diff options
author | Juergen Repp <Juergen.Repp@sit.fraunhofer.de> | 2018-08-02 17:41:32 +0200 |
---|---|---|
committer | Tadeusz Struk <tadeusz.struk@intel.com> | 2018-08-02 15:41:05 -0700 |
commit | 3ca37261bbffc3da8a62242ac549633539f407c5 (patch) | |
tree | 0095c33175b6fc50e0ae6cf54c9ca59988760203 /test | |
parent | 68eb4f151ecc18aed780eaf4389dc4921e700c4d (diff) | |
download | tpm2-tss-3ca37261bbffc3da8a62242ac549633539f407c5.tar.gz |
ESYS TEST: Added tests for Esys_HMAC and Esys_Hash and minor fixes.
* The two new integration tests were added to the mandatory tests.
* The test clockset was moved from optional to mandatory tests.
* Doxygen comments were updated.
* Also some minor formatting fixes were added.
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/esys-create-session-auth.int.c | 5 | ||||
-rw-r--r-- | test/integration/esys-ecc-parameters.int.c | 2 | ||||
-rw-r--r-- | test/integration/esys-hash.int.c | 60 | ||||
-rw-r--r-- | test/integration/esys-hmac.int.c | 125 | ||||
-rw-r--r-- | test/integration/esys-lock.int.c | 2 | ||||
-rw-r--r-- | test/integration/esys-nv-ram-ordinary-index.int.c | 2 |
6 files changed, 191 insertions, 5 deletions
diff --git a/test/integration/esys-create-session-auth.int.c b/test/integration/esys-create-session-auth.int.c index 99aaa5e7..285504ab 100644 --- a/test/integration/esys-create-session-auth.int.c +++ b/test/integration/esys-create-session-auth.int.c @@ -34,7 +34,8 @@ * - Esys_Load() (M) * - Esys_StartAuthSession() (M) * - * Used compiler defines: TEST_ECC + * Used compiler defines: TEST_ECC, TEST_AES_ENCRYPTION, TEST_BOUND_SESSION + * TEST_XOR_OBFUSCATION * * @param[in,out] esys_context The ESYS_CONTEXT. * @retval EXIT_FAILURE @@ -224,7 +225,7 @@ test_esys_create_session_auth(ESYS_CONTEXT * esys_context) r = Esys_StartAuthSession(esys_context, primaryHandle_AuthSession, -#if TEST_BOUND_SESSIION +#if TEST_BOUND_SESSION primaryHandle_AuthSession, #else ESYS_TR_NONE, diff --git a/test/integration/esys-ecc-parameters.int.c b/test/integration/esys-ecc-parameters.int.c index 1baca42b..7b6689a2 100644 --- a/test/integration/esys-ecc-parameters.int.c +++ b/test/integration/esys-ecc-parameters.int.c @@ -41,7 +41,7 @@ test_esys_ecc_parameters(ESYS_CONTEXT * esys_context) ¶meters); if (r == TPM2_RC_CURVE + TPM2_RC_P + TPM2_RC_1) { - LOG_WARNING("Curve TPM2_ECC_NIST_P256 supported by TPM."); + LOG_WARNING("Curve TPM2_ECC_NIST_P256 not supported by TPM."); failure_return = EXIT_SKIP; goto error; } diff --git a/test/integration/esys-hash.int.c b/test/integration/esys-hash.int.c new file mode 100644 index 00000000..0d6b281d --- /dev/null +++ b/test/integration/esys-hash.int.c @@ -0,0 +1,60 @@ +/* SPDX-License-Identifier: BSD-2 */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#include <stdlib.h> + +#include "tss2_esys.h" + +#include "esys_iutil.h" +#define LOGMODULE test +#include "util/log.h" + +/** This test is intended to test the ESAPI command Esys_HASH. + * + * The test checks whether the TPM hash function can be used via the ESAPI. + * + * Tested ESAPI commands: + * - Esys_Hash() (M) + * + * @param[in,out] esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ + +int +test_esys_hash(ESYS_CONTEXT * esys_context) +{ + TSS2_RC r; + TPM2B_MAX_BUFFER data = { .size = 20, + .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, + 1, 2, 3, 4, 5, 6, 7, 8, 9}}; + TPMI_ALG_HASH hashAlg = TPM2_ALG_SHA1; + TPMI_RH_HIERARCHY hierarchy = TPM2_RH_OWNER; + TPM2B_DIGEST *outHash; + TPMT_TK_HASHCHECK *validation; + + r = Esys_Hash( + esys_context, + ESYS_TR_NONE, + ESYS_TR_NONE, + ESYS_TR_NONE, + &data, + hashAlg, + hierarchy, + &outHash, + &validation); + goto_if_error(r, "Error: Hash", error); + + return EXIT_SUCCESS; + + error: + return EXIT_FAILURE; +} + +int +test_invoke_esapi(ESYS_CONTEXT * esys_context) { + return test_esys_hash(esys_context); +} diff --git a/test/integration/esys-hmac.int.c b/test/integration/esys-hmac.int.c new file mode 100644 index 00000000..6a8365a8 --- /dev/null +++ b/test/integration/esys-hmac.int.c @@ -0,0 +1,125 @@ +/* SPDX-License-Identifier: BSD-2 */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#include <stdlib.h> + +#include "tss2_esys.h" + +#include "esys_iutil.h" +#define LOGMODULE test +#include "util/log.h" + +/** This test is intended to test the ESAPI command Esys_HMAC with password + * authentication. + * + * We create a symmetric HMAC key signing key which will be used + * for signing. This key will be used to create the HMAC for a test + * buffer. + * + * Tested ESAPI commands: + * - Esys_CreatePrimary() (M) + * - Esys_FlushContext() (M) + * - Esys_HMAC() (O) + * + * @param[in,out] esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SUCCESS + */ + +int +test_esys_hmac(ESYS_CONTEXT * esys_context) +{ + TSS2_RC r; + ESYS_TR primaryHandle = ESYS_TR_NONE; + + TPM2B_AUTH authValuePrimary = { + .size = 5, + .buffer = {1, 2, 3, 4, 5} + }; + + TPM2B_SENSITIVE_CREATE inSensitivePrimary = { + .size = 4, + .sensitive = { + .userAuth = { + .size = 0, + .buffer = {0 }, + }, + .data = { + .size = 0, + .buffer = {0}, + }, + }, + }; + inSensitivePrimary.sensitive.userAuth = authValuePrimary; + TPM2B_PUBLIC inPublic = { 0 }; + + TPM2B_DATA outsideInfo = { + .size = 0, + .buffer = {}, + }; + TPML_PCR_SELECTION creationPCR = { + .count = 0, + }; + + TPM2B_PUBLIC *outPublic; + TPM2B_CREATION_DATA *creationData; + TPM2B_DIGEST *creationHash; + TPMT_TK_CREATION *creationTicket; + + inPublic.publicArea.nameAlg = TPM2_ALG_SHA1; + inPublic.publicArea.type = TPM2_ALG_KEYEDHASH; + inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SIGN_ENCRYPT; + inPublic.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH; + inPublic.publicArea.objectAttributes |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_HMAC; + inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM2_ALG_SHA1; + + r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD, + ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, + &inPublic, &outsideInfo, &creationPCR, + &primaryHandle, &outPublic, &creationData, + &creationHash, &creationTicket); + goto_if_error(r, "Error: CreatePrimary", error); + + r = Esys_TR_SetAuth(esys_context, primaryHandle, &authValuePrimary); + goto_if_error(r, "Error: TR_SetAuth", error); + + TPM2B_MAX_BUFFER test_buffer = { .size = 20, + .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, + 1, 2, 3, 4, 5, 6, 7, 8, 9}} ; + TPM2B_DIGEST *outHMAC; + + r = Esys_HMAC( + esys_context, + primaryHandle, + ESYS_TR_PASSWORD, + ESYS_TR_NONE, + ESYS_TR_NONE, + &test_buffer, + TPM2_ALG_SHA1, + &outHMAC); + goto_if_error(r, "Error: HMAC", error); + + r = Esys_FlushContext(esys_context, primaryHandle); + goto_if_error(r, "Error: FlushContext", error); + + return EXIT_SUCCESS; + + error: + + if (primaryHandle != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, primaryHandle) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup primaryHandle failed."); + } + } + + return EXIT_FAILURE; +} + +int +test_invoke_esapi(ESYS_CONTEXT * esys_context) { + return test_esys_hmac(esys_context); +} diff --git a/test/integration/esys-lock.int.c b/test/integration/esys-lock.int.c index 781e12d9..99568eee 100644 --- a/test/integration/esys-lock.int.c +++ b/test/integration/esys-lock.int.c @@ -64,7 +64,7 @@ test_esys_lock(ESYS_CONTEXT * esys_context) goto error; } - if ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH) { + if ((r & ~TPM2_RC_N_MASK) == TPM2_RC_BAD_AUTH) { /* Platform authorization not possible test will be skipped */ LOG_WARNING("Platform authorization not possible."); return EXIT_SKIP; diff --git a/test/integration/esys-nv-ram-ordinary-index.int.c b/test/integration/esys-nv-ram-ordinary-index.int.c index 547c1be5..7ca00fed 100644 --- a/test/integration/esys-nv-ram-ordinary-index.int.c +++ b/test/integration/esys-nv-ram-ordinary-index.int.c @@ -32,7 +32,7 @@ * - Esys_NV_WriteLock() (M) * - Esys_StartAuthSession() (M) * - * Used compiler defines: TEST_READ_LOCK TEST_SESSIONi TEST_WRITE_LOCK + * Used compiler defines: TEST_READ_LOCK TEST_SESSION TEST_WRITE_LOCK * * @param[in,out] esys_context The ESYS_CONTEXT. * @retval EXIT_FAILURE |