1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "trunks/trunks_factory_for_test.h" 18 19 #include <memory> 20 21 #include <base/memory/ptr_util.h> 22 #include <gmock/gmock.h> 23 24 #include "trunks/authorization_delegate.h" 25 #include "trunks/blob_parser.h" 26 #include "trunks/hmac_session.h" 27 #include "trunks/mock_blob_parser.h" 28 #include "trunks/mock_hmac_session.h" 29 #include "trunks/mock_policy_session.h" 30 #include "trunks/mock_session_manager.h" 31 #include "trunks/mock_tpm.h" 32 #include "trunks/mock_tpm_state.h" 33 #include "trunks/mock_tpm_utility.h" 34 #include "trunks/policy_session.h" 35 #include "trunks/session_manager.h" 36 #include "trunks/tpm_generated.h" 37 #include "trunks/tpm_state.h" 38 #include "trunks/tpm_utility.h" 39 40 using testing::NiceMock; 41 42 namespace trunks { 43 44 // Forwards all calls to a target instance. 45 class TpmStateForwarder : public TpmState { 46 public: 47 explicit TpmStateForwarder(TpmState* target) : target_(target) {} 48 ~TpmStateForwarder() override = default; 49 50 TPM_RC Initialize() override { return target_->Initialize(); } 51 52 bool IsOwnerPasswordSet() override { return target_->IsOwnerPasswordSet(); } 53 54 bool IsEndorsementPasswordSet() override { 55 return target_->IsEndorsementPasswordSet(); 56 } 57 58 bool IsLockoutPasswordSet() override { 59 return target_->IsLockoutPasswordSet(); 60 } 61 62 bool IsOwned() override { return target_->IsOwned(); } 63 64 bool IsInLockout() override { return target_->IsInLockout(); } 65 66 bool IsPlatformHierarchyEnabled() override { 67 return target_->IsPlatformHierarchyEnabled(); 68 } 69 70 bool IsStorageHierarchyEnabled() override { 71 return target_->IsStorageHierarchyEnabled(); 72 } 73 74 bool IsEndorsementHierarchyEnabled() override { 75 return target_->IsEndorsementHierarchyEnabled(); 76 } 77 78 bool IsEnabled() override { return target_->IsEnabled(); } 79 80 bool WasShutdownOrderly() override { return target_->WasShutdownOrderly(); } 81 82 bool IsRSASupported() override { return target_->IsRSASupported(); } 83 84 bool IsECCSupported() override { return target_->IsECCSupported(); } 85 86 uint32_t GetLockoutCounter() override { return target_->GetLockoutCounter(); } 87 88 uint32_t GetLockoutThreshold() override { 89 return target_->GetLockoutThreshold(); 90 } 91 92 uint32_t GetLockoutInterval() override { 93 return target_->GetLockoutInterval(); 94 } 95 96 uint32_t GetLockoutRecovery() override { 97 return target_->GetLockoutRecovery(); 98 } 99 100 uint32_t GetMaxNVSize() override { return target_->GetMaxNVSize(); } 101 102 bool GetTpmProperty(TPM_PT property, uint32_t* value) override { 103 return target_->GetTpmProperty(property, value); 104 } 105 106 bool GetAlgorithmProperties(TPM_ALG_ID algorithm, 107 TPMA_ALGORITHM* properties) override { 108 return target_->GetAlgorithmProperties(algorithm, properties); 109 } 110 111 private: 112 TpmState* target_; 113 }; 114 115 // Forwards all calls to a target instance. 116 class TpmUtilityForwarder : public TpmUtility { 117 public: 118 explicit TpmUtilityForwarder(TpmUtility* target) : target_(target) {} 119 ~TpmUtilityForwarder() override = default; 120 121 TPM_RC Startup() override { return target_->Startup(); } 122 123 TPM_RC Clear() override { return target_->Clear(); } 124 125 void Shutdown() override { return target_->Shutdown(); } 126 127 TPM_RC InitializeTpm() override { return target_->InitializeTpm(); } 128 129 TPM_RC AllocatePCR(const std::string& platform_password) override { 130 return target_->AllocatePCR(platform_password); 131 } 132 133 TPM_RC TakeOwnership(const std::string& owner_password, 134 const std::string& endorsement_password, 135 const std::string& lockout_password) override { 136 return target_->TakeOwnership(owner_password, endorsement_password, 137 lockout_password); 138 } 139 140 TPM_RC StirRandom(const std::string& entropy_data, 