.TH "EsysTestgroup" 3 "Fri Oct 7 2022" "Version 3.2.0" "tpm2-tss" \" -*- nroff -*- .ad l .nh .SH NAME EsysTestgroup \- For every integration test a function with a name corresponding to the name of the source code file of the test is created: test_esys_(ESYS_CONTEXT * esys_context)\&. This function is called by the standard function test_invoke_esapi in every integration test\&. .SH SYNOPSIS .br .PP .in +1c .ti -1c .RI "int \fBtest_esys_evict_control_serialization\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_lock\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_get_capability\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_zgen_2phase\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_verify_signature\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_import\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_regression\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_authorize_nv_opt\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_physical_presence_opt\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_template_opt\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_ticket\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_change_eps\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_nv_undefine_special\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_create_fail\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_testparms\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_create_password_auth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_stir_random\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_clockset\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_clear_control\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_nv_ram_extend_index\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_save_and_load_context\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_encrypt_decrypt\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_createloaded\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_audit\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_password\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_tpm_tests\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_certify\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_pcr_basic\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_quote\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_tr_getName_hierarchy\fP (\fBESYS_CONTEXT\fP *ectx)" .br .ti -1c .RI "int \fBtest_esys_field_upgrade\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_unseal_password_auth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_nv_ram_set_bits\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_nv_certify\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_ecdh_keygen\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_tr_fromTpmPublic_key\fP (\fBESYS_CONTEXT\fP *ectx)" .br .ti -1c .RI "int \fBtest_esys_ecdh_zgen\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_certify_creation\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_nv_ram_counter\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_event_sequence_complete\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_create_session_auth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_tr_fromTpmPublic_nv\fP (\fBESYS_CONTEXT\fP *ectx)" .br .ti -1c .RI "int \fBtest_esys_create_primary_hmac\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_firmware_read\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_hmacsequencestart\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_hmac\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_ecc_parameters\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_hierarchychangeauth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_pcr_auth_value\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_nv_ram_ordinary_index\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_duplicate\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_rsa_encrypt_decrypt\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_set_algorithm_set\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_object_changeauth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_pp_commands\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_clear\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_authorize\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_get_time\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_make_credential\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_commit\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .ti -1c .RI "int \fBtest_esys_policy_nv_changeauth\fP (\fBESYS_CONTEXT\fP *esys_context)" .br .in -1c .SH "Detailed Description" .PP For every integration test a function with a name corresponding to the name of the source code file of the test is created: test_esys_(ESYS_CONTEXT * esys_context)\&. This function is called by the standard function test_invoke_esapi in every integration test\&. For some tests different test cases can be created with compiler defines to avoid duplicate code in different test cases\&.The following defines are used and listed in the function's documentation if used: .IP "\(bu" 2 TEST_ECC Create an ECC key instead of an RSA key\&. .IP "\(bu" 2 TEST_SESSION Use session authentication instead of password authentication\&. .IP "\(bu" 2 TEST_READ_LOCK Activate test of Esys_NV_ReadLock\&. .IP "\(bu" 2 TEST_WRITE_LOCK Activate test of Esys_NV_WriteLock\&. .IP "\(bu" 2 TEST_XOR_OBFUSCATION Use xor obfuscation for parameter encryption\&. .IP "\(bu" 2 TEST_AES_ENCRYPTION Use AES for parameter encryption\&. .IP "\(bu" 2 TEST_BOUND_SESSION Run test with a bound session\&. .PP .PP The ESAPI command calls which are used in a test are listed in the function's documentation and are marked according to the PC Client Profile Revision 01\&.03 v22: .IP "\(bu" 2 (M) Mandatory .IP "\(bu" 2 (O) Optional .IP "\(bu" 2 (F) Commands added after TPM Specification Rev\&. 