FAPI: Add tests for derived persistent keys.

To enable these tests a compiler switch was added. The tests for signing, encryption, and sealing now can be configured to use a persistent or a transient key. Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
JerryDevis · Jun 4, 2020 · 5a95bc9 · 5a95bc9
1 parent 92dae76
commit 5a95bc9
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 4 deletions.
diff --git a/Makefile-test.am b/Makefile-test.am
@@ -270,13 +270,16 @@ TESTS_CFLAGS +=  -DTOP_SOURCEDIR"=\"$(top_srcdir)\""
 FAPI_TESTS_INTEGRATION = \
     test/integration/fapi-check-wrong-paths.fint \
     test/integration/fapi-data-crypt.fint \
+    test/integration/fapi-data-crypt-persistent.fint \
     test/integration/fapi-data-crypt-rsa.fint \
+    test/integration/fapi-data-crypt-rsa-persistent.fint \
     test/integration/fapi-duplicate.fint \
     test/integration/fapi-ext-public-key.fint \
     test/integration/fapi-get-esys-blobs.fint \
     test/integration/fapi-get-random.fint \
     test/integration/fapi-platform-certificates.fint \
     test/integration/fapi-key-create-sign.fint \
+    test/integration/fapi-key-create-sign-persistent-key.fint \
     test/integration/fapi-key-create-sign-password-provision.fint \
     test/integration/fapi-key-create-sign-rsa.fint \
     test/integration/fapi-key-create-policy-authorize-sign.fint \
@@ -311,7 +314,8 @@ FAPI_TESTS_INTEGRATION = \
     test/integration/fapi-quote.fint \
     test/integration/fapi-quote-rsa.fint \
     test/integration/fapi-info.fint \
-    test/integration/fapi-unseal.fint
+    test/integration/fapi-unseal.fint \
+    test/integration/fapi-unseal-persistent.fint
 
 if TESTDEVICE
 if DEVICEDESTRUCTIVE
@@ -1402,6 +1406,15 @@ test_integration_fapi_key_create_sign_fint_SOURCES = \
     test/integration/fapi-key-create-sign.int.c \
     test/integration/main-fapi.c test/integration/test-fapi.h
 
+test_integration_fapi_key_create_sign_persistent_key_fint_CFLAGS  = $(TESTS_CFLAGS) \
+-DPERSISTENT
+test_integration_fapi_key_create_sign_persistent_key_fint_LDADD   = $(TESTS_LDADD)
+test_integration_fapi_key_create_sign_persistent_key_fint_LDFLAGS = $(TESTS_LDFLAGS)
+test_integration_fapi_key_create_sign_persistent_key_fint_SOURCES = \
+    test/integration/fapi-key-create-sign.int.c \
+    test/integration/main-fapi.c test/integration/test-fapi.h
+
+
 test_integration_fapi_key_create_sign_password_provision_fint_CFLAGS  = $(TESTS_CFLAGS)
 test_integration_fapi_key_create_sign_password_provision_fint_LDADD   = $(TESTS_LDADD)
 test_integration_fapi_key_create_sign_password_provision_fint_LDFLAGS = $(TESTS_LDFLAGS)
@@ -1651,6 +1664,14 @@ test_integration_fapi_data_crypt_fint_SOURCES = \
     test/integration/fapi-data-crypt.int.c \
     test/integration/main-fapi.c test/integration/test-fapi.h
 
+test_integration_fapi_data_crypt_persistent_fint_CFLAGS  = $(TESTS_CFLAGS) \
+ -DPERSISTENT
+test_integration_fapi_data_crypt_persistent_fint_LDADD   = $(TESTS_LDADD)
+test_integration_fapi_data_crypt_persistent_fint_LDFLAGS = $(TESTS_LDFLAGS)
+test_integration_fapi_data_crypt_persistent_fint_SOURCES = \
+    test/integration/fapi-data-crypt.int.c \
+    test/integration/main-fapi.c test/integration/test-fapi.h
+
 test_integration_fapi_data_crypt_rsa_fint_CFLAGS  = $(TESTS_CFLAGS) \
  -DFAPI_PROFILE=\"P_RSA\"
 test_integration_fapi_data_crypt_rsa_fint_LDADD   = $(TESTS_LDADD)
@@ -1659,6 +1680,14 @@ test_integration_fapi_data_crypt_rsa_fint_SOURCES = \
     test/integration/fapi-data-crypt.int.c \
     test/integration/main-fapi.c test/integration/test-fapi.h
 
