1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 /// Tpm2Commit unit tests.
17 /*! \file */
18 
19 #include <cstring>
20 
21 #include "gtest/gtest.h"
22 
23 #include "epid/common-testhelper/epid2params_wrapper-testhelper.h"
24 #include "epid/common-testhelper/epid_params-testhelper.h"
25 #include "epid/common-testhelper/errors-testhelper.h"
26 #include "epid/common-testhelper/prng-testhelper.h"
27 #include "epid/member/tpm2/unittests/tpm2-testhelper.h"
28 
29 extern "C" {
30 #include "epid/common/src/epid2params.h"
31 #include "epid/member/tpm2/commit.h"
32 #include "epid/member/tpm2/context.h"
33 #include "epid/member/tpm2/load_external.h"
34 #include "epid/member/tpm2/sign.h"
35 #include "epid/member/tpm2/src/state.h"
36 }
37 
38 namespace {
39 
TEST_F(EpidTpm2Test,CommitComputeKLESha256)40 TEST_F(EpidTpm2Test, CommitComputeKLESha256) {
41   // Testing step i and j of the "C.2.3 Tpm2Commit()"
42   Epid20Params params;
43   EcPointObj k(&params.G1), l(&params.G1), e(&params.G1);
44   EcPointObj p1(&params.G1, this->kP1Str);
45   FfElementObj y2(&params.fq, this->kY2Sha256Str);
46   uint16_t counter = 0;
47 
48   Prng my_prng;
49   Epid2ParamsObj epid2params;
50   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
51   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha256));
52   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
53 
54   EXPECT_EQ(kEpidNoErr,
55             Tpm2Commit(tpm, p1, this->kS2Sha256.data(), this->kS2Sha256.size(),
56                        y2, k, l, e, &counter));
57   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
58   EcPointObj p1_exp_r(&params.G1), p2_exp_r(&params.G1);
59   G1ElemStr p1_exp_r_str, p2_exp_r_str;
60   EcPointObj p2(&params.G1, this->kP2Sha256Str);
61   Prng the_same_prng;
62   FfElementObj r(&params.fp);
63   BigNumStr zero = {0};
64   FpElemStr r_str = {0};
65   THROW_ON_EPIDERR(
66       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
67   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
68   THROW_ON_EPIDERR(EcExp(params.G1, p1, (BigNumStr const*)&r_str, p1_exp_r));
69   THROW_ON_EPIDERR(
70       WriteEcPoint(params.G1, p1_exp_r, &p1_exp_r_str, sizeof(p1_exp_r_str)));
71   THROW_ON_EPIDERR(EcExp(params.G1, p2, (BigNumStr const*)&r_str, p2_exp_r));
72   THROW_ON_EPIDERR(
73       WriteEcPoint(params.G1, p2_exp_r, &p2_exp_r_str, sizeof(p2_exp_r_str)));
74 
75   G1ElemStr k_str, l_str, e_str;
76   THROW_ON_EPIDERR(WriteEcPoint(params.G1, k, &k_str, sizeof(k_str)));
77   THROW_ON_EPIDERR(WriteEcPoint(params.G1, l, &l_str, sizeof(l_str)));
78   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
79   EXPECT_EQ(this->kP2Sha256ExpF, k_str);
80   EXPECT_EQ(p2_exp_r_str, l_str);
81   EXPECT_EQ(p1_exp_r_str, e_str);
82 }
83 
TEST_F(EpidTpm2Test,CommitComputeKLESha384)84 TEST_F(EpidTpm2Test, CommitComputeKLESha384) {
85   // Testing step i and j of the "C.2.3 Tpm2Commit()"
86   Epid20Params params;
87   EcPointObj k(&params.G1), l(&params.G1), e(&params.G1);
88   EcPointObj p1(&params.G1, this->kP1Str);
89   FfElementObj y2(&params.fq, this->kY2Sha384Str);
90   uint16_t counter = 0;
91 
92   Prng my_prng;
93   Epid2ParamsObj epid2params;
94   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
95   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha384));
96   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
97 
98   EXPECT_EQ(kEpidNoErr,
99             Tpm2Commit(tpm, p1, this->kS2Sha384.data(), this->kS2Sha384.size(),
100                        y2, k, l, e, &counter));
101   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
102 
103   EcPointObj p1_exp_r(&params.G1), p2_exp_r(&params.G1);
104   G1ElemStr p1_exp_r_str, p2_exp_r_str;
105   EcPointObj p2(&params.G1, this->kP2Sha384Str);
106   Prng the_same_prng;
107   FfElementObj r(&params.fp);
108   BigNumStr zero = {0};
109   FpElemStr r_str = {0};
110   THROW_ON_EPIDERR(
111       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
