FAPI: Synchronize FAPI test and distribution FAPI profiles.

* The policy for the endorsement key was added to the distribution profiles.
* The PCR usage was adapted for all profiles.
* Inappropriate parameters that are not used in specific profiles now are optional.
* The test profiles now use the same parameters as the distribution profiles.

Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>

diff --git a/dist/fapi-profiles/P_ECCP256SHA256.json b/dist/fapi-profiles/P_ECCP256SHA256.json
index 5b099d8..d66c3de 100644
--- a/dist/fapi-profiles/P_ECCP256SHA256.json
+++ b/dist/fapi-profiles/P_ECCP256SHA256.json

@@ -1,24 +1,15 @@
 {
     "type": "TPM2_ALG_ECC",
     "nameAlg":"TPM2_ALG_SHA256",
-    "srk_template": "system,restricted,decrypt",
+    "srk_template": "system,restricted,decrypt,0x81000001",
     "srk_persistent": 0,
     "ek_template":  "system,restricted,decrypt",
     "ecc_signing_scheme": {
         "scheme":"TPM2_ALG_ECDSA",
         "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
+            "hashAlg":"TPM2_ALG_SHA256"
         },
     },
-    "rsa_signing_scheme": {
-        "scheme":"TPM2_ALG_NULL"
-    },
-    "rsa_decrypt_scheme": {
-        "scheme":"TPM2_ALG_OAEP",
-        "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
-        }
-    },
     "sym_mode":"TPM2_ALG_CFB",
     "sym_parameters": {
         "algorithm":"TPM2_ALG_AES",
@@ -28,11 +19,20 @@
     "sym_block_size": 16,
     "pcr_selection": [
        { "hash": "TPM2_ALG_SHA1",
-         "pcrSelect": [ 9, 15 , 13]
+         "pcrSelect": [ ],
        },
        { "hash": "TPM2_ALG_SHA256",
-         "pcrSelect": [ 8, 16, 14 ]
+         "pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
        }
     ],
-    "curveID": "TPM2_ECC_NIST_P256"
+    "curveID": "TPM2_ECC_NIST_P256",
+    "ek_policy": {
+        "description": "Endorsement hierarchy used for policy secret.",
+        "policy":[
+            {
+                "type":"POLICYSECRET",
+                "objectName": "4000000b",
+            }
+        ]
+    }
 }

diff --git a/dist/fapi-profiles/P_RSA2048SHA256.json b/dist/fapi-profiles/P_RSA2048SHA256.json
index 659ba1d..3f1d738 100644
--- a/dist/fapi-profiles/P_RSA2048SHA256.json
+++ b/dist/fapi-profiles/P_RSA2048SHA256.json

@@ -1,15 +1,9 @@
 {
     "type": "TPM2_ALG_RSA",
     "nameAlg":"TPM2_ALG_SHA256",
-    "srk_template": "system,restricted,decrypt",
-    "srk_persistent": 0,
+    "srk_template": "system,restricted,decrypt,0x81000001",
+    "srk_persistent": 1,
     "ek_template":  "system,restricted,decrypt",
-    "ecc_signing_scheme": {
-        "scheme":"TPM2_ALG_ECDSA",
-        "details":{
-            "hashAlg":"TPM2_ALG_SHA256"
-        },
-    },
     "rsa_signing_scheme": {
         "scheme":"TPM2_ALG_RSAPSS",
         "details":{
@@ -31,12 +25,28 @@
     "sym_block_size": 16,
     "pcr_selection": [
         { "hash": "TPM2_ALG_SHA1",
-          "pcrSelect": [ 9, 15, 13 ]
+          "pcrSelect": [ ]
         },
         { "hash": "TPM2_ALG_SHA256",
-          "pcrSelect": [ 8, 16, 14 ]
+          "pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
         }
     ],
     "exponent": 0,
-    "keyBits": 2048
+    "keyBits": 2048,
+    "session_hash_alg": "TPM2_ALG_SHA256",
+    "session_symmetric":{
+        "algorithm":"TPM2_ALG_AES",
+        "keyBits":"128",
+        "mode":"TPM2_ALG_CFB"
+    },
+    "ek_policy": {
+        "description": "Endorsement hierarchy used for policy secret.",
+        "policy":[
+            {
+                "type":"POLICYSECRET",
+                "objectName": "4000000b",
+            }
+        ]
+    }
+
 }

diff --git a/src/tss2-fapi/ifapi_profiles.c b/src/tss2-fapi/ifapi_profiles.c
index a316722..6be2540 100644
--- a/src/tss2-fapi/ifapi_profiles.c
+++ b/src/tss2-fapi/ifapi_profiles.c

@@ -318,7 +318,6 @@
     json_object *jso,
     IFAPI_PROFILE *out)
 {
-//TODO: Cleanup
     json_object *jso2;
     TSS2_RC r;
 
