1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \file
19 * \brief Verify unit tests.
20 */
21
22 #include "epid/common-testhelper/epid_gtest-testhelper.h"
23 #include "gtest/gtest.h"
24
25 extern "C" {
26 #include "epid/common/src/endian_convert.h"
27 #include "epid/verifier/api.h"
28 }
29
30 #include "epid/common-testhelper/errors-testhelper.h"
31 #include "epid/common-testhelper/verifier_wrapper-testhelper.h"
32 #include "epid/verifier/unittests/verifier-testhelper.h"
33
34 namespace {
35
36 /////////////////////////////////////////////////////////////////////////
37 // Simple Errors
38
TEST_F(EpidVerifierTest,VerifyFailsGivenNullParameters)39 TEST_F(EpidVerifierTest, VerifyFailsGivenNullParameters) {
40 VerifierCtxObj verifier(this->kGrp01Key);
41 auto& sig = this->kSigGrp01Member0Sha512RandombaseTest0;
42 auto& msg = this->kTest0;
43
44 EXPECT_EQ(kEpidBadArgErr,
45 EpidVerify(nullptr, (EpidSignature const*)sig.data(), sig.size(),
46 msg.data(), msg.size()));
47 EXPECT_EQ(kEpidBadArgErr,
48 EpidVerify(verifier, nullptr, sig.size(), msg.data(), msg.size()));
49 EXPECT_EQ(kEpidBadArgErr,
50 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
51 nullptr, msg.size()));
52 }
53
TEST_F(EpidVerifierTest,VerifyFailsGivenTooShortSigLen)54 TEST_F(EpidVerifierTest, VerifyFailsGivenTooShortSigLen) {
55 VerifierCtxObj verifier(this->kGrp01Key);
56 auto& sig = this->kSigGrp01Member0Sha512RandombaseTest0;
57 auto& msg = this->kTest0;
58
59 EXPECT_EQ(kEpidBadArgErr,
60 EpidVerify(verifier, (EpidSignature const*)sig.data(), 0,
61 msg.data(), msg.size()));
62 EXPECT_EQ(kEpidBadArgErr,
63 EpidVerify(verifier, (EpidSignature const*)sig.data(),
64 sizeof(EpidSignature) - sizeof(NrProof) - 1, msg.data(),
65 msg.size()));
66 }
67
TEST_F(EpidVerifierTest,VerifyFailsGivenSigLenTooShortForRlCount)68 TEST_F(EpidVerifierTest, VerifyFailsGivenSigLenTooShortForRlCount) {
69 VerifierCtxObj verifier(this->kGrp01Key);
70 EpidVerifierSetSigRl(verifier, (SigRl const*)this->kGrp01SigRl.data(),
71 this->kGrp01SigRl.size());
72 auto sig = this->kSigGrp01Member0Sha512RandombaseTest0;
73 auto n2 = this->kGrp01SigRlN2;
74 sig.resize(sizeof(EpidSignature) +
75 (n2 - 2) * sizeof(((EpidSignature*)0)->sigma));
76 auto& msg = this->kTest0;
77
78 EXPECT_EQ(kEpidBadArgErr,
79 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
80 msg.data(), msg.size()));
81 }
82
TEST_F(EpidVerifierTest,VerifyFailsGivenSigLenTooLongForRlCount)83 TEST_F(EpidVerifierTest, VerifyFailsGivenSigLenTooLongForRlCount) {
84 VerifierCtxObj verifier(this->kGrp01Key);
85 EpidVerifierSetSigRl(verifier, (SigRl const*)this->kGrp01SigRl.data(),
86 this->kGrp01SigRl.size());
87 auto sig = this->kSigGrp01Member0Sha512RandombaseTest0;
88 auto n2 = this->kGrp01SigRlN2;
89 sig.resize(sizeof(EpidSignature) + n2 * sizeof(((EpidSignature*)0)->sigma));
90 auto& msg = this->kTest0;
91
92 EXPECT_EQ(kEpidBadArgErr,
93 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
94 msg.data(), msg.size()));
95 }
96
97 #if (SIZE_MAX <= 0xFFFFFFFF) // When size_t value is 32 bit or lower
TEST_F(EpidVerifierTest,VerifyFailsGivenRlCountTooBig)98 TEST_F(EpidVerifierTest, VerifyFailsGivenRlCountTooBig) {
99 VerifierCtxObj verifier(this->kGrp01Key);
100 EpidVerifierSetSigRl(verifier, (SigRl const*)this->kGrp01SigRl.data(),
101 this->kGrp01SigRl.size());
102 auto sig = this->kSigGrp01Member0Sha512RandombaseTest0;
103 uint32_t n2 = SIZE_MAX / sizeof(NrProof) + 1;
104 uint32_t n2_ = ntohl(n2);
105 EpidSignature* sig_struct = (EpidSignature*)sig.data();
106 sig_struct->n2 = *(OctStr32*)&n2_;
107 sig.resize(sizeof(EpidSignature) + (n2 - 1) * sizeof(NrProof));
108 auto& msg = this->kTest0;
109
110 EXPECT_EQ(kEpidBadArgErr,
111 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
112 msg.data(), msg.size()));
113 }
114 #endif
115
116 /////////////////////////////////////////////////////////////////////
117 //
118 // 4.1.2 step 1 - The verifier reads the pre-computed (e12, e22, e2w, eg12).
119 // Refer to Section 3.6 for the computation of these values.
120 // This Step is not testable
121
122 /////////////////////////////////////////////////////////////////////
123 // Non-Revocation List Reject
124 // 4.1.2 step 2 - The verifier verifies the basic signature Sigma0 as
125 // follows:
126
TEST_F(EpidVerifierTest,VerifyRejectsSigWithBNotInG1)127 TEST_F(EpidVerifierTest, VerifyRejectsSigWithBNotInG1) {
128 // * 4.1.2 step 2.a - The verifier verifies G1.inGroup(B) = true.
129 // result must be kEpidSigInvalid
130 VerifierCtxObj verifier(this->kGrp01Key);
131 auto& msg = this->kTest0;
132 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
133 EpidSignature sig = *(
134 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
135 sig.sigma0.B.x.data.data[31]++;
136 EXPECT_EQ(kEpidSigInvalid,
137 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
138 }
139
TEST_F(EpidVerifierTest,VerifyRejectsSigWithBIdentityOfG1)140 TEST_F(EpidVerifierTest, VerifyRejectsSigWithBIdentityOfG1) {
141 // * 4.1.2 step 2.b - The verifier verifies that G1.isIdentity(B) is false.
142 // result must be kEpidSigInvalid
143 VerifierCtxObj verifier(this->kGrp01Key);
144 auto& msg = this->kTest0;
145
146 EpidSignature sig = *(
147 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
148 sig.sigma0.B = this->kG1IdentityStr;
149 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
150 EXPECT_EQ(kEpidSigInvalid,
151 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
152 }
153
TEST_F(EpidVerifierTest,VerifyRejectsSigWithDiffBaseNameSameHashAlg)154 TEST_F(EpidVerifierTest, VerifyRejectsSigWithDiffBaseNameSameHashAlg) {
155 // * 4.1.2 step 2.c - If bsn is provided, the verifier verifies
156 // B = G1.hash(bsn).