141 AuthorizationDelegate* delegate) override { 142 return target_->StirRandom(entropy_data, delegate); 143 } 144 145 TPM_RC GenerateRandom(size_t num_bytes, 146 AuthorizationDelegate* delegate, 147 std::string* random_data) override { 148 return target_->GenerateRandom(num_bytes, delegate, random_data); 149 } 150 151 TPM_RC ExtendPCR(int pcr_index, 152 const std::string& extend_data, 153 AuthorizationDelegate* delegate) override { 154 return target_->ExtendPCR(pcr_index, extend_data, delegate); 155 } 156 157 TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override { 158 return target_->ReadPCR(pcr_index, pcr_value); 159 } 160 161 TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle, 162 TPM_ALG_ID scheme, 163 TPM_ALG_ID hash_alg, 164 const std::string& plaintext, 165 AuthorizationDelegate* delegate, 166 std::string* ciphertext) override { 167 return target_->AsymmetricEncrypt(key_handle, scheme, hash_alg, plaintext, 168 delegate, ciphertext); 169 } 170 171 TPM_RC AsymmetricDecrypt(TPM_HANDLE key_handle, 172 TPM_ALG_ID scheme, 173 TPM_ALG_ID hash_alg, 174 const std::string& ciphertext, 175 AuthorizationDelegate* delegate, 176 std::string* plaintext) override { 177 return target_->AsymmetricDecrypt(key_handle, scheme, hash_alg, ciphertext, 178 delegate, plaintext); 179 } 180 181 TPM_RC Sign(TPM_HANDLE key_handle, 182 TPM_ALG_ID scheme, 183 TPM_ALG_ID hash_alg, 184 const std::string& plaintext, 185 AuthorizationDelegate* delegate, 186 std::string* signature) override { 187 return target_->Sign(key_handle, scheme, hash_alg, plaintext, delegate, 188 signature); 189 } 190 191 TPM_RC Verify(TPM_HANDLE key_handle, 192 TPM_ALG_ID scheme, 193 TPM_ALG_ID hash_alg, 194 const std::string& plaintext, 195 const std::string& signature, 196 AuthorizationDelegate* delegate) override { 197 return target_->Verify(key_handle, scheme, hash_alg, plaintext, signature, 198 delegate); 199 } 200 201 TPM_RC CertifyCreation(TPM_HANDLE key_handle, 202 const std::string& creation_blob) override { 203 return target_->CertifyCreation(key_handle, creation_blob); 204 } 205 206 TPM_RC ChangeKeyAuthorizationData(TPM_HANDLE key_handle, 207 const std::string& new_password, 208 AuthorizationDelegate* delegate, 209 std::string* key_blob) override { 210 return target_->ChangeKeyAuthorizationData(key_handle, new_password, 211 delegate, key_blob); 212 } 213 214 TPM_RC ImportRSAKey(AsymmetricKeyUsage key_type, 215 const std::string& modulus, 216 uint32_t public_exponent, 217 const std::string& prime_factor, 218 const std::string& password, 219 AuthorizationDelegate* delegate, 220 std::string* key_blob) override { 221 return target_->ImportRSAKey(key_type, modulus, public_exponent, 222 prime_factor, password, delegate, key_blob); 223 } 224 225 TPM_RC CreateRSAKeyPair(AsymmetricKeyUsage key_type, 226 int modulus_bits, 227 uint32_t public_exponent, 228 const std::string& password, 229 const std::string& policy_digest, 230 bool use_only_policy_authorization, 231 int creation_pcr_index, 232 AuthorizationDelegate* delegate, 233 std::string* key_blob, 234 std::string* creation_blob) override { 235 return target_->CreateRSAKeyPair( 236 key_type, modulus_bits, public_exponent, password, policy_digest, 237 use_only_policy_authorization, creation_pcr_index, delegate, key_blob, 238 creation_blob); 239 } 240 241 TPM_RC LoadKey(const std::string& key_blob, 242 AuthorizationDelegate* delegate, 243 TPM_HANDLE* key_handle) override { 244 return target_->LoadKey(key_blob, delegate, key_handle); 245 } 246 247 TPM_RC GetKeyName(TPM_HANDLE handle, std::string* name) override { 248 return target_->GetKeyName(handle, name); 249 } 250 251 TPM_RC GetKeyPublicArea(TPM_HANDLE handle, 252 TPMT_PUBLIC* public_data) override { 253 return target_->GetKeyPublicArea(handle, public_data); 254 } 255 256 TPM_RC SealData(const std::string& data_to_seal, 257 const