1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <string>
18
19 #include <base/bind.h>
20 #include <base/callback.h>
21 #include <base/message_loop/message_loop.h>
22 #include <base/run_loop.h>
23 #include <brillo/bind_lambda.h>
24 #include <brillo/data_encoding.h>
25 #include <brillo/http/http_transport_fake.h>
26 #include <brillo/mime_utils.h>
27 #include <gmock/gmock.h>
28 #include <gtest/gtest.h>
29
30 #include "attestation/common/attestation_ca.pb.h"
31 #include "attestation/common/mock_crypto_utility.h"
32 #include "attestation/common/mock_tpm_utility.h"
33 #include "attestation/server/attestation_service.h"
34 #include "attestation/server/mock_database.h"
35 #include "attestation/server/mock_key_store.h"
36
37 using brillo::http::fake::ServerRequest;
38 using brillo::http::fake::ServerResponse;
39 using testing::_;
40 using testing::DoAll;
41 using testing::NiceMock;
42 using testing::Return;
43 using testing::ReturnRef;
44 using testing::SetArgumentPointee;
45
46 namespace attestation {
47
48 class AttestationServiceTest : public testing::Test {
49 public:
50 enum FakeCAState {
51 kSuccess, // Valid successful response.
52 kCommandFailure, // Valid error response.
53 kHttpFailure, // Responds with an HTTP error.
54 kBadMessageID, // Valid successful response but a message ID mismatch.
55 };
56
57 ~AttestationServiceTest() override = default;
SetUp()58 void SetUp() override {
59 service_.reset(new AttestationService);
60 service_->set_database(&mock_database_);
61 service_->set_crypto_utility(&mock_crypto_utility_);
62 fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>();
63 service_->set_http_transport(fake_http_transport_);
64 service_->set_key_store(&mock_key_store_);
65 service_->set_tpm_utility(&mock_tpm_utility_);
66 // Setup a fake wrapped EK certificate by default.
67 mock_database_.GetMutableProtobuf()
68 ->mutable_credentials()
69 ->mutable_default_encrypted_endorsement_credential()
70 ->set_wrapping_key_id("default");
71 // Setup a fake Attestation CA for success by default.
72 SetupFakeCAEnroll(kSuccess);
73 SetupFakeCASign(kSuccess);
74 CHECK(service_->Initialize());
75 }
76
77 protected:
SetupFakeCAEnroll(FakeCAState state)78 void SetupFakeCAEnroll(FakeCAState state) {
79 fake_http_transport_->AddHandler(
80 service_->attestation_ca_origin() + "/enroll",
81 brillo::http::request_type::kPost,
82 base::Bind(&AttestationServiceTest::FakeCAEnroll,
83 base::Unretained(this), state));
84 }
85
SetupFakeCASign(FakeCAState state)86 void SetupFakeCASign(FakeCAState state) {
87 fake_http_transport_->AddHandler(
88 service_->attestation_ca_origin() + "/sign",
89 brillo::http::request_type::kPost,
90 base::Bind(&AttestationServiceTest::FakeCASign, base::Unretained(this),
91 state));
92 }
93
GetFakeCertificateChain()94 std::string GetFakeCertificateChain() {
95 const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n";
96 const std::string kEndCertificate = "-----END CERTIFICATE-----";
97 std::string pem = kBeginCertificate;
98 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert");
99 pem += kEndCertificate + "\n" + kBeginCertificate;
100 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert");
101 pem += kEndCertificate + "\n" + kBeginCertificate;
102 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2");
103 pem += kEndCertificate;
104 return pem;
105 }
106
GetCreateRequest()107 CreateGoogleAttestedKeyRequest GetCreateRequest() {
108 CreateGoogleAttestedKeyRequest request;
109 request.set_key_label("label");
110 request.set_key_type(KEY_TYPE_ECC);
111 request.set_key_usage(KEY_USAGE_SIGN);
112 request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE);
113 request.set_username("user");
114 request.set_origin("origin");
115 return request;
116 }
117
Run()118 void Run() { run_loop_.Run(); }
119
RunUntilIdle()120 void RunUntilIdle() { run_loop_.RunUntilIdle(); }
121
Quit()122 void Quit() { run_loop_.Quit(); }
123
124 std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_;
125 NiceMock<MockCryptoUtility> mock_crypto_utility_;
126 NiceMock<MockDatabase> mock_database_;
127 NiceMock<MockKeyStore> mock_key_store_;
128 NiceMock<MockTpmUtility> mock_tpm_utility_;
129 std::unique_ptr<AttestationService> service_;
130
131 private:
FakeCAEnroll(FakeCAState state,const ServerRequest & request,ServerResponse * response)132 void FakeCAEnroll(FakeCAState state,
133 const ServerRequest& request,
134 ServerResponse* response) {
135 AttestationEnrollmentRequest request_pb;
136 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
137 if (state == kHttpFailure) {
138 response->ReplyText(brillo::http::status_code::NotFound, std::string(),
139 brillo::mime::application::kOctet_stream);
140 return;
141 }
142 AttestationEnrollmentResponse response_pb;
143 if (state == kCommandFailure) {
144 response_pb.set_status(SERVER_ERROR);
145 response_pb.set_detail("fake_enroll_error");
146 } else if (state == kSuccess) {
147 response_pb.set_status(OK);
148 response_pb.set_detail("");
149 response_pb.mutable_encrypted_identity_credential()->set_asym_ca_contents(
150 "1234");
151 response_pb.mutable_encrypted_identity_credential()
152 ->set_sym_ca_attestation("5678");
153 } else {
154 NOTREACHED();
155 }
156 std::string tmp;
157 response_pb.SerializeToString(&tmp);
158 response->ReplyText(brillo::http::status_code::Ok, tmp,
159 brillo::mime::application::kOctet_stream);
160 }
161
FakeCASign(FakeCAState state,const ServerRequest & request,ServerResponse * response)162 void FakeCASign(FakeCAState state,
163 const ServerRequest& request,
164 ServerResponse* response) {
165 AttestationCertificateRequest request_pb;
166 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString()));
167 if (state == kHttpFailure) {
168 response->ReplyText(brillo::http::status_code::NotFound, std::string(),
169 brillo::mime::application::kOctet_stream);
170 return;
171 }
