tpm_utility_test.cc revision 56b27e3b6eb5349f177cb9a5c621a01a44c8c65a
1// 2// Copyright (C) 2014 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include <base/stl_util.h> 18#include <crypto/sha2.h> 19#include <gmock/gmock.h> 20#include <gtest/gtest.h> 21#include <openssl/aes.h> 22 23#include "trunks/error_codes.h" 24#include "trunks/hmac_authorization_delegate.h" 25#include "trunks/mock_authorization_delegate.h" 26#include "trunks/mock_blob_parser.h" 27#include "trunks/mock_hmac_session.h" 28#include "trunks/mock_policy_session.h" 29#include "trunks/mock_tpm.h" 30#include "trunks/mock_tpm_state.h" 31#include "trunks/tpm_constants.h" 32#include "trunks/tpm_utility_impl.h" 33#include "trunks/trunks_factory_for_test.h" 34 35using testing::_; 36using testing::DoAll; 37using testing::NiceMock; 38using testing::Return; 39using testing::SaveArg; 40using testing::SetArgPointee; 41 42namespace trunks { 43 44// A test fixture for TpmUtility tests. 45class TpmUtilityTest : public testing::Test { 46 public: 47 TpmUtilityTest() : utility_(factory_) {} 48 ~TpmUtilityTest() override {} 49 void SetUp() override { 50 factory_.set_blob_parser(&mock_blob_parser_); 51 factory_.set_tpm_state(&mock_tpm_state_); 52 factory_.set_tpm(&mock_tpm_); 53 factory_.set_hmac_session(&mock_hmac_session_); 54 factory_.set_trial_session(&mock_trial_session_); 55 } 56 57 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area, 58 std::string* object_name) { 59 return utility_.ComputeKeyName(public_area, object_name); 60 } 61 62 void SetNVRAMMap(uint32_t index, const TPMS_NV_PUBLIC& public_area) { 63 utility_.nvram_public_area_map_[index] = public_area; 64 } 65 66 TPM_RC GetNVRAMMap(uint32_t index, TPMS_NV_PUBLIC* public_area) { 67 auto it = utility_.nvram_public_area_map_.find(index); 68 if (it == utility_.nvram_public_area_map_.end()) { 69 return TPM_RC_FAILURE; 70 } 71 *public_area = it->second; 72 return TPM_RC_SUCCESS; 73 } 74 75 TPM_RC SetKnownOwnerPassword(const std::string& owner_password) { 76 return utility_.SetKnownOwnerPassword(owner_password); 77 } 78 79 TPM_RC CreateStorageRootKeys(const std::string& owner_password) { 80 return utility_.CreateStorageRootKeys(owner_password); 81 } 82 83 TPM_RC CreateSaltingKey(const std::string& owner_password) { 84 return utility_.CreateSaltingKey(owner_password); 85 } 86 87 void SetExistingKeyHandleExpectation(TPM_HANDLE handle) { 88 TPMS_CAPABILITY_DATA capability_data = {}; 89 TPML_HANDLE& handles = capability_data.data.handles; 90 handles.count = 1; 91 handles.handle[0] = handle; 92 EXPECT_CALL(mock_tpm_, 93 GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _)) 94 .WillRepeatedly( 95 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 96 } 97 98 void PopulatePCRSelection(bool has_sha1_pcrs, 99 bool make_sha1_bank_empty, 100 bool has_sha256_pcrs, 101 TPML_PCR_SELECTION* pcrs) { 102 memset(pcrs, 0, sizeof(TPML_PCR_SELECTION)); 103 // By convention fill SHA-256 first. This is a bit brittle because order is 104 // not important but it simplifies comparison to memcmp. 105 if (has_sha256_pcrs) { 106 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256; 107 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 108 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 109 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 110 } 111 ++pcrs->count; 112 } 113 if (has_sha1_pcrs) { 114 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1; 115 if (make_sha1_bank_empty) { 116 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX; 117 } else { 118 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN; 119 for (int i = 0; i < PCR_SELECT_MIN; ++i) { 120 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff; 121 } 122 } 123 ++pcrs->count; 124 } 125 } 126 127 void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) { 128 TPMS_CAPABILITY_DATA capability_data = {}; 129 TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr; 130 PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs); 131 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _)) 132 .WillRepeatedly( 133 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS))); 134 } 135 136 protected: 137 TrunksFactoryForTest factory_; 138 NiceMock<MockBlobParser> mock_blob_parser_; 139 NiceMock<MockTpmState> mock_tpm_state_; 140 NiceMock<MockTpm> mock_tpm_; 141 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_; 142 NiceMock<MockHmacSession> mock_hmac_session_; 143 NiceMock<MockPolicySession> mock_trial_session_; 144 TpmUtilityImpl utility_; 145}; 146 147TEST_F(TpmUtilityTest, StartupSuccess) { 148 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 149} 150 151TEST_F(TpmUtilityTest, StartupAlreadyStarted) { 152 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 153 .WillRepeatedly(Return(TPM_RC_INITIALIZE)); 154 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup()); 155} 156 157TEST_F(TpmUtilityTest, StartupFailure) { 158 EXPECT_CALL(mock_tpm_, StartupSync(_, _)) 159 .WillRepeatedly(Return(TPM_RC_FAILURE)); 160 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 161} 162 163TEST_F(TpmUtilityTest, StartupSelfTestFailure) { 164 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _)) 165 .WillRepeatedly(Return(TPM_RC_FAILURE)); 166 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup()); 167} 168 169TEST_F(TpmUtilityTest, ClearSuccess) { 170 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 171} 172 173TEST_F(TpmUtilityTest, ClearAfterBadInit) { 174 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)) 175 .WillOnce(Return(TPM_RC_AUTH_MISSING)) 176 .WillOnce(Return(TPM_RC_SUCCESS)); 177 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear()); 178} 179 180TEST_F(TpmUtilityTest, ClearFail) { 181 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)).WillOnce(Return(TPM_RC_FAILURE)); 182 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear()); 183} 184 185TEST_F(TpmUtilityTest, ShutdownTest) { 186 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _)); 187 utility_.Shutdown(); 188} 189 190TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) { 191 SetExistingPCRSExpectation(false, true); 192 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 193 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 194} 195 196TEST_F(TpmUtilityTest, InitializeTpmSuccess) { 197 SetExistingPCRSExpectation(false, true); 198 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm()); 199} 200 201TEST_F(TpmUtilityTest, InitializeTpmBadAuth) { 202 SetExistingPCRSExpectation(false, true); 203 // Reject attempts to set platform auth. 204 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _)) 205 .WillRepeatedly(Return(TPM_RC_FAILURE)); 206 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 207} 208 209TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) { 210 SetExistingPCRSExpectation(false, true); 211 // Reject attempts to disable the platform hierarchy. 212 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _)) 213 .WillRepeatedly(Return(TPM_RC_FAILURE)); 214 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm()); 215} 216 217TEST_F(TpmUtilityTest, AllocatePCRFromNone) { 218 SetExistingPCRSExpectation(false, false); 219 TPML_PCR_SELECTION new_pcr_allocation; 220 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 221 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 222 Return(TPM_RC_SUCCESS))); 223 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 224 ASSERT_EQ(1u, new_pcr_allocation.count); 225 TPML_PCR_SELECTION expected_pcr_allocation; 226 PopulatePCRSelection(false, false, true, &expected_pcr_allocation); 227 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 228 sizeof(TPML_PCR_SELECTION))); 229} 230 231TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) { 232 SetExistingPCRSExpectation(true, false); 233 TPML_PCR_SELECTION new_pcr_allocation; 234 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 235 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 236 Return(TPM_RC_SUCCESS))); 237 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 238 ASSERT_EQ(2u, new_pcr_allocation.count); 239 TPML_PCR_SELECTION expected_pcr_allocation; 240 PopulatePCRSelection(true, true, true, &expected_pcr_allocation); 241 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 242 sizeof(TPML_PCR_SELECTION))); 243} 244 245TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) { 246 SetExistingPCRSExpectation(true, true); 247 TPML_PCR_SELECTION new_pcr_allocation; 248 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 249 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES), 250 Return(TPM_RC_SUCCESS))); 251 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 252 ASSERT_EQ(1u, new_pcr_allocation.count); 253 TPML_PCR_SELECTION expected_pcr_allocation; 254 PopulatePCRSelection(true, true, false, &expected_pcr_allocation); 255 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation, 256 sizeof(TPML_PCR_SELECTION))); 257} 258 259TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) { 260 SetExistingPCRSExpectation(false, true); 261 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _)) 262 .Times(0); 263 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR("")); 264} 265 266TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) { 267 SetExistingPCRSExpectation(false, false); 268 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 269 .WillOnce(Return(TPM_RC_FAILURE)); 270 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 271} 272 273TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) { 274 SetExistingPCRSExpectation(false, false); 275 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _)) 276 .WillOnce(DoAll(SetArgPointee<3>(NO), Return(TPM_RC_SUCCESS))); 277 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR("")); 278} 279 280TEST_F(TpmUtilityTest, TakeOwnershipSuccess) { 281 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 282 .WillRepeatedly(Return(false)); 283 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 284 .WillRepeatedly(Return(false)); 285 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 286 .WillRepeatedly(Return(false)); 287 EXPECT_EQ(TPM_RC_SUCCESS, 288 utility_.TakeOwnership("owner", "endorsement", "lockout")); 289} 290 291TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) { 292 EXPECT_EQ(TPM_RC_SUCCESS, 293 utility_.TakeOwnership("owner", "endorsement", "lockout")); 294} 295 296TEST_F(TpmUtilityTest, TakeOwnershipBadSession) { 297 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 298 .WillRepeatedly(Return(TPM_RC_FAILURE)); 299 EXPECT_EQ(TPM_RC_FAILURE, 300 utility_.TakeOwnership("owner", "endorsement", "lockout")); 301} 302 303TEST_F(TpmUtilityTest, TakeOwnershipFailure) { 304 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 305 .WillRepeatedly(Return(TPM_RC_FAILURE)); 306 EXPECT_EQ(TPM_RC_FAILURE, 307 utility_.TakeOwnership("owner", "endorsement", "lockout")); 308} 309 310TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) { 311 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 312 .WillRepeatedly(Return(false)); 313 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 314 .WillRepeatedly(Return(false)); 315 EXPECT_EQ(TPM_RC_SUCCESS, 316 utility_.TakeOwnership("owner", "endorsement", "lockout")); 317} 318 319TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) { 320 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 321 .WillRepeatedly(Return(false)); 322 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 323 .WillRepeatedly(Return(false)); 324 EXPECT_EQ(TPM_RC_SUCCESS, 325 utility_.TakeOwnership("owner", "endorsement", "lockout")); 326} 327 328TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) { 329 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 330 .WillRepeatedly(Return(false)); 331 EXPECT_EQ(TPM_RC_SUCCESS, 332 utility_.TakeOwnership("owner", "endorsement", "lockout")); 333} 334 335TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) { 336 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 337 .WillRepeatedly(Return(false)); 338 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 339 .WillRepeatedly(Return(false)); 340 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 341 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 342 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _)) 343 .WillRepeatedly(Return(TPM_RC_FAILURE)); 344 EXPECT_EQ(TPM_RC_FAILURE, 345 utility_.TakeOwnership("owner", "endorsement", "lockout")); 346} 347 348TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) { 349 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()) 350 .WillRepeatedly(Return(false)); 351 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet()) 352 .WillRepeatedly(Return(false)); 353 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet()) 354 .WillRepeatedly(Return(false)); 355 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _)) 356 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 357 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _)) 358 .WillRepeatedly(Return(TPM_RC_FAILURE)); 359 EXPECT_EQ(TPM_RC_FAILURE, 360 utility_.TakeOwnership("owner", "endorsement", "lockout")); 361} 362 363TEST_F(TpmUtilityTest, StirRandomSuccess) { 364 std::string entropy_data("large test data", 100); 365 EXPECT_EQ(TPM_RC_SUCCESS, 366 utility_.StirRandom(entropy_data, &mock_authorization_delegate_)); 367} 368 369TEST_F(TpmUtilityTest, StirRandomFails) { 370 std::string entropy_data("test data"); 371 EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr)) 372 .WillOnce(Return(TPM_RC_FAILURE)); 373 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr)); 374} 375 376TEST_F(TpmUtilityTest, GenerateRandomSuccess) { 377 // This number is larger than the max bytes the GetRandom call can return. 378 // Therefore we expect software to make multiple calls to fill this many 379 // bytes. 380 size_t num_bytes = 72; 381 std::string random_data; 382 TPM2B_DIGEST large_random; 383 large_random.size = 32; 384 TPM2B_DIGEST small_random; 385 small_random.size = 8; 386 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_)) 387 .Times(2) 388 .WillRepeatedly( 389 DoAll(SetArgPointee<1>(large_random), Return(TPM_RC_SUCCESS))); 390 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_)) 391 .WillOnce(DoAll(SetArgPointee<1>(small_random), Return(TPM_RC_SUCCESS))); 392 EXPECT_EQ(TPM_RC_SUCCESS, 393 utility_.GenerateRandom(num_bytes, &mock_authorization_delegate_, 394 &random_data)); 395 EXPECT_EQ(num_bytes, random_data.size()); 396} 397 398TEST_F(TpmUtilityTest, GenerateRandomFails) { 399 size_t num_bytes = 5; 400 std::string random_data; 401 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr)) 402 .WillOnce(Return(TPM_RC_FAILURE)); 403 EXPECT_EQ(TPM_RC_FAILURE, 404 utility_.GenerateRandom(num_bytes, nullptr, &random_data)); 405} 406 407TEST_F(TpmUtilityTest, ExtendPCRSuccess) { 408 TPM_HANDLE pcr_handle = HR_PCR + 1; 409 TPML_DIGEST_VALUES digests; 410 EXPECT_CALL(mock_tpm_, 411 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_)) 412 .WillOnce(DoAll(SaveArg<2>(&digests), Return(TPM_RC_SUCCESS))); 413 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest", 414 &mock_authorization_delegate_)); 415 EXPECT_EQ(1u, digests.count); 416 EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg); 417 std::string hash_string = crypto::SHA256HashString("test digest"); 418 EXPECT_EQ(0, memcmp(hash_string.data(), digests.digests[0].digest.sha256, 419 crypto::kSHA256Length)); 420} 421 422TEST_F(TpmUtilityTest, ExtendPCRFail) { 423 int pcr_index = 0; 424 TPM_HANDLE pcr_handle = HR_PCR + pcr_index; 425 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _)) 426 .WillOnce(Return(TPM_RC_FAILURE)); 427 EXPECT_EQ(TPM_RC_FAILURE, 428 utility_.ExtendPCR(pcr_index, "test digest", nullptr)); 429} 430 431TEST_F(TpmUtilityTest, ExtendPCRBadParam) { 432 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr)); 433} 434 435TEST_F(TpmUtilityTest, ReadPCRSuccess) { 436 // The |pcr_index| is chosen to match the structure for |pcr_select|. 437 // If you change |pcr_index|, remember to change |pcr_select|. 438 int pcr_index = 1; 439 std::string pcr_value; 440 TPML_PCR_SELECTION pcr_select; 441 pcr_select.count = 1; 442 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 443 pcr_select.pcr_selections[0].sizeof_select = 1; 444 pcr_select.pcr_selections[0].pcr_select[0] = 2; 445 TPML_DIGEST pcr_values; 446 pcr_values.count = 1; 447 pcr_values.digests[0].size = 5; 448 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 449 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 450 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS))); 451 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value)); 452} 453 454TEST_F(TpmUtilityTest, ReadPCRFail) { 455 std::string pcr_value; 456 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 457 .WillOnce(Return(TPM_RC_FAILURE)); 458 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 459} 460 461TEST_F(TpmUtilityTest, ReadPCRBadReturn) { 462 std::string pcr_value; 463 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value)); 464} 465 466TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) { 467 TPM_HANDLE key_handle; 468 std::string plaintext; 469 std::string output_ciphertext("ciphertext"); 470 std::string ciphertext; 471 TPM2B_PUBLIC_KEY_RSA out_message = 472 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 473 TPM2B_PUBLIC public_area; 474 public_area.public_area.type = TPM_ALG_RSA; 475 public_area.public_area.object_attributes = kDecrypt; 476 public_area.public_area.auth_policy.size = 0; 477 public_area.public_area.unique.rsa.size = 0; 478 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 479 .WillRepeatedly( 480 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 481 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, 482 &mock_authorization_delegate_)) 483 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS))); 484 EXPECT_EQ(TPM_RC_SUCCESS, 485 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 486 plaintext, &mock_authorization_delegate_, 487 &ciphertext)); 488 EXPECT_EQ(0, ciphertext.compare(output_ciphertext)); 489} 490 491TEST_F(TpmUtilityTest, AsymmetricEncryptFail) { 492 TPM_HANDLE key_handle; 493 std::string plaintext; 494 std::string ciphertext; 495 TPM2B_PUBLIC public_area; 496 public_area.public_area.type = TPM_ALG_RSA; 497 public_area.public_area.object_attributes = kDecrypt; 498 public_area.public_area.auth_policy.size = 0; 499 public_area.public_area.unique.rsa.size = 0; 500 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 501 .WillRepeatedly( 502 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 503 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 504 .WillOnce(Return(TPM_RC_FAILURE)); 505 EXPECT_EQ(TPM_RC_FAILURE, 506 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 507 plaintext, nullptr, &ciphertext)); 508} 509 510TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) { 511 TPM_HANDLE key_handle = TPM_RH_FIRST; 512 std::string plaintext; 513 std::string ciphertext; 514 TPM2B_PUBLIC public_area; 515 public_area.public_area.type = TPM_ALG_RSA; 516 public_area.public_area.object_attributes = kDecrypt | kRestricted; 517 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr)) 518 .WillRepeatedly( 519 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 520 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 521 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 522 plaintext, nullptr, &ciphertext)); 523} 524 525TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) { 526 TPM_HANDLE key_handle; 527 std::string plaintext; 528 std::string output_ciphertext("ciphertext"); 529 std::string ciphertext; 530 TPM2B_PUBLIC_KEY_RSA out_message = 531 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 532 TPM2B_PUBLIC public_area; 533 