1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "tpm_manager/server/tpm2_nvram_impl.h"
18
19 #include <gmock/gmock.h>
20 #include <gtest/gtest.h>
21 #include <trunks/mock_hmac_session.h>
22 #include <trunks/mock_policy_session.h>
23 #include <trunks/mock_tpm_utility.h>
24 #include <trunks/tpm_constants.h>
25 #include <trunks/trunks_factory_for_test.h>
26
27 #include "tpm_manager/server/mock_local_data_store.h"
28
29 namespace {
30
31 constexpr char kTestOwnerPassword[] = "owner";
32 constexpr char kFakePolicyDigest[] = "fake_policy_digest";
33 constexpr char kFakePCRValue[] = "fake_pcr_value";
34 constexpr char kFakeAuthorizationValue[] = "fake_authorization";
35 trunks::AuthorizationDelegate* const kHMACAuth =
36 reinterpret_cast<trunks::AuthorizationDelegate*>(1ull);
37 trunks::AuthorizationDelegate* const kPolicyAuth =
38 reinterpret_cast<trunks::AuthorizationDelegate*>(2ull);
39 constexpr trunks::TPMA_NV kNoExtraAttributes = 0;
40
41 } // namespace
42
43 namespace tpm_manager {
44
45 using testing::_;
46 using testing::AnyNumber;
47 using testing::AtLeast;
48 using testing::DoAll;
49 using testing::Mock;
50 using testing::NiceMock;
51 using testing::Return;
52 using testing::SetArgPointee;
53 using trunks::TPM_RC_SUCCESS;
54 using trunks::TPM_RC_FAILURE;
55 using trunks::TPM_RC_HANDLE;
56
57 class Tpm2NvramTest : public testing::Test {
58 public:
59 Tpm2NvramTest() = default;
60 virtual ~Tpm2NvramTest() = default;
61
SetUp()62 void SetUp() {
63 factory_.set_hmac_session(&mock_hmac_session_);
64 factory_.set_policy_session(&mock_policy_session_);
65 factory_.set_trial_session(&mock_trial_session_);
66 factory_.set_tpm_utility(&mock_tpm_utility_);
67 tpm_nvram_.reset(new Tpm2NvramImpl(factory_, &mock_data_store_));
68 ON_CALL(mock_hmac_session_, GetDelegate()).WillByDefault(Return(kHMACAuth));
69 ON_CALL(mock_policy_session_, GetDelegate())
70 .WillByDefault(Return(kPolicyAuth));
71 ON_CALL(mock_policy_session_, GetDigest(_))
72 .WillByDefault(
73 DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS)));
74 ON_CALL(mock_trial_session_, GetDigest(_))
75 .WillByDefault(
76 DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS)));
77 }
78
SetupOwnerPassword()79 void SetupOwnerPassword() {
80 LocalData& local_data = mock_data_store_.GetMutableFakeData();
81 local_data.set_owner_password(kTestOwnerPassword);
82 }
83
84 enum ExpectAuth { NO_EXPECT_AUTH, EXPECT_AUTH };
85 enum AuthType { NORMAL_AUTH, POLICY_AUTH, OWNER_AUTH };
SetupExistingSpace(uint32_t index,uint32_t size,trunks::TPMA_NV extra_attributes,ExpectAuth expect_auth,AuthType auth_type)86 void SetupExistingSpace(uint32_t index,
87 uint32_t size,
88 trunks::TPMA_NV extra_attributes,
89 ExpectAuth expect_auth,
90 AuthType auth_type) {
91 trunks::TPMS_NV_PUBLIC public_data;
92 public_data.nv_index = index;
93 public_data.data_size = size;
94 public_data.attributes = trunks::TPMA_NV_READ_STCLEAR |
95 trunks::TPMA_NV_WRITE_STCLEAR | extra_attributes;
96 switch (auth_type) {
97 case NORMAL_AUTH:
98 public_data.attributes |=
99 trunks::TPMA_NV_AUTHREAD | trunks::TPMA_NV_AUTHWRITE;
100 break;
101 case POLICY_AUTH:
102 public_data.attributes |=
103 trunks::TPMA_NV_POLICYREAD | trunks::TPMA_NV_POLICYWRITE;
104 break;
105 case OWNER_AUTH:
106 public_data.attributes |=
107 trunks::TPMA_NV_OWNERREAD | trunks::TPMA_NV_OWNERWRITE;
108 break;
109 }
110 ON_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
111 .WillByDefault(
112 DoAll(SetArgPointee<1>(public_data), Return(TPM_RC_SUCCESS)));
113 LocalData& local_data = mock_data_store_.GetMutableFakeData();
114 NvramPolicyRecord& policy_record = *local_data.add_nvram_policy();
115 policy_record.set_index(index);
116 if (auth_type == POLICY_AUTH) {
117 policy_record.set_policy(NVRAM_POLICY_PCR0);
118 }
119 if (!expect_auth) {
120 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue(_)).Times(0);
