]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/test/test-tpm2.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #27158 from mrc0mmand/more-tests
[thirdparty/systemd.git] / src / test / test-tpm2.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "tpm2-util.h"
4 #include "tests.h"
5
6 static void test_tpm2_pcr_mask_from_string_one(const char *s, uint32_t mask, int ret) {
7 uint32_t m;
8
9 assert_se(tpm2_pcr_mask_from_string(s, &m) == ret);
10
11 if (ret >= 0)
12 assert_se(m == mask);
13 }
14
15 TEST(tpm2_mask_from_string) {
16 test_tpm2_pcr_mask_from_string_one("", 0, 0);
17 test_tpm2_pcr_mask_from_string_one("0", 1, 0);
18 test_tpm2_pcr_mask_from_string_one("1", 2, 0);
19 test_tpm2_pcr_mask_from_string_one("0,1", 3, 0);
20 test_tpm2_pcr_mask_from_string_one("0+1", 3, 0);
21 test_tpm2_pcr_mask_from_string_one("0-1", 0, -EINVAL);
22 test_tpm2_pcr_mask_from_string_one("0,1,2", 7, 0);
23 test_tpm2_pcr_mask_from_string_one("0+1+2", 7, 0);
24 test_tpm2_pcr_mask_from_string_one("0+1,2", 7, 0);
25 test_tpm2_pcr_mask_from_string_one("0,1+2", 7, 0);
26 test_tpm2_pcr_mask_from_string_one("0,2", 5, 0);
27 test_tpm2_pcr_mask_from_string_one("0+2", 5, 0);
28 test_tpm2_pcr_mask_from_string_one("foo", 0, -EINVAL);
29 }
30
31 TEST(tpm2_util_pbkdf2_hmac_sha256) {
32
33 /*
34 * The test vectors from RFC 6070 [1] are for dkLen of 20 as it's SHA1
35 * other RFCs I bumped into had various differing dkLen and iter counts,
36 * so this was generated using Python's hmacmodule.
37 *
38 * 1. https://www.rfc-editor.org/rfc/rfc6070.html#page-2
39 */
40 static const struct {
41 const uint8_t pass[256];
42 size_t passlen;
43 const uint8_t salt[256];
44 size_t saltlen;
45 uint8_t expected[SHA256_DIGEST_SIZE];
46 } test_vectors[] = {
47 { .pass={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen=7, .salt={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen=16, .expected={0xCB, 0xEA, 0x27, 0x23, 0x9A, 0x65, 0x99, 0xF6, 0x8C, 0x26, 0x54, 0x80, 0x5C, 0x63, 0x61, 0xD2, 0x91, 0x0A, 0x60, 0x3F, 0xC2, 0xF5, 0xF0, 0xAB, 0x55, 0x8B, 0x46, 0x07, 0x60, 0x93, 0xAB, 0xCB} },
48 { .pass={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen=7, .salt={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen=15, .expected={0x2B, 0xDF, 0x52, 0x29, 0x48, 0x3F, 0x98, 0x25, 0x01, 0x19, 0xB4, 0x42, 0xBC, 0xA7, 0x38, 0x5D, 0xCD, 0x08, 0xBD, 0xDC, 0x33, 0xBF, 0x32, 0x5E, 0x31, 0x87, 0x54, 0xFF, 0x2C, 0x23, 0x68, 0xFF} },
49 { .pass={'f', 'o', 'o', 'p', 'a', 's', 's'}, .passlen=7, .salt={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen=7, .expected={0x7C, 0x24, 0xB4, 0x4D, 0x30, 0x11, 0x53, 0x24, 0x87, 0x56, 0x24, 0x10, 0xBA, 0x9F, 0xF2, 0x4E, 0xBB, 0xF5, 0x03, 0x56, 0x2B, 0xB1, 0xA1, 0x92, 0x8B, 0x5F, 0x32, 0x02, 0x23, 0x1F, 0x79, 0xE6} },
50 { .pass={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen=21, .salt={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen=16, .expected={0xE9, 0x53, 0xB7, 0x1D, 0xAB, 0xD1, 0xC1, 0xF3, 0xC4, 0x7F, 0x18, 0x96, 0xDD, 0xD7, 0x6B, 0xC6, 0x6A, 0xBD, 0xFB, 0x12, 0x7C, 0xF8, 0x68, 0xDC, 0x6E, 0xEF, 0x29, 0xCC, 0x1B, 0x30, 0x5B, 0x74} },
