jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
206 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: e4cb764842
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e4cb764842'
${ noResults }
ed448goldilocks/test/test_decaf.cxx

289 lines
9.0 KiB
Raw Blame History 

  1. /**

  2.  * @file test_decaf.cxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief C++ tests, because that's easier.

  10.  */

  11. 

  12. #include "decaf.hxx"

  13. #include "shake.hxx"

  14. #include "decaf_crypto.h"

  15. #include <stdio.h>

  16. 

  17. 

  18. static bool passing = true;

  19. static const long NTESTS = 10000;

  20. 

  21. class Test {

  22. public:

  23.     bool passing_now;

  24.     Test(const char *test) {

  25.         passing_now = true;

  26.         printf("%s...", test);

  27.         if (strlen(test) < 27) printf("%*s",int(27-strlen(test)),"");

  28.         fflush(stdout);

  29.     }

  30.     ~Test() {

  31.         if (std::uncaught_exception()) {

  32.             fail();

  33.             printf("  due to uncaught exception.\n");

  34.         }

  35.         if (passing_now) printf("[PASS]\n");

  36.     }

  37.     void fail() {

  38.         if (!passing_now) return;

  39.         passing_now = passing = false;

  40.         printf("[FAIL]\n");

  41.     }

  42. };

  43. 

  44. template<typename Group> struct Tests {

  45. 

  46. typedef typename Group::Scalar Scalar;

  47. typedef typename Group::Point Point;

  48. typedef typename Group::Precomputed Precomputed;

  49. 

  50. static void print(const char *name, const Scalar &x) {

  51.     unsigned char buffer[Scalar::SER_BYTES];

  52.     x.encode(buffer);

  53.     printf("  %s = 0x", name);

  54.     for (int i=sizeof(buffer)-1; i>=0; i--) {

  55.         printf("%02x", buffer[i]);

  56.     }

  57.     printf("\n");

  58. }

  59. 

  60. static void print(const char *name, const Point &x) {

  61.     unsigned char buffer[Point::SER_BYTES];

  62.     x.encode(buffer);

  63.     printf("  %s = 0x", name);

  64.     for (int i=sizeof(buffer)-1; i>=0; i--) {

  65.         printf("%02x", buffer[i]);

  66.     }

  67.     printf("\n");

  68. }

  69. 

  70. static bool arith_check(

  71.     Test &test,

  72.     const Scalar &x,

  73.     const Scalar &y,

  74.     const Scalar &z,

  75.     const Scalar &r,

  76.     const Scalar &l,

  77.     const char *name

  78. ) {

  79.     if (l == r) return true;

  80.     test.fail();

  81.     printf("  %s", name);

  82.     print("x", x);

  83.     print("y", y);

  84.     print("z", z);

  85.     print("lhs", r);

  86.     print("rhs", l);

  87.     return false;

  88. }

  89. 

  90. static bool point_check(

  91.     Test &test,

  92.     const Point &p,

  93.     const Point &q,

  94.     const Point &R,

  95.     const Scalar &x,

  96.     const Scalar &y,

  97.     const Point &l,

  98.     const Point &r,

  99.     const char *name

  100. ) {

  101.     bool good = l==r;

  102.     if (!p.validate()) { good = false; printf("  p invalid\n"); }

  103.     if (!q.validate()) { good = false; printf("  q invalid\n"); }

  104.     if (!r.validate()) { good = false; printf("  r invalid\n"); }

  105.     if (!l.validate()) { good = false; printf("  l invalid\n"); }

  106.     if (good) return true;

  107.     

  108.     test.fail();

  109.     printf("  %s", name);

  110.     print("x", x);

  111.     print("y", y);

  112.     print("p", p);

  113.     print("q", q);

  114.     print("r", R);

  115.     print("lhs", l);

  116.     print("rhs", r);

  117.     return false;

  118. }

  119. 

  120. static void test_arithmetic() {

  121.     decaf::SpongeRng rng(decaf::Block("test_arithmetic"));

  122.     

  123.     Test test("Arithmetic");

  124.     Scalar x(0),y(0),z(0);

  125.     arith_check(test,x,y,z,INT_MAX,(decaf_word_t)INT_MAX,"cast from max");

  126.     arith_check(test,x,y,z,INT_MIN,-Scalar(1+(decaf_word_t)INT_MAX),"cast from min");

  127.         

