trust_token_test.cc
Go to the documentation of this file.
1 /* Copyright (c) 2020, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <stdio.h>
16 #include <string.h>
17 #include <time.h>
18 
19 #include <algorithm>
20 #include <limits>
21 #include <string>
22 #include <tuple>
23 #include <utility>
24 #include <vector>
25 
26 #include <gtest/gtest.h>
27 
28 #include <openssl/bytestring.h>
29 #include <openssl/curve25519.h>
30 #include <openssl/evp.h>
31 #include <openssl/mem.h>
32 #include <openssl/rand.h>
33 #include <openssl/sha.h>
34 #include <openssl/trust_token.h>
35 
36 #include "../ec_extra/internal.h"
37 #include "../fipsmodule/ec/internal.h"
38 #include "../internal.h"
39 #include "../test/test_util.h"
40 #include "internal.h"
41 
42 
43 BSSL_NAMESPACE_BEGIN
44 
45 namespace {
46 
47 TEST(TrustTokenTest, KeyGenExp1) {
48  uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
49  uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
50  size_t priv_key_len, pub_key_len;
51  ASSERT_TRUE(TRUST_TOKEN_generate_key(
52  TRUST_TOKEN_experiment_v1(), priv_key, &priv_key_len,
53  TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
54  TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
55  ASSERT_EQ(292u, priv_key_len);
56  ASSERT_EQ(301u, pub_key_len);
57 }
58 
59 TEST(TrustTokenTest, KeyGenExp2VOPRF) {
60  uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
61  uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
62  size_t priv_key_len, pub_key_len;
63  ASSERT_TRUE(TRUST_TOKEN_generate_key(
64  TRUST_TOKEN_experiment_v2_voprf(), priv_key, &priv_key_len,
65  TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
66  TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
67  ASSERT_EQ(52u, priv_key_len);
68  ASSERT_EQ(101u, pub_key_len);
69 }
70 
71 TEST(TrustTokenTest, KeyGenExp2PMB) {
72  uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
73  uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
74  size_t priv_key_len, pub_key_len;
75  ASSERT_TRUE(TRUST_TOKEN_generate_key(
76  TRUST_TOKEN_experiment_v2_pmb(), priv_key, &priv_key_len,
77  TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE, pub_key, &pub_key_len,
78  TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, 0x0001));
79  ASSERT_EQ(292u, priv_key_len);
80  ASSERT_EQ(295u, pub_key_len);
81 }
82 
83 // Test that H in |TRUST_TOKEN_experiment_v1| was computed correctly.
84 TEST(TrustTokenTest, HExp1) {
85  const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
86  ASSERT_TRUE(group);
87 
88  const uint8_t kHGen[] = "generator";
89  const uint8_t kHLabel[] = "PMBTokens Experiment V1 HashH";
90 
91  bssl::UniquePtr<EC_POINT> expected_h(EC_POINT_new(group));
92  ASSERT_TRUE(expected_h);
93  ASSERT_TRUE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
94  group, &expected_h->raw, kHLabel, sizeof(kHLabel), kHGen, sizeof(kHGen)));
95  uint8_t expected_bytes[1 + 2 * EC_MAX_BYTES];
96  size_t expected_len =
97  EC_POINT_point2oct(group, expected_h.get(), POINT_CONVERSION_UNCOMPRESSED,
98  expected_bytes, sizeof(expected_bytes), nullptr);
99 
100  uint8_t h[97];
101  ASSERT_TRUE(pmbtoken_exp1_get_h_for_testing(h));
102  EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len));
103 }
104 
105 // Test that H in |TRUST_TOKEN_experiment_v2_pmb| was computed correctly.
106 TEST(TrustTokenTest, HExp2) {
107  const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
108  ASSERT_TRUE(group);
109 
110  const uint8_t kHGen[] = "generator";
111  const uint8_t kHLabel[] = "PMBTokens Experiment V2 HashH";
112 
113  bssl::UniquePtr<EC_POINT> expected_h(EC_POINT_new(group));
114  ASSERT_TRUE(expected_h);
115  ASSERT_TRUE(ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
116  group, &expected_h->raw, kHLabel, sizeof(kHLabel), kHGen, sizeof(kHGen)));
117  uint8_t expected_bytes[1 + 2 * EC_MAX_BYTES];
118  size_t expected_len =
119  EC_POINT_point2oct(group, expected_h.get(), POINT_CONVERSION_UNCOMPRESSED,
120  expected_bytes, sizeof(expected_bytes), nullptr);
121 
122  uint8_t h[97];
123  ASSERT_TRUE(pmbtoken_exp2_get_h_for_testing(h));
124  EXPECT_EQ(Bytes(h), Bytes(expected_bytes, expected_len));
125 }
126 
127 static std::vector<const TRUST_TOKEN_METHOD *> AllMethods() {
128  return {
129  TRUST_TOKEN_experiment_v1(),
130  TRUST_TOKEN_experiment_v2_voprf(),
131  TRUST_TOKEN_experiment_v2_pmb()
132  };
133 }
134 
135 class TrustTokenProtocolTestBase : public ::testing::Test {
136  public:
137  explicit TrustTokenProtocolTestBase(const TRUST_TOKEN_METHOD *method_arg)
138  : method_(method_arg) {}
139 
140  // KeyID returns the key ID associated with key index |i|.
141  static uint32_t KeyID(size_t i) {
142  // Use a different value from the indices to that we do not mix them up.
