1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
6 static void test_tpm2_pcr_mask_from_string_one(const char *s
, uint32_t mask
, int ret
) {
9 assert_se(tpm2_pcr_mask_from_string(s
, &m
) == ret
);
15 TEST(tpm2_mask_from_string
) {
16 test_tpm2_pcr_mask_from_string_one("", 0, 0);
17 test_tpm2_pcr_mask_from_string_one("0", 1, 0);
18 test_tpm2_pcr_mask_from_string_one("1", 2, 0);
19 test_tpm2_pcr_mask_from_string_one("0,1", 3, 0);
20 test_tpm2_pcr_mask_from_string_one("0+1", 3, 0);
21 test_tpm2_pcr_mask_from_string_one("0-1", 0, -EINVAL
);
22 test_tpm2_pcr_mask_from_string_one("0,1,2", 7, 0);
23 test_tpm2_pcr_mask_from_string_one("0+1+2", 7, 0);
24 test_tpm2_pcr_mask_from_string_one("0+1,2", 7, 0);
25 test_tpm2_pcr_mask_from_string_one("0,1+2", 7, 0);
26 test_tpm2_pcr_mask_from_string_one("0,2", 5, 0);
27 test_tpm2_pcr_mask_from_string_one("0+2", 5, 0);
28 test_tpm2_pcr_mask_from_string_one("foo", 0, -EINVAL
);
31 TEST(tpm2_util_pbkdf2_hmac_sha256
) {
34 * The test vectors from RFC 6070 [1] are for dkLen of 20 as it's SHA1
35 * other RFCs I bumped into had various differing dkLen and iter counts,
36 * so this was generated using Python's hmacmodule.
38 * 1. https://www.rfc-editor.org/rfc/rfc6070.html#page-2
41 const uint8_t pass
[256];
43 const uint8_t salt
[256];
45 uint8_t expected
[SHA256_DIGEST_SIZE
];
47 { .pass
={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen
=7, .salt
={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen
=16, .expected
={0xCB, 0xEA, 0x27, 0x23, 0x9A, 0x65, 0x99, 0xF6, 0x8C, 0x26, 0x54, 0x80, 0x5C, 0x63, 0x61, 0xD2, 0x91, 0x0A, 0x60, 0x3F, 0xC2, 0xF5, 0xF0, 0xAB, 0x55, 0x8B, 0x46, 0x07, 0x60, 0x93, 0xAB, 0xCB} },
48 { .pass
={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen
=7, .salt
={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen
=15, .expected
={0x2B, 0xDF, 0x52, 0x29, 0x48, 0x3F, 0x98, 0x25, 0x01, 0x19, 0xB4, 0x42, 0xBC, 0xA7, 0x38, 0x5D, 0xCD, 0x08, 0xBD, 0xDC, 0x33, 0xBF, 0x32, 0x5E, 0x31, 0x87, 0x54, 0xFF, 0x2C, 0x23, 0x68, 0xFF} },
49 { .pass
={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen
=7, .salt
={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen
=7, .expected
={0x7C, 0x24, 0xB4, 0x4D, 0x30, 0x11, 0x53, 0x24, 0x87, 0x56, 0x24, 0x10, 0xBA, 0x9F, 0xF2, 0x4E, 0xBB, 0xF5, 0x03, 0x56, 0x2B, 0xB1, 0xA1, 0x92, 0x8B, 0x5F, 0x32, 0x02, 0x23, 0x1F, 0x79, 0xE6} },
50 { .pass
={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen
=21, .salt
={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen
=16, .expected
={0xE9, 0x53, 0xB7, 0x1D, 0xAB, 0xD1, 0xC1, 0xF3, 0xC4, 0x7F, 0x18, 0x96, 0xDD, 0xD7, 0x6B, 0xC6, 0x6A, 0xBD, 0xFB, 0x12, 0x7C, 0xF8, 0x68, 0xDC, 0x6E, 0xEF, 0x29, 0xCC, 0x1B, 0x30, 0x5B, 0x74} },
51 { .pass
={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen
=21, .salt
={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen
