Home | History | Annotate | Download | only in trunks 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #include "trunks/policy_session_impl.h"
     18 
     19 #include <crypto/sha2.h>
     20 #include <gmock/gmock.h>
     21 #include <gtest/gtest.h>
     22 
     23 #include "trunks/error_codes.h"
     24 #include "trunks/mock_session_manager.h"
     25 #include "trunks/mock_tpm.h"
     26 #include "trunks/tpm_generated.h"
     27 #include "trunks/trunks_factory_for_test.h"
     28 
     29 using testing::_;
     30 using testing::NiceMock;
     31 using testing::Return;
     32 using testing::SaveArg;
     33 using testing::SetArgPointee;
     34 
     35 namespace trunks {
     36 
     37 class PolicySessionTest : public testing::Test {
     38  public:
     39   PolicySessionTest() {}
     40   ~PolicySessionTest() override {}
     41 
     42   void SetUp() override {
     43     factory_.set_session_manager(&mock_session_manager_);
     44     factory_.set_tpm(&mock_tpm_);
     45   }
     46 
     47   HmacAuthorizationDelegate* GetHmacDelegate(PolicySessionImpl* session) {
     48     return &(session->hmac_delegate_);
     49   }
     50 
     51  protected:
     52   TrunksFactoryForTest factory_;
     53   NiceMock<MockSessionManager> mock_session_manager_;
     54   NiceMock<MockTpm> mock_tpm_;
     55 };
     56 
     57 TEST_F(PolicySessionTest, GetDelegateUninitialized) {
     58   PolicySessionImpl session(factory_);
     59   EXPECT_CALL(mock_session_manager_, GetSessionHandle())
     60       .WillRepeatedly(Return(kUninitializedHandle));
     61   EXPECT_EQ(nullptr, session.GetDelegate());
     62 }
     63 
     64 TEST_F(PolicySessionTest, GetDelegateSuccess) {
     65   PolicySessionImpl session(factory_);
     66   EXPECT_EQ(GetHmacDelegate(&session), session.GetDelegate());
     67 }
     68 
     69 TEST_F(PolicySessionTest, StartBoundSessionSuccess) {
     70   PolicySessionImpl session(factory_);
     71   EXPECT_EQ(TPM_RC_SUCCESS,
     72             session.StartBoundSession(TPM_RH_FIRST, "auth", true));
     73 }
     74 
     75 TEST_F(PolicySessionTest, StartBoundSessionFailure) {
     76   PolicySessionImpl session(factory_);
     77   TPM_HANDLE handle = TPM_RH_FIRST;
     78   EXPECT_CALL(mock_session_manager_,
     79               StartSession(TPM_SE_POLICY, handle, _, true, _))
     80       .WillRepeatedly(Return(TPM_RC_FAILURE));
     81   EXPECT_EQ(TPM_RC_FAILURE, session.StartBoundSession(handle, "auth", true));
     82 }
     83 
     84 TEST_F(PolicySessionTest, StartBoundSessionBadType) {
     85   PolicySessionImpl session(factory_, TPM_SE_HMAC);
     86   EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
     87             session.StartBoundSession(TPM_RH_FIRST, "auth", true));
     88 }
     89 
     90 TEST_F(PolicySessionTest, StartUnboundSessionSuccess) {
     91   PolicySessionImpl session(factory_);
     92   EXPECT_EQ(TPM_RC_SUCCESS, session.StartUnboundSession(true));
     93 }
     94 
     95 TEST_F(PolicySessionTest, StartUnboundSessionFailure) {
     96   PolicySessionImpl session(factory_);
     97   EXPECT_CALL(mock_session_manager_,
     98               StartSession(TPM_SE_POLICY, TPM_RH_NULL, _, true, _))
     99       .WillRepeatedly(Return(TPM_RC_FAILURE));
    100   EXPECT_EQ(TPM_RC_FAILURE, session.StartUnboundSession(true));
    101 }
    102 
    103 TEST_F(PolicySessionTest, GetDigestSuccess) {
    104   PolicySessionImpl session(factory_);
    105   std::string digest;
    106   TPM2B_DIGEST policy_digest;
    107   policy_digest.size = SHA256_DIGEST_SIZE;
    108   EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _))
    109       .WillOnce(DoAll(SetArgPointee<2>(policy_digest), Return(TPM_RC_SUCCESS)));
    110   EXPECT_EQ(TPM_RC_SUCCESS, session.GetDigest(&digest));
    111   EXPECT_EQ(static_cast<size_t>(SHA256_DIGEST_SIZE), digest.size());
    112 }
    113 
    114 TEST_F(PolicySessionTest, GetDigestFailure) {
    115   PolicySessionImpl session(factory_);
    116   std::string digest;
    117   EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _))
    118       .WillOnce(Return(TPM_RC_FAILURE));
    119   EXPECT_EQ(TPM_RC_FAILURE, session.GetDigest(&digest));
    120 }
    121 
    122 TEST_F(PolicySessionTest, PolicyORSuccess) {
    123   PolicySessionImpl session(factory_);
    124   std::vector<std::string> digests;
    125   digests.push_back("digest1");
    126   digests.push_back("digest2");
    127   digests.push_back("digest3");
    128   TPML_DIGEST tpm_digests;
    129   EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _))
    130       .WillOnce(DoAll(SaveArg<2>(&tpm_digests), Return(TPM_RC_SUCCESS)));
    131   EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyOR(digests));
    132   EXPECT_EQ(tpm_digests.count, digests.size());
    133   EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[0]), digests[0]);
    134   EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[1]), digests[1]);
    135   EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[2]), digests[2]);
    136 }
    137 
    138 TEST_F(PolicySessionTest, PolicyORBadParam) {
    139   PolicySessionImpl session(factory_);
    140   std::vector<std::string> digests;
    141   // We use 9 here because the maximum number of digests allowed by the TPM
    142   // is 8. Therefore having 9 digests here should cause the code to fail.
