github.com/consensys/gnark-crypto@v0.14.0/ecc/bw6-761/twistededwards/eddsa/eddsa_test.go (about) 1 // Copyright 2020 Consensys Software Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by consensys/gnark-crypto DO NOT EDIT 16 17 package eddsa 18 19 import ( 20 "crypto/sha256" 21 "math/big" 22 "math/rand" 23 "testing" 24 25 crand "crypto/rand" 26 27 "fmt" 28 29 "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" 30 "github.com/consensys/gnark-crypto/ecc/bw6-761/twistededwards" 31 "github.com/consensys/gnark-crypto/hash" 32 ) 33 34 func Example() { 35 // instantiate hash function 36 hFunc := hash.MIMC_BW6_761.New() 37 38 // create a eddsa key pair 39 privateKey, _ := GenerateKey(crand.Reader) 40 publicKey := privateKey.PublicKey 41 42 // generate a message (the size must be a multiple of the size of Fr) 43 var _msg fr.Element 44 _msg.SetRandom() 45 msg := _msg.Marshal() 46 47 // sign the message 48 signature, _ := privateKey.Sign(msg, hFunc) 49 50 // verifies signature 51 isValid, _ := publicKey.Verify(signature, msg, hFunc) 52 if !isValid { 53 fmt.Println("1. invalid signature") 54 } else { 55 fmt.Println("1. valid signature") 56 } 57 58 // Output: 1. valid signature 59 } 60 61 func TestNonMalleability(t *testing.T) { 62 63 // buffer too big 64 t.Run("buffer_overflow", func(t *testing.T) { 65 bsig := make([]byte, 2*sizeFr+1) 66 var sig Signature 67 _, err := sig.SetBytes(bsig) 68 if err != errWrongSize { 69 t.Fatal("should raise wrong size error") 70 } 71 }) 72 73 // R overflows p_mod 74 t.Run("R_overflow", func(t *testing.T) { 75 bsig := make([]byte, 2*sizeFr) 76 frMod := fr.Modulus() 77 r := big.NewInt(1) 78 r.Add(frMod, r) 79 buf := r.Bytes() 80 for i := 0; i < sizeFr; i++ { 81 bsig[sizeFr-1-i] = buf[i] 82 } 83 84 var sig Signature 85 _, err := sig.SetBytes(bsig) 86 if err != errRBiggerThanPMod { 87 t.Fatal("should raise error r >= p_mod") 88 } 89 }) 90 91 // S overflows r_mod 92 t.Run("S_overflow", func(t *testing.T) { 93 bsig := make([]byte, 2*sizeFr) 94 o := big.NewInt(1) 95 cp := twistededwards.GetEdwardsCurve() 96 o.Add(&cp.Order, o) 97 buf := o.Bytes() 98 copy(bsig[sizeFr:], buf[:]) 99 big.NewInt(1).FillBytes(bsig[:sizeFr]) 100 101 var sig Signature 102 _, err := sig.SetBytes(bsig) 103 if err != errSBiggerThanRMod { 104 t.Fatal("should raise error s >= r_mod") 105 } 106 }) 107 108 } 109 110 func TestNoZeros(t *testing.T) { 111 t.Run("R.Y=0", func(t *testing.T) { 112 // R points are 0 113 var sig Signature 114 sig.R.X.SetInt64(1) 115 sig.R.Y.SetInt64(0) 116 s := big.NewInt(1) 117 s.FillBytes(sig.S[:]) 118 bts := sig.Bytes() 119 var newSig Signature 120 _, err := newSig.SetBytes(bts) 121 if err != errZero { 122 t.Fatal("expected error for zero R.Y") 123 } 124 }) 125 t.Run("S=0", func(t *testing.T) { 126 // S is 0 127 var R twistededwards.PointAffine 128 cp := twistededwards.GetEdwardsCurve() 129 R.ScalarMultiplication(&cp.Base, big.NewInt(1)) 130 var sig Signature 131 sig.R.Set(&R) 132 bts := sig.Bytes() 133 var newSig Signature 134 _, err := newSig.SetBytes(bts) 135 if err != errZero { 136 t.Fatal("expected error for zero S") 137 } 138 }) 139 } 140 141 func TestSerialization(t *testing.T) { 142 143 src := rand.NewSource(0) 144 r := rand.New(src) //#nosec G404 weak rng is fine here 145 146 privKey1, err := GenerateKey(r) 147 if err != nil { 148 t.Fatal(err) 149 } 150 pubKey1 := privKey1.PublicKey 151 152 privKey2, err := GenerateKey(r) 153 if err != nil { 154 t.Fatal(err) 155 } 156 pubKey2 := privKey2.PublicKey 157 158 pubKeyBin1 := pubKey1.Bytes() 159 pubKey2.SetBytes(pubKeyBin1) 160 pubKeyBin2 := pubKey2.Bytes() 161 if len(pubKeyBin1) != len(pubKeyBin2) { 162 t.Fatal("Inconsistent size") 163 } 164 for i := 0; i < len(pubKeyBin1); i++ { 165 if pubKeyBin1[i] != pubKeyBin2[i] { 166 t.Fatal("Error serialize(deserialize(.))") 