1 /*############################################################################
2 # Copyright 2016-2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16
17 /*!
18 * \file
19 * \brief EcGroup unit tests.
20 */
21
22 #include <cstring>
23 #include <memory>
24 #include <stdexcept>
25 #include <string>
26 #include <vector>
27
28 #include "epid/common-testhelper/epid_gtest-testhelper.h"
29 #include "gtest/gtest.h"
30
31 extern "C" {
32 #include "epid/common/math/ecgroup.h"
33 #include "epid/common/math/finitefield.h"
34 }
35 #include "epid/common-testhelper/bignum_wrapper-testhelper.h"
36 #include "epid/common-testhelper/ecgroup_wrapper-testhelper.h"
37 #include "epid/common-testhelper/ecpoint_wrapper-testhelper.h"
38 #include "epid/common-testhelper/errors-testhelper.h"
39 #include "epid/common-testhelper/ffelement_wrapper-testhelper.h"
40 #include "epid/common-testhelper/finite_field_wrapper-testhelper.h"
41 #include "epid/common-testhelper/prng-testhelper.h"
42
43 /// compares G1ElemStr values
operator ==(G1ElemStr const & lhs,G1ElemStr const & rhs)44 bool operator==(G1ElemStr const& lhs, G1ElemStr const& rhs) {
45 return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
46 }
47
48 /// compares G2ElemStr values
operator ==(G2ElemStr const & lhs,G2ElemStr const & rhs)49 bool operator==(G2ElemStr const& lhs, G2ElemStr const& rhs) {
50 return 0 == std::memcmp(&lhs, &rhs, sizeof(lhs));
51 }
52
53 namespace {
54
55 class EFq2Params {
56 public:
57 FiniteFieldObj fq2;
58 FfElementObj a;
59 FfElementObj b;
60 FfElementObj x;
61 FfElementObj y;
62 BigNumObj order;
63 BigNumObj cofactor;
64
EFq2Params(FiniteFieldObj * fq)65 explicit EFq2Params(FiniteFieldObj* fq) {
66 // Intel(R) EPID 2.0 parameters for EC(Fq2)
67 static const FqElemStr param_beta = {
68 {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
69 0x5E, 0xEE, 0x71, 0xA4, 0x9F, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98,
70 0x0A, 0x82, 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x12}}};
71 static const G2ElemStr param_g2 = {
72 {{{{0xE2, 0x01, 0x71, 0xC5, 0x4A, 0xA3, 0xDA, 0x05, 0x21, 0x67, 0x04,
73 0x13, 0x74, 0x3C, 0xCF, 0x22, 0xD2, 0x5D, 0x52, 0x68, 0x3D, 0x32,
74 0x47, 0x0E, 0xF6, 0x02, 0x13, 0x43, 0xBF, 0x28, 0x23, 0x94}}},
75 {{{0x59, 0x2D, 0x1E, 0xF6, 0x53, 0xA8, 0x5A, 0x80, 0x46, 0xCC, 0xDC,
76 0x25, 0x4F, 0xBB, 0x56, 0x56, 0x43, 0x43, 0x3B, 0xF6, 0x28, 0x96,
77 0x53, 0xE2, 0x7D, 0xF7, 0xB2, 0x12, 0xBA, 0xA1, 0x89, 0xBE}}}},
78 {{{{0xAE, 0x60, 0xA4, 0xE7, 0x51, 0xFF, 0xD3, 0x50, 0xC6, 0x21, 0xE7,
79 0x03, 0x31, 0x28, 0x26, 0xBD, 0x55, 0xE8, 0xB5, 0x9A, 0x4D, 0x91,
80 0x68, 0x38, 0x41, 0x4D, 0xB8, 0x22, 0xDD, 0x23, 0x35, 0xAE}}},
81 {{{0x1A, 0xB4, 0x42, 0xF9, 0x89, 0xAF, 0xE5, 0xAD, 0xF8, 0x02, 0x74,
82 0xF8, 0x76, 0x45, 0xE2, 0x53, 0x2C, 0xDC, 0x61, 0x81, 0x90, 0x93,
83 0xD6, 0x13, 0x2C, 0x90, 0xFE, 0x89, 0x51, 0xB9, 0x24, 0x21}}}}};
84 static const Fq2ElemStr param_xi0xi1 = {
85 {{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}},
88 {{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}}}};
91 static const FqElemStr param_b = {
92 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}};
95
96 // Setup Fq2 with parameters (q, beta)
97 // Fq^2 = Fq[u] / (u^2 - beta)
98 FfElementObj neg_beta(fq);
99 THROW_ON_EPIDERR(FfNeg(*fq, FfElementObj(fq, param_beta), neg_beta));
100 fq2 = FiniteFieldObj(*fq, neg_beta, 2);
101
102 // set x to (g2.x[0], g2.x[1]) and y to (g2.y[0], g2.y[1])
103 x = FfElementObj(&fq2, ¶m_g2.x, sizeof(param_g2.x));
104 y = FfElementObj(&fq2, ¶m_g2.y, sizeof(param_g2.y));
105
106 // set a to identity, NewFfElement does it by default
107 a = FfElementObj(&fq2);
108
109 // set b to inv(xi)*param_b, where xi is (xi0, xi1) element in Fq2
110 FfElementObj neg_xi(&fq2);
111 THROW_ON_EPIDERR(FfInv(fq2, FfElementObj(&fq2, param_xi0xi1), neg_xi));
112 b = FfElementObj(&fq2);
113 THROW_ON_EPIDERR(FfMul(fq2, neg_xi.get(), FfElementObj(fq, param_b), b));
114
115 // set h = 2q - p, aka cofactor
116 std::vector<uint8_t> cofactor_str(
117 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
120 0xff, 0xff, 0xff, 0xff, 0xfc, 0xf0, 0xcd, 0x46, 0xe5, 0xf2, 0x5e,
121 0xee, 0x71, 0xa4, 0xa0, 0x0c, 0xdc, 0x65, 0xfb, 0x12, 0x96, 0x82,
122 0xea, 0xb0, 0x25, 0x08, 0x4a, 0x8c, 0x9b, 0x10, 0x19});
123 cofactor = BigNumObj(cofactor_str);
124
125 // set n = p * h, AKA order
126 std::vector<uint8_t> order_str(
127 {0xff, 0xff, 0xff, 0xff, 0xff, 0xf9, 0xe1, 0x9a, 0x8d, 0xcb, 0xe4,
128 0xc7, 0x38, 0xfa, 0x9b, 0x98, 0x4d, 0x1c, 0x12, 0x9f, 0x64, 0x97,
129 0xe8, 0x54, 0xa3, 0x0a, 0x81, 0xac, 0x42, 0xf9, 0x39, 0x16, 0xa7,
130 0x70, 0x21, 0xdc, 0xfb, 0xb6, 0xe7, 0x7e, 0x1f, 0x5b, 0x55, 0xcc,
131 0x4e, 0x84, 0xcd, 0x19, 0x4f, 0x49, 0x20, 0x94, 0xb5, 0xd8, 0x12,
132 0xa0, 0x2e, 0x7f, 0x40, 0x13, 0xb2, 0xfa, 0xa1, 0x45});
133 order = BigNumObj(order_str);
134 }
135
~EFq2Params()136 virtual ~EFq2Params() {}
137
138 private:
139 // This class is not meant to be copied or assigned
140 EFq2Params(const EFq2Params&);
141 EFq2Params& operator=(const EFq2Params&);
142 };
143
144 class EcGroupTest : public ::testing::Test {
145 public:
146 static const G1ElemStr g1_str;
147 static const G2ElemStr g2_str;
148
149 static const FqElemStr a1;
150 static const FqElemStr b1;
151 static const BigNumStr h1;
152 static const BigNumStr p;
153 static const BigNumStr q;
154
155 static const G1ElemStr efq_a_str;
156 static const G1ElemStr efq_b_str;
157 static const BigNumStr x_str;
158 static const BigNumStr y_str;
159 static const G1ElemStr efq_mul_ab_str;
160 static const G1ElemStr efq_exp_ax_str;
161 static const G1ElemStr efq_multiexp_abxy_str;
162 static const G1ElemStr efq_inv_a_str;
163 static const G1ElemStr efq_identity_str;
164 static const G1ElemStr efq_r_sha256_str;
165 static const G1ElemStr efq_r_sha384_str;
166 static const G1ElemStr efq_r_sha512_str;
167 static const G1ElemStr efq_r_sha512256_str;
168 static const uint8_t sha_msg[];
169
170 static const G2ElemStr efq2_a_str;
171 static const G2ElemStr efq2_b_str;
172 static const G2ElemStr efq2_mul_ab_str;
173 static const G2ElemStr efq2_exp_ax_str;
174 static const G2ElemStr efq2_multiexp_abxy_str;
175 static const G2ElemStr efq2_inv_a_str;
176 static const G2ElemStr efq2_identity_str;
177
178 // Intel(R) EPID 1.1 hash of message "aad"
179 static const Epid11G3ElemStr kAadHash;
180 // Intel(R) EPID 1.1 hash of message "bsn0"
181 static const Epid11G3ElemStr kBsn0Hash;
182 // Intel(R) EPID 1.1 hash of message "test"
183 static const Epid11G3ElemStr kTestHash;
184 // Intel(R) EPID 1.1 hash of message "aac"
185 static const Epid11G3ElemStr kAacHash;
186
SetUp()187 virtual void SetUp() {
188 Epid11Params epid11_params_str = {
189 #include "epid/common/1.1/src/epid11params_tate.inc"
190 };
191
192 fq = FiniteFieldObj(q);
193 fq_a = FfElementObj(&fq, a1);
194 fq_b = FfElementObj(&fq, b1);
195 g1_x = FfElementObj(&fq, g1_str.x);
196 g1_y = FfElementObj(&fq, g1_str.y);
197
198 bn_p = BigNumObj(p);
199 bn_h = BigNumObj(h1);
200
201 efq = EcGroupObj(&fq, fq_a, fq_b, g1_x, g1_y, bn_p, bn_h);
202
203 efq_a = EcPointObj(&efq, efq_a_str);
204 efq_b = EcPointObj(&efq, efq_b_str);
205 efq_r = EcPointObj(&efq);
206 efq_identity = EcPointObj(&efq, efq_identity_str);
207
208 efq2_par.reset(new EFq2Params(&fq));
209
210 efq2 = EcGroupObj(&efq2_par->fq2, efq2_par->a, efq2_par->b, efq2_par->x,
211 efq2_par->y, efq2_par->order, efq2_par->cofactor);
212
213 efq2_a = EcPointObj(&efq2, efq2_a_str);
214 efq2_b = EcPointObj(&efq2, efq2_b_str);
215 efq2_r = EcPointObj(&efq2);
216 efq2_identity = EcPointObj(&efq2, efq_identity_str);
217
218 epid11_Fq_tick = FiniteFieldObj(epid11_params_str.q_tick);
219 epid11_a_tick = FfElementObj(&epid11_Fq_tick, epid11_params_str.a_tick);
