1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <base/stl_util.h>
18 #include <crypto/sha2.h>
19 #include <gmock/gmock.h>
20 #include <gtest/gtest.h>
21 #include <openssl/aes.h>
22
23 #include "trunks/error_codes.h"
24 #include "trunks/hmac_authorization_delegate.h"
25 #include "trunks/mock_authorization_delegate.h"
26 #include "trunks/mock_blob_parser.h"
27 #include "trunks/mock_hmac_session.h"
28 #include "trunks/mock_policy_session.h"
29 #include "trunks/mock_tpm.h"
30 #include "trunks/mock_tpm_state.h"
31 #include "trunks/tpm_constants.h"
32 #include "trunks/tpm_utility_impl.h"
33 #include "trunks/trunks_factory_for_test.h"
34
35 using testing::_;
36 using testing::DoAll;
37 using testing::NiceMock;
38 using testing::Return;
39 using testing::SaveArg;
40 using testing::SetArgPointee;
41
42 namespace trunks {
43
44 // A test fixture for TpmUtility tests.
45 class TpmUtilityTest : public testing::Test {
46 public:
TpmUtilityTest()47 TpmUtilityTest() : utility_(factory_) {}
~TpmUtilityTest()48 ~TpmUtilityTest() override {}
SetUp()49 void SetUp() override {
50 factory_.set_blob_parser(&mock_blob_parser_);
51 factory_.set_tpm_state(&mock_tpm_state_);
52 factory_.set_tpm(&mock_tpm_);
53 factory_.set_hmac_session(&mock_hmac_session_);
54 factory_.set_trial_session(&mock_trial_session_);
55 }
56
ComputeKeyName(const TPMT_PUBLIC & public_area,std::string * object_name)57 TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area,
58 std::string* object_name) {
59 return utility_.ComputeKeyName(public_area, object_name);
60 }
61
SetNVRAMMap(uint32_t index,const TPMS_NV_PUBLIC & public_area)62 void SetNVRAMMap(uint32_t index, const TPMS_NV_PUBLIC& public_area) {
63 utility_.nvram_public_area_map_[index] = public_area;
64 }
65
GetNVRAMMap(uint32_t index,TPMS_NV_PUBLIC * public_area)66 TPM_RC GetNVRAMMap(uint32_t index, TPMS_NV_PUBLIC* public_area) {
67 auto it = utility_.nvram_public_area_map_.find(index);
68 if (it == utility_.nvram_public_area_map_.end()) {
69 return TPM_RC_FAILURE;
70 }
71 *public_area = it->second;
72 return TPM_RC_SUCCESS;
73 }
74
SetKnownOwnerPassword(const std::string & owner_password)75 TPM_RC SetKnownOwnerPassword(const std::string& owner_password) {
76 return utility_.SetKnownOwnerPassword(owner_password);
77 }
78
CreateStorageRootKeys(const std::string & owner_password)79 TPM_RC CreateStorageRootKeys(const std::string& owner_password) {
80 return utility_.CreateStorageRootKeys(owner_password);
81 }
82
CreateSaltingKey(const std::string & owner_password)83 TPM_RC CreateSaltingKey(const std::string& owner_password) {
84 return utility_.CreateSaltingKey(owner_password);
85 }
86
SetExistingKeyHandleExpectation(TPM_HANDLE handle)87 void SetExistingKeyHandleExpectation(TPM_HANDLE handle) {
88 TPMS_CAPABILITY_DATA capability_data = {};
89 TPML_HANDLE& handles = capability_data.data.handles;
90 handles.count = 1;
91 handles.handle[0] = handle;
92 EXPECT_CALL(mock_tpm_,
93 GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _))
94 .WillRepeatedly(
95 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
96 }
97
PopulatePCRSelection(bool has_sha1_pcrs,bool make_sha1_bank_empty,bool has_sha256_pcrs,TPML_PCR_SELECTION * pcrs)98 void PopulatePCRSelection(bool has_sha1_pcrs,
99 bool make_sha1_bank_empty,
100 bool has_sha256_pcrs,
101 TPML_PCR_SELECTION* pcrs) {
102 memset(pcrs, 0, sizeof(TPML_PCR_SELECTION));
103 // By convention fill SHA-256 first. This is a bit brittle because order is
104 // not important but it simplifies comparison to memcmp.
105 if (has_sha256_pcrs) {
106 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256;
107 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
108 for (int i = 0; i < PCR_SELECT_MIN; ++i) {
109 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
110 }
111 ++pcrs->count;
112 }
113 if (has_sha1_pcrs) {
114 pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1;
115 if (make_sha1_bank_empty) {
116 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX;
117 } else {
118 pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
119 for (int i = 0; i < PCR_SELECT_MIN; ++i) {
120 pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
121 }
122 }
123 ++pcrs->count;
124 }
125 }
126
SetExistingPCRSExpectation(bool has_sha1_pcrs,bool has_sha256_pcrs)127 void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) {
128 TPMS_CAPABILITY_DATA capability_data = {};
129 TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr;
130 PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs);
131 EXPECT_CALL(mock_tpm_, GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _))
132 .WillRepeatedly(
133 DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
134 }
135
136 protected:
137 TrunksFactoryForTest factory_;
138 NiceMock<MockBlobParser> mock_blob_parser_;
139 NiceMock<MockTpmState> mock_tpm_state_;
140 NiceMock<MockTpm> mock_tpm_;
141 NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_;
142 NiceMock<MockHmacSession> mock_hmac_session_;
143 NiceMock<MockPolicySession> mock_trial_session_;
144 TpmUtilityImpl utility_;
145 };
146
TEST_F(TpmUtilityTest,StartupSuccess)147 TEST_F(TpmUtilityTest, StartupSuccess) {
148 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
149 }
150
TEST_F(TpmUtilityTest,StartupAlreadyStarted)151 TEST_F(TpmUtilityTest, StartupAlreadyStarted) {
152 EXPECT_CALL(mock_tpm_, StartupSync(_, _))
153 .WillRepeatedly(Return(TPM_RC_INITIALIZE));
154 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
155 }
156
TEST_F(TpmUtilityTest,StartupFailure)157 TEST_F(TpmUtilityTest, StartupFailure) {
158 EXPECT_CALL(mock_tpm_, StartupSync(_, _))
159 .WillRepeatedly(Return(TPM_RC_FAILURE));
160 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
161 }
162
TEST_F(TpmUtilityTest,StartupSelfTestFailure)163 TEST_F(TpmUtilityTest, StartupSelfTestFailure) {
164 EXPECT_CALL(mock_tpm_, SelfTestSync(_, _))
165 .WillRepeatedly(Return(TPM_RC_FAILURE));
166 EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
167 }
168
TEST_F(TpmUtilityTest,ClearSuccess)169 TEST_F(TpmUtilityTest, ClearSuccess) {
170 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
171 }
172
TEST_F(TpmUtilityTest,ClearAfterBadInit)173 TEST_F(TpmUtilityTest, ClearAfterBadInit) {
174 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _))
175 .WillOnce(Return(TPM_RC_AUTH_MISSING))
176 .WillOnce(Return(TPM_RC_SUCCESS));
177 EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
178 }
179
TEST_F(TpmUtilityTest,ClearFail)180 TEST_F(TpmUtilityTest, ClearFail) {
181 EXPECT_CALL(mock_tpm_, ClearSync(_, _, _)).WillOnce(Return(TPM_RC_FAILURE));
182 EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear());
183 }
184
TEST_F(TpmUtilityTest,ShutdownTest)185 TEST_F(TpmUtilityTest, ShutdownTest) {
186 EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _));
187 utility_.Shutdown();
188 }
189
TEST_F(TpmUtilityTest,InitializeTpmAlreadyInit)190 TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) {
191 SetExistingPCRSExpectation(false, true);
192 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
193 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
194 }
195
TEST_F(TpmUtilityTest,InitializeTpmSuccess)196 TEST_F(TpmUtilityTest, InitializeTpmSuccess) {
197 SetExistingPCRSExpectation(false, true);
198 EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
199 }
200
TEST_F(TpmUtilityTest,InitializeTpmBadAuth)201 TEST_F(TpmUtilityTest, InitializeTpmBadAuth) {
202 SetExistingPCRSExpectation(false, true);
203 // Reject attempts to set platform auth.
204 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _))
205 .WillRepeatedly(Return(TPM_RC_FAILURE));
206 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
207 }
208
TEST_F(TpmUtilityTest,InitializeTpmDisablePHFails)209 TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) {
210 SetExistingPCRSExpectation(false, true);
211 // Reject attempts to disable the platform hierarchy.
