Tests: Add ESAPI tests
Add a set of esapi integration tests.
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
diff --git a/Makefile.am b/Makefile.am
index 54754c4..99134c3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -95,10 +95,25 @@
test/tpmclient/tpmclient.int
if ESAPI
TESTS_INTEGRATION += \
- test/integration/esys-get-random.int \
- test/integration/esys-create-session-auth.int \
+ test/integration/esys-clockset.int \
+ test/integration/esys-clockset-session.int \
+ test/integration/esys-create-fail.int \
+ test/integration/esys-create-password-auth.int \
+ test/integration/esys-create-primary-ecc-hmac.int \
test/integration/esys-create-primary-hmac.int \
- test/integration/esys-create-primary-ecc-hmac.int
+ test/integration/esys-create-session-auth.int \
+ test/integration/esys-evict-control-serialization.int \
+ test/integration/esys-get-capability.int \
+ test/integration/esys-get-random.int \
+ test/integration/esys-make-credential.int \
+ test/integration/esys-make-credential-session.int \
+ test/integration/esys-nv-ram-extend-index.int \
+ test/integration/esys-nv-ram-extend-index-session.int \
+ test/integration/esys-nv-ram-ordinary-index.int \
+ test/integration/esys-nv-ram-ordinary-index-session.int \
+ test/integration/esys-quote.int \
+ test/integration/esys-rsa-encrypt-decrypt.int \
+ test/integration/esys-save-and-load-context.int
endif #ESAPI
endif #SIMULATOR_BIN
@@ -363,39 +378,176 @@
test/integration/system-api.int.c
if ESAPI
-test_integration_esys_get_random_int_CFLAGS = $(AM_CFLAGS) \
+test_integration_esys_clockset_int_CFLAGS = $(AM_CFLAGS) \
-I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
-I$(srcdir)/esapi/esapi_util
-test_integration_esys_get_random_int_LDADD = $(TESTS_LDADD)
-test_integration_esys_get_random_int_LDFLAGS = $(AM_LDFLAGS) -lgcrypt
-test_integration_esys_get_random_int_SOURCES = test/integration/esys-get-random.int.c \
- test/integration/main-esapi.c test/integration/test-esapi.h
+test_integration_esys_clockset_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_clockset_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_clockset_int_SOURCES = \
+ test/integration/esys-clockset.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
-test_integration_esys_create_session_auth_int_CFLAGS = $(AM_CFLAGS) \
+test_integration_esys_clockset_session_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util -DTEST_SESSION
+test_integration_esys_clockset_session_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_clockset_session_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_clockset_session_int_SOURCES = \
+ test/integration/esys-clockset.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_create_fail_int_CFLAGS = $(AM_CFLAGS) \
-I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
-I$(srcdir)/esapi/esapi_util
-test_integration_esys_create_session_auth_int_LDADD = $(TESTS_LDADD)
-test_integration_esys_create_session_auth_int_LDFLAGS = $(AM_LDFLAGS) -lgcrypt
-test_integration_esys_create_session_auth_int_SOURCES = test/integration/esys-create-session-auth.int.c \
- test/integration/main-esapi.c test/integration/test-esapi.h
+test_integration_esys_create_fail_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_create_fail_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_create_fail_int_SOURCES = \
+ test/integration/esys-create-fail.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_create_password_auth_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_create_password_auth_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_create_password_auth_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_create_password_auth_int_SOURCES = \
+ test/integration/esys-create-password-auth.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_create_primary_ecc_hmac_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_create_primary_ecc_hmac_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_create_primary_ecc_hmac_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_create_primary_ecc_hmac_int_SOURCES = \
+ test/integration/esys-create-primary-hmac.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
test_integration_esys_create_primary_hmac_int_CFLAGS = $(AM_CFLAGS) \
-I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
-I$(srcdir)/esapi/esapi_util
test_integration_esys_create_primary_hmac_int_LDADD = $(TESTS_LDADD)
-test_integration_esys_create_primary_hmac_int_LDFLAGS = $(AM_LDFLAGS) -lgcrypt
+test_integration_esys_create_primary_hmac_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
test_integration_esys_create_primary_hmac_int_SOURCES = \
- test/integration/esys-create-primary-hmac.int.c test/integration/main-esapi.c \
- test/integration/test-esapi.h
+ test/integration/esys-create-primary-hmac.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
-test_integration_esys_create_primary_ecc_hmac_int_CFLAGS = $(AM_CFLAGS) -DTEST_ECC \
+test_integration_esys_create_session_auth_int_CFLAGS = $(AM_CFLAGS) \
-I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
-I$(srcdir)/esapi/esapi_util
-test_integration_esys_create_primary_ecc_hmac_int_LDADD = $(TESTS_LDADD)
-test_integration_esys_create_primary_ecc_hmac_int_LDFLAGS = $(AM_LDFLAGS) -lgcrypt
-test_integration_esys_create_primary_ecc_hmac_int_SOURCES = \
- test/integration/esys-create-primary-hmac.int.c test/integration/main-esapi.c \
- test/integration/test-esapi.h
+test_integration_esys_create_session_auth_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_create_session_auth_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_create_session_auth_int_SOURCES = \
+ test/integration/esys-create-session-auth.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_evict_control_serialization_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_evict_control_serialization_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_evict_control_serialization_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_evict_control_serialization_int_SOURCES = \
+ test/integration/esys-evict-control-serialization.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_get_capability_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_get_capability_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_get_capability_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_get_capability_int_SOURCES = \
+ test/integration/esys-get-capability.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_get_random_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_get_random_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_get_random_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_get_random_int_SOURCES = \
+ test/integration/esys-get-random.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_make_credential_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_make_credential_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_make_credential_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_make_credential_int_SOURCES = \
+ test/integration/esys-make-credential.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_make_credential_session_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util -DTEST_SESSION
