1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <string>
18
19 #include <base/bind.h>
20 #include <base/callback.h>
21 #include <base/message_loop/message_loop.h>
22 #include <base/run_loop.h>
23 #include <brillo/bind_lambda.h>
24 #include <brillo/data_encoding.h>
25 #include <brillo/http/http_transport_fake.h>
26 #include <brillo/mime_utils.h>
27 #include <gmock/gmock.h>
28 #include <gtest/gtest.h>
29
30 #include "attestation/common/attestation_ca.pb.h"
31 #include "attestation/common/mock_crypto_utility.h"
32 #include "attestation/common/mock_tpm_utility.h"
33 #include "attestation/server/attestation_service.h"
34 #include "attestation/server/mock_database.h"
35 #include "attestation/server/mock_key_store.h"
36
37 using brillo::http::fake::ServerRequest;
38 using brillo::http::fake::ServerResponse;
39 using testing::_;
40 using testing::DoAll;
41 using testing::NiceMock;
42 using testing::Return;
43 using testing::ReturnRef;
44 using testing::SetArgumentPointee;
45
46 namespace attestation {
47
48 class AttestationServiceTest : public testing::Test {
49 public:
50 enum FakeCAState {
51 kSuccess, // Valid successful response.
52 kCommandFailure, // Valid error response.
53 kHttpFailure, // Responds with an HTTP error.
54 kBadMessageID, // Valid successful response but a message ID mismatch.
55 };
56
57 ~AttestationServiceTest() override = default;
SetUp()58 void SetUp() override {
59 service_.reset(new AttestationService);
60 service_->set_database(&mock_database_);
61 service_->set_crypto_utility(&mock_crypto_utility_);
62 fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>();
63 service_->set_http_transport(fake_http_transport_);
64 service_->set_key_store(&mock_key_store_);
65 service_->set_tpm_utility(&mock_tpm_utility_);
66 // Setup a fake wrapped EK certificate by default.
67 mock_database_.GetMutableProtobuf()->mutable_credentials()->
68 mutable_default_encrypted_endorsement_credential()->
69 set_wrapping_key_id("default");
70 // Setup a fake Attestation CA for success by default.
71 SetupFakeCAEnroll(kSuccess);
72 SetupFakeCASign(kSuccess);
73 CHECK(service_->Initialize());
74 }
75
76 protected:
SetupFakeCAEnroll(FakeCAState state)77 void SetupFakeCAEnroll(FakeCAState state) {
78 fake_http_transport_->AddHandler(
79 service_->attestation_ca_origin() + "/enroll",
80 brillo::http::request_type::kPost,
81 base::Bind(&AttestationServiceTest::FakeCAEnroll,
82 base::Unretained(this),
83 state));
84 }
85
SetupFakeCASign(FakeCAState state)86 void SetupFakeCASign(FakeCAState state) {
87 fake_http_transport_->AddHandler(
88 service_->attestation_ca_origin() + "/sign",
89 brillo::http::request_type::kPost,
90 base::Bind(&AttestationServiceTest::FakeCASign,
91 base::Unretained(this),
92 state));
93 }
94
GetFakeCertificateChain()95 std::string GetFakeCertificateChain() {
96 const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n";
97 const std::string kEndCertificate = "-----END CERTIFICATE-----";
98 std::string pem = kBeginCertificate;
99 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert");
100 pem += kEndCertificate + "\n" + kBeginCertificate;
101 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert");
102 pem += kEndCertificate + "\n" + kBeginCertificate;
103 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2");
104 pem += kEndCertificate;
105 return pem;
106 }
107
GetCreateRequest()108 CreateGoogleAttestedKeyRequest GetCreateRequest() {
109 CreateGoogleAttestedKeyRequest request;
110 request.set_key_label("label");
111 request.set_key_type(KEY_TYPE_ECC);
112 request.set_key_usage(KEY_USAGE_SIGN);
113 request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE);
114 request.set_username("user");
115 request.set_origin("origin");
116 return request;
117 }
118
Run()119 void Run() {
120 run_loop_.Run();
121 }
122
RunUntilIdle()123 void RunUntilIdle() {
124 run_loop_.RunUntilIdle();
125 }
126
Quit()127 void Quit() {
128 run_loop_.Quit();
129 }
130
131 std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_;
132 NiceMock<MockCryptoUtility> mock_crypto_utility_;
133 NiceMock<MockDatabase> mock_database_;
134 NiceMock<MockKeyStore> mock_key_store_;
135 NiceMock<MockTpmUtility> mock_tpm_utility_;
136 std::unique_ptr<AttestationService> service_;
137
138 private:
FakeCAEnroll(FakeCAState state,const ServerRequest & request,ServerResponse * response)139 void FakeCAEnroll(FakeCAState state,
140 const ServerRequest& request,
141 ServerResponse* response) {
142 AttestationEnrollmentRequest request_pb;
143 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
144 if (state == kHttpFailure) {
145 response->ReplyText(brillo::http::status_code::NotFound, std::string(),
146 brillo::mime::application::kOctet_stream);
147 return;
148 }
149 AttestationEnrollmentResponse response_pb;
150 if (state == kCommandFailure) {
151 response_pb.set_status(SERVER_ERROR);
152 response_pb.set_detail("fake_enroll_error");
153 } else if (state == kSuccess) {
154 response_pb.set_status(OK);
155 response_pb.set_detail("");
156 response_pb.mutable_encrypted_identity_credential()->
157 set_asym_ca_contents("1234");
158 response_pb.mutable_encrypted_identity_credential()->
159 set_sym_ca_attestation("5678");
160 } else {
161 NOTREACHED();
162 }
163 std::string tmp;
164 response_pb.SerializeToString(&tmp);
165 response->ReplyText(brillo::http::status_code::Ok, tmp,
166 brillo::mime::application::kOctet_stream);
167 }
168
FakeCASign(FakeCAState state,const ServerRequest & request,ServerResponse * response)169 void FakeCASign(FakeCAState state,
170 const ServerRequest& request,
171 ServerResponse* response) {
172 AttestationCertificateRequest request_pb;
173 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
174 if (state == kHttpFailure) {
175 response->ReplyText(brillo::http::status_code::NotFound, std::string(),
176 brillo::mime::application::kOctet_stream);
177 return;
178 }
