/* This file is part of libbrandt. * Copyright (C) 2016 GNUnet e.V. * * libbrandt is free software: you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation, either version 3 of the License, or (at your option) any later * version. * * libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR * A PARTICULAR PURPOSE. See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along with * libbrandt. If not, see . */ /** * @file test_crypto.c * @brief testing crypto and smc functions. * @author Markus Teich */ #include "brandt_config.h" /* For testing static functions and variables we include the whole source */ #include "crypto.c" #include "brandt.h" #include "crypto.h" #include "test.h" static uint16_t bidders; static uint16_t prizes; static struct BRANDT_Auction *ad; int test_smc_2d_array () { gcry_mpi_point_t **array; uint16_t size1 = 3; uint16_t size2 = 7; uint16_t i, j; array = smc_init2 (size1, size2); check (array, "memory allocation failed"); for (i = 0; i < size1; i++) for (j = 0; j < size2; j++) check (array[i][j], "point has not been initialized"); smc_free2 (array, size1, size2); return 1; } int test_smc_3d_array () { gcry_mpi_point_t ***array; uint16_t size1 = 3; uint16_t size2 = 7; uint16_t size3 = 11; uint16_t i, j, k; array = smc_init3 (size1, size2, size3); check (array, "memory allocation failed"); for (i = 0; i < size1; i++) for (j = 0; j < size2; j++) for (k = 0; k < size3; k++) check (array[i][j][k], "point has not been initialized"); smc_free3 (array, size1, size2, size3); return 1; } int test_serialization () { gcry_mpi_point_t oldp = gcry_mpi_point_new (0); gcry_mpi_point_t newp = gcry_mpi_point_new (0); gcry_mpi_t oldi = gcry_mpi_new (256); gcry_mpi_t newi = gcry_mpi_new (256); struct ec_mpi serp; struct ec_mpi seri; ec_keypair_create (oldp, oldi); ec_point_serialize (&serp, oldp); mpi_serialize (&seri, oldi); ec_point_parse (newp, &serp); mpi_parse (newi, &seri); check (!ec_point_cmp (oldp, newp), "serialization changed point"); check (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi"); mpi_serialize (&seri, GCRYMPI_CONST_ONE); mpi_parse (newi, &seri); check (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail"); gcry_mpi_point_release (oldp); gcry_mpi_point_release (newp); gcry_mpi_release (oldi); gcry_mpi_release (newi); return 1; } int test_smc_zkp_dl () { struct proof_dl proof; gcry_mpi_t x = gcry_mpi_new (256); gcry_mpi_point_t v = gcry_mpi_point_new (0); ec_skey_create (x); smc_zkp_dl (v, x, &proof); check (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); check (!smc_zkp_dl_check (v, &proof), "zkp dl wrong"); gcry_mpi_release (x); gcry_mpi_point_release (v); return 1; } int test_smc_zkp_2dle () { struct proof_2dle proof; gcry_mpi_t x = gcry_mpi_new (256); gcry_mpi_point_t g1 = gcry_mpi_point_new (0); gcry_mpi_point_t g2 = gcry_mpi_point_new (0); gcry_mpi_point_t v = gcry_mpi_point_new (0); gcry_mpi_point_t w = gcry_mpi_point_new (0); ec_keypair_create (g1, x); ec_keypair_create (g2, x); smc_zkp_2dle (v, w, g1, g2, x, &proof); check (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve"); check (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve"); check (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve"); check (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve"); check (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong"); gcry_mpi_release (x); gcry_mpi_point_release (g1); gcry_mpi_point_release (g2); gcry_mpi_point_release (v); gcry_mpi_point_release (w); return 1; } int test_smc_zkp_0og () { struct proof_0og proof; gcry_mpi_point_t y = gcry_mpi_point_new (0); gcry_mpi_point_t alpha = gcry_mpi_point_new (0); gcry_mpi_point_t beta = gcry_mpi_point_new (0); /* get random public key point. We don't need the secret key to check the * proof here */ ec_keypair_create (y, NULL); smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof); check (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve"); check (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve"); check (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong"); gcry_mpi_point_release (y); gcry_mpi_point_release (alpha); gcry_mpi_point_release (beta); return 1; } static int test_setup_auction_data () { uint16_t i; ad = GNUNET_new_array (bidders, struct BRANDT_Auction); for (i = 0; i < bidders; i++) { ad[i].n = bidders; ad[i].i = i; ad[i].k = prizes; ad[i].b = 2 * i; } return 1; } int test_prologue () { uint16_t i, s; unsigned char *bufs[bidders]; size_t lens[bidders]; for (i = 0; i < bidders; i++) { bufs[i] = smc_gen_keyshare (&ad[i], &lens[i]); check (bufs[i], "failed to gen keyshare"); } for (i = 0; i < bidders; i++) { for (s = 0; s < bidders; s++) { if (s == i) continue; check (smc_recv_keyshare (&ad[i], bufs[s], lens[s], s), "failed checking keyshare"); } } for (i = 0; i < bidders; i++) free (bufs[i]); return 1; } int test_round1 () { uint16_t i, s; unsigned char *bufs[bidders]; size_t lens[bidders]; for (i = 0; i < bidders; i++) { bufs[i] = smc_encrypt_bid (&ad[i], &lens[i]); check (bufs[i], "failed to encrypt bid"); } for (i = 0; i < bidders; i++) { for (s = 0; s < bidders; s++) { if (s == i) continue; check (smc_recv_encrypted_bid (&ad[i], bufs[s], lens[s], s), "failed checking encrypted bid"); } } for (i = 0; i < bidders; i++) free (bufs[i]); return 1; } int test_round2 () { uint16_t i, s; unsigned char *bufs[bidders]; size_t lens[bidders]; for (i = 0; i < bidders; i++) { bufs[i] = fp_priv_compute_outcome (&ad[i], &lens[i]); check (bufs[i], "failed to compute outcome"); } for (i = 0; i < bidders; i++) { for (s = 0; s < bidders; s++) { if (s == i) continue; check (fp_priv_recv_outcome (&ad[i], bufs[s], lens[s], s), "failed checking outcome"); } } for (i = 0; i < bidders; i++) free (bufs[i]); return 1; } static int test_round3 () { uint16_t i, s; unsigned char *bufs[bidders]; size_t lens[bidders]; for (i = 0; i < bidders; i++) { bufs[i] = fp_priv_decrypt_outcome (&ad[i], &lens[i]); check (bufs[i], "failed to decrypt outcome"); } for (i = 0; i < bidders; i++) { for (s = 0; s < bidders; s++) { if (s == i) continue; check (fp_priv_recv_decryption (&ad[i], bufs[s], lens[s], s), "failed checking decrypted outcome"); } } for (i = 0; i < bidders; i++) free (bufs[i]); return 1; } static int test_outcome () { int32_t ret = -1; for (uint16_t i = 0; i < ad->n; i++) { if (-1 != fp_priv_determine_outcome (&ad[i])) { check (-1 == ret, "multiple winners detected"); ret = i; } } check (-1 != ret, "no winner detected"); fputs ("winner detected", stderr); return 1; } static void cleanup_auction_data () { for (uint16_t i = 0; i < bidders; i++) { gcry_mpi_point_release (ad[i].Y); gcry_mpi_release (ad[i].x); smc_free1 (ad[i].y, ad[i].n); smc_free2 (ad[i].alpha, ad[i].n, ad[i].k); smc_free2 (ad[i].beta, ad[i].n, ad[i].k); smc_free2 (ad[i].gamma2, ad[i].n, ad[i].k); smc_free2 (ad[i].delta2, ad[i].n, ad[i].k); smc_free2 (ad[i].phi2, ad[i].n, ad[i].k); smc_free3 (ad[i].gamma3, ad[i].n, ad[i].n, ad[i].k); smc_free3 (ad[i].delta3, ad[i].n, ad[i].n, ad[i].k); smc_free3 (ad[i].phi3, ad[i].n, ad[i].n, ad[i].k); smc_free1 (ad[i].tmpa1, ad[i].k); smc_free1 (ad[i].tmpb1, ad[i].k); } free (ad); } static void ending (void *arg) { printf ("Good bye!!\n"); } static void world (void *arg) { printf ("World!\n"); GNUNET_SCHEDULER_shutdown (); } static void hello (void *arg) { printf ("Hello\n"); GNUNET_SCHEDULER_add_shutdown (&ending, NULL); GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS, &world, NULL); } int main (int argc, char *argv[]) { int repeat = 1; struct GNUNET_CRYPTO_EccDlogContext *edc; bidders = 2; prizes = 2 * bidders; GNUNET_SCHEDULER_run (&hello, NULL); edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16); BRANDT_init (edc); /* tests that need to run only once */ run (test_smc_2d_array); run (test_smc_3d_array); for (tests_run = 0; tests_run < repeat; tests_run++) { run (test_serialization); run (test_smc_zkp_dl); run (test_smc_zkp_2dle); run (test_smc_zkp_0og); run (test_setup_auction_data); run (test_prologue); run (test_round1); run (test_round2); run (test_round3); run (test_outcome); cleanup_auction_data (); } GNUNET_CRYPTO_ecc_dlog_release (edc); return ret; }