51 { .pass={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen=21, .salt={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen=15, .expected={0x51, 0xA3, 0x82, 0xA5, 0x2F, 0x48, 0x84, 0xB3, 0x02, 0x0D, 0xC2, 0x42, 0x9A, 0x8F, 0x86, 0xCC, 0x66, 0xFD, 0x65, 0x87, 0x89, 0x07, 0x2B, 0x07, 0x82, 0x42, 0xD6, 0x6D, 0x43, 0xB8, 0xFD, 0xCF} },
52 { .pass={'p', 'a', 's', 's', 'w', 'i', 't', 'h', 'n', 'u', 'l', 'l', 0x00, 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, .passlen=21, .salt={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen=7, .expected={0xEC, 0xFB, 0x5D, 0x5F, 0xF6, 0xA6, 0xE0, 0x79, 0x50, 0x64, 0x36, 0x64, 0xA3, 0x9A, 0x5C, 0xF3, 0x7A, 0x87, 0x0B, 0x64, 0x51, 0x59, 0x75, 0x64, 0x8B, 0x78, 0x2B, 0x62, 0x8F, 0x68, 0xD9, 0xCC} },
53 { .pass={0x00, 'p', 'a', 's', 's'}, .passlen=5, .salt={'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5'}, .saltlen=16, .expected={0x8A, 0x9A, 0x47, 0x9A, 0x91, 0x22, 0x2F, 0x56, 0x29, 0x4F, 0x26, 0x00, 0xE7, 0xB3, 0xEB, 0x63, 0x6D, 0x51, 0xF2, 0x60, 0x17, 0x08, 0x20, 0x70, 0x82, 0x8F, 0xA3, 0xD7, 0xBE, 0x2B, 0xD5, 0x5D} },
54 { .pass={0x00, 'p', 'a', 's', 's'}, .passlen=5, .salt={0x00, 'h', 'f', 's', 'd', 'j', 'h', 'f', 'd', 'j', 'h', 'j', 'd', 'f', 's'}, .saltlen=15, .expected={0x72, 0x3A, 0xF5, 0xF7, 0xCD, 0x6C, 0x12, 0xDD, 0x53, 0x28, 0x46, 0x0C, 0x19, 0x0E, 0xF2, 0x91, 0xDE, 0xEA, 0xF9, 0x6F, 0x74, 0x32, 0x34, 0x3F, 0x84, 0xED, 0x8D, 0x2A, 0xDE, 0xC9, 0xC6, 0x34} },
55 { .pass={0x00, 'p', 'a', 's', 's'}, .passlen=5, .salt={'m', 'y', 's', 'a', 0x00, 'l', 't'}, .saltlen=7, .expected={0xE3, 0x07, 0x12, 0xBE, 0xEE, 0xF5, 0x5D, 0x18, 0x72, 0xF4, 0xCF, 0xF1, 0x20, 0x6B, 0xD6, 0x66, 0xCD, 0x7C, 0xE7, 0x4F, 0xC2, 0x16, 0x70, 0x5B, 0x9B, 0x2F, 0x7D, 0xE2, 0x3B, 0x42, 0x3A, 0x1B} },
56 };
57
58 uint8_t res[SHA256_DIGEST_SIZE];
59 for(size_t i = 0; i < sizeof(test_vectors)/sizeof(test_vectors[0]); i++) {
60
61 int rc = tpm2_util_pbkdf2_hmac_sha256(
62 test_vectors[i].pass,
63 test_vectors[i].passlen,
64 test_vectors[i].salt,
65 test_vectors[i].saltlen,
66 res);
67 assert_se(rc == 0);
68 assert_se(memcmp(test_vectors[i].expected, res, SHA256_DIGEST_SIZE) == 0);
69 }
70 }
71
72 #if HAVE_TPM2
73
74 #define POISON(type) \
75 ({ \
76 type _p; \
77 memset(&_p, 0xaa, sizeof(_p)); \
78 _p; \
79 })
80 #define POISON_TPML POISON(TPML_PCR_SELECTION)
81 #define POISON_TPMS POISON(TPMS_PCR_SELECTION)
82 #define POISON_U32 POISON(uint32_t)
83
84 static void assert_tpms_pcr_selection_eq(TPMS_PCR_SELECTION *a, TPMS_PCR_SELECTION *b) {
85 assert_se(a);
86 assert_se(b);
87
88 assert_se(a->hash == b->hash);
89 assert_se(a->sizeofSelect == b->sizeofSelect);
90
91 for (size_t i = 0; i < a->sizeofSelect; i++)
92 assert_se(a->pcrSelect[i] == b->pcrSelect[i]);
93 }
94
95 static void assert_tpml_pcr_selection_eq(TPML_PCR_SELECTION *a, TPML_PCR_SELECTION *b) {
96 assert_se(a);
97 assert_se(b);
98
99 assert_se(a->count == b->count);
100 for (size_t i = 0; i < a->count; i++)
101 assert_tpms_pcr_selection_eq(&a->pcrSelections[i], &b->pcrSelections[i]);
102 }
103
