1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <string> 18 19 #include <gtest/gtest.h> 20 21 #include "trunks/password_authorization_delegate.h" 22 23 namespace trunks { 24 25 // This test looks at initialization of the delegate with no password. 26 // It should initailize with a zero length internal password buffer. 27 TEST(PasswordAuthorizationDelegateTest, NullInitialization) { 28 PasswordAuthorizationDelegate delegate(""); 29 EXPECT_EQ(delegate.password_.size, 0); 30 } 31 32 // This test checks the generation of an authorization structure by the 33 // delegate. It compared the serialized structure generated by the delegate 34 // to the expected authorization string. 35 TEST(PasswordAuthorizationDelegateTest, SerializationTest) { 36 std::string expected_auth( 37 "\x40\x00\x00\x09" // session_handle = TPM_RS_PW 38 "\x00\x00" // nonce = zero length buffer 39 "\x01" // session_attributes = continueSession 40 "\x00\x06" // password length 41 "secret", // password 42 15); 43 PasswordAuthorizationDelegate delegate("secret"); 44 std::string authorization; 45 std::string command_hash; 46 bool authorization_result = delegate.GetCommandAuthorization( 47 command_hash, false, false, &authorization); 48 EXPECT_EQ(authorization_result, true); 49 EXPECT_EQ(authorization.length(), expected_auth.length()); 50 EXPECT_EQ(expected_auth.compare(authorization), 0); 51 } 52 53 // This test looks at the delegate's ability to parse and check authorization 54 // responses when the response is well formed. 55 TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) { 56 std::string auth_response( 57 "\x00\x00" // nonceTpm = zero length buffer 58 "\x01" // session_attributes = continueSession 59 "\x00\x00", // hmac = zero length buffer 60 5); 61 PasswordAuthorizationDelegate delegate("secret"); 62 std::string response_hash; 63 bool authorization_result = 64 delegate.CheckResponseAuthorization(response_hash, auth_response); 65 EXPECT_EQ(authorization_result, true); 66 } 67 68 // This test checks the delegate's ability to correctly identify an incorrect 69 // authorization response. 70 TEST(PasswordAuthorizationDelegateTest, ParseBadParams) { 71 std::string auth_response( 72 "\x00\x00" // nonceTpm = zero length buffer 73 "\x01" // session_attributes = continueSession 74 "\x00\x06" // password length 75 "secret", // password 76 11); 77 PasswordAuthorizationDelegate delegate("secret"); 78 std::string response_hash; 79 bool authorization_result = 80 delegate.CheckResponseAuthorization(response_hash, auth_response); 81 EXPECT_EQ(authorization_result, false); 82 } 83 84 // This test confirms that after encrypting and decrypting a parameter, 85 // we get the original parameter back. 86 TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) { 87 PasswordAuthorizationDelegate delegate("secret"); 88 std::string plaintext_parameter("parameter"); 89 std::string encrypted_parameter(plaintext_parameter); 90 ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 91 delegate.EncryptCommandParameter(&encrypted_parameter); 92 delegate.DecryptResponseParameter(&encrypted_parameter); 93 EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 94 } 95 96 } // namespace trunks 97
