hmac_authorization_delegate_test.cc revision e8b9a556d4561617747fed4ee5ced70fce9a4392 
14261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// Copyright 2014 The Chromium OS Authors. All rights reserved.
24261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// Use of this source code is governed by a BSD-style license that can be
34261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// found in the LICENSE file.
44261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
5d581495dde2e22e0522e1b14b8399d993d84d3fcAlex Deymo#include "trunks/hmac_authorization_delegate.h"
6d581495dde2e22e0522e1b14b8399d993d84d3fcAlex Deymo
74261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi#include <string>
84261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
94261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi#include <gtest/gtest.h>
104261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
114261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghinamespace trunks {
124261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
13a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, UninitializedSessionTest) {
140adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi  HmacAuthorizationDelegate delegate;
154261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string dummy;
164261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string p_hash("test");
171aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.GetCommandAuthorization(p_hash, false, false, &dummy));
181aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, dummy.size());
191aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.CheckResponseAuthorization(p_hash, dummy));
201aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.EncryptCommandParameter(&dummy));
211aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.DecryptResponseParameter(&dummy));
224261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}
234261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
24a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, SessionKeyTest) {
250adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi  HmacAuthorizationDelegate delegate;
264261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPM2B_NONCE nonce;
274261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  nonce.size = kAesKeySize;
284261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  memset(nonce.buffer, 0, nonce.size);
294261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPM_HANDLE dummy_handle = HMAC_SESSION_FIRST;
301aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, std::string(),
311aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                   std::string(), false));
321aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, delegate.session_key_.size());
334261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
344261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string dummy_auth = std::string("authorization");
354261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string dummy_salt = std::string("salt");
361aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, dummy_salt,
371aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                   dummy_auth, false));
381aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kHashDigestSize, delegate.session_key_.size());
394261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  // TODO(usanghi): Use TCG TPM2.0 test vectors when available.
4002135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi  std::string expected_key("\xfb\x2f\x3c\x33\x65\x3e\xdc\x47"
4102135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi                           "\xda\xbe\x4e\xb7\xf4\x6c\x19\x4d"
4202135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi                           "\xea\x50\xb2\x11\x54\x45\x32\x73"
4302135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi                           "\x47\x38\xef\xb3\x4a\x82\x29\x94",
444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi                           kHashDigestSize);
451aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, expected_key.compare(delegate.session_key_));
464261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}
474261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
48a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, EncryptDecryptTest) {
490adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi  HmacAuthorizationDelegate delegate;
504261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string plaintext_parameter("parameter");
514261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string encrypted_parameter(plaintext_parameter);
521aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Test with session not initialized.
531aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.EncryptCommandParameter(&encrypted_parameter));
541aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_FALSE(delegate.DecryptResponseParameter(&encrypted_parameter));
551aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Test with encryption not enabled.
564261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPM_HANDLE dummy_handle = HMAC_SESSION_FIRST;
574261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPM2B_NONCE nonce;
584261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  nonce.size = kAesKeySize;
5902135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi  std::string salt("salt");
601aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  ASSERT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, salt,
611aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                   std::string(), false));
621aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.EncryptCommandParameter(&encrypted_parameter));
631aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter));
641aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.DecryptResponseParameter(&encrypted_parameter));
651aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter));
661aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Test with encryption enabled.
671aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  ASSERT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, salt,
681aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                   std::string(), true));
691aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.EncryptCommandParameter(&encrypted_parameter));
701aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_NE(0, plaintext_parameter.compare(encrypted_parameter));
71e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // Calling EncryptCommandParameter regenerated the caller_nonce.
72e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // We need to manually switch tpm_nonce and caller_nonce to ensure
73e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // that DecryptResponseParameter has the correct nonces.
74e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  delegate.tpm_nonce_ = delegate.caller_nonce_;
75e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  delegate.caller_nonce_ = nonce;
761aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate.DecryptResponseParameter(&encrypted_parameter));
771aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter));
784261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}
794261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
801aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahnclass HmacAuthorizationDelegateFixture : public testing::Test {
811aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn public:
821aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  HmacAuthorizationDelegateFixture() {}
831aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  ~HmacAuthorizationDelegateFixture() override {}
841aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
851aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  void SetUp() {
861aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn    session_handle_ = HMAC_SESSION_FIRST;
871aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn    session_nonce_.size = kAesKeySize;
881aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn    memset(session_nonce_.buffer, 0, kAesKeySize);
891aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn    ASSERT_TRUE(delegate_.InitSession(session_handle_,
901aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                      session_nonce_,  // TPM nonce.
911aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                      session_nonce_,  // Caller nonce.
921aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                      std::string(),   // Salt.
931aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                      std::string(),   // Bind auth value.
941aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                      false));         // Enable encryption.
951aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  }
961aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
971aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn protected:
981aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  TPM_HANDLE session_handle_;
991aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  TPM2B_NONCE session_nonce_;
1001aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  HmacAuthorizationDelegate delegate_;
1011aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn};
1021aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
103e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh SanghiTEST_F(HmacAuthorizationDelegateFixture, NonceRegenerationTest) {
104e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  ASSERT_TRUE(delegate_.InitSession(session_handle_,
105e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                    session_nonce_,  // TPM nonce.
106e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                    session_nonce_,  // Caller nonce.
107e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                    std::string(),   // Salt.