112   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
113   THROW_ON_EPIDERR(EcExp(params.G1, p1, (BigNumStr const*)&r_str, p1_exp_r));
114   THROW_ON_EPIDERR(
115       WriteEcPoint(params.G1, p1_exp_r, &p1_exp_r_str, sizeof(p1_exp_r_str)));
116   THROW_ON_EPIDERR(EcExp(params.G1, p2, (BigNumStr const*)&r_str, p2_exp_r));
117   THROW_ON_EPIDERR(
118       WriteEcPoint(params.G1, p2_exp_r, &p2_exp_r_str, sizeof(p2_exp_r_str)));
119 
120   G1ElemStr k_str, l_str, e_str;
121   THROW_ON_EPIDERR(WriteEcPoint(params.G1, k, &k_str, sizeof(k_str)));
122   THROW_ON_EPIDERR(WriteEcPoint(params.G1, l, &l_str, sizeof(l_str)));
123   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
124   EXPECT_EQ(this->kP2Sha384ExpF, k_str);
125   EXPECT_EQ(p2_exp_r_str, l_str);
126   EXPECT_EQ(p1_exp_r_str, e_str);
127 }
128 
TEST_F(EpidTpm2Test,CommitComputeKLESha512)129 TEST_F(EpidTpm2Test, CommitComputeKLESha512) {
130   // Testing step i and j of the "C.2.3 Tpm2Commit()"
131   Epid20Params params;
132   EcPointObj k(&params.G1), l(&params.G1), e(&params.G1);
133   EcPointObj p1(&params.G1, this->kP1Str);
134   FfElementObj y2(&params.fq, this->kY2Sha512Str);
135   uint16_t counter = 0;
136 
137   Prng my_prng;
138   Epid2ParamsObj epid2params;
139   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
140   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha512));
141   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
142 
143   EXPECT_EQ(kEpidNoErr,
144             Tpm2Commit(tpm, p1, this->kS2Sha512.data(), this->kS2Sha512.size(),
145                        y2, k, l, e, &counter));
146   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
147 
148   EcPointObj p1_exp_r(&params.G1), p2_exp_r(&params.G1);
149   G1ElemStr p1_exp_r_str, p2_exp_r_str;
150   EcPointObj p2(&params.G1, this->kP2Sha512Str);
151   Prng the_same_prng;
152   FfElementObj r(&params.fp);
153   BigNumStr zero = {0};
154   FpElemStr r_str = {0};
155   THROW_ON_EPIDERR(
156       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
157   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
158   THROW_ON_EPIDERR(EcExp(params.G1, p1, (BigNumStr const*)&r_str, p1_exp_r));
159   THROW_ON_EPIDERR(
160       WriteEcPoint(params.G1, p1_exp_r, &p1_exp_r_str, sizeof(p1_exp_r_str)));
161   THROW_ON_EPIDERR(EcExp(params.G1, p2, (BigNumStr const*)&r_str, p2_exp_r));
162   THROW_ON_EPIDERR(
163       WriteEcPoint(params.G1, p2_exp_r, &p2_exp_r_str, sizeof(p2_exp_r_str)));
164 
165   G1ElemStr k_str, l_str, e_str;
166   THROW_ON_EPIDERR(WriteEcPoint(params.G1, k, &k_str, sizeof(k_str)));
167   THROW_ON_EPIDERR(WriteEcPoint(params.G1, l, &l_str, sizeof(l_str)));
168   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
169   EXPECT_EQ(this->kP2Sha512ExpF, k_str);
170   EXPECT_EQ(p2_exp_r_str, l_str);
171   EXPECT_EQ(p1_exp_r_str, e_str);
172 }
173 
TEST_F(EpidTpm2Test,CommitComputeKLESha512256)174 TEST_F(EpidTpm2Test, CommitComputeKLESha512256) {
175   // Testing step i and j of the "C.2.3 Tpm2Commit()"
176   Epid20Params params;
177   EcPointObj k(&params.G1), l(&params.G1), e(&params.G1);
178   EcPointObj p1(&params.G1, this->kP1Str);
179   FfElementObj y2(&params.fq, this->kY2Sha512256Str);
180   uint16_t counter = 0;
181 
182   Prng my_prng;
183   Epid2ParamsObj epid2params;
184   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
185   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha512_256));
186   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
187 
188   EXPECT_EQ(kEpidNoErr,
189             Tpm2Commit(tpm, p1, this->kS2Sha512256.data(),
190                        this->kS2Sha512256.size(), y2, k, l, e, &counter));
191   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
192 
193   EcPointObj p1_exp_r(&params.G1), p2_exp_r(&params.G1);
194   G1ElemStr p1_exp_r_str, p2_exp_r_str;
195   EcPointObj p2(&params.G1, this->kP2Sha512256Str);
196   Prng the_same_prng;
197   FfElementObj r(&params.fp);
198   BigNumStr zero = {0};
199   FpElemStr r_str = {0};
