Google Git
Sign in
quiche / quiche / cef048466f4357f30059b69b5b3ff304e199f13e / . / quiche / blind_sign_auth / anonymous_tokens / cpp / crypto / rsa_blind_signer_test.cc
blob: a332f197460413c540bd9f6baefa51e7512b57ec [file] [log] [blame]
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_blind_signer.h"
#include <memory>
#include <random>
#include <string>
#include <utility>
#include "quiche/common/platform/api/quiche_test.h"
#include "quiche/common/test_tools/quiche_test_utils.h"
#include "absl/status/status.h"
#include "absl/status/statusor.h"
#include "absl/strings/string_view.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/constants.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/crypto_utils.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/crypto/rsa_ssa_pss_verifier.h"
#include "quiche/blind_sign_auth/anonymous_tokens/cpp/testing/utils.h"
#include "quiche/blind_sign_auth/anonymous_tokens/proto/anonymous_tokens.pb.h"
#include "openssl/digest.h"
#include "openssl/rsa.h"
namespace private_membership {
namespace anonymous_tokens {
namespace {
using CreateTestKeyPairFunction =
absl::StatusOr<std::pair<RSAPublicKey, RSAPrivateKey>>();
class RsaBlindSignerTest
: public ::testing::TestWithParam<CreateTestKeyPairFunction *> {
protected:
void SetUp() override {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, (*GetParam())());
public_key_ = std::move(keys_pair.first);
private_key_ = std::move(keys_pair.second);
generator_.seed(0);
// NOTE: using recommended RsaSsaPssParams
sig_hash_ = EVP_sha384();
mgf1_hash_ = EVP_sha384();
salt_length_ = kSaltLengthInBytes48;
}
RSAPrivateKey private_key_;
RSAPublicKey public_key_;
std::mt19937_64 generator_;
const EVP_MD *sig_hash_; // Owned by BoringSSL.
const EVP_MD *mgf1_hash_; // Owned by BoringSSL.
int salt_length_;
std::uniform_int_distribution<int> distr_u8_ =
std::uniform_int_distribution<int>{0, 255};
};
// This test only tests whether the implemented signer 'signs' properly. The
// outline of method calls in this test should not be assumed a secure signature
// scheme (and used in other places) as the security has not been
// proven/analyzed.
//
// Test for the standard signer does not take public metadata as a parameter
// which means public metadata is set to std::nullopt.
TEST_P(RsaBlindSignerTest, StandardSignerWorks) {
absl::string_view message = "Hello World!";
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string encoded_message,
EncodeMessageForTests(message, public_key_, sig_hash_, mgf1_hash_,
salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto verifier,
RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
TEST_P(RsaBlindSignerTest, SignerFails) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_));
absl::string_view message = "Hello World!";
absl::StatusOr<std::string> signature = signer->Sign(message);
EXPECT_EQ(signature.status().code(), absl::StatusCode::kInternal);
EXPECT_THAT(signature.status().message(),
::testing::HasSubstr("Expected blind data size"));
int sig_size = public_key_.n().size();
std::string message2 = RandomString(sig_size, &distr_u8_, &generator_);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string insecure_sig,
signer->Sign(message2));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto verifier,
RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_));
absl::Status verification_result = verifier->Verify(insecure_sig, message2);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
EXPECT_THAT(verification_result.message(),
::testing::HasSubstr("verification failed"));
}
INSTANTIATE_TEST_SUITE_P(RsaBlindSignerTest, RsaBlindSignerTest,
::testing::Values(&GetStrongRsaKeys2048,
&GetAnotherStrongRsaKeys2048,
&GetStrongRsaKeys3072,
&GetStrongRsaKeys4096));
class RsaBlindSignerTestWithPublicMetadata
: public ::testing::TestWithParam<CreateTestKeyPairFunction *> {
protected:
void SetUp() override {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(auto keys_pair, (*GetParam())());
public_key_ = std::move(keys_pair.first);
private_key_ = std::move(keys_pair.second);
// NOTE: using recommended RsaSsaPssParams
sig_hash_ = EVP_sha384();
mgf1_hash_ = EVP_sha384();
salt_length_ = kSaltLengthInBytes48;
}
RSAPrivateKey private_key_;
RSAPublicKey public_key_;
const EVP_MD *sig_hash_; // Owned by BoringSSL.
const EVP_MD *mgf1_hash_; // Owned by BoringSSL.
int salt_length_;
};
// This test only tests whether the implemented signer 'signs' properly under
// some public metadata. The outline of method calls in this test should not
// be assumed a secure signature scheme (and used in other places) as the
// security has not been proven/analyzed.