  128.     for (int i=0; i<NTESTS*10 && test.passing_now; i++) {

  129.         /* TODO: pathological cases */

  130.         size_t sob = DECAF_255_SCALAR_BYTES + 8 - (i%16);

  131.         Scalar x(rng.read(sob));

  132.         Scalar y(rng.read(sob));

  133.         Scalar z(rng.read(sob));

  134.         

  135. 

  136.         arith_check(test,x,y,z,x+y,y+x,"commute add");

  137.         arith_check(test,x,y,z,x,x+0,"ident add");

  138.         arith_check(test,x,y,z,x,x-0,"ident sub");

  139.         arith_check(test,x,y,z,x+(y+z),(x+y)+z,"assoc add");

  140.         arith_check(test,x,y,z,x*(y+z),x*y + x*z,"distributive mul/add");

  141.         arith_check(test,x,y,z,x*(y-z),x*y - x*z,"distributive mul/add");

  142.         arith_check(test,x,y,z,x*(y*z),(x*y)*z,"assoc mul");

  143.         arith_check(test,x,y,z,x*y,y*x,"commute mul");

  144.         arith_check(test,x,y,z,x,x*1,"ident mul");

  145.         arith_check(test,x,y,z,0,x*0,"mul by 0");

  146.         arith_check(test,x,y,z,-x,x*-1,"mul by -1");

  147.         arith_check(test,x,y,z,x+x,x*2,"mul by 2");

  148.         

  149.         if (i%20) continue;

  150.         if (y!=0) arith_check(test,x,y,z,x*y/y,x,"invert");

  151.         arith_check(test,x,y,z,x/0,0,"invert0");

  152.     }

  153. }

  154. 

  155. static void test_elligator() {

  156.     decaf::SpongeRng rng(decaf::Block("test_elligator"));

  157.     Test test("Elligator");

  158.     

  159.     for (int i=0; i<16; i++) {

  160.         decaf::SecureBuffer b1(Point::HASH_BYTES);

  161.         Point p = Point::identity();

  162.         if (i>=8) p.debugging_torque_in_place();

  163.         bool succ = p.invert_elligator(b1,i&7);

  164.         Point q;

  165.         unsigned char hint = q.set_to_hash(b1);

  166. 

  167.         if (succ != ((i&7) != 4) || (q != p) || (succ && (hint != (i&7)))) {

  168.             test.fail();

  169.             printf("Elligator test: t=%d, h=%d->%d, q%sp, %s %02x%02x\n",

  170.                 i/8, i&7, hint, (q==p)?"==":"!=",succ ? "SUCC" : "FAIL",

  171.                 b1[0], b1[1]);

  172.         }

  173.     }

  174. 

  175.     for (int i=0; i<NTESTS /*&& test.passing_now*/; i++) {

  176.         size_t len = (i % (2*Point::HASH_BYTES + 3));

  177.         decaf::SecureBuffer b1(len), b2(len);

  178.         rng.read(b1);

  179.         if (i==1) b1[0] = 1; /* special case test */

  180.         if (len > Point::HASH_BYTES)

  181.             memcpy(&b2[Point::HASH_BYTES], &b1[Point::HASH_BYTES], len-Point::HASH_BYTES);

  182.         Point s;

  183.         unsigned char hint = s.set_to_hash(b1);

  184.         if (i&1) s.debugging_torque_in_place();

  185.         bool succ = s.invert_elligator(b2,hint);

  186.         if (!succ || memcmp(b1,b2,len)) {

  187.             test.fail();

  188.             printf("    Fail elligator inversion i=%d, len=%d (claimed %s, hint=0x%02x)\n",

  189.                 i, (int)len, succ ? "success" : "failure", hint);

  190.         }

  191.         

  192.         // Point t(rng);

  193. //point_check(test,t,t,t,0,0,t,Point::from_hash(t.steg_encode(rng)),"steg round-trip");

  194.     }

  195. }

  196. 

  197. static void test_ec() {

  198.     decaf::SpongeRng rng(decaf::Block("test_ec"));

  199.     

  200.     Test test("EC");

  201. 

  202.     Point id = Point::identity(), base = Point::base();

  203.     point_check(test,id,id,id,0,0,Point::from_hash(""),id,"fh0");

  204.     //point_check(test,id,id,id,0,0,Point::from_hash("\x01"),id,"fh1"); // FIXME

  205.     