@@ -353,25 +352,25 @@
     return_if_null(out->ek_template, "Out of memory.", TSS2_FAPI_RC_MEMORY);
 
     if (!ifapi_get_sub_object(jso, "ecc_signing_scheme", &jso2)) {
-        LOG_ERROR("Bad value");
-        return  TSS2_FAPI_RC_BAD_VALUE;
+        memset(&out->ecc_signing_scheme, 0, sizeof(TPMT_SIG_SCHEME));
+    } else {
+        r =  ifapi_json_TPMT_SIG_SCHEME_deserialize(jso2, &out->ecc_signing_scheme);
+        return_if_error(r, "BAD VALUE");
     }
-    r =  ifapi_json_TPMT_SIG_SCHEME_deserialize(jso2, &out->ecc_signing_scheme);
-    return_if_error(r, "BAD VALUE");
 
     if (!ifapi_get_sub_object(jso, "rsa_signing_scheme", &jso2)) {
-        LOG_ERROR("Bad value");
-        return  TSS2_FAPI_RC_BAD_VALUE;
+        memset(&out->rsa_signing_scheme, 0, sizeof(TPMT_SIG_SCHEME));
+    } else {
+        r =  ifapi_json_TPMT_SIG_SCHEME_deserialize(jso2, &out->rsa_signing_scheme);
+        return_if_error(r, "BAD VALUE");
     }
-    r =  ifapi_json_TPMT_SIG_SCHEME_deserialize(jso2, &out->rsa_signing_scheme);
-    return_if_error(r, "BAD VALUE");
 
     if (!ifapi_get_sub_object(jso, "rsa_decrypt_scheme", &jso2)) {
-        LOG_ERROR("Bad value");
-        return  TSS2_FAPI_RC_BAD_VALUE;
+        memset(&out->rsa_decrypt_scheme, 0, sizeof(TPMT_RSA_DECRYPT));
+    } else {
+        r =  ifapi_json_TPMT_RSA_DECRYPT_deserialize(jso2, &out->rsa_decrypt_scheme);
+        return_if_error(r, "BAD VALUE");
     }
-    r =  ifapi_json_TPMT_RSA_DECRYPT_deserialize(jso2, &out->rsa_decrypt_scheme);
-    return_if_error(r, "BAD VALUE");
 
     if (!ifapi_get_sub_object(jso, "sym_mode", &jso2)) {
         LOG_ERROR("Bad value");

diff --git a/test/data/fapi/P_ECC.json b/test/data/fapi/P_ECC.json
index 3350044..d66c3de 100644
--- a/test/data/fapi/P_ECC.json
+++ b/test/data/fapi/P_ECC.json

@@ -1,7 +1,7 @@
 {
     "type": "TPM2_ALG_ECC",
     "nameAlg":"TPM2_ALG_SHA256",
-    "srk_template": "system,restricted,decrypt",
+    "srk_template": "system,restricted,decrypt,0x81000001",
     "srk_persistent": 0,
     "ek_template":  "system,restricted,decrypt",
     "ecc_signing_scheme": {
@@ -10,15 +10,6 @@
             "hashAlg":"TPM2_ALG_SHA256"
         },
     },
-    "rsa_signing_scheme": {
-        "scheme":"TPM2_ALG_NULL"
-    },
-    "rsa_decrypt_scheme": {
-        "scheme":"TPM2_ALG_OAEP",
-        "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
-        }
-    },
     "sym_mode":"TPM2_ALG_CFB",
     "sym_parameters": {
         "algorithm":"TPM2_ALG_AES",
@@ -28,10 +19,10 @@
     "sym_block_size": 16,
     "pcr_selection": [
        { "hash": "TPM2_ALG_SHA1",
-         "pcrSelect": [ 9, 15 , 13]
+         "pcrSelect": [ ],
        },
        { "hash": "TPM2_ALG_SHA256",
-         "pcrSelect": [ 8, 16, 14 ]
+         "pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
        }
     ],
     "curveID": "TPM2_ECC_NIST_P256",

diff --git a/test/data/fapi/P_RSA.json b/test/data/fapi/P_RSA.json
index c98f695..3f1d738 100644
--- a/test/data/fapi/P_RSA.json
+++ b/test/data/fapi/P_RSA.json

@@ -4,22 +4,16 @@
     "srk_template": "system,restricted,decrypt,0x81000001",
     "srk_persistent": 1,
     "ek_template":  "system,restricted,decrypt",
-    "ecc_signing_scheme": {
-        "scheme":"TPM2_ALG_ECDSA",
-        "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
-        },
-    },
     "rsa_signing_scheme": {
         "scheme":"TPM2_ALG_RSAPSS",
         "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
+            "hashAlg":"TPM2_ALG_SHA256"
         }
     },
     "rsa_decrypt_scheme": {
         "scheme":"TPM2_ALG_OAEP",
         "details":{
-            "hashAlg":"TPM2_ALG_SHA1"
+            "hashAlg":"TPM2_ALG_SHA256"
         }
     },
     "sym_mode":"TPM2_ALG_CFB",
@@ -31,10 +25,10 @@
     "sym_block_size": 16,
     "pcr_selection": [
         { "hash": "TPM2_ALG_SHA1",
-          "pcrSelect": [ 9, 15, 13 ]
+          "pcrSelect": [ ]
         },
         { "hash": "TPM2_ALG_SHA256",
-          "pcrSelect": [ 8, 16, 14 ]
+          "pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
         }
     ],
     "exponent": 0,