1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <base/stl_util.h>
18 #include <crypto/sha2.h>
19 #include <gmock/gmock.h>
20 #include <gtest/gtest.h>
21 #include <openssl/aes.h>
22
23 #include "trunks/error_codes.h"
24 #include "trunks/hmac_authorization_delegate.h"
25 #include "trunks/mock_authorization_delegate.h"
26 #include "trunks/mock_blob_parser.h"
27 #include "trunks/mock_hmac_session.h"
28 #include "trunks/mock_policy_session.h"
29 #include "trunks/mock_tpm.h"
30 #include "trunks/mock_tpm_state.h"
31 #include "trunks/tpm_constants.h"
32 #include "trunks/tpm_utility_impl.h"
33 #include "trunks/trunks_factory_for_test.h"
34
35 using testing::_;
36 using testing::DoAll;
37 using testing::NiceMock;
38 using testing::Return;
39 using testing::SaveArg;
40 using testing::SetArgPointee;
41
42 namespace trunks {
43
44 // A test fixture for TpmUtility tests.
45 class TpmUtilityTest : public testing::Test {
46 public:
TpmUtilityTest()47 TpmUtilityTest() : utility_(factory_) {}
~TpmUtilityTest()48 ~TpmUtilityTest() override {}
SetUp()49 void SetUp() override {
50 factory_.set_blob_parser(&mock_blob_parser_);
51 factory_.set_tpm_state(&mock_tpm_state_);
52 factory_.set_tpm(&mock_tpm_);
53 factory_.set_hmac_session(&mock_hmac_session_);
54 factory_.set_policy_session(&mock_policy_session_);
55 }
56
ComputeKeyName(const TPMT_PUBLIC & public_area,std::string * object_name)57 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area,
58 std::string* object_name) {
59 return utility_.ComputeKeyName(public_area, object_name);
60 }
61
SetNVRAMMap(uint32_t index,const TPMS_NV_PUBLIC & public_area)62 void SetNVRAMMap(uint32_t index,
63 const TPMS_NV_PUBLIC& public_area) {
64 utility_.nvram_public_area_map_[index] = public_area;
65 }
66
GetNVRAMMap(uint32_t index,TPMS_NV_PUBLIC * public_area)67 TPM_RC GetNVRAMMap(uint32_t index,
68 TPMS_NV_PUBLIC* public_area) {
69 auto it = utility_.nvram_public_area_map_.find(index);
70 if (it == utility_.nvram_public_area_map_.end()) {
71 return TPM_RC_FAILURE;
72 }
73 *public_area = it->second;
74 return TPM_RC_SUCCESS;
75 }
76
SetKnownOwnerPassword(const std::string & owner_password)77 TPM_RC SetKnownOwnerPassword(const std::string& owner_password) {
78 return utility_.SetKnownOwnerPassword(owner_password);
79 }
80
CreateStorageRootKeys(const std::string & owner_password)81 TPM_RC CreateStorageRootKeys(const std::string& owner_password) {
82 return utility_.CreateStorageRootKeys(owner_password);
83 }
84
CreateSaltingKey(const std::string & owner_password)85 TPM_RC CreateSaltingKey(const std::string& owner_password) {
86 return utility_.CreateSaltingKey(owner_password);
87 }
88
SetExistingKeyHandleExpectation(TPM_HANDLE handle)89 void SetExistingKeyHandleExpectation(TPM_HANDLE handle) {
90 TPMS_CAPABILITY_DATA capability_data = {};
91 TPML_HANDLE& handles = capability_data.data.handles;
92 handles.count = 1;
93 handles.handle[0] = handle;
94 EXPECT_CALL(mock_tpm_,
95 GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _))
96 .WillRepeatedly(
97 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
98 }
99
PopulatePCRSelection(bool has_sha1_pcrs,bool make_sha1_bank_empty,bool has_sha256_pcrs,TPML_PCR_SELECTION * pcrs)100 void PopulatePCRSelection(bool has_sha1_pcrs,
101 bool make_sha1_bank_empty,
102 bool has_sha256_pcrs,
103 TPML_PCR_SELECTION* pcrs) {
104 memset(pcrs, 0, sizeof(TPML_PCR_SELECTION));
105 // By convention fill SHA-256 first. This is a bit brittle because order is
106 // not important but it simplifies comparison to memcmp.
107 if (has_sha256_pcrs) {
108 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256;
109 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
110 for (int i = 0; i < PCR_SELECT_MIN; ++i) {
111 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
112 }
113 ++pcrs->count;
114 }
115 if (has_sha1_pcrs) {
116 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1;
117 if (make_sha1_bank_empty) {
118 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX;
119 } else {
120 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
121 for (int i = 0; i < PCR_SELECT_MIN; ++i) {
122 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
123 }
124 }
125 ++pcrs->count;
126 }
127 }
128
SetExistingPCRSExpectation(bool has_sha1_pcrs,bool has_sha256_pcrs)129 void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) {
130 TPMS_CAPABILITY_DATA capability_data = {};
131 TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr;
132 PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs);
133 EXPECT_CALL(mock_tpm_,
134 GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _))
135 .WillRepeatedly(
136 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
137 }
138
139 protected:
140 TrunksFactoryForTest factory_;
141 NiceMock<MockBlobParser> mock_blob_parser_;
142 NiceMock<MockTpmState> mock_tpm_state_;
143 NiceMock<MockTpm> mock_tpm_;
144 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_;
145 NiceMock<MockHmacSession> mock_hmac_session_;
146 NiceMock<MockPolicySession> mock_policy_session_;
147 TpmUtilityImpl utility_;
148 };
149
TEST_F(TpmUtilityTest,StartupSuccess)150 TEST_F(TpmUtilityTest, StartupSuccess) {
151 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
152 }
153
TEST_F(TpmUtilityTest,StartupAlreadyStarted)154 TEST_F(TpmUtilityTest, StartupAlreadyStarted) {
155 EXPECT_CALL(mock_tpm_, StartupSync(_, _))
156 .WillRepeatedly(Return(TPM_RC_INITIALIZE));
157 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
158 }
159
TEST_F(TpmUtilityTest,StartupFailure)160 TEST_F(TpmUtilityTest, StartupFailure) {
161 EXPECT_CALL(mock_tpm_, StartupSync(_, _))
162 .WillRepeatedly(Return(TPM_RC_FAILURE));
163 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
164 }
165
TEST_F(TpmUtilityTest,StartupSelfTestFailure)166 TEST_F(TpmUtilityTest, StartupSelfTestFailure) {
167 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _))
168 .WillRepeatedly(Return(TPM_RC_FAILURE));
169 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
170 }
171
TEST_F(TpmUtilityTest,ClearSuccess)172 TEST_F(TpmUtilityTest, ClearSuccess) {
173 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
174 }
175
TEST_F(TpmUtilityTest,ClearAfterBadInit)176 TEST_F(TpmUtilityTest, ClearAfterBadInit) {
177 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _))
178 .WillOnce(Return(TPM_RC_AUTH_MISSING))
179 .WillOnce(Return(TPM_RC_SUCCESS));
180 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
181 }
182
TEST_F(TpmUtilityTest,ClearFail)183 TEST_F(TpmUtilityTest, ClearFail) {
184 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _))
185 .WillOnce(Return(TPM_RC_FAILURE));
186 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear());
187 }
188
TEST_F(TpmUtilityTest,ShutdownTest)189 TEST_F(TpmUtilityTest, ShutdownTest) {
190 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _));
191 utility_.Shutdown();
192 }
193
TEST_F(TpmUtilityTest,InitializeTpmAlreadyInit)194 TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) {
195 SetExistingPCRSExpectation(false, true);
196 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
197 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
198 }
199
TEST_F(TpmUtilityTest,InitializeTpmSuccess)200 TEST_F(TpmUtilityTest, InitializeTpmSuccess) {
201 SetExistingPCRSExpectation(false, true);
202 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
203 }
204
TEST_F(TpmUtilityTest,InitializeTpmBadAuth)205 TEST_F(TpmUtilityTest, InitializeTpmBadAuth) {
206 SetExistingPCRSExpectation(false, true);
207 // Reject attempts to set platform auth.
208 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _))
209 .WillRepeatedly(Return(TPM_RC_FAILURE));
210 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
211 }
212
TEST_F(TpmUtilityTest,InitializeTpmDisablePHFails)213 TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) {
214 SetExistingPCRSExpectation(false, true);
215 // Reject attempts to disable the platform hierarchy.
