1 /*############################################################################
2   # Copyright 2017 Intel Corporation
3   #
4   # Licensed under the Apache License, Version 2.0 (the "License");
5   # you may not use this file except in compliance with the License.
6   # You may obtain a copy of the License at
7   #
8   #     http://www.apache.org/licenses/LICENSE-2.0
9   #
10   # Unless required by applicable law or agreed to in writing, software
11   # distributed under the License is distributed on an "AS IS" BASIS,
12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   # See the License for the specific language governing permissions and
14   # limitations under the License.
15   ############################################################################*/
16 
17 /*!
18  * \file
19  * \brief Provision key unit tests.
20  */
21 #include <cstring>
22 #include <vector>
23 
24 #include "epid/common-testhelper/epid_gtest-testhelper.h"
25 #include "gtest/gtest.h"
26 
27 #include "epid/common-testhelper/errors-testhelper.h"
28 #include "epid/common-testhelper/mem_params-testhelper.h"
29 #include "epid/common-testhelper/prng-testhelper.h"
30 #include "epid/member/unittests/member-testhelper.h"
31 
32 extern "C" {
33 #include "epid/member/api.h"
34 #include "epid/member/src/context.h"
35 #include "epid/member/src/storage.h"
36 }
37 
38 namespace {
39 
ProvisionBulkAndStart(MemberCtx * ctx,GroupPubKey const * pub_key,PrivKey const * priv_key,MemberPrecomp const * precomp_str)40 EpidStatus ProvisionBulkAndStart(MemberCtx* ctx, GroupPubKey const* pub_key,
41                                  PrivKey const* priv_key,
42                                  MemberPrecomp const* precomp_str) {
43   EpidStatus sts;
44   sts = EpidProvisionKey(ctx, pub_key, priv_key, precomp_str);
45   if (sts != kEpidNoErr) {
46     return sts;
47   }
48   sts = EpidMemberStartup(ctx);
49   return sts;
50 }
51 
TEST_F(EpidMemberTest,ProvisionBulkFailsGivenNullParameters)52 TEST_F(EpidMemberTest, ProvisionBulkFailsGivenNullParameters) {
53   Prng prng;
54   GroupPubKey pub_key = this->kGroupPublicKey;
55   PrivKey priv_key = this->kMemberPrivateKey;
56   MemberPrecomp precomp = this->kMemberPrecomp;
57   MemberParams params = {0};
58   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
59   MemberCtxObj member(&params);
60   EXPECT_EQ(kEpidBadArgErr,
61             EpidProvisionKey(nullptr, &pub_key, &priv_key, &precomp));
62   EXPECT_EQ(kEpidBadArgErr,
63             EpidProvisionKey(member, nullptr, &priv_key, &precomp));
64   EXPECT_EQ(kEpidBadArgErr,
65             EpidProvisionKey(member, &pub_key, nullptr, &precomp));
66   EXPECT_EQ(kEpidBadArgErr,
67             EpidProvisionKey(nullptr, &pub_key, &priv_key, nullptr));
68   EXPECT_EQ(kEpidBadArgErr,
69             EpidProvisionKey(member, nullptr, &priv_key, nullptr));
70   EXPECT_EQ(kEpidBadArgErr,
71             EpidProvisionKey(member, &pub_key, nullptr, nullptr));
72 }
73 
TEST_F(EpidMemberTest,ProvisionBulkSucceedsGivenValidParameters)74 TEST_F(EpidMemberTest, ProvisionBulkSucceedsGivenValidParameters) {
75   Prng prng;
76   GroupPubKey pub_key = this->kGroupPublicKey;
77   PrivKey priv_key = this->kMemberPrivateKey;
78   MemberPrecomp precomp = this->kMemberPrecomp;
79   MemberParams params = {0};
80   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
81   MemberCtxObj member(&params);
82   EXPECT_EQ(kEpidNoErr,
83             EpidProvisionKey(member, &pub_key, &priv_key, &precomp));
84   EXPECT_EQ(kEpidNoErr, EpidProvisionKey(member, &pub_key, &priv_key, nullptr));
85 }
86 
87 // test that create succeeds with valid IKGF given parameters
TEST_F(EpidMemberTest,ProvisionBulkSucceedsGivenValidParametersUsingIKGFData)88 TEST_F(EpidMemberTest, ProvisionBulkSucceedsGivenValidParametersUsingIKGFData) {
89   Prng prng;
90   const GroupPubKey pub_key = {
91 #include "epid/common-testhelper/testdata/ikgf/groupa/pubkey.inc"
92   };
93   const PrivKey priv_key = {
94 #include "epid/common-testhelper/testdata/ikgf/groupa/member0/mprivkey.inc"
95   };
96 
97   const MemberPrecomp precomp = {
98 #include "epid/common-testhelper/testdata/ikgf/groupa/member0/mprecomp.inc"
99   };
100   MemberParams params = {0};
101   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
102   MemberCtxObj member(&params);
103   EXPECT_EQ(kEpidNoErr,
104             EpidProvisionKey(member, &pub_key, &priv_key, &precomp));
105   EXPECT_EQ(kEpidNoErr, EpidProvisionKey(member, &pub_key, &priv_key, nullptr));
106 }
107 
TEST_F(EpidMemberTest,ProvisionBulkFailsForInvalidGroupPubKey)108 TEST_F(EpidMemberTest, ProvisionBulkFailsForInvalidGroupPubKey) {
109   Prng prng;
110 
111   GroupPubKey pub_key = this->kGroupPublicKey;
112   PrivKey priv_key = this->kMemberPrivateKey;
113   MemberPrecomp precomp = this->kMemberPrecomp;
114   MemberParams params = {0};
115 
116   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
117   MemberCtxObj member(&params);
118 
119   pub_key = this->kGroupPublicKey;
120   pub_key.h1.x.data.data[0]++;
121   EXPECT_EQ(kEpidBadArgErr,