  206.     for (int i=0; i<NTESTS && test.passing_now; i++) {

  207.         /* TODO: pathological cases */

  208.         Scalar x(rng);

  209.         Scalar y(rng);

  210.         Point p(rng);

  211.         Point q(rng);

  212.         

  213.         decaf::SecureBuffer buffer(2*Point::HASH_BYTES);

  214.         rng.read(buffer);

  215.         Point r = Point::from_hash(buffer);

  216.         

  217.         point_check(test,p,q,r,0,0,p,Point((decaf::SecureBuffer)p),"round-trip");

  218.         point_check(test,p,q,r,0,0,p+q,q+p,"commute add");

  219.         point_check(test,p,q,r,0,0,(p-q)+q,p,"correct sub");

  220.         point_check(test,p,q,r,0,0,p+(q+r),(p+q)+r,"assoc add");

  221.         point_check(test,p,q,r,0,0,p.times_two(),p+p,"dbl add");

  222.         

  223.         if (i%10) continue;

  224.         point_check(test,p,q,r,x,0,x*(p+q),x*p+x*q,"distr mul");

  225.         point_check(test,p,q,r,x,y,(x*y)*p,x*(y*p),"assoc mul");

  226.         point_check(test,p,q,r,x,y,x*p+y*q,Point::double_scalarmul(x,p,y,q),"ds mul");

  227.         point_check(test,base,q,r,x,y,x*base+y*q,q.non_secret_combo_with_base(y,x),"ds vt mul");

  228.         point_check(test,p,q,r,x,0,Precomputed(p)*x,p*x,"precomp mul");

  229.         point_check(test,p,q,r,0,0,r,

  230.             Point::from_hash(buffer.slice(0,Point::HASH_BYTES))

  231.             + Point::from_hash(buffer.slice(Point::HASH_BYTES,Point::HASH_BYTES)),

  232.             "unih = hash+add"

  233.         );

  234.             

  235. 

  236.         point_check(test,p,q,r,x,0,Point(x.direct_scalarmul(decaf::SecureBuffer(p))),x*p,"direct mul");

  237.     }

  238. }

  239. 

  240. }; // template<decaf::GroupId GROUP>

  241. 

  242. 

  243. static void test_decaf() {

  244.     Test test("Sample crypto");

  245.     decaf::SpongeRng rng(decaf::Block("test_decaf"));

  246. 

  247.     decaf_255_symmetric_key_t proto1,proto2;

  248.     decaf_255_private_key_t s1,s2;

  249.     decaf_255_public_key_t p1,p2;

  250.     decaf_255_signature_t sig;

  251.     unsigned char shared1[1234],shared2[1234];

  252.     const char *message = "Hello, world!";

  253. 

  254.     for (int i=0; i<NTESTS && test.passing_now; i++) {

  255.         rng.read(decaf::TmpBuffer(proto1,sizeof(proto1)));

  256.         rng.read(decaf::TmpBuffer(proto2,sizeof(proto2)));

  257.         decaf_255_derive_private_key(s1,proto1);

  258.         decaf_255_private_to_public(p1,s1);

  259.         decaf_255_derive_private_key(s2,proto2);

  260.         decaf_255_private_to_public(p2,s2);

  261.         if (!decaf_255_shared_secret (shared1,sizeof(shared1),s1,p2)) {

  262.             test.fail(); printf("Fail ss12\n");

  263.         }

  264.         if (!decaf_255_shared_secret (shared2,sizeof(shared2),s2,p1)) {

  265.             test.fail(); printf("Fail ss21\n");

  266.         }

  267.         if (memcmp(shared1,shared2,sizeof(shared1))) {

  268.             test.fail(); printf("Fail ss21 == ss12\n");   

  269.         }

  270.         decaf_255_sign (sig,s1,(const unsigned char *)message,strlen(message));

  271.         if (!decaf_255_verify (sig,p1,(const unsigned char *)message,strlen(message))) {

  272.             test.fail(); printf("Fail sig ver\n");   

  273.         }

  274.     }

  275. }

  276. 

  277. int main(int argc, char **argv) {

  278.     (void) argc; (void) argv;

  279.     

  280.     Tests<decaf::Ed255>::test_arithmetic();

  281.     Tests<decaf::Ed255>::test_elligator();

  282.     Tests<decaf::Ed255>::test_ec();

  283.     test_decaf();

  284.     

  285.     if (passing) printf("Passed all tests.\n");

  286.     

  287.     return passing ? 0 : 1;

  288. }