216 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _))
217 .WillRepeatedly(Return(TPM_RC_FAILURE));
218 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
219 }
220
TEST_F(TpmUtilityTest,AllocatePCRFromNone)221 TEST_F(TpmUtilityTest, AllocatePCRFromNone) {
222 SetExistingPCRSExpectation(false, false);
223 TPML_PCR_SELECTION new_pcr_allocation;
224 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
225 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
226 SetArgPointee<3>(YES),
227 Return(TPM_RC_SUCCESS)));
228 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
229 ASSERT_EQ(1u, new_pcr_allocation.count);
230 TPML_PCR_SELECTION expected_pcr_allocation;
231 PopulatePCRSelection(false, false, true, &expected_pcr_allocation);
232 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
233 sizeof(TPML_PCR_SELECTION)));
234 }
235
TEST_F(TpmUtilityTest,AllocatePCRFromSHA1Only)236 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) {
237 SetExistingPCRSExpectation(true, false);
238 TPML_PCR_SELECTION new_pcr_allocation;
239 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
240 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
241 SetArgPointee<3>(YES),
242 Return(TPM_RC_SUCCESS)));
243 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
244 ASSERT_EQ(2u, new_pcr_allocation.count);
245 TPML_PCR_SELECTION expected_pcr_allocation;
246 PopulatePCRSelection(true, true, true, &expected_pcr_allocation);
247 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
248 sizeof(TPML_PCR_SELECTION)));
249 }
250
TEST_F(TpmUtilityTest,AllocatePCRFromSHA1AndSHA256)251 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) {
252 SetExistingPCRSExpectation(true, true);
253 TPML_PCR_SELECTION new_pcr_allocation;
254 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
255 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
256 SetArgPointee<3>(YES),
257 Return(TPM_RC_SUCCESS)));
258 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
259 ASSERT_EQ(1u, new_pcr_allocation.count);
260 TPML_PCR_SELECTION expected_pcr_allocation;
261 PopulatePCRSelection(true, true, false, &expected_pcr_allocation);
262 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
263 sizeof(TPML_PCR_SELECTION)));
264 }
265
TEST_F(TpmUtilityTest,AllocatePCRFromSHA256Only)266 TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) {
267 SetExistingPCRSExpectation(false, true);
268 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
269 .Times(0);
270 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
271 }
272
TEST_F(TpmUtilityTest,AllocatePCRCommandFailure)273 TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) {
274 SetExistingPCRSExpectation(false, false);
275 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
276 .WillOnce(Return(TPM_RC_FAILURE));
277 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
278 }
279
TEST_F(TpmUtilityTest,AllocatePCRTpmFailure)280 TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) {
281 SetExistingPCRSExpectation(false, false);
282 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
283 .WillOnce(DoAll(SetArgPointee<3>(NO),
284 Return(TPM_RC_SUCCESS)));
285 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
286 }
287
TEST_F(TpmUtilityTest,TakeOwnershipSuccess)288 TEST_F(TpmUtilityTest, TakeOwnershipSuccess) {
289 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
290 .WillRepeatedly(Return(false));
291 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
292 .WillRepeatedly(Return(false));
293 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
294 .WillRepeatedly(Return(false));
295 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
296 "endorsement",
297 "lockout"));
298 }
299
TEST_F(TpmUtilityTest,TakeOwnershipOwnershipDone)300 TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) {
301 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
302 "endorsement",
303 "lockout"));
304 }
305
TEST_F(TpmUtilityTest,TakeOwnershipBadSession)306 TEST_F(TpmUtilityTest, TakeOwnershipBadSession) {
307 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
308 .WillRepeatedly(Return(TPM_RC_FAILURE));
309 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
310 "endorsement",
311 "lockout"));
312 }
313
TEST_F(TpmUtilityTest,TakeOwnershipFailure)314 TEST_F(TpmUtilityTest, TakeOwnershipFailure) {
315 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
316 .WillRepeatedly(Return(TPM_RC_FAILURE));
317 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
318 "endorsement",
319 "lockout"));
320 }
321
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementDone)322 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) {
323 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
324 .WillRepeatedly(Return(false));
325 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
326 .WillRepeatedly(Return(false));
327 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
328 "endorsement",
329 "lockout"));
330 }
331
TEST_F(TpmUtilityTest,ChangeOwnerPasswordLockoutDone)332 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) {
333 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
334 .WillRepeatedly(Return(false));
335 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
336 .WillRepeatedly(Return(false));
337 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
338 "endorsement",
339 "lockout"));
340 }
341
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementLockoutDone)342 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) {
343 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
344 .WillRepeatedly(Return(false));
345 EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
346 "endorsement",
347 "lockout"));
348 }
349
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementFail)350 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) {
351 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
352 .WillRepeatedly(Return(false));
353 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
354 .WillRepeatedly(Return(false));
355 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
356 .WillRepeatedly(Return(TPM_RC_SUCCESS));
357 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _))
358 .WillRepeatedly(Return(TPM_RC_FAILURE));
359 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
360 "endorsement",
361 "lockout"));
362 }
363
TEST_F(TpmUtilityTest,ChangeOwnerPasswordLockoutFailure)364 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) {
365 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
366 .WillRepeatedly(Return(false));
367 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
368 .WillRepeatedly(Return(false));
369 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
370 .WillRepeatedly(Return(false));
371 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
372 .WillRepeatedly(Return(TPM_RC_SUCCESS));
373 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _))
374 .WillRepeatedly(Return(TPM_RC_FAILURE));
375 EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
376 "endorsement",
377 "lockout"));
378 }
379
TEST_F(TpmUtilityTest,StirRandomSuccess)380 TEST_F(TpmUtilityTest, StirRandomSuccess) {
381 std::string entropy_data("large test data", 100);
382 EXPECT_EQ(TPM_RC_SUCCESS,
383 utility_.StirRandom(entropy_data, &mock_authorization_delegate_));
384 }
385
TEST_F(TpmUtilityTest,StirRandomFails)386 TEST_F(TpmUtilityTest, StirRandomFails) {
387 std::string entropy_data("test data");
388 EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr))
389 .WillOnce(Return(TPM_RC_FAILURE));
390 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr));
391 }
392
TEST_F(TpmUtilityTest,GenerateRandomSuccess)393 TEST_F(TpmUtilityTest, GenerateRandomSuccess) {
394 // This number is larger than the max bytes the GetRandom call can return.
395 // Therefore we expect software to make multiple calls to fill this many
396 // bytes.
397 size_t num_bytes = 72;
398 std::string random_data;
399 TPM2B_DIGEST large_random;
400 large_random.size = 32;
401 TPM2B_DIGEST small_random;
402 small_random.size = 8;
403 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_))
404 .Times(2)
405 .WillRepeatedly(DoAll(SetArgPointee<1>(large_random),
406 Return(TPM_RC_SUCCESS)));
407 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_))
408 .WillOnce(DoAll(SetArgPointee<1>(small_random),
409 Return(TPM_RC_SUCCESS)));
410 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GenerateRandom(
411 num_bytes, &mock_authorization_delegate_, &random_data));
412 EXPECT_EQ(num_bytes, random_data.size());
413 }
414
TEST_F(TpmUtilityTest,GenerateRandomFails)415 TEST_F(TpmUtilityTest, GenerateRandomFails) {
416 size_t num_bytes = 5;
417 std::string random_data;
418 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr))
419 .WillOnce(Return(TPM_RC_FAILURE));
420 EXPECT_EQ(TPM_RC_FAILURE,
421 utility_.GenerateRandom(num_bytes, nullptr, &random_data));
422 }
423
TEST_F(TpmUtilityTest,ExtendPCRSuccess)424 TEST_F(TpmUtilityTest, ExtendPCRSuccess) {
425 TPM_HANDLE pcr_handle = HR_PCR + 1;
426 TPML_DIGEST_VALUES digests;
427 EXPECT_CALL(mock_tpm_,
428 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_))
429 .WillOnce(DoAll(SaveArg<2>(&digests),
430 Return(TPM_RC_SUCCESS)));
431 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest",
432 &mock_authorization_delegate_));
433 EXPECT_EQ(1u, digests.count);
434 EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg);
435 std::string hash_string = crypto::SHA256HashString("test digest");
436 EXPECT_EQ(0, memcmp(hash_string.data(),
437 digests.digests[0].digest.sha256,
438 crypto::kSHA256Length));
439 }
440
TEST_F(TpmUtilityTest,ExtendPCRFail)441 TEST_F(TpmUtilityTest, ExtendPCRFail) {
442 int pcr_index = 0;
443 TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
444 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _))
445 .WillOnce(Return(TPM_RC_FAILURE));
446 EXPECT_EQ(TPM_RC_FAILURE,
447 utility_.ExtendPCR(pcr_index, "test digest", nullptr));
448 }
449
TEST_F(TpmUtilityTest,ExtendPCRBadParam)450 TEST_F(TpmUtilityTest, ExtendPCRBadParam) {
451 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr));
452 }
453
TEST_F(TpmUtilityTest,ReadPCRSuccess)454 TEST_F(TpmUtilityTest, ReadPCRSuccess) {
455 // The |pcr_index| is chosen to match the structure for |pcr_select|.
456 // If you change |pcr_index|, remember to change |pcr_select|.
