tss2_Sys_Unseal( sysContext, loadedObjectHandle, &sessionsData, &outData, &sessionsDataOut );
3265
3266 rval = Tss2_Sys_FlushContext( sysContext, loadedObjectHandle );
3267 CheckPassed( rval );
3268
3269 CheckPassed( rval );
3270}
3271
3272
3273void CreatePasswordTestNV( TPMI_RH_NV_INDEX nvIndex, char * password )
3274{
3275 UINT32 rval;
3276 int i;
3277 TPMS_AUTH_COMMAND sessionData;
3278 TPMS_AUTH_RESPONSE sessionDataOut;
3279 TSS2_SYS_CMD_AUTHS sessionsData;
3280 TSS2_SYS_RSP_AUTHS sessionsDataOut;
3281 TPM2B_NV_PUBLIC publicInfo;
3282 TPM2B_AUTH nvAuth;
3283
3284 TPMS_AUTH_COMMAND *sessionDataArray[1];
3285 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
3286
3287 sessionDataArray[0] = &sessionData;
3288 sessionDataOutArray[0] = &sessionDataOut;
3289
3290 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
3291 sessionsData.cmdAuths = &sessionDataArray[0];
3292
3293 sessionData.sessionHandle = TPM_RS_PW;
3294
3295 // Init nonce.
3296 sessionData.nonce.t.size = 0;
3297
3298 // init hmac
3299 sessionData.hmac.t.size = 0;
3300
3301 // Init session attributes
3302 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
3303
3304 sessionsDataOut.rspAuthsCount = 1;
3305
3306 sessionsData.cmdAuthsCount = 1;
3307 sessionsData.cmdAuths[0] = &sessionData;
3308
3309 nvAuth.t.size = strlen( password );
3310 for( i = 0; i < nvAuth.t.size; i++ )
3311 nvAuth.t.buffer[i] = password[i];
3312
3313 publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
3314 sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
3315 sizeof( UINT16 );
3316 publicInfo.t.nvPublic.nvIndex = nvIndex;
3317 publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA1;
3318
3319 // First zero out attributes.
3320 *(UINT32 *)&( publicInfo.t.nvPublic.attributes ) = 0;
3321
3322 // Now set the attributes.
3323 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHREAD = 1;
3324 publicInfo.t.nvPublic.attributes.TPMA_NV_AUTHWRITE = 1;
3325 publicInfo.t.nvPublic.attributes.TPMA_NV_PLATFORMCREATE = 1;
3326 publicInfo.t.nvPublic.attributes.TPMA_NV_ORDERLY = 1;
3327 publicInfo.t.nvPublic.authPolicy.t.size = 0;
3328 publicInfo.t.nvPublic.dataSize = 32;
3329
3330 rval = Tss2_Sys_NV_DefineSpace( sysContext, TPM_RH_PLATFORM,
3331 &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
3332 CheckPassed( rval );
3333}
3334
3335// Password used to authorize access to the NV index.
3336char password[] = "test password";
3337
3338void PasswordTest()
3339{
3340 UINT32 rval;
3341 int i;
3342
3343 // Authorization structure for command.
3344 TPMS_AUTH_COMMAND sessionData;
3345
3346 // Authorization structure for response.
3347 TPMS_AUTH_RESPONSE sessionDataOut;
3348
3349 // Create and init authorization area for command:
3350 // only 1 authorization area.
3351 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
3352
3353 // Create authorization area for response:
3354 // only 1 authorization area.
3355 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
3356
3357 // Authorization array for command (only has one auth structure).
3358 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
3359
3360 // Authorization array for response (only has one auth structure).
3361 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
3362 TPM2B_MAX_NV_BUFFER nvWriteData;
3363
3364 TpmClientPrintf( 0, "\nPASSWORD TESTS:\n" );
3365
3366 // Create an NV index that will use password
3367 // authorizations the password will be
3368 // "test password".
3369 CreatePasswordTestNV( TPM20_INDEX_PASSWORD_TEST, password );
3370
3371 //
3372 // Initialize the command authorization area.
3373 //
3374
3375 // Init sessionHandle, nonce, session
3376 // attributes, and hmac (password).
3377 sessionData.sessionHandle = TPM_RS_PW;
3378 // Set zero sized nonce.
3379 sessionData.nonce.t.size = 0;
3380 // sessionAttributes is a bit field. To initialize
3381 // it to 0, cast to a pointer to UINT8 and
3382 // write 0 to that pointer.
3383 *( (UINT8 *)&sessionData.sessionAttributes ) = 0;
3384
3385 // Init password (HMAC field in authorization structure).
3386 sessionData.hmac.t.size = strlen( password );
3387 memcpy( &( sessionData.hmac.t.buffer[0] ),
3388 &( password[0] ), sessionData.hmac.t.size );
3389
3390 // Initialize write data.
3391 nvWriteData.t.size = 4;
3392 for( i = 0; i < nvWriteData.t.size; i++ )
3393 nvWriteData.t.buffer[i] = 0xff - i;
3394
3395 // Attempt write with the correct password.
3396 // It should pass.
3397 rval = Tss2_Sys_NV_Write( sysContext,
3398 TPM20_INDEX_PASSWORD_TEST,
3399 TPM20_INDEX_PASSWORD_TEST,
3400 &sessionsData, &nvWriteData, 0,
3401 &sessionsDataOut );
3402 // Check that the function passed as
3403 // expected. Otherwise, exit.
3404 CheckPassed( rval );
3405
3406 // Alter the password so it's incorrect.
3407 sessionData.hmac.t.buffer[4] = 0xff;
3408 rval = Tss2_Sys_NV_Write( sysContext,
3409 TPM20_INDEX_PASSWORD_TEST,
3410 TPM20_INDEX_PASSWORD_TEST,
3411 &sessionsData, &nvWriteData, 0,
3412 &sessionsDataOut );
3413 // Check that the function failed as expected,
3414 // since password was incorrect. If wrong
3415 // response code received, exit.
3416 CheckFailed( rval,
3417 TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
3418
3419 // Change hmac to null one, since null auth is
3420 // used to undefine the index.
3421 sessionData.hmac.t.size = 0;
3422
3423 // Now undefine the index.
3424 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM,
3425 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
3426 CheckPassed( rval );
3427}
3428
3429
3430void SimplePolicyTest()
3431{
3432 UINT32 rval, sessionCmdRval;
3433 TPM2B_AUTH nvAuth;
3434 SESSION *nvSession, *trialPolicySession;
3435 TPMA_NV nvAttributes;
3436 TPM2B_DIGEST authPolicy;
3437 TPM2B_NAME nvName;
3438 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
3439 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
3440 int i;
3441 TPM2B_ENCRYPTED_SECRET encryptedSalt;
3442 TPMT_SYM_DEF symmetric;
3443 TPMA_SESSION sessionAttributes;
3444
3445 // Command authorization area: one password session.
3446 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
3447 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
3448 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
3449
3450 // Response authorization area.
3451 TPMS_AUTH_RESPONSE nvRspAuth;
3452 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
3453 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
3454 TPM_ALG_ID sessionAlg = TPM_ALG_SHA256;
3455 TPM2B_NONCE nonceCaller;
3456
3457 nonceCaller.t.size = 0;
3458
3459 TpmClientPrintf( 0, "\nSIMPLE POLICY TEST:\n" );
3460
3461 //
3462 // Create NV index.
3463 //
3464
3465 // Setup the NV index's authorization value.
3466 nvAuth.t.size = 0;
3467
3468 // Zero sized encrypted salt, since the session
3469 // is unsalted.
3470 encryptedSalt.t.size = 0;
3471
3472 // No symmetric algorithm.
3473 symmetric.algorithm = TPM_ALG_NULL;
3474
3475 //
3476 // Create the NV index's authorization policy
3477 // using a trial policy session.
3478 //
3479 rval = StartAuthSessionWithParams( &trialPolicySession, TPM_RH_NULL,
3480 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_TRIAL,
3481 &symmetric, sessionAlg );
3482 CheckPassed( rval );
3483
3484 rval = Tss2_Sys_PolicyAuthValue( sysContext, trialPolicySession->sessionHandle, 0, 0 );
3485 CheckPassed( rval );
3486
3487 // Get policy digest.
3488 rval = Tss2_Sys_PolicyGetDigest( sysContext, trialPolicySession->sessionHandle,
3489 0, &authPolicy, 0 );
3490 CheckPassed( rval );
3491
3492 // End the trial session by flushing it.
3493 rval = Tss2_Sys_FlushContext( sysContext, trialPolicySession->sessionHandle );
3494 CheckPassed( rval );
3495
3496 // And remove the trial policy session from sessions table.
3497 rval = EndAuthSession( trialPolicySession );
3498 CheckPassed( rval );
3499
3500 // Now set the NV index's attributes:
3501 // policyRead, authWrite, and platormCreate.
3502 *(UINT32 *)( (void *)&nvAttributes ) = 0;
3503 nvAttributes.TPMA_NV_POLICYREAD = 1;
3504 nvAttributes.TPMA_NV_POLICYWRITE = 1;
3505 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
3506
3507 // Create the NV index.
3508 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
3509 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
3510 sessionAlg, nvAttributes, 32 );
3511 CheckPassed( rval );
3512
3513 // Add index and associated authorization value to
3514 // entity table. This helps when we need
3515 // to calculate HMACs.
3516 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
3517 CheckPassed( rval );
3518
3519 // Get the name of the NV index.
3520 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST,
3521 &nvName );
3522 CheckPassed( rval );
3523
3524 //
3525 // Start real (non-trial) policy authorization session:
3526 // it's an unbound and unsalted session, no symmetric
3527 // encryption algorithm, and SHA256 is the session's
3528 // hash algorithm.
3529 //
3530
3531 // Zero sized encrypted salt, since the session
3532 // is unsalted.
3533 encryptedSalt.t.size = 0;
3534
3535 // No symmetric algorithm.
3536 symmetric.algorithm = TPM_ALG_NULL;
3537
3538 // Create the session.
3539 // Session state (session handle, nonces, etc.) gets
3540 // saved into nvSession structure for later use.
3541 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
3542 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY,
3543 &symmetric, sessionAlg );
3544 CheckPassed( rval );
3545
3546 // Get the name of the session and save it in
3547 // the nvSession structure.
3548 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
3549 &nvSession->name );
3550 CheckPassed( rval );
3551
3552 // Initialize NV write data.
3553 nvWriteData.t.size = sizeof( dataToWrite );
3554 for( i = 0; i < nvWriteData.t.size; i++ )
3555 {
3556 nvWriteData.t.buffer[i] = dataToWrite[i];
3557 }
3558
3559 //
3560 // Now setup for writing the NV index.
3561 //
3562
3563 rval = Tss2_Sys_PolicyAuthValue( sysContext, nvSession->sessionHandle, 0, 0 );
3564 CheckPassed( rval );
3565
3566 // Get policy digest.
3567 rval = Tss2_Sys_PolicyGetDigest( sysContext, trialPolicySession->sessionHandle,
3568 0, &authPolicy, 0 );
3569 CheckPassed( rval );
3570
3571 // First call prepare in order to create cpBuffer.
3572 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3573 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
3574 CheckPassed( rval );
3575
3576 // Configure command authorization area, except for HMAC.
3577 nvCmdAuths.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
3578 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
3579 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
3580 *( (UINT8 *)((void *)&sessionAttributes ) ) = 0;
3581 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
3582 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
3583
3584 // Roll nonces for command
3585 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3586
3587 // Complete command authorization area, by computing
3588 // HMAC and setting it in nvCmdAuths.
3589 rval = ComputeCommandHmacs( sysContext,
3590 TPM20_INDEX_PASSWORD_TEST,
3591 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3592 TPM_RC_FAILURE );
3593 CheckPassed( rval );
3594
3595 // Finally!! Write the data to the NV index.
3596 // If the command is successful, the command
3597 // HMAC was correct.
3598 sessionCmdRval = Tss2_Sys_NV_Write( sysContext,
3599 TPM20_INDEX_PASSWORD_TEST,
3600 TPM20_INDEX_PASSWORD_TEST,
3601 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
3602 CheckPassed( sessionCmdRval );
3603
3604 // Roll nonces for response
3605 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3606
3607 if( sessionCmdRval == TPM_RC_SUCCESS )
3608 {
3609 // If the command was successful, check the
3610 // response HMAC to make sure that the
3611 // response was received correctly.
3612 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3613 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3614 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3615 CheckPassed( rval );
3616 }
3617
3618 rval = Tss2_Sys_PolicyAuthValue( sysContext, nvSession->sessionHandle, 0, 0 );
3619 CheckPassed( rval );
3620
3621 // First call prepare in order to create cpBuffer.
3622 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3623 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
3624 CheckPassed( rval );
3625
3626 // Roll nonces for command
3627 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3628
3629 // End the session after next command.
3630 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
3631
3632 // Complete command authorization area, by computing
3633 // HMAC and setting it in nvCmdAuths.
3634 rval = ComputeCommandHmacs( sysContext,
3635 TPM20_INDEX_PASSWORD_TEST,
3636 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3637 TPM_RC_FAILURE );
3638 CheckPassed( rval );
3639
3640 // And now read the data back.
3641 // If the command is successful, the command
3642 // HMAC was correct.
3643 sessionCmdRval = Tss2_Sys_NV_Read( sysContext,
3644 TPM20_INDEX_PASSWORD_TEST,
3645 TPM20_INDEX_PASSWORD_TEST,
3646 &nvCmdAuths, sizeof( dataToWrite ), 0,
3647 &nvReadData, &nvRspAuths );
3648 CheckPassed( sessionCmdRval );
3649
3650 // Roll nonces for response
3651 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3652
3653 if( sessionCmdRval == TPM_RC_SUCCESS )
3654 {
3655 // If the command was successful, check the
3656 // response HMAC to make sure that the
3657 // response was received correctly.
3658 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3659 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3660 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3661 CheckPassed( rval );
3662 }
3663
3664 // Check that write and read data are equal.
3665 if( memcmp( (void *)&nvReadData.t.buffer[0],
3666 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
3667 {
3668 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
3669 Cleanup();
3670 }
3671
3672 //
3673 // Now cleanup: undefine the NV index and delete
3674 // the NV index's entity table entry.
3675 //
3676
3677 // Setup authorization for undefining the NV index.
3678 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
3679 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
3680 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
3681
3682 // Undefine the NV index.
3683 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
3684 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
3685 &nvCmdAuths, 0 );
3686 CheckPassed( rval );
3687
3688 // Delete the NV index's entry in the entity table.
3689 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
3690 CheckPassed( rval );
3691}
3692
3693void SimpleHmacTest()
3694{
3695 UINT32 rval, sessionCmdRval;
3696 TPM2B_AUTH nvAuth;
3697 SESSION *nvSession;
3698 TPMA_NV nvAttributes;
3699 TPM2B_DIGEST authPolicy;
3700 TPM2B_NAME nvName;
3701 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
3702 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
3703 char sharedSecret[] = "shared secret";
3704 int i;
3705 TPM2B_ENCRYPTED_SECRET encryptedSalt;
3706 TPMT_SYM_DEF symmetric;
3707 TPMA_SESSION sessionAttributes;
3708
3709 // Command authorization area: one password session.
3710 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
3711 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
3712 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
3713
3714 // Response authorization area.
3715 TPMS_AUTH_RESPONSE nvRspAuth;
3716 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
3717 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
3718 TPM2B_NONCE nonceCaller;
3719
3720 nonceCaller.t.size = 0;
3721
3722 TpmClientPrintf( 0, "\nSIMPLE HMAC SESSION TEST:\n" );
3723
3724 //
3725 // Create NV index.
3726 //
3727
3728 // Setup the NV index's authorization value.
3729 nvAuth.t.size = strlen( sharedSecret );
3730 for( i = 0; i < nvAuth.t.size; i++ )
3731 nvAuth.t.buffer[i] = sharedSecret[i];
3732
3733 // Set NV index's authorization policy
3734 // to zero sized policy since we won't be
3735 // using policy to authorize.
3736 authPolicy.t.size = 0;
3737
3738 // Now set the NV index's attributes:
3739 // policyRead, authWrite, and platormCreate.
3740 *(UINT32 *)( (void *)&nvAttributes ) = 0;
3741 nvAttributes.TPMA_NV_AUTHREAD = 1;
3742 nvAttributes.TPMA_NV_AUTHWRITE = 1;
3743 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
3744
3745 // Create the NV index.
3746 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
3747 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
3748 TPM_ALG_SHA256, nvAttributes, 32 );
3749 CheckPassed( rval );
3750
3751 // Add index and associated authorization value to
3752 // entity table. This helps when we need
3753 // to calculate HMACs.