220 epid11_b_tick = FfElementObj(&epid11_Fq_tick, epid11_params_str.b_tick);
221 epid11_g3_x = FfElementObj(&epid11_Fq_tick, epid11_params_str.g3.x);
222 epid11_g3_y = FfElementObj(&epid11_Fq_tick, epid11_params_str.g3.y);
223 epid11_p_tick = BigNumObj(epid11_params_str.p_tick);
224 BigNumStr h_tick_str = {0};
225 ((OctStr32*)
226 h_tick_str.data.data)[sizeof(BigNumStr) / sizeof(OctStr32) - 1] =
227 epid11_params_str.h_tick;
228 epid11_h_tick = BigNumObj(h_tick_str);
229
230 epid11_G3 =
231 EcGroupObj(&epid11_Fq_tick, epid11_a_tick, epid11_b_tick, epid11_g3_x,
232 epid11_g3_y, epid11_p_tick, epid11_h_tick);
233 epid11_G3_r = EcPointObj(&epid11_G3);
234 }
235
236 FiniteFieldObj fq;
237 FfElementObj fq_a;
238 FfElementObj fq_b;
239 FfElementObj g1_x;
240 FfElementObj g1_y;
241
242 BigNumObj bn_p;
243 BigNumObj bn_h;
244
245 EcGroupObj efq;
246 EcPointObj efq_a;
247 EcPointObj efq_b;
248 EcPointObj efq_r;
249 EcPointObj efq_identity;
250
251 std::unique_ptr<EFq2Params> efq2_par;
252 EcGroupObj efq2;
253 EcPointObj efq2_a;
254 EcPointObj efq2_b;
255 EcPointObj efq2_r;
256 EcPointObj efq2_identity;
257
258 FiniteFieldObj epid11_Fq_tick;
259 FfElementObj epid11_a_tick;
260 FfElementObj epid11_b_tick;
261 FfElementObj epid11_g3_x;
262 FfElementObj epid11_g3_y;
263 BigNumObj epid11_p_tick;
264 BigNumObj epid11_h_tick;
265
266 EcGroupObj epid11_G3;
267 EcPointObj epid11_G3_r;
268 };
269
270 const G1ElemStr EcGroupTest::g1_str = {
271 {{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
272 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
273 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}},
274 {{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
275 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
276 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}}}};
277 const G2ElemStr EcGroupTest::g2_str = {
278 {{{{0xE2, 0x01, 0x71, 0xC5, 0x4A, 0xA3, 0xDA, 0x05, 0x21, 0x67, 0x04,
279 0x13, 0x74, 0x3C, 0xCF, 0x22, 0xD2, 0x5D, 0x52, 0x68, 0x3D, 0x32,
280 0x47, 0x0E, 0xF6, 0x02, 0x13, 0x43, 0xBF, 0x28, 0x23, 0x94}}},
281 {{{0x59, 0x2D, 0x1E, 0xF6, 0x53, 0xA8, 0x5A, 0x80, 0x46, 0xCC, 0xDC,
282 0x25, 0x4F, 0xBB, 0x56, 0x56, 0x43, 0x43, 0x3B, 0xF6, 0x28, 0x96,
283 0x53, 0xE2, 0x7D, 0xF7, 0xB2, 0x12, 0xBA, 0xA1, 0x89, 0xBE}}}},
284 {{{{0xAE, 0x60, 0xA4, 0xE7, 0x51, 0xFF, 0xD3, 0x50, 0xC6, 0x21, 0xE7,
285 0x03, 0x31, 0x28, 0x26, 0xBD, 0x55, 0xE8, 0xB5, 0x9A, 0x4D, 0x91,
286 0x68, 0x38, 0x41, 0x4D, 0xB8, 0x22, 0xDD, 0x23, 0x35, 0xAE}}},
287 {{{0x1A, 0xB4, 0x42, 0xF9, 0x89, 0xAF, 0xE5, 0xAD, 0xF8, 0x02, 0x74,
288 0xF8, 0x76, 0x45, 0xE2, 0x53, 0x2C, 0xDC, 0x61, 0x81, 0x90, 0x93,
289 0xD6, 0x13, 0x2C, 0x90, 0xFE, 0x89, 0x51, 0xB9, 0x24, 0x21}}}}};
290
291 const FqElemStr EcGroupTest::a1 = {
292 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
293 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}};
295 const FqElemStr EcGroupTest::b1 = {
296 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
298 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}}};
299 const BigNumStr EcGroupTest::h1 = {
300 {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}}};
303 const BigNumStr EcGroupTest::p = {
304 {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
305 0x5E, 0xEE, 0x71, 0xA4, 0x9E, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99,
306 0x92, 0x1A, 0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D}}};
307 const BigNumStr EcGroupTest::q = {
308 {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD, 0x46, 0xE5, 0xF2,
309 0x5E, 0xEE, 0x71, 0xA4, 0x9F, 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98,
310 0x0A, 0x82, 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13}}};
311
312 const G1ElemStr EcGroupTest::efq_a_str = {
313 {{{0x12, 0xA6, 0x5B, 0xD6, 0x91, 0x8D, 0x50, 0xA7, 0x66, 0xEB, 0x7D,
314 0x52, 0xE3, 0x40, 0x17, 0x60, 0x7F, 0xDF, 0x6C, 0xA1, 0x2C, 0x1A,
315 0x37, 0xE0, 0x92, 0xC0, 0xF7, 0xB9, 0x76, 0xAB, 0xB1, 0x8A}}},
316 {{{0x78, 0x65, 0x28, 0xCB, 0xAF, 0x07, 0x52, 0x50, 0x55, 0x7A, 0x5F,
317 0x30, 0x0A, 0xC0, 0xB4, 0x6B, 0xEA, 0x6F, 0xE2, 0xF6, 0x6D, 0x96,
318 0xF7, 0xCD, 0xC8, 0xD3, 0x12, 0x7F, 0x1F, 0x3A, 0x8B, 0x42}}}};
319
320 const G1ElemStr EcGroupTest::efq_b_str = {
321 {{{0xE6, 0x65, 0x23, 0x9B, 0xD4, 0x07, 0x16, 0x83, 0x38, 0x23, 0xB2,
322 0x67, 0x57, 0xEB, 0x0F, 0x23, 0x3A, 0xF4, 0x8E, 0xDA, 0x71, 0x5E,
323 0xD9, 0x98, 0x63, 0x98, 0x2B, 0xBC, 0x78, 0xD1, 0x94, 0xF2}}},
324 {{{0x63, 0xB0, 0xAD, 0xB8, 0x2C, 0xE8, 0x14, 0xFD, 0xA2, 0x39, 0x0E,
325 0x66, 0xB7, 0xD0, 0x6A, 0xAB, 0xEE, 0xFA, 0x2E, 0x24, 0x9B, 0xB5,
326 0x14, 0x35, 0xFE, 0xB6, 0xB0, 0xFF, 0xFD, 0x5F, 0x73, 0x19}}}};
327
328 const BigNumStr EcGroupTest::x_str = {
329 {{0xFF, 0xFB, 0x3E, 0x5D, 0xFF, 0x9A, 0xFF, 0x02, 0x00, 0xFF, 0xFF,
330 0xFF, 0xF2, 0xE1, 0x85, 0x81, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
331 0xFF, 0x81, 0xFF, 0xFD, 0xFF, 0xEB, 0xFF, 0x29, 0xA7, 0xFF}}};
332
333 const BigNumStr EcGroupTest::y_str = {
334 {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3, 0x6B, 0x08, 0xFF,
335 0xFF, 0x0B, 0xF3, 0xAF, 0x27, 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF,
336 0xEB, 0xFF, 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}}};
337
338 const G1ElemStr EcGroupTest::efq_mul_ab_str = {
339 {{{0x30, 0xF8, 0x33, 0xB7, 0x1C, 0x85, 0x94, 0x6D, 0x6F, 0x3C, 0x97,
340 0x77, 0x81, 0xA5, 0xC2, 0x98, 0x93, 0x5C, 0x8C, 0xC1, 0xFF, 0x35,
341 0x9E, 0x68, 0xF6, 0x4D, 0x18, 0xDD, 0x65, 0xA9, 0xC0, 0x60}}},
342 {{{0x89, 0xE5, 0x08, 0x2D, 0xD1, 0xD8, 0xC7, 0xBF, 0xDE, 0x16, 0x24,
343 0xA7, 0x2F, 0xF1, 0x48, 0x00, 0x26, 0xAF, 0x89, 0xEA, 0xC9, 0x94,
344 0x78, 0xFF, 0x2A, 0xB0, 0x20, 0xED, 0x33, 0x0C, 0x4E, 0x88}}}};
345
346 const G1ElemStr EcGroupTest::efq_exp_ax_str = {
347 {{{0x44, 0x45, 0xFA, 0x16, 0x23, 0x66, 0x26, 0x9D, 0x44, 0xB9, 0x43,
348 0xAB, 0x87, 0xE3, 0x56, 0xCA, 0x9C, 0x89, 0x44, 0x8E, 0xE8, 0x19,
349 0x29, 0x4D, 0x4D, 0x59, 0x7D, 0xBE, 0x46, 0x3F, 0x55, 0x0D}}},
350 {{{0x98, 0x09, 0xCF, 0x43, 0x46, 0x75, 0xB8, 0x71, 0xFF, 0x37, 0xBA,
351 0xA0, 0x63, 0xE2, 0xAC, 0x09, 0x38, 0x10, 0x70, 0xAC, 0x15, 0x52,
352 0x28, 0xF4, 0x77, 0x68, 0x32, 0x7B, 0x6E, 0xFB, 0xC1, 0x43}}}};
353
354 const G1ElemStr EcGroupTest::efq_multiexp_abxy_str = {
355 {{{0x63, 0x4A, 0xD4, 0xC1, 0x6B, 0x90, 0x67, 0xA2, 0x0B, 0xE2, 0xB3,
356 0xE9, 0x95, 0x3F, 0x82, 0x7E, 0x21, 0xBF, 0x9F, 0xCD, 0xA0, 0x16,
357 0x56, 0x6B, 0x31, 0x66, 0x68, 0xBB, 0x25, 0xF8, 0xBD, 0xF3}}},
358 {{{0xBD, 0x5F, 0xF8, 0x48, 0xD4, 0xBF, 0x35, 0x2D, 0xDC, 0xD1, 0x78,
359 0x74, 0xFF, 0xB1, 0x47, 0xD5, 0x6B, 0x21, 0xE5, 0x15, 0x01, 0xA8,
360 0xDC, 0x8B, 0x3C, 0x9D, 0x96, 0xC7, 0xC6, 0xB0, 0x05, 0x20}}}};
361
362 const G1ElemStr EcGroupTest::efq_inv_a_str = {
363 {{{0x12, 0xA6, 0x5B, 0xD6, 0x91, 0x8D, 0x50, 0xA7, 0x66, 0xEB, 0x7D,
364 0x52, 0xE3, 0x40, 0x17, 0x60, 0x7F, 0xDF, 0x6C, 0xA1, 0x2C, 0x1A,
365 0x37, 0xE0, 0x92, 0xC0, 0xF7, 0xB9, 0x76, 0xAB, 0xB1, 0x8A}}},
366 {{{0x87, 0x9A, 0xD7, 0x34, 0x50, 0xF5, 0x9E, 0x7C, 0xF1, 0x6B, 0x93,
367 0x2E, 0xE3, 0xB0, 0xF0, 0x33, 0x22, 0x6C, 0x83, 0x04, 0xA5, 0x01,
368 0x12, 0xB5, 0x0A, 0x56, 0x1B, 0x5C, 0x8F, 0x98, 0xA4, 0xD1}}}};
369
370 const G1ElemStr EcGroupTest::efq_identity_str = {
371 {{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
372 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
373 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
374 {{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
375 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}};
377
378 const uint8_t EcGroupTest::sha_msg[] = {'a', 'b', 'c'};
379
380 const G1ElemStr EcGroupTest::efq_r_sha256_str = {
381 {{{0x2E, 0xBB, 0x50, 0x4D, 0x88, 0xFF, 0x25, 0x62, 0xF3, 0x71, 0x65,
382 0x81, 0xAD, 0xBE, 0x83, 0x6E, 0x54, 0xF5, 0xA6, 0x2A, 0x70, 0xE6,
