jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: d383dfe91e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd383dfe91e'
${ noResults }
ed448goldilocks/test/test_pointops.c

416 lines
12 KiB
Raw Blame History 

  1. #include "test.h"

  2. 

  3. #include <stdio.h>

  4. 

  5. #include "ec_point.h"

  6. #include "magic.h"

  7. #include "field.h"

  8. #include "crandom.h"

  9. 

  10. 

  11. static void

  12. failprint_ext (

  13.     const struct extensible_t *a

  14. ) {

  15.     field_a_t zi, scaled;

  16.     field_print("    x", a->x);

  17.     field_print("    y", a->y);

  18.     field_print("    z", a->z);

  19.     field_inverse(zi, a->z);

  20.     field_mul(scaled, zi, a->x);

  21.     field_print("    X", scaled);

  22.     field_mul(scaled, zi, a->y);

  23.     field_print("    Y", scaled);

  24.     printf("\n");

  25. }

  26. 

  27. static void

  28. failprint_tw_ext (

  29.     const struct tw_extensible_t *a

  30. ) {

  31.     failprint_ext((const struct extensible_t *)a);

  32. }

  33. 

  34. static mask_t

  35. fail_if_different (

  36.     const struct extensible_t *a,

  37.     const struct extensible_t *b,

  38.     const char *faildescr,

  39.     const char *adescr,

  40.     const char *bdescr

  41. ) {

  42.     mask_t succ = eq_extensible(a, b);

  43.     

  44.     if (!succ) {

  45.         youfail();

  46.         printf("    %s\n", faildescr);

  47.         

  48.         printf("\n    %s:\n", adescr);

  49.         failprint_ext(a);

  50.         

  51.         printf("\n    %s:\n", bdescr);

  52.         failprint_ext(b);

  53.     }

  54.     

  55.     return succ;

  56. }

  57. 

  58. static mask_t

  59. validate_ext(

  60.     const struct extensible_t *ext,

  61.     int evenness,

  62.     const char *description

  63. ) {

  64.     mask_t succ = validate_extensible(ext), succ2;

  65.     const char *error = "Point isn't on the curve.";

  66.     if (evenness > 0) {

  67.         succ2 = is_even_pt(ext);

  68.         if (succ &~ succ2) error = "Point isn't even.";

  69.         succ &= succ2;

  70.     } else if (evenness < 0) {

  71.         succ2 = is_even_pt(ext);

  72.         if (succ &~ succ2) error = "Point is even but shouldn't be.";

  73.         succ &= succ2;

  74.     } /* FUTURE: quadness */

  75.     

  76.     if (~succ) {

  77.         youfail();

  78.         printf("    %s\n", error);

  79.         printf("    %s\n", description);

  80.         failprint_ext(ext);

  81.     }

  82.     

  83.     return succ;

  84. }

  85. 

  86. static mask_t

  87. validate_tw_ext(

  88.     const struct tw_extensible_t *ext,

  89.     int evenness,

  90.     const char *description

  91. ) {

  92.     mask_t succ = validate_tw_extensible(ext), succ2;

  93.     const char *error = "Point isn't on the twisted curve.";

  94.     if (evenness > 0) {

  95.         succ2 = is_even_tw(ext);

  96.         if (succ &~ succ2) error = "Point isn't even.";

  97.         succ &= succ2;

  98.     } else if (evenness < 0) {

  99.         succ2 = is_even_tw(ext);

  100.         if (succ &~ succ2) error = "Point is even but shouldn't be.";

  101.         succ &= succ2;

  102.     } /* FUTURE: quadness */

  103.     

  104.     if (~succ) {

  105.         youfail();

  106.         printf("    %s\n", error);

  107.         printf("    %s\n", description);

  108.         failprint_tw_ext(ext);

  109.     }

  110.     

  111.     return succ;

  112. }

  113. 

  114. static mask_t

  115. fail_if_different_tw (

  116.     const struct tw_extensible_t *a,

  117.     const struct tw_extensible_t *b,

  118.     const char *faildescr,

  119.     const char *adescr,

  120.     const char *bdescr

  121. ) {

  122.     return fail_if_different(

  123.         (const struct extensible_t *)a, (const struct extensible_t *)b,

  124.         faildescr,adescr,bdescr

  125.     );

  126. }

  127. 

