1 /*############################################################################ 2 # Copyright 2016-2017 Intel Corporation 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 ############################################################################*/ 16 17 /*! 18 * \file 19 * \brief Epid11NrVerify unit tests. 20 */ 21 22 #include "epid/common-testhelper/epid_gtest-testhelper.h" 23 #include "gtest/gtest.h" 24 25 extern "C" { 26 #include "epid/common/1.1/types.h" 27 #include "epid/verifier/1.1/api.h" 28 #include "epid/verifier/1.1/src/context.h" 29 } 30 31 #include "epid/common-testhelper/1.1/verifier_wrapper-testhelper.h" 32 #include "epid/common-testhelper/errors-testhelper.h" 33 #include "epid/verifier/1.1/unittests/verifier-testhelper.h" 34 35 namespace { 36 37 ///////////////////////////////////////////////////////////////////////// 38 // Simple Errors 39 40 TEST_F(Epid11VerifierTest, NrVerifyFailsGivenNullParameters) { 41 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 42 Epid11Signature const* epid_signature = 43 reinterpret_cast<Epid11Signature const*>( 44 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 45 Epid11SigRl const* sig_rl = 46 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 47 EXPECT_EQ(kEpidBadArgErr, 48 Epid11NrVerify(nullptr, &epid_signature->sigma0, this->kMsg0.data(), 49 this->kMsg0.size(), &sig_rl->bk[0], 50 &epid_signature->sigma[0])); 51 52 EXPECT_EQ( 53 kEpidBadArgErr, 54 Epid11NrVerify(verifier, nullptr, this->kMsg0.data(), this->kMsg0.size(), 55 &sig_rl->bk[0], &epid_signature->sigma[0])); 56 57 EXPECT_EQ(kEpidBadArgErr, 58 Epid11NrVerify(verifier, &epid_signature->sigma0, nullptr, 59 this->kMsg0.size(), &sig_rl->bk[0], 60 &epid_signature->sigma[0])); 61 62 EXPECT_EQ( 63 kEpidBadArgErr, 64 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 65 this->kMsg0.size(), nullptr, &epid_signature->sigma[0])); 66 67 EXPECT_EQ( 68 kEpidBadArgErr, 69 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 70 this->kMsg0.size(), &sig_rl->bk[0], nullptr)); 71 } 72 73 ///////////////////////////////////////////////////////////////////// 74 // Reject 75 TEST_F(Epid11VerifierTest, NrVerifyRejectsTotalMsgSizeOutOfRangeOfInt) { 76 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 77 Epid11Signature const* epid_signature = 78 reinterpret_cast<Epid11Signature const*>( 79 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 80 Epid11SigRl const* sig_rl = 81 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 82 // Since before hashing some other data will be concatenated to commit 83 // message, passing msg with size==UINT_MAX is causes out of range for 84 // this concatenated msg 85 Epid11NrProof nr_proof = epid_signature->sigma[0]; 86 EXPECT_EQ(kEpidBadArgErr, Epid11NrVerify(verifier, &epid_signature->sigma0, 87 this->kMsg0.data(), 0xffffffff, 88 &sig_rl->bk[0], &nr_proof)); 89 #if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001 90 EXPECT_EQ(kEpidBadArgErr, Epid11NrVerify(verifier, &epid_signature->sigma0, 91 this->kMsg0.data(), 0x100000001, 92 &sig_rl->bk[0], &nr_proof)); 93 #endif 94 } 95 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithTNotInG3) { 96 // 4.2.2 step 2 - The verifier verifies that G3.inGroup(T) = true. 97 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 98 Epid11Signature const* epid_signature = 99 reinterpret_cast<Epid11Signature const*>( 100 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 101 Epid11SigRl const* sig_rl = 102 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 103 Epid11NrProof nr_proof = epid_signature->sigma[0]; 104 nr_proof.T.x.data.data[0]++; 105 EXPECT_EQ( 106 kEpidBadArgErr, 107 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 108 this->kMsg0.size(), &sig_rl->bk[0], &nr_proof)); 109 } 110 111 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithTIdentityOfG3) { 112 // 4.2.2 step 3 - The verifier verifies that G3.isIdentity(T) = false. 113 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 114 Epid11Signature const* epid_signature = 115 reinterpret_cast<Epid11Signature const*>( 116 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 117 Epid11SigRl const* sig_rl = 118 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 119 Epid11NrProof nr_proof = epid_signature->sigma[0]; 120 nr_proof.T = this->kG3IdentityStr; 121 EXPECT_EQ( 122 kEpidBadArgErr, 123 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 124 this->kMsg0.size(), &sig_rl->bk[0], &nr_proof)); 125 } 126 127 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithSmuNotInRange) { 128 // 4.2.2 step 4 - The verifier verifies that smu, snu in [0, p'-1]. 