212 EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _))
213 .WillRepeatedly(Return(TPM_RC_FAILURE));
214 EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
215 }
216
TEST_F(TpmUtilityTest,AllocatePCRFromNone)217 TEST_F(TpmUtilityTest, AllocatePCRFromNone) {
218 SetExistingPCRSExpectation(false, false);
219 TPML_PCR_SELECTION new_pcr_allocation;
220 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
221 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES),
222 Return(TPM_RC_SUCCESS)));
223 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
224 ASSERT_EQ(1u, new_pcr_allocation.count);
225 TPML_PCR_SELECTION expected_pcr_allocation;
226 PopulatePCRSelection(false, false, true, &expected_pcr_allocation);
227 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
228 sizeof(TPML_PCR_SELECTION)));
229 }
230
TEST_F(TpmUtilityTest,AllocatePCRFromSHA1Only)231 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) {
232 SetExistingPCRSExpectation(true, false);
233 TPML_PCR_SELECTION new_pcr_allocation;
234 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
235 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES),
236 Return(TPM_RC_SUCCESS)));
237 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
238 ASSERT_EQ(2u, new_pcr_allocation.count);
239 TPML_PCR_SELECTION expected_pcr_allocation;
240 PopulatePCRSelection(true, true, true, &expected_pcr_allocation);
241 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
242 sizeof(TPML_PCR_SELECTION)));
243 }
244
TEST_F(TpmUtilityTest,AllocatePCRFromSHA1AndSHA256)245 TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) {
246 SetExistingPCRSExpectation(true, true);
247 TPML_PCR_SELECTION new_pcr_allocation;
248 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
249 .WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation), SetArgPointee<3>(YES),
250 Return(TPM_RC_SUCCESS)));
251 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
252 ASSERT_EQ(1u, new_pcr_allocation.count);
253 TPML_PCR_SELECTION expected_pcr_allocation;
254 PopulatePCRSelection(true, true, false, &expected_pcr_allocation);
255 ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
256 sizeof(TPML_PCR_SELECTION)));
257 }
258
TEST_F(TpmUtilityTest,AllocatePCRFromSHA256Only)259 TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) {
260 SetExistingPCRSExpectation(false, true);
261 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
262 .Times(0);
263 ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
264 }
265
TEST_F(TpmUtilityTest,AllocatePCRCommandFailure)266 TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) {
267 SetExistingPCRSExpectation(false, false);
268 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
269 .WillOnce(Return(TPM_RC_FAILURE));
270 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
271 }
272
TEST_F(TpmUtilityTest,AllocatePCRTpmFailure)273 TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) {
274 SetExistingPCRSExpectation(false, false);
275 EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
276 .WillOnce(DoAll(SetArgPointee<3>(NO), Return(TPM_RC_SUCCESS)));
277 EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
278 }
279
TEST_F(TpmUtilityTest,TakeOwnershipSuccess)280 TEST_F(TpmUtilityTest, TakeOwnershipSuccess) {
281 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
282 .WillRepeatedly(Return(false));
283 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
284 .WillRepeatedly(Return(false));
285 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
286 .WillRepeatedly(Return(false));
287 EXPECT_EQ(TPM_RC_SUCCESS,
288 utility_.TakeOwnership("owner", "endorsement", "lockout"));
289 }
290
TEST_F(TpmUtilityTest,TakeOwnershipOwnershipDone)291 TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) {
292 EXPECT_EQ(TPM_RC_SUCCESS,
293 utility_.TakeOwnership("owner", "endorsement", "lockout"));
294 }
295
TEST_F(TpmUtilityTest,TakeOwnershipBadSession)296 TEST_F(TpmUtilityTest, TakeOwnershipBadSession) {
297 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
298 .WillRepeatedly(Return(TPM_RC_FAILURE));
299 EXPECT_EQ(TPM_RC_FAILURE,
300 utility_.TakeOwnership("owner", "endorsement", "lockout"));
301 }
302
TEST_F(TpmUtilityTest,TakeOwnershipFailure)303 TEST_F(TpmUtilityTest, TakeOwnershipFailure) {
304 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
305 .WillRepeatedly(Return(TPM_RC_FAILURE));
306 EXPECT_EQ(TPM_RC_FAILURE,
307 utility_.TakeOwnership("owner", "endorsement", "lockout"));
308 }
309
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementDone)310 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) {
311 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
312 .WillRepeatedly(Return(false));
313 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
314 .WillRepeatedly(Return(false));
315 EXPECT_EQ(TPM_RC_SUCCESS,
316 utility_.TakeOwnership("owner", "endorsement", "lockout"));
317 }
318
TEST_F(TpmUtilityTest,ChangeOwnerPasswordLockoutDone)319 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) {
320 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
321 .WillRepeatedly(Return(false));
322 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
323 .WillRepeatedly(Return(false));
324 EXPECT_EQ(TPM_RC_SUCCESS,
325 utility_.TakeOwnership("owner", "endorsement", "lockout"));
326 }
327
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementLockoutDone)328 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) {
329 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
330 .WillRepeatedly(Return(false));
331 EXPECT_EQ(TPM_RC_SUCCESS,
332 utility_.TakeOwnership("owner", "endorsement", "lockout"));
333 }
334
TEST_F(TpmUtilityTest,ChangeOwnerPasswordEndorsementFail)335 TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) {
336 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
337 .WillRepeatedly(Return(false));
338 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
339 .WillRepeatedly(Return(false));
340 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
341 .WillRepeatedly(Return(TPM_RC_SUCCESS));
342 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _))
343 .WillRepeatedly(Return(TPM_RC_FAILURE));
344 EXPECT_EQ(TPM_RC_FAILURE,
345 utility_.TakeOwnership("owner", "endorsement", "lockout"));
346 }
347
TEST_F(TpmUtilityTest,ChangeOwnerPasswordLockoutFailure)348 TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) {
349 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
350 .WillRepeatedly(Return(false));
351 EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
352 .WillRepeatedly(Return(false));
353 EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
354 .WillRepeatedly(Return(false));
355 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
356 .WillRepeatedly(Return(TPM_RC_SUCCESS));
357 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _))
358 .WillRepeatedly(Return(TPM_RC_FAILURE));
359 EXPECT_EQ(TPM_RC_FAILURE,
360 utility_.TakeOwnership("owner", "endorsement", "lockout"));
361 }
362
TEST_F(TpmUtilityTest,StirRandomSuccess)363 TEST_F(TpmUtilityTest, StirRandomSuccess) {
364 std::string entropy_data("large test data", 100);
365 EXPECT_EQ(TPM_RC_SUCCESS,
366 utility_.StirRandom(entropy_data, &mock_authorization_delegate_));
367 }
368
TEST_F(TpmUtilityTest,StirRandomFails)369 TEST_F(TpmUtilityTest, StirRandomFails) {
370 std::string entropy_data("test data");
371 EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr))
372 .WillOnce(Return(TPM_RC_FAILURE));
373 EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr));
374 }
375
TEST_F(TpmUtilityTest,GenerateRandomSuccess)376 TEST_F(TpmUtilityTest, GenerateRandomSuccess) {
377 // This number is larger than the max bytes the GetRandom call can return.
378 // Therefore we expect software to make multiple calls to fill this many
379 // bytes.
380 size_t num_bytes = 72;
381 std::string random_data;
382 TPM2B_DIGEST large_random;
383 large_random.size = 32;
384 TPM2B_DIGEST small_random;
385 small_random.size = 8;
386 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_))
387 .Times(2)
388 .WillRepeatedly(
389 DoAll(SetArgPointee<1>(large_random), Return(TPM_RC_SUCCESS)));
390 EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_))
391 .WillOnce(DoAll(SetArgPointee<1>(small_random), Return(TPM_RC_SUCCESS)));
392 EXPECT_EQ(TPM_RC_SUCCESS,
393 utility_.GenerateRandom(num_bytes, &mock_authorization_delegate_,
394 &random_data));
395 EXPECT_EQ(num_bytes, random_data.size());
396 }
397
TEST_F(TpmUtilityTest,GenerateRandomFails)398 TEST_F(TpmUtilityTest, GenerateRandomFails) {
399 size_t num_bytes = 5;
400 std::string random_data;
401 EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr))
402 .WillOnce(Return(TPM_RC_FAILURE));
403 EXPECT_EQ(TPM_RC_FAILURE,
404 utility_.GenerateRandom(num_bytes, nullptr, &random_data));
405 }
406
TEST_F(TpmUtilityTest,ExtendPCRSuccess)407 TEST_F(TpmUtilityTest, ExtendPCRSuccess) {
408 TPM_HANDLE pcr_handle = HR_PCR + 1;
409 TPML_DIGEST_VALUES digests;
410 EXPECT_CALL(mock_tpm_,
411 PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_))
412 .WillOnce(DoAll(SaveArg<2>(&digests), Return(TPM_RC_SUCCESS)));
413 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest",
414 &mock_authorization_delegate_));
415 EXPECT_EQ(1u, digests.count);
416 EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg);
417 std::string hash_string = crypto::SHA256HashString("test digest");
418 EXPECT_EQ(0, memcmp(hash_string.data(), digests.digests[0].digest.sha256,
419 crypto::kSHA256Length));
420 }
421
TEST_F(TpmUtilityTest,ExtendPCRFail)422 TEST_F(TpmUtilityTest, ExtendPCRFail) {
423 int pcr_index = 0;
424 TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
425 EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _))
426 .WillOnce(Return(TPM_RC_FAILURE));
427 EXPECT_EQ(TPM_RC_FAILURE,
428 utility_.ExtendPCR(pcr_index, "test digest", nullptr));
429 }
430
TEST_F(TpmUtilityTest,ExtendPCRBadParam)431 TEST_F(TpmUtilityTest, ExtendPCRBadParam) {
432 EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr));
433 }
434
TEST_F(TpmUtilityTest,ReadPCRSuccess)435 TEST_F(TpmUtilityTest, ReadPCRSuccess) {
436 // The |pcr_index| is chosen to match the structure for |pcr_select|.
437 // If you change |pcr_index|, remember to change |pcr_select|.
438 int pcr_index = 1;
439 std::string pcr_value;
440 TPML_PCR_SELECTION pcr_select;
441 pcr_select.count = 1;
442 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
443 pcr_select.pcr_selections[0].sizeof_select = 1;
444 pcr_select.pcr_selections[0].pcr_select[0] = 2;
445 TPML_DIGEST pcr_values;
446 pcr_values.count = 1;
447 pcr_values.digests[0].size = 5;
448 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
449 .WillOnce(DoAll(SetArgPointee<2>(pcr_select),
450 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS)));
451 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value));
452 }
453
TEST_F(TpmUtilityTest,ReadPCRFail)454 TEST_F(TpmUtilityTest, ReadPCRFail) {
455 std::string pcr_value;
456 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
457 .WillOnce(Return(TPM_RC_FAILURE));
458 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
459 }
460
TEST_F(TpmUtilityTest,ReadPCRBadReturn)461 TEST_F(TpmUtilityTest, ReadPCRBadReturn) {
462 std::string pcr_value;
463 EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
464 }
465
TEST_F(TpmUtilityTest,AsymmetricEncryptSuccess)466 TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) {
467 TPM_HANDLE key_handle;
468 std::string plaintext;
469 std::string output_ciphertext("ciphertext");
470 std::string ciphertext;
471 TPM2B_PUBLIC_KEY_RSA out_message =
472 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext);
473 TPM2B_PUBLIC public_area;
474 public_area.public_area.type = TPM_ALG_RSA;
475 public_area.public_area.object_attributes = kDecrypt;
476 public_area.public_area.auth_policy.size = 0;
477 public_area.public_area.unique.rsa.size = 0;
478 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
479 .WillRepeatedly(
480 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
481 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _,
482 &mock_authorization_delegate_))
483 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS)));
484 EXPECT_EQ(TPM_RC_SUCCESS,
485 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL,
486 plaintext, &mock_authorization_delegate_,
487 &ciphertext));
488 EXPECT_EQ(0, ciphertext.compare(output_ciphertext));
489 }
490
TEST_F(TpmUtilityTest,AsymmetricEncryptFail)491 TEST_F(TpmUtilityTest, AsymmetricEncryptFail) {
492 TPM_HANDLE key_handle;
493 std::string plaintext;
494 std::string ciphertext;
495 TPM2B_PUBLIC public_area;
496 public_area.public_area.type = TPM_ALG_RSA;
497 public_area.public_area.object_attributes = kDecrypt;
498 public_area.public_area.auth_policy.size = 0;
499 public_area.public_area.unique.rsa.size = 0;
500 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
501 .WillRepeatedly(
502 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
503 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
504 .WillOnce(Return(TPM_RC_FAILURE));
505 EXPECT_EQ(TPM_RC_FAILURE,
506 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL,
507 plaintext, nullptr, &ciphertext));
508 }
509