383 0x18, 0x6B, 0xD5, 0x4A, 0x10, 0x3C, 0x80, 0x08, 0x95, 0x3D}}},
384 {{{0x8A, 0x43, 0xA1, 0x04, 0xB1, 0x3F, 0x3C, 0xB4, 0xBD, 0x67, 0x38,
385 0xB1, 0x07, 0xF0, 0x7A, 0x32, 0x7E, 0xCD, 0xF0, 0x2E, 0x62, 0x3E,
386 0x2C, 0x1F, 0x48, 0xAA, 0x0D, 0x6C, 0xDC, 0x48, 0xF9, 0xF7}}}};
387
388 const G1ElemStr EcGroupTest::efq_r_sha384_str = {
389 {{{0xE1, 0xC8, 0x28, 0xB1, 0x9A, 0xDF, 0x5D, 0x4B, 0xC4, 0x25, 0x90,
390 0xFB, 0x38, 0x20, 0xD4, 0x8B, 0x30, 0x8F, 0x95, 0x76, 0xC3, 0x7F,
391 0x9D, 0xAD, 0x94, 0xC4, 0x31, 0x80, 0xD7, 0xDF, 0xD5, 0xFE}}},
392 {{{0x0E, 0x86, 0x11, 0x90, 0xAF, 0xEF, 0xEB, 0x79, 0x4B, 0x3E, 0x80,
393 0x92, 0x94, 0x3B, 0x2F, 0x5E, 0x72, 0x21, 0xEF, 0xF8, 0xBC, 0xE3,
394 0x48, 0xA9, 0xD0, 0x31, 0x19, 0xAC, 0xD1, 0xD7, 0x49, 0x87}}}};
395
396 const G1ElemStr EcGroupTest::efq_r_sha512_str = {
397 {{{0x8C, 0x62, 0xA0, 0x2D, 0x55, 0x55, 0x55, 0x86, 0xBC, 0x82, 0xA6,
398 0xA2, 0x21, 0x97, 0x9B, 0x9B, 0xB4, 0x03, 0x3D, 0x83, 0xF3, 0xBA,
399 0xDA, 0x9C, 0x42, 0xF7, 0xB3, 0x94, 0x99, 0x2A, 0x96, 0xE4}}},
400 {{{0x4C, 0x0E, 0xA7, 0x62, 0x17, 0xB9, 0xFB, 0xE5, 0x21, 0x7D, 0x54,
401 0x24, 0xE0, 0x2B, 0x87, 0xF7, 0x69, 0x54, 0x0C, 0xC6, 0xAD, 0xF2,
402 0xF2, 0x7B, 0xE6, 0x91, 0xD8, 0xF3, 0x40, 0x6C, 0x8F, 0x03}}}};
403
404 const G1ElemStr EcGroupTest::efq_r_sha512256_str = {
405 {{{0x63, 0x28, 0x40, 0x14, 0x73, 0xd5, 0x91, 0xc4, 0xa2, 0xa4, 0xb6,
406 0xd8, 0xa8, 0x75, 0x21, 0xd1, 0x26, 0x4e, 0x42, 0x13, 0x1f, 0xfa,
407 0xed, 0x90, 0x8d, 0x56, 0x34, 0x57, 0x8a, 0x3a, 0x47, 0xa0}}},
408 {{{0x30, 0xbe, 0x3f, 0x12, 0x00, 0x74, 0x48, 0xaa, 0x91, 0x90, 0x84,
409 0x12, 0x4d, 0x58, 0x54, 0xe7, 0x04, 0x65, 0x37, 0x97, 0x88, 0xcf,
410 0x67, 0xa0, 0x8c, 0x56, 0x93, 0xa7, 0x7f, 0xe8, 0x74, 0xfc}}}};
411
412 const G2ElemStr EcGroupTest::efq2_a_str = {
413 {
414 {0x2F, 0x8C, 0xC7, 0xD7, 0xD4, 0x1E, 0x4A, 0xCB, 0x82, 0x92, 0xC7,
415 0x9C, 0x0F, 0xA2, 0xF2, 0x1B, 0xDF, 0xEA, 0x96, 0x64, 0x8B, 0xA2,
416 0x32, 0x7C, 0xDF, 0xD8, 0x89, 0x10, 0xFD, 0xBB, 0x38, 0xCD},
417 {0xB1, 0x23, 0x46, 0x13, 0x4D, 0x9B, 0x8E, 0x8A, 0x95, 0x64, 0xDD,
418 0x37, 0x29, 0x44, 0x1F, 0x76, 0xB5, 0x3A, 0x47, 0xD3, 0xE0, 0x18,
419 0x1E, 0x60, 0xE9, 0x94, 0x13, 0xA4, 0x47, 0xCD, 0xBE, 0x03},
420 },
421 {
422 {0xD3, 0x67, 0xA5, 0xCC, 0xEF, 0x7B, 0xD1, 0x8D, 0x4A, 0x7F, 0xF1,
423 0x8F, 0x66, 0xCB, 0x5E, 0x86, 0xAC, 0xCB, 0x36, 0x5F, 0x29, 0x90,
424 0x28, 0x55, 0xF0, 0xDC, 0x6E, 0x8B, 0x87, 0xB5, 0xD8, 0x32},
425 {0x6C, 0x0A, 0xC5, 0x58, 0xB1, 0x4E, 0xCA, 0x85, 0x44, 0x3E, 0xDE,
426 0x71, 0x9B, 0xC7, 0x90, 0x19, 0x06, 0xD2, 0xA0, 0x4E, 0xC7, 0x33,
427 0xF4, 0x5C, 0xE8, 0x16, 0xE2, 0x67, 0xDB, 0xBF, 0x64, 0x84},
428 },
429 };
430
431 const G2ElemStr EcGroupTest::efq2_b_str = {
432 {
433 {0x16, 0xF1, 0x61, 0x76, 0x06, 0x3E, 0xE9, 0xC0, 0xB9, 0xB1, 0x3A,
434 0x75, 0xFC, 0xDB, 0x90, 0xCD, 0x01, 0xF4, 0x9F, 0xCC, 0xAA, 0x24,
435 0x69, 0x83, 0xBE, 0x20, 0x44, 0x87, 0x58, 0x90, 0x0F, 0x4F},
436 {0xC7, 0x50, 0x37, 0xC1, 0xB9, 0x2D, 0xE1, 0xE3, 0x79, 0x20, 0x7B,
437 0x62, 0x90, 0xF8, 0xC7, 0xF0, 0xD7, 0x5A, 0xE7, 0xAD, 0x65, 0xE1,
438 0xC7, 0x50, 0x59, 0xA1, 0xFC, 0x49, 0xBC, 0x2A, 0xE5, 0xD7},
439 },
440 {
441 {0x12, 0x73, 0x3B, 0xA4, 0xDD, 0x0F, 0xBB, 0x35, 0x38, 0x4A, 0xE0,
442 0x3D, 0x79, 0x63, 0x66, 0x73, 0x9C, 0x07, 0xE1, 0xEC, 0x71, 0x16,
443 0x50, 0x75, 0xA1, 0xBA, 0xE5, 0x37, 0x45, 0x1A, 0x0C, 0x59},
444 {0xC9, 0x49, 0xB9, 0xDB, 0x7E, 0x76, 0xC5, 0xC5, 0x0A, 0x87, 0xB7,
445 0x56, 0x88, 0x09, 0x21, 0xC6, 0xF6, 0x6C, 0xCC, 0x5E, 0x80, 0xFD,
446 0x05, 0xD0, 0x5F, 0xC6, 0x2E, 0x06, 0xA1, 0xBE, 0x5B, 0xA0},
447 },
448 };
449
450 const G2ElemStr EcGroupTest::efq2_mul_ab_str = {
451 {
452 {0x25, 0xCC, 0x11, 0x80, 0x8F, 0x08, 0x1D, 0x66, 0xF8, 0xDB, 0xBC,
453 0x98, 0x26, 0x24, 0x26, 0xCF, 0x04, 0x02, 0xB6, 0x99, 0x1B, 0x52,
454 0xA8, 0xE3, 0x4E, 0x9A, 0x85, 0xB0, 0x5C, 0xCE, 0xDD, 0xC5},
455 {0xFC, 0x3C, 0xC2, 0x2C, 0x4B, 0x63, 0x72, 0x5F, 0xA9, 0xF9, 0x8C,
456 0x62, 0xF4, 0xE7, 0x30, 0x71, 0x6F, 0x78, 0xF5, 0xFE, 0xF6, 0xDF,
457 0xF7, 0xB5, 0x21, 0x69, 0x7C, 0x50, 0xAC, 0x56, 0xD9, 0xB5},
458 },
459 {
460 {0xA5, 0xD6, 0xAB, 0x2D, 0xED, 0x8E, 0xFE, 0x43, 0xCB, 0xC9, 0xEF,
461 0x09, 0xC8, 0x2D, 0xE8, 0xD0, 0x3B, 0xC0, 0x5C, 0x7F, 0xE5, 0x3A,
462 0x1D, 0x72, 0xF2, 0xF5, 0x03, 0xBD, 0xE5, 0xEB, 0x08, 0xA0},
463 {0xE6, 0xF3, 0x59, 0xE4, 0xD2, 0x52, 0xFD, 0x4F, 0xEC, 0xCE, 0x49,
464 0x9F, 0x86, 0x50, 0x2D, 0x4A, 0x59, 0x2C, 0xA2, 0x4E, 0xE3, 0xFE,
465 0xF2, 0xFC, 0xB9, 0xF4, 0x22, 0x88, 0xBC, 0x79, 0x21, 0xD0},
466 },
467 };
468
469 const G2ElemStr EcGroupTest::efq2_exp_ax_str = {
470 {
471 {0xC0, 0x5A, 0x37, 0xAD, 0x08, 0xAB, 0x22, 0xCF, 0xF7, 0xF9, 0xCC,
472 0xD4, 0x5A, 0x47, 0x38, 0x82, 0xE1, 0xC2, 0x06, 0x35, 0x4D, 0x5B,
473 0x95, 0xA1, 0xA3, 0xC1, 0x83, 0x6C, 0x0F, 0x31, 0x24, 0xD2},
474 {0xC7, 0x86, 0xE1, 0x59, 0x63, 0xCE, 0x21, 0x2A, 0x57, 0x77, 0xE5,
475 0x48, 0xF7, 0x60, 0x21, 0x00, 0x40, 0x2F, 0x09, 0x18, 0x5C, 0x32,
476 0x32, 0x75, 0xD7, 0xB9, 0xE7, 0xB1, 0x95, 0xD5, 0xDF, 0x02},
477 },
478 {
479 {0xE5, 0xDE, 0xC6, 0x3E, 0x05, 0xFC, 0x6F, 0x7A, 0xE3, 0x2D, 0x7D,
480 0x90, 0x5F, 0x43, 0xE2, 0xB0, 0x9E, 0xCD, 0xEC, 0x7B, 0x37, 0x4C,
481 0x0A, 0x3E, 0x87, 0x4E, 0xE6, 0xDA, 0xD1, 0x90, 0xC0, 0xD1},
482 {0x70, 0x90, 0x54, 0x7F, 0x78, 0x93, 0xFA, 0xC4, 0xF7, 0x3A, 0x4D,
483 0xBC, 0x03, 0x5E, 0x83, 0xDF, 0xEF, 0xF7, 0x52, 0xF9, 0x64, 0x7F,
484 0x17, 0xC1, 0x69, 0xD6, 0xD7, 0x96, 0x18, 0x62, 0x46, 0xD1},
485 },
486 };
487
488 const G2ElemStr EcGroupTest::efq2_multiexp_abxy_str = {
489 {
490 {0xE8, 0x6E, 0x02, 0x7A, 0xEC, 0xEA, 0xBA, 0x7E, 0xE5, 0x7C, 0xAD,
491 0x98, 0x37, 0x54, 0xB2, 0x15, 0x64, 0x9C, 0x81, 0xFF, 0x69, 0xCC,
492 0xD6, 0xA6, 0xAA, 0xA7, 0x10, 0x4F, 0x9B, 0x0C, 0x50, 0x14},
493 {0x7C, 0xAF, 0xC0, 0x6F, 0xC8, 0x87, 0xFF, 0x4A, 0x6F, 0xB5, 0x9E,
494 0x63, 0x74, 0x20, 0xB5, 0xC6, 0x4F, 0x14, 0x0B, 0x6C, 0xBF, 0x00,
495 0x71, 0xE2, 0x6D, 0x6C, 0x41, 0x6A, 0x0B, 0xA5, 0x5B, 0xCF},
496 },
497 {
498 {0x16, 0xCC, 0x9B, 0x37, 0xE7, 0xCB, 0x16, 0x5C, 0x39, 0x7C, 0x10,
499 0x7E, 0xE0, 0xDD, 0x34, 0x90, 0xBE, 0x56, 0x28, 0x76, 0x27, 0x59,
500 0xCE, 0xB3, 0xD7, 0xB4, 0x56, 0xD4, 0x0D, 0xD1, 0xB8, 0xFB},
501 {0x5E, 0x9E, 0x27, 0x30, 0x60, 0x87, 0x3B, 0xA4, 0x9B, 0x15, 0xEE,
502 0x86, 0x15, 0x1D, 0xF4, 0xF3, 0x07, 0x31, 0x46, 0xFD, 0xB7, 0x51,
503 0xFF, 0xC0, 0x42, 0x94, 0x38, 0xB7, 0x84, 0x5F, 0x86, 0x3A},
504 },
505 };
506
507 const G2ElemStr EcGroupTest::efq2_inv_a_str = {
508 {
509 {0x2F, 0x8C, 0xC7, 0xD7, 0xD4, 0x1E, 0x4A, 0xCB, 0x82, 0x92, 0xC7,
510 0x9C, 0x0F, 0xA2, 0xF2, 0x1B, 0xDF, 0xEA, 0x96, 0x64, 0x8B, 0xA2,
511 0x32, 0x7C, 0xDF, 0xD8, 0x89, 0x10, 0xFD, 0xBB, 0x38, 0xCD},
512 {0xB1, 0x23, 0x46, 0x13, 0x4D, 0x9B, 0x8E, 0x8A, 0x95, 0x64, 0xDD,
513 0x37, 0x29, 0x44, 0x1F, 0x76, 0xB5, 0x3A, 0x47, 0xD3, 0xE0, 0x18,
514 0x1E, 0x60, 0xE9, 0x94, 0x13, 0xA4, 0x47, 0xCD, 0xBE, 0x03},
515 },
516 {
517 {0x2C, 0x98, 0x5A, 0x33, 0x10, 0x81, 0x1F, 0x3F, 0xFC, 0x66, 0x00,
518 0xCF, 0x87, 0xA6, 0x46, 0x18, 0x60, 0x11, 0x2F, 0x9B, 0xE9, 0x07,
519 0xE2, 0x2C, 0xE2, 0x4C, 0xBF, 0x50, 0x27, 0x1D, 0x57, 0xE1},
520 {0x93, 0xF5, 0x3A, 0xA7, 0x4E, 0xAE, 0x26, 0x48, 0x02, 0xA7, 0x13,
521 0xED, 0x52, 0xAA, 0x14, 0x86, 0x06, 0x09, 0xC5, 0xAC, 0x4B, 0x64,
522 0x16, 0x25, 0xEB, 0x12, 0x4B, 0x73, 0xD3, 0x13, 0xCB, 0x8F},
523 },
524 };
525
526 const G2ElemStr EcGroupTest::efq2_identity_str = {
527 {
528 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
529 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
530 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
531 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
532 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
533 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
534 },
535 {
536 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
537 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