3754 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
3755 CheckPassed( rval );
3756
3757 // Get the name of the NV index.
3758 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST,
3759 &nvName );
3760 CheckPassed( rval );
3761
3762 //
3763 // Start HMAC authorization session: it's an
3764 // unbound and unsalted session, no symmetric
3765 // encryption algorithm, and SHA256 is the session's
3766 // hash algorithm.
3767 //
3768
3769 // Zero sized encrypted salt, since the session
3770 // is unsalted.
3771 encryptedSalt.t.size = 0;
3772
3773 // No symmetric algorithm.
3774 symmetric.algorithm = TPM_ALG_NULL;
3775
3776 // Create the session.
3777 // Session state (session handle, nonces, etc.) gets
3778 // saved into nvSession structure for later use.
3779 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
3780 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
3781 &symmetric, TPM_ALG_SHA256 );
3782 CheckPassed( rval );
3783
3784 // Get the name of the session and save it in
3785 // the nvSession structure.
3786 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
3787 &nvSession->name );
3788 CheckPassed( rval );
3789
3790 // Initialize NV write data.
3791 nvWriteData.t.size = sizeof( dataToWrite );
3792 for( i = 0; i < nvWriteData.t.size; i++ )
3793 {
3794 nvWriteData.t.buffer[i] = dataToWrite[i];
3795 }
3796
3797 //
3798 // Now setup for writing the NV index.
3799 //
3800
3801 // First call prepare in order to create cpBuffer.
3802 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3803 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
3804 CheckPassed( rval );
3805
3806 // Configure command authorization area, except for HMAC.
3807 nvCmdAuths.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
3808 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
3809 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
3810 *( (UINT8 *)(&sessionAttributes ) ) = 0;
3811 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
3812 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
3813
3814 // Roll nonces for command
3815 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3816
3817 // Complete command authorization area, by computing
3818 // HMAC and setting it in nvCmdAuths.
3819 rval = ComputeCommandHmacs( sysContext,
3820 TPM20_INDEX_PASSWORD_TEST,
3821 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3822 TPM_RC_FAILURE );
3823 CheckPassed( rval );
3824
3825 // Finally!! Write the data to the NV index.
3826 // If the command is successful, the command
3827 // HMAC was correct.
3828 sessionCmdRval = Tss2_Sys_NV_Write( sysContext,
3829 TPM20_INDEX_PASSWORD_TEST,
3830 TPM20_INDEX_PASSWORD_TEST,
3831 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
3832 CheckPassed( sessionCmdRval );
3833
3834 // Roll nonces for response
3835 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3836
3837 if( sessionCmdRval == TPM_RC_SUCCESS )
3838 {
3839 // If the command was successful, check the
3840 // response HMAC to make sure that the
3841 // response was received correctly.
3842 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3843 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3844 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3845 CheckPassed( rval );
3846 }
3847
3848 // First call prepare in order to create cpBuffer.
3849 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
3850 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
3851 CheckPassed( rval );
3852
3853 // Roll nonces for command
3854 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
3855
3856 // End the session after next command.
3857 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
3858
3859 // Complete command authorization area, by computing
3860 // HMAC and setting it in nvCmdAuths.
3861 rval = ComputeCommandHmacs( sysContext,
3862 TPM20_INDEX_PASSWORD_TEST,
3863 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
3864 TPM_RC_FAILURE );
3865 CheckPassed( rval );
3866
3867 // And now read the data back.
3868 // If the command is successful, the command
3869 // HMAC was correct.
3870 sessionCmdRval = Tss2_Sys_NV_Read( sysContext,
3871 TPM20_INDEX_PASSWORD_TEST,
3872 TPM20_INDEX_PASSWORD_TEST,
3873 &nvCmdAuths, sizeof( dataToWrite ), 0,
3874 &nvReadData, &nvRspAuths );
3875 CheckPassed( sessionCmdRval );
3876
3877 // Roll nonces for response
3878 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
3879
3880 if( sessionCmdRval == TPM_RC_SUCCESS )
3881 {
3882 // If the command was successful, check the
3883 // response HMAC to make sure that the
3884 // response was received correctly.
3885 rval = CheckResponseHMACs( sysContext, sessionCmdRval,
3886 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
3887 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
3888 CheckPassed( rval );
3889 }
3890
3891 // Check that write and read data are equal.
3892 if( memcmp( (void *)&nvReadData.t.buffer[0],
3893 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
3894 {
3895 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
3896 Cleanup();
3897 }
3898
3899 //
3900 // Now cleanup: undefine the NV index and delete
3901 // the NV index's entity table entry.
3902 //
3903
3904 // Setup authorization for undefining the NV index.
3905 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
3906 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
3907 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
3908
3909 // Undefine the NV index.
3910 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
3911 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
3912 &nvCmdAuths, 0 );
3913 CheckPassed( rval );
3914
3915 // Delete the NV index's entry in the entity table.
3916 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
3917 CheckPassed( rval );
3918
3919 rval = EndAuthSession( nvSession );
3920
3921 CheckPassed( rval );
3922}
3923
3924
3925void SimpleHmacOrPolicyTest( bool hmacTest )
3926{
3927 UINT32 rval, sessionCmdRval;
3928 TPM2B_AUTH nvAuth;
3929 SESSION *nvSession, *trialPolicySession;
3930 TPMA_NV nvAttributes;
3931 TPM2B_DIGEST authPolicy;
3932 TPM2B_NAME nvName;
3933 TPM2B_MAX_NV_BUFFER nvWriteData, nvReadData;
3934 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
3935 char sharedSecret[] = "shared secret";
3936 int i;
3937 TPM2B_ENCRYPTED_SECRET encryptedSalt;
3938 TPMT_SYM_DEF symmetric;
3939 TPMA_SESSION sessionAttributes;
3940 TPM_SE tpmSe;
3941 char *testString;
3942 char testStringHmac[] = "HMAC";
3943 char testStringPolicy[] = "POLICY";
3944
3945 // Command authorization area: one password session.
3946 TPMS_AUTH_COMMAND nvCmdAuth = { TPM_RS_PW, };
3947 TPMS_AUTH_COMMAND *nvCmdAuthArray[1] = { &nvCmdAuth };
3948 TSS2_SYS_CMD_AUTHS nvCmdAuths = { 1, &nvCmdAuthArray[0] };
3949
3950 // Response authorization area.
3951 TPMS_AUTH_RESPONSE nvRspAuth;
3952 TPMS_AUTH_RESPONSE *nvRspAuthArray[1] = { &nvRspAuth };
3953 TSS2_SYS_RSP_AUTHS nvRspAuths = { 1, &nvRspAuthArray[0] };
3954
3955 TSS2_SYS_CONTEXT *simpleTestContext;
3956 TPM2B_NONCE nonceCaller;
3957
3958 nonceCaller.t.size = 0;
3959
3960 if( hmacTest )
3961 testString = testStringHmac;
3962 else
3963 testString = testStringPolicy;
3964
3965 TpmClientPrintf( 0, "\nSIMPLE %s SESSION TEST:\n", testString );
3966
3967 // Create sysContext structure.
3968 simpleTestContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
3969 if( simpleTestContext == 0 )
3970 {
3971 InitSysContextFailure();
3972 }
3973
3974 // Setup the NV index's authorization value.
3975 nvAuth.t.size = strlen( sharedSecret );
3976 for( i = 0; i < nvAuth.t.size; i++ )
3977 nvAuth.t.buffer[i] = sharedSecret[i];
3978
3979 //
3980 // Create NV index.
3981 //
3982 if( hmacTest )
3983 {
3984 // Setup the NV index's authorization value.
3985 nvAuth.t.size = strlen( sharedSecret );
3986 for( i = 0; i < nvAuth.t.size; i++ )
3987 nvAuth.t.buffer[i] = sharedSecret[i];
3988
3989 // Set NV index's authorization policy
3990 // to zero sized policy since we won't be
3991 // using policy to authorize.
3992
3993 authPolicy.t.size = 0;
3994 }
3995 else
3996 {
3997 // Zero sized encrypted salt, since the session
3998 // is unsalted.
3999
4000 encryptedSalt.t.size = 0;
4001
4002 // No symmetric algorithm.
4003 symmetric.algorithm = TPM_ALG_NULL;
4004
4005 //
4006 // Create the NV index's authorization policy
4007 // using a trial policy session.
4008 //
4009 rval = StartAuthSessionWithParams( &trialPolicySession,
4010 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt,
4011 TPM_SE_TRIAL,
4012 &symmetric, TPM_ALG_SHA256 );
4013 CheckPassed( rval );
4014
4015 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4016 trialPolicySession->sessionHandle, 0, 0 );
4017 CheckPassed( rval );
4018
4019 // Get policy digest.
4020 rval = Tss2_Sys_PolicyGetDigest( simpleTestContext,
4021 trialPolicySession->sessionHandle,
4022 0, &authPolicy, 0 );
4023 CheckPassed( rval );
4024
4025 // End the trial session by flushing it.
4026 rval = Tss2_Sys_FlushContext( simpleTestContext,
4027 trialPolicySession->sessionHandle );
4028 CheckPassed( rval );
4029
4030 // And remove the trial policy session from
4031 // sessions table.
4032 rval = EndAuthSession( trialPolicySession );
4033 CheckPassed( rval );
4034 }
4035
4036 // Now set the NV index's attributes:
4037 // policyRead, authWrite, and platormCreate.
4038 *(UINT32 *)( &nvAttributes ) = 0;
4039 if( hmacTest )
4040 {
4041 nvAttributes.TPMA_NV_AUTHREAD = 1;
4042 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4043 }
4044 else
4045 {
4046 nvAttributes.TPMA_NV_POLICYREAD = 1;
4047 nvAttributes.TPMA_NV_POLICYWRITE = 1;
4048 }
4049 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4050
4051 // Create the NV index.
4052 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
4053 &nvAuth, &authPolicy, TPM20_INDEX_PASSWORD_TEST,
4054 TPM_ALG_SHA256, nvAttributes, 32 );
4055 CheckPassed( rval );
4056
4057 // Add index and associated authorization value to
4058 // entity table. This helps when we need
4059 // to calculate HMACs.
4060 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
4061 CheckPassed( rval );
4062
4063 // Get the name of the NV index.
4064 rval = (*HandleToNameFunctionPtr)(
4065 TPM20_INDEX_PASSWORD_TEST,
4066 &nvName );
4067 CheckPassed( rval );
4068
4069
4070 //
4071 // Start HMAC or real (non-trial) policy authorization session:
4072 // it's an unbound and unsalted session, no symmetric
4073 // encryption algorithm, and SHA256 is the session's
4074 // hash algorithm.
4075 //
4076
4077 // Zero sized encrypted salt, since the session
4078 // is unsalted.
4079 encryptedSalt.t.size = 0;
4080
4081 // No symmetric algorithm.
4082 symmetric.algorithm = TPM_ALG_NULL;
4083
4084 // Create the session, hmac or policy depending
4085 // on hmacTest.
4086 // Session state (session handle, nonces, etc.) gets
4087 // saved into nvSession structure for later use.
4088 if( hmacTest )
4089 tpmSe = TPM_SE_HMAC;
4090 else
4091 tpmSe = TPM_SE_POLICY;
4092
4093 rval = StartAuthSessionWithParams( &nvSession, TPM_RH_NULL,
4094 0, TPM_RH_NULL, 0, &nonceCaller, &encryptedSalt, tpmSe,
4095 &symmetric, TPM_ALG_SHA256 );
4096 CheckPassed( rval );
4097
4098 // Get the name of the session and save it in
4099 // the nvSession structure.
4100 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle,
4101 &(nvSession->name) );
4102 CheckPassed( rval );
4103
4104 // Initialize NV write data.
4105 nvWriteData.t.size = sizeof( dataToWrite );
4106 for( i = 0; i < nvWriteData.t.size; i++ )
4107 {
4108 nvWriteData.t.buffer[i] = dataToWrite[i];
4109 }
4110
4111 //
4112 // Now setup for writing the NV index.
4113 //
4114 if( !hmacTest )
4115 {
4116 // Send policy command.
4117 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4118 nvSession->sessionHandle, 0, 0 );
4119 CheckPassed( rval );
4120 }
4121
4122 // First call prepare in order to create cpBuffer.
4123 rval = Tss2_Sys_NV_Write_Prepare( simpleTestContext,
4124 TPM20_INDEX_PASSWORD_TEST,
4125 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4126 CheckPassed( rval );
4127
4128 // Configure command authorization area, except for HMAC.
4129 nvCmdAuths.cmdAuths[0]->sessionHandle =
4130 nvSession->sessionHandle;
4131 nvCmdAuths.cmdAuths[0]->nonce.t.size = 1;
4132 nvCmdAuths.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4133 *( (UINT8 *)(&sessionAttributes ) ) = 0;
4134 nvCmdAuths.cmdAuths[0]->sessionAttributes = sessionAttributes;
4135 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 1;
4136
4137 // Roll nonces for command
4138 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4139
4140 // Complete command authorization area, by computing
4141 // HMAC and setting it in nvCmdAuths.
4142 rval = ComputeCommandHmacs( simpleTestContext,
4143 TPM20_INDEX_PASSWORD_TEST,
4144 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4145 TPM_RC_FAILURE );
4146 CheckPassed( rval );
4147
4148 // Finally!! Write the data to the NV index.
4149 // If the command is successful, the command
4150 // HMAC was correct.
4151 sessionCmdRval = Tss2_Sys_NV_Write( simpleTestContext,
4152 TPM20_INDEX_PASSWORD_TEST,
4153 TPM20_INDEX_PASSWORD_TEST,
4154 &nvCmdAuths, &nvWriteData, 0, &nvRspAuths );
4155 CheckPassed( sessionCmdRval );
4156
4157 // Roll nonces for response
4158 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4159
4160 if( sessionCmdRval == TPM_RC_SUCCESS )
4161 {
4162 // If the command was successful, check the
4163 // response HMAC to make sure that the
4164 // response was received correctly.
4165 rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
4166 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4167 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4168 CheckPassed( rval );
4169 }
4170
4171 if( !hmacTest )
4172 {
4173 // Send policy command.
4174 rval = Tss2_Sys_PolicyAuthValue( simpleTestContext,
4175 nvSession->sessionHandle, 0, 0 );
4176 CheckPassed( rval );
4177 }
4178 // First call prepare in order to create cpBuffer.
4179 rval = Tss2_Sys_NV_Read_Prepare( simpleTestContext,
4180 TPM20_INDEX_PASSWORD_TEST,
4181 TPM20_INDEX_PASSWORD_TEST,
4182 sizeof( dataToWrite ), 0 );
4183 CheckPassed( rval );
4184
4185 // Roll nonces for command
4186 RollNonces( nvSession, &nvCmdAuths.cmdAuths[0]->nonce );
4187
4188 // End the session after next command.
4189 nvCmdAuths.cmdAuths[0]->sessionAttributes.continueSession = 0;
4190
4191 // Complete command authorization area, by computing
4192 // HMAC and setting it in nvCmdAuths.
4193 rval = ComputeCommandHmacs( simpleTestContext,
4194 TPM20_INDEX_PASSWORD_TEST,
4195 TPM20_INDEX_PASSWORD_TEST, &nvCmdAuths,
4196 TPM_RC_FAILURE );
4197 CheckPassed( rval );
4198
4199 // And now read the data back.
4200 // If the command is successful, the command
4201 // HMAC was correct.
4202 sessionCmdRval = Tss2_Sys_NV_Read( simpleTestContext,
4203 TPM20_INDEX_PASSWORD_TEST,
4204 TPM20_INDEX_PASSWORD_TEST,
4205 &nvCmdAuths, sizeof( dataToWrite ), 0,
4206 &nvReadData, &nvRspAuths );
4207 CheckPassed( sessionCmdRval );
4208
4209 // Roll nonces for response
4210 RollNonces( nvSession, &nvRspAuths.rspAuths[0]->nonce );
4211
4212 if( sessionCmdRval == TPM_RC_SUCCESS )
4213 {
4214 // If the command was successful, check the
4215 // response HMAC to make sure that the
4216 // response was received correctly.
4217 rval = CheckResponseHMACs( simpleTestContext, sessionCmdRval,
4218 &nvCmdAuths, TPM20_INDEX_PASSWORD_TEST,
4219 TPM20_INDEX_PASSWORD_TEST, &nvRspAuths );
4220 CheckPassed( rval );
4221 }
4222
4223 // Check that write and read data are equal.
4224 if( memcmp( (void *)&nvReadData.t.buffer[0],
4225 (void *)&nvWriteData.t.buffer[0], nvReadData.t.size ) )
4226 {
4227 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
4228 Cleanup();
4229 }
4230
4231 //
4232 // Now cleanup: undefine the NV index and delete
4233 // the NV index's entity table entry.
