libbrandt/test_crypto.c

/* This file is part of libbrandt.
 * Copyright (C) 2016 GNUnet e.V.
 *
 * libbrandt is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation, either version 3 of the License, or (at your option) any later
 * version.
 *
 * libbrandt is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * libbrandt.  If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * @file test_crypto.c
 * @brief testing crypto and smc functions.
 * @author Markus Teich
 */

#include "brandt_config.h"

/* For testing static functions and variables we include the whole source */
#include "crypto.c"

#include "brandt.h"
#include "crypto.h"
#include "test.h"


static uint16_t           bidders;
static uint16_t           prizes;
static struct BRANDT_Auction *ad;

int
test_smc_2d_array ()
{
	gcry_mpi_point_t **array;
	uint16_t         size1 = 3;
	uint16_t         size2 = 7;
	uint16_t         i, j;

	array = smc_init2 (size1, size2);
	check (array, "memory allocation failed");

	for (i = 0; i < size1; i++)
		for (j = 0; j < size2; j++)
			check (array[i][j], "point has not been initialized");

	smc_free2 (array, size1, size2);
	return 1;
}


int
test_smc_3d_array ()
{
	gcry_mpi_point_t ***array;
	uint16_t         size1 = 3;
	uint16_t         size2 = 7;
	uint16_t         size3 = 11;
	uint16_t         i, j, k;

	array = smc_init3 (size1, size2, size3);
	check (array, "memory allocation failed");

	for (i = 0; i < size1; i++)
		for (j = 0; j < size2; j++)
			for (k = 0; k < size3; k++)
				check (array[i][j][k], "point has not been initialized");

	smc_free3 (array, size1, size2, size3);
	return 1;
}


int
test_serialization ()
{
	gcry_mpi_point_t oldp = gcry_mpi_point_new (0);
	gcry_mpi_point_t newp = gcry_mpi_point_new (0);
	gcry_mpi_t       oldi = gcry_mpi_new (256);
	gcry_mpi_t       newi = gcry_mpi_new (256);
	struct ec_mpi    serp;
	struct ec_mpi    seri;

	ec_keypair_create (oldp, oldi);

	ec_point_serialize (&serp, oldp);
	mpi_serialize (&seri, oldi);

	ec_point_parse (newp, &serp);
	mpi_parse (newi, &seri);

	check (!ec_point_cmp (oldp, newp), "serialization changed point");
	check (!gcry_mpi_cmp (oldi, newi), "serialization changed mpi");

	mpi_serialize (&seri, GCRYMPI_CONST_ONE);
	mpi_parse (newi, &seri);
	check (!gcry_mpi_cmp (GCRYMPI_CONST_ONE, newi), "serializing mpi 1 fail");

	gcry_mpi_point_release (oldp);
	gcry_mpi_point_release (newp);
	gcry_mpi_release (oldi);
	gcry_mpi_release (newi);
	return 1;
}


int
test_smc_zkp_dl ()
{
	struct proof_dl  proof;
	gcry_mpi_t       x = gcry_mpi_new (256);
	gcry_mpi_point_t v = gcry_mpi_point_new (0);

	ec_skey_create (x);

	smc_zkp_dl (v, x, &proof);
	check (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
	check (!smc_zkp_dl_check (v, &proof), "zkp dl wrong");

	gcry_mpi_release (x);
	gcry_mpi_point_release (v);
	return 1;
}


int
test_smc_zkp_2dle ()
{
	struct proof_2dle proof;
	gcry_mpi_t        x = gcry_mpi_new (256);
	gcry_mpi_point_t  g1 = gcry_mpi_point_new (0);
	gcry_mpi_point_t  g2 = gcry_mpi_point_new (0);
	gcry_mpi_point_t  v = gcry_mpi_point_new (0);
	gcry_mpi_point_t  w = gcry_mpi_point_new (0);

	ec_keypair_create (g1, x);
	ec_keypair_create (g2, x);