=15, .expected
={0x51, 0xA3, 0x82, 0xA5, 0x2F, 0x48, 0x84, 0xB3, 0x02, 0x0D, 0xC2, 0x42, 0x9A, 0x8F, 0x86, 0xCC, 0x66, 0xFD, 0x65, 0x87, 0x89, 0x07, 0x2B, 0x07, 0x82, 0x42, 0xD6, 0x6D, 0x43, 0xB8, 0xFD, 0xCF} },
52 { .pass
={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen
=21, .salt
={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen
=7, .expected
={0xEC, 0xFB, 0x5D, 0x5F, 0xF6, 0xA6, 0xE0, 0x79, 0x50, 0x64, 0x36, 0x64, 0xA3, 0x9A, 0x5C, 0xF3, 0x7A, 0x87, 0x0B, 0x64, 0x51, 0x59, 0x75, 0x64, 0x8B, 0x78, 0x2B, 0x62, 0x8F, 0x68, 0xD9, 0xCC} },
53 { .pass
={0x00, 'p', 'a', 's', 's'}, .passlen
=5, .salt
={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen
=16, .expected
={0x8A, 0x9A, 0x47, 0x9A, 0x91, 0x22, 0x2F, 0x56, 0x29, 0x4F, 0x26, 0x00, 0xE7, 0xB3, 0xEB, 0x63, 0x6D, 0x51, 0xF2, 0x60, 0x17, 0x08, 0x20, 0x70, 0x82, 0x8F, 0xA3, 0xD7, 0xBE, 0x2B, 0xD5, 0x5D} },
54 { .pass
={0x00, 'p', 'a', 's', 's'}, .passlen
=5, .salt
={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen
=15, .expected
={0x72, 0x3A, 0xF5, 0xF7, 0xCD, 0x6C, 0x12, 0xDD, 0x53, 0x28, 0x46, 0x0C, 0x19, 0x0E, 0xF2, 0x91, 0xDE, 0xEA, 0xF9, 0x6F, 0x74, 0x32, 0x34, 0x3F, 0x84, 0xED, 0x8D, 0x2A, 0xDE, 0xC9, 0xC6, 0x34} },
55 { .pass
={0x00, 'p', 'a', 's', 's'}, .passlen
=5, .salt
={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen
=7, .expected
={0xE3, 0x07, 0x12, 0xBE, 0xEE, 0xF5, 0x5D, 0x18, 0x72, 0xF4, 0xCF, 0xF1, 0x20, 0x6B, 0xD6, 0x66, 0xCD, 0x7C, 0xE7, 0x4F, 0xC2, 0x16, 0x70, 0x5B, 0x9B, 0x2F, 0x7D, 0xE2, 0x3B, 0x42, 0x3A, 0x1B} },
58 uint8_t res
[SHA256_DIGEST_SIZE
];
59 for(size_t i
= 0; i
< sizeof(test_vectors
)/sizeof(test_vectors
[0]); i
++) {
61 int rc
= tpm2_util_pbkdf2_hmac_sha256(
63 test_vectors
[i
].passlen
,
65 test_vectors
[i
].saltlen
,
68 assert_se(memcmp(test_vectors
[i
].expected
, res
, SHA256_DIGEST_SIZE
) == 0);
74 #define POISON(type) \
77 memset(&_p, 0xaa, sizeof(_p)); \
80 #define POISON_TPML POISON(TPML_PCR_SELECTION)
81 #define POISON_TPMS POISON(TPMS_PCR_SELECTION)
82 #define POISON_U32 POISON(uint32_t)
84 static void assert_tpms_pcr_selection_eq(TPMS_PCR_SELECTION
*a
, TPMS_PCR_SELECTION
*b
) {
88 assert_se(a
->hash
== b
->hash
);
89 assert_se(a
->sizeofSelect
== b
->sizeofSelect
);
91 for (size_t i
= 0; i
< a
->sizeofSelect
; i
++)
92 assert_se(a
->pcrSelect
[i
] == b
->pcrSelect
[i
]);
95 static void assert_tpml_pcr_selection_eq(TPML_PCR_SELECTION
*a
, TPML_PCR_SELECTION
*b
) {
99 assert_se(a
->count
== b
->count
);
100 for (size_t i
= 0; i
< a
->count
; i
++)
101 assert_tpms_pcr_selection_eq(&a
->pcrSelections
[i
], &b
->pcrSelections
[i
]);
104 static void verify_tpms_pcr_selection(TPMS_PCR_SELECTION
*s
, uint32_t mask
, TPMI_ALG_HASH hash
) {
105 assert_se(s
->hash
== hash
);
106 assert_se(s
->sizeofSelect
== 3);
107 assert_se(s
->pcrSelect
[0] == (mask
& 0xff));
108 assert_se(s
->pcrSelect
[1] == ((mask
