Google Git
Sign in
boringssl / boringssl.git / 239634da1be4e6c7e06f0fc28a1f5437bd6f5906 / . / crypto / trust_token / trust_token_test.cc
blob: cf9ad7e94c7cd570ef0ad54d7295fee43b3401bc [file] [log] [blame]
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]1/* Copyright (c) 2020, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]15#include <stdio.h>
16#include <string.h>
17#include <time.h>
18
19#include <algorithm>
20#include <limits>
21#include <string>
22#include <tuple>
23#include <utility>
24#include <vector>
25
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]26#include <gtest/gtest.h>
27
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]28#include <openssl/bytestring.h>
29#include <openssl/curve25519.h>
30#include <openssl/evp.h>
31#include <openssl/mem.h>
32#include <openssl/rand.h>
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]33#include <openssl/trust_token.h>
34
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]35#include "../internal.h"
36#include "internal.h"
37
38
39BSSL_NAMESPACE_BEGIN
40
41namespace {
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]42
43TEST(TrustTokenTest, KeyGen) {
44 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
45 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
46 size_t priv_key_len, pub_key_len;
47 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]48 TRUST_TOKEN_experiment_v0(), priv_key, &priv_key_len,
49 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
50 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]51 ASSERT_EQ(400u, priv_key_len);
52 ASSERT_EQ(409u, pub_key_len);
53}
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]54
55class TrustTokenProtocolTest : public ::testing::Test {
56 public:
57 // KeyID returns the key ID associated with key index |i|.
58 static uint32_t KeyID(size_t i) {
59 // Use a different value from the indices to that we do not mix them up.
60 return 7 + i;
61 }
62
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]63 // TODO(davidben): Parameterize this on the Trust Tokens method.
64 static const TRUST_TOKEN_METHOD *method() {
65 return TRUST_TOKEN_experiment_v0();
66 }
67
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]68 protected:
69 void SetupContexts() {
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]70 client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]71 ASSERT_TRUE(client);
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]72 issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]73 ASSERT_TRUE(issuer);
74
75 for (size_t i = 0; i < 3; i++) {
76 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
77 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
78 size_t priv_key_len, pub_key_len, key_index;
79 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]80 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
81 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, KeyID(i)));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]82 ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
83 pub_key_len));
84 ASSERT_EQ(i, key_index);
85 ASSERT_TRUE(
86 TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
87 }
88
89 uint8_t public_key[32], private_key[64];
90 ED25519_keypair(public_key, private_key);
91 bssl::UniquePtr<EVP_PKEY> priv(EVP_PKEY_new_raw_private_key(
92 EVP_PKEY_ED25519, nullptr, private_key, 32));
93 ASSERT_TRUE(priv);
94 bssl::UniquePtr<EVP_PKEY> pub(
95 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
96 ASSERT_TRUE(pub);
97
98 TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
99 TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
100 RAND_bytes(metadata_key, sizeof(metadata_key));
101 ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
102 sizeof(metadata_key)));
103 }
104
105 uint16_t client_max_batchsize = 10;
106 uint16_t issuer_max_batchsize = 10;
107 bssl::UniquePtr<TRUST_TOKEN_CLIENT> client;
108 bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer;
109 uint8_t metadata_key[32];
110};
111
112TEST_F(TrustTokenProtocolTest, InvalidToken) {
113 ASSERT_NO_FATAL_FAILURE(SetupContexts());
114
115 uint8_t *issue_msg = NULL, *issue_resp = NULL;
116 size_t msg_len, resp_len;
117
118 size_t key_index;
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]119 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]120 ASSERT_TRUE(
121 TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg, &msg_len, 1));
122 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
123 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
124 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
125 /*public_metadata=*/KeyID(0), /*private_metadata=*/1,
126 /*max_issuance=*/10));
127 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
128 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
129 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
130 resp_len));
131 ASSERT_TRUE(tokens);
132
133 for (TRUST_TOKEN *token : tokens.get()) {
134 // Corrupt the token.
