1 files changed, 212 insertions, 0 deletions
diff --git a/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c b/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c
new file mode 100644
index 000000000..85460cb05
--- /dev/null
+++ b/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c
@@ -0,0 +1,212 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2015 GNUnet e.V.
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file util/test_ecc_scalarproduct.c
+ * @brief testcase for math behind ECC SP calculation
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include <gcrypt.h>
+/**
+ * Global context.
+ */
+static struct GNUNET_CRYPTO_EccDlogContext *edc;
+/**
+ * Perform SP calculation.
+ *
+ * @param avec 0-terminated vector of Alice's values
+ * @param bvec 0-terminated vector of Bob's values
+ * @return avec * bvec
+ */
+static int
+test_sp (const unsigned int *avec,
+         const unsigned int *bvec)
+{
+  unsigned int len;
+  struct GNUNET_CRYPTO_EccScalar a;
+  struct GNUNET_CRYPTO_EccScalar a_neg;
+  struct GNUNET_CRYPTO_EccPoint *g;
+  struct GNUNET_CRYPTO_EccPoint *h;
+  struct GNUNET_CRYPTO_EccPoint pg;
+  struct GNUNET_CRYPTO_EccPoint ph;
+  /* determine length */
+  for (len = 0; 0 != avec[len]; len++)
+    ;
+  if (0 == len)
+    return 0;
+  /* Alice */
+  GNUNET_CRYPTO_ecc_rnd_mpi (&a,
+                             &a_neg);
+  g = GNUNET_new_array (len,
+                        struct GNUNET_CRYPTO_EccPoint);
+  h = GNUNET_new_array (len,
+                        struct GNUNET_CRYPTO_EccPoint);
+  for (unsigned int i = 0; i < len; i++)
+  {
+    struct GNUNET_CRYPTO_EccScalar tmp;
+    struct GNUNET_CRYPTO_EccScalar ri;
+    struct GNUNET_CRYPTO_EccScalar ria;
+    GNUNET_CRYPTO_ecc_random_mod_n (&ri);
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
+                                               &g[i]));
+    /* ria = ri * a mod L, where L is the order of the main subgroup */
+    crypto_core_ed25519_scalar_mul (ria.v,
+                                    ri.v,
+                                    a.v);
+    /* tmp = ria + avec[i] */
+    {
+      int64_t val = avec[i];
+      struct GNUNET_CRYPTO_EccScalar vali;
+      GNUNET_assert (INT64_MIN != val);
+      GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+                                         &vali);
+      if (val > 0)
+        crypto_core_ed25519_scalar_add (tmp.v,
+                                        ria.v,
+                                        vali.v);
+      else
+        crypto_core_ed25519_scalar_sub (tmp.v,
+                                        ria.v,
+                                        vali.v);
+    }
+    /* h[i] = g^tmp = g^{ria + avec[i]} */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
+                                               &h[i]));
+  }
+  /* Bob */
+  for (unsigned int i = 0; i < len; i++)
+  {
+    struct GNUNET_CRYPTO_EccPoint gm;
+    struct GNUNET_CRYPTO_EccPoint hm;
+    {
+      int64_t val = bvec[i];
+      struct GNUNET_CRYPTO_EccScalar vali;
+      GNUNET_assert (INT64_MIN != val);
+      GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
+                                         &vali);
+      if (val < 0)
+        crypto_core_ed25519_scalar_negate (vali.v,
+                                           vali.v);
+      /* gm = g[i]^vali */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
+                                                 &vali,
+                                                 &gm));
+      /* hm = h[i]^vali */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
+                                                 &vali,
+                                                 &hm));
+    }
+    if (0 != i)
+    {
+      /* pg += gm */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_add (&gm,
+                                            &pg,
+                                            &pg));
+      /* ph += hm */
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_ecc_add (&hm,
+                                            &ph,
+                                            &ph));
+    }
+    else
+    {
+      pg = gm;
+      ph = hm;
+    }
+  }
+  GNUNET_free (g);
+  GNUNET_free (h);
+  /* Alice */
+  {
+    struct GNUNET_CRYPTO_EccPoint pgi;
+    struct GNUNET_CRYPTO_EccPoint gsp;
+    /* pgi = pg^inv */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
+                                               &a_neg,
+                                               &pgi));
+    /* gsp = pgi + ph */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecc_add (&pgi,
+                                          &ph,
+                                          &gsp));
+    return GNUNET_CRYPTO_ecc_dlog (edc,
+                                   &gsp);
+  }
+}
+/**
+ * Macro that checks that @a want is equal to @a have and
+ * if not returns with a failure code.
