xref: /aosp_15_r20/external/tpm2-tss/test/integration/esys-certify-creation.int.c (revision 758e9fba6fc9adbf15340f70c73baee7b168b1c9) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdlib.h>
12 
13 #include "tss2_esys.h"
14 
15 #include "esys_iutil.h"
16 #define LOGMODULE test
17 #include "util/log.h"
18 #include "util/aux_util.h"
19 
20 /** This test is intended to test the command Esys_CertifyCreation.
21  *
22  * We create a RSA primary signing key which will be used as signing key
23  * and as object for the certify creation.
24  *
25  * Tested ESAPI commands:
26  *  - Esys_CertifyCreation() (M)
27  *  - Esys_CreatePrimary() (M)
28  *  - Esys_FlushContext() (M)
29  *
30  * @param[in,out] esys_context The ESYS_CONTEXT.
31  * @retval EXIT_FAILURE
32  * @retval EXIT_SUCCESS
33  */
34 
35 int
test_esys_certify_creation(ESYS_CONTEXT * esys_context)36 test_esys_certify_creation(ESYS_CONTEXT * esys_context)
37 {
38     TSS2_RC r;
39     ESYS_TR signHandle = ESYS_TR_NONE;
40 
41     TPM2B_PUBLIC *outPublic = NULL;
42     TPM2B_CREATION_DATA *creationData = NULL;
43     TPM2B_DIGEST *creationHash = NULL;
44     TPMT_TK_CREATION *creationTicket = NULL;
45     TPM2B_ATTEST *certifyInfo = NULL;
46     TPMT_SIGNATURE *signature = NULL;
47 
48     TPM2B_AUTH authValuePrimary = {
49         .size = 5,
50         .buffer = {1, 2, 3, 4, 5}
51     };
52 
53     TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
54         .size = 0,
55         .sensitive = {
56             .userAuth = {
57                  .size = 0,
58                  .buffer = {0},
59              },
60             .data = {
61                  .size = 0,
62                  .buffer = {0},
63              },
64         },
65     };
66 
67     inSensitivePrimary.sensitive.userAuth = authValuePrimary;
68 
69     TPM2B_PUBLIC inPublic = {
70             .size = 0,
71             .publicArea = {
72                 .type = TPM2_ALG_RSA,
73                 .nameAlg = TPM2_ALG_SHA1,
74                 .objectAttributes = (
75                     TPMA_OBJECT_USERWITHAUTH |
76                     TPMA_OBJECT_RESTRICTED |
77                     TPMA_OBJECT_SIGN_ENCRYPT |
78                     TPMA_OBJECT_FIXEDTPM |
79                     TPMA_OBJECT_FIXEDPARENT |
80                     TPMA_OBJECT_SENSITIVEDATAORIGIN
81                     ),
82                 .authPolicy = {
83                         .size = 0,
84                     },
85                 .parameters.rsaDetail = {
86                     .symmetric = {
87                         .algorithm = TPM2_ALG_NULL,
88                         .keyBits.aes = 128,
89                         .mode.aes = TPM2_ALG_CFB,
90                         },
91                     .scheme = {
92                          .scheme = TPM2_ALG_RSASSA,
93                          .details = { .rsassa = { .hashAlg = TPM2_ALG_SHA1 }},
94 
95                     },
96                     .keyBits = 2048,
97                     .exponent = 0,
98                 },
99                 .unique.rsa = {
100                         .size = 0,
101                         .buffer = {},
102                     },
103             },
104         };
105 
106     TPM2B_AUTH authValue = {
107                 .size = 0,
108                 .buffer = {}
109     };
110 
111 
112     TPM2B_DATA outsideInfo = {
113             .size = 0,
114             .buffer = {},
115     };
116 
117 
118     TPML_PCR_SELECTION creationPCR = {
119         .count = 0,
120     };
121 
122     LOG_INFO("\nRSA key will be created.");
123 
124     r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
125     goto_if_error(r, "Error: TR_SetAuth", error);
126 
127     r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
128                            ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
129                            &inPublic, &outsideInfo, &creationPCR,
130                            &signHandle, &outPublic, &creationData,
131                            &creationHash, &creationTicket);
132     goto_if_error(r, "Error esys create primary", error);
133 
134     TPM2B_DATA qualifyingData = {0};;
135     TPMT_SIG_SCHEME inScheme = { .scheme = TPM2_ALG_NULL };;
136 
137     r = Esys_CertifyCreation(
138         esys_context,
139         signHandle,
140         signHandle,
141         ESYS_TR_PASSWORD,
142         ESYS_TR_NONE,
143         ESYS_TR_NONE,
144         &qualifyingData,
145         creationHash,
146         &inScheme,
147         creationTicket,
148         &certifyInfo,
149         &signature);
150     goto_if_error(r, "Error: CertifyCreation", error);
151 
152     r = Esys_FlushContext(esys_context,signHandle);
153     goto_if_error(r, "Error: FlushContext", error);
154 
155     Esys_Free(certifyInfo);
156     Esys_Free(signature);
157     Esys_Free(outPublic);
158     Esys_Free(creationData);
159     Esys_Free(creationHash);
160     Esys_Free(creationTicket);
161     return EXIT_SUCCESS;
162 
163  error:
164 
165     if (signHandle != ESYS_TR_NONE) {
166         if (Esys_FlushContext(esys_context, signHandle) != TSS2_RC_SUCCESS) {
167             LOG_ERROR("Cleanup signHandle failed.");
168         }
169     }
170     Esys_Free(certifyInfo);
171     Esys_Free(signature);
172     Esys_Free(outPublic);
173     Esys_Free(creationData);
174     Esys_Free(creationHash);
175     Esys_Free(creationTicket);
176     return EXIT_FAILURE;
177 }
178 
179 int
test_invoke_esapi(ESYS_CONTEXT * esys_context)180 test_invoke_esapi(ESYS_CONTEXT * esys_context) {
181     return test_esys_certify_creation(esys_context);
182 }
183