WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Minor cleanups. Fixed `test_TPM2_PCRSel` test.

pull/418/head
David Garske 2025-05-29 13:44:56 -07:00
parent 592210f321
commit f1507c697b
2 changed files with 63 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tpm2_wrap.c
View File

@ -3932,8 +3932,6 @@ int wolfTPM2_VerifyHashTicket(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
XMEMSET(&verifySigIn, 0, sizeof(verifySigIn));
verifySigIn.keyHandle = key->handle.hndl;
verifySigIn.digest.size = TPM2_GetHashDigestSize(hashAlg);
if (verifySigIn.digest.size <= 0) {
return BAD_FUNC_ARG;

107
tests/unit_tests.c
View File

@ -101,7 +101,8 @@ static void test_wolfTPM2_Init(void)
AssertIntNE(rc, 0);
/* Test second argument, TPM2 IO Callbacks */
rc = wolfTPM2_Init(&dev, NULL, NULL);
#if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || defined(WOLFTPM_WINAPI)
#if defined(WOLFTPM_LINUX_DEV) || defined(WOLFTPM_SWTPM) || \
defined(WOLFTPM_WINAPI)
/* Custom IO Callbacks are not needed for Linux TIS driver */
AssertIntEQ(rc, 0);
#else
@ -276,11 +277,12 @@ static void test_TPM2_PCRSel(void)
/* Test bad case - invalid PCR */
XMEMSET(&pcr, 0, sizeof(pcr));
pcrArray[0] = PCR_SELECT_MAX+1;
pcrArray[0] = PCR_LAST+1;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1);
if (pcr.count != 0) {
rc = BAD_FUNC_ARG;
}
AssertIntEQ(rc, 0);
/* Test bad case - too many hash algorithms */
XMEMSET(&pcr, 0, sizeof(pcr));
@ -295,6 +297,7 @@ static void test_TPM2_PCRSel(void)
if (pcr.count != HASH_COUNT) {
rc = BAD_FUNC_ARG;
}
AssertIntEQ(rc, 0);
printf("Test TPM Wrapper:\tPCR Select Array:\t%s\n",
rc == 0 ? "Passed" : "Failed");
@ -346,7 +349,8 @@ static void test_TPM2_KDFa(void)
0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4};
#endif
rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key, keyIn.size);
rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key,
keyIn.size);
#ifdef WOLFTPM2_NO_WOLFCRYPT
AssertIntEQ(NOT_COMPILED_IN, rc);
#else
@ -399,13 +403,12 @@ static void test_wolfTPM2_CSR(void)
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
!defined(WOLFTPM2_NO_ASN)
static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev,
WOLFTPM2_KEY* storageKey, const byte* digest, int digestSz,
TPM_ECC_CURVE curve, TPMI_ALG_HASH hashAlg)
{
int rc;
int verifyRes = 0;
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY eccKey;
TPMT_PUBLIC publicTemplate;
byte sigRs[MAX_ECC_BYTES*2];
@ -417,28 +420,19 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
ecc_key wolfKey;
int curveSize = TPM2_GetCurveSize(curve);
/* Initialize TPM */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
AssertIntEQ(rc, 0);
/* -- Use TPM key to sign and verify with wolfCrypt -- */
/* Create storage key */
rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC,
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
AssertIntEQ(rc, 0);
/* Create ECC key for signing */
rc = wolfTPM2_GetKeyTemplate_ECC_ex(&publicTemplate, hashAlg,
(TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA),
curve, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0);
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
rc = wolfTPM2_CreateAndLoadKey(dev, &eccKey, &storageKey->handle,
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
AssertIntEQ(rc, 0);
/* Sign with TPM */
rc = wolfTPM2_SignHashScheme(&dev, &eccKey, digest, digestSz,
rc = wolfTPM2_SignHashScheme(dev, &eccKey, digest, digestSz,
sigRs, (int*)&sigRsSz, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0);
@ -459,7 +453,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0);
/* Convert TPM key to wolfCrypt key for verification */
rc = wolfTPM2_EccKey_TpmToWolf(&dev, &eccKey, &wolfKey);
rc = wolfTPM2_EccKey_TpmToWolf(dev, &eccKey, &wolfKey);
AssertIntEQ(rc, 0);
/* Verify TPM signature with wolfCrypt */
@ -469,7 +463,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
/* Cleanup first wolfCrypt key */
wc_ecc_free(&wolfKey);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
wolfTPM2_UnloadHandle(dev, &eccKey.handle);