public_area.public_area.type = TPM_ALG_RSA; 534 public_area.public_area.object_attributes = kDecrypt; 535 public_area.public_area.auth_policy.size = 0; 536 public_area.public_area.unique.rsa.size = 0; 537 TPMT_RSA_DECRYPT scheme; 538 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 539 .WillRepeatedly( 540 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 541 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 542 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 543 Return(TPM_RC_SUCCESS))); 544 EXPECT_EQ(TPM_RC_SUCCESS, 545 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, 546 plaintext, nullptr, &ciphertext)); 547 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 548 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 549} 550 551TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) { 552 TPM_HANDLE key_handle; 553 std::string plaintext; 554 std::string output_ciphertext("ciphertext"); 555 std::string ciphertext; 556 TPM2B_PUBLIC_KEY_RSA out_message = 557 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext); 558 TPM2B_PUBLIC public_area; 559 public_area.public_area.type = TPM_ALG_RSA; 560 public_area.public_area.object_attributes = kDecrypt; 561 public_area.public_area.auth_policy.size = 0; 562 public_area.public_area.unique.rsa.size = 0; 563 TPMT_RSA_DECRYPT scheme; 564 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 565 .WillRepeatedly( 566 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 567 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr)) 568 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 569 Return(TPM_RC_SUCCESS))); 570 EXPECT_EQ(TPM_RC_SUCCESS, 571 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 572 plaintext, nullptr, &ciphertext)); 573 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 574} 575 576TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) { 577 TPM_HANDLE key_handle; 578 std::string plaintext; 579 std::string output_plaintext("plaintext"); 580 std::string ciphertext; 581 std::string password("password"); 582 TPM2B_PUBLIC_KEY_RSA out_message = 583 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 584 TPM2B_PUBLIC public_area; 585 public_area.public_area.type = TPM_ALG_RSA; 586 public_area.public_area.object_attributes = kDecrypt; 587 public_area.public_area.auth_policy.size = 0; 588 public_area.public_area.unique.rsa.size = 0; 589 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 590 .WillRepeatedly( 591 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 592 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, 593 &mock_authorization_delegate_)) 594 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS))); 595 EXPECT_EQ(TPM_RC_SUCCESS, 596 utility_.AsymmetricDecrypt( 597 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 598 &mock_authorization_delegate_, &plaintext)); 599 EXPECT_EQ(0, plaintext.compare(output_plaintext)); 600} 601 602TEST_F(TpmUtilityTest, AsymmetricDecryptFail) { 603 TPM_HANDLE key_handle; 604 std::string key_name; 605 std::string plaintext; 606 std::string ciphertext; 607 std::string password; 608 TPM2B_PUBLIC public_area; 609 public_area.public_area.type = TPM_ALG_RSA; 610 public_area.public_area.object_attributes = kDecrypt; 611 public_area.public_area.auth_policy.size = 0; 612 public_area.public_area.unique.rsa.size = 0; 613 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 614 .WillRepeatedly( 615 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 616 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 617 .WillOnce(Return(TPM_RC_FAILURE)); 618 EXPECT_EQ(TPM_RC_FAILURE, 619 utility_.AsymmetricDecrypt( 620 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 621 &mock_authorization_delegate_, &plaintext)); 622} 623 624TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) { 625 TPM_HANDLE key_handle = TPM_RH_FIRST; 626 std::string plaintext; 627 std::string ciphertext; 628 TPM2B_PUBLIC public_area; 629 public_area.public_area.type = TPM_ALG_RSA; 630 public_area.public_area.object_attributes = kDecrypt | kRestricted; 631 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 632 .WillRepeatedly( 633 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 634 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 635 utility_.AsymmetricDecrypt( 636 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext, 637 &mock_authorization_delegate_, &plaintext)); 638} 639 640TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) { 641 TPM_HANDLE key_handle = TPM_RH_FIRST; 642 std::string key_name; 643 std::string plaintext; 644 std::string ciphertext; 645 std::string password; 646 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 647 utility_.AsymmetricDecrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, 648 ciphertext, nullptr, &plaintext)); 649} 650 651TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) { 652 TPM_HANDLE key_handle; 653 std::string plaintext; 654 std::string output_plaintext("plaintext"); 655 std::string ciphertext; 656 std::string password; 657 TPM2B_PUBLIC_KEY_RSA out_message = 658 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 659 TPM2B_PUBLIC public_area; 660 public_area.public_area.type = TPM_ALG_RSA; 661 public_area.public_area.object_attributes = kDecrypt; 662 public_area.public_area.auth_policy.size = 0; 663 public_area.public_area.unique.rsa.size = 0; 664 TPMT_RSA_DECRYPT scheme; 665 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 666 .WillRepeatedly( 667 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 668 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 669 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 670 Return(TPM_RC_SUCCESS))); 671 EXPECT_EQ(TPM_RC_SUCCESS, 672 utility_.AsymmetricDecrypt( 673 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext, 674 &mock_authorization_delegate_, &plaintext)); 675 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP); 676 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256); 677} 678 679TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) { 680 TPM_HANDLE key_handle; 681 std::string plaintext; 682 std::string output_plaintext("plaintext"); 683 std::string ciphertext; 684 std::string password; 685 TPM2B_PUBLIC_KEY_RSA out_message = 686 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext); 687 TPM2B_PUBLIC public_area; 688 public_area.public_area.type = TPM_ALG_RSA; 689 public_area.public_area.object_attributes = kDecrypt; 690 public_area.public_area.auth_policy.size = 0; 691 public_area.public_area.unique.rsa.size = 0; 692 TPMT_RSA_DECRYPT scheme; 693 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 694 .WillRepeatedly( 695 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 696 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _)) 697 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme), 698 Return(TPM_RC_SUCCESS))); 699 EXPECT_EQ(TPM_RC_SUCCESS, 700 utility_.AsymmetricDecrypt( 701 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext, 702 &mock_authorization_delegate_, &plaintext)); 703 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES); 704} 705 706TEST_F(TpmUtilityTest, SignSuccess) { 707 TPM_HANDLE key_handle; 708 std::string password("password"); 709 std::string digest(32, 'a'); 710 TPMT_SIGNATURE signature_out; 711 signature_out.signature.rsassa.sig.size = 2; 712 signature_out.signature.rsassa.sig.buffer[0] = 'h'; 713 signature_out.signature.rsassa.sig.buffer[1] = 'i'; 714 std::string signature; 715 TPM2B_PUBLIC public_area; 716 public_area.public_area.type = TPM_ALG_RSA; 717 public_area.public_area.object_attributes = kSign; 718 public_area.public_area.auth_policy.size = 0; 719 public_area.public_area.unique.rsa.size = 0; 720 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 721 .WillRepeatedly( 722 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 723 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, 724 &mock_authorization_delegate_)) 725 .WillOnce(DoAll(SetArgPointee<5>(signature_out), Return(TPM_RC_SUCCESS))); 726 EXPECT_EQ(TPM_RC_SUCCESS, 727 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 728 &mock_authorization_delegate_, &signature)); 729 EXPECT_EQ(0, signature.compare("hi")); 730} 731 732TEST_F(TpmUtilityTest, SignFail) { 733 TPM_HANDLE key_handle; 734 std::string password; 735 std::string digest(32, 'a'); 736 std::string signature; 737 TPM2B_PUBLIC public_area; 738 public_area.public_area.type = TPM_ALG_RSA; 739 public_area.public_area.object_attributes = kSign; 740 public_area.public_area.auth_policy.size = 0; 741 public_area.public_area.unique.rsa.size = 0; 742 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 743 .WillRepeatedly( 744 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 745 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 746 .WillOnce(Return(TPM_RC_FAILURE)); 747 EXPECT_EQ(TPM_RC_FAILURE, 748 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 749 &mock_authorization_delegate_, &signature)); 750} 751 752TEST_F(TpmUtilityTest, SignBadParams1) { 753 TPM_HANDLE key_handle; 754 std::string password; 755 std::string digest(32, 'a'); 756 std::string signature; 757 TPM2B_PUBLIC public_area; 758 public_area.public_area.type = TPM_ALG_RSA; 759 public_area.public_area.object_attributes = kSign | kRestricted; 760 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 761 .WillRepeatedly( 762 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 763 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 764 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 765 &mock_authorization_delegate_, &signature)); 766} 767 768TEST_F(TpmUtilityTest, SignBadAuthorizationSession) { 769 TPM_HANDLE key_handle = TPM_RH_FIRST; 770 std::string password; 771 std::string digest(32, 'a'); 772 std::string signature; 773 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 774 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 775 nullptr, &signature)); 776} 777 