135 token->data[0] ^= 0x42;
136
137 uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
138 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
139 client.get(), &redeem_msg, &msg_len, token, NULL, 0, 0));
140 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
141 TRUST_TOKEN *rtoken;
142 uint8_t *client_data;
143 size_t client_data_len;
144 uint64_t redemption_time;
145 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
146 issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
147 &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
148 bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
149 }
150}
151
152TEST_F(TrustTokenProtocolTest, TruncatedIssuanceRequest) {
153 ASSERT_NO_FATAL_FAILURE(SetupContexts());
154
155 uint8_t *issue_msg = NULL, *issue_resp = NULL;
156 size_t msg_len, resp_len;
157 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
158 &msg_len, 10));
159 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
160 msg_len = 10;
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]161 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]162 ASSERT_FALSE(TRUST_TOKEN_ISSUER_issue(
163 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
164 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
165 /*max_issuance=*/10));
166 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
167}
168
169TEST_F(TrustTokenProtocolTest, TruncatedIssuanceResponse) {
170 ASSERT_NO_FATAL_FAILURE(SetupContexts());
171
172 uint8_t *issue_msg = NULL, *issue_resp = NULL;
173 size_t msg_len, resp_len;
174 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
175 &msg_len, 10));
176 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]177 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]178 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
179 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
180 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
181 /*max_issuance=*/10));
182 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
183 resp_len = 10;
184 size_t key_index;
185 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
186 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
187 resp_len));
188 ASSERT_FALSE(tokens);
189}
190
David Benjamincbe128b2020-04-21 23:05:27 -0400[diff] [blame]191TEST_F(TrustTokenProtocolTest, ExtraDataIssuanceResponse) {
192 ASSERT_NO_FATAL_FAILURE(SetupContexts());
193
194 uint8_t *request = NULL, *response = NULL;
195 size_t request_len, response_len;
196 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &request,
197 &request_len, 10));
198 bssl::UniquePtr<uint8_t> free_request(request);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]199 size_t tokens_issued;
David Benjamincbe128b2020-04-21 23:05:27 -0400[diff] [blame]200 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(issuer.get(), &response, &response_len,
201 &tokens_issued, request, request_len,
202 /*public_metadata=*/KeyID(0),
203 /*private_metadata=*/0,
204 /*max_issuance=*/10));
205 bssl::UniquePtr<uint8_t> free_response(response);
206 std::vector<uint8_t> response2(response, response + response_len);
207 response2.push_back(0);
208 size_t key_index;
209 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
210 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index,
211 response2.data(), response2.size()));
212 ASSERT_FALSE(tokens);
213}
214
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]215TEST_F(TrustTokenProtocolTest, TruncatedRedemptionRequest) {
216 ASSERT_NO_FATAL_FAILURE(SetupContexts());
217
218 uint8_t *issue_msg = NULL, *issue_resp = NULL;
219 size_t msg_len, resp_len;
220 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
221 &msg_len, 10));
222 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]223 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]224 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
225 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
226 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
227 /*max_issuance=*/10));
228 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
229 size_t key_index;
230 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
231 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
232 resp_len));
233 ASSERT_TRUE(tokens);
234
235 for (TRUST_TOKEN *token : tokens.get()) {
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]236 const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]237 uint64_t kRedemptionTime = 13374242;
238
239 uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
240 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
241 client.get(), &redeem_msg, &msg_len, token, kClientData,
242 sizeof(kClientData) - 1, kRedemptionTime));
243 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
244 msg_len = 10;
245
246 TRUST_TOKEN *rtoken;
247 uint8_t *client_data;
248 size_t client_data_len;
249 uint64_t redemption_time;
250 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
251 issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
252 &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
253 }
254}
255
256TEST_F(TrustTokenProtocolTest, TruncatedRedemptionResponse) {
257 ASSERT_NO_FATAL_FAILURE(SetupContexts());
258
259 uint8_t *issue_msg = NULL, *issue_resp = NULL;
260 size_t msg_len, resp_len;
261 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
262 &msg_len, 10));
263 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]264 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]265 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
266 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
267 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
268 /*max_issuance=*/10));
269 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
270 size_t key_index;
271 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
272 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
273 resp_len));
274 ASSERT_TRUE(tokens);
275
276 for (TRUST_TOKEN *token : tokens.get()) {
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]277 const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]278 uint64_t kRedemptionTime = 13374242;
279
280 uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
281 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
282 client.get(), &redeem_msg, &msg_len, token, kClientData,
283 sizeof(kClientData) - 1, kRedemptionTime));
284 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
285 TRUST_TOKEN *rtoken;
286 uint8_t *client_data;
287 size_t client_data_len;
288 uint64_t redemption_time;
289 ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem(
290 issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
291 &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
292 bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
293 bssl::UniquePtr<uint8_t> free_client_data(client_data);
294 bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
295
296 ASSERT_EQ(redemption_time, kRedemptionTime);
297 ASSERT_TRUE(sizeof(kClientData) - 1 == client_data_len);
298 ASSERT_EQ(OPENSSL_memcmp(kClientData, client_data, client_data_len), 0);
299 resp_len = 10;
300
301 uint8_t *srr = NULL, *sig = NULL;
302 size_t srr_len, sig_len;
303 ASSERT_FALSE(TRUST_TOKEN_CLIENT_finish_redemption(
304 client.get(), &srr, &srr_len, &sig, &sig_len, redeem_resp, resp_len));
305 bssl::UniquePtr<uint8_t> free_srr(srr);
306 bssl::UniquePtr<uint8_t> free_sig(sig);
307 }
308}
309
310TEST_F(TrustTokenProtocolTest, IssuedWithBadKeyID) {
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]311 client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]312 ASSERT_TRUE(client);
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]313 issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]314 ASSERT_TRUE(issuer);
315
316 // We configure the client and the issuer with different key IDs and test
317 // that the client notices.
