1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <base/stl_util.h> 18 #include <crypto/sha2.h> 19 #include <gmock/gmock.h> 20 #include <gtest/gtest.h> 21 #include <openssl/aes.h> 22 23 #include "trunks/error_codes.h" 24 #include "trunks/hmac_authorization_delegate.h" 25 #include "trunks/mock_authorization_delegate.h" 26 #include "trunks/mock_blob_parser.h" 27 #include "trunks/mock_hmac_session.h" 28 #include "trunks/mock_policy_session.h" 29 #include "trunks/mock_tpm.h" 30 #include "trunks/mock_tpm_state.h" 31 #include "trunks/tpm_constants.h" 32 #include "trunks/tpm_utility_impl.h" 33 #include "trunks/trunks_factory_for_test.h" 34 35 using testing::_; 36 using testing::DoAll; 37 using testing::NiceMock; 38 using testing::Return; 39 using testing::SaveArg; 40 using testing::SetArgPointee; 41 42 namespace trunks { 43 44 // A test fixture for TpmUtility tests. 45 class TpmUtilityTest : public testing::Test { 46 public: 47 TpmUtilityTest() : utility_(factory_) {} 48 ~TpmUtilityTest() override {} 49 void SetUp() override { 50 factory_.set_blob_parser(&mock_blob_parser_); 51 factory_.set_tpm_state(&mock_tpm_state_); 52 factory_.set_tpm(&mock_tpm_); 53 factory_.set_hmac_session(&mock_hmac_session_); 54 factory_.set_trial_session(&mock_trial_session_); 55 } 56 57 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area, 58 std::string* object_name) { 59 return utility_.ComputeKeyName(public_area, object_name); 60 } 61 62 void SetNVRAMMap(uint32_t index, const TPMS_NV_PUBLIC& public_area) { 63 utility_.nvram_public_area_map_[index] = public_area; 64 } 65 66 TPM_RC GetNVRAMMap(uint32_t index, TPMS_NV_PUBLIC* public_area) { 67 auto it = utility_.nvram_public_area_map_.find(index); 68 if (it == utility_.nvram_public_area_map_.end()) { 69 return TPM_RC_FAILURE; 70 } 71 *public_area = it->second; 72 return TPM_RC_SUCCESS; 73 } 74 75 TPM_RC SetKnownOwnerPassword(const std::string& owner_password) { 76 return utility_.SetKnownOwnerPassword(owner_password); 77 } 78 79 TPM_RC CreateStorageRootKeys(const std::string& owner_password) { 80 return utility_.CreateStorageRootKeys(owner_password); 81 } 82 83 TPM_RC CreateSaltingKey(const std::string& owner_password) { 84 return utility_.CreateSaltingKey(owner_password); 85 } 86 87 void SetExistingKeyHandleExpectation(TPM_HANDLE handle) { 88 TPMS_CAPABILITY_DATA capability_data = {}; 89 TPML_HANDLE& handles = capability_data.data.handles; 90 handles.count = 1; 91 handles.handle[0] = handle; 92 EXPECT_CALL(mock_tpm_, 93 GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _)) 94 .WillRepeatedly( 95 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 96 } 97 98 void PopulatePCRSelection(bool has_sha1_pcrs, 99 bool make_sha1_bank_empty, 100 bool has_sha256_pcrs, 101 TPML_PCR_SELECTION* pcrs) { 102 memset(pcrs, 0, sizeof(TPML_PCR_SELECTION)); 103 // By convention fill SHA-256 first. This is a bit brittle because order is 104 // not important but it simplifies comparison to memcmp. 105 if (has_sha256_pcrs) { 106 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256; 107 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 108 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 109 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 110 } 111 ++pcrs->count; 112 } 113 if (has_sha1_pcrs) { 114 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1; 115 if (make_sha1_bank_empty) { 116 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX; 117 } else { 118 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 119 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 120 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 121 } 122 } 123 ++pcrs->count; 124 } 125 } 126 127 void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) { 128 TPMS_CAPABILITY_DATA capability_data = {}; 129 TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr; 130 PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs); 131 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _)) 132 .WillRepeatedly( 133 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 134 } 135 136 protected: 137 TrunksFactoryForTest factory_; 138 NiceMock<MockBlobParser> mock_blob_parser_; 139 NiceMock<MockTpmState> mock_tpm_state_; 140 NiceMock<MockTpm> mock_tpm_; 141 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_; 142 NiceMock<MockHmacSession> mock_hmac_session_; 143 NiceMock<MockPolicySession> mock_trial_session_; 144 TpmUtilityImpl utility_; 145 }; 146 147 TEST_F(TpmUtilityTest, StartupSuccess) { 148 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 149 } 150 151 TEST_F(TpmUtilityTest, StartupAlreadyStarted) { 152 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 153 .WillRepeatedly(Return(TPM_RC_INITIALIZE)); 154 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 155 } 156 157 TEST_F(TpmUtilityTest, StartupFailure) { 158 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 159 .WillRepeatedly(Return(TPM_RC_FAILURE)); 160 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 161 } 162 163 TEST_F(TpmUtilityTest, StartupSelfTestFailure) { 164 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _)) 165 .WillRepeatedly(Return(TPM_RC_FAILURE)); 166 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 167 } 168 169 TEST_F(TpmUtilityTest, ClearSuccess) { 170 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 171 } 172 173 TEST_F(TpmUtilityTest, ClearAfterBadInit) { 174 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 175 .WillOnce(Return(TPM_RC_AUTH_MISSING)) 176 .WillOnce(Return(TPM_RC_SUCCESS)); 177 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 178 } 179 180 TEST_F(TpmUtilityTest, ClearFail) { 181 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)).WillOnce(Return(TPM_RC_FAILURE)); 182 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear()); 183 } 184 185 TEST_F(TpmUtilityTest, ShutdownTest) { 186 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _)); 187 utility_.Shutdown(); 188 } 189 190 TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) { 191 SetExistingPCRSExpectation(false, true); 192 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 193 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 194 } 195 196 TEST_F(TpmUtilityTest, InitializeTpmSuccess) { 197 SetExistingPCRSExpectation(false, true); 198 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 199 } 200 201 TEST_F(TpmUtilityTest, InitializeTpmBadAuth) { 202 SetExistingPCRSExpectation(false, true); 203 // Reject attempts to set platform auth. 204 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _)) 205 .WillRepeatedly(Return(TPM_RC_FAILURE)); 206 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 207 } 208 209 TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) { 210 SetExistingPCRSExpectation(false, true); 211 // Reject attempts to disable the platform hierarchy. 212 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _)) 213 .WillRepeatedly(Return(TPM_RC_FAILURE)); 214 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 215 } 216 217 TEST_F(TpmUtilityTest, AllocatePCRFromNone) { 218 SetExistingPCRSExpectation(false, false); 219 TPML_PCR_SELECTION new_pcr_allocation; 220 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 221 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 222 Return(TPM_RC_SUCCESS))); 223 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 224 ASSERT_EQ(1u, new_pcr_allocation.count); 225 TPML_PCR_SELECTION expected_pcr_allocation; 226 PopulatePCRSelection(false, false, true, &expected_pcr_allocation); 227 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 228 sizeof(TPML_PCR_SELECTION))); 229 } 230 231 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) { 232 SetExistingPCRSExpectation(true, false); 233 TPML_PCR_SELECTION new_pcr_allocation; 234 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 235 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 236 Return(TPM_RC_SUCCESS))); 237 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 238 ASSERT_EQ(2u, new_pcr_allocation.count); 239 TPML_PCR_SELECTION expected_pcr_allocation; 240 PopulatePCRSelection(true, true, true, &expected_pcr_allocation); 241 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 242 sizeof(TPML_PCR_SELECTION))); 243 } 244 245 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) { 246 SetExistingPCRSExpectation(true, true); 247 TPML_PCR_SELECTION new_pcr_allocation; 248 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 249 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 250 Return(TPM_RC_SUCCESS))); 251 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 252 ASSERT_EQ(1u, new_pcr_allocation.count); 253 TPML_PCR_SELECTION expected_pcr_allocation; 254 PopulatePCRSelection(true, true, false, &expected_pcr_allocation); 255 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 256 sizeof(TPML_PCR_SELECTION))); 257 } 258 259 TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) { 260 SetExistingPCRSExpectation(false, true); 261 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 262 .Times(0); 263 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 264 } 265 266 TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) { 267 SetExistingPCRSExpectation(false, false); 268 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 269 .WillOnce(Return(TPM_RC_FAILURE)); 270 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 271 } 272 273 TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) { 274 SetExistingPCRSExpectation(false, false); 275 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 276 .WillOnce(DoAll(SetArgPointee<3>(NO), Return(TPM_RC_SUCCESS))); 277 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 278 } 279 280 TEST_F(TpmUtilityTest, TakeOwnershipSuccess) { 281 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 282 .WillRepeatedly(Return(false)); 283 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 