778TEST_F(TpmUtilityTest, SignBadParams2) { 779 TPM_HANDLE key_handle; 780 std::string password; 781 std::string digest(32, 'a'); 782 std::string signature; 783 TPM2B_PUBLIC public_area; 784 public_area.public_area.type = TPM_ALG_RSA; 785 public_area.public_area.object_attributes = kDecrypt; 786 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 787 .WillRepeatedly( 788 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 789 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 790 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 791 &mock_authorization_delegate_, &signature)); 792} 793 794TEST_F(TpmUtilityTest, SignBadParams3) { 795 TPM_HANDLE key_handle; 796 std::string password; 797 std::string digest(32, 'a'); 798 std::string signature; 799 TPM2B_PUBLIC public_area; 800 public_area.public_area.type = TPM_ALG_ECC; 801 public_area.public_area.object_attributes = kSign; 802 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 803 .WillRepeatedly( 804 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 805 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 806 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 807 &mock_authorization_delegate_, &signature)); 808} 809 810TEST_F(TpmUtilityTest, SignBadParams4) { 811 TPM_HANDLE key_handle; 812 std::string password; 813 std::string digest(32, 'a'); 814 std::string signature; 815 TPM2B_PUBLIC public_area; 816 public_area.public_area.type = TPM_ALG_RSA; 817 public_area.public_area.object_attributes = kSign; 818 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 819 .WillRepeatedly( 820 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE))); 821 EXPECT_EQ(TPM_RC_FAILURE, 822 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest, 823 &mock_authorization_delegate_, &signature)); 824} 825 826TEST_F(TpmUtilityTest, SignBadParams5) { 827 TPM_HANDLE key_handle = 0; 828 std::string password; 829 std::string digest(32, 'a'); 830 std::string signature; 831 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 832 utility_.Sign(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest, 833 &mock_authorization_delegate_, &signature)); 834} 835 836TEST_F(TpmUtilityTest, SignNullSchemeForward) { 837 TPM_HANDLE key_handle; 838 std::string password; 839 std::string digest(32, 'a'); 840 TPMT_SIGNATURE signature_out; 841 signature_out.signature.rsassa.sig.size = 0; 842 std::string signature; 843 TPM2B_PUBLIC public_area; 844 TPMT_SIG_SCHEME scheme; 845 public_area.public_area.type = TPM_ALG_RSA; 846 public_area.public_area.object_attributes = kSign; 847 public_area.public_area.auth_policy.size = 0; 848 public_area.public_area.unique.rsa.size = 0; 849 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 850 .WillRepeatedly( 851 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 852 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 853 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme), 854 Return(TPM_RC_SUCCESS))); 855 EXPECT_EQ(TPM_RC_SUCCESS, 856 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 857 &mock_authorization_delegate_, &signature)); 858 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA); 859 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256); 860} 861 862TEST_F(TpmUtilityTest, SignSchemeForward) { 863 TPM_HANDLE key_handle; 864 std::string password; 865 std::string digest(64, 'a'); 866 TPMT_SIGNATURE signature_out; 867 signature_out.signature.rsassa.sig.size = 0; 868 std::string signature; 869 TPM2B_PUBLIC public_area; 870 TPMT_SIG_SCHEME scheme; 871 public_area.public_area.type = TPM_ALG_RSA; 872 public_area.public_area.object_attributes = kSign; 873 public_area.public_area.auth_policy.size = 0; 874 public_area.public_area.unique.rsa.size = 0; 875 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 876 .WillRepeatedly( 877 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 878 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _)) 879 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme), 880 Return(TPM_RC_SUCCESS))); 881 EXPECT_EQ(TPM_RC_SUCCESS, 882 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest, 883 &mock_authorization_delegate_, &signature)); 884 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS); 885 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1); 886} 887 888TEST_F(TpmUtilityTest, VerifySuccess) { 889 TPM_HANDLE key_handle; 890 std::string digest(32, 'a'); 891 std::string signature; 892 TPM2B_PUBLIC public_area; 893 public_area.public_area.type = TPM_ALG_RSA; 894 public_area.public_area.object_attributes = kSign; 895 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 896 .WillRepeatedly( 897 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 898 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 899 .WillOnce(Return(TPM_RC_SUCCESS)); 900 EXPECT_EQ(TPM_RC_SUCCESS, 901 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 902 signature, nullptr)); 903} 904 905TEST_F(TpmUtilityTest, VerifyFail) { 906 TPM_HANDLE key_handle; 907 std::string digest(32, 'a'); 908 std::string signature; 909 TPM2B_PUBLIC public_area; 910 public_area.public_area.type = TPM_ALG_RSA; 911 public_area.public_area.object_attributes = kSign; 912 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 913 .WillRepeatedly( 914 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 915 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 916 .WillOnce(Return(TPM_RC_FAILURE)); 917 EXPECT_EQ(TPM_RC_FAILURE, 918 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 919 signature, nullptr)); 920} 921 922TEST_F(TpmUtilityTest, VerifyBadParams1) { 923 TPM_HANDLE key_handle; 924 std::string digest(32, 'a'); 925 std::string signature; 926 TPM2B_PUBLIC public_area; 927 public_area.public_area.type = TPM_ALG_RSA; 928 public_area.public_area.object_attributes = kSign | kRestricted; 929 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 930 .WillRepeatedly( 931 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 932 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 933 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 934 signature, nullptr)); 935} 936 937TEST_F(TpmUtilityTest, VerifyBadParams2) { 938 TPM_HANDLE key_handle; 939 std::string digest(32, 'a'); 940 std::string signature; 941 TPM2B_PUBLIC public_area; 942 public_area.public_area.type = TPM_ALG_RSA; 943 public_area.public_area.object_attributes = kDecrypt; 944 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 945 .WillRepeatedly( 946 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 947 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 948 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 949 signature, nullptr)); 950} 951 952TEST_F(TpmUtilityTest, VerifyBadParams3) { 953 TPM_HANDLE key_handle; 954 std::string digest(32, 'a'); 955 std::string signature; 956 TPM2B_PUBLIC public_area; 957 public_area.public_area.type = TPM_ALG_ECC; 958 public_area.public_area.object_attributes = kSign; 959 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 960 .WillRepeatedly( 961 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 962 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 963 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 964 signature, nullptr)); 965} 966 967TEST_F(TpmUtilityTest, VerifyBadParams4) { 968 TPM_HANDLE key_handle; 969 std::string digest(32, 'a'); 970 std::string signature; 971 TPM2B_PUBLIC public_area; 972 public_area.public_area.type = TPM_ALG_RSA; 973 public_area.public_area.object_attributes = kSign; 974 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 975 .WillRepeatedly( 976 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE))); 977 EXPECT_EQ(TPM_RC_FAILURE, 978 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 979 signature, nullptr)); 980} 981 982TEST_F(TpmUtilityTest, VerifyBadParams5) { 983 TPM_HANDLE key_handle; 984 std::string digest(32, 'a'); 985 std::string signature; 986 TPM2B_PUBLIC public_area; 987 public_area.public_area.type = TPM_ALG_RSA; 988 public_area.public_area.object_attributes = kSign; 989 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 990 .WillRepeatedly( 991 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 992 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 993 utility_.Verify(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest, 994 signature, nullptr)); 995} 996 997TEST_F(TpmUtilityTest, VerifyNullSchemeForward) { 998 TPM_HANDLE key_handle; 999 std::string digest(32, 'a'); 1000 std::string signature; 1001 TPM2B_PUBLIC public_area; 1002 TPMT_SIGNATURE signature_in; 1003 public_area.public_area.type = TPM_ALG_RSA; 1004 public_area.public_area.object_attributes = kSign; 1005 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1006 .WillRepeatedly( 1007 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1008 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1009 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS))); 1010 EXPECT_EQ(TPM_RC_SUCCESS, 1011 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest, 1012 signature, nullptr)); 1013 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA); 1014 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256); 1015} 1016 1017TEST_F(TpmUtilityTest, VerifySchemeForward) { 1018 TPM_HANDLE key_handle; 1019 std::string digest(64, 'a'); 1020 std::string signature; 1021 TPM2B_PUBLIC public_area; 1022 TPMT_SIGNATURE signature_in; 1023 public_area.public_area.type = TPM_ALG_RSA; 1024 public_area.public_area.object_attributes = kSign; 1025 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1026 .WillRepeatedly( 1027 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1028 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _)) 1029 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS))); 1030 EXPECT_EQ(TPM_RC_SUCCESS, 1031 utility_.Verify(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest, 1032 signature, nullptr)); 1033 