121 EXPECT_CALL(mock_policy_session_, SetEntityAuthorizationValue(_))
122 .Times(0);
123 EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(0);
124 } else if (auth_type == NORMAL_AUTH) {
125 EXPECT_CALL(mock_hmac_session_,
126 SetEntityAuthorizationValue(kFakeAuthorizationValue))
127 .Times(AtLeast(1));
128 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
129 } else if (auth_type == OWNER_AUTH) {
130 EXPECT_CALL(mock_hmac_session_,
131 SetEntityAuthorizationValue(kTestOwnerPassword))
132 .Times(AtLeast(1));
133 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
134 } else {
135 EXPECT_CALL(mock_policy_session_,
136 SetEntityAuthorizationValue(kFakeAuthorizationValue))
137 .Times(AtLeast(1));
138 EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
139 EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _))
140 .Times(AtLeast(1))
141 .WillRepeatedly(
142 DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS)));
143 EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(AtLeast(1));
144 EXPECT_CALL(mock_policy_session_, PolicyPCR(0, kFakePCRValue))
145 .Times(AtLeast(1));
146 }
147 }
148
149 protected:
150 trunks::TrunksFactoryForTest factory_;
151 NiceMock<trunks::MockHmacSession> mock_hmac_session_;
152 NiceMock<trunks::MockPolicySession> mock_policy_session_;
153 NiceMock<trunks::MockPolicySession> mock_trial_session_;
154 NiceMock<MockLocalDataStore> mock_data_store_;
155 NiceMock<trunks::MockTpmUtility> mock_tpm_utility_;
156 std::unique_ptr<Tpm2NvramImpl> tpm_nvram_;
157 };
158
TEST_F(Tpm2NvramTest,NoOwnerFailure)159 TEST_F(Tpm2NvramTest, NoOwnerFailure) {
160 EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED,
161 tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE));
162 EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED, tpm_nvram_->DestroySpace(0));
163 }
164
TEST_F(Tpm2NvramTest,SessionFailure)165 TEST_F(Tpm2NvramTest, SessionFailure) {
166 EXPECT_CALL(mock_hmac_session_, StartUnboundSession(_))
167 .WillRepeatedly(Return(TPM_RC_FAILURE));
168 EXPECT_NE(NVRAM_RESULT_SUCCESS,
169 tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE));
170 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(0));
171 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->WriteSpace(0, "", ""));
172 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ReadSpace(0, nullptr, ""));
173 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->LockSpace(0, false, false, ""));
174 }
175
TEST_F(Tpm2NvramTest,DefineSpaceSuccess)176 TEST_F(Tpm2NvramTest, DefineSpaceSuccess) {
177 SetupOwnerPassword();
178 EXPECT_CALL(mock_hmac_session_,
179 SetEntityAuthorizationValue(kTestOwnerPassword))
180 .Times(AtLeast(1));
181 EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(0);
182 EXPECT_CALL(mock_trial_session_, PolicyPCR(_, _)).Times(0);
183 uint32_t index = 42;
184 size_t size = 20;
185 std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK};
186 EXPECT_CALL(
187 mock_tpm_utility_,
188 DefineNVSpace(index, size,
189 trunks::TPMA_NV_WRITEDEFINE | trunks::TPMA_NV_POLICYWRITE |
190 trunks::TPMA_NV_POLICYREAD,
191 kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth))
192 .WillOnce(Return(TPM_RC_SUCCESS));
193 EXPECT_EQ(
194 NVRAM_RESULT_SUCCESS,
195 tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue,
196 NVRAM_POLICY_NONE));
197 const LocalData& local_data = mock_data_store_.GetFakeData();
198 EXPECT_EQ(1, local_data.nvram_policy_size());
199 EXPECT_EQ(index, local_data.nvram_policy(0).index());
200 EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy());
201 }
202
TEST_F(Tpm2NvramTest,DefineSpaceFailure)203 TEST_F(Tpm2NvramTest, DefineSpaceFailure) {
204 SetupOwnerPassword();
205 uint32_t index = 42;
206 size_t size = 20;
207 std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK};
208 EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _))
209 .WillRepeatedly(Return(TPM_RC_FAILURE));
210 EXPECT_NE(
211 NVRAM_RESULT_SUCCESS,
