//
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include "tpm_manager/server/tpm2_nvram_impl.h"
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <trunks/mock_hmac_session.h>
#include <trunks/mock_policy_session.h>
#include <trunks/mock_tpm_utility.h>
#include <trunks/tpm_constants.h>
#include <trunks/trunks_factory_for_test.h>
#include "tpm_manager/server/mock_local_data_store.h"
namespace {
constexpr char kTestOwnerPassword[] = "owner";
constexpr char kFakePolicyDigest[] = "fake_policy_digest";
constexpr char kFakePCRValue[] = "fake_pcr_value";
constexpr char kFakeAuthorizationValue[] = "fake_authorization";
trunks::AuthorizationDelegate* const kHMACAuth =
reinterpret_cast<trunks::AuthorizationDelegate*>(1ull);
trunks::AuthorizationDelegate* const kPolicyAuth =
reinterpret_cast<trunks::AuthorizationDelegate*>(2ull);
constexpr trunks::TPMA_NV kNoExtraAttributes = 0;
} // namespace
namespace tpm_manager {
using testing::_;
using testing::AnyNumber;
using testing::AtLeast;
using testing::DoAll;
using testing::Mock;
using testing::NiceMock;
using testing::Return;
using testing::SetArgPointee;
using trunks::TPM_RC_SUCCESS;
using trunks::TPM_RC_FAILURE;
using trunks::TPM_RC_HANDLE;
class Tpm2NvramTest : public testing::Test {
public:
Tpm2NvramTest() = default;
virtual ~Tpm2NvramTest() = default;
void SetUp() {
factory_.set_hmac_session(&mock_hmac_session_);
factory_.set_policy_session(&mock_policy_session_);
factory_.set_trial_session(&mock_trial_session_);
factory_.set_tpm_utility(&mock_tpm_utility_);
tpm_nvram_.reset(new Tpm2NvramImpl(factory_, &mock_data_store_));
ON_CALL(mock_hmac_session_, GetDelegate()).WillByDefault(Return(kHMACAuth));
ON_CALL(mock_policy_session_, GetDelegate())
.WillByDefault(Return(kPolicyAuth));
ON_CALL(mock_policy_session_, GetDigest(_))
.WillByDefault(
DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS)));
ON_CALL(mock_trial_session_, GetDigest(_))
.WillByDefault(
DoAll(SetArgPointee<0>(kFakePolicyDigest), Return(TPM_RC_SUCCESS)));
}
void SetupOwnerPassword() {
LocalData& local_data = mock_data_store_.GetMutableFakeData();
local_data.set_owner_password(kTestOwnerPassword);
}
enum ExpectAuth { NO_EXPECT_AUTH, EXPECT_AUTH };
enum AuthType { NORMAL_AUTH, POLICY_AUTH, OWNER_AUTH };
void SetupExistingSpace(uint32_t index,
uint32_t size,
trunks::TPMA_NV extra_attributes,
ExpectAuth expect_auth,
AuthType auth_type) {
trunks::TPMS_NV_PUBLIC public_data;
public_data.nv_index = index;
public_data.data_size = size;
public_data.attributes = trunks::TPMA_NV_READ_STCLEAR |
trunks::TPMA_NV_WRITE_STCLEAR | extra_attributes;
switch (auth_type) {
case NORMAL_AUTH:
public_data.attributes |=
trunks::TPMA_NV_AUTHREAD | trunks::TPMA_NV_AUTHWRITE;
break;
case POLICY_AUTH:
public_data.attributes |=
trunks::TPMA_NV_POLICYREAD | trunks::TPMA_NV_POLICYWRITE;
break;
case OWNER_AUTH:
public_data.attributes |=
trunks::TPMA_NV_OWNERREAD | trunks::TPMA_NV_OWNERWRITE;
break;
}
ON_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
.WillByDefault(
DoAll(SetArgPointee<1>(public_data), Return(TPM_RC_SUCCESS)));
LocalData& local_data = mock_data_store_.GetMutableFakeData();
NvramPolicyRecord& policy_record = *local_data.add_nvram_policy();
policy_record.set_index(index);
if (auth_type == POLICY_AUTH) {
policy_record.set_policy(NVRAM_POLICY_PCR0);
}
if (!expect_auth) {
EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue(_)).Times(0);
EXPECT_CALL(mock_policy_session_, SetEntityAuthorizationValue(_))
.Times(0);
EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(0);
} else if (auth_type == NORMAL_AUTH) {