179 AttestationCertificateResponse response_pb;
180 if (state == kCommandFailure) {
181 response_pb.set_status(SERVER_ERROR);
182 response_pb.set_detail("fake_sign_error");
183 } else if (state == kSuccess || state == kBadMessageID) {
184 response_pb.set_status(OK);
185 response_pb.set_detail("");
186 if (state == kSuccess) {
187 response_pb.set_message_id(request_pb.message_id());
188 }
189 response_pb.set_certified_key_credential("fake_cert");
190 response_pb.set_intermediate_ca_cert("fake_ca_cert");
191 *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
192 }
193 std::string tmp;
194 response_pb.SerializeToString(&tmp);
195 response->ReplyText(brillo::http::status_code::Ok, tmp,
196 brillo::mime::application::kOctet_stream);
197 }
198
199 base::MessageLoop message_loop_;
200 base::RunLoop run_loop_;
201 };
202
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeySuccess)203 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) {
204 // Set expectations on the outputs.
205 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
206 EXPECT_EQ(STATUS_SUCCESS, reply.status());
207 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
208 EXPECT_FALSE(reply.has_server_error());
209 Quit();
210 };
211 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
212 Run();
213 }
214
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeySuccessNoUser)215 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) {
216 // Set expectations on the outputs.
217 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
218 EXPECT_EQ(STATUS_SUCCESS, reply.status());
219 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
220 EXPECT_FALSE(reply.has_server_error());
221 Quit();
222 };
223 CreateGoogleAttestedKeyRequest request = GetCreateRequest();
224 request.clear_username();
225 service_->CreateGoogleAttestedKey(request, base::Bind(callback));
226 Run();
227 }
228
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithEnrollHttpError)229 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) {
230 SetupFakeCAEnroll(kHttpFailure);
231 // Set expectations on the outputs.
232 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
233 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
234 EXPECT_FALSE(reply.has_certificate_chain());
235 EXPECT_EQ("", reply.server_error());
236 Quit();
237 };
238 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
239 Run();
240 }
241
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithSignHttpError)242 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) {
243 SetupFakeCASign(kHttpFailure);
244 // Set expectations on the outputs.
245 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
246 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
247 EXPECT_FALSE(reply.has_certificate_chain());
248 EXPECT_EQ("", reply.server_error());
249 Quit();
250 };
251 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
252 Run();
253 }
254
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithCAEnrollFailure)255 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) {
256 SetupFakeCAEnroll(kCommandFailure);
257 // Set expectations on the outputs.
258 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
259 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
260 EXPECT_FALSE(reply.has_certificate_chain());
261 EXPECT_EQ("fake_enroll_error", reply.server_error());
262 Quit();
263 };
264 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
265 Run();
266 }
267
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithCASignFailure)268 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) {
269 SetupFakeCASign(kCommandFailure);
270 // Set expectations on the outputs.
271 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
272 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
273 EXPECT_FALSE(reply.has_certificate_chain());
274 EXPECT_EQ("fake_sign_error", reply.server_error());
275 Quit();
276 };
277 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
278 Run();
279 }
280
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithBadCAMessageID)281 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) {
282 SetupFakeCASign(kBadMessageID);
283 // Set expectations on the outputs.
284 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
285 EXPECT_NE(STATUS_SUCCESS, reply.status());
286 EXPECT_FALSE(reply.has_certificate_chain());
287 EXPECT_EQ("", reply.server_error());
288 Quit();
289 };
290 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
291 Run();
292 }
293
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithNoEKCertificate)294 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) {
295 // Remove the default credential setup.
296 mock_database_.GetMutableProtobuf()->clear_credentials();
297 // Set expectations on the outputs.
298 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
299 EXPECT_NE(STATUS_SUCCESS, reply.status());
300 EXPECT_FALSE(reply.has_certificate_chain());
301 EXPECT_EQ("", reply.server_error());
302 Quit();
303 };
304 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
305 Run();
306 }
307
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithRNGFailure)308 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) {
309 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
310 .WillRepeatedly(Return(false));
311 // Set expectations on the outputs.
312 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
313 EXPECT_NE(STATUS_SUCCESS, reply.status());
314 EXPECT_FALSE(reply.has_certificate_chain());
315 EXPECT_EQ("", reply.server_error());
316 Quit();
317 };
318 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
319 Run();
320 }
321
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithRNGFailure2)322 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) {
323 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
324 .WillOnce(Return(true))
325 .WillRepeatedly(Return(false));
326 // Set expectations on the outputs.
