1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "trunks/policy_session_impl.h"
18
19 #include <crypto/sha2.h>
20 #include <gmock/gmock.h>
21 #include <gtest/gtest.h>
22
23 #include "trunks/error_codes.h"
24 #include "trunks/mock_session_manager.h"
25 #include "trunks/mock_tpm.h"
26 #include "trunks/tpm_generated.h"
27 #include "trunks/trunks_factory_for_test.h"
28
29 using testing::_;
30 using testing::NiceMock;
31 using testing::Return;
32 using testing::SaveArg;
33 using testing::SetArgPointee;
34
35 namespace trunks {
36
37 class PolicySessionTest : public testing::Test {
38 public:
PolicySessionTest()39 PolicySessionTest() {}
~PolicySessionTest()40 ~PolicySessionTest() override {}
41
SetUp()42 void SetUp() override {
43 factory_.set_session_manager(&mock_session_manager_);
44 factory_.set_tpm(&mock_tpm_);
45 }
46
GetHmacDelegate(PolicySessionImpl * session)47 HmacAuthorizationDelegate* GetHmacDelegate(PolicySessionImpl* session) {
48 return &(session->hmac_delegate_);
49 }
50
51 protected:
52 TrunksFactoryForTest factory_;
53 NiceMock<MockSessionManager> mock_session_manager_;
54 NiceMock<MockTpm> mock_tpm_;
55 };
56
TEST_F(PolicySessionTest,GetDelegateUninitialized)57 TEST_F(PolicySessionTest, GetDelegateUninitialized) {
58 PolicySessionImpl session(factory_);
59 EXPECT_CALL(mock_session_manager_, GetSessionHandle())
60 .WillRepeatedly(Return(kUninitializedHandle));
61 EXPECT_EQ(nullptr, session.GetDelegate());
62 }
63
TEST_F(PolicySessionTest,GetDelegateSuccess)64 TEST_F(PolicySessionTest, GetDelegateSuccess) {
65 PolicySessionImpl session(factory_);
66 EXPECT_EQ(GetHmacDelegate(&session), session.GetDelegate());
67 }
68
TEST_F(PolicySessionTest,StartBoundSessionSuccess)69 TEST_F(PolicySessionTest, StartBoundSessionSuccess) {
70 PolicySessionImpl session(factory_);
71 EXPECT_EQ(TPM_RC_SUCCESS,
72 session.StartBoundSession(TPM_RH_FIRST, "auth", true));
73 }
74
TEST_F(PolicySessionTest,StartBoundSessionFailure)75 TEST_F(PolicySessionTest, StartBoundSessionFailure) {
76 PolicySessionImpl session(factory_);
77 TPM_HANDLE handle = TPM_RH_FIRST;
78 EXPECT_CALL(mock_session_manager_,
79 StartSession(TPM_SE_POLICY, handle, _, true, _))
80 .WillRepeatedly(Return(TPM_RC_FAILURE));
81 EXPECT_EQ(TPM_RC_FAILURE, session.StartBoundSession(handle, "auth", true));
82 }
83
TEST_F(PolicySessionTest,StartBoundSessionBadType)84 TEST_F(PolicySessionTest, StartBoundSessionBadType) {
85 PolicySessionImpl session(factory_, TPM_SE_HMAC);
86 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
87 session.StartBoundSession(TPM_RH_FIRST, "auth", true));
88 }
89
TEST_F(PolicySessionTest,StartUnboundSessionSuccess)90 TEST_F(PolicySessionTest, StartUnboundSessionSuccess) {
91 PolicySessionImpl session(factory_);
92 EXPECT_EQ(TPM_RC_SUCCESS, session.StartUnboundSession(true));
93 }
94
TEST_F(PolicySessionTest,StartUnboundSessionFailure)95 TEST_F(PolicySessionTest, StartUnboundSessionFailure) {
96 PolicySessionImpl session(factory_);
97 EXPECT_CALL(mock_session_manager_,
98 StartSession(TPM_SE_POLICY, TPM_RH_NULL, _, true, _))
99 .WillRepeatedly(Return(TPM_RC_FAILURE));
100 EXPECT_EQ(TPM_RC_FAILURE, session.StartUnboundSession(true));
101 }
102
TEST_F(PolicySessionTest,GetDigestSuccess)103 TEST_F(PolicySessionTest, GetDigestSuccess) {
104 PolicySessionImpl session(factory_);
105 std::string digest;
106 TPM2B_DIGEST policy_digest;
107 policy_digest.size = SHA256_DIGEST_SIZE;
108 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _))
109 .WillOnce(DoAll(SetArgPointee<2>(policy_digest), Return(TPM_RC_SUCCESS)));
110 EXPECT_EQ(TPM_RC_SUCCESS, session.GetDigest(&digest));
111 EXPECT_EQ(static_cast<size_t>(SHA256_DIGEST_SIZE), digest.size());
112 }
113
TEST_F(PolicySessionTest,GetDigestFailure)114 TEST_F(PolicySessionTest, GetDigestFailure) {
115 PolicySessionImpl session(factory_);
116 std::string digest;
117 EXPECT_CALL(mock_tpm_, PolicyGetDigestSync(_, _, _, _))
118 .WillOnce(Return(TPM_RC_FAILURE));
119 EXPECT_EQ(TPM_RC_FAILURE, session.GetDigest(&digest));
120 }
121
TEST_F(PolicySessionTest,PolicyORSuccess)122 TEST_F(PolicySessionTest, PolicyORSuccess) {
123 PolicySessionImpl session(factory_);
124 std::vector<std::string> digests;
125 digests.push_back("digest1");
126 digests.push_back("digest2");
127 digests.push_back("digest3");
128 TPML_DIGEST tpm_digests;
129 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _))
130 .WillOnce(DoAll(SaveArg<2>(&tpm_digests), Return(TPM_RC_SUCCESS)));
131 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyOR(digests));
132 EXPECT_EQ(tpm_digests.count, digests.size());
133 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[0]), digests[0]);
134 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[1]), digests[1]);
135 EXPECT_EQ(StringFrom_TPM2B_DIGEST(tpm_digests.digests[2]), digests[2]);
136 }
137
TEST_F(PolicySessionTest,PolicyORBadParam)138 TEST_F(PolicySessionTest, PolicyORBadParam) {
139 PolicySessionImpl session(factory_);
140 std::vector<std::string> digests;
141 // We use 9 here because the maximum number of digests allowed by the TPM
142 // is 8. Therefore having 9 digests here should cause the code to fail.
