1 /*############################################################################ 2 # Copyright 2016-2017 Intel Corporation 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 ############################################################################*/ 16 17 /*! 18 * \file 19 * \brief NrVerify unit tests. 20 */ 21 22 #include "epid/common-testhelper/epid_gtest-testhelper.h" 23 #include "gtest/gtest.h" 24 25 extern "C" { 26 #include "epid/verifier/api.h" 27 } 28 29 #include "epid/common-testhelper/errors-testhelper.h" 30 #include "epid/common-testhelper/verifier_wrapper-testhelper.h" 31 #include "epid/verifier/unittests/verifier-testhelper.h" 32 33 namespace { 34 35 ///////////////////////////////////////////////////////////////////////// 36 // Simple Errors 37 38 TEST_F(EpidVerifierTest, NrVerifyFailsGivenNullParameters) { 39 VerifierCtxObj verifier(this->kGrp01Key); 40 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 41 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 42 SigRl const* sig_rl = 43 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 44 EXPECT_EQ(kEpidBadArgErr, 45 EpidNrVerify(nullptr, &epid_signature->sigma0, this->kTest0.data(), 46 this->kTest0.size(), &sig_rl->bk[0], 47 &epid_signature->sigma[0])); 48 49 EXPECT_EQ(kEpidBadArgErr, EpidNrVerify(verifier, nullptr, this->kTest0.data(), 50 this->kTest0.size(), &sig_rl->bk[0], 51 &epid_signature->sigma[0])); 52 53 EXPECT_EQ(kEpidBadArgErr, 54 EpidNrVerify(verifier, &epid_signature->sigma0, nullptr, 55 this->kTest0.size(), &sig_rl->bk[0], 56 &epid_signature->sigma[0])); 57 58 EXPECT_EQ( 59 kEpidBadArgErr, 60 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 61 this->kTest0.size(), nullptr, &epid_signature->sigma[0])); 62 63 EXPECT_EQ(kEpidBadArgErr, 64 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 65 this->kTest0.size(), &sig_rl->bk[0], nullptr)); 66 } 67 68 ///////////////////////////////////////////////////////////////////// 69 // Reject 70 71 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithTNotInG1) { 72 // * 4.2.2 step 1 - The verifier verifies that G1.inGroup(T) = true. 73 // result must be kEpidBadArgErr 74 VerifierCtxObj verifier(this->kGrp01Key); 75 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 76 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 77 SigRl const* sig_rl = 78 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 79 NrProof nr_proof = epid_signature->sigma[0]; 80 nr_proof.T.x.data.data[0]++; 81 EXPECT_EQ(kEpidBadArgErr, 82 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 83 this->kTest0.size(), &sig_rl->bk[0], &nr_proof)); 84 } 85 86 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithTIdentityOfG1) { 87 // * 4.2.2 step 2 - The verifier verifies that G1.isIdentity(T) = false. 88 // result must be kEpidBadArgErr 89 VerifierCtxObj verifier(this->kGrp01Key); 90 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 91 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 92 SigRl const* sig_rl = 93 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 94 NrProof nr_proof = epid_signature->sigma[0]; 95 nr_proof.T = this->kG1IdentityStr; 96 EXPECT_EQ(kEpidBadArgErr, 97 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 98 this->kTest0.size(), &sig_rl->bk[0], &nr_proof)); 99 } 100 101 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithCNotInRange) { 102 // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1]. 103 // result must be kEpidBadArgErr 104 VerifierCtxObj verifier(this->kGrp01Key); 105 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 106 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 107 SigRl const* sig_rl = 108 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 109 NrProof nr_proof = epid_signature->sigma[0]; 110 nr_proof.c.data = this->kParamsStr.p.data; 111 EXPECT_EQ(kEpidBadArgErr, 112 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 113 this->kTest0.size(), &sig_rl->bk[0], &nr_proof)); 114 } 115 116 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithSmuNotInRange) { 117 // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1]. 118 // result must be kEpidBadArgErr 119 VerifierCtxObj verifier(this->kGrp01Key); 120 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 121 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 122 SigRl const* sig_rl = 123 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 124 NrProof nr_proof = epid_signature->sigma[0]; 125 nr_proof.smu.data = this->kParamsStr.p.data; 126 EXPECT_EQ(kEpidBadArgErr, 127 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 128 this->kTest0.size(), &sig_rl->bk[0], &nr_proof)); 129 } 130 131 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithSnuNotInRange) { 132 // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1]. 133 // result must be kEpidBadArgErr 134 VerifierCtxObj verifier(this->kGrp01Key); 135 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 136 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 137 SigRl const* sig_rl = 138 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 139 NrProof nr_proof = epid_signature->sigma[0]; 140 nr_proof.snu.data = this->kParamsStr.p.data; 141 EXPECT_EQ(kEpidBadArgErr, 142 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 143 this->kTest0.size(), &sig_rl->bk[0], &nr_proof)); 144 } 145 146 // 4.2.2 step 4 - The verifier computes nc = (- c) mod p. 147 // This Step is not testable 148 149 // 4.2.2 step 5 - The verifier computes R1 = G1.multiExp(K, smu, B, snu). 150 // This Step is not testable 151 152 // 4.2.2 step 6 - The verifier computes R2 = G1.multiExp(K', smu, B', snu, 153 // T, nc). 154 // This Step is not testable 155 156 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithInvalidCommitment) { 157 // * 4.2.2 step 7 - The verifier verifies c = Fp.hash(p || g1 || B || K || 158 // B' || K' || T || R1 || R2 || m). 159 // Refer to Section 7.1 for hash operation over a 160 // prime field. 