1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "tpm_manager/server/tpm2_nvram_impl.h" 18 19#include <gmock/gmock.h> 20#include <gtest/gtest.h> 21#include <trunks/mock_hmac_session.h> 22#include <trunks/mock_policy_session.h> 23#include <trunks/mock_tpm_utility.h> 24#include <trunks/tpm_constants.h> 25#include <trunks/trunks_factory_for_test.h> 26 27#include "tpm_manager/server/mock_local_data_store.h" 28 29namespace { 30 31constexpr char kTestOwnerPassword[] = "owner"; 32constexpr char kFakePolicyDigest[] = "fake_policy_digest"; 33constexpr char kFakePCRValue[] = "fake_pcr_value"; 34constexpr char kFakeAuthorizationValue[] = "fake_authorization"; 35trunks::AuthorizationDelegate* const kHMACAuth = 36 reinterpret_cast<trunks::AuthorizationDelegate*>(1ull); 37trunks::AuthorizationDelegate* const kPolicyAuth = 38 reinterpret_cast<trunks::AuthorizationDelegate*>(2ull); 39constexpr trunks::TPMA_NV kNoExtraAttributes = 0; 40 41} // namespace 42 43namespace tpm_manager { 44 45using testing::_; 46using testing::AnyNumber; 47using testing::AtLeast; 48using testing::DoAll; 49using testing::Mock; 50using testing::NiceMock; 51using testing::Return; 52using testing::SetArgPointee; 53using trunks::TPM_RC_SUCCESS; 54using trunks::TPM_RC_FAILURE; 55using trunks::TPM_RC_HANDLE; 56 57class Tpm2NvramTest : public testing::Test { 58 public: 59 Tpm2NvramTest() = default; 60 virtual ~Tpm2NvramTest() = default; 61 62 void SetUp() { 63 factory_.set_hmac_session(&mock_hmac_session_); 64 factory_.set_policy_session(&mock_policy_session_); 65 factory_.set_trial_session(&mock_trial_session_); 66 factory_.set_tpm_utility(&mock_tpm_utility_); 67 tpm_nvram_.reset(new Tpm2NvramImpl(factory_, &mock_data_store_)); 68 ON_CALL(mock_hmac_session_, GetDelegate()).WillByDefault(Return(kHMACAuth)); 69 ON_CALL(mock_policy_session_, GetDelegate()) 70 .WillByDefault(Return(kPolicyAuth)); 71 ON_CALL(mock_policy_session_, GetDigest(_)) 72 .WillByDefault( 73 DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS))); 74 ON_CALL(mock_trial_session_, GetDigest(_)) 75 .WillByDefault( 76 DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS))); 77 } 78 79 void SetupOwnerPassword() { 80 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 81 local_data.set_owner_password(kTestOwnerPassword); 82 } 83 84 enum ExpectAuth { NO_EXPECT_AUTH, EXPECT_AUTH }; 85 enum AuthType { NORMAL_AUTH, POLICY_AUTH, OWNER_AUTH }; 86 void SetupExistingSpace(uint32_t index, 87 uint32_t size, 88 trunks::TPMA_NV extra_attributes, 89 ExpectAuth expect_auth, 90 AuthType auth_type) { 91 trunks::TPMS_NV_PUBLIC public_data; 92 public_data.nv_index = index; 93 public_data.data_size = size; 94 public_data.attributes = trunks::TPMA_NV_READ_STCLEAR | 95 trunks::TPMA_NV_WRITE_STCLEAR | extra_attributes; 96 switch (auth_type) { 97 case NORMAL_AUTH: 98 public_data.attributes |= 99 trunks::TPMA_NV_AUTHREAD | trunks::TPMA_NV_AUTHWRITE; 100 break; 101 case POLICY_AUTH: 102 public_data.attributes |= 103 trunks::TPMA_NV_POLICYREAD | trunks::TPMA_NV_POLICYWRITE; 104 break; 105 case OWNER_AUTH: 106 public_data.attributes |= 107 trunks::TPMA_NV_OWNERREAD | trunks::TPMA_NV_OWNERWRITE; 108 break; 109 } 110 ON_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _)) 111 .WillByDefault( 112 DoAll(SetArgPointee<1>(public_data), Return(TPM_RC_SUCCESS))); 113 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 114 NvramPolicyRecord& policy_record = *local_data.add_nvram_policy(); 115 policy_record.set_index(index); 116 if (auth_type == POLICY_AUTH) { 117 policy_record.set_policy(NVRAM_POLICY_PCR0); 118 } 119 if (!expect_auth) { 120 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue(_)).Times(0); 