538 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
539 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
540 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
541 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
542 },
543 };
544
545 // msg=aad, size=3
546 // algorithm code path: sqrt result <= modulus/2, high bit is 0
547 const G1ElemStr EcGroupTest::kAadHash = {
548 0xB2, 0x12, 0x39, 0x3A, 0xA0, 0xCF, 0xA0, 0xDE, 0xB8, 0x85, 0xE7,
549 0x5B, 0x1C, 0x13, 0x01, 0x0D, 0x0D, 0xA2, 0xBA, 0xC5, 0xB4, 0x3F,
550 0x5E, 0xC7, 0x5B, 0x5A, 0xE2, 0x49, 0x1B, 0x3F, 0x65, 0x08, 0xC2,
551 0x47, 0x40, 0xF3, 0xC7, 0x08, 0xA2, 0x41, 0x61, 0x99, 0x65, 0x4D,
552 0x82, 0x2B, 0x9A, 0x06, 0x2C, 0xDF, 0x07, 0x71, 0xCC, 0xFA, 0x73,
553 0x51, 0x45, 0x87, 0x55, 0x07, 0x17, 0xD1, 0x9C, 0x0B};
554
555 // msg=bsn0, size=4
556 // algorithm code path: sqrt result <= modulus/2, high bit is 1
557 const G1ElemStr EcGroupTest::kBsn0Hash = {
558 0x04, 0x0C, 0xB6, 0x57, 0x26, 0xD0, 0xE1, 0x48, 0x23, 0xC2, 0x40,
559 0x5A, 0x91, 0x7C, 0xC6, 0x33, 0xFE, 0x0C, 0xC2, 0x2B, 0x52, 0x9D,
560 0x6B, 0x87, 0xF9, 0xA7, 0x82, 0xCB, 0x36, 0x90, 0xFB, 0x09, 0x10,
561 0xB1, 0x55, 0xAD, 0x98, 0x0D, 0x4F, 0x94, 0xDD, 0xBE, 0x52, 0x21,
562 0x87, 0xC6, 0x3E, 0x52, 0x22, 0x83, 0xE3, 0x10, 0x36, 0xEF, 0xF8,
563 0x6B, 0x04, 0x4D, 0x9F, 0x14, 0xA8, 0x51, 0xAF, 0xC3};
564
565 // msg=test, size=4
566 // algorithm code path: sqrt result > modulus/2, high bit is 0
567 const G1ElemStr EcGroupTest::kTestHash = {
568 0x82, 0x14, 0xAD, 0xE2, 0x0E, 0xCC, 0x95, 0x27, 0x14, 0xD0, 0x70,
569 0xF1, 0x70, 0x17, 0xC2, 0xC2, 0x8C, 0x9F, 0x05, 0x79, 0xCD, 0xC8,
570 0x72, 0x55, 0xFE, 0xAB, 0x80, 0x6F, 0x40, 0x5A, 0x6E, 0x64, 0x37,
571 0x14, 0x7F, 0x8B, 0xF9, 0xD7, 0xEB, 0xA4, 0x5D, 0x9E, 0x57, 0x85,
572 0xFF, 0x0F, 0xE5, 0xC6, 0x73, 0x4F, 0x17, 0x19, 0x96, 0x31, 0x3A,
573 0xD1, 0xE1, 0x4E, 0xA8, 0xF9, 0x56, 0xD4, 0xBA, 0x4D};
574
575 // msg=aac, size=3
576 const G1ElemStr EcGroupTest::kAacHash = {
577 0xAF, 0x5C, 0xBC, 0xD4, 0x88, 0x18, 0xD0, 0x35, 0xBD, 0xE0, 0x2F,
578 0x77, 0x8B, 0x76, 0x52, 0x78, 0x92, 0x66, 0x36, 0x3A, 0x72, 0x15,
579 0x20, 0x84, 0xE7, 0x1E, 0xFE, 0x94, 0x77, 0xFD, 0x83, 0x08, 0xEF,
580 0x4B, 0x6B, 0xDE, 0x24, 0xD8, 0x42, 0x34, 0x88, 0xB8, 0x87, 0x4A,
581 0xA8, 0x5D, 0x5A, 0xC1, 0x82, 0xFF, 0xE5, 0x25, 0xD7, 0x20, 0x2D,
582 0x99, 0x49, 0xFE, 0x72, 0x34, 0xAA, 0xC9, 0xD2, 0xAA};
583
584 ///////////////////////////////////////////////////////////////////////
585 // NewEcGroup
TEST_F(EcGroupTest,NewFailsGivenArgumentsMismatch)586 TEST_F(EcGroupTest, NewFailsGivenArgumentsMismatch) {
587 // construct Fq^2 finite field
588 FqElemStr beta_str = {{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD,
589 0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F,
590 0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82,
591 0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x12}};
592 FfElementObj neg_beta(&fq);
593 THROW_ON_EPIDERR(FfNeg(fq, FfElementObj(&fq, beta_str), neg_beta));
594 FiniteFieldObj fq2(fq, neg_beta, 2);
595
596 FfElementObj fq2_a(&fq2);
597 FfElementObj fq2_b(&fq2);
598 FfElementObj g2_x(&fq2);
599 FfElementObj g2_y(&fq2);
600
601 EcGroup* g = nullptr;
602 EXPECT_EQ(kEpidBadArgErr, NewEcGroup(fq2, this->fq_a, this->fq_b, this->g1_x,
603 this->g1_y, this->bn_p, this->bn_h, &g));
604 DeleteEcGroup(&g);
605 EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, fq2_a, this->fq_b, this->g1_x,
606 this->g1_y, this->bn_p, this->bn_h, &g));
607 DeleteEcGroup(&g);
608 EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, this->fq_a, fq2_b, this->g1_x,
609 this->g1_y, this->bn_p, this->bn_h, &g));
610 DeleteEcGroup(&g);
611 EXPECT_EQ(kEpidBadArgErr, NewEcGroup(this->fq, this->fq_a, this->fq_b, g2_x,
612 this->g1_y, this->bn_p, this->bn_h, &g));
613 DeleteEcGroup(&g);
614 EXPECT_EQ(kEpidBadArgErr,
615 NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, g2_y,
616 this->bn_p, this->bn_h, &g));
617 DeleteEcGroup(&g);
618 }
TEST_F(EcGroupTest,NewFailsGivenNullParameters)619 TEST_F(EcGroupTest, NewFailsGivenNullParameters) {
620 EcGroup* g;
621 EpidStatus sts;
622 sts = NewEcGroup(this->fq, nullptr, this->fq_b, this->g1_x, this->g1_y,
623 this->bn_p, this->bn_h, &g);
624 EXPECT_EQ(kEpidBadArgErr, sts);
625 sts = NewEcGroup(this->fq, this->fq_a, nullptr, this->g1_x, this->g1_y,
626 this->bn_p, this->bn_h, &g);
627 EXPECT_EQ(kEpidBadArgErr, sts);
628 sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, nullptr, this->g1_y,
629 this->bn_p, this->bn_h, &g);
630 EXPECT_EQ(kEpidBadArgErr, sts);
631 sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, nullptr,
632 this->bn_p, this->bn_h, &g);
633 EXPECT_EQ(kEpidBadArgErr, sts);
634 sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
635 nullptr, this->bn_h, &g);
636 EXPECT_EQ(kEpidBadArgErr, sts);
637 sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
638 this->bn_p, nullptr, &g);
639 EXPECT_EQ(kEpidBadArgErr, sts);
640 sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x, this->g1_y,
641 this->bn_p, this->bn_h, nullptr);
642 EXPECT_EQ(kEpidBadArgErr, sts);
643 }
TEST_F(EcGroupTest,CanCreateEcGroupBasedOnFq)644 TEST_F(EcGroupTest, CanCreateEcGroupBasedOnFq) {
645 EcGroup* g;
646 EpidStatus sts = NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
647 this->g1_y, this->bn_p, this->bn_h, &g);
648 EXPECT_EQ(kEpidNoErr, sts);
649
650 DeleteEcGroup(&g);
651 }
TEST_F(EcGroupTest,CanCreateEcGroupBasedOnFq2)652 TEST_F(EcGroupTest, CanCreateEcGroupBasedOnFq2) {
653 EcGroup* g;
654 EXPECT_EQ(kEpidNoErr,
655 NewEcGroup(efq2_par->fq2, efq2_par->a, efq2_par->b, efq2_par->x,
656 efq2_par->y, efq2_par->order, efq2_par->cofactor, &g));
657
658 DeleteEcGroup(&g);
659 }
660
661 ///////////////////////////////////////////////////////////////////////
662 // DeleteEcGroup
TEST_F(EcGroupTest,DeleteWorksGivenNewlyCreatedEcGroup)663 TEST_F(EcGroupTest, DeleteWorksGivenNewlyCreatedEcGroup) {
664 EcGroup* g;
665 THROW_ON_EPIDERR(NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
666 this->g1_y, this->bn_p, this->bn_h, &g));
667 EXPECT_NO_THROW(DeleteEcGroup(&g));
668 }
TEST_F(EcGroupTest,DeleteWorksGivenNewlyCreatedEcGroupFq2)669 TEST_F(EcGroupTest, DeleteWorksGivenNewlyCreatedEcGroupFq2) {
670 EcGroup* g;
671 THROW_ON_EPIDERR(NewEcGroup(efq2_par->fq2, efq2_par->a, efq2_par->b,
672 efq2_par->x, efq2_par->y, efq2_par->order,
673 efq2_par->cofactor, &g));
674 EXPECT_NO_THROW(DeleteEcGroup(&g));
675 }
TEST_F(EcGroupTest,DeleteNullsPointer)676 TEST_F(EcGroupTest, DeleteNullsPointer) {
677 EcGroup* g = nullptr;
678 THROW_ON_EPIDERR(NewEcGroup(this->fq, this->fq_a, this->fq_b, this->g1_x,
679 this->g1_y, this->bn_p, this->bn_h, &g));
680
681 EXPECT_NO_THROW(DeleteEcGroup(&g));
682 EXPECT_EQ(nullptr, g);
683 }
TEST_F(EcGroupTest,DeleteWorksGivenNullPointer)684 TEST_F(EcGroupTest, DeleteWorksGivenNullPointer) {
685 EXPECT_NO_THROW(DeleteEcGroup(nullptr));
686 EcGroup* g = nullptr;
687 EXPECT_NO_THROW(DeleteEcGroup(&g));
688 }
689 ///////////////////////////////////////////////////////////////////////
690 // NewEcPoint
TEST_F(EcGroupTest,NewEcPointSucceedsGivenEcGroupBasedOnFq)691 TEST_F(EcGroupTest, NewEcPointSucceedsGivenEcGroupBasedOnFq) {
692 EcPoint* point = nullptr;
693 EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq, &point));
694 DeleteEcPoint(&point);
695 }
TEST_F(EcGroupTest,NewEcPointFailsGivenNullPointer)696 TEST_F(EcGroupTest, NewEcPointFailsGivenNullPointer) {
697 EcPoint* point = nullptr;
698 EXPECT_EQ(kEpidBadArgErr, NewEcPoint(nullptr, &point));
699 EXPECT_EQ(kEpidBadArgErr, NewEcPoint(this->efq, nullptr));
700 DeleteEcPoint(&point);
701 }
TEST_F(EcGroupTest,NewEcPointSucceedsGivenEcGroupBasedOnFq2)702 TEST_F(EcGroupTest, NewEcPointSucceedsGivenEcGroupBasedOnFq2) {