143  return 7 + i;
144  }
145 
146  const TRUST_TOKEN_METHOD *method() { return method_; }
147 
148  protected:
149  void SetupContexts() {
150  client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
151  ASSERT_TRUE(client);
152  issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
153  ASSERT_TRUE(issuer);
154 
155  for (size_t i = 0; i < method()->max_keys; i++) {
156  uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
157  uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
158  size_t priv_key_len, pub_key_len, key_index;
159  ASSERT_TRUE(TRUST_TOKEN_generate_key(
160  method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
161  pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, KeyID(i)));
162  ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
163  pub_key_len));
164  ASSERT_EQ(i, key_index);
165  ASSERT_TRUE(
166  TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
167  }
168 
169  uint8_t public_key[32], private_key[64];
170  ED25519_keypair(public_key, private_key);
171  bssl::UniquePtr<EVP_PKEY> priv(EVP_PKEY_new_raw_private_key(
172  EVP_PKEY_ED25519, nullptr, private_key, 32));
173  ASSERT_TRUE(priv);
174  bssl::UniquePtr<EVP_PKEY> pub(
175  EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
176  ASSERT_TRUE(pub);
177 
178  TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
179  TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
180  RAND_bytes(metadata_key, sizeof(metadata_key));
181  ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
182  sizeof(metadata_key)));
183  }
184 
185  const TRUST_TOKEN_METHOD *method_;
186  uint16_t client_max_batchsize = 10;
187  uint16_t issuer_max_batchsize = 10;
188  bssl::UniquePtr<TRUST_TOKEN_CLIENT> client;
189  bssl::UniquePtr<TRUST_TOKEN_ISSUER> issuer;
190  uint8_t metadata_key[32];
191 };
192 
193 class TrustTokenProtocolTest
194  : public TrustTokenProtocolTestBase,
195  public testing::WithParamInterface<const TRUST_TOKEN_METHOD *> {
196  public:
197  TrustTokenProtocolTest() : TrustTokenProtocolTestBase(GetParam()) {}
198 };
199 
200 INSTANTIATE_TEST_SUITE_P(TrustTokenAllProtocolTest, TrustTokenProtocolTest,
201  testing::ValuesIn(AllMethods()));
202 
203 TEST_P(TrustTokenProtocolTest, InvalidToken) {
204  ASSERT_NO_FATAL_FAILURE(SetupContexts());
205 
206  uint8_t *issue_msg = NULL, *issue_resp = NULL;
207  size_t msg_len, resp_len;
208 
209  size_t key_index;
210  size_t tokens_issued;
211  ASSERT_TRUE(
212  TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg, &msg_len, 1));
213  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
214  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
215  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
216  /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
217  /*max_issuance=*/10));
218  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
219  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
220  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
221  resp_len));
222  ASSERT_TRUE(tokens);
223 
224  for (TRUST_TOKEN *token : tokens.get()) {
225  // Corrupt the token.
226  token->data[0] ^= 0x42;
227 
228  uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
229  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
230  client.get(), &redeem_msg, &msg_len, token, NULL, 0, 0));
231  bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
232  TRUST_TOKEN *rtoken;
233  uint8_t *client_data;
234  size_t client_data_len;
235  uint64_t redemption_time;
236  ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
237  issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
238  &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
239  bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
240  }
241 }
242 
243 TEST_P(TrustTokenProtocolTest, TruncatedIssuanceRequest) {
244  ASSERT_NO_FATAL_FAILURE(SetupContexts());
245 
246  uint8_t *issue_msg = NULL, *issue_resp = NULL;
247  size_t msg_len, resp_len;
248  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
249  &msg_len, 10));
250  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
251  msg_len = 10;
252  size_t tokens_issued;
253  ASSERT_FALSE(TRUST_TOKEN_ISSUER_issue(
254  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
255  /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
256  /*max_issuance=*/10));
257  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
258 }
259 
260 TEST_P(TrustTokenProtocolTest, TruncatedIssuanceResponse) {
261  ASSERT_NO_FATAL_FAILURE(SetupContexts());
262 
263  uint8_t *issue_msg = NULL, *issue_resp = NULL;
264  size_t msg_len, resp_len;
265  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
266  &msg_len, 10));
267  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
268  size_t tokens_issued;
269  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
270  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
271  /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
272  /*max_issuance=*/10));
273  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
274  resp_len = 10;
275  size_t key_index;
276  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
277  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
278  resp_len));
279  ASSERT_FALSE(tokens);
280 }
281 
282 TEST_P(TrustTokenProtocolTest, ExtraDataIssuanceResponse) {
283  ASSERT_NO_FATAL_FAILURE(SetupContexts());
284 
285  uint8_t *request = NULL, *response = NULL;
286  size_t request_len, response_len;
287  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &request,
288  &request_len, 10));
289  bssl::UniquePtr<uint8_t> free_request(request);
290  size_t tokens_issued;
291  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(issuer.get(), &response, &response_len,
292  &tokens_issued, request, request_len,
293  /*public_metadata=*/KeyID(0),
294  /*private_metadata=*/0,
295  /*max_issuance=*/10));
296  bssl::UniquePtr<uint8_t> free_response(response);
297  std::vector<uint8_t> response2(response, response + response_len);
298  response2.push_back(0);
299  size_t key_index;
300  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
301  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index,
302  response2.data(), response2.size()));
303  ASSERT_FALSE(tokens);
304 }
305 
306 TEST_P(TrustTokenProtocolTest, TruncatedRedemptionRequest) {
307  ASSERT_NO_FATAL_FAILURE(SetupContexts());
308 
309  uint8_t *issue_msg = NULL, *issue_resp = NULL;
310  size_t msg_len, resp_len;
311  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
312  &msg_len, 10));
313  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
314  size_t tokens_issued;
315  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
316  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
317  /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
318  /*max_issuance=*/10));
319  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
320  size_t key_index;
321  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
322  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
323  resp_len));
324  ASSERT_TRUE(tokens);
325 
326  for (TRUST_TOKEN *token : tokens.get()) {
327  const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
328  uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0);
329 
330  uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
331  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
332  client.get(), &redeem_msg, &msg_len, token, kClientData,
333  sizeof(kClientData) - 1, kRedemptionTime));
334  bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
335  msg_len = 10;
336 
337  TRUST_TOKEN *rtoken;
338  uint8_t *client_data;
339  size_t client_data_len;
340  uint64_t redemption_time;
341  ASSERT_FALSE(TRUST_TOKEN_ISSUER_redeem(
342  issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
343  &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
344  }
345 }
346 
347 TEST_P(TrustTokenProtocolTest, TruncatedRedemptionResponse) {
348  ASSERT_NO_FATAL_FAILURE(SetupContexts());
349 
350  uint8_t *issue_msg = NULL, *issue_resp = NULL;
351  size_t msg_len, resp_len;
352  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
353  &msg_len, 10));
354  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
355  size_t tokens_issued;
356  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
357  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
358  /*public_metadata=*/KeyID(0), /*private_metadata=*/0,
359  /*max_issuance=*/10));
360  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
361  size_t key_index;
362  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
363  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
364  resp_len));
365  ASSERT_TRUE(tokens);
366 
367  for (TRUST_TOKEN *token : tokens.get()) {
368  const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
369  uint64_t kRedemptionTime = 0;
370 
371  uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
372  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
373  client.get(), &redeem_msg, &msg_len, token, kClientData,
374  sizeof(kClientData) - 1, kRedemptionTime));
375  bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
376  TRUST_TOKEN *rtoken;
377  uint8_t *client_data;
378  size_t client_data_len;
379  uint64_t redemption_time;
380  ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem(
381  issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
382  &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
383  bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
384  bssl::UniquePtr<uint8_t> free_client_data(client_data);
385  bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
386 
387  ASSERT_EQ(redemption_time, kRedemptionTime);
388  ASSERT_EQ(Bytes(kClientData, sizeof(kClientData) - 1),
389  Bytes(client_data, client_data_len));
390  resp_len = 10;
391 
392  // If the protocol doesn't use SRRs, TRUST_TOKEN_CLIENT_finish_redemtpion
393  // leaves all SRR validation to the caller.