+ */
+#define CHECK(want,have) do { \
+    if (want != have) {         \
+      GNUNET_break (0);         \
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \
+                  "Wanted %d, got %d\n", want, have);   \
+      GNUNET_CRYPTO_ecc_dlog_release (edc); \
+      return 1; \
+    } } while (0)
+int
+main (int argc, char *argv[])
+{
+  static unsigned int v11[] = { 1, 1, 0 };
+  static unsigned int v22[] = { 2, 2, 0 };
+  static unsigned int v35[] = { 3, 5, 0 };
+  static unsigned int v24[] = { 2, 4, 0 };
+  GNUNET_log_setup ("test-ecc-scalarproduct",
+                    "WARNING",
+                    NULL);
+  edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);
+  CHECK (2, test_sp (v11, v11));
+  CHECK (4, test_sp (v22, v11));
+  CHECK (8, test_sp (v35, v11));
+  CHECK (26, test_sp (v35, v24));
+  CHECK (26, test_sp (v24, v35));
+  CHECK (16, test_sp (v22, v35));
+  GNUNET_CRYPTO_ecc_dlog_release (edc);
+  return 0;
+}
+/* end of test_ecc_scalarproduct.c */

diff --git a/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c b/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c new file mode 100644 index 000000000..85460cb05 --- /dev/null +++ b/src/contrib/service/scalarproduct/test_ecc_scalarproduct.c
@@ -0,0 +1,212 @@
	1	/*
	2	This file is part of GNUnet.
	3	Copyright (C) 2015 GNUnet e.V.
	4
	5	GNUnet is free software: you can redistribute it and/or modify it
	6	under the terms of the GNU Affero General Public License as published
	7	by the Free Software Foundation, either version 3 of the License,
	8	or (at your option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	Affero General Public License for more details.
	14
	15	You should have received a copy of the GNU Affero General Public License
	16	along with this program. If not, see <http://www.gnu.org/licenses/>.
	17
	18	SPDX-License-Identifier: AGPL3.0-or-later
	19
	20	*/
	21	/**
	22	* @file util/test_ecc_scalarproduct.c
	23	* @brief testcase for math behind ECC SP calculation
	24	* @author Christian Grothoff
	25	*/
	26	#include "platform.h"
	27	#include "gnunet_util_lib.h"
	28	#include <gcrypt.h>
	29
	30	/**
	31	* Global context.
	32	*/
	33	static struct GNUNET_CRYPTO_EccDlogContext *edc;
	34
	35
	36	/**
	37	* Perform SP calculation.
	38	*
	39	* @param avec 0-terminated vector of Alice's values
	40	* @param bvec 0-terminated vector of Bob's values
	41	* @return avec * bvec
	42	*/
	43	static int
	44	test_sp (const unsigned int *avec,
	45	const unsigned int *bvec)
	46	{
	47	unsigned int len;
	48	struct GNUNET_CRYPTO_EccScalar a;
	49	struct GNUNET_CRYPTO_EccScalar a_neg;
	50	struct GNUNET_CRYPTO_EccPoint *g;
	51	struct GNUNET_CRYPTO_EccPoint *h;
	52	struct GNUNET_CRYPTO_EccPoint pg;
	53	struct GNUNET_CRYPTO_EccPoint ph;
	54
	55	/* determine length */
	56	for (len = 0; 0 != avec[len]; len++)
	57	;
	58	if (0 == len)
	59	return 0;
	60
	61	/* Alice */
	62	GNUNET_CRYPTO_ecc_rnd_mpi (&a,
	63	&a_neg);
	64	g = GNUNET_new_array (len,
	65	struct GNUNET_CRYPTO_EccPoint);
	66	h = GNUNET_new_array (len,
	67	struct GNUNET_CRYPTO_EccPoint);
	68	for (unsigned int i = 0; i < len; i++)
	69	{
	70	struct GNUNET_CRYPTO_EccScalar tmp;
	71	struct GNUNET_CRYPTO_EccScalar ri;
	72	struct GNUNET_CRYPTO_EccScalar ria;
	73
	74	GNUNET_CRYPTO_ecc_random_mod_n (&ri);
	75	GNUNET_assert (GNUNET_OK ==
