//
// Copyright (C) 2014 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <string>
#include <gtest/gtest.h>
#include "trunks/password_authorization_delegate.h"
namespace trunks {
// This test looks at initialization of the delegate with no password.
// It should initailize with a zero length internal password buffer.
TEST(PasswordAuthorizationDelegateTest, NullInitialization) {
PasswordAuthorizationDelegate delegate("");
EXPECT_EQ(delegate.password_.size, 0);
}
// This test checks the generation of an authorization structure by the
// delegate. It compared the serialized structure generated by the delegate
// to the expected authorization string.
TEST(PasswordAuthorizationDelegateTest, SerializationTest) {
std::string expected_auth(
"\x40\x00\x00\x09" // session_handle = TPM_RS_PW
"\x00\x00" // nonce = zero length buffer
"\x01" // session_attributes = continueSession
"\x00\x06" // password length
"secret", // password
15);
PasswordAuthorizationDelegate delegate("secret");
std::string authorization;
std::string command_hash;
bool authorization_result = delegate.GetCommandAuthorization(
command_hash, false, false, &authorization);
EXPECT_EQ(authorization_result, true);
EXPECT_EQ(authorization.length(), expected_auth.length());
EXPECT_EQ(expected_auth.compare(authorization), 0);
}
// This test looks at the delegate's ability to parse and check authorization
// responses when the response is well formed.
TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) {
std::string auth_response(
"\x00\x00" // nonceTpm = zero length buffer
"\x01" // session_attributes = continueSession
"\x00\x00", // hmac = zero length buffer
5);
PasswordAuthorizationDelegate delegate("secret");
std::string response_hash;
bool authorization_result =
delegate.CheckResponseAuthorization(response_hash, auth_response);
EXPECT_EQ(authorization_result, true);
}
// This test checks the delegate's ability to correctly identify an incorrect
// authorization response.
TEST(PasswordAuthorizationDelegateTest, ParseBadParams) {
std::string auth_response(
"\x00\x00" // nonceTpm = zero length buffer
"\x01" // session_attributes = continueSession
"\x00\x06" // password length
"secret", // password
11);
PasswordAuthorizationDelegate delegate("secret");
std::string response_hash;
bool authorization_result =
delegate.CheckResponseAuthorization(response_hash, auth_response);
EXPECT_EQ(authorization_result, false);
}
// This test confirms that after encrypting and decrypting a parameter,
// we get the original parameter back.
TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) {
PasswordAuthorizationDelegate delegate("secret");
std::string plaintext_parameter("parameter");
std::string encrypted_parameter(plaintext_parameter);
ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
delegate.EncryptCommandParameter(&encrypted_parameter);
delegate.DecryptResponseParameter(&encrypted_parameter);
EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0);
}
} // namespace trunks