TEST_F(TpmUtilityTest,AsymmetricEncryptBadParams)510 TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) {
511 TPM_HANDLE key_handle = TPM_RH_FIRST;
512 std::string plaintext;
513 std::string ciphertext;
514 TPM2B_PUBLIC public_area;
515 public_area.public_area.type = TPM_ALG_RSA;
516 public_area.public_area.object_attributes = kDecrypt | kRestricted;
517 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr))
518 .WillRepeatedly(
519 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
520 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
521 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL,
522 plaintext, nullptr, &ciphertext));
523 }
524
TEST_F(TpmUtilityTest,AsymmetricEncryptNullSchemeForward)525 TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) {
526 TPM_HANDLE key_handle;
527 std::string plaintext;
528 std::string output_ciphertext("ciphertext");
529 std::string ciphertext;
530 TPM2B_PUBLIC_KEY_RSA out_message =
531 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext);
532 TPM2B_PUBLIC public_area;
533 public_area.public_area.type = TPM_ALG_RSA;
534 public_area.public_area.object_attributes = kDecrypt;
535 public_area.public_area.auth_policy.size = 0;
536 public_area.public_area.unique.rsa.size = 0;
537 TPMT_RSA_DECRYPT scheme;
538 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
539 .WillRepeatedly(
540 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
541 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
542 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme),
543 Return(TPM_RC_SUCCESS)));
544 EXPECT_EQ(TPM_RC_SUCCESS,
545 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_NULL, TPM_ALG_NULL,
546 plaintext, nullptr, &ciphertext));
547 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
548 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
549 }
550
TEST_F(TpmUtilityTest,AsymmetricEncryptSchemeForward)551 TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) {
552 TPM_HANDLE key_handle;
553 std::string plaintext;
554 std::string output_ciphertext("ciphertext");
555 std::string ciphertext;
556 TPM2B_PUBLIC_KEY_RSA out_message =
557 Make_TPM2B_PUBLIC_KEY_RSA(output_ciphertext);
558 TPM2B_PUBLIC public_area;
559 public_area.public_area.type = TPM_ALG_RSA;
560 public_area.public_area.object_attributes = kDecrypt;
561 public_area.public_area.auth_policy.size = 0;
562 public_area.public_area.unique.rsa.size = 0;
563 TPMT_RSA_DECRYPT scheme;
564 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
565 .WillRepeatedly(
566 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
567 EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
568 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme),
569 Return(TPM_RC_SUCCESS)));
570 EXPECT_EQ(TPM_RC_SUCCESS,
571 utility_.AsymmetricEncrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL,
572 plaintext, nullptr, &ciphertext));
573 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
574 }
575
TEST_F(TpmUtilityTest,AsymmetricDecryptSuccess)576 TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) {
577 TPM_HANDLE key_handle;
578 std::string plaintext;
579 std::string output_plaintext("plaintext");
580 std::string ciphertext;
581 std::string password("password");
582 TPM2B_PUBLIC_KEY_RSA out_message =
583 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext);
584 TPM2B_PUBLIC public_area;
585 public_area.public_area.type = TPM_ALG_RSA;
586 public_area.public_area.object_attributes = kDecrypt;
587 public_area.public_area.auth_policy.size = 0;
588 public_area.public_area.unique.rsa.size = 0;
589 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
590 .WillRepeatedly(
591 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
592 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _,
593 &mock_authorization_delegate_))
594 .WillOnce(DoAll(SetArgPointee<5>(out_message), Return(TPM_RC_SUCCESS)));
595 EXPECT_EQ(TPM_RC_SUCCESS,
596 utility_.AsymmetricDecrypt(
597 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext,
598 &mock_authorization_delegate_, &plaintext));
599 EXPECT_EQ(0, plaintext.compare(output_plaintext));
600 }
601
TEST_F(TpmUtilityTest,AsymmetricDecryptFail)602 TEST_F(TpmUtilityTest, AsymmetricDecryptFail) {
603 TPM_HANDLE key_handle;
604 std::string key_name;
605 std::string plaintext;
606 std::string ciphertext;
607 std::string password;
608 TPM2B_PUBLIC public_area;
609 public_area.public_area.type = TPM_ALG_RSA;
610 public_area.public_area.object_attributes = kDecrypt;
611 public_area.public_area.auth_policy.size = 0;
612 public_area.public_area.unique.rsa.size = 0;
613 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
614 .WillRepeatedly(
615 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
616 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
617 .WillOnce(Return(TPM_RC_FAILURE));
618 EXPECT_EQ(TPM_RC_FAILURE,
619 utility_.AsymmetricDecrypt(
620 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext,
621 &mock_authorization_delegate_, &plaintext));
622 }
623
TEST_F(TpmUtilityTest,AsymmetricDecryptBadParams)624 TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) {
625 TPM_HANDLE key_handle = TPM_RH_FIRST;
626 std::string plaintext;
627 std::string ciphertext;
628 TPM2B_PUBLIC public_area;
629 public_area.public_area.type = TPM_ALG_RSA;
630 public_area.public_area.object_attributes = kDecrypt | kRestricted;
631 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
632 .WillRepeatedly(
633 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
634 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
635 utility_.AsymmetricDecrypt(
636 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext,
637 &mock_authorization_delegate_, &plaintext));
638 }
639
TEST_F(TpmUtilityTest,AsymmetricDecryptBadSession)640 TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) {
641 TPM_HANDLE key_handle = TPM_RH_FIRST;
642 std::string key_name;
643 std::string plaintext;
644 std::string ciphertext;
645 std::string password;
646 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
647 utility_.AsymmetricDecrypt(key_handle, TPM_ALG_RSAES, TPM_ALG_NULL,
648 ciphertext, nullptr, &plaintext));
649 }
650
TEST_F(TpmUtilityTest,AsymmetricDecryptNullSchemeForward)651 TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) {
652 TPM_HANDLE key_handle;
653 std::string plaintext;
654 std::string output_plaintext("plaintext");
655 std::string ciphertext;
656 std::string password;
657 TPM2B_PUBLIC_KEY_RSA out_message =
658 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext);
659 TPM2B_PUBLIC public_area;
660 public_area.public_area.type = TPM_ALG_RSA;
661 public_area.public_area.object_attributes = kDecrypt;
662 public_area.public_area.auth_policy.size = 0;
663 public_area.public_area.unique.rsa.size = 0;
664 TPMT_RSA_DECRYPT scheme;
665 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
666 .WillRepeatedly(
667 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
668 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
669 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme),
670 Return(TPM_RC_SUCCESS)));
671 EXPECT_EQ(TPM_RC_SUCCESS,
672 utility_.AsymmetricDecrypt(
673 key_handle, TPM_ALG_NULL, TPM_ALG_NULL, ciphertext,
674 &mock_authorization_delegate_, &plaintext));
675 EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
676 EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
677 }
678
TEST_F(TpmUtilityTest,AsymmetricDecryptSchemeForward)679 TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) {
680 TPM_HANDLE key_handle;
681 std::string plaintext;
682 std::string output_plaintext("plaintext");
683 std::string ciphertext;
684 std::string password;
685 TPM2B_PUBLIC_KEY_RSA out_message =
686 Make_TPM2B_PUBLIC_KEY_RSA(output_plaintext);
687 TPM2B_PUBLIC public_area;
688 public_area.public_area.type = TPM_ALG_RSA;
689 public_area.public_area.object_attributes = kDecrypt;
690 public_area.public_area.auth_policy.size = 0;
691 public_area.public_area.unique.rsa.size = 0;
692 TPMT_RSA_DECRYPT scheme;
693 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
694 .WillRepeatedly(
695 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
696 EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
697 .WillOnce(DoAll(SetArgPointee<5>(out_message), SaveArg<3>(&scheme),
698 Return(TPM_RC_SUCCESS)));
699 EXPECT_EQ(TPM_RC_SUCCESS,
700 utility_.AsymmetricDecrypt(
701 key_handle, TPM_ALG_RSAES, TPM_ALG_NULL, ciphertext,
702 &mock_authorization_delegate_, &plaintext));
703 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
704 }
705
TEST_F(TpmUtilityTest,SignSuccess)706 TEST_F(TpmUtilityTest, SignSuccess) {
707 TPM_HANDLE key_handle;
708 std::string password("password");
709 std::string digest(32, 'a');
710 TPMT_SIGNATURE signature_out;
711 signature_out.signature.rsassa.sig.size = 2;
712 signature_out.signature.rsassa.sig.buffer[0] = 'h';
713 signature_out.signature.rsassa.sig.buffer[1] = 'i';
714 std::string signature;
715 TPM2B_PUBLIC public_area;
716 public_area.public_area.type = TPM_ALG_RSA;
717 public_area.public_area.object_attributes = kSign;
718 public_area.public_area.auth_policy.size = 0;
719 public_area.public_area.unique.rsa.size = 0;
720 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
721 .WillRepeatedly(
722 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
723 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _,
724 &mock_authorization_delegate_))
725 .WillOnce(DoAll(SetArgPointee<5>(signature_out), Return(TPM_RC_SUCCESS)));
726 EXPECT_EQ(TPM_RC_SUCCESS,
727 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
728 &mock_authorization_delegate_, &signature));
729 EXPECT_EQ(0, signature.compare("hi"));
730 }
731
TEST_F(TpmUtilityTest,SignFail)732 TEST_F(TpmUtilityTest, SignFail) {
733 TPM_HANDLE key_handle;
734 std::string password;
735 std::string digest(32, 'a');
736 std::string signature;
737 TPM2B_PUBLIC public_area;
738 public_area.public_area.type = TPM_ALG_RSA;
739 public_area.public_area.object_attributes = kSign;
740 public_area.public_area.auth_policy.size = 0;
741 public_area.public_area.unique.rsa.size = 0;
742 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
743 .WillRepeatedly(
744 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
745 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
746 .WillOnce(Return(TPM_RC_FAILURE));
747 EXPECT_EQ(TPM_RC_FAILURE,
748 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
749 &mock_authorization_delegate_, &signature));
750 }
751
TEST_F(TpmUtilityTest,SignBadParams1)752 TEST_F(TpmUtilityTest, SignBadParams1) {
753 TPM_HANDLE key_handle;
754 std::string password;
755 std::string digest(32, 'a');
756 std::string signature;
757 TPM2B_PUBLIC public_area;
758 public_area.public_area.type = TPM_ALG_RSA;
759 public_area.public_area.object_attributes = kSign | kRestricted;
760 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
761 .WillRepeatedly(
762 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
763 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
764 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest,
765 &mock_authorization_delegate_, &signature));
766 }
767
TEST_F(TpmUtilityTest,SignBadAuthorizationSession)768 TEST_F(TpmUtilityTest, SignBadAuthorizationSession) {
769 TPM_HANDLE key_handle = TPM_RH_FIRST;
770 std::string password;
771 std::string digest(32, 'a');
772 std::string signature;
773 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
774 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest,
775 nullptr, &signature));
776 }
777
TEST_F(TpmUtilityTest,SignBadParams2)778 TEST_F(TpmUtilityTest, SignBadParams2) {
779 TPM_HANDLE key_handle;
780 std::string password;
781 std::string digest(32, 'a');
782 std::string signature;
783 TPM2B_PUBLIC public_area;
784 public_area.public_area.type = TPM_ALG_RSA;
785 public_area.public_area.object_attributes = kDecrypt;
786 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
787 .WillRepeatedly(
788 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
789 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
790 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest,
791 &mock_authorization_delegate_, &signature));
792 }
793
TEST_F(TpmUtilityTest,SignBadParams3)794 TEST_F(TpmUtilityTest, SignBadParams3) {
795 TPM_HANDLE key_handle;
796 std::string password;
797 std::string digest(32, 'a');
798 std::string signature;
799 TPM2B_PUBLIC public_area;
800 public_area.public_area.type = TPM_ALG_ECC;
801 public_area.public_area.object_attributes = kSign;
802 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
803 .WillRepeatedly(
804 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
805 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
806 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest,
807 &mock_authorization_delegate_, &signature));
808 }
809
TEST_F(TpmUtilityTest,SignBadParams4)810 TEST_F(TpmUtilityTest, SignBadParams4) {
811 TPM_HANDLE key_handle;
812 std::string password;
813 std::string digest(32, 'a');
814 std::string signature;
815 TPM2B_PUBLIC public_area;
816 public_area.public_area.type = TPM_ALG_RSA;
817 public_area.public_area.object_attributes = kSign;
818 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
819 .WillRepeatedly(
820 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE)));
