xref: /aosp_15_r20/external/tpm2-tss/test/integration/fapi-key-create-policy-pcr-sign.int.c (revision 758e9fba6fc9adbf15340f70c73baee7b168b1c9) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*******************************************************************************
3  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
4  * All rights reserved.
5  *******************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10 
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <errno.h>
14 #include <fcntl.h>
15 #include <unistd.h>
16 
17 #include "tss2_fapi.h"
18 
19 #include "test-fapi.h"
20 #define LOGMODULE test
21 #include "util/log.h"
22 #include "util/aux_util.h"
23 
24 #define PASSWORD NULL
25 #define SIGN_TEMPLATE  "sign,noDa"
26 
27 
28 /** Test the FAPI functions for PolicyPCR with key creation and usage.
29  *
30  * Tested FAPI commands:
31  *  - Fapi_Provision()
32  *  - Fapi_Import()
33  *  - Fapi_CreateKey()
34  *  - Fapi_Sign()
35  *  - Fapi_ExportPolicy()
36  *  - Fapi_Delete()
37  *  - Fapi_Import()
38  *  - Fapi_List()
39  *
40  * Tested Policies:
41  *  - PolicyPcr (with currentPCRs set)
42  *
43  * @param[in,out] context The FAPI_CONTEXT.
44  * @retval EXIT_FAILURE
45  * @retval EXIT_SUCCESS
46  */
47 int
test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT * context)48 test_fapi_key_create_policy_pcr_sign(FAPI_CONTEXT *context)
49 {
50     TSS2_RC r;
51     char *policy_name = "/policy/pol_pcr16_0";
52     char *policy_pcr_read = "/policy/pol_pcr16_read";
53     char *policy_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_0.json";
54     char *policy_pcr_read_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_pcr16_read.json";
55     FILE *stream = NULL;
56     char *json_policy = NULL;
57     long policy_size;
58 
59     uint8_t *signature = NULL;
60     char   *publicKey = NULL;
61     char *policy = NULL;
62     char *path_list = NULL;
63 
64     r = Fapi_Provision(context, NULL, NULL, NULL);
65     goto_if_error(r, "Error Fapi_Provision", error);
66 
67     r = pcr_reset(context, 16);
68     goto_if_error(r, "Error pcr_reset", error);
69 
70     stream = fopen(policy_file, "r");
71     if (!stream) {
72         LOG_ERROR("File %s does not exist", policy_file);
73         goto error;
74     }
75     fseek(stream, 0L, SEEK_END);
76     policy_size = ftell(stream);
77     fclose(stream);
78     json_policy = malloc(policy_size + 1);
79     goto_if_null(json_policy,
80             "Could not allocate memory for the JSON policy",
81             TSS2_FAPI_RC_MEMORY, error);
82     stream = fopen(policy_file, "r");
83     ssize_t ret = read(fileno(stream), json_policy, policy_size);
84     if (ret != policy_size) {
85         LOG_ERROR("IO error %s.", policy_file);
86         goto error;
87     }
88     json_policy[policy_size] = '\0';
89 
90     r = Fapi_Import(context, policy_name, json_policy);
91     goto_if_error(r, "Error Fapi_Import", error);
92 
93     r = Fapi_CreateKey(context, "/HS/SRK/mySignKey", SIGN_TEMPLATE,
94                        policy_name, PASSWORD);
95     goto_if_error(r, "Error Fapi_CreateKey", error);
96     size_t signatureSize = 0;
97 
98     TPM2B_DIGEST digest = {
99         .size = 20,
100         .buffer = {
101             0x67, 0x68, 0x03, 0x3e, 0x21, 0x64, 0x68, 0x24, 0x7b, 0xd0,
102             0x31, 0xa0, 0xa2, 0xd9, 0x87, 0x6d, 0x79, 0x81, 0x8f, 0x8f
103         }
104     };
105 
106     r = Fapi_Sign(context, "/HS/SRK/mySignKey", NULL,
107                   &digest.buffer[0], digest.size, &signature, &signatureSize,
