Google Git
Sign in
boringssl / boringssl.git / de12e3cabcb466cdf96c90d9bff0d919af71d561 / . / crypto / trust_token / trust_token_test.cc
blob: ae4eb5ce8a9498e9226967e69f5a6ce52065feef [file] [log] [blame]
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]1/* Copyright (c) 2020, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
David Benjamin9d64d8d2022-08-31 19:27:56 -0400[diff] [blame]15#include <assert.h>
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]16#include <stdio.h>
17#include <string.h>
18#include <time.h>
19
20#include <algorithm>
21#include <limits>
22#include <string>
23#include <tuple>
24#include <utility>
25#include <vector>
26
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]27#include <gtest/gtest.h>
28
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]29#include <openssl/bytestring.h>
30#include <openssl/curve25519.h>
31#include <openssl/evp.h>
32#include <openssl/mem.h>
33#include <openssl/rand.h>
Steven Valdez54304732020-05-04 11:56:12 -0400[diff] [blame]34#include <openssl/sha.h>
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]35#include <openssl/trust_token.h>
36
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]37#include "../ec_extra/internal.h"
38#include "../fipsmodule/ec/internal.h"
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]39#include "../internal.h"
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]40#include "../test/test_util.h"
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]41#include "internal.h"
42
43
44BSSL_NAMESPACE_BEGIN
45
46namespace {
Steven Valdez0b710a32020-02-14 10:34:53 -0500[diff] [blame]47
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]48const uint8_t kMessage[] = "MSG";
49
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]50TEST(TrustTokenTest, KeyGenExp1) {
51 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
52 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
53 size_t priv_key_len, pub_key_len;
54 ASSERT_TRUE(TRUST_TOKEN_generate_key(
55 TRUST_TOKEN_experiment_v1(), priv_key, &priv_key_len,
56 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
57 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
58 ASSERT_EQ(292u, priv_key_len);
59 ASSERT_EQ(301u, pub_key_len);
Steven Valdezaa5f6012022-06-14 11:16:02 -0400[diff] [blame]60
61 const uint8_t kKeygenSecret[] = "SEED";
62 ASSERT_TRUE(TRUST_TOKEN_derive_key_from_secret(
63 TRUST_TOKEN_experiment_v1(), priv_key, &priv_key_len,
64 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
65 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001, kKeygenSecret,
66 sizeof(kKeygenSecret) - 1));
67
68 const uint8_t kExpectedPriv[] = {
69 0x00, 0x00, 0x00, 0x01, 0x98, 0xaa, 0x32, 0xfc, 0x5f, 0x83, 0x35, 0xea,
70 0x57, 0x4f, 0x9e, 0x61, 0x48, 0x6e, 0x89, 0x9d, 0x3d, 0xaa, 0x38, 0x5d,
71 0xd0, 0x06, 0x96, 0x62, 0xe8, 0x0b, 0xd6, 0x5f, 0x12, 0xa4, 0xcc, 0xa9,
72 0xb5, 0x20, 0x1b, 0x13, 0x8c, 0x1c, 0xaf, 0x36, 0x1b, 0xab, 0x0c, 0xc6,
73 0xac, 0x38, 0xae, 0x96, 0x3d, 0x14, 0x9d, 0xb8, 0x8d, 0xf4, 0x7f, 0xe2,
74 0x7d, 0xeb, 0x17, 0xc2, 0xbc, 0x63, 0x42, 0x93, 0x94, 0xe4, 0x97, 0xbf,
75 0x97, 0xea, 0x02, 0x40, 0xac, 0xb6, 0xa5, 0x03, 0x4c, 0x6b, 0x4c, 0xb8,
76 0x8c, 0xf4, 0x66, 0x1b, 0x4e, 0x02, 0x45, 0xf9, 0xcd, 0xb6, 0x0f, 0x59,
77 0x09, 0x21, 0x03, 0x7e, 0x92, 0x1f, 0x3f, 0x40, 0x83, 0x50, 0xe3, 0xdc,
78 0x9e, 0x6f, 0x65, 0xc5, 0xbd, 0x2c, 0x7d, 0xab, 0x74, 0x49, 0xc8, 0xa2,
79 0x3c, 0xab, 0xcb, 0x4d, 0x63, 0x73, 0x81, 0x2b, 0xb2, 0x1e, 0x00, 0x8f,
80 0x00, 0xb8, 0xd8, 0xb4, 0x5d, 0xc4, 0x3f, 0x3d, 0xa8, 0x4f, 0x4c, 0x72,
81 0x0e, 0x20, 0x17, 0x4b, 0xac, 0x14, 0x8f, 0xb2, 0xa5, 0x20, 0x41, 0x2b,
82 0xf7, 0x62, 0x25, 0x6a, 0xd6, 0x41, 0x26, 0x62, 0x10, 0xc1, 0xbc, 0x42,
83 0xac, 0x54, 0x1b, 0x75, 0x05, 0xd6, 0x53, 0xb1, 0x7b, 0x84, 0x6a, 0x7b,
84 0x5b, 0x2a, 0x34, 0x6e, 0x43, 0x4b, 0x43, 0xcc, 0x6c, 0xdb, 0x1d, 0x02,