  128. static int

  129. add_double_test (

  130.     const struct affine_t *base1,

  131.     const struct affine_t *base2 

  132. ) {

  133.     mask_t succ = MASK_SUCCESS;

  134.     struct extensible_t exb;

  135.     struct tw_extensible_t text1, text2, texta, textb;

  136.     struct tw_pniels_t pn;

  137.     

  138.     /* Convert to ext */

  139.     convert_affine_to_extensible(&exb, base1);

  140.     succ &= validate_ext(&exb,0,"base1");

  141.     twist_and_double(&text1, &exb);

  142.     succ &= validate_tw_ext(&text1,2,"iso1");

  143.     convert_affine_to_extensible(&exb, base2);

  144.     succ &= validate_ext(&exb,0,"base2");

  145.     twist_and_double(&text2, &exb);

  146.     succ &= validate_tw_ext(&text2,2,"iso2");

  147.     

  148.     /* a + b == b + a? */

  149.     convert_tw_extensible_to_tw_pniels(&pn, &text1);

  150.     copy_tw_extensible(&texta, &text2);

  151.     add_tw_pniels_to_tw_extensible(&texta, &pn);

  152.     

  153.     convert_tw_extensible_to_tw_pniels(&pn, &text2);

  154.     copy_tw_extensible(&textb, &text1);

  155.     add_tw_pniels_to_tw_extensible(&textb, &pn);

  156.     

  157.     succ &= fail_if_different_tw(&texta,&textb,"Addition commutativity","a+b","b+a");

  158.     

  159.     copy_tw_extensible(&textb, &text2);

  160.     add_tw_pniels_to_tw_extensible(&textb, &pn);

  161.     copy_tw_extensible(&texta, &text2);

  162.     double_tw_extensible(&texta);

  163.     

  164.     succ &= fail_if_different_tw(&texta,&textb,"Doubling test","2b","b+b");

  165.     

  166.     if (~succ) {

  167.         printf("    Bases were:\n");

  168.         field_print("    x1", base1->x);

  169.         field_print("    y1", base1->y);

  170.         field_print("    x2", base2->x);

  171.         field_print("    y2", base2->y);

  172.     }

  173.     

  174.     return succ ? 0 : -1;

  175. }

  176. 

  177. static int

  178. single_twisting_test (

  179.     const struct affine_t *base

  180. ) {

  181.     struct extensible_t exb, ext, tmpext;

  182.     struct tw_extensible_t text, text2;

  183.     mask_t succ = MASK_SUCCESS;

  184.     

  185.     convert_affine_to_extensible(&exb, base);

  186.     succ &= validate_ext(&exb,0,"base");

  187.     

  188.     /* check: dual . iso = 4 */

  189.     twist_and_double(&text, &exb);

  190.     succ &= validate_tw_ext(&text,2,"iso");

  191.     untwist_and_double(&ext, &text);

  192.     succ &= validate_ext(&ext,2,"dual.iso");

  193.     

  194.     copy_extensible(&tmpext,&exb);

  195.     double_extensible(&tmpext);

  196.     succ &= validate_ext(&tmpext,1,"2*base");

  197.     

  198.     double_extensible(&tmpext);

  199.     succ &= validate_ext(&tmpext,2,"4*base");

  200.     

  201.     succ &= fail_if_different(&ext,&tmpext,"Isogeny and dual","Dual . iso","4*base");

  202.     

  203.     /* check: twist and serialize */

  204.     test_only_twist(&text, &exb);

  205.     succ &= validate_tw_ext(&text,0,"tot");

  206.     mask_t evt = is_even_tw(&text), evb = is_even_pt(&exb);

  207.     if (evt != evb) {

  208.         youfail();

  209.         printf("    Different evenness from twist base: %d, twist: %d\n", (int)-evt, (int)-evb);

  210.         

  211.         succ = 0;

  212.     } /* FUTURE: quadness */

  213.     

