1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 
17 /*!
18 * \file
19 * \brief Epid11NrVerify unit tests.
20 */
21 
22 #include "epid/common-testhelper/epid_gtest-testhelper.h"
23 #include "gtest/gtest.h"
24 
25 extern "C" {
26 #include "epid/common/1.1/types.h"
27 #include "epid/verifier/1.1/api.h"
28 #include "epid/verifier/1.1/src/context.h"
29 }
30 
31 #include "epid/common-testhelper/1.1/verifier_wrapper-testhelper.h"
32 #include "epid/common-testhelper/errors-testhelper.h"
33 #include "epid/verifier/1.1/unittests/verifier-testhelper.h"
34 
35 namespace {
36 
37 /////////////////////////////////////////////////////////////////////////
38 // Simple Errors
39 
TEST_F(Epid11VerifierTest,NrVerifyFailsGivenNullParameters)40 TEST_F(Epid11VerifierTest, NrVerifyFailsGivenNullParameters) {
41   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
42   Epid11Signature const* epid_signature =
43       reinterpret_cast<Epid11Signature const*>(
44           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
45   Epid11SigRl const* sig_rl =
46       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
47   EXPECT_EQ(kEpidBadArgErr,
48             Epid11NrVerify(nullptr, &epid_signature->sigma0, this->kMsg0.data(),
49                            this->kMsg0.size(), &sig_rl->bk[0],
50                            &epid_signature->sigma[0]));
51 
52   EXPECT_EQ(
53       kEpidBadArgErr,
54       Epid11NrVerify(verifier, nullptr, this->kMsg0.data(), this->kMsg0.size(),
55                      &sig_rl->bk[0], &epid_signature->sigma[0]));
56 
57   EXPECT_EQ(kEpidBadArgErr,
58             Epid11NrVerify(verifier, &epid_signature->sigma0, nullptr,
59                            this->kMsg0.size(), &sig_rl->bk[0],
60                            &epid_signature->sigma[0]));
61 
62   EXPECT_EQ(
63       kEpidBadArgErr,
64       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
65                      this->kMsg0.size(), nullptr, &epid_signature->sigma[0]));
66 
67   EXPECT_EQ(
68       kEpidBadArgErr,
69       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
70                      this->kMsg0.size(), &sig_rl->bk[0], nullptr));
71 }
72 
73 /////////////////////////////////////////////////////////////////////
74 // Reject
TEST_F(Epid11VerifierTest,NrVerifyRejectsTotalMsgSizeOutOfRangeOfInt)75 TEST_F(Epid11VerifierTest, NrVerifyRejectsTotalMsgSizeOutOfRangeOfInt) {
76   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
77   Epid11Signature const* epid_signature =
78       reinterpret_cast<Epid11Signature const*>(
79           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
80   Epid11SigRl const* sig_rl =
81       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
82   // Since before hashing some other data will be concatenated to commit
83   // message, passing msg with size==UINT_MAX is causes out of range for
84   // this concatenated msg
85   Epid11NrProof nr_proof = epid_signature->sigma[0];
86   EXPECT_EQ(kEpidBadArgErr, Epid11NrVerify(verifier, &epid_signature->sigma0,
87                                            this->kMsg0.data(), 0xffffffff,
88                                            &sig_rl->bk[0], &nr_proof));
89 #if (SIZE_MAX >= 0x100000001)  // When size_t value allowed to be 0x100000001
90   EXPECT_EQ(kEpidBadArgErr, Epid11NrVerify(verifier, &epid_signature->sigma0,
91                                            this->kMsg0.data(), 0x100000001,
92                                            &sig_rl->bk[0], &nr_proof));
93 #endif
94 }
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithTNotInG3)95 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithTNotInG3) {
96   // 4.2.2 step 2 - The verifier verifies that G3.inGroup(T) = true.
97   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
98   Epid11Signature const* epid_signature =
99       reinterpret_cast<Epid11Signature const*>(
100           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
101   Epid11SigRl const* sig_rl =
102       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
103   Epid11NrProof nr_proof = epid_signature->sigma[0];
104   nr_proof.T.x.data.data[0]++;
105   EXPECT_EQ(
106       kEpidBadArgErr,
107       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
108                      this->kMsg0.size(), &sig_rl->bk[0], &nr_proof));
109 }
110 
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithTIdentityOfG3)111 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithTIdentityOfG3) {
112   // 4.2.2 step 3 - The verifier verifies that G3.isIdentity(T) = false.
113   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
114   Epid11Signature const* epid_signature =
115       reinterpret_cast<Epid11Signature const*>(
116           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
117   Epid11SigRl const* sig_rl =
118       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
119   Epid11NrProof nr_proof = epid_signature->sigma[0];
120   nr_proof.T = this->kG3IdentityStr;
121   EXPECT_EQ(
122       kEpidBadArgErr,
123       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
124                      this->kMsg0.size(), &sig_rl->bk[0], &nr_proof));
125 }
126 
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithSmuNotInRange)127 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithSmuNotInRange) {
128   // 4.2.2 step 4 - The verifier verifies that smu, snu in [0, p'-1].