327 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
328 EXPECT_NE(STATUS_SUCCESS, reply.status());
329 EXPECT_FALSE(reply.has_certificate_chain());
330 EXPECT_EQ("", reply.server_error());
331 Quit();
332 };
333 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
334 Run();
335 }
336
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithDBFailure)337 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) {
338 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
339 // Set expectations on the outputs.
340 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
341 EXPECT_NE(STATUS_SUCCESS, reply.status());
342 EXPECT_FALSE(reply.has_certificate_chain());
343 EXPECT_EQ("", reply.server_error());
344 Quit();
345 };
346 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
347 Run();
348 }
349
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithDBFailureNoUser)350 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) {
351 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
352 // Set expectations on the outputs.
353 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
354 EXPECT_NE(STATUS_SUCCESS, reply.status());
355 EXPECT_FALSE(reply.has_certificate_chain());
356 EXPECT_EQ("", reply.server_error());
357 Quit();
358 };
359 CreateGoogleAttestedKeyRequest request = GetCreateRequest();
360 request.clear_username();
361 service_->CreateGoogleAttestedKey(request, base::Bind(callback));
362 Run();
363 }
364
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithKeyWriteFailure)365 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) {
366 EXPECT_CALL(mock_key_store_, Write(_, _, _))
367 .WillRepeatedly(Return(false));
368 // Set expectations on the outputs.
369 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
370 EXPECT_NE(STATUS_SUCCESS, reply.status());
371 EXPECT_FALSE(reply.has_certificate_chain());
372 EXPECT_EQ("", reply.server_error());
373 Quit();
374 };
375 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
376 Run();
377 }
378
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmNotReady)379 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) {
380 EXPECT_CALL(mock_tpm_utility_, IsTpmReady())
381 .WillRepeatedly(Return(false));
382 // Set expectations on the outputs.
383 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
384 EXPECT_NE(STATUS_SUCCESS, reply.status());
385 EXPECT_FALSE(reply.has_certificate_chain());
386 EXPECT_EQ("", reply.server_error());
387 Quit();
388 };
389 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
390 Run();
391 }
392
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmActivateFailure)393 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) {
394 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _))
395 .WillRepeatedly(Return(false));
396 // Set expectations on the outputs.
397 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
398 EXPECT_NE(STATUS_SUCCESS, reply.status());
399 EXPECT_FALSE(reply.has_certificate_chain());
400 EXPECT_EQ("", reply.server_error());
401 Quit();
402 };
403 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
404 Run();
405 }
406
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmCreateFailure)407 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) {
408 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
409 .WillRepeatedly(Return(false));
410 // Set expectations on the outputs.
411 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
412 EXPECT_NE(STATUS_SUCCESS, reply.status());
413 EXPECT_FALSE(reply.has_certificate_chain());
414 EXPECT_EQ("", reply.server_error());
415 Quit();
416 };
417 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
418 Run();
419 }
420
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyAndCancel)421 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) {
422 // Set expectations on the outputs.
423 int callback_count = 0;
424 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
425 callback_count++;
426 };
427 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
428 // Bring down the service, which should cancel any callbacks.
429 service_.reset();
430 EXPECT_EQ(0, callback_count);
431 }
432
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyAndCancel2)433 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) {
434 // Set expectations on the outputs.
435 int callback_count = 0;
436 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
437 callback_count++;
438 };
439 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
440 // Give threads a chance to run.
441 base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10));
442 // Bring down the service, which should cancel any callbacks.
443 service_.reset();
444 // Pump the loop to make sure no callbacks were posted.
445 RunUntilIdle();
446 EXPECT_EQ(0, callback_count);
447 }
448
TEST_F(AttestationServiceTest,GetKeyInfoSuccess)449 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) {
450 // Setup a certified key in the key store.
451 CertifiedKey key;
452 key.set_public_key("public_key");
453 key.set_certified_key_credential("fake_cert");
454 key.set_intermediate_ca_cert("fake_ca_cert");
455 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
456 key.set_key_name("label");
457 key.set_certified_key_info("certify_info");
458 key.set_certified_key_proof("signature");
459 key.set_key_type(KEY_TYPE_RSA);
460 key.set_key_usage(KEY_USAGE_SIGN);
461 std::string key_bytes;
462 key.SerializeToString(&key_bytes);
463 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
464 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
465
466 // Set expectations on the outputs.
467 auto callback = [this](const GetKeyInfoReply& reply) {
468 EXPECT_EQ(STATUS_SUCCESS, reply.status());
469 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
470 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
471 EXPECT_EQ("public_key", reply.public_key());
472 EXPECT_EQ("certify_info", reply.certify_info());
473 EXPECT_EQ("signature", reply.certify_info_signature());
474 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
475 Quit();
476 };
477 GetKeyInfoRequest request;
478 request.set_key_label("label");
479 request.set_username("user");
480 service_->GetKeyInfo(request, base::Bind(callback));
481 Run();
482 }
483
TEST_F(AttestationServiceTest,GetKeyInfoSuccessNoUser)484 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) {
485 // Setup a certified key in the device key store.
486 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
487 key.set_public_key("public_key");
488 key.set_certified_key_credential("fake_cert");
489 key.set_intermediate_ca_cert("fake_ca_cert");
490 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
491 key.set_key_name("label");
492 key.set_certified_key_info("certify_info");
493 key.set_certified_key_proof("signature");
494 key.set_key_type(KEY_TYPE_RSA);
495 key.set_key_usage(KEY_USAGE_SIGN);
496
497 // Set expectations on the outputs.