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS); 1034 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1); 1035} 1036 1037TEST_F(TpmUtilityTest, CertifyCreationSuccess) { 1038 TPM_HANDLE key_handle = 42; 1039 std::string creation_blob; 1040 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _, 1041 _, _, _, _, _)) 1042 .WillOnce(Return(TPM_RC_SUCCESS)); 1043 EXPECT_EQ(TPM_RC_SUCCESS, 1044 utility_.CertifyCreation(key_handle, creation_blob)); 1045} 1046 1047TEST_F(TpmUtilityTest, CertifyCreationParserError) { 1048 TPM_HANDLE key_handle = 42; 1049 std::string creation_blob; 1050 EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _)) 1051 .WillOnce(Return(false)); 1052 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1053 utility_.CertifyCreation(key_handle, creation_blob)); 1054} 1055 1056TEST_F(TpmUtilityTest, CertifyCreationFailure) { 1057 TPM_HANDLE key_handle = 42; 1058 std::string creation_blob; 1059 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _, 1060 _, _, _, _, _)) 1061 .WillOnce(Return(TPM_RC_FAILURE)); 1062 EXPECT_EQ(TPM_RC_FAILURE, 1063 utility_.CertifyCreation(key_handle, creation_blob)); 1064} 1065 1066TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) { 1067 TPM_HANDLE key_handle = 1; 1068 std::string new_password; 1069 std::string key_blob; 1070 TPM2B_PUBLIC public_area; 1071 public_area.public_area.type = TPM_ALG_RSA; 1072 public_area.public_area.auth_policy.size = 0; 1073 public_area.public_area.unique.rsa.size = 0; 1074 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1075 .WillRepeatedly( 1076 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1077 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData( 1078 key_handle, new_password, 1079 &mock_authorization_delegate_, &key_blob)); 1080} 1081 1082TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) { 1083 TPM_HANDLE key_handle = 1; 1084 std::string old_password; 1085 std::string new_password; 1086 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _)) 1087 .WillOnce(Return(TPM_RC_FAILURE)); 1088 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1089 key_handle, new_password, 1090 &mock_authorization_delegate_, nullptr)); 1091} 1092 1093TEST_F(TpmUtilityTest, ChangeAuthDataFailure) { 1094 TPM_HANDLE key_handle = 1; 1095 std::string new_password; 1096 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _)) 1097 .WillOnce(Return(TPM_RC_FAILURE)); 1098 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData( 1099 key_handle, new_password, 1100 &mock_authorization_delegate_, nullptr)); 1101} 1102 1103TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) { 1104 TPM_HANDLE key_handle = 1; 1105 std::string new_password; 1106 std::string key_blob; 1107 TPM2B_PUBLIC public_area; 1108 public_area.public_area.type = TPM_ALG_RSA; 1109 public_area.public_area.auth_policy.size = 0; 1110 public_area.public_area.unique.rsa.size = 0; 1111 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1112 .WillRepeatedly( 1113 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS))); 1114 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1115 .WillOnce(Return(false)); 1116 EXPECT_EQ( 1117 SAPI_RC_BAD_TCTI_STRUCTURE, 1118 utility_.ChangeKeyAuthorizationData( 1119 key_handle, new_password, &mock_authorization_delegate_, &key_blob)); 1120} 1121 1122TEST_F(TpmUtilityTest, ImportRSAKeySuccess) { 1123 uint32_t public_exponent = 0x10001; 1124 std::string modulus(256, 'a'); 1125 std::string prime_factor(128, 'b'); 1126 std::string password("password"); 1127 std::string key_blob; 1128 TPM2B_DATA encryption_key; 1129 TPM2B_PUBLIC public_data; 1130 TPM2B_PRIVATE private_data; 1131 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1132 .WillOnce(DoAll(SaveArg<2>(&encryption_key), SaveArg<3>(&public_data), 1133 SaveArg<4>(&private_data), Return(TPM_RC_SUCCESS))); 1134 EXPECT_EQ( 1135 TPM_RC_SUCCESS, 1136 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1137 modulus, public_exponent, prime_factor, password, 1138 &mock_authorization_delegate_, &key_blob)); 1139 // Validate that the public area was properly constructed. 1140 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits, 1141 modulus.size() * 8); 1142 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent, 1143 public_exponent); 1144 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size()); 1145 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer, modulus.data(), 1146 modulus.size())); 1147 // Validate the private struct construction. 1148 EXPECT_EQ(kAesKeySize, encryption_key.size); 1149 AES_KEY key; 1150 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key); 1151 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0}; 1152 int iv_in = 0; 1153 std::string unencrypted_private(private_data.size, 0); 1154 AES_cfb128_encrypt( 1155 reinterpret_cast<const unsigned char*>(private_data.buffer), 1156 reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)), 1157 private_data.size, &key, iv, &iv_in, AES_DECRYPT); 1158 TPM2B_DIGEST inner_integrity; 1159 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private, 1160 &inner_integrity, nullptr)); 1161 std::string object_name; 1162 EXPECT_EQ(TPM_RC_SUCCESS, 1163 ComputeKeyName(public_data.public_area, &object_name)); 1164 std::string integrity_value = 1165 crypto::SHA256HashString(unencrypted_private + object_name); 1166 EXPECT_EQ(integrity_value.size(), inner_integrity.size); 1167 EXPECT_EQ(0, memcmp(inner_integrity.buffer, integrity_value.data(), 1168 inner_integrity.size)); 1169 TPM2B_SENSITIVE sensitive_data; 1170 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private, 1171 &sensitive_data, nullptr)); 1172 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size()); 1173 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer, 1174 password.data(), password.size())); 1175 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size, 1176 prime_factor.size()); 1177 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer, 1178 prime_factor.data(), prime_factor.size())); 1179} 1180 1181TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) { 1182 uint32_t public_exponent = 0x10001; 1183 std::string modulus(256, 'a'); 1184 std::string prime_factor(128, 'b'); 1185 std::string password; 1186 EXPECT_EQ( 1187 TPM_RC_SUCCESS, 1188 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1189 modulus, public_exponent, prime_factor, password, 1190 &mock_authorization_delegate_, nullptr)); 1191} 1192 1193TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) { 1194 uint32_t public_exponent = 0x10001; 1195 std::string modulus(256, 'a'); 1196 std::string prime_factor(128, 'b'); 1197 std::string password; 1198 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1199 .WillOnce(Return(TPM_RC_FAILURE)); 1200 EXPECT_EQ( 1201 TPM_RC_FAILURE, 1202 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1203 modulus, public_exponent, prime_factor, password, 1204 &mock_authorization_delegate_, nullptr)); 1205} 1206 1207TEST_F(TpmUtilityTest, ImportRSAKeyFail) { 1208 std::string modulus; 1209 std::string prime_factor; 1210 std::string password; 1211 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _)) 1212 .WillOnce(Return(TPM_RC_FAILURE)); 1213 EXPECT_EQ(TPM_RC_FAILURE, 1214 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1215 modulus, 0x10001, prime_factor, password, 1216 &mock_authorization_delegate_, nullptr)); 1217} 1218 1219TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) { 1220 std::string modulus; 1221 std::string prime_factor; 1222 std::string password; 1223 std::string key_blob; 1224 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1225 .WillOnce(Return(false)); 1226 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1227 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1228 modulus, 0x10001, prime_factor, password, 1229 &mock_authorization_delegate_, &key_blob)); 1230} 1231 1232TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) { 1233 TPM2B_PUBLIC public_area; 1234 TPML_PCR_SELECTION creation_pcrs; 1235 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1236 _, _, &mock_authorization_delegate_)) 1237 .WillOnce(DoAll(SaveArg<2>(&public_area), SaveArg<3>(&creation_pcrs), 1238 Return(TPM_RC_SUCCESS))); 1239 std::string key_blob; 1240 std::string creation_blob; 1241 int creation_pcr = 12; 1242 EXPECT_EQ(TPM_RC_SUCCESS, 1243 utility_.CreateRSAKeyPair( 1244 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048, 1245 0x10001, "password", "", false, creation_pcr, 1246 &mock_authorization_delegate_, &key_blob, &creation_blob)); 1247 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1248 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1249 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 1250 kUserWithAuth); 1251 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u); 1252 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1253 TPM_ALG_NULL); 1254 EXPECT_EQ(1u, creation_pcrs.count); 1255 EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash); 1256 EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select); 1257 EXPECT_EQ(1u << (creation_pcr % 8), 1258 creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]); 1259} 1260 1261TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) { 1262 TPM2B_PUBLIC public_area; 1263 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1264 _, _, &mock_authorization_delegate_)) 1265 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS))); 1266 std::string key_blob; 1267 EXPECT_EQ(TPM_RC_SUCCESS, 1268 utility_.CreateRSAKeyPair( 1269 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, 1270 "password", "", false, kNoCreationPCR, 1271 &mock_authorization_delegate_, &key_blob, nullptr)); 1272 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt); 1273 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u); 1274 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1275 TPM_ALG_NULL); 1276} 1277 