trunks: Make CreateStorageRootKeys and CreateSaltingKey public
We need to expose these methods as public so that any clients
of the utility who take ownership themselves (cryptohome) can
manually create SRKs and SaltingKeys rather than calling one opaque
TakeOwnership call.
BUG=chromium:415999
TEST=unit
Change-Id: I6d72ef26e05e1714ff867b28a2c508e3a01b0474
Reviewed-on: https://chromium-review.googlesource.com/265183
Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org>
Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org>
Tested-by: Utkarsh Sanghi <usanghi@chromium.org>
diff --git a/mock_tpm_utility.h b/mock_tpm_utility.h
index 36a9121..af7f19a 100644
--- a/mock_tpm_utility.h
+++ b/mock_tpm_utility.h
@@ -25,6 +25,8 @@
MOCK_METHOD3(TakeOwnership, TPM_RC(const std::string& owner_password,
const std::string& endorsement_password,
const std::string& lockout_password));
+ MOCK_METHOD1(CreateStorageRootKeys, TPM_RC(const std::string&));
+ MOCK_METHOD1(CreateSaltingKey, TPM_RC(const std::string&));
MOCK_METHOD2(StirRandom, TPM_RC(const std::string&, AuthorizationDelegate*));
MOCK_METHOD3(GenerateRandom, TPM_RC(size_t,
AuthorizationDelegate*,
diff --git a/tpm_utility.h b/tpm_utility.h
index 4270d4b..807d247 100644
--- a/tpm_utility.h
+++ b/tpm_utility.h
@@ -57,6 +57,17 @@
const std::string& endorsement_password,
const std::string& lockout_password) = 0;
+ // Synchronously derives storage root keys for RSA and ECC and persists the
+ // keys in the TPM. This operation must be authorized by the |owner_password|
+ // and, on success, KRSAStorageRootKey and kECCStorageRootKey can be used
+ // with an empty authorization value until the TPM is cleared.
+ virtual TPM_RC CreateStorageRootKeys(const std::string& owner_password) = 0;
+
+ // This method creates an RSA decryption key to be used for salting sessions.
+ // This method also makes the salting key permanent under the storage
+ // hierarchy.
+ virtual TPM_RC CreateSaltingKey(const std::string& owner_password) = 0;
+
// Stir the tpm random generation module with some random entropy data.
// |delegate| specifies an optional authorization delegate to be used.
virtual TPM_RC StirRandom(const std::string& entropy_data,
diff --git a/tpm_utility_impl.cc b/tpm_utility_impl.cc
index 2c58bb9..1b67b6f 100644
--- a/tpm_utility_impl.cc
+++ b/tpm_utility_impl.cc
@@ -241,6 +241,184 @@
return TPM_RC_SUCCESS;
}
+TPM_RC TpmUtilityImpl::CreateStorageRootKeys(
+ const std::string& owner_password) {
+ TPM_RC result = TPM_RC_SUCCESS;
+ Tpm* tpm = factory_.GetTpm();
+ TPMT_PUBLIC public_area = CreateDefaultPublicArea(TPM_ALG_RSA);
+ public_area.object_attributes |=
+ (kSensitiveDataOrigin | kUserWithAuth | kNoDA |
+ kRestricted | kDecrypt);
+ public_area.parameters.rsa_detail.symmetric.algorithm = TPM_ALG_AES;
+ public_area.parameters.rsa_detail.symmetric.key_bits.aes = 128;
+ public_area.parameters.rsa_detail.symmetric.mode.aes = TPM_ALG_CFB;
+ TPM2B_PUBLIC rsa_public_area = Make_TPM2B_PUBLIC(public_area);
+ TPML_PCR_SELECTION creation_pcrs;
+ creation_pcrs.count = 0;
+ TPMS_SENSITIVE_CREATE sensitive;
+ sensitive.user_auth = Make_TPM2B_DIGEST("");
+ sensitive.data = Make_TPM2B_SENSITIVE_DATA("");
+ TPM_HANDLE object_handle;
+ TPM2B_CREATION_DATA creation_data;
+ TPM2B_DIGEST creation_digest;
+ TPMT_TK_CREATION creation_ticket;
+ TPM2B_NAME object_name;
+ object_name.size = 0;
+ scoped_ptr<AuthorizationDelegate> delegate =
+ factory_.GetPasswordAuthorization(owner_password);
+ result = tpm->CreatePrimarySync(TPM_RH_OWNER,
+ NameFromHandle(TPM_RH_OWNER),
+ Make_TPM2B_SENSITIVE_CREATE(sensitive),
+ rsa_public_area,
+ Make_TPM2B_DATA(""),
+ creation_pcrs,
+ &object_handle,
+ &rsa_public_area,
+ &creation_data,
+ &creation_digest,
+ &creation_ticket,
+ &object_name,
+ delegate.get());
+ if (result) {
+ LOG(ERROR) << __func__ << ": " << GetErrorString(result);
+ return result;
+ }
+ ScopedKeyHandle rsa_key(factory_, object_handle);
+ // This will make the key persistent.
