diff options
author | Juergen Repp <Juergen.Repp@sit.fraunhofer.de> | 2018-11-13 11:34:09 +0100 |
---|---|---|
committer | Tadeusz Struk <tadeusz.struk@intel.com> | 2018-11-14 15:27:07 -0800 |
commit | 882b9e423d1217e959c49b2cef37f6bfe233b51d (patch) | |
tree | 14cc178c9a29d520c2a07d3015845ee6bbc7ae47 /test | |
parent | 085755d44e5b953865eb4f2666063a7c773ea69d (diff) | |
download | tpm2-tss-882b9e423d1217e959c49b2cef37f6bfe233b51d.tar.gz |
ESYS TEST: Split the test policy-regression-opt into three test cases.
* The original test did check optional policy commands. Since it cannot be
expected that the three optional commands are all implemented on a
physical TPM the test case was split.
* If the related command is not implemented only this test case will be skipped.
* Also the related doxygen files are updated.
Signed-off-by: Juergen Repp <Juergen.Repp@sit.fraunhofer.de>
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/esys-policy-authorize-nv-opt.int.c (renamed from test/integration/esys-policy-regression-opt.int.c) | 84 | ||||
-rw-r--r-- | test/integration/esys-policy-physical-presence-opt.int.c | 147 | ||||
-rw-r--r-- | test/integration/esys-policy-template-opt.int.c | 155 |
3 files changed, 304 insertions, 82 deletions
diff --git a/test/integration/esys-policy-regression-opt.int.c b/test/integration/esys-policy-authorize-nv-opt.int.c index 52c419d1..fb460e7b 100644 --- a/test/integration/esys-policy-regression-opt.int.c +++ b/test/integration/esys-policy-authorize-nv-opt.int.c @@ -72,8 +72,6 @@ cmp_policy_digest(ESYS_CONTEXT * esys_context, * - Esys_NV_DefineSpace() (M) * - Esys_PolicyAuthorizeNV() (F) * - Esys_PolicyNV() (M) - * - Esys_PolicyPhysicalPresence() (O) - * - Esys_PolicyTemplate() (F) * * @param[in,out] esys_context The ESYS_CONTEXT. * @retval EXIT_FAILURE @@ -81,12 +79,11 @@ cmp_policy_digest(ESYS_CONTEXT * esys_context, * @retval EXIT_SUCCESS */ int -test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context) +test_esys_policy_authorize_nv_opt(ESYS_CONTEXT * esys_context) { TSS2_RC r; int failure_return = EXIT_FAILURE; ESYS_TR nvHandle = ESYS_TR_NONE; - ESYS_TR sessionTrialPCR = ESYS_TR_NONE; /* Dummy parameters for trial sessoin */ ESYS_TR sessionTrial = ESYS_TR_NONE; @@ -207,77 +204,6 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context) goto_if_error(r, "Error: FlushContext", error); sessionTrial = ESYS_TR_NONE; - - /* - * Test PolicyTemplate - */ - r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - &nonceCallerTrial, - TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1, - &sessionTrial); - goto_if_error(r, "Error: During initialization of policy trial session", - error); - - TPM2B_DIGEST templateHash = { - .size = 20, - .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, - 11, 12, 13, 14, 15, 16, 17, 18, 19, 20} - }; - - r = Esys_PolicyTemplate(esys_context, - sessionTrial, - ESYS_TR_NONE, - ESYS_TR_NONE, ESYS_TR_NONE, &templateHash); - if ((r == TPM2_RC_COMMAND_CODE) || - (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) || - (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) { - LOG_WARNING("Command TPM2_PolicyTemplate not supported by TPM."); - failure_return = EXIT_SKIP; - goto error; - } else { - goto_if_error(r, "Error: PolicyTemplate", error); - - TPM2B_DIGEST expectedPolicyTemplate = { - .size = 20, - .buffer = - {0xf6, 0x6d, 0x2a, 0x9c, 0x6e, 0xa8, 0xdf, 0x1a, 0x49, 0x3c, - 0x42, 0xcc, 0xac, 0x6e, 0x3d, 0x08, 0xc0, 0x84, 0xcf, 0x73} - }; - - if (!cmp_policy_digest - (esys_context, &sessionTrial, &expectedPolicyTemplate, "Template", - FLUSH)) - goto error; - } - - /* - * Test PolicyPhysicalPresence - */ - r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, - &nonceCallerTrial, - TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1, - &sessionTrial); - goto_if_error(r, "Error: During initialization of policy trial session", - error); - - r = Esys_PolicyPhysicalPresence(esys_context, - sessionTrial, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE); - goto_if_error(r, "Error: PolicyPhysicalPresence", error); - - TPM2B_DIGEST expectedPolicyPhysicalPresence = { - .size = 20, - .buffer = {0x9a, 0xcb, 0x06, 0x39, 0x5f, 0x83, 0x1f, 0x88, 0xe8, 0x9e, - 0xea, 0xc2, 0x94, 0x42, 0xcb, 0x0e, 0xbe, 0x94, 0x85, 0xab} - }; - - if (!cmp_policy_digest - (esys_context, &sessionTrial, &expectedPolicyPhysicalPresence, - "PhysicalPresence", FLUSH)) - goto