1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <gmock/gmock.h>
18 #include <gtest/gtest.h>
19
20 #include "trunks/mock_tpm.h"
21 #include "trunks/tpm_generated.h"
22 #include "trunks/tpm_state_impl.h"
23 #include "trunks/trunks_factory_for_test.h"
24
25 using testing::_;
26 using testing::DoAll;
27 using testing::Invoke;
28 using testing::NiceMock;
29 using testing::Return;
30 using testing::SetArgPointee;
31 using testing::WithArgs;
32
33 namespace trunks {
34
35 // From definition of TPMA_STARTUP_CLEAR.
36 const trunks::TPMA_STARTUP_CLEAR kPlatformHierarchyMask = 1U;
37
38 // A test fixture for TpmState tests.
39 class TpmStateTest : public testing::Test {
40 public:
TpmStateTest()41 TpmStateTest() {}
~TpmStateTest()42 ~TpmStateTest() override {}
43
SetUp()44 void SetUp() override {
45 factory_.set_tpm(&mock_tpm_);
46 permanent_data_ = GetValidCapabilityData(TPM_PT_PERMANENT, 0);
47 startup_clear_data_ = GetValidCapabilityData(TPM_PT_STARTUP_CLEAR, 0);
48 rsa_data_ = GetValidAlgorithmData(TPM_ALG_RSA, 0);
49 ecc_data_ = GetValidAlgorithmData(TPM_ALG_ECC, 0);
50 lockout_counter_ = GetValidCapabilityData(TPM_PT_LOCKOUT_COUNTER, 0);
51 lockout_threshold_ = GetValidCapabilityData(TPM_PT_MAX_AUTH_FAIL, 0);
52 lockout_interval_ = GetValidCapabilityData(TPM_PT_LOCKOUT_INTERVAL, 0);
53 lockout_recovery_ = GetValidCapabilityData(TPM_PT_LOCKOUT_RECOVERY, 0);
54 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
55 TPM_PT_PERMANENT, 1, _, _, _))
56 .WillRepeatedly(WithArgs<4>(
57 Invoke(this, &TpmStateTest::GetLivePermanent)));
58 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
59 TPM_PT_STARTUP_CLEAR, 1, _, _, _))
60 .WillRepeatedly(WithArgs<4>(
61 Invoke(this, &TpmStateTest::GetLiveStartupClear)));
62 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_ALGS,
63 TPM_ALG_RSA, 1, _, _, _))
64 .WillRepeatedly(WithArgs<4>(
65 Invoke(this, &TpmStateTest::GetLiveRSA)));
66 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_ALGS,
67 TPM_ALG_ECC, 1, _, _, _))
68 .WillRepeatedly(WithArgs<4>(
69 Invoke(this, &TpmStateTest::GetLiveECC)));
70 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
71 TPM_PT_LOCKOUT_COUNTER,
72 1, _, _, _))
73 .WillRepeatedly(WithArgs<4>(
74 Invoke(this, &TpmStateTest::GetLiveLockoutCounter)));
75 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
76 TPM_PT_MAX_AUTH_FAIL,
77 1, _, _, _))
78 .WillRepeatedly(WithArgs<4>(
79 Invoke(this, &TpmStateTest::GetLiveLockoutThreshold)));
80 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
81 TPM_PT_LOCKOUT_INTERVAL,
82 1, _, _, _))
83 .WillRepeatedly(WithArgs<4>(
84 Invoke(this, &TpmStateTest::GetLiveLockoutInterval)));
85 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_TPM_PROPERTIES,
86 TPM_PT_LOCKOUT_RECOVERY,
87 1, _, _, _))
88 .WillRepeatedly(WithArgs<4>(
89 Invoke(this, &TpmStateTest::GetLiveLockoutRecovery)));
90 }
91
GetLivePermanent(TPMS_CAPABILITY_DATA * capability_data)92 TPM_RC GetLivePermanent(TPMS_CAPABILITY_DATA* capability_data) {
93 *capability_data = permanent_data_;
94 return TPM_RC_SUCCESS;
95 }
GetLiveStartupClear(TPMS_CAPABILITY_DATA * capability_data)96 TPM_RC GetLiveStartupClear(TPMS_CAPABILITY_DATA* capability_data) {
97 *capability_data = startup_clear_data_;
98 return TPM_RC_SUCCESS;
99 }
GetLiveRSA(TPMS_CAPABILITY_DATA * capability_data)100 TPM_RC GetLiveRSA(TPMS_CAPABILITY_DATA* capability_data) {
101 *capability_data = rsa_data_;