4234 //
4235
4236 // Setup authorization for undefining the NV index.
4237 nvCmdAuths.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4238 nvCmdAuths.cmdAuths[0]->nonce.t.size = 0;
4239 nvCmdAuths.cmdAuths[0]->hmac.t.size = 0;
4240
4241 // Undefine the NV index.
4242 rval = Tss2_Sys_NV_UndefineSpace( simpleTestContext,
4243 TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST,
4244 &nvCmdAuths, 0 );
4245 CheckPassed( rval );
4246
4247 // Delete the NV index's entry in the entity table.
4248 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
4249 CheckPassed( rval );
4250
4251 // Remove the real session from sessions table.
4252 rval = EndAuthSession( nvSession );
4253
4254 CheckPassed( rval );
4255
4256 TeardownSysContext( &simpleTestContext );
4257}
4258
4259
4260typedef struct {
4261 TPMI_DH_OBJECT tpmKey;
4262 TPMI_DH_ENTITY bound;
4263 TPM2B_MAX_BUFFER *salt;
4264 char hmacTestDescription[50];
4265} HMAC_TEST_SETUP;
4266
4267TPM2B_MAX_BUFFER nullSalt = { { 0, { 0xa4 } }, };
4268TPM2B_MAX_BUFFER nonNullSalt = { { 2, { 0xa5, 0 } } };
4269
4270HMAC_TEST_SETUP hmacTestSetups[] =
4271{
4272 { TPM_RH_NULL, TPM_RH_NULL, &nullSalt, "UNBOUND/UNSALTED SESSION TEST" },
4273 { TPM_RH_NULL, TPM20_INDEX_PASSWORD_TEST, &nullSalt, "BOUND SESSION TEST" },
4274 { 0, TPM_RH_NULL, &nonNullSalt, "SALTED SESSION TEST" },
4275 { 0, TPM20_INDEX_PASSWORD_TEST, &nonNullSalt, "BOUND/SALTED SESSION TEST" },
4276};
4277
4278#define PLAINTEXT_SESSION 0
4279#define DECRYPT_SESSION 1
4280#define ENCRYPT_SESSION 2
4281
4282//UINT8 decryptEncryptSetups[] = { PLAINTEXT_SESSION, DECRYPT_SESSION, ENCRYPT_SESSION };
4283UINT8 decryptEncryptSetups[] = { PLAINTEXT_SESSION };
4284
4285#define CFB_MODE 0
4286#define XOR_MODE 1
4287
4288void HmacSessionTest()
4289{
4290 UINT32 rval;
4291 unsigned int i, j, k, decryptEncryptMode;
4292 TPM2B_MAX_NV_BUFFER nvWriteData;
4293 UINT8 dataToWrite[] = { 0x00, 0xff, 0x55, 0xaa };
4294 TPM2B_NAME nvName;
4295 TPM_RC sessionCmdRval;
4296
4297 SESSION *nvSession;
4298 TSS2_SYS_CONTEXT *rdSysContext;
4299 TSS2_SYS_CONTEXT *wrSysContext;
4300 TPM2B_AUTH nvAuth;
4301 TPMT_SYM_DEF symmetric;
4302 TPM2B_NONCE nonceOlder;
4303
4304 // Create two sysContext structures.
4305 rdSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
4306 if( rdSysContext == 0 )
4307 {
4308 InitSysContextFailure();
4309 }
4310
4311 wrSysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
4312 if( wrSysContext == 0 )
4313 {
4314 InitSysContextFailure();
4315 }
4316
4317 char sharedSecret[] = "shared secret";
4318
4319 char buffer1contents[] = "test";
4320 char buffer2contents[] = "string";
4321
4322 TPM2B_MAX_BUFFER buffer1;
4323 TPM2B_MAX_BUFFER buffer2;
4324
4325// TPM2B_IV ivIn, ivOut;
4326 TPM2B_MAX_NV_BUFFER nvData;
4327 TPM2B_ENCRYPTED_SECRET encryptedSalt;
4328
4329 encryptedSalt.t.size = 0;
4330// ivIn.t.size = 0;
4331// ivOut.t.size = 0;
4332
4333 buffer1.t.size = strlen( buffer1contents );
4334 memcpy (buffer1.t.buffer, buffer1contents, buffer1.t.size );
4335 buffer2.t.size = strlen( buffer2contents );
4336 memcpy (buffer2.t.buffer, buffer2contents, buffer2.t.size );
4337
4338
4339 for( j = 0; j < sizeof( hmacTestSetups ) / sizeof( HMAC_TEST_SETUP ); j++ )
4340 {
4341 if( hmacTestSetups[j].salt == &nonNullSalt )
4342 {
4343 hmacTestSetups[j].tpmKey = handle2048rsa;
4344 }
4345 }
4346 TpmClientPrintf( 0, "\nHMAC SESSION TESTS:\n" );
4347
4348 for( j = 0; j < sizeof( hmacTestSetups ) / sizeof( HMAC_TEST_SETUP ); j++ )
4349 {
4350 // Iterate through variations of decrypt and encrypt sessions.
4351 for( k = 0; k < sizeof( decryptEncryptSetups ); k++ )
4352 {
4353 for( decryptEncryptMode = CFB_MODE; decryptEncryptMode < XOR_MODE; decryptEncryptMode++ )
4354 {
4355 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
4356 TPMS_AUTH_RESPONSE sessionDataOut;
4357 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
4358 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
4359 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
4360 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
4361
4362 TPMT_RSA_DECRYPT inScheme;
4363 TPM2B_DATA label;
4364 TPM2B_DIGEST authPolicy;
4365 TPMA_NV nvAttributes;
4366
4367 TpmClientPrintf( 0, "\n\n%s:\n", hmacTestSetups[j].hmacTestDescription );
4368
4369 if( hmacTestSetups[j].tpmKey != TPM_RH_NULL )
4370 {
4371 sessionsData.cmdAuths[0]->hmac = loadedSha1KeyAuth;
4372 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4373 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4374 *( (UINT8 *)(&sessionData.sessionAttributes ) ) = 0;
4375
4376 inScheme.scheme = TPM_ALG_OAEP;
4377 inScheme.details.oaep.hashAlg = TPM_ALG_SHA1;
4378 memcpy( &( label.b.buffer ), "SECRET", 1 + strlen( "SECRET" ) );
4379 label.t.size = strlen( "SECRET" ) + 1;
4380
4381 // Encrypt salt with tpmKey.
4382 rval = Tss2_Sys_RSA_Encrypt( sysContext, handle2048rsa,
4383 0, (TPM2B_PUBLIC_KEY_RSA *)( hmacTestSetups[j].salt ),
4384 &inScheme, &label, (TPM2B_PUBLIC_KEY_RSA *)&encryptedSalt, 0 );
4385 CheckPassed( rval );
4386 }
4387
4388 // init hmac
4389 sessionData.hmac.t.size = 0;
4390
4391 // NOW CREATE THE INDEX
4392 authPolicy.t.size = 0;
4393
4394 nvAuth.t.size = strlen( sharedSecret );
4395 for( i = 0; i < nvAuth.t.size; i++ )
4396 nvAuth.t.buffer[i] = sharedSecret[i];
4397
4398 // Now set the attributes.
4399 *(UINT32 *)( &nvAttributes ) = 0;
4400 nvAttributes.TPMA_NV_AUTHREAD = 1;
4401 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4402 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4403
Will-nuc3ebfeb92015-10-29 15:53:27 -0400[diff] [blame]4404 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4405 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4406 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4407 sessionData.hmac.t.size = 0;
4408
4409 // Undefine the index in case a previous test failure left it defined.
4410 rval = Tss2_Sys_NV_UndefineSpace( wrSysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
4411
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]4412 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, &authPolicy,
4413 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA1, nvAttributes, 32 );
4414 CheckPassed( rval );
4415
4416 AddEntity( TPM20_INDEX_PASSWORD_TEST, &nvAuth );
4417 CheckPassed( rval );
4418
4419 // Get the name using TPM function.
4420 rval = (*HandleToNameFunctionPtr)( TPM20_INDEX_PASSWORD_TEST, &nvName );
4421 CheckPassed( rval );
4422
4423 //
4424 // Start session
4425 //
4426 nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
4427 for( i = 0; i < nonceOlder.t.size; i++ )
4428 nonceOlder.t.buffer[i] = 0;
4429
4430 if( decryptEncryptSetups[k] == PLAINTEXT_SESSION )
4431 {
4432 symmetric.algorithm = TPM_ALG_NULL;
4433 }
4434 else if( decryptEncryptSetups[k] == DECRYPT_SESSION || decryptEncryptSetups[k] == ENCRYPT_SESSION )
4435 {
4436 if( decryptEncryptMode == CFB_MODE )
4437 {
4438 symmetric.algorithm = TPM_ALG_AES;
4439 symmetric.keyBits.aes = 128;
4440 symmetric.mode.aes = TPM_ALG_CFB;
4441 }
4442 else if( decryptEncryptMode == XOR_MODE )
4443 {
4444 symmetric.algorithm = TPM_ALG_XOR;
4445 symmetric.keyBits.exclusiveOr = TPM_ALG_SHA256;
4446 }
4447 }
4448
4449 rval = StartAuthSessionWithParams( &nvSession, hmacTestSetups[j].tpmKey,
4450 hmacTestSetups[j].salt, hmacTestSetups[j].bound, &nvAuth, &nonceOlder, &encryptedSalt,
4451 TPM_SE_HMAC, &symmetric, TPM_ALG_SHA1 );
4452 CheckPassed( rval );
4453
4454 // Get and print name of the session.
4455 rval = (*HandleToNameFunctionPtr)( nvSession->sessionHandle, &nvSession->name );
4456 CheckPassed( rval );
4457
4458 OpenOutFile( &outFp );
4459 TpmClientPrintf( 0, "Name of authSession: " );
4460 PrintSizedBuffer( (TPM2B *)&nvSession->name );
4461 CloseOutFile( &outFp );
4462
4463 // Init write data.
4464 nvWriteData.t.size = sizeof( dataToWrite );
4465
4466 for( i = 0; i < nvWriteData.t.size; i++ )
4467 {
4468 nvWriteData.t.buffer[i] = dataToWrite[i];
4469 }
4470
4471 if( decryptEncryptSetups[k] == DECRYPT_SESSION )
4472 {
4473 if( decryptEncryptMode == CFB_MODE )
4474 {
4475// rval = EncryptCFB( &nvSession, &( nvWriteData.b ) );
4476 }
4477 else if( decryptEncryptMode == XOR_MODE )
4478 {
4479// rval = EncryptXOR( &nvSession, &( nvWriteData.b ) );
4480 }
4481 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 1;
4482 }
4483 else
4484 {
4485 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4486 }
4487 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4488
4489 CheckPassed( rval );
4490
4491 sessionsData.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
4492 sessionsData.cmdAuths[0]->nonce.t.size = 1;
4493 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4494
4495 // Roll nonces for command
4496 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4497
4498 // Now try writing with bad HMAC.
4499 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4500 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4501 CheckPassed( rval );
4502
4503 rval = ComputeCommandHmacs( wrSysContext,
4504 TPM20_INDEX_PASSWORD_TEST,
4505 TPM20_INDEX_PASSWORD_TEST, &sessionsData, TPM_RC_FAILURE );
4506 CheckPassed( rval );
4507
4508 // Diddle with HMAC to force failure
4509 sessionsData.cmdAuths[0]->hmac.t.buffer[0] =
4510 ~( sessionsData.cmdAuths[0]->hmac.t.buffer[0] );
4511
4512 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4513 TPM20_INDEX_PASSWORD_TEST,
4514 &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4515 CheckFailed( sessionCmdRval, TPM_RC_S + TPM_RC_1 + TPM_RC_AUTH_FAIL );
4516
4517 // Since command failed, no need to roll nonces.
4518
4519 TestDictionaryAttackLockReset();
4520
4521 // Now try writing with good HMAC.
4522
4523 // Do stage 1 of NVRead, followed by stage 1 and 2 of NVWrite, followed by
4524 // stage 2 of NVRead. This tests that the staged processing is thread-safe.
4525 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4526 rval = Tss2_Sys_NV_Read_Prepare( rdSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
4527 CheckPassed( rval );
4528
4529 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
4530 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST,
4531 &nvWriteData, 0 );
4532 CheckPassed( rval );
4533
4534 rval = ComputeCommandHmacs( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4535 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4536 CheckPassed( rval );
4537
4538 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext,
4539 TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4540 CheckPassed( sessionCmdRval );
4541 if( sessionCmdRval == TPM_RC_SUCCESS )
4542 {
4543 // Roll nonces for response
4544 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4545
4546 rval = CheckResponseHMACs( wrSysContext, sessionCmdRval,
4547 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4548 CheckPassed( rval );
4549 }
4550
4551 // Roll nonces for command
4552 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4553
4554 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4555 rval = ComputeCommandHmacs( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4556 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4557 CheckPassed( rval );
4558
4559 if( decryptEncryptSetups[k] == ENCRYPT_SESSION )
4560 {
4561 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 1;
4562 }
4563 else
4564 {
4565 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4566 }
4567 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4568
4569 sessionCmdRval = Tss2_Sys_NV_Read( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4570 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sizeof( dataToWrite ), 0, &nvData, &sessionsDataOut );
4571 CheckPassed( sessionCmdRval );
4572 if( sessionCmdRval == TPM_RC_SUCCESS )
4573 {
4574 // Roll nonces for response
4575 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4576
4577 rval = CheckResponseHMACs( rdSysContext, sessionCmdRval,
4578 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4579 CheckPassed( rval );
4580
4581 if( decryptEncryptSetups[k] == ENCRYPT_SESSION )
4582 {
4583 if( decryptEncryptMode == CFB_MODE )
4584 {
4585// rval = EncryptCFB( nvSession, &( nvData.b ) );
4586 }
4587 else if( decryptEncryptMode == XOR_MODE )
4588 {
4589// rval = EncryptXOR( nvSession, &( nvData.b ) );
4590 }
4591 CheckPassed( rval );
4592 }
4593
4594 // Check that write actually worked.
4595 rval = CompareTPM2B( &(nvWriteData.b), &(nvData.b) );
4596 CheckPassed( rval );
4597 }
4598
4599 //
4600 // NOTE: When running against version of the simulator for TPM spec versions later
4601 // than version 0.98, in order for the session to act as a bound session when accessing
4602 // the bind entity, we will need to restart the session here since the name of the bound
4603 // entity changed.
4604 //
4605 if( hmacTestSetups[j].bound != TPM_RH_NULL )
4606 {
4607 rval = EndAuthSession( nvSession );
4608 CheckPassed( rval );
4609
4610 //
4611 // Start session
4612 //
4613 nonceOlder.t.size = GetDigestSize( TPM_ALG_SHA1 );
4614 for( i = 0; i < nonceOlder.t.size; i++ )
4615 nonceOlder.t.buffer[i] = 0;
4616
4617 symmetric.algorithm = TPM_ALG_AES;
4618 symmetric.keyBits.aes = 128;
4619 symmetric.mode.aes = TPM_ALG_CFB;
4620
4621 rval = StartAuthSessionWithParams( &nvSession, hmacTestSetups[j].tpmKey, hmacTestSetups[j].salt, hmacTestSetups[j].bound, &nvAuth, &nonceOlder, &encryptedSalt, TPM_SE_HMAC, &symmetric, TPM_ALG_SHA1 );
4622 CheckPassed( rval );
4623
4624 CopySizedByteBuffer( &( nvSession->authValueBind.b ), &( nvAuth.b ) );
4625
4626 // Now try writing with good HMAC.
4627 sessionsData.cmdAuths[0]->sessionHandle = nvSession->sessionHandle;
4628 sessionsData.cmdAuths[0]->nonce.t.size = 1;
4629 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4630 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 1;
4631 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 1;
4632
4633 // TBD: Need to encrypt data before sending.
4634
4635 rval = Tss2_Sys_NV_Write_Prepare( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4636 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
4637 CheckPassed( rval );
4638
4639 // Roll nonces for command
4640 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4641
4642 rval = ComputeCommandHmacs( wrSysContext, TPM20_INDEX_PASSWORD_TEST,
4643 TPM20_INDEX_PASSWORD_TEST, &sessionsData, TPM_RC_FAILURE );
4644 CheckPassed( rval );
4645
4646 sessionCmdRval = Tss2_Sys_NV_Write( wrSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
4647 sessionsData.cmdAuths[0]->sessionAttributes.decrypt = 0;
4648 CheckPassed( sessionCmdRval );
4649 if( sessionCmdRval == TPM_RC_SUCCESS )
4650 {
4651 // Roll nonces for response
4652 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4653
4654 rval = CheckResponseHMACs( wrSysContext, sessionCmdRval,
4655 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4656 CheckPassed( rval );
4657 }
4658
4659 // Need to do GetSessionAuditDigest to check that audit digest changed.