172 AttestationCertificateResponse response_pb;
173 if (state == kCommandFailure) {
174 response_pb.set_status(SERVER_ERROR);
175 response_pb.set_detail("fake_sign_error");
176 } else if (state == kSuccess || state == kBadMessageID) {
177 response_pb.set_status(OK);
178 response_pb.set_detail("");
179 if (state == kSuccess) {
180 response_pb.set_message_id(request_pb.message_id());
181 }
182 response_pb.set_certified_key_credential("fake_cert");
183 response_pb.set_intermediate_ca_cert("fake_ca_cert");
184 *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
185 }
186 std::string tmp;
187 response_pb.SerializeToString(&tmp);
188 response->ReplyText(brillo::http::status_code::Ok, tmp,
189 brillo::mime::application::kOctet_stream);
190 }
191
192 base::MessageLoop message_loop_;
193 base::RunLoop run_loop_;
194 };
195
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeySuccess)196 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) {
197 // Set expectations on the outputs.
198 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
199 EXPECT_EQ(STATUS_SUCCESS, reply.status());
200 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
201 EXPECT_FALSE(reply.has_server_error());
202 Quit();
203 };
204 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
205 Run();
206 }
207
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeySuccessNoUser)208 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) {
209 // Set expectations on the outputs.
210 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
211 EXPECT_EQ(STATUS_SUCCESS, reply.status());
212 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain());
213 EXPECT_FALSE(reply.has_server_error());
214 Quit();
215 };
216 CreateGoogleAttestedKeyRequest request = GetCreateRequest();
217 request.clear_username();
218 service_->CreateGoogleAttestedKey(request, base::Bind(callback));
219 Run();
220 }
221
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithEnrollHttpError)222 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) {
223 SetupFakeCAEnroll(kHttpFailure);
224 // Set expectations on the outputs.
225 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
226 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
227 EXPECT_FALSE(reply.has_certificate_chain());
228 EXPECT_EQ("", reply.server_error());
229 Quit();
230 };
231 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
232 Run();
233 }
234
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithSignHttpError)235 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) {
236 SetupFakeCASign(kHttpFailure);
237 // Set expectations on the outputs.
238 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
239 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status());
240 EXPECT_FALSE(reply.has_certificate_chain());
241 EXPECT_EQ("", reply.server_error());
242 Quit();
243 };
244 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
245 Run();
246 }
247
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithCAEnrollFailure)248 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) {
249 SetupFakeCAEnroll(kCommandFailure);
250 // Set expectations on the outputs.
251 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
252 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
253 EXPECT_FALSE(reply.has_certificate_chain());
254 EXPECT_EQ("fake_enroll_error", reply.server_error());
255 Quit();
256 };
257 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
258 Run();
259 }
260
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithCASignFailure)261 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) {
262 SetupFakeCASign(kCommandFailure);
263 // Set expectations on the outputs.
264 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
265 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status());
266 EXPECT_FALSE(reply.has_certificate_chain());
267 EXPECT_EQ("fake_sign_error", reply.server_error());
268 Quit();
269 };
270 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
271 Run();
272 }
273
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithBadCAMessageID)274 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) {
275 SetupFakeCASign(kBadMessageID);
276 // Set expectations on the outputs.
277 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
278 EXPECT_NE(STATUS_SUCCESS, reply.status());
279 EXPECT_FALSE(reply.has_certificate_chain());
280 EXPECT_EQ("", reply.server_error());
281 Quit();
282 };
283 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
284 Run();
285 }
286
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithNoEKCertificate)287 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) {
288 // Remove the default credential setup.
289 mock_database_.GetMutableProtobuf()->clear_credentials();
290 // Set expectations on the outputs.
291 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
292 EXPECT_NE(STATUS_SUCCESS, reply.status());
293 EXPECT_FALSE(reply.has_certificate_chain());
294 EXPECT_EQ("", reply.server_error());
295 Quit();
296 };
297 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
298 Run();
299 }
300
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithRNGFailure)301 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) {
302 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
303 .WillRepeatedly(Return(false));
304 // Set expectations on the outputs.
305 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
306 EXPECT_NE(STATUS_SUCCESS, reply.status());
307 EXPECT_FALSE(reply.has_certificate_chain());
308 EXPECT_EQ("", reply.server_error());
309 Quit();
310 };
311 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
312 Run();
313 }
314
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithRNGFailure2)315 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) {
316 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
317 .WillOnce(Return(true))
318 .WillRepeatedly(Return(false));
319 // Set expectations on the outputs.
