Google Git
Sign in
android / platform / external / epid-sdk / HEAD / . / epid / common / math / unittests / ecgroup-test.cc
blob: 426b32a98c57c62e7c0714507cc2f064d7a7ada1 [file] [log] [blame]
/*############################################################################
# Copyright 2016-2017 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
############################################################################*/
/*!
* \file
* \brief EcGroup unit tests.
*/
#include <cstring>
#include <memory>
#include <stdexcept>
#include <string>
#include <vector>
#include "epid/common-testhelper/epid_gtest-testhelper.h"
#include "gtest/gtest.h"
extern "C" {
#include "epid/common/math/ecgroup.h"
#include "epid/common/math/finitefield.h"
}
#include "epid/common-testhelper/bignum_wrapper-testhelper.h"
#include "epid/common-testhelper/ecgroup_wrapper-testhelper.h"
#include "epid/common-testhelper/ecpoint_wrapper-testhelper.h"
#include "epid/common-testhelper/errors-testhelper.h"
#include "epid/common-testhelper/ffelement_wrapper-testhelper.h"
#include "epid/common-testhelper/finite_field_wrapper-testhelper.h"
#include "epid/common-testhelper/prng-testhelper.h"
/// compares G1ElemStr values
bool operator==(G1ElemStr const& lhs, G1ElemStr const& rhs) {
return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
}
/// compares G2ElemStr values
bool operator==(G2ElemStr const& lhs, G2ElemStr const& rhs) {
return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
}
namespace {
class EFq2Params {
public:
FiniteFieldObj fq2;
FfElementObj a;
FfElementObj b;
FfElementObj x;
FfElementObj y;
BigNumObj order;
BigNumObj cofactor;
explicit EFq2Params(FiniteFieldObj* fq) {
// Intel(R) EPID 2.0 parameters for EC(Fq2)
static const FqElemStr param_beta = {
{{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
0x5E, 0xEE, 0x71, 0xA4, 0x9F, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98,
0x0A, 0x82, 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x12}}};
static const G2ElemStr param_g2 = {
{{{{0xE2, 0x01, 0x71, 0xC5, 0x4A, 0xA3, 0xDA, 0x05, 0x21, 0x67, 0x04,
0x13, 0x74, 0x3C, 0xCF, 0x22, 0xD2, 0x5D, 0x52, 0x68, 0x3D, 0x32,
0x47, 0x0E, 0xF6, 0x02, 0x13, 0x43, 0xBF, 0x28, 0x23, 0x94}}},
{{{0x59, 0x2D, 0x1E, 0xF6, 0x53, 0xA8, 0x5A, 0x80, 0x46, 0xCC, 0xDC,
0x25, 0x4F, 0xBB, 0x56, 0x56, 0x43, 0x43, 0x3B, 0xF6, 0x28, 0x96,
0x53, 0xE2, 0x7D, 0xF7, 0xB2, 0x12, 0xBA, 0xA1, 0x89, 0xBE}}}},
{{{{0xAE, 0x60, 0xA4, 0xE7, 0x51, 0xFF, 0xD3, 0x50, 0xC6, 0x21, 0xE7,
0x03, 0x31, 0x28, 0x26, 0xBD, 0x55, 0xE8, 0xB5, 0x9A, 0x4D, 0x91,
0x68, 0x38, 0x41, 0x4D, 0xB8, 0x22, 0xDD, 0x23, 0x35, 0xAE}}},
{{{0x1A, 0xB4, 0x42, 0xF9, 0x89, 0xAF, 0xE5, 0xAD, 0xF8, 0x02, 0x74,
0xF8, 0x76, 0x45, 0xE2, 0x53, 0x2C, 0xDC, 0x61, 0x81, 0x90, 0x93,
0xD6, 0x13, 0x2C, 0x90, 0xFE, 0x89, 0x51, 0xB9, 0x24, 0x21}}}}};
static const Fq2ElemStr param_xi0xi1 = {
{{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}},
{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}}}};
static const FqElemStr param_b = {
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}};
// Setup Fq2 with parameters (q, beta)
// Fq^2 = Fq[u] / (u^2 - beta)
FfElementObj neg_beta(fq);
THROW_ON_EPIDERR(FfNeg(*fq, FfElementObj(fq, param_beta), neg_beta));
fq2 = FiniteFieldObj(*fq, neg_beta, 2);
// set x to (g2.x[0], g2.x[1]) and y to (g2.y[0], g2.y[1])
x = FfElementObj(&fq2, &param_g2.x, sizeof(param_g2.x));
y = FfElementObj(&fq2, &param_g2.y, sizeof(param_g2.y));
// set a to identity, NewFfElement does it by default
a = FfElementObj(&fq2);
// set b to inv(xi)*param_b, where xi is (xi0, xi1) element in Fq2
FfElementObj neg_xi(&fq2);
THROW_ON_EPIDERR(FfInv(fq2, FfElementObj(&fq2, param_xi0xi1), neg_xi));
b = FfElementObj(&fq2);
THROW_ON_EPIDERR(FfMul(fq2, neg_xi.get(), FfElementObj(fq, param_b), b));
// set h = 2q - p, aka cofactor
std::vector<uint8_t> cofactor_str(
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
0xff, 0xff, 0xff, 0xff, 0xfc, 0xf0, 0xcd, 0x46, 0xe5, 0xf2, 0x5e,
0xee, 0x71, 0xa4, 0xa0, 0x0c, 0xdc, 0x65, 0xfb, 0x12, 0x96, 0x82,
0xea, 0xb0, 0x25, 0x08, 0x4a, 0x8c, 0x9b, 0x10, 0x19});
cofactor = BigNumObj(cofactor_str);
// set n = p * h, AKA order
std::vector<uint8_t> order_str(
{0xff, 0xff, 0xff, 0xff, 0xff, 0xf9, 0xe1, 0x9a, 0x8d, 0xcb, 0xe4,
0xc7, 0x38, 0xfa, 0x9b, 0x98, 0x4d, 0x1c, 0x12, 0x9f, 0x64, 0x97,
0xe8, 0x54, 0xa3, 0x0a, 0x81, 0xac, 0x42, 0xf9, 0x39, 0x16, 0xa7,
0x70, 0x21, 0xdc, 0xfb, 0xb6, 0xe7, 0x7e, 0x1f, 0x5b, 0x55, 0xcc,
0x4e, 0x84, 0xcd, 0x19, 0x4f, 0x49, 0x20, 0x94, 0xb5, 0xd8, 0x12,
0xa0, 0x2e, 0x7f, 0x40, 0x13, 0xb2, 0xfa, 0xa1, 0x45});
order = BigNumObj(order_str);
}
virtual ~EFq2Params() {}
private:
// This class is not meant to be copied or assigned
EFq2Params(const EFq2Params&);
EFq2Params& operator=(const EFq2Params&);
};
class EcGroupTest : public ::testing::Test {
public:
static const G1ElemStr g1_str;
static const G2ElemStr g2_str;
static const FqElemStr a1;
static const FqElemStr b1;
static const BigNumStr h1;
static const BigNumStr p;
static const BigNumStr q;
static const G1ElemStr efq_a_str;
static const G1ElemStr efq_b_str;
static const BigNumStr x_str;
static const BigNumStr y_str;
static const G1ElemStr efq_mul_ab_str;
static const G1ElemStr efq_exp_ax_str;
static const G1ElemStr efq_multiexp_abxy_str;
static const G1ElemStr efq_inv_a_str;
static const G1ElemStr efq_identity_str;
static const G1ElemStr efq_r_sha256_str;
static const G1ElemStr efq_r_sha384_str;
static const G1ElemStr efq_r_sha512_str;
static const G1ElemStr efq_r_sha512256_str;
static const uint8_t sha_msg[];
static const G2ElemStr efq2_a_str;
static const G2ElemStr efq2_b_str;
static const G2ElemStr efq2_mul_ab_str;
static const G2ElemStr efq2_exp_ax_str;
static const G2ElemStr efq2_multiexp_abxy_str;
static const G2ElemStr efq2_inv_a_str;
static const G2ElemStr efq2_identity_str;
// Intel(R) EPID 1.1 hash of message "aad"
static const Epid11G3ElemStr kAadHash;
// Intel(R) EPID 1.1 hash of message "bsn0"
static const Epid11G3ElemStr kBsn0Hash;
// Intel(R) EPID 1.1 hash of message "test"
static const Epid11G3ElemStr kTestHash;
// Intel(R) EPID 1.1 hash of message "aac"
static const Epid11G3ElemStr kAacHash;
virtual void SetUp() {
Epid11Params epid11_params_str = {
#include "epid/common/1.1/src/epid11params_tate.inc"
};
fq = FiniteFieldObj(q);
fq_a = FfElementObj(&fq, a1);
fq_b = FfElementObj(&fq, b1);
g1_x = FfElementObj(&fq, g1_str.x);
g1_y = FfElementObj(&fq, g1_str.y);
bn_p = BigNumObj(p);
bn_h = BigNumObj(h1);
efq = EcGroupObj(&fq, fq_a, fq_b, g1_x, g1_y, bn_p, bn_h);
efq_a = EcPointObj(&efq, efq_a_str);
efq_b = EcPointObj(&efq, efq_b_str);
efq_r = EcPointObj(&efq);
efq_identity = EcPointObj(&efq, efq_identity_str);
efq2_par.reset(new EFq2Params(&fq));
efq2 = EcGroupObj(&efq2_par->fq2, efq2_par->a, efq2_par->b, efq2_par->x,
efq2_par->y, efq2_par->order, efq2_par->cofactor);
efq2_a = EcPointObj(&efq2, efq2_a_str);
efq2_b = EcPointObj(&efq2, efq2_b_str);
efq2_r = EcPointObj(&efq2);
efq2_identity = EcPointObj(&efq2, efq_identity_str);
epid11_Fq_tick = FiniteFieldObj(epid11_params_str.q_tick);
epid11_a_tick = FfElementObj(&epid11_Fq_tick, epid11_params_str.a_tick);
epid11_b_tick = FfElementObj(&epid11_Fq_tick, epid11_params_str.b_tick);
epid11_g3_x = FfElementObj(&epid11_Fq_tick, epid11_params_str.g3.x);
epid11_g3_y = FfElementObj(&epid11_Fq_tick, epid11_params_str.g3.y);
epid11_p_tick = BigNumObj(epid11_params_str.p_tick);
BigNumStr h_tick_str = {0};
((OctStr32*)
h_tick_str.data.data)[sizeof(BigNumStr) / sizeof(OctStr32) - 1] =
epid11_params_str.h_tick;
epid11_h_tick = BigNumObj(h_tick_str);
epid11_G3 =
EcGroupObj(&epid11_Fq_tick, epid11_a_tick, epid11_b_tick, epid11_g3_x,
epid11_g3_y, epid11_p_tick, epid11_h_tick);
epid11_G3_r = EcPointObj(&epid11_G3);
}
FiniteFieldObj fq;
FfElementObj fq_a;
FfElementObj fq_b;
FfElementObj g1_x;
FfElementObj g1_y;
BigNumObj bn_p;
BigNumObj bn_h;
EcGroupObj efq;
EcPointObj efq_a;
EcPointObj efq_b;
EcPointObj efq_r;
EcPointObj efq_identity;
std::unique_ptr<EFq2Params> efq2_par;
EcGroupObj efq2;
EcPointObj efq2_a;
EcPointObj efq2_b;
EcPointObj efq2_r;
EcPointObj efq2_identity;
FiniteFieldObj epid11_Fq_tick;
FfElementObj epid11_a_tick;
FfElementObj epid11_b_tick;
FfElementObj epid11_g3_x;
FfElementObj epid11_g3_y;
BigNumObj epid11_p_tick;
BigNumObj epid11_h_tick;
EcGroupObj epid11_G3;
EcPointObj epid11_G3_r;
};
const G1ElemStr EcGroupTest::g1_str = {
{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}},
{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}}};
const G2ElemStr EcGroupTest::g2_str = {
{{{{0xE2, 0x01, 0x71, 0xC5, 0x4A, 0xA3, 0xDA, 0x05, 0x21, 0x67, 0x04,
0x13, 0x74, 0x3C, 0xCF, 0x22, 0xD2, 0x5D, 0x52, 0x68, 0x3D, 0x32,
