1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //    https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.h"
16 
17 #include <string>
18 #include <utility>
19 
20 #include <gmock/gmock.h>
21 #include <gtest/gtest.h>
22 #include "absl/status/status.h"
23 #include "absl/status/statusor.h"
24 #include "anonymous_tokens/cpp/crypto/constants.h"
25 #include "anonymous_tokens/cpp/crypto/crypto_utils.h"
26 #include "anonymous_tokens/cpp/testing/proto_utils.h"
27 #include "anonymous_tokens/cpp/testing/utils.h"
28 #include "anonymous_tokens/proto/anonymous_tokens.pb.h"
29 #include <openssl/base.h>
30 #include <openssl/bn.h>
31 #include <openssl/digest.h>
32 #include <openssl/rsa.h>
33 
34 namespace anonymous_tokens {
35 namespace {
36 
TEST(AnonymousTokensPbOpensslConvertersTests,GenerateMaskTestInvalidType)37 TEST(AnonymousTokensPbOpensslConvertersTests, GenerateMaskTestInvalidType) {
38   RSABlindSignaturePublicKey public_key;
39   public_key.set_message_mask_type(AT_MESSAGE_MASK_TYPE_UNDEFINED);
40   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32);
41   absl::StatusOr<std::string> mask_32_bytes = GenerateMask(public_key);
42   EXPECT_EQ(mask_32_bytes.status().code(), absl::StatusCode::kInvalidArgument);
43   EXPECT_THAT(mask_32_bytes.status().message(),
44               ::testing::HasSubstr("Unsupported message mask type"));
45 }
46 
TEST(AnonymousTokensPbOpensslConvertersTests,GenerateMaskTestInvalidLength)47 TEST(AnonymousTokensPbOpensslConvertersTests, GenerateMaskTestInvalidLength) {
48   RSABlindSignaturePublicKey public_key;
49   // Mask meant to be concatenated is less than 32 bytes.
50   public_key.set_message_mask_type(AT_MESSAGE_MASK_CONCAT);
51   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32 - 1);
52   absl::StatusOr<std::string> mask_32_bytes = GenerateMask(public_key);
53   // Mask type set to no mask but mask length requested is greater than 0.
54   public_key.set_message_mask_type(AT_MESSAGE_MASK_NO_MASK);
55   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32);
56   absl::StatusOr<std::string> mask_0_bytes = GenerateMask(public_key);
57 
58   EXPECT_EQ(mask_32_bytes.status().code(), absl::StatusCode::kInvalidArgument);
59   EXPECT_EQ(mask_0_bytes.status().code(), absl::StatusCode::kInvalidArgument);
60   EXPECT_THAT(mask_32_bytes.status().message(),
61               ::testing::HasSubstr("invalid message mask size"));
62   EXPECT_THAT(mask_0_bytes.status().message(),
63               ::testing::HasSubstr("invalid message mask size"));
64 }
65 
TEST(AnonymousTokensPbOpensslConvertersTests,GenerateMaskTestSuccess)66 TEST(AnonymousTokensPbOpensslConvertersTests, GenerateMaskTestSuccess) {
67   RSABlindSignaturePublicKey public_key;
68   public_key.set_message_mask_type(AT_MESSAGE_MASK_CONCAT);
69   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32);
70   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string mask_32_bytes,
71                                    GenerateMask(public_key));
72   // Longer mask.
73   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32 * 2);
74   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string mask_64_bytes,
75                                    GenerateMask(public_key));
76 
77   // No mask.
78   public_key.set_message_mask_type(AT_MESSAGE_MASK_NO_MASK);
79   public_key.set_message_mask_size(0);
80   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string mask_0_bytes,
81                                    GenerateMask(public_key));
82 
83   EXPECT_FALSE(mask_32_bytes.empty());
84   EXPECT_FALSE(mask_64_bytes.empty());
85   EXPECT_TRUE(mask_0_bytes.empty());
86   EXPECT_EQ(mask_32_bytes.size(), kRsaMessageMaskSizeInBytes32);
87   EXPECT_EQ(mask_64_bytes.size(), kRsaMessageMaskSizeInBytes32 * 2);
88   EXPECT_EQ(mask_0_bytes.size(), 0u);
89 }
90 
TEST(AnonymousTokensPbOpensslConvertersTests,HashTypeConverterTestInvalidType)91 TEST(AnonymousTokensPbOpensslConvertersTests,
92      HashTypeConverterTestInvalidType) {
93   absl::StatusOr<const EVP_MD *> evp =
94       ProtoHashTypeToEVPDigest(AT_HASH_TYPE_UNDEFINED);
95   EXPECT_EQ(evp.status().code(), absl::StatusCode::kInvalidArgument);
96   EXPECT_THAT(evp.status().message(),
97               ::testing::HasSubstr("Unknown hash type"));
98 }
99 
TEST(AnonymousTokensPbOpensslConvertersTests,HashTypeConverterTestSuccess)100 TEST(AnonymousTokensPbOpensslConvertersTests, HashTypeConverterTestSuccess) {
101   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
102       const EVP_MD *evp_256, ProtoHashTypeToEVPDigest(AT_HASH_TYPE_SHA256));
103   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
104       const EVP_MD *evp_384, ProtoHashTypeToEVPDigest(AT_HASH_TYPE_SHA384));
105   EXPECT_EQ(evp_256, EVP_sha256());
106   EXPECT_EQ(evp_384, EVP_sha384());
107 }
108 
