ESYS: Add unit test for crypto backends.

Several error cases of the crypto backends, which are not covered by the integration tests, are tested. Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
author: Juergen Repp <Juergen.Repp@sit.fraunhofer.de> 2018-08-22 18:30:12 +0200
committer: Tadeusz Struk <tadeusz.struk@intel.com> 2018-08-23 11:21:37 -0700
commit: 52ceb8c1e76803f534186d372dc8c46c82c71eff (patch)
tree: b1a977899bec493143656a602c2ad62f7e18e9ed /test
parent: e8fa536d2cfe632ace4583d033da3aa6b80ac5e7 (diff)
download: tpm2-tss-52ceb8c1e76803f534186d372dc8c46c82c71eff.tar.gz
1 files changed, 257 insertions, 0 deletions
diff --git a/test/unit/esys-crypto.c b/test/unit/esys-crypto.c
new file mode 100644
index 00000000..01439bff
--- /dev/null
+++ b/test/unit/esys-crypto.c
@@ -0,0 +1,257 @@
+/* SPDX-License-Identifier: BSD-2 */
+/*******************************************************************************
+ * Copyright 2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ ******************************************************************************/
+
+#include <stdarg.h>
+#include <inttypes.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "tss2_esys.h"
+#include "esys_crypto.h"
+
+#define LOGMODULE tests
+#include "util/log.h"
+
+/**
+ * This unit tst checks several error cases of the crypto backends, which are not
+ * covered by the integration tests.
+ */
+
+static void
+check_hash_functions(void **state)
+{
+    TSS2_RC rc;
+    IESYS_CRYPTO_CONTEXT_BLOB *context;
+    uint8_t buffer[10] = { 0 };
+    TPM2B tpm2b;
+    size_t size = 0;
+    
+    rc = iesys_crypto_hash_start(NULL, TPM2_ALG_SHA384);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+#ifndef OSSL
+    rc = iesys_crypto_hash_start(&context, TPM2_ALG_SHA512);
+    assert_int_equal (rc, TSS2_ESYS_RC_NOT_IMPLEMENTED);
+#endif
+
+    rc = iesys_crypto_hash_start(&context, 0);
+    assert_int_equal (rc, TSS2_ESYS_RC_NOT_IMPLEMENTED);
+
+    rc = iesys_crypto_hash_start(&context, TPM2_ALG_SHA384);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+
+    rc = iesys_crypto_hash_finish(NULL, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hash_finish(&context, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_SIZE);
+
+    iesys_crypto_hash_abort(NULL);
+    iesys_crypto_hash_abort(&context);
+
+    rc = iesys_crypto_hash_update(NULL, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hash_update2b(NULL, &tpm2b);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    /* Create invalid context */
+    rc = iesys_crypto_hmac_start(&context, TPM2_ALG_SHA1, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+
+    iesys_crypto_hash_abort(&context);
+
+    rc = iesys_crypto_hash_update(context, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hash_finish(&context, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+} 
+
+static void
+check_hmac_functions(void **state)
+{
+    TSS2_RC rc;
+    IESYS_CRYPTO_CONTEXT_BLOB *context;
+    uint8_t buffer[10] = { 0 };
+    TPM2B tpm2b;
+    size_t size = 0;
+    
+    rc = iesys_crypto_hmac_start(NULL, TPM2_ALG_SHA384, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+#ifndef OSSL
+    rc = iesys_crypto_hmac_start(&context, TPM2_ALG_SHA512, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_NOT_IMPLEMENTED);
+#endif
+
+    rc = iesys_crypto_hmac_start(&context, 0,  &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_NOT_IMPLEMENTED);
+
+    rc = iesys_crypto_hmac_start(&context, TPM2_ALG_SHA1,  &buffer[0], 10);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+
+    rc = iesys_crypto_hmac_finish(NULL, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hmac_finish2b(NULL, &tpm2b);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hmac_finish(&context, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_SIZE);
+
+    iesys_crypto_hmac_abort(NULL);
+    iesys_crypto_hmac_abort(&context);
+
+    rc = iesys_crypto_hmac_update(NULL, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hmac_update2b(NULL, &tpm2b);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    /* Create invalid context */
+    rc = iesys_crypto_hash_start(&context, TPM2_ALG_SHA1);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+
+    iesys_crypto_hmac_abort(&context);
+
+    rc = iesys_crypto_hmac_update(context, &buffer[0], 10);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_hmac_finish(&context, &buffer[0], &size);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+}