320 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
321 EXPECT_NE(STATUS_SUCCESS, reply.status());
322 EXPECT_FALSE(reply.has_certificate_chain());
323 EXPECT_EQ("", reply.server_error());
324 Quit();
325 };
326 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
327 Run();
328 }
329
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithDBFailure)330 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) {
331 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
332 // Set expectations on the outputs.
333 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
334 EXPECT_NE(STATUS_SUCCESS, reply.status());
335 EXPECT_FALSE(reply.has_certificate_chain());
336 EXPECT_EQ("", reply.server_error());
337 Quit();
338 };
339 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
340 Run();
341 }
342
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithDBFailureNoUser)343 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) {
344 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
345 // Set expectations on the outputs.
346 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
347 EXPECT_NE(STATUS_SUCCESS, reply.status());
348 EXPECT_FALSE(reply.has_certificate_chain());
349 EXPECT_EQ("", reply.server_error());
350 Quit();
351 };
352 CreateGoogleAttestedKeyRequest request = GetCreateRequest();
353 request.clear_username();
354 service_->CreateGoogleAttestedKey(request, base::Bind(callback));
355 Run();
356 }
357
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithKeyWriteFailure)358 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) {
359 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
360 // Set expectations on the outputs.
361 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
362 EXPECT_NE(STATUS_SUCCESS, reply.status());
363 EXPECT_FALSE(reply.has_certificate_chain());
364 EXPECT_EQ("", reply.server_error());
365 Quit();
366 };
367 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
368 Run();
369 }
370
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmNotReady)371 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) {
372 EXPECT_CALL(mock_tpm_utility_, IsTpmReady()).WillRepeatedly(Return(false));
373 // Set expectations on the outputs.
374 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
375 EXPECT_NE(STATUS_SUCCESS, reply.status());
376 EXPECT_FALSE(reply.has_certificate_chain());
377 EXPECT_EQ("", reply.server_error());
378 Quit();
379 };
380 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
381 Run();
382 }
383
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmActivateFailure)384 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) {
385 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _))
386 .WillRepeatedly(Return(false));
387 // Set expectations on the outputs.
388 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
389 EXPECT_NE(STATUS_SUCCESS, reply.status());
390 EXPECT_FALSE(reply.has_certificate_chain());
391 EXPECT_EQ("", reply.server_error());
392 Quit();
393 };
394 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
395 Run();
396 }
397
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyWithTpmCreateFailure)398 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) {
399 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
400 .WillRepeatedly(Return(false));
401 // Set expectations on the outputs.
402 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) {
403 EXPECT_NE(STATUS_SUCCESS, reply.status());
404 EXPECT_FALSE(reply.has_certificate_chain());
405 EXPECT_EQ("", reply.server_error());
406 Quit();
407 };
408 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
409 Run();
410 }
411
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyAndCancel)412 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) {
413 // Set expectations on the outputs.
414 int callback_count = 0;
415 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
416 callback_count++;
417 };
418 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
419 // Bring down the service, which should cancel any callbacks.
420 service_.reset();
421 EXPECT_EQ(0, callback_count);
422 }
423
TEST_F(AttestationServiceTest,CreateGoogleAttestedKeyAndCancel2)424 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) {
425 // Set expectations on the outputs.
426 int callback_count = 0;
427 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) {
428 callback_count++;
429 };
430 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback));
431 // Give threads a chance to run.
432 base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10));
433 // Bring down the service, which should cancel any callbacks.
434 service_.reset();
435 // Pump the loop to make sure no callbacks were posted.
436 RunUntilIdle();
437 EXPECT_EQ(0, callback_count);
438 }
439
TEST_F(AttestationServiceTest,GetKeyInfoSuccess)440 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) {
441 // Setup a certified key in the key store.
442 CertifiedKey key;
443 key.set_public_key("public_key");
444 key.set_certified_key_credential("fake_cert");
445 key.set_intermediate_ca_cert("fake_ca_cert");
446 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
447 key.set_key_name("label");
448 key.set_certified_key_info("certify_info");
449 key.set_certified_key_proof("signature");
450 key.set_key_type(KEY_TYPE_RSA);
451 key.set_key_usage(KEY_USAGE_SIGN);
452 std::string key_bytes;
453 key.SerializeToString(&key_bytes);
454 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
455 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
456
457 // Set expectations on the outputs.
458 auto callback = [this](const GetKeyInfoReply& reply) {
459 EXPECT_EQ(STATUS_SUCCESS, reply.status());
460 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
461 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
462 EXPECT_EQ("public_key", reply.public_key());
463 EXPECT_EQ("certify_info", reply.certify_info());
464 EXPECT_EQ("signature", reply.certify_info_signature());
465 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
466 Quit();
467 };
468 GetKeyInfoRequest request;
469 request.set_key_label("label");
470 request.set_username("user");
471 service_->GetKeyInfo(request, base::Bind(callback));
472 Run();
473 }
474
TEST_F(AttestationServiceTest,GetKeyInfoSuccessNoUser)475 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) {
476 // Setup a certified key in the device key store.
477 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
478 key.set_public_key("public_key");
479 key.set_certified_key_credential("fake_cert");
480 key.set_intermediate_ca_cert("fake_ca_cert");
481 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
482 key.set_key_name("label");
483 key.set_certified_key_info("certify_info");
484 key.set_certified_key_proof("signature");
485 key.set_key_type(KEY_TYPE_RSA);
486 key.set_key_usage(KEY_USAGE_SIGN);
487
488 // Set expectations on the outputs.
