GenerateMask will return empty mask if mask type is NO_MASK.

PiperOrigin-RevId: 557017431

quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.cc

diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.cc
index f8f6385..eef32d3 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters.cc
@@ -36,9 +36,13 @@
       public_key.message_mask_size() >= kRsaMessageMaskSizeInBytes32) {
     mask = std::string(public_key.message_mask_size(), '\0');
     RAND_bytes(reinterpret_cast<uint8_t*>(mask.data()), mask.size());
+  } else if (public_key.message_mask_type() == AT_MESSAGE_MASK_NO_MASK &&
+             public_key.message_mask_size() == 0) {
+    return "";
   } else {
     return absl::InvalidArgumentError(
-        "Undefined or unsupported message mask type.");
+        "Unsupported message mask type Or invalid message mask size "
+        "requested.");
   }
   return mask;
 }

quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters_test.cc

diff --git a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters_test.cc b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters_test.cc
index 23a2a96..5010373 100644
--- a/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters_test.cc
+++ b/quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/anonymous_tokens_pb_openssl_converters_test.cc
@@ -42,17 +42,26 @@
   absl::StatusOr<std::string> mask_32_bytes = GenerateMask(public_key);
   EXPECT_EQ(mask_32_bytes.status().code(), absl::StatusCode::kInvalidArgument);
   EXPECT_THAT(mask_32_bytes.status().message(),
-              ::testing::HasSubstr("unsupported message mask"));
+              ::testing::HasSubstr("Unsupported message mask type"));
 }
 
 TEST(AnonymousTokensPbOpensslConvertersTests, GenerateMaskTestInvalidLength) {
   RSABlindSignaturePublicKey public_key;
+  // Mask meant to be concatenated is less than 32 bytes.
   public_key.set_message_mask_type(AT_MESSAGE_MASK_CONCAT);
   public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32 - 1);
   absl::StatusOr<std::string> mask_32_bytes = GenerateMask(public_key);
+  // Mask type set to no mask but mask length requested is greater than 0.
+  public_key.set_message_mask_type(AT_MESSAGE_MASK_NO_MASK);
+  public_key.set_message_mask_size(kRsaMessageMaskSizeInBytes32);
+  absl::StatusOr<std::string> mask_0_bytes = GenerateMask(public_key);
+
   EXPECT_EQ(mask_32_bytes.status().code(), absl::StatusCode::kInvalidArgument);
+  EXPECT_EQ(mask_0_bytes.status().code(), absl::StatusCode::kInvalidArgument);
   EXPECT_THAT(mask_32_bytes.status().message(),
-              ::testing::HasSubstr("unsupported message mask"));
+              ::testing::HasSubstr("invalid message mask size"));
+  EXPECT_THAT(mask_0_bytes.status().message(),
+              ::testing::HasSubstr("invalid message mask size"));
 }
 
 TEST(AnonymousTokensPbOpensslConvertersTests, GenerateMaskTestSuccess) {
@@ -66,10 +75,18 @@
   ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string mask_64_bytes,
                                    GenerateMask(public_key));
 
+  // No mask.
+  public_key.set_message_mask_type(AT_MESSAGE_MASK_NO_MASK);
+  public_key.set_message_mask_size(0);
+  ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string mask_0_bytes,
+                                   GenerateMask(public_key));
+
   EXPECT_FALSE(mask_32_bytes.empty());
   EXPECT_FALSE(mask_64_bytes.empty());
+  EXPECT_TRUE(mask_0_bytes.empty());
   EXPECT_EQ(mask_32_bytes.size(), kRsaMessageMaskSizeInBytes32);
   EXPECT_EQ(mask_64_bytes.size(), kRsaMessageMaskSizeInBytes32 * 2);
+  EXPECT_EQ(mask_0_bytes.size(), 0);
 }
 
 TEST(AnonymousTokensPbOpensslConvertersTests,