0x47, 0x0E, 0xF6, 0x02, 0x13, 0x43, 0xBF, 0x28, 0x23, 0x94}}},
{{{0x59, 0x2D, 0x1E, 0xF6, 0x53, 0xA8, 0x5A, 0x80, 0x46, 0xCC, 0xDC,
0x25, 0x4F, 0xBB, 0x56, 0x56, 0x43, 0x43, 0x3B, 0xF6, 0x28, 0x96,
0x53, 0xE2, 0x7D, 0xF7, 0xB2, 0x12, 0xBA, 0xA1, 0x89, 0xBE}}}},
{{{{0xAE, 0x60, 0xA4, 0xE7, 0x51, 0xFF, 0xD3, 0x50, 0xC6, 0x21, 0xE7,
0x03, 0x31, 0x28, 0x26, 0xBD, 0x55, 0xE8, 0xB5, 0x9A, 0x4D, 0x91,
0x68, 0x38, 0x41, 0x4D, 0xB8, 0x22, 0xDD, 0x23, 0x35, 0xAE}}},
{{{0x1A, 0xB4, 0x42, 0xF9, 0x89, 0xAF, 0xE5, 0xAD, 0xF8, 0x02, 0x74,
0xF8, 0x76, 0x45, 0xE2, 0x53, 0x2C, 0xDC, 0x61, 0x81, 0x90, 0x93,
0xD6, 0x13, 0x2C, 0x90, 0xFE, 0x89, 0x51, 0xB9, 0x24, 0x21}}}}};
const FqElemStr EcGroupTest::a1 = {
{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}};
const FqElemStr EcGroupTest::b1 = {
{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}}};
const BigNumStr EcGroupTest::h1 = {
{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}};
const BigNumStr EcGroupTest::p = {
{{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
0x5E, 0xEE, 0x71, 0xA4, 0x9E, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99,
0x92, 0x1A, 0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D}}};
const BigNumStr EcGroupTest::q = {
{{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
0x5E, 0xEE, 0x71, 0xA4, 0x9F, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98,
0x0A, 0x82, 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13}}};
const G1ElemStr EcGroupTest::efq_a_str = {
{{{0x12, 0xA6, 0x5B, 0xD6, 0x91, 0x8D, 0x50, 0xA7, 0x66, 0xEB, 0x7D,
0x52, 0xE3, 0x40, 0x17, 0x60, 0x7F, 0xDF, 0x6C, 0xA1, 0x2C, 0x1A,
0x37, 0xE0, 0x92, 0xC0, 0xF7, 0xB9, 0x76, 0xAB, 0xB1, 0x8A}}},
{{{0x78, 0x65, 0x28, 0xCB, 0xAF, 0x07, 0x52, 0x50, 0x55, 0x7A, 0x5F,
0x30, 0x0A, 0xC0, 0xB4, 0x6B, 0xEA, 0x6F, 0xE2, 0xF6, 0x6D, 0x96,
0xF7, 0xCD, 0xC8, 0xD3, 0x12, 0x7F, 0x1F, 0x3A, 0x8B, 0x42}}}};
const G1ElemStr EcGroupTest::efq_b_str = {
{{{0xE6, 0x65, 0x23, 0x9B, 0xD4, 0x07, 0x16, 0x83, 0x38, 0x23, 0xB2,
0x67, 0x57, 0xEB, 0x0F, 0x23, 0x3A, 0xF4, 0x8E, 0xDA, 0x71, 0x5E,
0xD9, 0x98, 0x63, 0x98, 0x2B, 0xBC, 0x78, 0xD1, 0x94, 0xF2}}},
{{{0x63, 0xB0, 0xAD, 0xB8, 0x2C, 0xE8, 0x14, 0xFD, 0xA2, 0x39, 0x0E,
0x66, 0xB7, 0xD0, 0x6A, 0xAB, 0xEE, 0xFA, 0x2E, 0x24, 0x9B, 0xB5,
0x14, 0x35, 0xFE, 0xB6, 0xB0, 0xFF, 0xFD, 0x5F, 0x73, 0x19}}}};
const BigNumStr EcGroupTest::x_str = {
{{0xFF, 0xFB, 0x3E, 0x5D, 0xFF, 0x9A, 0xFF, 0x02, 0x00, 0xFF, 0xFF,
0xFF, 0xF2, 0xE1, 0x85, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0x81, 0xFF, 0xFD, 0xFF, 0xEB, 0xFF, 0x29, 0xA7, 0xFF}}};
const BigNumStr EcGroupTest::y_str = {
{{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3, 0x6B, 0x08, 0xFF,
0xFF, 0x0B, 0xF3, 0xAF, 0x27, 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF,
0xEB, 0xFF, 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}}};
const G1ElemStr EcGroupTest::efq_mul_ab_str = {
{{{0x30, 0xF8, 0x33, 0xB7, 0x1C, 0x85, 0x94, 0x6D, 0x6F, 0x3C, 0x97,
0x77, 0x81, 0xA5, 0xC2, 0x98, 0x93, 0x5C, 0x8C, 0xC1, 0xFF, 0x35,
0x9E, 0x68, 0xF6, 0x4D, 0x18, 0xDD, 0x65, 0xA9, 0xC0, 0x60}}},
{{{0x89, 0xE5, 0x08, 0x2D, 0xD1, 0xD8, 0xC7, 0xBF, 0xDE, 0x16, 0x24,
0xA7, 0x2F, 0xF1, 0x48, 0x00, 0x26, 0xAF, 0x89, 0xEA, 0xC9, 0x94,
0x78, 0xFF, 0x2A, 0xB0, 0x20, 0xED, 0x33, 0x0C, 0x4E, 0x88}}}};
const G1ElemStr EcGroupTest::efq_exp_ax_str = {
{{{0x44, 0x45, 0xFA, 0x16, 0x23, 0x66, 0x26, 0x9D, 0x44, 0xB9, 0x43,
0xAB, 0x87, 0xE3, 0x56, 0xCA, 0x9C, 0x89, 0x44, 0x8E, 0xE8, 0x19,
0x29, 0x4D, 0x4D, 0x59, 0x7D, 0xBE, 0x46, 0x3F, 0x55, 0x0D}}},
{{{0x98, 0x09, 0xCF, 0x43, 0x46, 0x75, 0xB8, 0x71, 0xFF, 0x37, 0xBA,
0xA0, 0x63, 0xE2, 0xAC, 0x09, 0x38, 0x10, 0x70, 0xAC, 0x15, 0x52,
0x28, 0xF4, 0x77, 0x68, 0x32, 0x7B, 0x6E, 0xFB, 0xC1, 0x43}}}};
const G1ElemStr EcGroupTest::efq_multiexp_abxy_str = {
{{{0x63, 0x4A, 0xD4, 0xC1, 0x6B, 0x90, 0x67, 0xA2, 0x0B, 0xE2, 0xB3,
0xE9, 0x95, 0x3F, 0x82, 0x7E, 0x21, 0xBF, 0x9F, 0xCD, 0xA0, 0x16,
0x56, 0x6B, 0x31, 0x66, 0x68, 0xBB, 0x25, 0xF8, 0xBD, 0xF3}}},
{{{0xBD, 0x5F, 0xF8, 0x48, 0xD4, 0xBF, 0x35, 0x2D, 0xDC, 0xD1, 0x78,
0x74, 0xFF, 0xB1, 0x47, 0xD5, 0x6B, 0x21, 0xE5, 0x15, 0x01, 0xA8,
0xDC, 0x8B, 0x3C, 0x9D, 0x96, 0xC7, 0xC6, 0xB0, 0x05, 0x20}}}};
const G1ElemStr EcGroupTest::efq_inv_a_str = {
{{{0x12, 0xA6, 0x5B, 0xD6, 0x91, 0x8D, 0x50, 0xA7, 0x66, 0xEB, 0x7D,
0x52, 0xE3, 0x40, 0x17, 0x60, 0x7F, 0xDF, 0x6C, 0xA1, 0x2C, 0x1A,
0x37, 0xE0, 0x92, 0xC0, 0xF7, 0xB9, 0x76, 0xAB, 0xB1, 0x8A}}},
{{{0x87, 0x9A, 0xD7, 0x34, 0x50, 0xF5, 0x9E, 0x7C, 0xF1, 0x6B, 0x93,
0x2E, 0xE3, 0xB0, 0xF0, 0x33, 0x22, 0x6C, 0x83, 0x04, 0xA5, 0x01,
0x12, 0xB5, 0x0A, 0x56, 0x1B, 0x5C, 0x8F, 0x98, 0xA4, 0xD1}}}};
const G1ElemStr EcGroupTest::efq_identity_str = {
{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}};
const uint8_t EcGroupTest::sha_msg[] = {'a', 'b', 'c'};
const G1ElemStr EcGroupTest::efq_r_sha256_str = {
{{{0x2E, 0xBB, 0x50, 0x4D, 0x88, 0xFF, 0x25, 0x62, 0xF3, 0x71, 0x65,
0x81, 0xAD, 0xBE, 0x83, 0x6E, 0x54, 0xF5, 0xA6, 0x2A, 0x70, 0xE6,
0x18, 0x6B, 0xD5, 0x4A, 0x10, 0x3C, 0x80, 0x08, 0x95, 0x3D}}},
{{{0x8A, 0x43, 0xA1, 0x04, 0xB1, 0x3F, 0x3C, 0xB4, 0xBD, 0x67, 0x38,
0xB1, 0x07, 0xF0, 0x7A, 0x32, 0x7E, 0xCD, 0xF0, 0x2E, 0x62, 0x3E,
0x2C, 0x1F, 0x48, 0xAA, 0x0D, 0x6C, 0xDC, 0x48, 0xF9, 0xF7}}}};
const G1ElemStr EcGroupTest::efq_r_sha384_str = {
{{{0xE1, 0xC8, 0x28, 0xB1, 0x9A, 0xDF, 0x5D, 0x4B, 0xC4, 0x25, 0x90,
0xFB, 0x38, 0x20, 0xD4, 0x8B, 0x30, 0x8F, 0x95, 0x76, 0xC3, 0x7F,
0x9D, 0xAD, 0x94, 0xC4, 0x31, 0x80, 0xD7, 0xDF, 0xD5, 0xFE}}},
{{{0x0E, 0x86, 0x11, 0x90, 0xAF, 0xEF, 0xEB, 0x79, 0x4B, 0x3E, 0x80,
0x92, 0x94, 0x3B, 0x2F, 0x5E, 0x72, 0x21, 0xEF, 0xF8, 0xBC, 0xE3,
0x48, 0xA9, 0xD0, 0x31, 0x19, 0xAC, 0xD1, 0xD7, 0x49, 0x87}}}};
const G1ElemStr EcGroupTest::efq_r_sha512_str = {
{{{0x8C, 0x62, 0xA0, 0x2D, 0x55, 0x55, 0x55, 0x86, 0xBC, 0x82, 0xA6,
0xA2, 0x21, 0x97, 0x9B, 0x9B, 0xB4, 0x03, 0x3D, 0x83, 0xF3, 0xBA,
0xDA, 0x9C, 0x42, 0xF7, 0xB3, 0x94, 0x99, 0x2A, 0x96, 0xE4}}},
{{{0x4C, 0x0E, 0xA7, 0x62, 0x17, 0xB9, 0xFB, 0xE5, 0x21, 0x7D, 0x54,
0x24, 0xE0, 0x2B, 0x87, 0xF7, 0x69, 0x54, 0x0C, 0xC6, 0xAD, 0xF2,
0xF2, 0x7B, 0xE6, 0x91, 0xD8, 0xF3, 0x40, 0x6C, 0x8F, 0x03}}}};
const G1ElemStr EcGroupTest::efq_r_sha512256_str = {
{{{0x63, 0x28, 0x40, 0x14, 0x73, 0xd5, 0x91, 0xc4, 0xa2, 0xa4, 0xb6,
0xd8, 0xa8, 0x75, 0x21, 0xd1, 0x26, 0x4e, 0x42, 0x13, 0x1f, 0xfa,
0xed, 0x90, 0x8d, 0x56, 0x34, 0x57, 0x8a, 0x3a, 0x47, 0xa0}}},
{{{0x30, 0xbe, 0x3f, 0x12, 0x00, 0x74, 0x48, 0xaa, 0x91, 0x90, 0x84,
0x12, 0x4d, 0x58, 0x54, 0xe7, 0x04, 0x65, 0x37, 0x97, 0x88, 0xcf,
0x67, 0xa0, 0x8c, 0x56, 0x93, 0xa7, 0x7f, 0xe8, 0x74, 0xfc}}}};
const G2ElemStr EcGroupTest::efq2_a_str = {
{
{0x2F, 0x8C, 0xC7, 0xD7, 0xD4, 0x1E, 0x4A, 0xCB, 0x82, 0x92, 0xC7,
0x9C, 0x0F, 0xA2, 0xF2, 0x1B, 0xDF, 0xEA, 0x96, 0x64, 0x8B, 0xA2,
0x32, 0x7C, 0xDF, 0xD8, 0x89, 0x10, 0xFD, 0xBB, 0x38, 0xCD},
{0xB1, 0x23, 0x46, 0x13, 0x4D, 0x9B, 0x8E, 0x8A, 0x95, 0x64, 0xDD,
0x37, 0x29, 0x44, 0x1F, 0x76, 0xB5, 0x3A, 0x47, 0xD3, 0xE0, 0x18,
0x1E, 0x60, 0xE9, 0x94, 0x13, 0xA4, 0x47, 0xCD, 0xBE, 0x03},
},
{
{0xD3, 0x67, 0xA5, 0xCC, 0xEF, 0x7B, 0xD1, 0x8D, 0x4A, 0x7F, 0xF1,
0x8F, 0x66, 0xCB, 0x5E, 0x86, 0xAC, 0xCB, 0x36, 0x5F, 0x29, 0x90,
0x28, 0x55, 0xF0, 0xDC, 0x6E, 0x8B, 0x87, 0xB5, 0xD8, 0x32},
{0x6C, 0x0A, 0xC5, 0x58, 0xB1, 0x4E, 0xCA, 0x85, 0x44, 0x3E, 0xDE,
0x71, 0x9B, 0xC7, 0x90, 0x19, 0x06, 0xD2, 0xA0, 0x4E, 0xC7, 0x33,
0xF4, 0x5C, 0xE8, 0x16, 0xE2, 0x67, 0xDB, 0xBF, 0x64, 0x84},
},
};
const G2ElemStr EcGroupTest::efq2_b_str = {
{
{0x16, 0xF1, 0x61, 0x76, 0x06, 0x3E, 0xE9, 0xC0, 0xB9, 0xB1, 0x3A,
0x75, 0xFC, 0xDB, 0x90, 0xCD, 0x01, 0xF4, 0x9F, 0xCC, 0xAA, 0x24,
0x69, 0x83, 0xBE, 0x20, 0x44, 0x87, 0x58, 0x90, 0x0F, 0x4F},
{0xC7, 0x50, 0x37, 0xC1, 0xB9, 0x2D, 0xE1, 0xE3, 0x79, 0x20, 0x7B,
0x62, 0x90, 0xF8, 0xC7, 0xF0, 0xD7, 0x5A, 0xE7, 0xAD, 0x65, 0xE1,
0xC7, 0x50, 0x59, 0xA1, 0xFC, 0x49, 0xBC, 0x2A, 0xE5, 0xD7},
},
{
{0x12, 0x73, 0x3B, 0xA4, 0xDD, 0x0F, 0xBB, 0x35, 0x38, 0x4A, 0xE0,
0x3D, 0x79, 0x63, 0x66, 0x73, 0x9C, 0x07, 0xE1, 0xEC, 0x71, 0x16,
0x50, 0x75, 0xA1, 0xBA, 0xE5, 0x37, 0x45, 0x1A, 0x0C, 0x59},
{0xC9, 0x49, 0xB9, 0xDB, 0x7E, 0x76, 0xC5, 0xC5, 0x0A, 0x87, 0xB7,
0x56, 0x88, 0x09, 0x21, 0xC6, 0xF6, 0x6C, 0xCC, 0x5E, 0x80, 0xFD,
0x05, 0xD0, 0x5F, 0xC6, 0x2E, 0x06, 0xA1, 0xBE, 0x5B, 0xA0},
},
};
const G2ElemStr EcGroupTest::efq2_mul_ab_str = {
{
{0x25, 0xCC, 0x11, 0x80, 0x8F, 0x08, 0x1D, 0x66, 0xF8, 0xDB, 0xBC,
0x98, 0x26, 0x24, 0x26, 0xCF, 0x04, 0x02, 0xB6, 0x99, 0x1B, 0x52,
0xA8, 0xE3, 0x4E, 0x9A, 0x85, 0xB0, 0x5C, 0xCE, 0xDD, 0xC5},
{0xFC, 0x3C, 0xC2, 0x2C, 0x4B, 0x63, 0x72, 0x5F, 0xA9, 0xF9, 0x8C,
0x62, 0xF4, 0xE7, 0x30, 0x71, 0x6F, 0x78, 0xF5, 0xFE, 0xF6, 0xDF,