>> 8) & 0xff));
109 assert_se(s
->pcrSelect
[2] == ((mask
>> 16) & 0xff));
110 assert_se(s
->pcrSelect
[3] == 0);
112 uint32_t m
= POISON_U32
;
113 tpm2_tpms_pcr_selection_to_mask(s
, &m
);
114 assert_se(m
== mask
);
117 static void verify_tpml_pcr_selection(TPML_PCR_SELECTION
*l
, TPMS_PCR_SELECTION s
[], size_t count
) {
118 assert_se(l
->count
== count
);
119 for (size_t i
= 0; i
< count
; i
++) {
120 assert_tpms_pcr_selection_eq(&s
[i
], &l
->pcrSelections
[i
]);
122 uint32_t mask
= POISON_U32
;
123 TPMI_ALG_HASH hash
= l
->pcrSelections
[i
].hash
;
124 assert_se(tpm2_tpml_pcr_selection_to_mask(l
, hash
, &mask
) == 0);
125 verify_tpms_pcr_selection(&l
->pcrSelections
[i
], mask
, hash
);
129 static void _test_pcr_selection_mask_hash(uint32_t mask
, TPMI_ALG_HASH hash
) {
130 TPMS_PCR_SELECTION s
= POISON_TPMS
;
131 tpm2_tpms_pcr_selection_from_mask(mask
, hash
, &s
);
132 verify_tpms_pcr_selection(&s
, mask
, hash
);
134 TPML_PCR_SELECTION l
= POISON_TPML
;
135 tpm2_tpml_pcr_selection_from_mask(mask
, hash
, &l
);
136 verify_tpml_pcr_selection(&l
, &s
, 1);
137 verify_tpms_pcr_selection(&l
.pcrSelections
[0], mask
, hash
);
139 uint32_t test_masks
[] = {
140 0x0, 0x1, 0x100, 0x10000, 0xf0f0f0, 0xaaaaaa, 0xffffff,
142 for (unsigned i
= 0; i
< ELEMENTSOF(test_masks
); i
++) {
143 uint32_t test_mask
= test_masks
[i
];
145 TPMS_PCR_SELECTION a
= POISON_TPMS
, b
= POISON_TPMS
, test_s
= POISON_TPMS
;
146 tpm2_tpms_pcr_selection_from_mask(test_mask
, hash
, &test_s
);
150 tpm2_tpms_pcr_selection_add(&a
, &b
);
151 verify_tpms_pcr_selection(&a
, UPDATE_FLAG(mask
, test_mask
, true), hash
);
152 verify_tpms_pcr_selection(&b
, test_mask
, hash
);
156 tpm2_tpms_pcr_selection_sub(&a
, &b
);
157 verify_tpms_pcr_selection(&a
, UPDATE_FLAG(mask
, test_mask
, false), hash
);
158 verify_tpms_pcr_selection(&b
, test_mask
, hash
);
162 tpm2_tpms_pcr_selection_move(&a
, &b
);
163 verify_tpms_pcr_selection(&a
, UPDATE_FLAG(mask
, test_mask
, true), hash
);
164 verify_tpms_pcr_selection(&b
, 0, hash
);
168 TEST(tpms_pcr_selection_mask_and_hash
) {
169 TPMI_ALG_HASH HASH_ALGS
[] = { TPM2_ALG_SHA1
, TPM2_ALG_SHA256
, };
171 for (unsigned i
= 0; i
< ELEMENTSOF(HASH_ALGS
); i
++)
172 for (uint32_t m2
= 0; m2
<= 0xffffff; m2
+= 0x30000)
173 for (uint32_t m1
= 0; m1
<= 0xffff; m1
+= 0x300)
174 for (uint32_t m0
= 0; m0
<= 0xff; m0
+= 0x3)
175 _test_pcr_selection_mask_hash(m0
| m1
| m2
, HASH_ALGS
[i
]);
178 static void _test_tpms_sw(
181 const char *expected_str
,
182 size_t expected_weight
) {
184 TPMS_PCR_SELECTION s
= POISON_TPMS
;
185 tpm2_tpms_pcr_selection_from_mask(mask
, hash
, &s
);
187 _cleanup_free_
char *tpms_str
= tpm2_tpms_pcr_selection_to_string(&s
);
188 assert_se(streq(tpms_str
, expected_str
));
190 assert_se(tpm2_tpms_pcr_selection_weight(&s
) == expected_weight
);
191 assert_se(tpm2_tpms_pcr_selection_is_empty(&s
) == (expected_weight
