1bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 2bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Copyright (C) 2014 The Android Open Source Project 3bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 4bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Licensed under the Apache License, Version 2.0 (the "License"); 5bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// you may not use this file except in compliance with the License. 6bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// You may obtain a copy of the License at 7bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 8bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// http://www.apache.org/licenses/LICENSE-2.0 9bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 10bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Unless required by applicable law or agreed to in writing, software 11bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// distributed under the License is distributed on an "AS IS" BASIS, 12bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// See the License for the specific language governing permissions and 14bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// limitations under the License. 15bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 162523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 172523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi#include <string> 182523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 192523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi#include <gtest/gtest.h> 202523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 21343cb530db4edbc0f09718af0a96ddb6c5430b18Utkarsh Sanghi#include "trunks/password_authorization_delegate.h" 22343cb530db4edbc0f09718af0a96ddb6c5430b18Utkarsh Sanghi 232523646902038fce96c2407bae483e79367189cfUtkarsh Sanghinamespace trunks { 242523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 252523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// This test looks at initialization of the delegate with no password. 262523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// It should initailize with a zero length internal password buffer. 27a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(PasswordAuthorizationDelegateTest, NullInitialization) { 28a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren Krahn PasswordAuthorizationDelegate delegate(""); 292523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(delegate.password_.size, 0); 302523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} 312523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 322523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// This test checks the generation of an authorization structure by the 332523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// delegate. It compared the serialized structure generated by the delegate 342523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// to the expected authorization string. 35a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(PasswordAuthorizationDelegateTest, SerializationTest) { 364dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn std::string expected_auth( 374dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x40\x00\x00\x09" // session_handle = TPM_RS_PW 384dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x00" // nonce = zero length buffer 394dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x01" // session_attributes = continueSession 404dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x06" // password length 414dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "secret", // password 424dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn 15); 43a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren Krahn PasswordAuthorizationDelegate delegate("secret"); 442523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string authorization; 452523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string command_hash; 464dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn bool authorization_result = delegate.GetCommandAuthorization( 474dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn command_hash, false, false, &authorization); 482523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(authorization_result, true); 492523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(authorization.length(), expected_auth.length()); 502523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(expected_auth.compare(authorization), 0); 512523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} 522523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 532523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// This test looks at the delegate's ability to parse and check authorization 542523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// responses when the response is well formed. 55a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(PasswordAuthorizationDelegateTest, ParseGoodParams) { 564dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn std::string auth_response( 574dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x00" // nonceTpm = zero length buffer 584dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x01" // session_attributes = continueSession 594dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x00", // hmac = zero length buffer 604dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn 5); 61a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren Krahn PasswordAuthorizationDelegate delegate("secret"); 622523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string response_hash; 634dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn bool authorization_result = 644dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn delegate.CheckResponseAuthorization(response_hash, auth_response); 652523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(authorization_result, true); 662523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} 672523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 682523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// This test checks the delegate's ability to correctly identify an incorrect 692523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// authorization response. 70a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(PasswordAuthorizationDelegateTest, ParseBadParams) { 714dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn std::string auth_response( 724dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x00" // nonceTpm = zero length buffer 734dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x01" // session_attributes = continueSession 744dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "\x00\x06" // password length 754dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn "secret", // password 764dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn 11); 77a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren Krahn PasswordAuthorizationDelegate delegate("secret"); 782523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string response_hash; 794dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn bool authorization_result = 804dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahn delegate.CheckResponseAuthorization(response_hash, auth_response); 812523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(authorization_result, false); 822523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} 832523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 842523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// This test confirms that after encrypting and decrypting a parameter, 852523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi// we get the original parameter back. 86a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) { 87a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren Krahn PasswordAuthorizationDelegate delegate("secret"); 882523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string plaintext_parameter("parameter"); 892523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi std::string encrypted_parameter(plaintext_parameter); 902523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 912523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi delegate.EncryptCommandParameter(&encrypted_parameter); 922523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi delegate.DecryptResponseParameter(&encrypted_parameter); 932523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); 942523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} 952523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi 962523646902038fce96c2407bae483e79367189cfUtkarsh Sanghi} // namespace trunks 97