+ result = tpm->EvictControlSync(TPM_RH_OWNER,
+ NameFromHandle(TPM_RH_OWNER),
+ object_handle,
+ StringFrom_TPM2B_NAME(object_name),
+ kRSAStorageRootKey,
+ delegate.get());
+ if (result) {
+ LOG(ERROR) << __func__ << ": " << GetErrorString(result);
+ return result;
+ }
+ // Do it again for ECC.
+ public_area = CreateDefaultPublicArea(TPM_ALG_ECC);
+ public_area.object_attributes |=
+ (kSensitiveDataOrigin | kUserWithAuth | kNoDA |
+ kRestricted | kDecrypt);
+ public_area.parameters.ecc_detail.symmetric.algorithm = TPM_ALG_AES;
+ public_area.parameters.ecc_detail.symmetric.key_bits.aes = 128;
+ public_area.parameters.ecc_detail.symmetric.mode.aes = TPM_ALG_CFB;
+ TPM2B_PUBLIC ecc_public_area = Make_TPM2B_PUBLIC(public_area);
+ result = tpm->CreatePrimarySync(TPM_RH_OWNER,
+ NameFromHandle(TPM_RH_OWNER),
+ Make_TPM2B_SENSITIVE_CREATE(sensitive),
+ ecc_public_area,
+ Make_TPM2B_DATA(""),
+ creation_pcrs,
+ &object_handle,
+ &ecc_public_area,
+ &creation_data,
+ &creation_digest,
+ &creation_ticket,
+ &object_name,
+ delegate.get());
+ if (result) {
+ LOG(ERROR) << __func__ << ": " << GetErrorString(result);
+ return result;
+ }
+ ScopedKeyHandle ecc_key(factory_, object_handle);
+ // This will make the key persistent.
+ result = tpm->EvictControlSync(TPM_RH_OWNER,
+ NameFromHandle(TPM_RH_OWNER),
+ object_handle,
+ StringFrom_TPM2B_NAME(object_name),
+ kECCStorageRootKey,
+ delegate.get());
+ if (result) {
+ LOG(ERROR) << __func__ << ": " << GetErrorString(result);
+ return result;
+ }
+ return TPM_RC_SUCCESS;
+}
+
+TPM_RC TpmUtilityImpl::CreateSaltingKey(const std::string& owner_password) {
+ std::string parent_name;
+ TPM_RC result = GetKeyName(kRSAStorageRootKey, &parent_name);
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error getting Key name for RSA-SRK: "
+ << GetErrorString(result);
+ return result;
+ }
+ TPMT_PUBLIC public_area = CreateDefaultPublicArea(TPM_ALG_RSA);
+ // We are limited by openssl to using SHA1, because OAEP padding in openssl
+ // is limited to using SHA1.
+ // TODO(usanghi): Change this to SHA256 when that functionality is available
+ // in openssl. crbug.com/442823.
+ public_area.name_alg = TPM_ALG_SHA1;
+ public_area.object_attributes |=
+ kSensitiveDataOrigin | kUserWithAuth | kNoDA | kDecrypt;
+ TPML_PCR_SELECTION creation_pcrs;
+ creation_pcrs.count = 0;
+ TPMS_SENSITIVE_CREATE sensitive;
+ sensitive.user_auth = Make_TPM2B_DIGEST("");
+ sensitive.data = Make_TPM2B_SENSITIVE_DATA("");
+ TPM2B_SENSITIVE_CREATE sensitive_create = Make_TPM2B_SENSITIVE_CREATE(
+ sensitive);
+ TPM2B_DATA outside_info = Make_TPM2B_DATA("");
+
+ TPM2B_PRIVATE out_private;
+ out_private.size = 0;
+ TPM2B_PUBLIC out_public;
+ out_public.size = 0;
+ TPM2B_CREATION_DATA creation_data;
+ TPM2B_DIGEST creation_hash;
+ TPMT_TK_CREATION creation_ticket;
+ // TODO(usanghi): MITM vulnerability with SaltingKey creation.