212 tpm_nvram_->DefineSpace(index, size, attributes, "", NVRAM_POLICY_NONE));
213 }
214
TEST_F(Tpm2NvramTest,DefineSpaceNoClobberOnError)215 TEST_F(Tpm2NvramTest, DefineSpaceNoClobberOnError) {
216 SetupOwnerPassword();
217 EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _))
218 .WillOnce(Return(TPM_RC_SUCCESS))
219 .WillRepeatedly(Return(TPM_RC_FAILURE));
220 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
221 tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_NONE));
222 EXPECT_NE(NVRAM_RESULT_SUCCESS,
223 tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_PCR0));
224 const LocalData& local_data = mock_data_store_.GetFakeData();
225 EXPECT_EQ(1, local_data.nvram_policy_size());
226 EXPECT_EQ(0, local_data.nvram_policy(0).index());
227 EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy());
228 }
229
TEST_F(Tpm2NvramTest,DefineSpaceWithPolicy)230 TEST_F(Tpm2NvramTest, DefineSpaceWithPolicy) {
231 SetupOwnerPassword();
232 EXPECT_CALL(mock_hmac_session_,
233 SetEntityAuthorizationValue(kTestOwnerPassword))
234 .Times(AtLeast(1));
235 EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(AtLeast(1));
236 EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _))
237 .WillRepeatedly(
238 DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS)));
239 EXPECT_CALL(mock_trial_session_, PolicyPCR(0, kFakePCRValue))
240 .Times(AtLeast(1));
241 uint32_t index = 42;
242 size_t size = 20;
243 std::vector<NvramSpaceAttribute> attributes{NVRAM_WRITE_AUTHORIZATION};
244 EXPECT_CALL(
245 mock_tpm_utility_,
246 DefineNVSpace(index, size,
247 trunks::TPMA_NV_POLICYWRITE | trunks::TPMA_NV_POLICYREAD,
248 kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth))
249 .WillOnce(Return(TPM_RC_SUCCESS));
250 EXPECT_EQ(
251 NVRAM_RESULT_SUCCESS,
252 tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue,
253 NVRAM_POLICY_PCR0));
254 }
255
TEST_F(Tpm2NvramTest,DefineSpaceWithExistingLocalData)256 TEST_F(Tpm2NvramTest, DefineSpaceWithExistingLocalData) {
257 SetupOwnerPassword();
258 LocalData& local_data = mock_data_store_.GetMutableFakeData();
259 local_data.add_nvram_policy()->set_index(0);
260 local_data.add_nvram_policy()->set_index(4);
261 local_data.add_nvram_policy()->set_index(1);
262 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
263 tpm_nvram_->DefineSpace(5, 32, {}, "", NVRAM_POLICY_NONE));
264 EXPECT_EQ(4, local_data.nvram_policy_size());
265 EXPECT_EQ(5, local_data.nvram_policy(3).index());
266 }
267
TEST_F(Tpm2NvramTest,DefineSpaceClobberExistingLocalData)268 TEST_F(Tpm2NvramTest, DefineSpaceClobberExistingLocalData) {
269 SetupOwnerPassword();
270 LocalData& local_data = mock_data_store_.GetMutableFakeData();
271 local_data.add_nvram_policy()->set_index(0);
272 local_data.add_nvram_policy()->set_index(4);
273 local_data.add_nvram_policy()->set_index(1);
274 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
275 tpm_nvram_->DefineSpace(4, 32, {}, "", NVRAM_POLICY_NONE));
276 EXPECT_EQ(3, local_data.nvram_policy_size());
277 EXPECT_NE(local_data.nvram_policy(0).index(),
278 local_data.nvram_policy(1).index());
279 EXPECT_NE(local_data.nvram_policy(0).index(),
280 local_data.nvram_policy(2).index());
281 EXPECT_NE(local_data.nvram_policy(1).index(),
282 local_data.nvram_policy(2).index());
283 }
284
TEST_F(Tpm2NvramTest,DestroySpaceSuccess)285 TEST_F(Tpm2NvramTest, DestroySpaceSuccess) {
286 SetupOwnerPassword();
287 LocalData& local_data = mock_data_store_.GetMutableFakeData();
288 uint32_t index = 42;
289 local_data.add_nvram_policy()->set_index(index);
290 EXPECT_CALL(mock_hmac_session_,
291 SetEntityAuthorizationValue(kTestOwnerPassword))
292 .Times(AtLeast(1));
293 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, kHMACAuth))
294 .WillOnce(Return(TPM_RC_SUCCESS));
295 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index));
296 EXPECT_EQ(0, local_data.nvram_policy_size());
297 }
298
