WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Minor cleanups. Fixed `test_TPM2_PCRSel` test.

pull/418/head
David Garske 2025-05-29 13:44:56 -07:00
parent 592210f321
commit f1507c697b
2 changed files with 63 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tpm2_wrap.c
View File

@ -3932,8 +3932,6 @@ int wolfTPM2_VerifyHashTicket(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
XMEMSET(&verifySigIn, 0, sizeof(verifySigIn)); XMEMSET(&verifySigIn, 0, sizeof(verifySigIn));
verifySigIn.keyHandle = key->handle.hndl; verifySigIn.keyHandle = key->handle.hndl;
verifySigIn.digest.size = TPM2_GetHashDigestSize(hashAlg); verifySigIn.digest.size = TPM2_GetHashDigestSize(hashAlg);
if (verifySigIn.digest.size <= 0) { if (verifySigIn.digest.size <= 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;

107
tests/unit_tests.c
View File

@ -101,7 +101,8 @@ static void test_wolfTPM2_Init(void)
AssertIntNE(rc, 0); AssertIntNE(rc, 0);
/* Test second argument, TPM2 IO Callbacks */ /* Test second argument, TPM2 IO Callbacks */
rc = wolfTPM2_Init(&dev, NULL, NULL); rc = wolfTPM2_Init(&dev, NULL, NULL);
#if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || defined(WOLFTPM_WINAPI) #if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || \
defined(WOLFTPM_WINAPI)
/* Custom IO Callbacks are not needed for Linux TIS driver */ /* Custom IO Callbacks are not needed for Linux TIS driver */
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
#else #else
@ -276,11 +277,12 @@ static void test_TPM2_PCRSel(void)
/* Test bad case - invalid PCR */ /* Test bad case - invalid PCR */
XMEMSET(&pcr, 0, sizeof(pcr)); XMEMSET(&pcr, 0, sizeof(pcr));
pcrArray[0] = PCR_SELECT_MAX+1; pcrArray[0] = PCR_LAST+1;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1); TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1);
if (pcr.count != 0) { if (pcr.count != 0) {
rc = BAD_FUNC_ARG; rc = BAD_FUNC_ARG;
} }
AssertIntEQ(rc, 0);
/* Test bad case - too many hash algorithms */ /* Test bad case - too many hash algorithms */
XMEMSET(&pcr, 0, sizeof(pcr)); XMEMSET(&pcr, 0, sizeof(pcr));
@ -295,6 +297,7 @@ static void test_TPM2_PCRSel(void)
if (pcr.count != HASH_COUNT) { if (pcr.count != HASH_COUNT) {
rc = BAD_FUNC_ARG; rc = BAD_FUNC_ARG;
} }
AssertIntEQ(rc, 0);
printf("Test TPM Wrapper:\tPCR Select Array:\t%s\n", printf("Test TPM Wrapper:\tPCR Select Array:\t%s\n",
rc == 0 ? "Passed" : "Failed"); rc == 0 ? "Passed" : "Failed");
@ -346,7 +349,8 @@ static void test_TPM2_KDFa(void)
0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4}; 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4};
#endif #endif
rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key, keyIn.size); rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key,
keyIn.size);
#ifdef WOLFTPM2_NO_WOLFCRYPT #ifdef WOLFTPM2_NO_WOLFCRYPT
AssertIntEQ(NOT_COMPILED_IN, rc); AssertIntEQ(NOT_COMPILED_IN, rc);
#else #else
@ -399,13 +403,12 @@ static void test_wolfTPM2_CSR(void)
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
!defined(WOLFTPM2_NO_ASN) !defined(WOLFTPM2_NO_ASN)
static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev,
WOLFTPM2_KEY* storageKey, const byte* digest, int digestSz,
TPM_ECC_CURVE curve, TPMI_ALG_HASH hashAlg) TPM_ECC_CURVE curve, TPMI_ALG_HASH hashAlg)
{ {
int rc; int rc;
int verifyRes = 0; int verifyRes = 0;
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY eccKey; WOLFTPM2_KEY eccKey;
TPMT_PUBLIC publicTemplate; TPMT_PUBLIC publicTemplate;
byte sigRs[MAX_ECC_BYTES*2]; byte sigRs[MAX_ECC_BYTES*2];
@ -417,28 +420,19 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
ecc_key wolfKey; ecc_key wolfKey;
