tpm_utility_test.cc revision 5d3b9451ae2e912aefed0669dd50b2a777ea0ab2
1// Copyright 2014 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <base/stl_util.h> 6#include <crypto/sha2.h> 7#include <gmock/gmock.h> 8#include <gtest/gtest.h> 9#include <openssl/aes.h> 10 11#include "trunks/error_codes.h" 12#include "trunks/hmac_authorization_delegate.h" 13#include "trunks/mock_authorization_delegate.h" 14#include "trunks/mock_tpm.h" 15#include "trunks/mock_tpm_state.h" 16#include "trunks/tpm_constants.h" 17#include "trunks/tpm_utility_impl.h" 18#include "trunks/trunks_factory_for_test.h" 19 20using testing::_; 21using testing::DoAll; 22using testing::NiceMock; 23using testing::Return; 24using testing::SaveArg; 25using testing::SetArgPointee; 26 27namespace trunks { 28 29// A test fixture for TpmUtility tests. 30class TpmUtilityTest : public testing::Test { 31 public: 32 TpmUtilityTest() : utility_(factory_) {} 33 ~TpmUtilityTest() override {} 34 void SetUp() override { 35 factory_.set_tpm_state(&mock_tpm_state_); 36 factory_.set_tpm(&mock_tpm_); 37 } 38 39 TPM_RC CreateStorageRootKeys(const std::string& password) { 40 return utility_.CreateStorageRootKeys(password); 41 } 42 43 TPM_RC CreateSaltingKey(const std::string& password) { 44 return utility_.CreateSaltingKey(password); 45 } 46 47 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area, 48 std::string* object_name) { 49 return utility_.ComputeKeyName(public_area, object_name); 50 } 51 52 void SetNVRAMMap(uint32_t index, 53 const TPMS_NV_PUBLIC& public_area) { 54 utility_.nvram_public_area_map_[index] = public_area; 55 } 56 57 TPM_RC GetNVRAMMap(uint32_t index, 58 TPMS_NV_PUBLIC* public_area) { 59 auto it = utility_.nvram_public_area_map_.find(index); 60 if (it == utility_.nvram_public_area_map_.end()) { 61 return TPM_RC_FAILURE; 62 } 63 *public_area = it->second; 64 return TPM_RC_SUCCESS; 65 } 66 67 protected: 68 TrunksFactoryForTest factory_; 69 NiceMock<MockTpmState> mock_tpm_state_; 70 NiceMock<MockTpm> mock_tpm_; 71 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_; 72 TpmUtilityImpl utility_; 73}; 74 75TEST_F(TpmUtilityTest, StartupSuccess) { 76 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 77} 78 79TEST_F(TpmUtilityTest, StartupAlreadyStarted) { 80 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 81 .WillRepeatedly(Return(TPM_RC_INITIALIZE)); 82 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 83} 84 85TEST_F(TpmUtilityTest, StartupFailure) { 86 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 87 .WillRepeatedly(Return(TPM_RC_FAILURE)); 88 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 89} 90 91TEST_F(TpmUtilityTest, StartupSelfTestFailure) { 92 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _)) 93 .WillRepeatedly(Return(TPM_RC_FAILURE)); 94 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 95} 96 97TEST_F(TpmUtilityTest, ClearSuccess) { 98 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 99 .WillOnce(Return(TPM_RC_SUCCESS)); 100 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 101} 102 103TEST_F(TpmUtilityTest, ClearAfterBadInit) { 104 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 105 .WillOnce(Return(TPM_RC_AUTH_MISSING)) 106 .WillOnce(Return(TPM_RC_SUCCESS)); 107 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 108} 109 110TEST_F(TpmUtilityTest, ClearFail) { 111 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 112 .WillOnce(Return(TPM_RC_FAILURE)); 113 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear()); 114} 115 116TEST_F(TpmUtilityTest, ShutdownTest) { 117 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _)); 118 utility_.Shutdown(); 119} 120 121TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) { 122 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 123 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 124} 125 126TEST_F(TpmUtilityTest, InitializeTpmSuccess) { 127 // Setup a hierarchy that needs to be disabled. 128 EXPECT_CALL(mock_tpm_state_, IsPlatformHierarchyEnabled()) 129 .WillOnce(Return(true)); 130 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 131} 132 133TEST_F(TpmUtilityTest, InitializeTpmBadAuth) { 134 // Setup a hierarchy that needs to be disabled. 135 EXPECT_CALL(mock_tpm_state_, IsPlatformHierarchyEnabled()) 136 .WillOnce(Return(true)); 137 // Reject attempts to set platform auth. 138 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _)) 139 .WillRepeatedly(Return(TPM_RC_FAILURE)); 140 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 141} 142 143TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) { 144 // Setup a hierarchy that needs to be disabled. 145 EXPECT_CALL(mock_tpm_state_, IsPlatformHierarchyEnabled()) 146 .WillOnce(Return(true)); 147 // Reject attempts to disable the platform hierarchy. 148 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _)) 149 .WillRepeatedly(Return(TPM_RC_FAILURE)); 150 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 151} 152 153TEST_F(TpmUtilityTest, TakeOwnershipSuccess) { 154 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 155 .WillRepeatedly(Return(false)); 156 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 157 .WillRepeatedly(Return(false)); 158 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 159 .WillRepeatedly(Return(false)); 160 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 161 .Times(2); 162 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 163 .Times(1); 164 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 165 .Times(1); 166 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("a", "b", "c")); 167} 168 169TEST_F(TpmUtilityTest, TakeOwnershipAlreadyDone) { 170 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 171 .WillRepeatedly(Return(true)); 172 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 173 .WillRepeatedly(Return(true)); 174 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 175 .WillRepeatedly(Return(true)); 176 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 177 .Times(1); 178 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("a", "b", "c")); 179} 180 181TEST_F(TpmUtilityTest, TakeOwnershipPartial) { 182 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 183 .WillRepeatedly(Return(true)); 184 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 185 .WillOnce(Return(false)); 186 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 187 .WillRepeatedly(Return(true)); 188 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 189 .Times(1); 190 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 191 .Times(1); 192 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 193 .Times(0); 194 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("a", "b", "c")); 195} 196 197TEST_F(TpmUtilityTest, TakeOwnershipOwnerFailure) { 198 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 199 .WillRepeatedly(Return(false)); 200 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 201 .WillRepeatedly(Return(false)); 202 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 203 .WillRepeatedly(Return(false)); 204 // Reject attempts to set