ESYS TEST: Added tests for Esys_HMAC and Esys_Hash and minor fixes.

* The two new integration tests were added to the mandatory tests. * The test clockset was moved from optional to mandatory tests. * Doxygen comments were updated. * Also some minor formatting fixes were added. Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
author: Juergen Repp <Juergen.Repp@sit.fraunhofer.de> 2018-08-02 17:41:32 +0200
committer: Tadeusz Struk <tadeusz.struk@intel.com> 2018-08-02 15:41:05 -0700
commit: 3ca37261bbffc3da8a62242ac549633539f407c5 (patch)
tree: 0095c33175b6fc50e0ae6cf54c9ca59988760203 /test
parent: 68eb4f151ecc18aed780eaf4389dc4921e700c4d (diff)
download: tpm2-tss-3ca37261bbffc3da8a62242ac549633539f407c5.tar.gz
6 files changed, 191 insertions, 5 deletions
diff --git a/test/integration/esys-create-session-auth.int.c b/test/integration/esys-create-session-auth.int.c
index 99aaa5e7..285504ab 100644
--- a/test/integration/esys-create-session-auth.int.c
+++ b/test/integration/esys-create-session-auth.int.c
@@ -34,7 +34,8 @@
  *  - Esys_Load() (M)
  *  - Esys_StartAuthSession() (M)
  *
- * Used compiler defines: TEST_ECC
+ * Used compiler defines: TEST_ECC, TEST_AES_ENCRYPTION, TEST_BOUND_SESSION
+ *                        TEST_XOR_OBFUSCATION
  *
  * @param[in,out] esys_context The ESYS_CONTEXT.
  * @retval EXIT_FAILURE
@@ -224,7 +225,7 @@ test_esys_create_session_auth(ESYS_CONTEXT * esys_context)
 
     r = Esys_StartAuthSession(esys_context,
                               primaryHandle_AuthSession,
-#if TEST_BOUND_SESSIION
+#if TEST_BOUND_SESSION
                               primaryHandle_AuthSession,
 #else
                               ESYS_TR_NONE,
diff --git a/test/integration/esys-ecc-parameters.int.c b/test/integration/esys-ecc-parameters.int.c
index 1baca42b..7b6689a2 100644
--- a/test/integration/esys-ecc-parameters.int.c
+++ b/test/integration/esys-ecc-parameters.int.c
@@ -41,7 +41,7 @@ test_esys_ecc_parameters(ESYS_CONTEXT * esys_context)
         &parameters);
 
