Skip to content

Commit

Permalink
FAPI: Fix tests with physical TPM using SHA384.
Browse files Browse the repository at this point in the history
Several tests failed when sha384 was nor available on
the TPM. SHA384 is removed from tests and profiles which
are executed as default. SHA384 was not removed from
the SHA384 profiles which have to be explicitly configured
if the tests are executed with a physical TPM.

Signed-off-by: Juergen Repp <juergen_repp@web.de>
  • Loading branch information
JuergenReppSIT committed Jul 23, 2024
1 parent 792b033 commit c67053e
Show file tree
Hide file tree
Showing 12 changed files with 9 additions and 33 deletions.
3 changes: 0 additions & 3 deletions test/data/fapi/P_ECC.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_ECC_error.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_ECC_sh_eh_policy.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ],
}
],
"curveID": "TPM2_ECC_NIST_P256",
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_RSA.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_RSA2.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_RSA256.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
3 changes: 0 additions & 3 deletions test/data/fapi/P_RSA_nameAlg_sha1.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
],
"exponent": 0,
Expand Down
5 changes: 1 addition & 4 deletions test/data/fapi/P_RSA_sh_policy.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,7 @@
"pcr_selection": [
{ "hash": "TPM2_ALG_SHA256",
"pcrSelect": [ 8, 9 , 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
},
{ "hash": "TPM2_ALG_SHA384",
"pcrSelect": [ ]
}
}
],
"exponent": 0,
"keyBits": 2048,
Expand Down
2 changes: 1 addition & 1 deletion test/data/fapi/policy/pol_signed.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"publicKeyHint": "Test key hint",
// private key: test/data/fapi/policy/rsa2.pem
"keyPEM": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGL6IrCSAznmIIzBessI\nmW7tPOUy78uWTIaub32KnYHn78KXprrZ3ykp6WDrOQeMjv4AA+14mJbg77apVYXy\nEnkFdOMa1hszSJnp6cJvx7ILngLvFUxzbVki\/ehvgS3nRk67Njal+nMTe8hpe3UK\nQeV\/Ij+F0r6Yz91W+4LPmncAiUesRZLetI2BZsKwHYRMznmpIYpoua1NtS8QpEXR\nMmsUue19eS\/XRAPmmCfnb5BX2Tn06iCpk6wO+RfMo9etcX5cLSAuIYEQYCvV2\/0X\nTfEw607vttBN0Y54LrVOKno1vRXd5sxyRlfB0WL42F4VG5TfcJo5u1Xq7k9m9K57\n8wIDAQAB\n-----END PUBLIC KEY-----\n",
"keyPEMhashAlg": "SHA384"
"keyPEMhashAlg": "SHA256"
}
]
}
2 changes: 1 addition & 1 deletion test/data/fapi/policy/pol_signed_ecc.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"type": "POLICYSIGNED",
// private key: test/data/fapi/policy/ecc.pem
"keyPEM": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoJTa3zftdAzHC96IjpqQ/dnLm+p7\npEiLMi03Jd0oP0aYnnXFjolzIB/dBZ/t+BLh0PwLM5aAM/jugeLkHgpIyQ==\n-----END PUBLIC KEY-----\n",
"keyPEMhashAlg": "SHA384"
"keyPEMhashAlg": "SHA256"
}
]
}
6 changes: 3 additions & 3 deletions test/integration/fapi-data-crypt.int.c
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,8 @@ signatureCallback(
return TSS2_FAPI_RC_GENERAL_FAILURE;
}

if (hashAlg != TPM2_ALG_SHA384) {
LOG_ERROR("hashAlg is not correct, %u != %u", hashAlg, TPM2_ALG_SHA384);
if (hashAlg != TPM2_ALG_SHA256) {
LOG_ERROR("hashAlg is not correct, %u != %u", hashAlg, TPM2_ALG_SHA256);
return TSS2_FAPI_RC_GENERAL_FAILURE;
}

Expand All @@ -121,7 +121,7 @@ signatureCallback(
EVP_MD_CTX *mdctx =NULL;
EVP_PKEY_CTX *pctx = NULL;

const EVP_MD *ossl_hash = EVP_sha384();
const EVP_MD *ossl_hash = EVP_sha256();
chknull(ossl_hash);

LOGBLOB_DEBUG(dataToSign, dataToSignSize, "Data to be signed");
Expand Down
6 changes: 3 additions & 3 deletions test/integration/fapi-key-create-policy-signed.int.c
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,8 @@ signatureCallback(
return TSS2_FAPI_RC_GENERAL_FAILURE;
}

if (hashAlg != TPM2_ALG_SHA384) {
LOG_ERROR("hashAlg is not correct, %u != %u", hashAlg, TPM2_ALG_SHA384);
if (hashAlg != TPM2_ALG_SHA256) {
LOG_ERROR("hashAlg is not correct, %u != %u", hashAlg, TPM2_ALG_SHA256);
return TSS2_FAPI_RC_GENERAL_FAILURE;
}

Expand All @@ -134,7 +134,7 @@ signatureCallback(
EVP_MD_CTX *mdctx = NULL;
EVP_PKEY_CTX *pctx = NULL;

const EVP_MD *ossl_hash = EVP_sha384();
const EVP_MD *ossl_hash = EVP_sha256();
chknull(ossl_hash);

LOGBLOB_DEBUG(dataToSign, dataToSignSize, "Data to be signed");
Expand Down

0 comments on commit c67053e

Please sign in to comment.