489 auto callback = [this](const GetKeyInfoReply& reply) {
490 EXPECT_EQ(STATUS_SUCCESS, reply.status());
491 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type());
492 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage());
493 EXPECT_EQ("public_key", reply.public_key());
494 EXPECT_EQ("certify_info", reply.certify_info());
495 EXPECT_EQ("signature", reply.certify_info_signature());
496 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate());
497 Quit();
498 };
499 GetKeyInfoRequest request;
500 request.set_key_label("label");
501 service_->GetKeyInfo(request, base::Bind(callback));
502 Run();
503 }
504
TEST_F(AttestationServiceTest,GetKeyInfoNoKey)505 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) {
506 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
507 .WillRepeatedly(Return(false));
508
509 // Set expectations on the outputs.
510 auto callback = [this](const GetKeyInfoReply& reply) {
511 EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status());
512 Quit();
513 };
514 GetKeyInfoRequest request;
515 request.set_key_label("label");
516 request.set_username("user");
517 service_->GetKeyInfo(request, base::Bind(callback));
518 Run();
519 }
520
TEST_F(AttestationServiceTest,GetKeyInfoBadPublicKey)521 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) {
522 EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _))
523 .WillRepeatedly(Return(false));
524
525 // Set expectations on the outputs.
526 auto callback = [this](const GetKeyInfoReply& reply) {
527 EXPECT_NE(STATUS_SUCCESS, reply.status());
528 Quit();
529 };
530 GetKeyInfoRequest request;
531 request.set_key_label("label");
532 request.set_username("user");
533 service_->GetKeyInfo(request, base::Bind(callback));
534 Run();
535 }
536
TEST_F(AttestationServiceTest,GetEndorsementInfoSuccess)537 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) {
538 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
539 database->mutable_credentials()->set_endorsement_public_key("public_key");
540 database->mutable_credentials()->set_endorsement_credential("certificate");
541 // Set expectations on the outputs.
542 auto callback = [this](const GetEndorsementInfoReply& reply) {
543 EXPECT_EQ(STATUS_SUCCESS, reply.status());
544 EXPECT_EQ("public_key", reply.ek_public_key());
545 EXPECT_EQ("certificate", reply.ek_certificate());
546 Quit();
547 };
548 GetEndorsementInfoRequest request;
549 request.set_key_type(KEY_TYPE_RSA);
550 service_->GetEndorsementInfo(request, base::Bind(callback));
551 Run();
552 }
553
TEST_F(AttestationServiceTest,GetEndorsementInfoNoInfo)554 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) {
555 // Set expectations on the outputs.
556 auto callback = [this](const GetEndorsementInfoReply& reply) {
557 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
558 EXPECT_FALSE(reply.has_ek_public_key());
559 EXPECT_FALSE(reply.has_ek_certificate());
560 Quit();
561 };
562 GetEndorsementInfoRequest request;
563 request.set_key_type(KEY_TYPE_RSA);
564 service_->GetEndorsementInfo(request, base::Bind(callback));
565 Run();
566 }
567
TEST_F(AttestationServiceTest,GetEndorsementInfoNoCert)568 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) {
569 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
570 database->mutable_credentials()->set_endorsement_public_key("public_key");
571 // Set expectations on the outputs.
572 auto callback = [this](const GetEndorsementInfoReply& reply) {
573 EXPECT_EQ(STATUS_SUCCESS, reply.status());
574 EXPECT_EQ("public_key", reply.ek_public_key());
575 EXPECT_FALSE(reply.has_ek_certificate());
576 Quit();
577 };
578 GetEndorsementInfoRequest request;
579 request.set_key_type(KEY_TYPE_RSA);
580 service_->GetEndorsementInfo(request, base::Bind(callback));
581 Run();
582 }
583
TEST_F(AttestationServiceTest,GetAttestationKeyInfoSuccess)584 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) {
585 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
586 database->mutable_identity_key()->set_identity_public_key("public_key");
587 database->mutable_identity_key()->set_identity_credential("certificate");
588 database->mutable_pcr0_quote()->set_quote("pcr0");
589 database->mutable_pcr1_quote()->set_quote("pcr1");
590 database->mutable_identity_binding()->set_identity_public_key("public_key2");
591 // Set expectations on the outputs.
592 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
593 EXPECT_EQ(STATUS_SUCCESS, reply.status());
594 EXPECT_EQ("public_key", reply.public_key());
595 EXPECT_EQ("public_key2", reply.public_key_tpm_format());
596 EXPECT_EQ("certificate", reply.certificate());
597 EXPECT_EQ("pcr0", reply.pcr0_quote().quote());
598 EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
599 Quit();
600 };
601 GetAttestationKeyInfoRequest request;
602 request.set_key_type(KEY_TYPE_RSA);
603 service_->GetAttestationKeyInfo(request, base::Bind(callback));
604 Run();
605 }
606
TEST_F(AttestationServiceTest,GetAttestationKeyInfoNoInfo)607 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) {
608 // Set expectations on the outputs.
609 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
610 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status());
611 EXPECT_FALSE(reply.has_public_key());
612 EXPECT_FALSE(reply.has_public_key_tpm_format());
613 EXPECT_FALSE(reply.has_certificate());
614 EXPECT_FALSE(reply.has_pcr0_quote());
615 EXPECT_FALSE(reply.has_pcr1_quote());
616 Quit();
617 };
618 GetAttestationKeyInfoRequest request;
619 request.set_key_type(KEY_TYPE_RSA);
620 service_->GetAttestationKeyInfo(request, base::Bind(callback));
621 Run();
622 }
623
TEST_F(AttestationServiceTest,GetAttestationKeyInfoSomeInfo)624 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) {
625 AttestationDatabase* database = mock_database_.GetMutableProtobuf();
626 database->mutable_identity_key()->set_identity_credential("certificate");
627 database->mutable_pcr1_quote()->set_quote("pcr1");
628 // Set expectations on the outputs.