TEST_F(Tpm2NvramTest,DestroySpaceFailure)299 TEST_F(Tpm2NvramTest, DestroySpaceFailure) {
300 SetupOwnerPassword();
301 uint32_t index = 42;
302 LocalData& local_data = mock_data_store_.GetMutableFakeData();
303 local_data.add_nvram_policy()->set_index(index);
304 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, _))
305 .WillRepeatedly(Return(TPM_RC_FAILURE));
306 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index));
307 EXPECT_EQ(1, local_data.nvram_policy_size());
308 }
309
TEST_F(Tpm2NvramTest,DestroySpaceWithExistingLocalData)310 TEST_F(Tpm2NvramTest, DestroySpaceWithExistingLocalData) {
311 SetupOwnerPassword();
312 LocalData& local_data = mock_data_store_.GetMutableFakeData();
313 local_data.add_nvram_policy()->set_index(0);
314 local_data.add_nvram_policy()->set_index(1);
315 local_data.add_nvram_policy()->set_index(2);
316 EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(1, kHMACAuth))
317 .WillOnce(Return(TPM_RC_SUCCESS));
318 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(1));
319 EXPECT_EQ(2, local_data.nvram_policy_size());
320 EXPECT_NE(1, local_data.nvram_policy(0).index());
321 EXPECT_NE(1, local_data.nvram_policy(1).index());
322 }
323
TEST_F(Tpm2NvramTest,WriteSpaceSuccess)324 TEST_F(Tpm2NvramTest, WriteSpaceSuccess) {
325 uint32_t index = 42;
326 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
327 std::string data("data");
328 EXPECT_CALL(mock_tpm_utility_,
329 WriteNVSpace(index, 0, data, false, false, kHMACAuth))
330 .WillOnce(Return(TPM_RC_SUCCESS));
331 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
332 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
333 }
334
TEST_F(Tpm2NvramTest,WriteSpaceExtend)335 TEST_F(Tpm2NvramTest, WriteSpaceExtend) {
336 uint32_t index = 42;
337 SetupExistingSpace(index, 20, trunks::TPMA_NV_EXTEND, EXPECT_AUTH,
338 NORMAL_AUTH);
339 std::string data("data");
340 EXPECT_CALL(mock_tpm_utility_,
341 WriteNVSpace(index, 0, data, false, true, kHMACAuth))
342 .WillOnce(Return(TPM_RC_SUCCESS));
343 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
344 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
345 }
346
TEST_F(Tpm2NvramTest,WriteSpaceNonexistant)347 TEST_F(Tpm2NvramTest, WriteSpaceNonexistant) {
348 uint32_t index = 42;
349 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
350 .WillRepeatedly(Return(TPM_RC_HANDLE));
351 std::string read_data;
352 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
353 tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue));
354 }
355
TEST_F(Tpm2NvramTest,WriteSpaceFailure)356 TEST_F(Tpm2NvramTest, WriteSpaceFailure) {
357 uint32_t index = 42;
358 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
359 EXPECT_CALL(mock_tpm_utility_, WriteNVSpace(index, _, _, _, _, _))
360 .WillRepeatedly(Return(TPM_RC_FAILURE));
361 EXPECT_NE(NVRAM_RESULT_SUCCESS,
362 tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue));
363 }
364
TEST_F(Tpm2NvramTest,WriteSpacePolicy)365 TEST_F(Tpm2NvramTest, WriteSpacePolicy) {
366 uint32_t index = 42;
367 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH);
368 std::string data("data");
369 EXPECT_CALL(mock_tpm_utility_,
370 WriteNVSpace(index, 0, data, false, false, kPolicyAuth))
371 .WillOnce(Return(TPM_RC_SUCCESS));
372 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
373 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
374 }
375
TEST_F(Tpm2NvramTest,WriteSpaceOwner)376 TEST_F(Tpm2NvramTest, WriteSpaceOwner) {
377 uint32_t index = 42;
378 SetupOwnerPassword();
379 SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH);
380 std::string data("data");
381 EXPECT_CALL(mock_tpm_utility_,
382 WriteNVSpace(index, 0, data, true, false, kHMACAuth))
383 .WillOnce(Return(TPM_RC_SUCCESS));
384 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
385 tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
386 }
387
TEST_F(Tpm2NvramTest,ReadSpaceSuccess)388 TEST_F(Tpm2NvramTest, ReadSpaceSuccess) {