703 EcPoint* point = nullptr;
704 EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq2, &point));
705 DeleteEcPoint(&point);
706 }
TEST_F(EcGroupTest,DefaultEcPointIsIdentity)707 TEST_F(EcGroupTest, DefaultEcPointIsIdentity) {
708 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
709 EcPoint* point = nullptr;
710 EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq, &point));
711 EpidStatus sts =
712 WriteEcPoint(this->efq, point, &g1_elem_str, sizeof(g1_elem_str));
713 EXPECT_EQ(this->efq_identity_str, g1_elem_str);
714 DeleteEcPoint(&point);
715 THROW_ON_EPIDERR(sts);
716
717 G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
718 EXPECT_EQ(kEpidNoErr, NewEcPoint(this->efq2, &point));
719 sts = WriteEcPoint(this->efq2, point, &g2_elem_str, sizeof(g2_elem_str));
720 EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
721 DeleteEcPoint(&point);
722 THROW_ON_EPIDERR(sts);
723 }
724 ///////////////////////////////////////////////////////////////////////
725 // DeleteEcPoint
TEST_F(EcGroupTest,DeleteEcPointNullsPointer)726 TEST_F(EcGroupTest, DeleteEcPointNullsPointer) {
727 EcPoint* point = nullptr;
728 THROW_ON_EPIDERR(NewEcPoint(this->efq, &point));
729 EXPECT_NO_THROW(DeleteEcPoint(&point));
730 EXPECT_EQ(nullptr, point);
731 }
TEST_F(EcGroupTest,DeleteEcPointWorksGivenNullPointer)732 TEST_F(EcGroupTest, DeleteEcPointWorksGivenNullPointer) {
733 EXPECT_NO_THROW(DeleteEcPoint(nullptr));
734 EcPoint* point = nullptr;
735 EXPECT_NO_THROW(DeleteEcPoint(&point));
736 EXPECT_EQ(nullptr, point);
737 }
738 ///////////////////////////////////////////////////////////////////////
739 // ReadEcPoint
TEST_F(EcGroupTest,ReadFailsGivenNullPointer)740 TEST_F(EcGroupTest, ReadFailsGivenNullPointer) {
741 EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(nullptr, &(this->efq_a_str),
742 sizeof(this->efq_a_str), this->efq_a));
743 EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, nullptr,
744 sizeof(this->efq_a_str), this->efq_a));
745 EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, &(this->efq_a_str),
746 sizeof(this->efq_a_str), nullptr));
747 }
TEST_F(EcGroupTest,ReadFailsGivenInvalidBufferSize)748 TEST_F(EcGroupTest, ReadFailsGivenInvalidBufferSize) {
749 EXPECT_EQ(kEpidBadArgErr,
750 ReadEcPoint(this->efq, &(this->efq_a_str), 0, this->efq_a));
751 EXPECT_EQ(kEpidBadArgErr,
752 ReadEcPoint(this->efq, &(this->efq_a_str),
753 sizeof(this->efq_a_str) - 1, this->efq_a));
754 EXPECT_EQ(kEpidBadArgErr,
755 ReadEcPoint(this->efq, &(this->efq_a_str),
756 std::numeric_limits<size_t>::max(), this->efq_a));
757 }
TEST_F(EcGroupTest,ReadEcPointReadsG1PointCorrectly)758 TEST_F(EcGroupTest, ReadEcPointReadsG1PointCorrectly) {
759 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
760 EXPECT_EQ(kEpidNoErr, ReadEcPoint(this->efq, &this->efq_a_str,
761 sizeof(this->efq_a_str), this->efq_a));
762 THROW_ON_EPIDERR(
763 WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, sizeof(g1_elem_str)));
764 EXPECT_EQ(this->efq_a_str, g1_elem_str);
765 }
TEST_F(EcGroupTest,ReadEcPointReadsG1IdentityPointCorrectly)766 TEST_F(EcGroupTest, ReadEcPointReadsG1IdentityPointCorrectly) {
767 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
768 EXPECT_EQ(kEpidNoErr,
769 ReadEcPoint(this->efq, &this->efq_identity_str,
770 sizeof(this->efq_identity_str), this->efq_a));
771 THROW_ON_EPIDERR(
772 WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, sizeof(g1_elem_str)));
773 EXPECT_EQ(this->efq_identity_str, g1_elem_str);
774 }
TEST_F(EcGroupTest,ReadEcPointReadsG2IdentityPointCorrectly)775 TEST_F(EcGroupTest, ReadEcPointReadsG2IdentityPointCorrectly) {
776 G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
777 EXPECT_EQ(kEpidNoErr,
778 ReadEcPoint(this->efq2, &this->efq2_identity_str,
779 sizeof(this->efq2_identity_str), this->efq2_r));
780 THROW_ON_EPIDERR(WriteEcPoint(this->efq2, this->efq2_r, &g2_elem_str,
781 sizeof(g2_elem_str)));
782 EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
783 }
TEST_F(EcGroupTest,ReadEcPointReadsG2PointCorrectly)784 TEST_F(EcGroupTest, ReadEcPointReadsG2PointCorrectly) {
785 G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
786 EXPECT_EQ(kEpidNoErr, ReadEcPoint(this->efq2, &this->efq2_a_str,
787 sizeof(this->efq2_a_str), this->efq2_r));
788 THROW_ON_EPIDERR(WriteEcPoint(this->efq2, this->efq2_r, &g2_elem_str,
789 sizeof(g2_elem_str)));
790 EXPECT_EQ(this->efq2_a_str, g2_elem_str);
791 }
792
TEST_F(EcGroupTest,ReadFailsGivenPointDoesNotBelongToEcGroup)793 TEST_F(EcGroupTest, ReadFailsGivenPointDoesNotBelongToEcGroup) {
794 G1ElemStr bad_g1_point = this->efq_a_str;
795 bad_g1_point.x.data.data[31]++; // make point not belong to the group
796 EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq, &bad_g1_point,
797 sizeof(bad_g1_point), this->efq_a));
798
799 G2ElemStr bad_g2_point = this->efq2_a_str;
800 bad_g2_point.x[0].data.data[31]++; // make point not belong to the group
801 EXPECT_EQ(kEpidBadArgErr, ReadEcPoint(this->efq2, &bad_g2_point,
802 sizeof(bad_g2_point), this->efq2_a));
803 }
804 ///////////////////////////////////////////////////////////////////////
805 // WriteEcPoint
TEST_F(EcGroupTest,WriteFailsGivenNullPointer)806 TEST_F(EcGroupTest, WriteFailsGivenNullPointer) {
807 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
808 EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(nullptr, this->efq_a, &g1_elem_str,
809 sizeof(g1_elem_str)));
810 EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, nullptr, &g1_elem_str,
811 sizeof(g1_elem_str)));
812 EXPECT_EQ(kEpidBadArgErr,
813 WriteEcPoint(this->efq, this->efq_a, nullptr, sizeof(g1_elem_str)));
814 }
TEST_F(EcGroupTest,WriteFailsGivenInvalidBufferSize)815 TEST_F(EcGroupTest, WriteFailsGivenInvalidBufferSize) {
816 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
817 EXPECT_EQ(kEpidBadArgErr,
818 WriteEcPoint(this->efq, this->efq_a, &g1_elem_str, 0));
819 EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
820 sizeof(g1_elem_str) - 1));
821 EXPECT_EQ(kEpidBadArgErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
822 std::numeric_limits<size_t>::max()));
823 }
TEST_F(EcGroupTest,WriteEcPointWritesG1PointCorrectly)824 TEST_F(EcGroupTest, WriteEcPointWritesG1PointCorrectly) {
825 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
826 EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq, this->efq_a, &g1_elem_str,
827 sizeof(g1_elem_str)));
828 EXPECT_EQ(this->efq_a_str, g1_elem_str);
829 }
TEST_F(EcGroupTest,WriteEcPointWritesG1IdentityPointCorrectly)830 TEST_F(EcGroupTest, WriteEcPointWritesG1IdentityPointCorrectly) {
831 G1ElemStr g1_elem_str = {{{{0}}}, {{{0}}}};
832 EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq, this->efq_identity,
833 &g1_elem_str, sizeof(g1_elem_str)));
834 EXPECT_EQ(this->efq_identity_str, g1_elem_str);
835 }
TEST_F(EcGroupTest,WriteEcPointWritesG2IdentityPointCorrectly)836 TEST_F(EcGroupTest, WriteEcPointWritesG2IdentityPointCorrectly) {
837 G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
838 EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq2, this->efq2_identity,
839 &g2_elem_str, sizeof(g2_elem_str)));
840 EXPECT_EQ(this->efq2_identity_str, g2_elem_str);
841 }
TEST_F(EcGroupTest,WriteEcPointWritesG2PointCorrectly)842 TEST_F(EcGroupTest, WriteEcPointWritesG2PointCorrectly) {
843 G2ElemStr g2_elem_str = {{{{0}}}, {{{0}}}};
844 EXPECT_EQ(kEpidNoErr, WriteEcPoint(this->efq2, this->efq2_a, &g2_elem_str,
845 sizeof(g2_elem_str)));
846 EXPECT_EQ(this->efq2_a_str, g2_elem_str);
847 }
848 ///////////////////////////////////////////////////////////////////////
849 // EcMul
TEST_F(EcGroupTest,MulFailsGivenArgumentsMismatch)850 TEST_F(EcGroupTest, MulFailsGivenArgumentsMismatch) {