+ // Currently we cannot verify the key returned by the TPM.
+ // crbug.com/442331
+ scoped_ptr<AuthorizationDelegate> delegate =
+ factory_.GetPasswordAuthorization("");
+ result = factory_.GetTpm()->CreateSync(kRSAStorageRootKey,
+ parent_name,
+ sensitive_create,
+ Make_TPM2B_PUBLIC(public_area),
+ outside_info,
+ creation_pcrs,
+ &out_private,
+ &out_public,
+ &creation_data,
+ &creation_hash,
+ &creation_ticket,
+ delegate.get());
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error creating salting key: " << GetErrorString(result);
+ return result;
+ }
+ TPM2B_NAME key_name;
+ key_name.size = 0;
+ TPM_HANDLE key_handle;
+ result = factory_.GetTpm()->LoadSync(kRSAStorageRootKey,
+ parent_name,
+ out_private,
+ out_public,
+ &key_handle,
+ &key_name,
+ delegate.get());
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error loading salting key: " << GetErrorString(result);
+ return result;
+ }
+ ScopedKeyHandle key(factory_, key_handle);
+ scoped_ptr<AuthorizationDelegate> owner_delegate =
+ factory_.GetPasswordAuthorization(owner_password);
+ result = factory_.GetTpm()->EvictControlSync(TPM_RH_OWNER,
+ NameFromHandle(TPM_RH_OWNER),
+ key_handle,
+ StringFrom_TPM2B_NAME(key_name),
+ kSaltingKey,
+ owner_delegate.get());
+ if (result) {
+ LOG(ERROR) << __func__ << ": " << GetErrorString(result);
+ return result;
+ }
+ return TPM_RC_SUCCESS;
+}
+
TPM_RC TpmUtilityImpl::StirRandom(const std::string& entropy_data,
AuthorizationDelegate* delegate) {
std::string digest = crypto::SHA256HashString(entropy_data);
@@ -1185,184 +1363,6 @@
return TPM_RC_SUCCESS;
}
-TPM_RC TpmUtilityImpl::CreateStorageRootKeys(
- const std::string& owner_password) {
- TPM_RC result = TPM_RC_SUCCESS;
- Tpm* tpm = factory_.GetTpm();
- TPMT_PUBLIC public_area = CreateDefaultPublicArea(TPM_ALG_RSA);
- public_area.object_attributes |=
- (kSensitiveDataOrigin | kUserWithAuth | kNoDA |
- kRestricted | kDecrypt);
- public_area.parameters.rsa_detail.symmetric.algorithm = TPM_ALG_AES;
- public_area.parameters.rsa_detail.symmetric.key_bits.aes = 128;
- public_area.parameters.rsa_detail.symmetric.mode.aes = TPM_ALG_CFB;
- TPM2B_PUBLIC rsa_public_area = Make_TPM2B_PUBLIC(public_area);
- TPML_PCR_SELECTION creation_pcrs;
- creation_pcrs.count = 0;
- TPMS_SENSITIVE_CREATE sensitive;
- sensitive.user_auth = Make_TPM2B_DIGEST("");
- sensitive.data = Make_TPM2B_SENSITIVE_DATA("");
- TPM_HANDLE object_handle;
- TPM2B_CREATION_DATA creation_data;
- TPM2B_DIGEST creation_digest;
- TPMT_TK_CREATION creation_ticket;
- TPM2B_NAME object_name;
- object_name.size = 0;
- scoped_ptr<AuthorizationDelegate> delegate =
- factory_.GetPasswordAuthorization(owner_password);
- result = tpm->CreatePrimarySync(TPM_RH_OWNER,
- NameFromHandle(TPM_RH_OWNER),
- Make_TPM2B_SENSITIVE_CREATE(sensitive),
- rsa_public_area,
- Make_TPM2B_DATA(""),
- creation_pcrs,
- &object_handle,
- &rsa_public_area,
- &creation_data,
- &creation_digest,
- &creation_ticket,
- &object_name,
- delegate.get());
- if (result) {
- LOG(ERROR) << __func__ << ": " << GetErrorString(result);
- return result;
- }
- ScopedKeyHandle rsa_key(factory_, object_handle);
- // This will make the key persistent.