121 EXPECT_CALL(mock_policy_session_, SetEntityAuthorizationValue(_)) 122 .Times(0); 123 EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(0); 124 } else if (auth_type == NORMAL_AUTH) { 125 EXPECT_CALL(mock_hmac_session_, 126 SetEntityAuthorizationValue(kFakeAuthorizationValue)) 127 .Times(AtLeast(1)); 128 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0); 129 } else if (auth_type == OWNER_AUTH) { 130 EXPECT_CALL(mock_hmac_session_, 131 SetEntityAuthorizationValue(kTestOwnerPassword)) 132 .Times(AtLeast(1)); 133 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0); 134 } else { 135 EXPECT_CALL(mock_policy_session_, 136 SetEntityAuthorizationValue(kFakeAuthorizationValue)) 137 .Times(AtLeast(1)); 138 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0); 139 EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _)) 140 .Times(AtLeast(1)) 141 .WillRepeatedly( 142 DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS))); 143 EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(AtLeast(1)); 144 EXPECT_CALL(mock_policy_session_, PolicyPCR(0, kFakePCRValue)) 145 .Times(AtLeast(1)); 146 } 147 } 148 149 protected: 150 trunks::TrunksFactoryForTest factory_; 151 NiceMock<trunks::MockHmacSession> mock_hmac_session_; 152 NiceMock<trunks::MockPolicySession> mock_policy_session_; 153 NiceMock<trunks::MockPolicySession> mock_trial_session_; 154 NiceMock<MockLocalDataStore> mock_data_store_; 155 NiceMock<trunks::MockTpmUtility> mock_tpm_utility_; 156 std::unique_ptr<Tpm2NvramImpl> tpm_nvram_; 157}; 158 159TEST_F(Tpm2NvramTest, NoOwnerFailure) { 160 EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED, 161 tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE)); 162 EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED, tpm_nvram_->DestroySpace(0)); 163} 164 165TEST_F(Tpm2NvramTest, SessionFailure) { 166 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(_)) 167 .WillRepeatedly(Return(TPM_RC_FAILURE)); 168 EXPECT_NE(NVRAM_RESULT_SUCCESS, 169 tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE)); 170 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(0)); 171 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->WriteSpace(0, "", "")); 172 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ReadSpace(0, nullptr, "")); 173 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->LockSpace(0, false, false, "")); 174} 175 176TEST_F(Tpm2NvramTest, DefineSpaceSuccess) { 177 SetupOwnerPassword(); 178 EXPECT_CALL(mock_hmac_session_, 179 SetEntityAuthorizationValue(kTestOwnerPassword)) 180 .Times(AtLeast(1)); 181 EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(0); 182 EXPECT_CALL(mock_trial_session_, PolicyPCR(_, _)).Times(0); 183 uint32_t index = 42; 184 size_t size = 20; 185 std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK}; 186 EXPECT_CALL( 187 mock_tpm_utility_, 188 DefineNVSpace(index, size, 189 trunks::TPMA_NV_WRITEDEFINE | trunks::TPMA_NV_POLICYWRITE | 190 trunks::TPMA_NV_POLICYREAD, 191 kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth)) 192 .WillOnce(Return(TPM_RC_SUCCESS)); 193 EXPECT_EQ( 194 NVRAM_RESULT_SUCCESS, 195 tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue, 196 NVRAM_POLICY_NONE)); 197 const LocalData& local_data = mock_data_store_.GetFakeData(); 198 EXPECT_EQ(1, local_data.nvram_policy_size()); 199 EXPECT_EQ(index, local_data.nvram_policy(0).index()); 200 EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy()); 201} 202 203TEST_F(Tpm2NvramTest, DefineSpaceFailure) { 204 SetupOwnerPassword(); 205 uint32_t index = 42; 206 size_t size = 20; 207 std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK}; 