  214.     field_a_t sera,serb;

  215.     untwist_and_double_and_serialize(sera,&text);

  216.     copy_extensible(&tmpext,&exb);

  217.     double_extensible(&tmpext);

  218.     serialize_extensible(serb,&tmpext);

  219.     

  220.     /* check that their (doubled; FUTURE?) serializations are equal */

  221.     if (~field_eq(sera,serb)) {

  222.         youfail();

  223.         printf("    Different serialization from twist + double ()\n");

  224.         field_print("    t", sera);

  225.         field_print("    b", serb);

  226.         succ = 0;

  227.     }

  228.     

  229.     untwist_and_double(&ext, &text);

  230.     succ &= validate_ext(&tmpext,1,"dual.tot");

  231.     

  232.     twist_and_double(&text2, &ext);

  233.     succ &= validate_tw_ext(&text2,2,"iso.dual.tot");

  234. 

  235.     double_tw_extensible(&text);

  236.     succ &= validate_tw_ext(&text,1,"2*tot");

  237. 

  238.     double_tw_extensible(&text);

  239.     succ &= validate_tw_ext(&text,2,"4*tot");

  240.     

  241.     succ &= fail_if_different_tw(&text,&text2,"Dual and isogeny","4*tot","iso.dual.tot");

  242.     

  243.     if (~succ) {

  244.         printf("    Base was:\n");

  245.         field_print("    x", base->x);

  246.         field_print("    y", base->y);

  247.     }

  248.     

  249.     

  250.     return succ ? 0 : -1;

  251. }

  252. 

  253. int test_decaf (void) {

  254.     struct affine_t base;

  255.     struct tw_affine_t tw_base;

  256.     field_a_t serf;

  257.     

  258.     struct crandom_state_t crand;

  259.     crandom_init_from_buffer(&crand, "my test_decaf random initializer");

  260.     

  261.     int i, hits = 0, fails = 0;

  262.     for (i=0; i<1000; i++) {

  263.         uint8_t ser[FIELD_BYTES];

  264.         crandom_generate(&crand, ser, sizeof(ser));

  265.         #if (FIELD_BITS % 8)

  266.             ser[FIELD_BYTES-1] &= (1<<(FIELD_BITS%8)) - 1;

  267.         #endif

  268.         ser[0] &= ~1;

  269. 

  270.         mask_t succ = field_deserialize(serf, ser);

  271.         if (!succ) {

  272.             youfail();

  273.             printf("   Unlikely: fail at field_deserialize\n");

  274.             return -1;

  275.         }

  276.         

  277.         succ &= decaf_deserialize_affine(&base, serf, 0);

  278.         if (!succ) continue;

  279.         

  280.         hits++;

  281.         field_a_t serf2;

  282.         struct extensible_t ext;

  283.         convert_affine_to_extensible(&ext, &base);

  284.         decaf_serialize_extensible(serf2, &ext);

  285.         

  286.         if (~validate_affine(&base)) {

  287.             youfail();

  288.             printf("Invalid decaf deser:\n");

  289.             field_print("    s", serf);

  290.             field_print("    x", base.x);

  291.             field_print("    y", base.y);

  292.             fails ++;

  293.         } else if (~field_eq(serf, serf2)) {

  294.             youfail();

  295.             printf("Fail round-trip through decaf ser:\n");

  296.             field_print("    s", serf);

  297.             field_print("    x", base.x);

  298.             field_print("    y", base.y);

  299.             printf("    deser is %s\n", validate_affine(&base) ? "valid" : "invalid");

  300.             field_print("    S", serf2);

  301.             fails ++;

  302.         } else if (~is_even_pt(&ext)) {

  303.             youfail();

  304.             printf("Decaf deser isn't even:\n");

  305.             field_print("    s", serf);

  306.             field_print("    x", base.x);

  307.             field_print("    y", base.y);

  308.             fails ++;

  309.         }

  310.         

