//
// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <base/stl_util.h>
#include <crypto/sha2.h>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include <openssl/aes.h>
#include "trunks/error_codes.h"
#include "trunks/hmac_authorization_delegate.h"
#include "trunks/mock_authorization_delegate.h"
#include "trunks/mock_blob_parser.h"
#include "trunks/mock_hmac_session.h"
#include "trunks/mock_policy_session.h"
#include "trunks/mock_tpm.h"
#include "trunks/mock_tpm_state.h"
#include "trunks/tpm_constants.h"
#include "trunks/tpm_utility_impl.h"
#include "trunks/trunks_factory_for_test.h"
using testing::_;
using testing::DoAll;
using testing::NiceMock;
using testing::Return;
using testing::SaveArg;
using testing::SetArgPointee;
namespace trunks {
// A test fixture for TpmUtility tests.
class TpmUtilityTest : public testing::Test {
public:
TpmUtilityTest() : utility_(factory_) {}
~TpmUtilityTest() override {}
void SetUp() override {
factory_.set_blob_parser(&mock_blob_parser_);
factory_.set_tpm_state(&mock_tpm_state_);
factory_.set_tpm(&mock_tpm_);
factory_.set_hmac_session(&mock_hmac_session_);
factory_.set_policy_session(&mock_policy_session_);
}
TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area,
std::string* object_name) {
return utility_.ComputeKeyName(public_area, object_name);
}
void SetNVRAMMap(uint32_t index,
const TPMS_NV_PUBLIC& public_area) {
utility_.nvram_public_area_map_[index] = public_area;
}
TPM_RC GetNVRAMMap(uint32_t index,
TPMS_NV_PUBLIC* public_area) {
auto it = utility_.nvram_public_area_map_.find(index);
if (it == utility_.nvram_public_area_map_.end()) {
return TPM_RC_FAILURE;
}
*public_area = it->second;
return TPM_RC_SUCCESS;
}
TPM_RC SetKnownOwnerPassword(const std::string& owner_password) {
return utility_.SetKnownOwnerPassword(owner_password);
}
TPM_RC CreateStorageRootKeys(const std::string& owner_password) {
return utility_.CreateStorageRootKeys(owner_password);
}
TPM_RC CreateSaltingKey(const std::string& owner_password) {
return utility_.CreateSaltingKey(owner_password);
}
void SetExistingKeyHandleExpectation(TPM_HANDLE handle) {
TPMS_CAPABILITY_DATA capability_data = {};
TPML_HANDLE& handles = capability_data.data.handles;
handles.count = 1;
handles.handle[0] = handle;
EXPECT_CALL(mock_tpm_,
GetCapabilitySync(TPM_CAP_HANDLES, handle, _, _, _, _))
.WillRepeatedly(
DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
}
void PopulatePCRSelection(bool has_sha1_pcrs,
bool make_sha1_bank_empty,
bool has_sha256_pcrs,
TPML_PCR_SELECTION* pcrs) {
memset(pcrs, 0, sizeof(TPML_PCR_SELECTION));
// By convention fill SHA-256 first. This is a bit brittle because order is
// not important but it simplifies comparison to memcmp.
if (has_sha256_pcrs) {
pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA256;
pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
for (int i = 0; i < PCR_SELECT_MIN; ++i) {
pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
}
++pcrs->count;
}
if (has_sha1_pcrs) {
pcrs->pcr_selections[pcrs->count].hash = TPM_ALG_SHA1;
if (make_sha1_bank_empty) {
pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MAX;
} else {
pcrs->pcr_selections[pcrs->count].sizeof_select = PCR_SELECT_MIN;
for (int i = 0; i < PCR_SELECT_MIN; ++i) {
pcrs->pcr_selections[pcrs->count].pcr_select[i] = 0xff;
}
}
++pcrs->count;
}
}
void SetExistingPCRSExpectation(bool has_sha1_pcrs, bool has_sha256_pcrs) {
TPMS_CAPABILITY_DATA capability_data = {};
TPML_PCR_SELECTION& pcrs = capability_data.data.assigned_pcr;
PopulatePCRSelection(has_sha1_pcrs, false, has_sha256_pcrs, &pcrs);
EXPECT_CALL(mock_tpm_,
GetCapabilitySync(TPM_CAP_PCRS, _, _, _, _, _))
.WillRepeatedly(
DoAll(SetArgPointee<4>(capability_data), Return(TPM_RC_SUCCESS)));
}
protected:
TrunksFactoryForTest factory_;
NiceMock<MockBlobParser> mock_blob_parser_;
NiceMock<MockTpmState> mock_tpm_state_;
NiceMock<MockTpm> mock_tpm_;
NiceMock<MockAuthorizationDelegate> mock_authorization_delegate_;
NiceMock<MockHmacSession> mock_hmac_session_;
NiceMock<MockPolicySession> mock_policy_session_;
TpmUtilityImpl utility_;
};
TEST_F(TpmUtilityTest, StartupSuccess) {
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
}
TEST_F(TpmUtilityTest, StartupAlreadyStarted) {
EXPECT_CALL(mock_tpm_, StartupSync(_, _))
.WillRepeatedly(Return(TPM_RC_INITIALIZE));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Startup());
}
TEST_F(TpmUtilityTest, StartupFailure) {
EXPECT_CALL(mock_tpm_, StartupSync(_, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
}
TEST_F(TpmUtilityTest, StartupSelfTestFailure) {
EXPECT_CALL(mock_tpm_, SelfTestSync(_, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Startup());
}
TEST_F(TpmUtilityTest, ClearSuccess) {
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
}
TEST_F(TpmUtilityTest, ClearAfterBadInit) {
EXPECT_CALL(mock_tpm_, ClearSync(_, _, _))
.WillOnce(Return(TPM_RC_AUTH_MISSING))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Clear());
}
TEST_F(TpmUtilityTest, ClearFail) {
EXPECT_CALL(mock_tpm_, ClearSync(_, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Clear());
}
TEST_F(TpmUtilityTest, ShutdownTest) {
EXPECT_CALL(mock_tpm_, ShutdownSync(TPM_SU_CLEAR, _));
utility_.Shutdown();
}
TEST_F(TpmUtilityTest, InitializeTpmAlreadyInit) {
SetExistingPCRSExpectation(false, true);
EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
}
TEST_F(TpmUtilityTest, InitializeTpmSuccess) {
SetExistingPCRSExpectation(false, true);
EXPECT_EQ(TPM_RC_SUCCESS, utility_.InitializeTpm());
}
TEST_F(TpmUtilityTest, InitializeTpmBadAuth) {
SetExistingPCRSExpectation(false, true);
// Reject attempts to set platform auth.
