jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: b4ce20d667
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b4ce20d667'
${ noResults }
ed448goldilocks/test/test_pointops.c

288 lines
7.5 KiB
Raw Blame History 

  1. #include "test.h"

  2. 

  3. #include <stdio.h>

  4. 

  5. #include "ec_point.h"

  6. #include "field.h"

  7. #include "crandom.h"

  8. 

  9. 

  10. static void

  11. failprint_ext (

  12.     const struct extensible_t *a

  13. ) {

  14.     struct field_t zi, scaled;

  15.     field_print("    x", &a->x);

  16.     field_print("    y", &a->y);

  17.     field_print("    z", &a->z);

  18.     field_inverse(&zi, &a->z);

  19.     field_mul(&scaled, &zi, &a->x);

  20.     field_print("    X", &scaled);

  21.     field_mul(&scaled, &zi, &a->y);

  22.     field_print("    Y", &scaled);

  23.     printf("\n");

  24. }

  25. 

  26. static void

  27. failprint_tw_ext (

  28.     const struct tw_extensible_t *a

  29. ) {

  30.     failprint_ext((const struct extensible_t *)a);

  31. }

  32. 

  33. static mask_t

  34. fail_if_different (

  35.     const struct extensible_t *a,

  36.     const struct extensible_t *b,

  37.     const char *faildescr,

  38.     const char *adescr,

  39.     const char *bdescr

  40. ) {

  41.     mask_t succ = eq_extensible(a, b);

  42.     

  43.     if (!succ) {

  44.         youfail();

  45.         printf("    %s\n", faildescr);

  46.         

  47.         printf("\n    %s:\n", adescr);

  48.         failprint_ext(a);

  49.         

  50.         printf("\n    %s:\n", bdescr);

  51.         failprint_ext(b);

  52.     }

  53.     

  54.     return succ;

  55. }

  56. 

  57. static mask_t

  58. validate_ext(

  59.     const struct extensible_t *ext,

  60.     int evenness,

  61.     const char *description

  62. ) {

  63.     mask_t succ = validate_extensible(ext), succ2;

  64.     const char *error = "Point isn't on the curve.";

  65.     if (evenness > 0) {

  66.         succ2 = is_even_pt(ext);

  67.         if (succ &~ succ2) error = "Point isn't even.";

  68.         succ &= succ2;

  69.     } else if (evenness < 0) {

  70.         succ2 = is_even_pt(ext);

  71.         if (succ &~ succ2) error = "Point is even but shouldn't be.";

  72.         succ &= succ2;

  73.     } /* FUTURE: quadness */

  74.     

  75.     if (~succ) {

  76.         youfail();

  77.         printf("    %s\n", error);

  78.         printf("    %s\n", description);

  79.         failprint_ext(ext);

  80.     }

  81.     

  82.     return succ;

  83. }

  84. 

  85. static mask_t

  86. validate_tw_ext(

  87.     const struct tw_extensible_t *ext,

  88.     int evenness,

  89.     const char *description

  90. ) {

  91.     mask_t succ = validate_tw_extensible(ext), succ2;

  92.     const char *error = "Point isn't on the twisted curve.";

  93.     if (evenness > 0) {

  94.         succ2 = is_even_tw(ext);

  95.         if (succ &~ succ2) error = "Point isn't even.";

  96.         succ &= succ2;

  97.     } else if (evenness < 0) {

  98.         succ2 = is_even_tw(ext);

  99.         if (succ &~ succ2) error = "Point is even but shouldn't be.";

  100.         succ &= succ2;

  101.     } /* FUTURE: quadness */

  102.     

  103.     if (~succ) {

  104.         youfail();

  105.         printf("    %s\n", error);

  106.         printf("    %s\n", description);

  107.         failprint_tw_ext(ext);

  108.     }

  109.     

  110.     return succ;

  111. }

  112. 

  113. static mask_t

  114. fail_if_different_tw (

  115.     const struct tw_extensible_t *a,

  116.     const struct tw_extensible_t *b,

  117.     const char *faildescr,

  118.     const char *adescr,

  119.     const char *bdescr

  120. ) {

  121.     return fail_if_different(

  122.         (const struct extensible_t *)a, (const struct extensible_t *)b,

  123.         faildescr,adescr,bdescr

  124.     );

  125. }

  126. 

  127. static int

  128. add_double_test (

  129.     const struct affine_t *base1,

  130.     const struct affine_t *base2 

  131. ) {

  132.     mask_t succ = MASK_SUCCESS;

  133.     struct extensible_t exb;

  134.     struct tw_extensible_t text1, text2, texta, textb;

  135.     struct tw_pniels_t pn;

  136.     

  137.     /* Convert to ext */

  138.     convert_affine_to_extensible(&exb, base1);

  139.     succ &= validate_ext(&exb,0,"base1");

  140.     twist_and_double(&text1, &exb);

  141.     succ &= validate_tw_ext(&text1,2,"iso1");

  142.     convert_affine_to_extensible(&exb, base2);

  143.     succ &= validate_ext(&exb,0,"base2");

  144.     twist_and_double(&text2, &exb);

  145.     succ &= validate_tw_ext(&text2,2,"iso2");

  146.     

  147.     /* a + b == b + a? */

  148.     convert_tw_extensible_to_tw_pniels(&pn, &text1);

  149.     copy_tw_extensible(&texta, &text2);

  150.     add_tw_pniels_to_tw_extensible(&texta, &pn);

  151.     