457 int pcr_index = 1;
458 std::string pcr_value;
459 TPML_PCR_SELECTION pcr_select;
460 pcr_select.count = 1;
461 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
462 pcr_select.pcr_selections[0].sizeof_select = 1;
463 pcr_select.pcr_selections[0].pcr_select[0] = 2;
464 TPML_DIGEST pcr_values;
465 pcr_values.count = 1;
466 pcr_values.digests[0].size = 5;
467 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
468 .WillOnce(DoAll(SetArgPointee<2>(pcr_select),
469 SetArgPointee<3>(pcr_values),
470 Return(TPM_RC_SUCCESS)));
471 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value));
472 }
473
TEST_F(TpmUtilityTest,ReadPCRFail)474 TEST_F(TpmUtilityTest, ReadPCRFail) {
475 std::string pcr_value;
476 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
477 .WillOnce(Return(TPM_RC_FAILURE));
478 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
479 }
480
TEST_F(TpmUtilityTest,ReadPCRBadReturn)481 TEST_F(TpmUtilityTest, ReadPCRBadReturn) {
482 std::string pcr_value;
483 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
484 }
485
TEST_F(TpmUtilityTest,AsymmetricEncryptSuccess)486 TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) {
487 TPM_HANDLE key_handle;
488 std::string plaintext;
489 std::string output_ciphertext("ciphertext");
490 std::string ciphertext;
491 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
492 output_ciphertext);
493 TPM2B_PUBLIC public_area;
494 public_area.public_area.type = TPM_ALG_RSA;
495 public_area.public_area.object_attributes = kDecrypt;
496 public_area.public_area.auth_policy.size = 0;
497 public_area.public_area.unique.rsa.size = 0;
498 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
499 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
500 Return(TPM_RC_SUCCESS)));
501 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _,
502 &mock_authorization_delegate_))
503 .WillOnce(DoAll(SetArgPointee<5>(out_message),
504 Return(TPM_RC_SUCCESS)));
505 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(
506 key_handle,
507 TPM_ALG_NULL,
508 TPM_ALG_NULL,
509 plaintext,
510 &mock_authorization_delegate_,
511 &ciphertext));
512 EXPECT_EQ(0, ciphertext.compare(output_ciphertext));
513 }
514
TEST_F(TpmUtilityTest,AsymmetricEncryptFail)515 TEST_F(TpmUtilityTest, AsymmetricEncryptFail) {
516 TPM_HANDLE key_handle;
517 std::string plaintext;
518 std::string ciphertext;
519 TPM2B_PUBLIC public_area;
520 public_area.public_area.type = TPM_ALG_RSA;
521 public_area.public_area.object_attributes = kDecrypt;
522 public_area.public_area.auth_policy.size = 0;
523 public_area.public_area.unique.rsa.size = 0;
524 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
525 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
526 Return(TPM_RC_SUCCESS)));
527 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
528 .WillOnce(Return(TPM_RC_FAILURE));
529 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricEncrypt(key_handle,
530 TPM_ALG_NULL,
531 TPM_ALG_NULL,
532 plaintext,
533 nullptr,
534 &ciphertext));
535 }
536
TEST_F(TpmUtilityTest,AsymmetricEncryptBadParams)537 TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) {
538 TPM_HANDLE key_handle = TPM_RH_FIRST;
539 std::string plaintext;
540 std::string ciphertext;
541 TPM2B_PUBLIC public_area;
542 public_area.public_area.type = TPM_ALG_RSA;
543 public_area.public_area.object_attributes = kDecrypt | kRestricted;
544 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr))
545 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
546 Return(TPM_RC_SUCCESS)));
547 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricEncrypt(key_handle,
548 TPM_ALG_RSAES,
549 TPM_ALG_NULL,
550 plaintext,
551 nullptr,
552 &ciphertext));
553 }
554
TEST_F(TpmUtilityTest,AsymmetricEncryptNullSchemeForward)555 TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) {
556 TPM_HANDLE key_handle;
557 std::string plaintext;
558 std::string output_ciphertext("ciphertext");
559 std::string ciphertext;
560 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
561 output_ciphertext);
562 TPM2B_PUBLIC public_area;
563 public_area.public_area.type = TPM_ALG_RSA;
564 public_area.public_area.object_attributes = kDecrypt;
565 public_area.public_area.auth_policy.size = 0;
566 public_area.public_area.unique.rsa.size = 0;
567 TPMT_RSA_DECRYPT scheme;
568 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
569 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
570 Return(TPM_RC_SUCCESS)));
571 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
572 .WillOnce(DoAll(SetArgPointee<5>(out_message),
573 SaveArg<3>(&scheme),
574 Return(TPM_RC_SUCCESS)));
575 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle,
576 TPM_ALG_NULL,
577 TPM_ALG_NULL,
578 plaintext,
579 nullptr,
580 &ciphertext));
581 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
582 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
583 }
584
TEST_F(TpmUtilityTest,AsymmetricEncryptSchemeForward)585 TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) {
586 TPM_HANDLE key_handle;
587 std::string plaintext;
588 std::string output_ciphertext("ciphertext");
589 std::string ciphertext;
590 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
591 output_ciphertext);
592 TPM2B_PUBLIC public_area;
593 public_area.public_area.type = TPM_ALG_RSA;
594 public_area.public_area.object_attributes = kDecrypt;
595 public_area.public_area.auth_policy.size = 0;
596 public_area.public_area.unique.rsa.size = 0;
597 TPMT_RSA_DECRYPT scheme;
598 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
599 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
600 Return(TPM_RC_SUCCESS)));
601 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
602 .WillOnce(DoAll(SetArgPointee<5>(out_message),
603 SaveArg<3>(&scheme),
604 Return(TPM_RC_SUCCESS)));
605 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle,
606 TPM_ALG_RSAES,
607 TPM_ALG_NULL,
608 plaintext,
609 nullptr,
610 &ciphertext));
611 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
612 }
613
TEST_F(TpmUtilityTest,AsymmetricDecryptSuccess)614 TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) {
615 TPM_HANDLE key_handle;
616 std::string plaintext;
617 std::string output_plaintext("plaintext");
618 std::string ciphertext;
619 std::string password("password");
620 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
621 output_plaintext);
622 TPM2B_PUBLIC public_area;
623 public_area.public_area.type = TPM_ALG_RSA;
624 public_area.public_area.object_attributes = kDecrypt;
625 public_area.public_area.auth_policy.size = 0;
626 public_area.public_area.unique.rsa.size = 0;
627 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
628 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
629 Return(TPM_RC_SUCCESS)));
630 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _,
631 &mock_authorization_delegate_))
632 .WillOnce(DoAll(SetArgPointee<5>(out_message),
633 Return(TPM_RC_SUCCESS)));
634 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
635 key_handle,
636 TPM_ALG_NULL,
637 TPM_ALG_NULL,
638 ciphertext,
639 &mock_authorization_delegate_,
640 &plaintext));
641 EXPECT_EQ(0, plaintext.compare(output_plaintext));
642 }
643
TEST_F(TpmUtilityTest,AsymmetricDecryptFail)644 TEST_F(TpmUtilityTest, AsymmetricDecryptFail) {
645 TPM_HANDLE key_handle;
646 std::string key_name;
647 std::string plaintext;
648 std::string ciphertext;
649 std::string password;
650 TPM2B_PUBLIC public_area;
651 public_area.public_area.type = TPM_ALG_RSA;
652 public_area.public_area.object_attributes = kDecrypt;
653 public_area.public_area.auth_policy.size = 0;
654 public_area.public_area.unique.rsa.size = 0;
655 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
656 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
657 Return(TPM_RC_SUCCESS)));
658 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
659 .WillOnce(Return(TPM_RC_FAILURE));
660 EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricDecrypt(
661 key_handle,
662 TPM_ALG_NULL,
663 TPM_ALG_NULL,
664 ciphertext,
665 &mock_authorization_delegate_,
666 &plaintext));
667 }
668
TEST_F(TpmUtilityTest,AsymmetricDecryptBadParams)669 TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) {
670 TPM_HANDLE key_handle = TPM_RH_FIRST;
671 std::string plaintext;
672 std::string ciphertext;
673 TPM2B_PUBLIC public_area;
674 public_area.public_area.type = TPM_ALG_RSA;
675 public_area.public_area.object_attributes = kDecrypt | kRestricted;
676 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
677 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
678 Return(TPM_RC_SUCCESS)));
679 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricDecrypt(
680 key_handle,
681 TPM_ALG_RSAES,
682 TPM_ALG_NULL,
683 ciphertext,
684 &mock_authorization_delegate_,
685 &plaintext));
686 }
687
TEST_F(TpmUtilityTest,AsymmetricDecryptBadSession)688 TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) {
689 TPM_HANDLE key_handle = TPM_RH_FIRST;
690 std::string key_name;
691 std::string plaintext;
692 std::string ciphertext;
693 std::string password;
694 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.AsymmetricDecrypt(
695 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL,
696 ciphertext, nullptr, &plaintext));
697 }
698
TEST_F(TpmUtilityTest,AsymmetricDecryptNullSchemeForward)699 TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) {
700 TPM_HANDLE key_handle;
701 std::string plaintext;
702 std::string output_plaintext("plaintext");
703 std::string ciphertext;
704 std::string password;
705 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
706 output_plaintext);
707 TPM2B_PUBLIC public_area;
708 public_area.public_area.type = TPM_ALG_RSA;
709 public_area.public_area.object_attributes = kDecrypt;
710 public_area.public_area.auth_policy.size = 0;
711 public_area.public_area.unique.rsa.size = 0;
712 TPMT_RSA_DECRYPT scheme;
713 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
714 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
715 Return(TPM_RC_SUCCESS)));
716 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
717 .WillOnce(DoAll(SetArgPointee<5>(out_message),
718 SaveArg<3>(&scheme),
719 Return(TPM_RC_SUCCESS)));