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_PLATFORM, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
}
TEST_F(TpmUtilityTest, InitializeTpmDisablePHFails) {
SetExistingPCRSExpectation(false, true);
// Reject attempts to disable the platform hierarchy.
EXPECT_CALL(mock_tpm_, HierarchyControlSync(_, _, TPM_RH_PLATFORM, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.InitializeTpm());
}
TEST_F(TpmUtilityTest, AllocatePCRFromNone) {
SetExistingPCRSExpectation(false, false);
TPML_PCR_SELECTION new_pcr_allocation;
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
SetArgPointee<3>(YES),
Return(TPM_RC_SUCCESS)));
ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
ASSERT_EQ(1u, new_pcr_allocation.count);
TPML_PCR_SELECTION expected_pcr_allocation;
PopulatePCRSelection(false, false, true, &expected_pcr_allocation);
ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
sizeof(TPML_PCR_SELECTION)));
}
TEST_F(TpmUtilityTest, AllocatePCRFromSHA1Only) {
SetExistingPCRSExpectation(true, false);
TPML_PCR_SELECTION new_pcr_allocation;
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
SetArgPointee<3>(YES),
Return(TPM_RC_SUCCESS)));
ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
ASSERT_EQ(2u, new_pcr_allocation.count);
TPML_PCR_SELECTION expected_pcr_allocation;
PopulatePCRSelection(true, true, true, &expected_pcr_allocation);
ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
sizeof(TPML_PCR_SELECTION)));
}
TEST_F(TpmUtilityTest, AllocatePCRFromSHA1AndSHA256) {
SetExistingPCRSExpectation(true, true);
TPML_PCR_SELECTION new_pcr_allocation;
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<2>(&new_pcr_allocation),
SetArgPointee<3>(YES),
Return(TPM_RC_SUCCESS)));
ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
ASSERT_EQ(1u, new_pcr_allocation.count);
TPML_PCR_SELECTION expected_pcr_allocation;
PopulatePCRSelection(true, true, false, &expected_pcr_allocation);
ASSERT_EQ(0, memcmp(&expected_pcr_allocation, &new_pcr_allocation,
sizeof(TPML_PCR_SELECTION)));
}
TEST_F(TpmUtilityTest, AllocatePCRFromSHA256Only) {
SetExistingPCRSExpectation(false, true);
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(TPM_RH_PLATFORM, _, _, _, _, _, _, _))
.Times(0);
ASSERT_EQ(TPM_RC_SUCCESS, utility_.AllocatePCR(""));
}
TEST_F(TpmUtilityTest, AllocatePCRCommandFailure) {
SetExistingPCRSExpectation(false, false);
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
}
TEST_F(TpmUtilityTest, AllocatePCRTpmFailure) {
SetExistingPCRSExpectation(false, false);
EXPECT_CALL(mock_tpm_, PCR_AllocateSync(_, _, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<3>(NO),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_FAILURE, utility_.AllocatePCR(""));
}
TEST_F(TpmUtilityTest, TakeOwnershipSuccess) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, TakeOwnershipOwnershipDone) {
EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, TakeOwnershipBadSession) {
EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, TakeOwnershipFailure) {
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementDone) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutDone) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementLockoutDone) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, ChangeOwnerPasswordEndorsementFail) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
.WillRepeatedly(Return(TPM_RC_SUCCESS));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_ENDORSEMENT, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, ChangeOwnerPasswordLockoutFailure) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsEndorsementPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_state_, IsLockoutPasswordSet())
.WillRepeatedly(Return(false));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(_, _, _, _))
.WillRepeatedly(Return(TPM_RC_SUCCESS));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_LOCKOUT, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("owner",
"endorsement",
"lockout"));
}
TEST_F(TpmUtilityTest, StirRandomSuccess) {
std::string entropy_data("large test data", 100);
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.StirRandom(entropy_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, StirRandomFails) {
std::string entropy_data("test data");
EXPECT_CALL(mock_tpm_, StirRandomSync(_, nullptr))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.StirRandom(entropy_data, nullptr));
}
TEST_F(TpmUtilityTest, GenerateRandomSuccess) {
// This number is larger than the max bytes the GetRandom call can return.
// Therefore we expect software to make multiple calls to fill this many
// bytes.
size_t num_bytes = 72;
std::string random_data;
TPM2B_DIGEST large_random;
large_random.size = 32;
TPM2B_DIGEST small_random;
small_random.size = 8;
EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &mock_authorization_delegate_))
.Times(2)
.WillRepeatedly(DoAll(SetArgPointee<1>(large_random),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &mock_authorization_delegate_))
.WillOnce(DoAll(SetArgPointee<1>(small_random),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.GenerateRandom(
num_bytes, &mock_authorization_delegate_, &random_data));
EXPECT_EQ(num_bytes, random_data.size());
}
TEST_F(TpmUtilityTest, GenerateRandomFails) {
size_t num_bytes = 5;
std::string random_data;
EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, nullptr))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.GenerateRandom(num_bytes, nullptr, &random_data));
}
TEST_F(TpmUtilityTest, ExtendPCRSuccess) {
TPM_HANDLE pcr_handle = HR_PCR + 1;
TPML_DIGEST_VALUES digests;
EXPECT_CALL(mock_tpm_,
PCR_ExtendSync(pcr_handle, _, _, &mock_authorization_delegate_))
.WillOnce(DoAll(SaveArg<2>(&digests),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ExtendPCR(1, "test digest",
&mock_authorization_delegate_));
EXPECT_EQ(1u, digests.count);
EXPECT_EQ(TPM_ALG_SHA256, digests.digests[0].hash_alg);
std::string hash_string = crypto::SHA256HashString("test digest");
EXPECT_EQ(0, memcmp(hash_string.data(),
digests.digests[0].digest.sha256,
crypto::kSHA256Length));
}
TEST_F(TpmUtilityTest, ExtendPCRFail) {
int pcr_index = 0;
TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.ExtendPCR(pcr_index, "test digest", nullptr));
}
TEST_F(TpmUtilityTest, ExtendPCRBadParam) {
EXPECT_EQ(TPM_RC_FAILURE, utility_.ExtendPCR(-1, "test digest", nullptr));
}
TEST_F(TpmUtilityTest, ReadPCRSuccess) {
// The |pcr_index| is chosen to match the structure for |pcr_select|.
