1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <memory>
18 #include <string>
19 #include <vector>
20
21 #include <base/logging.h>
22 #include <base/strings/string_number_conversions.h>
23 #include <gmock/gmock.h>
24 #include <gtest/gtest.h>
25
26 #include "attestation/common/crypto_utility_impl.h"
27 #include "attestation/common/mock_tpm_utility.h"
28
29 using testing::_;
30 using testing::NiceMock;
31 using testing::Return;
32
33 namespace {
34
35 const char kValidPublicKeyHex[] =
36 "3082010A0282010100"
37 "961037BC12D2A298BEBF06B2D5F8C9B64B832A2237F8CF27D5F96407A6041A4D"
38 "AD383CB5F88E625F412E8ACD5E9D69DF0F4FA81FCE7955829A38366CBBA5A2B1"
39 "CE3B48C14B59E9F094B51F0A39155874C8DE18A0C299EBF7A88114F806BE4F25"
40 "3C29A509B10E4B19E31675AFE3B2DA77077D94F43D8CE61C205781ED04D183B4"
41 "C349F61B1956C64B5398A3A98FAFF17D1B3D9120C832763EDFC8F4137F6EFBEF"
42 "46D8F6DE03BD00E49DEF987C10BDD5B6F8758B6A855C23C982DDA14D8F0F2B74"
43 "E6DEFA7EEE5A6FC717EB0FF103CB8049F693A2C8A5039EF1F5C025DC44BD8435"
44 "E8D8375DADE00E0C0F5C196E04B8483CC98B1D5B03DCD7E0048B2AB343FFC11F"
45 "0203"
46 "010001";
47
HexDecode(const std::string hex)48 std::string HexDecode(const std::string hex) {
49 std::vector<uint8_t> output;
50 CHECK(base::HexStringToBytes(hex, &output));
51 return std::string(reinterpret_cast<char*>(output.data()), output.size());
52 }
53
54 } // namespace
55
56 namespace attestation {
57
58 class CryptoUtilityImplTest : public testing::Test {
59 public:
60 ~CryptoUtilityImplTest() override = default;
SetUp()61 void SetUp() override {
62 crypto_utility_.reset(new CryptoUtilityImpl(&mock_tpm_utility_));
63 }
64
65 protected:
66 NiceMock<MockTpmUtility> mock_tpm_utility_;
67 std::unique_ptr<CryptoUtilityImpl> crypto_utility_;
68 };
69
TEST_F(CryptoUtilityImplTest,GetRandomSuccess)70 TEST_F(CryptoUtilityImplTest, GetRandomSuccess) {
71 std::string random1;
72 EXPECT_TRUE(crypto_utility_->GetRandom(20, &random1));
73 std::string random2;
74 EXPECT_TRUE(crypto_utility_->GetRandom(20, &random2));
75 EXPECT_NE(random1, random2);
76 }
77
TEST_F(CryptoUtilityImplTest,GetRandomIntOverflow)78 TEST_F(CryptoUtilityImplTest, GetRandomIntOverflow) {
79 size_t num_bytes = -1;
80 std::string buffer;
81 EXPECT_FALSE(crypto_utility_->GetRandom(num_bytes, &buffer));
82 }
83
TEST_F(CryptoUtilityImplTest,PairwiseSealedEncryption)84 TEST_F(CryptoUtilityImplTest, PairwiseSealedEncryption) {
85 std::string key;
86 std::string sealed_key;
87 EXPECT_TRUE(crypto_utility_->CreateSealedKey(&key, &sealed_key));
88 std::string data("test");
89 std::string encrypted_data;
90 EXPECT_TRUE(
91 crypto_utility_->EncryptData(data, key, sealed_key, &encrypted_data));
92 key.clear();
93 sealed_key.clear();
94 data.clear();
95 EXPECT_TRUE(crypto_utility_->UnsealKey(encrypted_data, &key, &sealed_key));
96 EXPECT_TRUE(crypto_utility_->DecryptData(encrypted_data, key, &data));
97 EXPECT_EQ("test", data);
98 }
99
TEST_F(CryptoUtilityImplTest,SealFailure)100 TEST_F(CryptoUtilityImplTest, SealFailure) {
101 EXPECT_CALL(mock_tpm_utility_, SealToPCR0(_, _))
102 .WillRepeatedly(Return(false));
103 std::string key;
104 std::string sealed_key;
105 EXPECT_FALSE(crypto_utility_->CreateSealedKey(&key, &sealed_key));
106 }
107
TEST_F(CryptoUtilityImplTest,EncryptNoData)108 TEST_F(CryptoUtilityImplTest, EncryptNoData) {
109 std::string key(32, 0);
110 std::string output;
111 EXPECT_TRUE(crypto_utility_->EncryptData(std::string(), key, key, &output));
112 }
113
TEST_F(CryptoUtilityImplTest,EncryptInvalidKey)114 TEST_F(CryptoUtilityImplTest, EncryptInvalidKey) {
115 std::string key(12, 0);
116 std::string output;
117 EXPECT_FALSE(crypto_utility_->EncryptData(std::string(), key, key, &output));
118 }
119
TEST_F(CryptoUtilityImplTest,UnsealInvalidData)120 TEST_F(CryptoUtilityImplTest, UnsealInvalidData) {
121 std::string output;
122 EXPECT_FALSE(crypto_utility_->UnsealKey("invalid", &output, &output));
123 }
124
TEST_F(CryptoUtilityImplTest,UnsealError)125 TEST_F(CryptoUtilityImplTest, UnsealError) {
126 EXPECT_CALL(mock_tpm_utility_, Unseal(_, _)).WillRepeatedly(Return(false));
127 std::string key(32, 0);
128 std::string data;
129 EXPECT_TRUE(crypto_utility_->EncryptData("data", key, key, &data));
130 std::string output;
131 EXPECT_FALSE(crypto_utility_->UnsealKey(data, &output, &output));
132 }
133
TEST_F(CryptoUtilityImplTest,DecryptInvalidKey)134 TEST_F(CryptoUtilityImplTest, DecryptInvalidKey) {
