diff options
| author | Juergen Repp <Juergen.Repp@sit.fraunhofer.de> | 2018-06-18 15:49:21 +0200 |
|---|---|---|
| committer | Tadeusz Struk <tadeusz.struk@intel.com> | 2018-06-25 13:18:47 -0700 |
| commit | 16d774c863de14c8497866c84f7399c7808efe47 (patch) | |
| tree | 1f46b1e38b10e1156541cc9e5ee1a506294b7f56 /test | |
| parent | bb517eb429b3c4a684df59a26a03d3900e8cd564 (diff) | |
| download | tpm2-tss-16d774c863de14c8497866c84f7399c7808efe47.tar.gz | |
TEST ESYS: Fix error handling.
* Cleanup for TPM objects added in error cases.
* Added initialization for esys handles with ESYS_TR_NONE to check
whether object was allocated before cleanup.
* Moved Handle declarations to the beginning of the file to avoid usage
of uninitialized variables in cleanup.
* Check for optional commands added to skip the test.
* Check for platform authorization added to skip the test if
authorization is not possible.
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
Diffstat (limited to 'test')
47 files changed, 992 insertions, 246 deletions
diff --git a/test/integration/esys-audit.int.c b/test/integration/esys-audit.int.c index 3e9a0fef..5dd20ee3 100644 --- a/test/integration/esys-audit.int.c +++ b/test/integration/esys-audit.int.c @@ -26,6 +26,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR signHandle = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; /* Compute a signing key */ @@ -104,7 +106,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR signHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -123,7 +124,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2_SE sessionType = TPM2_SE_HMAC; TPMI_ALG_HASH authHash = TPM2_ALG_SHA256; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_NULL }; - ESYS_TR session; r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, @@ -204,7 +204,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &setList, &clearList); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); failure_return = EXIT_SKIP; @@ -216,11 +216,25 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, signHandle); goto_if_error(r, "Error: FlushContext", error); + signHandle = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, session); goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (signHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup signHandle failed."); + } + } return failure_return; } diff --git a/test/integration/esys-certify-creation.int.c b/test/integration/esys-certify-creation.int.c index ddb82fee..72f00ff2 100644 --- a/test/integration/esys-certify-creation.int.c +++ b/test/integration/esys-certify-creation.int.c @@ -22,6 +22,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR signHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -102,7 +103,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR signHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -141,5 +141,11 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (signHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup signHandle failed."); + } + } return EXIT_FAILURE; } diff --git a/test/integration/esys-certify.int.c b/test/integration/esys-certify.int.c index e050327e..0778c2ca 100644 --- a/test/integration/esys-certify.int.c +++ b/test/integration/esys-certify.int.c @@ -22,6 +22,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR signHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -102,7 +103,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR signHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -140,5 +140,11 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (signHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup signHandle failed."); + } + } return EXIT_FAILURE; } diff --git a/test/integration/esys-change-eps.int.c b/test/integration/esys-change-eps.int.c index 87404c65..f15493f6 100644 --- a/test/integration/esys-change-eps.int.c +++ b/test/integration/esys-change-eps.int.c @@ -34,7 +34,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto error; } - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); return EXIT_SKIP; diff --git a/test/integration/esys-clear.int.c b/test/integration/esys-clear.int.c index 4aa97ade..52c900b8 100644 --- a/test/integration/esys-clear.int.c +++ b/test/integration/esys-clear.int.c @@ -20,7 +20,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TSS2_RC r; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -65,5 +65,14 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + return EXIT_FAILURE; } diff --git a/test/integration/esys-commit.int.c b/test/integration/esys-commit.int.c index b0e5c1e4..b39f8be1 100644 --- a/test/integration/esys-commit.int.c +++ b/test/integration/esys-commit.int.c @@ -22,7 +22,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; - ESYS_TR session; + ESYS_TR eccHandle = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_AES, .keyBits = { .aes = 128 }, @@ -112,7 +113,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR eccHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -141,12 +141,29 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, eccHandle); goto_if_error(r, "Flushing context", error); + eccHandle = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, session); goto_if_error(r, "Error: FlushContext", error); + session = ESYS_TR_NONE; + return EXIT_SUCCESS; error: LOG_ERROR("\nError Code: %x\n", r); + + if (eccHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, eccHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup eccHandle failed."); + } + } + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-create-fail.int.c b/test/integration/esys-create-fail.int.c index 9744e73a..4e9666ce 100644 --- a/test/integration/esys-create-fail.int.c +++ b/test/integration/esys-create-fail.int.c @@ -24,6 +24,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -136,7 +137,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -146,19 +146,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_PUBLIC *outPublic2; @@ -168,7 +168,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, NULL, NULL, @@ -189,11 +189,17 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r, "Error esys create finish with NULL context did not fail", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } return EXIT_FAILURE; } diff --git a/test/integration/esys-create-password-auth.int.c b/test/integration/esys-create-password-auth.int.c index cbe4e85b..87442734 100644 --- a/test/integration/esys-create-password-auth.int.c +++ b/test/integration/esys-create-password-auth.int.c @@ -26,6 +26,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -138,7 +140,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -148,19 +149,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -251,7 +252,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -264,10 +265,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -290,14 +289,29 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationData2, &creationHash2, &creationTicket2); goto_if_error(r, "Error esys second create ", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); + primaryHandle = ESYS_TR_NONE; goto_if_error(r, "Error during FlushContext", error); r = Esys_FlushContext(esys_context, loadedKeyHandle); + loadedKeyHandle = ESYS_TR_NONE; goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-create-primary-hmac.int.c b/test/integration/esys-create-primary-hmac.int.c index 91cabd58..b63fd24e 100644 --- a/test/integration/esys-create-primary-hmac.int.c +++ b/test/integration/esys-create-primary-hmac.int.c @@ -22,7 +22,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; - ESYS_TR session; + ESYS_TR objectHandle = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_NULL }; r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, @@ -146,7 +147,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR objectHandle_handle; RSRC_NODE_T *objectHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -155,24 +155,42 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, session, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive, &inPublic, - &outsideInfo, &creationPCR, &objectHandle_handle, + &outsideInfo, &creationPCR, &objectHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esapi create primary", error); - r = esys_GetResourceObject(esys_context, objectHandle_handle, + r = esys_GetResourceObject(esys_context, objectHandle, &objectHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with TPM handle 0x%08x...", objectHandle_node->rsrc.handle); - r = Esys_FlushContext(esys_context, objectHandle_handle); + r = Esys_FlushContext(esys_context, objectHandle); goto_if_error(r, "Error during FlushContext", error); LOG_INFO("Done with handle 0x%08x...", objectHandle_node->rsrc.handle); + + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: LOG_ERROR("\nError Code: %x\n", r); + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (objectHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, objectHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup objectHandle failed."); + } + } + + return EXIT_FAILURE; } diff --git a/test/integration/esys-create-session-auth.int.c b/test/integration/esys-create-session-auth.int.c index 279773ac..1061b22c 100644 --- a/test/integration/esys-create-session-auth.int.c +++ b/test/integration/esys-create-session-auth.int.c @@ -30,6 +30,10 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; + ESYS_TR primaryHandle_AuthSession = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -136,12 +140,9 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) .buffer = {} }; - ESYS_TR primaryHandle_AuthSession; - r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -150,19 +151,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); @@ -182,10 +183,9 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, primaryHandle_AuthSession, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); #else - primaryHandle_AuthSession = primaryHandle_handle; + primaryHandle_AuthSession = primaryHandle; #endif /* TEST_ECC */ - ESYS_TR session; #if TEST_XOR_OBFUSCATION TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_XOR, .keyBits = { .exclusiveOr = TPM2_ALG_SHA1 }, @@ -240,12 +240,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) /* Save and load the session and test if the attributes are still OK. */ TPMS_CONTEXT *contextBlob; r = Esys_ContextSave(esys_context, session, &contextBlob); - goto_if_error(r, "Error during FlushContext", error); + goto_if_error(r, "Error during ContextSave", error); session = ESYS_TR_NONE; r = Esys_ContextLoad(esys_context, contextBlob, &session); - goto_if_error(r, "Error during FlushContext", error); + goto_if_error(r, "Error during ContextLoad", error); free(contextBlob); @@ -345,7 +345,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, session, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -358,10 +358,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, session, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -384,14 +382,45 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationData2, &creationHash2, &creationTicket2); goto_if_error(r, "Error esys second create ", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Error during FlushContext", error); + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + +#ifdef TEST_ECC + if (primaryHandle_AuthSession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle_AuthSession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle_AuthSession failed."); + } + } +#endif + + return EXIT_FAILURE; } diff --git a/test/integration/esys-createloaded.int.c b/test/integration/esys-createloaded.int.c index bf9a9930..b2b808b2 100644 --- a/test/integration/esys-createloaded.int.c +++ b/test/integration/esys-createloaded.int.c @@ -25,10 +25,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR objectHandle = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -116,7 +118,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -124,12 +125,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Setting the Primary's AuthValue", error); TPM2B_AUTH authValueObject = { @@ -149,7 +150,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) }; TPM2B_TEMPLATE inPublic_template = {0}; - ESYS_TR objectHandle_handle; TPM2B_PRIVATE *outPrivate2; TPM2B_PUBLIC *outPublic2; TPMT_PUBLIC inPublic2 = { @@ -197,7 +197,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreateLoaded( esys_context, - primaryHandle_handle, + primaryHandle, #ifdef TEST_SESSION session, #else @@ -207,7 +207,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ESYS_TR_NONE, &inSensitiveObject, &inPublic_template, - &objectHandle_handle, + &objectHandle, &outPrivate2, &outPublic2 ); @@ -219,12 +219,16 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error During CreateLoaded", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Flushing context", error); - r = Esys_FlushContext(esys_context, objectHandle_handle); + primaryHandle = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, objectHandle); goto_if_error(r, "Flushing context", error); + objectHandle = ESYS_TR_NONE; + #ifdef TEST_SESSION r = Esys_FlushContext(esys_context, session); goto_if_error(r, "Error: FlushContext", error); @@ -233,5 +237,26 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + + if (objectHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, objectHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup objectHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return failure_return; } diff --git a/test/integration/esys-duplicate.int.c b/test/integration/esys-duplicate.int.c index 1dc10521..aa5895f2 100644 --- a/test/integration/esys-duplicate.int.c +++ b/test/integration/esys-duplicate.int.c @@ -27,13 +27,17 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR primaryHandle2 = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; + ESYS_TR policySession = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; /* * First the policy value to be able to use Esys_Duplicate for an object has to be * determined with a policy trial session. */ - ESYS_TR sessionTrial; + ESYS_TR sessionTrial = ESYS_TR_NONE; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -148,8 +152,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; - ESYS_TR primaryHandle_handle2; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -159,7 +161,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); @@ -167,19 +169,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle2, + &outsideInfo, &creationPCR, &primaryHandle2, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -256,7 +258,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) inPublic2.publicArea.authPolicy = *policyDigestTrial; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -269,10 +271,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -298,7 +298,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error esys ReadPublic", error); - ESYS_TR policySession; TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -351,7 +350,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_Duplicate( esys_context, loadedKeyHandle, - primaryHandle_handle2, + primaryHandle2, policySession, ESYS_TR_NONE, ESYS_TR_NONE, @@ -367,8 +366,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_ENCRYPTED_SECRET *outSymSeed2; r = Esys_Rewrap(esys_context, - primaryHandle_handle2, - primaryHandle_handle, + primaryHandle2, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, duplicate, keyName, @@ -384,17 +383,61 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: Rewrap", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Flushing context", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle2); + primaryHandle = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, primaryHandle2); goto_if_error(r, "Flushing context", error); + primaryHandle2 = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Flushing context", error); + loadedKeyHandle = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, sessionTrial); + goto_if_error(r, "Flushing context", error); + + r = Esys_FlushContext(esys_context, policySession); + goto_if_error(r, "Flushing context", error); + + return EXIT_SUCCESS; error: + + if (policySession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup sessionTrial failed."); + } + } + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + + if (primaryHandle2 != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle2) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle2 failed."); + } + } + return failure_return; } diff --git a/test/integration/esys-ecdh-keygen.int.c b/test/integration/esys-ecdh-keygen.int.c index 1fb2a260..69106460 100644 --- a/test/integration/esys-ecdh-keygen.int.c +++ b/test/integration/esys-ecdh-keygen.int.c @@ -21,7 +21,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; - ESYS_TR session; + ESYS_TR eccHandle = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,.keyBits = {.aes = 128},.mode = {.aes = TPM2_ALG_CFB} @@ -114,7 +115,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR eccHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -143,9 +143,24 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, eccHandle); goto_if_error(r, "Error during FlushContext", error); + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: LOG_ERROR("\nError Code: %x\n", r); + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (eccHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, eccHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup eccHandle failed."); + } + } return EXIT_FAILURE; } diff --git a/test/integration/esys-ecdh-zgen.int.c b/test/integration/esys-ecdh-zgen.int.c index 968ee548..40a8a974 100644 --- a/test/integration/esys-ecdh-zgen.int.c +++ b/test/integration/esys-ecdh-zgen.int.c @@ -21,7 +21,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; - ESYS_TR session; + ESYS_TR eccHandle = ESYS_TR_NONE; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_AES, .keyBits = { .aes = 128 }, @@ -110,7 +111,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR eccHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -161,9 +161,25 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, eccHandle); goto_if_error(r, "Error during FlushContext", error); + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: LOG_ERROR("\nError Code: %x\n", r); + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (eccHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, eccHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup eccHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-encrypt-decrypt.int.c b/test/integration/esys-encrypt-decrypt.int.c index b0fa5baf..484f93db 100644 --- a/test/integration/esys-encrypt-decrypt.int.c +++ b/test/integration/esys-encrypt-decrypt.int.c @@ -24,8 +24,11 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; + TPM2B_AUTH authValuePrimary = { .size = 5, .buffer = {1, 2, 3, 4, 5} @@ -96,7 +99,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -105,12 +107,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -176,7 +178,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -189,10 +191,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("AES key created."); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -230,6 +230,13 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &inData, &outData, &ivOut); + + if (r == TPM2_RC_COMMAND_CODE) { + LOG_WARNING("Command TPM2_EncryptDecrypt not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } + goto_if_error(r, "Error: EncryptDecrypt", error); TPM2B_MAX_BUFFER *outData2; @@ -264,14 +271,28 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto error; } - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); + primaryHandle = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } return failure_return; } diff --git a/test/integration/esys-evict-control-serialization.int.c b/test/integration/esys-evict-control-serialization.int.c index da888ccb..d797c94e 100644 --- a/test/integration/esys-evict-control-serialization.int.c +++ b/test/integration/esys-evict-control-serialization.int.c @@ -26,6 +26,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR persistent_handle1 = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -98,7 +100,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -107,37 +108,36 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2_HANDLE permanentHandle = TPM2_PERSISTENT_FIRST; - ESYS_TR new_primary_handle1; - ESYS_TR new_primary_handle2; + ESYS_TR persistent_handle2; - r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, primaryHandle_handle, + r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - permanentHandle, &new_primary_handle1); + permanentHandle, &persistent_handle1); goto_if_error(r, "Error Esys EvictControl", error); size_t buffer_size; uint8_t *buffer; - r = Esys_TR_Serialize(esys_context, new_primary_handle1, &buffer, &buffer_size); + r = Esys_TR_Serialize(esys_context, persistent_handle1, &buffer, &buffer_size); goto_if_error(r, "Error Esys_TR_Serialize", error); - r = Esys_TR_Deserialize(esys_context, buffer, buffer_size, &new_primary_handle2); + r = Esys_TR_Deserialize(esys_context, buffer, buffer_size, &persistent_handle2); goto_if_error(r, "Error Esys_TR_Deserialize", error); TPM2B_AUTH authKey2 = { @@ -213,11 +213,11 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_DIGEST *creationHash2; TPMT_TK_CREATION *creationTicket2; - r = Esys_TR_SetAuth(esys_context, new_primary_handle2, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, persistent_handle2, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); r = Esys_Create(esys_context, - new_primary_handle2, + persistent_handle2, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -229,16 +229,32 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error esys create with new handle from evict object", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); - r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, new_primary_handle1, + r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, persistent_handle1, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, - permanentHandle, &new_primary_handle1); + permanentHandle, &persistent_handle1); goto_if_error(r, "Error Esys EvictControl", error); return EXIT_SUCCESS; error: + + if (persistent_handle1 != ESYS_TR_NONE) { + if (Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, persistent_handle1, + ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, + permanentHandle, &persistent_handle1) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup EvictControl failed"); + + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-get-random.int.c