+test_integration_esys_make_credential_session_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_make_credential_session_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_make_credential_session_int_SOURCES = \
+ test/integration/esys-make-credential.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_nv_ram_extend_index_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_nv_ram_extend_index_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_nv_ram_extend_index_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_nv_ram_extend_index_int_SOURCES = \
+ test/integration/esys-nv-ram-extend-index.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_nv_ram_extend_index_session_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util -DTEST_SESSION
+test_integration_esys_nv_ram_extend_index_session_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_nv_ram_extend_index_session_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_nv_ram_extend_index_session_int_SOURCES = \
+ test/integration/esys-nv-ram-extend-index.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_nv_ram_ordinary_index_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_nv_ram_ordinary_index_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_nv_ram_ordinary_index_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_nv_ram_ordinary_index_int_SOURCES = \
+ test/integration/esys-nv-ram-ordinary-index.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_nv_ram_ordinary_index_session_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util -DTEST_SESSION
+test_integration_esys_nv_ram_ordinary_index_session_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_nv_ram_ordinary_index_session_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_nv_ram_ordinary_index_session_int_SOURCES = \
+ test/integration/esys-nv-ram-ordinary-index.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_quote_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_quote_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_quote_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_quote_int_SOURCES = \
+ test/integration/esys-quote.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_rsa_encrypt_decrypt_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_rsa_encrypt_decrypt_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_rsa_encrypt_decrypt_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_rsa_encrypt_decrypt_int_SOURCES = \
+ test/integration/esys-rsa-encrypt-decrypt.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
+
+test_integration_esys_save_and_load_context_int_CFLAGS = $(AM_CFLAGS) \
+ -I. -I$(srcdir)/esapi/esapi -I$(srcdir)/include/esapi \
+ -I$(srcdir)/esapi/esapi_util
+test_integration_esys_save_and_load_context_int_LDADD = $(TESTS_LDADD)
+test_integration_esys_save_and_load_context_int_LDFLAGS = $(TESTS_LDFLAGS) -lgcrypt
+test_integration_esys_save_and_load_context_int_SOURCES = \
+ test/integration/esys-save-and-load-context.int.c \
+ test/integration/main-esapi.c test/integration/test-esapi.h
endif
test_integration_policy_template_int_CFLAGS = $(AM_CFLAGS) $(TESTS_CFLAGS)
diff --git a/test/integration/esys-clockset.int.c b/test/integration/esys-clockset.int.c
new file mode 100644
index 0000000..145a55f
--- /dev/null
+++ b/test/integration/esys-clockset.int.c
@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <gcrypt.h>
+
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/* Test the ESAPI function Esys_ClockSet */
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+
+ uint32_t r = 0;
+
+#ifdef TEST_SESSION
+ ESYS_TR session;
+ TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
+ .keyBits = {.aes = 128},
+ .mode = {.aes = TPM2_ALG_CFB}
+ };
+ TPMA_SESSION sessionAttributes;
+ TPM2B_NONCE *nonceTpm;
+ TPM2B_NONCE nonceCaller = {
+ .size = 20,
+ .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
+ };
+
+ memset(&sessionAttributes, 0, sizeof sessionAttributes);
+
+ r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ &nonceCaller,
+ TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session,
+ &nonceTpm);
+
+ goto_if_error(r, "Error: During initialization of session", error);
+#endif /* TEST_SESSION */
+
+ ESYS_TR auth_handle = ESYS_TR_RH_OWNER;
+ UINT64 newTime = 0xffffff;
+
+ r = Esys_ClockSet (
+ esys_context,
+ auth_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ newTime
+ );
+ goto_if_error(r, "Error: ClockSet", error);
+
+ return 0;
+
+error:
+ return 1;
+}
diff --git a/test/integration/esys-create-fail.int.c b/test/integration/esys-create-fail.int.c
new file mode 100644
index 0000000..455d2dc
--- /dev/null
+++ b/test/integration/esys-create-fail.int.c
@@ -0,0 +1,227 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+#define goto_error_if_not_failed(rc,msg,label) \
+ if (rc == TSS2_RC_SUCCESS) { \
+ LOG_ERROR("Error %s (%x) in Line %i: \n", msg, __LINE__, rc); \
+ goto label; }
+
+/*
+ * This test is intended to test password authentication.
+ * We start by creating a primary key (Esys_CreatePrimary).
+ * Based in the primary several calls with NULL parameters,
+ * which should not be allowed, will be tested.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+#ifdef TEST_ECC
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_ECDSA,
+ .details = {
+ .ecdsa = {.hashAlg = TPM2_ALG_SHA256}},
+ },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf = {
+ .scheme = TPM2_ALG_NULL,
+ .details = {}}
+ },
+ .unique.ecc = {
+ .x = {.size = 0,.buffer = {}},
+ .y = {.size = 0,.buffer = {}},
+ },
+ },
+ };
+ LOG_INFO("\nECC key will be created.");
+#else
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB},
+ .scheme = {
+ .scheme = TPM2_ALG_NULL
+ },
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+ LOG_INFO("\nRSA key will be created.");
+#endif // TEST_ECC
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
+ &inPublic,
+ &outsideInfo, &creationPCR, &primaryHandle_handle,
+ &outPublic, &creationData, &creationHash,
+ &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2B_PUBLIC *outPublic2;
+ TPM2B_PRIVATE *outPrivate2;
+ TPM2B_CREATION_DATA *creationData2;
+ TPM2B_DIGEST *creationHash2;
+ TPMT_TK_CREATION *creationTicket2;
+
+ r = Esys_Create(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_error_if_not_failed(r, "Error esys create did not fail with NULL parameters",
+ error);
+
+ r = Esys_Create_finish(NULL,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_error_if_not_failed(r, "Error esys create finish wiht NULL context did not fail",
+ error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-create-password-auth.int.c b/test/integration/esys-create-password-auth.int.c
new file mode 100644
index 0000000..6fba986
--- /dev/null
+++ b/test/integration/esys-create-password-auth.int.c
@@ -0,0 +1,324 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test password authentication.
+ * We start by creating a primary key (Esys_CreatePrimary).
+ * Based in the primary a second key with an password define in the sensitive
+ * area will be created.
+ * This key will be loaded and will be used as parent to create a third key.