208 EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _)) 209 .WillRepeatedly(Return(TPM_RC_FAILURE)); 210 EXPECT_NE( 211 NVRAM_RESULT_SUCCESS, 212 tpm_nvram_->DefineSpace(index, size, attributes, "", NVRAM_POLICY_NONE)); 213} 214 215TEST_F(Tpm2NvramTest, DefineSpaceNoClobberOnError) { 216 SetupOwnerPassword(); 217 EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _)) 218 .WillOnce(Return(TPM_RC_SUCCESS)) 219 .WillRepeatedly(Return(TPM_RC_FAILURE)); 220 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 221 tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_NONE)); 222 EXPECT_NE(NVRAM_RESULT_SUCCESS, 223 tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_PCR0)); 224 const LocalData& local_data = mock_data_store_.GetFakeData(); 225 EXPECT_EQ(1, local_data.nvram_policy_size()); 226 EXPECT_EQ(0, local_data.nvram_policy(0).index()); 227 EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy()); 228} 229 230TEST_F(Tpm2NvramTest, DefineSpaceWithPolicy) { 231 SetupOwnerPassword(); 232 EXPECT_CALL(mock_hmac_session_, 233 SetEntityAuthorizationValue(kTestOwnerPassword)) 234 .Times(AtLeast(1)); 235 EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(AtLeast(1)); 236 EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _)) 237 .WillRepeatedly( 238 DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS))); 239 EXPECT_CALL(mock_trial_session_, PolicyPCR(0, kFakePCRValue)) 240 .Times(AtLeast(1)); 241 uint32_t index = 42; 242 size_t size = 20; 243 std::vector<NvramSpaceAttribute> attributes{NVRAM_WRITE_AUTHORIZATION}; 244 EXPECT_CALL( 245 mock_tpm_utility_, 246 DefineNVSpace(index, size, 247 trunks::TPMA_NV_POLICYWRITE | trunks::TPMA_NV_POLICYREAD, 248 kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth)) 249 .WillOnce(Return(TPM_RC_SUCCESS)); 250 EXPECT_EQ( 251 NVRAM_RESULT_SUCCESS, 252 tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue, 253 NVRAM_POLICY_PCR0)); 254} 255 256TEST_F(Tpm2NvramTest, DefineSpaceWithExistingLocalData) { 257 SetupOwnerPassword(); 258 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 259 local_data.add_nvram_policy()->set_index(0); 260 local_data.add_nvram_policy()->set_index(4); 261 local_data.add_nvram_policy()->set_index(1); 262 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 263 tpm_nvram_->DefineSpace(5, 32, {}, "", NVRAM_POLICY_NONE)); 264 EXPECT_EQ(4, local_data.nvram_policy_size()); 265 EXPECT_EQ(5, local_data.nvram_policy(3).index()); 266} 267 268TEST_F(Tpm2NvramTest, DefineSpaceClobberExistingLocalData) { 269 SetupOwnerPassword(); 270 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 271 local_data.add_nvram_policy()->set_index(0); 272 local_data.add_nvram_policy()->set_index(4); 273 local_data.add_nvram_policy()->set_index(1); 274 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 275 tpm_nvram_->DefineSpace(4, 32, {}, "", NVRAM_POLICY_NONE)); 276 EXPECT_EQ(3, local_data.nvram_policy_size()); 277 EXPECT_NE(local_data.nvram_policy(0).index(), 278 local_data.nvram_policy(1).index()); 279 EXPECT_NE(local_data.nvram_policy(0).index(), 280 local_data.nvram_policy(2).index()); 281 EXPECT_NE(local_data.nvram_policy(1).index(), 282 local_data.nvram_policy(2).index()); 283} 284 285TEST_F(Tpm2NvramTest, DestroySpaceSuccess) { 286 SetupOwnerPassword(); 287 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 288 uint32_t index = 42; 289 local_data.add_nvram_policy()->set_index(index); 290 EXPECT_CALL(mock_hmac_session_, 291 SetEntityAuthorizationValue(kTestOwnerPassword)) 292 .Times(AtLeast(1)); 293 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, kHMACAuth)) 294 .WillOnce(Return(TPM_RC_SUCCESS)); 