	smc_zkp_2dle (v, w, g1, g2, x, &proof);
	check (gcry_mpi_ec_curve_point (g1, ec_ctx), "not on curve");
	check (gcry_mpi_ec_curve_point (g2, ec_ctx), "not on curve");
	check (gcry_mpi_ec_curve_point (v, ec_ctx), "not on curve");
	check (gcry_mpi_ec_curve_point (w, ec_ctx), "not on curve");
	check (!smc_zkp_2dle_check (v, w, g1, g2, &proof), "zkp 2dle wrong");

	gcry_mpi_release (x);
	gcry_mpi_point_release (g1);
	gcry_mpi_point_release (g2);
	gcry_mpi_point_release (v);
	gcry_mpi_point_release (w);
	return 1;
}


int
test_smc_zkp_0og ()
{
	struct proof_0og proof;
	gcry_mpi_point_t y = gcry_mpi_point_new (0);
	gcry_mpi_point_t alpha = gcry_mpi_point_new (0);
	gcry_mpi_point_t beta = gcry_mpi_point_new (0);

	/* get random public key point. We don't need the secret key to check the
	 * proof here */
	ec_keypair_create (y, NULL);

	smc_zkp_0og (tests_run % 2, y, NULL, alpha, beta, &proof);
	check (gcry_mpi_ec_curve_point (alpha, ec_ctx), "not on curve");
	check (gcry_mpi_ec_curve_point (beta, ec_ctx), "not on curve");
	check (!smc_zkp_0og_check (y, alpha, beta, &proof), "zkp 0og is wrong");

	gcry_mpi_point_release (y);
	gcry_mpi_point_release (alpha);
	gcry_mpi_point_release (beta);
	return 1;
}


static int
test_setup_auction_data ()
{
	uint16_t i;

	ad = GNUNET_new_array (bidders, struct BRANDT_Auction);

	for (i = 0; i < bidders; i++)
	{
		ad[i].n = bidders;
		ad[i].i = i;
		ad[i].k = prizes;
		ad[i].b = 2 * i;
	}
	return 1;
}


int
test_prologue ()
{
	uint16_t      i, s;
	unsigned char *bufs[bidders];
	size_t        lens[bidders];

	for (i = 0; i < bidders; i++)
	{
		bufs[i] = smc_gen_keyshare (&ad[i], &lens[i]);
		check (bufs[i], "failed to gen keyshare");
	}

	for (i = 0; i < bidders; i++)
	{
		for (s = 0; s < bidders; s++)
		{
			if (s == i)
				continue;
			check (smc_recv_keyshare (&ad[i], bufs[s], lens[s], s),
			       "failed checking keyshare");
		}
	}

	for (i = 0; i < bidders; i++)
		free (bufs[i]);
	return 1;
}


int
test_round1 ()
{
	uint16_t      i, s;
	unsigned char *bufs[bidders];
	size_t        lens[bidders];

	for (i = 0; i < bidders; i++)
	{
		bufs[i] = smc_encrypt_bid (&ad[i], &lens[i]);
		check (bufs[i], "failed to encrypt bid");
	}

	for (i = 0; i < bidders; i++)
	{
		for (s = 0; s < bidders; s++)
		{
			if (s == i)
				continue;
			check (smc_recv_encrypted_bid (&ad[i], bufs[s], lens[s], s),
			       "failed checking encrypted bid");
		}
	}

	for (i = 0; i < bidders; i++)
		free (bufs[i]);
	return 1;
}


int
test_round2 ()
{
	uint16_t      i, s;
	unsigned char *bufs[bidders];
	size_t        lens[bidders];

	for (i = 0; i < bidders; i++)
	{
		bufs[i] = fp_priv_compute_outcome (&ad[i], &lens[i]);
		check (bufs[i], "failed to compute outcome");
	}

	for (i = 0; i < bidders; i++)
	{
		for (s = 0; s < bidders; s++)
		{
			if (s == i)
				continue;
			check (fp_priv_recv_outcome (&ad[i], bufs[s], lens[s], s),
			       "failed checking outcome");
		}
	}