owner auth. 205 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 206 .WillRepeatedly(Return(TPM_RC_FAILURE)); 207 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 208 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 209 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 210 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 211 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("a", "b", "c")); 212} 213 214TEST_F(TpmUtilityTest, TakeOwnershipEndorsementFailure) { 215 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 216 .WillRepeatedly(Return(false)); 217 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 218 .WillRepeatedly(Return(false)); 219 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 220 .WillRepeatedly(Return(false)); 221 // Reject attempts to set endorsement auth. 222 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 223 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 224 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 225 .WillRepeatedly(Return(TPM_RC_FAILURE)); 226 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 227 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 228 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("a", "b", "c")); 229} 230 231TEST_F(TpmUtilityTest, TakeOwnershipLockoutFailure) { 232 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 233 .WillRepeatedly(Return(false)); 234 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 235 .WillRepeatedly(Return(false)); 236 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 237 .WillRepeatedly(Return(false)); 238 // Reject attempts to set lockout auth. 239 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 240 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 241 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 242 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 243 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 244 .WillRepeatedly(Return(TPM_RC_FAILURE)); 245 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("a", "b", "c")); 246} 247 248TEST_F(TpmUtilityTest, StirRandomSuccess) { 249 std::string entropy_data("large test data", 100); 250 EXPECT_CALL(mock_tpm_, StirRandomSync(_, &mock_authorization_delegate_)) 251 .WillOnce(Return(TPM_RC_SUCCESS)); 252 EXPECT_EQ(TPM_RC_SUCCESS, 253 utility_.StirRandom(entropy_data, &mock_authorization_delegate_)); 254} 255 256TEST_F(TpmUtilityTest, StirRandomFails) { 257 std::string entropy_data("test data"); 258 EXPECT_CALL(mock_tpm_, StirRandomSync(_, NULL)) 259 .WillOnce(Return(TPM_RC_FAILURE)); 260 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, NULL)); 261} 262 263TEST_F(TpmUtilityTest, GenerateRandomSuccess) { 264 // This number is larger than the max bytes the GetRandom call can return. 265 // Therefore we expect software to make multiple calls to fill this many 266 // bytes. 267 int num_bytes = 72; 268 std::string random_data; 269 TPM2B_DIGEST large_random; 270 large_random.size = 32; 271 TPM2B_DIGEST small_random; 272 small_random.size = 8; 273 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_)) 274 .Times(2) 275 .WillRepeatedly(DoAll(SetArgPointee<1>(large_random), 276 Return(TPM_RC_SUCCESS))); 277 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_)) 278 .WillOnce(DoAll(SetArgPointee<1>(small_random), 279 Return(TPM_RC_SUCCESS))); 280 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GenerateRandom( 281 num_bytes, &mock_authorization_delegate_, &random_data)); 282 EXPECT_EQ(num_bytes, random_data.size()); 283} 284 285TEST_F(TpmUtilityTest, GenerateRandomFails) { 286 int num_bytes = 5; 287 std::string random_data; 288 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, NULL)) 289 .WillOnce(Return(TPM_RC_FAILURE)); 290 EXPECT_EQ(TPM_RC_FAILURE, 291 utility_.GenerateRandom(num_bytes, NULL, &random_data)); 292} 293 294TEST_F(TpmUtilityTest, ExtendPCRSuccess) { 295 TPM_HANDLE pcr_handle = HR_PCR + 1; 296 EXPECT_CALL(mock_tpm_, 297 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_)) 298 .WillOnce(Return(TPM_RC_SUCCESS)); 299 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR( 300 1, "test digest", &mock_authorization_delegate_)); 301} 302 303TEST_F(TpmUtilityTest, ExtendPCRFail) { 304 int pcr_index = 0; 305 TPM_HANDLE pcr_handle = HR_PCR + pcr_index; 306 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _)) 307 .WillOnce(Return(TPM_RC_FAILURE)); 308 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(pcr_index, "test digest", NULL)); 309} 310 311TEST_F(TpmUtilityTest, ExtendPCRBadParam) { 312 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", NULL)); 313} 314 315TEST_F(TpmUtilityTest, ReadPCRSuccess) { 316 // The |pcr_index| is chosen to match the structure for |pcr_select|. 317 // If you change |pcr_index|, remember to change |pcr_select|. 318 int pcr_index = 1; 319 std::string pcr_value; 320 TPML_PCR_SELECTION pcr_select; 321 pcr_select.count = 1; 322 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 323 pcr_select.pcr_selections[0].sizeof_select = 1; 324 pcr_select.pcr_selections[0].pcr_select[0] = 2; 325 TPML_DIGEST pcr_values; 326 pcr_values.count = 1; 327 pcr_values.digests[0].size = 5; 328 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 329 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 330 SetArgPointee<3>(pcr_values), 331 Return(TPM_RC_SUCCESS))); 332 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value)); 333} 334 335TEST_F(TpmUtilityTest, ReadPCRFail) { 336 std::string pcr_value; 337 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 338 .WillOnce(Return(TPM_RC_FAILURE)); 339 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 340} 341 342TEST_F(TpmUtilityTest, ReadPCRBadReturn) { 343 std::string pcr_value; 344 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 345 .WillOnce(Return(TPM_RC_SUCCESS)); 346 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 347} 348 349TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) { 350 TPM_HANDLE key_handle; 351 std::string plaintext; 352 std::string output_ciphertext("ciphertext"); 353 std::string ciphertext; 354 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 355 output_ciphertext); 356 TPM2B_PUBLIC public_area; 357 public_area.public_area.type = TPM_ALG_RSA; 358 public_area.public_area.object_attributes = kDecrypt; 359 public_area.public_area.auth_policy.size = 0; 360 public_area.public_area.unique.rsa.size = 0; 361 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 362 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 363 Return(TPM_RC_SUCCESS))); 364 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, 365 &mock_authorization_delegate_)) 366 .WillOnce(DoAll(SetArgPointee<5>(out_message), 367 Return(TPM_RC_SUCCESS))); 368 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt( 369 key_handle, 370 TPM_ALG_NULL, 371 TPM_ALG_NULL, 372 plaintext, 373 &mock_authorization_delegate_, 374 &ciphertext)); 375 EXPECT_EQ(0, ciphertext.compare(output_ciphertext)); 376} 377 378TEST_F(TpmUtilityTest, AsymmetricEncryptFail) { 379 TPM_HANDLE key_handle; 380 std::string plaintext; 381 std::string