diff options
author | Tadeusz Struk <tadeusz.struk@intel.com> | 2019-02-20 14:57:21 -0800 |
---|---|---|
committer | Tadeusz Struk <tadeusz.struk@intel.com> | 2019-02-25 09:59:52 -0800 |
commit | 1d57398857b6302acbec7a601b49cb46745a827e (patch) | |
tree | 4a713fe6fa8674be721659f2c7deea13b0cd3d6b /test | |
parent | 3ef1be479ce76ab0635cd1e3eb9c81650efc4c57 (diff) | |
download | tpm2-tss-1d57398857b6302acbec7a601b49cb46745a827e.tar.gz |
test: add tests that covers auto unset session enc/dec flags
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/esys-auto-session-flags.int.c | 198 |
1 files changed, 198 insertions, 0 deletions
diff --git a/test/integration/esys-auto-session-flags.int.c b/test/integration/esys-auto-session-flags.int.c new file mode 100644 index 00000000..dc2670bf --- /dev/null +++ b/test/integration/esys-auto-session-flags.int.c @@ -0,0 +1,198 @@ +/* SPDX-License-Identifier: BSD-2 */ +/******************************************************************************* + * Copyright 2017-2019, Intel Corporation + * All rights reserved. + *******************************************************************************/ + +#include <stdlib.h> +#include "tss2_esys.h" +#include "esys_iutil.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +/** This test is intended to test auto adjust and restore session flags in ESAPI + * + * Tested ESAPI commands: + * - Esys_FlushContext() (M) + * - Esys_NV_DefineSpace() (M) + * - Esys_NV_Read() (M) + * - Esys_NV_Write() (M) + * - Esys_NV_UndefineSpace() (M) + * - Esys_StartAuthSession() (M) + * + * @param[in,out] esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ + +int +test_esys_auto_flags(ESYS_CONTEXT * esys_context) +{ + + TSS2_RC r; + int test_ret = EXIT_SUCCESS ; + ESYS_TR nvHandle = ESYS_TR_NONE; + ESYS_TR session_auth = ESYS_TR_NONE; + ESYS_TR session_enc = ESYS_TR_NONE; + TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES, + .keyBits = {.aes = 128}, + .mode = {.aes = TPM2_ALG_CFB} + }; + + TPM2B_NONCE nonceCaller = { + .size = 20, + .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20} + }; + + /* Auth session */ + r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &nonceCaller, + TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, + &session_auth); + goto_if_error(r, "Error: During initialization of session_auth", error); + + /* Enc param session */ + r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &nonceCaller, + TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, + &session_enc); + goto_if_error(r, "Error: During initialization of session_enc", error); + + /* Set both ENC and DEC flags for the enc session */ + TPMA_SESSION sessionAttributes = TPMA_SESSION_DECRYPT | + TPMA_SESSION_ENCRYPT | + TPMA_SESSION_CONTINUESESSION; + + r = Esys_TRSess_SetAttributes(esys_context, session_enc, sessionAttributes, 0xFF); + goto_if_error(r, "Error: During SetAttributes", error); + + TPM2B_AUTH auth = {.size = 20, + .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19, + 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}}; + + TPM2B_NV_PUBLIC publicInfo = { + .size = 0, + .nvPublic = { + .nvIndex =TPM2_NV_INDEX_FIRST, + .nameAlg = TPM2_ALG_SHA1, + .attributes = ( + TPMA_NV_OWNERWRITE | + TPMA_NV_AUTHWRITE | + TPMA_NV_WRITE_STCLEAR | + TPMA_NV_READ_STCLEAR | + TPMA_NV_AUTHREAD | + TPMA_NV_OWNERREAD + ), + .authPolicy = { + .size = 0, + .buffer = {}, + }, + .dataSize = 20, + } + }; + + r = Esys_NV_DefineSpace ( + esys_context, + ESYS_TR_RH_OWNER, + session_auth, + ESYS_TR_NONE, + ESYS_TR_NONE, + &auth, + &publicInfo, + &nvHandle); + goto_if_error(r, "Error esys define nv space", error); + + TPM2B_MAX_NV_BUFFER nv_test_data = { .size = 20, + .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, + 1, 2, 3, 4, 5, 6, 7, 8, 9}}; + const TPM2B_MAX_NV_BUFFER *nv_test_data_ptr = &nv_test_data; + + /* NV_Write cmd does not support TPMA_SESSION_ENCRYPT - the flag should + * be auto cleared by ESYS */ + r = Esys_NV_Write( + esys_context, + nvHandle, + nvHandle, + session_enc, + ESYS_TR_NONE, + ESYS_TR_NONE, + nv_test_data_ptr, + 0); + goto_if_error(r, "Error esys nv write", error); + + /* Verify that the same session flags are still set after the test */ + TPMA_SESSION sessionAttributesVerify; + r = Esys_TRSess_GetAttributes(esys_context, session_enc, + &sessionAttributesVerify); + goto_if_error(r, "Error: During GetAttributes", error); + + if (sessionAttributes != sessionAttributesVerify) { + LOG_ERROR("Session flags not equal after write %x, %x", + sessionAttributes, sessionAttributesVerify); + r = TSS2_ESYS_RC_GENERAL_FAILURE; + goto_if_error(r, "Error esys nv write", error); + } + + TPM2B_MAX_NV_BUFFER *data; + + /* NV_Read cmd does not support TPMA_SESSION_DECRYPT - the flags should + * be auto cleared by ESYS */ + r = Esys_NV_Read( + esys_context, + nvHandle, + nvHandle, + session_enc, + ESYS_TR_NONE, + ESYS_TR_NONE, + 20, 0, &data); + goto_if_error(r, "Error: nv read", error); + free(data); + + /* Verify that the same session flags are still set after the test */ + r = Esys_TRSess_GetAttributes(esys_context, session_enc, + &sessionAttributesVerify); + goto_if_error(r, "Error: During GetAttributes", error); + + if (sessionAttributes != sessionAttributesVerify) { + LOG_ERROR("Session flags not equal after read %x, %x", + sessionAttributes, sessionAttributesVerify); + r = TSS2_ESYS_RC_GENERAL_FAILURE; + } + + error: + if (r) + test_ret = EXIT_FAILURE; + + if (nvHandle != ESYS_TR_NONE) { + if (Esys_NV_UndefineSpace(esys_context, + ESYS_TR_RH_OWNER, + nvHandle, + session_auth, + ESYS_TR_NONE, + ESYS_TR_NONE) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup nvHandle failed."); + } + } + + if (session_auth != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session_auth) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session_auth failed."); + } + } + if (session_enc != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, session_enc) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup session_enc failed."); + } + } + + return test_ret; +} + +int +test_invoke_esapi(ESYS_CONTEXT * esys_context) { + return test_esys_auto_flags(esys_context); +} |