284 .WillRepeatedly(Return(false)); 285 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 286 .WillRepeatedly(Return(false)); 287 EXPECT_EQ(TPM_RC_SUCCESS, 288 utility_.TakeOwnership("owner", "endorsement", "lockout")); 289 } 290 291 TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) { 292 EXPECT_EQ(TPM_RC_SUCCESS, 293 utility_.TakeOwnership("owner", "endorsement", "lockout")); 294 } 295 296 TEST_F(TpmUtilityTest, TakeOwnershipBadSession) { 297 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 298 .WillRepeatedly(Return(TPM_RC_FAILURE)); 299 EXPECT_EQ(TPM_RC_FAILURE, 300 utility_.TakeOwnership("owner", "endorsement", "lockout")); 301 } 302 303 TEST_F(TpmUtilityTest, TakeOwnershipFailure) { 304 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 305 .WillRepeatedly(Return(TPM_RC_FAILURE)); 306 EXPECT_EQ(TPM_RC_FAILURE, 307 utility_.TakeOwnership("owner", "endorsement", "lockout")); 308 } 309 310 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) { 311 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 312 .WillRepeatedly(Return(false)); 313 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 314 .WillRepeatedly(Return(false)); 315 EXPECT_EQ(TPM_RC_SUCCESS, 316 utility_.TakeOwnership("owner", "endorsement", "lockout")); 317 } 318 319 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) { 320 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 321 .WillRepeatedly(Return(false)); 322 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 323 .WillRepeatedly(Return(false)); 324 EXPECT_EQ(TPM_RC_SUCCESS, 325 utility_.TakeOwnership("owner", "endorsement", "lockout")); 326 } 327 328 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) { 329 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 330 .WillRepeatedly(Return(false)); 331 EXPECT_EQ(TPM_RC_SUCCESS, 332 utility_.TakeOwnership("owner", "endorsement", "lockout")); 333 } 334 335 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) { 336 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 337 .WillRepeatedly(Return(false)); 338 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 339 .WillRepeatedly(Return(false)); 340 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 341 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 342 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 343 .WillRepeatedly(Return(TPM_RC_FAILURE)); 344 EXPECT_EQ(TPM_RC_FAILURE, 345 utility_.TakeOwnership("owner", "endorsement", "lockout")); 346 } 347 348 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) { 349 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 350 .WillRepeatedly(Return(false)); 351 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 352 .WillRepeatedly(Return(false)); 353 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 354 .WillRepeatedly(Return(false)); 355 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 356 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 357 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 358 .WillRepeatedly(Return(TPM_RC_FAILURE)); 359 EXPECT_EQ(TPM_RC_FAILURE, 360 utility_.TakeOwnership("owner", "endorsement", "lockout")); 361 } 362 363 TEST_F(TpmUtilityTest, StirRandomSuccess) { 364 std::string entropy_data("large test data", 100); 365 EXPECT_EQ(TPM_RC_SUCCESS, 366 utility_.StirRandom(entropy_data, &mock_authorization_delegate_)); 367 } 368 369 TEST_F(TpmUtilityTest, StirRandomFails) { 370 std::string entropy_data("test data"); 371 EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr)) 372 .WillOnce(Return(TPM_RC_FAILURE)); 373 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr)); 374 } 375 376 TEST_F(TpmUtilityTest, GenerateRandomSuccess) { 377 // This number is larger than the max bytes the GetRandom call can return. 378 // Therefore we expect software to make multiple calls to fill this many 379 // bytes. 380 size_t num_bytes = 72; 381 std::string random_data; 382 TPM2B_DIGEST large_random; 383 large_random.size = 32; 384 TPM2B_DIGEST small_random; 385 small_random.size = 8; 386 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_)) 387 .Times(2) 388 .WillRepeatedly( 389 DoAll(SetArgPointee<1>(large_random), Return(TPM_RC_SUCCESS))); 390 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_)) 391 .WillOnce(DoAll(SetArgPointee<1>(small_random), Return(TPM_RC_SUCCESS))); 392 EXPECT_EQ(TPM_RC_SUCCESS, 393 utility_.GenerateRandom(num_bytes, &mock_authorization_delegate_, 394 &random_data)); 395 EXPECT_EQ(num_bytes, random_data.size()); 396 } 397 398 TEST_F(TpmUtilityTest, GenerateRandomFails) { 399 size_t num_bytes = 5; 400 std::string random_data; 401 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr)) 402 .WillOnce(Return(TPM_RC_FAILURE)); 403 EXPECT_EQ(TPM_RC_FAILURE, 404 utility_.GenerateRandom(num_bytes, nullptr, &random_data)); 405 } 406 407 TEST_F(TpmUtilityTest, ExtendPCRSuccess) { 408 TPM_HANDLE pcr_handle = HR_PCR + 1; 409 TPML_DIGEST_VALUES digests; 410 EXPECT_CALL(mock_tpm_, 411 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_)) 412 .WillOnce(DoAll(SaveArg<2>(&digests), Return(TPM_RC_SUCCESS))); 413 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest", 414 &mock_authorization_delegate_)); 415 EXPECT_EQ(1u, digests.count); 416 EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg); 417 std::string hash_string = crypto::SHA256HashString("test digest"); 418 EXPECT_EQ(0, memcmp(hash_string.data(), digests.digests[0].digest.sha256, 419 crypto::kSHA256Length)); 420 } 421 422 TEST_F(TpmUtilityTest, ExtendPCRFail) { 423 int pcr_index = 0; 424 TPM_HANDLE pcr_handle = HR_PCR + pcr_index; 425 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _)) 426 .WillOnce(Return(TPM_RC_FAILURE)); 427 EXPECT_EQ(TPM_RC_FAILURE, 428 utility_.ExtendPCR(pcr_index, "test digest", nullptr)); 429 } 430 431 TEST_F(TpmUtilityTest, ExtendPCRBadParam) { 432 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr)); 433 } 434 435 TEST_F(TpmUtilityTest, ReadPCRSuccess) { 436 // The |pcr_index| is chosen to match the structure for |pcr_select|. 437 // If you change |pcr_index|, remember to change |pcr_select|. 438 int pcr_index = 1; 439 std::string pcr_value; 440 TPML_PCR_SELECTION pcr_select; 441 pcr_select.count = 1; 442 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 443 pcr_select.pcr_selections[0].sizeof_select = 1; 444 pcr_select.pcr_selections[0].pcr_select[0] = 2; 445 TPML_DIGEST pcr_values; 446 pcr_values.count = 1; 447 pcr_values.digests[0].size = 5; 448 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 449 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 450 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS))); 451 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value)); 452 } 453 454 TEST_F(TpmUtilityTest, ReadPCRFail) { 455 std::string pcr_value; 456 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 457 .WillOnce(Return(TPM_RC_FAILURE)); 458 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 459 } 460 461 TEST_F(TpmUtilityTest, ReadPCRBadReturn) { 462 std::string pcr_value; 463 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 464 } 465 466 TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) { 467 TPM_HANDLE key_handle; 468 std::string plaintext; 469 std::string output_ciphertext("ciphertext"); 470 std::string ciphertext; 471 TPM2B_PUBLIC_KEY_RSA out_message = 472 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 473 TPM2B_PUBLIC public_area; 474 public_area.public_area.type = TPM_ALG_RSA; 475 public_area.public_area.object_attributes = kDecrypt; 476 public_area.public_area.auth_policy.size = 0; 477 public_area.public_area.unique.rsa.size = 0; 478 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 479 .WillRepeatedly( 480 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 481 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, 482 &mock_authorization_delegate_)) 483 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS))); 484 EXPECT_EQ(TPM_RC_SUCCESS, 485 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 486 plaintext, &mock_authorization_delegate_, 487 &ciphertext)); 488 EXPECT_EQ(0, ciphertext.compare(output_ciphertext)); 489 } 490 491 TEST_F(TpmUtilityTest, AsymmetricEncryptFail) { 492 TPM_HANDLE key_handle; 493 std::string plaintext; 494 std::string ciphertext; 495 TPM2B_PUBLIC public_area; 496 public_area.public_area.type = TPM_ALG_RSA; 497 public_area.public_area.object_attributes = kDecrypt; 498 public_area.public_area.auth_policy.size = 0; 499 public_area.public_area.unique.rsa.size = 0; 500 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 501 .WillRepeatedly( 502 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 503 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 504 .WillOnce(Return(TPM_RC_FAILURE)); 505 EXPECT_EQ(TPM_RC_FAILURE, 506 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 507 plaintext, nullptr, &ciphertext)); 508 } 509 510 TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) { 511 TPM_HANDLE key_handle = TPM_RH_FIRST; 512 std::string plaintext; 513 std::string ciphertext; 514 TPM2B_PUBLIC public_area; 515 public_area.public_area.type = TPM_ALG_RSA; 516 public_area.public_area.object_attributes = kDecrypt | kRestricted; 517 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr)) 518 .WillRepeatedly( 519 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 520 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 521 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 522 plaintext, nullptr, &ciphertext)); 523 } 524 525 TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) { 526 TPM_HANDLE key_handle; 527 std::string plaintext; 528 std::string output_ciphertext("ciphertext"); 529 std::string ciphertext; 530 TPM2B_PUBLIC_KEY_RSA out_message = 531 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 532 TPM2B_PUBLIC public_area; 533 public_area.public_area.type = TPM_ALG_RSA; 534 public_area.public_area.object_attributes = kDecrypt; 535 public_area.public_area.auth_policy.size = 0; 536 public_area.public_area.unique.rsa.size = 0; 537 TPMT_RSA_DECRYPT scheme; 538 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 539 .WillRepeatedly( 540 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 541 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 542 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 543 Return(TPM_RC_SUCCESS))); 544 EXPECT_EQ(TPM_RC_SUCCESS, 545 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 546 plaintext, nullptr, &ciphertext)); 547 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 548 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 549 } 550 551 TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) { 552 TPM_HANDLE key_handle; 553 std::string plaintext; 554 std::string output_ciphertext("ciphertext"); 555 std::string ciphertext; 556 TPM2B_PUBLIC_KEY_RSA out_message = 557 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 558 TPM2B_PUBLIC public_area; 559 public_area.public_area.type = TPM_ALG_RSA; 560 public_area.public_area.object_attributes = kDecrypt; 561 public_area.public_area.auth_policy.size = 0; 562 public_area.public_area.unique.rsa.size = 0; 563 TPMT_RSA_DECRYPT scheme; 564 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 565 .WillRepeatedly( 566 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 567 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 568 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 569 Return(TPM_RC_SUCCESS))); 570 EXPECT_EQ(TPM_RC_SUCCESS, 571 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 572 plaintext, nullptr, &ciphertext)); 573 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 574 } 575 576 TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) { 577 TPM_HANDLE key_handle; 578 std::string plaintext; 579 std::string output_plaintext("plaintext"); 580 std::string ciphertext; 581 std::string password("password"); 582 TPM2B_PUBLIC_KEY_RSA out_message = 583 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 584 TPM2B_PUBLIC public_area; 585 public_area.public_area.type = TPM_ALG_RSA; 586 public_area.public_area.object_attributes = kDecrypt; 587 public_area.public_area.auth_policy.size = 0; 588 public_area.public_area.unique.rsa.size = 0; 589 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 590 .WillRepeatedly( 591 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 592 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, 593 &mock_authorization_delegate_)) 594 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS))); 595 EXPECT_EQ(TPM_RC_SUCCESS, 596 utility_.AsymmetricDecrypt( 597 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 598 &mock_authorization_delegate_, &plaintext)); 599 EXPECT_EQ(0, plaintext.compare(output_plaintext)); 600 } 601 602 TEST_F(TpmUtilityTest, AsymmetricDecryptFail) { 603 TPM_HANDLE key_handle; 604 std::string key_name; 605 std::string plaintext; 606 std::string ciphertext; 607 std::string password; 608 TPM2B_PUBLIC public_area; 609 public_area.public_area.type = TPM_ALG_RSA; 610 public_area.public_area.object_attributes = kDecrypt; 611 public_area.public_area.auth_policy.size = 0; 612 public_area.public_area.unique.rsa.size = 0; 613 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 614 .WillRepeatedly( 615 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 616 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 617 .WillOnce(Return(TPM_RC_FAILURE)); 618 EXPECT_EQ(TPM_RC_FAILURE, 619 utility_.AsymmetricDecrypt( 620 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 621 &mock_authorization_delegate_, &plaintext)); 622 } 623 624 TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) { 625 TPM_HANDLE key_handle = TPM_RH_FIRST; 626 std::string plaintext; 627 std::string ciphertext; 628 TPM2B_PUBLIC public_area; 629 public_area.public_area.type = TPM_ALG_RSA; 630 public_area.public_area.object_attributes = kDecrypt | kRestricted; 631 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 632 .WillRepeatedly( 633 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 634 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 635 utility_.AsymmetricDecrypt( 636 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext, 637 &mock_authorization_delegate_, &plaintext)); 638 } 639 640 TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) { 641 TPM_HANDLE key_handle = TPM_RH_FIRST; 642 std::string key_name; 643 std::string plaintext; 644 std::string ciphertext; 645 std::string password; 646 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 647 utility_.AsymmetricDecrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 648 ciphertext, nullptr, &plaintext)); 649 } 650 651 TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) { 652 TPM_HANDLE key_handle; 653 std::string plaintext; 654 std::string output_plaintext("plaintext"); 655 std::string ciphertext; 656 std::string password; 657 TPM2B_PUBLIC_KEY_RSA out_message = 658 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 659 TPM2B_PUBLIC public_area; 660 public_area.public_area.type = TPM_ALG_RSA; 661 public_area.public_area.object_attributes = kDecrypt; 662 public_area.public_area.auth_policy.size = 0; 663 public_area.public_area.unique.rsa.size = 0; 664 TPMT_RSA_DECRYPT scheme; 665 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 666 .WillRepeatedly( 667 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 668 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 669 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 670 Return(TPM_RC_SUCCESS))); 671 EXPECT_EQ(TPM_RC_SUCCESS, 672 utility_.AsymmetricDecrypt( 673 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 674 &mock_authorization_delegate_, &plaintext)); 675 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 676 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 677 } 678 679 TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) { 680 TPM_HANDLE key_handle; 681 std::string plaintext; 682 std::string output_plaintext("plaintext"); 683 std::string ciphertext; 684 std::string password; 685 TPM2B_PUBLIC_KEY_RSA out_message = 686 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 687 TPM2B_PUBLIC public_area; 688 public_area.public_area.type = TPM_ALG_RSA; 689 public_area.public_area.object_attributes = kDecrypt; 690 public_area.public_area.auth_policy.size = 0; 691 public_area.public_area.unique.rsa.size = 0; 692 TPMT_RSA_DECRYPT scheme; 693 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 694 .WillRepeatedly( 695 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 696 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 697 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 698 Return(TPM_RC_SUCCESS))); 699 EXPECT_EQ(TPM_RC_SUCCESS, 700 utility_.AsymmetricDecrypt( 701 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext, 702 &mock_authorization_delegate_, &plaintext)); 703 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 704 } 705 706 TEST_F(TpmUtilityTest, SignSuccess) { 707 TPM_HANDLE key_handle; 708 std::string password("password"); 709 std::string digest(32, 'a'); 710 TPMT_SIGNATURE signature_out; 711 signature_out.signature.rsassa.sig.size = 2; 712 signature_out.signature.rsassa.sig.buffer[0] = 'h'; 713 signature_out.signature.rsassa.sig.buffer[1] = 'i'; 714 std::string signature; 715 TPM2B_PUBLIC public_area; 716 public_area.public_area.type = TPM_ALG_RSA; 717 public_area.public_area.object_attributes = kSign; 718 public_area.public_area.auth_policy.size = 0; 719 public_area.public_area.unique.rsa.size = 0; 720 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 721 .WillRepeatedly( 722 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 723 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, 724 &mock_authorization_delegate_)) 725 .WillOnce(DoAll(SetArgPointee<5>(signature_out), Return(TPM_RC_SUCCESS))); 726 EXPECT_EQ(TPM_RC_SUCCESS, 727 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 728 &mock_authorization_delegate_, &signature)); 729 EXPECT_EQ(0, signature.compare("hi")); 730 } 731 732 TEST_F(TpmUtilityTest, SignFail) { 733 TPM_HANDLE key_handle; 734 std::string password; 735 std::string digest(32, 'a'); 736 std::string signature; 737 TPM2B_PUBLIC public_area; 738 public_area.public_area.type = TPM_ALG_RSA; 739 public_area.public_area.object_attributes = kSign; 740 public_area.public_area.auth_policy.size = 0; 741 public_area.public_area.unique.rsa.size = 0; 742 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 743 .WillRepeatedly( 744 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 745 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 746 .WillOnce(Return(TPM_RC_FAILURE)); 747 EXPECT_EQ(TPM_RC_FAILURE, 748 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 749 &mock_authorization_delegate_, &signature)); 750 } 751 752 TEST_F(TpmUtilityTest, SignBadParams1) { 753 TPM_HANDLE key_handle; 754 std::string password; 755 std::string digest(32, 'a'); 756 std::string signature; 757 TPM2B_PUBLIC public_area; 758 public_area.public_area.type = TPM_ALG_RSA; 759 public_area.public_area.object_attributes = kSign | kRestricted; 760 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 761 .WillRepeatedly( 762 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 763 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 764 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 765 &mock_authorization_delegate_, &signature)); 766 } 767 768 TEST_F(TpmUtilityTest, SignBadAuthorizationSession) { 769 TPM_HANDLE key_handle = TPM_RH_FIRST; 770 std::string password; 771 std::string digest(32, 'a'); 772 std::string signature; 773 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 774 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 775 nullptr, &signature)); 776 } 777 778 TEST_F(TpmUtilityTest, SignBadParams2) { 779 TPM_HANDLE key_handle; 780 