int curveSize = TPM2_GetCurveSize(curve); int curveSize = TPM2_GetCurveSize(curve);
/* Initialize TPM */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
AssertIntEQ(rc, 0);
/* -- Use TPM key to sign and verify with wolfCrypt -- */ /* -- Use TPM key to sign and verify with wolfCrypt -- */
/* Create storage key */
rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC,
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
AssertIntEQ(rc, 0);
/* Create ECC key for signing */ /* Create ECC key for signing */
rc = wolfTPM2_GetKeyTemplate_ECC_ex(&publicTemplate, hashAlg, rc = wolfTPM2_GetKeyTemplate_ECC_ex(&publicTemplate, hashAlg,
(TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | (TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA), TPMA_OBJECT_sign | TPMA_OBJECT_noDA),
curve, TPM_ALG_ECDSA, hashAlg); curve, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, rc = wolfTPM2_CreateAndLoadKey(dev, &eccKey, &storageKey->handle,
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1); &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Sign with TPM */ /* Sign with TPM */
rc = wolfTPM2_SignHashScheme(&dev, &eccKey, digest, digestSz, rc = wolfTPM2_SignHashScheme(dev, &eccKey, digest, digestSz,
sigRs, (int*)&sigRsSz, TPM_ALG_ECDSA, hashAlg); sigRs, (int*)&sigRsSz, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
@ -459,7 +453,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Convert TPM key to wolfCrypt key for verification */ /* Convert TPM key to wolfCrypt key for verification */
rc = wolfTPM2_EccKey_TpmToWolf(&dev, &eccKey, &wolfKey); rc = wolfTPM2_EccKey_TpmToWolf(dev, &eccKey, &wolfKey);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Verify TPM signature with wolfCrypt */ /* Verify TPM signature with wolfCrypt */
@ -469,7 +463,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
/* Cleanup first wolfCrypt key */ /* Cleanup first wolfCrypt key */
wc_ecc_free(&wolfKey); wc_ecc_free(&wolfKey);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle); wolfTPM2_UnloadHandle(dev, &eccKey.handle);
/* -- Use wolfCrypt key to sign and verify with TPM -- */ /* -- Use wolfCrypt key to sign and verify with TPM -- */
@ -478,13 +472,13 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Generate new ECC key with wolfCrypt */ /* Generate new ECC key with wolfCrypt */
rc = wc_ecc_make_key(wolfTPM2_GetRng(&dev), curveSize, &wolfKey); rc = wc_ecc_make_key(wolfTPM2_GetRng(dev), curveSize, &wolfKey);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Sign with wolfCrypt */ /* Sign with wolfCrypt */
sigSz = (word32)sizeof(sig); sigSz = (word32)sizeof(sig);
rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, wolfTPM2_GetRng(dev),
wolfTPM2_GetRng(&dev), &wolfKey); &wolfKey);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Decode ECDSA Header */ /* Decode ECDSA Header */
@ -496,7 +490,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Convert wolfCrypt key to TPM key for verification */ /* Convert wolfCrypt key to TPM key for verification */
rc = wolfTPM2_EccKey_WolfToTpm(&dev, &wolfKey, &eccKey); rc = wolfTPM2_EccKey_WolfToTpm(dev, &wolfKey, &eccKey);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* combine R and S at key size (zero pad leading) */ /* combine R and S at key size (zero pad leading) */
@ -506,42 +500,66 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
XMEMSET(&sigRs[curveSize], 0, curveSize-sLen); XMEMSET(&sigRs[curveSize], 0, curveSize-sLen);
/* Verify wolfCrypt signature with TPM */ /* Verify wolfCrypt signature with TPM */
rc = wolfTPM2_VerifyHashScheme(&dev, &eccKey, sigRs, curveSize*2, rc = wolfTPM2_VerifyHashScheme(dev, &eccKey, sigRs, curveSize*2,