b/test/integration/esys-get-random.int.c index f6f67f5f..8a670c6e 100644 --- a/test/integration/esys-get-random.int.c +++ b/test/integration/esys-get-random.int.c @@ -32,7 +32,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("GetRandom Test Passed!"); - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; const TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, @@ -69,7 +69,13 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("GetRandom with session Test Passed!"); - return 0; + r = Esys_FlushContext(esys_context, session); + if (r != TPM2_RC_SUCCESS) { + LOG_ERROR("FlushContext with session FAILED! Response Code : 0x%x", r); + goto error_cleansession; + } + + return EXIT_SUCCESS; error_cleansession: r = Esys_FlushContext(esys_context, session); @@ -77,5 +83,5 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_ERROR("FlushContext FAILED! Response Code : 0x%x", r); } error: - return 1; + return EXIT_FAILURE; } diff --git a/test/integration/esys-get-time.int.c b/test/integration/esys-get-time.int.c index 0ea9e36c..8e93faa2 100644 --- a/test/integration/esys-get-time.int.c +++ b/test/integration/esys-get-time.int.c @@ -24,6 +24,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR signHandle = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; TPM2B_AUTH authValuePrimary = { @@ -105,7 +106,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR signHandle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -136,21 +136,23 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_ATTEST *timeInfo; TPMT_SIGNATURE *signature; - r = Esys_GetTime ( - esys_context, - privacyAdminHandle, - signHandle, - ESYS_TR_PASSWORD, - ESYS_TR_PASSWORD, - ESYS_TR_NONE, - &qualifyingData, - &inScheme, - &timeInfo, - &signature); + r = Esys_GetTime ( + esys_context, + privacyAdminHandle, + signHandle, + ESYS_TR_PASSWORD, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + &qualifyingData, + &inScheme, + &timeInfo, + &signature); if (r == TPM2_RC_COMMAND_CODE) { LOG_WARNING("Command TPM2_GetTime not supported by TPM."); r = Esys_FlushContext(esys_context, signHandle); goto_if_error(r, "Flushing context", error); + + signHandle = ESYS_TR_NONE; failure_return = EXIT_SKIP; goto error; } @@ -162,5 +164,11 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (signHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup signHandle failed."); + } + } return failure_return; } diff --git a/test/integration/esys-hashsequencestart.int.c b/test/integration/esys-hashsequencestart.int.c index 5e64a772..1122080b 100644 --- a/test/integration/esys-hashsequencestart.int.c +++ b/test/integration/esys-hashsequencestart.int.c @@ -23,7 +23,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TSS2_RC r; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -109,5 +109,13 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif return EXIT_FAILURE; } diff --git a/test/integration/esys-hierarchy-control.int.c b/test/integration/esys-hierarchy-control.int.c index 7f0ca85a..0954caf3 100644 --- a/test/integration/esys-hierarchy-control.int.c +++ b/test/integration/esys-hierarchy-control.int.c @@ -36,7 +36,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) enable, state); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); return EXIT_SKIP; diff --git a/test/integration/esys-hierarchychangeauth.int.c b/test/integration/esys-hierarchychangeauth.int.c index 6bfae29a..5d7e4ab3 100644 --- a/test/integration/esys-hierarchychangeauth.int.c +++ b/test/integration/esys-hierarchychangeauth.int.c @@ -25,6 +25,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + bool auth_changed = false; ESYS_TR authHandle_handle = ESYS_TR_RH_OWNER; TPM2B_AUTH newAuth = { .size = 5, @@ -44,6 +46,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &newAuth); goto_if_error(r, "Error: HierarchyChangeAuth", error); + auth_changed = true; + TPM2B_SENSITIVE_CREATE inSensitivePrimary = { .size = 4, .sensitive = { @@ -102,7 +106,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -110,25 +113,27 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Flushing context", error); + primaryHandle = ESYS_TR_NONE; + r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &newAuth); goto_if_error(r, "Error SetAuth", error); r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Flushing context", error); r = Esys_HierarchyChangeAuth(esys_context, @@ -142,5 +147,26 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + + if (auth_changed) { + if (Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &newAuth) != TSS2_RC_SUCCESS) { + LOG_ERROR("Error SetAuth"); + } + if (Esys_HierarchyChangeAuth(esys_context, + authHandle_handle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE, + &emptyAuth) != TSS2_RC_SUCCESS) { + LOG_ERROR("Error: HierarchyChangeAuth"); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-hmacsequencestart.int.c b/test/integration/esys-hmacsequencestart.int.c index 39e90176..47cd45f5 100644 --- a/test/integration/esys-hmacsequencestart.int.c +++ b/test/integration/esys-hmacsequencestart.int.c @@ -21,9 +21,10 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -75,7 +76,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) .count = 0, }; - ESYS_TR primaryHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -170,5 +170,20 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + return EXIT_FAILURE; } diff --git a/test/integration/esys-import.int.c b/test/integration/esys-import.int.c index 27281643..cfc5dcdc 100644 --- a/test/integration/esys-import.int.c +++ b/test/integration/esys-import.int.c @@ -26,12 +26,16 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR primaryHandle2 = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; + ESYS_TR policySession = ESYS_TR_NONE; /* * Firth the policy value to be able to use Esys_Duplicate for an object has to be * determined with a policy trial session. */ - ESYS_TR sessionTrial; + ESYS_TR sessionTrial = ESYS_TR_NONE; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -146,8 +150,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; - ESYS_TR primaryHandle_handle2; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -157,7 +159,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); @@ -165,19 +167,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle2, + &outsideInfo, &creationPCR, &primaryHandle2, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -254,7 +256,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) inPublic2.publicArea.authPolicy = *policyDigestTrial; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -267,10 +269,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -296,7 +296,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error esys ReadPublic", error); - ESYS_TR policySession; TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -345,7 +344,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_Duplicate( esys_context, loadedKeyHandle, - primaryHandle_handle2, + primaryHandle2, policySession, ESYS_TR_NONE, ESYS_TR_NONE, @@ -370,9 +369,15 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &keyQualifiedName); goto_if_error(r, "Error: ReadPublic", error); + r = Esys_FlushContext(esys_context, loadedKeyHandle); + goto_if_error(r, "Flushing context", error); + + loadedKeyHandle = ESYS_TR_NONE; + + r = Esys_Import( esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, @@ -384,17 +389,56 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &outPrivate); goto_if_error(r, "Error: Import", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Flushing context", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle2); + primaryHandle = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, primaryHandle2); goto_if_error(r, "Flushing context", error); - r = Esys_FlushContext(esys_context, loadedKeyHandle); + primaryHandle2 = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, sessionTrial); + goto_if_error(r, "Flushing context", error); + + sessionTrial = ESYS_TR_NONE; + + r = Esys_FlushContext(esys_context, policySession); goto_if_error(r, "Flushing context", error); return EXIT_SUCCESS; error: + + if (policySession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup sessionTrial failed."); + } + } + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + + if (primaryHandle2 != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle2) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle2 failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-lock.int.c b/test/integration/esys-lock.int.c index 85248a07..4902f779 100644 --- a/test/integration/esys-lock.int.c +++ b/test/integration/esys-lock.int.c @@ -19,6 +19,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + int failure_return = EXIT_FAILURE; r = Esys_DictionaryAttackLockReset( esys_context, @@ -42,15 +43,21 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_NV_GlobalWriteLock(esys_context, ESYS_TR_RH_PLATFORM, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if (r == TPM2_RC_COMMAND_CODE) { + LOG_WARNING("Command TPM2_NV_GlobalWriteLock not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } + + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); - return 77; + return EXIT_SKIP; } goto_if_error(r, "Error: NV_GlobalWriteLock", error); return EXIT_SUCCESS; error: - return EXIT_FAILURE; + return failure_return; } diff --git a/test/integration/esys-make-credential.int.c b/test/integration/esys-make-credential.int.c index 77f8152f..863bd6d3 100644 --- a/test/integration/esys-make-credential.int.c +++ b/test/integration/esys-make-credential.int.c @@ -26,9 +26,12 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; + ESYS_TR session2 = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -51,7 +54,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &session); goto_if_error(r, "Error: During initialization of session", error); - r = esys_GetResourceObject(esys_context, session, &session_node); goto_if_error(r, "Error Esys GetResourceObject", error); @@ -59,7 +61,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("Created session with handle 0x%08x...", session_node->rsrc.handle); - ESYS_TR session2; RSRC_NODE_T *session2_node; r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, @@ -149,7 +150,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -158,19 +158,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -247,7 +247,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -260,8 +260,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - r = Esys_LoadExternal(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, @@ -277,7 +275,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_NAME *primaryKeyQualifiedName; r = Esys_ReadPublic(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, @@ -313,7 +311,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_DIGEST *certInfo; r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, #ifdef TEST_SESSION session, #else @@ -329,7 +327,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: TR_SetAuth", error); r = Esys_ActivateCredential(esys_context, - primaryHandle_handle, + primaryHandle, loadedKeyHandle, #ifdef TEST_SESSION @@ -349,14 +347,49 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: ActivateCredential", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Error esys flush context", error); +#ifdef TEST_SESSION + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + + r = Esys_FlushContext(esys_context, session2); + goto_if_error(r, "Flushing context", error); +#endif + return EXIT_SUCCESS; error: + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + if (session2 != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session2) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session2 failed."); + } + } +#endif + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-nv-certify.int.c b/test/integration/esys-nv-certify.int.c index 6b2c67f4..a9867614 100644 --- a/test/integration/esys-nv-certify.int.c +++ b/test/integration/esys-nv-certify.int.c @@ -23,6 +23,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR signHandle = ESYS_TR_NONE; + ESYS_TR nvHandle = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; TPM2B_AUTH authValuePrimary = { @@ -104,7 +106,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR signHandle = ESYS_TR_NONE; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -117,7 +118,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -211,5 +211,23 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (signHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup signHandle failed."); + } + } + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + return failure_return; } diff --git a/test/integration/esys-nv-ram-counter.int.c b/test/integration/esys-nv-ram-counter.int.c index 50f7ab28..8badb3b9 100644 --- a/test/integration/esys-nv-ram-counter.int.c +++ b/test/integration/esys-nv-ram-counter.int.c @@ -21,8 +21,9 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -44,7 +45,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: During initialization of session", error); #endif /* TEST_SESSION */ - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -195,5 +195,29 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, +#ifdef TEST_SESSION + session, +#else + ESYS_TR_PASSWORD, +#endif + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + return EXIT_FAILURE; } diff --git a/test/integration/esys-nv-ram-extend-index.int.c b/test/integration/esys-nv-ram-extend-index.int.c index 74d5a77f..4ae8246d 100644 --- a/test/integration/esys-nv-ram-extend-index.int.c +++ b/test/integration/esys-nv-ram-extend-index.int.c @@ -23,8 +23,9 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -46,7 +47,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: During initialization of session", error); #endif /* TEST_SESSION */ - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -200,9 +200,37 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: NV_UndefineSpace", error); +#ifdef TEST_SESSION + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); +#endif + return EXIT_SUCCESS; error: + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, +#ifdef TEST_SESSION + session, +#else + ESYS_TR_PASSWORD, +#endif + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + return EXIT_FAILURE; } diff --git a/test/integration/esys-nv-ram-ordinary-index.int.c b/test/integration/esys-nv-ram-ordinary-index.int.c index 99c48550..1f176c11 100644 --- a/test/integration/esys-nv-ram-ordinary-index.int.c +++ b/test/integration/esys-nv-ram-ordinary-index.int.c @@ -26,8 +26,9 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -50,7 +51,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: During initialization of session", error); #endif /* TEST_SESSION */ - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -302,5 +302,28 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, +#ifdef TEST_SESSION + session, +#else + ESYS_TR_PASSWORD, +#endif + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif return EXIT_FAILURE; } diff --git a/test/integration/esys-nv-ram-set-bits.int.c