jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
177 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: c80d8d01db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c80d8d01db'
${ noResults }
ed448goldilocks/test/test_decaf.cxx

209 lines
6.0 KiB
Raw Blame History 

  1. /**

  2.  * @file test_decaf.cxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief C++ tests, because that's easier.

  10.  */

  11. 

  12. #include "decaf.hxx"

  13. #include "shake.hxx"

  14. #include <stdio.h>

  15. 

  16. 

  17. static bool passing = true;

  18. static const long NTESTS = 10000;

  19. 

  20. class Test {

  21. public:

  22.     bool passing_now;

  23.     Test(const char *test) {

  24.         passing_now = true;

  25.         printf("%s...", test);

  26.         if (strlen(test) < 27) printf("%*s",int(27-strlen(test)),"");

  27.         fflush(stdout);

  28.     }

  29.     ~Test() {

  30.         if (std::uncaught_exception()) {

  31.             fail();

  32.             printf("  due to uncaught exception.\n");

  33.         }

  34.         if (passing_now) printf("[PASS]\n");

  35.     }

  36.     void fail() {

  37.         if (!passing_now) return;

  38.         passing_now = passing = false;

  39.         printf("[FAIL]\n");

  40.     }

  41. };

  42. 

  43. template<decaf::GroupId GROUP> struct Tests {

  44. 

  45. typedef typename decaf::EcGroup<GROUP>::Scalar Scalar;

  46. typedef typename decaf::EcGroup<GROUP>::Point Point;

  47. typedef typename decaf::EcGroup<GROUP>::Precomputed Precomputed;

  48. 

  49. static void print(const char *name, const Scalar &x) {

  50.     unsigned char buffer[Scalar::SER_BYTES];

  51.     x.encode(buffer);

  52.     printf("  %s = 0x", name);

  53.     for (int i=sizeof(buffer)-1; i>=0; i--) {

  54.         printf("%02x", buffer[i]);

  55.     }

  56.     printf("\n");

  57. }

  58. 

  59. static void print(const char *name, const Point &x) {

  60.     unsigned char buffer[Point::SER_BYTES];

  61.     x.encode(buffer);

  62.     printf("  %s = 0x", name);

  63.     for (int i=sizeof(buffer)-1; i>=0; i--) {

  64.         printf("%02x", buffer[i]);

  65.     }

  66.     printf("\n");

  67. }

  68. 

  69. static bool arith_check(

  70.     Test &test,

  71.     const Scalar &x,

  72.     const Scalar &y,

  73.     const Scalar &z,

  74.     const Scalar &r,

  75.     const Scalar &l,

  76.     const char *name

  77. ) {

  78.     if (l == r) return true;

  79.     test.fail();

  80.     printf("  %s", name);

  81.     print("x", x);

  82.     print("y", y);

  83.     print("z", z);

  84.     print("lhs", r);

  85.     print("rhs", l);

  86.     return false;

  87. }

  88. 

  89. static bool point_check(

  90.     Test &test,

  91.     const Point &p,

  92.     const Point &q,

  93.     const Point &R,

  94.     const Scalar &x,

  95.     const Scalar &y,

  96.     const Point &l,

  97.     const Point &r,

  98.     const char *name

  99. ) {

  100.     bool good = l==r;

  101.     if (!p.validate()) { good = false; printf("  p invalid\n"); }

  102.     if (!q.validate()) { good = false; printf("  q invalid\n"); }

  103.     if (!r.validate()) { good = false; printf("  r invalid\n"); }

  104.     if (!l.validate()) { good = false; printf("  l invalid\n"); }

  105.     if (good) return true;

  106.     

  107.     test.fail();

  108.     printf("  %s", name);

  109.     print("x", x);

  110.     print("y", y);

  111.     print("p", p);

  112.     print("q", q);

  113.     print("r", R);

  114.     print("lhs", r);

  115.     print("rhs", l);

  116.     return false;

  117. }

  118. 

  119. static void test_arithmetic() {

  120.     decaf::SpongeRng rng(decaf::Block("test_arithmetic"));

  121.     

  122.     Test test("Arithmetic");

  123.     Scalar x(0),y(0),z(0);

  124.     arith_check(test,x,y,z,INT_MAX,(decaf_word_t)INT_MAX,"cast from max");

  125.     arith_check(test,x,y,z,INT_MIN,-Scalar(1+(decaf_word_t)INT_MAX),"cast from min");

  126.         