EXPECT_CALL(mock_hmac_session_,
SetEntityAuthorizationValue(kFakeAuthorizationValue))
.Times(AtLeast(1));
EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
} else if (auth_type == OWNER_AUTH) {
EXPECT_CALL(mock_hmac_session_,
SetEntityAuthorizationValue(kTestOwnerPassword))
.Times(AtLeast(1));
EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
} else {
EXPECT_CALL(mock_policy_session_,
SetEntityAuthorizationValue(kFakeAuthorizationValue))
.Times(AtLeast(1));
EXPECT_CALL(mock_hmac_session_, SetEntityAuthorizationValue("")).Times(0);
EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _))
.Times(AtLeast(1))
.WillRepeatedly(
DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_policy_session_, PolicyAuthValue()).Times(AtLeast(1));
EXPECT_CALL(mock_policy_session_, PolicyPCR(0, kFakePCRValue))
.Times(AtLeast(1));
}
}
protected:
trunks::TrunksFactoryForTest factory_;
NiceMock<trunks::MockHmacSession> mock_hmac_session_;
NiceMock<trunks::MockPolicySession> mock_policy_session_;
NiceMock<trunks::MockPolicySession> mock_trial_session_;
NiceMock<MockLocalDataStore> mock_data_store_;
NiceMock<trunks::MockTpmUtility> mock_tpm_utility_;
std::unique_ptr<Tpm2NvramImpl> tpm_nvram_;
};
TEST_F(Tpm2NvramTest, NoOwnerFailure) {
EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED,
tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE));
EXPECT_EQ(NVRAM_RESULT_OPERATION_DISABLED, tpm_nvram_->DestroySpace(0));
}
TEST_F(Tpm2NvramTest, SessionFailure) {
EXPECT_CALL(mock_hmac_session_, StartUnboundSession(_))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(0, 0, {}, "", NVRAM_POLICY_NONE));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(0));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->WriteSpace(0, "", ""));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ReadSpace(0, nullptr, ""));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->LockSpace(0, false, false, ""));
}
TEST_F(Tpm2NvramTest, DefineSpaceSuccess) {
SetupOwnerPassword();
EXPECT_CALL(mock_hmac_session_,
SetEntityAuthorizationValue(kTestOwnerPassword))
.Times(AtLeast(1));
EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(0);
EXPECT_CALL(mock_trial_session_, PolicyPCR(_, _)).Times(0);
uint32_t index = 42;
size_t size = 20;
std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK};
EXPECT_CALL(
mock_tpm_utility_,
DefineNVSpace(index, size,
trunks::TPMA_NV_WRITEDEFINE | trunks::TPMA_NV_POLICYWRITE |
trunks::TPMA_NV_POLICYREAD,
kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(
NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue,
NVRAM_POLICY_NONE));
const LocalData& local_data = mock_data_store_.GetFakeData();
EXPECT_EQ(1, local_data.nvram_policy_size());
EXPECT_EQ(index, local_data.nvram_policy(0).index());
EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy());
}
TEST_F(Tpm2NvramTest, DefineSpaceFailure) {
SetupOwnerPassword();
uint32_t index = 42;
size_t size = 20;
std::vector<NvramSpaceAttribute> attributes{NVRAM_PERSISTENT_WRITE_LOCK};
EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(
NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(index, size, attributes, "", NVRAM_POLICY_NONE));
}
TEST_F(Tpm2NvramTest, DefineSpaceNoClobberOnError) {
SetupOwnerPassword();
EXPECT_CALL(mock_tpm_utility_, DefineNVSpace(_, _, _, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_NONE));
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(0, 32, {}, "", NVRAM_POLICY_PCR0));
const LocalData& local_data = mock_data_store_.GetFakeData();
EXPECT_EQ(1, local_data.nvram_policy_size());