// If you change |pcr_index|, remember to change |pcr_select|.
int pcr_index = 1;
std::string pcr_value;
TPML_PCR_SELECTION pcr_select;
pcr_select.count = 1;
pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
pcr_select.pcr_selections[0].sizeof_select = 1;
pcr_select.pcr_selections[0].pcr_select[0] = 2;
TPML_DIGEST pcr_values;
pcr_values.count = 1;
pcr_values.digests[0].size = 5;
EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<2>(pcr_select),
SetArgPointee<3>(pcr_values),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadPCR(pcr_index, &pcr_value));
}
TEST_F(TpmUtilityTest, ReadPCRFail) {
std::string pcr_value;
EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
}
TEST_F(TpmUtilityTest, ReadPCRBadReturn) {
std::string pcr_value;
EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadPCR(1, &pcr_value));
}
TEST_F(TpmUtilityTest, AsymmetricEncryptSuccess) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_ciphertext("ciphertext");
std::string ciphertext;
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_ciphertext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(
key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
plaintext,
&mock_authorization_delegate_,
&ciphertext));
EXPECT_EQ(0, ciphertext.compare(output_ciphertext));
}
TEST_F(TpmUtilityTest, AsymmetricEncryptFail) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string ciphertext;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricEncrypt(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
plaintext,
nullptr,
&ciphertext));
}
TEST_F(TpmUtilityTest, AsymmetricEncryptBadParams) {
TPM_HANDLE key_handle = TPM_RH_FIRST;
std::string plaintext;
std::string ciphertext;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt | kRestricted;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, nullptr))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricEncrypt(key_handle,
TPM_ALG_RSAES,
TPM_ALG_NULL,
plaintext,
nullptr,
&ciphertext));
}
TEST_F(TpmUtilityTest, AsymmetricEncryptNullSchemeForward) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_ciphertext("ciphertext");
std::string ciphertext;
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_ciphertext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
plaintext,
nullptr,
&ciphertext));
EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
}
TEST_F(TpmUtilityTest, AsymmetricEncryptSchemeForward) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_ciphertext("ciphertext");
std::string ciphertext;
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_ciphertext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, nullptr))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricEncrypt(key_handle,
TPM_ALG_RSAES,
TPM_ALG_NULL,
plaintext,
nullptr,
&ciphertext));
EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
}
TEST_F(TpmUtilityTest, AsymmetricDecryptSuccess) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_plaintext("plaintext");
std::string ciphertext;
std::string password("password");
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_plaintext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
ciphertext,
&mock_authorization_delegate_,
&plaintext));
EXPECT_EQ(0, plaintext.compare(output_plaintext));
}
TEST_F(TpmUtilityTest, AsymmetricDecryptFail) {
TPM_HANDLE key_handle;
std::string key_name;
std::string plaintext;
std::string ciphertext;
std::string password;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.AsymmetricDecrypt(
key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
ciphertext,
&mock_authorization_delegate_,
&plaintext));
}
TEST_F(TpmUtilityTest, AsymmetricDecryptBadParams) {
TPM_HANDLE key_handle = TPM_RH_FIRST;
std::string plaintext;
std::string ciphertext;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt | kRestricted;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.AsymmetricDecrypt(
key_handle,
TPM_ALG_RSAES,
TPM_ALG_NULL,
ciphertext,
&mock_authorization_delegate_,
&plaintext));
}
TEST_F(TpmUtilityTest, AsymmetricDecryptBadSession) {
TPM_HANDLE key_handle = TPM_RH_FIRST;
std::string key_name;
std::string plaintext;
std::string ciphertext;
std::string password;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.AsymmetricDecrypt(
key_handle, TPM_ALG_RSAES, TPM_ALG_NULL,
ciphertext, nullptr, &plaintext));
}
TEST_F(TpmUtilityTest, AsymmetricDecryptNullSchemeForward) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_plaintext("plaintext");
std::string ciphertext;
std::string password;
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_plaintext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
ciphertext,
&mock_authorization_delegate_,
&plaintext));
EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
}
TEST_F(TpmUtilityTest, AsymmetricDecryptSchemeForward) {
TPM_HANDLE key_handle;
std::string plaintext;
std::string output_plaintext("plaintext");
std::string ciphertext;
std::string password;
TPM2B_PUBLIC_KEY_RSA out_message = Make_TPM2B_PUBLIC_KEY_RSA(
output_plaintext);
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, RSA_DecryptSync(key_handle, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.AsymmetricDecrypt(
key_handle,
TPM_ALG_RSAES,
TPM_ALG_NULL,
ciphertext,
&mock_authorization_delegate_,
&plaintext));
EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
}
TEST_F(TpmUtilityTest, SignSuccess) {
TPM_HANDLE key_handle;
std::string password("password");
std::string digest(32, 'a');
TPMT_SIGNATURE signature_out;
signature_out.signature.rsassa.sig.size = 2;
signature_out.signature.rsassa.sig.buffer[0] = 'h';
signature_out.signature.rsassa.sig.buffer[1] = 'i';
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SetArgPointee<5>(signature_out),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
EXPECT_EQ(0, signature.compare("hi"));
}
TEST_F(TpmUtilityTest, SignFail) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignBadParams1) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign | kRestricted;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignBadAuthorizationSession) {
TPM_HANDLE key_handle = TPM_RH_FIRST;
std::string password;
std::string digest(32, 'a');
std::string signature;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_NULL,
digest,
nullptr,
&signature));
}
TEST_F(TpmUtilityTest, SignBadParams2) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignBadParams3) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_ECC;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignBadParams4) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_FAILURE)));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignBadParams5) {