821 EXPECT_EQ(TPM_RC_FAILURE,
822 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_NULL, digest,
823 &mock_authorization_delegate_, &signature));
824 }
825
TEST_F(TpmUtilityTest,SignBadParams5)826 TEST_F(TpmUtilityTest, SignBadParams5) {
827 TPM_HANDLE key_handle = 0;
828 std::string password;
829 std::string digest(32, 'a');
830 std::string signature;
831 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
832 utility_.Sign(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest,
833 &mock_authorization_delegate_, &signature));
834 }
835
TEST_F(TpmUtilityTest,SignNullSchemeForward)836 TEST_F(TpmUtilityTest, SignNullSchemeForward) {
837 TPM_HANDLE key_handle;
838 std::string password;
839 std::string digest(32, 'a');
840 TPMT_SIGNATURE signature_out;
841 signature_out.signature.rsassa.sig.size = 0;
842 std::string signature;
843 TPM2B_PUBLIC public_area;
844 TPMT_SIG_SCHEME scheme;
845 public_area.public_area.type = TPM_ALG_RSA;
846 public_area.public_area.object_attributes = kSign;
847 public_area.public_area.auth_policy.size = 0;
848 public_area.public_area.unique.rsa.size = 0;
849 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
850 .WillRepeatedly(
851 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
852 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
853 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme),
854 Return(TPM_RC_SUCCESS)));
855 EXPECT_EQ(TPM_RC_SUCCESS,
856 utility_.Sign(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
857 &mock_authorization_delegate_, &signature));
858 EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA);
859 EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256);
860 }
861
TEST_F(TpmUtilityTest,SignSchemeForward)862 TEST_F(TpmUtilityTest, SignSchemeForward) {
863 TPM_HANDLE key_handle;
864 std::string password;
865 std::string digest(64, 'a');
866 TPMT_SIGNATURE signature_out;
867 signature_out.signature.rsassa.sig.size = 0;
868 std::string signature;
869 TPM2B_PUBLIC public_area;
870 TPMT_SIG_SCHEME scheme;
871 public_area.public_area.type = TPM_ALG_RSA;
872 public_area.public_area.object_attributes = kSign;
873 public_area.public_area.auth_policy.size = 0;
874 public_area.public_area.unique.rsa.size = 0;
875 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
876 .WillRepeatedly(
877 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
878 EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
879 .WillOnce(DoAll(SetArgPointee<5>(signature_out), SaveArg<3>(&scheme),
880 Return(TPM_RC_SUCCESS)));
881 EXPECT_EQ(TPM_RC_SUCCESS,
882 utility_.Sign(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest,
883 &mock_authorization_delegate_, &signature));
884 EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS);
885 EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1);
886 }
887
TEST_F(TpmUtilityTest,VerifySuccess)888 TEST_F(TpmUtilityTest, VerifySuccess) {
889 TPM_HANDLE key_handle;
890 std::string digest(32, 'a');
891 std::string signature;
892 TPM2B_PUBLIC public_area;
893 public_area.public_area.type = TPM_ALG_RSA;
894 public_area.public_area.object_attributes = kSign;
895 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
896 .WillRepeatedly(
897 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
898 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
899 .WillOnce(Return(TPM_RC_SUCCESS));
900 EXPECT_EQ(TPM_RC_SUCCESS,
901 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
902 signature, nullptr));
903 }
904
TEST_F(TpmUtilityTest,VerifyFail)905 TEST_F(TpmUtilityTest, VerifyFail) {
906 TPM_HANDLE key_handle;
907 std::string digest(32, 'a');
908 std::string signature;
909 TPM2B_PUBLIC public_area;
910 public_area.public_area.type = TPM_ALG_RSA;
911 public_area.public_area.object_attributes = kSign;
912 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
913 .WillRepeatedly(
914 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
915 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
916 .WillOnce(Return(TPM_RC_FAILURE));
917 EXPECT_EQ(TPM_RC_FAILURE,
918 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
919 signature, nullptr));
920 }
921
TEST_F(TpmUtilityTest,VerifyBadParams1)922 TEST_F(TpmUtilityTest, VerifyBadParams1) {
923 TPM_HANDLE key_handle;
924 std::string digest(32, 'a');
925 std::string signature;
926 TPM2B_PUBLIC public_area;
927 public_area.public_area.type = TPM_ALG_RSA;
928 public_area.public_area.object_attributes = kSign | kRestricted;
929 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
930 .WillRepeatedly(
931 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
932 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
933 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
934 signature, nullptr));
935 }
936
TEST_F(TpmUtilityTest,VerifyBadParams2)937 TEST_F(TpmUtilityTest, VerifyBadParams2) {
938 TPM_HANDLE key_handle;
939 std::string digest(32, 'a');
940 std::string signature;
941 TPM2B_PUBLIC public_area;
942 public_area.public_area.type = TPM_ALG_RSA;
943 public_area.public_area.object_attributes = kDecrypt;
944 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
945 .WillRepeatedly(
946 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
947 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
948 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
949 signature, nullptr));
950 }
951
TEST_F(TpmUtilityTest,VerifyBadParams3)952 TEST_F(TpmUtilityTest, VerifyBadParams3) {
953 TPM_HANDLE key_handle;
954 std::string digest(32, 'a');
955 std::string signature;
956 TPM2B_PUBLIC public_area;
957 public_area.public_area.type = TPM_ALG_ECC;
958 public_area.public_area.object_attributes = kSign;
959 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
960 .WillRepeatedly(
961 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
962 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
963 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
964 signature, nullptr));
965 }
966
TEST_F(TpmUtilityTest,VerifyBadParams4)967 TEST_F(TpmUtilityTest, VerifyBadParams4) {
968 TPM_HANDLE key_handle;
969 std::string digest(32, 'a');
970 std::string signature;
971 TPM2B_PUBLIC public_area;
972 public_area.public_area.type = TPM_ALG_RSA;
973 public_area.public_area.object_attributes = kSign;
974 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
975 .WillRepeatedly(
976 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_FAILURE)));
977 EXPECT_EQ(TPM_RC_FAILURE,
978 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
979 signature, nullptr));
980 }
981
TEST_F(TpmUtilityTest,VerifyBadParams5)982 TEST_F(TpmUtilityTest, VerifyBadParams5) {
983 TPM_HANDLE key_handle;
984 std::string digest(32, 'a');
985 std::string signature;
986 TPM2B_PUBLIC public_area;
987 public_area.public_area.type = TPM_ALG_RSA;
988 public_area.public_area.object_attributes = kSign;
989 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
990 .WillRepeatedly(
991 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
992 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
993 utility_.Verify(key_handle, TPM_ALG_AES, TPM_ALG_NULL, digest,
994 signature, nullptr));
995 }
996
TEST_F(TpmUtilityTest,VerifyNullSchemeForward)997 TEST_F(TpmUtilityTest, VerifyNullSchemeForward) {
998 TPM_HANDLE key_handle;
999 std::string digest(32, 'a');
1000 std::string signature;
1001 TPM2B_PUBLIC public_area;
1002 TPMT_SIGNATURE signature_in;
1003 public_area.public_area.type = TPM_ALG_RSA;
1004 public_area.public_area.object_attributes = kSign;
1005 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1006 .WillRepeatedly(
1007 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
1008 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
1009 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS)));
1010 EXPECT_EQ(TPM_RC_SUCCESS,
1011 utility_.Verify(key_handle, TPM_ALG_NULL, TPM_ALG_NULL, digest,
1012 signature, nullptr));
1013 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA);
1014 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256);
1015 }
1016
TEST_F(TpmUtilityTest,VerifySchemeForward)1017 TEST_F(TpmUtilityTest, VerifySchemeForward) {
1018 TPM_HANDLE key_handle;
1019 std::string digest(64, 'a');
1020 std::string signature;
1021 TPM2B_PUBLIC public_area;
1022 TPMT_SIGNATURE signature_in;
1023 public_area.public_area.type = TPM_ALG_RSA;
1024 public_area.public_area.object_attributes = kSign;
1025 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1026 .WillRepeatedly(
1027 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
1028 EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
1029 .WillOnce(DoAll(SaveArg<3>(&signature_in), Return(TPM_RC_SUCCESS)));
1030 EXPECT_EQ(TPM_RC_SUCCESS,
1031 utility_.Verify(key_handle, TPM_ALG_RSAPSS, TPM_ALG_SHA1, digest,
1032 signature, nullptr));
1033 EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS);
1034 EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1);
1035 }
1036
TEST_F(TpmUtilityTest,CertifyCreationSuccess)1037 TEST_F(TpmUtilityTest, CertifyCreationSuccess) {
1038 TPM_HANDLE key_handle = 42;
1039 std::string creation_blob;
1040 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _,
1041 _, _, _, _, _))
1042 .WillOnce(Return(TPM_RC_SUCCESS));
1043 EXPECT_EQ(TPM_RC_SUCCESS,
1044 utility_.CertifyCreation(key_handle, creation_blob));
1045 }
1046
TEST_F(TpmUtilityTest,CertifyCreationParserError)1047 TEST_F(TpmUtilityTest, CertifyCreationParserError) {
1048 TPM_HANDLE key_handle = 42;
1049 std::string creation_blob;
1050 EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _))
1051 .WillOnce(Return(false));
1052 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1053 utility_.CertifyCreation(key_handle, creation_blob));
1054 }
1055
TEST_F(TpmUtilityTest,CertifyCreationFailure)1056 TEST_F(TpmUtilityTest, CertifyCreationFailure) {
1057 TPM_HANDLE key_handle = 42;
1058 std::string creation_blob;
1059 EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle, _, _,
1060 _, _, _, _, _))
1061 .WillOnce(Return(TPM_RC_FAILURE));
1062 EXPECT_EQ(TPM_RC_FAILURE,
1063 utility_.CertifyCreation(key_handle, creation_blob));
1064 }
1065
TEST_F(TpmUtilityTest,ChangeAuthDataSuccess)1066 TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) {
1067 TPM_HANDLE key_handle = 1;
1068 std::string new_password;
1069 std::string key_blob;
1070 TPM2B_PUBLIC public_area;
1071 public_area.public_area.type = TPM_ALG_RSA;
1072 public_area.public_area.auth_policy.size = 0;
1073 public_area.public_area.unique.rsa.size = 0;
1074 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1075 .WillRepeatedly(
1076 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
1077 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData(
1078 key_handle, new_password,
1079 &mock_authorization_delegate_, &key_blob));
1080 }
1081
TEST_F(TpmUtilityTest,ChangeAuthDataKeyNameFail)1082 TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) {
1083 TPM_HANDLE key_handle = 1;
1084 std::string old_password;
1085 std::string new_password;
1086 EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
1087 .WillOnce(Return(TPM_RC_FAILURE));
1088 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
1089 key_handle, new_password,
1090 &mock_authorization_delegate_, nullptr));
1091 }
1092
TEST_F(TpmUtilityTest,ChangeAuthDataFailure)1093 TEST_F(TpmUtilityTest, ChangeAuthDataFailure) {
1094 TPM_HANDLE key_handle = 1;
1095 std::string new_password;
1096 EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _))
1097 .WillOnce(Return(TPM_RC_FAILURE));
1098 EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
1099 key_handle, new_password,
1100 &mock_authorization_delegate_, nullptr));
1101 }
1102
TEST_F(TpmUtilityTest,ChangeAuthDataParserFail)1103 TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) {
1104 TPM_HANDLE key_handle = 1;
1105 std::string new_password;
1106 std::string key_blob;
1107 TPM2B_PUBLIC public_area;
1108 public_area.public_area.type = TPM_ALG_RSA;
1109 public_area.public_area.auth_policy.size = 0;
1110 public_area.public_area.unique.rsa.size = 0;
1111 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1112 .WillRepeatedly(
1113 DoAll(SetArgPointee<2>(public_area), Return(TPM_RC_SUCCESS)));
1114 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1115 .WillOnce(Return(false));
1116 EXPECT_EQ(
1117 SAPI_RC_BAD_TCTI_STRUCTURE,
1118 utility_.ChangeKeyAuthorizationData(
1119 key_handle, new_password, &mock_authorization_delegate_, &key_blob));
1120 }
1121
TEST_F(TpmUtilityTest,ImportRSAKeySuccess)1122 TEST_F(TpmUtilityTest, ImportRSAKeySuccess) {
1123 uint32_t public_exponent = 0x10001;
1124 std::string modulus(256, 'a');
1125 std::string prime_factor(128, 'b');
1126 std::string password("password");
1127 std::string key_blob;
1128 TPM2B_DATA encryption_key;
1129 TPM2B_PUBLIC public_data;
1130 TPM2B_PRIVATE private_data;
1131 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
1132 .WillOnce(DoAll(SaveArg<2>(&encryption_key), SaveArg<3>(&public_data),
1133 SaveArg<4>(&private_data), Return(TPM_RC_SUCCESS)));
1134 EXPECT_EQ(
1135 TPM_RC_SUCCESS,
1136 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1137 modulus, public_exponent, prime_factor, password,
1138 &mock_authorization_delegate_, &key_blob));
1139 // Validate that the public area was properly constructed.