295 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index)); 296 EXPECT_EQ(0, local_data.nvram_policy_size()); 297} 298 299TEST_F(Tpm2NvramTest, DestroySpaceFailure) { 300 SetupOwnerPassword(); 301 uint32_t index = 42; 302 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 303 local_data.add_nvram_policy()->set_index(index); 304 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, _)) 305 .WillRepeatedly(Return(TPM_RC_FAILURE)); 306 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index)); 307 EXPECT_EQ(1, local_data.nvram_policy_size()); 308} 309 310TEST_F(Tpm2NvramTest, DestroySpaceWithExistingLocalData) { 311 SetupOwnerPassword(); 312 LocalData& local_data = mock_data_store_.GetMutableFakeData(); 313 local_data.add_nvram_policy()->set_index(0); 314 local_data.add_nvram_policy()->set_index(1); 315 local_data.add_nvram_policy()->set_index(2); 316 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(1, kHMACAuth)) 317 .WillOnce(Return(TPM_RC_SUCCESS)); 318 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(1)); 319 EXPECT_EQ(2, local_data.nvram_policy_size()); 320 EXPECT_NE(1, local_data.nvram_policy(0).index()); 321 EXPECT_NE(1, local_data.nvram_policy(1).index()); 322} 323 324TEST_F(Tpm2NvramTest, WriteSpaceSuccess) { 325 uint32_t index = 42; 326 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 327 std::string data("data"); 328 EXPECT_CALL(mock_tpm_utility_, 329 WriteNVSpace(index, 0, data, false, false, kHMACAuth)) 330 .WillOnce(Return(TPM_RC_SUCCESS)); 331 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 332 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue)); 333} 334 335TEST_F(Tpm2NvramTest, WriteSpaceExtend) { 336 uint32_t index = 42; 337 SetupExistingSpace(index, 20, trunks::TPMA_NV_EXTEND, EXPECT_AUTH, 338 NORMAL_AUTH); 339 std::string data("data"); 340 EXPECT_CALL(mock_tpm_utility_, 341 WriteNVSpace(index, 0, data, false, true, kHMACAuth)) 342 .WillOnce(Return(TPM_RC_SUCCESS)); 343 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 344 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue)); 345} 346 347TEST_F(Tpm2NvramTest, WriteSpaceNonexistant) { 348 uint32_t index = 42; 349 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _)) 350 .WillRepeatedly(Return(TPM_RC_HANDLE)); 351 std::string read_data; 352 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST, 353 tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue)); 354} 355 356TEST_F(Tpm2NvramTest, WriteSpaceFailure) { 357 uint32_t index = 42; 358 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 359 EXPECT_CALL(mock_tpm_utility_, WriteNVSpace(index, _, _, _, _, _)) 360 .WillRepeatedly(Return(TPM_RC_FAILURE)); 361 EXPECT_NE(NVRAM_RESULT_SUCCESS, 362 tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue)); 363} 364 365TEST_F(Tpm2NvramTest, WriteSpacePolicy) { 366 uint32_t index = 42; 367 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH); 368 std::string data("data"); 369 EXPECT_CALL(mock_tpm_utility_, 370 WriteNVSpace(index, 0, data, false, false, kPolicyAuth)) 371 .WillOnce(Return(TPM_RC_SUCCESS)); 372 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 373 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue)); 374} 375 376TEST_F(Tpm2NvramTest, WriteSpaceOwner) { 377 uint32_t index = 42; 378 SetupOwnerPassword(); 379 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH); 380 std::string data("data"); 381 EXPECT_CALL(mock_tpm_utility_, 382 WriteNVSpace(index, 0, data, true, false, kHMACAuth)) 383 .WillOnce(Return(TPM_RC_SUCCESS)); 384 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 385 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue)); 