TPM_HANDLE key_handle = 0;
std::string password;
std::string digest(32, 'a');
std::string signature;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Sign(key_handle,
TPM_ALG_AES,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
}
TEST_F(TpmUtilityTest, SignNullSchemeForward) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(32, 'a');
TPMT_SIGNATURE signature_out;
signature_out.signature.rsassa.sig.size = 0;
std::string signature;
TPM2B_PUBLIC public_area;
TPMT_SIG_SCHEME scheme;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<5>(signature_out),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
&mock_authorization_delegate_,
&signature));
EXPECT_EQ(scheme.scheme, TPM_ALG_RSASSA);
EXPECT_EQ(scheme.details.rsassa.hash_alg, TPM_ALG_SHA256);
}
TEST_F(TpmUtilityTest, SignSchemeForward) {
TPM_HANDLE key_handle;
std::string password;
std::string digest(64, 'a');
TPMT_SIGNATURE signature_out;
signature_out.signature.rsassa.sig.size = 0;
std::string signature;
TPM2B_PUBLIC public_area;
TPMT_SIG_SCHEME scheme;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, SignSync(key_handle, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<5>(signature_out),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Sign(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_SHA1,
digest,
&mock_authorization_delegate_,
&signature));
EXPECT_EQ(scheme.scheme, TPM_ALG_RSAPSS);
EXPECT_EQ(scheme.details.rsapss.hash_alg, TPM_ALG_SHA1);
}
TEST_F(TpmUtilityTest, VerifySuccess) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyFail) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyBadParams1) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign | kRestricted;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyBadParams2) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyBadParams3) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_ECC;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyBadParams4) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_FAILURE)));
EXPECT_EQ(TPM_RC_FAILURE, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyBadParams5) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.Verify(key_handle,
TPM_ALG_AES,
TPM_ALG_NULL,
digest,
signature,
nullptr));
}
TEST_F(TpmUtilityTest, VerifyNullSchemeForward) {
TPM_HANDLE key_handle;
std::string digest(32, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
TPMT_SIGNATURE signature_in;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<3>(&signature_in),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
digest,
signature,
nullptr));
EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSASSA);
EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA256);
}
TEST_F(TpmUtilityTest, VerifySchemeForward) {
TPM_HANDLE key_handle;
std::string digest(64, 'a');
std::string signature;
TPM2B_PUBLIC public_area;
TPMT_SIGNATURE signature_in;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, VerifySignatureSync(key_handle, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<3>(&signature_in),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.Verify(key_handle,
TPM_ALG_RSAPSS,
TPM_ALG_SHA1,
digest,
signature,
nullptr));
EXPECT_EQ(signature_in.sig_alg, TPM_ALG_RSAPSS);
EXPECT_EQ(signature_in.signature.rsassa.hash, TPM_ALG_SHA1);
}
TEST_F(TpmUtilityTest, CertifyCreationSuccess) {
TPM_HANDLE key_handle = 42;
std::string creation_blob;
EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle,
_, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.CertifyCreation(key_handle, creation_blob));
}
TEST_F(TpmUtilityTest, CertifyCreationParserError) {
TPM_HANDLE key_handle = 42;
std::string creation_blob;
EXPECT_CALL(mock_blob_parser_, ParseCreationBlob(creation_blob, _, _, _))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
utility_.CertifyCreation(key_handle, creation_blob));
}
TEST_F(TpmUtilityTest, CertifyCreationFailure) {
TPM_HANDLE key_handle = 42;
std::string creation_blob;
EXPECT_CALL(mock_tpm_, CertifyCreationSyncShort(TPM_RH_NULL, key_handle,
_, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.CertifyCreation(key_handle, creation_blob));
}
TEST_F(TpmUtilityTest, ChangeAuthDataSuccess) {
TPM_HANDLE key_handle = 1;
std::string new_password;
std::string key_blob;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ChangeKeyAuthorizationData(
key_handle, new_password, &mock_authorization_delegate_, &key_blob));
}
TEST_F(TpmUtilityTest, ChangeAuthDataKeyNameFail) {
TPM_HANDLE key_handle = 1;
std::string old_password;
std::string new_password;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
key_handle, new_password, &mock_authorization_delegate_, nullptr));
}
TEST_F(TpmUtilityTest, ChangeAuthDataFailure) {
TPM_HANDLE key_handle = 1;
std::string new_password;
EXPECT_CALL(mock_tpm_, ObjectChangeAuthSync(key_handle, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ChangeKeyAuthorizationData(
key_handle, new_password, &mock_authorization_delegate_, nullptr));
}
TEST_F(TpmUtilityTest, ChangeAuthDataParserFail) {
TPM_HANDLE key_handle = 1;
std::string new_password;
std::string key_blob;
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.auth_policy.size = 0;
public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ChangeKeyAuthorizationData(
key_handle, new_password, &mock_authorization_delegate_, &key_blob));
}
TEST_F(TpmUtilityTest, ImportRSAKeySuccess) {
uint32_t public_exponent = 0x10001;
std::string modulus(256, 'a');
std::string prime_factor(128, 'b');
std::string password("password");
std::string key_blob;
TPM2B_DATA encryption_key;
TPM2B_PUBLIC public_data;
TPM2B_PRIVATE private_data;
EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<2>(&encryption_key),
SaveArg<3>(&public_data),
SaveArg<4>(&private_data),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey(
TpmUtility::AsymmetricKeyUsage::kDecryptKey,
modulus,
public_exponent,
prime_factor,
password,
&mock_authorization_delegate_,
&key_blob));
// Validate that the public area was properly constructed.
EXPECT_EQ(public_data.public_area.parameters.rsa_detail.key_bits,
modulus.size() * 8);
EXPECT_EQ(public_data.public_area.parameters.rsa_detail.exponent,
public_exponent);
EXPECT_EQ(public_data.public_area.unique.rsa.size, modulus.size());
EXPECT_EQ(0, memcmp(public_data.public_area.unique.rsa.buffer,
modulus.data(), modulus.size()));
// Validate the private struct construction.
