1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "trunks/policy_session_impl.h" 18 19 #include <crypto/sha2.h> 20 #include <gmock/gmock.h> 21 #include <gtest/gtest.h> 22 23 #include "trunks/error_codes.h" 24 #include "trunks/mock_session_manager.h" 25 #include "trunks/mock_tpm.h" 26 #include "trunks/tpm_generated.h" 27 #include "trunks/trunks_factory_for_test.h" 28 29 using testing::_; 30 using testing::NiceMock; 31 using testing::Return; 32 using testing::SaveArg; 33 using testing::SetArgPointee; 34 35 namespace trunks { 36 37 class PolicySessionTest : public testing::Test { 38 public: 39 PolicySessionTest() {} 40 ~PolicySessionTest() override {} 41 42 void SetUp() override { 43 factory_.set_session_manager(&mock_session_manager_); 44 factory_.set_tpm(&mock_tpm_); 45 } 46 47 HmacAuthorizationDelegate* GetHmacDelegate(PolicySessionImpl* session) { 48 return &(session->hmac_delegate_); 49 } 50 51 protected: 52 TrunksFactoryForTest factory_; 53 NiceMock<MockSessionManager> mock_session_manager_; 54 NiceMock<MockTpm> mock_tpm_; 55 }; 56 57 TEST_F(PolicySessionTest, GetDelegateUninitialized) { 58 PolicySessionImpl session(factory_); 59 EXPECT_CALL(mock_session_manager_, GetSessionHandle()) 60 .WillRepeatedly(Return(kUninitializedHandle)); 61 EXPECT_EQ(nullptr, session.GetDelegate()); 62 } 63 64 TEST_F(PolicySessionTest, GetDelegateSuccess) { 65 PolicySessionImpl session(factory_); 66 EXPECT_EQ(GetHmacDelegate(&session), session.GetDelegate()); 67 } 68 69 TEST_F(PolicySessionTest, StartBoundSessionSuccess) { 70 PolicySessionImpl session(factory_); 71 EXPECT_EQ(TPM_RC_SUCCESS, 72 session.StartBoundSession(TPM_RH_FIRST, "auth", true)); 73 } 74 75 TEST_F(PolicySessionTest, StartBoundSessionFailure) { 76 PolicySessionImpl session(factory_); 77 TPM_HANDLE handle = TPM_RH_FIRST; 78 EXPECT_CALL(mock_session_manager_, StartSession(TPM_SE_POLICY, handle, 79 _, true, _)) 80 .WillRepeatedly(Return(TPM_RC_FAILURE)); 81 EXPECT_EQ(TPM_RC_FAILURE, session.StartBoundSession(handle, "auth", true)); 82 } 83 84 TEST_F(PolicySessionTest, StartBoundSessionBadType) { 85 PolicySessionImpl session(factory_, TPM_SE_HMAC); 86 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 87 session.StartBoundSession(TPM_RH_FIRST, "auth", true)); 88 } 89 90 TEST_F(PolicySessionTest, StartUnboundSessionSuccess) { 91 PolicySessionImpl session(factory_); 92 EXPECT_EQ(TPM_RC_SUCCESS, session.StartUnboundSession(true)); 93 } 94 95 TEST_F(PolicySessionTest, StartUnboundSessionFailure) { 96 PolicySessionImpl session(factory_); 97 EXPECT_CALL(mock_session_manager_, StartSession(TPM_SE_POLICY, TPM_RH_NULL, 98 _, true, _)) 99 .WillRepeatedly(Return(TPM_RC_FAILURE)); 100 EXPECT_EQ(TPM_RC_FAILURE, session.StartUnboundSession(true)); 101 } 102 103 TEST_F(PolicySessionTest, GetDigestSuccess) { 104 PolicySessionImpl session(factory_); 105 std::string digest; 106 TPM2B_DIGEST policy_digest; 107 policy_digest.size = SHA256_DIGEST_SIZE; 108 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _)) 109 .WillOnce(DoAll(SetArgPointee<2>(policy_digest), 110 Return(TPM_RC_SUCCESS))); 111 EXPECT_EQ(TPM_RC_SUCCESS, session.GetDigest(&digest)); 112 EXPECT_EQ(static_cast<size_t>(SHA256_DIGEST_SIZE), digest.size()); 113 } 114 115 TEST_F(PolicySessionTest, GetDigestFailure) { 116 PolicySessionImpl session(factory_); 117 std::string digest; 118 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _)) 119 .WillOnce(Return(TPM_RC_FAILURE)); 120 EXPECT_EQ(TPM_RC_FAILURE, session.GetDigest(&digest)); 121 } 122 123 TEST_F(PolicySessionTest, PolicyORSuccess) { 124 PolicySessionImpl session(factory_); 125 std::vector<std::string> digests; 126 digests.push_back("digest1"); 127 digests.push_back("digest2"); 128 digests.push_back("digest3"); 129 TPML_DIGEST tpm_digests; 130 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _)) 131 .WillOnce(DoAll(SaveArg<2>(&tpm_digests), 132 Return(TPM_RC_SUCCESS))); 133 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyOR(digests)); 134 EXPECT_EQ(tpm_digests.count, digests.size()); 