std::string& policy_digest, 258 AuthorizationDelegate* delegate, 259 std::string* sealed_data) override { 260 return target_->SealData(data_to_seal, policy_digest, delegate, 261 sealed_data); 262 } 263 264 TPM_RC UnsealData(const std::string& sealed_data, 265 AuthorizationDelegate* delegate, 266 std::string* unsealed_data) override { 267 return target_->UnsealData(sealed_data, delegate, unsealed_data); 268 } 269 270 TPM_RC StartSession(HmacSession* session) override { 271 return target_->StartSession(session); 272 } 273 274 TPM_RC GetPolicyDigestForPcrValue(int pcr_index, 275 const std::string& pcr_value, 276 std::string* policy_digest) override { 277 return target_->GetPolicyDigestForPcrValue(pcr_index, pcr_value, 278 policy_digest); 279 } 280 281 TPM_RC DefineNVSpace(uint32_t index, 282 size_t num_bytes, 283 TPMA_NV attributes, 284 const std::string& authorization_value, 285 const std::string& policy_digest, 286 AuthorizationDelegate* delegate) override { 287 return target_->DefineNVSpace(index, num_bytes, attributes, 288 authorization_value, policy_digest, delegate); 289 } 290 291 TPM_RC DestroyNVSpace(uint32_t index, 292 AuthorizationDelegate* delegate) override { 293 return target_->DestroyNVSpace(index, delegate); 294 } 295 296 TPM_RC LockNVSpace(uint32_t index, 297 bool lock_read, 298 bool lock_write, 299 bool using_owner_authorization, 300 AuthorizationDelegate* delegate) override { 301 return target_->LockNVSpace(index, lock_read, lock_write, 302 using_owner_authorization, delegate); 303 } 304 305 TPM_RC WriteNVSpace(uint32_t index, 306 uint32_t offset, 307 const std::string& nvram_data, 308 bool using_owner_authorization, 309 bool extend, 310 AuthorizationDelegate* delegate) override { 311 return target_->WriteNVSpace(index, offset, nvram_data, 312 using_owner_authorization, extend, delegate); 313 } 314 315 TPM_RC ReadNVSpace(uint32_t index, 316 uint32_t offset, 317 size_t num_bytes, 318 bool using_owner_authorization, 319 std::string* nvram_data, 320 AuthorizationDelegate* delegate) override { 321 return target_->ReadNVSpace(index, offset, num_bytes, 322 using_owner_authorization, nvram_data, 323 delegate); 324 } 325 326 TPM_RC GetNVSpaceName(uint32_t index, std::string* name) override { 327 return target_->GetNVSpaceName(index, name); 328 } 329 330 TPM_RC GetNVSpacePublicArea(uint32_t index, 331 TPMS_NV_PUBLIC* public_data) override { 332 return target_->GetNVSpacePublicArea(index, public_data); 333 } 334 335 TPM_RC ListNVSpaces(std::vector<uint32_t>* index_list) override { 336 return target_->ListNVSpaces(index_list); 337 } 338 339 TPM_RC SetDictionaryAttackParameters( 340 uint32_t max_tries, 341 uint32_t recovery_time, 342 uint32_t lockout_recovery, 343 AuthorizationDelegate* delegate) override { 344 return target_->SetDictionaryAttackParameters(max_tries, recovery_time, 345 lockout_recovery, delegate); 346 } 347 348 TPM_RC ResetDictionaryAttackLock(AuthorizationDelegate* delegate) override { 349 return target_->ResetDictionaryAttackLock(delegate); 350 } 351 352 private: 353 TpmUtility* target_; 354 }; 355 356 // Forwards all calls to a target instance. 357 class AuthorizationDelegateForwarder : public AuthorizationDelegate { 358 public: 359 explicit AuthorizationDelegateForwarder(AuthorizationDelegate* target) 360 : target_(target) {} 361 ~AuthorizationDelegateForwarder() override = default; 362 363 bool GetCommandAuthorization(const std::string& command_hash, 364 bool is_command_parameter_encryption_possible, 365 bool is_response_parameter_encryption_possible, 366 std::string* authorization) override { 367 return target_->GetCommandAuthorization( 368 command_hash, is_command_parameter_encryption_possible, 369 is_response_parameter_encryption_possible, authorization); 370 } 371 372 bool CheckResponseAuthorization(const std::string& response_hash, 373 const std::string& authorization) override { 374 return target_->CheckResponseAuthorization(response_hash, authorization); 375 } 376 377 bool EncryptCommandParameter(std::string* parameter) override { 378 return target_->EncryptCommandParameter(parameter); 379 } 380 381 bool DecryptResponseParameter(std::string* parameter) override { 382 return target_->DecryptResponseParameter(parameter); 383 } 384 385 private: 386 AuthorizationDelegate* target_; 387 }; 388 389 // Forwards all calls to a target instance. 