135 std::string key(12, 0);
136 std::string output;
137 EXPECT_FALSE(crypto_utility_->DecryptData(std::string(), key, &output));
138 }
139
TEST_F(CryptoUtilityImplTest,DecryptInvalidData)140 TEST_F(CryptoUtilityImplTest, DecryptInvalidData) {
141 std::string key(32, 0);
142 std::string output;
143 EXPECT_FALSE(crypto_utility_->DecryptData("invalid", key, &output));
144 }
145
TEST_F(CryptoUtilityImplTest,DecryptInvalidData2)146 TEST_F(CryptoUtilityImplTest, DecryptInvalidData2) {
147 std::string key(32, 0);
148 std::string output;
149 EncryptedData proto;
150 std::string input;
151 proto.SerializeToString(&input);
152 EXPECT_FALSE(crypto_utility_->DecryptData(input, key, &output));
153 }
154
TEST_F(CryptoUtilityImplTest,GetRSASubjectPublicKeyInfo)155 TEST_F(CryptoUtilityImplTest, GetRSASubjectPublicKeyInfo) {
156 std::string public_key = HexDecode(kValidPublicKeyHex);
157 std::string output;
158 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key, &output));
159 }
160
TEST_F(CryptoUtilityImplTest,GetRSASubjectPublicKeyInfoBadInput)161 TEST_F(CryptoUtilityImplTest, GetRSASubjectPublicKeyInfoBadInput) {
162 std::string public_key = "bad_public_key";
163 std::string output;
164 EXPECT_FALSE(
165 crypto_utility_->GetRSASubjectPublicKeyInfo(public_key, &output));
166 }
167
TEST_F(CryptoUtilityImplTest,GetRSASubjectPublicKeyInfoPairWise)168 TEST_F(CryptoUtilityImplTest, GetRSASubjectPublicKeyInfoPairWise) {
169 std::string public_key = HexDecode(kValidPublicKeyHex);
170 std::string output;
171 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key, &output));
172 std::string public_key2;
173 EXPECT_TRUE(crypto_utility_->GetRSAPublicKey(output, &public_key2));
174 EXPECT_EQ(public_key, public_key2);
175 }
176
TEST_F(CryptoUtilityImplTest,EncryptIdentityCredential)177 TEST_F(CryptoUtilityImplTest, EncryptIdentityCredential) {
178 std::string public_key = HexDecode(kValidPublicKeyHex);
179 std::string public_key_info;
180 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key,
181 &public_key_info));
182 EncryptedIdentityCredential output;
183 EXPECT_TRUE(crypto_utility_->EncryptIdentityCredential(
184 "credential", public_key_info, "aik", &output));
185 EXPECT_TRUE(output.has_asym_ca_contents());
186 EXPECT_TRUE(output.has_sym_ca_attestation());
187 }
188
TEST_F(CryptoUtilityImplTest,EncryptIdentityCredentialBadEK)189 TEST_F(CryptoUtilityImplTest, EncryptIdentityCredentialBadEK) {
190 EncryptedIdentityCredential output;
191 EXPECT_FALSE(crypto_utility_->EncryptIdentityCredential(
192 "credential", "bad_ek", "aik", &output));
193 }
194
TEST_F(CryptoUtilityImplTest,EncryptForUnbind)195 TEST_F(CryptoUtilityImplTest, EncryptForUnbind) {
196 std::string public_key = HexDecode(kValidPublicKeyHex);
197 std::string public_key_info;
198 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key,
199 &public_key_info));
200 std::string output;
201 EXPECT_TRUE(
202 crypto_utility_->EncryptForUnbind(public_key_info, "input", &output));
203 EXPECT_FALSE(output.empty());
204 }
205
TEST_F(CryptoUtilityImplTest,EncryptForUnbindBadKey)206 TEST_F(CryptoUtilityImplTest, EncryptForUnbindBadKey) {
207 std::string output;
208 EXPECT_FALSE(crypto_utility_->EncryptForUnbind("bad_key", "input", &output));
209 }
210
TEST_F(CryptoUtilityImplTest,EncryptForUnbindLargeInput)211 TEST_F(CryptoUtilityImplTest, EncryptForUnbindLargeInput) {
212 std::string public_key = HexDecode(kValidPublicKeyHex);
213 std::string public_key_info;
214 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key,
215 &public_key_info));
216 std::string input(1000, 'A');
217 std::string output;
218 EXPECT_FALSE(
219 crypto_utility_->EncryptForUnbind(public_key_info, input, &output));
220 }
221
TEST_F(CryptoUtilityImplTest,VerifySignatureBadSignature)222 TEST_F(CryptoUtilityImplTest, VerifySignatureBadSignature) {
223 std::string public_key = HexDecode(kValidPublicKeyHex);
224 std::string public_key_info;
225 EXPECT_TRUE(crypto_utility_->GetRSASubjectPublicKeyInfo(public_key,
226 &public_key_info));
227 std::string output;
228 EXPECT_FALSE(
229 crypto_utility_->VerifySignature(public_key_info, "input", "signature"));
230 }
231
TEST_F(CryptoUtilityImplTest,VerifySignatureBadKey)232 TEST_F(CryptoUtilityImplTest, VerifySignatureBadKey) {
233 EXPECT_FALSE(crypto_utility_->VerifySignature("bad_key", "input", ""));
234 }
235
236 } // namespace attestation
237