498 auto callback = [this](const GetKeyInfoReply& reply) {
499 EXPECT_EQ(STATUS_SUCCESS, reply.status());
500 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
501 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
502 EXPECT_EQ("public_key", reply.public_key());
503 EXPECT_EQ("certify_info", reply.certify_info());
504 EXPECT_EQ("signature", reply.certify_info_signature());
505 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
506 Quit();
507 };
508 GetKeyInfoRequest request;
509 request.set_key_label("label");
510 service_->GetKeyInfo(request, base::Bind(callback));
511 Run();
512 }
513
TEST_F(AttestationServiceTest,GetKeyInfoNoKey)514 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) {
515 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
516 .WillRepeatedly(Return(false));
517
518 // Set expectations on the outputs.
519 auto callback = [this](const GetKeyInfoReply& reply) {
520 EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status());
521 Quit();
522 };
523 GetKeyInfoRequest request;
524 request.set_key_label("label");
525 request.set_username("user");
526 service_->GetKeyInfo(request, base::Bind(callback));
527 Run();
528 }
529
TEST_F(AttestationServiceTest,GetKeyInfoBadPublicKey)530 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) {
531 EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _))
532 .WillRepeatedly(Return(false));
533
534 // Set expectations on the outputs.
535 auto callback = [this](const GetKeyInfoReply& reply) {
536 EXPECT_NE(STATUS_SUCCESS, reply.status());
537 Quit();
538 };
539 GetKeyInfoRequest request;
540 request.set_key_label("label");
541 request.set_username("user");
542 service_->GetKeyInfo(request, base::Bind(callback));
543 Run();
544 }
545
TEST_F(AttestationServiceTest,GetEndorsementInfoSuccess)546 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) {
547 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
548 database->mutable_credentials()->set_endorsement_public_key("public_key");
549 database->mutable_credentials()->set_endorsement_credential("certificate");
550 // Set expectations on the outputs.
551 auto callback = [this](const GetEndorsementInfoReply& reply) {
552 EXPECT_EQ(STATUS_SUCCESS, reply.status());
553 EXPECT_EQ("public_key", reply.ek_public_key());
554 EXPECT_EQ("certificate", reply.ek_certificate());
555 Quit();
556 };
557 GetEndorsementInfoRequest request;
558 request.set_key_type(KEY_TYPE_RSA);
559 service_->GetEndorsementInfo(request, base::Bind(callback));
560 Run();
561 }
562
TEST_F(AttestationServiceTest,GetEndorsementInfoNoInfo)563 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) {
564 // Set expectations on the outputs.
565 auto callback = [this](const GetEndorsementInfoReply& reply) {
566 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
567 EXPECT_FALSE(reply.has_ek_public_key());
568 EXPECT_FALSE(reply.has_ek_certificate());
569 Quit();
570 };
571 GetEndorsementInfoRequest request;
572 request.set_key_type(KEY_TYPE_RSA);
573 service_->GetEndorsementInfo(request, base::Bind(callback));
574 Run();
575 }
576
TEST_F(AttestationServiceTest,GetEndorsementInfoNoCert)577 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) {
578 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
579 database->mutable_credentials()->set_endorsement_public_key("public_key");
580 // Set expectations on the outputs.
581 auto callback = [this](const GetEndorsementInfoReply& reply) {
582 EXPECT_EQ(STATUS_SUCCESS, reply.status());
583 EXPECT_EQ("public_key", reply.ek_public_key());
584 EXPECT_FALSE(reply.has_ek_certificate());
585 Quit();
586 };
587 GetEndorsementInfoRequest request;
588 request.set_key_type(KEY_TYPE_RSA);
589 service_->GetEndorsementInfo(request, base::Bind(callback));
590 Run();
591 }
592
TEST_F(AttestationServiceTest,GetAttestationKeyInfoSuccess)593 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) {
594 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
595 database->mutable_identity_key()->set_identity_public_key("public_key");
596 database->mutable_identity_key()->set_identity_credential("certificate");
597 database->mutable_pcr0_quote()->set_quote("pcr0");
598 database->mutable_pcr1_quote()->set_quote("pcr1");
599 database->mutable_identity_binding()->set_identity_public_key("public_key2");
600 // Set expectations on the outputs.
601 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
602 EXPECT_EQ(STATUS_SUCCESS, reply.status());
603 EXPECT_EQ("public_key", reply.public_key());
604 EXPECT_EQ("public_key2", reply.public_key_tpm_format());
605 EXPECT_EQ("certificate", reply.certificate());
606 EXPECT_EQ("pcr0", reply.pcr0_quote().quote());
607 EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
608 Quit();
609 };
610 GetAttestationKeyInfoRequest request;
611 request.set_key_type(KEY_TYPE_RSA);
612 service_->GetAttestationKeyInfo(request, base::Bind(callback));
613 Run();
614 }
615
TEST_F(AttestationServiceTest,GetAttestationKeyInfoNoInfo)616 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) {
617 // Set expectations on the outputs.
