| // Copyright 2014 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <string> |
| |
| #include <gtest/gtest.h> |
| |
| #include "trunks/password_authorization_delegate.h" |
| |
| namespace trunks { |
| |
| // This test looks at initialization of the delegate with no password. |
| // It should initailize with a zero length internal password buffer. |
| TEST(PasswordAuthorizationDelegateTest, NullInitialization) { |
| PasswordAuthorizationDelegate delegate(""); |
| EXPECT_EQ(delegate.password_.size, 0); |
| } |
| |
| // This test checks the generation of an authorization structure by the |
| // delegate. It compared the serialized structure generated by the delegate |
| // to the expected authorization string. |
| TEST(PasswordAuthorizationDelegateTest, SerializationTest) { |
| std::string expected_auth( |
| "\x40\x00\x00\x09" // session_handle = TPM_RS_PW |
| "\x00\x00" // nonce = zero length buffer |
| "\x01" // session_attributes = continueSession |
| "\x00\x06" // password length |
| "secret", // password |
| 15); |
| PasswordAuthorizationDelegate delegate("secret"); |
| std::string authorization; |
| std::string command_hash; |
| bool authorization_result = delegate.GetCommandAuthorization( |
| command_hash, false, false, &authorization); |
| EXPECT_EQ(authorization_result, true); |
| EXPECT_EQ(authorization.length(), expected_auth.length()); |
| EXPECT_EQ(expected_auth.compare(authorization), 0); |
| } |
| |
| // This test looks at the delegate's ability to parse and check authorization |
| // responses when the response is well formed. |
| TEST(PasswordAuthorizationDelegateTest, ParseGoodParams) { |
| std::string auth_response( |
| "\x00\x00" // nonceTpm = zero length buffer |
| "\x01" // session_attributes = continueSession |
| "\x00\x00", // hmac = zero length buffer |
| 5); |
| PasswordAuthorizationDelegate delegate("secret"); |
| std::string response_hash; |
| bool authorization_result = |
| delegate.CheckResponseAuthorization(response_hash, auth_response); |
| EXPECT_EQ(authorization_result, true); |
| } |
| |
| // This test checks the delegate's ability to correctly identify an incorrect |
| // authorization response. |
| TEST(PasswordAuthorizationDelegateTest, ParseBadParams) { |
| std::string auth_response( |
| "\x00\x00" // nonceTpm = zero length buffer |
| "\x01" // session_attributes = continueSession |
| "\x00\x06" // password length |
| "secret", // password |
| 11); |
| PasswordAuthorizationDelegate delegate("secret"); |
| std::string response_hash; |
| bool authorization_result = |
| delegate.CheckResponseAuthorization(response_hash, auth_response); |
| EXPECT_EQ(authorization_result, false); |
| } |
| |
| // This test confirms that after encrypting and decrypting a parameter, |
| // we get the original parameter back. |
| TEST(PasswordAuthorizationDelegateTest, EncryptDecrypt) { |
| PasswordAuthorizationDelegate delegate("secret"); |
| std::string plaintext_parameter("parameter"); |
| std::string encrypted_parameter(plaintext_parameter); |
| ASSERT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); |
| delegate.EncryptCommandParameter(&encrypted_parameter); |
| delegate.DecryptResponseParameter(&encrypted_parameter); |
| EXPECT_EQ(plaintext_parameter.compare(encrypted_parameter), 0); |
| } |
| |
| } // namespace trunks |