129   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
130   Epid11Signature const* epid_signature =
131       reinterpret_cast<Epid11Signature const*>(
132           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
133   Epid11SigRl const* sig_rl =
134       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
135   Epid11NrProof nr_proof = epid_signature->sigma[0];
136   nr_proof.smu.data = this->kParamsStr.p.data;
137   EXPECT_EQ(
138       kEpidBadArgErr,
139       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
140                      this->kMsg0.size(), &sig_rl->bk[0], &nr_proof));
141 }
142 
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithSnuNotInRange)143 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithSnuNotInRange) {
144   // 4.2.2 step 4 - The verifier verifies that smu, snu in [0, p'-1].
145   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
146   Epid11Signature const* epid_signature =
147       reinterpret_cast<Epid11Signature const*>(
148           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
149   Epid11SigRl const* sig_rl =
150       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
151   Epid11NrProof nr_proof = epid_signature->sigma[0];
152   nr_proof.snu.data = this->kParamsStr.p.data;
153   EXPECT_EQ(
154       kEpidBadArgErr,
155       Epid11NrVerify(verifier, &epid_signature->sigma0, this->kMsg0.data(),
156                      this->kMsg0.size(), &sig_rl->bk[0], &nr_proof));
157 }
158 
159 //   4.2.2 step 5 - The verifier computes nc = (- c) mod p'.
160 // This Step is not testable
161 
162 //   4.2.2 step 6 - The verifier computes R1 = G3.multiExp(K, smu, B, snu).
163 // This Step is not testable
164 
165 //   4.2.2 step 7 - The verifier computes R2 = G3.multiExp(K', smu, B', snu,
166 //                  T, nc).
167 // This Step is not testable
168 
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithInvalidCommitment)169 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithInvalidCommitment) {
170   // 4.2.2 step 8 - The verifier verifies c = Hash(p' || g3 || B || K || B' ||
171   //                K' || T || R1 || R2 || mSize || m).
172   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
173   Epid11Signature const* epid_signature =
174       reinterpret_cast<Epid11Signature const*>(
175           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
176   Epid11SigRl const* sig_rl =
177       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
178   std::vector<uint8_t> test_msg = this->kMsg0;
179   test_msg[0]++;
180   EXPECT_EQ(kEpidBadArgErr,
181             Epid11NrVerify(verifier, &epid_signature->sigma0, test_msg.data(),
182                            test_msg.size(), &sig_rl->bk[0],
183                            &epid_signature->sigma[0]));
184 }
185 
TEST_F(Epid11VerifierTest,NrVerifyRejectsSigWithMismatchCommitmentSize)186 TEST_F(Epid11VerifierTest, NrVerifyRejectsSigWithMismatchCommitmentSize) {
187   // 4.2.2 step 8 - The verifier verifies c = Hash(p' || g3 || B || K || B' ||
188   //                K' || T || R1 || R2 || mSize || m).
189   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
190   Epid11Signature const* epid_signature =
191       reinterpret_cast<Epid11Signature const*>(
192           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
193   Epid11SigRl const* sig_rl =
194       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
195   std::vector<uint8_t> test_msg = this->kMsg0;
196   EXPECT_EQ(kEpidBadArgErr,
197             Epid11NrVerify(verifier, &epid_signature->sigma0, test_msg.data(),
198                            test_msg.size() - 1, &sig_rl->bk[0],
199                            &epid_signature->sigma[0]));
200 }
201 /////////////////////////////////////////////////////////////////////
202 // Accept
203 //   4.2.2 step 9 - If all the above verifications succeed, the verifier
204 //                  outputs true. If any of the above verifications fails,
205 //                  the verifier aborts and outputs false
206 
TEST_F(Epid11VerifierTest,NrVerifyAcceptsSigWithRandomBaseName)207 TEST_F(Epid11VerifierTest, NrVerifyAcceptsSigWithRandomBaseName) {
208   Epid11VerifierCtxObj verifier(this->kPubKeyStr);
209   Epid11Signature const* epid_signature =
210       reinterpret_cast<Epid11Signature const*>(
211           this->kSigGrpXMember0Sha256RandbaseMsg0N2One.data());
212   Epid11SigRl const* sig_rl =
213       reinterpret_cast<Epid11SigRl const*>(this->kSigRl.data());
214   EXPECT_EQ(kEpidSigValid,
215             Epid11NrVerify(verifier, &epid_signature->sigma0,
216                            this->kMsg0.data(), this->kMsg0.size(),
217                            &sig_rl->bk[0], &epid_signature->sigma[0]));
218 }
219 
TEST_F(Epid11VerifierTest,NrVerifyAcceptsMsgContainingAllPossibleBytes)220 TEST_F(Epid11VerifierTest, NrVerifyAcceptsMsgContainingAllPossibleBytes) {
221   Epid11VerifierCtxObj verifier(this->kPubKeyStrForMsg0_255);
222   Epid11Signature const* epid_signature =
223       (Epid11Signature*)kSigGrp01Member0Sha256kBsn0Data_0_255.data();
224   Epid11SigRl const* sig_rl =
225       reinterpret_cast<Epid11SigRl const*>(this->kSigRlForMsg0_255.data());
226   EXPECT_EQ(kEpidSigValid,
227             Epid11NrVerify(verifier, &epid_signature->sigma0,
228                            this->kData_0_255.data(), this->kData_0_255.size(),
229                            &sig_rl->bk[0], &epid_signature->sigma[0]));
230 }
231 
232 }  // namespace
233