389 uint32_t index = 42;
390 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
391 NORMAL_AUTH);
392 std::string tpm_data("data");
393 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, false, _, kHMACAuth))
394 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
395 std::string read_data;
396 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
397 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
398 EXPECT_EQ(read_data, tpm_data);
399 }
400
TEST_F(Tpm2NvramTest,ReadSpaceNonexistant)401 TEST_F(Tpm2NvramTest, ReadSpaceNonexistant) {
402 uint32_t index = 42;
403 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
404 .WillRepeatedly(Return(TPM_RC_HANDLE));
405 std::string read_data;
406 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
407 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
408 }
409
TEST_F(Tpm2NvramTest,ReadSpaceFailure)410 TEST_F(Tpm2NvramTest, ReadSpaceFailure) {
411 uint32_t index = 42;
412 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
413 NORMAL_AUTH);
414 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, _, _, _, _, _))
415 .WillRepeatedly(Return(TPM_RC_FAILURE));
416 std::string read_data;
417 EXPECT_NE(NVRAM_RESULT_SUCCESS,
418 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
419 }
420
TEST_F(Tpm2NvramTest,ReadSpacePolicy)421 TEST_F(Tpm2NvramTest, ReadSpacePolicy) {
422 uint32_t index = 42;
423 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
424 POLICY_AUTH);
425 std::string tpm_data("data");
426 EXPECT_CALL(mock_tpm_utility_,
427 ReadNVSpace(index, 0, 32, false, _, kPolicyAuth))
428 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
429 std::string read_data;
430 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
431 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
432 EXPECT_EQ(read_data, tpm_data);
433 }
434
TEST_F(Tpm2NvramTest,ReadSpaceOwner)435 TEST_F(Tpm2NvramTest, ReadSpaceOwner) {
436 uint32_t index = 42;
437 SetupOwnerPassword();
438 SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
439 OWNER_AUTH);
440 std::string tpm_data("data");
441 EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, true, _, kHMACAuth))
442 .WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
443 std::string read_data;
444 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
445 tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
446 EXPECT_EQ(read_data, tpm_data);
447 }
448
TEST_F(Tpm2NvramTest,LockSpaceSuccess)449 TEST_F(Tpm2NvramTest, LockSpaceSuccess) {
450 uint32_t index = 42;
451 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
452 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth))
453 .Times(AtLeast(1));
454 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth))
455 .Times(AtLeast(1));
456 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
457 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
458 }
459
TEST_F(Tpm2NvramTest,LockSpaceNonexistant)460 TEST_F(Tpm2NvramTest, LockSpaceNonexistant) {
461 uint32_t index = 42;
462 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
463 .WillOnce(Return(trunks::TPM_RC_HANDLE));
464 EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
465 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
466 }
467
TEST_F(Tpm2NvramTest,LockSpaceFailure)468 TEST_F(Tpm2NvramTest, LockSpaceFailure) {
469 uint32_t index = 42;
470 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
471 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(_, _, _, _, _))
472 .WillRepeatedly(Return(TPM_RC_FAILURE));
473 EXPECT_NE(NVRAM_RESULT_SUCCESS,
474 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
475 }
476
TEST_F(Tpm2NvramTest,LockSpacePolicy)477 TEST_F(Tpm2NvramTest, LockSpacePolicy) {
478 uint32_t index = 42;
479 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH);
480 EXPECT_CALL(mock_tpm_utility_,
481 LockNVSpace(index, true, _, false, kPolicyAuth))