0xF7, 0xB5, 0x21, 0x69, 0x7C, 0x50, 0xAC, 0x56, 0xD9, 0xB5},
},
{
{0xA5, 0xD6, 0xAB, 0x2D, 0xED, 0x8E, 0xFE, 0x43, 0xCB, 0xC9, 0xEF,
0x09, 0xC8, 0x2D, 0xE8, 0xD0, 0x3B, 0xC0, 0x5C, 0x7F, 0xE5, 0x3A,
0x1D, 0x72, 0xF2, 0xF5, 0x03, 0xBD, 0xE5, 0xEB, 0x08, 0xA0},
{0xE6, 0xF3, 0x59, 0xE4, 0xD2, 0x52, 0xFD, 0x4F, 0xEC, 0xCE, 0x49,
0x9F, 0x86, 0x50, 0x2D, 0x4A, 0x59, 0x2C, 0xA2, 0x4E, 0xE3, 0xFE,
0xF2, 0xFC, 0xB9, 0xF4, 0x22, 0x88, 0xBC, 0x79, 0x21, 0xD0},
},
};
const G2ElemStr EcGroupTest::efq2_exp_ax_str = {
{
{0xC0, 0x5A, 0x37, 0xAD, 0x08, 0xAB, 0x22, 0xCF, 0xF7, 0xF9, 0xCC,
0xD4, 0x5A, 0x47, 0x38, 0x82, 0xE1, 0xC2, 0x06, 0x35, 0x4D, 0x5B,
0x95, 0xA1, 0xA3, 0xC1, 0x83, 0x6C, 0x0F, 0x31, 0x24, 0xD2},
{0xC7, 0x86, 0xE1, 0x59, 0x63, 0xCE, 0x21, 0x2A, 0x57, 0x77, 0xE5,
0x48, 0xF7, 0x60, 0x21, 0x00, 0x40, 0x2F, 0x09, 0x18, 0x5C, 0x32,
0x32, 0x75, 0xD7, 0xB9, 0xE7, 0xB1, 0x95, 0xD5, 0xDF, 0x02},
},
{
{0xE5, 0xDE, 0xC6, 0x3E, 0x05, 0xFC, 0x6F, 0x7A, 0xE3, 0x2D, 0x7D,
0x90, 0x5F, 0x43, 0xE2, 0xB0, 0x9E, 0xCD, 0xEC, 0x7B, 0x37, 0x4C,
0x0A, 0x3E, 0x87, 0x4E, 0xE6, 0xDA, 0xD1, 0x90, 0xC0, 0xD1},
{0x70, 0x90, 0x54, 0x7F, 0x78, 0x93, 0xFA, 0xC4, 0xF7, 0x3A, 0x4D,
0xBC, 0x03, 0x5E, 0x83, 0xDF, 0xEF, 0xF7, 0x52, 0xF9, 0x64, 0x7F,
0x17, 0xC1, 0x69, 0xD6, 0xD7, 0x96, 0x18, 0x62, 0x46, 0xD1},
},
};
const G2ElemStr EcGroupTest::efq2_multiexp_abxy_str = {
{
{0xE8, 0x6E, 0x02, 0x7A, 0xEC, 0xEA, 0xBA, 0x7E, 0xE5, 0x7C, 0xAD,
0x98, 0x37, 0x54, 0xB2, 0x15, 0x64, 0x9C, 0x81, 0xFF, 0x69, 0xCC,
0xD6, 0xA6, 0xAA, 0xA7, 0x10, 0x4F, 0x9B, 0x0C, 0x50, 0x14},
{0x7C, 0xAF, 0xC0, 0x6F, 0xC8, 0x87, 0xFF, 0x4A, 0x6F, 0xB5, 0x9E,
0x63, 0x74, 0x20, 0xB5, 0xC6, 0x4F, 0x14, 0x0B, 0x6C, 0xBF, 0x00,
0x71, 0xE2, 0x6D, 0x6C, 0x41, 0x6A, 0x0B, 0xA5, 0x5B, 0xCF},
},
{
{0x16, 0xCC, 0x9B, 0x37, 0xE7, 0xCB, 0x16, 0x5C, 0x39, 0x7C, 0x10,
0x7E, 0xE0, 0xDD, 0x34, 0x90, 0xBE, 0x56, 0x28, 0x76, 0x27, 0x59,
0xCE, 0xB3, 0xD7, 0xB4, 0x56, 0xD4, 0x0D, 0xD1, 0xB8, 0xFB},
{0x5E, 0x9E, 0x27, 0x30, 0x60, 0x87, 0x3B, 0xA4, 0x9B, 0x15, 0xEE,
0x86, 0x15, 0x1D, 0xF4, 0xF3, 0x07, 0x31, 0x46, 0xFD, 0xB7, 0x51,
0xFF, 0xC0, 0x42, 0x94, 0x38, 0xB7, 0x84, 0x5F, 0x86, 0x3A},
},
};
const G2ElemStr EcGroupTest::efq2_inv_a_str = {
{
{0x2F, 0x8C, 0xC7, 0xD7, 0xD4, 0x1E, 0x4A, 0xCB, 0x82, 0x92, 0xC7,
0x9C, 0x0F, 0xA2, 0xF2, 0x1B, 0xDF, 0xEA, 0x96, 0x64, 0x8B, 0xA2,
0x32, 0x7C, 0xDF, 0xD8, 0x89, 0x10, 0xFD, 0xBB, 0x38, 0xCD},
{0xB1, 0x23, 0x46, 0x13, 0x4D, 0x9B, 0x8E, 0x8A, 0x95, 0x64, 0xDD,
0x37, 0x29, 0x44, 0x1F, 0x76, 0xB5, 0x3A, 0x47, 0xD3, 0xE0, 0x18,
0x1E, 0x60, 0xE9, 0x94, 0x13, 0xA4, 0x47, 0xCD, 0xBE, 0x03},
},
{
{0x2C, 0x98, 0x5A, 0x33, 0x10, 0x81, 0x1F, 0x3F, 0xFC, 0x66, 0x00,
0xCF, 0x87, 0xA6, 0x46, 0x18, 0x60, 0x11, 0x2F, 0x9B, 0xE9, 0x07,
0xE2, 0x2C, 0xE2, 0x4C, 0xBF, 0x50, 0x27, 0x1D, 0x57, 0xE1},
{0x93, 0xF5, 0x3A, 0xA7, 0x4E, 0xAE, 0x26, 0x48, 0x02, 0xA7, 0x13,
0xED, 0x52, 0xAA, 0x14, 0x86, 0x06, 0x09, 0xC5, 0xAC, 0x4B, 0x64,
0x16, 0x25, 0xEB, 0x12, 0x4B, 0x73, 0xD3, 0x13, 0xCB, 0x8F},
},
};
const G2ElemStr EcGroupTest::efq2_identity_str = {
{
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
},
{
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
},
};
// msg=aad, size=3
// algorithm code path: sqrt result <= modulus/2, high bit is 0
const G1ElemStr EcGroupTest::kAadHash = {
0xB2, 0x12, 0x39, 0x3A, 0xA0, 0xCF, 0xA0, 0xDE, 0xB8, 0x85, 0xE7,
0x5B, 0x1C, 0x13, 0x01, 0x0D, 0x0D, 0xA2, 0xBA, 0xC5, 0xB4, 0x3F,
0x5E, 0xC7, 0x5B, 0x5A, 0xE2, 0x49, 0x1B, 0x3F, 0x65, 0x08, 0xC2,
0x47, 0x40, 0xF3, 0xC7, 0x08, 0xA2, 0x41, 0x61, 0x99, 0x65, 0x4D,
0x82, 0x2B, 0x9A, 0x06, 0x2C, 0xDF, 0x07, 0x71, 0xCC, 0xFA, 0x73,
0x51, 0x45, 0x87, 0x55, 0x07, 0x17, 0xD1, 0x9C, 0x0B};
// msg=bsn0, size=4
// algorithm code path: sqrt result <= modulus/2, high bit is 1
const G1ElemStr EcGroupTest::kBsn0Hash = {
0x04, 0x0C, 0xB6, 0x57, 0x26, 0xD0, 0xE1, 0x48, 0x23, 0xC2, 0x40,
0x5A, 0x91, 0x7C, 0xC6, 0x33, 0xFE, 0x0C, 0xC2, 0x2B, 0x52, 0x9D,
0x6B, 0x87, 0xF9, 0xA7, 0x82, 0xCB, 0x36, 0x90, 0xFB, 0x09, 0x10,
0xB1, 0x55, 0xAD, 0x98, 0x0D, 0x4F, 0x94, 0xDD, 0xBE, 0x52, 0x21,
0x87, 0xC6, 0x3E, 0x52, 0x22, 0x83, 0xE3, 0x10, 0x36, 0xEF, 0xF8,
0x6B, 0x04, 0x4D, 0x9F, 0x14, 0xA8, 0x51, 0xAF, 0xC3};
// msg=test, size=4
// algorithm code path: sqrt result > modulus/2, high bit is 0
const G1ElemStr EcGroupTest::kTestHash = {
0x82, 0x14, 0xAD, 0xE2, 0x0E, 0xCC, 0x95, 0x27, 0x14, 0xD0, 0x70,
0xF1, 0x70, 0x17, 0xC2, 0xC2, 0x8C, 0x9F, 0x05, 0x79, 0xCD, 0xC8,
0x72, 0x55, 0xFE, 0xAB, 0x80, 0x6F, 0x40, 0x5A, 0x6E, 0x64, 0x37,
0x14, 0x7F, 0x8B, 0xF9, 0xD7, 0xEB, 0xA4, 0x5D, 0x9E, 0x57, 0x85,
0xFF, 0x0F, 0xE5, 0xC6, 0x73, 0x4F, 0x17, 0x19, 0x96, 0x31, 0x3A,
0xD1, 0xE1, 0x4E, 0xA8, 0xF9, 0x56, 0xD4, 0xBA, 0x4D};
// msg=aac, size=3
const G1ElemStr EcGroupTest::kAacHash = {
0xAF, 0x5C, 0xBC, 0xD4, 0x88, 0x18, 0xD0, 0x35, 0xBD, 0xE0, 0x2F,
0x77, 0x8B, 0x76, 0x52, 0x78, 0x92, 0x66, 0x36, 0x3A, 0x72, 0x15,
0x20, 0x84, 0xE7, 0x1E, 0xFE, 0x94, 0x77, 0xFD, 0x83, 0x08, 0xEF,
0x4B, 0x6B, 0xDE, 0x24, 0xD8, 0x42, 0x34, 0x88, 0xB8, 0x87, 0x4A,
0xA8, 0x5D, 0x5A, 0xC1, 0x82, 0xFF, 0xE5, 0x25, 0xD7, 0x20, 0x2D,
0x99, 0x49, 0xFE, 0x72, 0x34, 0xAA, 0xC9, 0xD2, 0xAA};
///////////////////////////////////////////////////////////////////////
// NewEcGroup
TEST_F(EcGroupTest, NewFailsGivenArgumentsMismatch) {
// construct Fq^2 finite field
FqElemStr beta_str = {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD,
0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F,
0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82,
0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x12}};
FfElementObj neg_beta(&fq);
THROW_ON_EPIDERR(FfNeg(fq, FfElementObj(&fq, beta_str), neg_beta));
FiniteFieldObj fq2(fq, neg_beta, 2);
FfElementObj fq2_a(&fq2);
FfElementObj fq2_b(&fq2);
FfElementObj g2_x(&fq2);
FfElementObj g2_y(&fq2);
EcGroup* g = nullptr;
EXPECT_EQ(kEpidBadArgErr, NewEcGroup(fq2, this->fq_a, this->fq_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g));
DeleteEcGroup(&g);
EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, fq2_a, this->fq_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g));
DeleteEcGroup(&g);
EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, this->fq_a, fq2_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g));
DeleteEcGroup(&g);
EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, this->fq_a, this->fq_b, g2_x,
this->g1_y, this->bn_p, this->bn_h, &g));
DeleteEcGroup(&g);
EXPECT_EQ(kEpidBadArgErr,
NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, g2_y,
this->bn_p, this->bn_h, &g));
DeleteEcGroup(&g);
}
TEST_F(EcGroupTest, NewFailsGivenNullParameters) {
EcGroup* g;
EpidStatus sts;
sts = NewEcGroup(this->fq, nullptr, this->fq_b, this->g1_x, this->g1_y,
this->bn_p, this->bn_h, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, nullptr, this->g1_x, this->g1_y,
this->bn_p, this->bn_h, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, nullptr, this->g1_y,
this->bn_p, this->bn_h, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, nullptr,
this->bn_p, this->bn_h, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
nullptr, this->bn_h, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
this->bn_p, nullptr, &g);
EXPECT_EQ(kEpidBadArgErr, sts);
sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
this->bn_p, this->bn_h, nullptr);
EXPECT_EQ(kEpidBadArgErr, sts);
}
TEST_F(EcGroupTest, CanCreateEcGroupBasedOnFq) {
EcGroup* g;
EpidStatus sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g);
EXPECT_EQ(kEpidNoErr, sts);
DeleteEcGroup(&g);
}
TEST_F(EcGroupTest, CanCreateEcGroupBasedOnFq2) {
EcGroup* g;
EXPECT_EQ(kEpidNoErr,
NewEcGroup(efq2_par->fq2, efq2_par->a, efq2_par->b, efq2_par->x,
efq2_par->y, efq2_par->order, efq2_par->cofactor, &g));
DeleteEcGroup(&g);
}
///////////////////////////////////////////////////////////////////////
// DeleteEcGroup
TEST_F(EcGroupTest, DeleteWorksGivenNewlyCreatedEcGroup) {
EcGroup* g;
THROW_ON_EPIDERR(NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g));
EXPECT_NO_THROW(DeleteEcGroup(&g));
}
TEST_F(EcGroupTest, DeleteWorksGivenNewlyCreatedEcGroupFq2) {
EcGroup* g;
THROW_ON_EPIDERR(NewEcGroup(efq2_par->fq2, efq2_par->a, efq2_par->b,
efq2_par->x, efq2_par->y, efq2_par->order,
efq2_par->cofactor, &g));
EXPECT_NO_THROW(DeleteEcGroup(&g));
}
TEST_F(EcGroupTest, DeleteNullsPointer) {
EcGroup* g = nullptr;
THROW_ON_EPIDERR(NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
this->g1_y, this->bn_p, this->bn_h, &g));
EXPECT_NO_THROW(DeleteEcGroup(&g));
EXPECT_EQ(nullptr, g);
}
TEST_F(EcGroupTest, DeleteWorksGivenNullPointer) {
EXPECT_NO_THROW(DeleteEcGroup(nullptr));
EcGroup* g = nullptr;
EXPECT_NO_THROW(DeleteEcGroup(&g));
}