618 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
619 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
620 EXPECT_FALSE(reply.has_public_key());
621 EXPECT_FALSE(reply.has_public_key_tpm_format());
622 EXPECT_FALSE(reply.has_certificate());
623 EXPECT_FALSE(reply.has_pcr0_quote());
624 EXPECT_FALSE(reply.has_pcr1_quote());
625 Quit();
626 };
627 GetAttestationKeyInfoRequest request;
628 request.set_key_type(KEY_TYPE_RSA);
629 service_->GetAttestationKeyInfo(request, base::Bind(callback));
630 Run();
631 }
632
TEST_F(AttestationServiceTest,GetAttestationKeyInfoSomeInfo)633 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) {
634 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
635 database->mutable_identity_key()->set_identity_credential("certificate");
636 database->mutable_pcr1_quote()->set_quote("pcr1");
637 // Set expectations on the outputs.
638 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
639 EXPECT_EQ(STATUS_SUCCESS, reply.status());
640 EXPECT_FALSE(reply.has_public_key());
641 EXPECT_FALSE(reply.has_public_key_tpm_format());
642 EXPECT_EQ("certificate", reply.certificate());
643 EXPECT_FALSE(reply.has_pcr0_quote());
644 EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
645 Quit();
646 };
647 GetAttestationKeyInfoRequest request;
648 request.set_key_type(KEY_TYPE_RSA);
649 service_->GetAttestationKeyInfo(request, base::Bind(callback));
650 Run();
651 }
652
TEST_F(AttestationServiceTest,ActivateAttestationKeySuccess)653 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) {
654 EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
655 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
656 "encrypted2", _))
657 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
658 Return(true)));
659 // Set expectations on the outputs.
660 auto callback = [this](const ActivateAttestationKeyReply& reply) {
661 EXPECT_EQ(STATUS_SUCCESS, reply.status());
662 EXPECT_EQ("certificate", reply.certificate());
663 Quit();
664 };
665 ActivateAttestationKeyRequest request;
666 request.set_key_type(KEY_TYPE_RSA);
667 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
668 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
669 request.set_save_certificate(true);
670 service_->ActivateAttestationKey(request, base::Bind(callback));
671 Run();
672 }
673
TEST_F(AttestationServiceTest,ActivateAttestationKeySuccessNoSave)674 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) {
675 EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0);
676 EXPECT_CALL(mock_database_, SaveChanges()).Times(0);
677 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
678 "encrypted2", _))
679 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
680 Return(true)));
681 // Set expectations on the outputs.
682 auto callback = [this](const ActivateAttestationKeyReply& reply) {
683 EXPECT_EQ(STATUS_SUCCESS, reply.status());
684 EXPECT_EQ("certificate", reply.certificate());
685 Quit();
686 };
687 ActivateAttestationKeyRequest request;
688 request.set_key_type(KEY_TYPE_RSA);
689 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
690 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
691 request.set_save_certificate(false);
692 service_->ActivateAttestationKey(request, base::Bind(callback));
693 Run();
694 }
695
TEST_F(AttestationServiceTest,ActivateAttestationKeySaveFailure)696 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) {
697 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
698 // Set expectations on the outputs.
699 auto callback = [this](const ActivateAttestationKeyReply& reply) {
700 EXPECT_NE(STATUS_SUCCESS, reply.status());
701 Quit();
702 };
703 ActivateAttestationKeyRequest request;
704 request.set_key_type(KEY_TYPE_RSA);
705 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
706 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
707 request.set_save_certificate(true);
708 service_->ActivateAttestationKey(request, base::Bind(callback));
709 Run();
710 }
711
TEST_F(AttestationServiceTest,ActivateAttestationKeyActivateFailure)712 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) {
713 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1",
714 "encrypted2", _))
715 .WillRepeatedly(Return(false));
716 // Set expectations on the outputs.
717 auto callback = [this](const ActivateAttestationKeyReply& reply) {
718 EXPECT_NE(STATUS_SUCCESS, reply.status());
719 Quit();
720 };
721 ActivateAttestationKeyRequest request;
722 request.set_key_type(KEY_TYPE_RSA);
723 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
724 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
725 request.set_save_certificate(true);
726 service_->ActivateAttestationKey(request, base::Bind(callback));
727 Run();
728 }
729
TEST_F(AttestationServiceTest,CreateCertifiableKeySuccess)730 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) {
731 // Configure a fake TPM response.
732 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC,
733 KEY_USAGE_SIGN,
734 _, _, _, _, _, _, _))
735 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")),
736 SetArgumentPointee<7>(std::string("certify_info")),
737 SetArgumentPointee<8>(
738 std::string("certify_info_signature")),
739 Return(true)));
740 // Expect the key to be written exactly once.
741 EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1);
742 // Set expectations on the outputs.
743 auto callback = [this](const CreateCertifiableKeyReply& reply) {
744 EXPECT_EQ(STATUS_SUCCESS, reply.status());
745 EXPECT_EQ("public_key", reply.public_key());
746 EXPECT_EQ("certify_info", reply.certify_info());
747 EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
748 Quit();
749 };
750 CreateCertifiableKeyRequest request;
751 request.set_key_label("label");
752 request.set_key_type(KEY_TYPE_ECC);
753 request.set_key_usage(KEY_USAGE_SIGN);
754 request.set_username("user");
755 service_->CreateCertifiableKey(request, base::Bind(callback));
756 Run();
757 }
758
TEST_F(AttestationServiceTest,CreateCertifiableKeySuccessNoUser)759 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) {
760 // Configure a fake TPM response.
