Refactoring tests in rsa_bssa_client_test in order to get the file ready to incorporate tests that deal with blind signatures with public metadata.
PiperOrigin-RevId: 525797523
diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
index 81986df..84a297f 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/client/anonymous_tokens_rsa_bssa_client_test.cc
@@ -22,6 +22,8 @@
#include "quiche/common/platform/api/quiche_test.h"
#include "quiche/common/test_tools/quiche_test_utils.h"
#include "absl/time/time.h"
+#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h"
+#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/shared/proto_utils.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/shared/status_utils.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/testing/utils.h"
@@ -35,45 +37,106 @@
using quiche::test::StatusIs;
-absl::StatusOr<std::pair<bssl::UniquePtr<RSA>, RSABlindSignaturePublicKey>>
+// Returns a fixed public private key pair by calling GetStrongRsaKeys4096().
+absl::StatusOr<std::pair<RSABlindSignaturePublicKey, RSAPrivateKey>>
CreateClientTestKey(absl::string_view use_case = "TEST_USE_CASE",
int key_version = 1,
MessageMaskType mask_type = AT_MESSAGE_MASK_CONCAT,
- int message_mask_size = 32) {
- ANON_TOKENS_ASSIGN_OR_RETURN(auto key, CreateTestKey());
- key.second.set_use_case(std::string(use_case));
- key.second.set_key_version(key_version);
- key.second.set_message_mask_type(mask_type);
- key.second.set_message_mask_size(message_mask_size);
+ int message_mask_size = 32,
+ bool enable_public_metadata = false) {
+ ANON_TOKENS_ASSIGN_OR_RETURN(auto key_pair, GetStrongRsaKeys4096());
+ RSABlindSignaturePublicKey public_key;
+ public_key.set_use_case(std::string(use_case));
+ public_key.set_key_version(key_version);
+ public_key.set_serialized_public_key(key_pair.first.SerializeAsString());
absl::Time start_time = absl::Now() - absl::Minutes(100);
- ANON_TOKENS_ASSIGN_OR_RETURN(*key.second.mutable_key_validity_start_time(),
+ ANON_TOKENS_ASSIGN_OR_RETURN(*public_key.mutable_key_validity_start_time(),
TimeToProto(start_time));
- return key;
+ public_key.set_sig_hash_type(AT_HASH_TYPE_SHA384);
+ public_key.set_mask_gen_function(AT_MGF_SHA384);
+ public_key.set_salt_length(kSaltLengthInBytes48);
+ public_key.set_key_size(kRsaModulusSizeInBytes512);
+ public_key.set_message_mask_type(mask_type);
+ public_key.set_message_mask_size(message_mask_size);
+ public_key.set_public_metadata_support(enable_public_metadata);
+
+ return std::make_pair(std::move(public_key), std::move(key_pair.second));
+}
+
+// Creates the input consisting on plaintext messages and public metadata that
+// can be passed to the AnonymousTokensRsaBssaClient.
+absl::StatusOr<std::vector<PlaintextMessageWithPublicMetadata>> CreateInput(
+ absl::Span<const std::string> messages,
+ absl::Span<const std::string> public_metadata = {}) {
+ // Check input parameter sizes.
+ if (!public_metadata.empty() && messages.size() != public_metadata.size()) {
+ return absl::InvalidArgumentError(
+ "Input vectors should be of the same size.");
+ }
+
+ std::vector<PlaintextMessageWithPublicMetadata> anonymmous_tokens_input_proto;
+ anonymmous_tokens_input_proto.reserve(messages.size());
+ for (int i = 0; i < messages.size(); ++i) {
+ PlaintextMessageWithPublicMetadata input_message_and_metadata;
+ input_message_and_metadata.set_plaintext_message(messages[i]);
+ if (!public_metadata.empty()) {
+ input_message_and_metadata.set_public_metadata(public_metadata[i]);
+ }
+ anonymmous_tokens_input_proto.push_back(input_message_and_metadata);
+ }
+ return anonymmous_tokens_input_proto;
+}
+
+// Creates the server response for anonymous tokens request by using
+// RsaBlindSigner.