4660
4661 sessionsData.cmdAuths[0]->sessionAttributes.continueSession = 0;
4662 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 1;
4663 sessionsData.cmdAuths[0]->sessionAttributes.audit = 1;
4664
4665 rval = Tss2_Sys_NV_Read_Prepare( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4666 TPM20_INDEX_PASSWORD_TEST, sizeof( dataToWrite ), 0 );
4667 CheckPassed( rval );
4668
4669 // Roll nonces for command
4670 RollNonces( nvSession, &sessionsData.cmdAuths[0]->nonce );
4671
4672 rval = ComputeCommandHmacs( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4673 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sessionCmdRval );
4674 CheckPassed( rval );
4675
4676 sessionCmdRval = Tss2_Sys_NV_Read( rdSysContext, TPM20_INDEX_PASSWORD_TEST,
4677 TPM20_INDEX_PASSWORD_TEST, &sessionsData, sizeof( dataToWrite ), 0, &nvData, &sessionsDataOut );
4678 sessionsData.cmdAuths[0]->sessionAttributes.encrypt = 0;
4679 sessionsData.cmdAuths[0]->sessionAttributes.audit = 0;
4680 if( sessionCmdRval == TPM_RC_SUCCESS )
4681 {
4682 // Roll nonces for response
4683 RollNonces( nvSession, &sessionsDataOut.rspAuths[0]->nonce );
4684
4685 rval = CheckResponseHMACs( rdSysContext, sessionCmdRval,
4686 &sessionsData, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsDataOut );
4687 CheckPassed( rval );
4688 }
4689
4690 // TBD: Need to decrypt response data.
4691
4692 CheckPassed( rval );
4693 // TBD: Need to do GetSessionAuditDigest to check that audit digest changed.
4694 }
4695
4696 // Removed comparison for now until we figure out how to properly
4697 // encrypt data before writing to NV index.
4698 // rval = CompareTPM2B( &(nvWriteData.b), &(nvData.b) );
4699 // CheckPassed( rval );
4700
4701 sessionsData.cmdAuths[0]->sessionHandle = TPM_RS_PW;
4702 sessionsData.cmdAuths[0]->nonce.t.size = 0;
4703 sessionsData.cmdAuths[0]->nonce.t.buffer[0] = 0xa5;
4704 sessionData.hmac.t.size = 0;
4705 // Now undefine the index.
4706 rval = Tss2_Sys_NV_UndefineSpace( wrSysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
4707 CheckPassed( rval );
4708 rval = DeleteEntity( TPM20_INDEX_PASSWORD_TEST );
4709 CheckPassed( rval );
4710 rval = EndAuthSession( nvSession );
4711 CheckPassed( rval );
4712 }
4713 }
4714 }
4715
4716 TeardownSysContext( &wrSysContext );
4717 TeardownSysContext( &rdSysContext );
4718
4719}
4720
4721UINT32 writeDataString = 0xdeadbeef;
4722
4723void TestEncryptDecryptSession()
4724{
4725 TSS2_RC rval = TSS2_RC_SUCCESS;
4726 SESSION *encryptDecryptSession;
4727 TPMT_SYM_DEF symmetric;
4728 TPM2B_MAX_NV_BUFFER writeData, encryptedWriteData;
4729 TPM2B_MAX_NV_BUFFER encryptedReadData, decryptedReadData,
4730 readData;
4731 size_t decryptParamSize;
4732 uint8_t *decryptParamBuffer;
4733 size_t encryptParamSize;
4734 uint8_t *encryptParamBuffer;
4735 TPM2B_AUTH nvAuth;
4736 TPM2B_DIGEST authPolicy;
4737 TPMA_NV nvAttributes;
4738 int i;
4739 TPMA_SESSION sessionAttributes;
4740 TPM2B_NONCE nonceCaller;
4741
4742 nonceCaller.t.size = 0;
4743
4744 // Authorization structure for undefine command.
4745 TPMS_AUTH_COMMAND nvUndefineAuth;
4746
4747 // Create and init authorization area for undefine command:
4748 // only 1 authorization area.
4749 TPMS_AUTH_COMMAND *nvUndefineAuthArray[1] = { &nvUndefineAuth };
4750
4751 // Authorization array for command (only has one auth structure).
4752 TSS2_SYS_CMD_AUTHS nvUndefineAuths = { 1, &nvUndefineAuthArray[0] };
4753
4754 TpmClientPrintf( 0, "\n\nDECRYPT/ENCRYPT SESSION TESTS:\n" );
4755
4756 writeData.t.size = sizeof( writeDataString );
4757 memcpy( (void *)&writeData.t.buffer, (void *)&writeDataString,
4758 sizeof( writeDataString ) );
4759
4760
4761 // Create NV index with empty auth value.
4762 *(UINT32 *)( (void *)&nvAttributes ) = 0;
4763 nvAttributes.TPMA_NV_AUTHREAD = 1;
4764 nvAttributes.TPMA_NV_AUTHWRITE = 1;
4765 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
4766
4767 // No authorization required.
4768 authPolicy.t.size = 0;
4769 nvAuth.t.size = 0;
4770 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW,
4771 &nvAuth, &authPolicy, TPM20_INDEX_TEST1,
4772 TPM_ALG_SHA1, nvAttributes,
4773 sizeof( writeDataString ) );
4774
4775 //
4776 // 1st pass with CFB mode.
4777 // 2nd pass with XOR mode.
4778 //
4779 for( i = 0; i < 2; i++ )
4780 {
4781 // Authorization structure for NV
4782 // read/write commands.
4783 TPMS_AUTH_COMMAND nvRdWrCmdAuth;
4784
4785 // Authorization structure for
4786 // encrypt/decrypt session.
4787 TPMS_AUTH_COMMAND decryptEncryptSessionCmdAuth;
4788
4789 // Create and init authorization area for
4790 // NV read/write commands:
4791 // 2 authorization areas.
4792 TPMS_AUTH_COMMAND *nvRdWrCmdAuthArray[2] =
4793 { &nvRdWrCmdAuth, &decryptEncryptSessionCmdAuth };
4794
4795 // Authorization array for commands
4796 // (has two auth structures).
4797 TSS2_SYS_CMD_AUTHS nvRdWrCmdAuths =
4798 { 2, &nvRdWrCmdAuthArray[0] };
4799
4800 // Authorization structure for NV read/write responses.
4801 TPMS_AUTH_RESPONSE nvRdWrRspAuth;
4802 // Authorization structure for decrypt/encrypt
4803 // session responses.
4804 TPMS_AUTH_RESPONSE decryptEncryptSessionRspAuth;
4805
4806 // Create and init authorization area for NV
4807 // read/write responses: 2 authorization areas.
4808 TPMS_AUTH_RESPONSE *nvRdWrRspAuthArray[2] =
4809 { &nvRdWrRspAuth, &decryptEncryptSessionRspAuth };
4810 // Authorization array for responses
4811 // (has two auth structures).
4812 TSS2_SYS_RSP_AUTHS nvRdWrRspAuths =
4813 { 2, &nvRdWrRspAuthArray[0] };
4814
4815 // Setup session parameters.
4816 if( i == 0 )
4817 {
4818 // AES encryption/decryption and CFB mode.
4819 symmetric.algorithm = TPM_ALG_AES;
4820 symmetric.keyBits.aes = 128;
4821 symmetric.mode.aes = TPM_ALG_CFB;
4822 }
4823 else
4824 {
4825 // XOR encryption/decryption.
4826 symmetric.algorithm = TPM_ALG_XOR;
4827 symmetric.keyBits.exclusiveOr = TPM_ALG_SHA256;
4828 }
4829
4830 // Start policy session for decrypt/encrypt session.
4831 rval = StartAuthSessionWithParams( &encryptDecryptSession,
4832 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_POLICY,
4833 &symmetric, TPM_ALG_SHA256 );
4834 CheckPassed( rval );
4835
4836 //
4837 // Write TPM index with encrypted parameter used
4838 // as the data to write. Set session for encrypt.
4839 // Use asyncronous APIs to do this.
4840 //
4841 // 1st time: use null buffer, 2nd time use populated one;
4842 // this tests different cases for SetDecryptParam function.
4843 //
4844
4845 // Prepare the input parameters, using unencypted
4846 // write data. This will be encrypted before the
4847 // command is sent to the TPM.
4848 rval = Tss2_Sys_NV_Write_Prepare( sysContext,
4849 TPM20_INDEX_TEST1, TPM20_INDEX_TEST1,
4850 ( i == 0 ? (TPM2B_MAX_NV_BUFFER *)0 : &writeData ),
4851 0 );
4852 CheckPassed( rval );
4853
4854 // Set up password authorization session structure.
4855 nvRdWrCmdAuth.sessionHandle = TPM_RS_PW;
4856 nvRdWrCmdAuth.nonce.t.size = 0;
4857 *( (UINT8 *)((void *)&nvRdWrCmdAuth.sessionAttributes ) ) = 0;
4858 nvRdWrCmdAuth.hmac.t.size = nvAuth.t.size;
4859 memcpy( (void *)&nvRdWrCmdAuth.hmac.t.buffer[0],
4860 (void *)&nvAuth.t.buffer[0],
4861 nvRdWrCmdAuth.hmac.t.size );
4862
4863 // Set up encrypt/decrypt session structure.
4864 decryptEncryptSessionCmdAuth.sessionHandle =
4865 encryptDecryptSession->sessionHandle;
4866 decryptEncryptSessionCmdAuth.nonce.t.size = 0;
4867 *( (UINT8 *)((void *)&sessionAttributes ) ) = 0;
4868 decryptEncryptSessionCmdAuth.sessionAttributes =
4869 sessionAttributes;
4870 decryptEncryptSessionCmdAuth.sessionAttributes.continueSession
4871 = 1;
4872 decryptEncryptSessionCmdAuth.sessionAttributes.decrypt = 1;
4873 decryptEncryptSessionCmdAuth.hmac.t.size = 0;
4874
4875 rval = Tss2_Sys_SetCmdAuths( sysContext, &nvRdWrCmdAuths );
4876 CheckPassed( rval );
4877
4878 // Get decrypt parameter.
4879 rval = Tss2_Sys_GetDecryptParam( sysContext,
4880 &decryptParamSize,
4881 (const uint8_t **)&decryptParamBuffer );
4882 CheckPassed( rval );
4883
4884 if( i == 0 )
4885 {
4886 // 1st pass: test case of Prepare inputting a NULL decrypt
4887 // param; decryptParamSize should be 0.
4888 if( decryptParamSize != 0 )
4889 {
4890 TpmClientPrintf( 0, "ERROR!! decryptParamSize != 0\n" );
4891 Cleanup();
4892 }
4893 }
4894
4895 // Roll nonces for command.
4896 RollNonces( encryptDecryptSession,
4897 &decryptEncryptSessionCmdAuth.nonce );
4898
4899 // Encrypt write data.
4900 rval = EncryptCommandParam( encryptDecryptSession,
4901 (TPM2B_MAX_BUFFER *)&encryptedWriteData,
4902 (TPM2B_MAX_BUFFER *)&writeData, &nvAuth );
4903 CheckPassed( rval );
4904
4905 // Now set decrypt parameter.
4906 rval = Tss2_Sys_SetDecryptParam( sysContext,
4907 (uint8_t )encryptedWriteData.t.size,
4908 (uint8_t *)&encryptedWriteData.t.buffer[0] );
4909 CheckPassed( rval );
4910
4911 // Now write the data to the NV index.
4912 rval = Tss2_Sys_ExecuteAsync( sysContext );
4913 CheckPassed( rval );
4914
4915 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
4916 CheckPassed( rval );
4917
4918 rval = Tss2_Sys_GetRspAuths( sysContext, &nvRdWrRspAuths );
4919 CheckPassed( rval );
4920
4921 // Roll the nonces for response
4922 RollNonces( encryptDecryptSession,
4923 &nvRdWrRspAuths.rspAuths[1]->nonce );
4924
4925
4926 // Don't need nonces for anything else, so roll
4927 // the nonces for next command.
4928 RollNonces( encryptDecryptSession,
4929 &decryptEncryptSessionCmdAuth.nonce );
4930
4931 // Now read the data without encrypt set.
4932 nvRdWrCmdAuths.cmdAuthsCount = 1;
4933 nvRdWrRspAuths.rspAuthsCount = 1;
4934 rval = Tss2_Sys_NV_Read( sysContext, TPM20_INDEX_TEST1,
4935 TPM20_INDEX_TEST1, &nvRdWrCmdAuths,
4936 sizeof( writeDataString ), 0, &readData,
4937 &nvRdWrRspAuths );
4938 CheckPassed( rval );
4939 nvRdWrCmdAuths.cmdAuthsCount = 2;
4940 nvRdWrRspAuths.rspAuthsCount = 2;
4941
4942 // Roll the nonces for response
4943 RollNonces( encryptDecryptSession,
4944 &nvRdWrRspAuths.rspAuths[1]->nonce );
4945
4946 // Check that write and read data are equal. This
4947 // verifies that the decrypt session was setup correctly.
4948 // If it wasn't, the data stored in the TPM would still
4949 // be encrypted, and this test would fail.
4950 if( memcmp( (void *)&readData.t.buffer[0],
4951 (void *)&writeData.t.buffer[0], readData.t.size ) )
4952 {
4953 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
4954 Cleanup();
4955 }
4956
4957 //
4958 // Read TPM index with encrypt session; use
4959 // syncronous APIs to do this.
4960 //
4961
4962 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_TEST1,
4963 TPM20_INDEX_TEST1, sizeof( writeDataString ), 0 );
4964 CheckPassed( rval );
4965
4966 // Roll the nonces for next command.
4967 RollNonces( encryptDecryptSession,
4968 &decryptEncryptSessionCmdAuth.nonce );
4969
4970 decryptEncryptSessionCmdAuth.sessionAttributes.decrypt = 0;
4971 decryptEncryptSessionCmdAuth.sessionAttributes.encrypt = 1;
4972 decryptEncryptSessionCmdAuth.sessionAttributes.continueSession =
4973 1;
4974
4975 rval = Tss2_Sys_SetCmdAuths( sysContext, &nvRdWrCmdAuths );
4976 CheckPassed( rval );
4977
4978 //
4979 // Now Read the data.
4980 //
4981 rval = Tss2_Sys_Execute( sysContext );
4982 CheckPassed( rval );
4983
4984 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize,
4985 (const uint8_t **)&encryptParamBuffer );
4986 CheckPassed( rval );
4987
4988 rval = Tss2_Sys_GetRspAuths( sysContext, &nvRdWrRspAuths );
4989 CheckPassed( rval );
4990
4991 // Roll the nonces for response
4992 RollNonces( encryptDecryptSession,
4993 &nvRdWrRspAuths.rspAuths[1]->nonce );
4994
4995 // Decrypt read data.
4996 encryptedReadData.t.size = encryptParamSize;
4997 memcpy( (void *)&encryptedReadData.t.buffer[0],
4998 (void *)encryptParamBuffer, encryptParamSize );
4999 rval = DecryptResponseParam( encryptDecryptSession,
5000 (TPM2B_MAX_BUFFER *)&decryptedReadData,
5001 (TPM2B_MAX_BUFFER *)&encryptedReadData, &nvAuth );
5002 CheckPassed( rval );
5003
5004 // Roll the nonces.
5005 RollNonces( encryptDecryptSession,
5006 &nvRdWrRspAuths.rspAuths[1]->nonce );
5007
5008 rval = Tss2_Sys_SetEncryptParam( sysContext,
5009 (uint8_t)decryptedReadData.t.size,
5010 (uint8_t *)&decryptedReadData.t.buffer[0] );
5011 CheckPassed( rval );
5012
5013 // Get the command results, in this case the read data.
5014 rval = Tss2_Sys_NV_Read_Complete( sysContext, &readData );
5015 CheckPassed( rval );
5016
5017 TpmClientPrintf( 0, "Decrypted read data = " );
5018 DEBUG_PRINT_BUFFER( &readData.t.buffer[0], (UINT32 )readData.t.size );
5019
5020 // Check that write and read data are equal.
5021 if( memcmp( (void *)&readData.t.buffer[0],
5022 (void *)&writeData.t.buffer[0], readData.t.size ) )
5023 {
5024 TpmClientPrintf( 0, "ERROR!! read data not equal to written data\n" );
5025 Cleanup();
5026 }
5027
5028 rval = Tss2_Sys_FlushContext( sysContext,
5029 encryptDecryptSession->sessionHandle );
5030 CheckPassed( rval );
5031
5032 rval = EndAuthSession( encryptDecryptSession );
5033 CheckPassed( rval );
5034 }
5035
5036 // Set authorization for NV undefine command.