386} 387 388TEST_F(Tpm2NvramTest, ReadSpaceSuccess) { 389 uint32_t index = 42; 390 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH, 391 NORMAL_AUTH); 392 std::string tpm_data("data"); 393 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, false, _, kHMACAuth)) 394 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS))); 395 std::string read_data; 396 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 397 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue)); 398 EXPECT_EQ(read_data, tpm_data); 399} 400 401TEST_F(Tpm2NvramTest, ReadSpaceNonexistant) { 402 uint32_t index = 42; 403 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _)) 404 .WillRepeatedly(Return(TPM_RC_HANDLE)); 405 std::string read_data; 406 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST, 407 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue)); 408} 409 410TEST_F(Tpm2NvramTest, ReadSpaceFailure) { 411 uint32_t index = 42; 412 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH, 413 NORMAL_AUTH); 414 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, _, _, _, _, _)) 415 .WillRepeatedly(Return(TPM_RC_FAILURE)); 416 std::string read_data; 417 EXPECT_NE(NVRAM_RESULT_SUCCESS, 418 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue)); 419} 420 421TEST_F(Tpm2NvramTest, ReadSpacePolicy) { 422 uint32_t index = 42; 423 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH, 424 POLICY_AUTH); 425 std::string tpm_data("data"); 426 EXPECT_CALL(mock_tpm_utility_, 427 ReadNVSpace(index, 0, 32, false, _, kPolicyAuth)) 428 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS))); 429 std::string read_data; 430 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 431 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue)); 432 EXPECT_EQ(read_data, tpm_data); 433} 434 435TEST_F(Tpm2NvramTest, ReadSpaceOwner) { 436 uint32_t index = 42; 437 SetupOwnerPassword(); 438 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH, 439 OWNER_AUTH); 440 std::string tpm_data("data"); 441 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, true, _, kHMACAuth)) 442 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS))); 443 std::string read_data; 444 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 445 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue)); 446 EXPECT_EQ(read_data, tpm_data); 447} 448 449TEST_F(Tpm2NvramTest, LockSpaceSuccess) { 450 uint32_t index = 42; 451 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 452 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth)) 453 .Times(AtLeast(1)); 454 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth)) 455 .Times(AtLeast(1)); 456 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 457 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue)); 458} 459 460TEST_F(Tpm2NvramTest, LockSpaceNonexistant) { 461 uint32_t index = 42; 462 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _)) 463 .WillOnce(Return(trunks::TPM_RC_HANDLE)); 464 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST, 465 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue)); 466} 467 468TEST_F(Tpm2NvramTest, LockSpaceFailure) { 469 uint32_t index = 42; 470 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 471 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(_, _, _, _, _)) 472 .WillRepeatedly(Return(TPM_RC_FAILURE)); 473 EXPECT_NE(NVRAM_RESULT_SUCCESS, 474 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue)); 475} 476 477TEST_F(Tpm2NvramTest, LockSpacePolicy) { 478 uint32_t index = 42; 479 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH); 480 EXPECT_CALL(mock_tpm_utility_, 481 LockNVSpace(index, true, _, false, kPolicyAuth)) 