1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <base/stl_util.h> 18 #include <crypto/sha2.h> 19 #include <gmock/gmock.h> 20 #include <gtest/gtest.h> 21 #include <openssl/aes.h> 22 23 #include "trunks/error_codes.h" 24 #include "trunks/hmac_authorization_delegate.h" 25 #include "trunks/mock_authorization_delegate.h" 26 #include "trunks/mock_blob_parser.h" 27 #include "trunks/mock_hmac_session.h" 28 #include "trunks/mock_policy_session.h" 29 #include "trunks/mock_tpm.h" 30 #include "trunks/mock_tpm_state.h" 31 #include "trunks/tpm_constants.h" 32 #include "trunks/tpm_utility_impl.h" 33 #include "trunks/trunks_factory_for_test.h" 34 35 using testing::_; 36 using testing::DoAll; 37 using testing::NiceMock; 38 using testing::Return; 39 using testing::SaveArg; 40 using testing::SetArgPointee; 41 42 namespace trunks { 43 44 // A test fixture for TpmUtility tests. 45 class TpmUtilityTest : public testing::Test { 46 public: 47 TpmUtilityTest() : utility_(factory_) {} 48 ~TpmUtilityTest() override {} 49 void SetUp() override { 50 factory_.set_blob_parser(&mock_blob_parser_); 51 factory_.set_tpm_state(&mock_tpm_state_); 52 factory_.set_tpm(&mock_tpm_); 53 factory_.set_hmac_session(&mock_hmac_session_); 54 factory_.set_policy_session(&mock_policy_session_); 55 } 56 57 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area, 58 std::string* object_name) { 59 return utility_.ComputeKeyName(public_area, object_name); 60 } 61 62 void SetNVRAMMap(uint32_t index, 63 const TPMS_NV_PUBLIC& public_area) { 64 utility_.nvram_public_area_map_[index] = public_area; 65 } 66 67 TPM_RC GetNVRAMMap(uint32_t index, 68 TPMS_NV_PUBLIC* public_area) { 69 auto it = utility_.nvram_public_area_map_.find(index); 70 if (it == utility_.nvram_public_area_map_.end()) { 71 return TPM_RC_FAILURE; 72 } 73 *public_area = it->second; 74 return TPM_RC_SUCCESS; 75 } 76 77 TPM_RC SetKnownOwnerPassword(const std::string& owner_password) { 78 return utility_.SetKnownOwnerPassword(owner_password); 79 } 80 81 TPM_RC CreateStorageRootKeys(const std::string& owner_password) { 82 return utility_.CreateStorageRootKeys(owner_password); 83 } 84 85 TPM_RC CreateSaltingKey(const std::string& owner_password) { 86 return utility_.CreateSaltingKey(owner_password); 87 } 88 89 void SetExistingKeyHandleExpectation(TPM_HANDLE handle) { 90 TPMS_CAPABILITY_DATA capability_data = {}; 91 TPML_HANDLE& handles = capability_data.data.handles; 92 handles.count = 1; 93 handles.handle[0] = handle; 94 EXPECT_CALL(mock_tpm_, 95 GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _)) 96 .WillRepeatedly( 97 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 98 } 99 100 void PopulatePCRSelection(bool has_sha1_pcrs, 101 bool make_sha1_bank_empty, 102 bool has_sha256_pcrs, 103 TPML_PCR_SELECTION* pcrs) { 104 memset(pcrs, 0, sizeof(TPML_PCR_SELECTION)); 105 // By convention fill SHA-256 first. This is a bit brittle because order is 106 // not important but it simplifies comparison to memcmp. 107 if (has_sha256_pcrs) { 108 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256; 109 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 110 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 111 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 112 } 113 ++pcrs->count; 114 } 115 if (has_sha1_pcrs) { 116 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1; 117 if (make_sha1_bank_empty) { 118 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX; 119 } else { 120 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 121 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 122 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 123 } 124 } 125 ++pcrs->count; 126 } 127 } 128 129 void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) { 130 TPMS_CAPABILITY_DATA capability_data = {}; 131 TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr; 132 PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs); 133 EXPECT_CALL(mock_tpm_, 134 GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _)) 135 .WillRepeatedly( 136 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 137 } 138 139 protected: 140 TrunksFactoryForTest factory_; 141 NiceMock<MockBlobParser> mock_blob_parser_; 142 NiceMock<MockTpmState> mock_tpm_state_; 143 NiceMock<MockTpm> mock_tpm_; 144 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_; 145 NiceMock<MockHmacSession> mock_hmac_session_; 146 NiceMock<MockPolicySession> mock_policy_session_; 147 TpmUtilityImpl utility_; 148 }; 149 150 TEST_F(TpmUtilityTest, StartupSuccess) { 151 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 152 } 153 154 TEST_F(TpmUtilityTest, StartupAlreadyStarted) { 155 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 156 .WillRepeatedly(Return(TPM_RC_INITIALIZE)); 157 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 158 } 159 160 TEST_F(TpmUtilityTest, StartupFailure) { 161 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 162 .WillRepeatedly(Return(TPM_RC_FAILURE)); 163 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 164 } 165 166 TEST_F(TpmUtilityTest, StartupSelfTestFailure) { 167 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _)) 168 .WillRepeatedly(Return(TPM_RC_FAILURE)); 169 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 170 } 171 172 TEST_F(TpmUtilityTest, ClearSuccess) { 173 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 174 } 175 176 TEST_F(TpmUtilityTest, ClearAfterBadInit) { 177 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 178 .WillOnce(Return(TPM_RC_AUTH_MISSING)) 179 .WillOnce(Return(TPM_RC_SUCCESS)); 180 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 181 } 182 183 TEST_F(TpmUtilityTest, ClearFail) { 184 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 185 .WillOnce(Return(TPM_RC_FAILURE)); 186 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear()); 187 } 188 189 TEST_F(TpmUtilityTest, ShutdownTest) { 190 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _)); 191 utility_.Shutdown(); 192 } 193 194 TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) { 195 SetExistingPCRSExpectation(false, true); 196 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 197 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 198 } 199 200 TEST_F(TpmUtilityTest, InitializeTpmSuccess) { 201 SetExistingPCRSExpectation(false, true); 202 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 203 } 204 205 TEST_F(TpmUtilityTest, InitializeTpmBadAuth) { 206 SetExistingPCRSExpectation(false, true); 207 // Reject attempts to set platform auth. 208 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _)) 209 .WillRepeatedly(Return(TPM_RC_FAILURE)); 210 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 211 } 212 213 TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) { 214 SetExistingPCRSExpectation(false, true); 215 // Reject attempts to disable the platform hierarchy. 216 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _)) 217 .WillRepeatedly(Return(TPM_RC_FAILURE)); 218 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 219 } 220 221 TEST_F(TpmUtilityTest, AllocatePCRFromNone) { 222 SetExistingPCRSExpectation(false, false); 223 TPML_PCR_SELECTION new_pcr_allocation; 224 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 225 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), 226 SetArgPointee<3>(YES), 227 Return(TPM_RC_SUCCESS))); 228 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 229 ASSERT_EQ(1u, new_pcr_allocation.count); 230 TPML_PCR_SELECTION expected_pcr_allocation; 231 PopulatePCRSelection(false, false, true, &expected_pcr_allocation); 232 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 233 sizeof(TPML_PCR_SELECTION))); 234 } 235 236 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) { 237 SetExistingPCRSExpectation(true, false); 238 TPML_PCR_SELECTION new_pcr_allocation; 239 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 240 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), 241 SetArgPointee<3>(YES), 242 Return(TPM_RC_SUCCESS))); 243 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 244 ASSERT_EQ(2u, new_pcr_allocation.count); 245 TPML_PCR_SELECTION expected_pcr_allocation; 246 PopulatePCRSelection(true, true, true, &expected_pcr_allocation); 247 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 248 sizeof(TPML_PCR_SELECTION))); 249 } 250 251 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) { 252 SetExistingPCRSExpectation(true, true); 253 TPML_PCR_SELECTION new_pcr_allocation; 254 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 255 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), 256 SetArgPointee<3>(YES), 257 Return(TPM_RC_SUCCESS))); 258 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 259 ASSERT_EQ(1u, new_pcr_allocation.count); 260 TPML_PCR_SELECTION expected_pcr_allocation; 261 PopulatePCRSelection(true, true, false, &expected_pcr_allocation); 262 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 263 sizeof(TPML_PCR_SELECTION))); 264 } 265 266 TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) { 267 SetExistingPCRSExpectation(false, true); 268 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 269 .Times(0); 270 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 271 } 272 273 TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) { 274 SetExistingPCRSExpectation(false, false); 275 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 276 .WillOnce(Return(TPM_RC_FAILURE)); 277 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 278 } 279 280 TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) { 281 SetExistingPCRSExpectation(false, false); 282 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 283 .WillOnce(DoAll(SetArgPointee<3>(NO), 284 Return(TPM_RC_SUCCESS))); 285 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 286 } 287 288 TEST_F(TpmUtilityTest, TakeOwnershipSuccess) { 289 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 290 .WillRepeatedly(Return(false)); 291 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 292 .WillRepeatedly(Return(false)); 293 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 294 .WillRepeatedly(Return(false)); 295 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner", 296 "endorsement", 297 "lockout")); 298 } 299 300 TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) { 301 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner", 302 "endorsement", 303 "lockout")); 304 } 305 306 TEST_F(TpmUtilityTest, TakeOwnershipBadSession) { 307 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 308 .WillRepeatedly(Return(TPM_RC_FAILURE)); 309 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner", 310 "endorsement", 311 "lockout")); 312 } 313 314 TEST_F(TpmUtilityTest, TakeOwnershipFailure) { 315 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 316 .WillRepeatedly(Return(TPM_RC_FAILURE)); 317 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner", 318 "endorsement", 319 "lockout")); 320 } 321 322 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) { 323 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 324 .WillRepeatedly(Return(false)); 325 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 326 .WillRepeatedly(Return(false)); 327 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner", 328 "endorsement", 329 "lockout")); 330 } 331 332 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) { 333 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 334 .WillRepeatedly(Return(false)); 335 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 336 .WillRepeatedly(Return(false)); 337 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner", 338 "endorsement", 339 "lockout")); 340 } 341 342 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) { 343 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 344 .WillRepeatedly(Return(false)); 345 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner", 346 "endorsement", 347 "lockout")); 348 } 349 350 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) { 351 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 352 .WillRepeatedly(Return(false)); 353 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 354 .WillRepeatedly(Return(false)); 355 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 356 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 357 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 358 .WillRepeatedly(Return(TPM_RC_FAILURE)); 359 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner", 360 "endorsement", 361 "lockout")); 362 } 363 364 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) { 365 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 366 .WillRepeatedly(Return(false)); 367 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 368 .WillRepeatedly(Return(false)); 369 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 370 .WillRepeatedly(Return(false)); 371 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 372 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 373 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 374 .WillRepeatedly(Return(TPM_RC_FAILURE)); 375 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner", 376 "endorsement", 377 "lockout")); 378 } 379 380 TEST_F(TpmUtilityTest, StirRandomSuccess) { 381 std::string entropy_data("large test data", 100); 382 EXPECT_EQ(TPM_RC_SUCCESS, 383 utility_.StirRandom(entropy_data, &mock_authorization_delegate_)); 384 } 385 386 TEST_F(TpmUtilityTest, StirRandomFails) { 387 std::string entropy_data("test data"); 388 EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr)) 389 .WillOnce(Return(TPM_RC_FAILURE)); 390 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr)); 391 } 392 393 TEST_F(TpmUtilityTest, GenerateRandomSuccess) { 394 // This number is larger than the max bytes the GetRandom call can return. 395 // Therefore we expect software to make multiple calls to fill this many 396 // bytes. 397 size_t num_bytes = 72; 398 std::string random_data; 399 TPM2B_DIGEST large_random; 400 large_random.size = 32; 401 TPM2B_DIGEST small_random; 402 small_random.size = 8; 403 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_)) 404 .Times(2) 405 .WillRepeatedly(DoAll(SetArgPointee<1>(large_random), 406 Return(TPM_RC_SUCCESS))); 407 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_)) 408 .WillOnce(DoAll(SetArgPointee<1>(small_random), 409 Return(TPM_RC_SUCCESS))); 410 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GenerateRandom( 411 num_bytes, &mock_authorization_delegate_, &random_data)); 412 EXPECT_EQ(num_bytes, random_data.size()); 413 } 414 415 TEST_F(TpmUtilityTest, GenerateRandomFails) { 416 size_t num_bytes = 5; 417 std::string random_data; 418 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr)) 419 .WillOnce(Return(TPM_RC_FAILURE)); 420 EXPECT_EQ(TPM_RC_FAILURE, 421 utility_.GenerateRandom(num_bytes, nullptr, &random_data)); 422 } 423 424 TEST_F(TpmUtilityTest, ExtendPCRSuccess) { 425 TPM_HANDLE pcr_handle = HR_PCR + 1; 426 TPML_DIGEST_VALUES digests; 427 EXPECT_CALL(mock_tpm_, 428 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_)) 429 .WillOnce(DoAll(SaveArg<2>(&digests), 430 Return(TPM_RC_SUCCESS))); 431 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest", 432 &mock_authorization_delegate_)); 433 EXPECT_EQ(1u, digests.count); 434 EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg); 435 std::string hash_string = crypto::SHA256HashString("test digest"); 436 EXPECT_EQ(0, memcmp(hash_string.data(), 437 digests.digests[0].digest.sha256, 438 crypto::kSHA256Length)); 439 } 440 441 TEST_F(TpmUtilityTest, ExtendPCRFail) { 442 int pcr_index = 0; 443 TPM_HANDLE pcr_handle = HR_PCR + pcr_index; 444 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _)) 445 .WillOnce(Return(TPM_RC_FAILURE)); 446 EXPECT_EQ(TPM_RC_FAILURE, 447 utility_.ExtendPCR(pcr_index, "test digest", nullptr)); 448 } 449 450 TEST_F(TpmUtilityTest, ExtendPCRBadParam) { 451 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr)); 452 } 453 454 TEST_F(TpmUtilityTest, ReadPCRSuccess) { 455 // The |pcr_index| is chosen to match the structure for |pcr_select|. 456 // If you change |pcr_index|, remember to change |pcr_select|. 457 int pcr_index = 1; 458 std::string pcr_value; 459 TPML_PCR_SELECTION pcr_select; 460 pcr_select.count = 1; 461 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 462 pcr_select.pcr_selections[0].sizeof_select = 1; 463 pcr_select.pcr_selections[0].pcr_select[0] = 2; 464 TPML_DIGEST pcr_values; 465 pcr_values.count = 1; 466 pcr_values.digests[0].size = 5; 467 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 468 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 469 SetArgPointee<3>(pcr_values), 470 Return(TPM_RC_SUCCESS))); 471 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value)); 472 } 473 474 TEST_F(TpmUtilityTest, ReadPCRFail) { 475 std::string pcr_value; 476 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 477 .WillOnce(Return(TPM_RC_FAILURE)); 478 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 479 } 480 481 TEST_F(TpmUtilityTest, ReadPCRBadReturn) { 482 std::string pcr_value; 483 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 484 } 485 486 TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) { 487 TPM_HANDLE key_handle; 488 std::string plaintext; 489 std::string output_ciphertext("ciphertext"); 490 std::string ciphertext; 491 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 492 output_ciphertext); 493 TPM2B_PUBLIC public_area; 494 public_area.public_area.type = TPM_ALG_RSA; 495 public_area.public_area.object_attributes = kDecrypt; 496 public_area.public_area.auth_policy.size = 0; 497 public_area.public_area.unique.rsa.size = 0; 498 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 499 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 500 Return(TPM_RC_SUCCESS))); 501 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, 502 &mock_authorization_delegate_)) 503 .WillOnce(DoAll(SetArgPointee<5>(out_message), 504 Return(TPM_RC_SUCCESS))); 505 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt( 506 key_handle, 507 TPM_ALG_NULL, 508 TPM_ALG_NULL, 509 plaintext, 510 &mock_authorization_delegate_, 511 &ciphertext)); 512 EXPECT_EQ(0, ciphertext.compare(output_ciphertext)); 513 } 514 515 TEST_F(TpmUtilityTest, AsymmetricEncryptFail) { 516 TPM_HANDLE key_handle; 517 std::string plaintext; 518 std::string ciphertext; 519 TPM2B_PUBLIC public_area; 520 public_area.public_area.type = TPM_ALG_RSA; 521 public_area.public_area.object_attributes = kDecrypt; 522 public_area.public_area.auth_policy.size = 0; 523 public_area.public_area.unique.rsa.size = 0; 524 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 525 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 526 Return(TPM_RC_SUCCESS))); 527 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 528 .WillOnce(Return(TPM_RC_FAILURE)); 529 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricEncrypt(key_handle, 530 TPM_ALG_NULL, 531 TPM_ALG_NULL, 532 plaintext, 533 nullptr, 534 &ciphertext)); 535 } 536 537 TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) { 538 TPM_HANDLE key_handle = TPM_RH_FIRST; 539 std::string plaintext; 540 std::string ciphertext; 541 TPM2B_PUBLIC public_area; 542 public_area.public_area.type = TPM_ALG_RSA; 543 public_area.public_area.object_attributes = kDecrypt | kRestricted; 544 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr)) 545 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 546 Return(TPM_RC_SUCCESS))); 547 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricEncrypt(key_handle, 548 TPM_ALG_RSAES, 549 TPM_ALG_NULL, 550 plaintext, 551 nullptr, 552 &ciphertext)); 553 } 554 555 TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) { 556 TPM_HANDLE key_handle; 557 std::string plaintext; 558 std::string output_ciphertext("ciphertext"); 559 std::string ciphertext; 560 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 561 output_ciphertext); 562 TPM2B_PUBLIC public_area; 563 public_area.public_area.type = TPM_ALG_RSA; 564 public_area.public_area.object_attributes = kDecrypt; 565 public_area.public_area.auth_policy.size = 0; 566 public_area.public_area.unique.rsa.size = 0; 567 TPMT_RSA_DECRYPT scheme; 568 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 569 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 570 Return(TPM_RC_SUCCESS))); 571 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 572 .WillOnce(DoAll(SetArgPointee<5>(out_message), 573 SaveArg<3>(&scheme), 574 Return(TPM_RC_SUCCESS))); 575 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle, 576 TPM_ALG_NULL, 577 TPM_ALG_NULL, 578 plaintext, 579 nullptr, 580 &ciphertext)); 581 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 582 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 583 } 584 585 TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) { 586 TPM_HANDLE key_handle; 587 std::string plaintext; 588 std::string output_ciphertext("ciphertext"); 589 std::string ciphertext; 590 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 591 output_ciphertext); 592 TPM2B_PUBLIC public_area; 593 public_area.public_area.type = TPM_ALG_RSA; 594 public_area.public_area.object_attributes = kDecrypt; 595 public_area.public_area.auth_policy.size = 0; 596 public_area.public_area.unique.rsa.size = 0; 597 TPMT_RSA_DECRYPT scheme; 598 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 599 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 600 Return(TPM_RC_SUCCESS))); 601 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 602 .WillOnce(DoAll(SetArgPointee<5>(out_message), 603 SaveArg<3>(&scheme), 604 Return(TPM_RC_SUCCESS))); 605 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle, 606 TPM_ALG_RSAES, 607 TPM_ALG_NULL, 608 plaintext, 609 nullptr, 610 &ciphertext)); 611 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 612 } 613 614 TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) { 615 TPM_HANDLE key_handle; 616 std::string plaintext; 617 std::string output_plaintext("plaintext"); 618 std::string ciphertext; 619 std::string password("password"); 620 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 621 output_plaintext); 622 TPM2B_PUBLIC public_area; 623 public_area.public_area.type = TPM_ALG_RSA; 624 public_area.public_area.object_attributes = kDecrypt; 625 public_area.public_area.auth_policy.size = 0; 626 public_area.public_area.unique.rsa.size = 0; 627 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 628 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 629 Return(TPM_RC_SUCCESS))); 630 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, 631 &mock_authorization_delegate_)) 632 .WillOnce(DoAll(SetArgPointee<5>(out_message), 633 Return(TPM_RC_SUCCESS))); 634 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 635 key_handle, 636 TPM_ALG_NULL, 637 TPM_ALG_NULL, 638 ciphertext, 639 &mock_authorization_delegate_, 640 &plaintext)); 641 EXPECT_EQ(0, plaintext.compare(output_plaintext)); 642 } 643 644 TEST_F(TpmUtilityTest, AsymmetricDecryptFail) { 645 TPM_HANDLE key_handle; 646 std::string key_name; 647 std::string plaintext; 648 std::string ciphertext; 649 std::string password; 650 TPM2B_PUBLIC public_area; 651 public_area.public_area.type = TPM_ALG_RSA; 652 public_area.public_area.object_attributes = kDecrypt; 653 public_area.public_area.auth_policy.size = 0; 654 public_area.public_area.unique.rsa.size = 0; 655 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 656 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 657 Return(TPM_RC_SUCCESS))); 658 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 659 .WillOnce(Return(TPM_RC_FAILURE)); 660 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricDecrypt( 661 key_handle, 662 TPM_ALG_NULL, 663 TPM_ALG_NULL, 664 ciphertext, 665 &mock_authorization_delegate_, 666 &plaintext)); 667 } 668 669 TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) { 670 TPM_HANDLE key_handle = TPM_RH_FIRST; 671 std::string plaintext; 672 std::string ciphertext; 673 TPM2B_PUBLIC public_area; 674 public_area.public_area.type = TPM_ALG_RSA; 675 public_area.public_area.object_attributes = kDecrypt | kRestricted; 676 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 677 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 678 Return(TPM_RC_SUCCESS))); 679 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricDecrypt( 680 key_handle, 681 TPM_ALG_RSAES, 682 TPM_ALG_NULL, 683 ciphertext, 684 &mock_authorization_delegate_, 685 &plaintext)); 686 } 687 688 TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) { 689 TPM_HANDLE key_handle = TPM_RH_FIRST; 690 std::string key_name; 691 std::string plaintext; 692 std::string ciphertext; 693 std::string password; 694 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.AsymmetricDecrypt( 695 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 696 ciphertext, nullptr, &plaintext)); 697 } 698 699 TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) { 700 TPM_HANDLE key_handle; 701 std::string plaintext; 702 std::string output_plaintext("plaintext"); 703 std::string ciphertext; 704 std::string password; 705 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 706 output_plaintext); 707 TPM2B_PUBLIC public_area; 708 public_area.public_area.type = TPM_ALG_RSA; 709 public_area.public_area.object_attributes = kDecrypt; 710 public_area.public_area.auth_policy.size = 0; 711 public_area.public_area.unique.rsa.size = 0; 712 TPMT_RSA_DECRYPT scheme; 713 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 714 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 715 Return(TPM_RC_SUCCESS))); 716 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 717 .WillOnce(DoAll(SetArgPointee<5>(out_message), 718 SaveArg<3>(&scheme), 719 Return(TPM_RC_SUCCESS))); 720 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 721 key_handle, 722 TPM_ALG_NULL, 723 TPM_ALG_NULL, 724 ciphertext, 725 &mock_authorization_delegate_, 726 &plaintext)); 727 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 728 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 729 } 730 731 TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) { 732 TPM_HANDLE key_handle; 733 std::string plaintext; 734 std::string output_plaintext("plaintext"); 735 std::string ciphertext; 736 std::string password; 737 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 738 output_plaintext); 739 TPM2B_PUBLIC public_area; 740 public_area.public_area.type = TPM_ALG_RSA; 741 public_area.public_area.object_attributes = kDecrypt; 742 public_area.public_area.auth_policy.size = 0; 743 public_area.public_area.unique.rsa.size = 0; 744 TPMT_RSA_DECRYPT scheme; 745 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 746 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 747 Return(TPM_RC_SUCCESS))); 748 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 749 .WillOnce(DoAll(SetArgPointee<5>(out_message), 750 SaveArg<3>(&scheme), 751 Return(TPM_RC_SUCCESS))); 752 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 753 key_handle, 754 TPM_ALG_RSAES, 755 TPM_ALG_NULL, 756 ciphertext, 757 &mock_authorization_delegate_, 758 &plaintext)); 759 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 760 } 761 762 TEST_F(TpmUtilityTest, SignSuccess) { 763 TPM_HANDLE key_handle; 764 std::string password("password"); 765 std::string digest(32, 'a'); 766 TPMT_SIGNATURE signature_out; 767 signature_out.signature.rsassa.sig.size = 2; 768 signature_out.signature.rsassa.sig.buffer[0] = 'h'; 769 signature_out.signature.rsassa.sig.buffer[1] = 'i'; 770 std::string signature; 771 TPM2B_PUBLIC public_area; 772 public_area.public_area.type = TPM_ALG_RSA; 773 public_area.public_area.object_attributes = kSign; 774 public_area.public_area.auth_policy.size = 0; 775 public_area.public_area.unique.rsa.size = 0; 776 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 777 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 778 Return(TPM_RC_SUCCESS))); 779 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, 780 &mock_authorization_delegate_)) 781 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 782 Return(TPM_RC_SUCCESS))); 783 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 784 TPM_ALG_NULL, 785 TPM_ALG_NULL, 786 digest, 787 &mock_authorization_delegate_, 788 &signature)); 789 EXPECT_EQ(0, signature.compare("hi")); 790 } 791 792 TEST_F(TpmUtilityTest, SignFail) { 793 TPM_HANDLE key_handle; 794 std::string password; 795 std::string digest(32, 'a'); 796 std::string signature; 797 TPM2B_PUBLIC public_area; 798 public_area.public_area.type = TPM_ALG_RSA; 799 public_area.public_area.object_attributes = kSign; 800 public_area.public_area.auth_policy.size = 0; 801 public_area.public_area.unique.rsa.size = 0; 802 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 803 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 804 Return(TPM_RC_SUCCESS))); 805 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 806 .WillOnce(Return(TPM_RC_FAILURE)); 807 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle, 808 TPM_ALG_NULL, 809 TPM_ALG_NULL, 810 digest, 811 &mock_authorization_delegate_, 812 &signature)); 813 } 814 815 TEST_F(TpmUtilityTest, SignBadParams1) { 816 TPM_HANDLE key_handle; 817 std::string password; 818 std::string digest(32, 'a'); 819 std::string signature; 820 TPM2B_PUBLIC public_area; 821 public_area.public_area.type = TPM_ALG_RSA; 822 public_area.public_area.object_attributes = kSign | kRestricted; 823 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 824 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 825 Return(TPM_RC_SUCCESS))); 826 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 827 TPM_ALG_RSAPSS, 828 TPM_ALG_NULL, 829 digest, 830 &mock_authorization_delegate_, 831 &signature)); 832 } 833 834 TEST_F(TpmUtilityTest, SignBadAuthorizationSession) { 835 TPM_HANDLE key_handle = TPM_RH_FIRST; 836 std::string password; 837 std::string digest(32, 'a'); 838 std::string signature; 839 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.Sign(key_handle, 840 TPM_ALG_RSAPSS, 841 TPM_ALG_NULL, 842 digest, 843 nullptr, 844 &signature)); 845 } 846 847 TEST_F(TpmUtilityTest, SignBadParams2) { 848 TPM_HANDLE key_handle; 849 std::string password; 850 std::string digest(32, 'a'); 851 std::string signature; 852 TPM2B_PUBLIC public_area; 853 public_area.public_area.type = TPM_ALG_RSA; 854 public_area.public_area.object_attributes = kDecrypt; 855 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 856 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 857 Return(TPM_RC_SUCCESS))); 858 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 859 TPM_ALG_RSAPSS, 860 TPM_ALG_NULL, 861 digest, 862 &mock_authorization_delegate_, 863 &signature)); 864 } 865 866 TEST_F(TpmUtilityTest, SignBadParams3) { 867 TPM_HANDLE key_handle; 868 std::string password; 869 std::string digest(32, 'a'); 870 std::string signature; 871 TPM2B_PUBLIC public_area; 872 public_area.public_area.type = TPM_ALG_ECC; 873 public_area.public_area.object_attributes = kSign; 874 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 875 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 876 Return(TPM_RC_SUCCESS))); 877 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 878 TPM_ALG_RSAPSS, 879 TPM_ALG_NULL, 880 digest, 881 &mock_authorization_delegate_, 882 &signature)); 883 } 884 885 TEST_F(TpmUtilityTest, SignBadParams4) { 886 TPM_HANDLE key_handle; 887 std::string password; 888 std::string digest(32, 'a'); 889 std::string signature; 890 TPM2B_PUBLIC public_area; 891 public_area.public_area.type = TPM_ALG_RSA; 892 public_area.public_area.object_attributes = kSign; 893 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 894 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 895 Return(TPM_RC_FAILURE))); 896 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle, 897 TPM_ALG_RSAPSS, 898 TPM_ALG_NULL, 899 digest, 900 &mock_authorization_delegate_, 901 &signature)); 902 } 903 904 TEST_F(TpmUtilityTest, SignBadParams5) { 905 TPM_HANDLE key_handle = 0; 906 std::string password; 907 std::string digest(32, 'a'); 908 std::string signature; 909 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 910 TPM_ALG_AES, 911 TPM_ALG_NULL, 912 digest, 913 &mock_authorization_delegate_, 914 &signature)); 915 } 916 917 918 TEST_F(TpmUtilityTest, SignNullSchemeForward) { 919 TPM_HANDLE key_handle; 920 std::string password; 921 std::string digest(32, 'a'); 922 TPMT_SIGNATURE signature_out; 923 signature_out.signature.rsassa.sig.size = 0; 924 std::string signature; 925 TPM2B_PUBLIC public_area; 926 TPMT_SIG_SCHEME scheme; 927 public_area.public_area.type = TPM_ALG_RSA; 928 public_area.public_area.object_attributes = kSign; 929 public_area.public_area.auth_policy.size = 0; 930 public_area.public_area.unique.rsa.size = 0; 931 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 932 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 933 Return(TPM_RC_SUCCESS))); 934 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 935 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 936 SaveArg<3>(&scheme), 937 Return(TPM_RC_SUCCESS))); 938 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 939 TPM_ALG_NULL, 940 TPM_ALG_NULL, 941 digest, 942 &mock_authorization_delegate_, 943 &signature)); 944 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA); 945 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256); 946 } 947 948 TEST_F(TpmUtilityTest, SignSchemeForward) { 949 TPM_HANDLE key_handle; 950 std::string password; 951 std::string digest(64, 'a'); 952 TPMT_SIGNATURE signature_out; 953 signature_out.signature.rsassa.sig.size = 0; 954 std::string signature; 955 TPM2B_PUBLIC public_area; 956 TPMT_SIG_SCHEME scheme; 957 public_area.public_area.type = TPM_ALG_RSA; 958 public_area.public_area.object_attributes = kSign; 959 public_area.public_area.auth_policy.size = 0; 960 public_area.public_area.unique.rsa.size = 0; 961 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 962 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 963 Return(TPM_RC_SUCCESS))); 964 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 965 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 966 SaveArg<3>(&scheme), 967 Return(TPM_RC_SUCCESS))); 968 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 969 TPM_ALG_RSAPSS, 970 TPM_ALG_SHA1, 971 digest, 972 &mock_authorization_delegate_, 973 &signature)); 974 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS); 975 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1); 976 } 977 978 TEST_F(TpmUtilityTest, VerifySuccess) { 979 TPM_HANDLE key_handle; 980 std::string digest(32, 'a'); 981 std::string signature; 982 TPM2B_PUBLIC public_area; 983 public_area.public_area.type = TPM_ALG_RSA; 984 public_area.public_area.object_attributes = kSign; 985 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 986 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 987 Return(TPM_RC_SUCCESS))); 988 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 989 .WillOnce(Return(TPM_RC_SUCCESS)); 990 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 991 TPM_ALG_NULL, 992 TPM_ALG_NULL, 993 digest, 994 signature, 995 nullptr)); 996 } 997 998 TEST_F(TpmUtilityTest, VerifyFail) { 999 TPM_HANDLE key_handle; 1000 std::string digest(32, 'a'); 1001 std::string signature; 1002 TPM2B_PUBLIC public_area; 1003 public_area.public_area.type = TPM_ALG_RSA; 1004 public_area.public_area.object_attributes = kSign; 1005 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1006 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1007 Return(TPM_RC_SUCCESS))); 1008 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1009 .WillOnce(Return(TPM_RC_FAILURE)); 1010 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle, 1011 TPM_ALG_NULL, 1012 TPM_ALG_NULL, 1013 digest, 1014 signature, 1015 nullptr)); 1016 } 1017 1018 TEST_F(TpmUtilityTest, VerifyBadParams1) { 1019 TPM_HANDLE key_handle; 1020 std::string digest(32, 'a'); 1021 std::string signature; 1022 TPM2B_PUBLIC public_area; 1023 public_area.public_area.type = TPM_ALG_RSA; 1024 public_area.public_area.object_attributes = kSign | kRestricted; 1025 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1026 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1027 Return(TPM_RC_SUCCESS))); 1028 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 1029 TPM_ALG_NULL, 1030 TPM_ALG_NULL, 1031 digest, 1032 signature, 1033 nullptr)); 1034 } 1035 1036 TEST_F(TpmUtilityTest, VerifyBadParams2) { 1037 TPM_HANDLE key_handle; 1038 std::string digest(32, 'a'); 1039 std::string signature; 1040 TPM2B_PUBLIC public_area; 1041 public_area.public_area.type = TPM_ALG_RSA; 1042 public_area.public_area.object_attributes = kDecrypt; 1043 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1044 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1045 Return(TPM_RC_SUCCESS))); 1046 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 1047 TPM_ALG_NULL, 1048 TPM_ALG_NULL, 1049 digest, 1050 signature, 1051 nullptr)); 1052 } 1053 1054 TEST_F(TpmUtilityTest, VerifyBadParams3) { 1055 TPM_HANDLE key_handle; 1056 std::string digest(32, 'a'); 1057 std::string signature; 1058 TPM2B_PUBLIC public_area; 1059 public_area.public_area.type = TPM_ALG_ECC; 1060 public_area.public_area.object_attributes = kSign; 1061 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1062 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1063 Return(TPM_RC_SUCCESS))); 1064 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 1065 TPM_ALG_NULL, 1066 TPM_ALG_NULL, 1067 digest, 1068 signature, 1069 nullptr)); 1070 } 1071 1072 TEST_F(TpmUtilityTest, VerifyBadParams4) { 1073 TPM_HANDLE key_handle; 1074 std::string digest(32, 'a'); 1075 std::string signature; 1076 TPM2B_PUBLIC public_area; 1077 public_area.public_area.type = TPM_ALG_RSA; 1078 public_area.public_area.object_attributes = kSign; 1079 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1080 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1081 Return(TPM_RC_FAILURE))); 1082 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle, 1083 TPM_ALG_NULL, 1084 TPM_ALG_NULL, 1085 digest, 