761 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC,
762 KEY_USAGE_SIGN,
763 _, _, _, _, _, _, _))
764 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")),
765 SetArgumentPointee<7>(std::string("certify_info")),
766 SetArgumentPointee<8>(
767 std::string("certify_info_signature")),
768 Return(true)));
769 // Expect the key to be written exactly once.
770 EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
771 // Set expectations on the outputs.
772 auto callback = [this](const CreateCertifiableKeyReply& reply) {
773 EXPECT_EQ(STATUS_SUCCESS, reply.status());
774 EXPECT_EQ("public_key", reply.public_key());
775 EXPECT_EQ("certify_info", reply.certify_info());
776 EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
777 Quit();
778 };
779 CreateCertifiableKeyRequest request;
780 request.set_key_label("label");
781 request.set_key_type(KEY_TYPE_ECC);
782 request.set_key_usage(KEY_USAGE_SIGN);
783 service_->CreateCertifiableKey(request, base::Bind(callback));
784 Run();
785 }
786
TEST_F(AttestationServiceTest,CreateCertifiableKeyRNGFailure)787 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) {
788 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
789 .WillRepeatedly(Return(false));
790 // Set expectations on the outputs.
791 auto callback = [this](const CreateCertifiableKeyReply& reply) {
792 EXPECT_NE(STATUS_SUCCESS, reply.status());
793 EXPECT_FALSE(reply.has_public_key());
794 EXPECT_FALSE(reply.has_certify_info());
795 EXPECT_FALSE(reply.has_certify_info_signature());
796 Quit();
797 };
798 CreateCertifiableKeyRequest request;
799 request.set_key_label("label");
800 request.set_key_type(KEY_TYPE_ECC);
801 request.set_key_usage(KEY_USAGE_SIGN);
802 service_->CreateCertifiableKey(request, base::Bind(callback));
803 Run();
804 }
805
TEST_F(AttestationServiceTest,CreateCertifiableKeyTpmCreateFailure)806 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) {
807 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
808 .WillRepeatedly(Return(false));
809 // Set expectations on the outputs.
810 auto callback = [this](const CreateCertifiableKeyReply& reply) {
811 EXPECT_NE(STATUS_SUCCESS, reply.status());
812 EXPECT_FALSE(reply.has_public_key());
813 EXPECT_FALSE(reply.has_certify_info());
814 EXPECT_FALSE(reply.has_certify_info_signature());
815 Quit();
816 };
817 CreateCertifiableKeyRequest request;
818 request.set_key_label("label");
819 request.set_key_type(KEY_TYPE_ECC);
820 request.set_key_usage(KEY_USAGE_SIGN);
821 service_->CreateCertifiableKey(request, base::Bind(callback));
822 Run();
823 }
824
TEST_F(AttestationServiceTest,CreateCertifiableKeyDBFailure)825 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) {
826 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
827 // Set expectations on the outputs.
828 auto callback = [this](const CreateCertifiableKeyReply& reply) {
829 EXPECT_NE(STATUS_SUCCESS, reply.status());
830 EXPECT_FALSE(reply.has_public_key());
831 EXPECT_FALSE(reply.has_certify_info());
832 EXPECT_FALSE(reply.has_certify_info_signature());
833 Quit();
834 };
835 CreateCertifiableKeyRequest request;
836 request.set_key_label("label");
837 request.set_key_type(KEY_TYPE_ECC);
838 request.set_key_usage(KEY_USAGE_SIGN);
839 request.set_username("username");
840 service_->CreateCertifiableKey(request, base::Bind(callback));
841 Run();
842 }
843
TEST_F(AttestationServiceTest,CreateCertifiableKeyDBFailureNoUser)844 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) {
845 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
846 // Set expectations on the outputs.
847 auto callback = [this](const CreateCertifiableKeyReply& reply) {
848 EXPECT_NE(STATUS_SUCCESS, reply.status());
849 EXPECT_FALSE(reply.has_public_key());
850 EXPECT_FALSE(reply.has_certify_info());
851 EXPECT_FALSE(reply.has_certify_info_signature());
852 Quit();
853 };
854 CreateCertifiableKeyRequest request;
855 request.set_key_label("label");
856 request.set_key_type(KEY_TYPE_ECC);
857 request.set_key_usage(KEY_USAGE_SIGN);
858 service_->CreateCertifiableKey(request, base::Bind(callback));
859 Run();
860 }
861
TEST_F(AttestationServiceTest,DecryptSuccess)862 TEST_F(AttestationServiceTest, DecryptSuccess) {
863 // Set expectations on the outputs.
864 auto callback = [this](const DecryptReply& reply) {
865 EXPECT_EQ(STATUS_SUCCESS, reply.status());
866 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
867 reply.decrypted_data());
868 Quit();
869 };
870 DecryptRequest request;
871 request.set_key_label("label");
872 request.set_username("user");
873 request.set_encrypted_data("data");
874 service_->Decrypt(request, base::Bind(callback));
875 Run();
876 }
877
TEST_F(AttestationServiceTest,DecryptSuccessNoUser)878 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) {
879 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
880 // Set expectations on the outputs.
881 auto callback = [this](const DecryptReply& reply) {
882 EXPECT_EQ(STATUS_SUCCESS, reply.status());
883 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
884 reply.decrypted_data());
885 Quit();
886 };
887 DecryptRequest request;
888 request.set_key_label("label");
889 request.set_encrypted_data("data");
890 service_->Decrypt(request, base::Bind(callback));
891 Run();
892 }
893
TEST_F(AttestationServiceTest,DecryptKeyNotFound)894 TEST_F(AttestationServiceTest, DecryptKeyNotFound) {
895 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
896 .WillRepeatedly(Return(false));
897 // Set expectations on the outputs.