digest, digestSz, TPM_ALG_ECDSA, hashAlg); digest, digestSz, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
/* Cleanup */ /* Cleanup */
wc_ecc_free(&wolfKey); wc_ecc_free(&wolfKey);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle); wolfTPM2_UnloadHandle(dev, &eccKey.handle);
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
printf("Test TPM Wrapper:\tSign/Verify Interop (digestSz=%d, curve=%d, hashAlg=%d):\t%s\n", printf("Test TPM Wrapper:\t"
digestSz, curve, hashAlg, rc == 0 ? "Passed" : "Failed"); "Sign/Verify (DigSz=%d, CurveSz=%d, Hash=%s):"
"\t%s\n",
digestSz, TPM2_GetCurveSize(curve), TPM2_GetAlgName(hashAlg),
rc == 0 ? "Passed" : "Failed");
} }
/* Test with smaller, same and larger digest sizes using different ECC curves. /* Test with smaller, same and larger digest sizes using different ECC curves.
* Interop sign and verify with wolfCrypt and TPM */ * Interop sign and verify with wolfCrypt and TPM */
static void test_wolfTPM2_EccSignVerify(void) static void test_wolfTPM2_EccSignVerify(void)
{ {
int i; int rc, i;
byte digest[TPM_MAX_DIGEST_SIZE]; byte digest[TPM_MAX_DIGEST_SIZE];
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
for (i = 0; i < 64; i++) { /* Initialize TPM */
digest[i] = (byte)(0x11 + i); rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
AssertIntEQ(rc, 0);
/* Create storage key */
rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC,
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
AssertIntEQ(rc, 0);
for (i = 0; i < (int)sizeof(digest); i++) {
digest[i] = (byte)i;
} }
test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P256, TPM_ALG_SHA256); test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20,
test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P256, TPM_ALG_SHA256); TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P256, TPM_ALG_SHA256); test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32,
test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P256, TPM_ALG_SHA256); TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
#if defined(HAVE_ECC384) && ECC_MIN_KEY_SZ <= 384 #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P384, TPM_ALG_SHA384); test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20,
test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P384, TPM_ALG_SHA384); TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P384, TPM_ALG_SHA384); test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32,
test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P384, TPM_ALG_SHA384); TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
#endif #endif
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
} }
#endif #endif
@ -628,7 +646,8 @@ static void test_wolfTPM2_PCRPolicy(void)
digest, &digestSz, NULL, 0); digest, &digestSz, NULL, 0);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)), 0); AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)),
0);
rc = wolfTPM2_ResetPCR(&dev, pcrIndex); rc = wolfTPM2_ResetPCR(&dev, pcrIndex);
AssertIntEQ(rc, 0); AssertIntEQ(rc, 0);
@ -828,12 +847,12 @@ int unit_tests(int argc, char *argv[])
#endif #endif
test_wolfTPM2_KeyBlob(TPM_ALG_RSA); test_wolfTPM2_KeyBlob(TPM_ALG_RSA);
test_wolfTPM2_KeyBlob(TPM_ALG_ECC); test_wolfTPM2_KeyBlob(TPM_ALG_ECC);
test_wolfTPM2_Cleanup();
test_wolfTPM2_thread_local_storage();
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
!defined(WOLFTPM2_NO_ASN) !defined(WOLFTPM2_NO_ASN)
test_wolfTPM2_EccSignVerify(); test_wolfTPM2_EccSignVerify();
#endif #endif
test_wolfTPM2_Cleanup();
test_wolfTPM2_thread_local_storage();
#endif /* !WOLFTPM2_NO_WRAPPER */ #endif /* !WOLFTPM2_NO_WRAPPER */
return 0; return 0;