104 static void verify_tpms_pcr_selection(TPMS_PCR_SELECTION *s, uint32_t mask, TPMI_ALG_HASH hash) {
105 assert_se(s->hash == hash);
106 assert_se(s->sizeofSelect == 3);
107 assert_se(s->pcrSelect[0] == (mask & 0xff));
108 assert_se(s->pcrSelect[1] == ((mask >> 8) & 0xff));
109 assert_se(s->pcrSelect[2] == ((mask >> 16) & 0xff));
110 assert_se(s->pcrSelect[3] == 0);
111
112 uint32_t m = POISON_U32;
113 tpm2_tpms_pcr_selection_to_mask(s, &m);
114 assert_se(m == mask);
115 }
116
117 static void verify_tpml_pcr_selection(TPML_PCR_SELECTION *l, TPMS_PCR_SELECTION s[], size_t count) {
118 assert_se(l->count == count);
119 for (size_t i = 0; i < count; i++) {
120 assert_tpms_pcr_selection_eq(&s[i], &l->pcrSelections[i]);
121
122 uint32_t mask = POISON_U32;
123 TPMI_ALG_HASH hash = l->pcrSelections[i].hash;
124 assert_se(tpm2_tpml_pcr_selection_to_mask(l, hash, &mask) == 0);
125 verify_tpms_pcr_selection(&l->pcrSelections[i], mask, hash);
126 }
127 }
128
129 static void _test_pcr_selection_mask_hash(uint32_t mask, TPMI_ALG_HASH hash) {
130 TPMS_PCR_SELECTION s = POISON_TPMS;
131 tpm2_tpms_pcr_selection_from_mask(mask, hash, &s);
132 verify_tpms_pcr_selection(&s, mask, hash);
133
134 TPML_PCR_SELECTION l = POISON_TPML;
135 tpm2_tpml_pcr_selection_from_mask(mask, hash, &l);
136 verify_tpml_pcr_selection(&l, &s, 1);
137 verify_tpms_pcr_selection(&l.pcrSelections[0], mask, hash);
138
139 uint32_t test_masks[] = {
140 0x0, 0x1, 0x100, 0x10000, 0xf0f0f0, 0xaaaaaa, 0xffffff,
141 };
142 for (unsigned i = 0; i < ELEMENTSOF(test_masks); i++) {
143 uint32_t test_mask = test_masks[i];
144
145 TPMS_PCR_SELECTION a = POISON_TPMS, b = POISON_TPMS, test_s = POISON_TPMS;
146 tpm2_tpms_pcr_selection_from_mask(test_mask, hash, &test_s);
147
148 a = s;
149 b = test_s;
150 tpm2_tpms_pcr_selection_add(&a, &b);
151 verify_tpms_pcr_selection(&a, UPDATE_FLAG(mask, test_mask, true), hash);
152 verify_tpms_pcr_selection(&b, test_mask, hash);
153
154 a = s;
155 b = test_s;
156 tpm2_tpms_pcr_selection_sub(&a, &b);
157 verify_tpms_pcr_selection(&a, UPDATE_FLAG(mask, test_mask, false), hash);
158 verify_tpms_pcr_selection(&b, test_mask, hash);
159
160 a = s;
161 b = test_s;
162 tpm2_tpms_pcr_selection_move(&a, &b);
163 verify_tpms_pcr_selection(&a, UPDATE_FLAG(mask, test_mask, true), hash);
164 verify_tpms_pcr_selection(&b, 0, hash);
165 }
166 }
167
168 TEST(tpms_pcr_selection_mask_and_hash) {
169 TPMI_ALG_HASH HASH_ALGS[] = { TPM2_ALG_SHA1, TPM2_ALG_SHA256, };
170
171 for (unsigned i = 0; i < ELEMENTSOF(HASH_ALGS); i++)
172 for (uint32_t m2 = 0; m2 <= 0xffffff; m2 += 0x30000)
173 for (uint32_t m1 = 0; m1 <= 0xffff; m1 += 0x300)
174 for (uint32_t m0 = 0; m0 <= 0xff; m0 += 0x3)
175 _test_pcr_selection_mask_hash(m0 | m1 | m2, HASH_ALGS[i]);
176 }
177
178 static void _test_tpms_sw(
179 TPMI_ALG_HASH hash,
180 uint32_t mask,
181 const char *expected_str,
182 size_t expected_weight) {
183
184 TPMS_PCR_SELECTION s = POISON_TPMS;
185 tpm2_tpms_pcr_selection_from_mask(mask, hash, &s);
186
187 _cleanup_free_ char *tpms_str = tpm2_tpms_pcr_selection_to_string(&s);