== 0));
194 TEST(tpms_pcr_selection_string_and_weight
) {
195 TPMI_ALG_HASH sha1
= TPM2_ALG_SHA1
, sha256
= TPM2_ALG_SHA256
;
197 _test_tpms_sw(sha1
, 0, "sha1()", 0);
198 _test_tpms_sw(sha1
, 1, "sha1(0)", 1);
199 _test_tpms_sw(sha1
, 0xf, "sha1(0+1+2+3)", 4);
200 _test_tpms_sw(sha1
, 0x00ff00, "sha1(8+9+10+11+12+13+14+15)", 8);
201 _test_tpms_sw(sha1
, 0xffffff, "sha1(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)", 24);
202 _test_tpms_sw(sha256
, 0, "sha256()", 0);
203 _test_tpms_sw(sha256
, 1, "sha256(0)", 1);
204 _test_tpms_sw(sha256
, 7, "sha256(0+1+2)", 3);
205 _test_tpms_sw(sha256
, 0xf00000, "sha256(20+21+22+23)", 4);
206 _test_tpms_sw(sha256
, 0xffffff, "sha256(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)", 24);
209 static void _tpml_pcr_selection_add_tpms(TPMS_PCR_SELECTION s
[], size_t count
, TPML_PCR_SELECTION
*ret
) {
210 for (size_t i
= 0; i
< count
; i
++)
211 tpm2_tpml_pcr_selection_add_tpms_pcr_selection(ret
, &s
[i
]);
214 static void _tpml_pcr_selection_sub_tpms(TPMS_PCR_SELECTION s
[], size_t count
, TPML_PCR_SELECTION
*ret
) {
215 for (size_t i
= 0; i
< count
; i
++)
216 tpm2_tpml_pcr_selection_sub_tpms_pcr_selection(ret
, &s
[i
]);
219 static void _test_tpml_sw(
220 TPMS_PCR_SELECTION s
[],
222 size_t expected_count
,
223 const char *expected_str
,
224 size_t expected_weight
) {
226 TPML_PCR_SELECTION l
= {};
227 _tpml_pcr_selection_add_tpms(s
, count
, &l
);
228 assert_se(l
.count
== expected_count
);
230 _cleanup_free_
char *tpml_str
= tpm2_tpml_pcr_selection_to_string(&l
);
231 assert_se(streq(tpml_str
, expected_str
));
233 assert_se(tpm2_tpml_pcr_selection_weight(&l
) == expected_weight
);
234 assert_se(tpm2_tpml_pcr_selection_is_empty(&l
) == (expected_weight
== 0));
237 TEST(tpml_pcr_selection_string_and_weight
) {
239 TPMI_ALG_HASH sha1
= TPM2_ALG_SHA1
,
240 sha256
= TPM2_ALG_SHA256
,
241 sha384
= TPM2_ALG_SHA384
,
242 sha512
= TPM2_ALG_SHA512
;
243 TPMS_PCR_SELECTION s
[4] = { POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, };
246 tpm2_tpms_pcr_selection_from_mask(0x000002, sha1
, &s
[size
++]);
247 tpm2_tpms_pcr_selection_from_mask(0x0080f0, sha384
, &s
[size
++]);
248 tpm2_tpms_pcr_selection_from_mask(0x010100, sha512
, &s
[size
++]);
249 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256
, &s
[size
++]);
252 /* expected_count= */ 4,
253 "[sha1(1),sha384(4+5+6+7+15),sha512(8+16),sha256(16+17+18+19+20+21+22+23)]",
254 /* expected_weight= */ 16);
257 tpm2_tpms_pcr_selection_from_mask(0x0403aa, sha512
, &s
[size
++]);
258 tpm2_tpms_pcr_selection_from_mask(0x0080f0, sha256
, &s
[size
++]);
261 /* expected_count= */ 2,
262 "[sha512(1+3+5+7+8+9+18),sha256(4+5+6+7+15)]",
263 /* expected_weight= */ 12);
266 /* Empty hashes should be ignored */
267 tpm2_tpms_pcr_selection_from_mask(0x0300ce, sha384
, &s
[size
++]);
268 tpm2_tpms_pcr_selection_from_mask(0xffffff, sha512