EXPECT_EQ(kAesKeySize, encryption_key.size);
AES_KEY key;
AES_set_encrypt_key(encryption_key.buffer, kAesKeySize * 8, &key);
unsigned char iv[MAX_AES_BLOCK_SIZE_BYTES] = {0};
int iv_in = 0;
std::string unencrypted_private(private_data.size, 0);
AES_cfb128_encrypt(
reinterpret_cast<const unsigned char*>(private_data.buffer),
reinterpret_cast<unsigned char*>(string_as_array(&unencrypted_private)),
private_data.size, &key, iv, &iv_in, AES_DECRYPT);
TPM2B_DIGEST inner_integrity;
EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_DIGEST(&unencrypted_private,
&inner_integrity, nullptr));
std::string object_name;
EXPECT_EQ(TPM_RC_SUCCESS,
ComputeKeyName(public_data.public_area, &object_name));
std::string integrity_value = crypto::SHA256HashString(unencrypted_private +
object_name);
EXPECT_EQ(integrity_value.size(), inner_integrity.size);
EXPECT_EQ(0, memcmp(inner_integrity.buffer,
integrity_value.data(),
inner_integrity.size));
TPM2B_SENSITIVE sensitive_data;
EXPECT_EQ(TPM_RC_SUCCESS, Parse_TPM2B_SENSITIVE(&unencrypted_private,
&sensitive_data, nullptr));
EXPECT_EQ(sensitive_data.sensitive_area.auth_value.size, password.size());
EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.auth_value.buffer,
password.data(), password.size()));
EXPECT_EQ(sensitive_data.sensitive_area.sensitive.rsa.size,
prime_factor.size());
EXPECT_EQ(0, memcmp(sensitive_data.sensitive_area.sensitive.rsa.buffer,
prime_factor.data(), prime_factor.size()));
}
TEST_F(TpmUtilityTest, ImportRSAKeySuccessWithNoBlob) {
uint32_t public_exponent = 0x10001;
std::string modulus(256, 'a');
std::string prime_factor(128, 'b');
std::string password;
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ImportRSAKey(
TpmUtility::AsymmetricKeyUsage::kDecryptKey,
modulus,
public_exponent,
prime_factor,
password,
&mock_authorization_delegate_,
nullptr));
}
TEST_F(TpmUtilityTest, ImportRSAKeyParentNameFail) {
uint32_t public_exponent = 0x10001;
std::string modulus(256, 'a');
std::string prime_factor(128, 'b');
std::string password;
EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey(
TpmUtility::AsymmetricKeyUsage::kDecryptKey,
modulus,
public_exponent,
prime_factor,
password,
&mock_authorization_delegate_,
nullptr));
}
TEST_F(TpmUtilityTest, ImportRSAKeyFail) {
std::string modulus;
std::string prime_factor;
std::string password;
EXPECT_CALL(mock_tpm_, ImportSync(_, _, _, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ImportRSAKey(
TpmUtility::AsymmetricKeyUsage::kDecryptKey,
modulus,
0x10001,
prime_factor,
password,
&mock_authorization_delegate_,
nullptr));
}
TEST_F(TpmUtilityTest, ImportRSAKeyParserFail) {
std::string modulus;
std::string prime_factor;
std::string password;
std::string key_blob;
EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.ImportRSAKey(
TpmUtility::AsymmetricKeyUsage::kDecryptKey,
modulus,
0x10001,
prime_factor,
password,
&mock_authorization_delegate_,
&key_blob));
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairSuccess) {
TPM2B_PUBLIC public_area;
TPML_PCR_SELECTION creation_pcrs;
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
_, _, _, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SaveArg<2>(&public_area),
SaveArg<3>(&creation_pcrs),
Return(TPM_RC_SUCCESS)));
std::string key_blob;
std::string creation_blob;
int creation_pcr = 12;
EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kDecryptAndSignKey, 2048, 0x10001,
"password", "", false, creation_pcr, &mock_authorization_delegate_,
&key_blob, &creation_blob));
EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth,
kUserWithAuth);
EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy, 0u);
EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
TPM_ALG_NULL);
EXPECT_EQ(1u, creation_pcrs.count);
EXPECT_EQ(TPM_ALG_SHA256, creation_pcrs.pcr_selections[0].hash);
EXPECT_EQ(PCR_SELECT_MIN, creation_pcrs.pcr_selections[0].sizeof_select);
EXPECT_EQ(1u << (creation_pcr % 8),
creation_pcrs.pcr_selections[0].pcr_select[creation_pcr / 8]);
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairDecryptKeySuccess) {
TPM2B_PUBLIC public_area;
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
_, _, _, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SaveArg<2>(&public_area),
Return(TPM_RC_SUCCESS)));
std::string key_blob;
EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password",
"", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
nullptr));
EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, kDecrypt);
EXPECT_EQ(public_area.public_area.object_attributes & kSign, 0u);
EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
TPM_ALG_NULL);
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairSignKeySuccess) {
TPM2B_PUBLIC public_area;
TPM2B_SENSITIVE_CREATE sensitive_create;
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
_, _, _, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SaveArg<1>(&sensitive_create),
SaveArg<2>(&public_area),
Return(TPM_RC_SUCCESS)));
std::string key_blob;
std::string policy_digest(32, 'a');
std::string key_auth("password");
EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, key_auth,
policy_digest, true /* use_only_policy_authorization */, kNoCreationPCR,
&mock_authorization_delegate_, &key_blob, nullptr));
EXPECT_EQ(public_area.public_area.object_attributes & kDecrypt, 0u);
EXPECT_EQ(public_area.public_area.object_attributes & kSign, kSign);
EXPECT_EQ(public_area.public_area.object_attributes & kUserWithAuth, 0u);
EXPECT_EQ(public_area.public_area.object_attributes & kAdminWithPolicy,
kAdminWithPolicy);
EXPECT_EQ(public_area.public_area.parameters.rsa_detail.scheme.scheme,
TPM_ALG_NULL);
EXPECT_EQ(public_area.public_area.parameters.rsa_detail.key_bits, 2048);
EXPECT_EQ(public_area.public_area.parameters.rsa_detail.exponent, 0x10001u);
EXPECT_EQ(public_area.public_area.auth_policy.size, policy_digest.size());
EXPECT_EQ(0, memcmp(public_area.public_area.auth_policy.buffer,
policy_digest.data(), policy_digest.size()));
EXPECT_EQ(sensitive_create.sensitive.user_auth.size, key_auth.size());
EXPECT_EQ(0, memcmp(sensitive_create.sensitive.user_auth.buffer,
key_auth.data(), key_auth.size()));
