diff options
Diffstat (limited to 'src/util/test_crypto_ecc_dlog.c')
-rw-r--r-- | src/util/test_crypto_ecc_dlog.c | 141 |
1 files changed, 82 insertions, 59 deletions
diff --git a/src/util/test_crypto_ecc_dlog.c b/src/util/test_crypto_ecc_dlog.c index a2c02a94e..51f290d51 100644 --- a/src/util/test_crypto_ecc_dlog.c +++ b/src/util/test_crypto_ecc_dlog.c | |||
@@ -49,7 +49,7 @@ | |||
49 | /** | 49 | /** |
50 | * How many values do we test? | 50 | * How many values do we test? |
51 | */ | 51 | */ |
52 | #define TEST_ITER 10 | 52 | #define TEST_ITER 100 |
53 | 53 | ||
54 | /** | 54 | /** |
55 | * Range of values to use for MATH tests. | 55 | * Range of values to use for MATH tests. |
@@ -65,55 +65,76 @@ | |||
65 | static void | 65 | static void |
66 | test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc) | 66 | test_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc) |
67 | { | 67 | { |
68 | gcry_mpi_t fact; | 68 | for (unsigned int i = 0; i < TEST_ITER; i++) |
69 | gcry_mpi_t n; | ||
70 | gcry_ctx_t ctx; | ||
71 | gcry_mpi_point_t q; | ||
72 | gcry_mpi_point_t g; | ||
73 | unsigned int i; | ||
74 | int x; | ||
75 | int iret; | ||
76 | |||
77 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); | ||
78 | g = gcry_mpi_ec_get_point ("g", ctx, 0); | ||
79 | GNUNET_assert (NULL != g); | ||
80 | n = gcry_mpi_ec_get_mpi ("n", ctx, 0); | ||
81 | q = gcry_mpi_point_new (0); | ||
82 | fact = gcry_mpi_new (0); | ||
83 | for (i = 0; i < TEST_ITER; i++) | ||
84 | { | 69 | { |
70 | struct GNUNET_CRYPTO_EccScalar fact; | ||
71 | struct GNUNET_CRYPTO_EccScalar n; | ||
72 | struct GNUNET_CRYPTO_EccPoint q; | ||
73 | int x; | ||
74 | |||
85 | fprintf (stderr, "."); | 75 | fprintf (stderr, "."); |
86 | x = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | 76 | x = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, |
87 | MAX_FACT); | 77 | MAX_FACT); |
78 | memset (&n, | ||
79 | 0, | ||
80 | sizeof (n)); | ||
81 | for (unsigned int j = 0; j < x; j++) | ||
82 | sodium_increment (n.v, | ||
83 | sizeof (n.v)); | ||
88 | if (0 == GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, | 84 | if (0 == GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, |
89 | 2)) | 85 | 2)) |
90 | { | 86 | { |
91 | gcry_mpi_set_ui (fact, x); | 87 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
92 | gcry_mpi_sub (fact, n, fact); | 88 | "Trying negative %d\n", |
89 | -x); | ||
90 | crypto_core_ed25519_scalar_negate (fact.v, | ||
91 | n.v); | ||
93 | x = -x; | 92 | x = -x; |
94 | } | 93 | } |
95 | else | 94 | else |
96 | { | 95 | { |
97 | gcry_mpi_set_ui (fact, x); | 96 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
97 | "Trying positive %d\n", | ||
98 | x); | ||
99 | fact = n; | ||
98 | } | 100 | } |
99 | gcry_mpi_ec_mul (q, fact, g, ctx); | 101 | if (0 == x) |
100 | if (x != | ||
101 | (iret = GNUNET_CRYPTO_ecc_dlog (edc, | ||
102 | q))) | ||
103 | { | 102 | { |
104 | fprintf (stderr, | 103 | /* libsodium does not like to multiply with zero; make sure |
105 | "DLOG failed for value %d (%d)\n", | 104 | 'q' is a valid point (g) first, then use q = q - q to get |
106 | x, | 105 | the product with zero */ |
107 | iret); | 106 | sodium_increment (fact.v, |
108 | GNUNET_assert (0); | 107 | sizeof (fact.v)); |
108 | GNUNET_assert (0 == | ||
109 | crypto_scalarmult_ed25519_base_noclamp (q.v, | ||