394  uint8_t *srr = NULL, *sig = NULL;
395  size_t srr_len, sig_len;
396  bool expect_failure = !method()->has_srr;
397  ASSERT_EQ(expect_failure, TRUST_TOKEN_CLIENT_finish_redemption(
398  client.get(), &srr, &srr_len, &sig, &sig_len,
399  redeem_resp, resp_len));
400  bssl::UniquePtr<uint8_t> free_srr(srr);
401  bssl::UniquePtr<uint8_t> free_sig(sig);
402  }
403 }
404 
405 TEST_P(TrustTokenProtocolTest, IssuedWithBadKeyID) {
406  client.reset(TRUST_TOKEN_CLIENT_new(method(), client_max_batchsize));
407  ASSERT_TRUE(client);
408  issuer.reset(TRUST_TOKEN_ISSUER_new(method(), issuer_max_batchsize));
409  ASSERT_TRUE(issuer);
410 
411  // We configure the client and the issuer with different key IDs and test
412  // that the client notices.
413  const uint32_t kClientKeyID = 0;
414  const uint32_t kIssuerKeyID = 42;
415 
416  uint8_t priv_key[TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE];
417  uint8_t pub_key[TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE];
418  size_t priv_key_len, pub_key_len, key_index;
419  ASSERT_TRUE(TRUST_TOKEN_generate_key(
420  method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
421  pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kClientKeyID));
422  ASSERT_TRUE(TRUST_TOKEN_CLIENT_add_key(client.get(), &key_index, pub_key,
423  pub_key_len));
424  ASSERT_EQ(0UL, key_index);
425 
426  ASSERT_TRUE(TRUST_TOKEN_generate_key(
427  method(), priv_key, &priv_key_len, TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE,
428  pub_key, &pub_key_len, TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE, kIssuerKeyID));
429  ASSERT_TRUE(TRUST_TOKEN_ISSUER_add_key(issuer.get(), priv_key, priv_key_len));
430 
431 
432  uint8_t public_key[32], private_key[64];
433  ED25519_keypair(public_key, private_key);
434  bssl::UniquePtr<EVP_PKEY> priv(
435  EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, nullptr, private_key, 32));
436  ASSERT_TRUE(priv);
437  bssl::UniquePtr<EVP_PKEY> pub(
438  EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, nullptr, public_key, 32));
439  ASSERT_TRUE(pub);
440 
441  TRUST_TOKEN_CLIENT_set_srr_key(client.get(), pub.get());
442  TRUST_TOKEN_ISSUER_set_srr_key(issuer.get(), priv.get());
443  RAND_bytes(metadata_key, sizeof(metadata_key));
444  ASSERT_TRUE(TRUST_TOKEN_ISSUER_set_metadata_key(issuer.get(), metadata_key,
445  sizeof(metadata_key)));
446 
447 
448  uint8_t *issue_msg = NULL, *issue_resp = NULL;
449  size_t msg_len, resp_len;
450  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
451  &msg_len, 10));
452  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
453  size_t tokens_issued;
454  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
455  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
456  /*public_metadata=*/42, /*private_metadata=*/0, /*max_issuance=*/10));
457  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
458  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
459  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
460  resp_len));
461  ASSERT_FALSE(tokens);
462 }
463 
464 class TrustTokenMetadataTest
465  : public TrustTokenProtocolTestBase,
466  public testing::WithParamInterface<
467  std::tuple<const TRUST_TOKEN_METHOD *, int, bool>> {
468  public:
469  TrustTokenMetadataTest()
470  : TrustTokenProtocolTestBase(std::get<0>(GetParam())) {}
471 
472  int public_metadata() { return std::get<1>(GetParam()); }
473  bool private_metadata() { return std::get<2>(GetParam()); }
474 };
475 
476 TEST_P(TrustTokenMetadataTest, SetAndGetMetadata) {
477  ASSERT_NO_FATAL_FAILURE(SetupContexts());
478 
479  uint8_t *issue_msg = NULL, *issue_resp = NULL;
480  size_t msg_len, resp_len;
481  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
482  &msg_len, 10));
483  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
484  size_t tokens_issued;
485  bool result = TRUST_TOKEN_ISSUER_issue(
486  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
487  public_metadata(), private_metadata(), /*max_issuance=*/1);
488  if (!method()->has_private_metadata && private_metadata()) {
489  ASSERT_FALSE(result);
490  return;
491  }
492  ASSERT_TRUE(result);
493  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
494  size_t key_index;
495  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
496  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
497  resp_len));
498  ASSERT_TRUE(tokens);