	76	GNUNET_CRYPTO_ecc_dexp_mpi (&ri,
	77	&g[i]));
	78	/* ria = ri * a mod L, where L is the order of the main subgroup */
	79	crypto_core_ed25519_scalar_mul (ria.v,
	80	ri.v,
	81	a.v);
	82	/* tmp = ria + avec[i] */
	83	{
	84	int64_t val = avec[i];
	85	struct GNUNET_CRYPTO_EccScalar vali;
	86
	87	GNUNET_assert (INT64_MIN != val);
	88	GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
	89	&vali);
	90	if (val > 0)
	91	crypto_core_ed25519_scalar_add (tmp.v,
	92	ria.v,
	93	vali.v);
	94	else
	95	crypto_core_ed25519_scalar_sub (tmp.v,
	96	ria.v,
	97	vali.v);
	98	}
	99	/* h[i] = g^tmp = g^{ria + avec[i]} */
	100	GNUNET_assert (GNUNET_OK ==
	101	GNUNET_CRYPTO_ecc_dexp_mpi (&tmp,
	102	&h[i]));
	103	}
	104
	105	/* Bob */
	106	for (unsigned int i = 0; i < len; i++)
	107	{
	108	struct GNUNET_CRYPTO_EccPoint gm;
	109	struct GNUNET_CRYPTO_EccPoint hm;
	110
	111	{
	112	int64_t val = bvec[i];
	113	struct GNUNET_CRYPTO_EccScalar vali;
	114
	115	GNUNET_assert (INT64_MIN != val);
	116	GNUNET_CRYPTO_ecc_scalar_from_int (val > 0 ? val : -val,
	117	&vali);
	118	if (val < 0)
	119	crypto_core_ed25519_scalar_negate (vali.v,
	120	vali.v);
	121	/* gm = g[i]^vali */
	122	GNUNET_assert (GNUNET_OK ==
	123	GNUNET_CRYPTO_ecc_pmul_mpi (&g[i],
	124	&vali,
	125	&gm));
	126	/* hm = h[i]^vali */
	127	GNUNET_assert (GNUNET_OK ==
	128	GNUNET_CRYPTO_ecc_pmul_mpi (&h[i],
	129	&vali,
	130	&hm));
	131	}
	132	if (0 != i)
	133	{
	134	/* pg += gm */
	135	GNUNET_assert (GNUNET_OK ==
	136	GNUNET_CRYPTO_ecc_add (&gm,
	137	&pg,
	138	&pg));
	139	/* ph += hm */
	140	GNUNET_assert (GNUNET_OK ==
	141	GNUNET_CRYPTO_ecc_add (&hm,
	142	&ph,
	143	&ph));
	144	}
	145	else
	146	{
	147	pg = gm;
	148	ph = hm;
	149	}
	150	}
	151	GNUNET_free (g);
	152	GNUNET_free (h);
	153
	154	/* Alice */
	155	{
	156	struct GNUNET_CRYPTO_EccPoint pgi;
	157	struct GNUNET_CRYPTO_EccPoint gsp;
	158
	159	/* pgi = pg^inv */
	160	GNUNET_assert (GNUNET_OK ==
	161	GNUNET_CRYPTO_ecc_pmul_mpi (&pg,
	162	&a_neg,
	163	&pgi));
	164	/* gsp = pgi + ph */
	165	GNUNET_assert (GNUNET_OK ==
	166	GNUNET_CRYPTO_ecc_add (&pgi,
	167	&ph,
	168	&gsp));
	169	return GNUNET_CRYPTO_ecc_dlog (edc,
	170	&gsp);
	171	}
	172	}
	173
	174
	175	/**
	176	* Macro that checks that @a want is equal to @a have and
	177	* if not returns with a failure code.
	178	*/
	179	#define CHECK(want,have) do { \
	180	if (want != have) { \
	181	GNUNET_break (0); \
	182	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, \
	183	"Wanted %d, got %d\n", want, have); \
	184	GNUNET_CRYPTO_ecc_dlog_release (edc); \
	185	return 1; \
	186	} } while (0)
	187
	188
	189	int
	190	main (int argc, char *argv[])
	191	{
	192	static unsigned int v11[] = { 1, 1, 0 };
	193	static unsigned int v22[] = { 2, 2, 0 };
	194	static unsigned int v35[] = { 3, 5, 0 };
	195	static unsigned int v24[] = { 2, 4, 0 };
	196
	197	GNUNET_log_setup ("test-ecc-scalarproduct",
	198	"WARNING",
	199	NULL);
	200	edc = GNUNET_CRYPTO_ecc_dlog_prepare (128, 128);
	201	CHECK (2, test_sp (v11, v11));
	202	CHECK (4, test_sp (v22, v11));
	203	CHECK (8, test_sp (v35, v11));
	204	CHECK (26, test_sp (v35, v24));
	205	CHECK (26, test_sp (v24, v35));
	206	CHECK (16, test_sp (v22, v35));
	207	GNUNET_CRYPTO_ecc_dlog_release (edc);
	208	return 0;
	209	}
	210
	211
	212	/* end of test_ecc_scalarproduct.c */