122             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
123   EXPECT_EQ(kEpidBadArgErr,
124             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
125 
126   pub_key = this->kGroupPublicKey;
127   pub_key.h1.y.data.data[0]++;
128   EXPECT_EQ(kEpidBadArgErr,
129             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
130   EXPECT_EQ(kEpidBadArgErr,
131             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
132 
133   pub_key = this->kGroupPublicKey;
134   pub_key.h2.x.data.data[0]++;
135   EXPECT_EQ(kEpidBadArgErr,
136             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
137   EXPECT_EQ(kEpidBadArgErr,
138             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
139 
140   pub_key = this->kGroupPublicKey;
141   pub_key.h2.y.data.data[0]++;
142   EXPECT_EQ(kEpidBadArgErr,
143             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
144   EXPECT_EQ(kEpidBadArgErr,
145             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
146 
147   pub_key = this->kGroupPublicKey;
148   pub_key.w.x[0].data.data[0]++;
149   EXPECT_EQ(kEpidBadArgErr,
150             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
151   EXPECT_EQ(kEpidBadArgErr,
152             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
153 
154   pub_key = this->kGroupPublicKey;
155   pub_key.w.x[1].data.data[0]++;
156   EXPECT_EQ(kEpidBadArgErr,
157             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
158   EXPECT_EQ(kEpidBadArgErr,
159             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
160 
161   pub_key = this->kGroupPublicKey;
162   pub_key.w.y[0].data.data[0]++;
163   EXPECT_EQ(kEpidBadArgErr,
164             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
165   EXPECT_EQ(kEpidBadArgErr,
166             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
167 
168   pub_key = this->kGroupPublicKey;
169   pub_key.w.y[1].data.data[0]++;
170   EXPECT_EQ(kEpidBadArgErr,
171             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
172   EXPECT_EQ(kEpidBadArgErr,
173             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
174 }
175 
TEST_F(EpidMemberTest,ProvisionBulkFailsForInvalidF)176 TEST_F(EpidMemberTest, ProvisionBulkFailsForInvalidF) {
177   Prng prng;
178   FpElemStr f = {
179       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
180       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
181       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
182   };
183   GroupPubKey pub_key = this->kGroupPublicKey;
184   PrivKey priv_key = this->kMemberPrivateKey;
185   MemberPrecomp precomp = this->kMemberPrecomp;
186   MemberParams params = {0};
187   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
188   MemberCtxObj member(&params);
189 
190   priv_key = this->kMemberPrivateKey;
191   priv_key.f = f;
192   EXPECT_EQ(kEpidBadArgErr,
193             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
194   EXPECT_EQ(kEpidBadArgErr,
195             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
196 }
197 
TEST_F(EpidMemberTest,ProvisionBulkFailsForInvalidPrivateKey)198 TEST_F(EpidMemberTest, ProvisionBulkFailsForInvalidPrivateKey) {
199   Prng prng;
200 
201   GroupPubKey pub_key = this->kGroupPublicKey;
202   PrivKey priv_key = this->kMemberPrivateKey;
203   MemberPrecomp precomp = this->kMemberPrecomp;
204   MemberParams params = {0};
205   SetMemberParams(&Prng::Generate, &prng, nullptr, &params);
206   MemberCtxObj member(&params);
207 
208   priv_key = this->kMemberPrivateKey;
209   priv_key.A.x.data.data[0]++;
210   EXPECT_EQ(kEpidBadArgErr,
211             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
212   EXPECT_EQ(kEpidBadArgErr,
213             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
214 
215   priv_key = this->kMemberPrivateKey;
216   priv_key.A.y.data.data[0]++;
217   EXPECT_EQ(kEpidBadArgErr,
218             ProvisionBulkAndStart(member, &pub_key, &priv_key, &precomp));
219   EXPECT_EQ(kEpidBadArgErr,
220             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
221 }
222 
TEST_F(EpidMemberTest,ProvisionBulkCanStoreMembershipCredential)223 TEST_F(EpidMemberTest, ProvisionBulkCanStoreMembershipCredential) {
224   Prng prng;
225   uint32_t nv_index = 0x01c10100;
226 
227   GroupPubKey pub_key = this->kGroupPublicKey;
228   PrivKey priv_key = this->kMemberPrivateKey;
229   MembershipCredential const orig_credential{priv_key.gid, priv_key.A,
230                                              priv_key.x};
231   MembershipCredential credential;
232   MemberParams params = {0};
233   SetMemberParams(&Prng::Generate, &prng, &priv_key.f, &params);
234   MemberCtxObj member(&params);
235   EXPECT_EQ(kEpidNoErr,
236             ProvisionBulkAndStart(member, &pub_key, &priv_key, nullptr));
237 
238   EXPECT_EQ(kEpidNoErr,
239             EpidNvReadMembershipCredential(((MemberCtx*)member)->tpm2_ctx,
240                                            nv_index, &pub_key, &credential));
241   EXPECT_EQ(orig_credential, credential);
242 }
243 
244 }  // namespace
245