499 
500  for (TRUST_TOKEN *token : tokens.get()) {
501  const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
502  uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0);
503 
504  const uint8_t kExpectedSRRV1[] =
505  "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69"
506  "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e"
507  "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
508  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
509  "\x00\x00\x00\x00\x00\x6b\x63\x6c\x69\x65\x6e\x74\x2d\x64\x61\x74\x61"
510  "\x70\x54\x45\x53\x54\x20\x43\x4c\x49\x45\x4e\x54\x20\x44\x41\x54\x41"
511  "\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d\x65\x73\x74\x61\x6d\x70"
512  "\x1a\x00\xcc\x15\x7a";
513 
514  const uint8_t kExpectedSRRV2[] =
515  "\xa4\x68\x6d\x65\x74\x61\x64\x61\x74\x61\xa2\x66\x70\x75\x62\x6c\x69"
516  "\x63\x00\x67\x70\x72\x69\x76\x61\x74\x65\x00\x6a\x74\x6f\x6b\x65\x6e"
517  "\x2d\x68\x61\x73\x68\x58\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
518  "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
519  "\x00\x00\x00\x00\x00\x6b\x63\x6c\x69\x65\x6e\x74\x2d\x64\x61\x74\x61"
520  "\x70\x54\x45\x53\x54\x20\x43\x4c\x49\x45\x4e\x54\x20\x44\x41\x54\x41"
521  "\x70\x65\x78\x70\x69\x72\x79\x2d\x74\x69\x6d\x65\x73\x74\x61\x6d\x70"
522  "\x00";
523 
524  const uint8_t *expected_srr = kExpectedSRRV1;
525  size_t expected_srr_len = sizeof(kExpectedSRRV1) - 1;
526  if (!method()->has_srr) {
527  expected_srr = kExpectedSRRV2;
528  expected_srr_len = sizeof(kExpectedSRRV2) - 1;
529  }
530 
531  uint8_t *redeem_msg = NULL, *redeem_resp = NULL;
532  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
533  client.get(), &redeem_msg, &msg_len, token, kClientData,
534  sizeof(kClientData) - 1, kRedemptionTime));
535  bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
536  TRUST_TOKEN *rtoken;
537  uint8_t *client_data;
538  size_t client_data_len;
539  uint64_t redemption_time;
540  ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem(
541  issuer.get(), &redeem_resp, &resp_len, &rtoken, &client_data,
542  &client_data_len, &redemption_time, redeem_msg, msg_len, 600));
543  bssl::UniquePtr<uint8_t> free_redeem_resp(redeem_resp);
544  bssl::UniquePtr<uint8_t> free_client_data(client_data);
545  bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
546 
547  ASSERT_EQ(redemption_time, kRedemptionTime);
548  ASSERT_EQ(Bytes(kClientData, sizeof(kClientData) - 1),
549  Bytes(client_data, client_data_len));
550 
551  uint8_t *srr = NULL, *sig = NULL;
552  size_t srr_len, sig_len;
553  ASSERT_TRUE(TRUST_TOKEN_CLIENT_finish_redemption(
554  client.get(), &srr, &srr_len, &sig, &sig_len, redeem_resp, resp_len));
555  bssl::UniquePtr<uint8_t> free_srr(srr);
556  bssl::UniquePtr<uint8_t> free_sig(sig);
557 
558  if (!method()->has_srr) {
559  size_t b64_len;
560  ASSERT_TRUE(EVP_EncodedLength(&b64_len, expected_srr_len));
561  b64_len -= 1;
562  const char kSRRHeader[] = "body=:";
563  ASSERT_LT(sizeof(kSRRHeader) - 1 + b64_len, srr_len);
564 
565  ASSERT_EQ(Bytes(kSRRHeader, sizeof(kSRRHeader) - 1),
566  Bytes(srr, sizeof(kSRRHeader) - 1));
567  uint8_t *decoded_srr =
568  (uint8_t *)OPENSSL_malloc(expected_srr_len + 2);
569  ASSERT_TRUE(decoded_srr);
570  ASSERT_LE(
571  int(expected_srr_len),
572  EVP_DecodeBlock(decoded_srr, srr + sizeof(kSRRHeader) - 1, b64_len));
573  srr = decoded_srr;
574  srr_len = expected_srr_len;
575  free_srr.reset(srr);
576  }
577 
578  const uint8_t kTokenHashDSTLabel[] = "TrustTokenV0 TokenHash";
579  uint8_t token_hash[SHA256_DIGEST_LENGTH];
580  SHA256_CTX sha_ctx;
581  SHA256_Init(&sha_ctx);
582  SHA256_Update(&sha_ctx, kTokenHashDSTLabel, sizeof(kTokenHashDSTLabel));
583  SHA256_Update(&sha_ctx, token->data, token->len);
584  SHA256_Final(token_hash, &sha_ctx);
585 
586  // Check the token hash is in the SRR.
587  ASSERT_EQ(Bytes(token_hash), Bytes(srr + 41, sizeof(token_hash)));
588 
589  uint8_t decode_private_metadata;
590  ASSERT_TRUE(TRUST_TOKEN_decode_private_metadata(
591  method(), &decode_private_metadata, metadata_key,
592  sizeof(metadata_key), token_hash, sizeof(token_hash), srr[27]));
593  ASSERT_EQ(srr[18], public_metadata());
594  ASSERT_EQ(decode_private_metadata, private_metadata());
595 
596  // Clear out the metadata bits.
597  srr[18] = 0;
598  srr[27] = 0;
599 
600  // Clear out the token hash.