157 // result must be kEpidSigInvalid
158 auto& pub_key = this->kGrpXKey;
159 auto& sig = this->kSigGrpXMember0Sha512Bsn0Msg0;
160 auto& msg = this->kMsg0;
161 auto& bsn = this->kBasename1;
162
163 VerifierCtxObj verifier(pub_key);
164
165 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
166 EXPECT_EQ(kEpidSigInvalid,
167 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
168 msg.data(), msg.size()));
169 }
170
TEST_F(EpidVerifierTest,VerifyRejectsSigWithSameBaseNameDiffHashAlg)171 TEST_F(EpidVerifierTest, VerifyRejectsSigWithSameBaseNameDiffHashAlg) {
172 // * 4.1.2 step 2.c - If bsn is provided, the verifier verifies
173 // B = G1.hash(bsn).
174 // result must be kEpidSigInvalid
175 auto& pub_key = this->kGrpXKey;
176 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
177 auto& msg = this->kMsg0;
178 auto& bsn = this->kBsn0;
179
180 VerifierCtxObj verifier(pub_key);
181 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
182 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
183 EXPECT_EQ(kEpidSigInvalid,
184 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
185 msg.data(), msg.size()));
186 }
187
TEST_F(EpidVerifierTest,VerifyRejectsSigWithDifferentHugeBaseName)188 TEST_F(EpidVerifierTest, VerifyRejectsSigWithDifferentHugeBaseName) {
189 // * 4.1.2 step 2.c - If bsn is provided, the verifier verifies
190 // B = G1.hash(bsn).
191 // result must be kEpidSigInvalid
192 auto& pub_key = this->kGrpXKey;
193 auto& sig = this->kSigGrpXMember0Sha512HugeBsnMsg0;
194 auto& msg = this->kMsg0;
195 std::vector<uint8_t> bsn(1024 * 1024);
196 uint8_t c = 0;
197 for (size_t i = 0; i < bsn.size(); ++i) {
198 // change middle kilobyte
199 if (i == 512 * 1024) c++;
200 if (i == 513 * 1024) c--;
201 bsn[i] = c++;
202 }
203
204 VerifierCtxObj verifier(pub_key);
205 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
206 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
207 EXPECT_EQ(kEpidSigInvalid,
208 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
209 msg.data(), msg.size()));
210 }
211
TEST_F(EpidVerifierTest,VerifyRejectsSigWithKNotInG1)212 TEST_F(EpidVerifierTest, VerifyRejectsSigWithKNotInG1) {
213 // * 4.1.2 step 2.d - The verifier verifies G1.inGroup(K) = true.
214 // result must be kEpidSigInvalid
215 VerifierCtxObj verifier(this->kGrp01Key);
216 auto& msg = this->kTest0;
217
218 EpidSignature sig = *(
219 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
220 sig.sigma0.K.x.data.data[31]++;
221 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
222 EXPECT_EQ(kEpidSigInvalid,
223 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
224 }
225
TEST_F(EpidVerifierTest,VerifyRejectsSigWithTNotInG1)226 TEST_F(EpidVerifierTest, VerifyRejectsSigWithTNotInG1) {
227 // * 4.1.2 step 2.e - The verifier verifies G1.inGroup(T) = true.
228 // result must be kEpidSigInvalid
229 VerifierCtxObj verifier(this->kGrp01Key);
230 auto& msg = this->kTest0;
231
232 EpidSignature sig = *(
233 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
234 sig.sigma0.T.x.data.data[31]++;
235 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
236 EXPECT_EQ(kEpidSigInvalid,
237 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
238 }
239
TEST_F(EpidVerifierTest,VerifyRejectsSigWithCNotInRange)240 TEST_F(EpidVerifierTest, VerifyRejectsSigWithCNotInRange) {
241 // * 4.1.2 step 2.f - The verifier verifies c, sx, sf, sa, sb in [0, p-1].
242 // result must be kEpidSigInvalid
243 VerifierCtxObj verifier(this->kGrp01Key);
244 auto& msg = this->kTest0;
245
246 EpidSignature sig = *(
247 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
248 sig.sigma0.c.data = this->kParamsStr.p.data;
249 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
250 EXPECT_EQ(kEpidSigInvalid,
251 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
252 }
253
TEST_F(EpidVerifierTest,VerifyRejectsSigWithSxNotInRange)254 TEST_F(EpidVerifierTest, VerifyRejectsSigWithSxNotInRange) {
255 // * 4.1.2 step 2.f - The verifier verifies c, sx, sf, sa, sb in [0, p-1].
256 // result must be kEpidSigInvalid
257 VerifierCtxObj verifier(this->kGrp01Key);
258 auto& msg = this->kTest0;
259
260 EpidSignature sig = *(
261 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
262 sig.sigma0.sx.data = this->kParamsStr.p.data;
263 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
264 EXPECT_EQ(kEpidSigInvalid,
265 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
266 }
267
TEST_F(EpidVerifierTest,VerifyRejectsSigWithSfNotInRange)268 TEST_F(EpidVerifierTest, VerifyRejectsSigWithSfNotInRange) {
269 // * 4.1.2 step 2.f - The verifier verifies c, sx, sf, sa, sb in [0, p-1].
270 // result must be kEpidSigInvalid
271 VerifierCtxObj verifier(this->kGrp01Key);
272 auto& msg = this->kTest0;
273
274 EpidSignature sig = *(
275 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
276 sig.sigma0.sf.data = this->kParamsStr.p.data;
277 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
278 EXPECT_EQ(kEpidSigInvalid,
279 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
280 }
281
TEST_F(EpidVerifierTest,VerifyRejectsSigWithSaNotInRange)282 TEST_F(EpidVerifierTest, VerifyRejectsSigWithSaNotInRange) {
283 // * 4.1.2 step 2.f - The verifier verifies c, sx, sf, sa, sb in [0, p-1].
284 // result must be kEpidSigInvalid
285 VerifierCtxObj verifier(this->kGrp01Key);
286 auto& msg = this->kTest0;
287
288 EpidSignature sig = *(
289 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
290 sig.sigma0.sa.data = this->kParamsStr.p.data;
291 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
292 EXPECT_EQ(kEpidSigInvalid,
293 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
294 }
295
TEST_F(EpidVerifierTest,VerifyRejectsSigWithSbNotInRange)296 TEST_F(EpidVerifierTest, VerifyRejectsSigWithSbNotInRange) {
297 // * 4.1.2 step 2.f - The verifier verifies c, sx, sf, sa, sb in [0, p-1].
298 // result must be kEpidSigInvalid
299 VerifierCtxObj verifier(this->kGrp01Key);
300 auto& msg = this->kTest0;
301
302 EpidSignature sig = *(
303 const EpidSignature*)(this->kSigGrp01Member0Sha512RandombaseTest0.data());
304 sig.sigma0.sb.data = this->kParamsStr.p.data;
305 size_t size = this->kSigGrp01Member0Sha512RandombaseTest0.size();
306 EXPECT_EQ(kEpidSigInvalid,
307 EpidVerify(verifier, &sig, size, msg.data(), msg.size()));
308 }
309
310 // 4.1.2 step 2.g - The verifier computes nc = (-c) mod p.
311 // This Step is not testable
312
313 // 4.1.2 step 2.h - The verifier computes nsx = (-sx) mod p.
314 // This Step is not testable
315
316 // 4.1.2 step 2.i - The verifier computes R1 = G1.multiExp(B, sf, K, nc).
317 // This Step is not testable
318
319 // 4.1.2 step 2.j - The verifier computes t1 = G2.multiExp(g2, nsx, w, nc).
320 // This Step is not testable
321
322 // 4.1.2 step 2.k - The verifier computes R2 = pairing(T, t1).
