ESYS TEST: Split the test policy-regression-opt into three test cases.

* The original test did check optional policy commands. Since it cannot be
  expected that the three optional commands are all implemented on a
  physical TPM the test case was split.
* If the related command is not implemented only this test case will be skipped.
* Also the related doxygen files are updated.

Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>

3 files changed, 304 insertions, 82 deletions

diff --git a/test/integration/esys-policy-regression-opt.int.c b/test/integration/esys-policy-authorize-nv-opt.int.c
index 52c419d1..fb460e7b 100644
--- a/test/integration/esys-policy-regression-opt.int.c
+++ b/test/integration/esys-policy-authorize-nv-opt.int.c
@@ -72,8 +72,6 @@ cmp_policy_digest(ESYS_CONTEXT * esys_context,
  *  - Esys_NV_DefineSpace() (M)
  *  - Esys_PolicyAuthorizeNV() (F)
  *  - Esys_PolicyNV() (M)
- *  - Esys_PolicyPhysicalPresence() (O)
- *  - Esys_PolicyTemplate() (F)
  *
  * @param[in,out] esys_context The ESYS_CONTEXT.
  * @retval EXIT_FAILURE
@@ -81,12 +79,11 @@ cmp_policy_digest(ESYS_CONTEXT * esys_context,
  * @retval EXIT_SUCCESS
  */
 int
-test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context)
+test_esys_policy_authorize_nv_opt(ESYS_CONTEXT * esys_context)
 {
     TSS2_RC r;
     int failure_return = EXIT_FAILURE;
     ESYS_TR nvHandle = ESYS_TR_NONE;
-    ESYS_TR sessionTrialPCR = ESYS_TR_NONE;
 
     /* Dummy parameters for trial sessoin  */
     ESYS_TR sessionTrial = ESYS_TR_NONE;
@@ -207,77 +204,6 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context)
     goto_if_error(r, "Error: FlushContext", error);
     sessionTrial = ESYS_TR_NONE;
 
-
-    /*
-     * Test PolicyTemplate
-     */
-    r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
-                              ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
-                              &nonceCallerTrial,
-                              TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
-                              &sessionTrial);
-    goto_if_error(r, "Error: During initialization of policy trial session",
-                  error);
-
-    TPM2B_DIGEST templateHash = {
-        .size = 20,
-        .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
-                   11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
-    };
-
-    r = Esys_PolicyTemplate(esys_context,
-                            sessionTrial,
-                            ESYS_TR_NONE,
-                            ESYS_TR_NONE, ESYS_TR_NONE, &templateHash);
-    if ((r == TPM2_RC_COMMAND_CODE) ||
-        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) ||
-        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) {
-        LOG_WARNING("Command TPM2_PolicyTemplate  not supported by TPM.");
-        failure_return = EXIT_SKIP;
-        goto error;
-    } else {
-        goto_if_error(r, "Error: PolicyTemplate", error);
-
-        TPM2B_DIGEST expectedPolicyTemplate = {
-            .size = 20,
-            .buffer =
-                {0xf6, 0x6d, 0x2a, 0x9c, 0x6e, 0xa8, 0xdf, 0x1a, 0x49, 0x3c,
-                 0x42, 0xcc, 0xac, 0x6e, 0x3d, 0x08, 0xc0, 0x84, 0xcf, 0x73}
-        };
-
-        if (!cmp_policy_digest
-            (esys_context, &sessionTrial, &expectedPolicyTemplate, "Template",
-             FLUSH))
-            goto error;
-    }
-
-    /*
-     * Test PolicyPhysicalPresence
-     */
-    r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
-                              ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
-                              &nonceCallerTrial,
-                              TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
-                              &sessionTrial);
-    goto_if_error(r, "Error: During initialization of policy trial session",
-                  error);
-
-    r = Esys_PolicyPhysicalPresence(esys_context,
-                                    sessionTrial,
-                                    ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE);
-    goto_if_error(r, "Error: PolicyPhysicalPresence", error);
-
-    TPM2B_DIGEST expectedPolicyPhysicalPresence = {
-        .size = 20,
-        .buffer = {0x9a, 0xcb, 0x06, 0x39, 0x5f, 0x83, 0x1f, 0x88, 0xe8, 0x9e,
-                   0xea, 0xc2, 0x94, 0x42, 0xcb, 0x0e, 0xbe, 0x94, 0x85, 0xab}
-    };
-
-    if (!cmp_policy_digest
-        (esys_context, &sessionTrial, &expectedPolicyPhysicalPresence,
-         "PhysicalPresence", FLUSH))
-        goto error;
-
     return EXIT_SUCCESS;
 