601  OPENSSL_memset(srr + 41, 0, sizeof(token_hash));
602 
603  ASSERT_EQ(Bytes(expected_srr, expected_srr_len),
604  Bytes(srr, srr_len));
605  }
606 }
607 
608 TEST_P(TrustTokenMetadataTest, RawSetAndGetMetadata) {
609  ASSERT_NO_FATAL_FAILURE(SetupContexts());
610 
611  uint8_t *issue_msg = NULL, *issue_resp = NULL;
612  size_t msg_len, resp_len;
613  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
614  &msg_len, 10));
615  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
616  size_t tokens_issued;
617  bool result = TRUST_TOKEN_ISSUER_issue(
618  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
619  public_metadata(), private_metadata(), /*max_issuance=*/1);
620  if (!method()->has_private_metadata && private_metadata()) {
621  ASSERT_FALSE(result);
622  return;
623  }
624  ASSERT_TRUE(result);
625  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
626  size_t key_index;
627  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
628  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
629  resp_len));
630  ASSERT_TRUE(tokens);
631  EXPECT_EQ(1u, sk_TRUST_TOKEN_num(tokens.get()));
632 
633  for (TRUST_TOKEN *token : tokens.get()) {
634  const uint8_t kClientData[] = "\x70TEST CLIENT DATA";
635  uint64_t kRedemptionTime = (method()->has_srr ? 13374242 : 0);
636 
637  uint8_t *redeem_msg = NULL;
638  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_redemption(
639  client.get(), &redeem_msg, &msg_len, token, kClientData,
640  sizeof(kClientData) - 1, kRedemptionTime));
641  bssl::UniquePtr<uint8_t> free_redeem_msg(redeem_msg);
642  uint32_t public_value;
643  uint8_t private_value;
644  TRUST_TOKEN *rtoken;
645  uint8_t *client_data;
646  size_t client_data_len;
647  ASSERT_TRUE(TRUST_TOKEN_ISSUER_redeem_raw(
648  issuer.get(), &public_value, &private_value, &rtoken,
649  &client_data, &client_data_len, redeem_msg, msg_len));
650  bssl::UniquePtr<uint8_t> free_client_data(client_data);
651  bssl::UniquePtr<TRUST_TOKEN> free_rtoken(rtoken);
652 
653  ASSERT_EQ(Bytes(kClientData, sizeof(kClientData) - 1),
654  Bytes(client_data, client_data_len));
655  ASSERT_EQ(public_value, static_cast<uint32_t>(public_metadata()));
656  ASSERT_EQ(private_value, private_metadata());
657  }
658 }
659 
660 TEST_P(TrustTokenMetadataTest, TooManyRequests) {
661  if (!method()->has_private_metadata && private_metadata()) {
662  return;
663  }
664 
665  issuer_max_batchsize = 1;
666  ASSERT_NO_FATAL_FAILURE(SetupContexts());
667 
668  uint8_t *issue_msg = NULL, *issue_resp = NULL;
669  size_t msg_len, resp_len;
670  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
671  &msg_len, 10));
672  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
673  size_t tokens_issued;
674  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
675  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
676  public_metadata(), private_metadata(), /*max_issuance=*/1));
677  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
678  ASSERT_EQ(tokens_issued, issuer_max_batchsize);
679  size_t key_index;
680  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
681  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
682  resp_len));
683  ASSERT_TRUE(tokens);
684  ASSERT_EQ(sk_TRUST_TOKEN_num(tokens.get()), 1UL);
685 }
686 
687 
688 TEST_P(TrustTokenMetadataTest, TruncatedProof) {
689  if (!method()->has_private_metadata && private_metadata()) {
690  return;
691  }
692 
693  ASSERT_NO_FATAL_FAILURE(SetupContexts());
694 
695  uint8_t *issue_msg = NULL, *issue_resp = NULL;
696  size_t msg_len, resp_len;
697  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
698  &msg_len, 10));
699  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
700  size_t tokens_issued;
701  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
702  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
703  public_metadata(), private_metadata(), /*max_issuance=*/1));
704  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
705 
706  CBS real_response;
707  CBS_init(&real_response, issue_resp, resp_len);
708  uint16_t count;
709  uint32_t parsed_public_metadata;
710  bssl::ScopedCBB bad_response;
711  ASSERT_TRUE(CBB_init(bad_response.get(), 0));
712  ASSERT_TRUE(CBS_get_u16(&real_response, &count));
713  ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
714  ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata));
715  ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata));
716 
717  const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
718  size_t token_length =
719  TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field));
720  if (method() == TRUST_TOKEN_experiment_v1()) {
721  token_length += 4;
722  }
723  if (method() == TRUST_TOKEN_experiment_v2_voprf()) {
724  token_length = 1 + 2 * BN_num_bytes(&group->field);
725  }
726  for (size_t i = 0; i < count; i++) {
727  ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response),
728  token_length));
729  ASSERT_TRUE(CBS_skip(&real_response, token_length));
730  }
731 
732  CBS tmp;
733  ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
734  CBB dleq;
735  ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq));
736  ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp) - 2));
737  ASSERT_TRUE(CBB_flush(bad_response.get()));
738 
739  uint8_t *bad_buf;
740  size_t bad_len;
741  ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
742  bssl::UniquePtr<uint8_t> free_bad(bad_buf);
743 
744  size_t key_index;
745  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
746  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf,
747  bad_len));
748  ASSERT_FALSE(tokens);
749 }
750 
751 TEST_P(TrustTokenMetadataTest, ExcessDataProof) {
752  if (!method()->has_private_metadata && private_metadata()) {