///////////////////////////////////////////////////////////////////////
// NewEcPoint
TEST_F(EcGroupTest, NewEcPointSucceedsGivenEcGroupBasedOnFq) {
EcPoint* point = nullptr;
EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq, &point));
DeleteEcPoint(&point);
}
TEST_F(EcGroupTest, NewEcPointFailsGivenNullPointer) {
EcPoint* point = nullptr;
EXPECT_EQ(kEpidBadArgErr, NewEcPoint(nullptr, &point));
EXPECT_EQ(kEpidBadArgErr, NewEcPoint(this->efq, nullptr));
DeleteEcPoint(&point);
}
TEST_F(EcGroupTest, NewEcPointSucceedsGivenEcGroupBasedOnFq2) {
EcPoint* point = nullptr;
EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq2, &point));
DeleteEcPoint(&point);
}
TEST_F(EcGroupTest, DefaultEcPointIsIdentity) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EcPoint* point = nullptr;
EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq, &point));
EpidStatus sts =
WriteEcPoint(this->efq, point, &g1_elem_str, sizeof(g1_elem_str));
EXPECT_EQ(this->efq_identity_str, g1_elem_str);
DeleteEcPoint(&point);
THROW_ON_EPIDERR(sts);
G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq2, &point));
sts = WriteEcPoint(this->efq2, point, &g2_elem_str, sizeof(g2_elem_str));
EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
DeleteEcPoint(&point);
THROW_ON_EPIDERR(sts);
}
///////////////////////////////////////////////////////////////////////
// DeleteEcPoint
TEST_F(EcGroupTest, DeleteEcPointNullsPointer) {
EcPoint* point = nullptr;
THROW_ON_EPIDERR(NewEcPoint(this->efq, &point));
EXPECT_NO_THROW(DeleteEcPoint(&point));
EXPECT_EQ(nullptr, point);
}
TEST_F(EcGroupTest, DeleteEcPointWorksGivenNullPointer) {
EXPECT_NO_THROW(DeleteEcPoint(nullptr));
EcPoint* point = nullptr;
EXPECT_NO_THROW(DeleteEcPoint(&point));
EXPECT_EQ(nullptr, point);
}
///////////////////////////////////////////////////////////////////////
// ReadEcPoint
TEST_F(EcGroupTest, ReadFailsGivenNullPointer) {
EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(nullptr, &(this->efq_a_str),
sizeof(this->efq_a_str), this->efq_a));
EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, nullptr,
sizeof(this->efq_a_str), this->efq_a));
EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, &(this->efq_a_str),
sizeof(this->efq_a_str), nullptr));
}
TEST_F(EcGroupTest, ReadFailsGivenInvalidBufferSize) {
EXPECT_EQ(kEpidBadArgErr,
ReadEcPoint(this->efq, &(this->efq_a_str), 0, this->efq_a));
EXPECT_EQ(kEpidBadArgErr,
ReadEcPoint(this->efq, &(this->efq_a_str),
sizeof(this->efq_a_str) - 1, this->efq_a));
EXPECT_EQ(kEpidBadArgErr,
ReadEcPoint(this->efq, &(this->efq_a_str),
std::numeric_limits<size_t>::max(), this->efq_a));
}
TEST_F(EcGroupTest, ReadEcPointReadsG1PointCorrectly) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, ReadEcPoint(this->efq, &this->efq_a_str,
sizeof(this->efq_a_str), this->efq_a));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, sizeof(g1_elem_str)));
EXPECT_EQ(this->efq_a_str, g1_elem_str);
}
TEST_F(EcGroupTest, ReadEcPointReadsG1IdentityPointCorrectly) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr,
ReadEcPoint(this->efq, &this->efq_identity_str,
sizeof(this->efq_identity_str), this->efq_a));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, sizeof(g1_elem_str)));
EXPECT_EQ(this->efq_identity_str, g1_elem_str);
}
TEST_F(EcGroupTest, ReadEcPointReadsG2IdentityPointCorrectly) {
G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr,
ReadEcPoint(this->efq2, &this->efq2_identity_str,
sizeof(this->efq2_identity_str), this->efq2_r));
THROW_ON_EPIDERR(WriteEcPoint(this->efq2, this->efq2_r, &g2_elem_str,
sizeof(g2_elem_str)));
EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
}
TEST_F(EcGroupTest, ReadEcPointReadsG2PointCorrectly) {
G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, ReadEcPoint(this->efq2, &this->efq2_a_str,
sizeof(this->efq2_a_str), this->efq2_r));
THROW_ON_EPIDERR(WriteEcPoint(this->efq2, this->efq2_r, &g2_elem_str,
sizeof(g2_elem_str)));
EXPECT_EQ(this->efq2_a_str, g2_elem_str);
}
TEST_F(EcGroupTest, ReadFailsGivenPointDoesNotBelongToEcGroup) {
G1ElemStr bad_g1_point = this->efq_a_str;
bad_g1_point.x.data.data[31]++; // make point not belong to the group
EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, &bad_g1_point,
sizeof(bad_g1_point), this->efq_a));
G2ElemStr bad_g2_point = this->efq2_a_str;
bad_g2_point.x[0].data.data[31]++; // make point not belong to the group
EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq2, &bad_g2_point,
sizeof(bad_g2_point), this->efq2_a));
}
///////////////////////////////////////////////////////////////////////
// WriteEcPoint
TEST_F(EcGroupTest, WriteFailsGivenNullPointer) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(nullptr, this->efq_a, &g1_elem_str,
sizeof(g1_elem_str)));
EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, nullptr, &g1_elem_str,
sizeof(g1_elem_str)));
EXPECT_EQ(kEpidBadArgErr,
WriteEcPoint(this->efq, this->efq_a, nullptr, sizeof(g1_elem_str)));
}
TEST_F(EcGroupTest, WriteFailsGivenInvalidBufferSize) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidBadArgErr,
WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, 0));
EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
sizeof(g1_elem_str) - 1));
EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
std::numeric_limits<size_t>::max()));
}
TEST_F(EcGroupTest, WriteEcPointWritesG1PointCorrectly) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
sizeof(g1_elem_str)));
EXPECT_EQ(this->efq_a_str, g1_elem_str);
}
TEST_F(EcGroupTest, WriteEcPointWritesG1IdentityPointCorrectly) {
G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq, this->efq_identity,
&g1_elem_str, sizeof(g1_elem_str)));
EXPECT_EQ(this->efq_identity_str, g1_elem_str);
}
TEST_F(EcGroupTest, WriteEcPointWritesG2IdentityPointCorrectly) {
G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq2, this->efq2_identity,
&g2_elem_str, sizeof(g2_elem_str)));
EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
}
TEST_F(EcGroupTest, WriteEcPointWritesG2PointCorrectly) {
G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq2, this->efq2_a, &g2_elem_str,
sizeof(g2_elem_str)));
EXPECT_EQ(this->efq2_a_str, g2_elem_str);
}
///////////////////////////////////////////////////////////////////////
// EcMul
TEST_F(EcGroupTest, MulFailsGivenArgumentsMismatch) {
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq2, this->efq_a, this->efq_b, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, this->efq2_a, this->efq_b, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, this->efq_a, this->efq2_b, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, this->efq_a, this->efq_b, this->efq2_r));
}
TEST_F(EcGroupTest, MulFailsGivenNullPointer) {
EXPECT_EQ(kEpidBadArgErr,
EcMul(nullptr, this->efq_a, this->efq_b, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, nullptr, this->efq_b, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, this->efq_a, nullptr, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMul(this->efq, this->efq_a, this->efq_b, nullptr));
}
TEST_F(EcGroupTest, MulSucceedsGivenIdentityElement) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq, this->efq_a, this->efq_identity, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_a_str, efq_r_str);
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq, this->efq_identity, this->efq_a, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_a_str, efq_r_str);
}
TEST_F(EcGroupTest, MulSucceedsGivenTwoElements) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq, this->efq_a, this->efq_b, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_mul_ab_str, efq_r_str);
}
TEST_F(EcGroupTest, MulSucceedsGivenG2IdentityElement) {
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq2, this->efq2_a, this->efq2_identity, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_a_str, efq2_r_str);
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq2, this->efq2_identity, this->efq2_a, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_a_str, efq2_r_str);
}
TEST_F(EcGroupTest, MulSucceedsGivenTwoG2Elements) {
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr,
EcMul(this->efq2, this->efq2_a, this->efq2_b, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_mul_ab_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcExp
TEST_F(EcGroupTest, ExpFailsGivenArgumentsMismatch) {
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq2, this->efq_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq, this->efq2_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq, this->efq_a, &zero_bn_str, this->efq2_r));
}
TEST_F(EcGroupTest, ExpFailsGivenNullPointer) {
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidBadArgErr,