+test_integration_fapi_data_crypt_rsa_persistent_fint_CFLAGS  = $(TESTS_CFLAGS) \
+ -DFAPI_PROFILE=\"P_RSA\" -DPERSISTENT
+test_integration_fapi_data_crypt_rsa_persistent_fint_LDADD   = $(TESTS_LDADD)
+test_integration_fapi_data_crypt_rsa_persistent_fint_LDFLAGS = $(TESTS_LDFLAGS)
+test_integration_fapi_data_crypt_rsa_persistent_fint_SOURCES = \
+    test/integration/fapi-data-crypt.int.c \
+    test/integration/main-fapi.c test/integration/test-fapi.h
+
 test_integration_fapi_duplicate_fint_CFLAGS  = $(TESTS_CFLAGS)
 test_integration_fapi_duplicate_fint_LDADD   = $(TESTS_LDADD)
 test_integration_fapi_duplicate_fint_LDFLAGS = $(TESTS_LDFLAGS)
@@ -1702,6 +1731,15 @@ test_integration_fapi_unseal_fint_SOURCES = \
     test/integration/fapi-unseal.int.c \
     test/integration/main-fapi.c test/integration/test-fapi.h
 
+test_integration_fapi_unseal_persistent_fint_CFLAGS  = $(TESTS_CFLAGS) \
+ -DPERSISTENT
+test_integration_fapi_unseal_persistent_fint_LDADD   = $(TESTS_LDADD)
+test_integration_fapi_unseal_persistent_fint_LDFLAGS = $(TESTS_LDFLAGS)
+test_integration_fapi_unseal_persistent_fint_SOURCES = \
+    test/integration/fapi-unseal.int.c \
+    test/integration/main-fapi.c test/integration/test-fapi.h
+
+
 test_integration_fapi_provision_fingerprint_fint_CFLAGS  = $(TESTS_CFLAGS) \
  -DFAPI_TEST_FINGERPRINT  -DFAPI_PROFILE=\"P_RSA\"
 test_integration_fapi_provision_fingerprint_fint_LDADD   = $(TESTS_LDADD)

diff --git a/test/integration/fapi-data-crypt.int.c b/test/integration/fapi-data-crypt.int.c
@@ -241,8 +241,13 @@ test_fapi_data_crypt(FAPI_CONTEXT *context)
     r = Fapi_Import(context, policy_name, json_policy);
     goto_if_error(r, "Error Fapi_Import", error);
 
+#ifdef PERSISTENT
+    r = Fapi_CreateKey(context, "HS/SRK/myRsaCryptKey", "decrypt,0x81000004",
+                       policy_name, NULL);
+#else
     r = Fapi_CreateKey(context, "HS/SRK/myRsaCryptKey", "decrypt",
                        policy_name, NULL);
+#endif
     goto_if_error(r, "Error Fapi_CreateKey", error);
 
     uint8_t  plainText[SIZE];

diff --git a/test/integration/fapi-key-create-sign.int.c b/test/integration/fapi-key-create-sign.int.c
@@ -121,8 +121,13 @@ test_fapi_key_create_sign(FAPI_CONTEXT *context)
     r = Fapi_SetAuthCB(context, auth_callback, NULL);
     goto_if_error(r, "Error SetPolicyAuthCallback", error);
 
-    r = Fapi_CreateKey(context, "HS/SRK/mySignKey", SIGN_TEMPLATE, "",
+#ifdef PERSISTENT
+    r = Fapi_CreateKey(context, "HS/SRK/mySignKey", SIGN_TEMPLATE ",0x81000004", "",
                        PASSWORD);
+#else
+    r = Fapi_CreateKey(context, "HS/SRK/mySignKey", SIGN_TEMPLATE "", "",
+                       PASSWORD);
+#endif
     goto_if_error(r, "Error Fapi_CreateKey_Async", error);
 
     goto_if_error(r, "Error Fapi_CreateKey_Finish", error);

diff --git a/test/integration/fapi-unseal.int.c b/test/integration/fapi-unseal.int.c
@@ -10,7 +10,7 @@
 
 #include <stdlib.h>
 #include <string.h>
-
+#include "tss2_esys.h"
 #include "tss2_fapi.h"
 
 #include "test-fapi.h"
@@ -49,9 +49,15 @@ test_fapi_unseal(FAPI_CONTEXT *context)
     r = Fapi_Provision(context, NULL, NULL, NULL);
     goto_if_error(r, "Error Fapi_Provision", error);
 
-    r = Fapi_CreateSeal(context, "/HS/SRK/mySealObject", "noDa",
+#ifdef PERSISTENT
+    r = Fapi_CreateSeal(context, "/HS/SRK/mySealObject", "noDa,0x81000004",
+                        digest.size,
+                        "", "",  &digest.buffer[0]);
+#else
+    r = Fapi_CreateSeal(context, "/HS/SRK/mySealObject", "noDa,0x81000004",
                         digest.size,
                         "", "",  &digest.buffer[0]);
+#endif
     goto_if_error(r, "Error Fapi_CreateSeal", error);
 
     r = Fapi_Unseal(context, "/HS/SRK/mySealObject", &result,