318 const uint32_t kClientKeyID = 0;
319 const uint32_t kIssuerKeyID = 42;
320
321 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
322 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
323 size_t priv_key_len, pub_key_len, key_index;
324 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]325 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
326 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kClientKeyID));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]327 ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
328 pub_key_len));
329 ASSERT_EQ(0UL, key_index);
330
331 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]332 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
333 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kIssuerKeyID));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]334 ASSERT_TRUE(TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
335
336
337 uint8_t public_key[32], private_key[64];
338 ED25519_keypair(public_key, private_key);
339 bssl::UniquePtr<EVP_PKEY> priv(
340 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, private_key, 32));
341 ASSERT_TRUE(priv);
342 bssl::UniquePtr<EVP_PKEY> pub(
343 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
344 ASSERT_TRUE(pub);
345
346 TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
347 TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
348 RAND_bytes(metadata_key, sizeof(metadata_key));
349 ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
350 sizeof(metadata_key)));
351
352
353 uint8_t *issue_msg = NULL, *issue_resp = NULL;
354 size_t msg_len, resp_len;
355 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
356 &msg_len, 10));
357 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]358 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]359 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
360 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
361 /*public_metadata=*/42, /*private_metadata=*/0, /*max_issuance=*/10));
362 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
363 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
364 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
365 resp_len));
366 ASSERT_FALSE(tokens);
367}
368
369class TrustTokenMetadataTest
370 : public TrustTokenProtocolTest,
371 public testing::WithParamInterface<std::tuple<int, bool>> {};
372
373TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) {
374 ASSERT_NO_FATAL_FAILURE(SetupContexts());
375
376 uint8_t *issue_msg = NULL, *issue_resp = NULL;
377 size_t msg_len, resp_len;
378 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
379 &msg_len, 10));
380 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]381 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]382 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
383 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
384 std::get<0>(GetParam()), std::get<1>(GetParam()), /*max_issuance=*/1));
385 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
386 size_t key_index;
387 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
388 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
389 resp_len));
390 ASSERT_TRUE(tokens);
391
392 for (TRUST_TOKEN *token : tokens.get()) {
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]393 const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]394 uint64_t kRedemptionTime = 13374242;
395
396 const uint8_t kExpectedSRR[] =
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]397 "\xa3\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69"
398 "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6b\x63\x6c\x69\x65\x6e"
399 "\x74\x2d\x64\x61\x74\x61\x70\x54\x45\x53\x54\x20\x43\x4c\x49\x45\x4e"
400 "\x54\x20\x44\x41\x54\x41\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d"
401 "\x65\x73\x74\x61\x6d\x70\x1a\x00\xcc\x15\x7a";
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]402
403 uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
404 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
405 client.get(), &redeem_msg, &msg_len, token, kClientData,
406 sizeof(kClientData) - 1, kRedemptionTime));
407 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
408 TRUST_TOKEN *rtoken;
409 uint8_t *client_data;
410 size_t client_data_len;
411 uint64_t redemption_time;
412 ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem(
413 issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
414 &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
415 bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
416 bssl::UniquePtr<uint8_t> free_client_data(client_data);
417 bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
418
419 ASSERT_EQ(redemption_time, kRedemptionTime);
420 ASSERT_TRUE(sizeof(kClientData) - 1 == client_data_len);
421 ASSERT_EQ(OPENSSL_memcmp(kClientData, client_data, client_data_len), 0);
422
423 uint8_t *srr = NULL, *sig = NULL;
424 size_t srr_len, sig_len;
425 ASSERT_TRUE(TRUST_TOKEN_CLIENT_finish_redemption(
426 client.get(), &srr, &srr_len, &sig, &sig_len, redeem_resp, resp_len));
427 bssl::UniquePtr<uint8_t> free_srr(srr);
428 bssl::UniquePtr<uint8_t> free_sig(sig);
429
430 uint8_t private_metadata;
431 ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame^]432 method(), &private_metadata, metadata_key, sizeof(metadata_key),
433 kClientData, sizeof(kClientData) - 1, srr[27]));
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]434 ASSERT_EQ(srr[18], std::get<0>(GetParam()));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]435 ASSERT_EQ(private_metadata, std::get<1>(GetParam()));
436
437 // Clear out the metadata bits.