    143   digests.resize(9);
    144   EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyOR(digests));
    145 }
    146 
    147 TEST_F(PolicySessionTest, PolicyORFailure) {
    148   PolicySessionImpl session(factory_);
    149   std::vector<std::string> digests;
    150   EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _))
    151       .WillOnce(Return(TPM_RC_FAILURE));
    152   EXPECT_EQ(TPM_RC_FAILURE, session.PolicyOR(digests));
    153 }
    154 
    155 TEST_F(PolicySessionTest, PolicyPCRSuccess) {
    156   PolicySessionImpl session(factory_);
    157   std::string pcr_digest("digest");
    158   int pcr_index = 1;
    159   TPML_PCR_SELECTION pcr_select;
    160   TPM2B_DIGEST pcr_value;
    161   EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _))
    162       .WillOnce(DoAll(SaveArg<2>(&pcr_value), SaveArg<3>(&pcr_select),
    163                       Return(TPM_RC_SUCCESS)));
    164   EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyPCR(pcr_index, pcr_digest));
    165   uint8_t pcr_select_index = pcr_index / 8;
    166   uint8_t pcr_select_byte = 1 << (pcr_index % 8);
    167   EXPECT_EQ(pcr_select.count, 1u);
    168   EXPECT_EQ(pcr_select.pcr_selections[0].hash, TPM_ALG_SHA256);
    169   EXPECT_EQ(pcr_select.pcr_selections[0].sizeof_select, PCR_SELECT_MIN);
    170   EXPECT_EQ(pcr_select.pcr_selections[0].pcr_select[pcr_select_index],
    171             pcr_select_byte);
    172   EXPECT_EQ(StringFrom_TPM2B_DIGEST(pcr_value),
    173             crypto::SHA256HashString(pcr_digest));
    174 }
    175 
    176 TEST_F(PolicySessionTest, PolicyPCRFailure) {
    177   PolicySessionImpl session(factory_);
    178   EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _))
    179       .WillOnce(Return(TPM_RC_FAILURE));
    180   EXPECT_EQ(TPM_RC_FAILURE, session.PolicyPCR(1, "pcr_digest"));
    181 }
    182 
    183 TEST_F(PolicySessionTest, PolicyPCRTrialWithNoDigest) {
    184   PolicySessionImpl session(factory_, TPM_SE_TRIAL);
    185   EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyPCR(1, ""));
    186 }
    187 
    188 TEST_F(PolicySessionTest, PolicyCommandCodeSuccess) {
    189   PolicySessionImpl session(factory_);
    190   TPM_CC command_code = TPM_CC_FIRST;
    191   EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, command_code, _))
    192       .WillOnce(Return(TPM_RC_SUCCESS));
    193   EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyCommandCode(TPM_CC_FIRST));
    194 }
    195 
    196 TEST_F(PolicySessionTest, PolicyCommandCodeFailure) {
    197   PolicySessionImpl session(factory_);
    198   EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, _, _))
    199       .WillOnce(Return(TPM_RC_FAILURE));
    200   EXPECT_EQ(TPM_RC_FAILURE, session.PolicyCommandCode(TPM_CC_FIRST));
    201 }
    202 
    203 TEST_F(PolicySessionTest, PolicyAuthValueSuccess) {
    204   PolicySessionImpl session(factory_);
    205   EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _))
    206       .WillOnce(Return(TPM_RC_SUCCESS));
    207   EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyAuthValue());
    208 }
    209 
    210 TEST_F(PolicySessionTest, PolicyAuthValueFailure) {
    211   PolicySessionImpl session(factory_);
    212   EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _))
    213       .WillOnce(Return(TPM_RC_FAILURE));
    214   EXPECT_EQ(TPM_RC_FAILURE, session.PolicyAuthValue());
    215 }
    216 
    217 TEST_F(PolicySessionTest, EntityAuthorizationForwardingTest) {
    218   PolicySessionImpl session(factory_);
    219   std::string test_auth("test_auth");
    220   session.SetEntityAuthorizationValue(test_auth);
    221   HmacAuthorizationDelegate* hmac_delegate = GetHmacDelegate(&session);
    222   std::string entity_auth = hmac_delegate->entity_authorization_value();
    223   EXPECT_EQ(0, test_auth.compare(entity_auth));
    224 }
    225 
    226 }  // namespace trunks
    227