720 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
721 key_handle,
722 TPM_ALG_NULL,
723 TPM_ALG_NULL,
724 ciphertext,
725 &mock_authorization_delegate_,
726 &plaintext));
727 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
728 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
729 }
730
TEST_F(TpmUtilityTest,AsymmetricDecryptSchemeForward)731 TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) {
732 TPM_HANDLE key_handle;
733 std::string plaintext;
734 std::string output_plaintext("plaintext");
735 std::string ciphertext;
736 std::string password;
737 TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
738 output_plaintext);
739 TPM2B_PUBLIC public_area;
740 public_area.public_area.type = TPM_ALG_RSA;
741 public_area.public_area.object_attributes = kDecrypt;
742 public_area.public_area.auth_policy.size = 0;
743 public_area.public_area.unique.rsa.size = 0;
744 TPMT_RSA_DECRYPT scheme;
745 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
746 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
747 Return(TPM_RC_SUCCESS)));
748 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
749 .WillOnce(DoAll(SetArgPointee<5>(out_message),
750 SaveArg<3>(&scheme),
751 Return(TPM_RC_SUCCESS)));
752 EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
753 key_handle,
754 TPM_ALG_RSAES,
755 TPM_ALG_NULL,
756 ciphertext,
757 &mock_authorization_delegate_,
758 &plaintext));
759 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
760 }
761
TEST_F(TpmUtilityTest,SignSuccess)762 TEST_F(TpmUtilityTest, SignSuccess) {
763 TPM_HANDLE key_handle;
764 std::string password("password");
765 std::string digest(32, 'a');
766 TPMT_SIGNATURE signature_out;
767 signature_out.signature.rsassa.sig.size = 2;
768 signature_out.signature.rsassa.sig.buffer[0] = 'h';
769 signature_out.signature.rsassa.sig.buffer[1] = 'i';
770 std::string signature;
771 TPM2B_PUBLIC public_area;
772 public_area.public_area.type = TPM_ALG_RSA;
773 public_area.public_area.object_attributes = kSign;
774 public_area.public_area.auth_policy.size = 0;
775 public_area.public_area.unique.rsa.size = 0;
776 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
777 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
778 Return(TPM_RC_SUCCESS)));
779 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _,
780 &mock_authorization_delegate_))
781 .WillOnce(DoAll(SetArgPointee<5>(signature_out),
782 Return(TPM_RC_SUCCESS)));
783 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
784 TPM_ALG_NULL,
785 TPM_ALG_NULL,
786 digest,
787 &mock_authorization_delegate_,
788 &signature));
789 EXPECT_EQ(0, signature.compare("hi"));
790 }
791
TEST_F(TpmUtilityTest,SignFail)792 TEST_F(TpmUtilityTest, SignFail) {
793 TPM_HANDLE key_handle;
794 std::string password;
795 std::string digest(32, 'a');
796 std::string signature;
797 TPM2B_PUBLIC public_area;
798 public_area.public_area.type = TPM_ALG_RSA;
799 public_area.public_area.object_attributes = kSign;
800 public_area.public_area.auth_policy.size = 0;
801 public_area.public_area.unique.rsa.size = 0;
802 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
803 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
804 Return(TPM_RC_SUCCESS)));
805 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
806 .WillOnce(Return(TPM_RC_FAILURE));
807 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle,
808 TPM_ALG_NULL,
809 TPM_ALG_NULL,
810 digest,
811 &mock_authorization_delegate_,
812 &signature));
813 }
814
TEST_F(TpmUtilityTest,SignBadParams1)815 TEST_F(TpmUtilityTest, SignBadParams1) {
816 TPM_HANDLE key_handle;
817 std::string password;
818 std::string digest(32, 'a');
819 std::string signature;
820 TPM2B_PUBLIC public_area;
821 public_area.public_area.type = TPM_ALG_RSA;
822 public_area.public_area.object_attributes = kSign | kRestricted;
823 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
824 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
825 Return(TPM_RC_SUCCESS)));
826 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
827 TPM_ALG_RSAPSS,
828 TPM_ALG_NULL,
829 digest,
830 &mock_authorization_delegate_,
831 &signature));
832 }
833
TEST_F(TpmUtilityTest,SignBadAuthorizationSession)834 TEST_F(TpmUtilityTest, SignBadAuthorizationSession) {
835 TPM_HANDLE key_handle = TPM_RH_FIRST;
836 std::string password;
837 std::string digest(32, 'a');
838 std::string signature;
839 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.Sign(key_handle,
840 TPM_ALG_RSAPSS,
841 TPM_ALG_NULL,
842 digest,
843 nullptr,
844 &signature));
845 }
846
TEST_F(TpmUtilityTest,SignBadParams2)847 TEST_F(TpmUtilityTest, SignBadParams2) {
848 TPM_HANDLE key_handle;
849 std::string password;
850 std::string digest(32, 'a');
851 std::string signature;
852 TPM2B_PUBLIC public_area;
853 public_area.public_area.type = TPM_ALG_RSA;
854 public_area.public_area.object_attributes = kDecrypt;
855 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
856 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
857 Return(TPM_RC_SUCCESS)));
858 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
859 TPM_ALG_RSAPSS,
860 TPM_ALG_NULL,
861 digest,
862 &mock_authorization_delegate_,
863 &signature));
864 }
865
TEST_F(TpmUtilityTest,SignBadParams3)866 TEST_F(TpmUtilityTest, SignBadParams3) {
867 TPM_HANDLE key_handle;
868 std::string password;
869 std::string digest(32, 'a');
870 std::string signature;
871 TPM2B_PUBLIC public_area;
872 public_area.public_area.type = TPM_ALG_ECC;
873 public_area.public_area.object_attributes = kSign;
874 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
875 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
876 Return(TPM_RC_SUCCESS)));
877 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
878 TPM_ALG_RSAPSS,
879 TPM_ALG_NULL,
880 digest,
881 &mock_authorization_delegate_,
882 &signature));
883 }
884
TEST_F(TpmUtilityTest,SignBadParams4)885 TEST_F(TpmUtilityTest, SignBadParams4) {
886 TPM_HANDLE key_handle;
887 std::string password;
888 std::string digest(32, 'a');
889 std::string signature;
890 TPM2B_PUBLIC public_area;
891 public_area.public_area.type = TPM_ALG_RSA;
892 public_area.public_area.object_attributes = kSign;
893 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
894 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
895 Return(TPM_RC_FAILURE)));
896 EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle,
897 TPM_ALG_RSAPSS,
898 TPM_ALG_NULL,
899 digest,
900 &mock_authorization_delegate_,
901 &signature));
902 }
903
TEST_F(TpmUtilityTest,SignBadParams5)904 TEST_F(TpmUtilityTest, SignBadParams5) {
905 TPM_HANDLE key_handle = 0;
906 std::string password;
907 std::string digest(32, 'a');
908 std::string signature;
909 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
910 TPM_ALG_AES,
911 TPM_ALG_NULL,
912 digest,
913 &mock_authorization_delegate_,
914 &signature));
915 }
916
917
TEST_F(TpmUtilityTest,SignNullSchemeForward)918 TEST_F(TpmUtilityTest, SignNullSchemeForward) {
919 TPM_HANDLE key_handle;
920 std::string password;
921 std::string digest(32, 'a');
922 TPMT_SIGNATURE signature_out;
923 signature_out.signature.rsassa.sig.size = 0;
924 std::string signature;
925 TPM2B_PUBLIC public_area;
926 TPMT_SIG_SCHEME scheme;
927 public_area.public_area.type = TPM_ALG_RSA;
928 public_area.public_area.object_attributes = kSign;
929 public_area.public_area.auth_policy.size = 0;
930 public_area.public_area.unique.rsa.size = 0;
931 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
932 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
933 Return(TPM_RC_SUCCESS)));
934 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
935 .WillOnce(DoAll(SetArgPointee<5>(signature_out),
936 SaveArg<3>(&scheme),
937 Return(TPM_RC_SUCCESS)));
938 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
939 TPM_ALG_NULL,
940 TPM_ALG_NULL,
941 digest,
942 &mock_authorization_delegate_,
943 &signature));
944 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA);
945 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256);
946 }
947
TEST_F(TpmUtilityTest,SignSchemeForward)948 TEST_F(TpmUtilityTest, SignSchemeForward) {
949 TPM_HANDLE key_handle;
950 std::string password;
951 std::string digest(64, 'a');
952 TPMT_SIGNATURE signature_out;
953 signature_out.signature.rsassa.sig.size = 0;
954 std::string signature;
955 TPM2B_PUBLIC public_area;
956 TPMT_SIG_SCHEME scheme;
957 public_area.public_area.type = TPM_ALG_RSA;
958 public_area.public_area.object_attributes = kSign;
959 public_area.public_area.auth_policy.size = 0;
960 public_area.public_area.unique.rsa.size = 0;
961 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
962 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
963 Return(TPM_RC_SUCCESS)));
964 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
965 .WillOnce(DoAll(SetArgPointee<5>(signature_out),
966 SaveArg<3>(&scheme),
967 Return(TPM_RC_SUCCESS)));
968 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
969 TPM_ALG_RSAPSS,
970 TPM_ALG_SHA1,
971 digest,
972 &mock_authorization_delegate_,
973 &signature));
974 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS);
975 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1);
976 }
977
TEST_F(TpmUtilityTest,VerifySuccess)978 TEST_F(TpmUtilityTest, VerifySuccess) {
979 TPM_HANDLE key_handle;
980 std::string digest(32, 'a');
981 std::string signature;
982 TPM2B_PUBLIC public_area;
983 public_area.public_area.type = TPM_ALG_RSA;
984 public_area.public_area.object_attributes = kSign;
985 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
986 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
987 Return(TPM_RC_SUCCESS)));
988 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
989 .WillOnce(Return(TPM_RC_SUCCESS));
990 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
991 TPM_ALG_NULL,
992 TPM_ALG_NULL,
993 digest,
994 signature,
995 nullptr));
996 }
997
TEST_F(TpmUtilityTest,VerifyFail)998 TEST_F(TpmUtilityTest, VerifyFail) {
999 TPM_HANDLE key_handle;
1000 std::string digest(32, 'a');
1001 std::string signature;
1002 TPM2B_PUBLIC public_area;
1003 public_area.public_area.type = TPM_ALG_RSA;
1004 public_area.public_area.object_attributes = kSign;
