Home | History | Annotate | Download | only in unittests 
      1 /*############################################################################
      2   # Copyright 2016-2017 Intel Corporation
      3   #
      4   # Licensed under the Apache License, Version 2.0 (the "License");
      5   # you may not use this file except in compliance with the License.
      6   # You may obtain a copy of the License at
      7   #
      8   #     http://www.apache.org/licenses/LICENSE-2.0
      9   #
     10   # Unless required by applicable law or agreed to in writing, software
     11   # distributed under the License is distributed on an "AS IS" BASIS,
     12   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13   # See the License for the specific language governing permissions and
     14   # limitations under the License.
     15   ############################################################################*/
     16 
     17 /*!
     18  * \file
     19  * \brief NrVerify unit tests.
     20  */
     21 
     22 #include "epid/common-testhelper/epid_gtest-testhelper.h"
     23 #include "gtest/gtest.h"
     24 
     25 extern "C" {
     26 #include "epid/verifier/api.h"
     27 }
     28 
     29 #include "epid/common-testhelper/errors-testhelper.h"
     30 #include "epid/common-testhelper/verifier_wrapper-testhelper.h"
     31 #include "epid/verifier/unittests/verifier-testhelper.h"
     32 
     33 namespace {
     34 
     35 /////////////////////////////////////////////////////////////////////////
     36 // Simple Errors
     37 
     38 TEST_F(EpidVerifierTest, NrVerifyFailsGivenNullParameters) {
     39   VerifierCtxObj verifier(this->kGrp01Key);
     40   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
     41       this->kSigGrp01Member0Sha256RandombaseTest0.data());
     42   SigRl const* sig_rl =
     43       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
     44   EXPECT_EQ(kEpidBadArgErr,
     45             EpidNrVerify(nullptr, &epid_signature->sigma0, this->kTest0.data(),
     46                          this->kTest0.size(), &sig_rl->bk[0],
     47                          &epid_signature->sigma[0]));
     48 
     49   EXPECT_EQ(kEpidBadArgErr, EpidNrVerify(verifier, nullptr, this->kTest0.data(),
     50                                          this->kTest0.size(), &sig_rl->bk[0],
     51                                          &epid_signature->sigma[0]));
     52 
     53   EXPECT_EQ(kEpidBadArgErr,
     54             EpidNrVerify(verifier, &epid_signature->sigma0, nullptr,
     55                          this->kTest0.size(), &sig_rl->bk[0],
     56                          &epid_signature->sigma[0]));
     57 
     58   EXPECT_EQ(
     59       kEpidBadArgErr,
     60       EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
     61                    this->kTest0.size(), nullptr, &epid_signature->sigma[0]));
     62 
     63   EXPECT_EQ(kEpidBadArgErr,
     64             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
     65                          this->kTest0.size(), &sig_rl->bk[0], nullptr));
     66 }
     67 
     68 /////////////////////////////////////////////////////////////////////
     69 // Reject
     70 
     71 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithTNotInG1) {
     72   // * 4.2.2 step 1 - The verifier verifies that G1.inGroup(T) = true.
     73   // result must be kEpidBadArgErr
     74   VerifierCtxObj verifier(this->kGrp01Key);
     75   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
     76       this->kSigGrp01Member0Sha256RandombaseTest0.data());
     77   SigRl const* sig_rl =
     78       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
     79   NrProof nr_proof = epid_signature->sigma[0];
     80   nr_proof.T.x.data.data[0]++;
     81   EXPECT_EQ(kEpidBadArgErr,
     82             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
     83                          this->kTest0.size(), &sig_rl->bk[0], &nr_proof));
     84 }
     85 
     86 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithTIdentityOfG1) {
     87   // * 4.2.2 step 2 - The verifier verifies that G1.isIdentity(T) = false.
     88   // result must be kEpidBadArgErr
     89   VerifierCtxObj verifier(this->kGrp01Key);
     90   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
     91       this->kSigGrp01Member0Sha256RandombaseTest0.data());
     92   SigRl const* sig_rl =
     93       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
     94   NrProof nr_proof = epid_signature->sigma[0];
     95   nr_proof.T = this->kG1IdentityStr;
     96   EXPECT_EQ(kEpidBadArgErr,
     97             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
     98                          this->kTest0.size(), &sig_rl->bk[0], &nr_proof));
     99 }
    100 
    101 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithCNotInRange) {
    102   // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1].