851 EXPECT_EQ(kEpidBadArgErr,
852 EcMul(this->efq2, this->efq_a, this->efq_b, this->efq_r));
853 EXPECT_EQ(kEpidBadArgErr,
854 EcMul(this->efq, this->efq2_a, this->efq_b, this->efq_r));
855 EXPECT_EQ(kEpidBadArgErr,
856 EcMul(this->efq, this->efq_a, this->efq2_b, this->efq_r));
857 EXPECT_EQ(kEpidBadArgErr,
858 EcMul(this->efq, this->efq_a, this->efq_b, this->efq2_r));
859 }
TEST_F(EcGroupTest,MulFailsGivenNullPointer)860 TEST_F(EcGroupTest, MulFailsGivenNullPointer) {
861 EXPECT_EQ(kEpidBadArgErr,
862 EcMul(nullptr, this->efq_a, this->efq_b, this->efq_r));
863 EXPECT_EQ(kEpidBadArgErr,
864 EcMul(this->efq, nullptr, this->efq_b, this->efq_r));
865 EXPECT_EQ(kEpidBadArgErr,
866 EcMul(this->efq, this->efq_a, nullptr, this->efq_r));
867 EXPECT_EQ(kEpidBadArgErr,
868 EcMul(this->efq, this->efq_a, this->efq_b, nullptr));
869 }
TEST_F(EcGroupTest,MulSucceedsGivenIdentityElement)870 TEST_F(EcGroupTest, MulSucceedsGivenIdentityElement) {
871 G1ElemStr efq_r_str;
872 EXPECT_EQ(kEpidNoErr,
873 EcMul(this->efq, this->efq_a, this->efq_identity, this->efq_r));
874 THROW_ON_EPIDERR(
875 WriteEcPoint(this->efq, efq_r, &efq_r_str, sizeof(efq_r_str)));
876 EXPECT_EQ(this->efq_a_str, efq_r_str);
877
878 EXPECT_EQ(kEpidNoErr,
879 EcMul(this->efq, this->efq_identity, this->efq_a, this->efq_r));
880 THROW_ON_EPIDERR(
881 WriteEcPoint(this->efq, efq_r, &efq_r_str, sizeof(efq_r_str)));
882 EXPECT_EQ(this->efq_a_str, efq_r_str);
883 }
884
TEST_F(EcGroupTest,MulSucceedsGivenTwoElements)885 TEST_F(EcGroupTest, MulSucceedsGivenTwoElements) {
886 G1ElemStr efq_r_str;
887 EXPECT_EQ(kEpidNoErr,
888 EcMul(this->efq, this->efq_a, this->efq_b, this->efq_r));
889 THROW_ON_EPIDERR(
890 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
891 EXPECT_EQ(this->efq_mul_ab_str, efq_r_str);
892 }
TEST_F(EcGroupTest,MulSucceedsGivenG2IdentityElement)893 TEST_F(EcGroupTest, MulSucceedsGivenG2IdentityElement) {
894 G2ElemStr efq2_r_str;
895 EXPECT_EQ(kEpidNoErr,
896 EcMul(this->efq2, this->efq2_a, this->efq2_identity, this->efq2_r));
897 THROW_ON_EPIDERR(
898 WriteEcPoint(this->efq2, efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
899 EXPECT_EQ(this->efq2_a_str, efq2_r_str);
900
901 EXPECT_EQ(kEpidNoErr,
902 EcMul(this->efq2, this->efq2_identity, this->efq2_a, this->efq2_r));
903 THROW_ON_EPIDERR(
904 WriteEcPoint(this->efq2, efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
905 EXPECT_EQ(this->efq2_a_str, efq2_r_str);
906 }
TEST_F(EcGroupTest,MulSucceedsGivenTwoG2Elements)907 TEST_F(EcGroupTest, MulSucceedsGivenTwoG2Elements) {
908 G2ElemStr efq2_r_str;
909 EXPECT_EQ(kEpidNoErr,
910 EcMul(this->efq2, this->efq2_a, this->efq2_b, this->efq2_r));
911 THROW_ON_EPIDERR(
912 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
913 EXPECT_EQ(this->efq2_mul_ab_str, efq2_r_str);
914 }
915 ///////////////////////////////////////////////////////////////////////
916 // EcExp
TEST_F(EcGroupTest,ExpFailsGivenArgumentsMismatch)917 TEST_F(EcGroupTest, ExpFailsGivenArgumentsMismatch) {
918 BigNumStr zero_bn_str = {0};
919 EXPECT_EQ(kEpidBadArgErr,
920 EcExp(this->efq2, this->efq_a, &zero_bn_str, this->efq_r));
921 EXPECT_EQ(kEpidBadArgErr,
922 EcExp(this->efq, this->efq2_a, &zero_bn_str, this->efq_r));
923 EXPECT_EQ(kEpidBadArgErr,
924 EcExp(this->efq, this->efq_a, &zero_bn_str, this->efq2_r));
925 }
TEST_F(EcGroupTest,ExpFailsGivenNullPointer)926 TEST_F(EcGroupTest, ExpFailsGivenNullPointer) {
927 BigNumStr zero_bn_str = {0};
928 EXPECT_EQ(kEpidBadArgErr,
929 EcExp(nullptr, this->efq_a, &zero_bn_str, this->efq_r));
930 EXPECT_EQ(kEpidBadArgErr,
931 EcExp(this->efq, nullptr, &zero_bn_str, this->efq_r));
932 EXPECT_EQ(kEpidBadArgErr,
933 EcExp(this->efq, this->efq_a, nullptr, this->efq_r));
934 EXPECT_EQ(kEpidBadArgErr,
935 EcExp(this->efq, this->efq_a, &zero_bn_str, nullptr));
936 }
TEST_F(EcGroupTest,ExpSucceedsGivenZeroExponent)937 TEST_F(EcGroupTest, ExpSucceedsGivenZeroExponent) {
938 G1ElemStr efq_r_str;
939 BigNumStr zero_bn_str = {0};
940 EXPECT_EQ(kEpidNoErr,
941 EcExp(this->efq, this->efq_a, &zero_bn_str, this->efq_r));
942 THROW_ON_EPIDERR(
943 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
944 EXPECT_EQ(this->efq_identity_str, efq_r_str);
945 }
TEST_F(EcGroupTest,ExpResultIsCorrect)946 TEST_F(EcGroupTest, ExpResultIsCorrect) {
947 G1ElemStr efq_r_str;
948 EXPECT_EQ(kEpidNoErr,
949 EcExp(this->efq, this->efq_a, &this->x_str, this->efq_r));
950 THROW_ON_EPIDERR(
951 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
952 EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
953 }
TEST_F(EcGroupTest,ExpSucceedsGivenG2ZeroExponent)954 TEST_F(EcGroupTest, ExpSucceedsGivenG2ZeroExponent) {
955 G2ElemStr efq2_r_str;
956 BigNumStr zero_bn_str = {0};
957 EXPECT_EQ(kEpidNoErr,
958 EcExp(this->efq2, this->efq2_a, &zero_bn_str, this->efq2_r));
959 THROW_ON_EPIDERR(
960 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
961 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
962 }
TEST_F(EcGroupTest,ExpResultIsCorrectForG2)963 TEST_F(EcGroupTest, ExpResultIsCorrectForG2) {
964 G2ElemStr efq2_r_str;
965 EXPECT_EQ(kEpidNoErr,
966 EcExp(this->efq2, this->efq2_a, &this->x_str, this->efq2_r));
967 THROW_ON_EPIDERR(
968 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
969 EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
970 }
971 ///////////////////////////////////////////////////////////////////////
972 // EcSscmExp
TEST_F(EcGroupTest,SscmExpFailsGivenArgumentsMismatch)973 TEST_F(EcGroupTest, SscmExpFailsGivenArgumentsMismatch) {
974 BigNumStr zero_bn_str = {0};
975 EXPECT_EQ(kEpidBadArgErr,
976 EcSscmExp(this->efq2, this->efq_a, &zero_bn_str, this->efq_r));
977 EXPECT_EQ(kEpidBadArgErr,
978 EcSscmExp(this->efq, this->efq2_a, &zero_bn_str, this->efq_r));
979 EXPECT_EQ(kEpidBadArgErr,
980 EcSscmExp(this->efq, this->efq_a, &zero_bn_str, this->efq2_r));
981 }
TEST_F(EcGroupTest,SscmExpFailsGivenNullPointer)982 TEST_F(EcGroupTest, SscmExpFailsGivenNullPointer) {
983 BigNumStr zero_bn_str = {0};
984 EXPECT_EQ(kEpidBadArgErr,
985 EcSscmExp(nullptr, this->efq_a, &zero_bn_str, this->efq_r));
986 EXPECT_EQ(kEpidBadArgErr,
987 EcSscmExp(this->efq, nullptr, &zero_bn_str, this->efq_r));
988 EXPECT_EQ(kEpidBadArgErr,
989 EcSscmExp(this->efq, this->efq_a, nullptr, this->efq_r));
990 EXPECT_EQ(kEpidBadArgErr,
991 EcSscmExp(this->efq, this->efq_a, &zero_bn_str, nullptr));
992 }
TEST_F(EcGroupTest,SscmExpSucceedsGivenZeroExponent)993 TEST_F(EcGroupTest, SscmExpSucceedsGivenZeroExponent) {
994 G1ElemStr efq_r_str;
995 BigNumStr zero_bn_str = {0};
996 EXPECT_EQ(kEpidNoErr,
997 EcSscmExp(this->efq, this->efq_a, &zero_bn_str, this->efq_r));
998 THROW_ON_EPIDERR(
999 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1000 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1001 }
TEST_F(EcGroupTest,SscmExpResultIsCorrect)1002 TEST_F(EcGroupTest, SscmExpResultIsCorrect) {
1003 G1ElemStr efq_r_str;
1004 EXPECT_EQ(kEpidNoErr,
1005 EcSscmExp(this->efq, this->efq_a, &this->x_str, this->efq_r));
1006 THROW_ON_EPIDERR(
1007 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1008 EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
1009 }
TEST_F(EcGroupTest,SscmExpSucceedsGivenG2ZeroExponent)1010 TEST_F(EcGroupTest, SscmExpSucceedsGivenG2ZeroExponent) {
1011 G2ElemStr efq2_r_str;
1012 BigNumStr zero_bn_str = {0};
1013 EXPECT_EQ(kEpidNoErr,
1014 EcSscmExp(this->efq2, this->efq2_a, &zero_bn_str, this->efq2_r));
1015 THROW_ON_EPIDERR(
1016 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1017 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1018 }
TEST_F(EcGroupTest,SscmExpResultIsCorrectForG2)1019 TEST_F(EcGroupTest, SscmExpResultIsCorrectForG2) {
1020 G2ElemStr efq2_r_str;