1140 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits,
1141 modulus.size() * 8);
1142 EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent,
1143 public_exponent);
1144 EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size());
1145 EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer, modulus.data(),
1146 modulus.size()));
1147 // Validate the private struct construction.
1148 EXPECT_EQ(kAesKeySize, encryption_key.size);
1149 AES_KEY key;
1150 AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key);
1151 unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0};
1152 int iv_in = 0;
1153 std::string unencrypted_private(private_data.size, 0);
1154 AES_cfb128_encrypt(
1155 reinterpret_cast<const unsigned char*>(private_data.buffer),
1156 reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)),
1157 private_data.size, &key, iv, &iv_in, AES_DECRYPT);
1158 TPM2B_DIGEST inner_integrity;
1159 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private,
1160 &inner_integrity, nullptr));
1161 std::string object_name;
1162 EXPECT_EQ(TPM_RC_SUCCESS,
1163 ComputeKeyName(public_data.public_area, &object_name));
1164 std::string integrity_value =
1165 crypto::SHA256HashString(unencrypted_private + object_name);
1166 EXPECT_EQ(integrity_value.size(), inner_integrity.size);
1167 EXPECT_EQ(0, memcmp(inner_integrity.buffer, integrity_value.data(),
1168 inner_integrity.size));
1169 TPM2B_SENSITIVE sensitive_data;
1170 EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private,
1171 &sensitive_data, nullptr));
1172 EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size());
1173 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer,
1174 password.data(), password.size()));
1175 EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size,
1176 prime_factor.size());
1177 EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer,
1178 prime_factor.data(), prime_factor.size()));
1179 }
1180
TEST_F(TpmUtilityTest,ImportRSAKeySuccessWithNoBlob)1181 TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) {
1182 uint32_t public_exponent = 0x10001;
1183 std::string modulus(256, 'a');
1184 std::string prime_factor(128, 'b');
1185 std::string password;
1186 EXPECT_EQ(
1187 TPM_RC_SUCCESS,
1188 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1189 modulus, public_exponent, prime_factor, password,
1190 &mock_authorization_delegate_, nullptr));
1191 }
1192
TEST_F(TpmUtilityTest,ImportRSAKeyParentNameFail)1193 TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) {
1194 uint32_t public_exponent = 0x10001;
1195 std::string modulus(256, 'a');
1196 std::string prime_factor(128, 'b');
1197 std::string password;
1198 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1199 .WillOnce(Return(TPM_RC_FAILURE));
1200 EXPECT_EQ(
1201 TPM_RC_FAILURE,
1202 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1203 modulus, public_exponent, prime_factor, password,
1204 &mock_authorization_delegate_, nullptr));
1205 }
1206
TEST_F(TpmUtilityTest,ImportRSAKeyFail)1207 TEST_F(TpmUtilityTest, ImportRSAKeyFail) {
1208 std::string modulus;
1209 std::string prime_factor;
1210 std::string password;
1211 EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
1212 .WillOnce(Return(TPM_RC_FAILURE));
1213 EXPECT_EQ(TPM_RC_FAILURE,
1214 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1215 modulus, 0x10001, prime_factor, password,
1216 &mock_authorization_delegate_, nullptr));
1217 }
1218
TEST_F(TpmUtilityTest,ImportRSAKeyParserFail)1219 TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) {
1220 std::string modulus;
1221 std::string prime_factor;
1222 std::string password;
1223 std::string key_blob;
1224 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1225 .WillOnce(Return(false));
1226 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE,
1227 utility_.ImportRSAKey(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1228 modulus, 0x10001, prime_factor, password,
1229 &mock_authorization_delegate_, &key_blob));
1230 }
1231
TEST_F(TpmUtilityTest,CreateRSAKeyPairSuccess)1232 TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) {
1233 TPM2B_PUBLIC public_area;
1234 TPML_PCR_SELECTION creation_pcrs;
1235 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _,
1236 _, _, &mock_authorization_delegate_))
1237 .WillOnce(DoAll(SaveArg<2>(&public_area), SaveArg<3>(&creation_pcrs),
1238 Return(TPM_RC_SUCCESS)));
1239 std::string key_blob;
1240 std::string creation_blob;
1241 int creation_pcr = 12;
1242 EXPECT_EQ(TPM_RC_SUCCESS,
1243 utility_.CreateRSAKeyPair(
1244 TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048,
1245 0x10001, "password", "", false, creation_pcr,
1246 &mock_authorization_delegate_, &key_blob, &creation_blob));
1247 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
1248 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
1249 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth,
1250 kUserWithAuth);
1251 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u);
1252 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1253 TPM_ALG_NULL);
1254 EXPECT_EQ(1u, creation_pcrs.count);
1255 EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash);
1256 EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select);
1257 EXPECT_EQ(1u << (creation_pcr % 8),
1258 creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]);
1259 }
1260
TEST_F(TpmUtilityTest,CreateRSAKeyPairDecryptKeySuccess)1261 TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) {
1262 TPM2B_PUBLIC public_area;
1263 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _,
1264 _, _, &mock_authorization_delegate_))
1265 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS)));
1266 std::string key_blob;
1267 EXPECT_EQ(TPM_RC_SUCCESS,
1268 utility_.CreateRSAKeyPair(
1269 TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001,
1270 "password", "", false, kNoCreationPCR,
1271 &mock_authorization_delegate_, &key_blob, nullptr));
1272 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
1273 EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u);
1274 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1275 TPM_ALG_NULL);
1276 }
1277
TEST_F(TpmUtilityTest,CreateRSAKeyPairSignKeySuccess)1278 TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) {
1279 TPM2B_PUBLIC public_area;
1280 TPM2B_SENSITIVE_CREATE sensitive_create;
1281 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _,
1282 _, _, &mock_authorization_delegate_))
1283 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&public_area),
1284 Return(TPM_RC_SUCCESS)));
1285 std::string key_blob;
1286 std::string policy_digest(32, 'a');
1287 std::string key_auth("password");
1288 EXPECT_EQ(
1289 TPM_RC_SUCCESS,
1290 utility_.CreateRSAKeyPair(
1291 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth,
1292 policy_digest, true /* use_only_policy_authorization */,
1293 kNoCreationPCR, &mock_authorization_delegate_, &key_blob, nullptr));
1294 EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u);
1295 EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
1296 EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u);
1297 EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy,
1298 kAdminWithPolicy);
1299 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
1300 TPM_ALG_NULL);
1301 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048);
1302 EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u);
1303 EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size());
1304 EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer,
1305 policy_digest.data(), policy_digest.size()));
1306 EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size());
1307 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer,
1308 key_auth.data(), key_auth.size()));
1309 }
1310
TEST_F(TpmUtilityTest,CreateRSAKeyPairBadDelegate)1311 TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) {
1312 std::string key_blob;
1313 EXPECT_EQ(
1314 SAPI_RC_INVALID_SESSIONS,
1315 utility_.CreateRSAKeyPair(TpmUtility::AsymmetricKeyUsage::kDecryptKey,
1316 2048, 0x10001, "password", "", false,
1317 kNoCreationPCR, nullptr, &key_blob, nullptr));
1318 }
1319
TEST_F(TpmUtilityTest,CreateRSAKeyPairFailure)1320 TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) {
1321 EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _,
1322 _, _, &mock_authorization_delegate_))
1323 .WillOnce(Return(TPM_RC_FAILURE));
1324 std::string key_blob;
1325 EXPECT_EQ(TPM_RC_FAILURE,
1326 utility_.CreateRSAKeyPair(
1327 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001,
1328 "password", "", false, kNoCreationPCR,
1329 &mock_authorization_delegate_, &key_blob, nullptr));
1330 }
1331
TEST_F(TpmUtilityTest,CreateRSAKeyPairKeyParserFail)1332 TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) {
1333 std::string key_blob;
1334 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
1335 .WillOnce(Return(false));
1336 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE,
1337 utility_.CreateRSAKeyPair(
1338 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001,
1339 "password", "", false, kNoCreationPCR,
1340 &mock_authorization_delegate_, &key_blob, nullptr));
1341 }
1342
TEST_F(TpmUtilityTest,CreateRSAKeyPairCreationParserFail)1343 TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) {
1344 std::string creation_blob;
1345 std::string key_blob;
1346 EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob))
1347 .WillOnce(Return(false));
1348 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE,
1349 utility_.CreateRSAKeyPair(
1350 TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001,
1351 "password", "", false, kNoCreationPCR,
1352 &mock_authorization_delegate_, &key_blob, &creation_blob));
1353 }
1354
TEST_F(TpmUtilityTest,LoadKeySuccess)1355 TEST_F(TpmUtilityTest, LoadKeySuccess) {
1356 TPM_HANDLE key_handle = TPM_RH_FIRST;