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]438 srr[18] = 0;
439 srr[27] = 0;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]440
441 ASSERT_TRUE(sizeof(kExpectedSRR) - 1 == srr_len);
442 ASSERT_EQ(OPENSSL_memcmp(kExpectedSRR, srr, srr_len), 0);
443 }
444}
445
446TEST_P(TrustTokenMetadataTest, TooManyRequests) {
447 issuer_max_batchsize = 1;
448 ASSERT_NO_FATAL_FAILURE(SetupContexts());
449
450 uint8_t *issue_msg = NULL, *issue_resp = NULL;
451 size_t msg_len, resp_len;
452 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
453 &msg_len, 10));
454 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]455 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]456 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
457 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
458 std::get<0>(GetParam()), std::get<1>(GetParam()), /*max_issuance=*/1));
459 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
460 ASSERT_EQ(tokens_issued, issuer_max_batchsize);
461 size_t key_index;
462 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
463 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
464 resp_len));
465 ASSERT_TRUE(tokens);
466 ASSERT_EQ(sk_TRUST_TOKEN_num(tokens.get()), 1UL);
467}
468
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]469
470TEST_P(TrustTokenMetadataTest, TruncatedProof) {
471 ASSERT_NO_FATAL_FAILURE(SetupContexts());
472
473 uint8_t *issue_msg = NULL, *issue_resp = NULL;
474 size_t msg_len, resp_len;
475 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
476 &msg_len, 10));
477 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]478 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]479 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
480 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
481 std::get<0>(GetParam()), std::get<1>(GetParam()), /*max_issuance=*/1));
482 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
483
484 CBS real_response;
485 CBS_init(&real_response, issue_resp, resp_len);
486 uint16_t count;
487 uint32_t public_metadata;
488 bssl::ScopedCBB bad_response;
489 ASSERT_TRUE(CBB_init(bad_response.get(), 0));
490 ASSERT_TRUE(CBS_get_u16(&real_response, &count));
491 ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
492 ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata));
493 ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata));
494
495 for (size_t i = 0; i < count; i++) {
496 uint8_t s[PMBTOKEN_NONCE_SIZE];
497 CBS tmp;
498 ASSERT_TRUE(CBS_copy_bytes(&real_response, s, PMBTOKEN_NONCE_SIZE));
499 ASSERT_TRUE(CBB_add_bytes(bad_response.get(), s, PMBTOKEN_NONCE_SIZE));
500 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
501 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp)));
502 ASSERT_TRUE(
503 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp)));
504 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
505 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp)));
506 ASSERT_TRUE(
507 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp)));
508 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
509 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp) - 2));
510 ASSERT_TRUE(
511 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp) - 2));
512 }
513
514 uint8_t *bad_buf;
515 size_t bad_len;
516 ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
517 bssl::UniquePtr<uint8_t> free_bad(bad_buf);
518
519 size_t key_index;
520 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
521 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf, bad_len));
522 ASSERT_FALSE(tokens);
523}
524
525TEST_P(TrustTokenMetadataTest, ExcessDataProof) {
526 ASSERT_NO_FATAL_FAILURE(SetupContexts());
527
528 uint8_t *issue_msg = NULL, *issue_resp = NULL;
529 size_t msg_len, resp_len;
530 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
531 &msg_len, 10));
532 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]533 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]534 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
535 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
536 std::get<0>(GetParam()), std::get<1>(GetParam()), /*max_issuance=*/1));