EXPECT_EQ(0, local_data.nvram_policy(0).index());
EXPECT_EQ(NVRAM_POLICY_NONE, local_data.nvram_policy(0).policy());
}
TEST_F(Tpm2NvramTest, DefineSpaceWithPolicy) {
SetupOwnerPassword();
EXPECT_CALL(mock_hmac_session_,
SetEntityAuthorizationValue(kTestOwnerPassword))
.Times(AtLeast(1));
EXPECT_CALL(mock_trial_session_, PolicyAuthValue()).Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, ReadPCR(0, _))
.WillRepeatedly(
DoAll(SetArgPointee<1>(kFakePCRValue), Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_trial_session_, PolicyPCR(0, kFakePCRValue))
.Times(AtLeast(1));
uint32_t index = 42;
size_t size = 20;
std::vector<NvramSpaceAttribute> attributes{NVRAM_WRITE_AUTHORIZATION};
EXPECT_CALL(
mock_tpm_utility_,
DefineNVSpace(index, size,
trunks::TPMA_NV_POLICYWRITE | trunks::TPMA_NV_POLICYREAD,
kFakeAuthorizationValue, kFakePolicyDigest, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(
NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(index, size, attributes, kFakeAuthorizationValue,
NVRAM_POLICY_PCR0));
}
TEST_F(Tpm2NvramTest, DefineSpaceWithExistingLocalData) {
SetupOwnerPassword();
LocalData& local_data = mock_data_store_.GetMutableFakeData();
local_data.add_nvram_policy()->set_index(0);
local_data.add_nvram_policy()->set_index(4);
local_data.add_nvram_policy()->set_index(1);
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(5, 32, {}, "", NVRAM_POLICY_NONE));
EXPECT_EQ(4, local_data.nvram_policy_size());
EXPECT_EQ(5, local_data.nvram_policy(3).index());
}
TEST_F(Tpm2NvramTest, DefineSpaceClobberExistingLocalData) {
SetupOwnerPassword();
LocalData& local_data = mock_data_store_.GetMutableFakeData();
local_data.add_nvram_policy()->set_index(0);
local_data.add_nvram_policy()->set_index(4);
local_data.add_nvram_policy()->set_index(1);
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->DefineSpace(4, 32, {}, "", NVRAM_POLICY_NONE));
EXPECT_EQ(3, local_data.nvram_policy_size());
EXPECT_NE(local_data.nvram_policy(0).index(),
local_data.nvram_policy(1).index());
EXPECT_NE(local_data.nvram_policy(0).index(),
local_data.nvram_policy(2).index());
EXPECT_NE(local_data.nvram_policy(1).index(),
local_data.nvram_policy(2).index());
}
TEST_F(Tpm2NvramTest, DestroySpaceSuccess) {
SetupOwnerPassword();
LocalData& local_data = mock_data_store_.GetMutableFakeData();
uint32_t index = 42;
local_data.add_nvram_policy()->set_index(index);
EXPECT_CALL(mock_hmac_session_,
SetEntityAuthorizationValue(kTestOwnerPassword))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index));
EXPECT_EQ(0, local_data.nvram_policy_size());
}
TEST_F(Tpm2NvramTest, DestroySpaceFailure) {
SetupOwnerPassword();
uint32_t index = 42;
LocalData& local_data = mock_data_store_.GetMutableFakeData();
local_data.add_nvram_policy()->set_index(index);
EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(index, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(index));
EXPECT_EQ(1, local_data.nvram_policy_size());
}
TEST_F(Tpm2NvramTest, DestroySpaceWithExistingLocalData) {
SetupOwnerPassword();
LocalData& local_data = mock_data_store_.GetMutableFakeData();
local_data.add_nvram_policy()->set_index(0);
local_data.add_nvram_policy()->set_index(1);
local_data.add_nvram_policy()->set_index(2);
EXPECT_CALL(mock_tpm_utility_, DestroyNVSpace(1, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->DestroySpace(1));
EXPECT_EQ(2, local_data.nvram_policy_size());
EXPECT_NE(1, local_data.nvram_policy(0).index());
EXPECT_NE(1, local_data.nvram_policy(1).index());
}
TEST_F(Tpm2NvramTest, WriteSpaceSuccess) {
uint32_t index = 42;
SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