129 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 130 Epid11Signature const* epid_signature = 131 reinterpret_cast<Epid11Signature const*>( 132 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 133 Epid11SigRl const* sig_rl = 134 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 135 Epid11NrProof nr_proof = epid_signature->sigma[0]; 136 nr_proof.smu.data = this->kParamsStr.p.data; 137 EXPECT_EQ( 138 kEpidBadArgErr, 139 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 140 this->kMsg0.size(), &sig_rl->bk[0], &nr_proof)); 141 } 142 143 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithSnuNotInRange) { 144 // 4.2.2 step 4 - The verifier verifies that smu, snu in [0, p'-1]. 145 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 146 Epid11Signature const* epid_signature = 147 reinterpret_cast<Epid11Signature const*>( 148 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 149 Epid11SigRl const* sig_rl = 150 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 151 Epid11NrProof nr_proof = epid_signature->sigma[0]; 152 nr_proof.snu.data = this->kParamsStr.p.data; 153 EXPECT_EQ( 154 kEpidBadArgErr, 155 Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 156 this->kMsg0.size(), &sig_rl->bk[0], &nr_proof)); 157 } 158 159 // 4.2.2 step 5 - The verifier computes nc = (- c) mod p'. 160 // This Step is not testable 161 162 // 4.2.2 step 6 - The verifier computes R1 = G3.multiExp(K, smu, B, snu). 163 // This Step is not testable 164 165 // 4.2.2 step 7 - The verifier computes R2 = G3.multiExp(K', smu, B', snu, 166 // T, nc). 167 // This Step is not testable 168 169 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithInvalidCommitment) { 170 // 4.2.2 step 8 - The verifier verifies c = Hash(p' || g3 || B || K || B' || 171 // K' || T || R1 || R2 || mSize || m). 172 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 173 Epid11Signature const* epid_signature = 174 reinterpret_cast<Epid11Signature const*>( 175 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 176 Epid11SigRl const* sig_rl = 177 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 178 std::vector<uint8_t> test_msg = this->kMsg0; 179 test_msg[0]++; 180 EXPECT_EQ(kEpidBadArgErr, 181 Epid11NrVerify(verifier, &epid_signature->sigma0, test_msg.data(), 182 test_msg.size(), &sig_rl->bk[0], 183 &epid_signature->sigma[0])); 184 } 185 186 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithMismatchCommitmentSize) { 187 // 4.2.2 step 8 - The verifier verifies c = Hash(p' || g3 || B || K || B' || 188 // K' || T || R1 || R2 || mSize || m). 189 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 190 Epid11Signature const* epid_signature = 191 reinterpret_cast<Epid11Signature const*>( 192 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 193 Epid11SigRl const* sig_rl = 194 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 195 std::vector<uint8_t> test_msg = this->kMsg0; 196 EXPECT_EQ(kEpidBadArgErr, 197 Epid11NrVerify(verifier, &epid_signature->sigma0, test_msg.data(), 198 test_msg.size() - 1, &sig_rl->bk[0], 199 &epid_signature->sigma[0])); 200 } 201 ///////////////////////////////////////////////////////////////////// 202 // Accept 203 // 4.2.2 step 9 - If all the above verifications succeed, the verifier 204 // outputs true. If any of the above verifications fails, 205 // the verifier aborts and outputs false 206 207 TEST_F(Epid11VerifierTest, NrVerifyAcceptsSigWithRandomBaseName) { 208 Epid11VerifierCtxObj verifier(this->kPubKeyStr); 209 Epid11Signature const* epid_signature = 210 reinterpret_cast<Epid11Signature const*>( 211 this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data()); 212 Epid11SigRl const* sig_rl = 213 reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data()); 214 EXPECT_EQ(kEpidSigValid, 215 Epid11NrVerify(verifier, &epid_signature->sigma0, 216 this->kMsg0.data(), this->kMsg0.size(), 217 &sig_rl->bk[0], &epid_signature->sigma[0])); 218 } 219 220 TEST_F(Epid11VerifierTest, NrVerifyAcceptsMsgContainingAllPossibleBytes) { 221 Epid11VerifierCtxObj verifier(this->kPubKeyStrForMsg0_255); 222 Epid11Signature const* epid_signature = 223 (Epid11Signature*)kSigGrp01Member0Sha256kBsn0Data_0_255.data(); 224 Epid11SigRl const* sig_rl = 225 reinterpret_cast<Epid11SigRl const*>(this->kSigRlForMsg0_255.data()); 226 EXPECT_EQ(kEpidSigValid, 227 Epid11NrVerify(verifier, &epid_signature->sigma0, 228 this->kData_0_255.data(), this->kData_0_255.size(), 229 &sig_rl->bk[0], &epid_signature->sigma[0])); 230 } 231 232 } // namespace 233
