1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "trunks/policy_session_impl.h" 18 19 #include <crypto/sha2.h> 20 #include <gmock/gmock.h> 21 #include <gtest/gtest.h> 22 23 #include "trunks/error_codes.h" 24 #include "trunks/mock_session_manager.h" 25 #include "trunks/mock_tpm.h" 26 #include "trunks/tpm_generated.h" 27 #include "trunks/trunks_factory_for_test.h" 28 29 using testing::_; 30 using testing::NiceMock; 31 using testing::Return; 32 using testing::SaveArg; 33 using testing::SetArgPointee; 34 35 namespace trunks { 36 37 class PolicySessionTest : public testing::Test { 38 public: 39 PolicySessionTest() {} 40 ~PolicySessionTest() override {} 41 42 void SetUp() override { 43 factory_.set_session_manager(&mock_session_manager_); 44 factory_.set_tpm(&mock_tpm_); 45 } 46 47 HmacAuthorizationDelegate* GetHmacDelegate(PolicySessionImpl* session) { 48 return &(session->hmac_delegate_); 49 } 50 51 protected: 52 TrunksFactoryForTest factory_; 53 NiceMock<MockSessionManager> mock_session_manager_; 54 NiceMock<MockTpm> mock_tpm_; 55 }; 56 57 TEST_F(PolicySessionTest, GetDelegateUninitialized) { 58 PolicySessionImpl session(factory_); 59 EXPECT_CALL(mock_session_manager_, GetSessionHandle()) 60 .WillRepeatedly(Return(kUninitializedHandle)); 61 EXPECT_EQ(nullptr, session.GetDelegate()); 62 } 63 64 TEST_F(PolicySessionTest, GetDelegateSuccess) { 65 PolicySessionImpl session(factory_); 66 EXPECT_EQ(GetHmacDelegate(&session), session.GetDelegate()); 67 } 68 69 TEST_F(PolicySessionTest, StartBoundSessionSuccess) { 70 PolicySessionImpl session(factory_); 71 EXPECT_EQ(TPM_RC_SUCCESS, 72 session.StartBoundSession(TPM_RH_FIRST, "auth", true)); 73 } 74 75 TEST_F(PolicySessionTest, StartBoundSessionFailure) { 76 PolicySessionImpl session(factory_); 77 TPM_HANDLE handle = TPM_RH_FIRST; 78 EXPECT_CALL(mock_session_manager_, 79 StartSession(TPM_SE_POLICY, handle, _, true, _)) 80 .WillRepeatedly(Return(TPM_RC_FAILURE)); 81 EXPECT_EQ(TPM_RC_FAILURE, session.StartBoundSession(handle, "auth", true)); 82 } 83 84 TEST_F(PolicySessionTest, StartBoundSessionBadType) { 85 PolicySessionImpl session(factory_, TPM_SE_HMAC); 86 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 87 session.StartBoundSession(TPM_RH_FIRST, "auth", true)); 88 } 89 90 TEST_F(PolicySessionTest, StartUnboundSessionSuccess) { 91 PolicySessionImpl session(factory_); 92 EXPECT_EQ(TPM_RC_SUCCESS, session.StartUnboundSession(true)); 93 } 94 95 TEST_F(PolicySessionTest, StartUnboundSessionFailure) { 96 PolicySessionImpl session(factory_); 97 EXPECT_CALL(mock_session_manager_, 98 StartSession(TPM_SE_POLICY, TPM_RH_NULL, _, true, _)) 99 .WillRepeatedly(Return(TPM_RC_FAILURE)); 100 EXPECT_EQ(TPM_RC_FAILURE, session.StartUnboundSession(true)); 101 } 102 103 TEST_F(PolicySessionTest, GetDigestSuccess) { 104 PolicySessionImpl session(factory_); 105 std::string digest; 106 TPM2B_DIGEST policy_digest; 107 policy_digest.size = SHA256_DIGEST_SIZE; 108 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _)) 109 .WillOnce(DoAll(SetArgPointee<2>(policy_digest), Return(TPM_RC_SUCCESS))); 110 EXPECT_EQ(TPM_RC_SUCCESS, session.GetDigest(&digest)); 111 EXPECT_EQ(static_cast<size_t>(SHA256_DIGEST_SIZE), digest.size()); 112 } 113 114 TEST_F(PolicySessionTest, GetDigestFailure) { 115 PolicySessionImpl session(factory_); 116 std::string digest; 117 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _)) 118 .WillOnce(Return(TPM_RC_FAILURE)); 119 EXPECT_EQ(TPM_RC_FAILURE, session.GetDigest(&digest)); 120 } 121 122 TEST_F(PolicySessionTest, PolicyORSuccess) { 123 PolicySessionImpl session(factory_); 124 std::vector<std::string> digests; 125 digests.push_back("digest1"); 126 digests.push_back("digest2"); 127 digests.push_back("digest3"); 128 TPML_DIGEST tpm_digests; 129 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _)) 130 .WillOnce(DoAll(SaveArg<2>(&tpm_digests), Return(TPM_RC_SUCCESS))); 131 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyOR(digests)); 132 EXPECT_EQ(tpm_digests.count, digests.size()); 