629 auto callback = [this](const GetAttestationKeyInfoReply& reply) {
630 EXPECT_EQ(STATUS_SUCCESS, reply.status());
631 EXPECT_FALSE(reply.has_public_key());
632 EXPECT_FALSE(reply.has_public_key_tpm_format());
633 EXPECT_EQ("certificate", reply.certificate());
634 EXPECT_FALSE(reply.has_pcr0_quote());
635 EXPECT_EQ("pcr1", reply.pcr1_quote().quote());
636 Quit();
637 };
638 GetAttestationKeyInfoRequest request;
639 request.set_key_type(KEY_TYPE_RSA);
640 service_->GetAttestationKeyInfo(request, base::Bind(callback));
641 Run();
642 }
643
TEST_F(AttestationServiceTest,ActivateAttestationKeySuccess)644 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) {
645 EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
646 EXPECT_CALL(mock_tpm_utility_,
647 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
648 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
649 Return(true)));
650 // Set expectations on the outputs.
651 auto callback = [this](const ActivateAttestationKeyReply& reply) {
652 EXPECT_EQ(STATUS_SUCCESS, reply.status());
653 EXPECT_EQ("certificate", reply.certificate());
654 Quit();
655 };
656 ActivateAttestationKeyRequest request;
657 request.set_key_type(KEY_TYPE_RSA);
658 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
659 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
660 request.set_save_certificate(true);
661 service_->ActivateAttestationKey(request, base::Bind(callback));
662 Run();
663 }
664
TEST_F(AttestationServiceTest,ActivateAttestationKeySuccessNoSave)665 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) {
666 EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0);
667 EXPECT_CALL(mock_database_, SaveChanges()).Times(0);
668 EXPECT_CALL(mock_tpm_utility_,
669 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
670 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")),
671 Return(true)));
672 // Set expectations on the outputs.
673 auto callback = [this](const ActivateAttestationKeyReply& reply) {
674 EXPECT_EQ(STATUS_SUCCESS, reply.status());
675 EXPECT_EQ("certificate", reply.certificate());
676 Quit();
677 };
678 ActivateAttestationKeyRequest request;
679 request.set_key_type(KEY_TYPE_RSA);
680 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
681 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
682 request.set_save_certificate(false);
683 service_->ActivateAttestationKey(request, base::Bind(callback));
684 Run();
685 }
686
TEST_F(AttestationServiceTest,ActivateAttestationKeySaveFailure)687 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) {
688 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
689 // Set expectations on the outputs.
690 auto callback = [this](const ActivateAttestationKeyReply& reply) {
691 EXPECT_NE(STATUS_SUCCESS, reply.status());
692 Quit();
693 };
694 ActivateAttestationKeyRequest request;
695 request.set_key_type(KEY_TYPE_RSA);
696 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
697 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
698 request.set_save_certificate(true);
699 service_->ActivateAttestationKey(request, base::Bind(callback));
700 Run();
701 }
702
TEST_F(AttestationServiceTest,ActivateAttestationKeyActivateFailure)703 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) {
704 EXPECT_CALL(mock_tpm_utility_,
705 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _))
706 .WillRepeatedly(Return(false));
707 // Set expectations on the outputs.
708 auto callback = [this](const ActivateAttestationKeyReply& reply) {
709 EXPECT_NE(STATUS_SUCCESS, reply.status());
710 Quit();
711 };
712 ActivateAttestationKeyRequest request;
713 request.set_key_type(KEY_TYPE_RSA);
714 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1");
715 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2");
716 request.set_save_certificate(true);
717 service_->ActivateAttestationKey(request, base::Bind(callback));
718 Run();
719 }
720
TEST_F(AttestationServiceTest,CreateCertifiableKeySuccess)721 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) {
722 // Configure a fake TPM response.
723 EXPECT_CALL(
724 mock_tpm_utility_,
725 CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _))
726 .WillOnce(
727 DoAll(SetArgumentPointee<5>(std::string("public_key")),
728 SetArgumentPointee<7>(std::string("certify_info")),
729 SetArgumentPointee<8>(std::string("certify_info_signature")),
730 Return(true)));
731 // Expect the key to be written exactly once.
732 EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1);
733 // Set expectations on the outputs.
734 auto callback = [this](const CreateCertifiableKeyReply& reply) {
735 EXPECT_EQ(STATUS_SUCCESS, reply.status());
736 EXPECT_EQ("public_key", reply.public_key());
737 EXPECT_EQ("certify_info", reply.certify_info());
738 EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
739 Quit();
740 };
741 CreateCertifiableKeyRequest request;
742 request.set_key_label("label");
743 request.set_key_type(KEY_TYPE_ECC);
744 request.set_key_usage(KEY_USAGE_SIGN);
745 request.set_username("user");
746 service_->CreateCertifiableKey(request, base::Bind(callback));
747 Run();
748 }
749
TEST_F(AttestationServiceTest,CreateCertifiableKeySuccessNoUser)750 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) {
751 // Configure a fake TPM response.