161 // result must be kEpidBadArgErr 162 VerifierCtxObj verifier(this->kGrp01Key); 163 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 164 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 165 SigRl const* sig_rl = 166 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 167 std::vector<uint8_t> test_msg = this->kTest0; 168 test_msg[0]++; 169 EXPECT_EQ( 170 kEpidBadArgErr, 171 EpidNrVerify(verifier, &epid_signature->sigma0, test_msg.data(), 172 test_msg.size(), &sig_rl->bk[0], &epid_signature->sigma[0])); 173 } 174 175 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithValidCommitmentDiffHashAlg) { 176 // * 4.2.2 step 7 - The verifier verifies c = Fp.hash(p || g1 || B || K || 177 // B' || K' || T || R1 || R2 || m). 178 // Refer to Section 7.1 for hash operation over a 179 // prime field. 180 // result must be kEpidBadArgErr 181 VerifierCtxObj verifier(this->kGrpXKey); 182 EpidSignature const* epid_signature_sha256 = 183 reinterpret_cast<EpidSignature const*>( 184 this->kSigGrpXMember0Sha256RandbaseMsg0.data()); 185 EpidSignature const* epid_signature_sha384 = 186 reinterpret_cast<EpidSignature const*>( 187 this->kSigGrpXMember0Sha384RandbaseMsg0.data()); 188 EpidSignature const* epid_signature_sha512 = 189 reinterpret_cast<EpidSignature const*>( 190 this->kSigGrpXMember0Sha512RandbaseMsg0.data()); 191 SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kGrpXSigRl.data()); 192 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384)); 193 EXPECT_EQ(kEpidBadArgErr, 194 EpidNrVerify(verifier, &epid_signature_sha256->sigma0, 195 this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0], 196 &epid_signature_sha256->sigma[0])); 197 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512)); 198 EXPECT_EQ(kEpidBadArgErr, 199 EpidNrVerify(verifier, &epid_signature_sha384->sigma0, 200 this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0], 201 &epid_signature_sha384->sigma[0])); 202 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256)); 203 EXPECT_EQ(kEpidBadArgErr, 204 EpidNrVerify(verifier, &epid_signature_sha512->sigma0, 205 this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0], 206 &epid_signature_sha512->sigma[0])); 207 } 208 209 ///////////////////////////////////////////////////////////////////// 210 // Accept 211 // 4.2.2 step 8 - If all the above verifications succeed, the verifier 212 // outputs true. If any of the above verifications fails, 213 // the verifier aborts and outputs false 214 215 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha256) { 216 VerifierCtxObj verifier(this->kGrp01Key); 217 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 218 this->kSigGrp01Member0Sha256RandombaseTest0.data()); 219 SigRl const* sig_rl = 220 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 221 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256)); 222 EXPECT_EQ(kEpidSigValid, 223 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 224 this->kTest0.size(), &sig_rl->bk[0], 225 &epid_signature->sigma[0])); 226 } 227 228 TEST_F(EpidVerifierTest, 229 NrVerifyAcceptsSigWithRandomBaseNameSha256UsingIkgfData) { 230 VerifierCtxObj verifier(this->kPubKeyIkgfStr); 231 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 232 this->kSigMember0Sha256RandombaseMsg0Ikgf.data()); 233 SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kSigRlIkgf.data()); 234 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256)); 235 EXPECT_EQ(kEpidSigValid, 236 EpidNrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 237 this->kMsg0.size(), &sig_rl->bk[2], 238 &epid_signature->sigma[2])); 239 } 240 241 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha384) { 242 VerifierCtxObj verifier(this->kGrp01Key); 243 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 244 this->kSigGrp01Member0Sha384RandombaseTest0.data()); 245 SigRl const* sig_rl = 246 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 247 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384)); 248 EXPECT_EQ(kEpidSigValid, 249 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 250 this->kTest0.size(), &sig_rl->bk[0], 251 &epid_signature->sigma[0])); 252 } 253 254 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha512) { 255 VerifierCtxObj verifier(this->kGrp01Key); 256 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 257 this->kSigGrp01Member0Sha512RandombaseTest0.data()); 258 SigRl const* sig_rl = 259 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 260 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512)); 261 EXPECT_EQ(kEpidSigValid, 262 EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(), 263 this->kTest0.size(), &sig_rl->bk[0], 264 &epid_signature->sigma[0])); 265 } 266 267 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha512256) { 268 VerifierCtxObj verifier(this->kGrpXKey); 269 EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>( 270 this->kSigGrpXMember0Sha512256RandombaseMsg0.data()); 271 SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kGrpXSigRl.data()); 272 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256)); 273 EXPECT_EQ(kEpidSigValid, 274 EpidNrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(), 275 this->kMsg0.size(), &sig_rl->bk[0], 276 &epid_signature->sigma[0])); 277 } 278 279 TEST_F(EpidVerifierTest, NrVerifyAcceptsMsgContainingAllPossibleBytes) { 280 VerifierCtxObj verifier(this->kPubKeySigRlVerify); 281 EpidSignature const* epid_signature = 282 (EpidSignature*)kSigGrp01Member0Sha512kBsn0Data_0_255.data(); 283 SigRl const* sig_rl = 284 reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data()); 285 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512)); 286 EXPECT_EQ(kEpidSigValid, 287 EpidNrVerify(verifier, &epid_signature->sigma0, 288 this->kData_0_255.data(), this->kData_0_255.size(), 289 &sig_rl->bk[0], &epid_signature->sigma[0])); 290 } 291 292 } // namespace 293