	for (i = 0; i < bidders; i++)
		free (bufs[i]);
	return 1;
}


static int
test_round3 ()
{
	uint16_t      i, s;
	unsigned char *bufs[bidders];
	size_t        lens[bidders];

	for (i = 0; i < bidders; i++)
	{
		bufs[i] = fp_priv_decrypt_outcome (&ad[i], &lens[i]);
		check (bufs[i], "failed to decrypt outcome");
	}

	for (i = 0; i < bidders; i++)
	{
		for (s = 0; s < bidders; s++)
		{
			if (s == i)
				continue;
			check (fp_priv_recv_decryption (&ad[i], bufs[s], lens[s], s),
			       "failed checking decrypted outcome");
		}
	}

	for (i = 0; i < bidders; i++)
		free (bufs[i]);
	return 1;
}


static int
test_outcome ()
{
	int32_t ret = -1;

	for (uint16_t i = 0; i < ad->n; i++)
	{
		if (-1 != fp_priv_determine_outcome (&ad[i]))
		{
			check (-1 == ret, "multiple winners detected");
			ret = i;
		}
	}
	check (-1 != ret, "no winner detected");
	fputs ("winner detected", stderr);
	return 1;
}


static void
cleanup_auction_data ()
{
	for (uint16_t i = 0; i < bidders; i++)
	{
		gcry_mpi_point_release (ad[i].Y);
		gcry_mpi_release (ad[i].x);
		smc_free1 (ad[i].y, ad[i].n);
		smc_free2 (ad[i].alpha, ad[i].n, ad[i].k);
		smc_free2 (ad[i].beta, ad[i].n, ad[i].k);
		smc_free2 (ad[i].gamma2, ad[i].n, ad[i].k);
		smc_free2 (ad[i].delta2, ad[i].n, ad[i].k);
		smc_free2 (ad[i].phi2, ad[i].n, ad[i].k);
		smc_free3 (ad[i].gamma3, ad[i].n, ad[i].n, ad[i].k);
		smc_free3 (ad[i].delta3, ad[i].n, ad[i].n, ad[i].k);
		smc_free3 (ad[i].phi3, ad[i].n, ad[i].n, ad[i].k);
		smc_free1 (ad[i].tmpa1, ad[i].k);
		smc_free1 (ad[i].tmpb1, ad[i].k);
	}
	free (ad);
}


static struct GNUNET_SCHEDULER_Task *wt;

static void
ending (void *arg)
{
  printf ("Good bye!!\n");
  GNUNET_SCHEDULER_cancel (wt);
}


static void
world (void *arg)
{
  static int c++;
  printf ("World!\n");
  wt = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                     &world,
                                     NULL);
  if (11 == c)
    GNUNET_SCHEDULER_shutdown ();
}


static void
hello (void *arg)
{
  printf ("Hello\n");
  GNUNET_SCHEDULER_add_shutdown (&ending, NULL);
  wt = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                     &world,
                                     NULL);
}


int
main (int argc, char *argv[])
{
	int repeat = 1;
	struct GNUNET_CRYPTO_EccDlogContext *edc;

	bidders = 2;
	prizes = 2 * bidders;

        GNUNET_SCHEDULER_run (&hello, NULL);

	edc = GNUNET_CRYPTO_ecc_dlog_prepare (1024, 16);
	BRANDT_init (edc);

	/* tests that need to run only once */
	run (test_smc_2d_array);
	run (test_smc_3d_array);

	for (tests_run = 0; tests_run < repeat; tests_run++)
	{
		run (test_serialization);
		run (test_smc_zkp_dl);
		run (test_smc_zkp_2dle);
		run (test_smc_zkp_0og);

		run (test_setup_auction_data);
		run (test_prologue);
		run (test_round1);
		run (test_round2);
		run (test_round3);
		run (test_outcome);
		cleanup_auction_data ();
	}

	GNUNET_CRYPTO_ecc_dlog_release (edc);
	return ret;
}