5037 nvUndefineAuth.sessionHandle = TPM_RS_PW;
5038 nvUndefineAuth.nonce.t.size = 0;
5039 *( (UINT8 *)((void *)&nvUndefineAuth.sessionAttributes ) ) = 0;
5040 nvUndefineAuth.hmac.t.size = 0;
5041
5042 // Undefine NV index.
5043 rval = Tss2_Sys_NV_UndefineSpace( sysContext,
5044 TPM_RH_PLATFORM, TPM20_INDEX_TEST1, &nvUndefineAuths, 0 );
5045 CheckPassed( rval );
5046}
5047
5048
5049void TestRsaEncryptDecrypt()
5050{
5051 TPM2B_SENSITIVE_CREATE inSensitive;
5052 TPM2B_PUBLIC inPublic;
5053 TPMS_AUTH_COMMAND sessionData;
5054 TPMS_AUTH_RESPONSE sessionDataOut;
5055 TPM2B_DATA outsideInfo;
5056 TPML_PCR_SELECTION creationPCR;
5057 TPM_RC rval;
5058 TPM2B_PRIVATE outPrivate;
5059 TPM2B_PUBLIC outPublic;
5060 TPM2B_CREATION_DATA creationData;
5061 TPM2B_DIGEST creationHash;
5062 TPMT_TK_CREATION creationTicket;
5063 TPM2B_NAME rsaKeyName;
5064
5065 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
5066 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
5067
5068 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
5069 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
5070
5071 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
5072 inSensitive.t.sensitive.data.t.size = 0;
5073
5074 // Init nonce.
5075 sessionData.nonce.t.size = 0;
5076
5077 // init hmac
5078 sessionData.hmac.t.size = 0;
5079
5080 // Init session attributes
5081 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
5082
5083 // Create public/private key pair.
5084 inPublic.t.publicArea.type = TPM_ALG_RSA;
5085 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
5086 *(UINT32 *)( (void *)&( inPublic.t.publicArea.objectAttributes ) ) = 0;
5087 inPublic.t.publicArea.objectAttributes.decrypt = 1;
5088 inPublic.t.publicArea.authPolicy.t.size = 0;
5089
5090 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
5091 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
5092 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CTR;
5093 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
5094 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
5095 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
5096 inPublic.t.publicArea.unique.rsa.t.size = 0;
5097
5098 outsideInfo.t.size = 0;
5099 outPublic.t.size = 0;
5100 creationData.t.size = 0;
5101 rval = Tss2_Sys_Create( sysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
5102 &outsideInfo, &creationPCR,
5103 &outPrivate, &outPublic, &creationData,
5104 &creationHash, &creationTicket, &sessionsDataOut );
5105
5106 CheckPassed( rval );
5107
5108 // Load private key into TPM
5109 rval = Tss2_Sys_Load ( sysContext, handle2048rsa, 0, &outPrivate, &outPublic,
5110 &loadedSha1KeyHandle, &rsaKeyName, &sessionsDataOut);
5111 CheckPassed( rval );
5112
5113
5114
5115 // Encrypt message with public key
5116
5117 // Print encrypted message.
5118
5119 // Decrypt message with private key.
5120
5121 // Print decrypted message.
5122
5123}
5124
5125
5126void GetSetDecryptParamTests()
5127{
5128 TPM2B_MAX_NV_BUFFER nvWriteData = { { 4, { 0xde, 0xad, 0xbe, 0xef, } } };
5129 TPM2B_MAX_NV_BUFFER nvWriteData1 = { { 4, { 0x01, 0x01, 0x02, 0x03, } } };
5130 const uint8_t *decryptParamBuffer;
5131 size_t decryptParamSize;
5132 size_t cpBufferUsedSize1, cpBufferUsedSize2;
5133 const uint8_t *cpBuffer1, *cpBuffer2;
5134 TSS2_RC rval;
5135 int i;
5136 TSS2_SYS_CONTEXT *decryptParamTestSysContext;
5137
5138 TpmClientPrintf( 0, "\nGET/SET DECRYPT PARAM TESTS:\n" );
5139
5140 // Create two sysContext structures.
5141 decryptParamTestSysContext = InitSysContext( MAX_NV_BUFFER_SIZE, resMgrTctiContext, &abiVersion );
5142 if( decryptParamTestSysContext == 0 )
5143 {
5144 InitSysContextFailure();
5145 }
5146
5147 // Test for bad sequence
5148 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5149 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5150
5151 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5152 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5153
5154 // Do Prepare.
5155 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5156 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
5157 CheckPassed( rval );
5158
5159 // Test for bad reference
5160 rval = Tss2_Sys_GetDecryptParam( 0, &decryptParamSize, &decryptParamBuffer );
5161 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5162
5163 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, 0, &decryptParamBuffer );
5164 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5165
5166 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, 0 );
5167 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5168
5169 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, 0 );
5170 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5171
5172 rval = Tss2_Sys_SetDecryptParam( 0, 4, 0 );
5173 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5174
5175 // Test for bad size.
5176 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 5, &( nvWriteData.t.buffer[0] ) );
5177 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5178
5179 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 3, &( nvWriteData.t.buffer[0] ) );
5180 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5181
5182 // Test for good size.
5183 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5184 CheckPassed( rval );
5185
5186 // Make sure that the set operation really did the right thing.
5187 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5188 CheckPassed( rval );
5189 for( i = 0; i < 4; i++ )
5190 {
5191 if( decryptParamBuffer[i] != nvWriteData.t.buffer[i] )
5192 {
5193 TpmClientPrintf( 0, "ERROR!! decryptParamBuffer[%d] s/b: %2.2x, was: %2.2x\n", i, nvWriteData.t.buffer[i], decryptParamBuffer[i] );
5194 Cleanup();
5195 }
5196 }
5197
5198 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize1, &cpBuffer1 );
5199 CheckPassed( rval );
5200
5201 OpenOutFile( &outFp );
5202#ifdef DEBUG
5203 TpmClientPrintf( 0, "cpBuffer = ");
5204#endif
5205 DEBUG_PRINT_BUFFER( (UINT8 *)cpBuffer1, cpBufferUsedSize1 );
5206 CloseOutFile( &outFp );
5207
5208 // Test for no decrypt param.
5209 rval = Tss2_Sys_NV_Read_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, sizeof( nvWriteData ) - 2, 0 );
5210 CheckPassed( rval );
5211
5212 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5213 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
5214
5215 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5216 CheckFailed( rval, TSS2_SYS_RC_NO_DECRYPT_PARAM );
5217
5218 // Null decrypt param.
5219 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5220 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
5221 CheckPassed( rval );
5222
5223 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5224 CheckPassed( rval );
5225
5226 // Check that size == 0.
5227 if( decryptParamSize != 0 )
5228 {
5229 TpmClientPrintf( 0, "ERROR!! decryptParamSize s/b: 0, was: %u\n", (unsigned int)decryptParamSize );
5230 Cleanup();
5231 }
5232
5233 // Test for insufficient size.
5234 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2 );
5235 CheckPassed( rval );
5236 nvWriteData.t.size = MAX_NV_BUFFER_SIZE -
5237 CHANGE_ENDIAN_DWORD( ( (TPM20_Header_In *)( ( (_TSS2_SYS_CONTEXT_BLOB *)decryptParamTestSysContext )->tpmInBuffPtr ) )->commandSize ) +
5238 1;
5239 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, nvWriteData.t.size, &( nvWriteData.t.buffer[0] ) );
5240 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
5241
5242 // Test that one less will work. This tests that we're checking the correct corner case.
5243 nvWriteData.t.size -= 1;
5244 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, nvWriteData.t.size, &( nvWriteData.t.buffer[0] ) );
5245 CheckPassed( rval );
5246
5247
5248 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5249 TPM20_INDEX_PASSWORD_TEST, 0, 0x55aa );
5250 CheckPassed( rval );
5251
5252 rval = Tss2_Sys_GetDecryptParam( decryptParamTestSysContext, &decryptParamSize, &decryptParamBuffer );
5253 CheckPassed( rval );
5254
5255 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 4, &( nvWriteData.t.buffer[0] ) );
5256 CheckPassed( rval );
5257
5258 rval = Tss2_Sys_GetCpBuffer( decryptParamTestSysContext, &cpBufferUsedSize2, &cpBuffer2 );
5259 CheckPassed( rval );
5260
5261 OpenOutFile( &outFp );
5262#ifdef DEBUG
5263 TpmClientPrintf( 0, "cpBuffer = ");
5264#endif
5265 DEBUG_PRINT_BUFFER( (UINT8 *)cpBuffer2, cpBufferUsedSize2 );
5266 CloseOutFile( &outFp );
5267
5268 if( cpBufferUsedSize1 != cpBufferUsedSize2 )
5269 {
5270 TpmClientPrintf( 0, "ERROR!! cpBufferUsedSize1(%x) != cpBufferUsedSize2(%x)\n", (UINT32)cpBufferUsedSize1, (UINT32)cpBufferUsedSize2 );
5271 Cleanup();
5272 }
5273 for( i = 0; i < (int)cpBufferUsedSize1; i++ )
5274 {
5275 if( cpBuffer1[i] != cpBuffer2[i] )
5276 {
5277 TpmClientPrintf( 0, "ERROR!! cpBufferUsedSize1[%d] s/b: %2.2x, was: %2.2x\n", i, cpBuffer1[i], cpBuffer2[i] );
5278 Cleanup();
5279 }
5280 }
5281
5282 // Test case of zero sized decrypt param, another case of bad size.
5283 nvWriteData1.t.size = 0;
5284 rval = Tss2_Sys_NV_Write_Prepare( decryptParamTestSysContext, TPM20_INDEX_PASSWORD_TEST,
5285 TPM20_INDEX_PASSWORD_TEST, &nvWriteData1, 0x55aa );
5286 CheckPassed( rval );
5287
5288 rval = Tss2_Sys_SetDecryptParam( decryptParamTestSysContext, 1, &( nvWriteData.t.buffer[0] ) );
5289 CheckFailed( rval, TSS2_SYS_RC_BAD_SIZE );
5290
5291 TeardownSysContext( &decryptParamTestSysContext );
5292}
5293
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5294void SysInitializeTests()
5295{
5296 TSS2_RC rval = TSS2_RC_SUCCESS;
5297
5298 // NOTE: this should never be done in real applications.
5299 // It is only done here for test purposes.
5300 TSS2_TCTI_CONTEXT_INTEL tctiContextIntel;
5301
5302 TSS2_TCTI_CONTEXT *tctiContext = (TSS2_TCTI_CONTEXT *)&tctiContextIntel;
5303
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5304 TpmClientPrintf( 0, "\nSYS INITIALIZE TESTS:\n" );
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5305
5306 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)0, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)1 );
5307 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5308
5309 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)0, (TSS2_ABI_VERSION *)1 );
5310 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5311
5312 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)0 );
5313 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5314
5315 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, 10, (TSS2_TCTI_CONTEXT *)1, (TSS2_ABI_VERSION *)1 );
5316 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_CONTEXT );
5317
5318 // NOTE: don't do this in real applications.
5319 tctiContextIntel.transmit = (TCTI_TRANSMIT_PTR)0;
5320 tctiContextIntel.receive = (TCTI_RECEIVE_PTR)1;
5321
5322 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, sizeof( _TSS2_SYS_CONTEXT_BLOB ), (TSS2_TCTI_CONTEXT *)&tctiContextIntel, (TSS2_ABI_VERSION *)1 );
5323 CheckFailed( rval, TSS2_SYS_RC_BAD_TCTI_STRUCTURE );
5324
5325 // NOTE: don't do this in real applications.
5326 tctiContextIntel.transmit = (TCTI_TRANSMIT_PTR)1;
5327 tctiContextIntel.receive = (TCTI_RECEIVE_PTR)0;
5328
5329 rval = Tss2_Sys_Initialize( (TSS2_SYS_CONTEXT *)1, sizeof( _TSS2_SYS_CONTEXT_BLOB ), (TSS2_TCTI_CONTEXT *)&tctiContextIntel, (TSS2_ABI_VERSION *)1 );
5330 CheckFailed( rval, TSS2_SYS_RC_BAD_TCTI_STRUCTURE );
5331}
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5332
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5333void SysFinalizeTests()
5334{
5335 TSS2_RC rval = TSS2_RC_SUCCESS;
5336
5337 TpmClientPrintf( 0, "\nSYS FINALIZE TESTS:\n" );
5338
5339 rval = Tss2_Sys_Finalize( 0 );
5340 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5341
5342 // Note: other cases tested by other tests.
5343}
5344
5345void GetContextSizeTests()
5346{
5347 TSS2_RC rval = TSS2_RC_SUCCESS;
5348 TSS2_SYS_CONTEXT *testSysContext;
5349
5350 TpmClientPrintf( 0, "\nSYS GETCONTEXTSIZE TESTS:\n" );
5351
5352 testSysContext = InitSysContext( 9, resMgrTctiContext, &abiVersion );
5353 if( testSysContext == 0 )
5354 {
5355 InitSysContextFailure();
5356 }
5357
5358 rval = Tss2_Sys_Startup( testSysContext, TPM_SU_CLEAR );
5359 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
5360
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]5361 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5362 CheckPassed( rval );
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5363
5364 // Note: other cases tested by other tests.
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]5365
5366 TeardownSysContext( &testSysContext );
5367}
5368
5369void GetTctiContextTests()
5370{
5371 TSS2_RC rval = TSS2_RC_SUCCESS;
5372 TSS2_SYS_CONTEXT *testSysContext;
5373 TSS2_TCTI_CONTEXT *tctiContext;
5374
5375 TpmClientPrintf( 0, "\nSYS GETTCTICONTEXT TESTS:\n" );
5376
5377 testSysContext = InitSysContext( 9, resMgrTctiContext, &abiVersion );
5378 if( testSysContext == 0 )
5379 {
5380 InitSysContextFailure();
5381 }
5382
5383 rval = Tss2_Sys_GetTctiContext( testSysContext, 0 );
5384 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5385
5386 rval = Tss2_Sys_GetTctiContext( 0, &tctiContext );
5387 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5388
5389 TeardownSysContext( &testSysContext );
5390}
5391
5392void PrepareTests()
5393{
5394 TSS2_RC rval = TSS2_RC_SUCCESS;
5395 TSS2_SYS_CONTEXT *testSysContext;
5396
5397 TpmClientPrintf( 0, "\nSYS PREPARE TESTS:\n" );
5398
5399 testSysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
5400 if( testSysContext == 0 )
5401 {
5402 InitSysContextFailure();
5403 }
5404
5405 // Test for bad reference.
5406 rval = Tss2_Sys_GetTestResult_Prepare( 0 );
5407 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5408
5409 // Test for bad sequence: after ExecuteAsync
5410 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5411 CheckPassed( rval );
5412
5413 rval = Tss2_Sys_ExecuteAsync( testSysContext );
5414 CheckPassed( rval );
5415
5416 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5417 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5418
5419 rval = Tss2_Sys_ExecuteFinish( testSysContext, -1 );
5420 CheckPassed( rval );
5421
5422 // Test for bad sequence: after Execute
5423 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5424 CheckPassed( rval );
5425
5426 rval = Tss2_Sys_Execute( testSysContext );
5427 CheckPassed( rval );
5428
5429 rval = Tss2_Sys_GetTestResult_Prepare( testSysContext );
5430 CheckPassed( rval );
5431
5432 TeardownSysContext( &testSysContext );
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]5433}
5434
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5435void RmZeroSizedResponseTest()
5436{
5437 SESSION *encryptSession;
5438 TPM2B_NONCE nonceCaller;
5439 TPMT_SYM_DEF symmetric;
5440 TSS2_RC rval = TSS2_RC_SUCCESS;
5441
5442 //
5443 // Tests what happens in RM when receive comes back with 0 sized response.
5444 // This happens when a command is sent to the simulator but the simulator
5445 // isn't "powered on".
5446 // Added this test because this took me a while to understand, and I
5447 // never want to have to debug this again.
5448 //
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]5449
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5450 TpmClientPrintf( 0, "\nRM ZERO SIZED RESPONSE TEST:\n" );
5451
5452 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
5453
5454 nonceCaller.t.size = 1;
5455 nonceCaller.t.buffer[0] = 0xa5;
5456
5457 // AES encryption/decryption and CFB mode.