188 assert_se(streq(tpms_str, expected_str));
189
190 assert_se(tpm2_tpms_pcr_selection_weight(&s) == expected_weight);
191 assert_se(tpm2_tpms_pcr_selection_is_empty(&s) == (expected_weight == 0));
192 }
193
194 TEST(tpms_pcr_selection_string_and_weight) {
195 TPMI_ALG_HASH sha1 = TPM2_ALG_SHA1, sha256 = TPM2_ALG_SHA256;
196
197 _test_tpms_sw(sha1, 0, "sha1()", 0);
198 _test_tpms_sw(sha1, 1, "sha1(0)", 1);
199 _test_tpms_sw(sha1, 0xf, "sha1(0+1+2+3)", 4);
200 _test_tpms_sw(sha1, 0x00ff00, "sha1(8+9+10+11+12+13+14+15)", 8);
201 _test_tpms_sw(sha1, 0xffffff, "sha1(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)", 24);
202 _test_tpms_sw(sha256, 0, "sha256()", 0);
203 _test_tpms_sw(sha256, 1, "sha256(0)", 1);
204 _test_tpms_sw(sha256, 7, "sha256(0+1+2)", 3);
205 _test_tpms_sw(sha256, 0xf00000, "sha256(20+21+22+23)", 4);
206 _test_tpms_sw(sha256, 0xffffff, "sha256(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)", 24);
207 }
208
209 static void _tpml_pcr_selection_add_tpms(TPMS_PCR_SELECTION s[], size_t count, TPML_PCR_SELECTION *ret) {
210 for (size_t i = 0; i < count; i++)
211 tpm2_tpml_pcr_selection_add_tpms_pcr_selection(ret, &s[i]);
212 }
213
214 static void _tpml_pcr_selection_sub_tpms(TPMS_PCR_SELECTION s[], size_t count, TPML_PCR_SELECTION *ret) {
215 for (size_t i = 0; i < count; i++)
216 tpm2_tpml_pcr_selection_sub_tpms_pcr_selection(ret, &s[i]);
217 }
218
219 static void _test_tpml_sw(
220 TPMS_PCR_SELECTION s[],
221 size_t count,
222 size_t expected_count,
223 const char *expected_str,
224 size_t expected_weight) {
225
226 TPML_PCR_SELECTION l = {};
227 _tpml_pcr_selection_add_tpms(s, count, &l);
228 assert_se(l.count == expected_count);
229
230 _cleanup_free_ char *tpml_str = tpm2_tpml_pcr_selection_to_string(&l);
231 assert_se(streq(tpml_str, expected_str));
232
233 assert_se(tpm2_tpml_pcr_selection_weight(&l) == expected_weight);
234 assert_se(tpm2_tpml_pcr_selection_is_empty(&l) == (expected_weight == 0));
235 }
236
237 TEST(tpml_pcr_selection_string_and_weight) {
238 size_t size = 0xaa;
239 TPMI_ALG_HASH sha1 = TPM2_ALG_SHA1,
240 sha256 = TPM2_ALG_SHA256,
241 sha384 = TPM2_ALG_SHA384,
242 sha512 = TPM2_ALG_SHA512;
243 TPMS_PCR_SELECTION s[4] = { POISON_TPMS, POISON_TPMS, POISON_TPMS, POISON_TPMS, };
244
245 size = 0;
246 tpm2_tpms_pcr_selection_from_mask(0x000002, sha1 , &s[size++]);
247 tpm2_tpms_pcr_selection_from_mask(0x0080f0, sha384, &s[size++]);
248 tpm2_tpms_pcr_selection_from_mask(0x010100, sha512, &s[size++]);
249 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256, &s[size++]);
250 _test_tpml_sw(s,
251 size,
252 /* expected_count= */ 4,
253 "[sha1(1),sha384(4+5+6+7+15),sha512(8+16),sha256(16+17+18+19+20+21+22+23)]",
254 /* expected_weight= */ 16);
255
256 size = 0;
257 tpm2_tpms_pcr_selection_from_mask(0x0403aa, sha512, &s[size++]);
258 tpm2_tpms_pcr_selection_from_mask(0x0080f0, sha256, &s[size++]);
259 _test_tpml_sw(s,
260 size,
261 /* expected_count= */ 2,
262 "[sha512(1+3+5+7+8+9+18),sha256(4+5+6+7+15)]",
263 /* expected_weight= */ 12);
264
265 size = 0;
266 /* Empty hashes should be ignored */