, &s
[size
++]);
269 tpm2_tpms_pcr_selection_from_mask(0x000000, sha1
, &s
[size
++]);
270 tpm2_tpms_pcr_selection_from_mask(0x330010, sha256
, &s
[size
++]);
273 /* expected_count= */ 3,
274 "[sha384(1+2+3+6+7+16+17),sha512(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23),sha256(4+16+17+20+21)]",
275 /* expected_weight= */ 36);
278 /* Verify same-hash entries are properly combined. */
279 tpm2_tpms_pcr_selection_from_mask(0x000001, sha1
, &s
[size
++]);
280 tpm2_tpms_pcr_selection_from_mask(0x000001, sha256
, &s
[size
++]);
281 tpm2_tpms_pcr_selection_from_mask(0x000010, sha1
, &s
[size
++]);
282 tpm2_tpms_pcr_selection_from_mask(0x000010, sha256
, &s
[size
++]);
285 /* expected_count= */ 2,
286 "[sha1(0+4),sha256(0+4)]",
287 /* expected_weight= */ 4);
290 /* Test tpml add/sub by changing the tpms individually */
291 static void _test_tpml_addsub_tpms(
292 TPML_PCR_SELECTION
*start
,
293 TPMS_PCR_SELECTION add
[],
295 TPMS_PCR_SELECTION expected1
[],
296 size_t expected1_count
,
297 TPMS_PCR_SELECTION sub
[],
299 TPMS_PCR_SELECTION expected2
[],
300 size_t expected2_count
) {
302 TPML_PCR_SELECTION l
= *start
;
304 _tpml_pcr_selection_add_tpms(add
, add_count
, &l
);
305 verify_tpml_pcr_selection(&l
, expected1
, expected1_count
);
307 _tpml_pcr_selection_sub_tpms(sub
, sub_count
, &l
);
308 verify_tpml_pcr_selection(&l
, expected2
, expected2_count
);
311 /* Test tpml add/sub by creating new tpmls */
312 static void _test_tpml_addsub_tpml(
313 TPML_PCR_SELECTION
*start
,
314 TPMS_PCR_SELECTION add
[],
316 TPMS_PCR_SELECTION expected1
[],
317 size_t expected1_count
,
318 TPMS_PCR_SELECTION sub
[],
320 TPMS_PCR_SELECTION expected2
[],
321 size_t expected2_count
) {
323 TPML_PCR_SELECTION l
= {};
324 tpm2_tpml_pcr_selection_add(&l
, start
);
325 assert_tpml_pcr_selection_eq(&l
, start
);
327 TPML_PCR_SELECTION addl
= {};
328 _tpml_pcr_selection_add_tpms(add
, add_count
, &addl
);
329 tpm2_tpml_pcr_selection_add(&l
, &addl
);
331 TPML_PCR_SELECTION e1
= {};
332 _tpml_pcr_selection_add_tpms(expected1
, expected1_count
, &e1
);
333 assert_tpml_pcr_selection_eq(&l
, &e1
);
335 TPML_PCR_SELECTION subl
= {};
336 _tpml_pcr_selection_add_tpms(sub
, sub_count
, &subl
);
337 tpm2_tpml_pcr_selection_sub(&l
, &subl
);
339 TPML_PCR_SELECTION e2
= {};
340 _tpml_pcr_selection_add_tpms(expected2
, expected2_count
, &e2
);
341 assert_tpml_pcr_selection_eq(&l
, &e2
);
344 #define _test_tpml_addsub(...) \
346 _test_tpml_addsub_tpms(__VA_ARGS__); \
347 _test_tpml_addsub_tpml(__VA_ARGS__); \
350 TEST(tpml_pcr_selection_add_sub
) {
351 size_t add_count
= 0xaa, expected1_count
= 0xaa, sub_count
= 0xaa, expected2_count
= 0xaa;
352 TPMI_ALG_HASH sha1
= TPM2_ALG_SHA1
,
353 sha256
= TPM2_ALG_SHA256
,
354 sha384
= TPM2_ALG_SHA384
,
355 sha512
= TPM2_ALG_SHA512
;
356 TPML_PCR_SELECTION l
= POISON_TPML
;
357 TPMS_PCR_SELECTION add