    103   // result must be kEpidBadArgErr
    104   VerifierCtxObj verifier(this->kGrp01Key);
    105   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    106       this->kSigGrp01Member0Sha256RandombaseTest0.data());
    107   SigRl const* sig_rl =
    108       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    109   NrProof nr_proof = epid_signature->sigma[0];
    110   nr_proof.c.data = this->kParamsStr.p.data;
    111   EXPECT_EQ(kEpidBadArgErr,
    112             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    113                          this->kTest0.size(), &sig_rl->bk[0], &nr_proof));
    114 }
    115 
    116 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithSmuNotInRange) {
    117   // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1].
    118   // result must be kEpidBadArgErr
    119   VerifierCtxObj verifier(this->kGrp01Key);
    120   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    121       this->kSigGrp01Member0Sha256RandombaseTest0.data());
    122   SigRl const* sig_rl =
    123       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    124   NrProof nr_proof = epid_signature->sigma[0];
    125   nr_proof.smu.data = this->kParamsStr.p.data;
    126   EXPECT_EQ(kEpidBadArgErr,
    127             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    128                          this->kTest0.size(), &sig_rl->bk[0], &nr_proof));
    129 }
    130 
    131 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithSnuNotInRange) {
    132   // * 4.2.2 step 3 - The verifier verifies that c, smu, snu in [0, p-1].
    133   // result must be kEpidBadArgErr
    134   VerifierCtxObj verifier(this->kGrp01Key);
    135   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    136       this->kSigGrp01Member0Sha256RandombaseTest0.data());
    137   SigRl const* sig_rl =
    138       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    139   NrProof nr_proof = epid_signature->sigma[0];
    140   nr_proof.snu.data = this->kParamsStr.p.data;
    141   EXPECT_EQ(kEpidBadArgErr,
    142             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    143                          this->kTest0.size(), &sig_rl->bk[0], &nr_proof));
    144 }
    145 
    146 //   4.2.2 step 4 - The verifier computes nc = (- c) mod p.
    147 // This Step is not testable
    148 
    149 //   4.2.2 step 5 - The verifier computes R1 = G1.multiExp(K, smu, B, snu).
    150 // This Step is not testable
    151 
    152 //   4.2.2 step 6 - The verifier computes R2 = G1.multiExp(K', smu, B', snu,
    153 //                  T, nc).
    154 // This Step is not testable
    155 
    156 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithInvalidCommitment) {
    157   // * 4.2.2 step 7 - The verifier verifies c = Fp.hash(p || g1 || B || K ||
    158   //                  B' || K' || T || R1 || R2 || m).
    159   //                  Refer to Section 7.1 for hash operation over a
    160   //                  prime field.
    161   // result must be kEpidBadArgErr
    162   VerifierCtxObj verifier(this->kGrp01Key);
    163   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    164       this->kSigGrp01Member0Sha256RandombaseTest0.data());
    165   SigRl const* sig_rl =
    166       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    167   std::vector<uint8_t> test_msg = this->kTest0;
    168   test_msg[0]++;
    169   EXPECT_EQ(
    170       kEpidBadArgErr,
    171       EpidNrVerify(verifier, &epid_signature->sigma0, test_msg.data(),
    172                    test_msg.size(), &sig_rl->bk[0], &epid_signature->sigma[0]));
    173 }
    174 
    175 TEST_F(EpidVerifierTest, NrVerifyRejectsSigWithValidCommitmentDiffHashAlg) {
    176   // * 4.2.2 step 7 - The verifier verifies c = Fp.hash(p || g1 || B || K ||
    177   //                  B' || K' || T || R1 || R2 || m).
    178   //                  Refer to Section 7.1 for hash operation over a
    179   //                  prime field.