1278TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) { 1279 TPM2B_PUBLIC public_area; 1280 TPM2B_SENSITIVE_CREATE sensitive_create; 1281 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1282 _, _, &mock_authorization_delegate_)) 1283 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&public_area), 1284 Return(TPM_RC_SUCCESS))); 1285 std::string key_blob; 1286 std::string policy_digest(32, 'a'); 1287 std::string key_auth("password"); 1288 EXPECT_EQ( 1289 TPM_RC_SUCCESS, 1290 utility_.CreateRSAKeyPair( 1291 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth, 1292 policy_digest, true /* use_only_policy_authorization */, 1293 kNoCreationPCR, &mock_authorization_delegate_, &key_blob, nullptr)); 1294 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u); 1295 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign); 1296 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u); 1297 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 1298 kAdminWithPolicy); 1299 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme, 1300 TPM_ALG_NULL); 1301 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048); 1302 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u); 1303 EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size()); 1304 EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer, 1305 policy_digest.data(), policy_digest.size())); 1306 EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size()); 1307 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer, 1308 key_auth.data(), key_auth.size())); 1309} 1310 1311TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) { 1312 std::string key_blob; 1313 EXPECT_EQ( 1314 SAPI_RC_INVALID_SESSIONS, 1315 utility_.CreateRSAKeyPair(TpmUtility::AsymmetricKeyUsage::kDecryptKey, 1316 2048, 0x10001, "password", "", false, 1317 kNoCreationPCR, nullptr, &key_blob, nullptr)); 1318} 1319 1320TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) { 1321 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, 1322 _, _, &mock_authorization_delegate_)) 1323 .WillOnce(Return(TPM_RC_FAILURE)); 1324 std::string key_blob; 1325 EXPECT_EQ(TPM_RC_FAILURE, 1326 utility_.CreateRSAKeyPair( 1327 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1328 "password", "", false, kNoCreationPCR, 1329 &mock_authorization_delegate_, &key_blob, nullptr)); 1330} 1331 1332TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) { 1333 std::string key_blob; 1334 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob)) 1335 .WillOnce(Return(false)); 1336 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1337 utility_.CreateRSAKeyPair( 1338 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1339 "password", "", false, kNoCreationPCR, 1340 &mock_authorization_delegate_, &key_blob, nullptr)); 1341} 1342 1343TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) { 1344 std::string creation_blob; 1345 std::string key_blob; 1346 EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob)) 1347 .WillOnce(Return(false)); 1348 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1349 utility_.CreateRSAKeyPair( 1350 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, 1351 "password", "", false, kNoCreationPCR, 1352 &mock_authorization_delegate_, &key_blob, &creation_blob)); 1353} 1354 1355TEST_F(TpmUtilityTest, LoadKeySuccess) { 1356 TPM_HANDLE key_handle = TPM_RH_FIRST; 1357 TPM_HANDLE loaded_handle; 1358 EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _, 1359 &mock_authorization_delegate_)) 1360 .WillOnce(DoAll(SetArgPointee<4>(key_handle), Return(TPM_RC_SUCCESS))); 1361 std::string key_blob; 1362 EXPECT_EQ(TPM_RC_SUCCESS, 1363 utility_.LoadKey(key_blob, &mock_authorization_delegate_, 1364 &loaded_handle)); 1365 EXPECT_EQ(loaded_handle, key_handle); 1366} 1367 1368TEST_F(TpmUtilityTest, LoadKeyFailure) { 1369 TPM_HANDLE key_handle; 1370 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1371 .WillOnce(Return(TPM_RC_FAILURE)); 1372 std::string key_blob; 1373 EXPECT_EQ( 1374 TPM_RC_FAILURE, 1375 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle)); 1376} 1377 1378TEST_F(TpmUtilityTest, LoadKeyBadDelegate) { 1379 TPM_HANDLE key_handle; 1380 std::string key_blob; 1381 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1382 utility_.LoadKey(key_blob, nullptr, &key_handle)); 1383} 1384 1385TEST_F(TpmUtilityTest, LoadKeyParserFail) { 1386 TPM_HANDLE key_handle; 1387 std::string key_blob; 1388 EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _)) 1389 .WillOnce(Return(false)); 1390 EXPECT_EQ( 1391 SAPI_RC_BAD_TCTI_STRUCTURE, 1392 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle)); 1393} 1394 1395TEST_F(TpmUtilityTest, SealedDataSuccess) { 1396 std::string data_to_seal("seal_data"); 1397 std::string sealed_data; 1398 TPM2B_SENSITIVE_CREATE sensitive_create; 1399 TPM2B_PUBLIC in_public; 1400 EXPECT_CALL(mock_tpm_, 1401 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _)) 1402 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&in_public), 1403 Return(TPM_RC_SUCCESS))); 1404 EXPECT_EQ(TPM_RC_SUCCESS, 1405 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1406 &sealed_data)); 1407 EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size()); 1408 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer, 1409 data_to_seal.data(), data_to_seal.size())); 1410 EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH); 1411 EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256); 1412} 1413 1414TEST_F(TpmUtilityTest, SealDataBadDelegate) { 1415 std::string data_to_seal("seal_data"); 1416 std::string sealed_data; 1417 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1418 utility_.SealData(data_to_seal, "", nullptr, &sealed_data)); 1419} 1420 1421TEST_F(TpmUtilityTest, SealDataFailure) { 1422 std::string data_to_seal("seal_data"); 1423 std::string sealed_data; 1424 EXPECT_CALL(mock_tpm_, 1425 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _)) 1426 .WillOnce(Return(TPM_RC_FAILURE)); 1427 EXPECT_EQ(TPM_RC_FAILURE, 1428 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1429 &sealed_data)); 1430} 1431 1432TEST_F(TpmUtilityTest, SealDataParserFail) { 1433 std::string data_to_seal("seal_data"); 1434 std::string sealed_data; 1435 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data)) 1436 .WillOnce(Return(false)); 1437 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, 1438 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_, 1439 &sealed_data)); 1440} 1441 1442TEST_F(TpmUtilityTest, UnsealDataSuccess) { 1443 std::string sealed_data; 1444 std::string tpm_unsealed_data("password"); 1445 std::string unsealed_data; 1446 TPM_HANDLE object_handle = 42; 1447 TPM2B_PUBLIC public_data; 1448 public_data.public_area.auth_policy.size = 0; 1449 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1450 .WillRepeatedly( 1451 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS))); 1452 EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _)) 1453 .WillRepeatedly( 1454 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS))); 1455 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1456 .WillOnce(DoAll(SetArgPointee<4>(object_handle), Return(TPM_RC_SUCCESS))); 1457 TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data); 1458 EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _)) 1459 .WillOnce(DoAll(SetArgPointee<2>(out_data), Return(TPM_RC_SUCCESS))); 1460 EXPECT_EQ(TPM_RC_SUCCESS, 1461 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1462 &unsealed_data)); 1463 EXPECT_EQ(unsealed_data, tpm_unsealed_data); 1464} 1465 1466TEST_F(TpmUtilityTest, UnsealDataBadDelegate) { 1467 std::string sealed_data; 1468 std::string unsealed_data; 1469 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1470 utility_.UnsealData(sealed_data, nullptr, &unsealed_data)); 1471} 1472 1473TEST_F(TpmUtilityTest, UnsealDataLoadFail) { 1474 std::string sealed_data; 1475 std::string unsealed_data; 1476 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1477 .WillOnce(Return(TPM_RC_FAILURE)); 1478 EXPECT_EQ(TPM_RC_FAILURE, 1479 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1480 &unsealed_data)); 1481} 1482 1483TEST_F(TpmUtilityTest, UnsealDataBadKeyName) { 1484 std::string sealed_data; 1485 std::string unsealed_data; 1486 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _)) 1487 .WillOnce(Return(TPM_RC_FAILURE)); 1488 EXPECT_EQ(TPM_RC_FAILURE, 1489 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1490 &unsealed_data)); 1491} 1492 1493TEST_F(TpmUtilityTest, UnsealObjectFailure) { 1494 std::string sealed_data; 1495 std::string unsealed_data; 1496 EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _)) 1497 .WillOnce(Return(TPM_RC_FAILURE)); 1498 EXPECT_EQ(TPM_RC_FAILURE, 1499 utility_.UnsealData(sealed_data, &mock_authorization_delegate_, 1500 &unsealed_data)); 1501} 1502 1503TEST_F(TpmUtilityTest, StartSessionSuccess) { 1504 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1505 .WillOnce(Return(TPM_RC_SUCCESS)); 1506 EXPECT_EQ(TPM_RC_SUCCESS, utility_.StartSession(&mock_hmac_session_)); 1507} 1508 1509TEST_F(TpmUtilityTest, StartSessionFailure) { 1510 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true)) 1511 .WillOnce(Return(TPM_RC_FAILURE)); 1512 EXPECT_EQ(TPM_RC_FAILURE, utility_.StartSession(&mock_hmac_session_)); 1513} 1514 1515TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) { 1516 int index = 5; 1517 std::string pcr_value("pcr_value"); 1518 std::string policy_digest; 1519 TPML_PCR_SELECTION pcr_select; 1520 pcr_select.count = 1; 1521 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256; 1522 pcr_select.pcr_selections[0].sizeof_select = 1; 1523 pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8); 1524 TPML_DIGEST pcr_values; 1525 pcr_values.count = 1; 1526 pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value); 1527 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1528 .WillOnce(DoAll(SetArgPointee<2>(pcr_select), 1529 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS))); 1530 std::string tpm_pcr_value; 1531 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1532 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS))); 1533 std::string tpm_policy_digest("digest"); 1534 EXPECT_CALL(mock_trial_session_, GetDigest(_)) 1535 .WillOnce( 1536 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS))); 1537 EXPECT_EQ(TPM_RC_SUCCESS, 1538 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1539 EXPECT_EQ(policy_digest, tpm_policy_digest); 1540 EXPECT_EQ(pcr_value, tpm_pcr_value); 1541} 1542 1543TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) { 1544 int index = 5; 1545 std::string pcr_value("pcr_value"); 1546 std::string policy_digest; 1547 std::string tpm_pcr_value; 1548 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1549 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS))); 1550 std::string tpm_policy_digest("digest"); 1551 EXPECT_CALL(mock_trial_session_, GetDigest(_)) 1552 .WillOnce( 1553 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS))); 1554 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetPolicyDigestForPcrValue( 1555 index, pcr_value, &policy_digest)); 1556 EXPECT_EQ(policy_digest, tpm_policy_digest); 1557 EXPECT_EQ(pcr_value, tpm_pcr_value); 1558} 1559 1560TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) { 1561 int index = 5; 1562 std::string pcr_value("value"); 1563 std::string policy_digest; 1564 EXPECT_CALL(mock_trial_session_, StartUnboundSession(false)) 1565 .WillOnce(Return(TPM_RC_FAILURE)); 1566 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1567 index, pcr_value, &policy_digest)); 1568} 1569 1570TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) { 1571 int index = 5; 1572 std::string policy_digest; 1573 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _)) 1574 .WillOnce(Return(TPM_RC_FAILURE)); 1575 EXPECT_EQ(TPM_RC_FAILURE, 1576 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest)); 1577} 1578 1579TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) { 1580 int index = 5; 1581 std::string pcr_value("value"); 1582 std::string policy_digest; 1583 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _)) 1584 .WillOnce(Return(TPM_RC_FAILURE)); 1585 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1586 index, pcr_value, &policy_digest)); 1587} 1588 1589TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) { 1590 int index = 5; 1591 std::string pcr_value("value"); 1592 std::string policy_digest; 1593 EXPECT_CALL(mock_trial_session_, GetDigest(&policy_digest)) 1594 .WillOnce(Return(TPM_RC_FAILURE)); 1595 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue( 1596 index, pcr_value, &policy_digest)); 1597} 1598 1599TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) { 1600 uint32_t index = 59; 1601 uint32_t nvram_index = NV_INDEX_FIRST + index; 1602 size_t length = 256; 1603 TPMA_NV attributes = TPMA_NV_WRITEDEFINE; 1604 TPM2B_NV_PUBLIC public_data; 1605 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1606 .WillOnce(DoAll(SaveArg<3>(&public_data), Return(TPM_RC_SUCCESS))); 1607 EXPECT_EQ(TPM_RC_SUCCESS, 1608 utility_.DefineNVSpace(index, length, attributes, "", "", 1609 &mock_authorization_delegate_)); 1610 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index); 1611 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256); 1612 EXPECT_EQ(public_data.nv_public.attributes, attributes); 1613 EXPECT_EQ(public_data.nv_public.data_size, length); 1614} 1615 1616TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) { 1617 size_t bad_length = 3000; 1618 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1619 utility_.DefineNVSpace(0, bad_length, 0, "", "", 1620 &mock_authorization_delegate_)); 1621} 1622 1623TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) { 1624 uint32_t bad_index = 1 << 29; 1625 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1626 utility_.DefineNVSpace(bad_index, 2, 0, "", "", 1627 &mock_authorization_delegate_)); 1628} 1629 1630TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) { 1631 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, 1632 utility_.DefineNVSpace(0, 2, 0, "", "", nullptr)); 1633} 1634 1635TEST_F(TpmUtilityTest, DefineNVSpaceFail) { 1636 uint32_t index = 59; 1637 size_t length = 256; 1638 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _)) 1639 .WillOnce(Return(TPM_RC_FAILURE)); 1640 EXPECT_EQ(TPM_RC_FAILURE, 1641 utility_.DefineNVSpace(index, length, 0, "", "", 1642 &mock_authorization_delegate_)); 1643} 1644 1645TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) { 1646 uint32_t index = 53; 1647 uint32_t nvram_index = NV_INDEX_FIRST + index; 1648 EXPECT_CALL(mock_tpm_, 1649 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)); 1650 EXPECT_EQ(TPM_RC_SUCCESS, 1651 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1652} 1653 1654TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) { 1655 uint32_t bad_index = 1 << 29; 1656 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1657 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_)); 1658} 1659 1660TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) { 1661 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr)); 1662} 1663 1664TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) { 1665 uint32_t index = 53; 1666 uint32_t nvram_index = NV_INDEX_FIRST + index; 1667 EXPECT_CALL(mock_tpm_, 1668 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1669 .WillOnce(Return(TPM_RC_FAILURE)); 1670 EXPECT_EQ(TPM_RC_FAILURE, 1671 utility_.DestroyNVSpace(index, &mock_authorization_delegate_)); 1672} 1673 1674TEST_F(TpmUtilityTest, LockNVSpaceWriteSuccess) { 1675 uint32_t index = 53; 1676 uint32_t nvram_index = NV_INDEX_FIRST + index; 1677 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1678 .WillOnce(Return(TPM_RC_SUCCESS)); 1679 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1680 .Times(0); 1681 EXPECT_EQ(TPM_RC_SUCCESS, 1682 utility_.LockNVSpace(index, false, true, true, 1683 &mock_authorization_delegate_)); 1684 TPMS_NV_PUBLIC public_area; 1685 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1686 EXPECT_EQ(TPMA_NV_WRITELOCKED, public_area.attributes & TPMA_NV_WRITELOCKED); 1687} 1688 1689TEST_F(TpmUtilityTest, LockNVSpaceReadSuccess) { 1690 uint32_t index = 53; 1691 uint32_t nvram_index = NV_INDEX_FIRST + index; 1692 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1693 .Times(0); 1694 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1695 .WillOnce(Return(TPM_RC_SUCCESS)); 1696 EXPECT_EQ(TPM_RC_SUCCESS, 1697 utility_.LockNVSpace(index, true, false, true, 1698 &mock_authorization_delegate_)); 1699 TPMS_NV_PUBLIC public_area; 1700 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1701 EXPECT_EQ(TPMA_NV_READLOCKED, public_area.attributes & TPMA_NV_READLOCKED); 1702} 1703 1704TEST_F(TpmUtilityTest, LockNVSpaceBothSuccess) { 1705 uint32_t index = 53; 1706 uint32_t nvram_index = NV_INDEX_FIRST + index; 1707 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1708 .WillOnce(Return(TPM_RC_SUCCESS)); 1709 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1710 .WillOnce(Return(TPM_RC_SUCCESS)); 1711 EXPECT_EQ(TPM_RC_SUCCESS, 1712 utility_.LockNVSpace(index, true, true, true, 1713 &mock_authorization_delegate_)); 1714 TPMS_NV_PUBLIC public_area; 1715 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1716 EXPECT_EQ( 1717 (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED), 1718 public_area.attributes & (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED)); 1719} 1720 1721TEST_F(TpmUtilityTest, LockNVSpaceBothNotOwner) { 1722 uint32_t index = 53; 1723 uint32_t nvram_index = NV_INDEX_FIRST + index; 1724 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(nvram_index, _, nvram_index, _, _)) 1725 .WillOnce(Return(TPM_RC_SUCCESS)); 1726 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(nvram_index, _, nvram_index, _, _)) 1727 .WillOnce(Return(TPM_RC_SUCCESS)); 1728 EXPECT_EQ(TPM_RC_SUCCESS, 1729 utility_.LockNVSpace(index, true, true, false, 1730 &mock_authorization_delegate_)); 1731} 1732 1733TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) { 1734 uint32_t bad_index = 1 << 24; 1735 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1736 utility_.LockNVSpace(bad_index, true, true, true, 1737 &mock_authorization_delegate_)); 1738} 1739 1740TEST_F(TpmUtilityTest, LockNVSpaceFailure) { 1741 uint32_t index = 53; 1742 uint32_t nvram_index = NV_INDEX_FIRST + index; 1743 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _)) 1744 .WillOnce(Return(TPM_RC_FAILURE)); 1745 EXPECT_EQ(TPM_RC_FAILURE, 1746 utility_.LockNVSpace(index, true, true, true, 1747 &mock_authorization_delegate_)); 1748} 1749 1750TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) { 1751 uint32_t index = 53; 1752 uint32_t offset = 5; 1753 uint32_t nvram_index = NV_INDEX_FIRST + index; 1754 EXPECT_CALL(mock_tpm_, 1755 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1756 .WillOnce(Return(TPM_RC_SUCCESS)); 1757 EXPECT_EQ(TPM_RC_SUCCESS, 1758 utility_.WriteNVSpace(index, offset, "", true, false, 1759 &mock_authorization_delegate_)); 1760 TPMS_NV_PUBLIC public_area; 1761 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area)); 1762 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN); 1763} 1764 1765TEST_F(TpmUtilityTest, WriteNVSpaceNotOwner) { 1766 uint32_t index = 53; 1767 uint32_t offset = 5; 1768 uint32_t nvram_index = NV_INDEX_FIRST + index; 1769 EXPECT_CALL(mock_tpm_, 1770 NV_WriteSync(nvram_index, _, nvram_index, _, _, offset, _)) 1771 .WillOnce(Return(TPM_RC_SUCCESS)); 1772 EXPECT_EQ(TPM_RC_SUCCESS, 1773 utility_.WriteNVSpace(index, offset, "", false, false, 1774 &mock_authorization_delegate_)); 1775} 1776 1777TEST_F(TpmUtilityTest, ExtendNVSpace) { 1778 uint32_t index = 53; 1779 uint32_t offset = 5; 1780 uint32_t