1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <gmock/gmock.h> 18 #include <gtest/gtest.h> 19 20 #include "trunks/mock_tpm.h" 21 #include "trunks/tpm_generated.h" 22 #include "trunks/tpm_state_impl.h" 23 #include "trunks/trunks_factory_for_test.h" 24 25 using testing::_; 26 using testing::DoAll; 27 using testing::Invoke; 28 using testing::NiceMock; 29 using testing::Return; 30 using testing::SetArgPointee; 31 using testing::WithArgs; 32 33 namespace trunks { 34 35 // From definition of TPMA_STARTUP_CLEAR. 36 const trunks::TPMA_STARTUP_CLEAR kPlatformHierarchyMask = 1U; 37 38 // A test fixture for TpmState tests. 39 class TpmStateTest : public testing::Test { 40 public: 41 TpmStateTest() {} 42 ~TpmStateTest() override {} 43 44 void SetUp() override { 45 factory_.set_tpm(&mock_tpm_); 46 permanent_data_ = GetValidCapabilityData(TPM_PT_PERMANENT, 0); 47 startup_clear_data_ = GetValidCapabilityData(TPM_PT_STARTUP_CLEAR, 0); 48 rsa_data_ = GetValidAlgorithmData(TPM_ALG_RSA, 0); 49 ecc_data_ = GetValidAlgorithmData(TPM_ALG_ECC, 0); 50 lockout_counter_ = GetValidCapabilityData(TPM_PT_LOCKOUT_COUNTER, 0); 51 lockout_threshold_ = GetValidCapabilityData(TPM_PT_MAX_AUTH_FAIL, 0); 52 lockout_interval_ = GetValidCapabilityData(TPM_PT_LOCKOUT_INTERVAL, 0); 53 lockout_recovery_ = GetValidCapabilityData(TPM_PT_LOCKOUT_RECOVERY, 0); 54 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 55 TPM_PT_PERMANENT, 1, _, _, _)) 56 .WillRepeatedly(WithArgs<4>( 57 Invoke(this, &TpmStateTest::GetLivePermanent))); 58 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 59 TPM_PT_STARTUP_CLEAR, 1, _, _, _)) 60 .WillRepeatedly(WithArgs<4>( 61 Invoke(this, &TpmStateTest::GetLiveStartupClear))); 62 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_ALGS, 63 TPM_ALG_RSA, 1, _, _, _)) 64 .WillRepeatedly(WithArgs<4>( 65 Invoke(this, &TpmStateTest::GetLiveRSA))); 66 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_ALGS, 67 TPM_ALG_ECC, 1, _, _, _)) 68 .WillRepeatedly(WithArgs<4>( 69 Invoke(this, &TpmStateTest::GetLiveECC))); 70 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 71 TPM_PT_LOCKOUT_COUNTER, 72 1, _, _, _)) 73 .WillRepeatedly(WithArgs<4>( 74 Invoke(this, &TpmStateTest::GetLiveLockoutCounter))); 75 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 76 TPM_PT_MAX_AUTH_FAIL, 77 1, _, _, _)) 78 .WillRepeatedly(WithArgs<4>( 79 Invoke(this, &TpmStateTest::GetLiveLockoutThreshold))); 80 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 81 TPM_PT_LOCKOUT_INTERVAL, 82 1, _, _, _)) 83 .WillRepeatedly(WithArgs<4>( 84 Invoke(this, &TpmStateTest::GetLiveLockoutInterval))); 85 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES, 86 TPM_PT_LOCKOUT_RECOVERY, 87 1, _, _, _)) 88 .WillRepeatedly(WithArgs<4>( 89 Invoke(this, &TpmStateTest::GetLiveLockoutRecovery))); 90 } 91 92 TPM_RC GetLivePermanent(TPMS_CAPABILITY_DATA* capability_data) { 93 *capability_data = permanent_data_; 94 return TPM_RC_SUCCESS; 95 } 96 TPM_RC GetLiveStartupClear(TPMS_CAPABILITY_DATA* capability_data) { 97 *capability_data = startup_clear_data_; 98 return TPM_RC_SUCCESS; 99 } 100 TPM_RC GetLiveRSA(TPMS_CAPABILITY_DATA* capability_data) { 101 *capability_data = rsa_data_; 102 return TPM_RC_SUCCESS; 103 } 104 TPM_RC GetLiveECC(TPMS_CAPABILITY_DATA* capability_data) { 105 *capability_data = ecc_data_; 106 return TPM_RC_SUCCESS; 107 } 108 TPM_RC GetLiveLockoutCounter(TPMS_CAPABILITY_DATA* capability_data) { 109 *capability_data = lockout_counter_; 110 return TPM_RC_SUCCESS; 111 } 112 TPM_RC GetLiveLockoutThreshold(TPMS_CAPABILITY_DATA* capability_data) { 113 *capability_data = lockout_threshold_; 114 return TPM_RC_SUCCESS; 115 } 116 TPM_RC GetLiveLockoutInterval(TPMS_CAPABILITY_DATA* capability_data) { 117 *capability_data = lockout_interval_; 118 return TPM_RC_SUCCESS; 119 } 120 TPM_RC GetLiveLockoutRecovery(TPMS_CAPABILITY_DATA* capability_data) { 121 *capability_data = lockout_recovery_; 122 return TPM_RC_SUCCESS; 123 } 124 125 protected: 126 TPMS_CAPABILITY_DATA GetValidCapabilityData(TPM_PT property, UINT32 value) { 127 TPMS_CAPABILITY_DATA data; 128 memset(&data, 0, sizeof(TPMS_CAPABILITY_DATA)); 129 data.capability = TPM_CAP_TPM_PROPERTIES; 130 data.data.tpm_properties.count = 1; 131 data.data.tpm_properties.tpm_property[0].property = property; 132 data.data.tpm_properties.tpm_property[0].value = value; 133 return data; 134 } 135 136 TPMS_CAPABILITY_DATA GetValidAlgorithmData(TPM_ALG_ID alg_id, UINT32 value) { 137 TPMS_CAPABILITY_DATA data; 138 memset(&data, 0, sizeof(TPMS_CAPABILITY_DATA)); 139 data.capability = TPM_CAP_ALGS; 140 data.data.tpm_properties.count = 1; 141 data.data.algorithms.alg_properties[0].alg = alg_id; 142 data.data.algorithms.alg_properties[0].alg_properties = value; 143 return data; 144 } 145 146 TrunksFactoryForTest factory_; 147 NiceMock<MockTpm> mock_tpm_; 148 TPMS_CAPABILITY_DATA permanent_data_; 149 TPMS_CAPABILITY_DATA startup_clear_data_; 150 TPMS_CAPABILITY_DATA rsa_data_; 151 TPMS_CAPABILITY_DATA ecc_data_; 152 TPMS_CAPABILITY_DATA lockout_counter_; 153 TPMS_CAPABILITY_DATA lockout_threshold_; 154 TPMS_CAPABILITY_DATA lockout_interval_; 155 TPMS_CAPABILITY_DATA lockout_recovery_; 156 }; 157 158 TEST(TpmState_DeathTest, NotInitialized) { 159 TrunksFactoryForTest factory; 160 TpmStateImpl tpm_state(factory); 161 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsOwnerPasswordSet(), "Check failed"); 162 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEndorsementPasswordSet(), 163 "Check failed"); 164 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsLockoutPasswordSet(), "Check failed"); 165 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsOwned(), "Check failed"); 166 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsInLockout(), "Check failed"); 167 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsPlatformHierarchyEnabled(), 168 "Check failed"); 169 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsStorageHierarchyEnabled(), 170 "Check failed"); 171 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEndorsementHierarchyEnabled(), 172 "Check failed"); 173 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEnabled(), "Check failed"); 174 EXPECT_DEATH_IF_SUPPORTED(tpm_state.WasShutdownOrderly(), "Check failed"); 175 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsRSASupported(), "Check failed"); 176 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsECCSupported(), "Check failed"); 177 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutCounter(), "Check failed"); 178 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutThreshold(), "Check failed"); 179 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutInterval(), "Check failed"); 180 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutRecovery(), "Check failed"); 181 } 182 183 TEST_F(TpmStateTest, FlagsClear) { 184 TpmStateImpl tpm_state(factory_); 185 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize()); 186 EXPECT_FALSE(tpm_state.IsOwnerPasswordSet()); 187 EXPECT_FALSE(tpm_state.IsEndorsementPasswordSet()); 188 EXPECT_FALSE(tpm_state.IsLockoutPasswordSet()); 189 EXPECT_FALSE(tpm_state.IsInLockout()); 190 EXPECT_FALSE(tpm_state.IsOwned()); 191 EXPECT_FALSE(tpm_state.IsPlatformHierarchyEnabled()); 192 EXPECT_FALSE(tpm_state.IsStorageHierarchyEnabled()); 193 EXPECT_FALSE(tpm_state.IsEndorsementHierarchyEnabled()); 194 EXPECT_FALSE(tpm_state.IsEnabled()); 195 EXPECT_FALSE(tpm_state.WasShutdownOrderly()); 196 EXPECT_FALSE(tpm_state.IsRSASupported()); 197 