ciphertext; 382 TPM2B_PUBLIC public_area; 383 public_area.public_area.type = TPM_ALG_RSA; 384 public_area.public_area.object_attributes = kDecrypt; 385 public_area.public_area.auth_policy.size = 0; 386 public_area.public_area.unique.rsa.size = 0; 387 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 388 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 389 Return(TPM_RC_SUCCESS))); 390 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL)) 391 .WillOnce(Return(TPM_RC_FAILURE)); 392 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricEncrypt(key_handle, 393 TPM_ALG_NULL, 394 TPM_ALG_NULL, 395 plaintext, 396 NULL, 397 &ciphertext)); 398} 399 400TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) { 401 TPM_HANDLE key_handle; 402 std::string plaintext; 403 std::string ciphertext; 404 TPM2B_PUBLIC public_area; 405 public_area.public_area.type = TPM_ALG_RSA; 406 public_area.public_area.object_attributes = kDecrypt | kRestricted; 407 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, NULL)) 408 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 409 Return(TPM_RC_SUCCESS))); 410 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricEncrypt(key_handle, 411 TPM_ALG_RSAES, 412 TPM_ALG_NULL, 413 plaintext, 414 NULL, 415 &ciphertext)); 416} 417 418TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) { 419 TPM_HANDLE key_handle; 420 std::string plaintext; 421 std::string output_ciphertext("ciphertext"); 422 std::string ciphertext; 423 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 424 output_ciphertext); 425 TPM2B_PUBLIC public_area; 426 public_area.public_area.type = TPM_ALG_RSA; 427 public_area.public_area.object_attributes = kDecrypt; 428 public_area.public_area.auth_policy.size = 0; 429 public_area.public_area.unique.rsa.size = 0; 430 TPMT_RSA_DECRYPT scheme; 431 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 432 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 433 Return(TPM_RC_SUCCESS))); 434 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL)) 435 .WillOnce(DoAll(SetArgPointee<5>(out_message), 436 SaveArg<3>(&scheme), 437 Return(TPM_RC_SUCCESS))); 438 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle, 439 TPM_ALG_NULL, 440 TPM_ALG_NULL, 441 plaintext, 442 NULL, 443 &ciphertext)); 444 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 445 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 446} 447 448TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) { 449 TPM_HANDLE key_handle; 450 std::string plaintext; 451 std::string output_ciphertext("ciphertext"); 452 std::string ciphertext; 453 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 454 output_ciphertext); 455 TPM2B_PUBLIC public_area; 456 public_area.public_area.type = TPM_ALG_RSA; 457 public_area.public_area.object_attributes = kDecrypt; 458 public_area.public_area.auth_policy.size = 0; 459 public_area.public_area.unique.rsa.size = 0; 460 TPMT_RSA_DECRYPT scheme; 461 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 462 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 463 Return(TPM_RC_SUCCESS))); 464 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL)) 465 .WillOnce(DoAll(SetArgPointee<5>(out_message), 466 SaveArg<3>(&scheme), 467 Return(TPM_RC_SUCCESS))); 468 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle, 469 TPM_ALG_RSAES, 470 TPM_ALG_NULL, 471 plaintext, 472 NULL, 473 &ciphertext)); 474 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 475} 476 477TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) { 478 TPM_HANDLE key_handle; 479 std::string plaintext; 480 std::string output_plaintext("plaintext"); 481 std::string ciphertext; 482 std::string password("password"); 483 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 484 output_plaintext); 485 TPM2B_PUBLIC public_area; 486 public_area.public_area.type = TPM_ALG_RSA; 487 public_area.public_area.object_attributes = kDecrypt; 488 public_area.public_area.auth_policy.size = 0; 489 public_area.public_area.unique.rsa.size = 0; 490 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 491 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 492 Return(TPM_RC_SUCCESS))); 493 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, 494 &mock_authorization_delegate_)) 495 .WillOnce(DoAll(SetArgPointee<5>(out_message), 496 Return(TPM_RC_SUCCESS))); 497 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 498 key_handle, 499 TPM_ALG_NULL, 500 TPM_ALG_NULL, 501 ciphertext, 502 &mock_authorization_delegate_, 503 &plaintext)); 504 EXPECT_EQ(0, plaintext.compare(output_plaintext)); 505} 506 507TEST_F(TpmUtilityTest, AsymmetricDecryptFail) { 508 TPM_HANDLE key_handle; 509 std::string key_name; 510 std::string plaintext; 511 std::string ciphertext; 512 std::string password; 513 TPM2B_PUBLIC public_area; 514 public_area.public_area.type = TPM_ALG_RSA; 515 public_area.public_area.object_attributes = kDecrypt; 516 public_area.public_area.auth_policy.size = 0; 517 public_area.public_area.unique.rsa.size = 0; 518 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 519 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 520 Return(TPM_RC_SUCCESS))); 521 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 522 .WillOnce(Return(TPM_RC_FAILURE)); 523 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricDecrypt( 524 key_handle, 525 TPM_ALG_NULL, 526 TPM_ALG_NULL, 527 ciphertext, 528 &mock_authorization_delegate_, 529 &plaintext)); 530} 531 532TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) { 533 TPM_HANDLE key_handle; 534 std::string key_name; 535 std::string plaintext; 536 std::string ciphertext; 537 std::string password; 538 TPM2B_PUBLIC public_area; 539 public_area.public_area.type = TPM_ALG_RSA; 540 public_area.public_area.object_attributes = kDecrypt | kRestricted; 541 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 542 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 543 Return(TPM_RC_SUCCESS))); 544 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricDecrypt( 545 key_handle, 546 TPM_ALG_RSAES, 547 TPM_ALG_NULL, 548 ciphertext, 549 &mock_authorization_delegate_, 550 &plaintext)); 551} 552 553TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) { 554 TPM_HANDLE key_handle = TPM_RH_FIRST; 555 std::string key_name; 556 std::string plaintext; 557 std::string ciphertext; 558 std::string password; 559 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.AsymmetricDecrypt( 560 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext, NULL, &plaintext)); 561} 562 563TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) { 564 TPM_HANDLE key_handle; 565 std::string plaintext; 566 std::string output_plaintext("plaintext"); 567 std::string ciphertext; 568 std::string password; 569 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 570 output_plaintext); 571 TPM2B_PUBLIC public_area; 572 public_area.public_area.type = TPM_ALG_RSA; 573 public_area.public_area.object_attributes = kDecrypt; 574 public_area.public_area.auth_policy.size = 0; 575 public_area.public_area.unique.rsa.size = 0; 576 TPMT_RSA_DECRYPT scheme; 577 