+ * Password authentication will be used to create this key.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+#ifdef TEST_ECC
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_ECDSA,
+ .details = {
+ .ecdsa = {.hashAlg = TPM2_ALG_SHA256}},
+ },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf = {
+ .scheme = TPM2_ALG_NULL,
+ .details = {}}
+ },
+ .unique.ecc = {
+ .x = {.size = 0,.buffer = {}},
+ .y = {.size = 0,.buffer = {}},
+ },
+ },
+ };
+ LOG_INFO("\nECC key will be created.");
+#else
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB},
+ .scheme = {
+ .scheme = TPM2_ALG_NULL
+ },
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+ LOG_INFO("\nRSA key will be created.");
+#endif // TEST_ECC
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
+ &outsideInfo, &creationPCR, &primaryHandle_handle,
+ &outPublic, &creationData, &creationHash,
+ &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2B_AUTH authKey2 = {
+ .size = 6,
+ .buffer = {6, 7, 8, 9, 10, 11}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitive2 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ inSensitive2.sensitive.userAuth = authKey2;
+
+ TPM2B_SENSITIVE_CREATE inSensitive3 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ TPM2B_PUBLIC inPublic2 = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB
+ },
+ .scheme = {
+ .scheme =
+ TPM2_ALG_NULL,
+ },
+ .keyBits = 2048,
+ .exponent = 65537
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {}
+ ,
+ }
+ }
+ };
+
+ TPM2B_DATA outsideInfo2 = {
+ .size = 0,
+ .buffer = {}
+ ,
+ };
+
+ TPML_PCR_SELECTION creationPCR2 = {
+ .count = 0,
+ };
+
+ TPM2B_PUBLIC *outPublic2;
+ TPM2B_PRIVATE *outPrivate2;
+ TPM2B_CREATION_DATA *creationData2;
+ TPM2B_DIGEST *creationHash2;
+ TPMT_TK_CREATION *creationTicket2;
+
+ r = Esys_Create(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive2,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys create ", error);
+
+ LOG_INFO("\nSecond key created.");
+
+ ESYS_TR loadedKeyHandle;
+
+ r = Esys_Load(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle);
+ goto_if_error(r, "Error esys load ", error);
+
+ LOG_INFO("\nSecond Key loaded.");
+
+ r = Esys_TR_SetAuth(esys_context, loadedKeyHandle, &authKey2);
+ goto_if_error(r, "Error esys TR_SetAuth ", error);
+
+ r = Esys_Create(esys_context,
+ loadedKeyHandle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive3,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys second create ", error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-create-primary-hmac.int.c b/test/integration/esys-create-primary-hmac.int.c
index afd2b77..2206f69 100644
--- a/test/integration/esys-create-primary-hmac.int.c
+++ b/test/integration/esys-create-primary-hmac.int.c
@@ -43,19 +43,16 @@
#include "esys_types.h"
#include "esys_iutil.h"
-#define checkerror(rc,msg,label) \
- if (rc != TSS2_RC_SUCCESS) { \
- LOG_ERROR("Error %s (%x) in Line %i: \n", msg, __LINE__, rc); \
- goto label; }
+/*
+ * This test is intended to test Esys_CreatePrimary with hmac verification.
+ * The test can be executed wiht RSA or ECC keys. ECC will bei used if
+ * ECC is defined.
+ */
int
test_invoke_esapi(ESYS_CONTEXT * esys_context)
{
-
uint32_t r;
-
- /* Start of actual content */
-
ESYS_TR session;
TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,.keyBits = {.aes =
128},.mode =
@@ -76,7 +73,7 @@
TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session,
&nonceTpm);
- checkerror(r, "Error: During initialization of session", error);
+ goto_if_error(r, "Error: During initialization of session", error);
TPM2B_SENSITIVE_CREATE inSensitive = {
.size = 4,
@@ -131,7 +128,7 @@
,
}
};
- printf("\nECC key will be created.\n");
+ LOG_INFO("\nECC key will be created.");
TPM2B_PUBLIC inPublic = inPublicECC;
#else
@@ -169,7 +166,7 @@
}
}
};
- printf("\nRSA key will be created.\n");
+ LOG_INFO("\nRSA key will be created.");
TPM2B_PUBLIC inPublic = inPublicRSA;
#endif
@@ -189,7 +186,7 @@
};
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
- checkerror(r, "Error: TR_SetAuth", error);
+ goto_if_error(r, "Error: TR_SetAuth", error);
ESYS_TR objectHandle_handle;
RSRC_NODE_T *objectHandle_node;
@@ -203,23 +200,21 @@
&outsideInfo, &creationPCR, &objectHandle_handle,
&outPublic, &creationData, &creationHash,
&creationTicket);
- checkerror(r, "Error esapi create primary", error);
+ goto_if_error(r, "Error esapi create primary", error);
r = esys_GetResourceObject(esys_context, objectHandle_handle,
&objectHandle_node);
- checkerror(r, "Error Esys GetResourceObject", error);
- printf("Created Primary with handle 0x%08x...\n",
- objectHandle_node->rsrc.handle);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ objectHandle_node->rsrc.handle);
r = Tss2_Sys_FlushContext(esys_context->sys,
objectHandle_node->rsrc.handle);
- checkerror(r, "Error during FlushContext", error);
+ goto_if_error(r, "Error during FlushContext", error);
- /* End of actual content */
-
- printf("Done with handle 0x%08x...\n", objectHandle_node->rsrc.handle);
+ LOG_INFO("Done with handle 0x%08x...", objectHandle_node->rsrc.handle);
return 0;
error:
- fprintf(stderr, "\nError Code: %x\n", r);
+ LOG_ERROR("\nError Code: %x\n", r);
return 1;
}
diff --git a/test/integration/esys-create-session-auth.int.c b/test/integration/esys-create-session-auth.int.c
index 9eda7ff..460c42c 100644
--- a/test/integration/esys-create-session-auth.int.c
+++ b/test/integration/esys-create-session-auth.int.c
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright 2017, Fraunhofer SIT sponsored by Infineon Technologies AG
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -41,14 +41,9 @@
#include "esys_types.h"
#include "esys_iutil.h"
-#define checkerror(rc,msg,label) \
- if (rc != TSS2_RC_SUCCESS) { \
- LOG_ERROR("Error %s (%x) in Line %i: \n", msg, __LINE__, rc); \
- goto label; }
-
/*
- * This test is inteded to test parameter encytption/decryption, session managment,
- * hmac computatin, and session key generation.
+ * This test is intended to test parameter encryption/decryption, session management,
+ * hmac computation, and session key generation.
* We start by creating a primary key (Esys_CreatePrimary).
* The primary key will be used as tpmKey for Esys_StartAuthSession. Parameter
* encryption and decryption will be activated for the session.