[4] = { POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, },
358 sub
[4] = { POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, },
359 expected1
[4] = { POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, },
360 expected2
[4] = { POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, POISON_TPMS
, };
362 l
= (TPML_PCR_SELECTION
){};
367 tpm2_tpms_pcr_selection_from_mask(0x010101, sha256
, &add
[add_count
++]);
368 tpm2_tpms_pcr_selection_from_mask(0x101010, sha256
, &add
[add_count
++]);
369 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &add
[add_count
++]);
370 tpm2_tpms_pcr_selection_from_mask(0x111111, sha256
, &expected1
[expected1_count
++]);
371 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &expected1
[expected1_count
++]);
372 tpm2_tpms_pcr_selection_from_mask(0x000001, sha256
, &sub
[sub_count
++]);
373 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha512
, &sub
[sub_count
++]);
374 tpm2_tpms_pcr_selection_from_mask(0x111110, sha256
, &expected2
[expected2_count
++]);
375 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &expected2
[expected2_count
++]);
376 _test_tpml_addsub(&l
,
378 expected1
, expected1_count
,
380 expected2
, expected2_count
);
382 l
= (TPML_PCR_SELECTION
){
384 .pcrSelections
[0].hash
= sha1
,
385 .pcrSelections
[0].sizeofSelect
= 3,
386 .pcrSelections
[0].pcrSelect
[0] = 0xf0,
392 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256
, &add
[add_count
++]);
393 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384
, &add
[add_count
++]);
394 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &add
[add_count
++]);
395 tpm2_tpms_pcr_selection_from_mask(0xf00000, sha1
, &add
[add_count
++]);
396 tpm2_tpms_pcr_selection_from_mask(0xf000f0, sha1
, &expected1
[expected1_count
++]);
397 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256
, &expected1
[expected1_count
++]);
398 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384
, &expected1
[expected1_count
++]);
399 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &expected1
[expected1_count
++]);
400 tpm2_tpms_pcr_selection_from_mask(0x00ffff, sha256
, &sub
[sub_count
++]);
401 tpm2_tpms_pcr_selection_from_mask(0xf000f0, sha1
, &expected2
[expected2_count
++]);
402 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256
, &expected2
[expected2_count
++]);
403 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384
, &expected2
[expected2_count
++]);
404 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512
, &expected2
[expected2_count
++]);
405 _test_tpml_addsub(&l
,
407 expected1
, expected1_count
,
409 expected2
, expected2_count
);
412 /* this test includes TPM2 specific data structures */
413 TEST(tpm2_get_primary_template
) {
416 * Verify that if someone changes the template code, they know they're breaking things.
417 * Templates MUST be changed in a backwards compatible way.
