1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <string> 18 19 #include <gtest/gtest.h> 20 21 #include "trunks/password_authorization_delegate.h" 22 23 namespace trunks { 24 25 // This test looks at initialization of the delegate with no password. 26 // It should initailize with a zero length internal password buffer. 27 TEST(PasswordAuthorizationDelegateTest, NullInitialization) { 28 PasswordAuthorizationDelegate delegate(""); 29 EXPECT_EQ(delegate.password_.size, 0); 30 } 31 32 // This test checks the generation of an authorization structure by the 33 // delegate. It compared the serialized structure generated by the delegate 34 // to the expected authorization string. 35 TEST(PasswordAuthorizationDelegateTest, SerializationTest) { 36 std::string expected_auth("\x40\x00\x00\x09" // session_handle = TPM_RS_PW 37 "\x00\x00" // nonce = zero length buffer 38 "\x01" // session_attributes = continueSession 39 "\x00\x06" // password length 40 "secret", // password 41 15); 42 PasswordAuthorizationDelegate delegate("secret"); 43 std::string authorization; 44 std::string command_hash; 45 bool authorization_result = delegate.GetCommandAuthorization(command_hash, 46 false, false, 47 &authorization); 48 EXPECT_EQ(authorization_result, true); 49 EXPECT_EQ(authorization.length(), expected_auth.length()); 50 EXPECT_EQ(expected_auth.compare(authorization), 0); 51 } 52 53 // This test looks at the delegate's ability to parse and check authorization 54 // responses when the response is well formed. 55 TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) { 56 std::string auth_response("\x00\x00" // nonceTpm = zero length buffer 57 "\x01" // session_attributes = continueSession 58 "\x00\x00", // hmac = zero length buffer 59 5); 60 PasswordAuthorizationDelegate delegate("secret"); 61 std::string response_hash; 62 bool authorization_result = delegate.CheckResponseAuthorization( 63 response_hash, 64 auth_response); 65 EXPECT_EQ(authorization_result, true); 66 } 67 68 // This test checks the delegate's ability to correctly identify an incorrect 69 // authorization response. 70 TEST(PasswordAuthorizationDelegateTest, ParseBadParams) { 71 std::string auth_response("\x00\x00" // nonceTpm = zero length buffer 72 "\x01" // session_attributes = continueSession 73 "\x00\x06" // password length 74 "secret", // password 75 11); 76 PasswordAuthorizationDelegate delegate("secret"); 77 std::string response_hash; 78 bool authorization_result = delegate.CheckResponseAuthorization( 79 response_hash, 80 auth_response); 81 EXPECT_EQ(authorization_result, false); 82 } 83 84 // This test confirms that after encrypting and decrypting a parameter, 85 // we get the original parameter back. 86 TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) { 87 PasswordAuthorizationDelegate delegate("secret"); 88 std::string plaintext_parameter("parameter"); 89 std::string encrypted_parameter(plaintext_parameter); 90 ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 91 delegate.EncryptCommandParameter(&encrypted_parameter); 92 delegate.DecryptResponseParameter(&encrypted_parameter); 93 EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 94 } 95 96 } // namespace trunks 97