102 return TPM_RC_SUCCESS;
103 }
GetLiveECC(TPMS_CAPABILITY_DATA * capability_data)104 TPM_RC GetLiveECC(TPMS_CAPABILITY_DATA* capability_data) {
105 *capability_data = ecc_data_;
106 return TPM_RC_SUCCESS;
107 }
GetLiveLockoutCounter(TPMS_CAPABILITY_DATA * capability_data)108 TPM_RC GetLiveLockoutCounter(TPMS_CAPABILITY_DATA* capability_data) {
109 *capability_data = lockout_counter_;
110 return TPM_RC_SUCCESS;
111 }
GetLiveLockoutThreshold(TPMS_CAPABILITY_DATA * capability_data)112 TPM_RC GetLiveLockoutThreshold(TPMS_CAPABILITY_DATA* capability_data) {
113 *capability_data = lockout_threshold_;
114 return TPM_RC_SUCCESS;
115 }
GetLiveLockoutInterval(TPMS_CAPABILITY_DATA * capability_data)116 TPM_RC GetLiveLockoutInterval(TPMS_CAPABILITY_DATA* capability_data) {
117 *capability_data = lockout_interval_;
118 return TPM_RC_SUCCESS;
119 }
GetLiveLockoutRecovery(TPMS_CAPABILITY_DATA * capability_data)120 TPM_RC GetLiveLockoutRecovery(TPMS_CAPABILITY_DATA* capability_data) {
121 *capability_data = lockout_recovery_;
122 return TPM_RC_SUCCESS;
123 }
124
125 protected:
GetValidCapabilityData(TPM_PT property,UINT32 value)126 TPMS_CAPABILITY_DATA GetValidCapabilityData(TPM_PT property, UINT32 value) {
127 TPMS_CAPABILITY_DATA data;
128 memset(&data, 0, sizeof(TPMS_CAPABILITY_DATA));
129 data.capability = TPM_CAP_TPM_PROPERTIES;
130 data.data.tpm_properties.count = 1;
131 data.data.tpm_properties.tpm_property[0].property = property;
132 data.data.tpm_properties.tpm_property[0].value = value;
133 return data;
134 }
135
GetValidAlgorithmData(TPM_ALG_ID alg_id,UINT32 value)136 TPMS_CAPABILITY_DATA GetValidAlgorithmData(TPM_ALG_ID alg_id, UINT32 value) {
137 TPMS_CAPABILITY_DATA data;
138 memset(&data, 0, sizeof(TPMS_CAPABILITY_DATA));
139 data.capability = TPM_CAP_ALGS;
140 data.data.tpm_properties.count = 1;
141 data.data.algorithms.alg_properties[0].alg = alg_id;
142 data.data.algorithms.alg_properties[0].alg_properties = value;
143 return data;
144 }
145
146 TrunksFactoryForTest factory_;
147 NiceMock<MockTpm> mock_tpm_;
148 TPMS_CAPABILITY_DATA permanent_data_;
149 TPMS_CAPABILITY_DATA startup_clear_data_;
150 TPMS_CAPABILITY_DATA rsa_data_;
151 TPMS_CAPABILITY_DATA ecc_data_;
152 TPMS_CAPABILITY_DATA lockout_counter_;
153 TPMS_CAPABILITY_DATA lockout_threshold_;
154 TPMS_CAPABILITY_DATA lockout_interval_;
155 TPMS_CAPABILITY_DATA lockout_recovery_;
156 };
157
TEST(TpmState_DeathTest,NotInitialized)158 TEST(TpmState_DeathTest, NotInitialized) {
159 TrunksFactoryForTest factory;
160 TpmStateImpl tpm_state(factory);
161 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsOwnerPasswordSet(), "Check failed");
162 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEndorsementPasswordSet(),
163 "Check failed");
164 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsLockoutPasswordSet(), "Check failed");
165 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsOwned(), "Check failed");
166 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsInLockout(), "Check failed");
167 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsPlatformHierarchyEnabled(),
168 "Check failed");
169 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsStorageHierarchyEnabled(),
170 "Check failed");
171 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEndorsementHierarchyEnabled(),
172 "Check failed");
173 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsEnabled(), "Check failed");