752 EXPECT_CALL(
753 mock_tpm_utility_,
754 CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _))
755 .WillOnce(
756 DoAll(SetArgumentPointee<5>(std::string("public_key")),
757 SetArgumentPointee<7>(std::string("certify_info")),
758 SetArgumentPointee<8>(std::string("certify_info_signature")),
759 Return(true)));
760 // Expect the key to be written exactly once.
761 EXPECT_CALL(mock_database_, SaveChanges()).Times(1);
762 // Set expectations on the outputs.
763 auto callback = [this](const CreateCertifiableKeyReply& reply) {
764 EXPECT_EQ(STATUS_SUCCESS, reply.status());
765 EXPECT_EQ("public_key", reply.public_key());
766 EXPECT_EQ("certify_info", reply.certify_info());
767 EXPECT_EQ("certify_info_signature", reply.certify_info_signature());
768 Quit();
769 };
770 CreateCertifiableKeyRequest request;
771 request.set_key_label("label");
772 request.set_key_type(KEY_TYPE_ECC);
773 request.set_key_usage(KEY_USAGE_SIGN);
774 service_->CreateCertifiableKey(request, base::Bind(callback));
775 Run();
776 }
777
TEST_F(AttestationServiceTest,CreateCertifiableKeyRNGFailure)778 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) {
779 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _))
780 .WillRepeatedly(Return(false));
781 // Set expectations on the outputs.
782 auto callback = [this](const CreateCertifiableKeyReply& reply) {
783 EXPECT_NE(STATUS_SUCCESS, reply.status());
784 EXPECT_FALSE(reply.has_public_key());
785 EXPECT_FALSE(reply.has_certify_info());
786 EXPECT_FALSE(reply.has_certify_info_signature());
787 Quit();
788 };
789 CreateCertifiableKeyRequest request;
790 request.set_key_label("label");
791 request.set_key_type(KEY_TYPE_ECC);
792 request.set_key_usage(KEY_USAGE_SIGN);
793 service_->CreateCertifiableKey(request, base::Bind(callback));
794 Run();
795 }
796
TEST_F(AttestationServiceTest,CreateCertifiableKeyTpmCreateFailure)797 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) {
798 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _))
799 .WillRepeatedly(Return(false));
800 // Set expectations on the outputs.
801 auto callback = [this](const CreateCertifiableKeyReply& reply) {
802 EXPECT_NE(STATUS_SUCCESS, reply.status());
803 EXPECT_FALSE(reply.has_public_key());
804 EXPECT_FALSE(reply.has_certify_info());
805 EXPECT_FALSE(reply.has_certify_info_signature());
806 Quit();
807 };
808 CreateCertifiableKeyRequest request;
809 request.set_key_label("label");
810 request.set_key_type(KEY_TYPE_ECC);
811 request.set_key_usage(KEY_USAGE_SIGN);
812 service_->CreateCertifiableKey(request, base::Bind(callback));
813 Run();
814 }
815
TEST_F(AttestationServiceTest,CreateCertifiableKeyDBFailure)816 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) {
817 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false));
818 // Set expectations on the outputs.
819 auto callback = [this](const CreateCertifiableKeyReply& reply) {
820 EXPECT_NE(STATUS_SUCCESS, reply.status());
821 EXPECT_FALSE(reply.has_public_key());
822 EXPECT_FALSE(reply.has_certify_info());
823 EXPECT_FALSE(reply.has_certify_info_signature());
824 Quit();
825 };
826 CreateCertifiableKeyRequest request;
827 request.set_key_label("label");
828 request.set_key_type(KEY_TYPE_ECC);
829 request.set_key_usage(KEY_USAGE_SIGN);
830 request.set_username("username");
831 service_->CreateCertifiableKey(request, base::Bind(callback));
832 Run();
833 }
834
TEST_F(AttestationServiceTest,CreateCertifiableKeyDBFailureNoUser)835 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) {
836 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false));
837 // Set expectations on the outputs.
838 auto callback = [this](const CreateCertifiableKeyReply& reply) {
839 EXPECT_NE(STATUS_SUCCESS, reply.status());
840 EXPECT_FALSE(reply.has_public_key());
841 EXPECT_FALSE(reply.has_certify_info());
842 EXPECT_FALSE(reply.has_certify_info_signature());
843 Quit();
844 };
845 CreateCertifiableKeyRequest request;
846 request.set_key_label("label");
847 request.set_key_type(KEY_TYPE_ECC);
848 request.set_key_usage(KEY_USAGE_SIGN);
849 service_->CreateCertifiableKey(request, base::Bind(callback));
850 Run();
851 }
852
TEST_F(AttestationServiceTest,DecryptSuccess)853 TEST_F(AttestationServiceTest, DecryptSuccess) {
854 // Set expectations on the outputs.
855 auto callback = [this](const DecryptReply& reply) {
856 EXPECT_EQ(STATUS_SUCCESS, reply.status());
857 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
858 reply.decrypted_data());
859 Quit();
860 };
861 DecryptRequest request;
862 request.set_key_label("label");
863 request.set_username("user");
864 request.set_encrypted_data("data");
865 service_->Decrypt(request, base::Bind(callback));
866 Run();
867 }
868
TEST_F(AttestationServiceTest,DecryptSuccessNoUser)869 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) {
870 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
871 // Set expectations on the outputs.