std::string password; 781 std::string digest(32, 'a'); 782 std::string signature; 783 TPM2B_PUBLIC public_area; 784 public_area.public_area.type = TPM_ALG_RSA; 785 public_area.public_area.object_attributes = kDecrypt; 786 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 787 .WillRepeatedly( 788 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 789 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 790 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 791 &mock_authorization_delegate_, &signature)); 792 } 793 794 TEST_F(TpmUtilityTest, SignBadParams3) { 795 TPM_HANDLE key_handle; 796 std::string password; 797 std::string digest(32, 'a'); 798 std::string signature; 799 TPM2B_PUBLIC public_area; 800 public_area.public_area.type = TPM_ALG_ECC; 801 public_area.public_area.object_attributes = kSign; 802 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 803 .WillRepeatedly( 804 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 805 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 806 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 807 &mock_authorization_delegate_, &signature)); 808 } 809 810 TEST_F(TpmUtilityTest, SignBadParams4) { 811 TPM_HANDLE key_handle; 812 std::string password; 813 std::string digest(32, 'a'); 814 std::string signature; 815 TPM2B_PUBLIC public_area; 816 public_area.public_area.type = TPM_ALG_RSA; 817 public_area.public_area.object_attributes = kSign; 818 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 819 .WillRepeatedly( 820 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE))); 821 EXPECT_EQ(TPM_RC_FAILURE, 822 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 823 &mock_authorization_delegate_, &signature)); 824 } 825 826 TEST_F(TpmUtilityTest, SignBadParams5) { 827 TPM_HANDLE key_handle = 0; 828 std::string password; 829 std::string digest(32, 'a'); 830 std::string signature; 831 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 832 utility_.Sign(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest, 833 &mock_authorization_delegate_, &signature)); 834 } 835 836 TEST_F(TpmUtilityTest, SignNullSchemeForward) { 837 TPM_HANDLE key_handle; 838 std::string password; 839 std::string digest(32, 'a'); 840 TPMT_SIGNATURE signature_out; 841 signature_out.signature.rsassa.sig.size = 0; 842 std::string signature; 843 TPM2B_PUBLIC public_area; 844 TPMT_SIG_SCHEME scheme; 845 public_area.public_area.type = TPM_ALG_RSA; 846 public_area.public_area.object_attributes = kSign; 847 public_area.public_area.auth_policy.size = 0; 848 public_area.public_area.unique.rsa.size = 0; 849 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 850 .WillRepeatedly( 851 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 852 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 853 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme), 854 Return(TPM_RC_SUCCESS))); 855 EXPECT_EQ(TPM_RC_SUCCESS, 856 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 857 &mock_authorization_delegate_, &signature)); 858 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA); 859 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256); 860 } 861 862 TEST_F(TpmUtilityTest, SignSchemeForward) { 863 TPM_HANDLE key_handle; 864 std::string password; 865 std::string digest(64, 'a'); 866 TPMT_SIGNATURE signature_out; 867 signature_out.signature.rsassa.sig.size = 0; 868 std::string signature; 869 TPM2B_PUBLIC public_area; 870 TPMT_SIG_SCHEME scheme; 871 public_area.public_area.type = TPM_ALG_RSA; 872 public_area.public_area.object_attributes = kSign; 873 public_area.public_area.auth_policy.size = 0; 874 public_area.public_area.unique.rsa.size = 0; 875 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 876 .WillRepeatedly( 877 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 878 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 879 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme), 880 Return(TPM_RC_SUCCESS))); 881 EXPECT_EQ(TPM_RC_SUCCESS, 882 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest, 883 &mock_authorization_delegate_, &signature)); 884 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS); 885 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1); 886 } 887 888 TEST_F(TpmUtilityTest, VerifySuccess) { 889 TPM_HANDLE key_handle; 890 std::string digest(32, 'a'); 891 std::string signature; 892 TPM2B_PUBLIC public_area; 893 public_area.public_area.type = TPM_ALG_RSA; 894 public_area.public_area.object_attributes = kSign; 895 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 896 .WillRepeatedly( 897 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 898 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 899 .WillOnce(Return(TPM_RC_SUCCESS)); 900 EXPECT_EQ(TPM_RC_SUCCESS, 901 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 902 signature, nullptr)); 903 } 904 905 TEST_F(TpmUtilityTest, VerifyFail) { 906 TPM_HANDLE key_handle; 907 std::string digest(32, 'a'); 908 std::string signature; 909 TPM2B_PUBLIC public_area; 910 public_area.public_area.type = TPM_ALG_RSA; 911 public_area.public_area.object_attributes = kSign; 912 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 913 .WillRepeatedly( 914 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 915 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 916 .WillOnce(Return(TPM_RC_FAILURE)); 917 EXPECT_EQ(TPM_RC_FAILURE, 918 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 919 signature, nullptr)); 920 } 921 922 TEST_F(TpmUtilityTest, VerifyBadParams1) { 923 TPM_HANDLE key_handle; 924 std::string digest(32, 'a'); 925 std::string signature; 926 TPM2B_PUBLIC public_area; 927 public_area.public_area.type = TPM_ALG_RSA; 928 public_area.public_area.object_attributes = kSign | kRestricted; 929 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 930 .WillRepeatedly( 931 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 932 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 933 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 934 signature, nullptr)); 935 } 936 937 TEST_F(TpmUtilityTest, VerifyBadParams2) { 938 TPM_HANDLE key_handle; 939 std::string digest(32, 'a'); 940 std::string signature; 941 TPM2B_PUBLIC public_area; 942 public_area.public_area.type = TPM_ALG_RSA; 943 public_area.public_area.object_attributes = kDecrypt; 944 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 945 .WillRepeatedly( 946 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 947 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 948 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 949 signature, nullptr)); 950 } 951 952 TEST_F(TpmUtilityTest, VerifyBadParams3) { 953 TPM_HANDLE key_handle; 954 std::string digest(32, 'a'); 955 std::string signature; 956 TPM2B_PUBLIC public_area; 957 public_area.public_area.type = TPM_ALG_ECC; 958 public_area.public_area.object_attributes = kSign; 959 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 960 .WillRepeatedly( 961 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 962 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 963 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 964 signature, nullptr)); 965 } 966 967 TEST_F(TpmUtilityTest, VerifyBadParams4) { 968 TPM_HANDLE key_handle; 969 std::string digest(32, 'a'); 970 std::string signature; 971 TPM2B_PUBLIC public_area; 972 public_area.public_area.type = TPM_ALG_RSA; 973 public_area.public_area.object_attributes = kSign; 974 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 975 .WillRepeatedly( 976 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE))); 977 EXPECT_EQ(TPM_RC_FAILURE, 978 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 979 signature, nullptr)); 980 } 981 982 TEST_F(TpmUtilityTest, VerifyBadParams5) { 983 TPM_HANDLE key_handle; 984 std::string digest(32, 'a'); 985 std::string signature; 986 TPM2B_PUBLIC public_area; 987 public_area.public_area.type = TPM_ALG_RSA; 988 public_area.public_area.object_attributes = kSign; 989 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 990 .WillRepeatedly( 991 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 992 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 993 utility_.Verify(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest, 994 signature, nullptr)); 995 } 996 997 TEST_F(TpmUtilityTest, VerifyNullSchemeForward) { 998 TPM_HANDLE key_handle; 999 std::string digest(32, 'a'); 1000 std::string signature; 1001 TPM2B_PUBLIC public_area; 1002 TPMT_SIGNATURE signature_in; 1003 public_area.public_area.type = TPM_ALG_RSA; 1004 public_area.public_area.object_attributes = kSign; 1005 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1006 .WillRepeatedly( 1007 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1008 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1009 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS))); 1010 EXPECT_EQ(TPM_RC_SUCCESS, 1011 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 1012 signature, nullptr)); 1013 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA); 1014 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256); 1015 } 1016 1017 TEST_F(TpmUtilityTest, VerifySchemeForward) { 1018 TPM_HANDLE key_handle; 1019 std::string digest(64, 'a'); 1020 std::string signature; 1021 TPM2B_PUBLIC public_area; 1022 TPMT_SIGNATURE signature_in; 1023 public_area.public_area.type = TPM_ALG_RSA; 1024 public_area.public_area.object_attributes = kSign; 1025 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1026 .WillRepeatedly( 1027 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1028 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1029 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS))); 1030 EXPECT_EQ(TPM_RC_SUCCESS, 1031 utility_.Verify(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest, 1032 signature, nullptr)); 1033 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS); 1034 