EcExp(nullptr, this->efq_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq, nullptr, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq, this->efq_a, nullptr, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcExp(this->efq, this->efq_a, &zero_bn_str, nullptr));
}
TEST_F(EcGroupTest, ExpSucceedsGivenZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidNoErr,
EcExp(this->efq, this->efq_a, &zero_bn_str, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, ExpResultIsCorrect) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr,
EcExp(this->efq, this->efq_a, &this->x_str, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
}
TEST_F(EcGroupTest, ExpSucceedsGivenG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidNoErr,
EcExp(this->efq2, this->efq2_a, &zero_bn_str, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, ExpResultIsCorrectForG2) {
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr,
EcExp(this->efq2, this->efq2_a, &this->x_str, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcSscmExp
TEST_F(EcGroupTest, SscmExpFailsGivenArgumentsMismatch) {
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq2, this->efq_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq, this->efq2_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq, this->efq_a, &zero_bn_str, this->efq2_r));
}
TEST_F(EcGroupTest, SscmExpFailsGivenNullPointer) {
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(nullptr, this->efq_a, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq, nullptr, &zero_bn_str, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq, this->efq_a, nullptr, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmExp(this->efq, this->efq_a, &zero_bn_str, nullptr));
}
TEST_F(EcGroupTest, SscmExpSucceedsGivenZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidNoErr,
EcSscmExp(this->efq, this->efq_a, &zero_bn_str, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmExpResultIsCorrect) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr,
EcSscmExp(this->efq, this->efq_a, &this->x_str, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmExpSucceedsGivenG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EXPECT_EQ(kEpidNoErr,
EcSscmExp(this->efq2, this->efq2_a, &zero_bn_str, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmExpResultIsCorrectForG2) {
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr,
EcSscmExp(this->efq2, this->efq2_a, &this->x_str, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcMultiExp
TEST_F(EcGroupTest, MultiExpFailsGivenArgumentsMismatch) {
EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumStr const* b[] = {&bnm0, &bnm1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq2, pts_ec1, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts_ec2, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts_ec1, b, m, this->efq2_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExp(this->efq, pts_ec1_ec2, b, m, this->efq_r));
}
TEST_F(EcGroupTest, MultiExpFailsGivenNullPointer) {
EcPoint const* pts[] = {this->efq_a, this->efq_b};
EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumStr const* b[] = {&bnm0, &bnm1};
BigNumStr const* b_withnull[] = {nullptr, &bnm1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(nullptr, pts, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, nullptr, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExp(this->efq, pts, nullptr, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts, b, m, nullptr));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExp(this->efq, pts_withnull, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExp(this->efq, pts, b_withnull, m, this->efq_r));
}
TEST_F(EcGroupTest, MultiExpWorksGivenOneZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a};
BigNumStr const* b[] = {&zero_bn_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenTwoZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenSixZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
this->efq_a, this->efq_a, this->efq_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
&zero_bn_str, &zero_bn_str, &zero_bn_str};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenOneG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenTwoG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenSixG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
this->efq2_a, this->efq2_a, this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
&zero_bn_str, &zero_bn_str, &zero_bn_str};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenOneExponent) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a};
BigNumStr const* b[] = {&this->x_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenTwoExponents) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a, this->efq_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenOneG2Exponent) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a};
BigNumStr const* b[] = {&this->x_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksGivenTwoG2Exponents) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpWorksTwiceGivenSameOutputBuf) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EcPointObj temp(&this->efq2);
G2ElemStr temp_str;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
temp = this->efq2_r;
EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
EXPECT_EQ(temp_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcMultiExpBn
TEST_F(EcGroupTest, MultiExpBnFailsGivenArgumentsMismatch) {
EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumObj bno0(bnm0);
BigNumObj bno1(bnm1);
BigNum const* b[] = {bno0, bno1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq2, pts_ec1, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts_ec2, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts_ec1, b, m, this->efq2_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts_ec1_ec2, b, m, this->efq_r));
}
TEST_F(EcGroupTest, MultiExpBnFailsGivenNullPointer) {
EcPoint const* pts[] = {this->efq_a, this->efq_b};
EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumObj bno0(bnm0);
BigNumObj bno1(bnm1);
BigNum const* b[] = {bno0, bno1};
BigNum const* b_withnull[] = {nullptr, bno1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr, EcMultiExpBn(nullptr, pts, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, nullptr, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts, nullptr, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMultiExpBn(this->efq, pts, b, m, nullptr));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts_withnull, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcMultiExpBn(this->efq, pts, b_withnull, m, this->efq_r));
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenOneZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a};
BigNumObj bno_zero(zero_bn_str);
BigNum const* b[] = {bno_zero};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoZeroExponents) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a};
BigNumObj bno_zero0(zero_bn_str);
BigNumObj bno_zero1(zero_bn_str);
BigNum const* b[] = {bno_zero0, bno_zero1};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenSixZeroExponents) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
this->efq_a, this->efq_a, this->efq_a};
BigNumObj bno_zero0(zero_bn_str);
BigNumObj bno_zero1(zero_bn_str);
BigNumObj bno_zero2(zero_bn_str);
BigNumObj bno_zero3(zero_bn_str);
BigNumObj bno_zero4(zero_bn_str);
BigNumObj bno_zero5(zero_bn_str);
BigNum const* b[] = {bno_zero0, bno_zero1, bno_zero2,
bno_zero3, bno_zero4, bno_zero5};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenOneG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a};
BigNumObj bno_zero(zero_bn_str);
BigNum const* b[] = {bno_zero};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoG2ZeroExponents) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
BigNumObj bno_zero0(zero_bn_str);
BigNumObj bno_zero1(zero_bn_str);
BigNum const* b[] = {bno_zero0, bno_zero1};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenSixG2ZeroExponents) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
BigNumObj bno_zero0(zero_bn_str);
BigNumObj bno_zero1(zero_bn_str);
BigNumObj bno_zero2(zero_bn_str);
BigNumObj bno_zero3(zero_bn_str);
BigNumObj bno_zero4(zero_bn_str);
BigNumObj bno_zero5(zero_bn_str);
EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
this->efq2_a, this->efq2_a, this->efq2_a};
BigNum const* b[] = {bno_zero0, bno_zero1, bno_zero2,
bno_zero3, bno_zero4, bno_zero5};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenOneExponent) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a};
BigNumObj bno_x(this->x_str);
BigNum const* b[] = {bno_x};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoExponents) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a, this->efq_b};