  311.         succ = decaf_deserialize_tw_affine(&tw_base, serf, 0);

  312.         struct tw_extensible_t tw_ext, tw_ext2;

  313.         convert_tw_affine_to_tw_extensible(&tw_ext, &tw_base);

  314.         decaf_serialize_tw_extensible(serf2, &tw_ext);

  315.         

  316.         twist_even(&tw_ext2, &ext);

  317. 

  318.         if (~validate_tw_extensible(&tw_ext)) {

  319.             youfail();

  320.             printf("Invalid decaf tw deser:\n");

  321.             field_print("    s", serf);

  322.             field_print("    x", tw_base.x);

  323.             field_print("    y", tw_base.y);

  324.             fails ++;

  325.         } else if (~field_eq(serf, serf2)) {

  326.             youfail();

  327.             printf("Fail round-trip through decaf ser:\n");

  328.             field_print("    s", serf);

  329.             field_print("    x", tw_base.x);

  330.             field_print("    y", tw_base.y);

  331.             printf("    tw deser is %s\n", validate_tw_extensible(&tw_ext) ? "valid" : "invalid");

  332.             field_print("    S", serf2);

  333.             fails ++;

  334.         } else if (~is_even_tw(&tw_ext)) {

  335.             youfail();

  336.             printf("Decaf tw deser isn't even:\n");

  337.             field_print("    s", serf);

  338.             field_print("    x", tw_base.x);

  339.             field_print("    y", tw_base.y);

  340.             fails ++;

  341.         } else if (~decaf_eq_tw_extensible(&tw_ext,&tw_ext2)) {

  342.             youfail();

  343.             printf("Decaf tw doesn't equal ext:\n");

  344.             field_print("    s",  serf);

  345.             field_print("    x1", base.x);

  346.             field_print("    y1", base.y);

  347.             field_print("    x2", tw_base.x);

  348.             field_print("    y2", tw_base.y);

  349.             field_print("    X2", tw_ext2.x);

  350.             field_print("    Y2", tw_ext2.y);

  351.             fails ++;

  352.         }

  353.         

  354.     }

  355.     if (hits < 350) {

  356.         youfail();

  357.         printf("   Unlikely: only %d successes in decaf_deser\n", hits);

  358.         return -1;

  359.     } else if (fails) {

  360.         return -1;

  361.     } else {

  362.         return 0;

  363.     }

  364. }

  365. 

  366. int test_pointops (void) {

  367.     struct affine_t base, pbase;

  368.     field_a_t serf;

  369.     

  370.     struct crandom_state_t crand;

  371.     crandom_init_from_buffer(&crand, "test_pointops random initializer");

  372.     

  373.     struct extensible_t ext_base;

  374.     if (!validate_affine(&goldilocks_base_point)) {

  375.         youfail();

  376.         printf("  Base point isn't on the curve.\n");

  377.         return -1;

  378.     }

  379.     convert_affine_to_extensible(&ext_base, &goldilocks_base_point);

  380.     if (!validate_ext(&ext_base, 2, "base")) return -1;

  381.     

  382.     int i, ret;

  383.     for (i=0; i<1000; i++) {

  384.         uint8_t ser[FIELD_BYTES];

  385.         crandom_generate(&crand, ser, sizeof(ser));

  386. 

  387. 

  388.         #if (FIELD_BITS % 8)

  389.             ser[FIELD_BYTES-1] &= (1<<(FIELD_BITS%8)) - 1;

  390.         #endif

  391.         

  392.         /* TODO: we need a field generate, which can return random or pathological. */

  393.         mask_t succ = field_deserialize(serf, ser);

  394.         if (!succ) {

  395.             youfail();

  396.             printf("   Unlikely: fail at field_deserialize\n");

  397.             return -1;

  398.         }

  399.         

  400.         if (i) {

  401.             copy_affine(&pbase, &base);

  402.         }

  403.         elligator_2s_inject(&base, serf);

  404.         

  405.         if (i) {

  406.             ret = add_double_test(&base, &pbase);

  407.             if (ret) return ret;

  408.         }

  409.         

  410.         ret = single_twisting_test(&base);

  411.         //if (ret) return ret;

  412.     }

  413.     

  414.     return 0;

  415. }