753  return;
754  }
755 
756  ASSERT_NO_FATAL_FAILURE(SetupContexts());
757 
758  uint8_t *issue_msg = NULL, *issue_resp = NULL;
759  size_t msg_len, resp_len;
760  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
761  &msg_len, 10));
762  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
763  size_t tokens_issued;
764  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
765  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
766  public_metadata(), private_metadata(), /*max_issuance=*/1));
767  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
768 
769  CBS real_response;
770  CBS_init(&real_response, issue_resp, resp_len);
771  uint16_t count;
772  uint32_t parsed_public_metadata;
773  bssl::ScopedCBB bad_response;
774  ASSERT_TRUE(CBB_init(bad_response.get(), 0));
775  ASSERT_TRUE(CBS_get_u16(&real_response, &count));
776  ASSERT_TRUE(CBB_add_u16(bad_response.get(), count));
777  ASSERT_TRUE(CBS_get_u32(&real_response, &parsed_public_metadata));
778  ASSERT_TRUE(CBB_add_u32(bad_response.get(), parsed_public_metadata));
779 
780  const EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1);
781  size_t token_length =
782  TRUST_TOKEN_NONCE_SIZE + 2 * (1 + 2 * BN_num_bytes(&group->field));
783  if (method() == TRUST_TOKEN_experiment_v1()) {
784  token_length += 4;
785  }
786  if (method() == TRUST_TOKEN_experiment_v2_voprf()) {
787  token_length = 1 + 2 * BN_num_bytes(&group->field);
788  }
789  for (size_t i = 0; i < count; i++) {
790  ASSERT_TRUE(CBB_add_bytes(bad_response.get(), CBS_data(&real_response),
791  token_length));
792  ASSERT_TRUE(CBS_skip(&real_response, token_length));
793  }
794 
795  CBS tmp;
796  ASSERT_TRUE(CBS_get_u16_length_prefixed(&real_response, &tmp));
797  CBB dleq;
798  ASSERT_TRUE(CBB_add_u16_length_prefixed(bad_response.get(), &dleq));
799  ASSERT_TRUE(CBB_add_bytes(&dleq, CBS_data(&tmp), CBS_len(&tmp)));
800  ASSERT_TRUE(CBB_add_u16(&dleq, 42));
801  ASSERT_TRUE(CBB_flush(bad_response.get()));
802 
803  uint8_t *bad_buf;
804  size_t bad_len;
805  ASSERT_TRUE(CBB_finish(bad_response.get(), &bad_buf, &bad_len));
806  bssl::UniquePtr<uint8_t> free_bad(bad_buf);
807 
808  size_t key_index;
809  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
810  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, bad_buf,
811  bad_len));
812  ASSERT_FALSE(tokens);
813 }
814 
815 INSTANTIATE_TEST_SUITE_P(
816  TrustTokenAllMetadataTest, TrustTokenMetadataTest,
817  testing::Combine(testing::ValuesIn(AllMethods()),
818  testing::Values(TrustTokenProtocolTest::KeyID(0),
819  TrustTokenProtocolTest::KeyID(1),
820  TrustTokenProtocolTest::KeyID(2)),
821  testing::Bool()));
822 
823 class TrustTokenBadKeyTest
824  : public TrustTokenProtocolTestBase,
825  public testing::WithParamInterface<
826  std::tuple<const TRUST_TOKEN_METHOD *, bool, int>> {
827  public:
828  TrustTokenBadKeyTest()
829  : TrustTokenProtocolTestBase(std::get<0>(GetParam())) {}
830 
831  bool private_metadata() { return std::get<1>(GetParam()); }
832  int corrupted_key() { return std::get<2>(GetParam()); }
833 };
834 
835 TEST_P(TrustTokenBadKeyTest, BadKey) {
836  // For versions without private metadata, only corruptions of 'xs' (the 4th
837  // entry in |scalars| below) result in a bad key, as the other scalars are
838  // unused internally.
839  if (!method()->has_private_metadata &&
840  (private_metadata() || corrupted_key() != 4)) {
841  return;
842  }
843 
844  ASSERT_NO_FATAL_FAILURE(SetupContexts());
845 
846  uint8_t *issue_msg = NULL, *issue_resp = NULL;
847  size_t msg_len, resp_len;
848  ASSERT_TRUE(TRUST_TOKEN_CLIENT_begin_issuance(client.get(), &issue_msg,
849  &msg_len, 10));
850  bssl::UniquePtr<uint8_t> free_issue_msg(issue_msg);
851 
852  struct trust_token_issuer_key_st *key = &issuer->keys[0];
853  EC_SCALAR *scalars[] = {&key->key.x0, &key->key.y0, &key->key.x1,
854  &key->key.y1, &key->key.xs, &key->key.ys};
855 
856  // Corrupt private key scalar.
857  scalars[corrupted_key()]->bytes[0] ^= 42;
858 
859  size_t tokens_issued;
860  ASSERT_TRUE(TRUST_TOKEN_ISSUER_issue(
861  issuer.get(), &issue_resp, &resp_len, &tokens_issued, issue_msg, msg_len,
862  /*public_metadata=*/7, private_metadata(), /*max_issuance=*/1));
863  bssl::UniquePtr<uint8_t> free_msg(issue_resp);
864  size_t key_index;
865  bssl::UniquePtr<STACK_OF(TRUST_TOKEN)> tokens(
866  TRUST_TOKEN_CLIENT_finish_issuance(client.get(), &key_index, issue_resp,
867  resp_len));
868 
869  // If the unused private key is corrupted, then the DLEQ proof should succeed.
870  if ((corrupted_key() / 2 == 0 && private_metadata() == true) ||
871  (corrupted_key() / 2 == 1 && private_metadata() == false)) {
872  ASSERT_TRUE(tokens);
873  } else {
874  ASSERT_FALSE(tokens);
875  }
876 }
877 
878 INSTANTIATE_TEST_SUITE_P(TrustTokenAllBadKeyTest, TrustTokenBadKeyTest,
879  testing::Combine(testing::ValuesIn(AllMethods()),
880  testing::Bool(),
881  testing::Values(0, 1, 2, 3, 4, 5)));
882 
883 } // namespace
884 BSSL_NAMESPACE_END
ec_hash_to_curve_p384_xmd_sha512_sswu_draft07
#define ec_hash_to_curve_p384_xmd_sha512_sswu_draft07
Definition: boringssl_prefix_symbols.h:3108
_gevent_test_main.result
result
Definition: _gevent_test_main.py:96
EC_SCALAR::bytes
uint8_t bytes[EC_MAX_BYTES]
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h:105
TRUST_TOKEN_ISSUER_redeem
#define TRUST_TOKEN_ISSUER_redeem
Definition: boringssl_prefix_symbols.h:2192
EC_POINT_new
#define EC_POINT_new
Definition: boringssl_prefix_symbols.h:1384
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
TRUST_TOKEN_NONCE_SIZE
#define TRUST_TOKEN_NONCE_SIZE
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:46
public_key
Definition: hrss.c:1881
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