267 tpm2_tpms_pcr_selection_from_mask(0x0300ce, sha384, &s[size++]);
268 tpm2_tpms_pcr_selection_from_mask(0xffffff, sha512, &s[size++]);
269 tpm2_tpms_pcr_selection_from_mask(0x000000, sha1 , &s[size++]);
270 tpm2_tpms_pcr_selection_from_mask(0x330010, sha256, &s[size++]);
271 _test_tpml_sw(s,
272 size,
273 /* expected_count= */ 3,
274 "[sha384(1+2+3+6+7+16+17),sha512(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23),sha256(4+16+17+20+21)]",
275 /* expected_weight= */ 36);
276
277 size = 0;
278 /* Verify same-hash entries are properly combined. */
279 tpm2_tpms_pcr_selection_from_mask(0x000001, sha1 , &s[size++]);
280 tpm2_tpms_pcr_selection_from_mask(0x000001, sha256, &s[size++]);
281 tpm2_tpms_pcr_selection_from_mask(0x000010, sha1 , &s[size++]);
282 tpm2_tpms_pcr_selection_from_mask(0x000010, sha256, &s[size++]);
283 _test_tpml_sw(s,
284 size,
285 /* expected_count= */ 2,
286 "[sha1(0+4),sha256(0+4)]",
287 /* expected_weight= */ 4);
288 }
289
290 /* Test tpml add/sub by changing the tpms individually */
291 static void _test_tpml_addsub_tpms(
292 TPML_PCR_SELECTION *start,
293 TPMS_PCR_SELECTION add[],
294 size_t add_count,
295 TPMS_PCR_SELECTION expected1[],
296 size_t expected1_count,
297 TPMS_PCR_SELECTION sub[],
298 size_t sub_count,
299 TPMS_PCR_SELECTION expected2[],
300 size_t expected2_count) {
301
302 TPML_PCR_SELECTION l = *start;
303
304 _tpml_pcr_selection_add_tpms(add, add_count, &l);
305 verify_tpml_pcr_selection(&l, expected1, expected1_count);
306
307 _tpml_pcr_selection_sub_tpms(sub, sub_count, &l);
308 verify_tpml_pcr_selection(&l, expected2, expected2_count);
309 }
310
311 /* Test tpml add/sub by creating new tpmls */
312 static void _test_tpml_addsub_tpml(
313 TPML_PCR_SELECTION *start,
314 TPMS_PCR_SELECTION add[],
315 size_t add_count,
316 TPMS_PCR_SELECTION expected1[],
317 size_t expected1_count,
318 TPMS_PCR_SELECTION sub[],
319 size_t sub_count,
320 TPMS_PCR_SELECTION expected2[],
321 size_t expected2_count) {
322
323 TPML_PCR_SELECTION l = {};
324 tpm2_tpml_pcr_selection_add(&l, start);
325 assert_tpml_pcr_selection_eq(&l, start);
326
327 TPML_PCR_SELECTION addl = {};
328 _tpml_pcr_selection_add_tpms(add, add_count, &addl);
329 tpm2_tpml_pcr_selection_add(&l, &addl);
330
331 TPML_PCR_SELECTION e1 = {};
332 _tpml_pcr_selection_add_tpms(expected1, expected1_count, &e1);
333 assert_tpml_pcr_selection_eq(&l, &e1);
334
335 TPML_PCR_SELECTION subl = {};
336 _tpml_pcr_selection_add_tpms(sub, sub_count, &subl);
337 tpm2_tpml_pcr_selection_sub(&l, &subl);
338
339 TPML_PCR_SELECTION e2 = {};
340 _tpml_pcr_selection_add_tpms(expected2, expected2_count, &e2);
341 assert_tpml_pcr_selection_eq(&l, &e2);
342 }
343
344 #define _test_tpml_addsub(...) \
345 ({ \
346 _test_tpml_addsub_tpms(__VA_ARGS__); \
347 _test_tpml_addsub_tpml(__VA_ARGS__); \
348 })
349
350 TEST(tpml_pcr_selection_add_sub) {
351 size_t add_count = 0xaa, expected1_count = 0xaa, sub_count = 0xaa, expected2_count = 0xaa;
352 TPMI_ALG_HASH sha1 = TPM2_ALG_SHA1,
353 sha256 = TPM2_ALG_SHA256,
354 sha384 = TPM2_ALG_SHA384,