  error:
@@ -288,12 +214,6 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context)
         }
     }
 
-    if (sessionTrialPCR != ESYS_TR_NONE) {
-        if (Esys_FlushContext(esys_context, sessionTrialPCR) != TSS2_RC_SUCCESS) {
-            LOG_ERROR("Cleanup sessionTrialPCR failed.");
-        }
-    }
-
     if (nvHandle != ESYS_TR_NONE) {
         if (Esys_NV_UndefineSpace(esys_context,
                                   ESYS_TR_RH_OWNER,
@@ -310,5 +230,5 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context)
 
 int
 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
-    return test_esys_policy_regression_opt(esys_context);
+    return test_esys_policy_authorize_nv_opt(esys_context);
 }
diff --git a/test/integration/esys-policy-physical-presence-opt.int.c b/test/integration/esys-policy-physical-presence-opt.int.c
new file mode 100644
index 00000000..c603d645
--- /dev/null
+++ b/test/integration/esys-policy-physical-presence-opt.int.c
@@ -0,0 +1,147 @@
+/* SPDX-License-Identifier: BSD-2 */
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ *******************************************************************************/
+
+#include <stdlib.h>
+
+#include "tss2_esys.h"
+#include "tss2_mu.h"
+
+#include "esys_iutil.h"
+#include "test-esapi.h"
+#define LOGMODULE test
+#include "util/log.h"
+#include "util/aux_util.h"
+
+#define FLUSH true
+#define NOT_FLUSH false
+
+/*
+ * Function to compare policy digest with expected digest.
+ * The digest is computed with Esys_PolicyGetDigest.
+ */
+bool
+cmp_policy_digest(ESYS_CONTEXT * esys_context,
+                  ESYS_TR * session,
+                  TPM2B_DIGEST * expected_digest,
+                  char *comment, bool flush_session)
+{
+
+    TSS2_RC r;
+    TPM2B_DIGEST *policyDigest;
+
+    r = Esys_PolicyGetDigest(esys_context,
+                             *session,
+                             ESYS_TR_NONE,
+                             ESYS_TR_NONE, ESYS_TR_NONE, &policyDigest);
+    goto_if_error(r, "Error: PolicyGetDigest", error);
+
+    LOGBLOB_DEBUG(&policyDigest->buffer[0], policyDigest->size,
+                  "POLICY DIGEST");
+
+    if (policyDigest->size != 20
+        || memcmp(&policyDigest->buffer[0], &expected_digest->buffer[0],
+                  policyDigest->size)) {
+        free(policyDigest);
+        LOG_ERROR("Error: Policy%s digest did not match expected policy.",
+                  comment);
+        return false;
+    }
+    free(policyDigest);
+    if (flush_session) {
+        r = Esys_FlushContext(esys_context, *session);
+        goto_if_error(r, "Error: PolicyGetDigest", error);
+        *session = ESYS_TR_NONE;
+    }
+
+    return true;
+
+ error:
+    return false;
+}
+
+/** This test is intended to test the ESAPI policy commands, not tested
+ *  in other test cases.
+ *  When possoble the commands are tested with a
+ * trial session and the policy digest is compared with the expected digest.
+ *
+ * Tested ESAPI commands:
+ *  - Esys_PolicyPhysicalPresence() (O)
+ *
+ * @param[in,out] esys_context The ESYS_CONTEXT.
+ * @retval EXIT_FAILURE
+ * @retval EXIT_SKIP
+ * @retval EXIT_SUCCESS
+ */
+int
+test_esys_policy_physical_presence_opt(ESYS_CONTEXT * esys_context)
+{
+    TSS2_RC r;
+    int failure_return = EXIT_FAILURE;
+
+    /* Dummy parameters for trial sessoin  */
+    ESYS_TR sessionTrial = ESYS_TR_NONE;
+    TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES,
+        .keyBits = {.aes = 128},
+        .mode = {.aes = TPM2_ALG_CFB}
+    };
+    TPM2B_NONCE nonceCallerTrial = {
