Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove SHA1 from tests #2865

Merged
merged 8 commits into from
Jul 19, 2024
Merged

Remove SHA1 from tests #2865

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d08607b
test: remove SHA1 from policy-execute/tss2_policy
Jul 10, 2024
3e41512
fapi: fix PolicyTemplate policyDigest calculation.
Jul 15, 2024
8841194
test: purge sha1 from the tests (and their profiles)
Jul 15, 2024
724720a
test: gracefully handle TPM2_RC_COMMAND_CODE in various tests
Jul 15, 2024
e389c05
test: add RSA key hard-coded in some tests for convenience
Jul 15, 2024
09abcd1
libtpms: fix reset handling
Jul 17, 2024
cee26d4
tpmclient: remove SHA1 from tpmclient
Jul 17, 2024
b25467d
tpmclient: rename log module to test (see other tests)
Jul 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -783,6 +783,7 @@ EXTRA_DIST += \
test/data/fapi/policy/pol_cphash.json \
test/data/fapi/policy/pol_or_read_write_secret.json \
test/data/fapi/policy/pol_ek_high_range_sha256.json \
test/data/fapi/policy/pol_ek_high_range_sha384.json \
test/data/fapi/P_ECC_sh_eh_policy_sha384.json \
test/data/fapi/policy/pol_authorize_ecc_pem_sha384.json \
test/data/fapi/policy/pol_authorize_nv_complex_tpm2b_sha384.json \
Expand Down
2 changes: 2 additions & 0 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,8 @@ AC_ARG_ENABLE([tcti-libtpms],
[enable_tcti_libtpms=no]
[AC_MSG_WARN([library libtpms missing])])])
AM_CONDITIONAL([ENABLE_TCTI_LIBTPMS], [test "x$enable_tcti_libtpms" != xno])
AS_IF([test "x$enable_tcti_libtpms" = "xyes"],
[AC_DEFINE([TCTI_LIBTPMS],[1], [TCTI FOR LIBTPMS BASED ACCESS TO TPM2 DEVICE])])

AC_ARG_ENABLE([tcti-cmd],
[AS_HELP_STRING([--disable-tcti-cmd],
Expand Down
3 changes: 3 additions & 0 deletions src/tss2-fapi/ifapi_policy_calculate.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1271,6 +1271,9 @@ ifapi_calculate_policy_template(
r = ifapi_crypto_hash_start(&cryptoContext, current_hash_alg);
return_if_error(r, "crypto hash start");

HASH_UPDATE_BUFFER(cryptoContext,
&current_digest->digests[digest_idx].digest, hash_size,
r, cleanup);
HASH_UPDATE(cryptoContext, TPM2_CC, TPM2_CC_PolicyTemplate, r,
cleanup);
HASH_UPDATE_BUFFER(cryptoContext, &used_template_hash->buffer[0],
Expand Down
31 changes: 30 additions & 1 deletion src/tss2-tcti/tcti-libtpms.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,9 +367,38 @@ Tss2_Tcti_Libtpms_Reset(TSS2_TCTI_CONTEXT *tcti_ctx)
int ret;
TSS2_TCTI_LIBTPMS_CONTEXT *tcti_libtpms = tcti_libtpms_context_cast(tcti_ctx);

LIBTPMS_API_CALL(fail, tcti_libtpms, TPM_IO_TpmEstablished_Reset);
if (TSS2_TCTI_MAGIC(tcti_libtpms) != TCTI_LIBTPMS_MAGIC) {
return TSS2_TCTI_RC_BAD_CONTEXT;
}

/* Get NV (i.e. permanent state) */
unsigned char *permanent_state;
uint32_t permanent_state_len;
LIBTPMS_API_CALL(fail,
tcti_libtpms,
TPMLIB_GetState,
TPMLIB_STATE_PERMANENT,
&permanent_state,
&permanent_state_len);

/* TPM power off */
tcti_libtpms->TPMLIB_Terminate();

/* Set NV to the same value, will be picked up by MainInit() */
LIBTPMS_API_CALL(cleanup,
tcti_libtpms,
TPMLIB_SetState,
TPMLIB_STATE_PERMANENT,
permanent_state,
permanent_state_len);

/* Load state and power on */
LIBTPMS_API_CALL(cleanup, tcti_libtpms, TPMLIB_MainInit);

rc = TSS2_RC_SUCCESS;