323 // This Step is not testable
324
325 // 4.1.2 step 2.l - The verifier compute t2 = GT.multiExp(e12, sf, e22, sb,
326 // e2w, sa, eg12, c).
327 // This Step is not testable
328
329 // 4.1.2 step 2.m - The verifier compute R2 = GT.mul(R2, t2).
330 // This Step is not testable
331
332 // 4.1.2 step 2.n - The verifier compute t3 = Fp.hash(p || g1 || g2 || h1
333 // || h2 || w || B || K || T || R1 || R2).
334 // Refer to Section 7.1 for hash operation over a prime
335 // field.
336 // This Step is not testable
337
TEST_F(EpidVerifierTest,VerifyRejectsSigDifferingOnlyInMsg)338 TEST_F(EpidVerifierTest, VerifyRejectsSigDifferingOnlyInMsg) {
339 // * 4.1.2 step 2.o - The verifier verifies c = Fp.hash(t3 || m).
340 // result must be kEpidSigInvalid
341 VerifierCtxObj verifier(this->kGrp01Key);
342 auto& sig = this->kSigGrp01Member0Sha512RandombaseTest0;
343
344 auto msg = this->kTest0;
345 msg[0]++;
346 EXPECT_EQ(kEpidSigInvalid,
347 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
348 msg.data(), msg.size()));
349 }
350
TEST_F(EpidVerifierTest,VerifyRejectsSigDifferingOnlyInBaseName)351 TEST_F(EpidVerifierTest, VerifyRejectsSigDifferingOnlyInBaseName) {
352 // * 4.1.2 step 2.o - The verifier verifies c = Fp.hash(t3 || m).
353 // result must be kEpidSigInvalid
354 VerifierCtxObj verifier(this->kGrpXKey);
355
356 // copy sig data to a local buffer
357 auto sig_data = this->kSigGrpXMember0Sha512Bsn0Msg0;
358 EpidSignature* sig = (EpidSignature*)sig_data.data();
359 // simulate change to basename
360 sig->sigma0.B.x.data.data[0] += 1;
361 auto msg = this->kMsg0;
362 auto bsn = this->kBsn0;
363 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
364 EXPECT_EQ(kEpidSigInvalid,
365 EpidVerify(verifier, sig, sig_data.size(), msg.data(), msg.size()));
366 }
367
TEST_F(EpidVerifierTest,VerifyRejectsSigDifferingOnlyInGroup)368 TEST_F(EpidVerifierTest, VerifyRejectsSigDifferingOnlyInGroup) {
369 // * 4.1.2 step 2.o - The verifier verifies c = Fp.hash(t3 || m).
370 // result must be kEpidSigInvalid
371 VerifierCtxObj verifier(this->kGrpXKey);
372
373 // copy sig data to a local buffer
374 auto sig_data = this->kSigGrpXMember0Sha512RandbaseMsg0;
375 EpidSignature* sig = (EpidSignature*)sig_data.data();
376 // simulate change to h1
377 sig->sigma0.T.x.data.data[0] += 1;
378 auto msg = this->kMsg0;
379 EXPECT_EQ(kEpidSigInvalid,
380 EpidVerify(verifier, sig, sig_data.size(), msg.data(), msg.size()));
381 }
382
TEST_F(EpidVerifierTest,VerifyRejectsSigDifferingOnlyInHashAlg)383 TEST_F(EpidVerifierTest, VerifyRejectsSigDifferingOnlyInHashAlg) {
384 // * 4.1.2 step 2.o - The verifier verifies c = Fp.hash(t3 || m).
385 // result must be kEpidSigInvalid
386 VerifierCtxObj verifier(this->kGrp01Key);
387 auto& msg = this->kTest0;
388 auto& sig = this->kSigGrp01Member0Sha256RandombaseTest0;
389
390 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
391 EXPECT_EQ(kEpidSigInvalid,
392 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
393 msg.data(), msg.size()));
394 }
395
396 // 4.1.2 step 2.p - If any of the above verifications fails, the verifier
397 // aborts and outputs 1.
398 // This Step is an aggregate of the above steps
399
400 /////////////////////////////////////////////////////////////////////
401 // Group Based Revocation List Reject
402 // 4.1.2 step 3 - If GroupRL is provided
403
TEST_F(EpidVerifierTest,VerifyRejectsFromGroupRlSingleEntry)404 TEST_F(EpidVerifierTest, VerifyRejectsFromGroupRlSingleEntry) {
405 // * 4.1.2 step 3.a - The verifier verifies that gid does not match any entry
406 // in GroupRL.
407 // result must be kEpidSigRevokedInGroupRl
408 auto& pub_key = this->kGrpXKey;
409 auto& msg = this->kMsg0;
410 auto& bsn = this->kBsn0;
411 auto& grp_rl = this->kGrpRlRevokedGrpXOnlyEntry;
412 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
413
414 VerifierCtxObj verifier(pub_key);
415 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
416 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
417 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
418 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
419
420 EXPECT_EQ(kEpidSigRevokedInGroupRl,
421 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
422 msg.data(), msg.size()));
423 }
424
TEST_F(EpidVerifierTest,VerifyRejectsFromGroupRlFirstEntry)425 TEST_F(EpidVerifierTest, VerifyRejectsFromGroupRlFirstEntry) {
426 // * 4.1.2 step 3.a - The verifier verifies that gid does not match any entry
427 // in GroupRL.
428 // result must be kEpidSigRevokedInGroupRl
429 auto& pub_key = this->kGrpXKey;
430 auto& msg = this->kMsg0;
431 auto& bsn = this->kBsn0;
432 auto& grp_rl = this->kGrpRlRevokedGrpXFirstEntry;
433 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
434
435 VerifierCtxObj verifier(pub_key);
436 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
437 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
438 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
439 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
440
441 EXPECT_EQ(kEpidSigRevokedInGroupRl,
442 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
443 msg.data(), msg.size()));
444 }
445
TEST_F(EpidVerifierTest,VerifyRejectsFromGroupRlFirstEntryUsingIkgfData)446 TEST_F(EpidVerifierTest, VerifyRejectsFromGroupRlFirstEntryUsingIkgfData) {
447 // result must be kEpidSigRevokedInGroupRl
448 auto& pub_key = this->kPubKeyRevGroupIkgfStr;
449 auto& msg = this->kMsg0;
450 auto& bsn = this->kBsn0;
451 auto& grp_rl = this->kGrpRlIkgf;
452 auto& sig = this->kRevGroupSigMember0Sha256Bsn0Msg0Ikgf;
453
454 VerifierCtxObj verifier(pub_key);
455 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
456 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
457 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
458 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
459
460 EXPECT_EQ(kEpidSigRevokedInGroupRl,
461 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
462 msg.data(), msg.size()));
463 }
464
TEST_F(EpidVerifierTest,VerifyRejectsFromGroupRlMiddleEntry)465 TEST_F(EpidVerifierTest, VerifyRejectsFromGroupRlMiddleEntry) {
466 // * 4.1.2 step 3.a - The verifier verifies that gid does not match any entry
467 // in GroupRL.
468 // result must be kEpidSigRevokedInGroupRl
469 auto& pub_key = this->kGrpXKey;
470 auto& msg = this->kMsg0;
471 auto& bsn = this->kBsn0;
472 auto& grp_rl = this->kGrpRlRevokedGrpXMiddleEntry;
473 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
474
475 VerifierCtxObj verifier(pub_key);
476 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
477 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
478 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
479 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
480
481 EXPECT_EQ(kEpidSigRevokedInGroupRl,
482 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
483 msg.data(), msg.size()));
484 }
485
TEST_F(EpidVerifierTest,VerifyRejectsFromGroupRlLastEntry)486 TEST_F(EpidVerifierTest, VerifyRejectsFromGroupRlLastEntry) {
487 // * 4.1.2 step 3.a - The verifier verifies that gid does not match any entry
488 // in GroupRL.
