diff --git a/src/lib_bls12_381/test/test_ec_make.ml b/src/lib_bls12_381/test/test_ec_make.ml index 7aeae021402c145454c1ed0c0530c81b817ce5ba..49bb5cc6e7a6ba8dbb42659bf00e28f3e8aace37 100644 --- a/src/lib_bls12_381/test/test_ec_make.ml +++ b/src/lib_bls12_381/test/test_ec_make.ml @@ -526,6 +526,115 @@ module MakeECProperties (G : Bls12_381.CURVE) = struct let xs = List.init n (fun _ -> G.random ()) in assert (G.(eq (List.fold_left G.add G.zero xs) (G.add_bulk xs))) + let test_affine_add_bulk_single () = + let p = G.random () in + let xs_affine = G.to_affine_array [|p|] in + assert (G.(eq p (affine_add_bulk xs_affine))) + + let test_affine_add_bulk_double () = + let p = G.random () in + let xs_affine = G.to_affine_array [|p; p|] in + assert (G.(eq (double p) (affine_add_bulk xs_affine))) + + let test_affine_add_bulk_add () = + let p1 = G.random () in + let p2 = G.random () in + let xs_affine = G.to_affine_array [|p1; p2|] in + assert (G.(eq (add p1 p2) (affine_add_bulk xs_affine))) + + let test_affine_add_bulk_zero () = + let p = G.random () in + let xs_affine = G.to_affine_array [|p; G.zero|] in + assert (G.(eq p (affine_add_bulk xs_affine))) + + let test_affine_add_bulk_negate () = + let p1 = G.random () in + let p2 = G.negate p1 in + let xs_affine = G.to_affine_array [|p1; p2|] in + assert (G.(eq zero (affine_add_bulk xs_affine))) + + let test_affine_add_bulk_commutativity () = + let p1 = G.random () in + let p2 = G.random () in + assert ( + G.( + eq + (affine_add_bulk (to_affine_array [|p1; p2|])) + (affine_add_bulk (to_affine_array [|p2; p1|])))) + + let test_pippenger_with_affine_array_single () = + let s = G.Scalar.random () in + let p = G.random () in + let xs_affine = G.to_affine_array [|p|] in + let scalars = [|s|] in + assert (G.(eq (mul p s) (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_double () = + let s = G.Scalar.random () in + let p = G.random () in + let xs_affine = G.to_affine_array [|p; p|] in + let scalars = [|s; s|] in + assert ( + G.(eq (double (mul p s)) (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_double_diff_coeff () = + let s1 = G.Scalar.random () in + let s2 = G.Scalar.random () in + let p = G.random () in + let xs_affine = G.to_affine_array [|p; p|] in + let scalars = [|s1; s2|] in + assert ( + G.( + eq + (add (mul p s1) (mul p s2)) + (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_add () = + let s1 = G.Scalar.random () in + let p1 = G.random () in + let s2 = G.Scalar.random () in + let p2 = G.random () in + let xs_affine = G.to_affine_array [|p1; p2|] in + let scalars = [|s1; s2|] in + assert ( + G.( + eq + (add (mul p1 s1) (mul p2 s2)) + (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_zero () = + let s = G.Scalar.random () in + let p = G.random () in + let xs_affine = G.to_affine_array [|p; G.zero|] in + let scalars = G.Scalar.[|s; one|] in + assert (G.(eq (mul p s) (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_negate () = + let p1 = G.random () in + let p2 = G.negate p1 in + let xs_affine = G.to_affine_array [|p1; p2|] in + let scalars = G.Scalar.[|one; one|] in + assert (G.(eq zero (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_coeff_zero () = + let s1 = G.Scalar.random () in + let p1 = G.random () in + let p2 = G.random () in + let xs_affine = G.to_affine_array [|p1; p2|] in + let scalars = [|s1; G.Scalar.zero|] in + assert (G.(eq (mul p1 s1) (pippenger_with_affine_array xs_affine scalars))) + + let test_pippenger_with_affine_array_commutativity () = + let s1 = G.Scalar.random () in + let p1 = G.random () in + let s2 = G.Scalar.random () in + let p2 = G.random () in + assert ( + G.