/*############################################################################
# Copyright 2017 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
############################################################################*/
/*!
* \file
* \brief Provision credential unit tests.
*/
#include <cstring>
#include <vector>
#include "gtest/gtest.h"
extern "C" {
#include "epid/member/api.h"
}
#include "epid/common-testhelper/epid_gtest-testhelper.h"
#include "epid/common-testhelper/errors-testhelper.h"
#include "epid/common-testhelper/mem_params-testhelper.h"
#include "epid/common-testhelper/prng-testhelper.h"
#include "epid/member/tiny/unittests/member-testhelper.h"
namespace {
EpidStatus ProvisionCredentialAndStart(MemberCtx* ctx,
GroupPubKey const* pub_key,
MembershipCredential const* credential,
MemberPrecomp const* precomp_str) {
EpidStatus sts;
sts = EpidProvisionCredential(ctx, pub_key, credential, precomp_str);
if (sts != kEpidNoErr) {
return sts;
}
sts = EpidMemberStartup(ctx);
return sts;
}
TEST_F(EpidMemberTest, ProvisionCredentialFailsGivenNullParameters) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
credential.A = this->kGrpXMember9PrivKey.A;
credential.gid = this->kGrpXMember9PrivKey.gid;
credential.x = this->kGrpXMember9PrivKey.x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(nullptr, &pub_key, &credential, &precomp));
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(member, nullptr, &credential, &precomp));
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(member, &pub_key, nullptr, &precomp));
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(nullptr, &pub_key, &credential, nullptr));
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(member, nullptr, &credential, nullptr));
EXPECT_EQ(kEpidBadArgErr,
EpidProvisionCredential(member, &pub_key, nullptr, nullptr));
}
TEST_F(EpidMemberTest, ProvisionCredentialRejectsInvalidCredential) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
MembershipCredential base_credential;
base_credential.A = this->kGrpXMember9PrivKey.A;
base_credential.gid = this->kGrpXMember9PrivKey.gid;
base_credential.x = this->kGrpXMember9PrivKey.x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
credential = base_credential;
credential.A.x.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
credential = base_credential;
credential.A.y.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
credential = base_credential;
credential.x.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
}
TEST_F(EpidMemberTest, ProvisionCredentialRejectsInvalidGroupKey) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
credential.A = this->kGrpXMember9PrivKey.A;
credential.gid = this->kGrpXMember9PrivKey.gid;
credential.x = this->kGrpXMember9PrivKey.x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
pub_key = this->kGroupPublicKey;
pub_key.h1.x.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.h1.y.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.h2.x.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.h2.y.data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.w.x[0].data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.w.x[1].data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.w.y[0].data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
pub_key = this->kGroupPublicKey;
pub_key.w.y[1].data.data[0]++;
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
}
TEST_F(EpidMemberTest, ProvisionCredentialRejectsCredentialNotInGroup) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
MembershipCredential base_credential;
base_credential.A = this->kGrpXMember9PrivKey.A;
base_credential.gid = this->kGrpXMember9PrivKey.gid;
base_credential.x = this->kGrpXMember9PrivKey.x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
credential = base_credential;
credential.gid.data[0] = ~credential.gid.data[0];
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
EXPECT_EQ(kEpidBadArgErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
}
TEST_F(EpidMemberTest, CanProvisionUsingMembershipCredentialPrecomp) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
credential.A = this->kGrpXMember9PrivKey.A;
credential.gid = this->kGrpXMember9PrivKey.gid;
credential.x = this->kGrpXMember9PrivKey.x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidNoErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, &precomp));
}
TEST_F(EpidMemberTest, CanProvisionUsingMembershipCredentialNoPrecomp) {
Prng prng;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MembershipCredential credential;
credential.A = this->kGrpXMember9PrivKey.A;
credential.gid = this->kGrpXMember9PrivKey.gid;
credential.x = this->kGrpXMember9PrivKey.x;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidNoErr, ProvisionCredentialAndStart(member, &pub_key,
&credential, nullptr));
}
// test that create succeeds with valid IKGF given parameters
TEST_F(EpidMemberTest, CanProvisionUsingIKGFMembershipCredentialPrecomp) {
Prng prng;
const GroupPubKey* pub_key = reinterpret_cast<const GroupPubKey*>(
this->kGroupPublicKeyDataIkgf.data());
const PrivKey* priv_key =
reinterpret_cast<const PrivKey*>(this->kMemberPrivateKeyDataIkgf.data());
FpElemStr f = priv_key->f;
MembershipCredential credential;
credential.A = priv_key->A;
credential.gid = priv_key->gid;
credential.x = priv_key->x;
// Note: this MemberPrecomp is for the wrong group, however it should not
// be checked in Provision because doing so would negate the performance
// boost of using the precomp.
MemberPrecomp precomp = this->kMemberPrecomp;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidNoErr, ProvisionCredentialAndStart(member, pub_key,
&credential, &precomp));
}
TEST_F(EpidMemberTest, CanProvisionUsingIKGFMembershipCredentialNoPrecomp) {
Prng prng;
const GroupPubKey* pub_key = reinterpret_cast<const GroupPubKey*>(
this->kGroupPublicKeyDataIkgf.data());
const PrivKey* priv_key =
reinterpret_cast<const PrivKey*>(this->kMemberPrivateKeyDataIkgf.data());
FpElemStr f = priv_key->f;
MembershipCredential credential;
credential.A = priv_key->A;
credential.gid = priv_key->gid;
credential.x = priv_key->x;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidNoErr,
ProvisionCredentialAndStart(member, pub_key, &credential, nullptr));
}
TEST_F(EpidMemberTest,
DISABLED_ProvisionCredentialCanStoreMembershipCredentialNoPrecomp) {
Prng prng;
MembershipCredential const orig_credential =
*(MembershipCredential*)&this->kGrpXMember9PrivKey;
GroupPubKey pub_key = this->kGrpXKey;
FpElemStr f = this->kGrpXMember9PrivKey.f;
MemberParams params = {0};
SetMemberParams(&Prng::Generate, &prng, &f, ¶ms);
MemberCtxObj member(¶ms);
EXPECT_EQ(kEpidNoErr, ProvisionCredentialAndStart(member, &pub_key,
&orig_credential, nullptr));
FAIL() << "todo(developer): implement verification that credentials are "
"provisioned";
// MembershipCredential credential;
// uint32_t nv_index = 0x01c10100;
// EXPECT_EQ(kEpidNoErr, EpidNvReadMembershipCredential(
// member->tpm2_ctx, nv_index, &pub_key,
// &credential));
// EXPECT_EQ(orig_credential, credential);
}
} // namespace