  152.     convert_tw_extensible_to_tw_pniels(&pn, &text2);

  153.     copy_tw_extensible(&textb, &text1);

  154.     add_tw_pniels_to_tw_extensible(&textb, &pn);

  155.     

  156.     succ &= fail_if_different_tw(&texta,&textb,"Addition commutativity","a+b","b+a");

  157.     

  158.     copy_tw_extensible(&textb, &text2);

  159.     add_tw_pniels_to_tw_extensible(&textb, &pn);

  160.     copy_tw_extensible(&texta, &text2);

  161.     double_tw_extensible(&texta);

  162.     

  163.     succ &= fail_if_different_tw(&texta,&textb,"Doubling test","2b","b+b");

  164.     

  165.     if (~succ) {

  166.         printf("    Bases were:\n");

  167.         field_print("    x1", &base1->x);

  168.         field_print("    y1", &base1->y);

  169.         field_print("    x2", &base2->x);

  170.         field_print("    y2", &base2->y);

  171.     }

  172.     

  173.     return succ ? 0 : -1;

  174. }

  175. 

  176. static int

  177. single_twisting_test (

  178.     const struct affine_t *base

  179. ) {

  180.     struct extensible_t exb, ext, tmpext;

  181.     struct tw_extensible_t text, text2;

  182.     mask_t succ = MASK_SUCCESS;

  183.     

  184.     convert_affine_to_extensible(&exb, base);

  185.     succ &= validate_ext(&exb,0,"base");

  186.     

  187.     /* check: dual . iso = 4 */

  188.     twist_and_double(&text, &exb);

  189.     succ &= validate_tw_ext(&text,2,"iso");

  190.     untwist_and_double(&ext, &text);

  191.     succ &= validate_ext(&ext,2,"dual.iso");

  192.     

  193.     copy_extensible(&tmpext,&exb);

  194.     double_extensible(&tmpext);

  195.     succ &= validate_ext(&tmpext,1,"2*base");

  196.     

  197.     double_extensible(&tmpext);

  198.     succ &= validate_ext(&tmpext,2,"4*base");

  199.     

  200.     succ &= fail_if_different(&ext,&tmpext,"Isogeny and dual","Dual . iso","4*base");

  201.     

  202.     /* check: twist and serialize */

  203.     test_only_twist(&text, &exb);

  204.     succ &= validate_tw_ext(&text,0,"tot");

  205.     mask_t evt = is_even_tw(&text), evb = is_even_pt(&exb);

  206.     if (evt != evb) {

  207.         youfail();

  208.         printf("    Different evenness from twist base: %d, twist: %d\n", (int)-evt, (int)-evb);

  209.         

  210.         succ = 0;

  211.     } /* FUTURE: quadness */

  212.     

  213.     field_t sera,serb;

  214.     untwist_and_double_and_serialize(&sera,&text);

  215.     copy_extensible(&tmpext,&exb);

  216.     double_extensible(&tmpext);

  217.     serialize_extensible(&serb,&tmpext);

  218.     

  219.     /* check that their (doubled; FUTURE?) serializations are equal */

  220.     if (~field_eq(&sera,&serb)) {

  221.         youfail();

  222.         printf("    Different serialization from twist + double ()\n");

  223.         field_print("    t", &sera);

  224.         field_print("    b", &serb);

  225.         succ = 0;

  226.     }

  227.     

  228.     untwist_and_double(&ext, &text);

  229.     succ &= validate_ext(&tmpext,1,"dual.tot");

  230.     

  231.     twist_and_double(&text2, &ext);

  232.     succ &= validate_tw_ext(&text2,2,"iso.dual.tot");

  233. 

  234.     double_tw_extensible(&text);

  235.     succ &= validate_tw_ext(&text,1,"2*tot");

  236. 

  237.     double_tw_extensible(&text);

  238.     succ &= validate_tw_ext(&text,2,"4*tot");

  239.     

  240.     succ &= fail_if_different_tw(&text,&text2,"Dual and isogeny","4*tot","iso.dual.tot");

  241.     

  242.     if (~succ) {

  243.         printf("    Base was:\n");

  244.         field_print("    x", &base->x);

  245.         field_print("    y", &base->y);

  246.     }

  247.     

  248.     

  249.     return succ ? 0 : -1;

  250. }

  251. 

  252. int test_pointops (void) {

  253.     struct affine_t base, pbase;

  254.     struct field_t serf;

  255.     

  256.     struct crandom_state_t crand;

  257.     crandom_init_from_buffer(&crand, "test_pointops random initializer");

  258.     

  259.     int i, ret;

  260.     for (i=0; i<1000; i++) {

  261.         uint8_t ser[FIELD_BYTES];

  262.         crandom_generate(&crand, ser, sizeof(ser));

  263.         

  264.         /* TODO: we need a field generate, which can return random or pathological. */

  265.         mask_t succ = field_deserialize(&serf, ser);

  266.         if (!succ) {

  267.             youfail();

  268.             printf("   Unlikely: fail at field_deserialize\n");

  269.             return -1;

  270.         }

  271.         

  272.         if (i) {

  273.             copy_affine(&pbase, &base);

  274.         }

  275.         elligator_2s_inject(&base, &serf);

  276.         

  277.         if (i) {

  278.             ret = add_double_test(&base, &pbase);

  279.             if (ret) return ret;

  280.         }

  281.         

  282.         ret = single_twisting_test(&base);

  283.         if (ret) return ret;

  284.     }

  285.     

  286.     return 0;

  287. }