898 auto callback = [this](const DecryptReply& reply) {
899 EXPECT_NE(STATUS_SUCCESS, reply.status());
900 EXPECT_FALSE(reply.has_decrypted_data());
901 Quit();
902 };
903 DecryptRequest request;
904 request.set_key_label("label");
905 request.set_username("user");
906 request.set_encrypted_data("data");
907 service_->Decrypt(request, base::Bind(callback));
908 Run();
909 }
910
TEST_F(AttestationServiceTest,DecryptKeyNotFoundNoUser)911 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) {
912 // Set expectations on the outputs.
913 auto callback = [this](const DecryptReply& reply) {
914 EXPECT_NE(STATUS_SUCCESS, reply.status());
915 EXPECT_FALSE(reply.has_decrypted_data());
916 Quit();
917 };
918 DecryptRequest request;
919 request.set_key_label("label");
920 request.set_encrypted_data("data");
921 service_->Decrypt(request, base::Bind(callback));
922 Run();
923 }
924
TEST_F(AttestationServiceTest,DecryptUnbindFailure)925 TEST_F(AttestationServiceTest, DecryptUnbindFailure) {
926 EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false));
927 // Set expectations on the outputs.
928 auto callback = [this](const DecryptReply& reply) {
929 EXPECT_NE(STATUS_SUCCESS, reply.status());
930 EXPECT_FALSE(reply.has_decrypted_data());
931 Quit();
932 };
933 DecryptRequest request;
934 request.set_key_label("label");
935 request.set_username("user");
936 request.set_encrypted_data("data");
937 service_->Decrypt(request, base::Bind(callback));
938 Run();
939 }
940
TEST_F(AttestationServiceTest,SignSuccess)941 TEST_F(AttestationServiceTest, SignSuccess) {
942 // Set expectations on the outputs.
943 auto callback = [this](const SignReply& reply) {
944 EXPECT_EQ(STATUS_SUCCESS, reply.status());
945 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
946 Quit();
947 };
948 SignRequest request;
949 request.set_key_label("label");
950 request.set_username("user");
951 request.set_data_to_sign("data");
952 service_->Sign(request, base::Bind(callback));
953 Run();
954 }
955
TEST_F(AttestationServiceTest,SignSuccessNoUser)956 TEST_F(AttestationServiceTest, SignSuccessNoUser) {
957 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
958 // Set expectations on the outputs.
959 auto callback = [this](const SignReply& reply) {
960 EXPECT_EQ(STATUS_SUCCESS, reply.status());
961 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
962 Quit();
963 };
964 SignRequest request;
965 request.set_key_label("label");
966 request.set_data_to_sign("data");
967 service_->Sign(request, base::Bind(callback));
968 Run();
969 }
970
TEST_F(AttestationServiceTest,SignKeyNotFound)971 TEST_F(AttestationServiceTest, SignKeyNotFound) {
972 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
973 .WillRepeatedly(Return(false));
974 // Set expectations on the outputs.
975 auto callback = [this](const SignReply& reply) {
976 EXPECT_NE(STATUS_SUCCESS, reply.status());
977 EXPECT_FALSE(reply.has_signature());
978 Quit();
979 };
980 SignRequest request;
981 request.set_key_label("label");
982 request.set_username("user");
983 request.set_data_to_sign("data");
984 service_->Sign(request, base::Bind(callback));
985 Run();
986 }
987
TEST_F(AttestationServiceTest,SignKeyNotFoundNoUser)988 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) {
989 // Set expectations on the outputs.
990 auto callback = [this](const SignReply& reply) {
991 EXPECT_NE(STATUS_SUCCESS, reply.status());
992 EXPECT_FALSE(reply.has_signature());
993 Quit();
994 };
995 SignRequest request;
996 request.set_key_label("label");
997 request.set_data_to_sign("data");
998 service_->Sign(request, base::Bind(callback));
999 Run();
1000 }
1001
TEST_F(AttestationServiceTest,SignUnbindFailure)1002 TEST_F(AttestationServiceTest, SignUnbindFailure) {
1003 EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false));
1004 // Set expectations on the outputs.
1005 auto callback = [this](const SignReply& reply) {
1006 EXPECT_NE(STATUS_SUCCESS, reply.status());
1007 EXPECT_FALSE(reply.has_signature());
1008 Quit();
1009 };
1010 SignRequest request;
1011 request.set_key_label("label");
1012 request.set_username("user");
1013 request.set_data_to_sign("data");
1014 service_->Sign(request, base::Bind(callback));
1015 Run();
1016 }
1017
TEST_F(AttestationServiceTest,RegisterSuccess)1018 TEST_F(AttestationServiceTest, RegisterSuccess) {
1019 // Setup a key in the user key store.
1020 CertifiedKey key;
1021 key.set_key_blob("key_blob");
1022 key.set_public_key("public_key");
1023 key.set_certified_key_credential("fake_cert");
1024 key.set_intermediate_ca_cert("fake_ca_cert");
1025 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1026 key.set_key_name("label");
1027 key.set_key_type(KEY_TYPE_RSA);
1028 key.set_key_usage(KEY_USAGE_SIGN);
1029 std::string key_bytes;
1030 key.SerializeToString(&key_bytes);
1031 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1032 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1033 // Cardinality is verified here to verify various steps are performed and to
1034 // catch performance regressions.