167 } 168 } 169 170 privKeyBin1 := privKey1.Bytes() 171 privKey2.SetBytes(privKeyBin1) 172 privKeyBin2 := privKey2.Bytes() 173 if len(privKeyBin1) != len(privKeyBin2) { 174 t.Fatal("Inconsistent size") 175 } 176 for i := 0; i < len(privKeyBin1); i++ { 177 if privKeyBin1[i] != privKeyBin2[i] { 178 t.Fatal("Error serialize(deserialize(.))") 179 } 180 } 181 } 182 183 func TestEddsaMIMC(t *testing.T) { 184 185 src := rand.NewSource(0) 186 r := rand.New(src) //#nosec G404 weak rng is fine here 187 188 // create eddsa obj and sign a message 189 privKey, err := GenerateKey(r) 190 if err != nil { 191 t.Fatal(nil) 192 } 193 pubKey := privKey.PublicKey 194 hFunc := hash.MIMC_BW6_761.New() 195 196 var frMsg fr.Element 197 frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035978") 198 msgBin := frMsg.Bytes() 199 signature, err := privKey.Sign(msgBin[:], hFunc) 200 if err != nil { 201 t.Fatal(err) 202 } 203 204 // verifies correct msg 205 res, err := pubKey.Verify(signature, msgBin[:], hFunc) 206 if err != nil { 207 t.Fatal(err) 208 } 209 if !res { 210 t.Fatal("Verify correct signature should return true") 211 } 212 213 // verifies wrong msg 214 frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035979") 215 msgBin = frMsg.Bytes() 216 res, err = pubKey.Verify(signature, msgBin[:], hFunc) 217 if err != nil { 218 t.Fatal(err) 219 } 220 if res { 221 t.Fatal("Verify wrong signature should be false") 222 } 223 224 } 225 226 func TestEddsaSHA256(t *testing.T) { 227 228 src := rand.NewSource(0) 229 r := rand.New(src) //#nosec G404 weak rng is fine here 230 231 hFunc := sha256.New() 232 233 // create eddsa obj and sign a message 234 // create eddsa obj and sign a message 235 236 privKey, err := GenerateKey(r) 237 pubKey := privKey.PublicKey 238 if err != nil { 239 t.Fatal(err) 240 } 241 242 signature, err := privKey.Sign([]byte("message"), hFunc) 243 if err != nil { 244 t.Fatal(err) 245 } 246 247 // verifies correct msg 248 res, err := pubKey.Verify(signature, []byte("message"), hFunc) 249 if err != nil { 250 t.Fatal(err) 251 } 252 if !res { 253 t.Fatal("Verify correct signature should return true") 254 } 255 256 // verifies wrong msg 257 res, err = pubKey.Verify(signature, []byte("wrong_message"), hFunc) 258 if err != nil { 259 t.Fatal(err) 260 } 261 if res { 262 t.Fatal("Verify wrong signature should be false") 263 } 264 265 } 266 267 // benchmarks 268 269 func BenchmarkVerify(b *testing.B) { 270 271 src := rand.NewSource(0) 272 r := rand.New(src) //#nosec G404 weak rng is fine here 273 274 hFunc := hash.MIMC_BW6_761.New() 275 276 // create eddsa obj and sign a message 277 privKey, err := GenerateKey(r) 278 pubKey := privKey.PublicKey 279 if err != nil { 280 b.Fatal(err) 281 } 282 var frMsg fr.Element 283 frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035978") 284 msgBin := frMsg.Bytes() 285 signature, _ := privKey.Sign(msgBin[:], hFunc) 286 287 b.ResetTimer() 288 for i := 0; i < b.N; i++ { 289 pubKey.Verify(signature, msgBin[:], hFunc) 290 } 291 }