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1); 1035 } 1036 1037 TEST_F(TpmUtilityTest, CertifyCreationSuccess) { 1038 TPM_HANDLE key_handle = 42; 1039 std::string creation_blob; 1040 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _, 1041 _, _, _, _, _)) 1042 .WillOnce(Return(TPM_RC_SUCCESS)); 1043 EXPECT_EQ(TPM_RC_SUCCESS, 1044 utility_.CertifyCreation(key_handle, creation_blob)); 1045 } 1046 1047 TEST_F(TpmUtilityTest, CertifyCreationParserError) { 1048 TPM_HANDLE key_handle = 42; 1049 std::string creation_blob; 1050 EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _)) 1051 .WillOnce(Return(false)); 1052 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1053 utility_.CertifyCreation(key_handle, creation_blob)); 1054 } 1055 1056 TEST_F(TpmUtilityTest, CertifyCreationFailure) { 1057 TPM_HANDLE key_handle = 42; 1058 std::string creation_blob; 1059 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _, 1060 _, _, _, _, _)) 1061 .WillOnce(Return(TPM_RC_FAILURE)); 1062 EXPECT_EQ(TPM_RC_FAILURE, 1063 utility_.CertifyCreation(key_handle, creation_blob)); 1064 } 1065 1066 TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) { 1067 TPM_HANDLE key_handle = 1; 1068 std::string new_password; 1069 std::string key_blob; 1070 TPM2B_PUBLIC public_area; 1071 public_area.public_area.type = TPM_ALG_RSA; 1072 public_area.public_area.auth_policy.size = 0; 1073 public_area.public_area.unique.rsa.size = 0; 1074 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1075 .WillRepeatedly( 1076 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1077 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData( 1078 key_handle, new_password, 1079 &mock_authorization_delegate_, &key_blob)); 1080 } 1081 1082 TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) { 1083 TPM_HANDLE key_handle = 1; 1084 std::string old_password; 1085 std::string new_password; 1086 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1087 .WillOnce(Return(TPM_RC_FAILURE)); 1088 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1089 key_handle, new_password, 1090 &mock_authorization_delegate_, nullptr)); 1091 } 1092 1093 TEST_F(TpmUtilityTest, ChangeAuthDataFailure) { 1094 TPM_HANDLE key_handle = 1; 1095 std::string new_password; 1096 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _)) 1097 .WillOnce(Return(TPM_RC_FAILURE)); 1098 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1099 key_handle, new_password, 1100 &mock_authorization_delegate_, nullptr)); 1101 } 1102 1103 TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) { 1104 TPM_HANDLE key_handle = 1; 1105 std::string new_password; 1106 std::string key_blob; 1107 TPM2B_PUBLIC public_area; 1108 public_area.public_area.type = TPM_ALG_RSA; 1109 public_area.public_area.auth_policy.size = 0; 1110 public_area.public_area.unique.rsa.size = 0; 1111 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1112 .WillRepeatedly( 1113 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1114 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1115 .WillOnce(Return(false)); 1116 EXPECT_EQ( 1117 SAPI_RC_BAD_TCTI_STRUCTURE, 1118 utility_.ChangeKeyAuthorizationData( 1119 key_handle, new_password, &mock_authorization_delegate_, &key_blob)); 1120 } 1121 1122 TEST_F(TpmUtilityTest, ImportRSAKeySuccess) { 1123 uint32_t public_exponent = 0x10001; 1124 std::string modulus(256, 'a'); 1125 std::string prime_factor(128, 'b'); 1126 std::string password("password"); 1127 std::string key_blob; 1128 TPM2B_DATA encryption_key; 1129 TPM2B_PUBLIC public_data; 1130 TPM2B_PRIVATE private_data; 1131 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1132 .WillOnce(DoAll(SaveArg<2>(&encryption_key), SaveArg<3>(&public_data), 1133 SaveArg<4>(&private_data), Return(TPM_RC_SUCCESS))); 1134 EXPECT_EQ( 1135 TPM_RC_SUCCESS, 1136 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1137 modulus, public_exponent, prime_factor, password, 1138 &mock_authorization_delegate_, &key_blob)); 1139 // Validate that the public area was properly constructed. 1140 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits, 1141 modulus.size() * 8); 1142 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent, 1143 public_exponent); 1144 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size()); 1145 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer, modulus.data(), 1146 modulus.size())); 1147 // Validate the private struct construction. 1148 EXPECT_EQ(kAesKeySize, encryption_key.size); 1149 AES_KEY key; 1150 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key); 1151 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0}; 1152 int iv_in = 0; 1153 std::string unencrypted_private(private_data.size, 0); 1154 AES_cfb128_encrypt( 1155 reinterpret_cast<const unsigned char*>(private_data.buffer), 1156 reinterpret_cast<unsigned char*>( 1157 base::string_as_array(&unencrypted_private)), 1158 private_data.size, &key, iv, &iv_in, AES_DECRYPT); 1159 TPM2B_DIGEST inner_integrity; 1160 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private, 1161 &inner_integrity, nullptr)); 1162 std::string object_name; 1163 EXPECT_EQ(TPM_RC_SUCCESS, 1164 ComputeKeyName(public_data.public_area, &object_name)); 1165 std::string integrity_value = 1166 crypto::SHA256HashString(unencrypted_private + object_name); 1167 EXPECT_EQ(integrity_value.size(), inner_integrity.size); 1168 EXPECT_EQ(0, memcmp(inner_integrity.buffer, integrity_value.data(), 1169 inner_integrity.size)); 1170 TPM2B_SENSITIVE sensitive_data; 1171 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private, 1172 &sensitive_data, nullptr)); 1173 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size()); 1174 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer, 1175 password.data(), password.size())); 1176 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size, 1177 prime_factor.size()); 1178 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer, 1179 prime_factor.data(), prime_factor.size())); 1180 } 1181 1182 TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) { 1183 uint32_t public_exponent = 0x10001; 1184 std::string modulus(256, 'a'); 1185 std::string prime_factor(128, 'b'); 1186 std::string password; 1187 EXPECT_EQ( 1188 TPM_RC_SUCCESS, 1189 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1190 modulus, public_exponent, prime_factor, password, 1191 &mock_authorization_delegate_, nullptr)); 1192 } 1193 1194 TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) { 1195 uint32_t public_exponent = 0x10001; 1196 std::string modulus(256, 'a'); 1197 std::string prime_factor(128, 'b'); 1198 std::string password; 1199 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1200 .WillOnce(Return(TPM_RC_FAILURE)); 1201 EXPECT_EQ( 1202 TPM_RC_FAILURE, 1203 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1204 modulus, public_exponent, prime_factor, password, 1205 &mock_authorization_delegate_, nullptr)); 1206 } 1207 1208 TEST_F(TpmUtilityTest, ImportRSAKeyFail) { 1209 std::string modulus; 1210 std::string prime_factor; 1211 std::string password; 1212 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1213 .WillOnce(Return(TPM_RC_FAILURE)); 1214 EXPECT_EQ(TPM_RC_FAILURE, 1215 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1216 modulus, 0x10001, prime_factor, password, 1217 &mock_authorization_delegate_, nullptr)); 1218 } 1219 1220 TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) { 1221 std::string modulus; 1222 std::string prime_factor; 1223 std::string password; 1224 std::string key_blob; 1225 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1226 .WillOnce(Return(false)); 1227 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1228 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1229 modulus, 0x10001, prime_factor, password, 1230 &mock_authorization_delegate_, &key_blob)); 1231 } 1232 1233 TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) { 1234 TPM2B_PUBLIC public_area; 1235 TPML_PCR_SELECTION creation_pcrs; 1236 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1237 _, _, &mock_authorization_delegate_)) 1238 .WillOnce(DoAll(SaveArg<2>(&public_area), SaveArg<3>(&creation_pcrs), 1239 Return(TPM_RC_SUCCESS))); 1240 std::string key_blob; 1241 std::string creation_blob; 1242 int creation_pcr = 12; 1243 EXPECT_EQ(TPM_RC_SUCCESS, 1244 utility_.CreateRSAKeyPair( 1245 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048, 1246 0x10001, "password", "", false, creation_pcr, 1247 &mock_authorization_delegate_, &key_blob, &creation_blob)); 1248 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1249 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1250 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 1251 kUserWithAuth); 1252 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u); 1253 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1254 TPM_ALG_NULL); 1255 EXPECT_EQ(1u, creation_pcrs.count); 1256 EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash); 1257 EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select); 1258 EXPECT_EQ(1u << (creation_pcr % 8), 1259 creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]); 1260 } 1261 1262 TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) { 1263 TPM2B_PUBLIC public_area; 1264 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1265 _, _, &mock_authorization_delegate_)) 1266 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS))); 1267 std::string key_blob; 1268 EXPECT_EQ(TPM_RC_SUCCESS, 1269 utility_.CreateRSAKeyPair( 1270 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, 1271 "password", "", false, kNoCreationPCR, 1272 &mock_authorization_delegate_, &key_blob, nullptr)); 1273 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1274 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u); 1275 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1276 TPM_ALG_NULL); 1277 } 1278 1279 TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) { 