BigNumObj bno_x(this->x_str);
BigNumObj bno_y(this->y_str);
BigNum const* b[] = {bno_x, bno_y};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenOneG2Exponent) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a};
BigNumObj bno_x(this->x_str);
BigNum const* b[] = {bno_x};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoG2Exponents) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumObj bno_x(this->x_str);
BigNumObj bno_y(this->y_str);
BigNum const* b[] = {bno_x, bno_y};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksTwiceGivenSameOutputBuf) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumObj bno_x(this->x_str);
BigNumObj bno_y(this->y_str);
BigNum const* b[] = {bno_x, bno_y};
size_t m = 2;
EcPointObj temp(&this->efq2);
G2ElemStr temp_str;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
temp = this->efq2_r;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
EXPECT_EQ(temp_str, efq2_r_str);
}
TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoDifferentSizeG3Exponents) {
const G1ElemStr g3_b_str = {
{{{
0x09, 0x0d, 0x6f, 0x82, 0x77, 0x88, 0x49, 0x53, 0xba, 0x1e, 0x1b,
0x0e, 0x5e, 0xae, 0xc0, 0x27, 0xad, 0xe3, 0xb1, 0x09, 0x4f, 0xcd,
0xb6, 0xe6, 0x6f, 0x7f, 0xa3, 0x1a, 0x1e, 0xfb, 0x52, 0x72,
}}},
{{{
0xfa, 0x85, 0x0f, 0x5c, 0x97, 0x61, 0xbf, 0x46, 0x7e, 0xec, 0xd6,
0x64, 0xda, 0xa9, 0x8e, 0xf5, 0xd3, 0xdf, 0xfa, 0x13, 0x5a, 0xb2,
0x3e, 0xeb, 0x0a, 0x9d, 0x02, 0xc0, 0x33, 0xec, 0x2a, 0x70,
}}}};
const G1ElemStr g3_k_str = {
{{{
0x41, 0xb7, 0xa4, 0xc8, 0x43, 0x3f, 0x0b, 0xc2, 0x80, 0x31, 0xbe,
0x75, 0x65, 0xe9, 0xbb, 0x81, 0x73, 0x5b, 0x91, 0x4f, 0x3f, 0xd7,
0xbe, 0xb5, 0x19, 0x56, 0x3f, 0x18, 0x95, 0xea, 0xc1, 0xd7,
}}},
{{{
0xa4, 0x5e, 0xb9, 0x86, 0xfc, 0xe5, 0xc4, 0x0f, 0x54, 0x37, 0xab,
0xed, 0x59, 0x20, 0xce, 0x67, 0x68, 0x3c, 0x25, 0x4d, 0xbc, 0x5f,
0x6a, 0x4d, 0x5a, 0xa7, 0x93, 0xce, 0x90, 0x2d, 0x3e, 0x5a,
}}}};
EcPointObj B(&this->epid11_G3, g3_b_str);
EcPointObj K(&this->epid11_G3, g3_k_str);
EcPoint const* pts[] = {B, K};
const std::vector<uint8_t> bnm_sf_str = {
0x00, 0x3c, 0xc1, 0x73, 0x35, 0x3c, 0x99, 0x61, 0xb0, 0x80, 0x9a,
0x0e, 0x8d, 0xbf, 0x5d, 0x0b, 0xa9, 0x18, 0x2b, 0x36, 0x3c, 0x06,
0xbc, 0x1c, 0xc7, 0x9f, 0x76, 0xba, 0x5a, 0x26, 0xcd, 0x5e, 0x24,
0xb9, 0x68, 0xde, 0x47, 0x72, 0xf9, 0xf9, 0x1e, 0xaa, 0x74, 0x17,
0x31, 0xe4, 0x66, 0x59, 0x69, 0xe5, 0x9e, 0x27, 0x1d, 0x57, 0xe5,
0x39, 0x57, 0xd4, 0xc5, 0x78, 0xf2, 0x77, 0x5c, 0x9f, 0x6c, 0xfe,
0x12, 0x00, 0xa8, 0xe0, 0xd3, 0x81, 0x38, 0xaa, 0x5a};
const BigNumStr bnm_nc_tick_str = {{{
0xcd, 0x2e, 0xe8, 0xf4, 0x85, 0x95, 0x04, 0x09, 0xbd, 0xa4, 0xfa,
0x07, 0xe3, 0x1c, 0xb9, 0x5a, 0x82, 0x73, 0xa6, 0xea, 0x47, 0x5c,
0x31, 0x74, 0x3c, 0x0a, 0xeb, 0x62, 0x94, 0x2f, 0x7b, 0x10,
}}};
BigNumObj bno_sf(bnm_sf_str);
// In order to callculate exp sf data should be devided by group order
THROW_ON_EPIDERR(BigNumMod(bno_sf, epid11_p_tick, bno_sf));
BigNumObj bno_nc_tick(bnm_nc_tick_str);
BigNum const* b[] = {bno_sf, bno_nc_tick};
EcPointObj R3 = EcPointObj(&this->epid11_G3);
const std::vector<uint8_t> expected_r_str = {
// X
0x1E, 0xDF, 0x9E, 0xA5, 0xF5, 0xED, 0xB3, 0x3F, 0xCC, 0x83, 0x10, 0x5E,
0x3E, 0xB7, 0xE5, 0x06, 0x5F, 0x19, 0xF9, 0xFD, 0xE9, 0x57, 0x0B, 0x31,
0xC8, 0xDA, 0x0A, 0x7B, 0xCD, 0xB5, 0xAA, 0x2E,
// Y
0x6A, 0x6B, 0x5A, 0x8D, 0x48, 0x5F, 0x2F, 0x72, 0x77, 0x93, 0xD6, 0xD0,
0x49, 0xE1, 0x84, 0x35, 0x98, 0xF1, 0xDE, 0x71, 0xC5, 0xF4, 0x40, 0xFB,
0x1C, 0x75, 0x83, 0xD7, 0x4F, 0x58, 0x0A, 0x8D};
std::vector<uint8_t> g3_r_str;
g3_r_str.resize(expected_r_str.size(), 0);
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->epid11_G3, pts, b, m, R3));
THROW_ON_EPIDERR(
WriteEcPoint(this->epid11_G3, R3, g3_r_str.data(), g3_r_str.size()));
EXPECT_EQ(g3_r_str, expected_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcSscmMultiExp
TEST_F(EcGroupTest, SscmMultiExpFailsGivenArgumentsMismatch) {
EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumStr const* b[] = {&bnm0, &bnm1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq2, pts_ec1, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts_ec2, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts_ec1, b, m, this->efq2_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts_ec1_ec2, b, m, this->efq_r));
}
TEST_F(EcGroupTest, SscmMultiExpFailsGivenNullPointer) {
EcPoint const* pts[] = {this->efq_a, this->efq_b};
EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
BigNumStr const* b[] = {&bnm0, &bnm1};
BigNumStr const* b_withnull[] = {nullptr, &bnm1};
size_t m = 2;
EXPECT_EQ(kEpidBadArgErr, EcSscmMultiExp(nullptr, pts, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, nullptr, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts, nullptr, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcSscmMultiExp(this->efq, pts, b, m, nullptr));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts_withnull, b, m, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcSscmMultiExp(this->efq, pts, b_withnull, m, this->efq_r));
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a};
BigNumStr const* b[] = {&zero_bn_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenSixZeroExponent) {
G1ElemStr efq_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
this->efq_a, this->efq_a, this->efq_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
&zero_bn_str, &zero_bn_str, &zero_bn_str};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenSixG2ZeroExponent) {
G2ElemStr efq2_r_str;
BigNumStr zero_bn_str = {0};
EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
this->efq2_a, this->efq2_a, this->efq2_a};
BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
&zero_bn_str, &zero_bn_str, &zero_bn_str};
size_t m = 6;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneExponent) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a};
BigNumStr const* b[] = {&this->x_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoExponents) {
G1ElemStr efq_r_str;
EcPoint const* pts[] = {this->efq_a, this->efq_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneG2Exponent) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a};
BigNumStr const* b[] = {&this->x_str};
size_t m = 1;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoG2Exponents) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
}
TEST_F(EcGroupTest, SscmMultiExpWorksTwiceGivenSameOutputBuf) {
G2ElemStr efq2_r_str;
EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
BigNumStr const* b[] = {&this->x_str, &this->y_str};
size_t m = 2;
EcPointObj temp(&this->efq2);
G2ElemStr temp_str;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
temp = this->efq2_r;
EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
EXPECT_EQ(temp_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcGetRandom
TEST_F(EcGroupTest, GetRandomFailsGivenArgumentsMismatch) {
Prng my_prng;
EXPECT_EQ(kEpidBadArgErr,
EcGetRandom(this->efq2, &Prng::Generate, &my_prng, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcGetRandom(this->efq, &Prng::Generate, &my_prng, this->efq2_r));
}
TEST_F(EcGroupTest, GetRandomFailsGivenNullPointer) {
Prng my_prng;
EXPECT_EQ(kEpidBadArgErr,
EcGetRandom(nullptr, &Prng::Generate, &my_prng, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcGetRandom(this->efq, nullptr, &my_prng, this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
EcGetRandom(this->efq, &Prng::Generate, &my_prng, nullptr));
}
TEST_F(EcGroupTest, GetRandomGeneratesDifferentECPoints) {
Prng my_prng;
EcPointObj r1(&this->efq);
EcPointObj r2(&this->efq);
bool result;
// __LINE__ makes sure that r1 and r2 are generated using distinct seeds
my_prng.set_seed(__LINE__);
EXPECT_EQ(kEpidNoErr, EcGetRandom(this->efq, &Prng::Generate, &my_prng, r1));
my_prng.set_seed(__LINE__);
EXPECT_EQ(kEpidNoErr, EcGetRandom(this->efq, &Prng::Generate, &my_prng, r2));
THROW_ON_EPIDERR(EcIsEqual(this->efq, r1, r2, &result));
EXPECT_FALSE(result);
}
///////////////////////////////////////////////////////////////////////
// EcInGroup
TEST_F(EcGroupTest, InGroupFailsGivenNullPointer) {
bool in_group;
EXPECT_EQ(kEpidBadArgErr, EcInGroup(nullptr, &(this->efq_a_str),
sizeof(this->efq_a_str), &in_group));
EXPECT_EQ(kEpidBadArgErr,
EcInGroup(this->efq, nullptr, sizeof(this->efq_a_str), &in_group));
EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq, &(this->efq_a_str),
sizeof(this->efq_a_str), nullptr));
}
TEST_F(EcGroupTest, InGroupFailsGivenInvalidBufferSize) {
bool in_group;
EXPECT_EQ(kEpidBadArgErr,
EcInGroup(this->efq, &(this->efq_a_str), 0, &in_group));
EXPECT_EQ(kEpidBadArgErr,
EcInGroup(this->efq, &(this->efq_a_str),
std::numeric_limits<size_t>::max(), &in_group));