1086 signature, 1087 nullptr)); 1088 } 1089 1090 TEST_F(TpmUtilityTest, VerifyBadParams5) { 1091 TPM_HANDLE key_handle; 1092 std::string digest(32, 'a'); 1093 std::string signature; 1094 TPM2B_PUBLIC public_area; 1095 public_area.public_area.type = TPM_ALG_RSA; 1096 public_area.public_area.object_attributes = kSign; 1097 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1098 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1099 Return(TPM_RC_SUCCESS))); 1100 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 1101 TPM_ALG_AES, 1102 TPM_ALG_NULL, 1103 digest, 1104 signature, 1105 nullptr)); 1106 } 1107 1108 TEST_F(TpmUtilityTest, VerifyNullSchemeForward) { 1109 TPM_HANDLE key_handle; 1110 std::string digest(32, 'a'); 1111 std::string signature; 1112 TPM2B_PUBLIC public_area; 1113 TPMT_SIGNATURE signature_in; 1114 public_area.public_area.type = TPM_ALG_RSA; 1115 public_area.public_area.object_attributes = kSign; 1116 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1117 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1118 Return(TPM_RC_SUCCESS))); 1119 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1120 .WillOnce(DoAll(SaveArg<3>(&signature_in), 1121 Return(TPM_RC_SUCCESS))); 1122 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 1123 TPM_ALG_NULL, 1124 TPM_ALG_NULL, 1125 digest, 1126 signature, 1127 nullptr)); 1128 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA); 1129 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256); 1130 } 1131 1132 TEST_F(TpmUtilityTest, VerifySchemeForward) { 1133 TPM_HANDLE key_handle; 1134 std::string digest(64, 'a'); 1135 std::string signature; 1136 TPM2B_PUBLIC public_area; 1137 TPMT_SIGNATURE signature_in; 1138 public_area.public_area.type = TPM_ALG_RSA; 1139 public_area.public_area.object_attributes = kSign; 1140 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1141 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1142 Return(TPM_RC_SUCCESS))); 1143 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1144 .WillOnce(DoAll(SaveArg<3>(&signature_in), 1145 Return(TPM_RC_SUCCESS))); 1146 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 1147 TPM_ALG_RSAPSS, 1148 TPM_ALG_SHA1, 1149 digest, 1150 signature, 1151 nullptr)); 1152 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS); 1153 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1); 1154 } 1155 1156 TEST_F(TpmUtilityTest, CertifyCreationSuccess) { 1157 TPM_HANDLE key_handle = 42; 1158 std::string creation_blob; 1159 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, 1160 _, _, _, _, _, _, _)) 1161 .WillOnce(Return(TPM_RC_SUCCESS)); 1162 EXPECT_EQ(TPM_RC_SUCCESS, 1163 utility_.CertifyCreation(key_handle, creation_blob)); 1164 } 1165 1166 TEST_F(TpmUtilityTest, CertifyCreationParserError) { 1167 TPM_HANDLE key_handle = 42; 1168 std::string creation_blob; 1169 EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _)) 1170 .WillOnce(Return(false)); 1171 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1172 utility_.CertifyCreation(key_handle, creation_blob)); 1173 } 1174 1175 TEST_F(TpmUtilityTest, CertifyCreationFailure) { 1176 TPM_HANDLE key_handle = 42; 1177 std::string creation_blob; 1178 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, 1179 _, _, _, _, _, _, _)) 1180 .WillOnce(Return(TPM_RC_FAILURE)); 1181 EXPECT_EQ(TPM_RC_FAILURE, 1182 utility_.CertifyCreation(key_handle, creation_blob)); 1183 } 1184 1185 TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) { 1186 TPM_HANDLE key_handle = 1; 1187 std::string new_password; 1188 std::string key_blob; 1189 TPM2B_PUBLIC public_area; 1190 public_area.public_area.type = TPM_ALG_RSA; 1191 public_area.public_area.auth_policy.size = 0; 1192 public_area.public_area.unique.rsa.size = 0; 1193 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1194 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1195 Return(TPM_RC_SUCCESS))); 1196 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData( 1197 key_handle, new_password, &mock_authorization_delegate_, &key_blob)); 1198 } 1199 1200 TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) { 1201 TPM_HANDLE key_handle = 1; 1202 std::string old_password; 1203 std::string new_password; 1204 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1205 .WillOnce(Return(TPM_RC_FAILURE)); 1206 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1207 key_handle, new_password, &mock_authorization_delegate_, nullptr)); 1208 } 1209 1210 TEST_F(TpmUtilityTest, ChangeAuthDataFailure) { 1211 TPM_HANDLE key_handle = 1; 1212 std::string new_password; 1213 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _)) 1214 .WillOnce(Return(TPM_RC_FAILURE)); 1215 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1216 key_handle, new_password, &mock_authorization_delegate_, nullptr)); 1217 } 1218 1219 TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) { 1220 TPM_HANDLE key_handle = 1; 1221 std::string new_password; 1222 std::string key_blob; 1223 TPM2B_PUBLIC public_area; 1224 public_area.public_area.type = TPM_ALG_RSA; 1225 public_area.public_area.auth_policy.size = 0; 1226 public_area.public_area.unique.rsa.size = 0; 1227 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1228 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1229 Return(TPM_RC_SUCCESS))); 1230 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1231 .WillOnce(Return(false)); 1232 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ChangeKeyAuthorizationData( 1233 key_handle, new_password, &mock_authorization_delegate_, &key_blob)); 1234 } 1235 1236 TEST_F(TpmUtilityTest, ImportRSAKeySuccess) { 1237 uint32_t public_exponent = 0x10001; 1238 std::string modulus(256, 'a'); 1239 std::string prime_factor(128, 'b'); 1240 std::string password("password"); 1241 std::string key_blob; 1242 TPM2B_DATA encryption_key; 1243 TPM2B_PUBLIC public_data; 1244 TPM2B_PRIVATE private_data; 1245 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1246 .WillOnce(DoAll(SaveArg<2>(&encryption_key), 1247 SaveArg<3>(&public_data), 1248 SaveArg<4>(&private_data), 1249 Return(TPM_RC_SUCCESS))); 1250 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey( 1251 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1252 modulus, 1253 public_exponent, 1254 prime_factor, 1255 password, 1256 &mock_authorization_delegate_, 1257 &key_blob)); 1258 // Validate that the public area was properly constructed. 1259 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits, 1260 modulus.size() * 8); 1261 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent, 1262 public_exponent); 1263 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size()); 1264 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer, 1265 modulus.data(), modulus.size())); 1266 // Validate the private struct construction. 1267 EXPECT_EQ(kAesKeySize, encryption_key.size); 1268 AES_KEY key; 1269 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key); 1270 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0}; 1271 int iv_in = 0; 1272 std::string unencrypted_private(private_data.size, 0); 1273 AES_cfb128_encrypt( 1274 reinterpret_cast<const unsigned char*>(private_data.buffer), 1275 reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)), 1276 private_data.size, &key, iv, &iv_in, AES_DECRYPT); 1277 TPM2B_DIGEST inner_integrity; 1278 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private, 1279 &inner_integrity, nullptr)); 1280 std::string object_name; 1281 EXPECT_EQ(TPM_RC_SUCCESS, 1282 ComputeKeyName(public_data.public_area, &object_name)); 1283 std::string integrity_value = crypto::SHA256HashString(unencrypted_private + 1284 object_name); 1285 EXPECT_EQ(integrity_value.size(), inner_integrity.size); 1286 EXPECT_EQ(0, memcmp(inner_integrity.buffer, 1287 integrity_value.data(), 1288 inner_integrity.size)); 1289 TPM2B_SENSITIVE sensitive_data; 1290 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private, 1291 &sensitive_data, nullptr)); 1292 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size()); 1293 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer, 1294 password.data(), password.size())); 1295 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size, 1296 prime_factor.size()); 1297 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer, 1298 prime_factor.data(), prime_factor.size())); 1299 } 1300 1301 TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) { 1302 uint32_t public_exponent = 0x10001; 1303 std::string modulus(256, 'a'); 1304 std::string prime_factor(128, 'b'); 1305 std::string password; 1306 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey( 1307 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1308 modulus, 1309 public_exponent, 1310 prime_factor, 1311 password, 1312 &mock_authorization_delegate_, 1313 nullptr)); 1314 } 1315 1316 TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) { 1317 uint32_t public_exponent = 0x10001; 1318 std::string modulus(256, 'a'); 1319 std::string prime_factor(128, 'b'); 1320 std::string password; 1321 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1322 .WillOnce(Return(TPM_RC_FAILURE)); 1323 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey( 1324 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1325 modulus, 1326 public_exponent, 1327 prime_factor, 1328 password, 1329 &mock_authorization_delegate_, 1330 nullptr)); 1331 } 1332 1333 TEST_F(TpmUtilityTest, ImportRSAKeyFail) { 1334 std::string modulus; 1335 std::string prime_factor; 1336 std::string password; 1337 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1338 .WillOnce(Return(TPM_RC_FAILURE)); 1339 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey( 1340 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1341 modulus, 1342 0x10001, 1343 prime_factor, 1344 password, 1345 &mock_authorization_delegate_, 1346 nullptr)); 1347 } 1348 1349 TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) { 1350 std::string modulus; 1351 std::string prime_factor; 1352 std::string password; 1353 std::string key_blob; 1354 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1355 .WillOnce(Return(false)); 1356 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ImportRSAKey( 1357 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1358 modulus, 1359 0x10001, 1360 prime_factor, 1361 password, 1362 &mock_authorization_delegate_, 1363 &key_blob)); 1364 } 1365 1366 TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) { 1367 TPM2B_PUBLIC public_area; 1368 TPML_PCR_SELECTION creation_pcrs; 1369 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, 1370 _, _, _, _, _, _, _, _, 1371 &mock_authorization_delegate_)) 1372 .WillOnce(DoAll(SaveArg<2>(&public_area), 1373 SaveArg<3>(&creation_pcrs), 1374 Return(TPM_RC_SUCCESS))); 1375 std::string key_blob; 1376 std::string creation_blob; 1377 int creation_pcr = 12; 1378 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair( 1379 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048, 0x10001, 1380 "password", "", false, creation_pcr, &mock_authorization_delegate_, 1381 &key_blob, &creation_blob)); 1382 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1383 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1384 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 1385 kUserWithAuth); 1386 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u); 1387 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1388 TPM_ALG_NULL); 1389 EXPECT_EQ(1u, creation_pcrs.count); 1390 EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash); 1391 EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select); 1392 EXPECT_EQ(1u << (creation_pcr % 8), 1393 creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]); 1394 } 1395 1396 TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) { 1397 TPM2B_PUBLIC public_area; 1398 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, 1399 _, _, _, _, _, _, _, _, 1400 &mock_authorization_delegate_)) 1401 .WillOnce(DoAll(SaveArg<2>(&public_area), 1402 Return(TPM_RC_SUCCESS))); 1403 std::string key_blob; 1404 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair( 1405 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password", 1406 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob, 1407 nullptr)); 1408 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1409 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u); 1410 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1411 TPM_ALG_NULL); 1412 } 1413 1414 TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) { 1415 TPM2B_PUBLIC public_area; 1416 TPM2B_SENSITIVE_CREATE sensitive_create; 1417 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, 1418 _, _, _, _, _, _, _, _, 1419 &mock_authorization_delegate_)) 1420 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), 1421 SaveArg<2>(&public_area), 1422 Return(TPM_RC_SUCCESS))); 1423 std::string key_blob; 1424 std::string policy_digest(32, 'a'); 1425 std::string key_auth("password"); 1426 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair( 1427 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth, 1428 policy_digest, true /* use_only_policy_authorization */, kNoCreationPCR, 1429 &mock_authorization_delegate_, &key_blob, nullptr)); 1430 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u); 1431 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1432 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u); 1433 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 1434 kAdminWithPolicy); 1435 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1436 TPM_ALG_NULL); 1437 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048); 1438 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u); 1439 EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size()); 1440 EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer, 1441 policy_digest.data(), policy_digest.size())); 1442 EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size()); 1443 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer, 1444 key_auth.data(), key_auth.size())); 1445 } 1446 1447 TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) { 1448 std::string key_blob; 1449 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.CreateRSAKeyPair( 1450 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password", 1451 "", false, kNoCreationPCR, nullptr, &key_blob, nullptr)); 1452 } 1453 1454 TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) { 1455 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, 1456 _, _, _, _, _, _, _, _, 1457 &mock_authorization_delegate_)) 1458 .WillOnce(Return(TPM_RC_FAILURE)); 1459 std::string key_blob; 1460 EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateRSAKeyPair( 1461 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password", 1462 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob, 1463 nullptr)); 1464 } 1465 1466 TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) { 1467 std::string key_blob; 1468 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1469 .WillOnce(Return(false)); 1470 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair( 1471 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password", 1472 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob, 1473 nullptr)); 1474 } 1475 1476 TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) { 1477 std::string creation_blob; 1478 std::string key_blob; 1479 EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob)) 1480 .WillOnce(Return(false)); 1481 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair( 1482 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password", 1483 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob, 1484 &creation_blob)); 1485 } 1486 1487 TEST_F(TpmUtilityTest, LoadKeySuccess) { 1488 TPM_HANDLE key_handle = TPM_RH_FIRST; 1489 TPM_HANDLE loaded_handle; 1490 EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _, 1491 &mock_authorization_delegate_)) 1492 .WillOnce(DoAll(SetArgPointee<4>(key_handle), 1493 Return(TPM_RC_SUCCESS))); 1494 std::string key_blob; 1495 EXPECT_EQ(TPM_RC_SUCCESS, utility_.LoadKey( 1496 key_blob, &mock_authorization_delegate_, &loaded_handle)); 1497 EXPECT_EQ(loaded_handle, key_handle); 1498 } 1499 1500 TEST_F(TpmUtilityTest, LoadKeyFailure) { 1501 TPM_HANDLE key_handle; 1502 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1503 .WillOnce(Return(TPM_RC_FAILURE)); 1504 std::string key_blob; 1505 EXPECT_EQ(TPM_RC_FAILURE, utility_.LoadKey( 1506 key_blob, &mock_authorization_delegate_, &key_handle)); 1507 } 1508 1509 TEST_F(TpmUtilityTest, LoadKeyBadDelegate) { 1510 TPM_HANDLE key_handle; 1511 std::string key_blob; 1512 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LoadKey( 1513 key_blob, nullptr, &key_handle)); 1514 } 1515 1516 TEST_F(TpmUtilityTest, LoadKeyParserFail) { 1517 TPM_HANDLE key_handle; 1518 std::string key_blob; 1519 EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _)) 1520 .WillOnce(Return(false)); 1521 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.LoadKey( 1522 key_blob, &mock_authorization_delegate_, &key_handle)); 1523 } 1524 1525 TEST_F(TpmUtilityTest, SealedDataSuccess) { 1526 std::string data_to_seal("seal_data"); 1527 std::string sealed_data; 1528 TPM2B_SENSITIVE_CREATE sensitive_create; 1529 TPM2B_PUBLIC in_public; 1530 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, 1531 _, _, _, _, _, _, _)) 1532 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), 1533 SaveArg<2>(&in_public), 1534 Return(TPM_RC_SUCCESS))); 1535 EXPECT_EQ(TPM_RC_SUCCESS, utility_.SealData( 1536 data_to_seal, "", &mock_authorization_delegate_, &sealed_data)); 1537 EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size()); 1538 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer, 1539 data_to_seal.data(), data_to_seal.size())); 1540 EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH); 1541 EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256); 1542 } 1543 1544 TEST_F(TpmUtilityTest, SealDataBadDelegate) { 1545 std::string data_to_seal("seal_data"); 1546 std::string sealed_data; 1547 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.SealData( 1548 data_to_seal, "", nullptr, &sealed_data)); 1549 } 1550 1551 TEST_F(TpmUtilityTest, SealDataFailure) { 1552 std::string data_to_seal("seal_data"); 1553 std::string sealed_data; 1554 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, 1555 _, _, _, _, _, _, _)) 1556 .WillOnce(Return(TPM_RC_FAILURE)); 1557 EXPECT_EQ(TPM_RC_FAILURE, utility_.SealData( 1558 data_to_seal, "", &mock_authorization_delegate_, &sealed_data)); 1559 } 1560 1561 TEST_F(TpmUtilityTest, SealDataParserFail) { 1562 std::string data_to_seal("seal_data"); 1563 std::string sealed_data; 1564 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data)) 1565 .WillOnce(Return(false)); 1566 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.SealData( 1567 data_to_seal, "", &mock_authorization_delegate_, &sealed_data)); 1568 } 1569 1570 TEST_F(TpmUtilityTest, UnsealDataSuccess) { 1571 std::string sealed_data; 1572 std::string tpm_unsealed_data("password"); 1573 