1021 EXPECT_EQ(kEpidNoErr,
1022 EcSscmExp(this->efq2, this->efq2_a, &this->x_str, this->efq2_r));
1023 THROW_ON_EPIDERR(
1024 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1025 EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
1026 }
1027 ///////////////////////////////////////////////////////////////////////
1028 // EcMultiExp
TEST_F(EcGroupTest,MultiExpFailsGivenArgumentsMismatch)1029 TEST_F(EcGroupTest, MultiExpFailsGivenArgumentsMismatch) {
1030 EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
1031 EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
1032 EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
1033 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1034 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1035 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1036 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1037 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1038 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1039 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1040 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1041 BigNumStr const* b[] = {&bnm0, &bnm1};
1042 size_t m = 2;
1043
1044 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq2, pts_ec1, b, m, this->efq_r));
1045 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts_ec2, b, m, this->efq_r));
1046 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts_ec1, b, m, this->efq2_r));
1047 EXPECT_EQ(kEpidBadArgErr,
1048 EcMultiExp(this->efq, pts_ec1_ec2, b, m, this->efq_r));
1049 }
TEST_F(EcGroupTest,MultiExpFailsGivenNullPointer)1050 TEST_F(EcGroupTest, MultiExpFailsGivenNullPointer) {
1051 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1052 EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
1053 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1054 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1055 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1056 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1057 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1058 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1059 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1060 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1061 BigNumStr const* b[] = {&bnm0, &bnm1};
1062 BigNumStr const* b_withnull[] = {nullptr, &bnm1};
1063 size_t m = 2;
1064
1065 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(nullptr, pts, b, m, this->efq_r));
1066 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, nullptr, b, m, this->efq_r));
1067 EXPECT_EQ(kEpidBadArgErr,
1068 EcMultiExp(this->efq, pts, nullptr, m, this->efq_r));
1069 EXPECT_EQ(kEpidBadArgErr, EcMultiExp(this->efq, pts, b, m, nullptr));
1070 EXPECT_EQ(kEpidBadArgErr,
1071 EcMultiExp(this->efq, pts_withnull, b, m, this->efq_r));
1072 EXPECT_EQ(kEpidBadArgErr,
1073 EcMultiExp(this->efq, pts, b_withnull, m, this->efq_r));
1074 }
TEST_F(EcGroupTest,MultiExpWorksGivenOneZeroExponent)1075 TEST_F(EcGroupTest, MultiExpWorksGivenOneZeroExponent) {
1076 G1ElemStr efq_r_str;
1077 BigNumStr zero_bn_str = {0};
1078 EcPoint const* pts[] = {this->efq_a};
1079 BigNumStr const* b[] = {&zero_bn_str};
1080 size_t m = 1;
1081 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
1082 THROW_ON_EPIDERR(
1083 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1084 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1085 }
TEST_F(EcGroupTest,MultiExpWorksGivenTwoZeroExponent)1086 TEST_F(EcGroupTest, MultiExpWorksGivenTwoZeroExponent) {
1087 G1ElemStr efq_r_str;
1088 BigNumStr zero_bn_str = {0};
1089 EcPoint const* pts[] = {this->efq_a, this->efq_a};
1090 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
1091 size_t m = 2;
1092 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
1093 THROW_ON_EPIDERR(
1094 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1095 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1096 }
TEST_F(EcGroupTest,MultiExpWorksGivenSixZeroExponent)1097 TEST_F(EcGroupTest, MultiExpWorksGivenSixZeroExponent) {
1098 G1ElemStr efq_r_str;
1099 BigNumStr zero_bn_str = {0};
1100 EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
1101 this->efq_a, this->efq_a, this->efq_a};
1102 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
1103 &zero_bn_str, &zero_bn_str, &zero_bn_str};
1104 size_t m = 6;
1105 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
1106 THROW_ON_EPIDERR(
1107 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1108 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1109 }
TEST_F(EcGroupTest,MultiExpWorksGivenOneG2ZeroExponent)1110 TEST_F(EcGroupTest, MultiExpWorksGivenOneG2ZeroExponent) {
1111 G2ElemStr efq2_r_str;
1112 BigNumStr zero_bn_str = {0};
1113 EcPoint const* pts[] = {this->efq2_a};
1114 BigNumStr const* b[] = {&zero_bn_str};
1115 size_t m = 1;
1116 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1117 THROW_ON_EPIDERR(
1118 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1119 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1120 }
TEST_F(EcGroupTest,MultiExpWorksGivenTwoG2ZeroExponent)1121 TEST_F(EcGroupTest, MultiExpWorksGivenTwoG2ZeroExponent) {
1122 G2ElemStr efq2_r_str;
1123 BigNumStr zero_bn_str = {0};
1124 EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
1125 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
1126 size_t m = 2;
1127 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1128 THROW_ON_EPIDERR(
1129 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1130 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1131 }
TEST_F(EcGroupTest,MultiExpWorksGivenSixG2ZeroExponent)1132 TEST_F(EcGroupTest, MultiExpWorksGivenSixG2ZeroExponent) {
1133 G2ElemStr efq2_r_str;
1134 BigNumStr zero_bn_str = {0};
1135 EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
1136 this->efq2_a, this->efq2_a, this->efq2_a};
1137 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
1138 &zero_bn_str, &zero_bn_str, &zero_bn_str};
1139 size_t m = 6;
1140 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1141 THROW_ON_EPIDERR(
1142 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1143 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1144 }
TEST_F(EcGroupTest,MultiExpWorksGivenOneExponent)1145 TEST_F(EcGroupTest, MultiExpWorksGivenOneExponent) {
1146 G1ElemStr efq_r_str;
1147 EcPoint const* pts[] = {this->efq_a};
1148 BigNumStr const* b[] = {&this->x_str};
1149 size_t m = 1;
1150 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
1151 THROW_ON_EPIDERR(
1152 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1153 EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
1154 }
TEST_F(EcGroupTest,MultiExpWorksGivenTwoExponents)1155 TEST_F(EcGroupTest, MultiExpWorksGivenTwoExponents) {
1156 G1ElemStr efq_r_str;
1157 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1158 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1159 size_t m = 2;
1160 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq, pts, b, m, this->efq_r));
1161 THROW_ON_EPIDERR(
1162 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1163 EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
1164 }
TEST_F(EcGroupTest,MultiExpWorksGivenOneG2Exponent)1165 TEST_F(EcGroupTest, MultiExpWorksGivenOneG2Exponent) {
1166 G2ElemStr efq2_r_str;
1167 EcPoint const* pts[] = {this->efq2_a};
1168 BigNumStr const* b[] = {&this->x_str};
1169 size_t m = 1;
1170 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1171 THROW_ON_EPIDERR(
1172 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1173 EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
1174 }
TEST_F(EcGroupTest,MultiExpWorksGivenTwoG2Exponents)1175 TEST_F(EcGroupTest, MultiExpWorksGivenTwoG2Exponents) {
1176 G2ElemStr efq2_r_str;