5458 symmetric.algorithm = TPM_ALG_AES;
5459 symmetric.keyBits.aes = 128;
5460 symmetric.mode.aes = TPM_ALG_CFB;
5461
5462 // Start policy session for encrypt session.
5463 rval = StartAuthSessionWithParams( &encryptSession,
5464 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5465 &symmetric, TPM_ALG_SHA256 );
5466 CheckFailed( rval, TSS2_TCTI_RC_IO_ERROR );
5467}
5468
5469
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5470void CmdRspAuthsTests()
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5471{
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5472 SESSION *encryptSession, *decryptSession, *auditSession;
5473 TPM2B_NONCE nonceCaller, nonceTpm;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5474 TPMT_SYM_DEF symmetric;
5475 TSS2_RC rval = TSS2_RC_SUCCESS;
5476 int i;
5477 TPM2B_ENCRYPTED_SECRET encryptedSalt;
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5478 UINT32 savedMaxCommandSize, savedResponseSize;
5479
5480 TSS2_SYS_CONTEXT *otherSysContext;
5481 TPM_HANDLE testSessionHandle;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5482
5483 TPMS_AUTH_COMMAND encryptCmdAuth, decryptCmdAuth, auditCmdAuth;
5484 TPMS_AUTH_COMMAND *cmdAuthArray[3] = { &encryptCmdAuth, &decryptCmdAuth, &auditCmdAuth };
5485 TSS2_SYS_CMD_AUTHS cmdAuths = { 3, &cmdAuthArray[0] };
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5486
5487 TPMS_AUTH_RESPONSE encryptRspAuth, decryptRspAuth, auditRspAuth;
5488 TPMS_AUTH_RESPONSE *rspAuthArray[3] =
5489 { &encryptRspAuth, &decryptRspAuth, &auditRspAuth };
5490 TSS2_SYS_RSP_AUTHS rspAuths = { 3, &rspAuthArray[0] };
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5491
5492 TpmClientPrintf( 0, "\nSETCMDAUTHS TESTS:\n" );
5493
5494 nonceCaller.t.size = SHA256_DIGEST_SIZE;
5495
5496 for( i = 0; i < nonceCaller.t.size; i++ )
5497 {
5498 nonceCaller.t.buffer[i] = 0xa5;
5499 }
5500
5501 // AES encryption/decryption and CFB mode.
5502 symmetric.algorithm = TPM_ALG_AES;
5503 symmetric.keyBits.aes = 128;
5504 symmetric.mode.aes = TPM_ALG_CFB;
5505
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5506 // Start encrypt session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5507 rval = StartAuthSessionWithParams( &encryptSession,
5508 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5509 &symmetric, TPM_ALG_SHA256 );
5510 CheckPassed( rval ); // #1
5511
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5512 // Start decrypt session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5513 rval = StartAuthSessionWithParams( &decryptSession,
5514 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5515 &symmetric, TPM_ALG_SHA256 );
5516 CheckPassed( rval ); // #2
5517
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5518 // Start audit session.
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5519 rval = StartAuthSessionWithParams( &auditSession,
5520 TPM_RH_NULL, 0, TPM_RH_NULL, 0, &nonceCaller, 0, TPM_SE_HMAC,
5521 &symmetric, TPM_ALG_SHA256 );
5522 CheckPassed( rval ); // #3
5523
5524 encryptCmdAuth.sessionHandle = encryptSession->sessionHandle;
5525 encryptCmdAuth.nonce.t.size = 0;
5526 *( (UINT8 *)((void *)&encryptCmdAuth.sessionAttributes ) ) = 0;
5527 encryptCmdAuth.sessionAttributes.encrypt = 1;
5528 encryptCmdAuth.hmac.t.size = 0;
5529
5530 decryptCmdAuth.sessionHandle = decryptSession->sessionHandle;
5531 decryptCmdAuth.nonce.t.size = 0;
5532 *( (UINT8 *)((void *)&decryptCmdAuth.sessionAttributes ) ) = 0;
5533 decryptCmdAuth.sessionAttributes.decrypt = 1;
5534 decryptCmdAuth.hmac.t.size = 0;
5535
5536 auditCmdAuth.sessionHandle = auditSession->sessionHandle;
5537 auditCmdAuth.nonce.t.size = 0;
5538 *( (UINT8 *)((void *)&auditCmdAuth.sessionAttributes ) ) = 0;
5539 auditCmdAuth.sessionAttributes.audit = 1;
5540 auditCmdAuth.hmac.t.size = 0;
5541
5542 // Test for bad sequence.
5543 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5544 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #4
5545
5546 encryptedSalt.t.size = 0;
5547 rval = Tss2_Sys_StartAuthSession_Prepare( sysContext,
5548 TPM_RH_NULL, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5549 &symmetric, TPM_ALG_SHA256 );
5550 CheckPassed( rval ); // #5
5551
5552 // Test for bad reference.
5553 rval = Tss2_Sys_SetCmdAuths( 0, &cmdAuths );
5554 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #6
5555
5556 rval = Tss2_Sys_SetCmdAuths( sysContext, 0 );
5557 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #7
5558
5559 // Test for count == 0; this should pass.
5560 cmdAuths.cmdAuthsCount= 0;
5561 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5562 CheckPassed( rval ); // #8
5563
5564 // Test for bad value.
5565 cmdAuths.cmdAuthsCount= 3;
5566 cmdAuthArray[0] = 0;
5567 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5568 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #9
5569
5570 cmdAuthArray[0] = &encryptCmdAuth;
5571 cmdAuthArray[1] = 0;
5572 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5573 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #10
5574
5575 cmdAuthArray[1] = &decryptCmdAuth;
5576 cmdAuthArray[2] = 0;
5577 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5578 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #11
5579 cmdAuthArray[2] = &auditCmdAuth;
5580
5581 // Test for insufficient context.
5582 cmdAuths.cmdAuthsCount= 0;
5583 savedMaxCommandSize = ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize;
5584 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE ) - 1;
5585 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5586 CheckPassed( rval ); // #12
5587
5588 cmdAuths.cmdAuthsCount= 0;
5589 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE );
5590 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5591 CheckPassed( rval );// #13
5592
5593 cmdAuths.cmdAuthsCount= 3;
5594 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = sizeof( TPM20_Header_In ) + 3 * sizeof( TPM_HANDLE );
5595 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5596 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER ); // #14
5597
5598 // Do successful one; use this to get size of command.
5599 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = savedMaxCommandSize;
5600 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5601 CheckPassed( rval ); // #15
5602
5603 // Then set maxCommandSize to the the previously gotten commandSize - 1. This should fail.
5604 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = GetCommandSize( sysContext ) - 1;
5605 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5606 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER ); // #16
5607
5608 // Reset size of sysContext.
5609 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = savedMaxCommandSize;
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5610
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5611 // Setup for response auths test.
5612 ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->maxCommandSize = CHANGE_ENDIAN_DWORD( savedMaxCommandSize );
5613 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5614 CheckPassed( rval ); // #15
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5615
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5616 TpmClientPrintf( 0, "\nGETRSPAUTHS TESTS:\n" );
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5617
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]5618 // Test for bad sequence.
5619 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5620 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #1
5621
5622 otherSysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
5623 if( otherSysContext == 0 )
5624 {
5625 InitSysContextFailure();
5626 }
5627
5628 //
5629 // Test for command that failed: invalid handle.
5630 //
5631 rval = Tss2_Sys_StartAuthSession_Prepare( otherSysContext,
5632 0xffffffff, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5633 &symmetric, TPM_ALG_SHA256 );
5634 CheckPassed( rval ); // #2
5635
5636 rval = Tss2_Sys_Execute( otherSysContext );
5637 CheckFailed( rval, TPM_RC_VALUE | TPM_RC_1 | TPM_RC_H ); // #3
5638
5639 rval = Tss2_Sys_GetRspAuths( otherSysContext, &rspAuths );
5640 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #4
5641
5642 //
5643 // Test for command that can never take sessions.
5644 //
5645 rval = Tss2_Sys_ReadClock_Prepare( otherSysContext );
5646 CheckPassed( rval ); // #5
5647
5648 rval = Tss2_Sys_Execute( otherSysContext );
5649 CheckPassed( rval ); // #6
5650
5651 rval = Tss2_Sys_GetRspAuths( otherSysContext, &rspAuths );
5652 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE ); // #7
5653
5654 // Setup for testing for bad references and other conditions.
5655 rval = Tss2_Sys_StartAuthSession_Prepare( sysContext,
5656 TPM_RH_NULL, TPM_RH_NULL, &nonceCaller, &encryptedSalt, TPM_SE_HMAC,
5657 &symmetric, TPM_ALG_SHA256 );
5658 CheckPassed( rval ); // #8
5659
5660 cmdAuths.cmdAuthsCount = 2;
5661 rval = Tss2_Sys_SetCmdAuths( sysContext, &cmdAuths );
5662 CheckPassed( rval ); // #9
5663
5664 rval = Tss2_Sys_Execute( sysContext );
5665 CheckPassed( rval ); // #10
5666
5667 // Test for bad reference.
5668 rval = Tss2_Sys_GetRspAuths( 0, &rspAuths );
5669 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #11
5670
5671 rval = Tss2_Sys_GetRspAuths( sysContext, 0 );
5672 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE ); // #12
5673
5674 // Test for bad count.
5675 rspAuths.rspAuthsCount = 0;
5676 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5677 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE ); // #13
5678
5679 // Test for non-matching count: specified count doesn't
5680 // match returned count.
5681 rspAuths.rspAuthsCount = 1;
5682 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5683 CheckFailed( rval, TSS2_SYS_RC_INVALID_SESSIONS ); // #14
5684
5685 // Test for non-matching count: cmd auth count doesn't
5686 // match returned auth count.
5687 rspAuths.rspAuthsCount = 3;
5688 savedResponseSize = CHANGE_ENDIAN_DWORD( ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize );
5689 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize - 5 );
5690 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5691 CheckFailed( rval, TSS2_SYS_RC_INVALID_SESSIONS ); // #15
5692
5693 // Test for malformed response.
5694 rspAuths.rspAuthsCount = 2;
5695 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize - 7 );
5696 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5697 CheckFailed( rval, TSS2_SYS_RC_MALFORMED_RESPONSE ); // #16
5698
5699 // Ths one should pass.
5700 ( (TPM20_Header_Out *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmOutBuffPtr ) )->responseSize = CHANGE_ENDIAN_DWORD( savedResponseSize );
5701 rval = Tss2_Sys_GetRspAuths( sysContext, &rspAuths );
5702 CheckPassed( rval ); // #17
5703
5704 // Check for bad sequence.
5705 rval = Tss2_Sys_StartAuthSession_Complete( sysContext,
5706 &testSessionHandle, &nonceTpm );
5707 CheckPassed( rval ); // #17
5708
5709 // Others?
5710
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]5711}
5712
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5713void GetSetEncryptParamTests()
5714{
5715 TPM2B_MAX_NV_BUFFER nvWriteData = { { 4, { 0xde, 0xad, 0xbe, 0xef, } } };
5716 const uint8_t *encryptParamBuffer;
5717 const uint8_t encryptParamBuffer1[4] = { 01, 02, 03, 04 };
5718 size_t encryptParamSize;
5719 TSS2_RC rval;
5720 int i;
5721 TPM2B_DIGEST authPolicy;
5722 TPMA_NV nvAttributes;
5723 TPM2B_AUTH nvAuth;
5724
5725 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
5726 TPMS_AUTH_RESPONSE sessionDataOut;
5727 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
5728 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
5729 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
5730 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
5731
5732 TPM2B_MAX_NV_BUFFER nvReadData;
5733
5734 TpmClientPrintf( 0, "\nGET/SET ENCRYPT PARAM TESTS:\n" );
5735
5736 // Do Prepare.
5737 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
5738 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
5739 CheckPassed( rval );
5740
5741 // Test for bad sequence
5742 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
5743 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5744
5745 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, &( nvWriteData.t.buffer[0] ) );
5746 CheckFailed( rval, TSS2_SYS_RC_BAD_SEQUENCE );
5747
5748 // Create NV index
5749
5750 // Set empty policy and auth value.
5751 authPolicy.t.size = 0;
5752 nvAuth.t.size = 0;
5753
5754 // Now set the attributes.
5755 *(UINT32 *)( (void *)&nvAttributes ) = 0;
5756 nvAttributes.TPMA_NV_AUTHREAD = 1;
5757 nvAttributes.TPMA_NV_AUTHWRITE = 1;
5758 nvAttributes.TPMA_NV_PLATFORMCREATE = 1;
5759
5760 rval = DefineNvIndex( TPM_RH_PLATFORM, TPM_RS_PW, &nvAuth, &authPolicy,
5761 TPM20_INDEX_PASSWORD_TEST, TPM_ALG_SHA1, nvAttributes, 32 );
5762 CheckPassed( rval );
5763
5764 // Write the index.
5765 rval = Tss2_Sys_NV_Write_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST,
5766 TPM20_INDEX_PASSWORD_TEST, &nvWriteData, 0 );
5767 CheckPassed( rval );
5768
5769 rval = Tss2_Sys_NV_Write( sysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, &sessionsData, &nvWriteData, 0, &sessionsDataOut );
5770 CheckPassed( rval );
5771
5772 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
5773 CheckFailed( rval, TSS2_SYS_RC_NO_ENCRYPT_PARAM );
5774
5775 // Now read it and do tests on get/set encrypt functions
5776 rval = Tss2_Sys_NV_Read_Prepare( sysContext, TPM20_INDEX_PASSWORD_TEST, TPM20_INDEX_PASSWORD_TEST, 4, 0 );
5777 CheckPassed( rval );
5778
5779 rval = Tss2_Sys_NV_Read( sysContext, TPM20_INDEX_PASSWORD_TEST,
5780 TPM20_INDEX_PASSWORD_TEST, &sessionsData, 4, 0, &nvReadData, &sessionsDataOut );
5781 CheckPassed( rval );
5782
5783 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
5784 CheckPassed( rval );
5785
5786 rval = Tss2_Sys_SetEncryptParam( sysContext, encryptParamSize, encryptParamBuffer1 );
5787 CheckPassed( rval );
5788
5789 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, &encryptParamBuffer );
5790 CheckPassed( rval );
5791
5792 // Test that encryptParamBuffer is the same as encryptParamBuffer1
5793 for( i = 0; i < 4; i++ )
5794 {
5795 if( encryptParamBuffer[i] != encryptParamBuffer1[i] )
5796 {
5797 TpmClientPrintf( 0, "ERROR!! encryptParamBuffer[%d] s/b: %2.2x, was: %2.2x\n", i, encryptParamBuffer[i], encryptParamBuffer1[i] );
5798 Cleanup();
5799 }
5800 }
5801
5802 rval = Tss2_Sys_NV_UndefineSpace( sysContext, TPM_RH_PLATFORM, TPM20_INDEX_PASSWORD_TEST, &sessionsData, 0 );
5803 CheckPassed( rval );
5804
5805
5806 // Test for bad reference
5807 rval = Tss2_Sys_GetEncryptParam( 0, &encryptParamSize, &encryptParamBuffer );
5808 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5809
5810 rval = Tss2_Sys_GetEncryptParam( sysContext, 0, &encryptParamBuffer );
5811 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5812
5813 rval = Tss2_Sys_GetEncryptParam( sysContext, &encryptParamSize, 0 );
5814 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5815
5816 rval = Tss2_Sys_SetEncryptParam( sysContext, 4, 0 );
5817 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5818
5819 rval = Tss2_Sys_SetEncryptParam( 0, 4, encryptParamBuffer );
5820 CheckFailed( rval, TSS2_SYS_RC_BAD_REFERENCE );
5821}
5822
5823void TestRM()
5824{
5825 TSS2_TCTI_CONTEXT *otherResMgrTctiContext = 0;
5826 TSS2_SYS_CONTEXT *otherSysContext;
5827 TPM2B_SENSITIVE_CREATE inSensitive;
5828 TPM2B_PUBLIC inPublic;
5829 TPM2B_DATA outsideInfo;
5830 TPML_PCR_SELECTION creationPCR;
5831 TPMS_AUTH_COMMAND sessionData;
5832 TPMS_AUTH_RESPONSE sessionDataOut;
5833 TSS2_SYS_CMD_AUTHS sessionsData;
5834
5835 TSS2_SYS_RSP_AUTHS sessionsDataOut;
5836 TPM2B_NAME name;
5837 TPM2B_PRIVATE outPrivate;
5838 TPM2B_PUBLIC outPublic;
5839 TPM2B_CREATION_DATA creationData;
5840 TPM2B_DIGEST creationHash;
5841 TPMT_TK_CREATION creationTicket;
5842
5843 TPMS_AUTH_COMMAND *sessionDataArray[1];
5844 TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
5845 TSS2_RC rval = TSS2_RC_SUCCESS;
5846
5847 TPMS_CONTEXT context;
5848 TSS2_TCTI_CONTEXT *tctiContext;
5849
5850 TPMI_DH_CONTEXT loadedHandle, newHandle, newNewHandle, newHandleDummy;
5851 TPMS_CONTEXT newContext;
5852 char otherResMgrInterfaceName[] = "Test RM Resource Manager";
5853
5854 TpmClientPrintf( 0, "\nRM TESTS:\n" );
5855
5856 sessionDataArray[0] = &sessionData;
5857 sessionDataOutArray[0] = &sessionDataOut;
5858
5859 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
5860 sessionsData.cmdAuths = &sessionDataArray[0];
5861
5862 sessionsDataOut.rspAuthsCount = 1;
5863 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
5864 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
5865 inSensitive.t.sensitive.data.t.size = 0;
5866 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
5867
5868 inPublic.t.publicArea.type = TPM_ALG_RSA;
5869 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
5870
5871 // First clear attributes bit field.