EXPECT_FALSE(tpm_state.IsECCSupported()); 198 EXPECT_EQ(0u, tpm_state.GetLockoutCounter()); 199 EXPECT_EQ(0u, tpm_state.GetLockoutThreshold()); 200 EXPECT_EQ(0u, tpm_state.GetLockoutInterval()); 201 EXPECT_EQ(0u, tpm_state.GetLockoutRecovery()); 202 } 203 204 TEST_F(TpmStateTest, FlagsSet) { 205 uint32_t lockout_counter = 5; 206 uint32_t lockout_threshold = 8; 207 uint32_t lockout_interval = 1200; 208 uint32_t lockout_recovery = 84600; 209 permanent_data_.data.tpm_properties.tpm_property[0].value = ~0U; 210 startup_clear_data_.data.tpm_properties.tpm_property[0].value = ~0U; 211 lockout_counter_.data.tpm_properties.tpm_property[0].value = lockout_counter; 212 lockout_threshold_.data.tpm_properties.tpm_property[0].value = 213 lockout_threshold; 214 lockout_interval_.data.tpm_properties.tpm_property[0].value = 215 lockout_interval; 216 lockout_recovery_.data.tpm_properties.tpm_property[0].value = 217 lockout_recovery; 218 rsa_data_.data.algorithms.alg_properties[0].alg_properties = ~0U; 219 ecc_data_.data.algorithms.alg_properties[0].alg_properties = ~0U; 220 TpmStateImpl tpm_state(factory_); 221 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize()); 222 EXPECT_TRUE(tpm_state.IsOwnerPasswordSet()); 223 EXPECT_TRUE(tpm_state.IsEndorsementPasswordSet()); 224 EXPECT_TRUE(tpm_state.IsLockoutPasswordSet()); 225 EXPECT_TRUE(tpm_state.IsOwned()); 226 EXPECT_TRUE(tpm_state.IsInLockout()); 227 EXPECT_TRUE(tpm_state.IsPlatformHierarchyEnabled()); 228 EXPECT_TRUE(tpm_state.IsStorageHierarchyEnabled()); 229 EXPECT_TRUE(tpm_state.IsEndorsementHierarchyEnabled()); 230 EXPECT_FALSE(tpm_state.IsEnabled()); 231 EXPECT_TRUE(tpm_state.WasShutdownOrderly()); 232 EXPECT_TRUE(tpm_state.IsRSASupported()); 233 EXPECT_TRUE(tpm_state.IsECCSupported()); 234 EXPECT_EQ(lockout_counter, tpm_state.GetLockoutCounter()); 235 EXPECT_EQ(lockout_threshold, tpm_state.GetLockoutThreshold()); 236 EXPECT_EQ(lockout_interval, tpm_state.GetLockoutInterval()); 237 EXPECT_EQ(lockout_recovery, tpm_state.GetLockoutRecovery()); 238 } 239 240 TEST_F(TpmStateTest, EnabledTpm) { 241 startup_clear_data_.data.tpm_properties.tpm_property[0].value = 242 ~kPlatformHierarchyMask; 243 TpmStateImpl tpm_state(factory_); 244 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize()); 245 EXPECT_FALSE(tpm_state.IsPlatformHierarchyEnabled()); 246 EXPECT_TRUE(tpm_state.IsStorageHierarchyEnabled()); 247 EXPECT_TRUE(tpm_state.IsEndorsementHierarchyEnabled()); 248 EXPECT_TRUE(tpm_state.IsEnabled()); 249 EXPECT_TRUE(tpm_state.WasShutdownOrderly()); 250 } 251 252 TEST_F(TpmStateTest, BadResponsePermanentCapabilityType) { 253 permanent_data_.capability = 0xFFFFF; 254 TpmStateImpl tpm_state(factory_); 255 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 256 } 257 258 TEST_F(TpmStateTest, BadResponseStartupClearCapabilityType) { 259 startup_clear_data_.capability = 0xFFFFF; 260 TpmStateImpl tpm_state(factory_); 261 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 262 } 263 264 TEST_F(TpmStateTest, BadResponseLockoutCounterCapabilityType) { 265 lockout_counter_.capability = 0xFFFFF; 266 TpmStateImpl tpm_state(factory_); 267 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 268 } 269 270 TEST_F(TpmStateTest, BadResponseLockoutThresholdCapabilityType) { 271 lockout_threshold_.capability = 0xFFFFF; 272 TpmStateImpl tpm_state(factory_); 273 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 274 } 275 276 TEST_F(TpmStateTest, BadResponseLockoutIntervalCapabilityType) { 277 lockout_interval_.capability = 0xFFFFF; 278 TpmStateImpl tpm_state(factory_); 279 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 280 } 281 282 TEST_F(TpmStateTest, BadResponseLockoutRecoveryCapabilityType) { 283 lockout_recovery_.capability = 0xFFFFF; 284 TpmStateImpl tpm_state(factory_); 