133 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[0]), digests[0]); 134 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[1]), digests[1]); 135 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[2]), digests[2]); 136 } 137 138 TEST_F(PolicySessionTest, PolicyORBadParam) { 139 PolicySessionImpl session(factory_); 140 std::vector<std::string> digests; 141 // We use 9 here because the maximum number of digests allowed by the TPM 142 // is 8. Therefore having 9 digests here should cause the code to fail. 143 digests.resize(9); 144 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyOR(digests)); 145 } 146 147 TEST_F(PolicySessionTest, PolicyORFailure) { 148 PolicySessionImpl session(factory_); 149 std::vector<std::string> digests; 150 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _)) 151 .WillOnce(Return(TPM_RC_FAILURE)); 152 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyOR(digests)); 153 } 154 155 TEST_F(PolicySessionTest, PolicyPCRSuccess) { 156 PolicySessionImpl session(factory_); 157 std::string pcr_digest("digest"); 158 int pcr_index = 1; 159 TPML_PCR_SELECTION pcr_select; 160 TPM2B_DIGEST pcr_value; 161 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _)) 162 .WillOnce(DoAll(SaveArg<2>(&pcr_value), SaveArg<3>(&pcr_select), 163 Return(TPM_RC_SUCCESS))); 164 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyPCR(pcr_index, pcr_digest)); 165 uint8_t pcr_select_index = pcr_index / 8; 166 uint8_t pcr_select_byte = 1 << (pcr_index % 8); 167 EXPECT_EQ(pcr_select.count, 1u); 168 EXPECT_EQ(pcr_select.pcr_selections[0].hash, TPM_ALG_SHA256); 169 EXPECT_EQ(pcr_select.pcr_selections[0].sizeof_select, PCR_SELECT_MIN); 170 EXPECT_EQ(pcr_select.pcr_selections[0].pcr_select[pcr_select_index], 171 pcr_select_byte); 172 EXPECT_EQ(StringFrom_TPM2B_DIGEST(pcr_value), 173 crypto::SHA256HashString(pcr_digest)); 174 } 175 176 TEST_F(PolicySessionTest, PolicyPCRFailure) { 177 PolicySessionImpl session(factory_); 178 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _)) 179 .WillOnce(Return(TPM_RC_FAILURE)); 180 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyPCR(1, "pcr_digest")); 181 } 182 183 TEST_F(PolicySessionTest, PolicyPCRTrialWithNoDigest) { 184 PolicySessionImpl session(factory_, TPM_SE_TRIAL); 185 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyPCR(1, "")); 186 } 187 188 TEST_F(PolicySessionTest, PolicyCommandCodeSuccess) { 189 PolicySessionImpl session(factory_); 190 TPM_CC command_code = TPM_CC_FIRST; 191 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, command_code, _)) 192 .WillOnce(Return(TPM_RC_SUCCESS)); 193 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyCommandCode(TPM_CC_FIRST)); 194 } 195 196 TEST_F(PolicySessionTest, PolicyCommandCodeFailure) { 197 PolicySessionImpl session(factory_); 198 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, _, _)) 199 .WillOnce(Return(TPM_RC_FAILURE)); 200 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyCommandCode(TPM_CC_FIRST)); 201 } 202 203 TEST_F(PolicySessionTest, PolicyAuthValueSuccess) { 204 PolicySessionImpl session(factory_); 205 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _)) 206 .WillOnce(Return(TPM_RC_SUCCESS)); 207 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyAuthValue()); 208 } 209 210 TEST_F(PolicySessionTest, PolicyAuthValueFailure) { 211 PolicySessionImpl session(factory_); 212 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _)) 213 .WillOnce(Return(TPM_RC_FAILURE)); 214 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyAuthValue()); 215 } 216 217 TEST_F(PolicySessionTest, EntityAuthorizationForwardingTest) { 218 PolicySessionImpl session(factory_); 219 std::string test_auth("test_auth"); 220 session.SetEntityAuthorizationValue(test_auth); 221 HmacAuthorizationDelegate* hmac_delegate = GetHmacDelegate(&session); 222 std::string entity_auth = hmac_delegate->entity_authorization_value(); 223 EXPECT_EQ(0, test_auth.compare(entity_auth)); 224 } 225 226 } // namespace trunks 227