( + eq + (pippenger_with_affine_array (to_affine_array [|p2; p1|]) [|s2; s1|]) + (pippenger_with_affine_array (to_affine_array [|p1; p2|]) [|s1; s2|]))) + (** Returns the tests to be used with Alcotest *) let get_tests () = let open Alcotest in @@ -535,6 +644,62 @@ module MakeECProperties (G : Bls12_381.CURVE) = struct test_case "check_bytes_zero" `Quick (repeat 1 check_bytes_zero); test_case "check_bytes_one" `Quick (repeat 1 check_bytes_one); test_case "bulk add" `Quick (repeat 100 test_bulk_add); + test_case + "affine add bulk with a single element" + `Quick + (repeat 100 test_affine_add_bulk_single); + test_case + "affine add bulk is double" + `Quick + (repeat 100 test_affine_add_bulk_double); + test_case + "affine add bulk is add" + `Quick + (repeat 100 test_affine_add_bulk_add); + test_case + "affine add bulk with zero" + `Quick + (repeat 100 test_affine_add_bulk_zero); + test_case + "affine add bulk is zero" + `Quick + (repeat 100 test_affine_add_bulk_negate); + test_case + "affine add bulk is commutative" + `Quick + (repeat 100 test_affine_add_bulk_commutativity); + test_case + "pippenger with a single element" + `Quick + (repeat 100 test_pippenger_with_affine_array_single); + test_case + "pippenger is double" + `Quick + (repeat 100 test_pippenger_with_affine_array_double); + test_case + "pippenger is double with different coefficients" + `Quick + (repeat 100 test_pippenger_with_affine_array_double_diff_coeff); + test_case + "pippenger is add" + `Quick + (repeat 100 test_pippenger_with_affine_array_add); + test_case + "pippenger with zero" + `Quick + (repeat 100 test_pippenger_with_affine_array_zero); + test_case + "pippenger is zero" + `Quick + (repeat 100 test_pippenger_with_affine_array_negate); + test_case + "pippenger with coefficient zero" + `Quick + (repeat 100 test_pippenger_with_affine_array_coeff_zero); + test_case + "pippenger is commutative" + `Quick + (repeat 100 test_pippenger_with_affine_array_commutativity); test_case "check_bytes_random_double" `Quick diff --git a/src/lib_bls12_381_signature/test/test_aggregated_signature.ml b/src/lib_bls12_381_signature/test/test_aggregated_signature.ml index 216ea1ee190243f028079d04a60263fff87bd55b..991e77038f4171578234171f9d7e6a8b45642057 100644 --- a/src/lib_bls12_381_signature/test/test_aggregated_signature.ml +++ b/src/lib_bls12_381_signature/test/test_aggregated_signature.ml @@ -133,20 +133,20 @@ struct ( Printf.sprintf "Properties for %s" Scheme.name, [ test_case - "Sign and verify corret signature with correct pks and msgs" + "Sign and verify correct signature with correct pks and msgs" `Quick (Utils.repeat 10 test_sign_and_verify_correct_signature_with_correct_pks_and_msgs); test_case - "Sign and verify corret signature with correct pks and some \ + "Sign and verify correct signature with correct pks and some \ incorrect msgs" `Quick (Utils.repeat 10 test_sign_and_verify_correct_signature_with_correct_pks_and_some_incorrect_msgs); test_case - "Sign and verify corret signature with some incorrect pks and \ + "Sign and verify correct signature with some incorrect pks and \ correct msgs" `Quick (Utils.repeat diff --git a/src/lib_bls12_381_signature/test/test_signature.ml b/src/lib_bls12_381_signature/test/test_signature.ml index 007d8417c5706f33030713bd32e65ea858673fc6..6c820cce0f3c6d9af60fec36e6b933b59ead0f32 100644 --- a/src/lib_bls12_381_signature/test/test_signature.ml +++ b/src/lib_bls12_381_signature/test/test_signature.ml @@ -485,7 +485,6 @@ struct let ikm = generate_random_bytes 32 in let sk = Bls12_381_signature.generate_sk ikm in let pk = SignatureM.derive_pk sk in - (* sign a random message *) let proof = SignatureM.Pop.pop_prove sk in assert (SignatureM.Pop.pop_verify pk proof) @@ -494,7 +493,6 @@ struct let ikm' = generate_random_bytes 32 in let sk = Bls12_381_signature.generate_sk ikm in let pk' = SignatureM.(derive_pk (Bls12_381_signature.generate_sk ikm')) in - (* sign a random message *) let proof = SignatureM.Pop.pop_prove sk in assert (not (SignatureM.Pop.pop_verify pk' proof)) @@ -504,6 +502,46 @@ struct let proof = generate_random_bytes (PkGroup.size_in_bytes / 2) in assert (not (SignatureM.Pop.pop_verify pk proof)) + let test_pop_verify_with_override_pk () = + let ikm = generate_random_bytes 32 in + let sk = Bls12_381_signature.generate_sk ikm in + let pk = SignatureM.derive_pk sk in + let ikm' = generate_random_bytes 32 in + let sk' = Bls12_381_signature.generate_sk ikm' in + let pk' = SignatureM.derive_pk sk' in + let proof = SignatureM.Pop.pop_prove sk ~msg:pk' in + assert (SignatureM.Pop.pop_verify pk ~msg:pk' proof) + + let test_pop_verify_with_incorrect_override_pk () = + let ikm = generate_random_bytes 32 in + let sk = Bls12_381_signature.generate_sk ikm in + let pk = SignatureM.derive_pk sk in + let ikm' = generate_random_bytes 32 in + let sk' = Bls12_381_signature.generate_sk ikm' in + let pk' = SignatureM.derive_pk sk' in + let proof = SignatureM.Pop.pop_prove sk ~msg:pk' in + assert (not (SignatureM.Pop.pop_verify pk proof)) + + let test_pop_sig_verify_does_not_accept_aug_signature () = + let ikm = generate_random_bytes 32 in + let sk = Bls12_381_signature.generate_sk ikm in + let pk = SignatureM.derive_pk sk in + (* sign a random message *) + let msg_length = 1 + Random.int 512 in + let msg = generate_random_bytes msg_length in + let signature = SignatureM.Aug.sign sk msg in + assert (not (SignatureM.Pop.verify pk msg signature)) + + let test_pop_verify_does_not_accept_signature_of_pk () = + let ikm = generate_random_bytes 32 in + let sk = Bls12_381_signature.generate_sk ikm in + let pk = SignatureM.derive_pk sk in + let proof = + SignatureM.Pop.sign sk (SignatureM.pk_to_bytes pk) + |> SignatureM.signature_to_bytes + in + assert (not (SignatureM.Pop.pop_verify pk proof)) + module MakeProperties (Scheme : sig val test_vector_filenames : string list @@ -635,15 +673,22 @@ struct let sk = Bls12_381_signature.generate_sk ikm in let expected_result = Hex.(to_bytes (`Hex expected_result_str)) in let res = Scheme.sign sk msg in - let res = SignatureM.signature_to_bytes res in - if not @@ Bytes.equal res expected_result then + let res_bytes = SignatureM.signature_to_bytes res in + if not @@ Bytes.equal res_bytes expected_result then Alcotest.failf "Expected result is %s on input %s with ikm %s, but computed \ %s" Hex.(show (Hex.of_bytes expected_result)) msg_str ikm_str - Hex.(show (Hex.of_bytes res))) + Hex.(show (Hex.of_bytes res_bytes)) ; + let pk = SignatureM.derive_pk sk in + if not @@ Scheme.verify pk msg res then + Alcotest.failf + "Expected valid signature %s on input %s with ikm %s" + Hex.(show (Hex.of_bytes res_bytes)) + msg_str + ikm_str) contents in List.iter (fun filename -> aux filename) Scheme.test_vector_filenames @@ -727,7 +772,7 @@ struct let verify = SignatureM.Pop.verify end) - let test_pop_g2_from_blst_sigs_ref_files () = + let test_pop_from_blst_sigs_ref_files () = let aux filename = let contents = read_file filename in List.iter @@ -747,7 +792,13 @@ struct "Expected result is %s with ikm %s, but computed %s" exp_result_str ikm_str - Hex.(show (Hex.of_bytes res))) + Hex.(show (Hex.of_bytes res)) ; + let pk = SignatureM.derive_pk sk in + if not @@ SignatureM.Pop.pop_verify pk res then + Alcotest.failf + "Expected valid proof %s with ikm %s" + Hex.(show (Hex.of_bytes res)) + ikm_str) contents in List.iter (fun filename -> aux filename) MISC.pop_filenames @@ -839,7 +890,7 @@ struct test_pk_to_bytes_of_bytes_exn_are_inverse_functions_on_valid_inputs); test_case "unsafe_pk_of_bytes and pk_to_bytes are inverse functions on any \ - valid input" + input" `Quick (Utils.repeat 10 @@ -933,7 +984,7 @@ struct test_signature_to_bytes_of_bytes_exn_are_inverse_functions_on_valid_inputs); test_case "unsafe_signature_of_bytes and signature_to_bytes are inverse \ - functions on any valid input" + functions on any input" `Quick (Utils.repeat 10 @@ -959,9 +1010,9 @@ struct ( "Proof of possession proof/verify properties and test vectors", [ test_case - "Pop G2 from file" + "Pop test vectors from file" `Quick - test_pop_g2_from_blst_sigs_ref_files; + test_pop_from_blst_sigs_ref_files; test_case "Prove and verify with correct keys" `Quick @@ -974,6 +1025,22 @@ struct "Verify random proof" `Quick (Utils.repeat 10 test_pop_verify_random_proof); + test_case + "Prove and verify with override pk" + `Quick + (Utils.repeat 10 test_pop_verify_with_override_pk); + test_case + "Prove and verify with incorrect override pk" + `Quick + (Utils.repeat 10 test_pop_verify_with_incorrect_override_pk); + test_case + "Signature verify does not accept Aug signature" + `Quick + (Utils.repeat 10 test_pop_sig_verify_does_not_accept_aug_signature); + test_case + "Verify does not accept signature of pk" + `Quick + (Utils.repeat 10 test_pop_verify_does_not_accept_signature_of_pk); ] ); ] end