+        .size = 20,
+        .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
+                   21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
+    };
+
+    /*
+     * Test PolicyPhysicalPresence
+     */
+    r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+                              ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+                              &nonceCallerTrial,
+                              TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
+                              &sessionTrial);
+    goto_if_error(r, "Error: During initialization of policy trial session",
+                  error);
+
+    r = Esys_PolicyPhysicalPresence(esys_context,
+                                    sessionTrial,
+                                    ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE);
+    if ((r == TPM2_RC_COMMAND_CODE) ||
+        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) ||
+        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) {
+        LOG_WARNING("Command TPM2_PolicyPhysicalPresence  not supported by TPM.");
+        failure_return = EXIT_SKIP;
+        goto error;
+    } else {
+        goto_if_error(r, "Error: PolicyPhysicalPresence", error);
+    }
+
+    TPM2B_DIGEST expectedPolicyPhysicalPresence = {
+        .size = 20,
+        .buffer = {0x9a, 0xcb, 0x06, 0x39, 0x5f, 0x83, 0x1f, 0x88, 0xe8, 0x9e,
+                   0xea, 0xc2, 0x94, 0x42, 0xcb, 0x0e, 0xbe, 0x94, 0x85, 0xab}
+    };
+
+    if (!cmp_policy_digest
+        (esys_context, &sessionTrial, &expectedPolicyPhysicalPresence,
+         "PhysicalPresence", FLUSH))
+        goto error;
+
+    return EXIT_SUCCESS;
+
+ error:
+
+    if (sessionTrial != ESYS_TR_NONE) {
+        if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) {
+            LOG_ERROR("Cleanup sessionTrial failed.");
+        }
+    }
+
+    return failure_return;
+}
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context) {
+    return test_esys_policy_physical_presence_opt(esys_context);
+}
diff --git a/test/integration/esys-policy-template-opt.int.c b/test/integration/esys-policy-template-opt.int.c
new file mode 100644
index 00000000..ace7762a
--- /dev/null
+++ b/test/integration/esys-policy-template-opt.int.c
@@ -0,0 +1,155 @@
+/* SPDX-License-Identifier: BSD-2 */
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ *******************************************************************************/
+
+#include <stdlib.h>
+
+#include "tss2_esys.h"
+#include "tss2_mu.h"
+
+#include "esys_iutil.h"
+#include "test-esapi.h"
+#define LOGMODULE test
+#include "util/log.h"
+#include "util/aux_util.h"
+
+#define FLUSH true
+#define NOT_FLUSH false
+
+/*
+ * Function to compare policy digest with expected digest.
+ * The digest is computed with Esys_PolicyGetDigest.
+ */
+bool
+cmp_policy_digest(ESYS_CONTEXT * esys_context,
+                  ESYS_TR * session,
+                  TPM2B_DIGEST * expected_digest,
+                  char *comment, bool flush_session)
+{
+
+    TSS2_RC r;
+    TPM2B_DIGEST *policyDigest;
+
+    r = Esys_PolicyGetDigest(esys_context,
+                             *session,
+                             ESYS_TR_NONE,
+                             ESYS_TR_NONE, ESYS_TR_NONE, &policyDigest);
+    goto_if_error(r, "Error: PolicyGetDigest", error);
+
+    LOGBLOB_DEBUG(&policyDigest->buffer[0], policyDigest->size,
+                  "POLICY DIGEST");
+
+    if (policyDigest->size != 20
+        || memcmp(&policyDigest->buffer[0], &expected_digest->buffer[0],