85 0x34, 0x7f, 0xd1, 0xe8, 0xfd, 0x42, 0x2c, 0xd9, 0x14, 0xdb, 0xd6, 0xf4,
86 0xad, 0xb5, 0xe4, 0xac, 0xdd, 0x7e, 0xb5, 0x4c, 0x3f, 0x59, 0x24, 0xfa,
87 0x04, 0xd9, 0xb6, 0xd2, 0xb7, 0x7d, 0xf1, 0xfa, 0x13, 0xc0, 0x4d, 0xd5,
88 0xca, 0x3a, 0x4e, 0xa8, 0xdd, 0xa9, 0xfc, 0xcb, 0x06, 0xb2, 0xde, 0x4b,
89 0x2a, 0x86, 0xbb, 0x0d, 0x41, 0xb6, 0x3d, 0xfb, 0x49, 0xc8, 0xdf, 0x9a,
90 0x48, 0xe5, 0x68, 0x8a, 0xfc, 0x86, 0x9c, 0x79, 0x5a, 0x79, 0xc1, 0x09,
91 0x33, 0x53, 0xdc, 0x3d, 0xe9, 0x93, 0x7c, 0x5b, 0x72, 0xf7, 0xa0, 0x8a,
92 0x1f, 0x07, 0x6c, 0x38, 0x3c, 0x99, 0x0b, 0xe4, 0x4e, 0xa4, 0xbd, 0x41,
93 0x1f, 0x83, 0xa6, 0xd3
94 };
95 ASSERT_EQ(Bytes(kExpectedPriv, sizeof(kExpectedPriv)),
96 Bytes(priv_key, priv_key_len));
97
98 const uint8_t kExpectedPub[] = {
99 0x00, 0x00, 0x00, 0x01, 0x00, 0x61, 0x04, 0x5e, 0x06, 0x6b, 0x7b, 0xfd,
100 0x54, 0x01, 0xe0, 0xd2, 0xb5, 0x12, 0xce, 0x48, 0x16, 0x66, 0xb2, 0xdf,
101 0xfd, 0xa8, 0x38, 0x7c, 0x1f, 0x45, 0x1a, 0xb8, 0x21, 0x52, 0x17, 0x25,
102 0xbb, 0x0b, 0x00, 0xd4, 0xa1, 0xbc, 0x28, 0xd9, 0x08, 0x36, 0x98, 0xb2,
103 0x17, 0xd3, 0xb5, 0xad, 0xb6, 0x4e, 0x03, 0x5f, 0xd3, 0x66, 0x2c, 0x58,
104 0x1c, 0xcc, 0xc6, 0x23, 0xa4, 0xf9, 0xa2, 0x7e, 0xb0, 0xe4, 0xd3, 0x95,
105 0x41, 0x6f, 0xba, 0x23, 0x4a, 0x82, 0x93, 0x29, 0x73, 0x75, 0x38, 0x85,
106 0x64, 0x9c, 0xaa, 0x12, 0x6d, 0x7d, 0xcd, 0x52, 0x02, 0x91, 0x9f, 0xa9,
107 0xee, 0x4b, 0xfd, 0x68, 0x97, 0x40, 0xdc, 0x00, 0x61, 0x04, 0x14, 0x16,
108 0x39, 0xf9, 0x63, 0x66, 0x94, 0x03, 0xfa, 0x0b, 0xbf, 0xca, 0x5a, 0x39,
109 0x9f, 0x27, 0x5b, 0x3f, 0x69, 0x7a, 0xc9, 0xf7, 0x25, 0x7c, 0x84, 0x9e,
110 0x1d, 0x61, 0x5a, 0x24, 0x53, 0xf2, 0x4a, 0x9d, 0xe9, 0x05, 0x53, 0xfd,
111 0x12, 0x01, 0x2d, 0x9a, 0x69, 0x50, 0x74, 0x82, 0xa3, 0x45, 0x73, 0xdc,
112 0x34, 0x36, 0x31, 0x44, 0x07, 0x0c, 0xda, 0x13, 0xbe, 0x94, 0x37, 0x65,
113 0xa0, 0xab, 0x16, 0x52, 0x90, 0xe5, 0x8a, 0x03, 0xe5, 0x98, 0x79, 0x14,
114 0x79, 0xd5, 0x17, 0xee, 0xd4, 0xb8, 0xda, 0x77, 0x76, 0x03, 0x20, 0x2a,
115 0x7e, 0x3b, 0x76, 0x0b, 0x23, 0xb7, 0x72, 0x77, 0xb2, 0xeb, 0x00, 0x61,
116 0x04, 0x68, 0x18, 0x4d, 0x23, 0x23, 0xf4, 0x45, 0xb8, 0x81, 0x0d, 0xa4,
117 0x5d, 0x0b, 0x9e, 0x08, 0xfb, 0x45, 0xfb, 0x96, 0x29, 0x43, 0x2f, 0xab,
118 0x93, 0x04, 0x4c, 0x04, 0xb6, 0x5e, 0x27, 0xf5, 0x39, 0x66, 0x94, 0x15,
119 0x1d, 0xb1, 0x1c, 0x7c, 0x27, 0x6f, 0xa5, 0x19, 0x0c, 0x30, 0x12, 0xcc,
120 0x77, 0x7f, 0x10, 0xa9, 0x7c, 0xe4, 0x08, 0x77, 0x3c, 0xd3, 0x6f, 0xa4,
121 0xf4, 0xaf, 0xf1, 0x9d, 0x14, 0x1d, 0xd0, 0x02, 0x33, 0x50, 0x55, 0x00,
122 0x6a, 0x47, 0x96, 0xe1, 0x8b, 0x4e, 0x44, 0x41, 0xad, 0xb3, 0xea, 0x0d,
123 0x0d, 0xd5, 0x73, 0x8e, 0x62, 0x67, 0x8a, 0xb4, 0xe7, 0x5d, 0x17, 0xa9,
124 0x24};
125 ASSERT_EQ(Bytes(kExpectedPub, sizeof(kExpectedPub)),
126 Bytes(pub_key, pub_key_len));
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]127}
128
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]129TEST(TrustTokenTest, KeyGenExp2VOPRF) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]130 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
131 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
132 size_t priv_key_len, pub_key_len;
133 ASSERT_TRUE(TRUST_TOKEN_generate_key(
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]134 TRUST_TOKEN_experiment_v2_voprf(), priv_key, &priv_key_len,
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]135 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
136 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]137 ASSERT_EQ(52u, priv_key_len);
138 ASSERT_EQ(101u, pub_key_len);
Steven Valdezaa5f6012022-06-14 11:16:02 -0400[diff] [blame]139
140 const uint8_t kKeygenSecret[] = "SEED";
141 ASSERT_TRUE(TRUST_TOKEN_derive_key_from_secret(
142 TRUST_TOKEN_experiment_v2_voprf(), priv_key, &priv_key_len,
143 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
144 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001, kKeygenSecret,