1005 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1006 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1007 Return(TPM_RC_SUCCESS)));
1008 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
1009 .WillOnce(Return(TPM_RC_FAILURE));
1010 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle,
1011 TPM_ALG_NULL,
1012 TPM_ALG_NULL,
1013 digest,
1014 signature,
1015 nullptr));
1016 }
1017
TEST_F(TpmUtilityTest,VerifyBadParams1)1018 TEST_F(TpmUtilityTest, VerifyBadParams1) {
1019 TPM_HANDLE key_handle;
1020 std::string digest(32, 'a');
1021 std::string signature;
1022 TPM2B_PUBLIC public_area;
1023 public_area.public_area.type = TPM_ALG_RSA;
1024 public_area.public_area.object_attributes = kSign | kRestricted;
1025 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1026 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1027 Return(TPM_RC_SUCCESS)));
1028 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
1029 TPM_ALG_NULL,
1030 TPM_ALG_NULL,
1031 digest,
1032 signature,
1033 nullptr));
1034 }
1035
TEST_F(TpmUtilityTest,VerifyBadParams2)1036 TEST_F(TpmUtilityTest, VerifyBadParams2) {
1037 TPM_HANDLE key_handle;
1038 std::string digest(32, 'a');
1039 std::string signature;
1040 TPM2B_PUBLIC public_area;
1041 public_area.public_area.type = TPM_ALG_RSA;
1042 public_area.public_area.object_attributes = kDecrypt;
1043 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1044 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1045 Return(TPM_RC_SUCCESS)));
1046 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
1047 TPM_ALG_NULL,
1048 TPM_ALG_NULL,
1049 digest,
1050 signature,
1051 nullptr));
1052 }
1053
TEST_F(TpmUtilityTest,VerifyBadParams3)1054 TEST_F(TpmUtilityTest, VerifyBadParams3) {
1055 TPM_HANDLE key_handle;
1056 std::string digest(32, 'a');
1057 std::string signature;
1058 TPM2B_PUBLIC public_area;
1059 public_area.public_area.type = TPM_ALG_ECC;
1060 public_area.public_area.object_attributes = kSign;
1061 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1062 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1063 Return(TPM_RC_SUCCESS)));
1064 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
1065 TPM_ALG_NULL,
1066 TPM_ALG_NULL,
1067 digest,
1068 signature,
1069 nullptr));
1070 }
1071
TEST_F(TpmUtilityTest,VerifyBadParams4)1072 TEST_F(TpmUtilityTest, VerifyBadParams4) {
1073 TPM_HANDLE key_handle;
1074 std::string digest(32, 'a');
1075 std::string signature;
1076 TPM2B_PUBLIC public_area;
1077 public_area.public_area.type = TPM_ALG_RSA;
1078 public_area.public_area.object_attributes = kSign;
1079 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1080 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1081 Return(TPM_RC_FAILURE)));
1082 EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle,
1083 TPM_ALG_NULL,
1084 TPM_ALG_NULL,
1085 digest,
1086 signature,
1087 nullptr));
1088 }
1089
TEST_F(TpmUtilityTest,VerifyBadParams5)1090 TEST_F(TpmUtilityTest, VerifyBadParams5) {
1091 TPM_HANDLE key_handle;
1092 std::string digest(32, 'a');
1093 std::string signature;
1094 TPM2B_PUBLIC public_area;
1095 public_area.public_area.type = TPM_ALG_RSA;
1096 public_area.public_area.object_attributes = kSign;
1097 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1098 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1099 Return(TPM_RC_SUCCESS)));
1100 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
1101 TPM_ALG_AES,
1102 TPM_ALG_NULL,
1103 digest,
1104 signature,
1105 nullptr));
1106 }
1107
TEST_F(TpmUtilityTest,VerifyNullSchemeForward)1108 TEST_F(TpmUtilityTest, VerifyNullSchemeForward) {
1109 TPM_HANDLE key_handle;
1110 std::string digest(32, 'a');
1111 std::string signature;
1112 TPM2B_PUBLIC public_area;
1113 TPMT_SIGNATURE signature_in;
1114 public_area.public_area.type = TPM_ALG_RSA;
1115 public_area.public_area.object_attributes = kSign;
1116 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1117 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1118 Return(TPM_RC_SUCCESS)));
1119 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
1120 .WillOnce(DoAll(SaveArg<3>(&signature_in),
1121 Return(TPM_RC_SUCCESS)));
1122 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
1123 TPM_ALG_NULL,
1124 TPM_ALG_NULL,
1125 digest,
1126 signature,
1127 nullptr));
1128 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA);
1129 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256);
1130 }
1131
TEST_F(TpmUtilityTest,VerifySchemeForward)1132 TEST_F(TpmUtilityTest, VerifySchemeForward) {
1133 TPM_HANDLE key_handle;
1134 std::string digest(64, 'a');
1135 std::string signature;
1136 TPM2B_PUBLIC public_area;
1137 TPMT_SIGNATURE signature_in;
1138 public_area.public_area.type = TPM_ALG_RSA;
1139 public_area.public_area.object_attributes = kSign;
1140 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1141 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1142 Return(TPM_RC_SUCCESS)));
1143 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
1144 .WillOnce(DoAll(SaveArg<3>(&signature_in),
1145 Return(TPM_RC_SUCCESS)));
1146 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
1147 TPM_ALG_RSAPSS,
1148 TPM_ALG_SHA1,
1149 digest,
1150 signature,
1151 nullptr));
1152 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS);
1153 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1);
1154 }
1155
TEST_F(TpmUtilityTest,CertifyCreationSuccess)1156 TEST_F(TpmUtilityTest, CertifyCreationSuccess) {
1157 TPM_HANDLE key_handle = 42;
1158 std::string creation_blob;
1159 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle,
1160 _, _, _, _, _, _, _))
1161 .WillOnce(Return(TPM_RC_SUCCESS));
1162 EXPECT_EQ(TPM_RC_SUCCESS,
1163 utility_.CertifyCreation(key_handle, creation_blob));
1164 }
1165
TEST_F(TpmUtilityTest,CertifyCreationParserError)1166 TEST_F(TpmUtilityTest, CertifyCreationParserError) {
1167 TPM_HANDLE key_handle = 42;
1168 std::string creation_blob;
1169 EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _))
1170 .WillOnce(Return(false));
1171 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1172 utility_.CertifyCreation(key_handle, creation_blob));
1173 }
1174
TEST_F(TpmUtilityTest,CertifyCreationFailure)1175 TEST_F(TpmUtilityTest, CertifyCreationFailure) {
1176 TPM_HANDLE key_handle = 42;
1177 std::string creation_blob;
1178 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle,
1179 _, _, _, _, _, _, _))
1180 .WillOnce(Return(TPM_RC_FAILURE));
1181 EXPECT_EQ(TPM_RC_FAILURE,
1182 utility_.CertifyCreation(key_handle, creation_blob));
1183 }
1184
TEST_F(TpmUtilityTest,ChangeAuthDataSuccess)1185 TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) {
1186 TPM_HANDLE key_handle = 1;
1187 std::string new_password;
1188 std::string key_blob;
1189 TPM2B_PUBLIC public_area;
1190 public_area.public_area.type = TPM_ALG_RSA;
1191 public_area.public_area.auth_policy.size = 0;
1192 public_area.public_area.unique.rsa.size = 0;
1193 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1194 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1195 Return(TPM_RC_SUCCESS)));
1196 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData(
1197 key_handle, new_password, &mock_authorization_delegate_, &key_blob));
1198 }
1199
TEST_F(TpmUtilityTest,ChangeAuthDataKeyNameFail)1200 TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) {
1201 TPM_HANDLE key_handle = 1;
1202 std::string old_password;
1203 std::string new_password;
1204 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1205 .WillOnce(Return(TPM_RC_FAILURE));
1206 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
1207 key_handle, new_password, &mock_authorization_delegate_, nullptr));
1208 }
1209
TEST_F(TpmUtilityTest,ChangeAuthDataFailure)1210 TEST_F(TpmUtilityTest, ChangeAuthDataFailure) {
1211 TPM_HANDLE key_handle = 1;
1212 std::string new_password;
1213 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _))
1214 .WillOnce(Return(TPM_RC_FAILURE));
1215 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
1216 key_handle, new_password, &mock_authorization_delegate_, nullptr));
1217 }
1218
TEST_F(TpmUtilityTest,ChangeAuthDataParserFail)1219 TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) {
1220 TPM_HANDLE key_handle = 1;
1221 std::string new_password;
1222 std::string key_blob;
1223 TPM2B_PUBLIC public_area;
1224 public_area.public_area.type = TPM_ALG_RSA;
1225 public_area.public_area.auth_policy.size = 0;
1226 public_area.public_area.unique.rsa.size = 0;
1227 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1228 .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
1229 Return(TPM_RC_SUCCESS)));
1230 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1231 .WillOnce(Return(false));
1232 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ChangeKeyAuthorizationData(
1233 key_handle, new_password, &mock_authorization_delegate_, &key_blob));
1234 }
1235
TEST_F(TpmUtilityTest,ImportRSAKeySuccess)1236 TEST_F(TpmUtilityTest, ImportRSAKeySuccess) {
1237 uint32_t public_exponent = 0x10001;
1238 std::string modulus(256, 'a');
1239 std::string prime_factor(128, 'b');
1240 std::string password("password");
1241 std::string key_blob;
1242 TPM2B_DATA encryption_key;
1243 TPM2B_PUBLIC public_data;
1244 TPM2B_PRIVATE private_data;
1245 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
1246 .WillOnce(DoAll(SaveArg<2>(&encryption_key),
1247 SaveArg<3>(&public_data),
1248 SaveArg<4>(&private_data),
1249 Return(TPM_RC_SUCCESS)));
1250 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey(
1251 TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1252 modulus,
1253 public_exponent,
1254 prime_factor,
1255 password,
1256 &mock_authorization_delegate_,
1257 &key_blob));
1258 // Validate that the public area was properly constructed.
1259 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits,
1260 modulus.size() * 8);
1261 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent,
1262 public_exponent);
1263 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size());
1264 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer,
1265 modulus.data(), modulus.size()));
1266 // Validate the private struct construction.