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairBadDelegate) {
std::string key_blob;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kDecryptKey, 2048, 0x10001, "password",
"", false, kNoCreationPCR, nullptr, &key_blob, nullptr));
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairFailure) {
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey,
_, _, _, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(Return(TPM_RC_FAILURE));
std::string key_blob;
EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
"", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
nullptr));
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairKeyParserFail) {
std::string key_blob;
EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &key_blob))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
"", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
nullptr));
}
TEST_F(TpmUtilityTest, CreateRSAKeyPairCreationParserFail) {
std::string creation_blob;
std::string key_blob;
EXPECT_CALL(mock_blob_parser_, SerializeCreationBlob(_, _, _, &creation_blob))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.CreateRSAKeyPair(
TpmUtility::AsymmetricKeyUsage::kSignKey, 2048, 0x10001, "password",
"", false, kNoCreationPCR, &mock_authorization_delegate_, &key_blob,
&creation_blob));
}
TEST_F(TpmUtilityTest, LoadKeySuccess) {
TPM_HANDLE key_handle = TPM_RH_FIRST;
TPM_HANDLE loaded_handle;
EXPECT_CALL(mock_tpm_, LoadSync(kRSAStorageRootKey, _, _, _, _, _,
&mock_authorization_delegate_))
.WillOnce(DoAll(SetArgPointee<4>(key_handle),
Return(TPM_RC_SUCCESS)));
std::string key_blob;
EXPECT_EQ(TPM_RC_SUCCESS, utility_.LoadKey(
key_blob, &mock_authorization_delegate_, &loaded_handle));
EXPECT_EQ(loaded_handle, key_handle);
}
TEST_F(TpmUtilityTest, LoadKeyFailure) {
TPM_HANDLE key_handle;
EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
std::string key_blob;
EXPECT_EQ(TPM_RC_FAILURE, utility_.LoadKey(
key_blob, &mock_authorization_delegate_, &key_handle));
}
TEST_F(TpmUtilityTest, LoadKeyBadDelegate) {
TPM_HANDLE key_handle;
std::string key_blob;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LoadKey(
key_blob, nullptr, &key_handle));
}
TEST_F(TpmUtilityTest, LoadKeyParserFail) {
TPM_HANDLE key_handle;
std::string key_blob;
EXPECT_CALL(mock_blob_parser_, ParseKeyBlob(key_blob, _, _))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.LoadKey(
key_blob, &mock_authorization_delegate_, &key_handle));
}
TEST_F(TpmUtilityTest, SealedDataSuccess) {
std::string data_to_seal("seal_data");
std::string sealed_data;
TPM2B_SENSITIVE_CREATE sensitive_create;
TPM2B_PUBLIC in_public;
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _,
_, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<1>(&sensitive_create),
SaveArg<2>(&in_public),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.SealData(
data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
EXPECT_EQ(sensitive_create.sensitive.data.size, data_to_seal.size());
EXPECT_EQ(0, memcmp(sensitive_create.sensitive.data.buffer,
data_to_seal.data(), data_to_seal.size()));
EXPECT_EQ(in_public.public_area.type, TPM_ALG_KEYEDHASH);
EXPECT_EQ(in_public.public_area.name_alg, TPM_ALG_SHA256);
}
TEST_F(TpmUtilityTest, SealDataBadDelegate) {
std::string data_to_seal("seal_data");
std::string sealed_data;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.SealData(
data_to_seal, "", nullptr, &sealed_data));
}
TEST_F(TpmUtilityTest, SealDataFailure) {
std::string data_to_seal("seal_data");
std::string sealed_data;
EXPECT_CALL(mock_tpm_, CreateSyncShort(kRSAStorageRootKey, _, _,
_, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.SealData(
data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
}
TEST_F(TpmUtilityTest, SealDataParserFail) {
std::string data_to_seal("seal_data");
std::string sealed_data;
EXPECT_CALL(mock_blob_parser_, SerializeKeyBlob(_, _, &sealed_data))
.WillOnce(Return(false));
EXPECT_EQ(SAPI_RC_BAD_TCTI_STRUCTURE, utility_.SealData(
data_to_seal, "", &mock_authorization_delegate_, &sealed_data));
}
TEST_F(TpmUtilityTest, UnsealDataSuccess) {
std::string sealed_data;
std::string tpm_unsealed_data("password");
std::string unsealed_data;
TPM_HANDLE object_handle = 42;
TPM2B_PUBLIC public_data;
public_data.public_area.auth_policy.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_data),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, ReadPublicSync(object_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_data),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<4>(object_handle),
Return(TPM_RC_SUCCESS)));
TPM2B_SENSITIVE_DATA out_data = Make_TPM2B_SENSITIVE_DATA(tpm_unsealed_data);
EXPECT_CALL(mock_tpm_, UnsealSync(object_handle, _, _, _))
.WillOnce(DoAll(SetArgPointee<2>(out_data),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.UnsealData(
sealed_data, &mock_authorization_delegate_, &unsealed_data));
EXPECT_EQ(unsealed_data, tpm_unsealed_data);
}
TEST_F(TpmUtilityTest, UnsealDataBadDelegate) {
std::string sealed_data;
std::string unsealed_data;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.UnsealData(
sealed_data, nullptr, &unsealed_data));
}
TEST_F(TpmUtilityTest, UnsealDataLoadFail) {
std::string sealed_data;
std::string unsealed_data;
EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
sealed_data, &mock_authorization_delegate_, &unsealed_data));
}
TEST_F(TpmUtilityTest, UnsealDataBadKeyName) {
std::string sealed_data;
std::string unsealed_data;
EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
sealed_data, &mock_authorization_delegate_, &unsealed_data));
}
TEST_F(TpmUtilityTest, UnsealObjectFailure) {
std::string sealed_data;
std::string unsealed_data;
EXPECT_CALL(mock_tpm_, UnsealSync(_, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.UnsealData(
sealed_data, &mock_authorization_delegate_, &unsealed_data));
}
TEST_F(TpmUtilityTest, StartSessionSuccess) {
EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.StartSession(&mock_hmac_session_));
}
TEST_F(TpmUtilityTest, StartSessionFailure) {
EXPECT_CALL(mock_hmac_session_, StartUnboundSession(true))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.StartSession(&mock_hmac_session_));