1280 TPM2B_PUBLIC public_area; 1281 TPM2B_SENSITIVE_CREATE sensitive_create; 1282 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1283 _, _, &mock_authorization_delegate_)) 1284 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&public_area), 1285 Return(TPM_RC_SUCCESS))); 1286 std::string key_blob; 1287 std::string policy_digest(32, 'a'); 1288 std::string key_auth("password"); 1289 EXPECT_EQ( 1290 TPM_RC_SUCCESS, 1291 utility_.CreateRSAKeyPair( 1292 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth, 1293 policy_digest, true /* use_only_policy_authorization */, 1294 kNoCreationPCR, &mock_authorization_delegate_, &key_blob, nullptr)); 1295 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u); 1296 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1297 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u); 1298 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 1299 kAdminWithPolicy); 1300 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1301 TPM_ALG_NULL); 1302 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048); 1303 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u); 1304 EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size()); 1305 EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer, 1306 policy_digest.data(), policy_digest.size())); 1307 EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size()); 1308 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer, 1309 key_auth.data(), key_auth.size())); 1310 } 1311 1312 TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) { 1313 std::string key_blob; 1314 EXPECT_EQ( 1315 SAPI_RC_INVALID_SESSIONS, 1316 utility_.CreateRSAKeyPair(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1317 2048, 0x10001, "password", "", false, 1318 kNoCreationPCR, nullptr, &key_blob, nullptr)); 1319 } 1320 1321 TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) { 1322 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1323 _, _, &mock_authorization_delegate_)) 1324 .WillOnce(Return(TPM_RC_FAILURE)); 1325 std::string key_blob; 1326 EXPECT_EQ(TPM_RC_FAILURE, 1327 utility_.CreateRSAKeyPair( 1328 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1329 "password", "", false, kNoCreationPCR, 1330 &mock_authorization_delegate_, &key_blob, nullptr)); 1331 } 1332 1333 TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) { 1334 std::string key_blob; 1335 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1336 .WillOnce(Return(false)); 1337 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1338 utility_.CreateRSAKeyPair( 1339 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1340 "password", "", false, kNoCreationPCR, 1341 &mock_authorization_delegate_, &key_blob, nullptr)); 1342 } 1343 1344 TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) { 1345 std::string creation_blob; 1346 std::string key_blob; 1347 EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob)) 1348 .WillOnce(Return(false)); 1349 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1350 utility_.CreateRSAKeyPair( 1351 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1352 "password", "", false, kNoCreationPCR, 1353 &mock_authorization_delegate_, &key_blob, &creation_blob)); 1354 } 1355 1356 TEST_F(TpmUtilityTest, LoadKeySuccess) { 1357 TPM_HANDLE key_handle = TPM_RH_FIRST; 1358 TPM_HANDLE loaded_handle; 1359 EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _, 1360 &mock_authorization_delegate_)) 1361 .WillOnce(DoAll(SetArgPointee<4>(key_handle), Return(TPM_RC_SUCCESS))); 1362 std::string key_blob; 1363 EXPECT_EQ(TPM_RC_SUCCESS, 1364 utility_.LoadKey(key_blob, &mock_authorization_delegate_, 1365 &loaded_handle)); 1366 EXPECT_EQ(loaded_handle, key_handle); 1367 } 1368 1369 TEST_F(TpmUtilityTest, LoadKeyFailure) { 1370 TPM_HANDLE key_handle; 1371 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1372 .WillOnce(Return(TPM_RC_FAILURE)); 1373 std::string key_blob; 1374 EXPECT_EQ( 1375 TPM_RC_FAILURE, 1376 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle)); 1377 } 1378 1379 TEST_F(TpmUtilityTest, LoadKeyBadDelegate) { 1380 TPM_HANDLE key_handle; 1381 std::string key_blob; 1382 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1383 utility_.LoadKey(key_blob, nullptr, &key_handle)); 1384 } 1385 1386 TEST_F(TpmUtilityTest, LoadKeyParserFail) { 1387 TPM_HANDLE key_handle; 1388 std::string key_blob; 1389 EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _)) 1390 .WillOnce(Return(false)); 1391 EXPECT_EQ( 1392 SAPI_RC_BAD_TCTI_STRUCTURE, 1393 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle)); 1394 } 1395 1396 TEST_F(TpmUtilityTest, SealedDataSuccess) { 1397 std::string data_to_seal("seal_data"); 1398 std::string sealed_data; 1399 TPM2B_SENSITIVE_CREATE sensitive_create; 1400 TPM2B_PUBLIC in_public; 1401 EXPECT_CALL(mock_tpm_, 1402 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _)) 1403 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&in_public), 1404 Return(TPM_RC_SUCCESS))); 1405 EXPECT_EQ(TPM_RC_SUCCESS, 1406 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1407 &sealed_data)); 1408 EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size()); 1409 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer, 1410 data_to_seal.data(), data_to_seal.size())); 1411 EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH); 1412 EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256); 1413 } 1414 1415 TEST_F(TpmUtilityTest, SealDataBadDelegate) { 1416 std::string data_to_seal("seal_data"); 1417 std::string sealed_data; 1418 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1419 utility_.SealData(data_to_seal, "", nullptr, &sealed_data)); 1420 } 1421 1422 TEST_F(TpmUtilityTest, SealDataFailure) { 1423 std::string data_to_seal("seal_data"); 1424 std::string sealed_data; 1425 EXPECT_CALL(mock_tpm_, 1426 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _)) 1427 .WillOnce(Return(TPM_RC_FAILURE)); 1428 EXPECT_EQ(TPM_RC_FAILURE, 1429 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1430 &sealed_data)); 1431 } 1432 1433 TEST_F(TpmUtilityTest, SealDataParserFail) { 1434 std::string data_to_seal("seal_data"); 1435 std::string sealed_data; 1436 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data)) 1437 .WillOnce(Return(false)); 1438 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1439 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1440 &sealed_data)); 1441 } 1442 1443 TEST_F(TpmUtilityTest, UnsealDataSuccess) { 1444 std::string sealed_data; 1445 std::string tpm_unsealed_data("password"); 1446 std::string unsealed_data; 1447 TPM_HANDLE object_handle = 42; 1448 TPM2B_PUBLIC public_data; 1449 public_data.public_area.auth_policy.size = 0; 1450 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1451 .WillRepeatedly( 1452 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS))); 1453 EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _)) 1454 .WillRepeatedly( 1455 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS))); 1456 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1457 .WillOnce(DoAll(SetArgPointee<4>(object_handle), Return(TPM_RC_SUCCESS))); 1458 TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data); 1459 EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _)) 1460 .WillOnce(DoAll(SetArgPointee<2>(out_data), Return(TPM_RC_SUCCESS))); 1461 EXPECT_EQ(TPM_RC_SUCCESS, 1462 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1463 &unsealed_data)); 1464 EXPECT_EQ(unsealed_data, tpm_unsealed_data); 1465 } 1466 1467 TEST_F(TpmUtilityTest, UnsealDataBadDelegate) { 1468 std::string sealed_data; 1469 std::string unsealed_data; 1470 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1471 utility_.UnsealData(sealed_data, nullptr, &unsealed_data)); 1472 } 1473 1474 TEST_F(TpmUtilityTest, UnsealDataLoadFail) { 1475 std::string sealed_data; 1476 std::string unsealed_data; 1477 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1478 .WillOnce(Return(TPM_RC_FAILURE)); 1479 EXPECT_EQ(TPM_RC_FAILURE, 1480 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1481 &unsealed_data)); 1482 } 1483 1484 TEST_F(TpmUtilityTest, UnsealDataBadKeyName) { 1485 std::string sealed_data; 1486 std::string unsealed_data; 1487 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1488 .WillOnce(Return(TPM_RC_FAILURE)); 1489 EXPECT_EQ(TPM_RC_FAILURE, 1490 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1491 &unsealed_data)); 1492 } 1493 1494 TEST_F(TpmUtilityTest, UnsealObjectFailure) { 1495 std::string sealed_data; 1496 std::string unsealed_data; 1497 EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _)) 1498 .WillOnce(Return(TPM_RC_FAILURE)); 1499 EXPECT_EQ(TPM_RC_FAILURE, 1500 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1501 &unsealed_data)); 1502 } 1503 1504 TEST_F(TpmUtilityTest, StartSessionSuccess) { 1505 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1506 .WillOnce(Return(TPM_RC_SUCCESS)); 1507 EXPECT_EQ(TPM_RC_SUCCESS, utility_.StartSession(&mock_hmac_session_)); 1508 } 1509 1510 TEST_F(TpmUtilityTest, StartSessionFailure) { 1511 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1512 .WillOnce(Return(TPM_RC_FAILURE)); 1513 EXPECT_EQ(TPM_RC_FAILURE, utility_.StartSession(&mock_hmac_session_)); 1514 } 1515 1516 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) { 1517 int index = 5; 1518 std::string pcr_value("pcr_value"); 1519 std::string policy_digest; 1520 TPML_PCR_SELECTION pcr_select; 1521 pcr_select.count = 1; 1522 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 1523 pcr_select.pcr_selections[0].sizeof_select = 1; 1524 pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8); 1525 TPML_DIGEST pcr_values; 1526 pcr_values.count = 1; 1527 pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value); 1528 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1529 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 