diff options
Diffstat (limited to 'src/lib/util/test_crypto_ecc_dlog.c')
-rw-r--r-- | src/lib/util/test_crypto_ecc_dlog.c | 219 |
1 files changed, 219 insertions, 0 deletions
diff --git a/src/lib/util/test_crypto_ecc_dlog.c b/src/lib/util/test_crypto_ecc_dlog.c new file mode 100644 index 000000000..c3382a4fa --- /dev/null +++ b/src/lib/util/test_crypto_ecc_dlog.c | |||
@@ -0,0 +1,219 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | |||
20 | */ | ||
21 | /** | ||
22 | * @file util/test_crypto_ecc_dlog.c | ||
23 | * @brief testcase for ECC DLOG calculation | ||
24 | * @author Christian Grothoff | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_util_lib.h" | ||
29 | #include <gcrypt.h> | ||
30 | |||
31 | |||
32 | /** | ||
33 | * Name of the curve we are using. Note that we have hard-coded | ||
34 | * structs that use 256 bits, so using a bigger curve will require | ||
35 | * changes that break stuff badly. The name of the curve given here | ||
36 | * must be agreed by all peers and be supported by libgcrypt. | ||
37 | */ | ||
38 | #define CURVE "Ed25519" | ||
39 | |||
40 | /** | ||
41 | * Maximum value we test dlog for. | ||
42 | */ | ||
43 | #define MAX_FACT 100 | ||
44 | |||
45 | /** | ||
46 | * Maximum memory to use, sqrt(MAX_FACT) is a good choice. | ||
47 | */ | ||
48 | #define MAX_MEM 10 | ||
49 | |||
50 | /** | ||
51 | * How many values do we test? | ||
52 | */ | ||
53 | #define TEST_ITER 100 | ||
54 | |||
55 | /** | ||
56 | * Range of values to use for MATH tests. | ||
57 | */ | ||
58 | #define MATH_MAX 5 | ||
59 | |||
60 | |||
61 | /** | ||
62 | * Do some DLOG operations for testing. | ||
63 | * | ||
64 | * @param edc context for ECC operations | ||
65 | */ | ||
66 | static void | ||
67 | test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc) | ||
68 | { | ||
69 | for (unsigned int i = 0; i < TEST_ITER; i++) | ||
70 | { | ||
71 | struct GNUNET_CRYPTO_EccScalar fact; | ||
72 | struct GNUNET_CRYPTO_EccScalar n; | ||
73 | struct GNUNET_CRYPTO_EccPoint q; | ||
74 | int x; | ||
75 | |||
76 | fprintf (stderr, "."); | ||
77 | x = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
78 | MAX_FACT); | ||
79 | memset (&n, | ||
80 | 0, | ||
81 | sizeof (n)); | ||
82 | for (unsigned int j = 0; j < x; j++) | ||
83 | sodium_increment (n.v, | ||
84 | sizeof (n.v)); | ||
85 | if (0 == GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | ||
86 | 2)) | ||
87 | { | ||
88 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
89 | "Trying negative %d\n", | ||
90 | -x); | ||
91 | crypto_core_ed25519_scalar_negate (fact.v, | ||
92 | n.v); | ||
93 | x = -x; | ||
94 | } | ||
95 | else | ||
96 | { | ||
97 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
98 | "Trying positive %d\n", | ||
99 | x); | ||
100 | fact = n; | ||
101 | } | ||
102 | if (0 == x) | ||
103 | { | ||
104 | /* libsodium does not like to multiply with zero; make sure | ||
105 | 'q' is a valid point (g) first, then use q = q - q to get | ||
106 | the product with zero */ | ||
107 | sodium_increment (fact.v, | ||
108 | sizeof (fact.v)); | ||
109 | GNUNET_assert (0 == | ||
110 | crypto_scalarmult_ed25519_base_noclamp (q.v, | ||