RAND_bytes
#define RAND_bytes
Definition: boringssl_prefix_symbols.h:2060
internal.h
CBS_get_u16
#define CBS_get_u16
Definition: boringssl_prefix_symbols.h:1073
Bytes
Definition: boringssl-with-bazel/src/crypto/test/test_util.h:38
cbs_st
Definition: bytestring.h:39
testing::WithParamInterface
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:1848
get
absl::string_view get(const Cont &c)
Definition: abseil-cpp/absl/strings/str_replace_test.cc:185
pmbtoken_exp1_get_h_for_testing
#define pmbtoken_exp1_get_h_for_testing
Definition: boringssl_prefix_symbols.h:3332
EC_POINT_point2oct
#define EC_POINT_point2oct
Definition: boringssl_prefix_symbols.h:1387
CBS_skip
#define CBS_skip
Definition: boringssl_prefix_symbols.h:1092
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::client
bssl::UniquePtr< TRUST_TOKEN_CLIENT > client
Definition: trust_token_test.cc:188
TRUST_TOKEN_decode_private_metadata
#define TRUST_TOKEN_decode_private_metadata
Definition: boringssl_prefix_symbols.h:2197
evp.h
CBS_data
#define CBS_data
Definition: boringssl_prefix_symbols.h:1057
TRUST_TOKEN_CLIENT_add_key
#define TRUST_TOKEN_CLIENT_add_key
Definition: boringssl_prefix_symbols.h:2180
EVP_EncodedLength
#define EVP_EncodedLength
Definition: boringssl_prefix_symbols.h:1527
BSSL_NAMESPACE_BEGIN::TrustTokenMetadataTest::public_metadata
int public_metadata()
Definition: trust_token_test.cc:472
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
BSSL_NAMESPACE_BEGIN::TrustTokenBadKeyTest::corrupted_key
int corrupted_key()
Definition: trust_token_test.cc:832
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::KeyID
static uint32_t KeyID(size_t i)
Definition: trust_token_test.cc:141
client
Definition: examples/python/async_streaming/client.py:1
TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE
#define TRUST_TOKEN_MAX_PUBLIC_KEY_SIZE
Definition: trust_token.h:69
ED25519_keypair
#define ED25519_keypair
Definition: boringssl_prefix_symbols.h:1395
string.h
CBS_get_u32
#define CBS_get_u32
Definition: boringssl_prefix_symbols.h:1078
TRUST_TOKEN_CLIENT_begin_redemption
#define TRUST_TOKEN_CLIENT_begin_redemption
Definition: boringssl_prefix_symbols.h:2182
CBB_add_u16_length_prefixed
#define CBB_add_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1028
benchmark.request
request
Definition: benchmark.py:77
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::issuer
bssl::UniquePtr< TRUST_TOKEN_ISSUER > issuer
Definition: trust_token_test.cc:189
TRUST_TOKEN_CLIENT_new
#define TRUST_TOKEN_CLIENT_new
Definition: boringssl_prefix_symbols.h:2186
TRUST_TOKEN_ISSUER_set_metadata_key
#define TRUST_TOKEN_ISSUER_set_metadata_key
Definition: boringssl_prefix_symbols.h:2194
BSSL_NAMESPACE_BEGIN::TrustTokenBadKeyTest::TrustTokenBadKeyTest
TrustTokenBadKeyTest()
Definition: trust_token_test.cc:828
TRUST_TOKEN_ISSUER_new
#define TRUST_TOKEN_ISSUER_new
Definition: boringssl_prefix_symbols.h:2191
EVP_PKEY_new_raw_public_key
#define EVP_PKEY_new_raw_public_key
Definition: boringssl_prefix_symbols.h:1645
CBS_len
#define CBS_len
Definition: boringssl_prefix_symbols.h:1089
u
OPENSSL_EXPORT pem_password_cb void * u
Definition: pem.h:351
BSSL_NAMESPACE_BEGIN::TEST_P
TEST_P(TrustTokenBadKeyTest, BadKey)
Definition: trust_token_test.cc:835
TRUST_TOKEN_ISSUER_set_srr_key
#define TRUST_TOKEN_ISSUER_set_srr_key
Definition: boringssl_prefix_symbols.h:2195
EC_GROUP_new_by_curve_name
#define EC_GROUP_new_by_curve_name
Definition: boringssl_prefix_symbols.h:1331
EVP_DecodeBlock
#define EVP_DecodeBlock
Definition: boringssl_prefix_symbols.h:1496
ASSERT_LE
#define ASSERT_LE(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2064
BN_num_bytes
#define BN_num_bytes
Definition: boringssl_prefix_symbols.h:976
CBS_init
#define CBS_init
Definition: boringssl_prefix_symbols.h:1085
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
TRUST_TOKEN_ISSUER_add_key
#define TRUST_TOKEN_ISSUER_add_key
Definition: boringssl_prefix_symbols.h:2188
OPENSSL_memset
static void * OPENSSL_memset(void *dst, int c, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:835
testing::Test
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:402
EVP_PKEY_ED25519
#define EVP_PKEY_ED25519
Definition: evp.h:179
EXPECT_EQ
#define EXPECT_EQ(a, b)
Definition: iomgr/time_averaged_stats_test.cc:27
uint32_t
unsigned int uint32_t
Definition: stdint-msvc2008.h:80
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTest
Definition: trust_token_test.cc:193
OPENSSL_malloc
#define OPENSSL_malloc
Definition: boringssl_prefix_symbols.h:1885
bytestring.h
CBB_add_u16
#define CBB_add_u16
Definition: boringssl_prefix_symbols.h:1027
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::method
const TRUST_TOKEN_METHOD * method()
Definition: trust_token_test.cc:146
ASSERT_LT
#define ASSERT_LT(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2068
EC_MAX_BYTES
#define EC_MAX_BYTES
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h:91
trust_token.h
STACK_OF
#define STACK_OF(type)
Definition: stack.h:125
TRUST_TOKEN_experiment_v1
#define TRUST_TOKEN_experiment_v1
Definition: boringssl_prefix_symbols.h:2198
TRUST_TOKEN_ISSUER_redeem_raw
#define TRUST_TOKEN_ISSUER_redeem_raw
Definition: boringssl_prefix_symbols.h:2193
BSSL_NAMESPACE_BEGIN::TrustTokenMetadataTest::private_metadata
bool private_metadata()
Definition: trust_token_test.cc:473
BSSL_NAMESPACE_BEGIN::AllMethods
static std::vector< const TRUST_TOKEN_METHOD * > AllMethods()
Definition: trust_token_test.cc:127
CBB_finish
#define CBB_finish
Definition: boringssl_prefix_symbols.h:1043
sha.h
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTest::TrustTokenProtocolTest
TrustTokenProtocolTest()
Definition: trust_token_test.cc:197
TRUST_TOKEN_ISSUER_issue
#define TRUST_TOKEN_ISSUER_issue