145 sizeof(kKeygenSecret) - 1));
146
147 const uint8_t kExpectedPriv[] = {
148 0x00, 0x00, 0x00, 0x01, 0x0b, 0xe2, 0xc4, 0x73, 0x92, 0xe7, 0xf8,
149 0x3e, 0xba, 0xab, 0x85, 0xa7, 0x77, 0xd7, 0x0a, 0x02, 0xc5, 0x36,
150 0xfe, 0x62, 0xa3, 0xca, 0x01, 0x75, 0xc7, 0x62, 0x19, 0xc7, 0xf0,
151 0x30, 0xc5, 0x14, 0x60, 0x13, 0x97, 0x4f, 0x63, 0x05, 0x37, 0x92,
152 0x7b, 0x76, 0x8e, 0x9f, 0xd0, 0x1a, 0x74, 0x44
153 };
154 ASSERT_EQ(Bytes(kExpectedPriv, sizeof(kExpectedPriv)),
155 Bytes(priv_key, priv_key_len));
156
157 const uint8_t kExpectedPub[] = {
158 0x00, 0x00, 0x00, 0x01, 0x04, 0x2c, 0x9c, 0x11, 0xc1, 0xe5, 0x52, 0x59,
159 0x0b, 0x6d, 0x88, 0x8b, 0x6e, 0x28, 0xe8, 0xc5, 0xa3, 0xbe, 0x48, 0x18,
160 0xf7, 0x1d, 0x31, 0xcf, 0xa2, 0x6e, 0x2a, 0xd6, 0xcb, 0x83, 0x26, 0x04,
161 0xbd, 0x93, 0x67, 0xe4, 0x53, 0xf6, 0x11, 0x7d, 0x45, 0xe9, 0xfe, 0x27,
162 0x33, 0x90, 0xdb, 0x1b, 0xfc, 0x9b, 0x31, 0x4d, 0x39, 0x1f, 0x1f, 0x8c,
163 0x43, 0x06, 0x70, 0x2c, 0x84, 0xdc, 0x23, 0x18, 0xc7, 0x6a, 0x58, 0xcf,
164 0x9e, 0xc1, 0xfa, 0xf2, 0x30, 0xdd, 0xad, 0x62, 0x24, 0xde, 0x11, 0xc1,
165 0xba, 0x8d, 0xc3, 0x4f, 0xfb, 0xe5, 0xa5, 0xd4, 0x37, 0xba, 0x3b, 0x70,
166 0xc0, 0xc3, 0xef, 0x20, 0x43
167 };
168 ASSERT_EQ(Bytes(kExpectedPub, sizeof(kExpectedPub)),
169 Bytes(pub_key, pub_key_len));
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]170}
171
172TEST(TrustTokenTest, KeyGenExp2PMB) {
173 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
174 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
175 size_t priv_key_len, pub_key_len;
176 ASSERT_TRUE(TRUST_TOKEN_generate_key(
177 TRUST_TOKEN_experiment_v2_pmb(), priv_key, &priv_key_len,
178 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
179 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
180 ASSERT_EQ(292u, priv_key_len);
181 ASSERT_EQ(295u, pub_key_len);
Steven Valdezaa5f6012022-06-14 11:16:02 -0400[diff] [blame]182
183 const uint8_t kKeygenSecret[] = "SEED";
184 ASSERT_TRUE(TRUST_TOKEN_derive_key_from_secret(
185 TRUST_TOKEN_experiment_v2_pmb(), priv_key, &priv_key_len,
186 TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
187 TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001, kKeygenSecret,
188 sizeof(kKeygenSecret) - 1));
189
190 const uint8_t kExpectedPriv[] = {
191 0x00, 0x00, 0x00, 0x01, 0x1b, 0x74, 0xdc, 0xf0, 0xa9, 0xa7, 0x6c, 0xfb,
192 0x41, 0xef, 0xfa, 0x65, 0x52, 0xc9, 0x86, 0x4e, 0xfb, 0x16, 0x9d, 0xea,
193 0x62, 0x3f, 0x47, 0xab, 0x1f, 0x1b, 0x05, 0xf2, 0x4f, 0x05, 0xfe, 0x64,
194 0xb7, 0xe8, 0xcd, 0x2a, 0x10, 0xfa, 0xa2, 0x48, 0x3f, 0x0e, 0x8b, 0x94,
195 0x39, 0xf1, 0xe7, 0x53, 0xe9, 0x50, 0x29, 0xe2, 0xb7, 0x0e, 0xc0, 0x94,
196 0xa9, 0xd3, 0xef, 0x64, 0x10, 0x1d, 0x08, 0xd0, 0x60, 0xcb, 0x6d, 0x97,
197 0x68, 0xc7, 0x04, 0x92, 0x07, 0xb2, 0x22, 0x83, 0xf7, 0xd9, 0x9b, 0x2c,
198 0xf2, 0x52, 0x34, 0x0c, 0x42, 0x31, 0x47, 0x41, 0x19, 0xb9, 0xee, 0xfc,
199 0x46, 0xbd, 0x14, 0xce, 0x42, 0xd7, 0x43, 0xc8, 0x32, 0x3b, 0x24, 0xed,
200 0xdc, 0x69, 0xa3, 0x8e, 0x29, 0x01, 0xbe, 0xae, 0x24, 0x39, 0x14, 0xa7,
201 0x52, 0xe5, 0xd5, 0xff, 0x9a, 0xc4, 0x15, 0x79, 0x29, 0x4c, 0x9b, 0x4e,
202 0xfc, 0x61, 0xf2, 0x12, 0x6f, 0x4f, 0xd3, 0x96, 0x28, 0xb0, 0x79, 0xf0,
203 0x4e, 0x6e, 0x7d, 0x56, 0x19, 0x1b, 0xc2, 0xd7, 0xf9, 0x3a, 0x58, 0x06,
204 0xe5, 0xec, 0xa4, 0x33, 0x14, 0x1c, 0x78, 0x0c, 0x83, 0x94, 0x34, 0x22,
205 0x5a, 0x8e, 0x2e, 0xa1, 0x72, 0x4a, 0x03, 0x35, 0xfe, 0x46, 0x92, 0x41,
206 0x6b, 0xe6, 0x4b, 0x3f, 0xf0, 0xe7, 0x0b, 0xb5, 0xf3, 0x66, 0x6c, 0xc6,
207 0x14, 0xcf, 0xce, 0x32, 0x0a, 0x2c, 0x28, 0xba, 0x4e, 0xb9, 0x75, 0x4a,
208 0xa9, 0x2d, 0xb0, 0x8c, 0xd0, 0x62, 0x52, 0x29, 0x1f, 0x12, 0xfd, 0xfb,
209 0xd3, 0x2a, 0x36, 0x0f, 0x89, 0x32, 0x86, 0x25, 0x56, 0xb9, 0xe7, 0x3c,
210 0xeb, 0xb4, 0x84, 0x41, 0x2b, 0xa8, 0xf3, 0xa5, 0x3d, 0xfe, 0x56, 0x94,
211 0x5b, 0x74, 0xb3, 0x5b, 0x27, 0x3f, 0xe7, 0xcf, 0xe4, 0xf8, 0x15, 0x95,