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 578 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 579 Return(TPM_RC_SUCCESS))); 580 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 581 .WillOnce(DoAll(SetArgPointee<5>(out_message), 582 SaveArg<3>(&scheme), 583 Return(TPM_RC_SUCCESS))); 584 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 585 key_handle, 586 TPM_ALG_NULL, 587 TPM_ALG_NULL, 588 ciphertext, 589 &mock_authorization_delegate_, 590 &plaintext)); 591 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 592 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 593} 594 595TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) { 596 TPM_HANDLE key_handle; 597 std::string plaintext; 598 std::string output_plaintext("plaintext"); 599 std::string ciphertext; 600 std::string password; 601 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA( 602 output_plaintext); 603 TPM2B_PUBLIC public_area; 604 public_area.public_area.type = TPM_ALG_RSA; 605 public_area.public_area.object_attributes = kDecrypt; 606 public_area.public_area.auth_policy.size = 0; 607 public_area.public_area.unique.rsa.size = 0; 608 TPMT_RSA_DECRYPT scheme; 609 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 610 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 611 Return(TPM_RC_SUCCESS))); 612 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 613 .WillOnce(DoAll(SetArgPointee<5>(out_message), 614 SaveArg<3>(&scheme), 615 Return(TPM_RC_SUCCESS))); 616 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt( 617 key_handle, 618 TPM_ALG_RSAES, 619 TPM_ALG_NULL, 620 ciphertext, 621 &mock_authorization_delegate_, 622 &plaintext)); 623 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 624} 625 626TEST_F(TpmUtilityTest, SignSuccess) { 627 TPM_HANDLE key_handle; 628 std::string password("password"); 629 std::string digest(32, 'a'); 630 TPMT_SIGNATURE signature_out; 631 signature_out.signature.rsassa.sig.size = 2; 632 signature_out.signature.rsassa.sig.buffer[0] = 'h'; 633 signature_out.signature.rsassa.sig.buffer[1] = 'i'; 634 std::string signature; 635 TPM2B_PUBLIC public_area; 636 public_area.public_area.type = TPM_ALG_RSA; 637 public_area.public_area.object_attributes = kSign; 638 public_area.public_area.auth_policy.size = 0; 639 public_area.public_area.unique.rsa.size = 0; 640 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 641 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 642 Return(TPM_RC_SUCCESS))); 643 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, 644 &mock_authorization_delegate_)) 645 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 646 Return(TPM_RC_SUCCESS))); 647 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 648 TPM_ALG_NULL, 649 TPM_ALG_NULL, 650 digest, 651 &mock_authorization_delegate_, 652 &signature)); 653 EXPECT_EQ(0, signature.compare("hi")); 654} 655 656TEST_F(TpmUtilityTest, SignFail) { 657 TPM_HANDLE key_handle; 658 std::string password; 659 std::string digest(32, 'a'); 660 std::string signature; 661 TPM2B_PUBLIC public_area; 662 public_area.public_area.type = TPM_ALG_RSA; 663 public_area.public_area.object_attributes = kSign; 664 public_area.public_area.auth_policy.size = 0; 665 public_area.public_area.unique.rsa.size = 0; 666 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 667 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 668 Return(TPM_RC_SUCCESS))); 669 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 670 .WillOnce(Return(TPM_RC_FAILURE)); 671 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle, 672 TPM_ALG_NULL, 673 TPM_ALG_NULL, 674 digest, 675 &mock_authorization_delegate_, 676 &signature)); 677} 678 679TEST_F(TpmUtilityTest, SignBadParams1) { 680 TPM_HANDLE key_handle; 681 std::string password; 682 std::string digest(32, 'a'); 683 std::string signature; 684 TPM2B_PUBLIC public_area; 685 public_area.public_area.type = TPM_ALG_RSA; 686 public_area.public_area.object_attributes = kSign | kRestricted; 687 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 688 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 689 Return(TPM_RC_SUCCESS))); 690 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 691 TPM_ALG_RSAPSS, 692 TPM_ALG_NULL, 693 digest, 694 &mock_authorization_delegate_, 695 &signature)); 696} 697 698TEST_F(TpmUtilityTest, SignBadAuthorizationSession) { 699 TPM_HANDLE key_handle = TPM_RH_FIRST; 700 std::string password; 701 std::string digest(32, 'a'); 702 std::string signature; 703 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.Sign(key_handle, 704 TPM_ALG_RSAPSS, 705 TPM_ALG_NULL, 706 digest, 707 NULL, 708 &signature)); 709} 710 711TEST_F(TpmUtilityTest, SignBadParams2) { 712 TPM_HANDLE key_handle; 713 std::string password; 714 std::string digest(32, 'a'); 715 std::string signature; 716 TPM2B_PUBLIC public_area; 717 public_area.public_area.type = TPM_ALG_RSA; 718 public_area.public_area.object_attributes = kDecrypt; 719 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 720 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 721 Return(TPM_RC_SUCCESS))); 722 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 723 TPM_ALG_RSAPSS, 724 TPM_ALG_NULL, 725 digest, 726 &mock_authorization_delegate_, 727 &signature)); 728} 729 730TEST_F(TpmUtilityTest, SignBadParams3) { 731 TPM_HANDLE key_handle; 732 std::string password; 733 std::string digest(32, 'a'); 734 std::string signature; 735 TPM2B_PUBLIC public_area; 736 public_area.public_area.type = TPM_ALG_ECC; 737 public_area.public_area.object_attributes = kSign; 738 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 739 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 740 Return(TPM_RC_SUCCESS))); 741 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 742 TPM_ALG_RSAPSS, 743 TPM_ALG_NULL, 744 digest, 745 &mock_authorization_delegate_, 746 &signature)); 747} 748 749TEST_F(TpmUtilityTest, SignBadParams4) { 750 TPM_HANDLE key_handle; 751 std::string password; 752 std::string digest(32, 'a'); 753 std::string signature; 754 TPM2B_PUBLIC public_area; 755 public_area.public_area.type = TPM_ALG_RSA; 756 public_area.public_area.object_attributes = kSign; 757 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 758 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 759 Return(TPM_RC_FAILURE))); 760 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle, 761 TPM_ALG_RSAPSS, 762 TPM_ALG_NULL, 763 digest, 764 &mock_authorization_delegate_, 765 &signature)); 766} 767 768TEST_F(TpmUtilityTest, SignBadParams5) { 769 TPM_HANDLE key_handle = 0; 770 std::string password; 771 std::string digest(32, 'a'); 772 std::string signature; 773 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle, 774 TPM_ALG_AES, 775 TPM_ALG_NULL, 776 digest, 777 &mock_authorization_delegate_, 778 &signature)); 779} 780 781 782TEST_F(TpmUtilityTest, SignNullSchemeForward) { 783 TPM_HANDLE key_handle; 784 std::string password; 785 std::string digest(32, 'a'); 786 TPMT_SIGNATURE signature_out; 787 signature_out.signature.rsassa.sig.size = 0; 788 std::string signature; 789 TPM2B_PUBLIC public_area; 790 TPMT_SIG_SCHEME