Definition: boringssl_prefix_symbols.h:2190
BSSL_NAMESPACE_END
#define BSSL_NAMESPACE_END
Definition: base.h:480
sha256_state_st::data
uint8_t data[SHA256_CBLOCK]
Definition: sha.h:192
trust_token_issuer_key_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:254
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::TrustTokenProtocolTestBase
TrustTokenProtocolTestBase(const TRUST_TOKEN_METHOD *method_arg)
Definition: trust_token_test.cc:137
CBB_add_u32
#define CBB_add_u32
Definition: boringssl_prefix_symbols.h:1032
response_len
OPENSSL_EXPORT size_t const uint8_t size_t response_len
Definition: trust_token.h:142
trust_token_st
Definition: trust_token.h:54
grpc_core::UniquePtr
std::unique_ptr< T, DefaultDeleteChar > UniquePtr
Definition: src/core/lib/gprpp/memory.h:43
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
sha256_state_st
Definition: sha.h:189
BSSL_NAMESPACE_BEGIN
Definition: trust_token_test.cc:45
ASSERT_NO_FATAL_FAILURE
#define ASSERT_NO_FATAL_FAILURE(statement)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2199
rand.h
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::method_
const TRUST_TOKEN_METHOD * method_
Definition: trust_token_test.cc:185
key
const char * key
Definition: hpack_parser_table.cc:164
testing::Values
internal::ValueArray< T... > Values(T... v)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest-param-test.h:335
upload.group
group
Definition: bloaty/third_party/googletest/googlemock/scripts/upload.py:397
TRUST_TOKEN_CLIENT_set_srr_key
#define TRUST_TOKEN_CLIENT_set_srr_key
Definition: boringssl_prefix_symbols.h:2187
EVP_PKEY_new_raw_private_key
#define EVP_PKEY_new_raw_private_key
Definition: boringssl_prefix_symbols.h:1644
count
int * count
Definition: bloaty/third_party/googletest/googlemock/test/gmock_stress_test.cc:96
POINT_CONVERSION_UNCOMPRESSED
@ POINT_CONVERSION_UNCOMPRESSED
Definition: ec.h:91
TRUST_TOKEN_generate_key
#define TRUST_TOKEN_generate_key
Definition: boringssl_prefix_symbols.h:2202
BSSL_NAMESPACE_BEGIN::TrustTokenMetadataTest::TrustTokenMetadataTest
TrustTokenMetadataTest()
Definition: trust_token_test.cc:469
TRUST_TOKEN_CLIENT_begin_issuance
#define TRUST_TOKEN_CLIENT_begin_issuance
Definition: boringssl_prefix_symbols.h:2181
SHA256_Init
#define SHA256_Init
Definition: boringssl_prefix_symbols.h:2156
pmbtoken_exp2_get_h_for_testing
#define pmbtoken_exp2_get_h_for_testing
Definition: boringssl_prefix_symbols.h:3340
BSSL_NAMESPACE_BEGIN::TEST
TEST(TrustTokenTest, HExp2)
Definition: trust_token_test.cc:106
testing::Combine
internal::CartesianProductHolder< Generator... > Combine(const Generator &... g)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest-param-test.h:410
private_key
Definition: hrss.c:1885
ec_group_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h:573
CBS_get_u16_length_prefixed
#define CBS_get_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1074
SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition: sha.h:155
asyncio_get_stats.response
response
Definition: asyncio_get_stats.py:28
std
Definition: grpcpp/impl/codegen/async_unary_call.h:407
BSSL_NAMESPACE_BEGIN::TrustTokenBadKeyTest
Definition: trust_token_test.cc:823
curve25519.h
ASSERT_TRUE
#define ASSERT_TRUE(condition)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:1973
ASSERT_FALSE
#define ASSERT_FALSE(condition)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:1976
BSSL_NAMESPACE_BEGIN::TrustTokenMetadataTest
Definition: trust_token_test.cc:464
TRUST_TOKEN_experiment_v2_voprf
#define TRUST_TOKEN_experiment_v2_voprf
Definition: boringssl_prefix_symbols.h:2200
BSSL_NAMESPACE_BEGIN::INSTANTIATE_TEST_SUITE_P
INSTANTIATE_TEST_SUITE_P(TrustTokenAllBadKeyTest, TrustTokenBadKeyTest, testing::Combine(testing::ValuesIn(AllMethods()), testing::Bool(), testing::Values(0, 1, 2, 3, 4, 5)))
EC_SCALAR
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h:103
mem.h
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase
Definition: trust_token_test.cc:135
testing::ValuesIn
internal::ParamGenerator< typename std::iterator_traits< ForwardIterator >::value_type > ValuesIn(ForwardIterator begin, ForwardIterator end)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest-param-test.h:297
autogen_x86imm.tmp
tmp
Definition: autogen_x86imm.py:12
NID_secp384r1
#define NID_secp384r1
Definition: nid.h:3168
TRUST_TOKEN_experiment_v2_pmb
#define TRUST_TOKEN_experiment_v2_pmb
Definition: boringssl_prefix_symbols.h:2199
method
NSString * method
Definition: ProtoMethod.h:28
BSSL_NAMESPACE_BEGIN::TrustTokenProtocolTestBase::SetupContexts
void SetupContexts()
Definition: trust_token_test.cc:149
testing::Bool
internal::ParamGenerator< bool > Bool()
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest-param-test.h:359
TRUST_TOKEN_CLIENT_finish_issuance
#define TRUST_TOKEN_CLIENT_finish_issuance
Definition: boringssl_prefix_symbols.h:2183
SHA256_Final
#define SHA256_Final
Definition: boringssl_prefix_symbols.h:2155
BSSL_NAMESPACE_BEGIN::TrustTokenBadKeyTest::private_metadata
bool private_metadata()
Definition: trust_token_test.cc:831
TRUST_TOKEN_CLIENT_finish_redemption
#define TRUST_TOKEN_CLIENT_finish_redemption
Definition: boringssl_prefix_symbols.h:2184
TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE
#define TRUST_TOKEN_MAX_PRIVATE_KEY_SIZE
Definition: trust_token.h:68
trust_token_method_st
Definition: third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h:176
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
ASSERT_EQ
#define ASSERT_EQ(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2056
cbb_st
Definition: bytestring.h:375
SHA256_Update
#define SHA256_Update
Definition: boringssl_prefix_symbols.h:2159

grpc
Author(s):
autogenerated on Fri May 16 2025 03:00:40