@@ -60,29 +55,26 @@
int
test_invoke_esapi(ESYS_CONTEXT * esys_context)
{
-
uint32_t r = 0;
- /* Start of actual content */
-
- TPM2B_AUTH authValuePrimary = {
+ TPM2B_AUTH authValuePrimary = {
.size = 5,
.buffer = {1, 2, 3, 4, 5}
};
- TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
- .size = 4,
- .sensitive = {
- .userAuth = {
- .size = 0,
- .buffer = {0 },
- },
- .data = {
- .size = 0,
- .buffer = {0},
- },
- },
- };
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
inSensitivePrimary.sensitive.userAuth = authValuePrimary;
@@ -124,7 +116,7 @@
},
},
};
- printf("\nECC key will be created.\n");
+ LOG_INFO("\nECC key will be created.");
#else
TPM2B_PUBLIC inPublic = {
.size = 0,
@@ -157,7 +149,7 @@
},
},
};
- printf("\nRSA key will be created.\n");
+ LOG_INFO("\nRSA key will be created.");
#endif // TEST_ECC
TPM2B_DATA outsideInfo = {
@@ -175,7 +167,7 @@
};
r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
- checkerror(r, "Error: TR_SetAuth", error);
+ goto_if_error(r, "Error: TR_SetAuth", error);
ESYS_TR primaryHandle_handle;
RSRC_NODE_T *primaryHandle_node;
@@ -189,17 +181,17 @@
&outsideInfo, &creationPCR, &primaryHandle_handle,
&outPublic, &creationData, &creationHash,
&creationTicket);
- checkerror(r, "Error esys create primary", error);
+ goto_if_error(r, "Error esys create primary", error);
r = esys_GetResourceObject(esys_context, primaryHandle_handle,
&primaryHandle_node);
- checkerror(r, "Error Esys GetResourceObject", error);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
- printf("Created Primary with handle 0x%08x...\n",
- primaryHandle_node->rsrc.handle);
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
- checkerror(r, "Error: TR_SetAuth", error);
+ goto_if_error(r, "Error: TR_SetAuth", error);
ESYS_TR session;
TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
@@ -222,10 +214,10 @@
sessionType, &symmetric, authHash, &session,
&nonceTpm);
- checkerror(r, "Error Esys_StartAuthSessiony", error);
+ goto_if_error(r, "Error Esys_StartAuthSessiony", error);
r = Esys_TRSess_SetAttributes(esys_context, session, sessionAttributes,
0xff);
- checkerror(r, "Error Esys_TRSess_SetAttributes", error);
+ goto_if_error(r, "Error Esys_TRSess_SetAttributes", error);
TPM2B_AUTH authKey2 = {
.size = 6,
@@ -324,9 +316,9 @@
&outPrivate2,
&outPublic2,
&creationData2, &creationHash2, &creationTicket2);
- checkerror(r, "Error esys create ", error);
+ goto_if_error(r, "Error esys create ", error);
- fprintf(stderr, "\nSecond key created.\n");
+ LOG_INFO("\nSecond key created.");
ESYS_TR loadedKeyHandle;
@@ -335,12 +327,12 @@
session,
ESYS_TR_NONE,
ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle);
- checkerror(r, "Error esys load ", error);
+ goto_if_error(r, "Error esys load ", error);
- fprintf(stderr, "\nSecond Key loaded.\n");
+ LOG_INFO("\nSecond Key loaded.");
r = Esys_TR_SetAuth(esys_context, loadedKeyHandle, &authKey2);
- checkerror(r, "Error esys TR_SetAuth ", error);
+ goto_if_error(r, "Error esys TR_SetAuth ", error);
r = Esys_Create(esys_context,
loadedKeyHandle,
@@ -352,9 +344,7 @@
&outPrivate2,
&outPublic2,
&creationData2, &creationHash2, &creationTicket2);
- checkerror(r, "Error esys second create ", error);
-
- /* End of actual content */
+ goto_if_error(r, "Error esys second create ", error);
return 0;
diff --git a/test/integration/esys-evict-control-serialization.int.c b/test/integration/esys-evict-control-serialization.int.c
new file mode 100644
index 0000000..653c40e
--- /dev/null
+++ b/test/integration/esys-evict-control-serialization.int.c
@@ -0,0 +1,304 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test EvictControl and ESAPI Serialization.
+ * We start by creating a primary key (Esys_CreatePrimary). Based on this
+ * key a persistent object is created (Esys_EvictControl). The resource of
+ * this object will be serialized and deserialized with the corresponding
+ * ESAPI functions (Esys_TR_Serialize, Esys_TR_Deserialize).
+ * To check whether the deserialization was successful a new object will
+ * be created with the handle returned by the deserialize function.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+#ifdef TEST_ECC
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_ECDSA,
+ .details = {
+ .ecdsa = {.hashAlg = TPM2_ALG_SHA256}},
+ },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf = {
+ .scheme = TPM2_ALG_NULL,
+ .details = {}}
+ },
+ .unique.ecc = {
+ .x = {.size = 0,.buffer = {}},
+ .y = {.size = 0,.buffer = {}},
+ },
+ },
+ };
+ LOG_INFO("\nECC key will be created.");
+#else
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB},
+ .scheme = {
+ .scheme = TPM2_ALG_NULL
+ },
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+ LOG_INFO("\nRSA key will be created.");
+#endif // TEST_ECC
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
+ &outsideInfo, &creationPCR, &primaryHandle_handle,
+ &outPublic, &creationData, &creationHash,
+ &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2_HANDLE permanentHandle = TPM2_PERSISTENT_FIRST;
+ ESYS_TR new_primary_handle1;
+ ESYS_TR new_primary_handle2;
+
+ r = Esys_EvictControl(esys_context, ESYS_TR_RH_OWNER, primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ permanentHandle, &new_primary_handle1);
+ goto_if_error(r, "Error Esys EvictControl", error);
+
+ size_t buffer_size;
+ uint8_t *buffer;
+
+ r = Esys_TR_Serialize(esys_context, new_primary_handle1, &buffer, &buffer_size);
+ goto_if_error(r, "Error Esys_TR_Serialize", error);
+
+ r = Esys_TR_Deserialize(esys_context, buffer, buffer_size, &new_primary_handle2);
+ goto_if_error(r, "Error Esys_TR_Deserialize", error);
+
+ TPM2B_AUTH authKey2 = {
+ .size = 6,
+ .buffer = {6, 7, 8, 9, 10, 11}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitive2 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ inSensitive2.sensitive.userAuth = authKey2;
+
+ TPM2B_PUBLIC inPublic2 = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB
+ },
+ .scheme = {
+ .scheme =
+ TPM2_ALG_NULL,
+ },
+ .keyBits = 2048,
+ .exponent = 65537
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {}
+ ,
+ }
+ }
+ };
+
+ TPM2B_DATA outsideInfo2 = {
+ .size = 0,
+ .buffer = {}
+ ,
+ };
+
+ TPML_PCR_SELECTION creationPCR2 = {
+ .count = 0,
+ };
+
+ TPM2B_PUBLIC *outPublic2;
+ TPM2B_PRIVATE *outPrivate2;
+ TPM2B_CREATION_DATA *creationData2;
+ TPM2B_DIGEST *creationHash2;
+ TPMT_TK_CREATION *creationTicket2;
+
+ r = Esys_TR_SetAuth(esys_context, new_primary_handle2, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ r = Esys_Create(esys_context,
+ new_primary_handle2,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive2,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys create with new handle from evict object", error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-get-capability.int.c b/test/integration/esys-get-capability.int.c
new file mode 100644
index 0000000..e4bc3aa
--- /dev/null
+++ b/test/integration/esys-get-capability.int.c
@@ -0,0 +1,75 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+#define checkerror(rc,msg,label) \
+ if (rc != TSS2_RC_SUCCESS) { \
+ LOG_ERROR("Error %s (%x) in Line %i: \n", msg, __LINE__, rc); \
+ goto label; }
+
+/*
+ * This test is intended to test the ESAPI get capability command.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+ TPM2_CAP capability = TPM2_CAP_TPM_PROPERTIES;
+ UINT32 property = TPM2_PT_LOCKOUT_COUNTER;
+ UINT32 propertyCount = 1;
+ TPMS_CAPABILITY_DATA *capabilityData;
+ TPMI_YES_NO moreData;
+
+
+ r = Esys_GetCapability(esys_context,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ capability, property, propertyCount,
+ &moreData, &capabilityData);
+
+ goto_if_error(r, "Error esys get capability", error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-make-credential.int.c b/test/integration/esys-make-credential.int.c
new file mode 100644
index 0000000..1ee8370
--- /dev/null
+++ b/test/integration/esys-make-credential.int.c
@@ -0,0 +1,431 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test the function Esys_MakeCredential
+ * We start by creating a primary key (Esys_CreatePrimary).