cleanup:
free(permanent_state);
fail:
return rc;
}
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_ECC.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ],
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_ECC384.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ],
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P384",
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_ECC_error.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ],
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_ECC_sh_eh_policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ],
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_ECC_sh_eh_policy_sha384.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ],
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P384",
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_RSA.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_RSA2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
10 changes: 5 additions & 5 deletions test/data/fapi/P_RSA256.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"ecc_signing_scheme": {
"scheme":"TPM2_ALG_ECDSA",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
},
},
"rsa_signing_scheme": {
Expand All @@ -21,7 +21,7 @@
"rsa_decrypt_scheme": {
"scheme":"TPM2_ALG_OAEP",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
}
},
"sym_mode":"TPM2_ALG_CFB",
Expand All @@ -32,11 +32,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
6 changes: 3 additions & 3 deletions test/data/fapi/P_RSA3072.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
8 changes: 4 additions & 4 deletions test/data/fapi/P_RSA_EK_persistent.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,19 @@
"ecc_signing_scheme": {
"scheme":"TPM2_ALG_ECDSA",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
},
},
"rsa_signing_scheme": {
"scheme":"TPM2_ALG_RSAPSS",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
}
},
"rsa_decrypt_scheme": {
"scheme":"TPM2_ALG_OAEP",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
}
},
"sym_mode":"TPM2_ALG_CFB",
Expand All @@ -32,7 +32,7 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
Expand Down
8 changes: 4 additions & 4 deletions test/data/fapi/P_RSA_nameAlg_sha1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
12 changes: 6 additions & 6 deletions test/data/fapi/P_RSA_sh_policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
"rsa_signing_scheme": {
"scheme":"TPM2_ALG_RSAPSS",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
}
},
"rsa_decrypt_scheme": {
"scheme":"TPM2_ALG_OAEP",
"details":{
"hashAlg":"TPM2_ALG_SHA1"
"hashAlg":"TPM2_ALG_SHA256"
}
},
"sym_mode":"TPM2_ALG_CFB",
Expand All @@ -26,11 +26,11 @@
},
"sym_block_size": 16,
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA1",
"pcrSelect": [ ]
},
{ "hash": "TPM2_ALG_SHA256",
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
3 changes: 2 additions & 1 deletion test/data/fapi/policy/pol_authorize_ecc_pem.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
{
"type": "POLICYAUTHORIZE",
"policyRef": [ 1, 2, 3, 4, 5 ],
"keyPEM": "-----BEGIN PUBLIC KEY-----
// private key: test/data/fapi/policy/ecc.pem
"keyPEM": "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwl7xkJ8nywaYBzTzfr/Or0Phg2XY
ufUHcIYJvC+x8NjOoPTFcE8CKGup6+Q7LOq21S9YmnXrt8xLiHBIxM7YOQ==
-----END PUBLIC KEY-----"
Expand Down
3 changes: 2 additions & 1 deletion test/data/fapi/policy/pol_authorize_ecc_pem_sha384.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@
"type": "POLICYAUTHORIZE",
"policyRef": [ 1, 2, 3, 4, 5 ],
"keyPEMhashAlg": "SHA384",
"keyPEM": "-----BEGIN PUBLIC KEY-----
// private key: ?
"keyPEM": "-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnzYHCTqHAJnCcLRQC4bL/r2t9P1bJJE
27tHWVxxRtdUNPQceF9sFPE1AgafveTyLrf/V2TwYqpOgMw3hseFlpXAgQl0klqN
ZPX3zQ+iOfcHhZ7YPjSXzBghWF67oxat
Expand Down
3 changes: 2 additions & 1 deletion test/data/fapi/policy/pol_authorize_rsa_pem.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
{
"type": "POLICYAUTHORIZE",
"policyRef": [ 1, 2, 3, 4, 5 ],
"keyPEM": "-----BEGIN PUBLIC KEY-----
// private key: test/data/fapi/policy/rsa2.pem
"keyPEM": "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGL6IrCSAznmIIzBessI
mW7tPOUy78uWTIaub32KnYHn78KXprrZ3ykp6WDrOQeMjv4AA+14mJbg77apVYXy
EnkFdOMa1hszSJnp6cJvx7ILngLvFUxzbVki/ehvgS3nRk67Njal+nMTe8hpe3UK
Expand Down
62 changes: 62 additions & 0 deletions test/data/fapi/policy/pol_ek_high_range_sha384.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"description":"Policy for EK",
"policy":[
{
"type":"POLICYOR",
"branches":[
{
"name":"PolicySecret",
"description":"Policy Secret for EK",
"policy":[
{
"type":"POLICYSECRET",
"objectName": "4000000b",
}
],
},
{
"name":"PolicyNV",
"description":"Policy NV for EK",
"policy":[
{
"type": "POLICYAUTHORIZENV",
"nvPublic": {
"size":0,
"nvPublic":{
"nvIndex":"0x01c07f01",
"nameAlg":"SHA384",
"attributes":{
"PPWRITE":0,
"OWNERWRITE":0,
"AUTHWRITE":0,
"POLICYWRITE":1,
"POLICY_DELETE":0,
"WRITELOCKED":0,
"WRITEALL":1,
"WRITEDEFINE":0,
"WRITE_STCLEAR":0,
"GLOBALLOCK":0,
"PPREAD":1,
"OWNERREAD":1,
"AUTHREAD":1,
"POLICYREAD":1,
"NO_DA":1,
"ORDERLY":0,
"CLEAR_STCLEAR":0,
"READLOCKED":0,
"WRITTEN":1,
"PLATFORMCREATE":0,
"READ_STCLEAR":0,
"TPM2_NT":"ORDINARY"
},
"authPolicy":"837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa",
"dataSize":34
}
}
}
],
}
]
}
]
}
Loading
Loading