111 | fact.v)); | ||
112 | GNUNET_assert ( | ||
113 | 0 == | ||
114 | crypto_core_ed25519_sub (q.v, | ||
115 | q.v, | ||
116 | q.v)); | ||
117 | } | ||
118 | else | ||
119 | GNUNET_assert (0 == | ||
120 | crypto_scalarmult_ed25519_base_noclamp (q.v, | ||
121 | fact.v)); | ||
122 | { | ||
123 | int iret; | ||
124 | |||
125 | if (x != | ||
126 | (iret = GNUNET_CRYPTO_ecc_dlog (edc, | ||
127 | &q))) | ||
128 | { | ||
129 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
130 | "DLOG failed for value %d (got: %d)\n", | ||
131 | x, | ||
132 | iret); | ||
133 | GNUNET_assert (0); | ||
134 | } | ||
135 | } | ||
136 | } | ||
137 | fprintf (stderr, | ||
138 | "\n"); | ||
139 | } | ||
140 | |||
141 | |||
142 | /** | ||
143 | * Do some arithmetic operations for testing. | ||
144 | * | ||
145 | * @param edc context for ECC operations | ||
146 | */ | ||
147 | static void | ||
148 | test_math (struct GNUNET_CRYPTO_EccDlogContext *edc) | ||
149 | { | ||
150 | int i; | ||
151 | int j; | ||
152 | struct GNUNET_CRYPTO_EccPoint ip; | ||
153 | struct GNUNET_CRYPTO_EccPoint jp; | ||
154 | struct GNUNET_CRYPTO_EccPoint r; | ||
155 | struct GNUNET_CRYPTO_EccPoint ir; | ||
156 | struct GNUNET_CRYPTO_EccPoint irj; | ||
157 | struct GNUNET_CRYPTO_EccPoint r_inv; | ||
158 | struct GNUNET_CRYPTO_EccPoint sum; | ||
159 | |||
160 | for (i = -MATH_MAX; i < MATH_MAX; i++) | ||
161 | { | ||
162 | GNUNET_CRYPTO_ecc_dexp (i, &ip); | ||
163 | for (j = -MATH_MAX; j < MATH_MAX; j++) | ||
164 | { | ||
165 | fprintf (stderr, "."); | ||
166 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
167 | "%d + %d\n", | ||
168 | i, | ||
169 | j); | ||
170 | GNUNET_CRYPTO_ecc_dexp (j, &jp); | ||
171 | GNUNET_CRYPTO_ecc_rnd (&r, | ||
172 | &r_inv); | ||
173 | GNUNET_CRYPTO_ecc_add (&ip, &r, &ir); | ||
174 | GNUNET_CRYPTO_ecc_add (&ir, &jp, &irj); | ||
175 | GNUNET_CRYPTO_ecc_add (&irj, &r_inv, &sum); | ||
176 | int res = GNUNET_CRYPTO_ecc_dlog (edc, &sum); | ||
177 | if (i + j != res) | ||
178 | { | ||
179 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
180 | "Got %d, expected %d\n", | ||
181 | res, | ||
182 | i + j); | ||
183 | // GNUNET_assert (0); | ||
184 | } | ||
185 | } | ||
186 | } | ||
187 | fprintf (stderr, "\n"); | ||
188 | } | ||
189 | |||
190 | |||
191 | int | ||
192 | main (int argc, char *argv[]) | ||
193 | { | ||
194 | struct GNUNET_CRYPTO_EccDlogContext *edc; | ||
195 | |||
196 | if (! gcry_check_version ("1.6.0")) | ||
197 | { | ||
198 | fprintf (stderr, | ||
199 | _ | ||
200 | ( | ||
201 | "libgcrypt has not the expected version (version %s is required).\n"), | ||
202 | "1.6.0"); | ||
203 | return 0; | ||
204 | } | ||
205 | if (getenv ("GNUNET_GCRYPT_DEBUG")) | ||
206 | gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); | ||
207 | GNUNET_log_setup ("test-crypto-ecc-dlog", | ||
208 | "WARNING", | ||
209 | NULL); | ||
210 | edc = GNUNET_CRYPTO_ecc_dlog_prepare (MAX_FACT, | ||
211 | MAX_MEM); | ||
212 | test_dlog (edc); | ||
213 | test_math (edc); | ||
214 | GNUNET_CRYPTO_ecc_dlog_release (edc); | ||
215 | return 0; | ||
216 | } | ||
217 | |||
218 | |||
219 | /* end of test_crypto_ecc_dlog.c */ | ||