+                  policyDigest->size)) {
+        free(policyDigest);
+        LOG_ERROR("Error: Policy%s digest did not match expected policy.",
+                  comment);
+        return false;
+    }
+    free(policyDigest);
+    if (flush_session) {
+        r = Esys_FlushContext(esys_context, *session);
+        goto_if_error(r, "Error: PolicyGetDigest", error);
+        *session = ESYS_TR_NONE;
+    }
+
+    return true;
+
+ error:
+    return false;
+}
+
+/** This test is intended to test the ESAPI policy commands, not tested
+ *  in other test cases.
+ *  When possoble the commands are tested with a
+ * trial session and the policy digest is compared with the expected digest.
+ *
+ * Tested ESAPI commands:
+ *  - Esys_FlushContext() (M)
+ *  - Esys_PolicyTemplate() (F)
+ *
+ * @param[in,out] esys_context The ESYS_CONTEXT.
+ * @retval EXIT_FAILURE
+ * @retval EXIT_SKIP
+ * @retval EXIT_SUCCESS
+ */
+int
+test_esys_policy_template_opt(ESYS_CONTEXT * esys_context)
+{
+    TSS2_RC r;
+    int failure_return = EXIT_FAILURE;
+
+    /* Dummy parameters for trial sessoin  */
+    ESYS_TR sessionTrial = ESYS_TR_NONE;
+    TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES,
+        .keyBits = {.aes = 128},
+        .mode = {.aes = TPM2_ALG_CFB}
+    };
+    TPM2B_NONCE nonceCallerTrial = {
+        .size = 20,
+        .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11,
+                   21, 22, 23, 24, 25, 26, 27, 28, 29, 30}
+    };
+
+    /*
+     * Test PolicyTemplate
+     */
+    r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+                              ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+                              &nonceCallerTrial,
+                              TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1,
+                              &sessionTrial);
+    goto_if_error(r, "Error: During initialization of policy trial session",
+                  error);
+
+    TPM2B_DIGEST templateHash = {
+        .size = 20,
+        .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+                   11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
+    };
+
+    r = Esys_PolicyTemplate(esys_context,
+                            sessionTrial,
+                            ESYS_TR_NONE,
+                            ESYS_TR_NONE, ESYS_TR_NONE, &templateHash);
+    if ((r == TPM2_RC_COMMAND_CODE) ||
+        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) ||
+        (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) {
+        LOG_WARNING("Command TPM2_PolicyTemplate  not supported by TPM.");
+        failure_return = EXIT_SKIP;
+        goto error;
+    } else {
+        goto_if_error(r, "Error: PolicyTemplate", error);
+
+        TPM2B_DIGEST expectedPolicyTemplate = {
+            .size = 20,
+            .buffer =
+                {0xf6, 0x6d, 0x2a, 0x9c, 0x6e, 0xa8, 0xdf, 0x1a, 0x49, 0x3c,
+                 0x42, 0xcc, 0xac, 0x6e, 0x3d, 0x08, 0xc0, 0x84, 0xcf, 0x73}
+        };
+
+        if (!cmp_policy_digest
+            (esys_context, &sessionTrial, &expectedPolicyTemplate, "Template",
+             FLUSH))
+            goto error;
+    }
+
+    return EXIT_SUCCESS;
+
+ error:
+
+    if (sessionTrial != ESYS_TR_NONE) {
+        if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) {
+            LOG_ERROR("Cleanup sessionTrial failed.");
+        }
+    }
+    return failure_return;
+}
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context) {
+    return test_esys_policy_template_opt(esys_context);
+}