482 .Times(AtLeast(1)); 483 EXPECT_CALL(mock_tpm_utility_, 484 LockNVSpace(index, _, true, false, kPolicyAuth)) 485 .Times(AtLeast(1)); 486 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 487 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue)); 488} 489 490TEST_F(Tpm2NvramTest, LockSpaceOwner) { 491 uint32_t index = 42; 492 SetupOwnerPassword(); 493 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH); 494 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, true, kHMACAuth)) 495 .Times(AtLeast(1)); 496 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, true, kHMACAuth)) 497 .Times(AtLeast(1)); 498 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 499 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue)); 500} 501 502TEST_F(Tpm2NvramTest, LockSpaceRead) { 503 uint32_t index = 42; 504 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 505 EXPECT_CALL(mock_tpm_utility_, 506 LockNVSpace(index, true, false, false, kHMACAuth)) 507 .Times(AtLeast(1)); 508 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth)) 509 .Times(0); 510 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 511 tpm_nvram_->LockSpace(index, true, false, kFakeAuthorizationValue)); 512} 513 514TEST_F(Tpm2NvramTest, LockSpaceWrite) { 515 uint32_t index = 42; 516 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH); 517 EXPECT_CALL(mock_tpm_utility_, 518 LockNVSpace(index, false, true, false, kHMACAuth)) 519 .Times(AtLeast(1)); 520 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth)) 521 .Times(0); 522 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 523 tpm_nvram_->LockSpace(index, false, true, kFakeAuthorizationValue)); 524} 525 526TEST_F(Tpm2NvramTest, ListSpacesSuccess) { 527 std::vector<uint32_t> expected_spaces{1, 5, 42}; 528 std::vector<uint32_t> spaces; 529 EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_)) 530 .Times(AtLeast(1)) 531 .WillRepeatedly( 532 DoAll(SetArgPointee<0>(expected_spaces), Return(TPM_RC_SUCCESS))); 533 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces)); 534 EXPECT_EQ(spaces, expected_spaces); 535} 536 537TEST_F(Tpm2NvramTest, ListSpacesFailure) { 538 std::vector<uint32_t> spaces; 539 EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_)) 540 .WillRepeatedly(Return(TPM_RC_FAILURE)); 541 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces)); 542} 543 544TEST_F(Tpm2NvramTest, GetSpaceInfoSuccess) { 545 uint32_t index = 42; 546 SetupExistingSpace(index, 100, 547 trunks::TPMA_NV_READLOCKED | trunks::TPMA_NV_WRITELOCKED, 548 NO_EXPECT_AUTH, POLICY_AUTH); 549 size_t size; 550 bool is_read_locked; 551 bool is_write_locked; 552 std::vector<NvramSpaceAttribute> attributes; 553 NvramSpacePolicy policy; 554 EXPECT_EQ(NVRAM_RESULT_SUCCESS, 555 tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked, 556 &is_read_locked, &attributes, &policy)); 557 EXPECT_EQ(size, 100); 558 EXPECT_TRUE(is_read_locked); 559 EXPECT_TRUE(is_write_locked); 560 EXPECT_GE(attributes.size(), 1); 561 EXPECT_EQ(1, std::count(attributes.begin(), attributes.end(), 562 NVRAM_WRITE_AUTHORIZATION)); 563 EXPECT_EQ(NVRAM_POLICY_PCR0, policy); 564} 565 566TEST_F(Tpm2NvramTest, GetSpaceInfoFailure) { 567 uint32_t index = 42; 568 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _)) 569 .WillOnce(Return(TPM_RC_FAILURE)); 570 size_t size; 571 bool is_read_locked; 572 bool is_write_locked; 573 std::vector<NvramSpaceAttribute> attributes; 574 NvramSpacePolicy policy; 575 EXPECT_NE(NVRAM_RESULT_SUCCESS, 576 tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked, 577 &is_read_locked, &attributes, &policy)); 578} 579 580} // namespace tpm_manager 581