537 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
538
539 CBS real_response;
540 CBS_init(&real_response, issue_resp, resp_len);
541 uint16_t count;
542 uint32_t public_metadata;
543 bssl::ScopedCBB bad_response;
544 ASSERT_TRUE(CBB_init(bad_response.get(), 0));
545 ASSERT_TRUE(CBS_get_u16(&real_response, &count));
546 ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
547 ASSERT_TRUE(CBS_get_u32(&real_response, &public_metadata));
548 ASSERT_TRUE(CBB_add_u32(bad_response.get(), public_metadata));
549
550 for (size_t i = 0; i < count; i++) {
551 uint8_t s[PMBTOKEN_NONCE_SIZE];
552 CBS tmp;
553 ASSERT_TRUE(CBS_copy_bytes(&real_response, s, PMBTOKEN_NONCE_SIZE));
554 ASSERT_TRUE(CBB_add_bytes(bad_response.get(), s, PMBTOKEN_NONCE_SIZE));
555 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
556 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp)));
557 ASSERT_TRUE(
558 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp)));
559 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
560 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp)));
561 ASSERT_TRUE(
562 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp)));
563 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
564 ASSERT_TRUE(CBB_add_u16(bad_response.get(), CBS_len(&tmp) + 2));
565 ASSERT_TRUE(
566 CBB_add_bytes(bad_response.get(), CBS_data(&tmp), CBS_len(&tmp)));
567 ASSERT_TRUE(CBB_add_u16(bad_response.get(), 42));
568 }
569
570 uint8_t *bad_buf;
571 size_t bad_len;
572 ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
573 bssl::UniquePtr<uint8_t> free_bad(bad_buf);
574
575 size_t key_index;
576 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
577 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf,
578 bad_len));
579 ASSERT_FALSE(tokens);
580}
581
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]582INSTANTIATE_TEST_SUITE_P(
583 TrustTokenAllMetadataTest, TrustTokenMetadataTest,
584 testing::Combine(testing::Values(TrustTokenProtocolTest::KeyID(0),
585 TrustTokenProtocolTest::KeyID(1),
586 TrustTokenProtocolTest::KeyID(2)),
587 testing::Bool()));
588
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]589
590class TrustTokenBadKeyTest
591 : public TrustTokenProtocolTest,
592 public testing::WithParamInterface<std::tuple<bool, int>> {};
593
594TEST_P(TrustTokenBadKeyTest, BadKey) {
595 ASSERT_NO_FATAL_FAILURE(SetupContexts());
596
597 uint8_t *issue_msg = NULL, *issue_resp = NULL;
598 size_t msg_len, resp_len;
599 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
600 &msg_len, 10));
601 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
602
603 struct trust_token_issuer_key_st *key = &issuer->keys[0];
David Benjamin090ee962020-04-28 17:08:37 -0400[diff] [blame]604 EC_SCALAR *scalars[] = {&key->key.x0, &key->key.y0, &key->key.x1,
605 &key->key.y1, &key->key.xs, &key->key.ys};
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]606 int corrupted_key = std::get<1>(GetParam());
607
608 // Corrupt private key scalar.
609 scalars[corrupted_key]->bytes[0] ^= 42;
610
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]611 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]612 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
613 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
614 /*public_metadata=*/7, std::get<0>(GetParam()), /*max_issuance=*/1));
615 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
616 size_t key_index;
617 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
618 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
619 resp_len));
620
621 // If the unused private key is corrupted, then the DLEQ proof should succeed.
622 if ((corrupted_key / 2 == 0 && std::get<0>(GetParam()) == true) ||
623 (corrupted_key / 2 == 1 && std::get<0>(GetParam()) == false)) {
624 ASSERT_TRUE(tokens);
625 } else {
626 ASSERT_FALSE(tokens);
627 }
628}
629
630INSTANTIATE_TEST_SUITE_P(
631 TrustTokenAllBadKeyTest, TrustTokenBadKeyTest,
632 testing::Combine(testing::Bool(),
633 testing::Values(0, 1, 2, 3, 4, 5)));
634
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]635} // namespace
636BSSL_NAMESPACE_END