#if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
EXPECT_EQ(kEpidBadArgErr,
EcInGroup(this->efq, &(this->efq_a_str), 0x100000001, &in_group));
#endif
}
TEST_F(EcGroupTest, InGroupDetectsElementNotInGroup) {
// element be not in group if Y coordinate increased by 1
G1ElemStr p_str = this->efq_a_str;
p_str.y.data.data[31] -= 1;
bool in_group;
EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq, &p_str, sizeof(p_str), &in_group));
EXPECT_FALSE(in_group);
G2ElemStr p2_str = this->efq2_a_str;
p2_str.y[0].data.data[31] -= 1;
EXPECT_EQ(kEpidNoErr,
EcInGroup(this->efq2, &p2_str, sizeof(p2_str), &in_group));
EXPECT_FALSE(in_group);
}
TEST_F(EcGroupTest, InGroupDetectsIdentityElementInGroup) {
bool in_group;
EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq, &(this->efq_identity_str),
sizeof(this->efq_identity_str), &in_group));
EXPECT_TRUE(in_group);
EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq2, &(this->efq2_identity_str),
sizeof(this->efq2_identity_str), &in_group));
EXPECT_TRUE(in_group);
}
TEST_F(EcGroupTest, InGroupFailsGivenContextMismatch) {
bool in_group;
EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq2, &(this->efq_a_str),
sizeof(this->efq_a_str), &in_group));
EXPECT_FALSE(in_group);
EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq, &(this->efq2_a_str),
sizeof(this->efq2_a_str), &in_group));
EXPECT_FALSE(in_group);
}
///////////////////////////////////////////////////////////////////////
// EcHash
TEST_F(EcGroupTest, HashFailsGivenArgumentsMismatch) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
EcHash(this->efq2, msg, sizeof(msg), kSha256, this->efq_r, NULL));
EXPECT_EQ(kEpidBadArgErr,
EcHash(this->efq, msg, sizeof(msg), kSha256, this->efq2_r, NULL));
}
TEST_F(EcGroupTest, HashFailsGivenNullPointer) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
EcHash(nullptr, msg, sizeof(msg), kSha256, this->efq_r, NULL));
EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, nullptr, sizeof(msg), kSha256,
this->efq_r, NULL));
EXPECT_EQ(kEpidBadArgErr,
EcHash(this->efq, msg, sizeof(msg), kSha256, nullptr, NULL));
}
TEST_F(EcGroupTest, HashFailsGivenUnsupportedHashAlg) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidHashAlgorithmNotSupported,
EcHash(this->efq, msg, sizeof(msg), kSha3_256, this->efq_r, NULL));
EXPECT_EQ(kEpidHashAlgorithmNotSupported,
EcHash(this->efq, msg, sizeof(msg), kSha3_384, this->efq_r, NULL));
EXPECT_EQ(kEpidHashAlgorithmNotSupported,
EcHash(this->efq, msg, sizeof(msg), kSha3_512, this->efq_r, NULL));
}
TEST_F(EcGroupTest, HashFailsGivenIncorrectMsgLen) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
EcHash(this->efq, nullptr, 1, kSha256, this->efq_r, NULL));
EXPECT_EQ(kEpidBadArgErr,
EcHash(this->efq, msg, std::numeric_limits<size_t>::max(), kSha256,
this->efq_r, NULL));
EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, msg, (size_t)INT_MAX + 1, kSha256,
this->efq_r, NULL));
#if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, msg, (size_t)0x100000001, kSha256,
this->efq_r, NULL));
#endif
}
TEST_F(EcGroupTest, HashAcceptsZeroLengthMessage) {
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, "", 0, kSha256, this->efq_r, NULL));
}
TEST_F(EcGroupTest, HashWorksGivenSHA256HashAlg) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha256,
this->efq_r, NULL));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_r_sha256_str, efq_r_str);
}
TEST_F(EcGroupTest, HashWorksGivenSHA384HashAlg) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha384,
this->efq_r, NULL));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_r_sha384_str, efq_r_str);
}
TEST_F(EcGroupTest, HashWorksGivenSHA512HashAlg) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512,
this->efq_r, NULL));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_r_sha512_str, efq_r_str);
}
TEST_F(EcGroupTest, HashWorksGivenSHA512256HashAlg) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512_256,
this->efq_r, NULL));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_r_sha512256_str, efq_r_str);
}
TEST_F(EcGroupTest, HashReturnsValidISha256) {
uint32_t i = 0;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha256,
this->efq_r, &i));
EXPECT_EQ((uint32_t)4, i);
}
TEST_F(EcGroupTest, HashReturnsValidISha384) {
uint32_t i = 0;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha384,
this->efq_r, &i));
EXPECT_EQ((uint32_t)0, i);
}
TEST_F(EcGroupTest, HashReturnsValidISha512) {
uint32_t i = 0;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512,
this->efq_r, &i));
EXPECT_EQ((uint32_t)1, i);
}
TEST_F(EcGroupTest, HashReturnsValidISha512256) {
uint32_t i = 0;
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512_256,
this->efq_r, &i));
EXPECT_EQ((uint32_t)0, i);
}
TEST_F(EcGroupTest, HashWorksForArbitraryMsg) {
uint32_t i = 0;
std::vector<uint8_t> msg_aad = {'a', 'a', 'd'};
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_aad.data(), msg_aad.size(),
kSha512, this->efq_r, &i));
G1ElemStr exp_aad = {
0x5e, 0x73, 0xbe, 0x39, 0x6b, 0xd8, 0x50, 0x2f, 0xb1, 0x93, 0xbf,
0x9a, 0x3f, 0x42, 0x9d, 0x2a, 0xeb, 0xb7, 0x89, 0xb6, 0xcf, 0x52,
0x78, 0x61, 0x19, 0x24, 0xae, 0x56, 0xb3, 0x15, 0xd6, 0x7e, 0x0d,
0xb4, 0x3c, 0x33, 0xf3, 0x0a, 0xf1, 0x80, 0x21, 0x23, 0xd5, 0x6c,
0x4a, 0xb6, 0x68, 0xcf, 0xa9, 0xcd, 0x44, 0x91, 0xc9, 0x6b, 0x50,
0x96, 0x0f, 0x13, 0x47, 0x2d, 0x0b, 0xd5, 0x19, 0x68};
G1ElemStr res_aad;
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &res_aad, sizeof(res_aad)));
EXPECT_EQ(exp_aad, res_aad);
i = 0;
std::vector<uint8_t> msg_1_MB(1024 * 1024); // exactly 1 MB;
uint8_t c = 0;
for (size_t j = 0; j < msg_1_MB.size(); ++j) {
msg_1_MB[j] = c++;
}
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_1_MB.data(), msg_1_MB.size(),
kSha512, this->efq_r, &i));
G1ElemStr exp_1_MB = {
0xd8, 0xf7, 0xcd, 0x26, 0xa1, 0x86, 0x2e, 0x25, 0xa5, 0x17, 0x84,
0x98, 0x80, 0x5b, 0xb6, 0x10, 0x1c, 0x0d, 0xe1, 0xf4, 0xaa, 0x50,
0xfa, 0xdd, 0x67, 0x2f, 0xfd, 0x96, 0x95, 0x57, 0x1d, 0x0f, 0x92,
0xcd, 0xd1, 0x99, 0x27, 0x29, 0xbe, 0x7c, 0x66, 0x27, 0x8e, 0x5b,
0xc7, 0x0f, 0x9f, 0xad, 0xd7, 0x29, 0x54, 0x0f, 0xea, 0xa8, 0x01,
0x42, 0xf9, 0x47, 0x1d, 0xec, 0x5c, 0x0c, 0x2e, 0xdb};
G1ElemStr res_1_MB;
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &res_1_MB, sizeof(res_1_MB)));
EXPECT_EQ(exp_1_MB, res_1_MB);
i = 0;
std::vector<uint8_t> msg_1_MB_Minus_2(1024 * 1024 - 2); // exactly 1 MB;
c = 0;
for (size_t j = 0; j < msg_1_MB_Minus_2.size(); ++j) {
msg_1_MB_Minus_2[j] = c++;
}
EXPECT_EQ(kEpidNoErr,
EcHash(this->efq, msg_1_MB_Minus_2.data(), msg_1_MB_Minus_2.size(),
kSha512, this->efq_r, &i));
G1ElemStr exp_1_MB_Minus_2 = {
0x96, 0x31, 0xc8, 0xf7, 0x63, 0x82, 0x4b, 0x69, 0xae, 0xcd, 0x7a,
0x54, 0xed, 0x66, 0x45, 0x22, 0xa1, 0xd3, 0x5a, 0x07, 0x56, 0xf4,
0xfb, 0x47, 0xc7, 0xdf, 0x07, 0xf7, 0x21, 0xfb, 0x77, 0x2b, 0x65,
0xe1, 0xa2, 0x2e, 0x3b, 0x1a, 0xc8, 0x62, 0x0b, 0xb8, 0xac, 0x32,
0x21, 0xce, 0xa1, 0x74, 0x50, 0x55, 0xc2, 0x03, 0x91, 0x35, 0x63,
0x25, 0x45, 0xb3, 0xc6, 0x3c, 0xe0, 0xe8, 0x74, 0xb4};
G1ElemStr res_1_MB_Minus_2;
THROW_ON_EPIDERR(WriteEcPoint(this->efq, this->efq_r, &res_1_MB_Minus_2,
sizeof(res_1_MB_Minus_2)));
EXPECT_EQ(exp_1_MB_Minus_2, res_1_MB_Minus_2);
i = 0;
std::vector<uint8_t> msg_102(102); // exactly 1 MB;
c = 0;
for (size_t j = 0; j < msg_102.size(); ++j) {
msg_102[j] = c++;
}
EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_102.data(), msg_102.size(),
kSha512, this->efq_r, &i));
G1ElemStr exp_102 = {
0x21, 0xf6, 0xb5, 0x2c, 0xbc, 0xb7, 0x90, 0x2b, 0x36, 0xe1, 0x43,
0xb6, 0xca, 0x66, 0x7e, 0x0a, 0x87, 0x66, 0x32, 0xe0, 0x70, 0x74,
0x2b, 0x20, 0x92, 0x8f, 0x8b, 0x3d, 0xd7, 0xe1, 0x95, 0xc7, 0xa9,
0x1b, 0x46, 0x94, 0xab, 0xfc, 0x59, 0x0e, 0x63, 0x9d, 0x42, 0x15,
0x85, 0xcb, 0x91, 0x12, 0xca, 0x19, 0x54, 0xa3, 0xe9, 0x77, 0xd0,
0x1b, 0x2a, 0x97, 0x1e, 0xd0, 0x59, 0x33, 0xe1, 0x1d};
G1ElemStr res_102;
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &res_102, sizeof(res_102)));
EXPECT_EQ(exp_102, res_102);
}
///////////////////////////////////////////////////////////////////////
// 1.1 EcHash
TEST_F(EcGroupTest, Epid11HashFailsGivenMismatchedArguments) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->efq2, msg, sizeof(msg), this->efq_r));
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->efq, msg, sizeof(msg), this->efq2_r));
}
TEST_F(EcGroupTest, Epid11HashFailsGivenNullPointer) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(nullptr, msg, sizeof(msg), this->epid11_G3_r));
EXPECT_EQ(kEpidBadArgErr, Epid11EcHash(this->epid11_G3, nullptr, sizeof(msg),
this->epid11_G3_r));
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->epid11_G3, msg, sizeof(msg), nullptr));
}
TEST_F(EcGroupTest, Epid11HashFailsGivenInvalidMsgLen) {