390 class SessionManagerForwarder : public SessionManager { 391 public: 392 explicit SessionManagerForwarder(SessionManager* target) : target_(target) {} 393 ~SessionManagerForwarder() override {} 394 395 TPM_HANDLE GetSessionHandle() const override { 396 return target_->GetSessionHandle(); 397 } 398 399 void CloseSession() override { return target_->CloseSession(); } 400 401 TPM_RC StartSession(TPM_SE session_type, 402 TPMI_DH_ENTITY bind_entity, 403 const std::string& bind_authorization_value, 404 bool enable_encryption, 405 HmacAuthorizationDelegate* delegate) override { 406 return target_->StartSession(session_type, bind_entity, 407 bind_authorization_value, enable_encryption, 408 delegate); 409 } 410 411 private: 412 SessionManager* target_; 413 }; 414 415 // Forwards all calls to a target instance. 416 class HmacSessionForwarder : public HmacSession { 417 public: 418 explicit HmacSessionForwarder(HmacSession* target) : target_(target) {} 419 ~HmacSessionForwarder() override = default; 420 421 AuthorizationDelegate* GetDelegate() override { 422 return target_->GetDelegate(); 423 } 424 425 TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity, 426 const std::string& bind_authorization_value, 427 bool enable_encryption) override { 428 return target_->StartBoundSession(bind_entity, bind_authorization_value, 429 enable_encryption); 430 } 431 432 TPM_RC StartUnboundSession(bool enable_encryption) override { 433 return target_->StartUnboundSession(enable_encryption); 434 } 435 436 void SetEntityAuthorizationValue(const std::string& value) override { 437 return target_->SetEntityAuthorizationValue(value); 438 } 439 440 void SetFutureAuthorizationValue(const std::string& value) override { 441 return target_->SetFutureAuthorizationValue(value); 442 } 443 444 private: 445 HmacSession* target_; 446 }; 447 448 // Forwards all calls to a target instance. 449 class PolicySessionForwarder : public PolicySession { 450 public: 451 explicit PolicySessionForwarder(PolicySession* target) : target_(target) {} 452 ~PolicySessionForwarder() override = default; 453 454 AuthorizationDelegate* GetDelegate() override { 455 return target_->GetDelegate(); 456 } 457 458 TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity, 459 const std::string& bind_authorization_value, 460 bool enable_encryption) override { 461 return target_->StartBoundSession(bind_entity, bind_authorization_value, 462 enable_encryption); 463 } 464 465 TPM_RC StartUnboundSession(bool enable_encryption) override { 466 return target_->StartUnboundSession(enable_encryption); 467 } 468 469 TPM_RC GetDigest(std::string* digest) override { 470 return target_->GetDigest(digest); 471 } 472 473 TPM_RC PolicyOR(const std::vector<std::string>& digests) override { 474 return target_->PolicyOR(digests); 475 } 476 477 TPM_RC PolicyPCR(uint32_t pcr_index, const std::string& pcr_value) override { 478 return target_->PolicyPCR(pcr_index, pcr_value); 479 } 480 481 TPM_RC PolicyCommandCode(TPM_CC command_code) override { 482 return target_->PolicyCommandCode(command_code); 483 } 484 485 TPM_RC PolicyAuthValue() override { return target_->PolicyAuthValue(); } 486 487 TPM_RC PolicyRestart() override { return target_->PolicyRestart(); } 488 489 void SetEntityAuthorizationValue(const std::string& value) override { 490 return target_->SetEntityAuthorizationValue(value); 491 } 492 493 private: 494 PolicySession* target_; 495 }; 496 497 // Forwards all calls to a target instance. 