+absl::StatusOr<AnonymousTokensSignResponse> CreateResponse(
+ const AnonymousTokensSignRequest& request, const RSAPrivateKey& private_key,
+ bool enable_public_metadata = false) {
+ AnonymousTokensSignResponse response;
+ for (const auto& request_token : request.blinded_tokens()) {
+ auto* response_token = response.add_anonymous_tokens();
+ response_token->set_use_case(request_token.use_case());
+ response_token->set_key_version(request_token.key_version());
+ response_token->set_public_metadata(request_token.public_metadata());
+ response_token->set_serialized_blinded_message(
+ request_token.serialized_token());
+ std::optional<std::string> public_metadata = std::nullopt;
+ if (enable_public_metadata) {
+ public_metadata = request_token.public_metadata();
+ }
+ ANON_TOKENS_ASSIGN_OR_RETURN(
+ std::unique_ptr<RsaBlindSigner> blind_signer,
+ RsaBlindSigner::New(private_key, public_metadata));
+ ANON_TOKENS_ASSIGN_OR_RETURN(
+ *response_token->mutable_serialized_token(),
+ blind_signer->Sign(request_token.serialized_token()));
+ }
+ return response;
}
TEST(CreateAnonymousTokensRsaBssaClientTest, Success) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto rsa_key, CreateClientTestKey());
- QUICHE_EXPECT_OK(AnonymousTokensRsaBssaClient::Create(rsa_key.second));
+ QUICHE_EXPECT_OK(AnonymousTokensRsaBssaClient::Create(rsa_key.first));
}
TEST(CreateAnonymousTokensRsaBssaClientTest, InvalidUseCase) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto rsa_key,
CreateClientTestKey("INVALID_USE_CASE"));
- EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.second),
+ EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.first),
StatusIs(absl::StatusCode::kInvalidArgument));
}
TEST(CreateAnonymousTokensRsaBssaClientTest, NotAUseCase) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto rsa_key,
CreateClientTestKey("NOT_A_USE_CASE"));
- EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.second),
+ EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.first),
StatusIs(absl::StatusCode::kInvalidArgument));
}
TEST(CreateAnonymousTokensRsaBssaClientTest, InvalidKeyVersion) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto rsa_key,
CreateClientTestKey("TEST_USE_CASE", 0));
- EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.second),
+ EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.first),
StatusIs(absl::StatusCode::kInvalidArgument));
}
@@ -81,7 +144,7 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto rsa_key,
CreateClientTestKey("TEST_USE_CASE", 0, AT_MESSAGE_MASK_TYPE_UNDEFINED));
- EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.second),
+ EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.first),
StatusIs(absl::StatusCode::kInvalidArgument));
}
@@ -89,71 +152,45 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto rsa_key,
CreateClientTestKey("TEST_USE_CASE", 0, AT_MESSAGE_MASK_CONCAT, 0));
- EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.second),
+ EXPECT_THAT(AnonymousTokensRsaBssaClient::Create(rsa_key.first),
StatusIs(absl::StatusCode::kInvalidArgument));
}
class AnonymousTokensRsaBssaClientTest : public testing::Test {
protected:
void SetUp() override {
- ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto key, CreateClientTestKey());
- rsa_key_ = std::move(key.first);
- public_key_ = std::move(key.second);
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto key_pair, CreateClientTestKey());
+ public_key_ = std::move(key_pair.first);
+ private_key_ = std::move(key_pair.second);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
client_, AnonymousTokensRsaBssaClient::Create(public_key_));
}
- absl::StatusOr<AnonymousTokensSignResponse> CreateResponse(
- const AnonymousTokensSignRequest& request) {
- AnonymousTokensSignResponse response;
- for (const auto& request_token : request.blinded_tokens()) {
- auto* response_token = response.add_anonymous_tokens();
- response_token->set_use_case(request_token.use_case());
- response_token->set_key_version(request_token.key_version());
- response_token->set_public_metadata(request_token.public_metadata());
- response_token->set_serialized_blinded_message(
- request_token.serialized_token());
- ANON_TOKENS_ASSIGN_OR_RETURN(
- *response_token->mutable_serialized_token(),
- TestSign(request_token.serialized_token(), rsa_key_.get()));
- }
- return response;
- }
-
- std::vector<PlaintextMessageWithPublicMetadata> CreateInput(
- const std::vector<std::string>& messages) {
- std::vector<PlaintextMessageWithPublicMetadata> output;
- output.reserve(messages.size());
- for (const std::string& message : messages) {
- PlaintextMessageWithPublicMetadata proto;
- proto.set_plaintext_message(message);
- output.push_back(proto);
- }
- return output;
- }
-
- bssl::UniquePtr<RSA> rsa_key_;
+ RSAPrivateKey private_key_;
RSABlindSignaturePublicKey public_key_;
std::unique_ptr<AnonymousTokensRsaBssaClient> client_;
};
TEST_F(AnonymousTokensRsaBssaClientTest, SuccessOneMessage) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput({"message"})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response,
- CreateResponse(request));
+ CreateResponse(request, private_key_));
QUICHE_EXPECT_OK(client_->ProcessResponse(response));
EXPECT_EQ(response.anonymous_tokens_size(), 1);