1267 EXPECT_EQ(kAesKeySize, encryption_key.size);
1268 AES_KEY key;
1269 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key);
1270 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0};
1271 int iv_in = 0;
1272 std::string unencrypted_private(private_data.size, 0);
1273 AES_cfb128_encrypt(
1274 reinterpret_cast<const unsigned char*>(private_data.buffer),
1275 reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)),
1276 private_data.size, &key, iv, &iv_in, AES_DECRYPT);
1277 TPM2B_DIGEST inner_integrity;
1278 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private,
1279 &inner_integrity, nullptr));
1280 std::string object_name;
1281 EXPECT_EQ(TPM_RC_SUCCESS,
1282 ComputeKeyName(public_data.public_area, &object_name));
1283 std::string integrity_value = crypto::SHA256HashString(unencrypted_private +
1284 object_name);
1285 EXPECT_EQ(integrity_value.size(), inner_integrity.size);
1286 EXPECT_EQ(0, memcmp(inner_integrity.buffer,
1287 integrity_value.data(),
1288 inner_integrity.size));
1289 TPM2B_SENSITIVE sensitive_data;
1290 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private,
1291 &sensitive_data, nullptr));
1292 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size());
1293 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer,
1294 password.data(), password.size()));
1295 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size,
1296 prime_factor.size());
1297 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer,
1298 prime_factor.data(), prime_factor.size()));
1299 }
1300
TEST_F(TpmUtilityTest,ImportRSAKeySuccessWithNoBlob)1301 TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) {
1302 uint32_t public_exponent = 0x10001;
1303 std::string modulus(256, 'a');
1304 std::string prime_factor(128, 'b');
1305 std::string password;
1306 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey(
1307 TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1308 modulus,
1309 public_exponent,
1310 prime_factor,
1311 password,
1312 &mock_authorization_delegate_,
1313 nullptr));
1314 }
1315
TEST_F(TpmUtilityTest,ImportRSAKeyParentNameFail)1316 TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) {
1317 uint32_t public_exponent = 0x10001;
1318 std::string modulus(256, 'a');
1319 std::string prime_factor(128, 'b');
1320 std::string password;
1321 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1322 .WillOnce(Return(TPM_RC_FAILURE));
1323 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey(
1324 TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1325 modulus,
1326 public_exponent,
1327 prime_factor,
1328 password,
1329 &mock_authorization_delegate_,
1330 nullptr));
1331 }
1332
TEST_F(TpmUtilityTest,ImportRSAKeyFail)1333 TEST_F(TpmUtilityTest, ImportRSAKeyFail) {
1334 std::string modulus;
1335 std::string prime_factor;
1336 std::string password;
1337 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
1338 .WillOnce(Return(TPM_RC_FAILURE));
1339 EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey(
1340 TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1341 modulus,
1342 0x10001,
1343 prime_factor,
1344 password,
1345 &mock_authorization_delegate_,
1346 nullptr));
1347 }
1348
TEST_F(TpmUtilityTest,ImportRSAKeyParserFail)1349 TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) {
1350 std::string modulus;
1351 std::string prime_factor;
1352 std::string password;
1353 std::string key_blob;
1354 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1355 .WillOnce(Return(false));
1356 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ImportRSAKey(
1357 TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1358 modulus,
1359 0x10001,
1360 prime_factor,
1361 password,
1362 &mock_authorization_delegate_,
1363 &key_blob));
1364 }
1365
TEST_F(TpmUtilityTest,CreateRSAKeyPairSuccess)1366 TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) {
1367 TPM2B_PUBLIC public_area;
1368 TPML_PCR_SELECTION creation_pcrs;
1369 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
1370 _, _, _, _, _, _, _, _,
1371 &mock_authorization_delegate_))
1372 .WillOnce(DoAll(SaveArg<2>(&public_area),
1373 SaveArg<3>(&creation_pcrs),
1374 Return(TPM_RC_SUCCESS)));
1375 std::string key_blob;
1376 std::string creation_blob;
1377 int creation_pcr = 12;
1378 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
1379 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048, 0x10001,
1380 "password", "", false, creation_pcr, &mock_authorization_delegate_,
1381 &key_blob, &creation_blob));
1382 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
1383 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
1384 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth,
1385 kUserWithAuth);
1386 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u);
1387 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1388 TPM_ALG_NULL);
1389 EXPECT_EQ(1u, creation_pcrs.count);
1390 EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash);
1391 EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select);
1392 EXPECT_EQ(1u << (creation_pcr % 8),
1393 creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]);
1394 }
1395
TEST_F(TpmUtilityTest,CreateRSAKeyPairDecryptKeySuccess)1396 TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) {
1397 TPM2B_PUBLIC public_area;
1398 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
1399 _, _, _, _, _, _, _, _,
1400 &mock_authorization_delegate_))
1401 .WillOnce(DoAll(SaveArg<2>(&public_area),
1402 Return(TPM_RC_SUCCESS)));
1403 std::string key_blob;
1404 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
1405 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password",
1406 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
1407 nullptr));
1408 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
1409 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u);
1410 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1411 TPM_ALG_NULL);
1412 }
1413
TEST_F(TpmUtilityTest,CreateRSAKeyPairSignKeySuccess)1414 TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) {
1415 TPM2B_PUBLIC public_area;
1416 TPM2B_SENSITIVE_CREATE sensitive_create;
1417 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
1418 _, _, _, _, _, _, _, _,
1419 &mock_authorization_delegate_))
1420 .WillOnce(DoAll(SaveArg<1>(&sensitive_create),
1421 SaveArg<2>(&public_area),
1422 Return(TPM_RC_SUCCESS)));
1423 std::string key_blob;
1424 std::string policy_digest(32, 'a');
1425 std::string key_auth("password");
1426 EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
1427 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth,
1428 policy_digest, true /* use_only_policy_authorization */, kNoCreationPCR,
1429 &mock_authorization_delegate_, &key_blob, nullptr));
1430 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u);
1431 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
1432 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u);
1433 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy,
1434 kAdminWithPolicy);
1435 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1436 TPM_ALG_NULL);
1437 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048);
1438 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u);
1439 EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size());
1440 EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer,
1441 policy_digest.data(), policy_digest.size()));
1442 EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size());
1443 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer,
1444 key_auth.data(), key_auth.size()));
1445 }
1446
TEST_F(TpmUtilityTest,CreateRSAKeyPairBadDelegate)1447 TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) {
1448 std::string key_blob;
1449 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.CreateRSAKeyPair(
1450 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password",
1451 "", false, kNoCreationPCR, nullptr, &key_blob, nullptr));
1452 }
1453
TEST_F(TpmUtilityTest,CreateRSAKeyPairFailure)1454 TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) {
1455 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
1456 _, _, _, _, _, _, _, _,
1457 &mock_authorization_delegate_))
1458 .WillOnce(Return(TPM_RC_FAILURE));
1459 std::string key_blob;
1460 EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateRSAKeyPair(
1461 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
1462 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
1463 nullptr));
1464 }
1465
TEST_F(TpmUtilityTest,CreateRSAKeyPairKeyParserFail)1466 TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) {
1467 std::string key_blob;
1468 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1469 .WillOnce(Return(false));
1470 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair(
1471 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
1472 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
1473 nullptr));
1474 }
1475
TEST_F(TpmUtilityTest,CreateRSAKeyPairCreationParserFail)1476 TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) {
1477 std::string creation_blob;
1478 std::string key_blob;
1479 EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob))
1480 .WillOnce(Return(false));
1481 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair(
1482 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
1483 "", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
1484 &creation_blob));
1485 }
1486
TEST_F(TpmUtilityTest,LoadKeySuccess)1487 TEST_F(TpmUtilityTest, LoadKeySuccess) {
1488 TPM_HANDLE key_handle = TPM_RH_FIRST;
1489 TPM_HANDLE loaded_handle;
1490 EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _,
1491 &mock_authorization_delegate_))
1492 .WillOnce(DoAll(SetArgPointee<4>(key_handle),
1493 Return(TPM_RC_SUCCESS)));
1494 std::string key_blob;
1495 EXPECT_EQ(TPM_RC_SUCCESS, utility_.LoadKey(
1496 key_blob, &mock_authorization_delegate_, &loaded_handle));
1497 EXPECT_EQ(loaded_handle, key_handle);
1498 }
1499
TEST_F(TpmUtilityTest,LoadKeyFailure)1500 TEST_F(TpmUtilityTest, LoadKeyFailure) {
1501 TPM_HANDLE key_handle;
1502 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1503 .WillOnce(Return(TPM_RC_FAILURE));
1504 std::string key_blob;
1505 EXPECT_EQ(TPM_RC_FAILURE, utility_.LoadKey(
1506 key_blob, &mock_authorization_delegate_, &key_handle));
1507 }
1508
TEST_F(TpmUtilityTest,LoadKeyBadDelegate)1509 TEST_F(TpmUtilityTest, LoadKeyBadDelegate) {
1510 TPM_HANDLE key_handle;
1511 std::string key_blob;
1512 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LoadKey(
1513 key_blob, nullptr, &key_handle));
1514 }
1515
TEST_F(TpmUtilityTest,LoadKeyParserFail)1516 TEST_F(TpmUtilityTest, LoadKeyParserFail) {
1517 TPM_HANDLE key_handle;
1518 std::string key_blob;
1519 EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _))
1520 .WillOnce(Return(false));
1521 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.LoadKey(
1522 key_blob, &mock_authorization_delegate_, &key_handle));
1523 }
1524
TEST_F(TpmUtilityTest,SealedDataSuccess)1525 TEST_F(TpmUtilityTest, SealedDataSuccess) {
1526 std::string data_to_seal("seal_data");
1527 std::string sealed_data;
1528 TPM2B_SENSITIVE_CREATE sensitive_create;
1529 TPM2B_PUBLIC in_public;
1530 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _,
1531 _, _, _, _, _, _, _))
1532 .WillOnce(DoAll(SaveArg<1>(&sensitive_create),
1533 SaveArg<2>(&in_public),
1534 Return(TPM_RC_SUCCESS)));
1535 EXPECT_EQ(TPM_RC_SUCCESS, utility_.SealData(
1536 data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
1537 EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size());