108e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                    std::string(),   // Bind auth value.
109e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                    true));          // Enable encryption.
110e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  TPM2B_NONCE original_nonce = session_nonce_;
111e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size);
112e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(0, memcmp(delegate_.caller_nonce_.buffer,
113e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.buffer,
114e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.size));
115e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // First we check that performing GetCommandAuthorization resets the nonce.
116e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  std::string command_hash;
117e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  std::string authorization;
118e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false,
119e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                                &authorization));
120e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size);
121e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_NE(0, memcmp(delegate_.caller_nonce_.buffer,
122e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.buffer,
123e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.size));
124e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // Now we check that GetCommandAuthorization does not reset nonce
125e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  // when EncryptCommandParameter is called first.
126e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  original_nonce = delegate_.caller_nonce_;
127e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  std::string parameter;
128e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_TRUE(delegate_.EncryptCommandParameter(&parameter));
129e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size);
130e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_NE(0, memcmp(delegate_.caller_nonce_.buffer,
131e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.buffer,
132e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.size));
133e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  original_nonce = delegate_.caller_nonce_;
134e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false,
135e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                                                &authorization));
136e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size);
137e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(0, memcmp(delegate_.caller_nonce_.buffer,
138e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.buffer,
139e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi                      original_nonce.size));
140e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi}
141e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi
1421aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, CommandAuthTest) {
1434261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string command_hash;
1444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string authorization;
1451aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false,
1461aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
1474261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPMS_AUTH_COMMAND auth_command;
1484261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string auth_bytes;
1491aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
1501aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
1511aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
1521aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(auth_command.session_handle, session_handle_);
1531aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(auth_command.nonce.size, session_nonce_.size);
1541aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kContinueSession, auth_command.session_attributes);
1551aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kHashDigestSize, auth_command.hmac.size);
1564261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}
1574261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
1581aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, ResponseAuthTest) {
1594261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  TPMS_AUTH_RESPONSE auth_response;
1604261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  auth_response.session_attributes = kContinueSession;
1614261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  auth_response.nonce.size = kAesKeySize;
1624261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  memset(auth_response.nonce.buffer, 0, kAesKeySize);
1634261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  auth_response.hmac.size = kHashDigestSize;
1644261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  // TODO(usanghi): Use TCG TPM2.0 test vectors when available.
1654261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  uint8_t hmac_buffer[kHashDigestSize] =
1664261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi      {0x37, 0x69, 0xaf, 0x12, 0xff, 0x4d, 0xbf, 0x44,
1674261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi       0xe5, 0x16, 0xa2, 0x2d, 0x1d, 0x05, 0x12, 0xe8,
1684261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi       0xbc, 0x42, 0x51, 0x6d, 0x59, 0xe8, 0xbf, 0x40,
1694261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi       0x1e, 0xa3, 0x46, 0xa4, 0xd6, 0x0d, 0xcc, 0xf7};
1704261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  memcpy(auth_response.hmac.buffer, hmac_buffer, kHashDigestSize);
1714261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string response_hash;
1724261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi  std::string authorization;
1731aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Serialize_TPMS_AUTH_RESPONSE(auth_response,
1741aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                         &authorization));
1751aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.CheckResponseAuthorization(response_hash,
1761aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                   authorization));
1771aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn}
1781aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
1791aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, SessionAttributes) {
1801aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  const uint8_t kDecryptSession = 1<<5;
1811aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  const uint8_t kEncryptSession = 1<<6;
1821aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
1831aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption disabled and not possible for command.
1841aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  std::string authorization;
1851aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, false,
1861aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
1871aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  TPMS_AUTH_COMMAND auth_command;
1881aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  std::string auth_bytes;
1891aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
1901aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
1911aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
1921aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kContinueSession, auth_command.session_attributes);
1931aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
1941aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption disabled and possible for command.
1951aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, true,
1961aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
1971aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
1981aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
1991aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
2001aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kContinueSession, auth_command.session_attributes);
2011aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
2021aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption enabled and not possible for command.
2031aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  ASSERT_TRUE(delegate_.InitSession(session_handle_,
2041aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                    session_nonce_,  // TPM nonce.
2051aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                    session_nonce_,  // Caller nonce.
2061aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                    std::string(),   // Salt.
2071aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                    std::string(),   // Bind auth value.
2081aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                    true));          // Enable encryption.
2091aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, false,
2101aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
2111aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
2121aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
2131aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
2141aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kContinueSession, auth_command.session_attributes);
2151aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
2161aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption enabled and possible only for command input.
2171aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, false,
2181aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
2191aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
2201aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
2211aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
222e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(kContinueSession | kDecryptSession,
2231aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn            auth_command.session_attributes);
2241aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
2251aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption enabled and possible only for command output.
2261aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, true,
2271aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
2281aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
2291aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
2301aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
231e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  EXPECT_EQ(kContinueSession | kEncryptSession,
2321aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn            auth_command.session_attributes);
2331aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn
2341aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  // Encryption enabled and possible for command input and output.
2351aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, true,
2361aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                &authorization));
2371aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization,
2381aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_command,
2391aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn                                                    &auth_bytes));
2401aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn  EXPECT_EQ(kContinueSession | kEncryptSession | kDecryptSession,
2411aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn            auth_command.session_attributes);
2424261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}
2434261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi
2444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi}  // namespace trunks
245