489 // result must be kEpidSigRevokedInGroupRl
490 auto& pub_key = this->kGrpXKey;
491 auto& msg = this->kMsg0;
492 auto& bsn = this->kBsn0;
493 auto& grp_rl = this->kGrpRlRevokedGrpXLastEntry;
494 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
495
496 VerifierCtxObj verifier(pub_key);
497 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
498 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
499 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
500 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
501
502 EXPECT_EQ(kEpidSigRevokedInGroupRl,
503 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
504 msg.data(), msg.size()));
505 }
506
507 // 4.1.2 step 3.b - If gid matches an entry in GroupRL, aborts and returns 2.
508 // This Step is an aggregate of the above steps
509
510 /////////////////////////////////////////////////////////////////////
511 // Private Based Revocation List Reject
512 // 4.1.2 step 4 - If PrivRL is provided
513
514 // * 4.1.2 step 4.a - The verifier verifies that gid in the public key and in
515 // PrivRL match. If mismatch, abort and return
516 // "operation failed".
517 // Not possible, checked in EpidVerifierSetPrivRl
518
TEST_F(EpidVerifierTest,VerifyRejectsSigFromPrivRlSingleEntry)519 TEST_F(EpidVerifierTest, VerifyRejectsSigFromPrivRlSingleEntry) {
520 // * 4.1.2 step 4.b - For i = 0, ?, n1-1,
521 // the verifier computes t4 =G1.exp(B, f[i])
522 // and verifies that G1.isEqual(t4, K) = false.
523 // A faster private-key revocation check algorithm is
524 // provided in Section 4.5.
525 // result must be kEpidSigRevokedInPrivRl
526 auto& pub_key = this->kGrpXKey;
527 auto& msg = this->kMsg0;
528 auto& bsn = this->kBsn0;
529 auto& priv_rl = this->kGrpXPrivRlRevokedPrivKey000OnlyEntry;
530 auto& sig = this->kSigGrpXRevokedPrivKey000Sha256Bsn0Msg0;
531
532 VerifierCtxObj verifier(pub_key);
533 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
534 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
535 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
536 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
537
538 EXPECT_EQ(kEpidSigRevokedInPrivRl,
539 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
540 msg.data(), msg.size()));
541 }
542
TEST_F(EpidVerifierTest,VerifyRejectsSigFromPrivRlFirstEntry)543 TEST_F(EpidVerifierTest, VerifyRejectsSigFromPrivRlFirstEntry) {
544 // * 4.1.2 step 4.b - For i = 0, ?, n1-1,
545 // the verifier computes t4 =G1.exp(B, f[i])
546 // and verifies that G1.isEqual(t4, K) = false.
547 // A faster private-key revocation check algorithm is
548 // provided in Section 4.5.
549 // result must be kEpidSigRevokedInPrivRl
550 auto& pub_key = this->kGrpXKey;
551 auto& msg = this->kMsg0;
552 auto& bsn = this->kBsn0;
553 auto& priv_rl = this->kGrpXPrivRl;
554 auto& sig = this->kSigGrpXRevokedPrivKey000Sha256Bsn0Msg0;
555
556 VerifierCtxObj verifier(pub_key);
557 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
558 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
559 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
560 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
561
562 EXPECT_EQ(kEpidSigRevokedInPrivRl,
563 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
564 msg.data(), msg.size()));
565 }
566
TEST_F(EpidVerifierTest,VerifyRejectsSigFromPrivRlFirstEntryUsingIkgfData)567 TEST_F(EpidVerifierTest, VerifyRejectsSigFromPrivRlFirstEntryUsingIkgfData) {
568 // * 4.1.2 step 4.b - For i = 0, ?, n1-1,
569 // the verifier computes t4 =G1.exp(B, f[i])
570 // and verifies that G1.isEqual(t4, K) = false.
571 // A faster private-key revocation check algorithm is
572 // provided in Section 4.5.
573 // result must be kEpidSigRevokedInPrivRl
574 auto& pub_key = this->kPubKeyIkgfStr;
575 auto& msg = this->kMsg0;
576 auto& bsn = this->kBsn0;
577 auto& priv_rl = this->kPrivRlIkgf;
578 auto& sig = this->kSigRevokedPrivKeySha256Bsn0Msg0Ikgf;
579
580 VerifierCtxObj verifier(pub_key);
581 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
582 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
583 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
584 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
585
586 EXPECT_EQ(kEpidSigRevokedInPrivRl,
587 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
588 msg.data(), msg.size()));
589 }
590
TEST_F(EpidVerifierTest,VerifyRejectsSigFromPrivRlMiddleEntry)591 TEST_F(EpidVerifierTest, VerifyRejectsSigFromPrivRlMiddleEntry) {
592 // * 4.1.2 step 4.b - For i = 0, ?, n1-1,
593 // the verifier computes t4 =G1.exp(B, f[i])
594 // and verifies that G1.isEqual(t4, K) = false.
595 // A faster private-key revocation check algorithm is
596 // provided in Section 4.5.
597 // result must be kEpidSigRevokedInPrivRl
598 auto& pub_key = this->kGrpXKey;
599 auto& msg = this->kMsg0;
600 auto& bsn = this->kBsn0;
601 auto& priv_rl = this->kGrpXPrivRl;
602 auto& sig = this->kSigGrpXRevokedPrivKey001Sha256Bsn0Msg0;
603
604 VerifierCtxObj verifier(pub_key);
605 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
606 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
607 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
608 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
609
610 EXPECT_EQ(kEpidSigRevokedInPrivRl,
611 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
612 msg.data(), msg.size()));
613 }
614
TEST_F(EpidVerifierTest,VerifyRejectsSigFromPrivRlLastEntry)615 TEST_F(EpidVerifierTest, VerifyRejectsSigFromPrivRlLastEntry) {
616 // * 4.1.2 step 4.b - For i = 0, ?, n1-1,
617 // the verifier computes t4 =G1.exp(B, f[i])
618 // and verifies that G1.isEqual(t4, K) = false.
619 // A faster private-key revocation check algorithm is
620 // provided in Section 4.5.