1\&.16 is integrated\&. .PP .SH "Function Documentation" .PP .SS "test_esys_audit (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS audit commands\&. .PP First a key for signing the audit digest is computed\&. A audit session is started, and for the command GetCapability the command audit digest and the session audit digest is computed\&. (Esys_GetCommandAuditDigest, Esys_GetSessionAuditDigest)\&. In the last test the audit hash alg is changed with Esys_SetCommandCodeAuditStatus\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_GetCapability()\fP (M) .IP "\(bu" 2 \fBEsys_GetCommandAuditDigest()\fP (O) .IP "\(bu" 2 \fBEsys_GetSessionAuditDigest()\fP (M) .IP "\(bu" 2 \fBEsys_SetCommandCodeAuditStatus()\fP (O) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_certify (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the command Esys_Certify\&. .PP We create a RSA primary signing key which will be used as signing key and as object for the certify command\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Certify()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_certify_creation (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the command Esys_CertifyCreation\&. .PP We create a RSA primary signing key which will be used as signing key and as object for the certify creation\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CertifyCreation()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_change_eps (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_ChangeEPS\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ChangeEPS()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_clear (\fBESYS_CONTEXT\fP * esys_context)" Test of the ESYS function Esys_Clear\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Clear()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_clear_control (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_ClearControl\&. .PP The clear command will be disabled and with Esys_Clear it will be checked whether clear is disabled\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Clear()\fP (M) .IP "\(bu" 2 \fBEsys_ClearControl()\fP (M) .PP .PP *\fBNote:\fP platform authorization needed\&. .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_clockset (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_ClockSet and Esys_ReadClock\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ClockRateAdjust()\fP (M) .IP "\(bu" 2 \fBEsys_ClockSet()\fP (M) .IP "\(bu" 2 \fBEsys_ReadClock()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_commit (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test Esys_Commit\&. based on an ECC key created with Esys_CreatePrimary Esys_Commit is called with a point from the primary key\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Commit()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_create_fail (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test password authentication\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. Based in the primary several calls with NULL parameters, which should not be allowed, will be tested\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .PP .PP Used compiler defines: TEST_ECC .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_create_password_auth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test password authentication for the ESYS command Create\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. Based in the primary a second key with an password define in the sensitive area will be created\&. This key will be loaded and will be used as parent to create a third key\&. Password authentication will be used to create this key\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .PP .PP Used compiler defines: TEST_ECC .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_create_primary_hmac (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test Esys_CreatePrimary with hmac verification\&. .PP The test can be executed with RSA or ECC keys\&. ECC will be used if ECC is defined\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_ECC .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_create_session_auth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test parameter encryption/decryption, session management, hmac computation, and session key generation\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. The primary key will be used as tpmKey for Esys_StartAuthSession\&. Parameter encryption and decryption will be activated for the session\&. The session will be used to Create a second key by Eys_Create (with password) This key will be Loaded to and a third key will be created with the second key as parent key (Esys_Create)\&. The type of encryptin can be selected by the compiler variables (-D option): TEST_XOR_OBFUSCATION or TEST_AES_ENCRYPTION\&. Secret exchange with a ECC key can be activated with the compiler variable -D TEST_ECC\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ContextLoad()\fP (M) .IP "\(bu" 2 \fBEsys_ContextSave()\fP (M) .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_ECC, TEST_AES_ENCRYPTION, TEST_BOUND_SESSION TEST_XOR_OBFUSCATION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_createloaded (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS command CreateLoaded\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. This primary key will be used as parent key for CreateLoaded\&. .PP Tested ESYS commands: .IP "\(bu" 2 Esys_CreateLoaded() (F) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .IP "\(bu" 2 \fBEsys_TR_GetName()\fP (M) .IP "\(bu" 2 Esys_TR_ReadPublic() (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_duplicate (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS commands Duplicate and Rewrap\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. This primary key will be used as parent key for the Duplicate command\&. A second primary key will be the parent key of the duplicated key\&. In the last step the key is rewrapped with the first primary key as parent key\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_Duplicate()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyAuthValue()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyCommandCode()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_Rewrap()\fP (O) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_ecc_parameters (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_ECC_Parameters\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ECC_Parameters()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_ecdh_keygen (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test Esys_ECDH_KeyGen based on an ECC key created with Esys_CreatePrimary\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_ECDH_KeyGen()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_ecdh_zgen (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test Esys_ECDH_ZGen\&. based on an ECC key created with Esys_CreatePrimary and a dummy ECC point\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_ECDH_ZGen()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_encrypt_decrypt (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS function Esys_EncryptDecrypt\&. .PP First a primary key is generated\&. This key will be uses as parent fo a symmetric key, which will be used to encrypt and decrypt a tpm2b\&. The result will be compared\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_EncryptDecrypt()\fP (O) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_event_sequence_complete (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS commands HashSequenceStart, SequenceUpdate, and EventSequenceComplete\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_EventSequenceComplete()\fP (M) .IP "\(bu" 2 \fBEsys_HashSequenceStart()\fP (M) .IP "\(bu" 2 \fBEsys_SequenceUpdate()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP < enforce event Sequence .SS "test_esys_evict_control_serialization (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test EvictControl and ESYS Serialization\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. Based on this key a persistent object is created (Esys_EvictControl)\&. The resource of this object will be serialized and deserialized with the corresponding ESYS functions (Esys_TR_Serialize, Esys_TR_Deserialize)\&. To check whether the deserialization was successful a new object will be created with the handle returned by the deserialize function\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_EvictControl()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_field_upgrade (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_FieldUpgradeStart and Esys_FieldUpgradeData\&. .PP Tested ESYS commands: .IP "\(bu" 2 Esys_FieldUpgradeData() (O) .IP "\(bu" 2 Esys_FieldUpgradeStart() (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_firmware_read (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_FirmwareRead\&. .PP Tested ESYS commands: .IP "\(bu" 2 Esys_FirmwareRead() (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_get_capability (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS get capability command\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_GetCapability()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_get_time (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the GetTime command with password authentication\&. .PP We create a RSA primary signing key which will be used for signing\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_GetTime()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_hierarchychangeauth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the change of an authorization value of a hierarchy\&. .PP To check whether the change was successful a primary key is created with the handle of this hierarchy and the new authorization\&. Also second primary is created after a call of Esys_TR_SetAuth with the new auth value\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_HierarchyChangeAuth()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_hmac (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS command Esys_HMAC with password authentication\&. .PP We create a symmetric HMAC key signing key which will be used for signing\&. This key will be used to create the HMAC for a test buffer\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_HMAC()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_hmacsequencestart (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS commands: HMAC_Start, SequenceUpdate, and SequenceComplete\&. .PP The HMAC key is created by using Esys_CreatePrimary\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_HMAC_Start()\fP (M) .IP "\(bu" 2 Esys_SequenceComplete() (M) .IP "\(bu" 2 \fBEsys_SequenceUpdate()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_import (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS commands Duplicate and Import\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. This primary key will be used as parent key for the Duplicate command\&. A second primary key will be the parent key of the duplicated key\&. In the last step the key is imported with the first primary key as parent key (Esys_Import)\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_Duplicate()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Import()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyAuthValue()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyCommandCode()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_lock (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS functions related to TPM locks\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_DictionaryAttackLockReset()\fP (M) .IP "\(bu" 2 \fBEsys_DictionaryAttackParameters()\fP (M) .IP "\(bu" 2 \fBEsys_NV_GlobalWriteLock()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_make_credential (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the function Esys_MakeCredential We start by creating a primary key (Esys_CreatePrimary)\&. .PP Based in the primary a second key will be created\&. The public part of the key will be loaded by the function Esys_LoadExternal\&. A credential will be encrypted with this key with the command Esys_MakeCredential\&. The credential will be activated with Esys_ActivateCredential\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ActivateCredential()\fP (M) .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 Esys_LoadExternal() (M) .IP "\(bu" 2 \fBEsys_MakeCredential()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_nv_certify (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the command Esys_NV_Certify\&. .PP We create a RSA primary signing key which will be used as signing key for the NV data\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Certify()\fP (O) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Write()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_nv_ram_counter (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the definition of a counter in NV ram and to test the ESYS NV_Increment function\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Increment()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Read()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_nv_ram_extend_index (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS nv define space, nv extend, and nv read command\&. The names stored in the ESYS resource are compared with the names delivered from the TPM by the command ReadPublic\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Extend()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Read()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_nv_ram_ordinary_index (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS commands nv define space, nv write, nv read command, nv lock write and nv lock read, and nv undefine\&. .PP The names stored in the ESYS resource are compared with the names delivered from the TPM by the command ReadPublic\&. only one of the tests NV_ReadLock and NV_WriteLock can be activated by the defines TEST_READ_LOCK and TEST_WRITE_LOCK (-D option) .