872 auto callback = [this](const DecryptReply& reply) {
873 EXPECT_EQ(STATUS_SUCCESS, reply.status());
874 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"),
875 reply.decrypted_data());
876 Quit();
877 };
878 DecryptRequest request;
879 request.set_key_label("label");
880 request.set_encrypted_data("data");
881 service_->Decrypt(request, base::Bind(callback));
882 Run();
883 }
884
TEST_F(AttestationServiceTest,DecryptKeyNotFound)885 TEST_F(AttestationServiceTest, DecryptKeyNotFound) {
886 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
887 .WillRepeatedly(Return(false));
888 // Set expectations on the outputs.
889 auto callback = [this](const DecryptReply& reply) {
890 EXPECT_NE(STATUS_SUCCESS, reply.status());
891 EXPECT_FALSE(reply.has_decrypted_data());
892 Quit();
893 };
894 DecryptRequest request;
895 request.set_key_label("label");
896 request.set_username("user");
897 request.set_encrypted_data("data");
898 service_->Decrypt(request, base::Bind(callback));
899 Run();
900 }
901
TEST_F(AttestationServiceTest,DecryptKeyNotFoundNoUser)902 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) {
903 // Set expectations on the outputs.
904 auto callback = [this](const DecryptReply& reply) {
905 EXPECT_NE(STATUS_SUCCESS, reply.status());
906 EXPECT_FALSE(reply.has_decrypted_data());
907 Quit();
908 };
909 DecryptRequest request;
910 request.set_key_label("label");
911 request.set_encrypted_data("data");
912 service_->Decrypt(request, base::Bind(callback));
913 Run();
914 }
915
TEST_F(AttestationServiceTest,DecryptUnbindFailure)916 TEST_F(AttestationServiceTest, DecryptUnbindFailure) {
917 EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false));
918 // Set expectations on the outputs.
919 auto callback = [this](const DecryptReply& reply) {
920 EXPECT_NE(STATUS_SUCCESS, reply.status());
921 EXPECT_FALSE(reply.has_decrypted_data());
922 Quit();
923 };
924 DecryptRequest request;
925 request.set_key_label("label");
926 request.set_username("user");
927 request.set_encrypted_data("data");
928 service_->Decrypt(request, base::Bind(callback));
929 Run();
930 }
931
TEST_F(AttestationServiceTest,SignSuccess)932 TEST_F(AttestationServiceTest, SignSuccess) {
933 // Set expectations on the outputs.
934 auto callback = [this](const SignReply& reply) {
935 EXPECT_EQ(STATUS_SUCCESS, reply.status());
936 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
937 Quit();
938 };
939 SignRequest request;
940 request.set_key_label("label");
941 request.set_username("user");
942 request.set_data_to_sign("data");
943 service_->Sign(request, base::Bind(callback));
944 Run();
945 }
946
TEST_F(AttestationServiceTest,SignSuccessNoUser)947 TEST_F(AttestationServiceTest, SignSuccessNoUser) {
948 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label");
949 // Set expectations on the outputs.
950 auto callback = [this](const SignReply& reply) {
951 EXPECT_EQ(STATUS_SUCCESS, reply.status());
952 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature());
953 Quit();
954 };
955 SignRequest request;
956 request.set_key_label("label");
957 request.set_data_to_sign("data");
958 service_->Sign(request, base::Bind(callback));
959 Run();
960 }
961
TEST_F(AttestationServiceTest,SignKeyNotFound)962 TEST_F(AttestationServiceTest, SignKeyNotFound) {
963 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
964 .WillRepeatedly(Return(false));
965 // Set expectations on the outputs.
966 auto callback = [this](const SignReply& reply) {
967 EXPECT_NE(STATUS_SUCCESS, reply.status());
968 EXPECT_FALSE(reply.has_signature());
969 Quit();
970 };
971 SignRequest request;
972 request.set_key_label("label");
973 request.set_username("user");
974 request.set_data_to_sign("data");
975 service_->Sign(request, base::Bind(callback));
976 Run();
977 }
978
TEST_F(AttestationServiceTest,SignKeyNotFoundNoUser)979 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) {
980 // Set expectations on the outputs.
981 auto callback = [this](const SignReply& reply) {
982 EXPECT_NE(STATUS_SUCCESS, reply.status());
983 EXPECT_FALSE(reply.has_signature());
984 Quit();
985 };
986 SignRequest request;
987 request.set_key_label("label");
988 request.set_data_to_sign("data");
989 service_->Sign(request, base::Bind(callback));
990 Run();
991 }
992
TEST_F(AttestationServiceTest,SignUnbindFailure)993 TEST_F(AttestationServiceTest, SignUnbindFailure) {
994 EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false));
995 // Set expectations on the outputs.
996 auto callback = [this](const SignReply& reply) {
997 EXPECT_NE(STATUS_SUCCESS, reply.status());
998 EXPECT_FALSE(reply.has_signature());
999 Quit();
1000 };
1001 SignRequest request;
1002 request.set_key_label("label");
1003 request.set_username("user");
1004 request.set_data_to_sign("data");
1005 service_->Sign(request, base::Bind(callback));
1006 Run();
1007 }
1008
TEST_F(AttestationServiceTest,RegisterSuccess)1009 TEST_F(AttestationServiceTest, RegisterSuccess) {
1010 // Setup a key in the user key store.
1011 CertifiedKey key;
1012 key.set_key_blob("key_blob");
1013 key.set_public_key("public_key");
1014 key.set_certified_key_credential("fake_cert");
1015 key.set_intermediate_ca_cert("fake_ca_cert");
1016 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1017 key.set_key_name("label");
1018 key.set_key_type(KEY_TYPE_RSA);
1019 key.set_key_usage(KEY_USAGE_SIGN);
1020 std::string key_bytes;
1021 key.SerializeToString(&key_bytes);
1022 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1023 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1024 // Cardinality is verified here to verify various steps are performed and to
1025 // catch performance regressions.