1357 TPM_HANDLE loaded_handle;
1358 EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _,
1359 &mock_authorization_delegate_))
1360 .WillOnce(DoAll(SetArgPointee<4>(key_handle), Return(TPM_RC_SUCCESS)));
1361 std::string key_blob;
1362 EXPECT_EQ(TPM_RC_SUCCESS,
1363 utility_.LoadKey(key_blob, &mock_authorization_delegate_,
1364 &loaded_handle));
1365 EXPECT_EQ(loaded_handle, key_handle);
1366 }
1367
TEST_F(TpmUtilityTest,LoadKeyFailure)1368 TEST_F(TpmUtilityTest, LoadKeyFailure) {
1369 TPM_HANDLE key_handle;
1370 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1371 .WillOnce(Return(TPM_RC_FAILURE));
1372 std::string key_blob;
1373 EXPECT_EQ(
1374 TPM_RC_FAILURE,
1375 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle));
1376 }
1377
TEST_F(TpmUtilityTest,LoadKeyBadDelegate)1378 TEST_F(TpmUtilityTest, LoadKeyBadDelegate) {
1379 TPM_HANDLE key_handle;
1380 std::string key_blob;
1381 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1382 utility_.LoadKey(key_blob, nullptr, &key_handle));
1383 }
1384
TEST_F(TpmUtilityTest,LoadKeyParserFail)1385 TEST_F(TpmUtilityTest, LoadKeyParserFail) {
1386 TPM_HANDLE key_handle;
1387 std::string key_blob;
1388 EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _))
1389 .WillOnce(Return(false));
1390 EXPECT_EQ(
1391 SAPI_RC_BAD_TCTI_STRUCTURE,
1392 utility_.LoadKey(key_blob, &mock_authorization_delegate_, &key_handle));
1393 }
1394
TEST_F(TpmUtilityTest,SealedDataSuccess)1395 TEST_F(TpmUtilityTest, SealedDataSuccess) {
1396 std::string data_to_seal("seal_data");
1397 std::string sealed_data;
1398 TPM2B_SENSITIVE_CREATE sensitive_create;
1399 TPM2B_PUBLIC in_public;
1400 EXPECT_CALL(mock_tpm_,
1401 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _))
1402 .WillOnce(DoAll(SaveArg<1>(&sensitive_create), SaveArg<2>(&in_public),
1403 Return(TPM_RC_SUCCESS)));
1404 EXPECT_EQ(TPM_RC_SUCCESS,
1405 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_,
1406 &sealed_data));
1407 EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size());
1408 EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer,
1409 data_to_seal.data(), data_to_seal.size()));
1410 EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH);
1411 EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256);
1412 }
1413
TEST_F(TpmUtilityTest,SealDataBadDelegate)1414 TEST_F(TpmUtilityTest, SealDataBadDelegate) {
1415 std::string data_to_seal("seal_data");
1416 std::string sealed_data;
1417 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1418 utility_.SealData(data_to_seal, "", nullptr, &sealed_data));
1419 }
1420
TEST_F(TpmUtilityTest,SealDataFailure)1421 TEST_F(TpmUtilityTest, SealDataFailure) {
1422 std::string data_to_seal("seal_data");
1423 std::string sealed_data;
1424 EXPECT_CALL(mock_tpm_,
1425 CreateSyncShort(kRSAStorageRootKey, _, _, _, _, _, _, _, _, _))
1426 .WillOnce(Return(TPM_RC_FAILURE));
1427 EXPECT_EQ(TPM_RC_FAILURE,
1428 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_,
1429 &sealed_data));
1430 }
1431
TEST_F(TpmUtilityTest,SealDataParserFail)1432 TEST_F(TpmUtilityTest, SealDataParserFail) {
1433 std::string data_to_seal("seal_data");
1434 std::string sealed_data;
1435 EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data))
1436 .WillOnce(Return(false));
1437 EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE,
1438 utility_.SealData(data_to_seal, "", &mock_authorization_delegate_,
1439 &sealed_data));
1440 }
1441
TEST_F(TpmUtilityTest,UnsealDataSuccess)1442 TEST_F(TpmUtilityTest, UnsealDataSuccess) {
1443 std::string sealed_data;
1444 std::string tpm_unsealed_data("password");
1445 std::string unsealed_data;
1446 TPM_HANDLE object_handle = 42;
1447 TPM2B_PUBLIC public_data;
1448 public_data.public_area.auth_policy.size = 0;
1449 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1450 .WillRepeatedly(
1451 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS)));
1452 EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _))
1453 .WillRepeatedly(
1454 DoAll(SetArgPointee<2>(public_data), Return(TPM_RC_SUCCESS)));
1455 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1456 .WillOnce(DoAll(SetArgPointee<4>(object_handle), Return(TPM_RC_SUCCESS)));
1457 TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data);
1458 EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _))
1459 .WillOnce(DoAll(SetArgPointee<2>(out_data), Return(TPM_RC_SUCCESS)));
1460 EXPECT_EQ(TPM_RC_SUCCESS,
1461 utility_.UnsealData(sealed_data, &mock_authorization_delegate_,
1462 &unsealed_data));
1463 EXPECT_EQ(unsealed_data, tpm_unsealed_data);
1464 }
1465
TEST_F(TpmUtilityTest,UnsealDataBadDelegate)1466 TEST_F(TpmUtilityTest, UnsealDataBadDelegate) {
1467 std::string sealed_data;
1468 std::string unsealed_data;
1469 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1470 utility_.UnsealData(sealed_data, nullptr, &unsealed_data));
1471 }
1472
TEST_F(TpmUtilityTest,UnsealDataLoadFail)1473 TEST_F(TpmUtilityTest, UnsealDataLoadFail) {
1474 std::string sealed_data;
1475 std::string unsealed_data;
1476 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1477 .WillOnce(Return(TPM_RC_FAILURE));
1478 EXPECT_EQ(TPM_RC_FAILURE,
1479 utility_.UnsealData(sealed_data, &mock_authorization_delegate_,
1480 &unsealed_data));
1481 }
1482
TEST_F(TpmUtilityTest,UnsealDataBadKeyName)1483 TEST_F(TpmUtilityTest, UnsealDataBadKeyName) {
1484 std::string sealed_data;
1485 std::string unsealed_data;
1486 EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
1487 .WillOnce(Return(TPM_RC_FAILURE));
1488 EXPECT_EQ(TPM_RC_FAILURE,
1489 utility_.UnsealData(sealed_data, &mock_authorization_delegate_,
1490 &unsealed_data));
1491 }
1492
TEST_F(TpmUtilityTest,UnsealObjectFailure)1493 TEST_F(TpmUtilityTest, UnsealObjectFailure) {
1494 std::string sealed_data;
1495 std::string unsealed_data;
1496 EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _))
1497 .WillOnce(Return(TPM_RC_FAILURE));
1498 EXPECT_EQ(TPM_RC_FAILURE,
1499 utility_.UnsealData(sealed_data, &mock_authorization_delegate_,
1500 &unsealed_data));
1501 }
1502
TEST_F(TpmUtilityTest,StartSessionSuccess)1503 TEST_F(TpmUtilityTest, StartSessionSuccess) {
1504 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
1505 .WillOnce(Return(TPM_RC_SUCCESS));
1506 EXPECT_EQ(TPM_RC_SUCCESS, utility_.StartSession(&mock_hmac_session_));
1507 }
1508
TEST_F(TpmUtilityTest,StartSessionFailure)1509 TEST_F(TpmUtilityTest, StartSessionFailure) {
1510 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
1511 .WillOnce(Return(TPM_RC_FAILURE));
1512 EXPECT_EQ(TPM_RC_FAILURE, utility_.StartSession(&mock_hmac_session_));
1513 }
1514
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueSuccess)1515 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) {
1516 int index = 5;
1517 std::string pcr_value("pcr_value");
1518 std::string policy_digest;
1519 TPML_PCR_SELECTION pcr_select;
1520 pcr_select.count = 1;
1521 pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
1522 pcr_select.pcr_selections[0].sizeof_select = 1;
1523 pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8);
1524 TPML_DIGEST pcr_values;
1525 pcr_values.count = 1;
1526 pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value);
1527 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
1528 .WillOnce(DoAll(SetArgPointee<2>(pcr_select),
1529 SetArgPointee<3>(pcr_values), Return(TPM_RC_SUCCESS)));
1530 std::string tpm_pcr_value;
1531 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _))
1532 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS)));
1533 std::string tpm_policy_digest("digest");
1534 EXPECT_CALL(mock_trial_session_, GetDigest(_))
1535 .WillOnce(
1536 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS)));
1537 EXPECT_EQ(TPM_RC_SUCCESS,
1538 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
1539 EXPECT_EQ(policy_digest, tpm_policy_digest);
1540 EXPECT_EQ(pcr_value, tpm_pcr_value);
1541 }
1542
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueSuccessWithPcrValue)1543 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) {
1544 int index = 5;
1545 std::string pcr_value("pcr_value");
1546 std::string policy_digest;
1547 std::string tpm_pcr_value;
1548 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _))
1549 .WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value), Return(TPM_RC_SUCCESS)));
1550 std::string tpm_policy_digest("digest");
1551 EXPECT_CALL(mock_trial_session_, GetDigest(_))
1552 .WillOnce(
1553 DoAll(SetArgPointee<0>(tpm_policy_digest), Return(TPM_RC_SUCCESS)));
1554 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetPolicyDigestForPcrValue(
1555 index, pcr_value, &policy_digest));
1556 EXPECT_EQ(policy_digest, tpm_policy_digest);
1557 EXPECT_EQ(pcr_value, tpm_pcr_value);
1558 }
1559
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadSession)1560 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) {
1561 int index = 5;
1562 std::string pcr_value("value");
1563 std::string policy_digest;
1564 EXPECT_CALL(mock_trial_session_, StartUnboundSession(false))
1565 .WillOnce(Return(TPM_RC_FAILURE));
1566 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue(
1567 index, pcr_value, &policy_digest));
1568 }
1569
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValuePcrReadFail)1570 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) {
1571 int index = 5;
1572 std::string policy_digest;
1573 EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
1574 .WillOnce(Return(TPM_RC_FAILURE));
1575 EXPECT_EQ(TPM_RC_FAILURE,
1576 utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
1577 }
1578
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadPcr)1579 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) {
1580 int index = 5;
1581 std::string pcr_value("value");
1582 std::string policy_digest;
1583 EXPECT_CALL(mock_trial_session_, PolicyPCR(index, _))
1584 .WillOnce(Return(TPM_RC_FAILURE));
