hmac_authorization_delegate_test.cc revision e8b9a556d4561617747fed4ee5ced70fce9a4392
14261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// Copyright 2014 The Chromium OS Authors. All rights reserved. 24261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// Use of this source code is governed by a BSD-style license that can be 34261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi// found in the LICENSE file. 44261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 5d581495dde2e22e0522e1b14b8399d993d84d3fcAlex Deymo#include "trunks/hmac_authorization_delegate.h" 6d581495dde2e22e0522e1b14b8399d993d84d3fcAlex Deymo 74261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi#include <string> 84261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 94261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi#include <gtest/gtest.h> 104261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 114261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghinamespace trunks { 124261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 13a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, UninitializedSessionTest) { 140adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi HmacAuthorizationDelegate delegate; 154261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string dummy; 164261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string p_hash("test"); 171aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.GetCommandAuthorization(p_hash, false, false, &dummy)); 181aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, dummy.size()); 191aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.CheckResponseAuthorization(p_hash, dummy)); 201aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.EncryptCommandParameter(&dummy)); 211aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.DecryptResponseParameter(&dummy)); 224261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} 234261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 24a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, SessionKeyTest) { 250adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi HmacAuthorizationDelegate delegate; 264261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPM2B_NONCE nonce; 274261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi nonce.size = kAesKeySize; 284261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi memset(nonce.buffer, 0, nonce.size); 294261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPM_HANDLE dummy_handle = HMAC_SESSION_FIRST; 301aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, std::string(), 311aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), false)); 321aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, delegate.session_key_.size()); 334261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 344261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string dummy_auth = std::string("authorization"); 354261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string dummy_salt = std::string("salt"); 361aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, dummy_salt, 371aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn dummy_auth, false)); 381aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kHashDigestSize, delegate.session_key_.size()); 394261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi // TODO(usanghi): Use TCG TPM2.0 test vectors when available. 4002135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi std::string expected_key("\xfb\x2f\x3c\x33\x65\x3e\xdc\x47" 4102135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi "\xda\xbe\x4e\xb7\xf4\x6c\x19\x4d" 4202135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi "\xea\x50\xb2\x11\x54\x45\x32\x73" 4302135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi "\x47\x38\xef\xb3\x4a\x82\x29\x94", 444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi kHashDigestSize); 451aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, expected_key.compare(delegate.session_key_)); 464261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} 474261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 48a19238f46d4341489fd1d3140df1bb09bdbd8f01Darren KrahnTEST(HmacAuthorizationDelegateTest, EncryptDecryptTest) { 490adc864900a88490fe92897438e13f00940b69b0Utkarsh Sanghi HmacAuthorizationDelegate delegate; 504261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string plaintext_parameter("parameter"); 514261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string encrypted_parameter(plaintext_parameter); 521aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Test with session not initialized. 531aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.EncryptCommandParameter(&encrypted_parameter)); 541aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_FALSE(delegate.DecryptResponseParameter(&encrypted_parameter)); 551aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Test with encryption not enabled. 564261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPM_HANDLE dummy_handle = HMAC_SESSION_FIRST; 574261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPM2B_NONCE nonce; 584261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi nonce.size = kAesKeySize; 5902135c88d5400e674ba2835ac60a54ec01c5e90fUtkarsh Sanghi std::string salt("salt"); 601aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn ASSERT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, salt, 611aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), false)); 621aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.EncryptCommandParameter(&encrypted_parameter)); 631aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter)); 641aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.DecryptResponseParameter(&encrypted_parameter)); 651aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter)); 661aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Test with encryption enabled. 671aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn ASSERT_TRUE(delegate.InitSession(dummy_handle, nonce, nonce, salt, 681aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), true)); 691aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.EncryptCommandParameter(&encrypted_parameter)); 701aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_NE(0, plaintext_parameter.compare(encrypted_parameter)); 71e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // Calling EncryptCommandParameter regenerated the caller_nonce. 72e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // We need to manually switch tpm_nonce and caller_nonce to ensure 73e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // that DecryptResponseParameter has the correct nonces. 74e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi delegate.tpm_nonce_ = delegate.caller_nonce_; 75e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi delegate.caller_nonce_ = nonce; 761aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate.DecryptResponseParameter(&encrypted_parameter)); 771aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(0, plaintext_parameter.compare(encrypted_parameter)); 784261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} 794261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 801aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahnclass HmacAuthorizationDelegateFixture : public testing::Test { 811aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn public: 821aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn HmacAuthorizationDelegateFixture() {} 831aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn ~HmacAuthorizationDelegateFixture() override {} 841aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 851aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn void SetUp() { 861aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_handle_ = HMAC_SESSION_FIRST; 871aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_nonce_.size = kAesKeySize; 881aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn memset(session_nonce_.buffer, 0, kAesKeySize); 891aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn ASSERT_TRUE(delegate_.InitSession(session_handle_, 901aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_nonce_, // TPM nonce. 911aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_nonce_, // Caller nonce. 921aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), // Salt. 931aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), // Bind auth value. 941aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn false)); // Enable encryption. 951aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn } 961aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 971aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn protected: 981aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn TPM_HANDLE session_handle_; 991aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn TPM2B_NONCE session_nonce_; 1001aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn HmacAuthorizationDelegate delegate_; 1011aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn}; 1021aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 103e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh SanghiTEST_F(HmacAuthorizationDelegateFixture, NonceRegenerationTest) { 104e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi ASSERT_TRUE(delegate_.InitSession(session_handle_, 105e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi session_nonce_, // TPM nonce. 106e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi session_nonce_, // Caller nonce. 107e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi std::string(), // Salt. 108e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi std::string(), // Bind auth value. 109e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi true)); // Enable encryption. 110e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi TPM2B_NONCE original_nonce = session_nonce_; 111e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size); 112e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(0, memcmp(delegate_.caller_nonce_.buffer, 113e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.buffer, 114e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.size)); 115e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // First we check that performing GetCommandAuthorization resets the nonce. 