158 lines
4.3 KiB
C
158 lines
4.3 KiB
C
/* SPDX-License-Identifier: BSD-2-Clause */
|
|
/*******************************************************************************
|
|
* Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
|
|
* All rights reserved.
|
|
*******************************************************************************/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <inttypes.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
|
|
#include "tss2_fapi.h"
|
|
#include "tss2_esys.h"
|
|
|
|
#include "test-fapi.h"
|
|
#define LOGMODULE test
|
|
#include "util/log.h"
|
|
#include "util/aux_util.h"
|
|
|
|
static TSS2_RC
|
|
check_tpm_cmd(FAPI_CONTEXT *context, TPM2_CC command_code)
|
|
{
|
|
TSS2_RC r;
|
|
TSS2_TCTI_CONTEXT *tcti;
|
|
ESYS_CONTEXT *esys;
|
|
TPMS_CAPABILITY_DATA *cap_data;
|
|
|
|
r = Fapi_GetTcti(context, &tcti);
|
|
goto_if_error(r, "Error Fapi_GetTcti", error);
|
|
|
|
r = Esys_Initialize(&esys, tcti, NULL);
|
|
goto_if_error(r, "Error Fapi_GetTcti", error);
|
|
|
|
r = Esys_GetCapability(esys,
|
|
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
|
|
TPM2_CAP_COMMANDS, command_code, 1, NULL, &cap_data);
|
|
Esys_Finalize(&esys);
|
|
return_if_error(r, "Error: GetCapabilities");
|
|
|
|
if ((cap_data->data.command.commandAttributes[0] & TPMA_CC_COMMANDINDEX_MASK) ==
|
|
command_code) {
|
|
free(cap_data);
|
|
return TSS2_RC_SUCCESS;
|
|
} else {
|
|
free(cap_data);
|
|
return TSS2_FAPI_RC_NOT_IMPLEMENTED;
|
|
}
|
|
|
|
error:
|
|
return r;
|
|
}
|
|
|
|
/** Test the FAPI PolicyCpHash but means of AuthorizeNv.
|
|
*
|
|
* Tested FAPI commands:
|
|
* - Fapi_GetTcti()
|
|
* - Fapi_Provision()
|
|
* - Fapi_Import()
|
|
* - Fapi_CreateNv()
|
|
* - Fapi_WriteAuthorizeNv
|
|
* - Fapi_NvWrite()
|
|
*
|
|
* Tested Policies:
|
|
* - PolicyAuthorize
|
|
* - PolicyCpHash
|
|
*
|
|
* @param[in,out] context The FAPI_CONTEXT.
|
|
* @retval EXIT_FAILURE
|
|
* @retval EXIT_SUCCESS
|
|
*/
|
|
int
|
|
test_fapi_nv_authorizenv_cphash(FAPI_CONTEXT *context)
|
|
{
|
|
TSS2_RC r;
|
|
ssize_t ret;
|
|
uint8_t data[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
|
|
char *policy1_name = "/policy/pol_authorize_nv";
|
|
char *policy1_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_authorize_nv.json";
|
|
char *policy2_name = "/policy/pol_cphash";
|
|
char *policy2_file = TOP_SOURCEDIR "/test/data/fapi/policy/pol_cphash.json";
|
|
FILE *stream = NULL;
|
|
char json[1024];
|
|
|
|
if (check_tpm_cmd(context, TPM2_CC_PolicyAuthorizeNV) != TPM2_RC_SUCCESS) {
|
|
LOG_WARNING("Command PolicyAuthorizeNV not available.");
|
|
return EXIT_SKIP;
|
|
}
|
|
|
|
r = Fapi_Provision(context, NULL, NULL, NULL);
|
|
goto_if_error(r, "Error Fapi_Provision", error);
|
|
|
|
memset(&json[0], 0, sizeof(json));
|
|
stream = fopen(policy1_file, "r");
|
|
ret = read(fileno(stream), &json[0], sizeof(json));
|
|
fclose(stream);
|
|
if (ret < 0) {
|
|
LOG_ERROR("IO error %s.", policy1_file);
|
|
goto error;
|
|
}
|
|
json[ret] = '\0';
|
|
r = Fapi_Import(context, policy1_name, json);
|
|
goto_if_error(r, "Error Fapi_Import", error);
|
|
|
|
memset(&json[0], 0, sizeof(json));
|
|
stream = fopen(policy2_file, "r");
|
|
ret = read(fileno(stream), &json[0], sizeof(json));
|
|
fclose(stream);
|
|
if (ret < 0) {
|
|
LOG_ERROR("IO error %s.", policy2_file);
|
|
goto error;
|
|
}
|
|
json[ret] = '\0';
|
|
r = Fapi_Import(context, policy2_name, json);
|
|
goto_if_error(r, "Error Fapi_Import", error);
|
|
|
|
/* Start the test */
|
|
|
|
r = Fapi_CreateNv(context, "/nv/Owner/myNV", "", 34, "", "");
|
|
goto_if_error(r, "Error Fapi_CreateNv", error);
|
|
|
|
|
|
r = Fapi_CreateNv(context, "/nv/Owner/myNV2", "", sizeof(data), policy1_name, "");
|
|
goto_if_error(r, "Error Fapi_CreateNv", error);
|
|
|
|
r = Fapi_WriteAuthorizeNv(context, "/nv/Owner/myNV", policy2_name);
|
|
goto_if_error(r, "Error Fapi_WriteAuthorizeNv", error);
|
|
|
|
r = Fapi_NvWrite(context, "/nv/Owner/myNV2", &data[0], sizeof(data));
|
|
goto_if_error(r, "Error Fapi_NvWrite", error);
|
|
|
|
/* Cleanup */
|
|
|
|
r = Fapi_Delete(context, "/nv/Owner/myNV");
|
|
goto_if_error(r, "Error Fapi_NV_Undefine", error);
|
|
|
|
r = Fapi_Delete(context, "/nv/Owner/myNV2");
|
|
goto_if_error(r, "Error Fapi_NV_Undefine", error);
|
|
|
|
r = Fapi_Delete(context, "/");
|
|
goto_if_error(r, "Error Fapi_Delete", error);
|
|
|
|
return EXIT_SUCCESS;
|
|
|
|
error:
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
int
|
|
test_invoke_fapi(FAPI_CONTEXT *context)
|
|
{
|
|
return test_fapi_nv_authorizenv_cphash(context);
|
|
}
|