1585 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue(
1586 index, pcr_value, &policy_digest));
1587 }
1588
TEST_F(TpmUtilityTest,GetPolicyDigestForPcrValueBadDigest)1589 TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) {
1590 int index = 5;
1591 std::string pcr_value("value");
1592 std::string policy_digest;
1593 EXPECT_CALL(mock_trial_session_, GetDigest(&policy_digest))
1594 .WillOnce(Return(TPM_RC_FAILURE));
1595 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetPolicyDigestForPcrValue(
1596 index, pcr_value, &policy_digest));
1597 }
1598
TEST_F(TpmUtilityTest,DefineNVSpaceSuccess)1599 TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) {
1600 uint32_t index = 59;
1601 uint32_t nvram_index = NV_INDEX_FIRST + index;
1602 size_t length = 256;
1603 TPMA_NV attributes = TPMA_NV_WRITEDEFINE;
1604 TPM2B_NV_PUBLIC public_data;
1605 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
1606 .WillOnce(DoAll(SaveArg<3>(&public_data), Return(TPM_RC_SUCCESS)));
1607 EXPECT_EQ(TPM_RC_SUCCESS,
1608 utility_.DefineNVSpace(index, length, attributes, "", "",
1609 &mock_authorization_delegate_));
1610 EXPECT_EQ(public_data.nv_public.nv_index, nvram_index);
1611 EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256);
1612 EXPECT_EQ(public_data.nv_public.attributes, attributes);
1613 EXPECT_EQ(public_data.nv_public.data_size, length);
1614 }
1615
TEST_F(TpmUtilityTest,DefineNVSpaceBadLength)1616 TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) {
1617 size_t bad_length = 3000;
1618 EXPECT_EQ(SAPI_RC_BAD_SIZE,
1619 utility_.DefineNVSpace(0, bad_length, 0, "", "",
1620 &mock_authorization_delegate_));
1621 }
1622
TEST_F(TpmUtilityTest,DefineNVSpaceBadIndex)1623 TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) {
1624 uint32_t bad_index = 1 << 29;
1625 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1626 utility_.DefineNVSpace(bad_index, 2, 0, "", "",
1627 &mock_authorization_delegate_));
1628 }
1629
TEST_F(TpmUtilityTest,DefineNVSpaceBadSession)1630 TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) {
1631 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
1632 utility_.DefineNVSpace(0, 2, 0, "", "", nullptr));
1633 }
1634
TEST_F(TpmUtilityTest,DefineNVSpaceFail)1635 TEST_F(TpmUtilityTest, DefineNVSpaceFail) {
1636 uint32_t index = 59;
1637 size_t length = 256;
1638 EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
1639 .WillOnce(Return(TPM_RC_FAILURE));
1640 EXPECT_EQ(TPM_RC_FAILURE,
1641 utility_.DefineNVSpace(index, length, 0, "", "",
1642 &mock_authorization_delegate_));
1643 }
1644
TEST_F(TpmUtilityTest,DestroyNVSpaceSuccess)1645 TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) {
1646 uint32_t index = 53;
1647 uint32_t nvram_index = NV_INDEX_FIRST + index;
1648 EXPECT_CALL(mock_tpm_,
1649 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _));
1650 EXPECT_EQ(TPM_RC_SUCCESS,
1651 utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
1652 }
1653
TEST_F(TpmUtilityTest,DestroyNVSpaceBadIndex)1654 TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) {
1655 uint32_t bad_index = 1 << 29;
1656 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1657 utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_));
1658 }
1659
TEST_F(TpmUtilityTest,DestroyNVSpaceBadSession)1660 TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) {
1661 EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr));
1662 }
1663
TEST_F(TpmUtilityTest,DestroyNVSpaceFailure)1664 TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) {
1665 uint32_t index = 53;
1666 uint32_t nvram_index = NV_INDEX_FIRST + index;
1667 EXPECT_CALL(mock_tpm_,
1668 NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _))
1669 .WillOnce(Return(TPM_RC_FAILURE));
1670 EXPECT_EQ(TPM_RC_FAILURE,
1671 utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
1672 }
1673
TEST_F(TpmUtilityTest,LockNVSpaceWriteSuccess)1674 TEST_F(TpmUtilityTest, LockNVSpaceWriteSuccess) {
1675 uint32_t index = 53;
1676 uint32_t nvram_index = NV_INDEX_FIRST + index;
1677 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1678 .WillOnce(Return(TPM_RC_SUCCESS));
1679 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1680 .Times(0);
1681 EXPECT_EQ(TPM_RC_SUCCESS,
1682 utility_.LockNVSpace(index, false, true, true,
1683 &mock_authorization_delegate_));
1684 TPMS_NV_PUBLIC public_area;
1685 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1686 EXPECT_EQ(TPMA_NV_WRITELOCKED, public_area.attributes & TPMA_NV_WRITELOCKED);
1687 }
1688
TEST_F(TpmUtilityTest,LockNVSpaceReadSuccess)1689 TEST_F(TpmUtilityTest, LockNVSpaceReadSuccess) {
1690 uint32_t index = 53;
1691 uint32_t nvram_index = NV_INDEX_FIRST + index;
1692 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1693 .Times(0);
1694 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1695 .WillOnce(Return(TPM_RC_SUCCESS));
1696 EXPECT_EQ(TPM_RC_SUCCESS,
1697 utility_.LockNVSpace(index, true, false, true,
1698 &mock_authorization_delegate_));
1699 TPMS_NV_PUBLIC public_area;
1700 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1701 EXPECT_EQ(TPMA_NV_READLOCKED, public_area.attributes & TPMA_NV_READLOCKED);
1702 }
1703
TEST_F(TpmUtilityTest,LockNVSpaceBothSuccess)1704 TEST_F(TpmUtilityTest, LockNVSpaceBothSuccess) {
1705 uint32_t index = 53;
1706 uint32_t nvram_index = NV_INDEX_FIRST + index;
1707 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1708 .WillOnce(Return(TPM_RC_SUCCESS));
1709 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1710 .WillOnce(Return(TPM_RC_SUCCESS));
1711 EXPECT_EQ(TPM_RC_SUCCESS,
1712 utility_.LockNVSpace(index, true, true, true,
1713 &mock_authorization_delegate_));
1714 TPMS_NV_PUBLIC public_area;
1715 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1716 EXPECT_EQ(
1717 (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED),
1718 public_area.attributes & (TPMA_NV_READLOCKED | TPMA_NV_WRITELOCKED));
1719 }
1720
TEST_F(TpmUtilityTest,LockNVSpaceBothNotOwner)1721 TEST_F(TpmUtilityTest, LockNVSpaceBothNotOwner) {
1722 uint32_t index = 53;
1723 uint32_t nvram_index = NV_INDEX_FIRST + index;
1724 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(nvram_index, _, nvram_index, _, _))
1725 .WillOnce(Return(TPM_RC_SUCCESS));
1726 EXPECT_CALL(mock_tpm_, NV_ReadLockSync(nvram_index, _, nvram_index, _, _))
1727 .WillOnce(Return(TPM_RC_SUCCESS));
1728 EXPECT_EQ(TPM_RC_SUCCESS,
1729 utility_.LockNVSpace(index, true, true, false,
1730 &mock_authorization_delegate_));
1731 }
1732
TEST_F(TpmUtilityTest,LockNVSpaceBadIndex)1733 TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) {
1734 uint32_t bad_index = 1 << 24;
1735 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1736 utility_.LockNVSpace(bad_index, true, true, true,
1737 &mock_authorization_delegate_));
1738 }
1739
TEST_F(TpmUtilityTest,LockNVSpaceFailure)1740 TEST_F(TpmUtilityTest, LockNVSpaceFailure) {
1741 uint32_t index = 53;
1742 uint32_t nvram_index = NV_INDEX_FIRST + index;
1743 EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
1744 .WillOnce(Return(TPM_RC_FAILURE));
1745 EXPECT_EQ(TPM_RC_FAILURE,
1746 utility_.LockNVSpace(index, true, true, true,
1747 &mock_authorization_delegate_));
1748 }
1749
TEST_F(TpmUtilityTest,WriteNVSpaceSuccess)1750 TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) {
1751 uint32_t index = 53;
1752 uint32_t offset = 5;
1753 uint32_t nvram_index = NV_INDEX_FIRST + index;
1754 EXPECT_CALL(mock_tpm_,
1755 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
1756 .WillOnce(Return(TPM_RC_SUCCESS));
1757 EXPECT_EQ(TPM_RC_SUCCESS,
1758 utility_.WriteNVSpace(index, offset, "", true, false,
1759 &mock_authorization_delegate_));
1760 TPMS_NV_PUBLIC public_area;
1761 EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
1762 EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN);
1763 }
1764
TEST_F(TpmUtilityTest,WriteNVSpaceNotOwner)1765 TEST_F(TpmUtilityTest, WriteNVSpaceNotOwner) {
1766 uint32_t index = 53;
1767 uint32_t offset = 5;
1768 uint32_t nvram_index = NV_INDEX_FIRST + index;
1769 EXPECT_CALL(mock_tpm_,
1770 NV_WriteSync(nvram_index, _, nvram_index, _, _, offset, _))
1771 .WillOnce(Return(TPM_RC_SUCCESS));
1772 EXPECT_EQ(TPM_RC_SUCCESS,
1773 utility_.WriteNVSpace(index, offset, "", false, false,
1774 &mock_authorization_delegate_));
1775 }
1776
TEST_F(TpmUtilityTest,ExtendNVSpace)1777 TEST_F(TpmUtilityTest, ExtendNVSpace) {
1778 uint32_t index = 53;
1779 uint32_t offset = 5;
1780 uint32_t nvram_index = NV_INDEX_FIRST + index;
1781 EXPECT_CALL(mock_tpm_, NV_ExtendSync(TPM_RH_OWNER, _, nvram_index, _, _, _))
1782 .WillOnce(Return(TPM_RC_SUCCESS));
1783 EXPECT_EQ(TPM_RC_SUCCESS,
1784 utility_.WriteNVSpace(index, offset, "", true, true,
1785 &mock_authorization_delegate_));
1786 }
1787
TEST_F(TpmUtilityTest,WriteNVSpaceBadSize)1788 TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) {
1789 uint32_t index = 53;
1790 std::string nvram_data(1025, 0);
1791 EXPECT_EQ(SAPI_RC_BAD_SIZE,
1792 utility_.WriteNVSpace(index, 0, nvram_data, true, false,
1793 &mock_authorization_delegate_));
1794 }
1795
TEST_F(TpmUtilityTest,WriteNVSpaceBadIndex)1796 TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) {
1797 uint32_t bad_index = 1 << 24;
1798 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1799 utility_.WriteNVSpace(bad_index, 0, "", true, false,
1800 &mock_authorization_delegate_));
1801 }
1802
TEST_F(TpmUtilityTest,WriteNVSpaceFailure)1803 TEST_F(TpmUtilityTest, WriteNVSpaceFailure) {
1804 uint32_t index = 53;
1805 uint32_t offset = 5;
1806 uint32_t nvram_index = NV_INDEX_FIRST + index;
1807 EXPECT_CALL(mock_tpm_,
1808 NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
1809 .WillOnce(Return(TPM_RC_FAILURE));
1810 EXPECT_EQ(TPM_RC_FAILURE,
1811 utility_.WriteNVSpace(index, offset, "", true, false,
1812 &mock_authorization_delegate_));
1813 }
1814