174 EXPECT_DEATH_IF_SUPPORTED(tpm_state.WasShutdownOrderly(), "Check failed");
175 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsRSASupported(), "Check failed");
176 EXPECT_DEATH_IF_SUPPORTED(tpm_state.IsECCSupported(), "Check failed");
177 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutCounter(), "Check failed");
178 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutThreshold(), "Check failed");
179 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutInterval(), "Check failed");
180 EXPECT_DEATH_IF_SUPPORTED(tpm_state.GetLockoutRecovery(), "Check failed");
181 }
182
TEST_F(TpmStateTest,FlagsClear)183 TEST_F(TpmStateTest, FlagsClear) {
184 TpmStateImpl tpm_state(factory_);
185 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize());
186 EXPECT_FALSE(tpm_state.IsOwnerPasswordSet());
187 EXPECT_FALSE(tpm_state.IsEndorsementPasswordSet());
188 EXPECT_FALSE(tpm_state.IsLockoutPasswordSet());
189 EXPECT_FALSE(tpm_state.IsInLockout());
190 EXPECT_FALSE(tpm_state.IsOwned());
191 EXPECT_FALSE(tpm_state.IsPlatformHierarchyEnabled());
192 EXPECT_FALSE(tpm_state.IsStorageHierarchyEnabled());
193 EXPECT_FALSE(tpm_state.IsEndorsementHierarchyEnabled());
194 EXPECT_FALSE(tpm_state.IsEnabled());
195 EXPECT_FALSE(tpm_state.WasShutdownOrderly());
196 EXPECT_FALSE(tpm_state.IsRSASupported());
197 EXPECT_FALSE(tpm_state.IsECCSupported());
198 EXPECT_EQ(0u, tpm_state.GetLockoutCounter());
199 EXPECT_EQ(0u, tpm_state.GetLockoutThreshold());
200 EXPECT_EQ(0u, tpm_state.GetLockoutInterval());
201 EXPECT_EQ(0u, tpm_state.GetLockoutRecovery());
202 }
203
TEST_F(TpmStateTest,FlagsSet)204 TEST_F(TpmStateTest, FlagsSet) {
205 uint32_t lockout_counter = 5;
206 uint32_t lockout_threshold = 8;
207 uint32_t lockout_interval = 1200;
208 uint32_t lockout_recovery = 84600;
209 permanent_data_.data.tpm_properties.tpm_property[0].value = ~0U;
210 startup_clear_data_.data.tpm_properties.tpm_property[0].value = ~0U;
211 lockout_counter_.data.tpm_properties.tpm_property[0].value = lockout_counter;
212 lockout_threshold_.data.tpm_properties.tpm_property[0].value =
213 lockout_threshold;
214 lockout_interval_.data.tpm_properties.tpm_property[0].value =
215 lockout_interval;
216 lockout_recovery_.data.tpm_properties.tpm_property[0].value =
217 lockout_recovery;
218 rsa_data_.data.algorithms.alg_properties[0].alg_properties = ~0U;
219 ecc_data_.data.algorithms.alg_properties[0].alg_properties = ~0U;
220 TpmStateImpl tpm_state(factory_);
221 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize());
222 EXPECT_TRUE(tpm_state.IsOwnerPasswordSet());
223 EXPECT_TRUE(tpm_state.IsEndorsementPasswordSet());
224 EXPECT_TRUE(tpm_state.IsLockoutPasswordSet());
225 EXPECT_TRUE(tpm_state.IsOwned());
226 EXPECT_TRUE(tpm_state.IsInLockout());
227 EXPECT_TRUE(tpm_state.IsPlatformHierarchyEnabled());
228 EXPECT_TRUE(tpm_state.IsStorageHierarchyEnabled());
229 EXPECT_TRUE(tpm_state.IsEndorsementHierarchyEnabled());
230 EXPECT_FALSE(tpm_state.IsEnabled());
231 EXPECT_TRUE(tpm_state.WasShutdownOrderly());
232 EXPECT_TRUE(tpm_state.IsRSASupported());
233 EXPECT_TRUE(tpm_state.IsECCSupported());
234 EXPECT_EQ(lockout_counter, tpm_state.GetLockoutCounter());
235 EXPECT_EQ(lockout_threshold, tpm_state.GetLockoutThreshold());
236 EXPECT_EQ(lockout_interval, tpm_state.GetLockoutInterval());
237 EXPECT_EQ(lockout_recovery, tpm_state.GetLockoutRecovery());