143 digests.resize(9);
144 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyOR(digests));
145 }
146
TEST_F(PolicySessionTest,PolicyORFailure)147 TEST_F(PolicySessionTest, PolicyORFailure) {
148 PolicySessionImpl session(factory_);
149 std::vector<std::string> digests;
150 EXPECT_CALL(mock_tpm_, PolicyORSync(_, _, _, _))
151 .WillOnce(Return(TPM_RC_FAILURE));
152 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyOR(digests));
153 }
154
TEST_F(PolicySessionTest,PolicyPCRSuccess)155 TEST_F(PolicySessionTest, PolicyPCRSuccess) {
156 PolicySessionImpl session(factory_);
157 std::string pcr_digest("digest");
158 int pcr_index = 1;
159 TPML_PCR_SELECTION pcr_select;
160 TPM2B_DIGEST pcr_value;
161 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _))
162 .WillOnce(DoAll(SaveArg<2>(&pcr_value), SaveArg<3>(&pcr_select),
163 Return(TPM_RC_SUCCESS)));
164 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyPCR(pcr_index, pcr_digest));
165 uint8_t pcr_select_index = pcr_index / 8;
166 uint8_t pcr_select_byte = 1 << (pcr_index % 8);
167 EXPECT_EQ(pcr_select.count, 1u);
168 EXPECT_EQ(pcr_select.pcr_selections[0].hash, TPM_ALG_SHA256);
169 EXPECT_EQ(pcr_select.pcr_selections[0].sizeof_select, PCR_SELECT_MIN);
170 EXPECT_EQ(pcr_select.pcr_selections[0].pcr_select[pcr_select_index],
171 pcr_select_byte);
172 EXPECT_EQ(StringFrom_TPM2B_DIGEST(pcr_value),
173 crypto::SHA256HashString(pcr_digest));
174 }
175
TEST_F(PolicySessionTest,PolicyPCRFailure)176 TEST_F(PolicySessionTest, PolicyPCRFailure) {
177 PolicySessionImpl session(factory_);
178 EXPECT_CALL(mock_tpm_, PolicyPCRSync(_, _, _, _, _))
179 .WillOnce(Return(TPM_RC_FAILURE));
180 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyPCR(1, "pcr_digest"));
181 }
182
TEST_F(PolicySessionTest,PolicyPCRTrialWithNoDigest)183 TEST_F(PolicySessionTest, PolicyPCRTrialWithNoDigest) {
184 PolicySessionImpl session(factory_, TPM_SE_TRIAL);
185 EXPECT_EQ(SAPI_RC_BAD_PARAMETER, session.PolicyPCR(1, ""));
186 }
187
TEST_F(PolicySessionTest,PolicyCommandCodeSuccess)188 TEST_F(PolicySessionTest, PolicyCommandCodeSuccess) {
189 PolicySessionImpl session(factory_);
190 TPM_CC command_code = TPM_CC_FIRST;
191 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, command_code, _))
192 .WillOnce(Return(TPM_RC_SUCCESS));
193 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyCommandCode(TPM_CC_FIRST));
194 }
195
TEST_F(PolicySessionTest,PolicyCommandCodeFailure)196 TEST_F(PolicySessionTest, PolicyCommandCodeFailure) {
197 PolicySessionImpl session(factory_);
198 EXPECT_CALL(mock_tpm_, PolicyCommandCodeSync(_, _, _, _))
199 .WillOnce(Return(TPM_RC_FAILURE));
200 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyCommandCode(TPM_CC_FIRST));
201 }
202
TEST_F(PolicySessionTest,PolicyAuthValueSuccess)203 TEST_F(PolicySessionTest, PolicyAuthValueSuccess) {
204 PolicySessionImpl session(factory_);
205 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _))
206 .WillOnce(Return(TPM_RC_SUCCESS));
207 EXPECT_EQ(TPM_RC_SUCCESS, session.PolicyAuthValue());
208 }
209
TEST_F(PolicySessionTest,PolicyAuthValueFailure)210 TEST_F(PolicySessionTest, PolicyAuthValueFailure) {
211 PolicySessionImpl session(factory_);
212 EXPECT_CALL(mock_tpm_, PolicyAuthValueSync(_, _, _))
213 .WillOnce(Return(TPM_RC_FAILURE));
214 EXPECT_EQ(TPM_RC_FAILURE, session.PolicyAuthValue());
215 }
216
TEST_F(PolicySessionTest,EntityAuthorizationForwardingTest)217 TEST_F(PolicySessionTest, EntityAuthorizationForwardingTest) {
218 PolicySessionImpl session(factory_);
219 std::string test_auth("test_auth");
220 session.SetEntityAuthorizationValue(test_auth);
221 HmacAuthorizationDelegate* hmac_delegate = GetHmacDelegate(&session);
222 std::string entity_auth = hmac_delegate->entity_authorization_value();
223 EXPECT_EQ(0, test_auth.compare(entity_auth));
224 }
225
226 } // namespace trunks
227