1035 EXPECT_CALL(mock_key_store_, Register("user",
1036 "label",
1037 KEY_TYPE_RSA,
1038 KEY_USAGE_SIGN,
1039 "key_blob",
1040 "public_key",
1041 "fake_cert")).Times(1);
1042 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert"))
1043 .Times(1);
1044 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2"))
1045 .Times(1);
1046 EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1);
1047 // Set expectations on the outputs.
1048 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1049 EXPECT_EQ(STATUS_SUCCESS, reply.status());
1050 Quit();
1051 };
1052 RegisterKeyWithChapsTokenRequest request;
1053 request.set_key_label("label");
1054 request.set_username("user");
1055 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1056 Run();
1057 }
1058
TEST_F(AttestationServiceTest,RegisterSuccessNoUser)1059 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) {
1060 // Setup a key in the device_keys field.
1061 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
1062 key.set_key_blob("key_blob");
1063 key.set_public_key("public_key");
1064 key.set_certified_key_credential("fake_cert");
1065 key.set_intermediate_ca_cert("fake_ca_cert");
1066 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1067 key.set_key_name("label");
1068 key.set_key_type(KEY_TYPE_RSA);
1069 key.set_key_usage(KEY_USAGE_SIGN);
1070 // Cardinality is verified here to verify various steps are performed and to
1071 // catch performance regressions.
1072 EXPECT_CALL(mock_key_store_, Register("",
1073 "label",
1074 KEY_TYPE_RSA,
1075 KEY_USAGE_SIGN,
1076 "key_blob",
1077 "public_key",
1078 "fake_cert")).Times(1);
1079 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert"))
1080 .Times(1);
1081 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2"))
1082 .Times(1);
1083 // Set expectations on the outputs.
1084 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1085 EXPECT_EQ(STATUS_SUCCESS, reply.status());
1086 EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size());
1087 Quit();
1088 };
1089 RegisterKeyWithChapsTokenRequest request;
1090 request.set_key_label("label");
1091 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1092 Run();
1093 }
1094
TEST_F(AttestationServiceTest,RegisterNoKey)1095 TEST_F(AttestationServiceTest, RegisterNoKey) {
1096 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1097 .WillRepeatedly(Return(false));
1098 // Set expectations on the outputs.
1099 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1100 EXPECT_NE(STATUS_SUCCESS, reply.status());
1101 Quit();
1102 };
1103 RegisterKeyWithChapsTokenRequest request;
1104 request.set_key_label("label");
1105 request.set_username("user");
1106 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1107 Run();
1108 }
1109
TEST_F(AttestationServiceTest,RegisterNoKeyNoUser)1110 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) {
1111 // Set expectations on the outputs.
1112 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1113 EXPECT_NE(STATUS_SUCCESS, reply.status());
1114 Quit();
1115 };
1116 RegisterKeyWithChapsTokenRequest request;
1117 request.set_key_label("label");
1118 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1119 Run();
1120 }
1121
TEST_F(AttestationServiceTest,RegisterFailure)1122 TEST_F(AttestationServiceTest, RegisterFailure) {
1123 // Setup a key in the user key store.
1124 CertifiedKey key;
1125 key.set_key_name("label");
1126 std::string key_bytes;
1127 key.SerializeToString(&key_bytes);
1128 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1129 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1130 EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _))
1131 .WillRepeatedly(Return(false));
1132 // Set expectations on the outputs.
1133 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1134 EXPECT_NE(STATUS_SUCCESS, reply.status());
1135 Quit();
1136 };
1137 RegisterKeyWithChapsTokenRequest request;
1138 request.set_key_label("label");
1139 request.set_username("user");
1140 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1141 Run();
1142 }
1143
TEST_F(AttestationServiceTest,RegisterIntermediateFailure)1144 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) {
1145 // Setup a key in the user key store.
1146 CertifiedKey key;
1147 key.set_key_name("label");
1148 key.set_intermediate_ca_cert("fake_ca_cert");
1149 std::string key_bytes;
1150 key.SerializeToString(&key_bytes);
1151 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1152 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1153 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
1154 .WillRepeatedly(Return(false));
1155 // Set expectations on the outputs.
1156 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1157 EXPECT_NE(STATUS_SUCCESS, reply.status());
1158 Quit();
1159 };
1160 RegisterKeyWithChapsTokenRequest request;
1161 request.set_key_label("label");
1162 request.set_username("user");
1163 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1164 Run();
1165 }
1166
TEST_F(AttestationServiceTest,RegisterAdditionalFailure)1167 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) {
1168 // Setup a key in the user key store.
1169 CertifiedKey key;
1170 key.set_key_name("label");
1171 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1172 std::string key_bytes;
1173 key.SerializeToString(&key_bytes);
1174 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1175 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1176 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
1177 .WillRepeatedly(Return(false));
1178 // Set expectations on the outputs.
1179 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1180 EXPECT_NE(STATUS_SUCCESS, reply.status());
1181 Quit();
1182 };
1183 RegisterKeyWithChapsTokenRequest request;
1184 request.set_key_label("label");
1185 request.set_username("user");
1186 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1187 Run();
1188 }
1189
1190 } // namespace attestation
1191