116e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi std::string command_hash; 117e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi std::string authorization; 118e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false, 119e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi &authorization)); 120e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size); 121e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_NE(0, memcmp(delegate_.caller_nonce_.buffer, 122e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.buffer, 123e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.size)); 124e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // Now we check that GetCommandAuthorization does not reset nonce 125e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi // when EncryptCommandParameter is called first. 126e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce = delegate_.caller_nonce_; 127e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi std::string parameter; 128e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_TRUE(delegate_.EncryptCommandParameter(¶meter)); 129e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size); 130e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_NE(0, memcmp(delegate_.caller_nonce_.buffer, 131e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.buffer, 132e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.size)); 133e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce = delegate_.caller_nonce_; 134e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false, 135e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi &authorization)); 136e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(delegate_.caller_nonce_.size, original_nonce.size); 137e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(0, memcmp(delegate_.caller_nonce_.buffer, 138e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.buffer, 139e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi original_nonce.size)); 140e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi} 141e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi 1421aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, CommandAuthTest) { 1434261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string command_hash; 1444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string authorization; 1451aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(command_hash, false, false, 1461aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 1474261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPMS_AUTH_COMMAND auth_command; 1484261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string auth_bytes; 1491aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 1501aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 1511aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 1521aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(auth_command.session_handle, session_handle_); 1531aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(auth_command.nonce.size, session_nonce_.size); 1541aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kContinueSession, auth_command.session_attributes); 1551aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kHashDigestSize, auth_command.hmac.size); 1564261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} 1574261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 1581aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, ResponseAuthTest) { 1594261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi TPMS_AUTH_RESPONSE auth_response; 1604261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi auth_response.session_attributes = kContinueSession; 1614261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi auth_response.nonce.size = kAesKeySize; 1624261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi memset(auth_response.nonce.buffer, 0, kAesKeySize); 1634261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi auth_response.hmac.size = kHashDigestSize; 1644261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi // TODO(usanghi): Use TCG TPM2.0 test vectors when available. 1654261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi uint8_t hmac_buffer[kHashDigestSize] = 1664261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi {0x37, 0x69, 0xaf, 0x12, 0xff, 0x4d, 0xbf, 0x44, 1674261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 0xe5, 0x16, 0xa2, 0x2d, 0x1d, 0x05, 0x12, 0xe8, 1684261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 0xbc, 0x42, 0x51, 0x6d, 0x59, 0xe8, 0xbf, 0x40, 1694261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 0x1e, 0xa3, 0x46, 0xa4, 0xd6, 0x0d, 0xcc, 0xf7}; 1704261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi memcpy(auth_response.hmac.buffer, hmac_buffer, kHashDigestSize); 1714261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string response_hash; 1724261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi std::string authorization; 1731aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Serialize_TPMS_AUTH_RESPONSE(auth_response, 1741aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 1751aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.CheckResponseAuthorization(response_hash, 1761aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn authorization)); 1771aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn} 1781aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 1791aeb5969d4f286e36fe88152ad8c96cff668c25fDarren KrahnTEST_F(HmacAuthorizationDelegateFixture, SessionAttributes) { 1801aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn const uint8_t kDecryptSession = 1<<5; 1811aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn const uint8_t kEncryptSession = 1<<6; 1821aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 1831aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption disabled and not possible for command. 1841aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string authorization; 1851aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, false, 1861aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 1871aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn TPMS_AUTH_COMMAND auth_command; 1881aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string auth_bytes; 1891aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 1901aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 1911aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 1921aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kContinueSession, auth_command.session_attributes); 1931aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 1941aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption disabled and possible for command. 1951aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, true, 1961aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 1971aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 1981aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 1991aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 2001aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kContinueSession, auth_command.session_attributes); 2011aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 2021aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption enabled and not possible for command. 2031aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn ASSERT_TRUE(delegate_.InitSession(session_handle_, 2041aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_nonce_, // TPM nonce. 2051aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn session_nonce_, // Caller nonce. 2061aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), // Salt. 2071aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn std::string(), // Bind auth value. 2081aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn true)); // Enable encryption. 2091aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, false, 2101aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 2111aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 2121aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 2131aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 2141aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kContinueSession, auth_command.session_attributes); 2151aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 2161aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption enabled and possible only for command input. 2171aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, false, 2181aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 2191aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 2201aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 2211aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 222e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(kContinueSession | kDecryptSession, 2231aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn auth_command.session_attributes); 2241aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 2251aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption enabled and possible only for command output. 2261aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), false, true, 2271aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 2281aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 2291aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 2301aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 231e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi EXPECT_EQ(kContinueSession | kEncryptSession, 2321aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn auth_command.session_attributes); 2331aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn 2341aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn // Encryption enabled and possible for command input and output. 2351aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_TRUE(delegate_.GetCommandAuthorization(std::string(), true, true, 2361aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &authorization)); 2371aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPMS_AUTH_COMMAND(&authorization, 2381aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_command, 2391aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn &auth_bytes)); 2401aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn EXPECT_EQ(kContinueSession | kEncryptSession | kDecryptSession, 2411aeb5969d4f286e36fe88152ad8c96cff668c25fDarren Krahn auth_command.session_attributes); 2424261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} 2434261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi 2444261114797a2793bae83fbabe0459cc465203dd2Utkarsh Sanghi} // namespace trunks 245