uint8_t const msg[] = {0};
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->epid11_G3, nullptr, 1, this->epid11_G3_r));
EXPECT_EQ(kEpidBadArgErr, Epid11EcHash(this->epid11_G3, msg,
std::numeric_limits<size_t>::max(),
this->epid11_G3_r));
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->epid11_G3, msg, (size_t)INT_MAX + 1,
this->epid11_G3_r));
#if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
EXPECT_EQ(kEpidBadArgErr,
Epid11EcHash(this->epid11_G3, msg, (size_t)0x100000001,
this->epid11_G3_r));
#endif
}
TEST_F(EcGroupTest, Epid11HashAcceptsZeroLengthMessage) {
EXPECT_EQ(kEpidNoErr,
Epid11EcHash(this->epid11_G3, "", 0, this->epid11_G3_r));
}
TEST_F(EcGroupTest, Epid11HashWorksGivenValidParameters) {
Epid11G3ElemStr r_str;
uint8_t const msg0[] = {'a', 'a', 'd'};
EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg0, sizeof(msg0),
this->epid11_G3_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
EXPECT_EQ(this->kAadHash, r_str);
uint8_t const msg1[] = {'b', 's', 'n', '0'};
EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg1, sizeof(msg1),
this->epid11_G3_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
EXPECT_EQ(this->kBsn0Hash, r_str);
uint8_t const msg2[] = {'t', 'e', 's', 't'};
EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg2, sizeof(msg2),
this->epid11_G3_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
EXPECT_EQ(this->kTestHash, r_str);
uint8_t const msg3[] = {'a', 'a', 'c'};
EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg3, sizeof(msg3),
this->epid11_G3_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
EXPECT_EQ(this->kAacHash, r_str);
}
///////////////////////////////////////////////////////////////////////
// EcMakePoint
TEST_F(EcGroupTest, MakePointFailsGivenArgumentsMismatch) {
FfElementObj fq2_a(&this->efq2_par->fq2);
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq2, this->fq_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, fq2_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq2, this->fq_a, this->efq2_r));
}
TEST_F(EcGroupTest, MakePointFailsGivenNullPointer) {
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(nullptr, this->fq_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, nullptr, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, this->fq_a, nullptr));
}
TEST_F(EcGroupTest, MakePointSucceedsGivenElement) {
Prng my_prng;
G1ElemStr efq_r_str;
// a pre-computed point in eqf
G1ElemStr efq_ref_str = {
{{0X1C, 0X53, 0X40, 0X69, 0X8B, 0X77, 0X75, 0XAA, 0X2B, 0X7D, 0X91,
0XD6, 0X29, 0X49, 0X05, 0X7F, 0XF6, 0X4C, 0X63, 0X90, 0X58, 0X22,
0X06, 0XF5, 0X1F, 0X3B, 0X9F, 0XA2, 0X04, 0X39, 0XA9, 0X67}},
{{0X3B, 0X65, 0X58, 0XAC, 0X97, 0X46, 0X47, 0XC9, 0X84, 0X57, 0X3F,
0XFA, 0X4F, 0XB0, 0X64, 0X8D, 0X48, 0XC8, 0X14, 0XEB, 0XF1, 0X94,
0X87, 0XDC, 0XB3, 0X73, 0X90, 0X1D, 0X75, 0XAD, 0XD5, 0X56}}};
// create a point with x == ref.x
FfElementObj elem(&this->fq, efq_ref_str.x);
EXPECT_EQ(kEpidNoErr, EcMakePoint(this->efq, elem, this->efq_r));
// check that the point matches ref
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(efq_ref_str, efq_r_str);
}
TEST_F(EcGroupTest, MakePointFailsGivenZeroElement) {
EXPECT_EQ(kEpidBadArgErr,
EcMakePoint(this->efq, FfElementObj(&this->fq), this->efq_r));
// EcMakePoint is only defined for G1
EXPECT_EQ(kEpidBadArgErr,
EcMakePoint(this->efq2, FfElementObj(&this->efq2_par->fq2),
this->efq2_r));
}
///////////////////////////////////////////////////////////////////////
// EcInverse
TEST_F(EcGroupTest, InverseFailsGivenArgumentsMismatch) {
EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq2, this->efq_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq2_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq_a, this->efq2_r));
}
TEST_F(EcGroupTest, InverseFailsGivenNullPointer) {
EXPECT_EQ(kEpidBadArgErr, EcInverse(nullptr, this->efq_a, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, nullptr, this->efq_r));
EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq_a, nullptr));
}
TEST_F(EcGroupTest, InverseSucceedsGivenIdentity) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcInverse(this->efq, this->efq_identity, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_identity_str, efq_r_str);
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr,
EcInverse(this->efq2, this->efq2_identity, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
}
TEST_F(EcGroupTest, InverseSucceedsGivenElement) {
G1ElemStr efq_r_str;
EXPECT_EQ(kEpidNoErr, EcInverse(this->efq, this->efq_a, this->efq_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
EXPECT_EQ(this->efq_inv_a_str, efq_r_str);
G2ElemStr efq2_r_str;
EXPECT_EQ(kEpidNoErr, EcInverse(this->efq2, this->efq2_a, this->efq2_r));
THROW_ON_EPIDERR(
WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
EXPECT_EQ(this->efq2_inv_a_str, efq2_r_str);
}
///////////////////////////////////////////////////////////////////////
// EcIsEqual
TEST_F(EcGroupTest, IsEqualFailsGivenArgumentsMismatch) {
bool result;
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq2, this->efq_a, this->efq_a, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq, this->efq2_a, this->efq_a, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq, this->efq_a, this->efq2_a, &result));
}
TEST_F(EcGroupTest, IsEqualFailsGivenNullPointer) {
bool result;
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(nullptr, this->efq_a, this->efq_a, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq, nullptr, this->efq_a, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq, this->efq_a, nullptr, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsEqual(this->efq, this->efq_a, this->efq_a, nullptr));
}
TEST_F(EcGroupTest, IsEqualCanCompareElementWithItself) {
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq, this->efq_a, this->efq_a, &result));
EXPECT_TRUE(result);
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq2, this->efq2_a, this->efq2_a, &result));
EXPECT_TRUE(result);
}
TEST_F(EcGroupTest, DifferentEFqElementsAreNotEqual) {
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq, this->efq_a, this->efq_b, &result));
EXPECT_FALSE(result);
}
TEST_F(EcGroupTest, SameEFqElementsAreEqual) {
THROW_ON_EPIDERR(ReadEcPoint(this->efq, &(this->efq_a_str),
sizeof(this->efq_a_str), this->efq_b));
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq, this->efq_a, this->efq_b, &result));
EXPECT_TRUE(result);
}
TEST_F(EcGroupTest, IsEqualCanCompareIdentityEFqElements) {
THROW_ON_EPIDERR(ReadEcPoint(this->efq, &(this->efq_identity_str),
sizeof(this->efq_identity_str), this->efq_b));
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq, this->efq_identity, this->efq_b, &result));
EXPECT_TRUE(result);
}
TEST_F(EcGroupTest, DifferentEFq2ElementsAreNotEqual) {
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq2, this->efq2_a, this->efq2_b, &result));
EXPECT_FALSE(result);
}
TEST_F(EcGroupTest, SameEFq2ElementsAreEqual) {
THROW_ON_EPIDERR(ReadEcPoint(this->efq2, &(this->efq2_a_str),
sizeof(this->efq2_a_str), this->efq2_b));
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq2, this->efq2_a, this->efq2_b, &result));
EXPECT_TRUE(result);
}
TEST_F(EcGroupTest, IsEqualCanCompareIdentityEFq2Elements) {
THROW_ON_EPIDERR(ReadEcPoint(this->efq2, &(this->efq2_identity_str),
sizeof(this->efq2_identity_str), this->efq2_b));
bool result;
ASSERT_EQ(kEpidNoErr,
EcIsEqual(this->efq2, this->efq2_identity, this->efq2_b, &result));
EXPECT_TRUE(result);
}
///////////////////////////////////////////////////////////////////////
// EcIsIdentity
TEST_F(EcGroupTest, IsIdentityFailsGivenArgumentsMismatch) {
bool result;
EXPECT_EQ(kEpidBadArgErr,
EcIsIdentity(this->efq2, this->efq_identity, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsIdentity(this->efq, this->efq2_identity, &result));
}
TEST_F(EcGroupTest, IsIdentityFailsGivenNullPointer) {
bool result;
EXPECT_EQ(kEpidBadArgErr, EcIsIdentity(nullptr, this->efq_identity, &result));
EXPECT_EQ(kEpidBadArgErr, EcIsIdentity(this->efq, nullptr, &result));
EXPECT_EQ(kEpidBadArgErr,
EcIsIdentity(this->efq, this->efq_identity, nullptr));
}
TEST_F(EcGroupTest, IsIdentityDetectsIdentityElement) {
bool result;
EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq, this->efq_identity, &result));
EXPECT_TRUE(result);
EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq2, this->efq2_identity, &result));
EXPECT_TRUE(result);
}
TEST_F(EcGroupTest, IsIdentityDetectsNonIdentityElement) {
bool result;
EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq, this->efq_a, &result));
EXPECT_FALSE(result);
EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq2, this->efq2_a, &result));
EXPECT_FALSE(result);
}
} // namespace