• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include <string>
18 
19 #include <gtest/gtest.h>
20 
21 #include "trunks/password_authorization_delegate.h"
22 
23 namespace trunks {
24 
25 // This test looks at initialization of the delegate with no password.
26 // It should initailize with a zero length internal password buffer.
TEST(PasswordAuthorizationDelegateTest,NullInitialization)27 TEST(PasswordAuthorizationDelegateTest, NullInitialization) {
28   PasswordAuthorizationDelegate delegate("");
29   EXPECT_EQ(delegate.password_.size, 0);
30 }
31 
32 // This test checks the generation of an authorization structure by the
33 // delegate. It compared the serialized structure generated by the delegate
34 // to the expected authorization string.
TEST(PasswordAuthorizationDelegateTest,SerializationTest)35 TEST(PasswordAuthorizationDelegateTest, SerializationTest) {
36   std::string expected_auth("\x40\x00\x00\x09"  // session_handle = TPM_RS_PW
37                             "\x00\x00"          // nonce = zero length buffer
38                             "\x01"     // session_attributes = continueSession
39                             "\x00\x06"          // password length
40                             "secret",           // password
41                             15);
42   PasswordAuthorizationDelegate delegate("secret");
43   std::string authorization;
44   std::string command_hash;
45   bool authorization_result = delegate.GetCommandAuthorization(command_hash,
46                                                                false, false,
47                                                                &authorization);
48   EXPECT_EQ(authorization_result, true);
49   EXPECT_EQ(authorization.length(), expected_auth.length());
50   EXPECT_EQ(expected_auth.compare(authorization), 0);
51 }
52 
53 // This test looks at the delegate's ability to parse and check authorization
54 // responses when the response is well formed.
TEST(PasswordAuthorizationDelegateTest,ParseGoodParams)55 TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) {
56   std::string auth_response("\x00\x00"   // nonceTpm = zero length buffer
57                             "\x01"       // session_attributes = continueSession
58                             "\x00\x00",  // hmac = zero length buffer
59                             5);
60   PasswordAuthorizationDelegate delegate("secret");
61   std::string response_hash;
62   bool authorization_result = delegate.CheckResponseAuthorization(
63       response_hash,
64       auth_response);
65   EXPECT_EQ(authorization_result, true);
66 }
67 
68 // This test checks the delegate's ability to correctly identify an incorrect
69 // authorization response.
TEST(PasswordAuthorizationDelegateTest,ParseBadParams)70 TEST(PasswordAuthorizationDelegateTest, ParseBadParams) {
71   std::string auth_response("\x00\x00"  // nonceTpm = zero length buffer
72                             "\x01"      // session_attributes = continueSession
73                             "\x00\x06"  // password length
74                             "secret",   // password
75                             11);
76   PasswordAuthorizationDelegate delegate("secret");
77   std::string response_hash;
78   bool authorization_result = delegate.CheckResponseAuthorization(
79       response_hash,
80       auth_response);
81   EXPECT_EQ(authorization_result, false);
82 }
83 
84 // This test confirms that after encrypting and decrypting a parameter,
85 // we get the original parameter back.
TEST(PasswordAuthorizationDelegateTest,EncryptDecrypt)86 TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) {
87   PasswordAuthorizationDelegate delegate("secret");
88   std::string plaintext_parameter("parameter");
89   std::string encrypted_parameter(plaintext_parameter);
90   ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
91   delegate.EncryptCommandParameter(&encrypted_parameter);
92   delegate.DecryptResponseParameter(&encrypted_parameter);
93   EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
94 }
95 
96 }  // namespace trunks
97