diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index b3e9513..c43352f 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -3932,8 +3932,6 @@ int wolfTPM2_VerifyHashTicket(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, XMEMSET(&verifySigIn, 0, sizeof(verifySigIn)); verifySigIn.keyHandle = key->handle.hndl; - - verifySigIn.digest.size = TPM2_GetHashDigestSize(hashAlg); if (verifySigIn.digest.size <= 0) { return BAD_FUNC_ARG; diff --git a/tests/unit_tests.c b/tests/unit_tests.c index a3a8baf..5720085 100644 --- a/tests/unit_tests.c +++ b/tests/unit_tests.c @@ -101,7 +101,8 @@ static void test_wolfTPM2_Init(void) AssertIntNE(rc, 0); /* Test second argument, TPM2 IO Callbacks */ rc = wolfTPM2_Init(&dev, NULL, NULL); -#if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || defined(WOLFTPM_WINAPI) +#if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || \ + defined(WOLFTPM_WINAPI) /* Custom IO Callbacks are not needed for Linux TIS driver */ AssertIntEQ(rc, 0); #else @@ -276,11 +277,12 @@ static void test_TPM2_PCRSel(void) /* Test bad case - invalid PCR */ XMEMSET(&pcr, 0, sizeof(pcr)); - pcrArray[0] = PCR_SELECT_MAX+1; + pcrArray[0] = PCR_LAST+1; TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1); if (pcr.count != 0) { rc = BAD_FUNC_ARG; } + AssertIntEQ(rc, 0); /* Test bad case - too many hash algorithms */ XMEMSET(&pcr, 0, sizeof(pcr)); @@ -295,6 +297,7 @@ static void test_TPM2_PCRSel(void) if (pcr.count != HASH_COUNT) { rc = BAD_FUNC_ARG; } + AssertIntEQ(rc, 0); printf("Test TPM Wrapper:\tPCR Select Array:\t%s\n", rc == 0 ? "Passed" : "Failed"); @@ -346,7 +349,8 @@ static void test_TPM2_KDFa(void) 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4}; #endif - rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key, keyIn.size); + rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key, + keyIn.size); #ifdef WOLFTPM2_NO_WOLFCRYPT AssertIntEQ(NOT_COMPILED_IN, rc); #else @@ -399,13 +403,12 @@ static void test_wolfTPM2_CSR(void) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ !defined(WOLFTPM2_NO_ASN) -static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, +static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev, + WOLFTPM2_KEY* storageKey, const byte* digest, int digestSz, TPM_ECC_CURVE curve, TPMI_ALG_HASH hashAlg) { int rc; int verifyRes = 0; - WOLFTPM2_DEV dev; - WOLFTPM2_KEY storageKey; WOLFTPM2_KEY eccKey; TPMT_PUBLIC publicTemplate; byte sigRs[MAX_ECC_BYTES*2]; @@ -417,28 +420,19 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, ecc_key wolfKey; int curveSize = TPM2_GetCurveSize(curve); - /* Initialize TPM */ - rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL); - AssertIntEQ(rc, 0); - /* -- Use TPM key to sign and verify with wolfCrypt -- */ - /* Create storage key */ - rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC, - (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1); - AssertIntEQ(rc, 0); - /* Create ECC key for signing */ rc = wolfTPM2_GetKeyTemplate_ECC_ex(&publicTemplate, hashAlg, (TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | TPMA_OBJECT_sign | TPMA_OBJECT_noDA), curve, TPM_ALG_ECDSA, hashAlg); AssertIntEQ(rc, 0); - rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, + rc = wolfTPM2_CreateAndLoadKey(dev, &eccKey, &storageKey->handle, &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1); AssertIntEQ(rc, 0); /* Sign with TPM */ - rc = wolfTPM2_SignHashScheme(&dev, &eccKey, digest, digestSz, + rc = wolfTPM2_SignHashScheme(dev, &eccKey, digest, digestSz, sigRs, (int*)&sigRsSz, TPM_ALG_ECDSA, hashAlg); AssertIntEQ(rc, 0); @@ -459,7 +453,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, AssertIntEQ(rc, 0); /* Convert TPM key to wolfCrypt key for verification */ - rc = wolfTPM2_EccKey_TpmToWolf(&dev, &eccKey, &wolfKey); + rc = wolfTPM2_EccKey_TpmToWolf(dev, &eccKey, &wolfKey); AssertIntEQ(rc, 0); /* Verify TPM signature with wolfCrypt */ @@ -469,7 +463,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, /* Cleanup first wolfCrypt key */ wc_ecc_free(&wolfKey); - wolfTPM2_UnloadHandle(&dev, &eccKey.handle); + wolfTPM2_UnloadHandle(dev, &eccKey.handle); /* -- Use wolfCrypt key to sign and verify with TPM -- */ @@ -478,13 +472,13 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, AssertIntEQ(rc, 0); /* Generate new ECC key with wolfCrypt */ - rc = wc_ecc_make_key(wolfTPM2_GetRng(&dev), curveSize, &wolfKey); + rc = wc_ecc_make_key(wolfTPM2_GetRng(dev), curveSize, &wolfKey); AssertIntEQ(rc, 0); /* Sign with wolfCrypt */ sigSz = (word32)sizeof(sig); - rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, - wolfTPM2_GetRng(&dev), &wolfKey); + rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, wolfTPM2_GetRng(dev), + &wolfKey); AssertIntEQ(rc, 0); /* Decode ECDSA Header */ @@ -496,7 +490,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, AssertIntEQ(rc, 0); /* Convert wolfCrypt key to TPM key for verification */ - rc = wolfTPM2_EccKey_WolfToTpm(&dev, &wolfKey, &eccKey); + rc = wolfTPM2_EccKey_WolfToTpm(dev, &wolfKey, &eccKey); AssertIntEQ(rc, 0); /* combine R and S at key size (zero pad leading) */ @@ -506,42 +500,66 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, XMEMSET(&sigRs[curveSize], 0, curveSize-sLen); /* Verify wolfCrypt signature with TPM */ - rc = wolfTPM2_VerifyHashScheme(&dev, &eccKey, sigRs, curveSize*2, + rc = wolfTPM2_VerifyHashScheme(dev, &eccKey, sigRs, curveSize*2, digest, digestSz, TPM_ALG_ECDSA, hashAlg); AssertIntEQ(rc, 0); /* Cleanup */ wc_ecc_free(&wolfKey); - wolfTPM2_UnloadHandle(&dev, &eccKey.handle); - wolfTPM2_UnloadHandle(&dev, &storageKey.handle); - wolfTPM2_Cleanup(&dev); + wolfTPM2_UnloadHandle(dev, &eccKey.handle); - printf("Test TPM Wrapper:\tSign/Verify Interop (digestSz=%d, curve=%d, hashAlg=%d):\t%s\n", - digestSz, curve, hashAlg, rc == 0 ? "Passed" : "Failed"); + printf("Test TPM Wrapper:\t" + "Sign/Verify (DigSz=%d, CurveSz=%d, Hash=%s):" + "\t%s\n", + digestSz, TPM2_GetCurveSize(curve), TPM2_GetAlgName(hashAlg), + rc == 0 ? "Passed" : "Failed"); } /* Test with smaller, same and larger digest sizes using different ECC curves. * Interop sign and verify with wolfCrypt and TPM */ static void test_wolfTPM2_EccSignVerify(void) { - int i; + int rc, i; byte digest[TPM_MAX_DIGEST_SIZE]; + WOLFTPM2_DEV dev; + WOLFTPM2_KEY storageKey; - for (i = 0; i < 64; i++) { - digest[i] = (byte)(0x11 + i); + /* Initialize TPM */ + rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL); + AssertIntEQ(rc, 0); + + /* Create storage key */ + rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC, + (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1); + AssertIntEQ(rc, 0); + + + for (i = 0; i < (int)sizeof(digest); i++) { + digest[i] = (byte)i; } - test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P256, TPM_ALG_SHA256); - test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P256, TPM_ALG_SHA256); - test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P256, TPM_ALG_SHA256); - test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P256, TPM_ALG_SHA256); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20, + TPM_ECC_NIST_P256, TPM_ALG_SHA256); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32, + TPM_ECC_NIST_P256, TPM_ALG_SHA256); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48, + TPM_ECC_NIST_P256, TPM_ALG_SHA256); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64, + TPM_ECC_NIST_P256, TPM_ALG_SHA256); -#if defined(HAVE_ECC384) && ECC_MIN_KEY_SZ <= 384 - test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P384, TPM_ALG_SHA384); - test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P384, TPM_ALG_SHA384); - test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P384, TPM_ALG_SHA384); - test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P384, TPM_ALG_SHA384); +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20, + TPM_ECC_NIST_P384, TPM_ALG_SHA384); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32, + TPM_ECC_NIST_P384, TPM_ALG_SHA384); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48, + TPM_ECC_NIST_P384, TPM_ALG_SHA384); + test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64, + TPM_ECC_NIST_P384, TPM_ALG_SHA384); #endif + + wolfTPM2_UnloadHandle(&dev, &storageKey.handle); + wolfTPM2_Cleanup(&dev); } #endif @@ -628,7 +646,8 @@ static void test_wolfTPM2_PCRPolicy(void) digest, &digestSz, NULL, 0); AssertIntEQ(rc, 0); - AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)), 0); + AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)), + 0); rc = wolfTPM2_ResetPCR(&dev, pcrIndex); AssertIntEQ(rc, 0); @@ -828,12 +847,12 @@ int unit_tests(int argc, char *argv[]) #endif test_wolfTPM2_KeyBlob(TPM_ALG_RSA); test_wolfTPM2_KeyBlob(TPM_ALG_ECC); - test_wolfTPM2_Cleanup(); - test_wolfTPM2_thread_local_storage(); #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ !defined(WOLFTPM2_NO_ASN) test_wolfTPM2_EccSignVerify(); #endif + test_wolfTPM2_Cleanup(); + test_wolfTPM2_thread_local_storage(); #endif /* !WOLFTPM2_NO_WRAPPER */ return 0;