+ * Based in the primary a second key.
+ * The public part of the key will be loaded by the function
+ * Esys_LoadExternal. A credential will be encrypted with this
+ * key with the command Esys_MakeCredential.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+#ifdef TEST_SESSION
+ ESYS_TR session;
+ TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
+ .keyBits = {.aes = 128},
+ .mode = {.aes = TPM2_ALG_CFB}
+ };
+ TPMA_SESSION sessionAttributes;
+ TPM2B_NONCE *nonceTpm;
+ TPM2B_NONCE nonceCaller = {
+ .size = 20,
+ .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
+ };
+
+ memset(&sessionAttributes, 0, sizeof sessionAttributes);
+
+ RSRC_NODE_T *session_node;
+
+ r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ &nonceCaller,
+ TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session,
+ &nonceTpm);
+
+ goto_if_error(r, "Error: During initialization of session", error);
+
+
+ r = esys_GetResourceObject(esys_context, session,
+ &session_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created session with handle 0x%08x...",
+ session_node->rsrc.handle);
+
+ ESYS_TR session2;
+ RSRC_NODE_T *session2_node;
+
+ r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ &nonceCaller,
+ TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session2,
+ &nonceTpm);
+
+ goto_if_error(r, "Error: During initialization of session", error);
+
+ r = esys_GetResourceObject(esys_context, session2,
+ &session2_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created session2 with handle 0x%08x...",
+ session2_node->rsrc.handle);
+
+#endif /* TEST_SESSION */
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+#ifdef TEST_ECC
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_ECDSA,
+ .details = {
+ .ecdsa = {.hashAlg = TPM2_ALG_SHA256}},
+ },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf = {
+ .scheme = TPM2_ALG_NULL,
+ .details = {}}
+ },
+ .unique.ecc = {
+ .x = {.size = 0,.buffer = {}},
+ .y = {.size = 0,.buffer = {}},
+ },
+ },
+ };
+ LOG_INFO("\nECC key will be created.");
+#else
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB},
+ .scheme = {
+ .scheme = TPM2_ALG_NULL
+ },
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+ LOG_INFO("\nRSA key will be created.");
+#endif // TEST_ECC
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
+ &outsideInfo, &creationPCR, &primaryHandle_handle,
+ &outPublic, &creationData, &creationHash,
+ &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2B_AUTH authKey2 = {
+ .size = 6,
+ .buffer = {6, 7, 8, 9, 10, 11}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitive2 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ inSensitive2.sensitive.userAuth = authKey2;
+
+ TPM2B_PUBLIC inPublic2 = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB
+ },
+ .scheme = {
+ .scheme =
+ TPM2_ALG_NULL,
+ },
+ .keyBits = 2048,
+ .exponent = 65537
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {}
+ ,
+ }
+ }
+ };
+
+ TPM2B_DATA outsideInfo2 = {
+ .size = 0,
+ .buffer = {}
+ ,
+ };
+
+ TPML_PCR_SELECTION creationPCR2 = {
+ .count = 0,
+ };
+
+ TPM2B_PUBLIC *outPublic2;
+ TPM2B_PRIVATE *outPrivate2;
+ TPM2B_CREATION_DATA *creationData2;
+ TPM2B_DIGEST *creationHash2;
+ TPMT_TK_CREATION *creationTicket2;
+
+ r = Esys_Create(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive2,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys create ", error);
+
+ LOG_INFO("\nSecond key created.");
+
+ ESYS_TR loadedKeyHandle;
+
+ r = Esys_LoadExternal(esys_context,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ NULL,
+ outPublic2,
+ TPM2_RH_OWNER,
+ &loadedKeyHandle);
+ goto_if_error(r, "Error esys load exernal", error);
+
+ TPM2B_PUBLIC *primaryKeyPublic;
+ TPM2B_NAME *primaryKeyName;
+ TPM2B_NAME *primaryKeyQualifiedName;
+
+ r = Esys_ReadPublic(
+ esys_context,
+ primaryHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &primaryKeyPublic,
+ &primaryKeyName,
+ &primaryKeyQualifiedName);
+
+ goto_if_error(r, "Error esys read public", error);
+
+ TPM2B_DIGEST credential = {
+ .size = 20,
+ .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}};
+
+ TPM2B_ID_OBJECT *credentialBlob;
+ TPM2B_ENCRYPTED_SECRET *secret;
+
+ r = Esys_MakeCredential(
+ esys_context,
+ loadedKeyHandle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &credential,
+ primaryKeyName,
+ &credentialBlob,
+ &secret
+ );
+ goto_if_error(r, "Error: MakeCredential", error);
+
+ r = Esys_FlushContext(esys_context, loadedKeyHandle);
+ goto_if_error(r, "Error esys flush context", error);
+
+ TPM2B_DIGEST *certInfo;
+
+ r = Esys_Load(
+ esys_context,
+ primaryHandle_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle);
+ goto_if_error(r, "Error esys load ", error);
+
+ LOG_INFO("\nSecond Key loaded.");
+
+ r = Esys_TR_SetAuth(esys_context, loadedKeyHandle, &authKey2);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ r = Esys_ActivateCredential(
+ esys_context,
+ primaryHandle_handle,
+ loadedKeyHandle,
+
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+#ifdef TEST_SESSION
+ session2,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ credentialBlob,
+ secret,
+ &certInfo
+ );
+ goto_if_error(r, "Error: ActivateCredential", error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-nv-ram-extend-index.int.c b/test/integration/esys-nv-ram-extend-index.int.c
new file mode 100644
index 0000000..28bef18
--- /dev/null
+++ b/test/integration/esys-nv-ram-extend-index.int.c
@@ -0,0 +1,224 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test the ESAPI nv define space, nv extend, and
+ * nv read command. The names stored in the ESAPI resource are compared
+ * with the names delivered from the TPM by the command ReadPublic.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+
+ uint32_t r = 0;
+#ifdef TEST_SESSION
+ ESYS_TR session;
+ TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
+ .keyBits = {.aes = 128},
+ .mode = {.aes = TPM2_ALG_CFB}
+ };
+ TPMA_SESSION sessionAttributes;
+ TPM2B_NONCE *nonceTpm;
+ TPM2B_NONCE nonceCaller = {
+ .size = 20,
+ .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