- result = tpm->EvictControlSync(TPM_RH_OWNER,
- NameFromHandle(TPM_RH_OWNER),
- object_handle,
- StringFrom_TPM2B_NAME(object_name),
- kRSAStorageRootKey,
- delegate.get());
- if (result) {
- LOG(ERROR) << __func__ << ": " << GetErrorString(result);
- return result;
- }
- // Do it again for ECC.
- public_area = CreateDefaultPublicArea(TPM_ALG_ECC);
- public_area.object_attributes |=
- (kSensitiveDataOrigin | kUserWithAuth | kNoDA |
- kRestricted | kDecrypt);
- public_area.parameters.ecc_detail.symmetric.algorithm = TPM_ALG_AES;
- public_area.parameters.ecc_detail.symmetric.key_bits.aes = 128;
- public_area.parameters.ecc_detail.symmetric.mode.aes = TPM_ALG_CFB;
- TPM2B_PUBLIC ecc_public_area = Make_TPM2B_PUBLIC(public_area);
- result = tpm->CreatePrimarySync(TPM_RH_OWNER,
- NameFromHandle(TPM_RH_OWNER),
- Make_TPM2B_SENSITIVE_CREATE(sensitive),
- ecc_public_area,
- Make_TPM2B_DATA(""),
- creation_pcrs,
- &object_handle,
- &ecc_public_area,
- &creation_data,
- &creation_digest,
- &creation_ticket,
- &object_name,
- delegate.get());
- if (result) {
- LOG(ERROR) << __func__ << ": " << GetErrorString(result);
- return result;
- }
- ScopedKeyHandle ecc_key(factory_, object_handle);
- // This will make the key persistent.
- result = tpm->EvictControlSync(TPM_RH_OWNER,
- NameFromHandle(TPM_RH_OWNER),
- object_handle,
- StringFrom_TPM2B_NAME(object_name),
- kECCStorageRootKey,
- delegate.get());
- if (result) {
- LOG(ERROR) << __func__ << ": " << GetErrorString(result);
- return result;
- }
- return TPM_RC_SUCCESS;
-}
-
-TPM_RC TpmUtilityImpl::CreateSaltingKey(const std::string& owner_password) {
- std::string parent_name;
- TPM_RC result = GetKeyName(kRSAStorageRootKey, &parent_name);
- if (result != TPM_RC_SUCCESS) {
- LOG(ERROR) << "Error getting Key name for RSA-SRK: "
- << GetErrorString(result);
- return result;
- }
- TPMT_PUBLIC public_area = CreateDefaultPublicArea(TPM_ALG_RSA);
- // We are limited by openssl to using SHA1, because OAEP padding in openssl
- // is limited to using SHA1.
- // TODO(usanghi): Change this to SHA256 when that functionality is available
- // in openssl. crbug.com/442823.
- public_area.name_alg = TPM_ALG_SHA1;
- public_area.object_attributes |=
- kSensitiveDataOrigin | kUserWithAuth | kNoDA | kDecrypt;
- TPML_PCR_SELECTION creation_pcrs;
- creation_pcrs.count = 0;
- TPMS_SENSITIVE_CREATE sensitive;
- sensitive.user_auth = Make_TPM2B_DIGEST("");
- sensitive.data = Make_TPM2B_SENSITIVE_DATA("");
- TPM2B_SENSITIVE_CREATE sensitive_create = Make_TPM2B_SENSITIVE_CREATE(
- sensitive);
- TPM2B_DATA outside_info = Make_TPM2B_DATA("");
-
- TPM2B_PRIVATE out_private;
- out_private.size = 0;
- TPM2B_PUBLIC out_public;
- out_public.size = 0;
- TPM2B_CREATION_DATA creation_data;
- TPM2B_DIGEST creation_hash;
- TPMT_TK_CREATION creation_ticket;
- // TODO(usanghi): MITM vulnerability with SaltingKey creation.
- // Currently we cannot verify the key returned by the TPM.