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Read()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadLock()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Write()\fP (M) .IP "\(bu" 2 \fBEsys_NV_WriteLock()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_READ_LOCK TEST_SESSION TEST_WRITE_LOCK .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_nv_ram_set_bits (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the definition of a bit field in NV ram and to test the ESYS NV_SetBits function\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_Read()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_NV_SetBits()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP Used compiler defines: TEST_SESSION .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_object_changeauth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS command ObjectChangeAuth\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. The auth value for this primary will be changed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 \fBEsys_ObjectChangeAuth()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_pcr_auth_value (\fBESYS_CONTEXT\fP * esys_context)" Test the commands Esys_PCR_SetAuthValue and Esys_PCR_SetAuthPolicy\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_PCR_SetAuthPolicy()\fP (O) .IP "\(bu" 2 \fBEsys_PCR_SetAuthValue()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_pcr_basic (\fBESYS_CONTEXT\fP * esys_context)" Test the basic commands for PCR processing\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_PCR_Allocate()\fP (M) .IP "\(bu" 2 \fBEsys_PCR_Event()\fP (M) .IP "\(bu" 2 \fBEsys_PCR_Extend()\fP (M) .IP "\(bu" 2 \fBEsys_PCR_Read()\fP (M) .IP "\(bu" 2 \fBEsys_PCR_Reset()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_authorize (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy authorization\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyAuthorize()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_authorize_nv_opt (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy commands, not tested in other test cases\&. When possoble the commands are tested with a trial session and the policy digest is compared with the expected digest\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 Esys_PolicyAuthorizeNV() (F) .IP "\(bu" 2 \fBEsys_PolicyNV()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_nv_changeauth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS commands PolicyAuthValue, PolicyCommandCode, Esys_PolicyGetDigest, and NV_ChangeAuth\&. .PP First in a trial session the policy value to ensure that the auth value is included in the policy session used for NV_ChangeAuth is computed\&. A NV ram space with this policy is defined afterwards\&. With a real policy session the auth value of this NV ram space will be changed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ChangeAuth()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyAuthValue()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyCommandCode()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_nv_undefine_special (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS command Esys_NV_UndefineSpaceSpecial, The NV space attributes TPMA_NV_PLATFORMCREATE and TPMA_NV_POLICY_DELETE have to be set\&. .PP A policy has to be defined for the command UndefineSpaceSpecial\&. The special handling whether the auth value is not used in the HMAC response verification will be checked\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpaceSpecial()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyAuthValue()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyCommandCode()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP < Undefine will only possible with policy .SS "test_esys_policy_password (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS command PolicyPassword\&. .PP First in a trial session the policy value to ensure that auth value is included in the policy session used for authorization is computed\&. We start by creating a primary key (Esys_CreatePrimary) with this policy value and a certain authorization\&. Than a second key it created with a PoliyPassword policy session\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyPassword()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_physical_presence_opt (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy commands, not tested in other test cases\&. When possoble the commands are tested with a trial session and the policy digest is compared with the expected digest\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_PolicyPhysicalPresence()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_regression (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy commands, not tested in other test cases\&. When possoble the commands are tested with a trial session and the policy digest is compared with the expected digest\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyCounterTimer()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyDuplicationSelect()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyGetDigest()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyNV()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyNameHash()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyNvWritten()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyOR()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyPCR()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyPhysicalPresence()\fP (O) .IP "\(bu" 2 \fBEsys_PolicyRestart()\fP (M) .IP "\(bu" 2 \fBEsys_SetPrimaryPolicy()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_template_opt (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy commands, not tested in other test cases\&. When possoble the commands are tested with a trial session and the policy digest is compared with the expected digest\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 Esys_PolicyTemplate() (F) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_policy_ticket (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS policy commands related to signed authorization actions\&. .PP Esys_PolicySigned, Esys_PolicyTicket, and Esys_PolicySecret\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_HashSequenceStart()\fP (M) .IP "\(bu" 2 \fBEsys_PolicySecret()\fP (M) .IP "\(bu" 2 \fBEsys_PolicySigned()\fP (M) .IP "\(bu" 2 \fBEsys_PolicyTicket()\fP (O) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 Esys_SequenceComplete() (M) .IP "\(bu" 2 \fBEsys_SequenceUpdate()\fP (M) .IP "\(bu" 2 \fBEsys_Sign()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_pp_commands (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_PP_Commands\&. .PP If the test requires physical presence, the test is skipped\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_PP_Commands()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_quote (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the quote command with password authentication\&. .PP We create a RSA primary signing key which will be used for signing\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Quote()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_rsa_encrypt_decrypt (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test RSA encryption / decryption\&. with password authentication\&. We create a RSA primary key (Esys_CreatePrimary) for every crypto action This key will be used for encryption/decryption in with the schemes: TPM2_ALG_NULL, TPM2_ALG_RSAES, and TPM2_ALG_OAEP .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_RSA_Decrypt()\fP (M) .IP "\(bu" 2 \fBEsys_RSA_Encrypt()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_save_and_load_context (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test context save and load\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. Based in the primary a second key with an password define in the sensitive area will be created\&. This key will be loaded and saved with the ContextSave command\&. After the key is flushed the key will be loaded again with ContextLoad and will be used to create a third key .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_ContextLoad()\fP (M) .IP "\(bu" 2 \fBEsys_ContextSave()\fP (M) .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .PP .PP Used compiler defines: TEST_ECC .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_set_algorithm_set (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_SetAlgorithmSet\&. .PP \fBNote:\fP platform authorization needed\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_SetAlgorithmSet()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_stir_random (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_StirRandom\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_StirRandom()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_testparms (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS function Esys_TestParms\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_TestParms()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_tpm_tests (\fBESYS_CONTEXT\fP * esys_context)" Test the ESYS functions for TPM tests\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_GetTestResult()\fP (M) .IP "\(bu" 2 \fBEsys_IncrementalSelfTest()\fP (M) .IP "\(bu" 2 \fBEsys_SelfTest()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_tr_fromTpmPublic_key (\fBESYS_CONTEXT\fP * ectx)" This tests the Esys_TR_FromTPMPublic and Esys_TR_GetName functions by creating an NV Index and then attempting to retrieve an ESYS_TR object for it\&. Then we call Esys_TR_GetName to see if the correct public name has been retrieved\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_EvictControl()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIectx\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_tr_fromTpmPublic_nv (\fBESYS_CONTEXT\fP * ectx)" This tests the Esys_TR_FromTPMPublic and Esys_TR_GetName functions by creating an NV Index and then attempting to retrieve an ESYS_TR object for it\&. Then we call Esys_TR_GetName to see if the correct public name has been retrieved\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_NV_DefineSpace()\fP (M) .IP "\(bu" 2 \fBEsys_NV_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_NV_UndefineSpace()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIectx\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_tr_getName_hierarchy (\fBESYS_CONTEXT\fP * ectx)" This tests the Esys_TR_FromTPMPublic and Esys_TR_GetName functions by creating an NV Index and then attempting to retrieve an ESYS_TR object for it\&. Then we call Esys_TR_GetName to see if the correct public name has been retrieved\&. .PP Tested ESYS commands: .PP \fBParameters:\fP .RS 4 \fIectx\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_unseal_password_auth (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the unseal operation for the ESYS command Unseal\&. .PP We start by creating a primary key (Esys_CreatePrimary)\&. Based on the primary key a second key with a password and the to be sealed data defined in the sensitive area will be created (Esys_Create)\&. This key will be loaded and the unseal command (Esys_Unseal) will be used to retrieve the sealed data\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_Create()\fP (M) .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_Load()\fP (M) .IP "\(bu" 2 \fBEsys_Unseal()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_verify_signature (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test the ESYS signing and signature verification\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_ReadPublic()\fP (M) .IP "\(bu" 2 \fBEsys_Sign()\fP (M) .IP "\(bu" 2 \fBEsys_VerifySignature()\fP (M) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SS "test_esys_zgen_2phase (\fBESYS_CONTEXT\fP * esys_context)" This test is intended to test Esys_ECDH_ZGen\&. .PP The test is based on an ECC key created with Esys_CreatePrimary and data produced by the command Esys_EC_Ephemeral\&. .PP Tested ESYS commands: .IP "\(bu" 2 \fBEsys_CreatePrimary()\fP (M) .IP "\(bu" 2 \fBEsys_ECDH_ZGen()\fP (M) .IP "\(bu" 2 \fBEsys_EC_Ephemeral()\fP (F) .IP "\(bu" 2 \fBEsys_FlushContext()\fP (M) .IP "\(bu" 2 \fBEsys_StartAuthSession()\fP (M) .IP "\(bu" 2 \fBEsys_ZGen_2Phase()\fP (O) .PP .PP \fBParameters:\fP .RS 4 \fIesys_context\fP The \fBESYS_CONTEXT\fP\&. .RE .PP \fBReturn values:\fP .RS 4 \fIEXIT_FAILURE\fP .br \fIEXIT_SKIP\fP .br \fIEXIT_SUCCESS\fP .RE .PP .SH "Author" .PP Generated automatically by Doxygen for tpm2-tss from the source code\&.