5872 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
5873 inPublic.t.publicArea.objectAttributes.restricted = 1;
5874 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
5875 inPublic.t.publicArea.objectAttributes.decrypt = 1;
5876 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
5877 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
5878 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
5879
5880 inPublic.t.publicArea.authPolicy.t.size = 0;
5881
5882 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
5883 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
5884 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
5885 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
5886 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
5887 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
5888
5889 inPublic.t.publicArea.unique.rsa.t.size = 0;
5890
5891 outsideInfo.t.size = 0;
5892 creationPCR.count = 0;
5893
5894 sessionData.sessionHandle = TPM_RS_PW;
5895
5896 // Init nonce.
5897 sessionData.nonce.t.size = 0;
5898
5899 // init hmac
5900 sessionData.hmac.t.size = 0;
5901
5902 // Init session attributes
5903 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
5904
5905 sessionsData.cmdAuthsCount = 1;
5906 sessionsData.cmdAuths[0] = &sessionData;
5907
5908 rval = InitTctiResMgrContext( rmInterfaceConfig, &otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
5909 if( rval != TSS2_RC_SUCCESS )
5910 {
5911 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
5912 Cleanup();
5913 return;
5914 }
5915 else
5916 {
5917 (( TSS2_TCTI_CONTEXT_INTEL *)otherResMgrTctiContext )->status.debugMsgLevel = debugLevel;
5918 }
5919
5920 otherSysContext = InitSysContext( 0, otherResMgrTctiContext, &abiVersion );
5921 if( otherSysContext == 0 )
5922 {
5923 InitSysContextFailure();
5924 }
5925
wcarthur02340012015-10-28 08:32:42 -0400[diff] [blame]5926 // TEST WITH AN INVALID COMMAND CODE.
5927
5928 rval = Tss2_Sys_Startup_Prepare( sysContext, TPM_SU_CLEAR );
5929 CheckPassed(rval);
5930
5931 //
5932 // Alter the CC by altering the CC field in sysContext.
5933 //
5934 // WARNING: This is something only a test application should do. Do
5935 // not use this as sample code.
5936 //
5937 ((TPM20_Header_In *)( ( (_TSS2_SYS_CONTEXT_BLOB *)sysContext )->tpmInBuffPtr) )->commandCode = TPM_CC_FIRST - 1;
5938 rval = Tss2_Sys_Execute( sysContext );
5939 CheckFailed( rval, TPM_RC_COMMAND_CODE );
5940
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]5941 // TEST OWNERSHIP
5942
5943 // Try to access a key created by the first TCTI context.
5944 sessionData.hmac.t.size = 2;
5945 sessionData.hmac.t.buffer[0] = 0x00;
5946 sessionData.hmac.t.buffer[1] = 0xff;
5947
5948 inPublic.t.publicArea.type = TPM_ALG_RSA;
5949 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
5950
5951 // First clear attributes bit field.
5952 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
5953 inPublic.t.publicArea.objectAttributes.restricted = 1;
5954 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
5955 inPublic.t.publicArea.objectAttributes.decrypt = 1;
5956 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
5957 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
5958 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
5959
5960 inPublic.t.publicArea.authPolicy.t.size = 0;
5961
5962 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
5963 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
5964 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
5965 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
5966 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
5967 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
5968
5969 inPublic.t.publicArea.unique.rsa.t.size = 0;
5970
5971 outsideInfo.t.size = 0;
5972
5973 // This one should fail, because a different context is trying to use the primary object.
5974 outPublic.t.size = 0;
5975 creationData.t.size = 0;
5976 rval = Tss2_Sys_Create( otherSysContext, handle2048rsa, &sessionsData, &inSensitive, &inPublic,
5977 &outsideInfo, &creationPCR,
5978 &outPrivate, &outPublic, &creationData,
5979 &creationHash, &creationTicket, &sessionsDataOut );
5980 CheckFailed( rval, TSS2_RESMGR_UNOWNED_HANDLE );
5981
5982 // This one should pass, because the same context is allowed to save the context.
5983 rval = Tss2_Sys_ContextSave( sysContext, handle2048rsa, &context );
5984 CheckPassed( rval );
5985
5986 // This one should pass, since we saved the context first.
5987 rval = Tss2_Sys_ContextLoad( otherSysContext, &context, &loadedHandle );
5988 CheckPassed( rval );
5989
5990 rval = Tss2_Sys_FlushContext( otherSysContext, loadedHandle );
5991 CheckPassed( rval );
5992
5993 // NOW, DO SOME LOCALITY TESTS
5994
5995 // Test with null tctiContext ptr.
5996 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( 0, 0 );
5997 CheckFailed( rval, TSS2_TCTI_RC_BAD_REFERENCE );
5998
5999 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( otherResMgrTctiContext, 0 );
6000 CheckPassed( rval );
6001
6002 // Now try changing localities between send and receive.
6003 rval = Tss2_Sys_ContextLoad( otherSysContext, &context, &loadedHandle );
6004 CheckPassed( rval );
6005
6006 rval = Tss2_Sys_FlushContext_Prepare( otherSysContext, loadedHandle );
6007 CheckPassed( rval );
6008
6009 rval = Tss2_Sys_ExecuteAsync( otherSysContext );
6010 CheckPassed( rval );
6011
6012 // This should fail because locality is changing between send and receive.
6013 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->setLocality)( otherResMgrTctiContext, 1 );
6014 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6015
6016 rval = Tss2_Sys_ExecuteFinish( otherSysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6017 CheckPassed( rval );
6018
6019 // NOW, DO SOME CANCEL TESTS
6020
6021 rval = Tss2_Sys_GetTctiContext( sysContext, &tctiContext );
6022 CheckPassed( rval );
6023
6024 // Try cancel with null tctiContext ptr.
6025 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( 0 );
6026 CheckFailed( rval, TSS2_TCTI_RC_BAD_REFERENCE );
6027
6028 // Try cancel when no commands are pending.
6029 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( otherResMgrTctiContext );
6030 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6031
6032 // Then try cancel with a pending command: send cancel before blocking _Finish call.
6033 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
6034 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6035 &outsideInfo, &creationPCR );
6036 CheckPassed( rval );
6037
6038 //
6039 // NOTE: there are race conditions in tests that use cancel and
6040 // are expecting to receive the CANCEL response code. The tests
6041 // typically pass, but may occasionally fail on the order of
6042 // 1 out of 500 or so test passes.
6043 //
6044 // The OS could delay the test app long enough for the TPM to
6045 // complete the CreatePrimary before the test app gets to run
6046 // again. To make these tests robust would require some way to
6047 // create a critical section in the test app.
6048 //
6049 sessionData.hmac.t.size = 0;
6050 sessionData.nonce.t.size = 0;
6051 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6052 CheckPassed( rval );
6053
6054 rval = Tss2_Sys_ExecuteAsync( sysContext );
6055 CheckPassed( rval );
6056
6057 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)tctiContext)->cancel)( tctiContext );
6058 CheckPassed( rval );
6059
6060 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6061 CheckFailed( rval, TPM_RC_CANCELED );
6062
6063 // Then try cancel with a pending command: send cancel after non-blocking _Finish call.
6064 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6065 &outsideInfo, &creationPCR );
6066 CheckPassed( rval );
6067
6068 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6069 CheckPassed( rval );
6070
6071 rval = Tss2_Sys_ExecuteAsync( sysContext );
6072 CheckPassed( rval );
6073
6074 rval = Tss2_Sys_ExecuteFinish( sysContext, 0 );
6075 CheckFailed( rval, TSS2_TCTI_RC_TRY_AGAIN );
6076
6077 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)tctiContext)->cancel)( tctiContext );
6078 CheckPassed( rval );
6079
6080 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6081 CheckFailed( rval, TPM_RC_CANCELED );
6082
6083 // Then try cancel from a different connection: it should just get a sequence error.
6084 rval = Tss2_Sys_CreatePrimary_Prepare( sysContext, TPM_RH_PLATFORM, &inSensitive, &inPublic,
6085 &outsideInfo, &creationPCR );
6086 CheckPassed( rval );
6087
6088 rval = Tss2_Sys_SetCmdAuths( sysContext, &sessionsData );
6089 CheckPassed( rval );
6090
6091 rval = Tss2_Sys_ExecuteAsync( sysContext );
6092 CheckPassed( rval );
6093
6094 rval = (((TSS2_TCTI_CONTEXT_COMMON_V1 *)otherResMgrTctiContext)->cancel)( otherResMgrTctiContext );
6095 CheckFailed( rval, TSS2_TCTI_RC_BAD_SEQUENCE );
6096
6097 rval = Tss2_Sys_ExecuteFinish( sysContext, TSS2_TCTI_TIMEOUT_BLOCK );
6098 CheckPassed( rval );
6099
6100 outPublic.t.size = 0;
6101 creationData.t.size = 0;
6102 rval = Tss2_Sys_CreatePrimary_Complete( sysContext, &newHandle, &outPublic, &creationData,
6103 &creationHash, &creationTicket, &name );
6104 CheckPassed( rval );
6105
6106 //
6107 // Now try saving context for object and loading it using a different connection.
6108 //
6109
6110 // First save context.
6111 rval = Tss2_Sys_ContextSave( sysContext, newHandle, &newContext );
6112 CheckPassed( rval );
6113
6114 //
6115 // Now create an object with different hierarchy. This will make sure that
6116 // RM is getting correct hierarchy in it's table.
6117 // NOTE: this test can only be verified by looking at RM output.
6118 //
6119 outPublic.t.size = 0;
6120 creationData.t.size = 0;
6121 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_ENDORSEMENT, &sessionsData, &inSensitive, &inPublic,
6122 &outsideInfo, &creationPCR, &newHandleDummy, &outPublic, &creationData, &creationHash,
6123 &creationTicket, &name, &sessionsDataOut );
6124 CheckPassed( rval );
6125
6126 // Now try loading the context using a different connection.
6127 rval = Tss2_Sys_ContextLoad( otherSysContext, &newContext, &newNewHandle );
6128 CheckPassed( rval );
6129
6130 // Flush original connection's object.
6131 rval = Tss2_Sys_FlushContext( sysContext, newHandle );
6132 CheckPassed( rval );
6133
6134 // Now try flushing new object from wrong connection. Shouldn't be able to.
6135 rval = Tss2_Sys_FlushContext( sysContext, newNewHandle );
6136 CheckFailed( rval, TSS2_RESMGR_UNOWNED_HANDLE );
6137
6138 // Now flush new object from other connection. Should work.
6139 rval = Tss2_Sys_FlushContext( otherSysContext, newNewHandle );
6140 CheckPassed( rval );
6141
6142 // Now flush dummy object.
6143 rval = Tss2_Sys_FlushContext( sysContext, newHandleDummy );
6144 CheckPassed( rval );
6145
6146 rval = TeardownTctiResMgrContext( rmInterfaceConfig, otherResMgrTctiContext, &otherResMgrInterfaceName[0] );
6147 CheckPassed( rval );
6148
6149 TeardownSysContext( &otherSysContext );
6150}
6151
6152void EcEphemeralTest()
6153{
6154 TSS2_RC rval = TSS2_RC_SUCCESS;
6155 TPM2B_ECC_POINT Q;
6156 UINT16 counter;
6157
6158 TpmClientPrintf( 0, "\nEC Ephemeral TESTS:\n" );
6159
6160 // Test SAPI for case of Q size field not being set to 0.
6161 Q.t.size = 0xff;
6162 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM_ECC_BN_P256, &Q, &counter, 0 );
6163 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
6164
6165 Q.t.size = 0;
6166 rval = Tss2_Sys_EC_Ephemeral( sysContext, 0, TPM_ECC_BN_P256, &Q, &counter, 0 );
6167 CheckPassed( rval );
6168}
6169
6170
6171void AbiVersionTests()
6172{
6173 UINT32 contextSize = 1000;
6174 TSS2_RC rval;
6175 TSS2_SYS_CONTEXT *sysContext;
6176 TSS2_ABI_VERSION tstAbiVersion = { TSSWG_INTEROP, TSS_SAPI_FIRST_FAMILY, TSS_SAPI_FIRST_LEVEL, TSS_SAPI_FIRST_VERSION };
6177
6178 TpmClientPrintf( 0, "\nABI NEGOTIATION TESTS:\n" );
6179
6180 // Get the size needed for system context structure.
6181 contextSize = Tss2_Sys_GetContextSize( contextSize );
6182
6183 // Allocate the space for the system context structure.
6184 sysContext = (TSS2_SYS_CONTEXT *)malloc( contextSize );
6185
6186 if( sysContext != 0 )
6187 {
6188 // Initialized the system context structure.
6189 tstAbiVersion.tssCreator = 0xF0000000;
6190 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6191 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6192
6193 tstAbiVersion.tssCreator = TSSWG_INTEROP;
6194 tstAbiVersion.tssFamily = 0xF0000000;
6195 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6196 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6197
6198 tstAbiVersion.tssFamily = TSS_SAPI_FIRST_FAMILY;
6199 tstAbiVersion.tssLevel = 0xF0000000;
6200 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6201 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6202
6203 tstAbiVersion.tssLevel = TSS_SAPI_FIRST_LEVEL;
6204 tstAbiVersion.tssVersion = 0xF0000000;
6205 rval = Tss2_Sys_Initialize( sysContext, contextSize, resMgrTctiContext, &tstAbiVersion );
6206 CheckFailed( rval, TSS2_SYS_RC_ABI_MISMATCH );
6207 }
6208 free( sysContext );
6209}
6210
6211
6212#ifdef __cplusplus
6213extern "C" {
6214#endif
6215
6216extern int dummy_test();
6217
6218#ifdef __cplusplus
6219}
6220#endif
6221
6222extern TSS2_RC SocketSendTpmCommand(
6223 TSS2_TCTI_CONTEXT *tctiContext, /* in */
6224 size_t command_size, /* in */
6225 uint8_t *command_buffer /* in */
6226 );
6227
6228TSS2_RC SocketReceiveTpmResponse(
6229 TSS2_TCTI_CONTEXT *tctiContext, /* in */
6230 size_t *response_size, /* out */
6231 unsigned char *response_buffer, /* in */
6232 int32_t timeout
6233 );
6234
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6235void TestCreate1()
6236{
6237 UINT32 rval;
6238 TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof( TPM2B_SENSITIVE_CREATE ) - 2, } };
6239 TPM2B_PUBLIC inPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
6240 TPM2B_DATA outsideInfo = { { sizeof( TPM2B_DATA ) - 2, } };
6241 TPML_PCR_SELECTION creationPCR;
6242
6243 TPMS_AUTH_COMMAND sessionData = { TPM_RS_PW, };
6244 TPMS_AUTH_RESPONSE sessionDataOut;
6245 TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
6246 TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
6247 TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
6248 TSS2_SYS_RSP_AUTHS sessionsDataOut = { 1, &sessionDataOutArray[0] };
6249
6250 TPM2B_NAME name = { { sizeof( TPM2B_NAME ) - 2, } };
6251 TPM2B_PUBLIC outPublic = { { sizeof( TPM2B_PUBLIC ) - 2, } };
6252 TPM2B_CREATION_DATA creationData = { { sizeof( TPM2B_CREATION_DATA ) - 2, } };
6253 TPM2B_DIGEST creationHash = { { sizeof( TPM2B_DIGEST ) - 2, } };
6254 TPMT_TK_CREATION creationTicket = { 0, 0, { { sizeof( TPM2B_DIGEST ) - 2, } } };
6255
6256 sessionDataArray[0] = &sessionData;
6257 sessionDataOutArray[0] = &sessionDataOut;
6258
6259 sessionsDataOut.rspAuths = &sessionDataOutArray[0];
6260 sessionsData.cmdAuths = &sessionDataArray[0];
6261
6262 sessionsDataOut.rspAuthsCount = 1;
6263
Will-nuc9ab34612015-10-29 17:02:47 -0400[diff] [blame]6264 printf( "\nCREATE PRIMARY, encrypt and decrypt TESTS:\n" );
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6265
6266 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6267 inSensitive.t.sensitive.userAuth = loadedSha1KeyAuth;
6268 inSensitive.t.sensitive.data.t.size = 0;
6269 inSensitive.t.size = loadedSha1KeyAuth.b.size + 2;
6270
6271 inPublic.t.publicArea.type = TPM_ALG_RSA;
6272 inPublic.t.publicArea.nameAlg = TPM_ALG_SHA1;
6273
6274 // First clear attributes bit field.