    180   // result must be kEpidBadArgErr
    181   VerifierCtxObj verifier(this->kGrpXKey);
    182   EpidSignature const* epid_signature_sha256 =
    183       reinterpret_cast<EpidSignature const*>(
    184           this->kSigGrpXMember0Sha256RandbaseMsg0.data());
    185   EpidSignature const* epid_signature_sha384 =
    186       reinterpret_cast<EpidSignature const*>(
    187           this->kSigGrpXMember0Sha384RandbaseMsg0.data());
    188   EpidSignature const* epid_signature_sha512 =
    189       reinterpret_cast<EpidSignature const*>(
    190           this->kSigGrpXMember0Sha512RandbaseMsg0.data());
    191   SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kGrpXSigRl.data());
    192   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384));
    193   EXPECT_EQ(kEpidBadArgErr,
    194             EpidNrVerify(verifier, &epid_signature_sha256->sigma0,
    195                          this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0],
    196                          &epid_signature_sha256->sigma[0]));
    197   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
    198   EXPECT_EQ(kEpidBadArgErr,
    199             EpidNrVerify(verifier, &epid_signature_sha384->sigma0,
    200                          this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0],
    201                          &epid_signature_sha384->sigma[0]));
    202   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256));
    203   EXPECT_EQ(kEpidBadArgErr,
    204             EpidNrVerify(verifier, &epid_signature_sha512->sigma0,
    205                          this->kMsg0.data(), this->kMsg0.size(), &sig_rl->bk[0],
    206                          &epid_signature_sha512->sigma[0]));
    207 }
    208 
    209 /////////////////////////////////////////////////////////////////////
    210 // Accept
    211 //   4.2.2 step 8 - If all the above verifications succeed, the verifier
    212 //                  outputs true. If any of the above verifications fails,
    213 //                  the verifier aborts and outputs false
    214 
    215 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha256) {
    216   VerifierCtxObj verifier(this->kGrp01Key);
    217   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    218       this->kSigGrp01Member0Sha256RandombaseTest0.data());
    219   SigRl const* sig_rl =
    220       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    221   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
    222   EXPECT_EQ(kEpidSigValid,
    223             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    224                          this->kTest0.size(), &sig_rl->bk[0],
    225                          &epid_signature->sigma[0]));
    226 }
    227 
    228 TEST_F(EpidVerifierTest,
    229        NrVerifyAcceptsSigWithRandomBaseNameSha256UsingIkgfData) {
    230   VerifierCtxObj verifier(this->kPubKeyIkgfStr);
    231   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    232       this->kSigMember0Sha256RandombaseMsg0Ikgf.data());
    233   SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kSigRlIkgf.data());
    234   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
    235   EXPECT_EQ(kEpidSigValid,
    236             EpidNrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
    237                          this->kMsg0.size(), &sig_rl->bk[2],
    238                          &epid_signature->sigma[2]));
    239 }
    240 
    241 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha384) {
    242   VerifierCtxObj verifier(this->kGrp01Key);
    243   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    244       this->kSigGrp01Member0Sha384RandombaseTest0.data());
    245   SigRl const* sig_rl =
    246       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    247   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384));
    248   EXPECT_EQ(kEpidSigValid,
    249             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    250                          this->kTest0.size(), &sig_rl->bk[0],
    251                          &epid_signature->sigma[0]));
    252 }
    253 
    254 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha512) {
    255   VerifierCtxObj verifier(this->kGrp01Key);
    256   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    257       this->kSigGrp01Member0Sha512RandombaseTest0.data());
    258   SigRl const* sig_rl =
    259       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    260   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
    261   EXPECT_EQ(kEpidSigValid,
    262             EpidNrVerify(verifier, &epid_signature->sigma0, this->kTest0.data(),
    263                          this->kTest0.size(), &sig_rl->bk[0],
    264                          &epid_signature->sigma[0]));
    265 }
    266 
    267 TEST_F(EpidVerifierTest, NrVerifyAcceptsSigWithRandomBaseNameSha512256) {
    268   VerifierCtxObj verifier(this->kGrpXKey);
    269   EpidSignature const* epid_signature = reinterpret_cast<EpidSignature const*>(
    270       this->kSigGrpXMember0Sha512256RandombaseMsg0.data());
    271   SigRl const* sig_rl = reinterpret_cast<SigRl const*>(this->kGrpXSigRl.data());
    272   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256));
    273   EXPECT_EQ(kEpidSigValid,
    274             EpidNrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
    275                          this->kMsg0.size(), &sig_rl->bk[0],
    276                          &epid_signature->sigma[0]));
    277 }
    278 
    279 TEST_F(EpidVerifierTest, NrVerifyAcceptsMsgContainingAllPossibleBytes) {
    280   VerifierCtxObj verifier(this->kPubKeySigRlVerify);
    281   EpidSignature const* epid_signature =
    282       (EpidSignature*)kSigGrp01Member0Sha512kBsn0Data_0_255.data();
    283   SigRl const* sig_rl =
    284       reinterpret_cast<SigRl const*>(this->kGrp01SigRl.data());
    285   THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
    286   EXPECT_EQ(kEpidSigValid,
    287             EpidNrVerify(verifier, &epid_signature->sigma0,
    288                          this->kData_0_255.data(), this->kData_0_255.size(),
    289                          &sig_rl->bk[0], &epid_signature->sigma[0]));
    290 }
    291 
    292 }  // namespace
    293