nvram_index = NV_INDEX_FIRST + index; 1781 EXPECT_CALL(mock_tpm_, NV_ExtendSync(TPM_RH_OWNER, _, nvram_index, _, _, _)) 1782 .WillOnce(Return(TPM_RC_SUCCESS)); 1783 EXPECT_EQ(TPM_RC_SUCCESS, 1784 utility_.WriteNVSpace(index, offset, "", true, true, 1785 &mock_authorization_delegate_)); 1786} 1787 1788TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) { 1789 uint32_t index = 53; 1790 std::string nvram_data(1025, 0); 1791 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1792 utility_.WriteNVSpace(index, 0, nvram_data, true, false, 1793 &mock_authorization_delegate_)); 1794} 1795 1796TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) { 1797 uint32_t bad_index = 1 << 24; 1798 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1799 utility_.WriteNVSpace(bad_index, 0, "", true, false, 1800 &mock_authorization_delegate_)); 1801} 1802 1803TEST_F(TpmUtilityTest, WriteNVSpaceFailure) { 1804 uint32_t index = 53; 1805 uint32_t offset = 5; 1806 uint32_t nvram_index = NV_INDEX_FIRST + index; 1807 EXPECT_CALL(mock_tpm_, 1808 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _)) 1809 .WillOnce(Return(TPM_RC_FAILURE)); 1810 EXPECT_EQ(TPM_RC_FAILURE, 1811 utility_.WriteNVSpace(index, offset, "", true, false, 1812 &mock_authorization_delegate_)); 1813} 1814 1815TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) { 1816 uint32_t index = 53; 1817 uint32_t offset = 5; 1818 uint32_t nv_index = NV_INDEX_FIRST + index; 1819 size_t length = 24; 1820 std::string nvram_data; 1821 EXPECT_CALL(mock_tpm_, 1822 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1823 .WillOnce(Return(TPM_RC_SUCCESS)); 1824 EXPECT_EQ(TPM_RC_SUCCESS, 1825 utility_.ReadNVSpace(index, offset, length, false, &nvram_data, 1826 &mock_authorization_delegate_)); 1827} 1828 1829TEST_F(TpmUtilityTest, ReadNVSpaceOwner) { 1830 uint32_t index = 53; 1831 uint32_t offset = 5; 1832 uint32_t nv_index = NV_INDEX_FIRST + index; 1833 size_t length = 24; 1834 std::string nvram_data; 1835 EXPECT_CALL(mock_tpm_, 1836 NV_ReadSync(TPM_RH_OWNER, _, nv_index, _, length, offset, _, _)) 1837 .WillOnce(Return(TPM_RC_SUCCESS)); 1838 EXPECT_EQ(TPM_RC_SUCCESS, 1839 utility_.ReadNVSpace(index, offset, length, true, &nvram_data, 1840 &mock_authorization_delegate_)); 1841} 1842 1843TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) { 1844 size_t length = 1025; 1845 std::string nvram_data; 1846 EXPECT_EQ(SAPI_RC_BAD_SIZE, 1847 utility_.ReadNVSpace(52, 0, length, true, &nvram_data, 1848 &mock_authorization_delegate_)); 1849} 1850 1851TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) { 1852 uint32_t bad_index = 1 << 24; 1853 std::string nvram_data; 1854 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, 1855 utility_.ReadNVSpace(bad_index, 0, 5, true, &nvram_data, 1856 &mock_authorization_delegate_)); 1857} 1858 1859TEST_F(TpmUtilityTest, ReadNVSpaceFailure) { 1860 uint32_t index = 53; 1861 uint32_t offset = 5; 1862 uint32_t nv_index = NV_INDEX_FIRST + index; 1863 size_t length = 24; 1864 std::string nvram_data; 1865 EXPECT_CALL(mock_tpm_, 1866 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _)) 1867 .WillOnce(Return(TPM_RC_FAILURE)); 1868 EXPECT_EQ(TPM_RC_FAILURE, 1869 utility_.ReadNVSpace(index, offset, length, false, &nvram_data, 1870 &mock_authorization_delegate_)); 1871} 1872 1873TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) { 1874 uint32_t index = 53; 1875 uint32_t nvram_index = NV_INDEX_FIRST + index; 1876 std::string name; 1877 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1878 .WillOnce(Return(TPM_RC_SUCCESS)); 1879 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name)); 1880} 1881 1882TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) { 1883 uint32_t index = 53; 1884 std::string name; 1885 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1886 .WillOnce(Return(TPM_RC_FAILURE)); 1887 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name)); 1888} 1889 1890TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) { 1891 uint32_t index = 53; 1892 TPMS_NV_PUBLIC public_area; 1893 SetNVRAMMap(index, public_area); 1894 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)).Times(0); 1895 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1896} 1897 1898TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) { 1899 uint32_t index = 53; 1900 uint32_t nvram_index = NV_INDEX_FIRST + index; 1901 TPMS_NV_PUBLIC public_area; 1902 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _)) 1903 .WillOnce(Return(TPM_RC_SUCCESS)); 1904 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area)); 1905} 1906 1907TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) { 1908 uint32_t index = 53; 1909 TPMS_NV_PUBLIC public_area; 1910 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)) 1911 .WillOnce(Return(TPM_RC_FAILURE)); 1912 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area)); 1913} 1914 1915TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) { 1916 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false)); 1917 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1918 .WillOnce(Return(TPM_RC_SUCCESS)); 1919 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1920} 1921 1922TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) { 1923 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password")); 1924} 1925 1926TEST_F(TpmUtilityTest, SetKnownPasswordFailure) { 1927 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false)); 1928 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _)) 1929 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1930 EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password")); 1931} 1932 1933TEST_F(TpmUtilityTest, RootKeysSuccess) { 1934 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1935} 1936 1937TEST_F(TpmUtilityTest, RootKeysHandleConsistency) { 1938 TPM_HANDLE test_handle = 42; 1939 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1940 .WillRepeatedly( 1941 DoAll(SetArgPointee<3>(test_handle), Return(TPM_RC_SUCCESS))); 1942 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1943 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1944 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1945} 1946 1947TEST_F(TpmUtilityTest, RootKeysCreateFailure) { 1948 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _)) 1949 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1950 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1951} 1952 1953TEST_F(TpmUtilityTest, RootKeysPersistFailure) { 1954 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1955 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1956 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password")); 1957} 1958 1959TEST_F(TpmUtilityTest, RootKeysAlreadyExist) { 1960 SetExistingKeyHandleExpectation(kRSAStorageRootKey); 1961 SetExistingKeyHandleExpectation(kECCStorageRootKey); 1962 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password")); 1963} 1964 1965TEST_F(TpmUtilityTest, SaltingKeySuccess) { 1966 TPM2B_PUBLIC public_area; 1967 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1968 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS))); 1969 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1970 EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg); 1971} 1972 1973TEST_F(TpmUtilityTest, SaltingKeyConsistency) { 1974 TPM_HANDLE test_handle = 42; 1975 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1976 .WillRepeatedly( 1977 DoAll(SetArgPointee<4>(test_handle), Return(TPM_RC_SUCCESS))); 1978 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _)) 1979 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 1980 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 1981} 1982 1983TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) { 1984 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _)) 1985 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1986 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1987} 1988 1989TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) { 1990 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _)) 1991 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1992 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1993} 1994 1995TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) { 1996 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _)) 1997 .WillRepeatedly(Return(TPM_RC_FAILURE)); 1998 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password")); 1999} 2000 2001TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) { 2002 SetExistingKeyHandleExpectation(kSaltingKey); 2003 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password")); 2004} 2005 2006TEST_F(TpmUtilityTest, SetDictionaryAttackParametersSuccess) { 2007 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2, 2008 3, nullptr)) 2009 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 2010 EXPECT_EQ(TPM_RC_SUCCESS, 2011 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr)); 2012} 2013 2014TEST_F(TpmUtilityTest, SetDictionaryAttackParametersFailure) { 2015 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2, 2016 3, nullptr)) 2017 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2018 EXPECT_EQ(TPM_RC_FAILURE, 2019 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr)); 2020} 2021 2022TEST_F(TpmUtilityTest, ResetDictionaryAttackLockSuccess) { 2023 EXPECT_CALL(mock_tpm_, 2024 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr)) 2025 .WillRepeatedly(Return(TPM_RC_SUCCESS)); 2026 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ResetDictionaryAttackLock(nullptr)); 2027} 2028 2029TEST_F(TpmUtilityTest, ResetDictionaryAttackLockFailure) { 2030 EXPECT_CALL(mock_tpm_, 2031 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr)) 2032 .WillRepeatedly(Return(TPM_RC_FAILURE)); 2033 EXPECT_EQ(TPM_RC_FAILURE, utility_.ResetDictionaryAttackLock(nullptr)); 2034} 2035 2036} // namespace trunks 2037