1538 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer,
1539 data_to_seal.data(), data_to_seal.size()));
1540 EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH);
1541 EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256);
1542 }
1543
TEST_F(TpmUtilityTest,SealDataBadDelegate)1544 TEST_F(TpmUtilityTest, SealDataBadDelegate) {
1545 std::string data_to_seal("seal_data");
1546 std::string sealed_data;
1547 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.SealData(
1548 data_to_seal, "", nullptr, &sealed_data));
1549 }
1550
TEST_F(TpmUtilityTest,SealDataFailure)1551 TEST_F(TpmUtilityTest, SealDataFailure) {
1552 std::string data_to_seal("seal_data");
1553 std::string sealed_data;
1554 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _,
1555 _, _, _, _, _, _, _))
1556 .WillOnce(Return(TPM_RC_FAILURE));
1557 EXPECT_EQ(TPM_RC_FAILURE, utility_.SealData(
1558 data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
1559 }
1560
TEST_F(TpmUtilityTest,SealDataParserFail)1561 TEST_F(TpmUtilityTest, SealDataParserFail) {
1562 std::string data_to_seal("seal_data");
1563 std::string sealed_data;
1564 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data))
1565 .WillOnce(Return(false));
1566 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.SealData(
1567 data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
1568 }
1569
TEST_F(TpmUtilityTest,UnsealDataSuccess)1570 TEST_F(TpmUtilityTest, UnsealDataSuccess) {
1571 std::string sealed_data;
1572 std::string tpm_unsealed_data("password");
1573 std::string unsealed_data;
1574 TPM_HANDLE object_handle = 42;
1575 TPM2B_PUBLIC public_data;
1576 public_data.public_area.auth_policy.size = 0;
1577 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1578 .WillRepeatedly(DoAll(SetArgPointee<2>(public_data),
1579 Return(TPM_RC_SUCCESS)));
1580 EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _))
1581 .WillRepeatedly(DoAll(SetArgPointee<2>(public_data),
1582 Return(TPM_RC_SUCCESS)));
1583 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1584 .WillOnce(DoAll(SetArgPointee<4>(object_handle),
1585 Return(TPM_RC_SUCCESS)));
1586 TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data);
1587 EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _))
1588 .WillOnce(DoAll(SetArgPointee<2>(out_data),
1589 Return(TPM_RC_SUCCESS)));
1590 EXPECT_EQ(TPM_RC_SUCCESS, utility_.UnsealData(
1591 sealed_data, &mock_authorization_delegate_, &unsealed_data));
1592 EXPECT_EQ(unsealed_data, tpm_unsealed_data);
1593 }
1594
TEST_F(TpmUtilityTest,UnsealDataBadDelegate)1595 TEST_F(TpmUtilityTest, UnsealDataBadDelegate) {
1596 std::string sealed_data;
1597 std::string unsealed_data;
1598 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.UnsealData(
1599 sealed_data, nullptr, &unsealed_data));
1600 }
1601
TEST_F(TpmUtilityTest,UnsealDataLoadFail)1602 TEST_F(TpmUtilityTest, UnsealDataLoadFail) {
1603 std::string sealed_data;
1604 std::string unsealed_data;
1605 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1606 .WillOnce(Return(TPM_RC_FAILURE));
1607 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
1608 sealed_data, &mock_authorization_delegate_, &unsealed_data));
1609 }
1610
TEST_F(TpmUtilityTest,UnsealDataBadKeyName)1611 TEST_F(TpmUtilityTest, UnsealDataBadKeyName) {
1612 std::string sealed_data;
1613 std::string unsealed_data;
1614 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1615 .WillOnce(Return(TPM_RC_FAILURE));
1616 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
1617 sealed_data, &mock_authorization_delegate_, &unsealed_data));
1618 }
1619
TEST_F(TpmUtilityTest,UnsealObjectFailure)1620 TEST_F(TpmUtilityTest, UnsealObjectFailure) {
1621 std::string sealed_data;
1622 std::string unsealed_data;
1623 EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _))
1624 .WillOnce(Return(TPM_RC_FAILURE));
1625 EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
1626 sealed_data, &mock_authorization_delegate_, &unsealed_data));
1627 }
1628
TEST_F(TpmUtilityTest,StartSessionSuccess)1629 TEST_F(TpmUtilityTest, StartSessionSuccess) {
1630 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
1631 .WillOnce(Return(TPM_RC_SUCCESS));
1632 EXPECT_EQ(TPM_RC_SUCCESS,
1633 utility_.StartSession(&mock_hmac_session_));
1634 }
1635
TEST_F(TpmUtilityTest,StartSessionFailure)1636 TEST_F(TpmUtilityTest, StartSessionFailure) {
1637 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
1638 .WillOnce(Return(TPM_RC_FAILURE));
1639 EXPECT_EQ(TPM_RC_FAILURE,
1640 utility_.StartSession(&mock_hmac_session_));
1641 }
1642
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueSuccess)1643 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) {
1644 int index = 5;
1645 std::string pcr_value("pcr_value");
1646 std::string policy_digest;
1647 TPML_PCR_SELECTION pcr_select;
1648 pcr_select.count = 1;
1649 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
1650 pcr_select.pcr_selections[0].sizeof_select = 1;
1651 pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8);
1652 TPML_DIGEST pcr_values;
1653 pcr_values.count = 1;
1654 pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value);
1655 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
1656 .WillOnce(DoAll(SetArgPointee<2>(pcr_select),
1657 SetArgPointee<3>(pcr_values),
1658 Return(TPM_RC_SUCCESS)));
1659 std::string tpm_pcr_value;
1660 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
1661 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value),
1662 Return(TPM_RC_SUCCESS)));
1663 std::string tpm_policy_digest("digest");
1664 EXPECT_CALL(mock_policy_session_, GetDigest(_))
1665 .WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest),
1666 Return(TPM_RC_SUCCESS)));
1667 EXPECT_EQ(TPM_RC_SUCCESS,
1668 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
1669 EXPECT_EQ(policy_digest, tpm_policy_digest);
1670 EXPECT_EQ(pcr_value, tpm_pcr_value);
1671 }
1672
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueSuccessWithPcrValue)1673 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) {
1674 int index = 5;
1675 std::string pcr_value("pcr_value");
1676 std::string policy_digest;
1677 std::string tpm_pcr_value;
1678 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
1679 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value),
1680 Return(TPM_RC_SUCCESS)));
1681 std::string tpm_policy_digest("digest");
1682 EXPECT_CALL(mock_policy_session_, GetDigest(_))
1683 .WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest),
1684 Return(TPM_RC_SUCCESS)));
1685 EXPECT_EQ(TPM_RC_SUCCESS,
1686 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
1687 EXPECT_EQ(policy_digest, tpm_policy_digest);
1688 EXPECT_EQ(pcr_value, tpm_pcr_value);
1689 }
1690
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadSession)1691 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) {
1692 int index = 5;
1693 std::string pcr_value("value");
1694 std::string policy_digest;
1695 EXPECT_CALL(mock_policy_session_, StartUnboundSession(false))
1696 .WillOnce(Return(TPM_RC_FAILURE));
1697 EXPECT_EQ(TPM_RC_FAILURE,
1698 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
1699 }
1700
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValuePcrReadFail)1701 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) {
1702 int index = 5;
1703 std::string policy_digest;
1704 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
1705 .WillOnce(Return(TPM_RC_FAILURE));
1706 EXPECT_EQ(TPM_RC_FAILURE,
1707 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
1708 }
1709
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadPcr)1710 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) {
1711 int index = 5;
1712 std::string pcr_value("value");
1713 std::string policy_digest;
1714 EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
1715 .WillOnce(Return(TPM_RC_FAILURE));
1716 EXPECT_EQ(TPM_RC_FAILURE,
1717 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
1718 }
1719
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadDigest)1720 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) {
1721 int index = 5;
1722 std::string pcr_value("value");
1723 std::string policy_digest;
1724 EXPECT_CALL(mock_policy_session_, GetDigest(&policy_digest))
1725 .WillOnce(Return(TPM_RC_FAILURE));
1726 EXPECT_EQ(TPM_RC_FAILURE,
1727 utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
1728 }
1729
TEST_F(TpmUtilityTest,DefineNVSpaceSuccess)1730 TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) {
1731 uint32_t index = 59;
1732 uint32_t nvram_index = NV_INDEX_FIRST + index;
1733 size_t length = 256;
1734 TPM2B_NV_PUBLIC public_data;
1735 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
1736 .WillOnce(DoAll(SaveArg<3>(&public_data),
1737 Return(TPM_RC_SUCCESS)));
1738 EXPECT_EQ(TPM_RC_SUCCESS, utility_.DefineNVSpace(
1739 index, length, &mock_authorization_delegate_));
1740 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index);
1741 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256);
1742 EXPECT_EQ(public_data.nv_public.attributes,
1743 TPMA_NV_NO_DA | TPMA_NV_OWNERWRITE | TPMA_NV_WRITEDEFINE |
1744 TPMA_NV_AUTHREAD);
1745 EXPECT_EQ(public_data.nv_public.data_size, length);
1746 }
1747
TEST_F(TpmUtilityTest,DefineNVSpaceBadLength)1748 TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) {
1749 size_t bad_length = 3000;
1750 EXPECT_EQ(SAPI_RC_BAD_SIZE,
1751 utility_.DefineNVSpace(0, bad_length, &mock_authorization_delegate_));
1752 }
1753
TEST_F(TpmUtilityTest,DefineNVSpaceBadIndex)1754 TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) {
1755 uint32_t bad_index = 1<<29;
1756 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1757 utility_.DefineNVSpace(bad_index, 2, &mock_authorization_delegate_));
1758 }
1759
TEST_F(TpmUtilityTest,DefineNVSpaceBadSession)1760 TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) {
1761 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DefineNVSpace(0, 2, nullptr));
1762 }
1763
TEST_F(TpmUtilityTest,DefineNVSpaceFail)1764 TEST_F(TpmUtilityTest, DefineNVSpaceFail) {
1765 uint32_t index = 59;
1766 size_t length = 256;
1767 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
1768 .WillOnce(Return(TPM_RC_FAILURE));
1769 EXPECT_EQ(TPM_RC_FAILURE,
1770 utility_.DefineNVSpace(index, length, &mock_authorization_delegate_));
1771 }
1772
TEST_F(TpmUtilityTest,DestroyNVSpaceSuccess)1773 TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) {
1774 uint32_t index = 53;
1775 uint32_t nvram_index = NV_INDEX_FIRST + index;
1776 EXPECT_CALL(mock_tpm_,
1777 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _));
1778 EXPECT_EQ(TPM_RC_SUCCESS,
1779 utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
1780 }
1781
TEST_F(TpmUtilityTest,DestroyNVSpaceBadIndex)1782 TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) {
1783 uint32_t bad_index = 1<<29;
1784 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1785 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_));
1786 }
1787
TEST_F(TpmUtilityTest,DestroyNVSpaceBadSession)1788 TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) {
1789 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr));
1790 }
1791
TEST_F(TpmUtilityTest,DestroyNVSpaceFailure)1792 TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) {
1793 uint32_t index = 53;
1794 uint32_t nvram_index = NV_INDEX_FIRST + index;
1795 EXPECT_CALL(mock_tpm_,
1796 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _))
1797 .WillOnce(Return(TPM_RC_FAILURE));
1798 EXPECT_EQ(TPM_RC_FAILURE,