285 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 286 } 287 288 TEST_F(TpmStateTest, BadResponseRSAAlgCapabilityType) { 289 rsa_data_.capability = 0xFFFFF; 290 TpmStateImpl tpm_state(factory_); 291 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 292 } 293 294 TEST_F(TpmStateTest, BadResponseECCAlgCapabilityType) { 295 ecc_data_.capability = 0xFFFFF; 296 TpmStateImpl tpm_state(factory_); 297 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 298 } 299 300 TEST_F(TpmStateTest, BadResponsePermanentPropertyCount) { 301 permanent_data_.data.tpm_properties.count = 0; 302 TpmStateImpl tpm_state(factory_); 303 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 304 } 305 306 TEST_F(TpmStateTest, BadResponseStartupClearPropertyCount) { 307 startup_clear_data_.data.tpm_properties.count = 0; 308 TpmStateImpl tpm_state(factory_); 309 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 310 } 311 312 TEST_F(TpmStateTest, BadResponseLockoutCounterPropertyCount) { 313 lockout_counter_.data.tpm_properties.count = 0; 314 TpmStateImpl tpm_state(factory_); 315 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 316 } 317 318 TEST_F(TpmStateTest, BadResponseLockoutThresholdPropertyCount) { 319 lockout_threshold_.data.tpm_properties.count = 0; 320 TpmStateImpl tpm_state(factory_); 321 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 322 } 323 324 TEST_F(TpmStateTest, BadResponseLockoutIntervalPropertyCount) { 325 lockout_interval_.data.tpm_properties.count = 0; 326 TpmStateImpl tpm_state(factory_); 327 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 328 } 329 330 TEST_F(TpmStateTest, BadResponseLockoutRecoveryPropertyCount) { 331 lockout_recovery_.data.tpm_properties.count = 0; 332 TpmStateImpl tpm_state(factory_); 333 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 334 } 335 336 TEST_F(TpmStateTest, BadResponseRSAAlgPropertyCount) { 337 rsa_data_.data.algorithms.count = 0; 338 TpmStateImpl tpm_state(factory_); 339 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 340 } 341 342 TEST_F(TpmStateTest, BadResponseECCAlgPropertyCount) { 343 ecc_data_.data.algorithms.count = 0; 344 TpmStateImpl tpm_state(factory_); 345 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 346 } 347 348 TEST_F(TpmStateTest, BadResponsePermanentPropertyType) { 349 permanent_data_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 350 TpmStateImpl tpm_state(factory_); 351 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 352 } 353 354 TEST_F(TpmStateTest, BadResponseStartupClearPropertyType) { 355 startup_clear_data_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 356 TpmStateImpl tpm_state(factory_); 357 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 358 } 359 360 TEST_F(TpmStateTest, BadResponseLockoutCounterPropertyType) { 361 lockout_counter_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 362 TpmStateImpl tpm_state(factory_); 363 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 364 } 365 366 TEST_F(TpmStateTest, BadResponseLockoutThresholdPropertyType) { 367 lockout_threshold_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 368 TpmStateImpl tpm_state(factory_); 369 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 370 } 371 372 TEST_F(TpmStateTest, BadResponseLockoutIntervalPropertyType) { 373 lockout_interval_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 374 TpmStateImpl tpm_state(factory_); 375 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 376 } 377 378 TEST_F(TpmStateTest, BadResponseLockoutRecoveryPropertyType) { 379 lockout_recovery_.data.tpm_properties.tpm_property[0].property = 0xFFFFF; 380 TpmStateImpl tpm_state(factory_); 381 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize()); 382 } 383 384 } // namespace trunks 385
