Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/firmware-cr50-stab-mp-14300.B / . / cryptohome / auth_block_state_unittest.cc
blob: e8500dab4fe0b6da9d11db3fcc8833f40da4b283 [file] [log] [blame]
// Copyright 2021 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <utility>
#include <absl/types/variant.h>
#include <base/optional.h>
#include <brillo/secure_allocator.h>
#include <brillo/secure_blob.h>
#include <gtest/gtest.h>
#include "cryptohome/auth_block_state.h"
#include "cryptohome/auth_block_state_generated.h"
#include "cryptohome/flatbuffer_secure_allocator_bridge.h"
namespace cryptohome {
namespace {
constexpr char kFakeSalt[] = "fake_salt";
constexpr char kFakeTpmKey[] = "fake_tpm_key";
constexpr char kFakeExtendedTpmKey[] = "fake_extended_tpm_key";
constexpr char kFakeTpmKeyHash[] = "fake_tpm_key_hash";
brillo::SecureBlob ToSecureBlob(const flatbuffers::Vector<uint8_t>* vector) {
return brillo::SecureBlob(vector->data(), vector->data() + vector->size());
}
} // namespace
TEST(AuthBlockStateTest, SerializeTpmBoundtoPcrState) {
const brillo::SecureBlob salt(brillo::BlobFromString(kFakeSalt));
const brillo::SecureBlob tpm_key(brillo::BlobFromString(kFakeTpmKey));
const brillo::SecureBlob extended_tpm_key(
brillo::BlobFromString(kFakeExtendedTpmKey));
const brillo::SecureBlob tpm_public_key_hash(
brillo::BlobFromString(kFakeTpmKeyHash));
TpmBoundToPcrAuthBlockState tpm_state = {
.scrypt_derived = true,
.salt = salt,
.tpm_key = tpm_key,
.extended_tpm_key = extended_tpm_key,
.tpm_public_key_hash = tpm_public_key_hash,
};
AuthBlockState final_state = {.state = std::move(tpm_state)};
base::Optional<brillo::SecureBlob> serialized = final_state.Serialize();
ASSERT_TRUE(serialized.has_value());
auto* state_buffer = GetSerializedAuthBlockState(serialized->data());
EXPECT_EQ(state_buffer->auth_block_state_type(),
AuthBlockStateUnion::TpmBoundToPcrState);
auto* tpm_buffer =
static_cast<const TpmBoundToPcrState*>(state_buffer->auth_block_state());
EXPECT_TRUE(tpm_buffer->scrypt_derived());
EXPECT_EQ(ToSecureBlob(tpm_buffer->salt()), salt);
EXPECT_EQ(ToSecureBlob(tpm_buffer->tpm_key()), tpm_key);
EXPECT_EQ(ToSecureBlob(tpm_buffer->extended_tpm_key()), extended_tpm_key);
EXPECT_EQ(ToSecureBlob(tpm_buffer->tpm_public_key_hash()),
tpm_public_key_hash);
}
TEST(AuthBlockStateTest, SerializedAuthBlockStateOffset) {
FlatbufferSecureAllocatorBridge allocator;
flatbuffers::FlatBufferBuilder builder(/*initial_size=*/1024, &allocator);
const brillo::SecureBlob salt(brillo::BlobFromString(kFakeSalt));
const brillo::SecureBlob tpm_key(brillo::BlobFromString(kFakeTpmKey));
const brillo::SecureBlob extended_tpm_key(
brillo::BlobFromString(kFakeExtendedTpmKey));
const brillo::SecureBlob tpm_public_key_hash(
brillo::BlobFromString(kFakeTpmKeyHash));
TpmBoundToPcrAuthBlockState tpm_state = {
.scrypt_derived = true,
.salt = salt,
.tpm_key = tpm_key,
.extended_tpm_key = extended_tpm_key,
.tpm_public_key_hash = tpm_public_key_hash,
};
AuthBlockState final_state = {.state = std::move(tpm_state)};
flatbuffers::Offset<SerializedAuthBlockState> offset =
final_state.SerializeToOffset(&builder);
ASSERT_TRUE(!offset.IsNull());
}
TEST(AuthBlockStateTest, TpmBoundtoPcrStateOptionalFields) {
const brillo::SecureBlob salt(brillo::BlobFromString(kFakeSalt));
const brillo::SecureBlob tpm_key(brillo::BlobFromString(kFakeTpmKey));
const brillo::SecureBlob extended_tpm_key(
brillo::BlobFromString(kFakeExtendedTpmKey));
TpmBoundToPcrAuthBlockState tpm_state = {
.scrypt_derived = true,
.salt = salt,
.tpm_key = tpm_key,
.extended_tpm_key = extended_tpm_key,
.tpm_public_key_hash = brillo::SecureBlob(),
.wrapped_reset_seed = base::nullopt,
};
AuthBlockState final_state = {.state = std::move(tpm_state)};
base::Optional<brillo::SecureBlob> serialized = final_state.Serialize();
ASSERT_TRUE(serialized.has_value());
auto* state_buffer = GetSerializedAuthBlockState(serialized->data());
EXPECT_EQ(state_buffer->auth_block_state_type(),
AuthBlockStateUnion::TpmBoundToPcrState);
auto* tpm_buffer =
static_cast<const TpmBoundToPcrState*>(state_buffer->auth_block_state());
EXPECT_TRUE(tpm_buffer->scrypt_derived());
EXPECT_EQ(ToSecureBlob(tpm_buffer->salt()), salt);
EXPECT_EQ(ToSecureBlob(tpm_buffer->tpm_key()), tpm_key);
EXPECT_EQ(ToSecureBlob(tpm_buffer->extended_tpm_key()), extended_tpm_key);
EXPECT_EQ(tpm_buffer->tpm_public_key_hash(), nullptr);
}
TEST(AuthBlockStateTest, TpmBoundtoPcrStateFail) {
TpmBoundToPcrAuthBlockState tpm_state = {
.scrypt_derived = true,
};
AuthBlockState final_state = {.state = std::move(tpm_state)};
base::Optional<brillo::SecureBlob> serialized = final_state.Serialize();
// tpm_key, extended_tpm_key and salt are all missing, cannot serialize()
EXPECT_EQ(serialized, base::nullopt);
}
} // namespace cryptohome