     if (r == TPM2_RC_CURVE + TPM2_RC_P + TPM2_RC_1) {
-        LOG_WARNING("Curve TPM2_ECC_NIST_P256 supported by TPM.");
+        LOG_WARNING("Curve TPM2_ECC_NIST_P256 not supported by TPM.");
         failure_return = EXIT_SKIP;
         goto error;
     }
diff --git a/test/integration/esys-hash.int.c b/test/integration/esys-hash.int.c
new file mode 100644
index 00000000..0d6b281d
--- /dev/null
+++ b/test/integration/esys-hash.int.c
@@ -0,0 +1,60 @@
+/* SPDX-License-Identifier: BSD-2 */
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ *******************************************************************************/
+
+#include <stdlib.h>
+
+#include "tss2_esys.h"
+
+#include "esys_iutil.h"
+#define LOGMODULE test
+#include "util/log.h"
+
+/** This test is intended to test the ESAPI command  Esys_HASH.
+ *
+ * The test checks whether the TPM hash function can be used via the ESAPI.
+ *
+ * Tested ESAPI commands:
+ *  - Esys_Hash() (M)
+ *
+ * @param[in,out] esys_context The ESYS_CONTEXT.
+ * @retval EXIT_FAILURE
+ * @retval EXIT_SUCCESS
+ */
+
+int
+test_esys_hash(ESYS_CONTEXT * esys_context)
+{
+    TSS2_RC r;
+    TPM2B_MAX_BUFFER data = { .size = 20,
+                              .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0,
+                                       1, 2, 3, 4, 5, 6, 7, 8, 9}};
+    TPMI_ALG_HASH hashAlg = TPM2_ALG_SHA1;
+    TPMI_RH_HIERARCHY hierarchy = TPM2_RH_OWNER;
+    TPM2B_DIGEST *outHash;
+    TPMT_TK_HASHCHECK *validation;
+
+    r = Esys_Hash(
+        esys_context,
+        ESYS_TR_NONE,
+        ESYS_TR_NONE,
+        ESYS_TR_NONE,
+        &data,
+        hashAlg,
+        hierarchy,
+        &outHash,
+        &validation);
+    goto_if_error(r, "Error: Hash", error);
+
+    return EXIT_SUCCESS;
+
+ error:
+    return EXIT_FAILURE;
+}
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context) {
+    return test_esys_hash(esys_context);
+}
diff --git a/test/integration/esys-hmac.int.c b/test/integration/esys-hmac.int.c
new file mode 100644
index 00000000..6a8365a8
--- /dev/null
+++ b/test/integration/esys-hmac.int.c
@@ -0,0 +1,125 @@
+/* SPDX-License-Identifier: BSD-2 */
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ *******************************************************************************/
+
+#include <stdlib.h>
+
+#include "tss2_esys.h"
+
+#include "esys_iutil.h"
+#define LOGMODULE test
+#include "util/log.h"
+
+/** This test is intended to test the ESAPI command  Esys_HMAC with password
+ *  authentication.
+ *
+ * We create a symmetric HMAC key signing key which will be used
+ * for signing. This key will be used to create the HMAC for a test
+ * buffer.
+ *
+ * Tested ESAPI commands:
+ *  - Esys_CreatePrimary() (M)
+ *  - Esys_FlushContext() (M)
+ *  - Esys_HMAC() (O)
+ *
+ * @param[in,out] esys_context The ESYS_CONTEXT.
+ * @retval EXIT_FAILURE
+ * @retval EXIT_SUCCESS
+ */
+
+int
+test_esys_hmac(ESYS_CONTEXT * esys_context)
+{
+    TSS2_RC r;
+    ESYS_TR primaryHandle = ESYS_TR_NONE;
+
+    TPM2B_AUTH authValuePrimary = {
+        .size = 5,
+        .buffer = {1, 2, 3, 4, 5}
+    };
+
+    TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+        .size = 4,
+        .sensitive = {
+            .userAuth = {
+                 .size = 0,
+                 .buffer = {0 },
+             },
+            .data = {
+                 .size = 0,
+                 .buffer = {0},
+             },
+        },
+    };
+    inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+    TPM2B_PUBLIC inPublic = { 0 };
+
+    TPM2B_DATA outsideInfo = {
+        .size = 0,
+        .buffer = {},
+    };
+    TPML_PCR_SELECTION creationPCR = {
+        .count = 0,
+    };
+
+    TPM2B_PUBLIC *outPublic;
+    TPM2B_CREATION_DATA *creationData;
+    TPM2B_DIGEST *creationHash;
+    TPMT_TK_CREATION *creationTicket;
+
+    inPublic.publicArea.nameAlg = TPM2_ALG_SHA1;
+    inPublic.publicArea.type = TPM2_ALG_KEYEDHASH;
+    inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SIGN_ENCRYPT;
+    inPublic.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH;
+    inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
+    inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_HMAC;
+    inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM2_ALG_SHA1;
+
+    r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+                           ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
+                           &inPublic, &outsideInfo, &creationPCR,
+                           &primaryHandle, &outPublic, &creationData,
+                           &creationHash, &creationTicket);
+    goto_if_error(r, "Error: CreatePrimary", error);
+
+    r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary);
+    goto_if_error(r, "Error: TR_SetAuth", error);
+
+    TPM2B_MAX_BUFFER test_buffer = { .size = 20,
+                                     .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0,
+                                              1, 2, 3, 4, 5, 6, 7, 8, 9}} ;
+    TPM2B_DIGEST *outHMAC;
+
+    r = Esys_HMAC(
+        esys_context,
+        primaryHandle,
+        ESYS_TR_PASSWORD,
+        ESYS_TR_NONE,
+        ESYS_TR_NONE,
+        &test_buffer,
+        TPM2_ALG_SHA1,
+        &outHMAC);
+    goto_if_error(r, "Error: HMAC", error);
+
+    r = Esys_FlushContext(esys_context, primaryHandle);
+    goto_if_error(r, "Error: FlushContext", error);
+
+    return EXIT_SUCCESS;
+
+ error:
+
+    if (primaryHandle != ESYS_TR_NONE) {
+        if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) {
+            LOG_ERROR("Cleanup primaryHandle failed.");
+        }
+    }
+
+    return EXIT_FAILURE;
+}
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context) {
+    return test_esys_hmac(esys_context);
+}
diff --git a/test/integration/esys-lock.int.c b/test/integration/esys-lock.int.c
index 781e12d9..99568eee 100644
--- a/test/integration/esys-lock.int.c
+++ b/test/integration/esys-lock.int.c
@@ -64,7 +64,7 @@ test_esys_lock(ESYS_CONTEXT * esys_context)
         goto error;
     }
 
-    if  ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH) {
+    if ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH) {
         /* Platform authorization not possible test will be skipped */
         LOG_WARNING("Platform authorization not possible.");
         return EXIT_SKIP;
diff --git a/test/integration/esys-nv-ram-ordinary-index.int.c b/test/integration/esys-nv-ram-ordinary-index.int.c
index 547c1be5..7ca00fed 100644
--- a/test/integration/esys-nv-ram-ordinary-index.int.c
+++ b/test/integration/esys-nv-ram-ordinary-index.int.c
@@ -32,7 +32,7 @@
  *  - Esys_NV_WriteLock() (M)
  *  - Esys_StartAuthSession() (M)
  *
- * Used compiler defines: TEST_READ_LOCK TEST_SESSIONi TEST_WRITE_LOCK
+ * Used compiler defines: TEST_READ_LOCK TEST_SESSION TEST_WRITE_LOCK
  *
  * @param[in,out] esys_context The ESYS_CONTEXT.
  * @retval EXIT_FAILURE
author	Juergen Repp <Juergen.Repp@sit.fraunhofer.de>	2018-08-02 17:41:32 +0200
committer	Tadeusz Struk <tadeusz.struk@intel.com>	2018-08-02 15:41:05 -0700
commit	3ca37261bbffc3da8a62242ac549633539f407c5 (patch)
tree	0095c33175b6fc50e0ae6cf54c9ca59988760203 /test
parent	68eb4f151ecc18aed780eaf4389dc4921e700c4d (diff)
download	tpm2-tss-3ca37261bbffc3da8a62242ac549633539f407c5.tar.gz