238 }
239
TEST_F(TpmStateTest,EnabledTpm)240 TEST_F(TpmStateTest, EnabledTpm) {
241 startup_clear_data_.data.tpm_properties.tpm_property[0].value =
242 ~kPlatformHierarchyMask;
243 TpmStateImpl tpm_state(factory_);
244 EXPECT_EQ(TPM_RC_SUCCESS, tpm_state.Initialize());
245 EXPECT_FALSE(tpm_state.IsPlatformHierarchyEnabled());
246 EXPECT_TRUE(tpm_state.IsStorageHierarchyEnabled());
247 EXPECT_TRUE(tpm_state.IsEndorsementHierarchyEnabled());
248 EXPECT_TRUE(tpm_state.IsEnabled());
249 EXPECT_TRUE(tpm_state.WasShutdownOrderly());
250 }
251
TEST_F(TpmStateTest,BadResponsePermanentCapabilityType)252 TEST_F(TpmStateTest, BadResponsePermanentCapabilityType) {
253 permanent_data_.capability = 0xFFFFF;
254 TpmStateImpl tpm_state(factory_);
255 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
256 }
257
TEST_F(TpmStateTest,BadResponseStartupClearCapabilityType)258 TEST_F(TpmStateTest, BadResponseStartupClearCapabilityType) {
259 startup_clear_data_.capability = 0xFFFFF;
260 TpmStateImpl tpm_state(factory_);
261 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
262 }
263
TEST_F(TpmStateTest,BadResponseLockoutCounterCapabilityType)264 TEST_F(TpmStateTest, BadResponseLockoutCounterCapabilityType) {
265 lockout_counter_.capability = 0xFFFFF;
266 TpmStateImpl tpm_state(factory_);
267 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
268 }
269
TEST_F(TpmStateTest,BadResponseLockoutThresholdCapabilityType)270 TEST_F(TpmStateTest, BadResponseLockoutThresholdCapabilityType) {
271 lockout_threshold_.capability = 0xFFFFF;
272 TpmStateImpl tpm_state(factory_);
273 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
274 }
275
TEST_F(TpmStateTest,BadResponseLockoutIntervalCapabilityType)276 TEST_F(TpmStateTest, BadResponseLockoutIntervalCapabilityType) {
277 lockout_interval_.capability = 0xFFFFF;
278 TpmStateImpl tpm_state(factory_);
279 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
280 }
281
TEST_F(TpmStateTest,BadResponseLockoutRecoveryCapabilityType)282 TEST_F(TpmStateTest, BadResponseLockoutRecoveryCapabilityType) {
283 lockout_recovery_.capability = 0xFFFFF;
284 TpmStateImpl tpm_state(factory_);
285 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
286 }
287
TEST_F(TpmStateTest,BadResponseRSAAlgCapabilityType)288 TEST_F(TpmStateTest, BadResponseRSAAlgCapabilityType) {
289 rsa_data_.capability = 0xFFFFF;
290 TpmStateImpl tpm_state(factory_);
291 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
292 }
293
TEST_F(TpmStateTest,BadResponseECCAlgCapabilityType)294 TEST_F(TpmStateTest, BadResponseECCAlgCapabilityType) {
295 ecc_data_.capability = 0xFFFFF;
296 TpmStateImpl tpm_state(factory_);
297 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
298 }
299
TEST_F(TpmStateTest,BadResponsePermanentPropertyCount)300 TEST_F(TpmStateTest, BadResponsePermanentPropertyCount) {
301 permanent_data_.data.tpm_properties.count = 0;
302 TpmStateImpl tpm_state(factory_);
303 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
304 }
305
TEST_F(TpmStateTest,BadResponseStartupClearPropertyCount)306 TEST_F(TpmStateTest, BadResponseStartupClearPropertyCount) {
307 startup_clear_data_.data.tpm_properties.count = 0;
308 TpmStateImpl tpm_state(factory_);
309 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
310 }
311
TEST_F(TpmStateTest,BadResponseLockoutCounterPropertyCount)312 TEST_F(TpmStateTest, BadResponseLockoutCounterPropertyCount) {