200   THROW_ON_EPIDERR(
201       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
202   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
203   THROW_ON_EPIDERR(EcExp(params.G1, p1, (BigNumStr const*)&r_str, p1_exp_r));
204   THROW_ON_EPIDERR(
205       WriteEcPoint(params.G1, p1_exp_r, &p1_exp_r_str, sizeof(p1_exp_r_str)));
206   THROW_ON_EPIDERR(EcExp(params.G1, p2, (BigNumStr const*)&r_str, p2_exp_r));
207   THROW_ON_EPIDERR(
208       WriteEcPoint(params.G1, p2_exp_r, &p2_exp_r_str, sizeof(p2_exp_r_str)));
209 
210   G1ElemStr k_str, l_str, e_str;
211   THROW_ON_EPIDERR(WriteEcPoint(params.G1, k, &k_str, sizeof(k_str)));
212   THROW_ON_EPIDERR(WriteEcPoint(params.G1, l, &l_str, sizeof(l_str)));
213   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
214   EXPECT_EQ(this->kP2Sha512256ExpF, k_str);
215   EXPECT_EQ(p2_exp_r_str, l_str);
216   EXPECT_EQ(p1_exp_r_str, e_str);
217 }
218 
TEST_F(EpidTpm2Test,CommitComputeEOnly)219 TEST_F(EpidTpm2Test, CommitComputeEOnly) {
220   // Testing step j excuding i of the "C.2.3 Tpm2Commit()"
221   Epid20Params params;
222   EcPointObj k(&params.G1), l(&params.G1), e(&params.G1);
223   EcPointObj p1(&params.G1, this->kP1Str);
224   FfElementObj y2(&params.fq, this->kY2Sha512Str);
225   uint16_t counter = 0;
226 
227   Prng my_prng;
228   Epid2ParamsObj epid2params;
229   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
230   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha512));
231   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
232 
233   EXPECT_EQ(kEpidNoErr,
234             Tpm2Commit(tpm, p1, nullptr, 0, nullptr, k, l, e, &counter));
235   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
236 
237   EcPointObj p1_exp_r(&params.G1);
238   G1ElemStr p1_exp_r_str;
239   Prng the_same_prng;
240   FfElementObj r(&params.fp);
241   BigNumStr zero = {0};
242   FpElemStr r_str = {0};
243   THROW_ON_EPIDERR(
244       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
245   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
246   THROW_ON_EPIDERR(EcExp(params.G1, p1, (BigNumStr const*)&r_str, p1_exp_r));
247   THROW_ON_EPIDERR(
248       WriteEcPoint(params.G1, p1_exp_r, &p1_exp_r_str, sizeof(p1_exp_r_str)));
249 
250   G1ElemStr e_str;
251   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
252   EXPECT_EQ(p1_exp_r_str, e_str);
253 }
254 
TEST_F(EpidTpm2Test,CommitComputeEOnlyWithDefaultP1)255 TEST_F(EpidTpm2Test, CommitComputeEOnlyWithDefaultP1) {
256   // Testing step k excuding i of the "C.2.3 Tpm2Commit()"
257   Epid20Params params;
258   EcPointObj e(&params.G1);
259   EcPointObj p1(&params.G1, this->kP1Str);
260   FfElementObj y2(&params.fq, this->kY2Sha512Str);
261   uint16_t counter = 0;
262 
263   Prng my_prng;
264   Epid2ParamsObj epid2params;
265   Tpm2CtxObj tpm(&Prng::Generate, &my_prng, &this->kMemberFValue, epid2params);
266   THROW_ON_EPIDERR(Tpm2SetHashAlg(tpm, kSha512));
267   THROW_ON_EPIDERR(Tpm2LoadExternal(tpm, &this->kMemberFValue));
268 
269   EXPECT_EQ(kEpidNoErr, Tpm2Commit(tpm, nullptr, nullptr, 0, nullptr, nullptr,
270                                    nullptr, e, &counter));
271   THROW_ON_EPIDERR(Tpm2ReleaseCounter(tpm, counter));
272 
273   EcPointObj g1(&params.G1, this->kg1Str);
274   EcPointObj g1_exp_r(&params.G1);
275   G1ElemStr g1_exp_r_str;
276   Prng the_same_prng;
277   FfElementObj r(&params.fp);
278   BigNumStr zero = {0};
279   FpElemStr r_str = {0};
280   THROW_ON_EPIDERR(
281       FfGetRandom(params.fp, &zero, &Prng::Generate, &the_same_prng, r));
282   THROW_ON_EPIDERR(WriteFfElement(params.fp, r, &r_str, sizeof(r_str)));
283   THROW_ON_EPIDERR(EcExp(params.G1, g1, (BigNumStr const*)&r_str, g1_exp_r));
284   THROW_ON_EPIDERR(
285       WriteEcPoint(params.G1, g1_exp_r, &g1_exp_r_str, sizeof(g1_exp_r_str)));
286 
287   G1ElemStr e_str;
288   THROW_ON_EPIDERR(WriteEcPoint(params.G1, e, &e_str, sizeof(e_str)));
289   EXPECT_EQ(g1_exp_r_str, e_str);
290 }
291 
292 }  // namespace
293