212 0x2a, 0xd2, 0x5f, 0x92, 0xb4, 0x6a, 0x89, 0xa5, 0x54, 0xbd, 0x27, 0x5e,
213 0xeb, 0x43, 0x07, 0x9b, 0x2b, 0x8b, 0x22, 0x59, 0x13, 0x4b, 0x9c, 0x56,
214 0xd8, 0x63, 0xd9, 0xe6, 0x85, 0x15, 0x2c, 0x82, 0x52, 0x40, 0x8f, 0xb1,
215 0xe7, 0x56, 0x07, 0x98
216 };
217 ASSERT_EQ(Bytes(kExpectedPriv, sizeof(kExpectedPriv)),
218 Bytes(priv_key, priv_key_len));
219
220 const uint8_t kExpectedPub[] = {
221 0x00, 0x00, 0x00, 0x01, 0x04, 0x48, 0xb1, 0x2d, 0xdd, 0x03, 0x32, 0xeb,
222 0x93, 0x31, 0x3d, 0x59, 0x74, 0xf0, 0xcf, 0xaa, 0xa5, 0x39, 0x5f, 0x53,
223 0xc4, 0x94, 0x98, 0xbe, 0x8f, 0x22, 0xd7, 0x30, 0xde, 0x1e, 0xb4, 0xf3,
224 0x32, 0x23, 0x90, 0x0b, 0xa6, 0x37, 0x4a, 0x4b, 0x44, 0xb3, 0x26, 0x52,
225 0x93, 0x7b, 0x4b, 0xa4, 0x79, 0xe8, 0x77, 0x6a, 0x19, 0x81, 0x2a, 0xdd,
226 0x91, 0xfb, 0x90, 0x8b, 0x24, 0xb5, 0xbe, 0x20, 0x2e, 0xe8, 0xbc, 0xd3,
227 0x83, 0x6c, 0xa8, 0xc5, 0xa1, 0x9a, 0x5b, 0x5e, 0x60, 0xda, 0x45, 0x2e,
228 0x31, 0x7f, 0x54, 0x0e, 0x14, 0x40, 0xd2, 0x4d, 0x40, 0x2e, 0x21, 0x79,
229 0xfc, 0x77, 0xdd, 0xc7, 0x2d, 0x04, 0xfe, 0xc6, 0xe3, 0xcf, 0x99, 0xef,
230 0x88, 0xab, 0x76, 0x86, 0x16, 0x14, 0xed, 0x72, 0x35, 0xa7, 0x05, 0x13,
231 0x9f, 0x2c, 0x53, 0xd5, 0xdf, 0x66, 0x75, 0x2e, 0x68, 0xdc, 0xd4, 0xc4,
232 0x00, 0x36, 0x08, 0x6d, 0xb7, 0x15, 0xf7, 0xe5, 0x32, 0x59, 0x81, 0x16,
233 0x57, 0xaa, 0x72, 0x06, 0xf0, 0xad, 0xd1, 0x85, 0xa0, 0x04, 0xd4, 0x11,
234 0x95, 0x1d, 0xac, 0x0b, 0x25, 0xbe, 0x59, 0xa2, 0xb3, 0x30, 0xee, 0x97,
235 0x07, 0x2a, 0x51, 0x15, 0xc1, 0x8d, 0xa8, 0xa6, 0x57, 0x9a, 0x4e, 0xbf,
236 0xd7, 0x2d, 0x35, 0x07, 0x6b, 0xd6, 0xc9, 0x3c, 0xe4, 0xcf, 0x0b, 0x14,
237 0x3e, 0x10, 0x51, 0x77, 0xd6, 0x84, 0x04, 0xbe, 0xd1, 0xd5, 0xa8, 0xf3,
238 0x9d, 0x1d, 0x4f, 0xc1, 0xc9, 0xf1, 0x0c, 0x6d, 0xb6, 0xcb, 0xe2, 0x05,
239 0x0b, 0x9c, 0x7a, 0x3a, 0x9a, 0x99, 0xe9, 0xa1, 0x93, 0xdc, 0x72, 0x2e,
240 0xef, 0xf3, 0x8d, 0xb9, 0x7b, 0xb0, 0x19, 0x24, 0x95, 0x0d, 0x68, 0xa7,
241 0xe0, 0xaa, 0x0b, 0xb1, 0xd1, 0xcc, 0x52, 0x14, 0xf9, 0x6c, 0x91, 0x59,
242 0xe4, 0xe1, 0x9b, 0xf9, 0x12, 0x39, 0xb1, 0x79, 0xbb, 0x21, 0x92, 0x00,
243 0xa4, 0x89, 0xf5, 0xbd, 0xd7, 0x89, 0x27, 0x40, 0xdc, 0xb1, 0x09, 0x38,
244 0x63, 0x91, 0x8c, 0xa5, 0x27, 0x27, 0x97, 0x39, 0x35, 0xfa, 0x1a, 0x8a,
245 0xa7, 0xe5, 0xc4, 0xd8, 0xbf, 0xe7, 0xbe
246 };
247 ASSERT_EQ(Bytes(kExpectedPub, sizeof(kExpectedPub)),
248 Bytes(pub_key, pub_key_len));
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]249}
250
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]251// Test that H in |TRUST_TOKEN_experiment_v1| was computed correctly.
252TEST(TrustTokenTest, HExp1) {
253 const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
254 ASSERT_TRUE(group);
255
256 const uint8_t kHGen[] = "generator";
257 const uint8_t kHLabel[] = "PMBTokens Experiment V1 HashH";
258
David Benjamin802523a2020-04-22 14:51:20 -0400[diff] [blame]259 bssl::UniquePtr<EC_POINT> expected_h(EC_POINT_new(group));
260 ASSERT_TRUE(expected_h);
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]261 ASSERT_TRUE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
David Benjamin802523a2020-04-22 14:51:20 -0400[diff] [blame]262 group, &expected_h->raw, kHLabel, sizeof(kHLabel), kHGen, sizeof(kHGen)));
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]263 uint8_t expected_bytes[1 + 2 * EC_MAX_BYTES];
264 size_t expected_len =
David Benjamin802523a2020-04-22 14:51:20 -0400[diff] [blame]265 EC_POINT_point2oct(group, expected_h.get(), POINT_CONVERSION_UNCOMPRESSED,
266 expected_bytes, sizeof(expected_bytes), nullptr);
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]267
268 uint8_t h[97];
269 ASSERT_TRUE(pmbtoken_exp1_get_h_for_testing(h));
270 EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len));
271}
272
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]273// Test that H in |TRUST_TOKEN_experiment_v2_pmb| was computed correctly.
