From 02e41c1673ee5d7568943b5bb1954fc54dc3280b Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 19 Jul 2022 10:46:23 -0700 Subject: [PATCH] CSharp tests for key NV. Added CSharp `DeleteKey` API. --- src/tpm2_wrap.c | 4 +- wrapper/CSharp/wolfTPM-tests.cs | 68 ++++++++++++++++++++++++++++++++- wrapper/CSharp/wolfTPM.cs | 65 +++++++++++++++++++++++++------ 3 files changed, 123 insertions(+), 14 deletions(-) diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 33d67d1..af39fa8 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -116,7 +116,7 @@ static int wolfTPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx, #else rc = TPM_RC_SUCCESS; #endif /* WOLFTPM_MCHP || WOLFTPM_PERFORM_SELFTEST */ -#endif /* !defined(WOLFTPM_LINUX_DEV) && !defined(WOLFTPM_WINAPI) */ +#endif /* !WOLFTPM_LINUX_DEV && !WOLFTPM_WINAPI */ return rc; } @@ -511,7 +511,7 @@ int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev) selfTest.fullTest = YES; rc = TPM2_SelfTest(&selfTest); #ifdef WOLFTPM_WINAPI - if (rc == TPM_E_COMMAND_BLOCKED) { + if (rc == TPM_E_COMMAND_BLOCKED) { /* 0x80280400 */ #ifdef DEBUG_WOLFTPM printf("TPM2_SelfTest not allowed on Windows TBS (err 0x%x)\n", rc); #endif diff --git a/wrapper/CSharp/wolfTPM-tests.cs b/wrapper/CSharp/wolfTPM-tests.cs index 21e7b7b..87166a2 100644 --- a/wrapper/CSharp/wolfTPM-tests.cs +++ b/wrapper/CSharp/wolfTPM-tests.cs @@ -169,7 +169,7 @@ namespace tpm_csharp_test } else { - Console.WriteLine("wolfTPM2_GetKeyBlobAsBuffer() failed."); + Console.WriteLine("wolfTPM2_GetKeyBlobAsBuffer() failed"); rc = -1; } @@ -285,6 +285,7 @@ namespace tpm_csharp_test Key pub_key; int exp = 0x10001; + Console.WriteLine("Testing load RSA Public key"); PrintByteArray(pub_buffer); pub_key = new Key(); @@ -303,6 +304,8 @@ namespace tpm_csharp_test Key priv_key; int exp = 0x10001; + Console.WriteLine("Testing load RSA Private key"); + PrintByteArray(pub_buffer); PrintByteArray(priv_buffer); @@ -325,6 +328,8 @@ namespace tpm_csharp_test KeyBlob blob; int exp = 0x10001; + Console.WriteLine("Testing import RSA Private key"); + PrintByteArray(pub_buffer); PrintByteArray(priv_buffer); @@ -347,6 +352,8 @@ namespace tpm_csharp_test Key key = new Key(); Template template = new Template(); + Console.WriteLine("Testing create primary"); + /* Test creating the primary RSA endorsement key (EK) */ rc = template.GetKeyTemplate_RSA_EK(); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); @@ -365,6 +372,8 @@ namespace tpm_csharp_test Key key = new Key(); Template template = new Template(); + Console.WriteLine("Testing create primary custom"); + /* Test creating custom SRK (different than one Windows uses) */ rc = template.GetKeyTemplate_RSA_SRK(); Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); @@ -405,6 +414,8 @@ namespace tpm_csharp_test "/emailAddress=info@wolfssl.com"; string keyUsage = "serverAuth,clientAuth,codeSigning"; + Console.WriteLine("Testing generate CSR"); + rc = template.GetKeyTemplate_RSA((ulong)( TPM2_Object.sensitiveDataOrigin | TPM2_Object.userWithAuth | @@ -444,6 +455,8 @@ namespace tpm_csharp_test "/emailAddress=info@wolfssl.com"; string keyUsage = "serverAuth,clientAuth,codeSigning"; + Console.WriteLine("Testing generate Certificate"); + rc = template.GetKeyTemplate_RSA((ulong)( TPM2_Object.sensitiveDataOrigin | TPM2_Object.userWithAuth | @@ -487,6 +500,8 @@ namespace tpm_csharp_test string custOid = "1.2.3.4.5"; string custOidVal = "This is NOT a critical extension"; + Console.WriteLine("Testing generate CSR custom"); + rc = template.GetKeyTemplate_RSA((ulong)( TPM2_Object.sensitiveDataOrigin | TPM2_Object.userWithAuth | @@ -524,5 +539,56 @@ namespace tpm_csharp_test Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); } + [Test] + public void TryKeyNV() + { + int rc; + KeyBlob keyBlob = new KeyBlob(); + Template template = new Template(); + ulong testPersistentHandle = 0x81000202; + + Console.WriteLine("Testing key with NV"); + + rc = template.GetKeyTemplate_RSA((ulong)( + TPM2_Object.sensitiveDataOrigin | + TPM2_Object.userWithAuth | + TPM2_Object.decrypt | + TPM2_Object.sign | + TPM2_Object.noDA)); + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + /* Generate new