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccess) {
int index = 5;
std::string pcr_value("pcr_value");
std::string policy_digest;
TPML_PCR_SELECTION pcr_select;
pcr_select.count = 1;
pcr_select.pcr_selections[0].hash = TPM_ALG_SHA256;
pcr_select.pcr_selections[0].sizeof_select = 1;
pcr_select.pcr_selections[0].pcr_select[index / 8] = 1 << (index % 8);
TPML_DIGEST pcr_values;
pcr_values.count = 1;
pcr_values.digests[0] = Make_TPM2B_DIGEST(pcr_value);
EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
.WillOnce(DoAll(SetArgPointee<2>(pcr_select),
SetArgPointee<3>(pcr_values),
Return(TPM_RC_SUCCESS)));
std::string tpm_pcr_value;
EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
.WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value),
Return(TPM_RC_SUCCESS)));
std::string tpm_policy_digest("digest");
EXPECT_CALL(mock_policy_session_, GetDigest(_))
.WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
EXPECT_EQ(policy_digest, tpm_policy_digest);
EXPECT_EQ(pcr_value, tpm_pcr_value);
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueSuccessWithPcrValue) {
int index = 5;
std::string pcr_value("pcr_value");
std::string policy_digest;
std::string tpm_pcr_value;
EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
.WillOnce(DoAll(SaveArg<1>(&tpm_pcr_value),
Return(TPM_RC_SUCCESS)));
std::string tpm_policy_digest("digest");
EXPECT_CALL(mock_policy_session_, GetDigest(_))
.WillOnce(DoAll(SetArgPointee<0>(tpm_policy_digest),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
EXPECT_EQ(policy_digest, tpm_policy_digest);
EXPECT_EQ(pcr_value, tpm_pcr_value);
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadSession) {
int index = 5;
std::string pcr_value("value");
std::string policy_digest;
EXPECT_CALL(mock_policy_session_, StartUnboundSession(false))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValuePcrReadFail) {
int index = 5;
std::string policy_digest;
EXPECT_CALL(mock_tpm_, PCR_ReadSync(_, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.GetPolicyDigestForPcrValue(index, "", &policy_digest));
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadPcr) {
int index = 5;
std::string pcr_value("value");
std::string policy_digest;
EXPECT_CALL(mock_policy_session_, PolicyPCR(index, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
}
TEST_F(TpmUtilityTest, GetPolicyDigestForPcrValueBadDigest) {
int index = 5;
std::string pcr_value("value");
std::string policy_digest;
EXPECT_CALL(mock_policy_session_, GetDigest(&policy_digest))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.GetPolicyDigestForPcrValue(index, pcr_value, &policy_digest));
}
TEST_F(TpmUtilityTest, DefineNVSpaceSuccess) {
uint32_t index = 59;
uint32_t nvram_index = NV_INDEX_FIRST + index;
size_t length = 256;
TPM2B_NV_PUBLIC public_data;
EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
.WillOnce(DoAll(SaveArg<3>(&public_data),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.DefineNVSpace(
index, length, &mock_authorization_delegate_));
EXPECT_EQ(public_data.nv_public.nv_index, nvram_index);
EXPECT_EQ(public_data.nv_public.name_alg, TPM_ALG_SHA256);
EXPECT_EQ(public_data.nv_public.attributes,
TPMA_NV_NO_DA | TPMA_NV_OWNERWRITE | TPMA_NV_WRITEDEFINE |
TPMA_NV_AUTHREAD);
EXPECT_EQ(public_data.nv_public.data_size, length);
}
TEST_F(TpmUtilityTest, DefineNVSpaceBadLength) {
size_t bad_length = 3000;
EXPECT_EQ(SAPI_RC_BAD_SIZE,
utility_.DefineNVSpace(0, bad_length, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, DefineNVSpaceBadIndex) {
uint32_t bad_index = 1<<29;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
utility_.DefineNVSpace(bad_index, 2, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, DefineNVSpaceBadSession) {
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DefineNVSpace(0, 2, nullptr));
}
TEST_F(TpmUtilityTest, DefineNVSpaceFail) {
uint32_t index = 59;
size_t length = 256;
EXPECT_CALL(mock_tpm_, NV_DefineSpaceSync(TPM_RH_OWNER, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.DefineNVSpace(index, length, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, DestroyNVSpaceSuccess) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_,
NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, DestroyNVSpaceBadIndex) {
uint32_t bad_index = 1<<29;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
utility_.DestroyNVSpace(bad_index, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, DestroyNVSpaceBadSession) {
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.DestroyNVSpace(3, nullptr));
}
TEST_F(TpmUtilityTest, DestroyNVSpaceFailure) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_,
NV_UndefineSpaceSync(TPM_RH_OWNER, _, nvram_index, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.DestroyNVSpace(index, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, LockNVSpaceSuccess) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS,
utility_.LockNVSpace(index, &mock_authorization_delegate_));
TPMS_NV_PUBLIC public_area;
EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
EXPECT_EQ(public_area.attributes & TPMA_NV_WRITELOCKED, TPMA_NV_WRITELOCKED);
}
TEST_F(TpmUtilityTest, LockNVSpaceBadIndex) {
uint32_t bad_index = 1<<24;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER,
utility_.LockNVSpace(bad_index, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, LockNVSpaceBadSession) {
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS, utility_.LockNVSpace(52, nullptr));
}
TEST_F(TpmUtilityTest, LockNVSpaceFailure) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_, NV_WriteLockSync(TPM_RH_OWNER, _, nvram_index, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE,
utility_.LockNVSpace(index, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, WriteNVSpaceSuccess) {
uint32_t index = 53;
uint32_t offset = 5;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_,
NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.WriteNVSpace(
index, offset, "", &mock_authorization_delegate_));
TPMS_NV_PUBLIC public_area;
EXPECT_EQ(TPM_RC_SUCCESS, GetNVRAMMap(index, &public_area));
