libbrandt/test_crypto.c

/* This file is part of libbrandt.
 * Copyright (C) 2016 GNUnet e.V.
 *
 * libbrandt is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation, either version 3 of the License, or (at your option) any later
 * version.
 *
 * libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * libbrandt.  If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * @file test_crypto.c
 * @brief testing crypto and smc functions.
 * @author Markus Teich
 */

#include "platform.h"

/* For testing static functions and variables we include the whole source */
#include "crypto.c"

#include "test.h"


static uint16_t              bidders;
static uint16_t              prizes;
static struct BRANDT_Auction *ad;

static int
test_smc_2d_array ()
{
	gcry_mpi_point_t **array;
	uint16_t         size1 = 3;
	uint16_t         size2 = 7;
	uint16_t         i, j;

	array = smc_init2 (size1, size2);
	CHECK (array, "memory allocation failed");

	for (i = 0; i < size1; i++)
		for (j = 0; j < size2; j++)
			CHECK (array[i][j], "point has not been initialized");

	smc_free2 (array, size1, size2);
	return 1;
}


static int
test_smc_3d_array ()
{
	gcry_mpi_point_t ***array;
	uint16_t         size1 = 3;
	uint16_t         size2 = 7;
	uint16_t         size3 = 11;
	uint16_t         i, j, k;

	array = smc_init3 (size1, size2, size3);
	CHECK (array, "memory allocation failed");

	for (i = 0; i < size1; i++)
		for (j = 0; j < size2; j++)
			for (k = 0; k < size3; k++)
				CHECK (array[i][j][k], "point has not been initialized");

	smc_free3 (array, size1, size2, size3);
	return 1;
}


static int
test_serialization ()
{
	gcry_mpi_point_t oldp = gcry_mpi_point_new (0);
	gcry_mpi_point_t newp = gcry_mpi_point_new (0);
	gcry_mpi_t       oldi = gcry_mpi_new (256);
	gcry_mpi_t       newi = gcry_mpi_new (256);
	struct ec_mpi    serp;
	struct ec_mpi    seri;

	ec_keypair_create (oldp, oldi);

	ec_point_serialize (&serp, oldp);
	mpi_serialize (&seri, oldi);

	ec_point_parse (newp, &serp);
	mpi_parse (newi, &seri);

	CHECK (!ec_point_cmp (oldp, newp), "serialization changed point");
	CHECK (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi");

	mpi_serialize (&seri, GCRYMPI_CONST_ONE);
	mpi_parse (newi, &seri);
	CHECK (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail");

	gcry_mpi_point_release (oldp);
	gcry_mpi_point_release (newp);
	gcry_mpi_release (oldi);
	gcry_mpi_release (newi);
	return 1;
}


static int
test_smc_zkp_dl ()
{
	struct proof_dl  proof;
	gcry_mpi_t       x = gcry_mpi_new (256);
	gcry_mpi_point_t v = gcry_mpi_point_new (0);

	ec_skey_create (x);

	smc_zkp_dl (v, x, &proof);
	CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
	CHECK (!smc_zkp_dl_check (v, &proof), "zkp dl wrong");

	gcry_mpi_release (x);
	gcry_mpi_point_release (v);
	return 1;
}


static int
test_smc_zkp_2dle ()
{
	struct proof_2dle proof;
	gcry_mpi_t        x = gcry_mpi_new (256);
	gcry_mpi_point_t  g1 = gcry_mpi_point_new (0);
	gcry_mpi_point_t  g2 = gcry_mpi_point_new (0);
	gcry_mpi_point_t  v = gcry_mpi_point_new (0);
	gcry_mpi_point_t  w = gcry_mpi_point_new (0);

	ec_keypair_create (g1, x);
	ec_keypair_create (g2, x);

	smc_zkp_2dle (v, w, g1, g2, x, &proof);
	CHECK (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve");
	CHECK (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve");
	CHECK (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
	CHECK (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve");
	CHECK (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong");

	gcry_mpi_release (x);
	gcry_mpi_point_release (g1);
	gcry_mpi_point_release (g2);
	gcry_mpi_point_release (v);
	gcry_mpi_point_release (w);
	return 1;
}


static int
test_smc_zkp_0og ()
{
	struct proof_0og proof;
	gcry_mpi_point_t y = gcry_mpi_point_new (0);
	gcry_mpi_point_t alpha = gcry_mpi_point_new (0);
	gcry_mpi_point_t beta = gcry_mpi_point_new (0);

	/* get random public key point. We don't need the secret key to check the
	 * proof here */
	ec_keypair_create (y, NULL);

	smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof);
	CHECK (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve");
	CHECK (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve");
	CHECK (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong");

	gcry_mpi_point_release (y);
	gcry_mpi_point_release (alpha);
	gcry_mpi_point_release (beta);
	return 1;
}


static int
test_setup_auction_data ()
{
	uint16_t i;

	ad = GNUNET_new_array (bidders, struct BRANDT_Auction);

	for (i = 0; i < bidders; i++)
	{
		ad[i].n = bidders;
		ad[i].i = i;
		ad[i].k = prizes;
		ad[i].b = 2 * i;
	}
	return 1;
}