b/test/integration/esys-nv-ram-set-bits.int.c index 9f76e5b8..cdbeb52d 100644 --- a/test/integration/esys-nv-ram-set-bits.int.c +++ b/test/integration/esys-nv-ram-set-bits.int.c @@ -21,8 +21,9 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; #ifdef TEST_SESSION - ESYS_TR session; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -44,7 +45,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: During initialization of session", error); #endif /* TEST_SESSION */ - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -199,5 +199,29 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, +#ifdef TEST_SESSION + session, +#else + ESYS_TR_PASSWORD, +#endif + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + +#ifdef TEST_SESSION + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } +#endif + return EXIT_FAILURE; } diff --git a/test/integration/esys-object-changeauth.int.c b/test/integration/esys-object-changeauth.int.c index 595a544b..c4dc0a75 100644 --- a/test/integration/esys-object-changeauth.int.c +++ b/test/integration/esys-object-changeauth.int.c @@ -22,6 +22,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; TPM2B_PUBLIC inPublic = { .size = 0, @@ -88,7 +90,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -96,12 +97,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error esys TR_SetAuth ", error); TPM2B_AUTH authKey2 = { @@ -178,7 +179,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -189,10 +190,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationData2, &creationHash2, &creationTicket2); goto_if_error(r, "Error esys create ", error); - ESYS_TR loadedKeyHandle; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -209,7 +208,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_ObjectChangeAuth(esys_context, loadedKeyHandle, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, @@ -221,11 +220,24 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Error during FlushContext", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-pcr-auth-value.int.c b/test/integration/esys-pcr-auth-value.int.c index 5667e99e..76dbb0b9 100644 --- a/test/integration/esys-pcr-auth-value.int.c +++ b/test/integration/esys-pcr-auth-value.int.c @@ -70,7 +70,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2_ALG_SHA1, pcrHandle_handle); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); failure_return = EXIT_SKIP; diff --git a/test/integration/esys-pcr-basic.int.c b/test/integration/esys-pcr-basic.int.c index 877da6f0..4721c125 100644 --- a/test/integration/esys-pcr-basic.int.c +++ b/test/integration/esys-pcr-basic.int.c @@ -9,6 +9,7 @@ #include "tss2_esys.h" #include "esys_iutil.h" +#include "test-esapi.h" #define LOGMODULE test #include "util/log.h" @@ -21,6 +22,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + int failure_return = EXIT_FAILURE; ESYS_TR pcrHandle_handle = 16; TPML_DIGEST_VALUES digests @@ -116,9 +118,10 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &sizeNeeded, &sizeAvailable); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); + failure_return = EXIT_SKIP; } goto_if_error(r, "Error: PCR_Allocate", error); @@ -126,6 +129,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; error: - return EXIT_FAILURE; + return failure_return; } diff --git a/test/integration/esys-policy-authorize.int.c b/test/integration/esys-policy-authorize.int.c index 2d7333ba..1395dca1 100644 --- a/test/integration/esys-policy-authorize.int.c +++ b/test/integration/esys-policy-authorize.int.c @@ -21,6 +21,8 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR sessionTrial = ESYS_TR_NONE; /* * 1. Create Primary. This primary will be used for PolicyAuthorize. @@ -94,7 +96,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -103,7 +104,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); @@ -112,7 +113,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) * 2. Create a trial policy with PolicyAuthorized. The name primary key * will be passed and the primary key will be used to sign policies. */ - ESYS_TR sessionTrial; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -143,7 +143,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) }; r = Esys_ReadPublic(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, @@ -178,11 +178,24 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: FlushContext", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); return EXIT_SUCCESS; error: + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup sessionTrial failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-policy-nv-changeauth.int.c b/test/integration/esys-policy-nv-changeauth.int.c index 73071408..5d1642a9 100644 --- a/test/integration/esys-policy-nv-changeauth.int.c +++ b/test/integration/esys-policy-nv-changeauth.int.c @@ -27,11 +27,14 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; + ESYS_TR policySession = ESYS_TR_NONE; + /* * Firth the policy value for changing the auth value of an NV index has to be * determined with a policy trial session. */ - ESYS_TR sessionTrial; + ESYS_TR sessionTrial = ESYS_TR_NONE; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -76,7 +79,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: PolicyGetDigest", error); - ESYS_TR nvHandle = ESYS_TR_NONE; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -114,7 +116,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) .buffer={30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49}}; - ESYS_TR policySession; TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -168,8 +169,38 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: NV_UndefineSpace", error); + r = Esys_FlushContext(esys_context, sessionTrial); + goto_if_error(r, "Flushing context", error); + + r = Esys_FlushContext(esys_context, policySession); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (policySession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-policy-nv-undefine-special.int.c b/test/integration/esys-policy-nv-undefine-special.int.c index dea60166..13312a5a 100644 --- a/test/integration/esys-policy-nv-undefine-special.int.c +++ b/test/integration/esys-policy-nv-undefine-special.int.c @@ -25,12 +25,14 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; + ESYS_TR policySession = ESYS_TR_NONE; int failure_return = EXIT_FAILURE; /* * First the policy value for NV_UndefineSpaceSpecial has to be * determined with a policy trial session. */ - ESYS_TR sessionTrial; + ESYS_TR sessionTrial = ESYS_TR_NONE; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -75,7 +77,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: PolicyGetDigest", error); - ESYS_TR nvHandle; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; @@ -109,9 +110,15 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &publicInfo, &nvHandle); + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { + /* Platform authorization not possible test will be skipped */ + LOG_WARNING("Platform authorization not possible."); + failure_return = EXIT_SKIP; + goto error; + } + goto_if_error(r, "Error esys define nv space", error); - ESYS_TR policySession; TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -154,7 +161,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ESYS_TR_NONE ); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); failure_return = EXIT_SKIP; @@ -163,8 +170,27 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: NV_UndefineSpace", error); + r = Esys_FlushContext(esys_context, sessionTrial); + goto_if_error(r, "Flushing context", error); + + r = Esys_FlushContext(esys_context, policySession); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (policySession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + return failure_return; } diff --git a/test/integration/esys-policy-password.int.c b/test/integration/esys-policy-password.int.c index 399a2b03..d75c47a7 100644 --- a/test/integration/esys-policy-password.int.c +++ b/test/integration/esys-policy-password.int.c @@ -27,11 +27,14 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR policySession = ESYS_TR_NONE; + /* * Firth the policy value for changing the auth value of an NV index has to be * determined with a policy trial session. */ - ESYS_TR sessionTrial; + ESYS_TR sessionTrial = ESYS_TR_NONE; TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -138,7 +141,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -146,12 +148,11 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - ESYS_TR policySession; TPMT_SYM_DEF policySymmetric = {.algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB} @@ -177,7 +178,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ); goto_if_error(r, "Error: PolicyAuthValue", error); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -249,7 +250,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, policySession, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -260,11 +261,27 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationData2, &creationHash2, &creationTicket2); goto_if_error(r, "Error esys create ", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); + r = Esys_FlushContext(esys_context, sessionTrial); + goto_if_error(r, "Flushing context", error); + return EXIT_SUCCESS; error: + + if (policySession != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, policySession) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup policySession failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-pp-commands.int.c b/test/integration/esys-pp-commands.int.c index ab121059..ee7dced6 100644 --- a/test/integration/esys-pp-commands.int.c +++ b/test/integration/esys-pp-commands.int.c @@ -45,7 +45,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) return EXIT_SUCCESS; } - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); failure_return = EXIT_SKIP; diff --git a/test/integration/esys-quote.int.c b/test/integration/esys-quote.int.c index 7e60db6f..3156569e 100644 --- a/test/integration/esys-quote.int.c +++ b/test/integration/esys-quote.int.c @@ -23,6 +23,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -103,7 +104,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -113,18 +113,18 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, &outsideInfo, &creationPCR, - &primaryHandle_handle, &outPublic, &creationData, + &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); @@ -147,17 +147,24 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_ATTEST *attest; TPMT_SIGNATURE *signature; - r = Esys_Quote(esys_context, primaryHandle_handle, + r = Esys_Quote(esys_context, primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &qualifyingData, &sig_scheme, &pcr_selection, &attest, &signature); goto_if_error(r, "Error Esys Quote", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); - return 0; + return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-rsa-encrypt-decrypt.int.c b/test/integration/esys-rsa-encrypt-decrypt.int.c index 5f094bbf..e8f11477 100644 --- a/test/integration/esys-rsa-encrypt-decrypt.int.c +++ b/test/integration/esys-rsa-encrypt-decrypt.int.c @@ -24,6 +24,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -92,7 +93,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -117,18 +117,18 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, &outsideInfo, &creationPCR, - &primaryHandle_handle, &outPublic, &creationData, + &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); @@ -148,26 +148,34 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) scheme.scheme = TPM2_ALG_OAEP; scheme.details.oaep.hashAlg = TPM2_ALG_SHA1; } - r = Esys_RSA_Encrypt(esys_context, primaryHandle_handle, ESYS_TR_NONE, + r = Esys_RSA_Encrypt(esys_context, primaryHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, &plain, &scheme, &null_data, &cipher); goto_if_error(r, "Error esys rsa encrypt", error); TPM2B_PUBLIC_KEY_RSA *plain2; - r = Esys_RSA_Decrypt(esys_context, primaryHandle_handle, + r = Esys_RSA_Decrypt(esys_context, primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, cipher, &scheme, &null_data, &plain2); goto_if_error(r, "Error esys rsa decrypt", error); - if (mode > 0 && !memcmp(&plain.buffer[0], &plain2->buffer[0], plain_size)) { + if (mode > 0 && memcmp(&plain.buffer[0], &plain2->buffer[0], plain_size)) { LOG_ERROR("plain texts are not equal for mode %i", mode); + goto error; } - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); } return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-save-and-load-context.int.c b/test/integration/esys-save-and-load-context.int.c index 08caa41d..f3fb4834 100644 --- a/test/integration/esys-save-and-load-context.int.c +++ b/test/integration/esys-save-and-load-context.int.c @@ -26,6 +26,9 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle1 = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle2 = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -138,7 +141,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -147,19 +149,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); TPM2B_AUTH authKey2 = { @@ -250,7 +252,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -263,11 +265,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle1; - ESYS_TR loadedKeyHandle2; - r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle1); @@ -283,6 +282,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_FlushContext(esys_context, loadedKeyHandle1); goto_if_error(r, "Error esys flush context", error); + loadedKeyHandle1 = ESYS_TR_NONE; + r = Esys_ContextLoad(esys_context, context, &loadedKeyHandle2); goto_if_error(r, "Error esys context load", error); @@ -301,14 +302,35 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &creationData2, &creationHash2, &creationTicket2); goto_if_error(r, "Error esys second create ", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); + primaryHandle = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, loadedKeyHandle2); goto_if_error(r, "Error: FlushContext", error); return EXIT_SUCCESS; error: + + if (loadedKeyHandle1 != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle1) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle1 failed."); + } + } + + if (loadedKeyHandle2 != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle2) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle2 failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-set-algorithm-set.int.c b/test/integration/esys-set-algorithm-set.int.c index 168f6ff4..82170d97 100644 --- a/test/integration/esys-set-algorithm-set.int.c +++ b/test/integration/esys-set-algorithm-set.int.c @@ -31,7 +31,13 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) ESYS_TR_NONE, algorithmSet); - if (r == (TPM2_RC_BAD_AUTH | TPM2_RC_S | TPM2_RC_1)) { + if (r == TPM2_RC_COMMAND_CODE) { + LOG_WARNING("Command TPM2_SetAlgorithmSet not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } + + if ((r & (~TPM2_RC_N_MASK & ~TPM2_RC_H & ~TPM2_RC_S & ~TPM2_RC_P)) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); failure_return = EXIT_SKIP; diff --git a/test/integration/esys-tr-fromTpmPublic-key.int.c b/test/integration/esys-tr-fromTpmPublic-key.int.c index 130896a4..1bc1c3cb 100644 --- a/test/integration/esys-tr-fromTpmPublic-key.int.c +++ b/test/integration/esys-tr-fromTpmPublic-key.int.c @@ -22,9 +22,8 @@ int test_invoke_esapi(ESYS_CONTEXT * ectx) { TSS2_RC r; - - ESYS_TR primaryHandle; - ESYS_TR keyHandle; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR keyHandle = ESYS_TR_NONE; TPM2B_NAME *name1, *name2; @@ -144,5 +143,20 @@ error_name2: error_name1: free(name1); error: + + if (keyHandle != ESYS_TR_NONE) { + if (Esys_EvictControl(ectx, ESYS_TR_RH_OWNER, keyHandle, + ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, + TPM2_PERSISTENT_FIRST, &keyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup: EvictControl delete"); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(ectx, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-tr-fromTpmPublic-nv.int.c b/test/integration/esys-tr-fromTpmPublic-nv.int.c index 373a2bcd..67c351c3 100644 --- a/test/integration/esys-tr-fromTpmPublic-nv.int.c +++ b/test/integration/esys-tr-fromTpmPublic-nv.int.c @@ -22,8 +22,8 @@ int test_invoke_esapi(ESYS_CONTEXT * ectx) { TSS2_RC r; + ESYS_TR nvHandle = ESYS_TR_NONE; - ESYS_TR nvHandle; TPM2B_NAME *name1, *name2; TPM2B_AUTH auth = {.size = 20, .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, @@ -85,5 +85,18 @@ error_name2: error_name1: free(name1); error: + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(ectx, + ESYS_TR_RH_OWNER, + nvHandle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + + return EXIT_FAILURE; } diff --git a/test/integration/esys-unseal-password-auth.int.c b/test/integration/esys-unseal-password-auth.int.c index 316c3b8f..a56a7ed6 100644 --- a/test/integration/esys-unseal-password-auth.int.c +++ b/test/integration/esys-unseal-password-auth.int.c @@ -39,6 +39,8 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) * 1. Create Primary */ TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + ESYS_TR loadedKeyHandle = ESYS_TR_NONE; TPM2B_AUTH authValuePrimary = { .size = 5, @@ -110,7 +112,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; RSRC_NODE_T *primaryHandle_node; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; @@ -120,19 +121,19 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); - r = esys_GetResourceObject(esys_context, primaryHandle_handle, + r = esys_GetResourceObject(esys_context, primaryHandle, &primaryHandle_node); goto_if_error(r, "Error Esys GetResourceObject", error); LOG_INFO("Created Primary with handle 0x%08x...", primaryHandle_node->rsrc.handle); - r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary); + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); goto_if_error(r, "Error: TR_SetAuth", error); /* @@ -231,7 +232,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPMT_TK_CREATION *creationTicket2; r = Esys_Create(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitive2, &inPublic2, @@ -245,14 +246,12 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) LOG_INFO("\nSecond key created."); - ESYS_TR loadedKeyHandle; - /* * 3. Load second key */ r = Esys_Load(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle); @@ -285,14 +284,29 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) * 5. Flush Context */ - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error during FlushContext", error); + primaryHandle = ESYS_TR_NONE; + r = Esys_FlushContext(esys_context, loadedKeyHandle); goto_if_error(r, "Error during FlushContext", error); return EXIT_SUCCESS; error: + + if (loadedKeyHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, loadedKeyHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup loadedKeyHandle failed."); + } + } + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-verify-signature.int.c b/test/integration/esys-verify-signature.int.c index 8b6000d4..16f580df 100644 --- a/test/integration/esys-verify-signature.int.c +++ b/test/integration/esys-verify-signature.int.c @@ -21,6 +21,7 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; /* * 1. Create Primary. This primary will be used as signing key. @@ -94,7 +95,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR primaryHandle_handle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -103,7 +103,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic, - &outsideInfo, &creationPCR, &primaryHandle_handle, + &outsideInfo, &creationPCR, &primaryHandle, &outPublic, &creationData, &creationHash, &creationTicket); goto_if_error(r, "Error esys create primary", error); @@ -112,7 +112,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) TPM2B_NAME *keyQualifiedName; r = Esys_ReadPublic(esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, @@ -142,7 +142,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_Sign( esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, @@ -156,7 +156,7 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_VerifySignature( esys_context, - primaryHandle_handle, + primaryHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, @@ -165,11 +165,18 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) &validation); goto_if_error(r, "Error: Sign", error); - r = Esys_FlushContext(esys_context, primaryHandle_handle); + r = Esys_FlushContext(esys_context, primaryHandle); goto_if_error(r, "Error: FlushContext", error); return EXIT_SUCCESS; error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + return EXIT_FAILURE; } diff --git a/test/integration/esys-zgen-2phase.int.c b/test/integration/esys-zgen-2phase.int.c index 328d9cb3..70fedf81 100644 --- a/test/integration/esys-zgen-2phase.int.c +++ b/test/integration/esys-zgen-2phase.int.c @@ -4,9 +4,12 @@ * All rights reserved. *******************************************************************************/ +#include <stdlib.h> + #include "tss2_esys.h" #include "esys_iutil.h" +#include "test-esapi.h" #define LOGMODULE test #include "util/log.h" @@ -19,7 +22,9 @@ int test_invoke_esapi(ESYS_CONTEXT * esys_context) { TSS2_RC r; - ESYS_TR session; + ESYS_TR eccHandle = ESYS_TR_NONE; + int failure_return = EXIT_FAILURE; + ESYS_TR session = ESYS_TR_NONE; TPMT_SYM_DEF symmetric = { .algorithm = TPM2_ALG_AES, .keyBits = { .aes = 128 }, @@ -109,7 +114,6 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue); goto_if_error(r, "Error: TR_SetAuth", error); - ESYS_TR eccHandle; TPM2B_PUBLIC *outPublic; TPM2B_CREATION_DATA *creationData; TPM2B_DIGEST *creationHash; @@ -134,6 +138,13 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) curveID, &Q, &counter); + + if (r == TPM2_RC_COMMAND_CODE) { + LOG_WARNING("Command TPM2_Ephemeral not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } + goto_if_error(r, "Error: EC_Ephemeral", error); TPM2B_ECC_POINT inQsB = { @@ -157,14 +168,37 @@ test_invoke_esapi(ESYS_CONTEXT * esys_context) counter, &outZ1, &outZ2); + + if (r == TPM2_RC_COMMAND_CODE) { + LOG_WARNING("Command TPM2_ZGen_2Phase not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } + goto_if_error(r, "Error: ZGen_2Phase", error); r = Esys_FlushContext(esys_context, eccHandle); goto_if_error(r, "Flushing context", error); - return 0; + r = Esys_FlushContext(esys_context, session); + goto_if_error(r, "Flushing context", error); + + return EXIT_SUCCESS; error: LOG_ERROR("\nError Code: %x\n", r); - return 1; + + if (eccHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, eccHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup eccHandle failed."); + } + } + + if (session != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session failed."); + } + } + + return failure_return; } |