+ };
+
+ memset(&sessionAttributes, 0, sizeof sessionAttributes);
+
+ r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ &nonceCaller,
+ TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session,
+ &nonceTpm);
+
+ goto_if_error(r, "Error: During initialization of session", error);
+#endif /* TEST_SESSION */
+
+ ESYS_TR nvHandle_handle;
+ TPM2B_AUTH auth = {.size = 20,
+ .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
+ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}};
+
+ TPM2B_NV_PUBLIC publicInfo = {
+ .size = 0,
+ .nvPublic = {
+ .nvIndex =TPM2_NV_INDEX_FIRST,
+ .nameAlg = TPM2_ALG_SHA1,
+ .attributes = (
+ TPMA_NV_TPMA_NV_OWNERWRITE |
+ TPMA_NV_TPMA_NV_AUTHWRITE |
+ TPMA_NV_TPMA_NV_WRITE_STCLEAR |
+ TPMA_NV_TPMA_NV_AUTHREAD |
+ TPMA_NV_TPMA_NV_OWNERREAD |
+ TPM2_NT_EXTEND << TPM2_NT_EXTEND
+ ),
+ .authPolicy = {
+ .size = 0,
+ .buffer = {},
+ },
+ .dataSize = 20,
+ }
+ };
+
+ r = Esys_NV_DefineSpace (
+ esys_context,
+ ESYS_TR_RH_OWNER,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &auth,
+ &publicInfo,
+ &nvHandle_handle);
+
+ goto_if_error(r, "Error esys define nv space", error);
+
+ TPM2B_MAX_NV_BUFFER nv_test_data = { .size = 20,
+ .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0,
+ 1, 2, 3, 4, 5, 6, 7, 8, 9}};
+
+ TPM2B_NV_PUBLIC *nvPublic;
+ TPM2B_NAME *nvName;
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ RSRC_NODE_T *nvHandleNode;
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: define space name not equalt");
+ goto error;
+ }
+ r = Esys_NV_Extend (
+ esys_context,
+ nvHandle_handle,
+ nvHandle_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nv_test_data);
+
+ goto_if_error(r, "Error esys nv write", error);
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: nv write name not equal");
+ goto error;
+ }
+
+ TPM2B_MAX_NV_BUFFER *nv_test_data2;
+
+r = Esys_NV_Read(
+ esys_context,
+ nvHandle_handle,
+ nvHandle_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ 0,
+ 0,
+ &nv_test_data2);
+
+ goto_if_error(r, "Error esys nv read", error);
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: nv read name not equal");
+ goto error;
+ }
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-nv-ram-ordinary-index.int.c b/test/integration/esys-nv-ram-ordinary-index.int.c
new file mode 100644
index 0000000..4a322e6
--- /dev/null
+++ b/test/integration/esys-nv-ram-ordinary-index.int.c
@@ -0,0 +1,225 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test the ESAPI nv define space, nv write, and
+ * nv read command. The names stored in the ESAPI resource are compared
+ * with the names delivered from the TPM by the command ReadPublic.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+#ifdef TEST_SESSION
+ ESYS_TR session;
+ TPMT_SYM_DEF symmetric = {.algorithm = TPM2_ALG_AES,
+ .keyBits = {.aes = 128},
+ .mode = {.aes = TPM2_ALG_CFB}
+ };
+ TPMA_SESSION sessionAttributes;
+ TPM2B_NONCE *nonceTpm;
+ TPM2B_NONCE nonceCaller = {
+ .size = 20,
+ .buffer = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
+ 11, 12, 13, 14, 15, 16, 17, 18, 19, 20}
+ };
+
+ memset(&sessionAttributes, 0, sizeof sessionAttributes);
+
+ r = Esys_StartAuthSession(esys_context, ESYS_TR_NONE, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ &nonceCaller,
+ TPM2_SE_HMAC, &symmetric, TPM2_ALG_SHA1, &session,
+ &nonceTpm);
+
+ goto_if_error(r, "Error: During initialization of session", error);
+#endif /* TEST_SESSION */
+
+ ESYS_TR nvHandle_handle;
+ TPM2B_AUTH auth = {.size = 20,
+ .buffer={10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
+ 20, 21, 22, 23, 24, 25, 26, 27, 28, 29}};
+
+ TPM2B_NV_PUBLIC publicInfo = {
+ .size = 0,
+ .nvPublic = {
+ .nvIndex =TPM2_NV_INDEX_FIRST,
+ .nameAlg = TPM2_ALG_SHA1,
+ .attributes = (
+ TPMA_NV_TPMA_NV_OWNERWRITE |
+ TPMA_NV_TPMA_NV_AUTHWRITE |
+ TPMA_NV_TPMA_NV_WRITE_STCLEAR |
+ TPMA_NV_TPMA_NV_AUTHREAD |
+ TPMA_NV_TPMA_NV_OWNERREAD
+ ),
+ .authPolicy = {
+ .size = 0,
+ .buffer = {},
+ },
+ .dataSize = 32,
+ }
+ };
+
+ r = Esys_NV_DefineSpace (
+ esys_context,
+ ESYS_TR_RH_OWNER,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &auth,
+ &publicInfo,
+ &nvHandle_handle);
+
+ goto_if_error(r, "Error esys define nv space", error);
+
+ UINT16 offset = 0;
+ TPM2B_MAX_NV_BUFFER nv_test_data = { .size = 20,
+ .buffer={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0,
+ 1, 2, 3, 4, 5, 6, 7, 8, 9}};
+
+ TPM2B_NV_PUBLIC *nvPublic;
+ TPM2B_NAME *nvName;
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ RSRC_NODE_T *nvHandleNode;
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: define space name not equalt");
+ goto error;
+ }
+ r = Esys_NV_Write (
+ esys_context,
+ nvHandle_handle,
+ nvHandle_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nv_test_data,
+ offset);
+
+ goto_if_error(r, "Error esys nv write", error);
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: nv write name not equal");
+ goto error;
+ }
+
+ TPM2B_MAX_NV_BUFFER *nv_test_data2;
+
+r = Esys_NV_Read(
+ esys_context,
+ nvHandle_handle,
+ nvHandle_handle,
+#ifdef TEST_SESSION
+ session,
+#else
+ ESYS_TR_PASSWORD,
+#endif
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ 0,
+ 0,
+ &nv_test_data2);
+
+ goto_if_error(r, "Error esys nv read", error);
+
+ r = Esys_NV_ReadPublic(
+ esys_context,
+ nvHandle_handle,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE,
+ &nvPublic,
+ &nvName);
+ goto_if_error(r, "Error: nv read public", error);
+
+ r = esys_GetResourceObject(esys_context, nvHandle_handle, &nvHandleNode);
+ goto_if_error(r, "Error: nv get resource object", error);
+
+ if (nvName->size != nvHandleNode->rsrc.name.size ||
+ memcmp(&nvName->name, &nvHandleNode->rsrc.name.name, nvName->size) != 0) {
+ LOG_ERROR("Error: nv read name not equal");
+ goto error;
+ }
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-quote.int.c b/test/integration/esys-quote.int.c
new file mode 100644
index 0000000..68db836
--- /dev/null
+++ b/test/integration/esys-quote.int.c
@@ -0,0 +1,189 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test the quote command with password
+ * authentication.