/**
 * compute round @a index of the protocol specified by @a type and @a oc
 *
 * @param[in] type auction type
 * @param[in] oc outcome type
 * @param[in] index round index
 */
#define ROUND(type, oc, index) do { \
		for (uint16_t i = 0; i < bidders; i++) \
		{ \
			handler_prep[type][oc][index] (&ad[i]); \
			bufs[i] = handler_out[type][oc][index] (&ad[i], &lens[i]); \
			CHECK (bufs[i], "failed to gen message buffer"); \
		} \
 \
		for (uint16_t i = 0; i < bidders; i++) \
		{ \
			/* enable seller mode for receiving decryption messages */ \
			if (msg_decrypt == index) \
				ad[i].seller_mode = 1; \
			for (uint16_t s = 0; s < bidders; s++) \
			{ \
				if (s == i) \
					continue; \
				CHECK (handler_in[type][oc][index] (&ad[i], \
				                                    bufs[s] + \
				                                    sizeof (struct msg_head), \
				                                    lens[s] - \
				                                    sizeof (struct msg_head), \
				                                    s), \
				       "failed to parse message buffer"); \
			} \
			/* disable seller mode again */ \
			if (msg_decrypt == index) \
				ad[i].seller_mode = 0; \
		} \
 \
		for (uint16_t i = 0; i < bidders; i++) \
			free (bufs[i]); \
} while (0)


static int
test_auction (enum auction_type atype, enum outcome_type oc)
{
	unsigned char *bufs[bidders];
	size_t        lens[bidders];
	int32_t       winner = -1;
	int32_t       price = -1;

	weprintf ("testing auction type %d and outcome format %d...", atype, oc);
	ROUND (atype, oc, msg_init);
	ROUND (atype, oc, msg_bid);
	ROUND (atype, oc, msg_outcome);
	ROUND (atype, oc, msg_decrypt);

	/* outcome */
	for (uint16_t i = 0; i < ad->n; i++)
	{
		struct BRANDT_Result *res;
		uint16_t             reslen;

		res = handler_res[atype][oc] (&ad[i], &reslen);
		if (res && -1 == price && -1 != res->price)
			price = res->price;
		if (res)
			weprintf ("price: %d", res->price);
		CHECK (!res || res->price == price, "different prices detected");
		if (res && -1 == winner && -1 != res->bidder)
			winner = res->bidder;
		CHECK (!res || res->bidder == winner, "different winners detected");
	}

	CHECK (-1 != winner, "no winner detected");
	CHECK (-1 != price, "no price detected");
	fputs ("good: one winner detected\n", stderr);
	return 1;
}


static void
cleanup_auction_data ()
{
	for (uint16_t i = 0; i < bidders; i++)
	{
		gcry_mpi_point_release (ad[i].Y);
		gcry_mpi_release (ad[i].x);
		smc_free1 (ad[i].y, ad[i].n);
		smc_free2 (ad[i].alpha, ad[i].n, ad[i].k);
		smc_free2 (ad[i].beta, ad[i].n, ad[i].k);
		smc_free2 (ad[i].gamma2, ad[i].n, ad[i].k);
		smc_free2 (ad[i].delta2, ad[i].n, ad[i].k);
		smc_free2 (ad[i].phi2, ad[i].n, ad[i].k);
		smc_free3 (ad[i].gamma3, ad[i].n, ad[i].n, ad[i].k);
		smc_free3 (ad[i].delta3, ad[i].n, ad[i].n, ad[i].k);
		smc_free3 (ad[i].phi3, ad[i].n, ad[i].n, ad[i].k);
		smc_free1 (ad[i].tmpa1, ad[i].k);
		smc_free1 (ad[i].tmpb1, ad[i].k);
	}
	free (ad);
}


static int
test_all_auctions ()
{
	for (size_t atype = 0; atype < auction_last; atype++)
	{
		if (auction_firstPrice != atype) /* others not yet implemented */
			continue;

		for (size_t oc = 0; oc < outcome_last; oc++)
		{
			if (!test_setup_auction_data () || !test_auction (atype, oc))
			{
				cleanup_auction_data ();
				return 0;
			}
			cleanup_auction_data ();
		}
	}

	return 1;
}


int
main (int argc, char *argv[])
{
	int                                 repeat = 1;
	struct GNUNET_CRYPTO_EccDlogContext *edc;

	bidders = 3;
	prizes = 6;

	edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
	BRANDT_init (edc);

	/* tests that need to run only once */
	RUN (test_smc_2d_array);
	RUN (test_smc_3d_array);
	RUN (test_serialization);

	for (tests_run = 0; tests_run < repeat; tests_run++)
	{
		RUN (test_smc_zkp_dl);
		RUN (test_smc_zkp_2dle);
		RUN (test_smc_zkp_0og);
	}

	RUN (test_all_auctions);

	GNUNET_CRYPTO_ecc_dlog_release (edc);
	return ret;
}