}
TEST_F(AnonymousTokensRsaBssaClientTest, SuccessMultipleMessages) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput(
- {"message1", "msg2", "anotherMessage", "one_more_message"})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message1", "msg2", "anotherMessage", "one_more_message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response,
- CreateResponse(request));
+ CreateResponse(request, private_key_));
EXPECT_EQ(response.anonymous_tokens_size(), 4);
QUICHE_EXPECT_OK(client_->ProcessResponse(response));
}
@@ -161,10 +198,12 @@
TEST_F(AnonymousTokensRsaBssaClientTest, EnsureRandomTokens) {
std::string message = "test_same_message";
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput({message, message})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({message, message}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response,
- CreateResponse(request));
+ CreateResponse(request, private_key_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::vector<RSABlindSignatureTokenWithInput> tokens,
client_->ProcessResponse(response));
@@ -177,7 +216,10 @@
}
TEST_F(AnonymousTokensRsaBssaClientTest, EmptyInput) {
- EXPECT_THAT(client_->CreateRequest(CreateInput({})),
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({}));
+ EXPECT_THAT(client_->CreateRequest(input_messages),
StatusIs(absl::StatusCode::kInvalidArgument));
}
@@ -190,7 +232,10 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<AnonymousTokensRsaBssaClient> client,
AnonymousTokensRsaBssaClient::Create(not_valid_key));
- EXPECT_THAT(client->CreateRequest(CreateInput({"message"})),
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ EXPECT_THAT(client->CreateRequest(input_messages),
StatusIs(absl::StatusCode::kFailedPrecondition));
}
@@ -202,13 +247,19 @@
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<AnonymousTokensRsaBssaClient> client,
AnonymousTokensRsaBssaClient::Create(expired_key));
- EXPECT_THAT(client->CreateRequest(CreateInput({"message"})),
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ EXPECT_THAT(client->CreateRequest(input_messages),
StatusIs(absl::StatusCode::kFailedPrecondition));
}
TEST_F(AnonymousTokensRsaBssaClientTest, CreateRequestTwice) {
- QUICHE_EXPECT_OK(client_->CreateRequest(CreateInput({"once"})));
- EXPECT_THAT(client_->CreateRequest(CreateInput({"twice"})),
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ QUICHE_EXPECT_OK(client_->CreateRequest(input_messages));
+ EXPECT_THAT(client_->CreateRequest(input_messages),
StatusIs(absl::StatusCode::kFailedPrecondition));
}
@@ -220,8 +271,10 @@
TEST_F(AnonymousTokensRsaBssaClientTest, ProcessEmptyResponse) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput({"message"})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
AnonymousTokensSignResponse response;
EXPECT_THAT(client_->ProcessResponse(response),
StatusIs(absl::StatusCode::kInvalidArgument));
@@ -229,10 +282,12 @@
TEST_F(AnonymousTokensRsaBssaClientTest, ProcessResponseWithBadUseCase) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput({"message"})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response,
- CreateResponse(request));
+ CreateResponse(request, private_key_));
response.mutable_anonymous_tokens(0)->set_use_case("TEST_USE_CASE_2");
EXPECT_THAT(client_->ProcessResponse(response),
StatusIs(absl::StatusCode::kInvalidArgument));
@@ -240,10 +295,12 @@
TEST_F(AnonymousTokensRsaBssaClientTest, ProcessResponseWithBadKeyVersion) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request,
- client_->CreateRequest(CreateInput({"message"})));
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request,
+ client_->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response,
- CreateResponse(request));
+ CreateResponse(request, private_key_));
response.mutable_anonymous_tokens(0)->set_key_version(2);
EXPECT_THAT(client_->ProcessResponse(response),
StatusIs(absl::StatusCode::kInvalidArgument));
@@ -251,18 +308,19 @@
TEST_F(AnonymousTokensRsaBssaClientTest, ProcessResponseFromDifferentClient) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
+ std::vector<PlaintextMessageWithPublicMetadata> input_messages,
+ CreateInput({"message"}));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<AnonymousTokensRsaBssaClient> client2,
AnonymousTokensRsaBssaClient::Create(public_key_));
- ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request1,
- client_->CreateRequest(CreateInput({"message"})));
- ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
- AnonymousTokensSignRequest request2,
- client2->CreateRequest(CreateInput({"message"})));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request1,
+ client_->CreateRequest(input_messages));
+ ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignRequest request2,
+ client2->CreateRequest(input_messages));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response1,
- CreateResponse(request1));
+ CreateResponse(request1, private_key_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(AnonymousTokensSignResponse response2,
- CreateResponse(request2));
+ CreateResponse(request2, private_key_));
EXPECT_THAT(client_->ProcessResponse(response2),
StatusIs(absl::StatusCode::kInvalidArgument));
EXPECT_THAT(client2->ProcessResponse(response1),