scheme; 791 public_area.public_area.type = TPM_ALG_RSA; 792 public_area.public_area.object_attributes = kSign; 793 public_area.public_area.auth_policy.size = 0; 794 public_area.public_area.unique.rsa.size = 0; 795 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 796 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 797 Return(TPM_RC_SUCCESS))); 798 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 799 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 800 SaveArg<3>(&scheme), 801 Return(TPM_RC_SUCCESS))); 802 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 803 TPM_ALG_NULL, 804 TPM_ALG_NULL, 805 digest, 806 &mock_authorization_delegate_, 807 &signature)); 808 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA); 809 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256); 810} 811 812TEST_F(TpmUtilityTest, SignSchemeForward) { 813 TPM_HANDLE key_handle; 814 std::string password; 815 std::string digest(64, 'a'); 816 TPMT_SIGNATURE signature_out; 817 signature_out.signature.rsassa.sig.size = 0; 818 std::string signature; 819 TPM2B_PUBLIC public_area; 820 TPMT_SIG_SCHEME scheme; 821 public_area.public_area.type = TPM_ALG_RSA; 822 public_area.public_area.object_attributes = kSign; 823 public_area.public_area.auth_policy.size = 0; 824 public_area.public_area.unique.rsa.size = 0; 825 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 826 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 827 Return(TPM_RC_SUCCESS))); 828 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 829 .WillOnce(DoAll(SetArgPointee<5>(signature_out), 830 SaveArg<3>(&scheme), 831 Return(TPM_RC_SUCCESS))); 832 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle, 833 TPM_ALG_RSAPSS, 834 TPM_ALG_SHA1, 835 digest, 836 &mock_authorization_delegate_, 837 &signature)); 838 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS); 839 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1); 840} 841 842TEST_F(TpmUtilityTest, VerifySuccess) { 843 TPM_HANDLE key_handle; 844 std::string digest(32, 'a'); 845 std::string signature; 846 TPM2B_PUBLIC public_area; 847 public_area.public_area.type = TPM_ALG_RSA; 848 public_area.public_area.object_attributes = kSign; 849 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 850 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 851 Return(TPM_RC_SUCCESS))); 852 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 853 .WillOnce(Return(TPM_RC_SUCCESS)); 854 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 855 TPM_ALG_NULL, 856 TPM_ALG_NULL, 857 digest, 858 signature)); 859} 860 861TEST_F(TpmUtilityTest, VerifyFail) { 862 TPM_HANDLE key_handle; 863 std::string digest(32, 'a'); 864 std::string signature; 865 TPM2B_PUBLIC public_area; 866 public_area.public_area.type = TPM_ALG_RSA; 867 public_area.public_area.object_attributes = kSign; 868 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 869 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 870 Return(TPM_RC_SUCCESS))); 871 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 872 .WillOnce(Return(TPM_RC_FAILURE)); 873 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle, 874 TPM_ALG_NULL, 875 TPM_ALG_NULL, 876 digest, 877 signature)); 878} 879 880TEST_F(TpmUtilityTest, VerifyBadParams1) { 881 TPM_HANDLE key_handle; 882 std::string digest(32, 'a'); 883 std::string signature; 884 TPM2B_PUBLIC public_area; 885 public_area.public_area.type = TPM_ALG_RSA; 886 public_area.public_area.object_attributes = kSign | kRestricted; 887 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 888 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 889 Return(TPM_RC_SUCCESS))); 890 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 891 TPM_ALG_NULL, 892 TPM_ALG_NULL, 893 digest, 894 signature)); 895} 896 897TEST_F(TpmUtilityTest, VerifyBadParams2) { 898 TPM_HANDLE key_handle; 899 std::string digest(32, 'a'); 900 std::string signature; 901 TPM2B_PUBLIC public_area; 902 public_area.public_area.type = TPM_ALG_RSA; 903 public_area.public_area.object_attributes = kDecrypt; 904 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 905 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 906 Return(TPM_RC_SUCCESS))); 907 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 908 TPM_ALG_NULL, 909 TPM_ALG_NULL, 910 digest, 911 signature)); 912} 913 914TEST_F(TpmUtilityTest, VerifyBadParams3) { 915 TPM_HANDLE key_handle; 916 std::string digest(32, 'a'); 917 std::string signature; 918 TPM2B_PUBLIC public_area; 919 public_area.public_area.type = TPM_ALG_ECC; 920 public_area.public_area.object_attributes = kSign; 921 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 922 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 923 Return(TPM_RC_SUCCESS))); 924 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 925 TPM_ALG_NULL, 926 TPM_ALG_NULL, 927 digest, 928 signature)); 929} 930 931TEST_F(TpmUtilityTest, VerifyBadParams4) { 932 TPM_HANDLE key_handle; 933 std::string digest(32, 'a'); 934 std::string signature; 935 TPM2B_PUBLIC public_area; 936 public_area.public_area.type = TPM_ALG_RSA; 937 public_area.public_area.object_attributes = kSign; 938 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 939 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 940 Return(TPM_RC_FAILURE))); 941 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle, 942 TPM_ALG_NULL, 943 TPM_ALG_NULL, 944 digest, 945 signature)); 946} 947 948TEST_F(TpmUtilityTest, VerifyBadParams5) { 949 TPM_HANDLE key_handle; 950 std::string digest(32, 'a'); 951 std::string signature; 952 TPM2B_PUBLIC public_area; 953 public_area.public_area.type = TPM_ALG_RSA; 954 public_area.public_area.object_attributes = kSign; 955 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 956 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 957 Return(TPM_RC_SUCCESS))); 958 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle, 959 TPM_ALG_AES, 960 TPM_ALG_NULL, 961 digest, 962 signature)); 963} 964 965TEST_F(TpmUtilityTest, VerifyNullSchemeForward) { 966 TPM_HANDLE key_handle; 967 std::string digest(32, 'a'); 968 std::string signature; 969 TPM2B_PUBLIC public_area; 970 TPMT_SIGNATURE signature_in; 971 public_area.public_area.type = TPM_ALG_RSA; 972 public_area.public_area.object_attributes = kSign; 973 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 974 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 975 Return(TPM_RC_SUCCESS))); 976 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 977 .WillOnce(DoAll(SaveArg<3>(&signature_in), 978 Return(TPM_RC_SUCCESS))); 979 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 980 TPM_ALG_NULL, 981 TPM_ALG_NULL, 982 digest, 983 signature)); 984 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA); 985 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256); 986} 987 988TEST_F(TpmUtilityTest, VerifySchemeForward) { 989 TPM_HANDLE key_handle; 990 std::string digest(64, 'a'); 991 std::string signature; 992 TPM2B_PUBLIC public_area; 993 TPMT_SIGNATURE signature_in; 994 public_area.public_area.type = TPM_ALG_RSA; 995 public_area.public_area.object_attributes = kSign; 996 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 997 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 998 Return(TPM_RC_SUCCESS))); 999 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1000 .WillOnce(DoAll(SaveArg<3>(&signature_in), 1001 Return(TPM_RC_SUCCESS))); 1002 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle, 1003 TPM_ALG_RSAPSS, 1004 TPM_ALG_SHA1, 1005 digest, 1006 signature)); 1007 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS); 1008 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1); 1009} 1010 1011TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) { 1012 TPM_HANDLE key_handle = 1; 1013 std::string new_password; 1014 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData( 1015 key_handle, new_password, &mock_authorization_delegate_, NULL)); 1016} 1017 1018TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) { 1019 TPM_HANDLE key_handle = 1; 1020 std::string old_password; 1021 std::string new_password; 1022 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1023 .WillOnce(Return(TPM_RC_FAILURE)); 1024 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1025 key_handle, new_password, &mock_authorization_delegate_, NULL)); 1026} 1027 1028TEST_F(TpmUtilityTest, ChangeAuthDataFailure) { 1029 TPM_HANDLE key_handle = 1; 1030 std::string new_password; 1031 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _)) 1032 .WillOnce(Return(TPM_RC_FAILURE)); 1033 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1034 key_handle, new_password, &mock_authorization_delegate_, NULL)); 1035} 1036 1037TEST_F(TpmUtilityTest, ChangeAuthDataWithReturnSuccess) { 1038 TPM_HANDLE key_handle = 1; 1039 std::string new_password; 1040 std::string key_blob; 1041 TPM2B_PUBLIC public_area; 1042 public_area.public_area.type = TPM_ALG_RSA; 1043 public_area.public_area.auth_policy.size = 0; 1044 public_area.public_area.unique.rsa.size = 0; 1045 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1046 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area), 1047 Return(TPM_RC_SUCCESS))); 1048 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData( 1049 key_handle, new_password, &mock_authorization_delegate_, &key_blob)); 1050} 1051 1052TEST_F(TpmUtilityTest, ImportRSAKeySuccess) { 1053 uint32_t public_exponent = 0x10001; 1054 std::string modulus(256, 'a'); 1055 std::string prime_factor(128, 'b'); 1056 std::string password("password"); 1057 std::string key_blob; 1058 TPM2B_DATA encryption_key; 1059 TPM2B_PUBLIC public_data; 1060 TPM2B_PRIVATE private_data; 1061 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1062 .WillOnce(DoAll(SaveArg<2>(&encryption_key), 1063 SaveArg<3>(&public_data), 1064 SaveArg<4>(&private_data), 1065 Return(TPM_RC_SUCCESS))); 1066 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey( 1067 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1068 modulus, 1069 public_exponent, 1070 prime_factor, 1071 password, 1072 &mock_authorization_delegate_, 1073 &key_blob)); 1074 // Validate that the public area was properly constructed. 1075 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits, 1076 modulus.size() * 8); 1077 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent, 1078 public_exponent); 1079 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size()); 1080 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer, 1081 modulus.data(), modulus.size())); 1082 // Validate the private struct construction. 1083 EXPECT_EQ(kAesKeySize, encryption_key.size); 1084 AES_KEY key; 1085 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key); 1086 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0}; 1087 int iv_in = 0; 1088 std::string unencrypted_private(private_data.size, 0); 1089 AES_cfb128_encrypt( 1090 reinterpret_cast<const unsigned char*>(private_data.buffer), 1091 reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)), 1092 private_data.size, &key, iv, &iv_in, AES_DECRYPT); 1093 TPM2B_DIGEST inner_integrity; 1094 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private, 1095 &inner_integrity, NULL)); 1096 std::string object_name; 1097 EXPECT_EQ(TPM_RC_SUCCESS, 1098 ComputeKeyName(public_data.public_area, &object_name)); 1099 std::string integrity_value = crypto::SHA256HashString(unencrypted_private + 1100 object_name); 1101 EXPECT_EQ(integrity_value.size(), inner_integrity.size); 1102 EXPECT_EQ(0, memcmp(inner_integrity.buffer, 1103 integrity_value.data(), 1104 inner_integrity.size)); 1105 TPM2B_SENSITIVE sensitive_data; 1106 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private, 1107 &sensitive_data, NULL)); 1108 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size()); 1109 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer, 1110 password.data(), password.size())); 1111 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size, 1112 prime_factor.size()); 1113 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer, 1114 prime_factor.data(), prime_factor.size())); 1115} 1116 1117TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) { 1118 uint32_t public_exponent = 0x10001; 1119 std::string modulus(256, 'a'); 1120 std::string prime_factor(128, 'b'); 1121 std::string password; 1122 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1123 .WillOnce(Return(TPM_RC_SUCCESS)); 1124 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey( 1125 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1126 modulus, 1127 public_exponent, 1128 prime_factor, 1129 password, 1130 &mock_authorization_delegate_, 1131 NULL)); 1132} 1133 1134TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) { 1135 uint32_t public_exponent = 0x10001; 1136 std::string modulus(256, 'a'); 1137 std::string prime_factor(128, 'b'); 1138 std::string password; 1139 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1140 .WillOnce(Return(TPM_RC_FAILURE)); 1141 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey( 1142 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1143 modulus, 1144 public_exponent, 1145 prime_factor, 1146 password, 1147 &mock_authorization_delegate_, 1148 NULL)); 1149} 1150 1151TEST_F(TpmUtilityTest, ImportRSAKeyFail) { 1152 std::string modulus; 1153 std::string prime_factor; 1154 std::string password; 1155 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1156 .WillOnce(Return(TPM_RC_FAILURE)); 1157 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey( 1158 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1159 modulus, 1160 0x10001, 1161 prime_factor, 1162 password, 1163 &mock_authorization_delegate_, 1164 NULL)); 1165} 1166 1167TEST_F(TpmUtilityTest, CreateAndLoadRSAKeyDecryptSuccess) { 1168 TPM_HANDLE key_handle; 1169 TPM2B_PUBLIC public_area; 1170 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, 1171 &mock_authorization_delegate_)) 1172 .WillOnce(DoAll(SaveArg<2>(&public_area), 1173 Return(TPM_RC_SUCCESS))); 1174 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, 1175 &mock_authorization_delegate_)) 1176 .WillOnce(Return(TPM_RC_SUCCESS)); 1177 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateAndLoadRSAKey( 