108                   &publicKey, NULL);
109     goto_if_error(r, "Error Fapi_Sign", error);
110 
111     r = Fapi_ExportPolicy(context, "HS/SRK/mySignKey", &policy);
112     goto_if_error(r, "Error Fapi_ExportPolicy", error);
113     fprintf(stderr, "\nPolicy from key:\n%s\n", policy);
114 
115     SAFE_FREE(policy);
116 
117     r = Fapi_ExportPolicy(context, policy_name, &policy);
118     goto_if_error(r, "Error Fapi_ExportPolicy", error);
119     fprintf(stderr, "\nPolicy from policy file:\n%s\n", policy);
120 
121     /* Run test with current PCRs defined in policy */
122 
123     r = Fapi_Delete(context, "/HS/SRK/mySignKey");
124     goto_if_error(r, "Error Fapi_Delete", error);
125 
126     fclose(stream);
127     stream = fopen(policy_pcr_read_file, "r");
128     if (!stream) {
129         LOG_ERROR("File %s does not exist", policy_pcr_read_file);
130         goto error;
131     }
132     fseek(stream, 0L, SEEK_END);
133     policy_size = ftell(stream);
134     fclose(stream);
135 
136     SAFE_FREE(json_policy);
137     SAFE_FREE(signature);
138     SAFE_FREE(publicKey);
139     SAFE_FREE(policy);
140     SAFE_FREE(path_list);
141 
142     json_policy = malloc(policy_size + 1);
143     goto_if_null(json_policy,
144             "Could not allocate memory for the JSON policy",
145             TSS2_FAPI_RC_MEMORY, error);
146     stream = fopen(policy_pcr_read_file, "r");
147     ret = read(fileno(stream), json_policy, policy_size);
148     if (ret != policy_size) {
149         LOG_ERROR("IO error %s.", policy_pcr_read_file);
150         goto error;
151     }
152     json_policy[policy_size] = '\0';
153 
154     r = Fapi_Import(context, policy_pcr_read, json_policy);
155     goto_if_error(r, "Error Fapi_Import", error);
156 
157     r = Fapi_CreateKey(context, "/HS/SRK/mySignKey", SIGN_TEMPLATE,
158                        policy_pcr_read, PASSWORD);
159     goto_if_error(r, "Error Fapi_CreateKey", error);
160     signatureSize = 0;
161 
162     r = Fapi_Sign(context, "/HS/SRK/mySignKey", NULL,
163                   &digest.buffer[0], digest.size, &signature, &signatureSize,
164                   &publicKey, NULL);
165     goto_if_error(r, "Error Fapi_Sign", error);
166 
167     r = Fapi_ExportPolicy(context, "HS/SRK/mySignKey", &policy);
168     goto_if_error(r, "Error Fapi_ExportPolicy", error);
169     fprintf(stderr, "\nPolicy from key:\n%s\n", policy);
170 
171     SAFE_FREE(policy);
172 
173     r = Fapi_ExportPolicy(context, policy_pcr_read, &policy);
174     goto_if_error(r, "Error Fapi_ExportPolicy", error);
175     fprintf(stderr, "\nPolicy from policy file:\n%s\n", policy);
176 
177     r = Fapi_Delete(context, "/HS/SRK");
178     goto_if_error(r, "Error Fapi_Delete", error);
179 
180     r = Fapi_List(context, "", &path_list);
181     goto_if_error(r, "Error Fapi_Delete", error);
182 
183     fprintf(stderr, "\nPathList:\n%s\n", path_list);
184 
185     SAFE_FREE(json_policy);
186     SAFE_FREE(signature);
187     SAFE_FREE(publicKey);
188     SAFE_FREE(policy);
189     SAFE_FREE(path_list);
190     return EXIT_SUCCESS;
191 
192 error:
193     SAFE_FREE(json_policy);
194     SAFE_FREE(signature);
195     SAFE_FREE(publicKey);
196     SAFE_FREE(policy);
197     SAFE_FREE(path_list);
198     return EXIT_FAILURE;
199 }
200 
201 int
test_invoke_fapi(FAPI_CONTEXT * fapi_context)202 test_invoke_fapi(FAPI_CONTEXT *fapi_context)
203 {
204     return test_fapi_key_create_policy_pcr_sign(fapi_context);
205 }
206