355 sha512 = TPM2_ALG_SHA512;
356 TPML_PCR_SELECTION l = POISON_TPML;
357 TPMS_PCR_SELECTION add[4] = { POISON_TPMS, POISON_TPMS, POISON_TPMS, POISON_TPMS, },
358 sub[4] = { POISON_TPMS, POISON_TPMS, POISON_TPMS, POISON_TPMS, },
359 expected1[4] = { POISON_TPMS, POISON_TPMS, POISON_TPMS, POISON_TPMS, },
360 expected2[4] = { POISON_TPMS, POISON_TPMS, POISON_TPMS, POISON_TPMS, };
361
362 l = (TPML_PCR_SELECTION){};
363 add_count = 0;
364 expected1_count = 0;
365 sub_count = 0;
366 expected2_count = 0;
367 tpm2_tpms_pcr_selection_from_mask(0x010101, sha256, &add[add_count++]);
368 tpm2_tpms_pcr_selection_from_mask(0x101010, sha256, &add[add_count++]);
369 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &add[add_count++]);
370 tpm2_tpms_pcr_selection_from_mask(0x111111, sha256, &expected1[expected1_count++]);
371 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &expected1[expected1_count++]);
372 tpm2_tpms_pcr_selection_from_mask(0x000001, sha256, &sub[sub_count++]);
373 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha512, &sub[sub_count++]);
374 tpm2_tpms_pcr_selection_from_mask(0x111110, sha256, &expected2[expected2_count++]);
375 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &expected2[expected2_count++]);
376 _test_tpml_addsub(&l,
377 add, add_count,
378 expected1, expected1_count,
379 sub, sub_count,
380 expected2, expected2_count);
381
382 l = (TPML_PCR_SELECTION){
383 .count = 1,
384 .pcrSelections[0].hash = sha1,
385 .pcrSelections[0].sizeofSelect = 3,
386 .pcrSelections[0].pcrSelect[0] = 0xf0,
387 };
388 add_count = 0;
389 expected1_count = 0;
390 sub_count = 0;
391 expected2_count = 0;
392 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256, &add[add_count++]);
393 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384, &add[add_count++]);
394 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &add[add_count++]);
395 tpm2_tpms_pcr_selection_from_mask(0xf00000, sha1 , &add[add_count++]);
396 tpm2_tpms_pcr_selection_from_mask(0xf000f0, sha1 , &expected1[expected1_count++]);
397 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256, &expected1[expected1_count++]);
398 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384, &expected1[expected1_count++]);
399 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &expected1[expected1_count++]);
400 tpm2_tpms_pcr_selection_from_mask(0x00ffff, sha256, &sub[sub_count++]);
401 tpm2_tpms_pcr_selection_from_mask(0xf000f0, sha1 , &expected2[expected2_count++]);
402 tpm2_tpms_pcr_selection_from_mask(0xff0000, sha256, &expected2[expected2_count++]);
403 tpm2_tpms_pcr_selection_from_mask(0xffff00, sha384, &expected2[expected2_count++]);
404 tpm2_tpms_pcr_selection_from_mask(0x0000ff, sha512, &expected2[expected2_count++]);
405 _test_tpml_addsub(&l,
406 add, add_count,
407 expected1, expected1_count,
408 sub, sub_count,
409 expected2, expected2_count);
410 }
411
412 /* this test includes TPM2 specific data structures */
413 TEST(tpm2_get_primary_template) {
414
415 /*
416 * Verify that if someone changes the template code, they know they're breaking things.