1799 utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
1800 }
1801
TEST_F(TpmUtilityTest,LockNVSpaceSuccess)1802 TEST_F(TpmUtilityTest, LockNVSpaceSuccess) {
1803 uint32_t index = 53;
1804 uint32_t nvram_index = NV_INDEX_FIRST + index;
1805 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1806 .WillOnce(Return(TPM_RC_SUCCESS));
1807 EXPECT_EQ(TPM_RC_SUCCESS,
1808 utility_.LockNVSpace(index, &mock_authorization_delegate_));
1809 TPMS_NV_PUBLIC public_area;
1810 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1811 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITELOCKED, TPMA_NV_WRITELOCKED);
1812 }
1813
TEST_F(TpmUtilityTest,LockNVSpaceBadIndex)1814 TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) {
1815 uint32_t bad_index = 1<<24;
1816 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1817 utility_.LockNVSpace(bad_index, &mock_authorization_delegate_));
1818 }
1819
TEST_F(TpmUtilityTest,LockNVSpaceBadSession)1820 TEST_F(TpmUtilityTest, LockNVSpaceBadSession) {
1821 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LockNVSpace(52, nullptr));
1822 }
1823
TEST_F(TpmUtilityTest,LockNVSpaceFailure)1824 TEST_F(TpmUtilityTest, LockNVSpaceFailure) {
1825 uint32_t index = 53;
1826 uint32_t nvram_index = NV_INDEX_FIRST + index;
1827 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1828 .WillOnce(Return(TPM_RC_FAILURE));
1829 EXPECT_EQ(TPM_RC_FAILURE,
1830 utility_.LockNVSpace(index, &mock_authorization_delegate_));
1831 }
1832
TEST_F(TpmUtilityTest,WriteNVSpaceSuccess)1833 TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) {
1834 uint32_t index = 53;
1835 uint32_t offset = 5;
1836 uint32_t nvram_index = NV_INDEX_FIRST + index;
1837 EXPECT_CALL(mock_tpm_,
1838 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
1839 .WillOnce(Return(TPM_RC_SUCCESS));
1840 EXPECT_EQ(TPM_RC_SUCCESS, utility_.WriteNVSpace(
1841 index, offset, "", &mock_authorization_delegate_));
1842 TPMS_NV_PUBLIC public_area;
1843 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1844 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN);
1845 }
1846
TEST_F(TpmUtilityTest,WriteNVSpaceBadSize)1847 TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) {
1848 uint32_t index = 53;
1849 std::string nvram_data(1025, 0);
1850 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.WriteNVSpace(
1851 index, 0, nvram_data, &mock_authorization_delegate_));
1852 }
1853
TEST_F(TpmUtilityTest,WriteNVSpaceBadIndex)1854 TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) {
1855 uint32_t bad_index = 1<<24;
1856 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.WriteNVSpace(
1857 bad_index, 0, "", &mock_authorization_delegate_));
1858 }
1859
TEST_F(TpmUtilityTest,WriteNVSpaceBadSessions)1860 TEST_F(TpmUtilityTest, WriteNVSpaceBadSessions) {
1861 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1862 utility_.WriteNVSpace(53, 0, "", nullptr));
1863 }
1864
TEST_F(TpmUtilityTest,WriteNVSpaceFailure)1865 TEST_F(TpmUtilityTest, WriteNVSpaceFailure) {
1866 uint32_t index = 53;
1867 uint32_t offset = 5;
1868 uint32_t nvram_index = NV_INDEX_FIRST + index;
1869 EXPECT_CALL(mock_tpm_,
1870 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
1871 .WillOnce(Return(TPM_RC_FAILURE));
1872 EXPECT_EQ(TPM_RC_FAILURE, utility_.WriteNVSpace(
1873 index, offset, "", &mock_authorization_delegate_));
1874 }
1875
TEST_F(TpmUtilityTest,ReadNVSpaceSuccess)1876 TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) {
1877 uint32_t index = 53;
1878 uint32_t offset = 5;
1879 uint32_t nv_index = NV_INDEX_FIRST + index;
1880 size_t length = 24;
1881 std::string nvram_data;
1882 EXPECT_CALL(mock_tpm_,
1883 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
1884 .WillOnce(Return(TPM_RC_SUCCESS));
1885 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadNVSpace(
1886 index, offset, length, &nvram_data, &mock_authorization_delegate_));
1887 }
1888
TEST_F(TpmUtilityTest,ReadNVSpaceBadReadLength)1889 TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) {
1890 size_t length = 1025;
1891 std::string nvram_data;
1892 EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.ReadNVSpace(
1893 52, 0, length, &nvram_data, &mock_authorization_delegate_));
1894 }
1895
TEST_F(TpmUtilityTest,ReadNVSpaceBadIndex)1896 TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) {
1897 uint32_t bad_index = 1<<24;
1898 std::string nvram_data;
1899 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.ReadNVSpace(
1900 bad_index, 0, 5, &nvram_data, &mock_authorization_delegate_));
1901 }
1902
TEST_F(TpmUtilityTest,ReadNVSpaceBadSession)1903 TEST_F(TpmUtilityTest, ReadNVSpaceBadSession) {
1904 std::string nvram_data;
1905 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1906 utility_.ReadNVSpace(53, 0, 5, &nvram_data, nullptr));
1907 }
1908
TEST_F(TpmUtilityTest,ReadNVSpaceFailure)1909 TEST_F(TpmUtilityTest, ReadNVSpaceFailure) {
1910 uint32_t index = 53;
1911 uint32_t offset = 5;
1912 uint32_t nv_index = NV_INDEX_FIRST + index;
1913 size_t length = 24;
1914 std::string nvram_data;
1915 EXPECT_CALL(mock_tpm_,
1916 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
1917 .WillOnce(Return(TPM_RC_FAILURE));
1918 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadNVSpace(
1919 index, offset, length, &nvram_data, &mock_authorization_delegate_));
1920 }
1921
TEST_F(TpmUtilityTest,GetNVSpaceNameSuccess)1922 TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) {
1923 uint32_t index = 53;
1924 uint32_t nvram_index = NV_INDEX_FIRST + index;
1925 std::string name;
1926 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
1927 .WillOnce(Return(TPM_RC_SUCCESS));
1928 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name));
1929 }
1930
TEST_F(TpmUtilityTest,GetNVSpaceNameFailure)1931 TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) {
1932 uint32_t index = 53;
1933 std::string name;
1934 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
1935 .WillOnce(Return(TPM_RC_FAILURE));
1936 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name));
1937 }
1938
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaCachedSuccess)1939 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) {
1940 uint32_t index = 53;
1941 TPMS_NV_PUBLIC public_area;
1942 SetNVRAMMap(index, public_area);
1943 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
1944 .Times(0);
1945 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
1946 }
1947
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaSuccess)1948 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) {
1949 uint32_t index = 53;
1950 uint32_t nvram_index = NV_INDEX_FIRST + index;
1951 TPMS_NV_PUBLIC public_area;
1952 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
1953 .WillOnce(Return(TPM_RC_SUCCESS));
1954 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
1955 }
1956
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaFailure)1957 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) {
1958 uint32_t index = 53;
1959 TPMS_NV_PUBLIC public_area;
1960 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
1961 .WillOnce(Return(TPM_RC_FAILURE));
1962 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area));
1963 }
1964
TEST_F(TpmUtilityTest,SetKnownPasswordSuccess)1965 TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) {
1966 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
1967 .WillOnce(Return(false));
1968 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
1969 .WillOnce(Return(TPM_RC_SUCCESS));
1970 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
1971 }
1972
TEST_F(TpmUtilityTest,SetKnownPasswordOwnershipDone)1973 TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) {
1974 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
1975 }
1976
TEST_F(TpmUtilityTest,SetKnownPasswordFailure)1977 TEST_F(TpmUtilityTest, SetKnownPasswordFailure) {
1978 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
1979 .WillOnce(Return(false));
1980 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
1981 .WillRepeatedly(Return(TPM_RC_FAILURE));
1982 EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password"));
1983 }
1984
TEST_F(TpmUtilityTest,RootKeysSuccess)1985 TEST_F(TpmUtilityTest, RootKeysSuccess) {
1986 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
1987 }
1988
TEST_F(TpmUtilityTest,RootKeysHandleConsistency)1989 TEST_F(TpmUtilityTest, RootKeysHandleConsistency) {
1990 TPM_HANDLE test_handle = 42;
1991 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
1992 .WillRepeatedly(DoAll(SetArgPointee<3>(test_handle),
1993 Return(TPM_RC_SUCCESS)));
1994 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
1995 .WillRepeatedly(Return(TPM_RC_SUCCESS));
1996 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
1997 }
1998
TEST_F(TpmUtilityTest,RootKeysCreateFailure)1999 TEST_F(TpmUtilityTest, RootKeysCreateFailure) {
2000 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
2001 .WillRepeatedly(Return(TPM_RC_FAILURE));
2002 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
2003 }
2004
TEST_F(TpmUtilityTest,RootKeysPersistFailure)2005 TEST_F(TpmUtilityTest, RootKeysPersistFailure) {
2006 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
2007 .WillRepeatedly(Return(TPM_RC_FAILURE));
2008 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
2009 }
2010
TEST_F(TpmUtilityTest,RootKeysAlreadyExist)2011 TEST_F(TpmUtilityTest, RootKeysAlreadyExist) {
2012 SetExistingKeyHandleExpectation(kRSAStorageRootKey);
2013 SetExistingKeyHandleExpectation(kECCStorageRootKey);
2014 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
2015 }
2016
TEST_F(TpmUtilityTest,SaltingKeySuccess)2017 TEST_F(TpmUtilityTest, SaltingKeySuccess) {
2018 TPM2B_PUBLIC public_area;
2019 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
2020 .WillOnce(DoAll(SaveArg<2>(&public_area),
2021 Return(TPM_RC_SUCCESS)));
2022 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
2023 EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg);
2024 }
2025
TEST_F(TpmUtilityTest,SaltingKeyConsistency)2026 TEST_F(TpmUtilityTest, SaltingKeyConsistency) {
2027 TPM_HANDLE test_handle = 42;
2028 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
2029 .WillRepeatedly(DoAll(SetArgPointee<4>(test_handle),
2030 Return(TPM_RC_SUCCESS)));
2031 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
2032 .WillRepeatedly(Return(TPM_RC_SUCCESS));
2033 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
2034 }
2035
TEST_F(TpmUtilityTest,SaltingKeyCreateFailure)2036 TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) {
2037 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
2038 .WillRepeatedly(Return(TPM_RC_FAILURE));
2039 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
2040 }
2041
TEST_F(TpmUtilityTest,SaltingKeyLoadFailure)2042 TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) {
2043 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
2044 .WillRepeatedly(Return(TPM_RC_FAILURE));
2045 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
2046 }
2047
TEST_F(TpmUtilityTest,SaltingKeyPersistFailure)2048 TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) {
2049 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
2050 .WillRepeatedly(Return(TPM_RC_FAILURE));
2051 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
2052 }
2053
TEST_F(TpmUtilityTest,SaltingKeyAlreadyExists)2054 TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) {
2055 SetExistingKeyHandleExpectation(kSaltingKey);
2056 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
2057 }
2058
2059 } // namespace trunks
2060