key */ + rc = device.CreateKey(keyBlob, parent_key, template, + "ThisIsMyStorageKeyAuth"); + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + /* Load key */ + rc = device.LoadKey(keyBlob, parent_key); + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + /* Store key */ + rc = device.StoreKey(keyBlob, (ulong)TPM_RH.OWNER, testPersistentHandle); + if ((uint)rc == 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ + /* Windows TBS does not allow storing keys to NV */ + rc = 0; /* ignore error */ + } + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + /* Read public key */ + rc = device.ReadPublicKey(keyBlob, testPersistentHandle); + if (rc == (int)Status.TPM_RC_HANDLE) { + /* valid error if the handle is not found */ + rc = 0; /* ignore error */ + } + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + /* Delete Key */ + rc = device.DeleteKey(keyBlob, (ulong)TPM_RH.OWNER); + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + + rc = device.UnloadHandle(keyBlob); + Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc); + } + } } diff --git a/wrapper/CSharp/wolfTPM.cs b/wrapper/CSharp/wolfTPM.cs index aa932a2..697d994 100644 --- a/wrapper/CSharp/wolfTPM.cs +++ b/wrapper/CSharp/wolfTPM.cs @@ -65,6 +65,7 @@ namespace wolfTPM public enum Status : int { TPM_RC_SUCCESS = 0, + TPM_RC_HANDLE = 0x8B, BAD_FUNC_ARG = -173, NOT_COMPILED_IN = -174, } @@ -893,13 +894,23 @@ namespace wolfTPM private static extern int wolfTPM2_ReadPublicKey(IntPtr dev, IntPtr key, ulong handle); - public int ReadPublicKey(Key key, - ulong handle) + public int ReadPublicKey(Key key, ulong handle) { - int rc = wolfTPM2_ReadPublicKey(device, - key.key, - handle); - if (rc != (int)Status.TPM_RC_SUCCESS) { + int rc = wolfTPM2_ReadPublicKey(device, key.key, handle); + if (rc != (int)Status.TPM_RC_SUCCESS && + rc != (int)Status.TPM_RC_HANDLE) + { + throw new WolfTpm2Exception( + "wolfTPM2_ReadPublicKey", rc); + } + return rc; + } + public int ReadPublicKey(KeyBlob keyBlob, ulong handle) + { + int rc = wolfTPM2_ReadPublicKey(device, keyBlob.keyblob, handle); + if (rc != (int)Status.TPM_RC_SUCCESS && + rc != (int)Status.TPM_RC_HANDLE) + { throw new WolfTpm2Exception( "wolfTPM2_ReadPublicKey", rc); } @@ -950,21 +961,53 @@ namespace wolfTPM return rc; } - [DllImport(DLLNAME, EntryPoint = "wolfTPM2_NVStoreKey")] private static extern int wolfTPM2_NVStoreKey(IntPtr dev, - IntPtr primaryHandle, IntPtr key, IntPtr persistentHandle); - public int StoreKey(Key key, IntPtr primaryHandle, IntPtr persistentHandle) + ulong primaryHandle, IntPtr key, ulong persistentHandle); + public int StoreKey(Key key, ulong primaryHandle, ulong persistentHandle) { - int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.GetHandle(), + int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.key, persistentHandle); - if (rc != (int)Status.TPM_RC_SUCCESS) { + if (rc != (int)Status.TPM_RC_SUCCESS && + (uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ + throw new WolfTpm2Exception( + "wolfTPM2_NVStoreKey", rc); + } + return rc; + } + public int StoreKey(KeyBlob keyBlob, ulong primaryHandle, ulong persistentHandle) + { + int rc = wolfTPM2_NVStoreKey(device, primaryHandle, keyBlob.keyblob, + persistentHandle); + if (rc != (int)Status.TPM_RC_SUCCESS && + (uint)rc != 0x80280400) { /* TPM_E_COMMAND_BLOCKED */ throw new WolfTpm2Exception( "wolfTPM2_NVStoreKey", rc); } return rc; } + [DllImport(DLLNAME, EntryPoint = "wolfTPM2_NVDeleteKey")] + private static extern int wolfTPM2_NVDeleteKey(IntPtr dev, + ulong primaryHandle, IntPtr key); + public int DeleteKey(Key key, ulong primaryHandle) + { + int rc = wolfTPM2_NVDeleteKey(device, primaryHandle, key.key); + if (rc != (int)Status.TPM_RC_SUCCESS) { + throw new WolfTpm2Exception( + "wolfTPM2_NVDeleteKey", rc); + } + return rc; + } + public int DeleteKey(KeyBlob keyBlob, ulong primaryHandle) + { + int rc = wolfTPM2_NVDeleteKey(device, primaryHandle, keyBlob.keyblob); + if (rc != (int)Status.TPM_RC_SUCCESS) { + throw new WolfTpm2Exception( + "wolfTPM2_NVDeleteKey", rc); + } + return rc; + } [DllImport(DLLNAME, EntryPoint = "wolfTPM2_ImportRsaPrivateKey")] private static extern int wolfTPM2_ImportRsaPrivateKey(