135 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[0]), digests[0]); 136 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[1]), digests[1]); 137 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[2]), digests[2]); 138 } 139 140 TEST_F(PolicySessionTest, PolicyORBadParam) { 141 PolicySessionImpl session(factory_); 142 std::vector<std::string> digests; 143 // We use 9 here because the maximum number of digests allowed by the TPM 144 // is 8. Therefore having 9 digests here should cause the code to fail. 145 digests.resize(9); 146 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyOR(digests)); 147 } 148 149 TEST_F(PolicySessionTest, PolicyORFailure) { 150 PolicySessionImpl session(factory_); 151 std::vector<std::string> digests; 152 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _)) 153 .WillOnce(Return(TPM_RC_FAILURE)); 154 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyOR(digests)); 155 } 156 157 TEST_F(PolicySessionTest, PolicyPCRSuccess) { 158 PolicySessionImpl session(factory_); 159 std::string pcr_digest("digest"); 160 int pcr_index = 1; 161 TPML_PCR_SELECTION pcr_select; 162 TPM2B_DIGEST pcr_value; 163 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _)) 164 .WillOnce(DoAll(SaveArg<2>(&pcr_value), 165 SaveArg<3>(&pcr_select), 166 Return(TPM_RC_SUCCESS))); 167 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyPCR(pcr_index, pcr_digest)); 168 uint8_t pcr_select_index = pcr_index / 8; 169 uint8_t pcr_select_byte = 1 << (pcr_index % 8); 170 EXPECT_EQ(pcr_select.count, 1u); 171 EXPECT_EQ(pcr_select.pcr_selections[0].hash, TPM_ALG_SHA256); 172 EXPECT_EQ(pcr_select.pcr_selections[0].sizeof_select, PCR_SELECT_MIN); 173 EXPECT_EQ(pcr_select.pcr_selections[0].pcr_select[pcr_select_index], 174 pcr_select_byte); 175 EXPECT_EQ(StringFrom_TPM2B_DIGEST(pcr_value), 176 crypto::SHA256HashString(pcr_digest)); 177 } 178 179 TEST_F(PolicySessionTest, PolicyPCRFailure) { 180 PolicySessionImpl session(factory_); 181 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _)) 182 .WillOnce(Return(TPM_RC_FAILURE)); 183 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyPCR(1, "pcr_digest")); 184 } 185 186 TEST_F(PolicySessionTest, PolicyPCRTrialWithNoDigest) { 187 PolicySessionImpl session(factory_, TPM_SE_TRIAL); 188 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyPCR(1, "")); 189 } 190 191 TEST_F(PolicySessionTest, PolicyCommandCodeSuccess) { 192 PolicySessionImpl session(factory_); 193 TPM_CC command_code = TPM_CC_FIRST; 194 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, command_code, _)) 195 .WillOnce(Return(TPM_RC_SUCCESS)); 196 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyCommandCode(TPM_CC_FIRST)); 197 } 198 199 TEST_F(PolicySessionTest, PolicyCommandCodeFailure) { 200 PolicySessionImpl session(factory_); 201 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, _, _)) 202 .WillOnce(Return(TPM_RC_FAILURE)); 203 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyCommandCode(TPM_CC_FIRST)); 204 } 205 206 TEST_F(PolicySessionTest, PolicyAuthValueSuccess) { 207 PolicySessionImpl session(factory_); 208 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _)) 209 .WillOnce(Return(TPM_RC_SUCCESS)); 210 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyAuthValue()); 211 } 212 213 TEST_F(PolicySessionTest, PolicyAuthValueFailure) { 214 PolicySessionImpl session(factory_); 215 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _)) 216 .WillOnce(Return(TPM_RC_FAILURE)); 217 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyAuthValue()); 218 } 219 220 TEST_F(PolicySessionTest, EntityAuthorizationForwardingTest) { 221 PolicySessionImpl session(factory_); 222 std::string test_auth("test_auth"); 223 session.SetEntityAuthorizationValue(test_auth); 224 HmacAuthorizationDelegate* hmac_delegate = GetHmacDelegate(&session); 225 std::string entity_auth = hmac_delegate->entity_authorization_value(); 226 EXPECT_EQ(0, test_auth.compare(entity_auth)); 227 } 228 229 } // namespace trunks 230