std::string unsealed_data; 1574 TPM_HANDLE object_handle = 42; 1575 TPM2B_PUBLIC public_data; 1576 public_data.public_area.auth_policy.size = 0; 1577 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1578 .WillRepeatedly(DoAll(SetArgPointee<2>(public_data), 1579 Return(TPM_RC_SUCCESS))); 1580 EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _)) 1581 .WillRepeatedly(DoAll(SetArgPointee<2>(public_data), 1582 Return(TPM_RC_SUCCESS))); 1583 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1584 .WillOnce(DoAll(SetArgPointee<4>(object_handle), 1585 Return(TPM_RC_SUCCESS))); 1586 TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data); 1587 EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _)) 1588 .WillOnce(DoAll(SetArgPointee<2>(out_data), 1589 Return(TPM_RC_SUCCESS))); 1590 EXPECT_EQ(TPM_RC_SUCCESS, utility_.UnsealData( 1591 sealed_data, &mock_authorization_delegate_, &unsealed_data)); 1592 EXPECT_EQ(unsealed_data, tpm_unsealed_data); 1593 } 1594 1595 TEST_F(TpmUtilityTest, UnsealDataBadDelegate) { 1596 std::string sealed_data; 1597 std::string unsealed_data; 1598 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.UnsealData( 1599 sealed_data, nullptr, &unsealed_data)); 1600 } 1601 1602 TEST_F(TpmUtilityTest, UnsealDataLoadFail) { 1603 std::string sealed_data; 1604 std::string unsealed_data; 1605 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1606 .WillOnce(Return(TPM_RC_FAILURE)); 1607 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData( 1608 sealed_data, &mock_authorization_delegate_, &unsealed_data)); 1609 } 1610 1611 TEST_F(TpmUtilityTest, UnsealDataBadKeyName) { 1612 std::string sealed_data; 1613 std::string unsealed_data; 1614 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1615 .WillOnce(Return(TPM_RC_FAILURE)); 1616 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData( 1617 sealed_data, &mock_authorization_delegate_, &unsealed_data)); 1618 } 1619 1620 TEST_F(TpmUtilityTest, UnsealObjectFailure) { 1621 std::string sealed_data; 1622 std::string unsealed_data; 1623 EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _)) 1624 .WillOnce(Return(TPM_RC_FAILURE)); 1625 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData( 1626 sealed_data, &mock_authorization_delegate_, &unsealed_data)); 1627 } 1628 1629 TEST_F(TpmUtilityTest, StartSessionSuccess) { 1630 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1631 .WillOnce(Return(TPM_RC_SUCCESS)); 1632 EXPECT_EQ(TPM_RC_SUCCESS, 1633 utility_.StartSession(&mock_hmac_session_)); 1634 } 1635 1636 TEST_F(TpmUtilityTest, StartSessionFailure) { 1637 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1638 .WillOnce(Return(TPM_RC_FAILURE)); 1639 EXPECT_EQ(TPM_RC_FAILURE, 1640 utility_.StartSession(&mock_hmac_session_)); 1641 } 1642 1643 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) { 1644 int index = 5; 1645 std::string pcr_value("pcr_value"); 1646 std::string policy_digest; 1647 TPML_PCR_SELECTION pcr_select; 1648 pcr_select.count = 1; 1649 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 1650 pcr_select.pcr_selections[0].sizeof_select = 1; 1651 pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8); 1652 TPML_DIGEST pcr_values; 1653 pcr_values.count = 1; 1654 pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value); 1655 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1656 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 1657 SetArgPointee<3>(pcr_values), 1658 Return(TPM_RC_SUCCESS))); 1659 std::string tpm_pcr_value; 1660 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _)) 1661 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), 1662 Return(TPM_RC_SUCCESS))); 1663 std::string tpm_policy_digest("digest"); 1664 EXPECT_CALL(mock_policy_session_, GetDigest(_)) 1665 .WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest), 1666 Return(TPM_RC_SUCCESS))); 1667 EXPECT_EQ(TPM_RC_SUCCESS, 1668 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1669 EXPECT_EQ(policy_digest, tpm_policy_digest); 1670 EXPECT_EQ(pcr_value, tpm_pcr_value); 1671 } 1672 1673 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) { 1674 int index = 5; 1675 std::string pcr_value("pcr_value"); 1676 std::string policy_digest; 1677 std::string tpm_pcr_value; 1678 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _)) 1679 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), 1680 Return(TPM_RC_SUCCESS))); 1681 std::string tpm_policy_digest("digest"); 1682 EXPECT_CALL(mock_policy_session_, GetDigest(_)) 1683 .WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest), 1684 Return(TPM_RC_SUCCESS))); 1685 EXPECT_EQ(TPM_RC_SUCCESS, 1686 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest)); 1687 EXPECT_EQ(policy_digest, tpm_policy_digest); 1688 EXPECT_EQ(pcr_value, tpm_pcr_value); 1689 } 1690 1691 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) { 1692 int index = 5; 1693 std::string pcr_value("value"); 1694 std::string policy_digest; 1695 EXPECT_CALL(mock_policy_session_, StartUnboundSession(false)) 1696 .WillOnce(Return(TPM_RC_FAILURE)); 1697 EXPECT_EQ(TPM_RC_FAILURE, 1698 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest)); 1699 } 1700 1701 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) { 1702 int index = 5; 1703 std::string policy_digest; 1704 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1705 .WillOnce(Return(TPM_RC_FAILURE)); 1706 EXPECT_EQ(TPM_RC_FAILURE, 1707 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1708 } 1709 1710 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) { 1711 int index = 5; 1712 std::string pcr_value("value"); 1713 std::string policy_digest; 1714 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _)) 1715 .WillOnce(Return(TPM_RC_FAILURE)); 1716 EXPECT_EQ(TPM_RC_FAILURE, 1717 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest)); 1718 } 1719 1720 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) { 1721 int index = 5; 1722 std::string pcr_value("value"); 1723 std::string policy_digest; 1724 EXPECT_CALL(mock_policy_session_, GetDigest(&policy_digest)) 1725 .WillOnce(Return(TPM_RC_FAILURE)); 1726 EXPECT_EQ(TPM_RC_FAILURE, 1727 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest)); 1728 } 1729 1730 TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) { 1731 uint32_t index = 59; 1732 uint32_t nvram_index = NV_INDEX_FIRST + index; 1733 size_t length = 256; 1734 TPM2B_NV_PUBLIC public_data; 1735 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1736 .WillOnce(DoAll(SaveArg<3>(&public_data), 1737 Return(TPM_RC_SUCCESS))); 1738 EXPECT_EQ(TPM_RC_SUCCESS, utility_.DefineNVSpace( 1739 index, length, &mock_authorization_delegate_)); 1740 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index); 1741 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256); 1742 EXPECT_EQ(public_data.nv_public.attributes, 1743 TPMA_NV_NO_DA | TPMA_NV_OWNERWRITE | TPMA_NV_WRITEDEFINE | 1744 TPMA_NV_AUTHREAD); 1745 EXPECT_EQ(public_data.nv_public.data_size, length); 1746 } 1747 1748 TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) { 1749 size_t bad_length = 3000; 1750 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1751 utility_.DefineNVSpace(0, bad_length, &mock_authorization_delegate_)); 1752 } 1753 1754 TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) { 1755 uint32_t bad_index = 1<<29; 1756 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1757 utility_.DefineNVSpace(bad_index, 2, &mock_authorization_delegate_)); 1758 } 1759 1760 TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) { 1761 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DefineNVSpace(0, 2, nullptr)); 1762 } 1763 1764 TEST_F(TpmUtilityTest, DefineNVSpaceFail) { 1765 uint32_t index = 59; 1766 size_t length = 256; 1767 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1768 .WillOnce(Return(TPM_RC_FAILURE)); 1769 EXPECT_EQ(TPM_RC_FAILURE, 1770 utility_.DefineNVSpace(index, length, &mock_authorization_delegate_)); 1771 } 1772 1773 TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) { 1774 uint32_t index = 53; 1775 uint32_t nvram_index = NV_INDEX_FIRST + index; 1776 EXPECT_CALL(mock_tpm_, 1777 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)); 1778 EXPECT_EQ(TPM_RC_SUCCESS, 1779 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1780 } 1781 1782 TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) { 1783 uint32_t bad_index = 1<<29; 1784 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1785 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_)); 1786 } 1787 1788 TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) { 1789 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr)); 1790 } 1791 1792 TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) { 1793 uint32_t index = 53; 1794 uint32_t nvram_index = NV_INDEX_FIRST + index; 1795 EXPECT_CALL(mock_tpm_, 1796 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1797 .WillOnce(Return(TPM_RC_FAILURE)); 1798 EXPECT_EQ(TPM_RC_FAILURE, 1799 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1800 } 1801 1802 TEST_F(TpmUtilityTest, LockNVSpaceSuccess) { 1803 uint32_t index = 53; 1804 uint32_t nvram_index = NV_INDEX_FIRST + index; 1805 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1806 .WillOnce(Return(TPM_RC_SUCCESS)); 1807 EXPECT_EQ(TPM_RC_SUCCESS, 1808 utility_.LockNVSpace(index, &mock_authorization_delegate_)); 1809 TPMS_NV_PUBLIC public_area; 1810 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1811 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITELOCKED, TPMA_NV_WRITELOCKED); 1812 } 1813 1814 TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) { 1815 uint32_t bad_index = 1<<24; 1816 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1817 utility_.LockNVSpace(bad_index, &mock_authorization_delegate_)); 1818 } 1819 1820 TEST_F(TpmUtilityTest, LockNVSpaceBadSession) { 1821 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LockNVSpace(52, nullptr)); 1822 } 1823 1824 TEST_F(TpmUtilityTest, LockNVSpaceFailure) { 1825 uint32_t index = 53; 1826 uint32_t nvram_index = NV_INDEX_FIRST + index; 1827 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1828 .WillOnce(Return(TPM_RC_FAILURE)); 1829 EXPECT_EQ(TPM_RC_FAILURE, 1830 utility_.LockNVSpace(index, &mock_authorization_delegate_)); 1831 } 1832 1833 TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) { 1834 uint32_t index = 53; 1835 uint32_t offset = 5; 1836 uint32_t nvram_index = NV_INDEX_FIRST + index; 1837 EXPECT_CALL(mock_tpm_, 1838 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1839 .WillOnce(Return(TPM_RC_SUCCESS)); 1840 EXPECT_EQ(TPM_RC_SUCCESS, utility_.WriteNVSpace( 1841 index, offset, "", &mock_authorization_delegate_)); 1842 TPMS_NV_PUBLIC public_area; 1843 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1844 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN); 1845 } 1846 1847 TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) { 1848 uint32_t index = 53; 1849 std::string nvram_data(1025, 0); 1850 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.WriteNVSpace( 1851 index, 0, nvram_data, &mock_authorization_delegate_)); 1852 } 1853 1854 TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) { 1855 uint32_t bad_index = 1<<24; 1856 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.WriteNVSpace( 1857 bad_index, 0, "", &mock_authorization_delegate_)); 1858 } 1859 1860 TEST_F(TpmUtilityTest, WriteNVSpaceBadSessions) { 1861 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1862 utility_.WriteNVSpace(53, 0, "", nullptr)); 1863 } 1864 1865 TEST_F(TpmUtilityTest, WriteNVSpaceFailure) { 1866 uint32_t index = 53; 1867 uint32_t offset = 5; 1868 uint32_t nvram_index = NV_INDEX_FIRST + index; 1869 EXPECT_CALL(mock_tpm_, 1870 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1871 .WillOnce(Return(TPM_RC_FAILURE)); 1872 EXPECT_EQ(TPM_RC_FAILURE, utility_.WriteNVSpace( 1873 index, offset, "", &mock_authorization_delegate_)); 1874 } 1875 1876 TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) { 1877 uint32_t index = 53; 1878 uint32_t offset = 5; 1879 uint32_t nv_index = NV_INDEX_FIRST + index; 1880 size_t length = 24; 1881 std::string nvram_data; 1882 EXPECT_CALL(mock_tpm_, 1883 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1884 .WillOnce(Return(TPM_RC_SUCCESS)); 1885 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadNVSpace( 1886 index, offset, length, &nvram_data, &mock_authorization_delegate_)); 1887 } 1888 1889 TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) { 1890 size_t length = 1025; 1891 std::string nvram_data; 1892 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.ReadNVSpace( 1893 52, 0, length, &nvram_data, &mock_authorization_delegate_)); 1894 } 1895 1896 TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) { 1897 uint32_t bad_index = 1<<24; 1898 std::string nvram_data; 1899 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.ReadNVSpace( 1900 bad_index, 0, 5, &nvram_data, &mock_authorization_delegate_)); 1901 } 1902 1903 TEST_F(TpmUtilityTest, ReadNVSpaceBadSession) { 1904 std::string nvram_data; 1905 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1906 utility_.ReadNVSpace(53, 0, 5, &nvram_data, nullptr)); 1907 } 1908 1909 TEST_F(TpmUtilityTest, ReadNVSpaceFailure) { 1910 uint32_t index = 53; 1911 uint32_t offset = 5; 1912 uint32_t nv_index = NV_INDEX_FIRST + index; 1913 size_t length = 24; 1914 std::string nvram_data; 1915 EXPECT_CALL(mock_tpm_, 1916 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1917 .WillOnce(Return(TPM_RC_FAILURE)); 1918 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadNVSpace( 1919 index, offset, length, &nvram_data, &mock_authorization_delegate_)); 1920 } 1921 1922 TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) { 1923 uint32_t index = 53; 1924 uint32_t nvram_index = NV_INDEX_FIRST + index; 1925 std::string name; 1926 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1927 .WillOnce(Return(TPM_RC_SUCCESS)); 1928 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name)); 1929 } 1930 1931 TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) { 1932 uint32_t index = 53; 1933 std::string name; 1934 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1935 .WillOnce(Return(TPM_RC_FAILURE)); 1936 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name)); 1937 } 1938 1939 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) { 1940 uint32_t index = 53; 1941 TPMS_NV_PUBLIC public_area; 1942 SetNVRAMMap(index, public_area); 1943 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1944 .Times(0); 1945 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1946 } 1947 1948 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) { 1949 uint32_t index = 53; 1950 uint32_t nvram_index = NV_INDEX_FIRST + index; 1951 TPMS_NV_PUBLIC public_area; 1952 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1953 .WillOnce(Return(TPM_RC_SUCCESS)); 1954 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1955 } 1956 1957 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) { 1958 uint32_t index = 53; 1959 TPMS_NV_PUBLIC public_area; 1960 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1961 .WillOnce(Return(TPM_RC_FAILURE)); 1962 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area)); 1963 } 1964 1965 TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) { 1966 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 1967 .WillOnce(Return(false)); 1968 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1969 .WillOnce(Return(TPM_RC_SUCCESS)); 1970 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1971 } 1972 1973 TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) { 1974 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1975 } 1976 1977 TEST_F(TpmUtilityTest, SetKnownPasswordFailure) { 1978 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 1979 .WillOnce(Return(false)); 1980 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1981 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1982 EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password")); 1983 } 1984 1985 TEST_F(TpmUtilityTest, RootKeysSuccess) { 1986 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1987 } 1988 1989 TEST_F(TpmUtilityTest, RootKeysHandleConsistency) { 1990 TPM_HANDLE test_handle = 42; 1991 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1992 .WillRepeatedly(DoAll(SetArgPointee<3>(test_handle), 1993 Return(TPM_RC_SUCCESS))); 1994 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1995 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1996 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1997 } 1998 1999 TEST_F(TpmUtilityTest, RootKeysCreateFailure) { 2000 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 2001 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2002 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 2003 } 2004 2005 TEST_F(TpmUtilityTest, RootKeysPersistFailure) { 2006 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 2007 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2008 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 2009 } 2010 2011 TEST_F(TpmUtilityTest, RootKeysAlreadyExist) { 2012 SetExistingKeyHandleExpectation(kRSAStorageRootKey); 2013 SetExistingKeyHandleExpectation(kECCStorageRootKey); 2014 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 2015 } 2016 2017 TEST_F(TpmUtilityTest, SaltingKeySuccess) { 2018 TPM2B_PUBLIC public_area; 2019 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 2020 .WillOnce(DoAll(SaveArg<2>(&public_area), 2021 Return(TPM_RC_SUCCESS))); 2022 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 2023 EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg); 2024 } 2025 2026 TEST_F(TpmUtilityTest, SaltingKeyConsistency) { 2027 TPM_HANDLE test_handle = 42; 2028 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 2029 .WillRepeatedly(DoAll(SetArgPointee<4>(test_handle), 2030 Return(TPM_RC_SUCCESS))); 2031 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 2032 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 2033 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 2034 } 2035 2036 TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) { 2037 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 2038 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2039 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 2040 } 2041 2042 TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) { 2043 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 2044 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2045 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 2046 } 2047 2048 TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) { 2049 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 2050 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2051 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 2052 } 2053 2054 TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) { 2055 SetExistingKeyHandleExpectation(kSaltingKey); 2056 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 2057 } 2058 2059 } // namespace trunks 2060