313 lockout_counter_.data.tpm_properties.count = 0;
314 TpmStateImpl tpm_state(factory_);
315 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
316 }
317
TEST_F(TpmStateTest,BadResponseLockoutThresholdPropertyCount)318 TEST_F(TpmStateTest, BadResponseLockoutThresholdPropertyCount) {
319 lockout_threshold_.data.tpm_properties.count = 0;
320 TpmStateImpl tpm_state(factory_);
321 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
322 }
323
TEST_F(TpmStateTest,BadResponseLockoutIntervalPropertyCount)324 TEST_F(TpmStateTest, BadResponseLockoutIntervalPropertyCount) {
325 lockout_interval_.data.tpm_properties.count = 0;
326 TpmStateImpl tpm_state(factory_);
327 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
328 }
329
TEST_F(TpmStateTest,BadResponseLockoutRecoveryPropertyCount)330 TEST_F(TpmStateTest, BadResponseLockoutRecoveryPropertyCount) {
331 lockout_recovery_.data.tpm_properties.count = 0;
332 TpmStateImpl tpm_state(factory_);
333 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
334 }
335
TEST_F(TpmStateTest,BadResponseRSAAlgPropertyCount)336 TEST_F(TpmStateTest, BadResponseRSAAlgPropertyCount) {
337 rsa_data_.data.algorithms.count = 0;
338 TpmStateImpl tpm_state(factory_);
339 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
340 }
341
TEST_F(TpmStateTest,BadResponseECCAlgPropertyCount)342 TEST_F(TpmStateTest, BadResponseECCAlgPropertyCount) {
343 ecc_data_.data.algorithms.count = 0;
344 TpmStateImpl tpm_state(factory_);
345 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
346 }
347
TEST_F(TpmStateTest,BadResponsePermanentPropertyType)348 TEST_F(TpmStateTest, BadResponsePermanentPropertyType) {
349 permanent_data_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
350 TpmStateImpl tpm_state(factory_);
351 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
352 }
353
TEST_F(TpmStateTest,BadResponseStartupClearPropertyType)354 TEST_F(TpmStateTest, BadResponseStartupClearPropertyType) {
355 startup_clear_data_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
356 TpmStateImpl tpm_state(factory_);
357 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
358 }
359
TEST_F(TpmStateTest,BadResponseLockoutCounterPropertyType)360 TEST_F(TpmStateTest, BadResponseLockoutCounterPropertyType) {
361 lockout_counter_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
362 TpmStateImpl tpm_state(factory_);
363 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
364 }
365
TEST_F(TpmStateTest,BadResponseLockoutThresholdPropertyType)366 TEST_F(TpmStateTest, BadResponseLockoutThresholdPropertyType) {
367 lockout_threshold_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
368 TpmStateImpl tpm_state(factory_);
369 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
370 }
371
TEST_F(TpmStateTest,BadResponseLockoutIntervalPropertyType)372 TEST_F(TpmStateTest, BadResponseLockoutIntervalPropertyType) {
373 lockout_interval_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
374 TpmStateImpl tpm_state(factory_);
375 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
376 }
377
TEST_F(TpmStateTest,BadResponseLockoutRecoveryPropertyType)378 TEST_F(TpmStateTest, BadResponseLockoutRecoveryPropertyType) {
379 lockout_recovery_.data.tpm_properties.tpm_property[0].property = 0xFFFFF;
380 TpmStateImpl tpm_state(factory_);
381 EXPECT_NE(TPM_RC_SUCCESS, tpm_state.Initialize());
382 }
383
384 } // namespace trunks
385