+ * We create a RSA primary signing key which will be used
+ * for signing.
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0},
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA1,
+ .objectAttributes = (
+ TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN
+ ),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_RSASSA,
+ .details = { .rsassa = { .hashAlg = TPM2_ALG_SHA1 }},
+
+ },
+ .keyBits = 2048,
+ .exponent = 0,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ LOG_INFO("\nRSA key will be created.");
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
+ &inPublic, &outsideInfo, &creationPCR,
+ &primaryHandle_handle, &outPublic, &creationData,
+ &creationHash, &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle,
+ &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2B_DATA qualifyingData = { .size = 0, .buffer = {}};
+ TPMT_SIG_SCHEME sig_scheme = { .scheme = TPM2_ALG_NULL };
+
+ TPML_PCR_SELECTION pcr_selection = {
+ .count = 2,
+ .pcrSelections = {
+ {
+ .hash = TPM2_ALG_SHA1,
+ .sizeofSelect = 3,
+ .pcrSelect = { 0,4,0 } },
+ {
+ .hash = TPM2_ALG_SHA256,
+ .sizeofSelect = 3,
+ .pcrSelect = { 0,4,0 } },
+ }};
+
+ TPM2B_ATTEST *attest;
+ TPMT_SIGNATURE *signature;
+
+ r = Esys_Quote(esys_context, primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &qualifyingData, &sig_scheme, &pcr_selection,
+ &attest, &signature);
+ goto_if_error(r, "Error esys quiote", error);
+
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-rsa-encrypt-decrypt.int.c b/test/integration/esys-rsa-encrypt-decrypt.int.c
new file mode 100644
index 0000000..7a457ed
--- /dev/null
+++ b/test/integration/esys-rsa-encrypt-decrypt.int.c
@@ -0,0 +1,200 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test RSA encryption / decryption. with password
+ * authentication.
+ * We create a RSA primary key (Esys_CreatePrimary) for every crypto action
+ * This key will be used for encrytion/decryption in with the schemes:
+ * TPM2_ALG_NULL, TPM2_ALG_RSAES, and TPM2_ALG_OAEP
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0},
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA1,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm =
+ TPM2_ALG_NULL},
+ .scheme = TPM2_ALG_RSAES,
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+
+ LOG_INFO("\nRSA key will be created.");
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ for (int mode = 0; mode <= 2; mode++) {
+
+ if (mode == 0) {
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
+ TPM2_ALG_NULL;
+ } else if (mode == 1) {
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
+ TPM2_ALG_RSAES;
+ } else if (mode == 2) {
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
+ TPM2_ALG_OAEP;
+ inPublic.publicArea.parameters.rsaDetail.scheme.details.oaep.
+ hashAlg = TPM2_ALG_SHA1;
+ }
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary,
+ &inPublic, &outsideInfo, &creationPCR,
+ &primaryHandle_handle, &outPublic, &creationData,
+ &creationHash, &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle,
+ &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ size_t plain_size = 3;
+ TPM2B_PUBLIC_KEY_RSA plain = {.size = plain_size,.buffer = {1, 2, 3}
+ };
+ TPMT_RSA_DECRYPT scheme;
+ TPM2B_DATA null_data = {.size = 0,.buffer = {}
+ };
+ TPM2B_PUBLIC_KEY_RSA *cipher;
+
+ if (mode == 0) {
+ scheme.scheme = TPM2_ALG_NULL;
+ } else if (mode == 1) {
+ scheme.scheme = TPM2_ALG_RSAES;
+ } else if (mode == 2) {
+ scheme.scheme = TPM2_ALG_OAEP;
+ scheme.details.oaep.hashAlg = TPM2_ALG_SHA1;
+ }
+ r = Esys_RSA_Encrypt(esys_context, primaryHandle_handle, ESYS_TR_NONE,
+ ESYS_TR_NONE, ESYS_TR_NONE, &plain, &scheme,
+ &null_data, &cipher);
+ goto_if_error(r, "Error esys rsa encrypt", error);
+
+ TPM2B_PUBLIC_KEY_RSA *plain2;
+ r = Esys_RSA_Decrypt(esys_context, primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ cipher, &scheme, &null_data, &plain2);
+ goto_if_error(r, "Error esys rsa decrypt", error);
+
+ if (mode > 0 && !memcmp(&plain.buffer[0], &plain2->buffer[0], plain_size)) {
+ LOG_ERROR("plain texts are not equal for mode %i", mode);
+ }
+ }
+ return 0;
+
+ error:
+ return 1;
+}
diff --git a/test/integration/esys-save-and-load-context.int.c b/test/integration/esys-save-and-load-context.int.c
new file mode 100644
index 0000000..77fbc49
--- /dev/null
+++ b/test/integration/esys-save-and-load-context.int.c
@@ -0,0 +1,337 @@
+/*******************************************************************************
+ * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG All
+ * rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *******************************************************************************/
+
+#define _GNU_SOURCE
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <stdint.h>
+#include <sapi/tpm20.h>
+#define LOGMODULE test
+#include "log/log.h"
+#include "test.h"
+#include "sysapi_util.h"
+#include <esapi/tss2_esys.h>
+#include "esys_types.h"
+#include "esys_iutil.h"
+
+/*
+ * This test is intended to test context save and load.
+ * We start by creating a primary key (Esys_CreatePrimary).
+ * Based in the primary a second key with an password define in the sensitive
+ * area will be created.
+ * This key will be loaded and saved with the ContextSave command.