621 // result must be kEpidSigRevokedInPrivRl
622 auto& pub_key = this->kGrpXKey;
623 auto& msg = this->kMsg0;
624 auto& bsn = this->kBsn0;
625 auto& priv_rl = this->kGrpXPrivRl;
626 auto& sig = this->kSigGrpXRevokedPrivKey002Sha256Bsn0Msg0;
627
628 VerifierCtxObj verifier(pub_key);
629 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
630 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
631 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
632 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
633
634 EXPECT_EQ(kEpidSigRevokedInPrivRl,
635 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
636 msg.data(), msg.size()));
637 }
638
TEST_F(EpidVerifierTest,VerifyRejectsSigUsingCorruptedPrivRlEntry)639 TEST_F(EpidVerifierTest, VerifyRejectsSigUsingCorruptedPrivRlEntry) {
640 auto& pub_key = this->kGrpXKey;
641 auto& msg = this->kMsg0;
642 auto& bsn = this->kBsn0;
643 auto& priv_rl = this->kGrpXCorruptedPrivRl;
644 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
645
646 VerifierCtxObj verifier(pub_key);
647 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
648 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
649 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
650 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
651
652 EXPECT_EQ(kEpidSigRevokedInPrivRl,
653 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
654 msg.data(), msg.size()));
655 }
656
TEST_F(EpidVerifierTest,VerifyAcceptsSigFromEmptyPrivRlUsingIkgfData)657 TEST_F(EpidVerifierTest, VerifyAcceptsSigFromEmptyPrivRlUsingIkgfData) {
658 auto& pub_key = this->kPubKeyIkgfStr;
659 auto& msg = this->kMsg0;
660 auto& bsn = this->kBsn0;
661 auto& priv_rl = this->kEmptyPrivRlIkgf;
662 auto& sig = this->kSigMember0Sha256Bsn0Msg0NoSigRlIkgf;
663
664 VerifierCtxObj verifier(pub_key);
665 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
666 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
667 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
668 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
669
670 EXPECT_EQ(kEpidNoErr, EpidVerify(verifier, (EpidSignature const*)sig.data(),
671 sig.size(), msg.data(), msg.size()));
672 }
673
674 // 4.1.2 step 4.c - If the above step fails, the verifier aborts and
675 // output 3.
676 // This Step is an aggregate of the above steps
677
678 /////////////////////////////////////////////////////////////////////
679 // Signature Based Revocation List Reject
680 // 4.1.2 step 5 - If SigRL is provided
681
682 // * 4.1.2 step 5.a - The verifier verifies that gid in the public key and in
683 // SigRL match. If mismatch, abort and return
684 // "operation failed".
685 // Not possible, checked in EpidVerifierSetSigRl
686
TEST_F(EpidVerifierTest,VerifyFailsOnSigRlverNotMatchSigRlRlver)687 TEST_F(EpidVerifierTest, VerifyFailsOnSigRlverNotMatchSigRlRlver) {
688 // * 4.1.2 step 5.b - The verifier verifies that RLver in Sigma and in SigRL
689 // match. If mismatch, abort and output "operation failed".
690 // result must be "operation failed" (not kEpidSig*)
691 auto& pub_key = this->kGrpXKey;
692 auto& msg = this->kMsg0;
693 auto& bsn = this->kBsn0;
694 auto& sig_rl = this->kGrpXSigRlVersion2;
695 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
696 VerifierCtxObj verifier(pub_key);
697 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
698 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
699 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
700 sig_rl.size()));
701
702 EXPECT_EQ(kEpidErr, EpidVerify(verifier, (EpidSignature const*)sig.data(),
703 sig.size(), msg.data(), msg.size()));
704 }
705
TEST_F(EpidVerifierTest,VerifyFailsOnSigN2NotMatchSigRlN2)706 TEST_F(EpidVerifierTest, VerifyFailsOnSigN2NotMatchSigRlN2) {
707 // * 4.1.2 step 5.c - The verifier verifies that n2 in Sigma and in SigRL
708 // match. If mismatch, abort and output "operation failed".
709 // result must be "operation failed" (not kEpidSig*)
710 auto& pub_key = this->kGrpXKey;
711 auto& msg = this->kMsg0;
712 auto& bsn = this->kBsn0;
713 auto* sig_rl =
714 (SigRl const*)this->kGrpXSigRlMember0Sha256Bsn0Msg0OnlyEntry.data();
715 size_t sig_rl_size = this->kGrpXSigRlMember0Sha256Bsn0Msg0OnlyEntry.size();
716 auto sig_raw = this->kSigGrpXMember0Sha256Bsn0Msg0;
717 EpidSignature* sig = (EpidSignature*)sig_raw.data();
718 sig->rl_ver = sig_rl->version;
719 VerifierCtxObj verifier(pub_key);
720 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
721 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
722 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, sig_rl, sig_rl_size));
723
724 EXPECT_EQ(kEpidBadArgErr,
725 EpidVerify(verifier, sig, sig_raw.size(), msg.data(), msg.size()));
726 }
727
TEST_F(EpidVerifierTest,VerifyRejectsSigFromSigRlSingleEntry)728 TEST_F(EpidVerifierTest, VerifyRejectsSigFromSigRlSingleEntry) {
729 // * 4.1.2 step 5.d - For i = 0, ..., n2-1, the verifier verifies
730 // nrVerify(B, K, B[i], K[i], Sigma[i]) = true. The details
731 // of nrVerify() will be given in the next subsection.
732 // result must be kEpidSigRevokedInSigRl
733 auto& pub_key = this->kGrpXKey;
734 auto& msg = this->kMsg0;
735 auto& bsn = this->kBsn0;
736 auto& sig_rl = this->kGrpXSigRlMember0Sha256Bsn0Msg0OnlyEntry;
737 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0SingleEntrySigRl;
738 VerifierCtxObj verifier(pub_key);
739 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
740 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
741 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
742 sig_rl.size()));
743
744 EXPECT_EQ(kEpidSigRevokedInSigRl,
745 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
746 msg.data(), msg.size()));
747 }
748
TEST_F(EpidVerifierTest,VerifyRejectsSigFromSigRlFirstEntry)749 TEST_F(EpidVerifierTest, VerifyRejectsSigFromSigRlFirstEntry) {
750 // * 4.1.2 step 5.d - For i = 0, ..., n2-1, the verifier verifies
751 // nrVerify(B, K, B[i], K[i], Sigma[i]) = true. The details
752 // of nrVerify() will be given in the next subsection.
753 // result must be kEpidSigRevokedInSigRl
754 auto& pub_key = this->kGrpXKey;
755 auto& msg = this->kMsg0;
756 auto& bsn = this->kBsn0;
757 auto& sig_rl = this->kGrpXSigRlMember0Sha256Bsn0Msg0FirstEntry;
758 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
759 VerifierCtxObj verifier(pub_key);
760 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
761 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
762 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
763 sig_rl.size()));
764
765 EXPECT_EQ(kEpidSigRevokedInSigRl,
766 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
767 msg.data(), msg.size()));
768 }
769
TEST_F(EpidVerifierTest,VerifyRejectsSigFromSigRlFirstEntryUsingIkgfData)770 TEST_F(EpidVerifierTest, VerifyRejectsSigFromSigRlFirstEntryUsingIkgfData) {
771 auto& pub_key = this->kPubKeyIkgfStr;
772 auto& msg = this->kMsg0;
773 auto& bsn = this->kBsn0;
774 auto& sig_rl = this->kSigRlIkgf;
775 auto& sig = this->kSigRevSigMember0Sha256Bsn0Msg0Ikgf;
776 VerifierCtxObj verifier(pub_key);
777 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
778 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
779 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
780 sig_rl.size()));
781
782 EXPECT_EQ(kEpidSigRevokedInSigRl,
783 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
784 msg.data(), msg.size()));
785 }
786
TEST_F(EpidVerifierTest,VerifyRejectsSigFromSigRlMiddleEntry)787 TEST_F(EpidVerifierTest, VerifyRejectsSigFromSigRlMiddleEntry) {
788 // * 4.1.2 step 5.d - For i = 0, ..., n2-1, the verifier verifies
789 // nrVerify(B, K, B[i], K[i], Sigma[i]) = true. The details
790 // of nrVerify() will be given in the next subsection.