TEST(AnonymousTokensPbOpensslConvertersStrongTests,MaskGenFunctionConverterStrongTestInvalidType)109 TEST(AnonymousTokensPbOpensslConvertersStrongTests,
110      MaskGenFunctionConverterStrongTestInvalidType) {
111   absl::StatusOr<const EVP_MD *> evp =
112       ProtoMaskGenFunctionToEVPDigest(AT_MGF_UNDEFINED);
113   EXPECT_EQ(evp.status().code(), absl::StatusCode::kInvalidArgument);
114   EXPECT_THAT(evp.status().message(),
115               ::testing::HasSubstr(
116                   "Unknown hash type for mask generation hash function"));
117 }
118 
TEST(AnonymousTokensPbOpensslConvertersTests,MaskGenFunctionConverterTestSuccess)119 TEST(AnonymousTokensPbOpensslConvertersTests,
120      MaskGenFunctionConverterTestSuccess) {
121   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
122       const EVP_MD *evp_256, ProtoMaskGenFunctionToEVPDigest(AT_MGF_SHA256));
123   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
124       const EVP_MD *evp_384, ProtoMaskGenFunctionToEVPDigest(AT_MGF_SHA384));
125   EXPECT_EQ(evp_256, EVP_sha256());
126   EXPECT_EQ(evp_384, EVP_sha384());
127 }
128 
129 using CreateTestKeyPairFunction =
130     absl::StatusOr<std::pair<RSAPublicKey, RSAPrivateKey>>();
131 
132 class AnonymousTokensRsaKeyPairConverterTest
133     : public testing::TestWithParam<CreateTestKeyPairFunction *> {
134  protected:
SetUp()135   void SetUp() override {
136     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, (*GetParam())());
137     public_key_ = std::move(keys_pair.first);
138     private_key_ = std::move(keys_pair.second);
139 
140     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_modulus_,
141                                      StringToBignum(private_key_.n()));
142     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_e_, StringToBignum(private_key_.e()));
143     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_d_, StringToBignum(private_key_.d()));
144     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_p_, StringToBignum(private_key_.p()));
145     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_q_, StringToBignum(private_key_.q()));
146     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_dp_,
147                                      StringToBignum(private_key_.dp()));
148     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_dq_,
149                                      StringToBignum(private_key_.dq()));
150     ANON_TOKENS_ASSERT_OK_AND_ASSIGN(rsa_crt_,
151                                      StringToBignum(private_key_.crt()));
152   }
153 
154   bssl::UniquePtr<BIGNUM> rsa_modulus_;
155   bssl::UniquePtr<BIGNUM> rsa_e_;
156   bssl::UniquePtr<BIGNUM> rsa_d_;
157   bssl::UniquePtr<BIGNUM> rsa_p_;
158   bssl::UniquePtr<BIGNUM> rsa_q_;
159   bssl::UniquePtr<BIGNUM> rsa_dp_;
160   bssl::UniquePtr<BIGNUM> rsa_dq_;
161   bssl::UniquePtr<BIGNUM> rsa_crt_;
162 
163   RSAPublicKey public_key_;
164   RSAPrivateKey private_key_;
165 };
166 
TEST_P(AnonymousTokensRsaKeyPairConverterTest,PublicKeyTest)167 TEST_P(AnonymousTokensRsaKeyPairConverterTest, PublicKeyTest) {
168   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
169       bssl::UniquePtr<RSA> rsa_public_key,
170       AnonymousTokensRSAPublicKeyToRSA(public_key_));
171 
172   EXPECT_EQ(BN_cmp(RSA_get0_n(rsa_public_key.get()), rsa_modulus_.get()), 0);
173   EXPECT_EQ(BN_cmp(RSA_get0_e(rsa_public_key.get()), rsa_e_.get()), 0);
174 }
175 
TEST_P(AnonymousTokensRsaKeyPairConverterTest,PrivateKeyTest)176 TEST_P(AnonymousTokensRsaKeyPairConverterTest, PrivateKeyTest) {
177   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
178       bssl::UniquePtr<RSA> rsa_private_key,
179       AnonymousTokensRSAPrivateKeyToRSA(private_key_));
180 
181   EXPECT_EQ(BN_cmp(RSA_get0_n(rsa_private_key.get()), rsa_modulus_.get()), 0);
182   EXPECT_EQ(BN_cmp(RSA_get0_e(rsa_private_key.get()), rsa_e_.get()), 0);
183   EXPECT_EQ(BN_cmp(RSA_get0_d(rsa_private_key.get()), rsa_d_.get()), 0);
184   EXPECT_EQ(BN_cmp(RSA_get0_p(rsa_private_key.get()), rsa_p_.get()), 0);
185   EXPECT_EQ(BN_cmp(RSA_get0_q(rsa_private_key.get()), rsa_q_.get()), 0);
186   EXPECT_EQ(BN_cmp(RSA_get0_dmp1(rsa_private_key.get()), rsa_dp_.get()), 0);
187   EXPECT_EQ(BN_cmp(RSA_get0_dmq1(rsa_private_key.get()), rsa_dq_.get()), 0);
188   EXPECT_EQ(BN_cmp(RSA_get0_iqmp(rsa_private_key.get()), rsa_crt_.get()), 0);
189 }
190 
191 INSTANTIATE_TEST_SUITE_P(AnonymousTokensRsaKeyPairConverterTest,
192                          AnonymousTokensRsaKeyPairConverterTest,
193                          testing::Values(&GetStrongRsaKeys2048,
194                                          &GetAnotherStrongRsaKeys2048,
195                                          &GetStrongRsaKeys3072,
196                                          &GetStrongRsaKeys4096));
197 
198 }  // namespace
199 }  // namespace anonymous_tokens
200