274TEST(TrustTokenTest, HExp2) {
275 const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
276 ASSERT_TRUE(group);
277
278 const uint8_t kHGen[] = "generator";
279 const uint8_t kHLabel[] = "PMBTokens Experiment V2 HashH";
280
281 bssl::UniquePtr<EC_POINT> expected_h(EC_POINT_new(group));
282 ASSERT_TRUE(expected_h);
283 ASSERT_TRUE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
284 group, &expected_h->raw, kHLabel, sizeof(kHLabel), kHGen, sizeof(kHGen)));
285 uint8_t expected_bytes[1 + 2 * EC_MAX_BYTES];
286 size_t expected_len =
287 EC_POINT_point2oct(group, expected_h.get(), POINT_CONVERSION_UNCOMPRESSED,
288 expected_bytes, sizeof(expected_bytes), nullptr);
289
290 uint8_t h[97];
291 ASSERT_TRUE(pmbtoken_exp2_get_h_for_testing(h));
292 EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len));
293}
294
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]295static std::vector<const TRUST_TOKEN_METHOD *> AllMethods() {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]296 return {
297 TRUST_TOKEN_experiment_v1(),
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]298 TRUST_TOKEN_experiment_v2_voprf(),
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]299 TRUST_TOKEN_experiment_v2_pmb()
300 };
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]301}
302
303class TrustTokenProtocolTestBase : public ::testing::Test {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]304 public:
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]305 explicit TrustTokenProtocolTestBase(const TRUST_TOKEN_METHOD *method_arg,
306 bool use_msg)
307 : method_(method_arg), use_msg_(use_msg) {}
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]308
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]309 // KeyID returns the key ID associated with key index |i|.
310 static uint32_t KeyID(size_t i) {
David Benjamin9d64d8d2022-08-31 19:27:56 -0400[diff] [blame]311 assert(i <= UINT32_MAX);
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]312 // Use a different value from the indices to that we do not mix them up.
David Benjamin9d64d8d2022-08-31 19:27:56 -0400[diff] [blame]313 return static_cast<uint32_t>(7 + i);
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]314 }
315
David Benjaminec64d7e2023-02-10 16:43:13 -0500[diff] [blame]316 const TRUST_TOKEN_METHOD *method() const { return method_; }
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]317
David Benjaminec64d7e2023-02-10 16:43:13 -0500[diff] [blame]318 bool use_message() const { return use_msg_; }
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]319
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]320 protected:
321 void SetupContexts() {
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]322 client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]323 ASSERT_TRUE(client);
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]324 issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]325 ASSERT_TRUE(issuer);
326
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]327 for (size_t i = 0; i < method()->max_keys; i++) {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]328 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
329 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
330 size_t priv_key_len, pub_key_len, key_index;
331 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]332 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
333 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, KeyID(i)));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]334 ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
335 pub_key_len));
336 ASSERT_EQ(i, key_index);
337 ASSERT_TRUE(
338 TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
339 }
340
341 uint8_t public_key[32], private_key[64];
342 ED25519_keypair(public_key, private_key);
343 bssl::UniquePtr<EVP_PKEY> priv(EVP_PKEY_new_raw_private_key(
344 EVP_PKEY_ED25519, nullptr, private_key, 32));
345 ASSERT_TRUE(priv);
346 bssl::UniquePtr<EVP_PKEY> pub(
347 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
348 ASSERT_TRUE(pub);
349
350 TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
351 TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
352 RAND_bytes(metadata_key, sizeof(metadata_key));
353 ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
354 sizeof(metadata_key)));
355 }
356
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]357 const TRUST_TOKEN_METHOD *method_;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]358 bool use_msg_;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]359 uint16_t client_max_batchsize = 10;
360 uint16_t issuer_max_batchsize = 10;
361 bssl::UniquePtr<TRUST_TOKEN_CLIENT> client;
362 bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer;
363 uint8_t metadata_key[32];
364};
365
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]366class TrustTokenProtocolTest
367 : public TrustTokenProtocolTestBase,
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]368 public testing::WithParamInterface<
369 std::tuple<const TRUST_TOKEN_METHOD *, bool>> {
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]370 public:
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]371 TrustTokenProtocolTest()
372 : TrustTokenProtocolTestBase(std::get<0>(GetParam()),
373 std::get<1>(GetParam())) {}
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]374};
375
376INSTANTIATE_TEST_SUITE_P(TrustTokenAllProtocolTest, TrustTokenProtocolTest,
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]377 testing::Combine(testing::ValuesIn(AllMethods()),
378 testing::Bool()));
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]379
380TEST_P(TrustTokenProtocolTest, InvalidToken) {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]381 ASSERT_NO_FATAL_FAILURE(SetupContexts());
382
383 uint8_t *issue_msg = NULL, *issue_resp = NULL;
384 size_t msg_len, resp_len;
385
386 size_t key_index;
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]387 size_t tokens_issued;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]388 if (use_message()) {
389 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
390 client.get(), &issue_msg, &msg_len, 1, kMessage, sizeof(kMessage)));
391 } else {
392 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
393 &msg_len, 1));
394 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]395 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
396 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
397 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]398 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]399 /*max_issuance=*/10));
400 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
401 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
402 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
403 resp_len));
404 ASSERT_TRUE(tokens);
405
406 for (TRUST_TOKEN *token : tokens.get()) {
407 // Corrupt the token.
