github.com/SmartMeshFoundation/Spectrum@v0.0.0-20220621030607-452a266fee1e/crypto/vrf/vrf_test.go

github.com/SmartMeshFoundation/Spectrum@v0.0.0-20220621030607-452a266fee1e/crypto/vrf/vrf_test.go (about)

     1  // Copyright 2016 Google Inc. All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package vrf
    16  
    17  import (
    18  	"bytes"
    19  	"crypto/ecdsa"
    20  	"crypto/rand"
    21  	"github.com/SmartMeshFoundation/Spectrum/crypto/secp256k1"
    22  	_ "github.com/google/trillian/crypto/keys/der/proto"
    23  	"math"
    24  	"testing"
    25  )
    26  
    27  func TestH1(t *testing.T) {
    28  	for i := 0; i < 10; i++ {
    29  		m := make([]byte, 100)
    30  		if _, err := rand.Read(m); err != nil {
    31  			t.Fatalf("Failed generating random message: %v", err)
    32  		}
    33  		x, y := H1(m)
    34  		if x == nil {
    35  			t.Errorf("H1(%v)=%v, want curve point", m, x)
    36  		}
    37  		if got := curve.IsOnCurve(x, y); !got {
    38  			t.Errorf("H1(%v)=[%v, %v], is not on curve", m, x, y)
    39  		}
    40  	}
    41  }
    42  
    43  func TestH2(t *testing.T) {
    44  	l := 32
    45  	for i := 0; i < 10000; i++ {
    46  		m := make([]byte, 100)
    47  		if _, err := rand.Read(m); err != nil {
    48  			t.Fatalf("Failed generating random message: %v", err)
    49  		}
    50  		x := H2(m)
    51  		if got := len(x.Bytes()); got < 1 || got > l {
    52  			t.Errorf("len(h2(%v)) = %v, want: 1 <= %v <= %v", m, got, got, l)
    53  		}
    54  	}
    55  }
    56  
    57  func TestVRF(t *testing.T) {
    58  	k, pk := GenerateKey()
    59  
    60  	m1 := []byte("data1")
    61  	m2 := []byte("data2")
    62  	m3 := []byte("data2")
    63  	index1, proof1 := k.Evaluate(m1)
    64  	index2, proof2 := k.Evaluate(m2)
    65  	index3, proof3 := k.Evaluate(m3)
    66  	for _, tc := range []struct {
    67  		m     []byte
    68  		index [32]byte
    69  		proof []byte
    70  		err   error
    71  	}{
    72  		{m1, index1, proof1, nil},
    73  		{m2, index2, proof2, nil},
    74  		{m3, index3, proof3, nil},
    75  		{m3, index3, proof2, nil},
    76  		{m3, index3, proof1, ErrInvalidVRF},
    77  	} {
    78  		index, err := pk.ProofToHash(tc.m, tc.proof)
    79  		if got, want := err, tc.err; got != want {
    80  			t.Errorf("ProofToHash(%s, %x): %v, want %v", tc.m, tc.proof, got, want)
    81  		}
    82  		if err != nil {
    83  			continue
    84  		}
    85  		if got, want := index, tc.index; got != want {
    86  			t.Errorf("ProofToInex(%s, %x): %x, want %x", tc.m, tc.proof, got, want)
    87  		}
    88  	}
    89  }
    90  
    91  func TestRightTruncateProof(t *testing.T) {
    92  	k, pk := GenerateKey()
    93  
    94  	data := []byte("data")
    95  	_, proof := k.Evaluate(data)
    96  	proofLen := len(proof)
    97  	for i := 0; i < proofLen; i++ {
    98  		proof = proof[:len(proof)-1]
    99  		if _, err := pk.ProofToHash(data, proof); err == nil {
   100  			t.Errorf("Verify unexpectedly succeeded after truncating %v bytes from the end of proof", i)
   101  		}
   102  	}
   103  }
   104  
   105  func TestLeftTruncateProof(t *testing.T) {
   106  	k, pk := GenerateKey()
   107  
   108  	data := []byte("data")
   109  	_, proof := k.Evaluate(data)
   110  	proofLen := len(proof)
   111  	for i := 0; i < proofLen; i++ {
   112  		proof = proof[1:]
   113  		if _, err := pk.ProofToHash(data, proof); err == nil {
   114  			t.Errorf("Verify unexpectedly succeeded after truncating %v bytes from the beginning of proof", i)
   115  		}
   116  	}
   117  }
   118  
   119  func TestBitFlip(t *testing.T) {
   120  	k, pk := GenerateKey()
   121  
   122  	data := []byte("data")
   123  	_, proof := k.Evaluate(data)
   124  	for i := 0; i < len(proof)*8; i++ {
   125  		// Flip bit in position i.
   126  		if _, err := pk.ProofToHash(data, flipBit(proof, i)); err == nil {
   127  			t.Errorf("Verify unexpectedly succeeded after flipping bit %v of vrf", i)
   128  		}
   129  	}
   130  }
   131  
   132  func flipBit(a []byte, pos int) []byte {
   133  	index := int(math.Floor(float64(pos) / 8))
   134  	b := a[index]
   135  	b ^= (1 << uint(math.Mod(float64(pos), 8.0)))
   136  
   137  	var buf bytes.Buffer
   138  	buf.Write(a[:index])
   139  	buf.Write([]byte{b})
   140  	buf.Write(a[index+1:])
   141  	return buf.Bytes()
   142  }
   143  
   144  func TestVRFForS256(t *testing.T) {
   145  	key, err := ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
   146  	if err != nil {
   147  		t.Error(err)
   148  		return
   149  	}
   150  	k, err := NewVRFSigner(key)
   151  	if err != nil {
   152  		t.Error(err)
   153  		return
   154  	}
   155  	pk, err := NewVRFVerifier(&key.PublicKey)
   156  	if err != nil {
   157  		t.Error(err)
   158  		return
   159  	}
   160  	msg := []byte("data1")
   161  	index, proof := k.Evaluate(msg)
   162  	_index, _proof := k.Evaluate(msg)
   163  	index2, err := pk.ProofToHash(msg, proof)
   164  
   165  	if err != nil {
   166  		t.Error(err)
   167  	}
   168  	if index2 != index {
   169  		t.Error("index not equal")
   170  	}
   171  
   172  	t.Log(index, _index)
   173  	t.Log(proof, _proof)
   174  }