- // crbug.com/442331
- scoped_ptr<AuthorizationDelegate> delegate =
- factory_.GetPasswordAuthorization("");
- result = factory_.GetTpm()->CreateSync(kRSAStorageRootKey,
- parent_name,
- sensitive_create,
- Make_TPM2B_PUBLIC(public_area),
- outside_info,
- creation_pcrs,
- &out_private,
- &out_public,
- &creation_data,
- &creation_hash,
- &creation_ticket,
- delegate.get());
- if (result != TPM_RC_SUCCESS) {
- LOG(ERROR) << "Error creating salting key: " << GetErrorString(result);
- return result;
- }
- TPM2B_NAME key_name;
- key_name.size = 0;
- TPM_HANDLE key_handle;
- result = factory_.GetTpm()->LoadSync(kRSAStorageRootKey,
- parent_name,
- out_private,
- out_public,
- &key_handle,
- &key_name,
- delegate.get());
- if (result != TPM_RC_SUCCESS) {
- LOG(ERROR) << "Error loading salting key: " << GetErrorString(result);
- return result;
- }
- ScopedKeyHandle key(factory_, key_handle);
- scoped_ptr<AuthorizationDelegate> owner_delegate =
- factory_.GetPasswordAuthorization(owner_password);
- result = factory_.GetTpm()->EvictControlSync(TPM_RH_OWNER,
- NameFromHandle(TPM_RH_OWNER),
- key_handle,
- StringFrom_TPM2B_NAME(key_name),
- kSaltingKey,
- owner_delegate.get());
- if (result) {
- LOG(ERROR) << __func__ << ": " << GetErrorString(result);
- return result;
- }
- return TPM_RC_SUCCESS;
-}
-
TPMT_PUBLIC TpmUtilityImpl::CreateDefaultPublicArea(TPM_ALG_ID key_alg) {
TPMT_PUBLIC public_area;
public_area.name_alg = TPM_ALG_SHA256;
diff --git a/tpm_utility_impl.h b/tpm_utility_impl.h
index 4c6b5be..21000b7 100644
--- a/tpm_utility_impl.h
+++ b/tpm_utility_impl.h
@@ -35,6 +35,8 @@
TPM_RC TakeOwnership(const std::string& owner_password,
const std::string& endorsement_password,
const std::string& lockout_password) override;
+ TPM_RC CreateStorageRootKeys(const std::string& owner_password) override;
+ TPM_RC CreateSaltingKey(const std::string& owner_password) override;
TPM_RC StirRandom(const std::string& entropy_data,
AuthorizationDelegate* delegate) override;
TPM_RC GenerateRandom(size_t num_bytes,
@@ -120,17 +122,6 @@
const TrunksFactory& factory_;
std::map<uint32_t, TPMS_NV_PUBLIC> nvram_public_area_map_;
- // Synchronously derives storage root keys for RSA and ECC and persists the
- // keys in the TPM. This operation must be authorized by the |owner_password|
- // and, on success, KRSAStorageRootKey and kECCStorageRootKey can be used
- // with an empty authorization value until the TPM is cleared.
- TPM_RC CreateStorageRootKeys(const std::string& owner_password);
-
- // This method creates an RSA decryption key to be used for salting sessions.
- // This method also makes the salting key permanent under the storage
- // hierarchy.
- TPM_RC CreateSaltingKey(const std::string& owner_password);
-
// This method returns a partially filled TPMT_PUBLIC strucutre,
// which can then be modified by other methods to create the public
// template for a key. It takes a valid |key_type| tp construct the
diff --git a/tpm_utility_test.cc b/tpm_utility_test.cc
index b12c1ef..db1b252 100644
--- a/tpm_utility_test.cc
+++ b/tpm_utility_test.cc
@@ -36,14 +36,6 @@
factory_.set_tpm(&mock_tpm_);
}
- TPM_RC CreateStorageRootKeys(const std::string& password) {
- return utility_.CreateStorageRootKeys(password);
- }
-
- TPM_RC CreateSaltingKey(const std::string& password) {
- return utility_.CreateSaltingKey(password);
- }
-
TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area,
std::string* object_name) {
return utility_.ComputeKeyName(public_area, object_name);
@@ -245,6 +237,64 @@
EXPECT_EQ(TPM_RC_FAILURE, utility_.TakeOwnership("a", "b", "c"));
}
+TEST_F(TpmUtilityTest, RootKeysSuccess) {
+ EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateStorageRootKeys("password"));
+}
+
+TEST_F(TpmUtilityTest, RootKeysHandleConsistency) {
+ TPM_HANDLE test_handle = 42;
+ EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
+ .WillRepeatedly(DoAll(SetArgPointee<3>(test_handle),
+ Return(TPM_RC_SUCCESS)));
+ EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_SUCCESS));
+ EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateStorageRootKeys("password"));
+}
+
+TEST_F(TpmUtilityTest, RootKeysCreateFailure) {
+ EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_FAILURE));
+ EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateStorageRootKeys("password"));