791 // result must be kEpidSigRevokedInSigRl
792 auto& pub_key = this->kGrpXKey;
793 auto& msg = this->kMsg0;
794 auto& bsn = this->kBsn0;
795 auto& sig_rl = this->kGrpXSigRlMember0Sha256Bsn0Msg0MiddleEntry;
796 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
797 VerifierCtxObj verifier(pub_key);
798 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
799 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
800 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
801 sig_rl.size()));
802
803 EXPECT_EQ(kEpidSigRevokedInSigRl,
804 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
805 msg.data(), msg.size()));
806 }
807
TEST_F(EpidVerifierTest,VerifyRejectsSigFromSigRlLastEntry)808 TEST_F(EpidVerifierTest, VerifyRejectsSigFromSigRlLastEntry) {
809 // * 4.1.2 step 5.d - For i = 0, ..., n2-1, the verifier verifies
810 // nrVerify(B, K, B[i], K[i], Sigma[i]) = true. The details
811 // of nrVerify() will be given in the next subsection.
812 // result must be kEpidSigRevokedInSigRl
813 auto& pub_key = this->kGrpXKey;
814 auto& msg = this->kMsg0;
815 auto& bsn = this->kBsn0;
816 auto& sig_rl = this->kGrpXSigRlMember0Sha256Bsn0Msg0LastEntry;
817 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
818 VerifierCtxObj verifier(pub_key);
819 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
820 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
821 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
822 sig_rl.size()));
823
824 EXPECT_EQ(kEpidSigRevokedInSigRl,
825 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
826 msg.data(), msg.size()));
827 }
828
TEST_F(EpidVerifierTest,RejectsSigFromNonemptySigRlGivenEmptySigRlUsingIkgfData)829 TEST_F(EpidVerifierTest,
830 RejectsSigFromNonemptySigRlGivenEmptySigRlUsingIkgfData) {
831 auto& pub_key = this->kPubKeyIkgfStr;
832 auto& msg = this->kMsg0;
833 auto& bsn = this->kBsn0;
834 auto& sig_rl = this->kEmptySigRlIkgf;
835 auto& sig = this->kSigMember0Sha256Bsn0Msg0Ikgf;
836 VerifierCtxObj verifier(pub_key);
837 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
838 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
839 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
840 sig_rl.size()));
841
842 EXPECT_EQ(kEpidErr, EpidVerify(verifier, (EpidSignature const*)sig.data(),
843 sig.size(), msg.data(), msg.size()));
844 }
845
TEST_F(EpidVerifierTest,VerifyAcceptsSigFromEmptySigRlUsingIkgfData)846 TEST_F(EpidVerifierTest, VerifyAcceptsSigFromEmptySigRlUsingIkgfData) {
847 auto& pub_key = this->kPubKeyIkgfStr;
848 auto& msg = this->kMsg0;
849 auto& bsn = this->kBsn0;
850 auto& sig_rl = this->kEmptySigRlIkgf;
851 auto& sig = this->kSigMember0Sha256Bsn0Msg0EmptySigRlIkgf;
852 VerifierCtxObj verifier(pub_key);
853 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
854 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
855 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
856 sig_rl.size()));
857
858 EXPECT_EQ(kEpidNoErr, EpidVerify(verifier, (EpidSignature const*)sig.data(),
859 sig.size(), msg.data(), msg.size()));
860 }
861
862 // 4.1.2 step 5.e - If the above step fails, the verifier aborts and
863 // output 4.
864 // This Step is an aggregate of the above steps
865
866 /////////////////////////////////////////////////////////////////////
867 // Verifier Based Revocation List Reject
868 // 4.1.2 step 6 - If VerifierRL is provided
869
870 // * 4.1.2 step 6.a - The verifier verifies that gid in the public key and in
871 // VerifierRL match. If mismatch, abort and return
872 // "operation failed".
873 // Not possible, checked in EpidVerifierSetVerifierRl
874
875 // * 4.1.2 step 6.b - The verifier verifies that B in the signature and in
876 // VerifierRL match. If mismatch, go to step 7.
877 // result must be "operation failed" (not kEpidSig*)
878 // Not possible, checked in EpidVerifierSetVerifierRl
879
TEST_F(EpidVerifierTest,VerifyRejectsSigFromVerifierRlSingleEntry)880 TEST_F(EpidVerifierTest, VerifyRejectsSigFromVerifierRlSingleEntry) {
881 // * 4.1.2 step 6.c - For i = 0, ..., n4-1, the verifier verifies that
882 // K != K[i].
883 // result must be kEpidSigRevokedInVerifierRl
884 auto& pub_key = this->kGrpXKey;
885 auto& msg = this->kMsg0;
886 auto& bsn = this->kBsn0;
887 auto& grp_rl = this->kGrpRl;
888 auto& priv_rl = this->kGrpXPrivRl;
889 auto& sig_rl = this->kGrpXSigRl;
890 auto& ver_rl = this->kGrpXBsn0VerRlSingleEntry;
891 auto& sig = this->kSigGrpXVerRevokedMember0Sha256Bsn0Msg0;
892
893 VerifierCtxObj verifier(pub_key);
894 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
895 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
896 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
897 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
898 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
899 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
900 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
901 sig_rl.size()));
902 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
903 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
904
905 EXPECT_EQ(kEpidSigRevokedInVerifierRl,
906 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
907 msg.data(), msg.size()));
908 }
909
TEST_F(EpidVerifierTest,VerifyRejectsSigFromVerifierRlFirstEntry)910 TEST_F(EpidVerifierTest, VerifyRejectsSigFromVerifierRlFirstEntry) {
911 // * 4.1.2 step 6.c - For i = 0, ..., n4-1, the verifier verifies that
912 // K != K[i].
913 // result must be kEpidSigRevokedInVerifierRl
914 auto& pub_key = this->kGrpXKey;
915 auto& msg = this->kMsg0;
916 auto& bsn = this->kBsn0;
917 auto& grp_rl = this->kGrpRl;
918 auto& priv_rl = this->kGrpXPrivRl;
919 auto& sig_rl = this->kGrpXSigRl;
920 auto& ver_rl = this->kGrpXBsn0Sha256VerRl;
921 auto& sig = this->kSigGrpXVerRevokedMember0Sha256Bsn0Msg0;
922
923 VerifierCtxObj verifier(pub_key);
924 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
925 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
926 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
927 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
928 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
929 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
930 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
931 sig_rl.size()));
932 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
933 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
934
935 EXPECT_EQ(kEpidSigRevokedInVerifierRl,
936 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
937 msg.data(), msg.size()));
938 }
939
TEST_F(EpidVerifierTest,VerifyRejectsSigFromVerifierRlMiddleEntry)940 TEST_F(EpidVerifierTest, VerifyRejectsSigFromVerifierRlMiddleEntry) {
941 // * 4.1.2 step 6.c - For i = 0, ..., n4-1, the verifier verifies that
942 // K != K[i].
943 // result must be kEpidSigRevokedInVerifierRl
944 auto& pub_key = this->kGrpXKey;
945 auto& msg = this->kMsg0;
946 auto& bsn = this->kBsn0;
947 auto& grp_rl = this->kGrpRl;
948 auto& priv_rl = this->kGrpXPrivRl;
949 auto& sig_rl = this->kGrpXSigRl;
950 auto& ver_rl = this->kGrpXBsn0Sha256VerRl;
951 auto& sig = this->kSigGrpXVerRevokedMember1Sha256Bsn0Msg0;
952
953 VerifierCtxObj verifier(pub_key);
954 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
955 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
956 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
957 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
958 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
959 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
960 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
961 sig_rl.size()));
962 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
963 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
964
965 EXPECT_EQ(kEpidSigRevokedInVerifierRl,
966 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
967 msg.data(), msg.size()));
968 }
969
TEST_F(EpidVerifierTest,VerifyRejectsSigFromVerifierRlLastEntry)970 TEST_F(EpidVerifierTest, VerifyRejectsSigFromVerifierRlLastEntry) {
971 // * 4.1.2 step 6.c - For i = 0, ..., n4-1, the verifier verifies that
972 // K != K[i].