498 class BlobParserForwarder : public BlobParser { 499 public: 500 explicit BlobParserForwarder(BlobParser* target) : target_(target) {} 501 ~BlobParserForwarder() override = default; 502 503 bool SerializeKeyBlob(const TPM2B_PUBLIC& public_info, 504 const TPM2B_PRIVATE& private_info, 505 std::string* key_blob) override { 506 return target_->SerializeKeyBlob(public_info, private_info, key_blob); 507 } 508 509 bool ParseKeyBlob(const std::string& key_blob, 510 TPM2B_PUBLIC* public_info, 511 TPM2B_PRIVATE* private_info) override { 512 return target_->ParseKeyBlob(key_blob, public_info, private_info); 513 } 514 515 bool SerializeCreationBlob(const TPM2B_CREATION_DATA& creation_data, 516 const TPM2B_DIGEST& creation_hash, 517 const TPMT_TK_CREATION& creation_ticket, 518 std::string* creation_blob) override { 519 return target_->SerializeCreationBlob(creation_data, creation_hash, 520 creation_ticket, creation_blob); 521 } 522 523 bool ParseCreationBlob(const std::string& creation_blob, 524 TPM2B_CREATION_DATA* creation_data, 525 TPM2B_DIGEST* creation_hash, 526 TPMT_TK_CREATION* creation_ticket) override { 527 return target_->ParseCreationBlob(creation_blob, creation_data, 528 creation_hash, creation_ticket); 529 } 530 531 private: 532 BlobParser* target_; 533 }; 534 535 TrunksFactoryForTest::TrunksFactoryForTest() 536 : default_tpm_(new NiceMock<MockTpm>()), 537 tpm_(default_tpm_.get()), 538 default_tpm_state_(new NiceMock<MockTpmState>()), 539 tpm_state_(default_tpm_state_.get()), 540 default_tpm_utility_(new NiceMock<MockTpmUtility>()), 541 tpm_utility_(default_tpm_utility_.get()), 542 default_authorization_delegate_(new PasswordAuthorizationDelegate("")), 543 password_authorization_delegate_(default_authorization_delegate_.get()), 544 default_session_manager_(new NiceMock<MockSessionManager>()), 545 session_manager_(default_session_manager_.get()), 546 default_hmac_session_(new NiceMock<MockHmacSession>()), 547 hmac_session_(default_hmac_session_.get()), 548 default_policy_session_(new NiceMock<MockPolicySession>()), 549 policy_session_(default_policy_session_.get()), 550 default_trial_session_(new NiceMock<MockPolicySession>()), 551 trial_session_(default_trial_session_.get()), 552 default_blob_parser_(new NiceMock<MockBlobParser>()), 553 blob_parser_(default_blob_parser_.get()) {} 554 555 TrunksFactoryForTest::~TrunksFactoryForTest() {} 556 557 Tpm* TrunksFactoryForTest::GetTpm() const { 558 return tpm_; 559 } 560 561 std::unique_ptr<TpmState> TrunksFactoryForTest::GetTpmState() const { 562 return base::MakeUnique<TpmStateForwarder>(tpm_state_); 563 } 564 565 std::unique_ptr<TpmUtility> TrunksFactoryForTest::GetTpmUtility() const { 566 return base::MakeUnique<TpmUtilityForwarder>(tpm_utility_); 567 } 568 569 std::unique_ptr<AuthorizationDelegate> 570 TrunksFactoryForTest::GetPasswordAuthorization( 571 const std::string& password) const { 572 return base::MakeUnique<AuthorizationDelegateForwarder>( 573 password_authorization_delegate_); 574 } 575 576 std::unique_ptr<SessionManager> TrunksFactoryForTest::GetSessionManager() 577 const { 578 return base::MakeUnique<SessionManagerForwarder>(session_manager_); 579 } 580 581 std::unique_ptr<HmacSession> TrunksFactoryForTest::GetHmacSession() const { 582 return base::MakeUnique<HmacSessionForwarder>(hmac_session_); 583 } 584 585 std::unique_ptr<PolicySession> TrunksFactoryForTest::GetPolicySession() const { 586 return base::MakeUnique<PolicySessionForwarder>(policy_session_); 587 } 588 589 std::unique_ptr<PolicySession> TrunksFactoryForTest::GetTrialSession() const { 590 return base::MakeUnique<PolicySessionForwarder>(trial_session_); 591 } 592 593 std::unique_ptr<BlobParser> TrunksFactoryForTest::GetBlobParser() const { 594 return base::MakeUnique<BlobParserForwarder>(blob_parser_); 595 } 596 597 } // namespace trunks 598