/* -- Use wolfCrypt key to sign and verify with TPM -- */
@ -478,13 +472,13 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0);
/* Generate new ECC key with wolfCrypt */
rc = wc_ecc_make_key(wolfTPM2_GetRng(&dev), curveSize, &wolfKey);
rc = wc_ecc_make_key(wolfTPM2_GetRng(dev), curveSize, &wolfKey);
AssertIntEQ(rc, 0);
/* Sign with wolfCrypt */
sigSz = (word32)sizeof(sig);
rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz,
wolfTPM2_GetRng(&dev), &wolfKey);
rc = wc_ecc_sign_hash(digest, digestSz, sig, &sigSz, wolfTPM2_GetRng(dev),
&wolfKey);
AssertIntEQ(rc, 0);
/* Decode ECDSA Header */
@ -496,7 +490,7 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
AssertIntEQ(rc, 0);
/* Convert wolfCrypt key to TPM key for verification */
rc = wolfTPM2_EccKey_WolfToTpm(&dev, &wolfKey, &eccKey);
rc = wolfTPM2_EccKey_WolfToTpm(dev, &wolfKey, &eccKey);
AssertIntEQ(rc, 0);
/* combine R and S at key size (zero pad leading) */
@ -506,42 +500,66 @@ static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz,
XMEMSET(&sigRs[curveSize], 0, curveSize-sLen);
/* Verify wolfCrypt signature with TPM */
rc = wolfTPM2_VerifyHashScheme(&dev, &eccKey, sigRs, curveSize*2,
rc = wolfTPM2_VerifyHashScheme(dev, &eccKey, sigRs, curveSize*2,
digest, digestSz, TPM_ALG_ECDSA, hashAlg);
AssertIntEQ(rc, 0);
/* Cleanup */
wc_ecc_free(&wolfKey);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
wolfTPM2_UnloadHandle(dev, &eccKey.handle);
printf("Test TPM Wrapper:\tSign/Verify Interop (digestSz=%d, curve=%d, hashAlg=%d):\t%s\n",
digestSz, curve, hashAlg, rc == 0 ? "Passed" : "Failed");
printf("Test TPM Wrapper:\t"
"Sign/Verify (DigSz=%d, CurveSz=%d, Hash=%s):"
"\t%s\n",
digestSz, TPM2_GetCurveSize(curve), TPM2_GetAlgName(hashAlg),
rc == 0 ? "Passed" : "Failed");
}
/* Test with smaller, same and larger digest sizes using different ECC curves.
* Interop sign and verify with wolfCrypt and TPM */
static void test_wolfTPM2_EccSignVerify(void)
{
int i;
int rc, i;
byte digest[TPM_MAX_DIGEST_SIZE];
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
for (i = 0; i < 64; i++) {
digest[i] = (byte)(0x11 + i);
/* Initialize TPM */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
AssertIntEQ(rc, 0);
/* Create storage key */
rc = wolfTPM2_CreateSRK(&dev, &storageKey, TPM_ALG_ECC,
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
AssertIntEQ(rc, 0);
for (i = 0; i < (int)sizeof(digest); i++) {
digest[i] = (byte)i;
}
test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64,
TPM_ECC_NIST_P256, TPM_ALG_SHA256);
#if defined(HAVE_ECC384) && ECC_MIN_KEY_SZ <= 384
test_wolfTPM2_EccSignVerifyDig(digest, 20, TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(digest, 32, TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(digest, 48, TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(digest, 64, TPM_ECC_NIST_P384, TPM_ALG_SHA384);
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 20,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 32,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 48,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
test_wolfTPM2_EccSignVerifyDig(&dev, &storageKey, digest, 64,
TPM_ECC_NIST_P384, TPM_ALG_SHA384);
#endif
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
}
#endif
@ -628,7 +646,8 @@ static void test_wolfTPM2_PCRPolicy(void)
digest, &digestSz, NULL, 0);
AssertIntEQ(rc, 0);
AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)), 0);
AssertIntEQ(XMEMCMP(digest, expectedPolicyAuth, sizeof(expectedPolicyAuth)),
0);
rc = wolfTPM2_ResetPCR(&dev, pcrIndex);
AssertIntEQ(rc, 0);
@ -828,12 +847,12 @@ int unit_tests(int argc, char *argv[])
#endif
test_wolfTPM2_KeyBlob(TPM_ALG_RSA);
test_wolfTPM2_KeyBlob(TPM_ALG_ECC);
test_wolfTPM2_Cleanup();
test_wolfTPM2_thread_local_storage();
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
!defined(WOLFTPM2_NO_ASN)
test_wolfTPM2_EccSignVerify();
#endif
test_wolfTPM2_Cleanup();
test_wolfTPM2_thread_local_storage();
#endif /* !WOLFTPM2_NO_WRAPPER */
return 0;