110 | fact.v)); | ||
111 | GNUNET_assert ( | ||
112 | 0 == | ||
113 | crypto_core_ed25519_sub (q.v, | ||
114 | q.v, | ||
115 | q.v)); | ||
116 | } | ||
117 | else | ||
118 | GNUNET_assert (0 == | ||
119 | crypto_scalarmult_ed25519_base_noclamp (q.v, | ||
120 | fact.v)); | ||
121 | { | ||
122 | int iret; | ||
123 | |||
124 | if (x != | ||
125 | (iret = GNUNET_CRYPTO_ecc_dlog (edc, | ||
126 | &q))) | ||
127 | { | ||
128 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
129 | "DLOG failed for value %d (got: %d)\n", | ||
130 | x, | ||
131 | iret); | ||
132 | GNUNET_assert (0); | ||
133 | } | ||
109 | } | 134 | } |
110 | } | 135 | } |
111 | gcry_mpi_release (fact); | 136 | fprintf (stderr, |
112 | gcry_mpi_release (n); | 137 | "\n"); |
113 | gcry_mpi_point_release (g); | ||
114 | gcry_mpi_point_release (q); | ||
115 | gcry_ctx_release (ctx); | ||
116 | fprintf (stderr, "\n"); | ||
117 | } | 138 | } |
118 | 139 | ||
119 | 140 | ||
@@ -127,38 +148,40 @@ test_math (struct GNUNET_CRYPTO_EccDlogContext *edc) | |||
127 | { | 148 | { |
128 | int i; | 149 | int i; |
129 | int j; | 150 | int j; |
130 | gcry_mpi_point_t ip; | 151 | struct GNUNET_CRYPTO_EccPoint ip; |
131 | gcry_mpi_point_t jp; | 152 | struct GNUNET_CRYPTO_EccPoint jp; |
132 | gcry_mpi_point_t r; | 153 | struct GNUNET_CRYPTO_EccPoint r; |
133 | gcry_mpi_point_t ir; | 154 | struct GNUNET_CRYPTO_EccPoint ir; |
134 | gcry_mpi_point_t irj; | 155 | struct GNUNET_CRYPTO_EccPoint irj; |
135 | gcry_mpi_point_t r_inv; | 156 | struct GNUNET_CRYPTO_EccPoint r_inv; |
136 | gcry_mpi_point_t sum; | 157 | struct GNUNET_CRYPTO_EccPoint sum; |
137 | 158 | ||
138 | for (i = -MATH_MAX; i < MATH_MAX; i++) | 159 | for (i = -MATH_MAX; i < MATH_MAX; i++) |
139 | { | 160 | { |
140 | ip = GNUNET_CRYPTO_ecc_dexp (edc, i); | 161 | GNUNET_CRYPTO_ecc_dexp (i, &ip); |
141 | for (j = -MATH_MAX; j < MATH_MAX; j++) | 162 | for (j = -MATH_MAX; j < MATH_MAX; j++) |
142 | { | 163 | { |
143 | fprintf (stderr, "."); | 164 | fprintf (stderr, "."); |
144 | jp = GNUNET_CRYPTO_ecc_dexp (edc, j); | 165 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
145 | GNUNET_CRYPTO_ecc_rnd (edc, | 166 | "%d + %d\n", |
146 | &r, | 167 | i, |
168 | j); | ||
169 | GNUNET_CRYPTO_ecc_dexp (j, &jp); | ||
170 | GNUNET_CRYPTO_ecc_rnd (&r, | ||
147 | &r_inv); | 171 | &r_inv); |
148 | ir = GNUNET_CRYPTO_ecc_add (edc, ip, r); | 172 | GNUNET_CRYPTO_ecc_add (&ip, &r, &ir); |
149 | irj = GNUNET_CRYPTO_ecc_add (edc, ir, jp); | 173 | GNUNET_CRYPTO_ecc_add (&ir, &jp, &irj); |
150 | sum = GNUNET_CRYPTO_ecc_add (edc, irj, r_inv); | 174 | GNUNET_CRYPTO_ecc_add (&irj, &r_inv, &sum); |
151 | GNUNET_assert (i + j == | 175 | int res = GNUNET_CRYPTO_ecc_dlog (edc, &sum); |
152 | GNUNET_CRYPTO_ecc_dlog (edc, | 176 | if (i + j != res) |
153 | sum)); | 177 | { |
154 | GNUNET_CRYPTO_ecc_free (jp); | 178 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
155 | GNUNET_CRYPTO_ecc_free (ir); | 179 | "Got %d, expected %d\n", |
156 | GNUNET_CRYPTO_ecc_free (irj); | 180 | res, |
157 | GNUNET_CRYPTO_ecc_free (r); | 181 | i + j); |
158 | GNUNET_CRYPTO_ecc_free (r_inv); | 182 | // GNUNET_assert (0); |
159 | GNUNET_CRYPTO_ecc_free (sum); | 183 | } |
160 | } | 184 | } |
161 | GNUNET_CRYPTO_ecc_free (ip); | ||
162 | } | 185 | } |
163 | fprintf (stderr, "\n"); | 186 | fprintf (stderr, "\n"); |
164 | } | 187 | } |