+
+static void
+check_random(void **state)
+{
+    TSS2_RC rc;
+    size_t num_bytes = 0;
+    TPM2B_NONCE nonce;
+    rc = iesys_crypto_random2b(&nonce, num_bytes);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+} 
+
+static void
+check_pk_encrypt(void **state)
+{
+    TSS2_RC rc;
+    uint8_t in_buffer[5] = { 1, 2, 3, 4, 5 };
+    size_t size = 5;
+    uint8_t out_buffer[5];
+    TPM2B_PUBLIC inPublicRSA = {
+        .size = 0,
+        .publicArea = {
+            .type = TPM2_ALG_RSA,
+            .nameAlg = TPM2_ALG_SHA1,
+            .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+                                 TPMA_OBJECT_RESTRICTED |
+                                 TPMA_OBJECT_DECRYPT |
+                                 TPMA_OBJECT_FIXEDTPM |
+                                 TPMA_OBJECT_FIXEDPARENT |
+                                 TPMA_OBJECT_SENSITIVEDATAORIGIN),
+            .authPolicy = {
+                 .size = 0,
+             },
+            .parameters.rsaDetail = {
+                 .symmetric = {
+                     .algorithm = TPM2_ALG_AES,
+                     .keyBits.aes = 128,
+                     .mode.aes = TPM2_ALG_CFB,
+                 },
+                 .scheme = {
+                      .scheme =
+                      TPM2_ALG_NULL,
+                  },
+                 .keyBits = 2048,
+                 .exponent = 0,
+             },
+            .unique.rsa = {
+                 .size = 0,
+                 .buffer = {}
+                 ,
+             }
+        }
+    };
+   
+    inPublicRSA.publicArea.nameAlg = 0;
+    rc = iesys_crypto_pk_encrypt(&inPublicRSA, size, &in_buffer[0], size, &out_buffer[0], &size, "LABEL");
+    assert_int_equal (rc, TSS2_ESYS_RC_NOT_IMPLEMENTED);
+
+    inPublicRSA.publicArea.nameAlg = TPM2_ALG_SHA1;
+    inPublicRSA.publicArea.parameters.rsaDetail.scheme.scheme = 0;
+    rc = iesys_crypto_pk_encrypt(&inPublicRSA, size, &in_buffer[0], size, &out_buffer[0], &size, "LABEL");
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_VALUE);
+}
+
+static void
+check_aes_encrypt(void **state)
+{
+    TSS2_RC rc;
+    uint8_t key[32] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+                       1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16  };
+    uint8_t buffer[5] = { 1, 2, 3, 4, 5 };
+    size_t size = 5;
+
+    rc = iesys_crypto_sym_aes_encrypt(NULL, TPM2_ALG_AES, 192, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+    
+    rc = iesys_crypto_sym_aes_encrypt(&key[0], TPM2_ALG_AES, 192, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+    rc = iesys_crypto_sym_aes_encrypt(&key[0], TPM2_ALG_AES, 256, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_RC_SUCCESS);
+
+    rc = iesys_crypto_sym_aes_encrypt(&key[0], 0, 256, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_VALUE);
+
+    rc = iesys_crypto_sym_aes_encrypt(&key[0], TPM2_ALG_AES, 256, 0, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_VALUE);
+
+    rc = iesys_crypto_sym_aes_encrypt(&key[0], TPM2_ALG_AES, 999, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_VALUE);
+
+    rc = iesys_crypto_sym_aes_decrypt(NULL, TPM2_ALG_AES, 192, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_REFERENCE);
+
+    rc = iesys_crypto_sym_aes_decrypt(&key[0], 0, 192, TPM2_ALG_CFB, 16,
+                                      &buffer[0], size, &key[0]);
+    assert_int_equal (rc, TSS2_ESYS_RC_BAD_VALUE);
+}
+
+static void
+check_free(void **state)
+{
+    uint8_t *buffer;
+
+    buffer = malloc(10);
+    esys_free(buffer);
+}
+
+
+
+int
+main(int argc, char *argv[])
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(check_hash_functions),
+        cmocka_unit_test(check_hmac_functions),
+        cmocka_unit_test(check_random),
+        cmocka_unit_test(check_pk_encrypt),
+        cmocka_unit_test(check_aes_encrypt),
+        cmocka_unit_test(check_free),
+    };
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
author	Juergen Repp <Juergen.Repp@sit.fraunhofer.de>	2018-08-22 18:30:12 +0200
committer	Tadeusz Struk <tadeusz.struk@intel.com>	2018-08-23 11:21:37 -0700
commit	52ceb8c1e76803f534186d372dc8c46c82c71eff (patch)
tree	b1a977899bec493143656a602c2ad62f7e18e9ed /test
parent	e8fa536d2cfe632ace4583d033da3aa6b80ac5e7 (diff)
download	tpm2-tss-52ceb8c1e76803f534186d372dc8c46c82c71eff.tar.gz