EXPECT_EQ(public_area.attributes & TPMA_NV_WRITTEN, TPMA_NV_WRITTEN);
}
TEST_F(TpmUtilityTest, WriteNVSpaceBadSize) {
uint32_t index = 53;
std::string nvram_data(1025, 0);
EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.WriteNVSpace(
index, 0, nvram_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, WriteNVSpaceBadIndex) {
uint32_t bad_index = 1<<24;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.WriteNVSpace(
bad_index, 0, "", &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, WriteNVSpaceBadSessions) {
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
utility_.WriteNVSpace(53, 0, "", nullptr));
}
TEST_F(TpmUtilityTest, WriteNVSpaceFailure) {
uint32_t index = 53;
uint32_t offset = 5;
uint32_t nvram_index = NV_INDEX_FIRST + index;
EXPECT_CALL(mock_tpm_,
NV_WriteSync(TPM_RH_OWNER, _, nvram_index, _, _, offset, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.WriteNVSpace(
index, offset, "", &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, ReadNVSpaceSuccess) {
uint32_t index = 53;
uint32_t offset = 5;
uint32_t nv_index = NV_INDEX_FIRST + index;
size_t length = 24;
std::string nvram_data;
EXPECT_CALL(mock_tpm_,
NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.ReadNVSpace(
index, offset, length, &nvram_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, ReadNVSpaceBadReadLength) {
size_t length = 1025;
std::string nvram_data;
EXPECT_EQ(SAPI_RC_BAD_SIZE, utility_.ReadNVSpace(
52, 0, length, &nvram_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, ReadNVSpaceBadIndex) {
uint32_t bad_index = 1<<24;
std::string nvram_data;
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility_.ReadNVSpace(
bad_index, 0, 5, &nvram_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, ReadNVSpaceBadSession) {
std::string nvram_data;
EXPECT_EQ(SAPI_RC_INVALID_SESSIONS,
utility_.ReadNVSpace(53, 0, 5, &nvram_data, nullptr));
}
TEST_F(TpmUtilityTest, ReadNVSpaceFailure) {
uint32_t index = 53;
uint32_t offset = 5;
uint32_t nv_index = NV_INDEX_FIRST + index;
size_t length = 24;
std::string nvram_data;
EXPECT_CALL(mock_tpm_,
NV_ReadSync(nv_index, _, nv_index, _, length, offset, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.ReadNVSpace(
index, offset, length, &nvram_data, &mock_authorization_delegate_));
}
TEST_F(TpmUtilityTest, GetNVSpaceNameSuccess) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
std::string name;
EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpaceName(index, &name));
}
TEST_F(TpmUtilityTest, GetNVSpaceNameFailure) {
uint32_t index = 53;
std::string name;
EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpaceName(index, &name));
}
TEST_F(TpmUtilityTest, GetNVSpacePublicAreaCachedSuccess) {
uint32_t index = 53;
TPMS_NV_PUBLIC public_area;
SetNVRAMMap(index, public_area);
EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
.Times(0);
EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
}
TEST_F(TpmUtilityTest, GetNVSpacePublicAreaSuccess) {
uint32_t index = 53;
uint32_t nvram_index = NV_INDEX_FIRST + index;
TPMS_NV_PUBLIC public_area;
EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(nvram_index, _, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, utility_.GetNVSpacePublicArea(index, &public_area));
}
TEST_F(TpmUtilityTest, GetNVSpacePublicAreaFailure) {
uint32_t index = 53;
TPMS_NV_PUBLIC public_area;
EXPECT_CALL(mock_tpm_, NV_ReadPublicSync(_, _, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area));
}
TEST_F(TpmUtilityTest, SetKnownPasswordSuccess) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillOnce(Return(false));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
.WillOnce(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
}
TEST_F(TpmUtilityTest, SetKnownPasswordOwnershipDone) {
EXPECT_EQ(TPM_RC_SUCCESS, SetKnownOwnerPassword("password"));
}
TEST_F(TpmUtilityTest, SetKnownPasswordFailure) {
EXPECT_CALL(mock_tpm_state_, IsOwnerPasswordSet())
.WillOnce(Return(false));
EXPECT_CALL(mock_tpm_, HierarchyChangeAuthSync(TPM_RH_OWNER, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, SetKnownOwnerPassword("password"));
}
TEST_F(TpmUtilityTest, RootKeysSuccess) {
EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
}
TEST_F(TpmUtilityTest, RootKeysHandleConsistency) {
TPM_HANDLE test_handle = 42;
EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<3>(test_handle),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
.WillRepeatedly(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
}
TEST_F(TpmUtilityTest, RootKeysCreateFailure) {
EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
}
TEST_F(TpmUtilityTest, RootKeysPersistFailure) {
EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
}
TEST_F(TpmUtilityTest, RootKeysAlreadyExist) {
SetExistingKeyHandleExpectation(kRSAStorageRootKey);
SetExistingKeyHandleExpectation(kECCStorageRootKey);
EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
}
TEST_F(TpmUtilityTest, SaltingKeySuccess) {
TPM2B_PUBLIC public_area;
EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
.WillOnce(DoAll(SaveArg<2>(&public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
EXPECT_EQ(TPM_ALG_SHA256, public_area.public_area.name_alg);
}
TEST_F(TpmUtilityTest, SaltingKeyConsistency) {
TPM_HANDLE test_handle = 42;
EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<4>(test_handle),
Return(TPM_RC_SUCCESS)));
EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
.WillRepeatedly(Return(TPM_RC_SUCCESS));
EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
}
TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) {
EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
}
TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) {
EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
}
TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) {
EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
.WillRepeatedly(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
}
TEST_F(TpmUtilityTest, SaltingKeyAlreadyExists) {
SetExistingKeyHandleExpectation(kSaltingKey);
EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
}
} // namespace trunks