973 // result must be kEpidSigRevokedInVerifierRl
974 auto& pub_key = this->kGrpXKey;
975 auto& msg = this->kMsg0;
976 auto& bsn = this->kBsn0;
977 auto& grp_rl = this->kGrpRl;
978 auto& priv_rl = this->kGrpXPrivRl;
979 auto& sig_rl = this->kGrpXSigRl;
980 auto& ver_rl = this->kGrpXBsn0Sha256VerRl;
981 auto& sig = this->kSigGrpXVerRevokedMember2Sha256Bsn0Msg0;
982
983 VerifierCtxObj verifier(pub_key);
984 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
985 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
986 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
987 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
988 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
989 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
990 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
991 sig_rl.size()));
992 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
993 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
994
995 EXPECT_EQ(kEpidSigRevokedInVerifierRl,
996 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
997 msg.data(), msg.size()));
998 }
999
1000 // 4.1.2 step 6.d - If the above step fails, the verifier aborts and
1001 // output 5
1002 // This Step is an aggregate of the above steps
1003
1004 /////////////////////////////////////////////////////////////////////
1005 // Accept
1006 // 4.1.2 step 7 - If all the above verifications succeed, the verifier
1007 // outputs 0
1008
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithBaseNameNoRlSha256)1009 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithBaseNameNoRlSha256) {
1010 auto& pub_key = this->kGrpXKey;
1011 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
1012 auto& msg = this->kMsg0;
1013 auto& bsn = this->kBsn0;
1014
1015 VerifierCtxObj verifier(pub_key);
1016 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
1017 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1018 EXPECT_EQ(kEpidSigValid,
1019 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1020 msg.data(), msg.size()));
1021 }
1022
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithBaseNameAllRlSha256)1023 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithBaseNameAllRlSha256) {
1024 auto& pub_key = this->kGrpXKey;
1025 auto& msg = this->kMsg0;
1026 auto& bsn = this->kBsn0;
1027 auto& grp_rl = this->kGrpRl;
1028 auto& priv_rl = this->kGrpXPrivRl;
1029 auto& sig_rl = this->kGrpXSigRl;
1030 auto& ver_rl = this->kGrpXBsn0Sha256VerRl;
1031 auto& sig = this->kSigGrpXMember0Sha256Bsn0Msg0;
1032
1033 VerifierCtxObj verifier(pub_key);
1034 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
1035 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1036 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1037 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1038 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1039 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1040 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1041 sig_rl.size()));
1042 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
1043 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
1044
1045 EXPECT_EQ(kEpidSigValid,
1046 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1047 msg.data(), msg.size()));
1048 }
1049
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameNoRlSha256)1050 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithRandomBaseNameNoRlSha256) {
1051 auto& pub_key = this->kGrpXKey;
1052 auto& sig = this->kSigGrpXMember0Sha256RandbaseMsg0;
1053 auto& msg = this->kMsg0;
1054
1055 VerifierCtxObj verifier(pub_key);
1056 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
1057 EXPECT_EQ(kEpidSigValid,
1058 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1059 msg.data(), msg.size()));
1060 }
1061
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameAllRlSha256)1062 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithRandomBaseNameAllRlSha256) {
1063 auto& pub_key = this->kGrpXKey;
1064 auto& msg = this->kMsg0;
1065 auto& grp_rl = this->kGrpRl;
1066 auto& priv_rl = this->kGrpXPrivRl;
1067 auto& sig_rl = this->kGrpXSigRl;
1068 auto& sig = this->kSigGrpXMember0Sha256RandbaseMsg0;
1069
1070 VerifierCtxObj verifier(pub_key);
1071 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
1072 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1073 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1074 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1075 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1076 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1077 sig_rl.size()));
1078
1079 EXPECT_EQ(kEpidSigValid,
1080 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1081 msg.data(), msg.size()));
1082 }
1083
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameAllRlSha256UsingIkgfData)1084 TEST_F(EpidVerifierTest,
1085 VerifyAcceptsSigWithRandomBaseNameAllRlSha256UsingIkgfData) {
1086 auto& pub_key = this->kPubKeyIkgfStr;
1087 auto& msg = this->kMsg0;
1088 auto& grp_rl = this->kGrpRlIkgf;
1089 auto& priv_rl = this->kPrivRlIkgf;
1090 auto& sig_rl = this->kSigRlIkgf;
1091 auto& sig = this->kSigMember0Sha256RandbaseMsg0Ikgf;
1092
1093 VerifierCtxObj verifier(pub_key);
1094 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha256));
1095 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1096 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1097 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1098 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1099 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1100 sig_rl.size()));
1101
1102 EXPECT_EQ(kEpidSigValid,
1103 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1104 msg.data(), msg.size()));
1105 }
1106
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithBaseNameAllRlSha384)1107 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithBaseNameAllRlSha384) {
1108 auto& pub_key = this->kGrpXKey;
1109 auto& msg = this->kMsg0;
1110 auto& bsn = this->kBsn0;
1111 auto& grp_rl = this->kGrpRl;
1112 auto& priv_rl = this->kGrpXPrivRl;
1113 auto& sig_rl = this->kGrpXSigRl;
1114 auto& ver_rl = this->kGrpXBsn0Sha384VerRl;
1115 auto& sig = this->kSigGrpXMember0Sha384Bsn0Msg0;
1116
1117 VerifierCtxObj verifier(pub_key);
1118 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384));
1119 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1120 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1121 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1122 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1123 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1124 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1125 sig_rl.size()));
1126 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
1127 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
1128
1129 EXPECT_EQ(kEpidSigValid,
1130 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1131 msg.data(), msg.size()));
1132 }
1133
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameAllRlSha384)1134 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithRandomBaseNameAllRlSha384) {
1135 auto& pub_key = this->kGrpXKey;
1136 auto& msg = this->kMsg0;
1137 auto& grp_rl = this->kGrpRl;
1138 auto& priv_rl = this->kGrpXPrivRl;
1139 auto& sig_rl = this->kGrpXSigRl;
1140 auto& sig = this->kSigGrpXMember0Sha384RandbaseMsg0;
1141
1142 VerifierCtxObj verifier(pub_key);
1143 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha384));