TEST_F(TpmUtilityTest,ReadNVSpaceSuccess)1815 TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) {
1816 uint32_t index = 53;
1817 uint32_t offset = 5;
1818 uint32_t nv_index = NV_INDEX_FIRST + index;
1819 size_t length = 24;
1820 std::string nvram_data;
1821 EXPECT_CALL(mock_tpm_,
1822 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
1823 .WillOnce(Return(TPM_RC_SUCCESS));
1824 EXPECT_EQ(TPM_RC_SUCCESS,
1825 utility_.ReadNVSpace(index, offset, length, false, &nvram_data,
1826 &mock_authorization_delegate_));
1827 }
1828
TEST_F(TpmUtilityTest,ReadNVSpaceOwner)1829 TEST_F(TpmUtilityTest, ReadNVSpaceOwner) {
1830 uint32_t index = 53;
1831 uint32_t offset = 5;
1832 uint32_t nv_index = NV_INDEX_FIRST + index;
1833 size_t length = 24;
1834 std::string nvram_data;
1835 EXPECT_CALL(mock_tpm_,
1836 NV_ReadSync(TPM_RH_OWNER, _, nv_index, _, length, offset, _, _))
1837 .WillOnce(Return(TPM_RC_SUCCESS));
1838 EXPECT_EQ(TPM_RC_SUCCESS,
1839 utility_.ReadNVSpace(index, offset, length, true, &nvram_data,
1840 &mock_authorization_delegate_));
1841 }
1842
TEST_F(TpmUtilityTest,ReadNVSpaceBadReadLength)1843 TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) {
1844 size_t length = 1025;
1845 std::string nvram_data;
1846 EXPECT_EQ(SAPI_RC_BAD_SIZE,
1847 utility_.ReadNVSpace(52, 0, length, true, &nvram_data,
1848 &mock_authorization_delegate_));
1849 }
1850
TEST_F(TpmUtilityTest,ReadNVSpaceBadIndex)1851 TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) {
1852 uint32_t bad_index = 1 << 24;
1853 std::string nvram_data;
1854 EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
1855 utility_.ReadNVSpace(bad_index, 0, 5, true, &nvram_data,
1856 &mock_authorization_delegate_));
1857 }
1858
TEST_F(TpmUtilityTest,ReadNVSpaceFailure)1859 TEST_F(TpmUtilityTest, ReadNVSpaceFailure) {
1860 uint32_t index = 53;
1861 uint32_t offset = 5;
1862 uint32_t nv_index = NV_INDEX_FIRST + index;
1863 size_t length = 24;
1864 std::string nvram_data;
1865 EXPECT_CALL(mock_tpm_,
1866 NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
1867 .WillOnce(Return(TPM_RC_FAILURE));
1868 EXPECT_EQ(TPM_RC_FAILURE,
1869 utility_.ReadNVSpace(index, offset, length, false, &nvram_data,
1870 &mock_authorization_delegate_));
1871 }
1872
TEST_F(TpmUtilityTest,GetNVSpaceNameSuccess)1873 TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) {
1874 uint32_t index = 53;
1875 uint32_t nvram_index = NV_INDEX_FIRST + index;
1876 std::string name;
1877 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
1878 .WillOnce(Return(TPM_RC_SUCCESS));
1879 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name));
1880 }
1881
TEST_F(TpmUtilityTest,GetNVSpaceNameFailure)1882 TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) {
1883 uint32_t index = 53;
1884 std::string name;
1885 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
1886 .WillOnce(Return(TPM_RC_FAILURE));
1887 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name));
1888 }
1889
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaCachedSuccess)1890 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) {
1891 uint32_t index = 53;
1892 TPMS_NV_PUBLIC public_area;
1893 SetNVRAMMap(index, public_area);
1894 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _)).Times(0);
1895 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
1896 }
1897
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaSuccess)1898 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) {
1899 uint32_t index = 53;
1900 uint32_t nvram_index = NV_INDEX_FIRST + index;
1901 TPMS_NV_PUBLIC public_area;
1902 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
1903 .WillOnce(Return(TPM_RC_SUCCESS));
1904 EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
1905 }
1906
TEST_F(TpmUtilityTest,GetNVSpacePublicAreaFailure)1907 TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) {
1908 uint32_t index = 53;
1909 TPMS_NV_PUBLIC public_area;
1910 EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
1911 .WillOnce(Return(TPM_RC_FAILURE));
1912 EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area));
1913 }
1914
TEST_F(TpmUtilityTest,SetKnownPasswordSuccess)1915 TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) {
1916 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false));
1917 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
1918 .WillOnce(Return(TPM_RC_SUCCESS));
1919 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
1920 }
1921
TEST_F(TpmUtilityTest,SetKnownPasswordOwnershipDone)1922 TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) {
1923 EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
1924 }
1925
TEST_F(TpmUtilityTest,SetKnownPasswordFailure)1926 TEST_F(TpmUtilityTest, SetKnownPasswordFailure) {
1927 EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet()).WillOnce(Return(false));
1928 EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
1929 .WillRepeatedly(Return(TPM_RC_FAILURE));
1930 EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password"));
1931 }
1932
TEST_F(TpmUtilityTest,RootKeysSuccess)1933 TEST_F(TpmUtilityTest, RootKeysSuccess) {
1934 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
1935 }
1936
TEST_F(TpmUtilityTest,RootKeysHandleConsistency)1937 TEST_F(TpmUtilityTest, RootKeysHandleConsistency) {
1938 TPM_HANDLE test_handle = 42;
1939 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
1940 .WillRepeatedly(
1941 DoAll(SetArgPointee<3>(test_handle), Return(TPM_RC_SUCCESS)));
1942 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
1943 .WillRepeatedly(Return(TPM_RC_SUCCESS));
1944 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
1945 }
1946
TEST_F(TpmUtilityTest,RootKeysCreateFailure)1947 TEST_F(TpmUtilityTest, RootKeysCreateFailure) {
1948 EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
1949 .WillRepeatedly(Return(TPM_RC_FAILURE));
1950 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
1951 }
1952
TEST_F(TpmUtilityTest,RootKeysPersistFailure)1953 TEST_F(TpmUtilityTest, RootKeysPersistFailure) {
1954 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
1955 .WillRepeatedly(Return(TPM_RC_FAILURE));
1956 EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
1957 }
1958
TEST_F(TpmUtilityTest,RootKeysAlreadyExist)1959 TEST_F(TpmUtilityTest, RootKeysAlreadyExist) {
1960 SetExistingKeyHandleExpectation(kRSAStorageRootKey);
1961 SetExistingKeyHandleExpectation(kECCStorageRootKey);
1962 EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
1963 }
1964
TEST_F(TpmUtilityTest,SaltingKeySuccess)1965 TEST_F(TpmUtilityTest, SaltingKeySuccess) {
1966 TPM2B_PUBLIC public_area;
1967 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
1968 .WillOnce(DoAll(SaveArg<2>(&public_area), Return(TPM_RC_SUCCESS)));
1969 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
1970 EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg);
1971 }
1972
TEST_F(TpmUtilityTest,SaltingKeyConsistency)1973 TEST_F(TpmUtilityTest, SaltingKeyConsistency) {
1974 TPM_HANDLE test_handle = 42;
1975 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1976 .WillRepeatedly(
1977 DoAll(SetArgPointee<4>(test_handle), Return(TPM_RC_SUCCESS)));
1978 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
1979 .WillRepeatedly(Return(TPM_RC_SUCCESS));
1980 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
1981 }
1982
TEST_F(TpmUtilityTest,SaltingKeyCreateFailure)1983 TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) {
1984 EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
1985 .WillRepeatedly(Return(TPM_RC_FAILURE));
1986 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
1987 }
1988
TEST_F(TpmUtilityTest,SaltingKeyLoadFailure)1989 TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) {
1990 EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
1991 .WillRepeatedly(Return(TPM_RC_FAILURE));
1992 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
1993 }
1994
TEST_F(TpmUtilityTest,SaltingKeyPersistFailure)1995 TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) {
1996 EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
1997 .WillRepeatedly(Return(TPM_RC_FAILURE));
1998 EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
1999 }
2000
TEST_F(TpmUtilityTest,SaltingKeyAlreadyExists)2001 TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) {
2002 SetExistingKeyHandleExpectation(kSaltingKey);
2003 EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
2004 }
2005
TEST_F(TpmUtilityTest,SetDictionaryAttackParametersSuccess)2006 TEST_F(TpmUtilityTest, SetDictionaryAttackParametersSuccess) {
2007 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2,
2008 3, nullptr))
2009 .WillRepeatedly(Return(TPM_RC_SUCCESS));
2010 EXPECT_EQ(TPM_RC_SUCCESS,
2011 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr));
2012 }
2013
TEST_F(TpmUtilityTest,SetDictionaryAttackParametersFailure)2014 TEST_F(TpmUtilityTest, SetDictionaryAttackParametersFailure) {
2015 EXPECT_CALL(mock_tpm_, DictionaryAttackParametersSync(TPM_RH_LOCKOUT, _, 1, 2,
2016 3, nullptr))
2017 .WillRepeatedly(Return(TPM_RC_FAILURE));
2018 EXPECT_EQ(TPM_RC_FAILURE,
2019 utility_.SetDictionaryAttackParameters(1, 2, 3, nullptr));
2020 }
2021
TEST_F(TpmUtilityTest,ResetDictionaryAttackLockSuccess)2022 TEST_F(TpmUtilityTest, ResetDictionaryAttackLockSuccess) {
2023 EXPECT_CALL(mock_tpm_,
2024 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr))
2025 .WillRepeatedly(Return(TPM_RC_SUCCESS));
2026 EXPECT_EQ(TPM_RC_SUCCESS, utility_.ResetDictionaryAttackLock(nullptr));
2027 }
2028
TEST_F(TpmUtilityTest,ResetDictionaryAttackLockFailure)2029 TEST_F(TpmUtilityTest, ResetDictionaryAttackLockFailure) {
2030 EXPECT_CALL(mock_tpm_,
2031 DictionaryAttackLockResetSync(TPM_RH_LOCKOUT, _, nullptr))
2032 .WillRepeatedly(Return(TPM_RC_FAILURE));
2033 EXPECT_EQ(TPM_RC_FAILURE, utility_.ResetDictionaryAttackLock(nullptr));
2034 }
2035
2036 } // namespace trunks
2037