408 token->data[0] ^= 0x42;
409
410 uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
411 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
412 client.get(), &redeem_msg, &msg_len, token, NULL, 0, 0));
413 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]414 uint32_t public_value;
415 uint8_t private_value;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]416 TRUST_TOKEN *rtoken;
417 uint8_t *client_data;
418 size_t client_data_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]419 if (use_message()) {
420 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem_over_message(
421 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
422 &client_data_len, redeem_msg, msg_len, kMessage, sizeof(kMessage)));
423 } else {
Steven Valdez80a243e2023-01-26 13:26:33 -0500[diff] [blame]424 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
425 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
426 &client_data_len, redeem_msg, msg_len));
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]427 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]428 bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
429 }
430}
431
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]432TEST_P(TrustTokenProtocolTest, TruncatedIssuanceRequest) {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]433 ASSERT_NO_FATAL_FAILURE(SetupContexts());
434
435 uint8_t *issue_msg = NULL, *issue_resp = NULL;
436 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]437 if (use_message()) {
438 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
439 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
440 } else {
441 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
442 &msg_len, 10));
443 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]444 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
445 msg_len = 10;
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]446 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]447 ASSERT_FALSE(TRUST_TOKEN_ISSUER_issue(
448 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
449 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
450 /*max_issuance=*/10));
451 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
452}
453
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]454TEST_P(TrustTokenProtocolTest, TruncatedIssuanceResponse) {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]455 ASSERT_NO_FATAL_FAILURE(SetupContexts());
456
457 uint8_t *issue_msg = NULL, *issue_resp = NULL;
458 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]459 if (use_message()) {
460 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
461 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
462 } else {
463 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
464 &msg_len, 10));
465 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]466 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]467 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]468 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
469 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
470 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
471 /*max_issuance=*/10));
472 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
473 resp_len = 10;
474 size_t key_index;
475 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
476 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
477 resp_len));
478 ASSERT_FALSE(tokens);
479}
480
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]481TEST_P(TrustTokenProtocolTest, ExtraDataIssuanceResponse) {
David Benjamincbe128b2020-04-21 23:05:27 -0400[diff] [blame]482 ASSERT_NO_FATAL_FAILURE(SetupContexts());
483
484 uint8_t *request = NULL, *response = NULL;
485 size_t request_len, response_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]486 if (use_message()) {
487 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
488 client.get(), &request, &request_len, 10, kMessage, sizeof(kMessage)));
489 } else {
490 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &request,
491 &request_len, 10));
492 }
David Benjamincbe128b2020-04-21 23:05:27 -0400[diff] [blame]493 bssl::UniquePtr<uint8_t> free_request(request);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]494 size_t tokens_issued;
David Benjamincbe128b2020-04-21 23:05:27 -0400[diff] [blame]495 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(issuer.get(), &response, &response_len,
496 &tokens_issued, request, request_len,
497 /*public_metadata=*/KeyID(0),
498 /*private_metadata=*/0,
499 /*max_issuance=*/10));
500 bssl::UniquePtr<uint8_t> free_response(response);
501 std::vector<uint8_t> response2(response, response + response_len);
502 response2.push_back(0);
503 size_t key_index;
504 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
505 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index,
506 response2.data(), response2.size()));
507 ASSERT_FALSE(tokens);
508}
509
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]510TEST_P(TrustTokenProtocolTest, TruncatedRedemptionRequest) {
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]511 ASSERT_NO_FATAL_FAILURE(SetupContexts());
512
513 uint8_t *issue_msg = NULL, *issue_resp = NULL;
514 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]515 if (use_message()) {
516 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
517 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
518 } else {
519 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
520 &msg_len, 10));
521 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]522 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]523 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]524 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
525 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
526 /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
527 /*max_issuance=*/10));
528 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
529 size_t key_index;
530 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
531 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
532 resp_len));
533 ASSERT_TRUE(tokens);
534
535 for (TRUST_TOKEN *token : tokens.get()) {
Steven Valdez8f3019e2020-04-17 09:36:06 -0400[diff] [blame]536 const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
Steven Valdez07827152020-10-13 11:04:33 -0400[diff] [blame]537 uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0);
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]538
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]539 uint8_t *redeem_msg = NULL;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]540 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
541 client.get(), &redeem_msg, &msg_len, token, kClientData,
542 sizeof(kClientData) - 1, kRedemptionTime));
543 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
544 msg_len = 10;
545
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]546 uint32_t public_value;
547 uint8_t private_value;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]548 TRUST_TOKEN *rtoken;
549 uint8_t *client_data;
550 size_t client_data_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]551 if (use_message()) {
552 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem_over_message(
553 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
554 &client_data_len, redeem_msg, msg_len, kMessage, sizeof(kMessage)));
555 } else {
Steven Valdez80a243e2023-01-26 13:26:33 -0500[diff] [blame]556 ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
557 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
558 &client_data_len, redeem_msg, msg_len));
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]559 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]560 }
561}
562
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]563TEST_P(TrustTokenProtocolTest, IssuedWithBadKeyID) {
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]564 client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]565 ASSERT_TRUE(client);
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]566 issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]567 ASSERT_TRUE(issuer);
568
569 // We configure the client and the issuer with different key IDs and test
570 // that the client notices.