TEST_P(RsaBlindSignerTestWithPublicMetadata, SignerWorksWithPublicMetadata) {
absl::string_view message = "Hello World!";
absl::string_view public_metadata = "pubmd!";
std::string augmented_message =
EncodeMessagePublicMetadata(message, public_metadata);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string encoded_message,
EncodeMessageForTests(augmented_message, public_key_, sig_hash_,
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_, public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
public_key_, public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
TEST_P(RsaBlindSignerTestWithPublicMetadata,
SignerWorksWithEmptyPublicMetadata) {
absl::string_view message = "Hello World!";
absl::string_view empty_public_metadata = "";
std::string augmented_message =
EncodeMessagePublicMetadata(message, empty_public_metadata);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string encoded_message,
EncodeMessageForTests(augmented_message, public_key_, sig_hash_,
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_, empty_public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier,
RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_, public_key_,
empty_public_metadata));
EXPECT_TRUE(verifier->Verify(potentially_insecure_signature, message).ok());
}
TEST_P(RsaBlindSignerTestWithPublicMetadata,
SignatureFailstoVerifyWithWrongPublicMetadata) {
absl::string_view message = "Hello World!";
absl::string_view public_metadata = "pubmd!";
absl::string_view public_metadata_2 = "pubmd2";
std::string augmented_message =
EncodeMessagePublicMetadata(message, public_metadata);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string encoded_message,
EncodeMessageForTests(augmented_message, public_key_, sig_hash_,
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_, public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
public_key_, public_metadata_2));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
EXPECT_THAT(verification_result.message(),
::testing::HasSubstr("verification failed"));
}
TEST_P(RsaBlindSignerTestWithPublicMetadata,
SignatureFailsToVerifyWithNoPublicMetadata) {
absl::string_view message = "Hello World!";
absl::string_view public_metadata = "pubmd!";
absl::string_view public_metadata_2 = "";
std::string augmented_message =
EncodeMessagePublicMetadata(message, public_metadata);
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::string encoded_message,
EncodeMessageForTests(augmented_message, public_key_, sig_hash_,
mgf1_hash_, salt_length_));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(private_key_, public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string potentially_insecure_signature,
signer->Sign(encoded_message));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
auto verifier, RsaSsaPssVerifier::New(salt_length_, sig_hash_, mgf1_hash_,
public_key_, public_metadata_2));
absl::Status verification_result =
verifier->Verify(potentially_insecure_signature, message);
EXPECT_EQ(verification_result.code(), absl::StatusCode::kInvalidArgument);
EXPECT_THAT(verification_result.message(),
::testing::HasSubstr("verification failed"));
}
INSTANTIATE_TEST_SUITE_P(
RsaBlindSignerTestWithPublicMetadata, RsaBlindSignerTestWithPublicMetadata,
::testing::Values(&GetStrongRsaKeys2048, &GetAnotherStrongRsaKeys2048,
&GetStrongRsaKeys3072, &GetStrongRsaKeys4096));
// TODO(b/275956922): Consolidate all tests that use IETF test vectors into one
// E2E test.
//
// This test uses IETF test vectors for RSA blind signatures with public
// metadata. The vectors includes tests for public metadata set to an empty
// string as well as a non-empty value.
TEST(IetfRsaBlindSignerTest,
IetfRsaBlindSignaturesWithPublicMetadataTestVectorsSuccess) {
auto test_vectors = GetIetfRsaBlindSignatureWithPublicMetadataTestVectors();
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
const auto test_key,
GetIetfRsaBlindSignatureWithPublicMetadataTestKeys());
for (const auto &test_vector : test_vectors) {
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(
std::unique_ptr<RsaBlindSigner> signer,
RsaBlindSigner::New(test_key.second, test_vector.public_metadata));
ANON_TOKENS_ASSERT_OK_AND_ASSIGN(std::string blind_signature,
signer->Sign(test_vector.blinded_message));
EXPECT_EQ(blind_signature, test_vector.blinded_signature);
}
}
} // namespace
} // namespace anonymous_tokens
} // namespace private_membership