1144 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1145 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1146 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1147 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1148 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1149 sig_rl.size()));
1150
1151 EXPECT_EQ(kEpidSigValid,
1152 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1153 msg.data(), msg.size()));
1154 }
1155
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithBaseNameAllRlSha512)1156 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithBaseNameAllRlSha512) {
1157 auto& pub_key = this->kGrpXKey;
1158 auto& msg = this->kMsg0;
1159 auto& bsn = this->kBsn0;
1160 auto& grp_rl = this->kGrpRl;
1161 auto& priv_rl = this->kGrpXPrivRl;
1162 auto& sig_rl = this->kGrpXSigRl;
1163 auto& ver_rl = this->kGrpXBsn0Sha512VerRl;
1164 auto& sig = this->kSigGrpXMember0Sha512Bsn0Msg0;
1165
1166 VerifierCtxObj verifier(pub_key);
1167 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
1168 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1169 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1170 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1171 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1172 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1173 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1174 sig_rl.size()));
1175 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
1176 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
1177
1178 EXPECT_EQ(kEpidSigValid,
1179 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1180 msg.data(), msg.size()));
1181 }
1182
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithHugeBaseNameNoRlSha512)1183 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithHugeBaseNameNoRlSha512) {
1184 auto& pub_key = this->kGrpXKey;
1185 auto& msg = this->kMsg0;
1186 auto& sig = this->kSigGrpXMember0Sha512HugeBsnMsg0;
1187 std::vector<uint8_t> bsn(1024 * 1024);
1188 uint8_t c = 0;
1189 for (int i = 0; i < 1024 * 1024; ++i) {
1190 bsn[i] = c++;
1191 }
1192
1193 VerifierCtxObj verifier(pub_key);
1194 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
1195 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1196
1197 EXPECT_EQ(kEpidSigValid,
1198 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1199 msg.data(), msg.size()));
1200 }
1201
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameAllRlSha512)1202 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithRandomBaseNameAllRlSha512) {
1203 auto& pub_key = this->kGrpXKey;
1204 auto& msg = this->kMsg0;
1205 auto& grp_rl = this->kGrpRl;
1206 auto& priv_rl = this->kGrpXPrivRl;
1207 auto& sig_rl = this->kGrpXSigRl;
1208 auto& sig = this->kSigGrpXMember0Sha512RandbaseMsg0;
1209
1210 VerifierCtxObj verifier(pub_key);
1211 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
1212 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1213 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1214 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1215 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1216 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1217 sig_rl.size()));
1218
1219 EXPECT_EQ(kEpidSigValid,
1220 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1221 msg.data(), msg.size()));
1222 }
1223
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithBaseNameAllRlSha512256)1224 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithBaseNameAllRlSha512256) {
1225 auto& pub_key = this->kGrpXKey;
1226 auto& msg = this->kMsg0;
1227 auto& bsn = this->kBsn0;
1228 auto& grp_rl = this->kGrpRl;
1229 auto& priv_rl = this->kGrpXPrivRl;
1230 auto& sig_rl = this->kGrpXSigRl;
1231 auto& ver_rl = this->kGrpXBsn0Sha512256VerRl;
1232 auto& sig = this->kSigGrpXMember0Sha512256Bsn0Msg0;
1233
1234 VerifierCtxObj verifier(pub_key);
1235 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256));
1236 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1237 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1238 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1239 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1240 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1241 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1242 sig_rl.size()));
1243 THROW_ON_EPIDERR(EpidVerifierSetVerifierRl(
1244 verifier, (VerifierRl const*)ver_rl.data(), ver_rl.size()));
1245
1246 EXPECT_EQ(kEpidSigValid,
1247 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1248 msg.data(), msg.size()));
1249 }
1250
TEST_F(EpidVerifierTest,VerifyAcceptsSigWithRandomBaseNameAllRlSha512256)1251 TEST_F(EpidVerifierTest, VerifyAcceptsSigWithRandomBaseNameAllRlSha512256) {
1252 auto& pub_key = this->kGrpXKey;
1253 auto& msg = this->kMsg0;
1254 auto& grp_rl = this->kGrpRl;
1255 auto& priv_rl = this->kGrpXPrivRl;
1256 auto& sig_rl = this->kGrpXSigRl;
1257 auto& sig = this->kSigGrpXMember0Sha512256RandbaseMsg0;
1258
1259 VerifierCtxObj verifier(pub_key);
1260 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512_256));
1261 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1262 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1263 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1264 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1265 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1266 sig_rl.size()));
1267
1268 EXPECT_EQ(kEpidSigValid,
1269 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1270 msg.data(), msg.size()));
1271 }
1272
TEST_F(EpidVerifierTest,VerifyAcceptsSigGivenMsgContainingAllPossibleBytes)1273 TEST_F(EpidVerifierTest, VerifyAcceptsSigGivenMsgContainingAllPossibleBytes) {
1274 auto& pub_key = this->kPubKeySigRlVerify;
1275 auto& msg = this->kData_0_255;
1276 auto& bsn = this->kBsn0;
1277 auto& grp_rl = this->kGrpRl;
1278 auto& priv_rl = this->kGrp01PrivRl;
1279 std::vector<uint8_t> sig_rl = {
1280 // gid
1281 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1282 0x00, 0x00, 0x00, 0x2A,
1283 // version
1284 0x00, 0x00, 0x00, 0x00,
1285 // n2
1286 0x00, 0x00, 0x00, 0x01,
1287 // bk's
1288 0x9c, 0xa5, 0xe5, 0xae, 0x5f, 0xae, 0x51, 0x59, 0x33, 0x35, 0x27, 0xd,
1289 0x8, 0xb1, 0xbe, 0x5d, 0x69, 0x50, 0x84, 0xc5, 0xfe, 0xe2, 0x87, 0xea,
1290 0x2e, 0xef, 0xfa, 0xee, 0x67, 0xf2, 0xd8, 0x28, 0x56, 0x43, 0xc6, 0x94,
1291 0x67, 0xa6, 0x72, 0xf6, 0x41, 0x15, 0x4, 0x58, 0x42, 0x16, 0x88, 0x57,
1292 0x9d, 0xc7, 0x71, 0xd1, 0xc, 0x84, 0x13, 0xa, 0x90, 0x23, 0x18, 0x8, 0xad,
1293 0x7d, 0xfe, 0xf5, 0xc8, 0xae, 0xfc, 0x51, 0x40, 0xa7, 0xd1, 0x28, 0xc2,
1294 0x89, 0xb2, 0x6b, 0x4e, 0xb4, 0xc1, 0x55, 0x87, 0x98, 0xbd, 0x72, 0xf9,
1295 0xcf, 0xd, 0x40, 0x15, 0xee, 0x32, 0xc, 0xf3, 0x56, 0xc5, 0xc, 0x61, 0x9d,
1296 0x4f, 0x7a, 0xb5, 0x2b, 0x16, 0xa9, 0xa3, 0x97, 0x38, 0xe2, 0xdd, 0x3a,
1297 0x33, 0xad, 0xf6, 0x7b, 0x68, 0x8b, 0x68, 0xcf, 0xa3, 0xd3, 0x98, 0x37,
1298 0xce, 0xec, 0xd1, 0xa8, 0xc, 0x8b,
1299 };
1300 auto& sig = this->kSigGrp01Member0Sha512kBsn0Data_0_255;
1301
1302 VerifierCtxObj verifier(pub_key);
1303 THROW_ON_EPIDERR(EpidVerifierSetHashAlg(verifier, kSha512));
1304 THROW_ON_EPIDERR(EpidVerifierSetBasename(verifier, bsn.data(), bsn.size()));
1305 THROW_ON_EPIDERR(EpidVerifierSetGroupRl(
1306 verifier, (GroupRl const*)grp_rl.data(), grp_rl.size()));
1307 THROW_ON_EPIDERR(EpidVerifierSetPrivRl(
1308 verifier, (PrivRl const*)priv_rl.data(), priv_rl.size()));
1309 THROW_ON_EPIDERR(EpidVerifierSetSigRl(verifier, (SigRl const*)sig_rl.data(),
1310 sig_rl.size()));
1311
1312 EXPECT_EQ(kEpidSigValid,
1313 EpidVerify(verifier, (EpidSignature const*)sig.data(), sig.size(),
1314 msg.data(), msg.size()));
1315 }
1316
1317 } // namespace
1318