571 const uint32_t kClientKeyID = 0;
572 const uint32_t kIssuerKeyID = 42;
573
574 uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
575 uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
576 size_t priv_key_len, pub_key_len, key_index;
577 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]578 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
579 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kClientKeyID));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]580 ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
581 pub_key_len));
582 ASSERT_EQ(0UL, key_index);
583
584 ASSERT_TRUE(TRUST_TOKEN_generate_key(
David Benjamin239634d2020-04-29 11:17:51 -0400[diff] [blame]585 method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
586 pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kIssuerKeyID));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]587 ASSERT_TRUE(TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
588
589
590 uint8_t public_key[32], private_key[64];
591 ED25519_keypair(public_key, private_key);
592 bssl::UniquePtr<EVP_PKEY> priv(
593 EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, private_key, 32));
594 ASSERT_TRUE(priv);
595 bssl::UniquePtr<EVP_PKEY> pub(
596 EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
597 ASSERT_TRUE(pub);
598
599 TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
600 TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
601 RAND_bytes(metadata_key, sizeof(metadata_key));
602 ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
603 sizeof(metadata_key)));
604
605
606 uint8_t *issue_msg = NULL, *issue_resp = NULL;
607 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]608 if (use_message()) {
609 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
610 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
611 } else {
612 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
613 &msg_len, 10));
614 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]615 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]616 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]617 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
618 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
619 /*public_metadata=*/42, /*private_metadata=*/0, /*max_issuance=*/10));
620 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
621 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
622 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
623 resp_len));
624 ASSERT_FALSE(tokens);
625}
626
627class TrustTokenMetadataTest
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]628 : public TrustTokenProtocolTestBase,
629 public testing::WithParamInterface<
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]630 std::tuple<const TRUST_TOKEN_METHOD *, bool, int, bool>> {
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]631 public:
632 TrustTokenMetadataTest()
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]633 : TrustTokenProtocolTestBase(std::get<0>(GetParam()),
634 std::get<1>(GetParam())) {}
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]635
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]636 int public_metadata() { return std::get<2>(GetParam()); }
637 bool private_metadata() { return std::get<3>(GetParam()); }
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]638};
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]639
640TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) {
641 ASSERT_NO_FATAL_FAILURE(SetupContexts());
642
Steven Valdez07827152020-10-13 11:04:33 -0400[diff] [blame]643 uint8_t *issue_msg = NULL, *issue_resp = NULL;
644 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]645 if (use_message()) {
646 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
647 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
648 } else {
649 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
650 &msg_len, 10));
651 }
Steven Valdez07827152020-10-13 11:04:33 -0400[diff] [blame]652 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
653 size_t tokens_issued;
654 bool result = TRUST_TOKEN_ISSUER_issue(
655 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
656 public_metadata(), private_metadata(), /*max_issuance=*/1);
657 if (!method()->has_private_metadata && private_metadata()) {
658 ASSERT_FALSE(result);
659 return;
660 }
661 ASSERT_TRUE(result);
662 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
663 size_t key_index;
664 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
665 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
666 resp_len));
667 ASSERT_TRUE(tokens);
668 EXPECT_EQ(1u, sk_TRUST_TOKEN_num(tokens.get()));
669
670 for (TRUST_TOKEN *token : tokens.get()) {
671 const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
672 uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0);
673
674 uint8_t *redeem_msg = NULL;
675 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
676 client.get(), &redeem_msg, &msg_len, token, kClientData,
677 sizeof(kClientData) - 1, kRedemptionTime));
678 bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
679 uint32_t public_value;
680 uint8_t private_value;
681 TRUST_TOKEN *rtoken;
682 uint8_t *client_data;
683 size_t client_data_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]684 if (use_message()) {
685 ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem_over_message(
686 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
687 &client_data_len, redeem_msg, msg_len, kMessage, sizeof(kMessage)));
688 } else {
Steven Valdez80a243e2023-01-26 13:26:33 -0500[diff] [blame]689 ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem(
690 issuer.get(), &public_value, &private_value, &rtoken, &client_data,
691 &client_data_len, redeem_msg, msg_len));
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]692 }
Steven Valdez07827152020-10-13 11:04:33 -0400[diff] [blame]693 bssl::UniquePtr<uint8_t> free_client_data(client_data);
694 bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
695
696 ASSERT_EQ(Bytes(kClientData, sizeof(kClientData) - 1),
697 Bytes(client_data, client_data_len));
698 ASSERT_EQ(public_value, static_cast<uint32_t>(public_metadata()));
699 ASSERT_EQ(private_value, private_metadata());
700 }
701}
702
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]703TEST_P(TrustTokenMetadataTest, TooManyRequests) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]704 if (!method()->has_private_metadata && private_metadata()) {
705 return;
706 }
707
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]708 issuer_max_batchsize = 1;
709 ASSERT_NO_FATAL_FAILURE(SetupContexts());
710
711 uint8_t *issue_msg = NULL, *issue_resp = NULL;
712 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]713 if (use_message()) {
714 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
715 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
716 } else {
717 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
718 &msg_len, 10));
719 }
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]720 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]721 size_t tokens_issued;
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]722 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
723 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]724 public_metadata(), private_metadata(), /*max_issuance=*/1));
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]725 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
726 ASSERT_EQ(tokens_issued, issuer_max_batchsize);
727 size_t key_index;
728 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
729 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
730 resp_len));
731 ASSERT_TRUE(tokens);
732 ASSERT_EQ(sk_TRUST_TOKEN_num(tokens.get()), 1UL);
733}
734
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]735
736TEST_P(TrustTokenMetadataTest, TruncatedProof) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]737 if (!method()->has_private_metadata && private_metadata()) {
738 return;
739 }
740
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]741 ASSERT_NO_FATAL_FAILURE(SetupContexts());
742
743 uint8_t *issue_msg = NULL, *issue_resp = NULL;
744 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]745 if (use_message()) {
746 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
747 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
748 } else {
749 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
750 &msg_len, 10));
751 }
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]752 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]753 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]754 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
755 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]756 public_metadata(), private_metadata(), /*max_issuance=*/1));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]757 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
758
759 CBS real_response;
760 CBS_init(&real_response, issue_resp, resp_len);
761 uint16_t count;
David Benjamin043fba22020-10-21 11:14:59 -0400[diff] [blame]762 uint32_t parsed_public_metadata;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]763 bssl::ScopedCBB bad_response;
764 ASSERT_TRUE(CBB_init(bad_response.get(), 0));
765 ASSERT_TRUE(CBS_get_u16(&real_response, &count));
766 ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
David Benjamin043fba22020-10-21 11:14:59 -0400[diff] [blame]767 ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata));
768 ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]769
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]770 const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