std::string data("data");
EXPECT_CALL(mock_tpm_utility_,
WriteNVSpace(index, 0, data, false, false, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, WriteSpaceExtend) {
uint32_t index = 42;
SetupExistingSpace(index, 20, trunks::TPMA_NV_EXTEND, EXPECT_AUTH,
NORMAL_AUTH);
std::string data("data");
EXPECT_CALL(mock_tpm_utility_,
WriteNVSpace(index, 0, data, false, true, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, WriteSpaceNonexistant) {
uint32_t index = 42;
EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
.WillRepeatedly(Return(TPM_RC_HANDLE));
std::string read_data;
EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, WriteSpaceFailure) {
uint32_t index = 42;
SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_, WriteNVSpace(index, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->WriteSpace(index, "data", kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, WriteSpacePolicy) {
uint32_t index = 42;
SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH);
std::string data("data");
EXPECT_CALL(mock_tpm_utility_,
WriteNVSpace(index, 0, data, false, false, kPolicyAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, WriteSpaceOwner) {
uint32_t index = 42;
SetupOwnerPassword();
SetupExistingSpace(index, 20, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH);
std::string data("data");
EXPECT_CALL(mock_tpm_utility_,
WriteNVSpace(index, 0, data, true, false, kHMACAuth))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->WriteSpace(index, data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, ReadSpaceSuccess) {
uint32_t index = 42;
SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
NORMAL_AUTH);
std::string tpm_data("data");
EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, false, _, kHMACAuth))
.WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
std::string read_data;
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
EXPECT_EQ(read_data, tpm_data);
}
TEST_F(Tpm2NvramTest, ReadSpaceNonexistant) {
uint32_t index = 42;
EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
.WillRepeatedly(Return(TPM_RC_HANDLE));
std::string read_data;
EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, ReadSpaceFailure) {
uint32_t index = 42;
SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
std::string read_data;
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, ReadSpacePolicy) {
uint32_t index = 42;
SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
POLICY_AUTH);
std::string tpm_data("data");
EXPECT_CALL(mock_tpm_utility_,
ReadNVSpace(index, 0, 32, false, _, kPolicyAuth))
.WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
std::string read_data;
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
EXPECT_EQ(read_data, tpm_data);
}
TEST_F(Tpm2NvramTest, ReadSpaceOwner) {
uint32_t index = 42;
SetupOwnerPassword();
SetupExistingSpace(index, 32, trunks::TPMA_NV_WRITTEN, EXPECT_AUTH,
OWNER_AUTH);
std::string tpm_data("data");
EXPECT_CALL(mock_tpm_utility_, ReadNVSpace(index, 0, 32, true, _, kHMACAuth))
.WillOnce(DoAll(SetArgPointee<4>(tpm_data), Return(TPM_RC_SUCCESS)));
std::string read_data;
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->ReadSpace(index, &read_data, kFakeAuthorizationValue));
EXPECT_EQ(read_data, tpm_data);
}
TEST_F(Tpm2NvramTest, LockSpaceSuccess) {
uint32_t index = 42;
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth))
.Times(AtLeast(1));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpaceNonexistant) {
uint32_t index = 42;
EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