error; - return EXIT_SUCCESS; error: @@ -288,12 +214,6 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context) } } - if (sessionTrialPCR != ESYS_TR_NONE) { - if (Esys_FlushContext(esys_context, sessionTrialPCR) != TSS2_RC_SUCCESS) { - LOG_ERROR("Cleanup sessionTrialPCR failed."); - } - } - if (nvHandle != ESYS_TR_NONE) { if (Esys_NV_UndefineSpace(esys_context, ESYS_TR_RH_OWNER, @@ -310,5 +230,5 @@ test_esys_policy_regression_opt(ESYS_CONTEXT * esys_context) int test_invoke_esapi(ESYS_CONTEXT * esys_context) { - return test_esys_policy_regression_opt(esys_context); + return test_esys_policy_authorize_nv_opt(esys_context); } diff --git a/test/integration/esys-policy-physical-presence-opt.int.c b/test/integration/esys-policy-physical-presence-opt.int.c new file mode 100644 index 00000000..c603d645 --- /dev/null +++ b/test/integration/esys-policy-physical-presence-opt.int.c @@ -0,0 +1,147 @@ +/* SPDX-License-Identifier: BSD-2 */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#include <stdlib.h> + +#include "tss2_esys.h" +#include "tss2_mu.h" + +#include "esys_iutil.h" +#include "test-esapi.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +#define FLUSH true +#define NOT_FLUSH false + +/* + * Function to compare policy digest with expected digest. + * The digest is computed with Esys_PolicyGetDigest. + */ +bool +cmp_policy_digest(ESYS_CONTEXT * esys_context, + ESYS_TR * session, + TPM2B_DIGEST * expected_digest, + char *comment, bool flush_session) +{ + + TSS2_RC r; + TPM2B_DIGEST *policyDigest; + + r = Esys_PolicyGetDigest(esys_context, + *session, + ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, &policyDigest); + goto_if_error(r, "Error: PolicyGetDigest", error); + + LOGBLOB_DEBUG(&policyDigest->buffer[0], policyDigest->size, + "POLICY DIGEST"); + + if (policyDigest->size != 20 + || memcmp(&policyDigest->buffer[0], &expected_digest->buffer[0], + policyDigest->size)) { + free(policyDigest); + LOG_ERROR("Error: Policy%s digest did not match expected policy.", + comment); + return false; + } + free(policyDigest); + if (flush_session) { + r = Esys_FlushContext(esys_context, *session); + goto_if_error(r, "Error: PolicyGetDigest", error); + *session = ESYS_TR_NONE; + } + + return true; + + error: + return false; +} + +/** This test is intended to test the ESAPI policy commands, not tested + * in other test cases. + * When possoble the commands are tested with a + * trial session and the policy digest is compared with the expected digest. + * + * Tested ESAPI commands: + * - Esys_PolicyPhysicalPresence() (O) + * + * @param[in,out] esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SKIP + * @retval EXIT_SUCCESS + */ +int +test_esys_policy_physical_presence_opt(ESYS_CONTEXT * esys_context) +{ + TSS2_RC r; + int failure_return = EXIT_FAILURE; + + /* Dummy parameters for trial sessoin */ + ESYS_TR sessionTrial = ESYS_TR_NONE; + TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, + .keyBits = {.aes = 128}, + .mode = {.aes = TPM2_ALG_CFB} + }; + TPM2B_NONCE nonceCallerTrial = { + .size = 20, + .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30} + }; + + /* + * Test PolicyPhysicalPresence + */ + r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &nonceCallerTrial, + TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1, + &sessionTrial); + goto_if_error(r, "Error: During initialization of policy trial session", + error); + + r = Esys_PolicyPhysicalPresence(esys_context, + sessionTrial, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE); + if ((r == TPM2_RC_COMMAND_CODE) || + (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) || + (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) { + LOG_WARNING("Command TPM2_PolicyPhysicalPresence not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } else { + goto_if_error(r, "Error: PolicyPhysicalPresence", error); + } + + TPM2B_DIGEST expectedPolicyPhysicalPresence = { + .size = 20, + .buffer = {0x9a, 0xcb, 0x06, 0x39, 0x5f, 0x83, 0x1f, 0x88, 0xe8, 0x9e, + 0xea, 0xc2, 0x94, 0x42, 0xcb, 0x0e, 0xbe, 0x94, 0x85, 0xab} + }; + + if (!cmp_policy_digest + (esys_context, &sessionTrial, &expectedPolicyPhysicalPresence, + "PhysicalPresence", FLUSH)) + goto error; + + return EXIT_SUCCESS; + + error: + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup sessionTrial failed."); + } + } + + return failure_return; +} + +int +test_invoke_esapi(ESYS_CONTEXT * esys_context) { + return test_esys_policy_physical_presence_opt(esys_context); +} diff --git a/test/integration/esys-policy-template-opt.int.c b/test/integration/esys-policy-template-opt.int.c new file mode 100644 index 00000000..ace7762a --- /dev/null +++ b/test/integration/esys-policy-template-opt.int.c @@ -0,0 +1,155 @@ +/* SPDX-License-Identifier: BSD-2 */ +/******************************************************************************* + * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG + * All rights reserved. + *******************************************************************************/ + +#include <stdlib.h> + +#include "tss2_esys.h" +#include "tss2_mu.h" + +#include "esys_iutil.h" +#include "test-esapi.h" +#define LOGMODULE test +#include "util/log.h" +#include "util/aux_util.h" + +#define FLUSH true +#define NOT_FLUSH false + +/* + * Function to compare policy digest with expected digest. + * The digest is computed with Esys_PolicyGetDigest. + */ +bool +cmp_policy_digest(ESYS_CONTEXT * esys_context, + ESYS_TR * session, + TPM2B_DIGEST * expected_digest, + char *comment, bool flush_session) +{ + + TSS2_RC r; + TPM2B_DIGEST *policyDigest; + + r = Esys_PolicyGetDigest(esys_context, + *session, + ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, &policyDigest); + goto_if_error(r, "Error: PolicyGetDigest", error); + + LOGBLOB_DEBUG(&policyDigest->buffer[0], policyDigest->size, + "POLICY DIGEST"); + + if (policyDigest->size != 20 + || memcmp(&policyDigest->buffer[0], &expected_digest->buffer[0], + policyDigest->size)) { + free(policyDigest); + LOG_ERROR("Error: Policy%s digest did not match expected policy.", + comment); + return false; + } + free(policyDigest); + if (flush_session) { + r = Esys_FlushContext(esys_context, *session); + goto_if_error(r, "Error: PolicyGetDigest", error); + *session = ESYS_TR_NONE; + } + + return true; + + error: + return false; +} + +/** This test is intended to test the ESAPI policy commands, not tested + * in other test cases. + * When possoble the commands are tested with a + * trial session and the policy digest is compared with the expected digest. + * + * Tested ESAPI commands: + * - Esys_FlushContext() (M) + * - Esys_PolicyTemplate() (F) + * + * @param[in,out] esys_context The ESYS_CONTEXT. + * @retval EXIT_FAILURE + * @retval EXIT_SKIP + * @retval EXIT_SUCCESS + */ +int +test_esys_policy_template_opt(ESYS_CONTEXT * esys_context) +{ + TSS2_RC r; + int failure_return = EXIT_FAILURE; + + /* Dummy parameters for trial sessoin */ + ESYS_TR sessionTrial = ESYS_TR_NONE; + TPMT_SYM_DEF symmetricTrial = {.algorithm = TPM2_ALG_AES, + .keyBits = {.aes = 128}, + .mode = {.aes = TPM2_ALG_CFB} + }; + TPM2B_NONCE nonceCallerTrial = { + .size = 20, + .buffer = {11, 12, 13, 14, 15, 16, 17, 18, 19, 11, + 21, 22, 23, 24, 25, 26, 27, 28, 29, 30} + }; + + /* + * Test PolicyTemplate + */ + r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + &nonceCallerTrial, + TPM2_SE_TRIAL, &symmetricTrial, TPM2_ALG_SHA1, + &sessionTrial); + goto_if_error(r, "Error: During initialization of policy trial session", + error); + + TPM2B_DIGEST templateHash = { + .size = 20, + .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20} + }; + + r = Esys_PolicyTemplate(esys_context, + sessionTrial, + ESYS_TR_NONE, + ESYS_TR_NONE, ESYS_TR_NONE, &templateHash); + if ((r == TPM2_RC_COMMAND_CODE) || + (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_RC_LAYER)) || + (r == (TPM2_RC_COMMAND_CODE | TSS2_RESMGR_TPM_RC_LAYER))) { + LOG_WARNING("Command TPM2_PolicyTemplate not supported by TPM."); + failure_return = EXIT_SKIP; + goto error; + } else { + goto_if_error(r, "Error: PolicyTemplate", error); + + TPM2B_DIGEST expectedPolicyTemplate = { + .size = 20, + .buffer = + {0xf6, 0x6d, 0x2a, 0x9c, 0x6e, 0xa8, 0xdf, 0x1a, 0x49, 0x3c, + 0x42, 0xcc, 0xac, 0x6e, 0x3d, 0x08, 0xc0, 0x84, 0xcf, 0x73} + }; + + if (!cmp_policy_digest + (esys_context, &sessionTrial, &expectedPolicyTemplate, "Template", + FLUSH)) + goto error; + } + + return EXIT_SUCCESS; + + error: + + if (sessionTrial != ESYS_TR_NONE) { + if (Esys_FlushContext(esys_context, sessionTrial) != TSS2_RC_SUCCESS) { + LOG_ERROR("Cleanup sessionTrial failed."); + } + } + return failure_return; +} + +int +test_invoke_esapi(ESYS_CONTEXT * esys_context) { + return test_esys_policy_template_opt(esys_context); +} |