6275 *(UINT32 *)&( inPublic.t.publicArea.objectAttributes) = 0;
6276 inPublic.t.publicArea.objectAttributes.restricted = 1;
6277 inPublic.t.publicArea.objectAttributes.userWithAuth = 1;
6278 inPublic.t.publicArea.objectAttributes.decrypt = 1;
6279 inPublic.t.publicArea.objectAttributes.fixedTPM = 1;
6280 inPublic.t.publicArea.objectAttributes.fixedParent = 1;
6281 inPublic.t.publicArea.objectAttributes.sensitiveDataOrigin = 1;
6282
6283 inPublic.t.publicArea.authPolicy.t.size = 0;
6284
6285 inPublic.t.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
6286 inPublic.t.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
6287 inPublic.t.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_ECB;
6288 inPublic.t.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
6289 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 1024;
6290 inPublic.t.publicArea.parameters.rsaDetail.exponent = 0;
6291
6292 inPublic.t.publicArea.unique.rsa.t.size = 0;
6293
6294 outsideInfo.t.size = 0;
6295 creationPCR.count = 0;
6296
6297 sessionData.sessionHandle = TPM_RS_PW;
6298
6299 // Init nonce.
6300 sessionData.nonce.t.size = 0;
6301
6302 // init hmac
6303 sessionData.hmac.t.size = 0;
6304
6305 // Init session attributes
6306 *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
6307
6308 sessionsData.cmdAuthsCount = 1;
6309 sessionsData.cmdAuths[0] = &sessionData;
6310
6311 inPublic.t.publicArea.parameters.rsaDetail.keyBits = 2048;
6312
6313 // Do SAPI test for non-zero sized outPublic
6314 outPublic.t.size = 0xff;
6315 creationData.t.size = 0;
6316 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_OWNER, &sessionsData, &inSensitive, &inPublic,
6317 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6318 &creationTicket, &name, &sessionsDataOut );
6319 CheckFailed( rval, TSS2_SYS_RC_BAD_VALUE );
6320
6321#if 0
6322 // Do SAPI test for non-zero sized creationData
6323 outPublic.t.size = 0;
6324 creationData.t.size = 0x10;
6325 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_PLATFORM, &sessionsData, &inSensitive, &inPublic,
6326 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6327 &creationTicket, &name, &sessionsDataOut );
6328 CheckFailed( rval, TSS2_SYS_RC_INSUFFICIENT_BUFFER );
6329#endif
6330
6331 outPublic.t.size = 0;
6332 creationData.t.size = sizeof( TPM2B_CREATION_DATA ) - 2;
6333 outPublic.t.publicArea.authPolicy.t.size = sizeof( TPM2B_DIGEST ) - 2;
6334 outPublic.t.publicArea.unique.keyedHash.t.size = sizeof( TPM2B_DIGEST ) - 2;
6335 rval = Tss2_Sys_CreatePrimary( sysContext, TPM_RH_OWNER, &sessionsData, &inSensitive, &inPublic,
6336 &outsideInfo, &creationPCR, &handle2048rsa, &outPublic, &creationData, &creationHash,
6337 &creationTicket, &name, &sessionsDataOut );
6338 CheckPassed( rval );
6339
6340 printf( "\nNew key successfully created in owner hierarchy (RSA 2048). Handle: 0x%8.8x\n",
6341 handle2048rsa );
6342 printf( "Name of created primary key: " );
6343 PrintSizedBuffer( (TPM2B *)&name );
6344
6345 char buffer1contents[] = "test";
6346 //char buffer2contents[] = "string";
6347
6348 TPMI_DH_OBJECT keyHandle = handle2048rsa;
6349 TPMT_RSA_DECRYPT inScheme;
6350 TPM2B_PUBLIC_KEY_RSA message;
6351 TPM2B_PUBLIC_KEY_RSA outData;
6352
6353 message.t.size = strlen(buffer1contents);
6354 memcpy(message.t.buffer, buffer1contents, message.t.size);
6355
6356 inScheme.scheme = TPM_ALG_NULL;
6357
6358 //printf("keyHandle: %x\n", keyHandle);
6359 rval = Tss2_Sys_RSA_Encrypt(sysContext, keyHandle, &sessionsData, &message, &inScheme, &outsideInfo, &outData, &sessionsDataOut);
6360 if( tpmSpecVersion >= 124 )
6361 CheckFailed( rval, TPM_RC_S + TPM_RC_1 + TPM_RC_HANDLE );
6362 else
6363 CheckFailed( rval, TPM_RC_1 + TPM_RC_HANDLE );
6364
6365 rval = Tss2_Sys_RSA_Encrypt(sysContext, keyHandle, 0, &message, &inScheme, &outsideInfo, &outData, &sessionsDataOut);
6366 CheckPassed( rval );
6367
6368 for (int i=0; i<message.t.size; i++)
6369 printf("\nlabel size:%d, label buffer:%x, outData size:%d, outData buffer:%x, msg size:%d, msg buffer:%x", outsideInfo.t.size, outsideInfo.t.buffer[i], outData.t.size, outData.t.buffer[i], message.t.size, message.t.buffer[i]);
6370 CheckPassed(rval);
6371}
6372
6373
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6374void TpmTest()
6375{
6376 TSS2_RC rval = TSS2_RC_SUCCESS;
6377 UINT32 i;
6378
6379 nullSessionsDataOut.rspAuthsCount = 1;
6380 nullSessionsDataOut.rspAuths[0]->nonce = nullSessionNonceOut;
6381 nullSessionsDataOut.rspAuths[0]->hmac = nullSessionHmac;
6382 nullSessionNonceOut.t.size = 0;
6383 nullSessionNonce.t.size = 0;
6384
6385 loadedSha1KeyAuth.t.size = 2;
6386 loadedSha1KeyAuth.t.buffer[0] = 0x00;
6387 loadedSha1KeyAuth.t.buffer[1] = 0xff;
6388
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6389 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
6390 CheckPassed( rval );
6391
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6392 InitEntities();
6393
6394 InitNullSession( &nullSessionData);
6395
6396 AbiVersionTests();
6397
wcarthurd1fe2872015-11-03 07:44:57 -0500[diff] [blame]6398 SysInitializeTests();
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6399
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]6400 SysFinalizeTests();
6401
6402 GetContextSizeTests();
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]6403
6404 GetTctiContextTests();
wcarthur4d547ee2015-11-09 12:55:00 -0500[diff] [blame]6405
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6406 GetSetDecryptParamTests();
wcarthur12eb0502015-11-06 12:01:24 -0500[diff] [blame]6407
6408#ifdef _WIN32
6409 // This test can only be run agains the simulator
6410 RmZeroSizedResponseTest();
6411#endif
6412
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6413 rval = PlatformCommand( resMgrTctiContext, MS_SIM_POWER_ON );
6414 CheckPassed( rval );
6415
6416 rval = PlatformCommand( resMgrTctiContext, MS_SIM_NV_ON );
6417 CheckPassed( rval );
6418
6419 TestTpmStartup();
6420
6421 GetTpmVersion();
6422
wcarthur247b55a2015-11-09 10:17:11 -0500[diff] [blame]6423 CmdRspAuthsTests();
6424
wcarthurd71ab7d2015-11-10 16:11:02 -0500[diff] [blame^]6425 PrepareTests();
6426
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6427 // Clear DA lockout.
6428 TestDictionaryAttackLockReset();
6429
6430 TestTpmSelftest();
6431
6432 TestSapiApis();
6433
6434 TestDictionaryAttackLockReset();
6435
6436 TestCreate();
6437
unknown6ee10422015-10-14 08:59:24 -0400[diff] [blame]6438 TestCreate1();
6439
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6440 if( startAuthSessionTestOnly == 1 )
6441 {
6442 TestStartAuthSession();
6443 goto endTests;
6444 }
6445
6446 TestHierarchyControl();
6447
6448 NvIndexProto();
6449
6450 GetSetEncryptParamTests();
6451
6452 TestEncryptDecryptSession();
6453
6454 SimpleHmacOrPolicyTest( true );
6455
6456 SimpleHmacOrPolicyTest( false );
6457
6458 for( i = 1; i <= (UINT32)passCount; i++ )
6459 {
6460 TpmClientPrintf( 0, "\n****** PASS #: %d ******\n\n", i );
6461
6462 TestTpmGetCapability();
6463
6464 TestPcrExtend();
6465
6466 TestHash();
6467
6468 TestPolicy();
6469
6470 TestTpmClear();
6471
6472 TestChangeEps();
6473
6474 TestChangePps();
6475
6476 TestHierarchyChangeAuth();
6477
6478 TestGetRandom();
6479
6480 if( i < 2 )
6481 TestShutdown();
6482
6483 TestNV();
6484
6485 TestCreate();
6486
6487 TestEvict();
6488
6489 NvIndexProto();
6490
6491 PasswordTest();
6492
6493 HmacSessionTest();
6494
6495 TestQuote();
6496
6497 TestDictionaryAttackLockReset();
6498
6499 TestPcrAllocate();
6500
6501 TestUnseal();
6502
6503 TestRM();
6504
6505 EcEphemeralTest();
6506#if 0
6507 TestRsaEncryptDecrypt();
6508#endif
6509 }
6510
6511 // Clear out RM entries for objects.
6512 rval = Tss2_Sys_FlushContext( sysContext, handle2048rsa );
6513 CheckPassed( rval );
6514 rval = Tss2_Sys_FlushContext( sysContext, loadedSha1KeyHandle );
6515 CheckPassed( rval );
6516
6517endTests:
6518 PlatformCommand( resMgrTctiContext, MS_SIM_POWER_OFF );
6519}
6520
6521
6522char version[] = "0.90";
6523
6524void PrintHelp()
6525{
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6526 printf( "TPM client test app, Version %s\nUsage: tpmclient [-rmhost hostname|ip_addr] [-rmport port] [-passes passNum] [-demoDelay delay] [-dbg dbgLevel] [-startAuthSessionTest]\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6527 "\n"
6528 "where:\n"
6529 "\n"
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6530 "-rmhost specifies the host IP address for the system running the resource manager (default: %s)\n"
6531 "-rmport specifies the port number for the system running the resource manager (default: %d)\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6532 "-passes specifies the number of test passes (default: 1)\n"
6533 "-demoDelay specifies a delay in units of loops, not time (default: 0)\n"
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6534 "-dbg specifies level of debug messages:\n"
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6535 " 0 (high level test results)\n"
6536 " 1 (test app send/receive byte streams)\n"
6537 " 2 (resource manager send/receive byte streams)\n"
6538 " 3 (resource manager tables)\n"
6539 "-startAuthSessionTest enables some special tests of the resource manager for starting sessions\n"
6540#ifdef SHARED_OUT_FILE
6541 "-out selects the output file (default is stdout)\n"
6542#endif
6543 , version, DEFAULT_HOSTNAME, DEFAULT_RESMGR_TPM_PORT );
6544}
6545
6546int main(int argc, char* argv[])
6547{
6548 char hostName[HOSTNAME_LENGTH] = DEFAULT_HOSTNAME;
6549 int port = DEFAULT_RESMGR_TPM_PORT;
6550 int count;
6551 TSS2_RC rval;
6552
6553 setvbuf (stdout, NULL, _IONBF, BUFSIZ);
6554#ifdef SHARED_OUT_FILE
6555 if( argc > 12 )
6556#else
6557 if( argc > 10 )
6558#endif
6559 {
6560 PrintHelp();
6561 return 1;
6562 }
6563 else
6564 {
6565 for( count = 1; count < argc; count++ )
6566 {
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6567 if( 0 == strcmp( argv[count], "-rmhost" ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6568 {
6569 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6570 if( count >= argc || ( strlen( argv[count] ) + 1 <= HOSTNAME_LENGTH ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6571 {
6572 if( 1 != sscanf( argv[count], "%199s", &hostName[0] ) )
6573 {
6574 PrintHelp();
6575 return 1;
6576 }
6577 }
6578 else
6579 {
6580 PrintHelp();
6581 return 1;
6582 }
6583 }
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6584 else if( 0 == strcmp( argv[count], "-rmport" ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6585 {
6586 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6587 if( count >= argc || 1 != sscanf_s( argv[count], "%d", &port ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6588 {
6589 PrintHelp();
6590 return 1;
6591 }
6592 }
6593 else if( 0 == strcmp( argv[count], "-passes" ) )
6594 {
6595 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6596 if( count >= argc || 1 != sscanf_s( argv[count], "%x", &passCount ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6597 {
6598 PrintHelp();
6599 return 1;
6600 }
6601 }
6602 else if( 0 == strcmp( argv[count], "-demoDelay" ) )
6603 {
6604 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6605 if( count >= argc || 1 != sscanf_s( argv[count], "%x", &demoDelay ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6606 {
6607 PrintHelp();
6608 return 1;
6609 }
6610 }
6611 else if( 0 == strcmp( argv[count], "-dbg" ) )
6612 {
6613 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6614 if( count >= argc || 1 != sscanf_s( argv[count], "%d", &debugLevel ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6615 {
6616 PrintHelp();
6617 return 1;
6618 }
6619 }
6620 else if( 0 == strcmp( argv[count], "-startAuthSessionTest" ) )
6621 {
6622 startAuthSessionTestOnly = 1;
6623 }
6624#ifdef SHARED_OUT_FILE
6625 else if( 0 == strcmp( argv[count], "-out" ) )
6626 {
6627 count++;
Will Arthur16fc1802015-08-20 17:07:34 -0400[diff] [blame]6628 if( count >= argc || 1 != sscanf_s( argv[count], "%199s", &outFileName, sizeof( outFileName ) ) )
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6629 {
6630 PrintHelp();
6631 return 1;
6632 }
6633 else
6634 {
6635 OpenOutFile( &outFp );
6636
6637 if( outFp == 0 )
6638 {
6639 printf( "Unable to open file, %s\n", &outFileName[0] );
6640 PrintHelp();
6641 return 1;
6642 }
6643 CloseOutFile( &outFp );
6644 }
6645 }
6646#endif
6647 else
6648 {
6649 PrintHelp();
6650 return 1;
6651 }
6652 }
6653 }
6654
6655 if( 0 == strcmp( outFileName, "" ) )
6656 {
6657 outFp = stdout;
6658 }
6659 else
6660 {
6661 outFp = 0;
6662 }
6663
6664 sprintf_s( rmInterfaceConfig, rmInterfaceConfigSize, "%s %d ", hostName, port );
6665
6666 rval = InitTctiResMgrContext( rmInterfaceConfig, &resMgrTctiContext, &resMgrInterfaceName[0] );
6667 if( rval != TSS2_RC_SUCCESS )
6668 {
6669 TpmClientPrintf( 0, "Resource Mgr, %s, failed initialization: 0x%x. Exiting...\n", resMgrInterfaceInfo.shortName, rval );
Will Arthur6aa5aa82015-08-20 17:55:22 -0400[diff] [blame]6670#ifdef _WIN32
6671 WSACleanup();
6672#endif
6673 if( resMgrTctiContext != 0 )
6674 free( resMgrTctiContext );
6675
Will Arthur54e04e42015-07-15 11:29:25 -0400[diff] [blame]6676 return( 1 );
6677 }
6678 else
6679 {
6680 (( TSS2_TCTI_CONTEXT_INTEL *)resMgrTctiContext )->status.debugMsgLevel = debugLevel;
6681 }
6682
6683 sysContext = InitSysContext( 0, resMgrTctiContext, &abiVersion );
6684 if( sysContext == 0 )
6685 {
6686 InitSysContextFailure();
6687 }
6688 else
6689 {
6690 TpmTest();
6691
6692 rval = TeardownTctiResMgrContext( rmInterfaceConfig, resMgrTctiContext, &resMgrInterfaceName[0] );
6693 CheckPassed( rval );
6694
6695 TeardownSysContext( &sysContext );
6696 }
6697
6698 return 0;
6699}
6700
6701