417 * Templates MUST be changed in a backwards compatible way.
418 *
419 */
420 static const TPM2B_PUBLIC templ[] = {
421 /* index 0 RSA old */
422 [0] = {
423 .publicArea = {
424 .type = TPM2_ALG_RSA,
425 .nameAlg = TPM2_ALG_SHA256,
426 .objectAttributes = TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH,
427 .parameters.rsaDetail = {
428 .symmetric = {
429 .algorithm = TPM2_ALG_AES,
430 .keyBits.aes = 128,
431 .mode.aes = TPM2_ALG_CFB,
432 },
433 .scheme.scheme = TPM2_ALG_NULL,
434 .keyBits = 2048,
435 },
436 },
437 },
438 /* Index 1 ECC old */
439 [TPM2_SRK_TEMPLATE_ECC] = {
440 .publicArea = {
441 .type = TPM2_ALG_ECC,
442 .nameAlg = TPM2_ALG_SHA256,
443 .objectAttributes = TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_USERWITHAUTH,
444 .parameters.eccDetail = {
445 .symmetric = {
446 .algorithm = TPM2_ALG_AES,
447 .keyBits.aes = 128,
448 .mode.aes = TPM2_ALG_CFB,
449 },
450 .scheme.scheme = TPM2_ALG_NULL,
451 .curveID = TPM2_ECC_NIST_P256,
452 .kdf.scheme = TPM2_ALG_NULL,
453 },
454 },
455 },
456 /* index 2 RSA SRK */
457 [TPM2_SRK_TEMPLATE_NEW_STYLE] = {
458 .publicArea = {
459 .type = TPM2_ALG_RSA,
460 .nameAlg = TPM2_ALG_SHA256,
461 .objectAttributes = TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_USERWITHAUTH|TPMA_OBJECT_NODA,
462 .parameters.rsaDetail = {
463 .symmetric = {
464 .algorithm = TPM2_ALG_AES,
465 .keyBits.aes = 128,
466 .mode.aes = TPM2_ALG_CFB,
467 },
468 .scheme.scheme = TPM2_ALG_NULL,
469 .keyBits = 2048,
470 },
471 },
472 },
473 /* Index 3 ECC SRK */
474 [TPM2_SRK_TEMPLATE_NEW_STYLE | TPM2_SRK_TEMPLATE_ECC] = {
475 .publicArea = {
476 .type = TPM2_ALG_ECC,
477 .nameAlg = TPM2_ALG_SHA256,
478 .objectAttributes = TPMA_OBJECT_FIXEDTPM|TPMA_OBJECT_FIXEDPARENT|TPMA_OBJECT_SENSITIVEDATAORIGIN|TPMA_OBJECT_RESTRICTED|TPMA_OBJECT_DECRYPT|TPMA_OBJECT_USERWITHAUTH|TPMA_OBJECT_NODA,
479 .parameters.eccDetail = {
480 .symmetric = {
481 .algorithm = TPM2_ALG_AES,
482 .keyBits.aes = 128,
483 .mode.aes = TPM2_ALG_CFB,
484 },
485 .scheme.scheme = TPM2_ALG_NULL,
486 .curveID = TPM2_ECC_NIST_P256,
487 .kdf.scheme = TPM2_ALG_NULL,
488 },
489 },
490 },
491 };
492
493 assert_cc(ELEMENTSOF(templ) == _TPM2_SRK_TEMPLATE_MAX + 1);
494
495 for (size_t i = 0; i < ELEMENTSOF(templ); i++) {
496 /* the index counter lines up with the flags and the expected template received */
497 const TPM2B_PUBLIC *got = tpm2_get_primary_template((Tpm2SRKTemplateFlags)i);
498 assert_se(memcmp(&templ[i], got, sizeof(*got)) == 0);
499 }
500 }
501
502 #endif /* HAVE_TPM2 */
503
504 DEFINE_TEST_MAIN(LOG_DEBUG);
Unnamed repository; edit this file 'description' to name the repository.