1530 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS))); 1531 std::string tpm_pcr_value; 1532 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1533 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS))); 1534 std::string tpm_policy_digest("digest"); 1535 EXPECT_CALL(mock_trial_session_, GetDigest(_)) 1536 .WillOnce( 1537 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS))); 1538 EXPECT_EQ(TPM_RC_SUCCESS, 1539 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1540 EXPECT_EQ(policy_digest, tpm_policy_digest); 1541 EXPECT_EQ(pcr_value, tpm_pcr_value); 1542 } 1543 1544 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) { 1545 int index = 5; 1546 std::string pcr_value("pcr_value"); 1547 std::string policy_digest; 1548 std::string tpm_pcr_value; 1549 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1550 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS))); 1551 std::string tpm_policy_digest("digest"); 1552 EXPECT_CALL(mock_trial_session_, GetDigest(_)) 1553 .WillOnce( 1554 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS))); 1555 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetPolicyDigestForPcrValue( 1556 index, pcr_value, &policy_digest)); 1557 EXPECT_EQ(policy_digest, tpm_policy_digest); 1558 EXPECT_EQ(pcr_value, tpm_pcr_value); 1559 } 1560 1561 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) { 1562 int index = 5; 1563 std::string pcr_value("value"); 1564 std::string policy_digest; 1565 EXPECT_CALL(mock_trial_session_, StartUnboundSession(false)) 1566 .WillOnce(Return(TPM_RC_FAILURE)); 1567 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1568 index, pcr_value, &policy_digest)); 1569 } 1570 1571 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) { 1572 int index = 5; 1573 std::string policy_digest; 1574 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1575 .WillOnce(Return(TPM_RC_FAILURE)); 1576 EXPECT_EQ(TPM_RC_FAILURE, 1577 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1578 } 1579 1580 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) { 1581 int index = 5; 1582 std::string pcr_value("value"); 1583 std::string policy_digest; 1584 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1585 .WillOnce(Return(TPM_RC_FAILURE)); 1586 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1587 index, pcr_value, &policy_digest)); 1588 } 1589 1590 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) { 1591 int index = 5; 1592 std::string pcr_value("value"); 1593 std::string policy_digest; 1594 EXPECT_CALL(mock_trial_session_, GetDigest(&policy_digest)) 1595 .WillOnce(Return(TPM_RC_FAILURE)); 1596 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1597 index, pcr_value, &policy_digest)); 1598 } 1599 1600 TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) { 1601 uint32_t index = 59; 1602 uint32_t nvram_index = NV_INDEX_FIRST + index; 1603 size_t length = 256; 1604 TPMA_NV attributes = TPMA_NV_WRITEDEFINE; 1605 TPM2B_NV_PUBLIC public_data; 1606 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1607 .WillOnce(DoAll(SaveArg<3>(&public_data), Return(TPM_RC_SUCCESS))); 1608 EXPECT_EQ(TPM_RC_SUCCESS, 1609 utility_.DefineNVSpace(index, length, attributes, "", "", 1610 &mock_authorization_delegate_)); 1611 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index); 1612 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256); 1613 EXPECT_EQ(public_data.nv_public.attributes, attributes); 1614 EXPECT_EQ(public_data.nv_public.data_size, length); 1615 } 1616 1617 TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) { 1618 size_t bad_length = 3000; 1619 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1620 utility_.DefineNVSpace(0, bad_length, 0, "", "", 1621 &mock_authorization_delegate_)); 1622 } 1623 1624 TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) { 1625 uint32_t bad_index = 1 << 29; 1626 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1627 utility_.DefineNVSpace(bad_index, 2, 0, "", "", 1628 &mock_authorization_delegate_)); 1629 } 1630 1631 TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) { 1632 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1633 utility_.DefineNVSpace(0, 2, 0, "", "", nullptr)); 1634 } 1635 1636 TEST_F(TpmUtilityTest, DefineNVSpaceFail) { 1637 uint32_t index = 59; 1638 size_t length = 256; 1639 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1640 .WillOnce(Return(TPM_RC_FAILURE)); 1641 EXPECT_EQ(TPM_RC_FAILURE, 1642 utility_.DefineNVSpace(index, length, 0, "", "", 1643 &mock_authorization_delegate_)); 1644 } 1645 1646 TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) { 1647 uint32_t index = 53; 1648 uint32_t nvram_index = NV_INDEX_FIRST + index; 1649 EXPECT_CALL(mock_tpm_, 1650 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)); 1651 EXPECT_EQ(TPM_RC_SUCCESS, 1652 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1653 } 1654 1655 TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) { 1656 uint32_t bad_index = 1 << 29; 1657 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1658 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_)); 1659 } 1660 1661 TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) { 1662 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr)); 1663 } 1664 1665 TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) { 1666 uint32_t index = 53; 1667 uint32_t nvram_index = NV_INDEX_FIRST + index; 1668 EXPECT_CALL(mock_tpm_, 1669 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1670 .WillOnce(Return(TPM_RC_FAILURE)); 1671 EXPECT_EQ(TPM_RC_FAILURE, 1672 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1673 } 1674 1675 TEST_F(TpmUtilityTest, LockNVSpaceWriteSuccess) { 1676 uint32_t index = 53; 1677 uint32_t nvram_index = NV_INDEX_FIRST + index; 1678 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1679 .WillOnce(Return(TPM_RC_SUCCESS)); 1680 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1681 .Times(0); 1682 EXPECT_EQ(TPM_RC_SUCCESS, 1683 utility_.LockNVSpace(index, false, true, true, 1684 &mock_authorization_delegate_)); 1685 TPMS_NV_PUBLIC public_area; 1686 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1687 EXPECT_EQ(TPMA_NV_WRITELOCKED, public_area.attributes & TPMA_NV_WRITELOCKED); 1688 } 1689 1690 TEST_F(TpmUtilityTest, LockNVSpaceReadSuccess) { 1691 uint32_t index = 53; 1692 uint32_t nvram_index = NV_INDEX_FIRST + index; 1693 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1694 .Times(0); 1695 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1696 .WillOnce(Return(TPM_RC_SUCCESS)); 1697 EXPECT_EQ(TPM_RC_SUCCESS, 1698 utility_.LockNVSpace(index, true, false, true, 1699 &mock_authorization_delegate_)); 1700 TPMS_NV_PUBLIC public_area; 1701 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1702 EXPECT_EQ(TPMA_NV_READLOCKED, public_area.attributes & TPMA_NV_READLOCKED); 1703 } 1704 1705 TEST_F(TpmUtilityTest, LockNVSpaceBothSuccess) { 1706 uint32_t index = 53; 1707 uint32_t nvram_index = NV_INDEX_FIRST + index; 1708 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1709 .WillOnce(Return(TPM_RC_SUCCESS)); 1710 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1711 .WillOnce(Return(TPM_RC_SUCCESS)); 1712 EXPECT_EQ(TPM_RC_SUCCESS, 1713 utility_.LockNVSpace(index, true, true, true, 1714 &mock_authorization_delegate_)); 1715 TPMS_NV_PUBLIC public_area; 1716 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1717 EXPECT_EQ( 1718 (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED), 1719 public_area.attributes & (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED)); 1720 } 1721 1722 TEST_F(TpmUtilityTest, LockNVSpaceBothNotOwner) { 1723 uint32_t index = 53; 1724 uint32_t nvram_index = NV_INDEX_FIRST + index; 1725 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(nvram_index, _, nvram_index, _, _)) 1726 .WillOnce(Return(TPM_RC_SUCCESS)); 1727 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(nvram_index, _, nvram_index, _, _)) 1728 .WillOnce(Return(TPM_RC_SUCCESS)); 1729 EXPECT_EQ(TPM_RC_SUCCESS, 1730 utility_.LockNVSpace(index, true, true, false, 1731 &mock_authorization_delegate_)); 1732 } 1733 1734 TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) { 1735 uint32_t bad_index = 1 << 24; 1736 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1737 utility_.LockNVSpace(bad_index, true, true, true, 1738 &mock_authorization_delegate_)); 1739 } 1740 1741 TEST_F(TpmUtilityTest, LockNVSpaceFailure) { 1742 uint32_t index = 53; 1743 uint32_t nvram_index = NV_INDEX_FIRST + index; 1744 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1745 .WillOnce(Return(TPM_RC_FAILURE)); 1746 EXPECT_EQ(TPM_RC_FAILURE, 1747 utility_.LockNVSpace(index, true, true, true, 1748 &mock_authorization_delegate_)); 1749 } 1750 1751 TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) { 1752 uint32_t index = 53; 1753 uint32_t offset = 5; 1754 uint32_t nvram_index = NV_INDEX_FIRST + index; 1755 EXPECT_CALL(mock_tpm_, 1756 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1757 .WillOnce(Return(TPM_RC_SUCCESS)); 1758 EXPECT_EQ(TPM_RC_SUCCESS, 1759 utility_.WriteNVSpace(index, offset, "", true, false, 1760 &mock_authorization_delegate_)); 1761 TPMS_NV_PUBLIC public_area; 1762 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1763 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN); 1764 } 1765 1766 TEST_F(TpmUtilityTest, WriteNVSpaceNotOwner) { 1767 uint32_t index = 53; 1768 uint32_t offset = 5; 1769 uint32_t nvram_index = NV_INDEX_FIRST + index; 1770 EXPECT_CALL(mock_tpm_, 1771 NV_WriteSync(nvram_index, _, nvram_index, _, _, offset, _)) 1772 .WillOnce(Return(TPM_RC_SUCCESS)); 1773 EXPECT_EQ(TPM_RC_SUCCESS, 1774 utility_.WriteNVSpace(index, offset, "", false, false, 1775 &mock_authorization_delegate_)); 1776 } 1777 1778 TEST_F(TpmUtilityTest, ExtendNVSpace) { 1779 uint32_t index = 53; 1780 uint32_t offset = 5; 1781 uint32_t nvram_index = NV_INDEX_FIRST + index; 1782 EXPECT_CALL(mock_tpm_, NV_ExtendSync(TPM_RH_OWNER, _, nvram_index, _, _, _)) 1783 .WillOnce(Return(TPM_RC_SUCCESS)); 1784 EXPECT_EQ(TPM_RC_SUCCESS, 1785 utility_.WriteNVSpace(index, offset, "", true, true, 1786 &mock_authorization_delegate_)); 1787 } 1788 1789 TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) { 1790 uint32_t index = 53; 1791 std::string nvram_data(1025, 0); 1792 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1793 utility_.WriteNVSpace(index, 0, nvram_data, true, false, 1794 &mock_authorization_delegate_)); 1795 } 1796 1797 TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) { 1798 uint32_t bad_index = 1 << 24; 1799 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1800 utility_.WriteNVSpace(bad_index, 0, "", true, false, 1801 &mock_authorization_delegate_)); 1802 } 1803 1804 TEST_F(TpmUtilityTest, WriteNVSpaceFailure) { 1805 uint32_t index = 53; 1806 uint32_t offset = 5; 1807 uint32_t nvram_index = NV_INDEX_FIRST + index; 1808 EXPECT_CALL(mock_tpm_, 1809 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1810 .WillOnce(Return(TPM_RC_FAILURE)); 1811 EXPECT_EQ(TPM_RC_FAILURE, 1812 utility_.WriteNVSpace(index, offset, "", true, false, 1813 &mock_authorization_delegate_)); 1814 } 1815 1816 TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) { 1817 uint32_t index = 53; 1818 uint32_t offset = 5; 1819 uint32_t nv_index = NV_INDEX_FIRST + index; 1820 size_t length = 24; 1821 std::string nvram_data; 1822 EXPECT_CALL(mock_tpm_, 1823 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1824 .WillOnce(Return(TPM_RC_SUCCESS)); 1825 EXPECT_EQ(TPM_RC_SUCCESS, 1826 utility_.ReadNVSpace(index, offset, length, false, &nvram_data, 1827 &mock_authorization_delegate_)); 1828 } 1829 1830 TEST_F(TpmUtilityTest, ReadNVSpaceOwner) { 1831 uint32_t index = 53; 1832 uint32_t offset = 5; 1833 uint32_t nv_index = NV_INDEX_FIRST + index; 1834 size_t length = 24; 1835 std::string nvram_data; 1836 EXPECT_CALL(mock_tpm_, 1837 NV_ReadSync(TPM_RH_OWNER, _, nv_index, _, length, offset, _, _)) 1838 .WillOnce(Return(TPM_RC_SUCCESS)); 1839 EXPECT_EQ(TPM_RC_SUCCESS, 1840 utility_.ReadNVSpace(index, offset, length, true, &nvram_data, 1841 &mock_authorization_delegate_)); 1842 } 1843 1844 TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) { 1845 size_t length = 1025; 1846 std::string nvram_data; 1847 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1848 utility_.ReadNVSpace(52, 0, length, true, &nvram_data, 1849 &mock_authorization_delegate_)); 1850 } 1851 1852 TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) { 1853 uint32_t bad_index = 1 << 24; 1854 std::string nvram_data; 1855 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1856 utility_.ReadNVSpace(bad_index, 0, 5, true, &nvram_data, 1857 &mock_authorization_delegate_)); 1858 } 1859 1860 TEST_F(TpmUtilityTest, ReadNVSpaceFailure) { 1861 uint32_t index = 53; 1862 uint32_t offset = 5; 1863 uint32_t nv_index = NV_INDEX_FIRST + index; 1864 size_t length = 24; 1865 std::string nvram_data; 1866 EXPECT_CALL(mock_tpm_, 1867 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1868 .WillOnce(Return(TPM_RC_FAILURE)); 1869 EXPECT_EQ(TPM_RC_FAILURE, 1870 utility_.ReadNVSpace(index, offset, length, false, &nvram_data, 1871 &mock_authorization_delegate_)); 1872 } 1873 1874 TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) { 1875 uint32_t index = 53; 1876 uint32_t nvram_index = NV_INDEX_FIRST + index; 1877 std::string name; 1878 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1879 .WillOnce(Return(TPM_RC_SUCCESS)); 1880 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name)); 1881 } 1882 1883 TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) { 1884 uint32_t index = 53; 1885 std::string name; 1886 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1887 .WillOnce(Return(TPM_RC_FAILURE)); 1888 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name)); 1889 } 1890 1891 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) { 1892 uint32_t index = 53; 1893 TPMS_NV_PUBLIC public_area; 1894 SetNVRAMMap(index, public_area); 1895 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)).Times(0); 1896 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1897 } 1898 1899 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) { 1900 uint32_t index = 53; 1901 uint32_t nvram_index = NV_INDEX_FIRST + index; 1902 TPMS_NV_PUBLIC public_area; 1903 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1904 .WillOnce(Return(TPM_RC_SUCCESS)); 1905 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1906 } 1907 1908 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) { 1909 uint32_t index = 53; 1910 TPMS_NV_PUBLIC public_area; 1911 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1912 .WillOnce(Return(TPM_RC_FAILURE)); 1913 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area)); 1914 } 1915 1916 TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) { 1917 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false)); 1918 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1919 .WillOnce(Return(TPM_RC_SUCCESS)); 1920 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1921 } 1922 1923 TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) { 1924 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1925 } 1926 1927 TEST_F(TpmUtilityTest, SetKnownPasswordFailure) { 1928 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false)); 1929 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1930 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1931 EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password")); 1932 } 1933 1934 TEST_F(TpmUtilityTest, RootKeysSuccess) { 1935 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1936 } 1937 1938 TEST_F(TpmUtilityTest, RootKeysHandleConsistency) { 1939 TPM_HANDLE test_handle = 42; 1940 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1941 .WillRepeatedly( 1942 DoAll(SetArgPointee<3>(test_handle), Return(TPM_RC_SUCCESS))); 1943 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1944 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1945 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1946 } 1947 1948 TEST_F(TpmUtilityTest, RootKeysCreateFailure) { 1949 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1950 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1951 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1952 } 1953 1954 TEST_F(TpmUtilityTest, RootKeysPersistFailure) { 1955 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1956 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1957 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1958 } 1959 1960 TEST_F(TpmUtilityTest, RootKeysAlreadyExist) { 1961 SetExistingKeyHandleExpectation(kRSAStorageRootKey); 1962 SetExistingKeyHandleExpectation(kECCStorageRootKey); 1963 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1964 } 1965 1966 TEST_F(TpmUtilityTest, SaltingKeySuccess) { 1967 TPM2B_PUBLIC public_area; 1968 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1969 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS))); 1970 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1971 EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg); 1972 } 1973 1974 TEST_F(TpmUtilityTest, SaltingKeyConsistency) { 1975 TPM_HANDLE test_handle = 42; 1976 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1977 .WillRepeatedly( 1978 DoAll(SetArgPointee<4>(test_handle), Return(TPM_RC_SUCCESS))); 1979 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1980 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1981 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1982 } 1983 1984 TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) { 1985 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1986 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1987 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1988 } 1989 1990 TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) { 1991 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1992 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1993 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1994 } 1995 1996 TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) { 1997 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1998 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1999 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 2000 } 2001 2002 TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) { 2003 SetExistingKeyHandleExpectation(kSaltingKey); 2004 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 2005 } 2006 2007 TEST_F(TpmUtilityTest, SetDictionaryAttackParametersSuccess) { 2008 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2, 2009 3, nullptr)) 2010 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 2011 EXPECT_EQ(TPM_RC_SUCCESS, 2012 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr)); 2013 } 2014 2015 TEST_F(TpmUtilityTest, SetDictionaryAttackParametersFailure) { 2016 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2, 2017 3, nullptr)) 2018 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2019 EXPECT_EQ(TPM_RC_FAILURE, 2020 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr)); 2021 } 2022 2023 TEST_F(TpmUtilityTest, ResetDictionaryAttackLockSuccess) { 2024 EXPECT_CALL(mock_tpm_, 2025 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr)) 2026 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 2027 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ResetDictionaryAttackLock(nullptr)); 2028 } 2029 2030 TEST_F(TpmUtilityTest, ResetDictionaryAttackLockFailure) { 2031 EXPECT_CALL(mock_tpm_, 2032 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr)) 2033 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2034 EXPECT_EQ(TPM_RC_FAILURE, utility_.ResetDictionaryAttackLock(nullptr)); 2035 } 2036 2037 } // namespace trunks 2038