1178 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1179 "password", 1180 &mock_authorization_delegate_, 1181 &key_handle, 1182 NULL)); 1183 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1184 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0); 1185 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1186 TPM_ALG_NULL); 1187} 1188 1189TEST_F(TpmUtilityTest, CreateAndLoadRSAKeySignSuccess) { 1190 TPM_HANDLE key_handle; 1191 TPM2B_PUBLIC public_area; 1192 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1193 .WillOnce(DoAll(SaveArg<2>(&public_area), 1194 Return(TPM_RC_SUCCESS))); 1195 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1196 .WillOnce(Return(TPM_RC_SUCCESS)); 1197 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateAndLoadRSAKey( 1198 TpmUtility::AsymmetricKeyUsage::kSignKey, 1199 "password", 1200 &mock_authorization_delegate_, 1201 &key_handle, 1202 NULL)); 1203 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1204 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0); 1205 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1206 TPM_ALG_NULL); 1207} 1208 1209TEST_F(TpmUtilityTest, CreateAndLoadRSAKeyLegacySuccess) { 1210 TPM_HANDLE key_handle; 1211 TPM2B_PUBLIC public_area; 1212 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1213 .WillOnce(DoAll(SaveArg<2>(&public_area), 1214 Return(TPM_RC_SUCCESS))); 1215 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1216 .WillOnce(Return(TPM_RC_SUCCESS)); 1217 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateAndLoadRSAKey( 1218 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 1219 "password", 1220 &mock_authorization_delegate_, 1221 &key_handle, 1222 NULL)); 1223 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1224 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1225 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1226 TPM_ALG_NULL); 1227} 1228 1229TEST_F(TpmUtilityTest, CreateAndLoadRSAKeyFail1) { 1230 TPM_HANDLE key_handle; 1231 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1232 .WillOnce(Return(TPM_RC_FAILURE)); 1233 EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateAndLoadRSAKey( 1234 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1235 "password", 1236 &mock_authorization_delegate_, 1237 &key_handle, 1238 NULL)); 1239} 1240 1241TEST_F(TpmUtilityTest, CreateAndLoadRSAKeyFail2) { 1242 TPM_HANDLE key_handle; 1243 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1244 .WillOnce(Return(TPM_RC_SUCCESS)); 1245 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1246 .WillOnce(Return(TPM_RC_FAILURE)); 1247 EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateAndLoadRSAKey( 1248 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1249 "password", 1250 &mock_authorization_delegate_, 1251 &key_handle, 1252 NULL)); 1253} 1254 1255TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) { 1256 uint32_t index = 59; 1257 uint32_t nvram_index = NV_INDEX_FIRST + index; 1258 size_t length = 256; 1259 TPM2B_NV_PUBLIC public_data; 1260 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1261 .WillOnce(DoAll(SaveArg<3>(&public_data), 1262 Return(TPM_RC_SUCCESS))); 1263 EXPECT_EQ(TPM_RC_SUCCESS, utility_.DefineNVSpace( 1264 index, length, &mock_authorization_delegate_)); 1265 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index); 1266 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256); 1267 EXPECT_EQ(public_data.nv_public.attributes, 1268 TPMA_NV_OWNERWRITE | TPMA_NV_WRITEDEFINE | TPMA_NV_AUTHREAD); 1269 EXPECT_EQ(public_data.nv_public.data_size, length); 1270} 1271 1272TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) { 1273 size_t bad_length = 3000; 1274 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1275 utility_.DefineNVSpace(0, bad_length, &mock_authorization_delegate_)); 1276} 1277 1278TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) { 1279 uint32_t bad_index = 1<<29; 1280 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1281 utility_.DefineNVSpace(bad_index, 2, &mock_authorization_delegate_)); 1282} 1283 1284TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) { 1285 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DefineNVSpace(0, 2, NULL)); 1286} 1287 1288TEST_F(TpmUtilityTest, DefineNVSpaceFail) { 1289 uint32_t index = 59; 1290 size_t length = 256; 1291 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1292 .WillOnce(Return(TPM_RC_FAILURE)); 1293 EXPECT_EQ(TPM_RC_FAILURE, 1294 utility_.DefineNVSpace(index, length, &mock_authorization_delegate_)); 1295} 1296 1297TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) { 1298 uint32_t index = 53; 1299 uint32_t nvram_index = NV_INDEX_FIRST + index; 1300 EXPECT_CALL(mock_tpm_, 1301 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)); 1302 EXPECT_EQ(TPM_RC_SUCCESS, 1303 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1304} 1305 1306TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) { 1307 uint32_t bad_index = 1<<29; 1308 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1309 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_)); 1310} 1311 1312TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) { 1313 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, NULL)); 1314} 1315 1316TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) { 1317 uint32_t index = 53; 1318 uint32_t nvram_index = NV_INDEX_FIRST + index; 1319 EXPECT_CALL(mock_tpm_, 1320 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1321 .WillOnce(Return(TPM_RC_FAILURE)); 1322 EXPECT_EQ(TPM_RC_FAILURE, 1323 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1324} 1325 1326TEST_F(TpmUtilityTest, LockNVSpaceSuccess) { 1327 uint32_t index = 53; 1328 uint32_t nvram_index = NV_INDEX_FIRST + index; 1329 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(nvram_index, _, nvram_index, _, _)) 1330 .WillOnce(Return(TPM_RC_SUCCESS)); 1331 EXPECT_EQ(TPM_RC_SUCCESS, 1332 utility_.LockNVSpace(index, &mock_authorization_delegate_)); 1333 TPMS_NV_PUBLIC public_area; 1334 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1335 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITELOCKED, TPMA_NV_WRITELOCKED); 1336} 1337 1338TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) { 1339 uint32_t bad_index = 1<<24; 1340 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1341 utility_.LockNVSpace(bad_index, &mock_authorization_delegate_)); 1342} 1343 1344TEST_F(TpmUtilityTest, LockNVSpaceBadSession) { 1345 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LockNVSpace(52, NULL)); 1346} 1347 1348TEST_F(TpmUtilityTest, LockNVSpaceFailure) { 1349 uint32_t index = 53; 1350 uint32_t nvram_index = NV_INDEX_FIRST + index; 1351 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(nvram_index, _, nvram_index, _, _)) 1352 .WillOnce(Return(TPM_RC_FAILURE)); 1353 EXPECT_EQ(TPM_RC_FAILURE, 1354 utility_.LockNVSpace(index, &mock_authorization_delegate_)); 1355} 1356 1357TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) { 1358 uint32_t index = 53; 1359 uint32_t offset = 5; 1360 uint32_t nvram_index = NV_INDEX_FIRST + index; 1361 