.WillOnce(Return(trunks::TPM_RC_HANDLE));
EXPECT_EQ(NVRAM_RESULT_SPACE_DOES_NOT_EXIST,
tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpaceFailure) {
uint32_t index = 42;
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(_, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpacePolicy) {
uint32_t index = 42;
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, POLICY_AUTH);
EXPECT_CALL(mock_tpm_utility_,
LockNVSpace(index, true, _, false, kPolicyAuth))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_,
LockNVSpace(index, _, true, false, kPolicyAuth))
.Times(AtLeast(1));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpaceOwner) {
uint32_t index = 42;
SetupOwnerPassword();
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, OWNER_AUTH);
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, true, kHMACAuth))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, true, kHMACAuth))
.Times(AtLeast(1));
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, true, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpaceRead) {
uint32_t index = 42;
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_,
LockNVSpace(index, true, false, false, kHMACAuth))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, _, true, false, kHMACAuth))
.Times(0);
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, true, false, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, LockSpaceWrite) {
uint32_t index = 42;
SetupExistingSpace(index, 32, kNoExtraAttributes, EXPECT_AUTH, NORMAL_AUTH);
EXPECT_CALL(mock_tpm_utility_,
LockNVSpace(index, false, true, false, kHMACAuth))
.Times(AtLeast(1));
EXPECT_CALL(mock_tpm_utility_, LockNVSpace(index, true, _, false, kHMACAuth))
.Times(0);
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->LockSpace(index, false, true, kFakeAuthorizationValue));
}
TEST_F(Tpm2NvramTest, ListSpacesSuccess) {
std::vector<uint32_t> expected_spaces{1, 5, 42};
std::vector<uint32_t> spaces;
EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_))
.Times(AtLeast(1))
.WillRepeatedly(
DoAll(SetArgPointee<0>(expected_spaces), Return(TPM_RC_SUCCESS)));
EXPECT_EQ(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces));
EXPECT_EQ(spaces, expected_spaces);
}
TEST_F(Tpm2NvramTest, ListSpacesFailure) {
std::vector<uint32_t> spaces;
EXPECT_CALL(mock_tpm_utility_, ListNVSpaces(_))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_NE(NVRAM_RESULT_SUCCESS, tpm_nvram_->ListSpaces(&spaces));
}
TEST_F(Tpm2NvramTest, GetSpaceInfoSuccess) {
uint32_t index = 42;
SetupExistingSpace(index, 100,
trunks::TPMA_NV_READLOCKED | trunks::TPMA_NV_WRITELOCKED,
NO_EXPECT_AUTH, POLICY_AUTH);
size_t size;
bool is_read_locked;
bool is_write_locked;
std::vector<NvramSpaceAttribute> attributes;
NvramSpacePolicy policy;
EXPECT_EQ(NVRAM_RESULT_SUCCESS,
tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked,
&is_read_locked, &attributes, &policy));
EXPECT_EQ(size, 100);
EXPECT_TRUE(is_read_locked);
EXPECT_TRUE(is_write_locked);
EXPECT_GE(attributes.size(), 1);
EXPECT_EQ(1, std::count(attributes.begin(), attributes.end(),
NVRAM_WRITE_AUTHORIZATION));
EXPECT_EQ(NVRAM_POLICY_PCR0, policy);
}
TEST_F(Tpm2NvramTest, GetSpaceInfoFailure) {
uint32_t index = 42;
EXPECT_CALL(mock_tpm_utility_, GetNVSpacePublicArea(index, _))
.WillOnce(Return(TPM_RC_FAILURE));
size_t size;
bool is_read_locked;
bool is_write_locked;
std::vector<NvramSpaceAttribute> attributes;
NvramSpacePolicy policy;
EXPECT_NE(NVRAM_RESULT_SUCCESS,
tpm_nvram_->GetSpaceInfo(index, &size, &is_write_locked,
&is_read_locked, &attributes, &policy));
}
} // namespace tpm_manager