420 static const TPM2B_PUBLIC templ
[] = {
421 /* index 0 RSA old */
424 .type
= TPM2_ALG_RSA
,
425 .nameAlg
= TPM2_ALG_SHA256
,
426 .objectAttributes
= TPMA_OBJECT_RESTRICTED
|TPMA_OBJECT_DECRYPT
|TPMA_OBJECT_FIXEDTPM
|TPMA_OBJECT_FIXEDPARENT
|TPMA_OBJECT_SENSITIVEDATAORIGIN
|TPMA_OBJECT_USERWITHAUTH
,
427 .parameters
.rsaDetail
= {
429 .algorithm
= TPM2_ALG_AES
,
431 .mode
.aes
= TPM2_ALG_CFB
,
433 .scheme
.scheme
= TPM2_ALG_NULL
,
438 /* Index 1 ECC old */
439 [TPM2_SRK_TEMPLATE_ECC
] = {
441 .type
= TPM2_ALG_ECC
,
442 .nameAlg
= TPM2_ALG_SHA256
,
443 .objectAttributes
= TPMA_OBJECT_RESTRICTED
|TPMA_OBJECT_DECRYPT
|TPMA_OBJECT_FIXEDTPM
|TPMA_OBJECT_FIXEDPARENT
|TPMA_OBJECT_SENSITIVEDATAORIGIN
|TPMA_OBJECT_USERWITHAUTH
,
444 .parameters
.eccDetail
= {
446 .algorithm
= TPM2_ALG_AES
,
448 .mode
.aes
= TPM2_ALG_CFB
,
450 .scheme
.scheme
= TPM2_ALG_NULL
,
451 .curveID
= TPM2_ECC_NIST_P256
,
452 .kdf
.scheme
= TPM2_ALG_NULL
,
456 /* index 2 RSA SRK */
457 [TPM2_SRK_TEMPLATE_NEW_STYLE
] = {
459 .type
= TPM2_ALG_RSA
,
460 .nameAlg
= TPM2_ALG_SHA256
,
461 .objectAttributes
= TPMA_OBJECT_FIXEDTPM
|TPMA_OBJECT_FIXEDPARENT
|TPMA_OBJECT_SENSITIVEDATAORIGIN
|TPMA_OBJECT_RESTRICTED
|TPMA_OBJECT_DECRYPT
|TPMA_OBJECT_USERWITHAUTH
|TPMA_OBJECT_NODA
,
462 .parameters
.rsaDetail
= {
464 .algorithm
= TPM2_ALG_AES
,
466 .mode
.aes
= TPM2_ALG_CFB
,
468 .scheme
.scheme
= TPM2_ALG_NULL
,
473 /* Index 3 ECC SRK */
474 [TPM2_SRK_TEMPLATE_NEW_STYLE
| TPM2_SRK_TEMPLATE_ECC
] = {
476 .type
= TPM2_ALG_ECC
,
477 .nameAlg
= TPM2_ALG_SHA256
,
478 .objectAttributes
= TPMA_OBJECT_FIXEDTPM
|TPMA_OBJECT_FIXEDPARENT
|TPMA_OBJECT_SENSITIVEDATAORIGIN
|TPMA_OBJECT_RESTRICTED
|TPMA_OBJECT_DECRYPT
|TPMA_OBJECT_USERWITHAUTH
|TPMA_OBJECT_NODA
,
479 .parameters
.eccDetail
= {
481 .algorithm
= TPM2_ALG_AES
,
483 .mode
.aes
= TPM2_ALG_CFB
,
485 .scheme
.scheme
= TPM2_ALG_NULL
,
486 .curveID
= TPM2_ECC_NIST_P256
,
487 .kdf
.scheme
= TPM2_ALG_NULL
,
493 assert_cc(ELEMENTSOF(templ
) == _TPM2_SRK_TEMPLATE_MAX
+ 1);
495 for (size_t i
= 0; i
< ELEMENTSOF(templ
); i
++) {
496 /* the index counter lines up with the flags and the expected template received */
497 const TPM2B_PUBLIC
*got
= tpm2_get_primary_template((Tpm2SRKTemplateFlags
)i
);
498 assert_se(memcmp(&templ
[i
], got
, sizeof(*got
)) == 0);
502 #endif /* HAVE_TPM2 */
504 DEFINE_TEST_MAIN(LOG_DEBUG
);