+ * After the key is flushed the key will be loaded again with ContextLoad
+ * and will be used to create a third key
+ */
+
+int
+test_invoke_esapi(ESYS_CONTEXT * esys_context)
+{
+ uint32_t r = 0;
+
+ TPM2B_AUTH authValuePrimary = {
+ .size = 5,
+ .buffer = {1, 2, 3, 4, 5}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitivePrimary = {
+ .size = 4,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0 },
+ },
+ .data = {
+ .size = 0,
+ .buffer = {0},
+ },
+ },
+ };
+
+ inSensitivePrimary.sensitive.userAuth = authValuePrimary;
+
+#ifdef TEST_ECC
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_ECC,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_SIGN_ENCRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.eccDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_NULL,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_ECB,
+ },
+ .scheme = {
+ .scheme = TPM2_ALG_ECDSA,
+ .details = {
+ .ecdsa = {.hashAlg = TPM2_ALG_SHA256}},
+ },
+ .curveID = TPM2_ECC_NIST_P256,
+ .kdf = {
+ .scheme = TPM2_ALG_NULL,
+ .details = {}}
+ },
+ .unique.ecc = {
+ .x = {.size = 0,.buffer = {}},
+ .y = {.size = 0,.buffer = {}},
+ },
+ },
+ };
+ LOG_INFO("\nECC key will be created.");
+#else
+ TPM2B_PUBLIC inPublic = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB},
+ .scheme = {
+ .scheme = TPM2_ALG_NULL
+ },
+ .keyBits = 2048,
+ .exponent = 65537,
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {},
+ },
+ },
+ };
+ LOG_INFO("\nRSA key will be created.");
+#endif // TEST_ECC
+
+ TPM2B_DATA outsideInfo = {
+ .size = 0,
+ .buffer = {},
+ };
+
+ TPML_PCR_SELECTION creationPCR = {
+ .count = 0,
+ };
+
+ TPM2B_AUTH authValue = {
+ .size = 0,
+ .buffer = {}
+ };
+
+ r = Esys_TR_SetAuth(esys_context, ESYS_TR_RH_OWNER, &authValue);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ ESYS_TR primaryHandle_handle;
+ RSRC_NODE_T *primaryHandle_node;
+ TPM2B_PUBLIC *outPublic;
+ TPM2B_CREATION_DATA *creationData;
+ TPM2B_DIGEST *creationHash;
+ TPMT_TK_CREATION *creationTicket;
+
+ r = Esys_CreatePrimary(esys_context, ESYS_TR_RH_OWNER, ESYS_TR_PASSWORD,
+ ESYS_TR_NONE, ESYS_TR_NONE, &inSensitivePrimary, &inPublic,
+ &outsideInfo, &creationPCR, &primaryHandle_handle,
+ &outPublic, &creationData, &creationHash,
+ &creationTicket);
+ goto_if_error(r, "Error esys create primary", error);
+
+ r = esys_GetResourceObject(esys_context, primaryHandle_handle,
+ &primaryHandle_node);
+ goto_if_error(r, "Error Esys GetResourceObject", error);
+
+ LOG_INFO("Created Primary with handle 0x%08x...",
+ primaryHandle_node->rsrc.handle);
+
+ r = Esys_TR_SetAuth(esys_context, primaryHandle_handle, &authValuePrimary);
+ goto_if_error(r, "Error: TR_SetAuth", error);
+
+ TPM2B_AUTH authKey2 = {
+ .size = 6,
+ .buffer = {6, 7, 8, 9, 10, 11}
+ };
+
+ TPM2B_SENSITIVE_CREATE inSensitive2 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {0}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ inSensitive2.sensitive.userAuth = authKey2;
+
+ TPM2B_SENSITIVE_CREATE inSensitive3 = {
+ .size = 1,
+ .sensitive = {
+ .userAuth = {
+ .size = 0,
+ .buffer = {}
+ },
+ .data = {
+ .size = 0,
+ .buffer = {}
+ }
+ }
+ };
+
+ TPM2B_PUBLIC inPublic2 = {
+ .size = 0,
+ .publicArea = {
+ .type = TPM2_ALG_RSA,
+ .nameAlg = TPM2_ALG_SHA256,
+ .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
+ TPMA_OBJECT_RESTRICTED |
+ TPMA_OBJECT_DECRYPT |
+ TPMA_OBJECT_FIXEDTPM |
+ TPMA_OBJECT_FIXEDPARENT |
+ TPMA_OBJECT_SENSITIVEDATAORIGIN),
+
+ .authPolicy = {
+ .size = 0,
+ },
+ .parameters.rsaDetail = {
+ .symmetric = {
+ .algorithm = TPM2_ALG_AES,
+ .keyBits.aes = 128,
+ .mode.aes = TPM2_ALG_CFB
+ },
+ .scheme = {
+ .scheme =
+ TPM2_ALG_NULL,
+ },
+ .keyBits = 2048,
+ .exponent = 65537
+ },
+ .unique.rsa = {
+ .size = 0,
+ .buffer = {}
+ ,
+ }
+ }
+ };
+
+ TPM2B_DATA outsideInfo2 = {
+ .size = 0,
+ .buffer = {}
+ ,
+ };
+
+ TPML_PCR_SELECTION creationPCR2 = {
+ .count = 0,
+ };
+
+ TPM2B_PUBLIC *outPublic2;
+ TPM2B_PRIVATE *outPrivate2;
+ TPM2B_CREATION_DATA *creationData2;
+ TPM2B_DIGEST *creationHash2;
+ TPMT_TK_CREATION *creationTicket2;
+
+ r = Esys_Create(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive2,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys create ", error);
+
+ LOG_INFO("\nSecond key created.");
+
+ ESYS_TR loadedKeyHandle1;
+ ESYS_TR loadedKeyHandle2;
+
+ r = Esys_Load(esys_context,
+ primaryHandle_handle,
+ ESYS_TR_PASSWORD,
+ ESYS_TR_NONE,
+ ESYS_TR_NONE, outPrivate2, outPublic2, &loadedKeyHandle1);
+ goto_if_error(r, "Error esys load ", error);
+
+ LOG_INFO("\nSecond Key loaded.");
+
+ TPMS_CONTEXT *context;
+
+ r = Esys_ContextSave(esys_context, loadedKeyHandle1, &context);
+ goto_if_error(r, "Error esys context save", error);
+
+ r = Esys_FlushContext(esys_context, loadedKeyHandle1);
+ goto_if_error(r, "Error esys flush context", error);
+
+ r = Esys_ContextLoad(esys_context, context, &loadedKeyHandle2);
+ goto_if_error(r, "Error esys context load", error);
+
+ r = Esys_TR_SetAuth(esys_context, loadedKeyHandle2, &authKey2);
+ goto_if_error(r, "Error esys TR_SetAuth ", error);
+
+ r = Esys_Create(esys_context,
+ loadedKeyHandle2,
+ ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
+ &inSensitive3,
+ &inPublic2,
+ &outsideInfo2,
+ &creationPCR2,
+ &outPrivate2,
+ &outPublic2,
+ &creationData2, &creationHash2, &creationTicket2);
+ goto_if_error(r, "Error esys second create ", error);
+
+ return 0;
+
+ error:
+ return 1;
+}