EXPECT_CALL(mock_tpm_, 1362 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1363 .WillOnce(Return(TPM_RC_SUCCESS)); 1364 EXPECT_EQ(TPM_RC_SUCCESS, utility_.WriteNVSpace( 1365 index, offset, "", &mock_authorization_delegate_)); 1366 TPMS_NV_PUBLIC public_area; 1367 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1368 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN); 1369} 1370 1371TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) { 1372 uint32_t index = 53; 1373 std::string nvram_data(1025, 0); 1374 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.WriteNVSpace( 1375 index, 0, nvram_data, &mock_authorization_delegate_)); 1376} 1377 1378TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) { 1379 uint32_t bad_index = 1<<24; 1380 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.WriteNVSpace( 1381 bad_index, 0, "", &mock_authorization_delegate_)); 1382} 1383 1384TEST_F(TpmUtilityTest, WriteNVSpaceBadSessions) { 1385 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.WriteNVSpace(53, 0, "", NULL)); 1386} 1387 1388TEST_F(TpmUtilityTest, WriteNVSpaceFailure) { 1389 uint32_t index = 53; 1390 uint32_t offset = 5; 1391 uint32_t nvram_index = NV_INDEX_FIRST + index; 1392 EXPECT_CALL(mock_tpm_, 1393 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1394 .WillOnce(Return(TPM_RC_FAILURE)); 1395 EXPECT_EQ(TPM_RC_FAILURE, utility_.WriteNVSpace( 1396 index, offset, "", &mock_authorization_delegate_)); 1397} 1398 1399TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) { 1400 uint32_t index = 53; 1401 uint32_t offset = 5; 1402 uint32_t nv_index = NV_INDEX_FIRST + index; 1403 size_t length = 24; 1404 std::string nvram_data; 1405 EXPECT_CALL(mock_tpm_, 1406 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1407 .WillOnce(Return(TPM_RC_SUCCESS)); 1408 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadNVSpace( 1409 index, offset, length, &nvram_data, &mock_authorization_delegate_)); 1410} 1411 1412TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) { 1413 size_t length = 1025; 1414 std::string nvram_data; 1415 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.ReadNVSpace( 1416 52, 0, length, &nvram_data, &mock_authorization_delegate_)); 1417} 1418 1419TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) { 1420 uint32_t bad_index = 1<<24; 1421 std::string nvram_data; 1422 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.ReadNVSpace( 1423 bad_index, 0, 5, &nvram_data, &mock_authorization_delegate_)); 1424} 1425 1426TEST_F(TpmUtilityTest, ReadNVSpaceBadSession) { 1427 std::string nvram_data; 1428 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1429 utility_.ReadNVSpace(53, 0, 5, &nvram_data, NULL)); 1430} 1431 1432TEST_F(TpmUtilityTest, ReadNVSpaceFailure) { 1433 uint32_t index = 53; 1434 uint32_t offset = 5; 1435 uint32_t nv_index = NV_INDEX_FIRST + index; 1436 size_t length = 24; 1437 std::string nvram_data; 1438 EXPECT_CALL(mock_tpm_, 1439 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1440 .WillOnce(Return(TPM_RC_FAILURE)); 1441 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadNVSpace( 1442 index, offset, length, &nvram_data, &mock_authorization_delegate_)); 1443} 1444 1445TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) { 1446 uint32_t index = 53; 1447 uint32_t nvram_index = NV_INDEX_FIRST + index; 1448 std::string name; 1449 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1450 .WillOnce(Return(TPM_RC_SUCCESS)); 1451 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name)); 1452} 1453 1454TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) { 1455 uint32_t index = 53; 1456 std::string name; 1457 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1458 .WillOnce(Return(TPM_RC_FAILURE)); 1459 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name)); 1460} 1461 1462TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) { 1463 uint32_t index = 53; 1464 TPMS_NV_PUBLIC public_area; 1465 SetNVRAMMap(index, public_area); 1466 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1467 .Times(0); 1468 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1469} 1470 1471TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) { 1472 uint32_t index = 53; 1473 uint32_t nvram_index = NV_INDEX_FIRST + index; 1474 TPMS_NV_PUBLIC public_area; 1475 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1476 .WillOnce(Return(TPM_RC_SUCCESS)); 1477 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1478} 1479 1480TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) { 1481 uint32_t index = 53; 1482 TPMS_NV_PUBLIC public_area; 1483 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1484 .WillOnce(Return(TPM_RC_FAILURE)); 1485 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area)); 1486} 1487 1488TEST_F(TpmUtilityTest, RootKeysSuccess) { 1489 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1490} 1491 1492TEST_F(TpmUtilityTest, RootKeysHandleConsistency) { 1493 TPM_HANDLE test_handle = 42; 1494 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1495 .WillRepeatedly(DoAll(SetArgPointee<3>(test_handle), 1496 Return(TPM_RC_SUCCESS))); 1497 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1498 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1499 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1500} 1501 1502TEST_F(TpmUtilityTest, RootKeysCreateFailure) { 1503 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1504 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1505 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1506} 1507 1508TEST_F(TpmUtilityTest, RootKeysPersistFailure) { 1509 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1510 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1511 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1512} 1513 1514TEST_F(TpmUtilityTest, SaltingKeySuccess) { 1515 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1516} 1517 1518TEST_F(TpmUtilityTest, SaltingKeyConsistency) { 1519 TPM_HANDLE test_handle = 42; 1520 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1521 .WillRepeatedly(DoAll(SetArgPointee<4>(test_handle), 1522 Return(TPM_RC_SUCCESS))); 1523 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1524 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1525 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1526} 1527 1528TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) { 1529 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1530 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1531 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1532} 1533 1534TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) { 1535 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1536 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1537 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1538} 1539 1540TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) { 1541 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1542 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1543 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1544} 1545 1546} // namespace trunks 1547