+}
+
+TEST_F(TpmUtilityTest, RootKeysPersistFailure) {
+ EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_FAILURE));
+ EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateStorageRootKeys("password"));
+}
+
+TEST_F(TpmUtilityTest, SaltingKeySuccess) {
+ EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateSaltingKey("password"));
+}
+
+TEST_F(TpmUtilityTest, SaltingKeyConsistency) {
+ TPM_HANDLE test_handle = 42;
+ EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
+ .WillRepeatedly(DoAll(SetArgPointee<4>(test_handle),
+ Return(TPM_RC_SUCCESS)));
+ EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_SUCCESS));
+ EXPECT_EQ(TPM_RC_SUCCESS, utility_.CreateSaltingKey("password"));
+}
+
+TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) {
+ EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_FAILURE));
+ EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateSaltingKey("password"));
+}
+
+TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) {
+ EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_FAILURE));
+ EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateSaltingKey("password"));
+}
+
+TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) {
+ EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
+ .WillRepeatedly(Return(TPM_RC_FAILURE));
+ EXPECT_EQ(TPM_RC_FAILURE, utility_.CreateSaltingKey("password"));
+}
+
TEST_F(TpmUtilityTest, StirRandomSuccess) {
std::string entropy_data("large test data", 100);
EXPECT_CALL(mock_tpm_, StirRandomSync(_, &mock_authorization_delegate_))
@@ -1485,62 +1535,4 @@
EXPECT_EQ(TPM_RC_FAILURE, utility_.GetNVSpacePublicArea(index, &public_area));
}
-TEST_F(TpmUtilityTest, RootKeysSuccess) {
- EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
-}
-
-TEST_F(TpmUtilityTest, RootKeysHandleConsistency) {
- TPM_HANDLE test_handle = 42;
- EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
- .WillRepeatedly(DoAll(SetArgPointee<3>(test_handle),
- Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
- .WillRepeatedly(Return(TPM_RC_SUCCESS));
- EXPECT_EQ(TPM_RC_SUCCESS, CreateStorageRootKeys("password"));
-}
-
-TEST_F(TpmUtilityTest, RootKeysCreateFailure) {
- EXPECT_CALL(mock_tpm_, CreatePrimarySyncShort(_, _, _, _, _, _, _, _, _, _))
- .WillRepeatedly(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
-}
-
-TEST_F(TpmUtilityTest, RootKeysPersistFailure) {
- EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
- .WillRepeatedly(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, CreateStorageRootKeys("password"));
-}
-
-TEST_F(TpmUtilityTest, SaltingKeySuccess) {
- EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
-}
-
-TEST_F(TpmUtilityTest, SaltingKeyConsistency) {
- TPM_HANDLE test_handle = 42;
- EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
- .WillRepeatedly(DoAll(SetArgPointee<4>(test_handle),
- Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, test_handle, _, _, _))
- .WillRepeatedly(Return(TPM_RC_SUCCESS));
- EXPECT_EQ(TPM_RC_SUCCESS, CreateSaltingKey("password"));
-}
-
-TEST_F(TpmUtilityTest, SaltingKeyCreateFailure) {
- EXPECT_CALL(mock_tpm_, CreateSyncShort(_, _, _, _, _, _, _, _, _, _))
- .WillRepeatedly(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
-}
-
-TEST_F(TpmUtilityTest, SaltingKeyLoadFailure) {
- EXPECT_CALL(mock_tpm_, LoadSync(_, _, _, _, _, _, _))
- .WillRepeatedly(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
-}
-
-TEST_F(TpmUtilityTest, SaltingKeyPersistFailure) {
- EXPECT_CALL(mock_tpm_, EvictControlSync(_, _, _, _, _, _))
- .WillRepeatedly(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, CreateSaltingKey("password"));
-}
-
} // namespace trunks
diff --git a/trunks_factory_for_test.cc b/trunks_factory_for_test.cc
index 3a9021c..7ca25a3 100644
--- a/trunks_factory_for_test.cc
+++ b/trunks_factory_for_test.cc
@@ -88,6 +88,14 @@
lockout_password);
}
+ TPM_RC CreateStorageRootKeys(const std::string& owner_password) override {
+ return target_->CreateStorageRootKeys(owner_password);
+ }
+
+ TPM_RC CreateSaltingKey(const std::string& owner_password) override {
+ return target_->CreateSaltingKey(owner_password);
+ }
+
TPM_RC StirRandom(const std::string& entropy_data,
AuthorizationDelegate* delegate) override {
return target_->StirRandom(entropy_data, delegate);