  127.     for (int i=0; i<NTESTS*10 && test.passing_now; i++) {

  128.         /* TODO: pathological cases */

  129.         size_t sob = DECAF_448_SCALAR_BYTES + 8 - (i%16);

  130.         Scalar x(rng.read(sob));

  131.         Scalar y(rng.read(sob));

  132.         Scalar z(rng.read(sob));

  133.         

  134. 

  135.         arith_check(test,x,y,z,x+y,y+x,"commute add");

  136.         arith_check(test,x,y,z,x,x+0,"ident add");

  137.         arith_check(test,x,y,z,x,x-0,"ident sub");

  138.         arith_check(test,x,y,z,x+(y+z),(x+y)+z,"assoc add");

  139.         arith_check(test,x,y,z,x*(y+z),x*y + x*z,"distributive mul/add");

  140.         arith_check(test,x,y,z,x*(y-z),x*y - x*z,"distributive mul/add");

  141.         arith_check(test,x,y,z,x*(y*z),(x*y)*z,"assoc mul");

  142.         arith_check(test,x,y,z,x*y,y*x,"commute mul");

  143.         arith_check(test,x,y,z,x,x*1,"ident mul");

  144.         arith_check(test,x,y,z,0,x*0,"mul by 0");

  145.         arith_check(test,x,y,z,-x,x*-1,"mul by -1");

  146.         arith_check(test,x,y,z,x+x,x*2,"mul by 2");

  147.         

  148.         if (i%20) continue;

  149.         if (y!=0) arith_check(test,x,y,z,x*y/y,x,"invert");

  150.         arith_check(test,x,y,z,x/0,0,"invert0");

  151.     }

  152. }

  153. 

  154. 

  155. static void test_ec() {

  156.     decaf::SpongeRng rng(decaf::Block("test_ec"));

  157.     

  158.     Test test("EC");

  159. 

  160.     Point id = Point::identity(), base = Point::base();

  161.     point_check(test,id,id,id,0,0,Point::from_hash(""),id,"fh0");

  162.     point_check(test,id,id,id,0,0,Point::from_hash("\x01"),id,"fh1");

  163.     

  164.     for (int i=0; i<NTESTS && test.passing_now; i++) {

  165.         /* TODO: pathological cases */

  166.         Scalar x(rng);

  167.         Scalar y(rng);

  168.         Point p(rng);

  169.         Point q(rng);

  170.         

  171.         decaf::SecureBuffer buffer(2*Point::HASH_BYTES);

  172.         rng.read(buffer);

  173.         Point r = Point::from_hash(buffer);

  174.         

  175.         point_check(test,p,q,r,0,0,p,Point((decaf::SecureBuffer)p),"round-trip");

  176.         point_check(test,p,q,r,0,0,p+q,q+p,"commute add");

  177.         point_check(test,p,q,r,0,0,p+(q+r),(p+q)+r,"assoc add");

  178.         point_check(test,p,q,r,0,0,p.times_two(),p+p,"dbl add");

  179.         

  180.         if (i%10) continue;

  181.         point_check(test,p,q,r,x,0,x*(p+q),x*p+x*q,"distr mul");

  182.         point_check(test,p,q,r,x,y,(x*y)*p,x*(y*p),"assoc mul");

  183.         point_check(test,p,q,r,x,y,x*p+y*q,Point::double_scalarmul(x,p,y,q),"ds mul");

  184.         point_check(test,base,q,r,x,y,x*base+y*q,q.non_secret_combo_with_base(y,x),"ds vt mul");

  185.         point_check(test,p,q,r,x,0,Precomputed(p)*x,p*x,"precomp mul");

  186.         point_check(test,p,q,r,0,0,r,

  187.             Point::from_hash(buffer.slice(0,Point::HASH_BYTES))

  188.             + Point::from_hash(buffer.slice(Point::HASH_BYTES,Point::HASH_BYTES)),

  189.             "unih = hash+add"

  190.         );

  191.             

  192. 

  193.         point_check(test,p,q,r,x,0,Point(x.direct_scalarmul(decaf::SecureBuffer(p))),x*p,"direct mul");

  194.     }

  195. }

  196. 

  197. }; // template<decaf::GroupId GROUP>

  198. 

  199. int main(int argc, char **argv) {

  200.     (void) argc; (void) argv;

  201.     

  202.     Tests<448>::test_arithmetic();

  203.     Tests<448>::test_ec();

  204.     

  205.     if (passing) printf("Passed all tests.\n");

  206.     

  207.     return passing ? 0 : 1;

  208. }