482 .Times(AtLeast(1));
483 EXPECT_CALL(mock_tpm_utility_,
484 LockNVSpace(index, _, true, false, kPolicyAuth))
485 .Times(AtLeast(1));
486 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
487 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
488 }
489
TEST_F(Tpm2NvramTest,LockSpaceOwner)490 TEST_F(Tpm2NvramTest, LockSpaceOwner) {
491 uint32_t index = 42;
492 SetupOwnerPassword();
493 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH);
494 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, true, kHMACAuth))
495 .Times(AtLeast(1));
496 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, true, kHMACAuth))
497 .Times(AtLeast(1));
498 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
499 tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
500 }
501
TEST_F(Tpm2NvramTest,LockSpaceRead)502 TEST_F(Tpm2NvramTest, LockSpaceRead) {
503 uint32_t index = 42;
504 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
505 EXPECT_CALL(mock_tpm_utility_,
506 LockNVSpace(index, true, false, false, kHMACAuth))
507 .Times(AtLeast(1));
508 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth))
509 .Times(0);
510 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
511 tpm_nvram_->LockSpace(index, true, false, kFakeAuthorizationValue));
512 }
513
TEST_F(Tpm2NvramTest,LockSpaceWrite)514 TEST_F(Tpm2NvramTest, LockSpaceWrite) {
515 uint32_t index = 42;
516 SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
517 EXPECT_CALL(mock_tpm_utility_,
518 LockNVSpace(index, false, true, false, kHMACAuth))
519 .Times(AtLeast(1));
520 EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth))
521 .Times(0);
522 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
523 tpm_nvram_->LockSpace(index, false, true, kFakeAuthorizationValue));
524 }
525
TEST_F(Tpm2NvramTest,ListSpacesSuccess)526 TEST_F(Tpm2NvramTest, ListSpacesSuccess) {
527 std::vector<uint32_t> expected_spaces{1, 5, 42};
528 std::vector<uint32_t> spaces;
529 EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_))
530 .Times(AtLeast(1))
531 .WillRepeatedly(
532 DoAll(SetArgPointee<0>(expected_spaces), Return(TPM_RC_SUCCESS)));
533 EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces));
534 EXPECT_EQ(spaces, expected_spaces);
535 }
536
TEST_F(Tpm2NvramTest,ListSpacesFailure)537 TEST_F(Tpm2NvramTest, ListSpacesFailure) {
538 std::vector<uint32_t> spaces;
539 EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_))
540 .WillRepeatedly(Return(TPM_RC_FAILURE));
541 EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces));
542 }
543
TEST_F(Tpm2NvramTest,GetSpaceInfoSuccess)544 TEST_F(Tpm2NvramTest, GetSpaceInfoSuccess) {
545 uint32_t index = 42;
546 SetupExistingSpace(index, 100,
547 trunks::TPMA_NV_READLOCKED | trunks::TPMA_NV_WRITELOCKED,
548 NO_EXPECT_AUTH, POLICY_AUTH);
549 size_t size;
550 bool is_read_locked;
551 bool is_write_locked;
552 std::vector<NvramSpaceAttribute> attributes;
553 NvramSpacePolicy policy;
554 EXPECT_EQ(NVRAM_RESULT_SUCCESS,
555 tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked,
556 &is_read_locked, &attributes, &policy));
557 EXPECT_EQ(size, 100);
558 EXPECT_TRUE(is_read_locked);
559 EXPECT_TRUE(is_write_locked);
560 EXPECT_GE(attributes.size(), 1);
561 EXPECT_EQ(1, std::count(attributes.begin(), attributes.end(),
562 NVRAM_WRITE_AUTHORIZATION));
563 EXPECT_EQ(NVRAM_POLICY_PCR0, policy);
564 }
565
TEST_F(Tpm2NvramTest,GetSpaceInfoFailure)566 TEST_F(Tpm2NvramTest, GetSpaceInfoFailure) {
567 uint32_t index = 42;
568 EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
569 .WillOnce(Return(TPM_RC_FAILURE));
570 size_t size;
571 bool is_read_locked;
572 bool is_write_locked;
573 std::vector<NvramSpaceAttribute> attributes;
574 NvramSpacePolicy policy;
575 EXPECT_NE(NVRAM_RESULT_SUCCESS,
576 tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked,
577 &is_read_locked, &attributes, &policy));
578 }
579
580 } // namespace tpm_manager
581