1026 EXPECT_CALL(mock_key_store_,
1027 Register("user", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN,
1028 "key_blob", "public_key", "fake_cert"))
1029 .Times(1);
1030 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert"))
1031 .Times(1);
1032 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2"))
1033 .Times(1);
1034 EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1);
1035 // Set expectations on the outputs.
1036 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1037 EXPECT_EQ(STATUS_SUCCESS, reply.status());
1038 Quit();
1039 };
1040 RegisterKeyWithChapsTokenRequest request;
1041 request.set_key_label("label");
1042 request.set_username("user");
1043 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1044 Run();
1045 }
1046
TEST_F(AttestationServiceTest,RegisterSuccessNoUser)1047 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) {
1048 // Setup a key in the device_keys field.
1049 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys();
1050 key.set_key_blob("key_blob");
1051 key.set_public_key("public_key");
1052 key.set_certified_key_credential("fake_cert");
1053 key.set_intermediate_ca_cert("fake_ca_cert");
1054 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1055 key.set_key_name("label");
1056 key.set_key_type(KEY_TYPE_RSA);
1057 key.set_key_usage(KEY_USAGE_SIGN);
1058 // Cardinality is verified here to verify various steps are performed and to
1059 // catch performance regressions.
1060 EXPECT_CALL(mock_key_store_,
1061 Register("", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN, "key_blob",
1062 "public_key", "fake_cert"))
1063 .Times(1);
1064 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert"))
1065 .Times(1);
1066 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2"))
1067 .Times(1);
1068 // Set expectations on the outputs.
1069 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1070 EXPECT_EQ(STATUS_SUCCESS, reply.status());
1071 EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size());
1072 Quit();
1073 };
1074 RegisterKeyWithChapsTokenRequest request;
1075 request.set_key_label("label");
1076 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1077 Run();
1078 }
1079
TEST_F(AttestationServiceTest,RegisterNoKey)1080 TEST_F(AttestationServiceTest, RegisterNoKey) {
1081 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1082 .WillRepeatedly(Return(false));
1083 // Set expectations on the outputs.
1084 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1085 EXPECT_NE(STATUS_SUCCESS, reply.status());
1086 Quit();
1087 };
1088 RegisterKeyWithChapsTokenRequest request;
1089 request.set_key_label("label");
1090 request.set_username("user");
1091 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1092 Run();
1093 }
1094
TEST_F(AttestationServiceTest,RegisterNoKeyNoUser)1095 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) {
1096 // Set expectations on the outputs.
1097 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1098 EXPECT_NE(STATUS_SUCCESS, reply.status());
1099 Quit();
1100 };
1101 RegisterKeyWithChapsTokenRequest request;
1102 request.set_key_label("label");
1103 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1104 Run();
1105 }
1106
TEST_F(AttestationServiceTest,RegisterFailure)1107 TEST_F(AttestationServiceTest, RegisterFailure) {
1108 // Setup a key in the user key store.
1109 CertifiedKey key;
1110 key.set_key_name("label");
1111 std::string key_bytes;
1112 key.SerializeToString(&key_bytes);
1113 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1114 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1115 EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _))
1116 .WillRepeatedly(Return(false));
1117 // Set expectations on the outputs.
1118 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1119 EXPECT_NE(STATUS_SUCCESS, reply.status());
1120 Quit();
1121 };
1122 RegisterKeyWithChapsTokenRequest request;
1123 request.set_key_label("label");
1124 request.set_username("user");
1125 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1126 Run();
1127 }
1128
TEST_F(AttestationServiceTest,RegisterIntermediateFailure)1129 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) {
1130 // Setup a key in the user key store.
1131 CertifiedKey key;
1132 key.set_key_name("label");
1133 key.set_intermediate_ca_cert("fake_ca_cert");
1134 std::string key_bytes;
1135 key.SerializeToString(&key_bytes);
1136 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1137 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1138 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
1139 .WillRepeatedly(Return(false));
1140 // Set expectations on the outputs.
1141 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1142 EXPECT_NE(STATUS_SUCCESS, reply.status());
1143 Quit();
1144 };
1145 RegisterKeyWithChapsTokenRequest request;
1146 request.set_key_label("label");
1147 request.set_username("user");
1148 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1149 Run();
1150 }
1151
TEST_F(AttestationServiceTest,RegisterAdditionalFailure)1152 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) {
1153 // Setup a key in the user key store.
1154 CertifiedKey key;
1155 key.set_key_name("label");
1156 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2";
1157 std::string key_bytes;
1158 key.SerializeToString(&key_bytes);
1159 EXPECT_CALL(mock_key_store_, Read("user", "label", _))
1160 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true)));
1161 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _))
1162 .WillRepeatedly(Return(false));
1163 // Set expectations on the outputs.
1164 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) {
1165 EXPECT_NE(STATUS_SUCCESS, reply.status());
1166 Quit();
1167 };
1168 RegisterKeyWithChapsTokenRequest request;
1169 request.set_key_label("label");
1170 request.set_username("user");
1171 service_->RegisterKeyWithChapsToken(request, base::Bind(callback));
1172 Run();
1173 }
1174
1175 } // namespace attestation
1176