771 size_t token_length =
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]772 TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field));
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]773 if (method() == TRUST_TOKEN_experiment_v1()) {
774 token_length += 4;
775 }
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]776 if (method() == TRUST_TOKEN_experiment_v2_voprf()) {
777 token_length = 1 + 2 * BN_num_bytes(&group->field);
778 }
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]779 for (size_t i = 0; i < count; i++) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]780 ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response),
781 token_length));
782 ASSERT_TRUE(CBS_skip(&real_response, token_length));
Steven Valdezb55a8c12020-05-08 14:22:14 -0400[diff] [blame]783 }
784
Steven Valdezd0637e92020-06-03 15:43:49 -0400[diff] [blame]785 CBS tmp;
786 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
787 CBB dleq;
788 ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq));
789 ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp) - 2));
790 ASSERT_TRUE(CBB_flush(bad_response.get()));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]791
792 uint8_t *bad_buf;
793 size_t bad_len;
794 ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
795 bssl::UniquePtr<uint8_t> free_bad(bad_buf);
796
797 size_t key_index;
798 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]799 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf,
800 bad_len));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]801 ASSERT_FALSE(tokens);
802}
803
804TEST_P(TrustTokenMetadataTest, ExcessDataProof) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]805 if (!method()->has_private_metadata && private_metadata()) {
806 return;
807 }
808
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]809 ASSERT_NO_FATAL_FAILURE(SetupContexts());
810
811 uint8_t *issue_msg = NULL, *issue_resp = NULL;
812 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]813 if (use_message()) {
814 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
815 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
816 } else {
817 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
818 &msg_len, 10));
819 }
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]820 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]821 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]822 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
823 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]824 public_metadata(), private_metadata(), /*max_issuance=*/1));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]825 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
826
827 CBS real_response;
828 CBS_init(&real_response, issue_resp, resp_len);
829 uint16_t count;
David Benjamin043fba22020-10-21 11:14:59 -0400[diff] [blame]830 uint32_t parsed_public_metadata;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]831 bssl::ScopedCBB bad_response;
832 ASSERT_TRUE(CBB_init(bad_response.get(), 0));
833 ASSERT_TRUE(CBS_get_u16(&real_response, &count));
834 ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
David Benjamin043fba22020-10-21 11:14:59 -0400[diff] [blame]835 ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata));
836 ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]837
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]838 const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
839 size_t token_length =
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]840 TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field));
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]841 if (method() == TRUST_TOKEN_experiment_v1()) {
842 token_length += 4;
843 }
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]844 if (method() == TRUST_TOKEN_experiment_v2_voprf()) {
845 token_length = 1 + 2 * BN_num_bytes(&group->field);
846 }
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]847 for (size_t i = 0; i < count; i++) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]848 ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response),
849 token_length));
850 ASSERT_TRUE(CBS_skip(&real_response, token_length));
Steven Valdezb55a8c12020-05-08 14:22:14 -0400[diff] [blame]851 }
852
Steven Valdezd0637e92020-06-03 15:43:49 -0400[diff] [blame]853 CBS tmp;
854 ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
855 CBB dleq;
856 ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq));
857 ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp)));
858 ASSERT_TRUE(CBB_add_u16(&dleq, 42));
859 ASSERT_TRUE(CBB_flush(bad_response.get()));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]860
861 uint8_t *bad_buf;
862 size_t bad_len;
863 ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
864 bssl::UniquePtr<uint8_t> free_bad(bad_buf);
865
866 size_t key_index;
867 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
868 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf,
869 bad_len));
870 ASSERT_FALSE(tokens);
871}
872
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]873INSTANTIATE_TEST_SUITE_P(
874 TrustTokenAllMetadataTest, TrustTokenMetadataTest,
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]875 testing::Combine(testing::ValuesIn(AllMethods()),
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]876 testing::Bool(),
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]877 testing::Values(TrustTokenProtocolTest::KeyID(0),
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]878 TrustTokenProtocolTest::KeyID(1),
879 TrustTokenProtocolTest::KeyID(2)),
880 testing::Bool()));
881
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]882class TrustTokenBadKeyTest
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]883 : public TrustTokenProtocolTestBase,
884 public testing::WithParamInterface<
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]885 std::tuple<const TRUST_TOKEN_METHOD *, bool, bool, int>> {
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]886 public:
887 TrustTokenBadKeyTest()
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]888 : TrustTokenProtocolTestBase(std::get<0>(GetParam()),
889 std::get<1>(GetParam())) {}
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]890
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]891 bool private_metadata() { return std::get<2>(GetParam()); }
892 int corrupted_key() { return std::get<3>(GetParam()); }
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]893};
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]894
895TEST_P(TrustTokenBadKeyTest, BadKey) {
Steven Valdezf2b2ef82020-09-21 11:39:22 -0400[diff] [blame]896 // For versions without private metadata, only corruptions of 'xs' (the 4th
897 // entry in |scalars| below) result in a bad key, as the other scalars are
898 // unused internally.
899 if (!method()->has_private_metadata &&
900 (private_metadata() || corrupted_key() != 4)) {
Steven Valdez9adcb0a2020-09-10 10:59:15 -0400[diff] [blame]901 return;
902 }
903
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]904 ASSERT_NO_FATAL_FAILURE(SetupContexts());
905
906 uint8_t *issue_msg = NULL, *issue_resp = NULL;
907 size_t msg_len, resp_len;
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]908 if (use_message()) {
909 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance_over_message(
910 client.get(), &issue_msg, &msg_len, 10, kMessage, sizeof(kMessage)));
911 } else {
912 ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
913 &msg_len, 10));
914 }
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]915 bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
916
917 struct trust_token_issuer_key_st *key = &issuer->keys[0];
David Benjamin090ee962020-04-28 17:08:37 -0400[diff] [blame]918 EC_SCALAR *scalars[] = {&key->key.x0, &key->key.y0, &key->key.x1,
919 &key->key.y1, &key->key.xs, &key->key.ys};
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]920
921 // Corrupt private key scalar.
David Benjamin227ff6e2022-05-05 08:43:27 -0400[diff] [blame]922 scalars[corrupted_key()]->words[0] ^= 42;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]923
David Benjamin17078f22020-04-28 17:50:13 -0400[diff] [blame]924 size_t tokens_issued;
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]925 ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
926 issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]927 /*public_metadata=*/7, private_metadata(), /*max_issuance=*/1));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]928 bssl::UniquePtr<uint8_t> free_msg(issue_resp);
929 size_t key_index;
930 bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
931 TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
932 resp_len));
933
934 // If the unused private key is corrupted, then the DLEQ proof should succeed.
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]935 if ((corrupted_key() / 2 == 0 && private_metadata() == true) ||
936 (corrupted_key() / 2 == 1 && private_metadata() == false)) {
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]937 ASSERT_TRUE(tokens);
938 } else {
939 ASSERT_FALSE(tokens);
940 }
941}
942
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]943INSTANTIATE_TEST_SUITE_P(TrustTokenAllBadKeyTest, TrustTokenBadKeyTest,
944 testing::Combine(testing::ValuesIn(AllMethods()),
945 testing::Bool(),
Steven Valdezfa4555a2022-12-06 13:42:57 -0500[diff] [blame]946 testing::Bool(),
David Benjaminaa764c42020-04-29 12:39:10 -0400[diff] [blame]947 testing::Values(0, 1, 2, 3, 4, 5)));
Steven Valdez78987bb2020-04-09 14:57:31 -0400[diff] [blame]948
Steven Valdez538a1242019-12-16 12:12:31 -0500[diff] [blame]949} // namespace
950BSSL_NAMESPACE_END