1177 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1178 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1179 size_t m = 2;
1180 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1181 THROW_ON_EPIDERR(
1182 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1183 EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
1184 }
TEST_F(EcGroupTest,MultiExpWorksTwiceGivenSameOutputBuf)1185 TEST_F(EcGroupTest, MultiExpWorksTwiceGivenSameOutputBuf) {
1186 G2ElemStr efq2_r_str;
1187 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1188 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1189 size_t m = 2;
1190 EcPointObj temp(&this->efq2);
1191 G2ElemStr temp_str;
1192 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1193 temp = this->efq2_r;
1194 EXPECT_EQ(kEpidNoErr, EcMultiExp(this->efq2, pts, b, m, this->efq2_r));
1195 THROW_ON_EPIDERR(
1196 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1197 THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
1198 EXPECT_EQ(temp_str, efq2_r_str);
1199 }
1200 ///////////////////////////////////////////////////////////////////////
1201 // EcMultiExpBn
TEST_F(EcGroupTest,MultiExpBnFailsGivenArgumentsMismatch)1202 TEST_F(EcGroupTest, MultiExpBnFailsGivenArgumentsMismatch) {
1203 EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
1204 EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
1205 EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
1206 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1207 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1208 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1209 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1210 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1211 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1212 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1213 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1214 BigNumObj bno0(bnm0);
1215 BigNumObj bno1(bnm1);
1216 BigNum const* b[] = {bno0, bno1};
1217 size_t m = 2;
1218 EXPECT_EQ(kEpidBadArgErr,
1219 EcMultiExpBn(this->efq2, pts_ec1, b, m, this->efq_r));
1220 EXPECT_EQ(kEpidBadArgErr,
1221 EcMultiExpBn(this->efq, pts_ec2, b, m, this->efq_r));
1222 EXPECT_EQ(kEpidBadArgErr,
1223 EcMultiExpBn(this->efq, pts_ec1, b, m, this->efq2_r));
1224 EXPECT_EQ(kEpidBadArgErr,
1225 EcMultiExpBn(this->efq, pts_ec1_ec2, b, m, this->efq_r));
1226 }
TEST_F(EcGroupTest,MultiExpBnFailsGivenNullPointer)1227 TEST_F(EcGroupTest, MultiExpBnFailsGivenNullPointer) {
1228 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1229 EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
1230 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1231 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1232 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1233 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1234 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1235 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1236 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1237 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1238 BigNumObj bno0(bnm0);
1239 BigNumObj bno1(bnm1);
1240 BigNum const* b[] = {bno0, bno1};
1241 BigNum const* b_withnull[] = {nullptr, bno1};
1242 size_t m = 2;
1243 EXPECT_EQ(kEpidBadArgErr, EcMultiExpBn(nullptr, pts, b, m, this->efq_r));
1244 EXPECT_EQ(kEpidBadArgErr,
1245 EcMultiExpBn(this->efq, nullptr, b, m, this->efq_r));
1246 EXPECT_EQ(kEpidBadArgErr,
1247 EcMultiExpBn(this->efq, pts, nullptr, m, this->efq_r));
1248 EXPECT_EQ(kEpidBadArgErr, EcMultiExpBn(this->efq, pts, b, m, nullptr));
1249 EXPECT_EQ(kEpidBadArgErr,
1250 EcMultiExpBn(this->efq, pts_withnull, b, m, this->efq_r));
1251 EXPECT_EQ(kEpidBadArgErr,
1252 EcMultiExpBn(this->efq, pts, b_withnull, m, this->efq_r));
1253 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenOneZeroExponent)1254 TEST_F(EcGroupTest, MultiExpBnWorksGivenOneZeroExponent) {
1255 G1ElemStr efq_r_str;
1256 BigNumStr zero_bn_str = {0};
1257 EcPoint const* pts[] = {this->efq_a};
1258 BigNumObj bno_zero(zero_bn_str);
1259 BigNum const* b[] = {bno_zero};
1260 size_t m = 1;
1261 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
1262 THROW_ON_EPIDERR(
1263 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1264 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1265 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenTwoZeroExponents)1266 TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoZeroExponents) {
1267 G1ElemStr efq_r_str;
1268 BigNumStr zero_bn_str = {0};
1269 EcPoint const* pts[] = {this->efq_a, this->efq_a};
1270 BigNumObj bno_zero0(zero_bn_str);
1271 BigNumObj bno_zero1(zero_bn_str);
1272 BigNum const* b[] = {bno_zero0, bno_zero1};
1273 size_t m = 2;
1274 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
1275 THROW_ON_EPIDERR(
1276 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1277 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1278 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenSixZeroExponents)1279 TEST_F(EcGroupTest, MultiExpBnWorksGivenSixZeroExponents) {
1280 G1ElemStr efq_r_str;
1281 BigNumStr zero_bn_str = {0};
1282 EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
1283 this->efq_a, this->efq_a, this->efq_a};
1284 BigNumObj bno_zero0(zero_bn_str);
1285 BigNumObj bno_zero1(zero_bn_str);
1286 BigNumObj bno_zero2(zero_bn_str);
1287 BigNumObj bno_zero3(zero_bn_str);
1288 BigNumObj bno_zero4(zero_bn_str);
1289 BigNumObj bno_zero5(zero_bn_str);
1290 BigNum const* b[] = {bno_zero0, bno_zero1, bno_zero2,
1291 bno_zero3, bno_zero4, bno_zero5};
1292 size_t m = 6;
1293 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
1294 THROW_ON_EPIDERR(
1295 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1296 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1297 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenOneG2ZeroExponent)1298 TEST_F(EcGroupTest, MultiExpBnWorksGivenOneG2ZeroExponent) {
1299 G2ElemStr efq2_r_str;
1300 BigNumStr zero_bn_str = {0};
1301 EcPoint const* pts[] = {this->efq2_a};
1302 BigNumObj bno_zero(zero_bn_str);
1303 BigNum const* b[] = {bno_zero};
1304 size_t m = 1;
1305 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1306 THROW_ON_EPIDERR(
1307 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1308 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1309 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenTwoG2ZeroExponents)1310 TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoG2ZeroExponents) {
1311 G2ElemStr efq2_r_str;
1312 BigNumStr zero_bn_str = {0};
1313 EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
1314 BigNumObj bno_zero0(zero_bn_str);
1315 BigNumObj bno_zero1(zero_bn_str);
1316 BigNum const* b[] = {bno_zero0, bno_zero1};
1317 size_t m = 2;
1318 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1319 THROW_ON_EPIDERR(
1320 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1321 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1322 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenSixG2ZeroExponents)1323 TEST_F(EcGroupTest, MultiExpBnWorksGivenSixG2ZeroExponents) {
1324 G2ElemStr efq2_r_str;
1325 BigNumStr zero_bn_str = {0};
1326 BigNumObj bno_zero0(zero_bn_str);
1327 BigNumObj bno_zero1(zero_bn_str);
1328 BigNumObj bno_zero2(zero_bn_str);
1329 BigNumObj bno_zero3(zero_bn_str);
1330 BigNumObj bno_zero4(zero_bn_str);
1331 BigNumObj bno_zero5(zero_bn_str);
1332 EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
1333 this->efq2_a, this->efq2_a, this->efq2_a};
1334 BigNum const* b[] = {bno_zero0, bno_zero1, bno_zero2,
1335 bno_zero3, bno_zero4, bno_zero5};
1336 size_t m = 6;
1337 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1338 THROW_ON_EPIDERR(
1339 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1340 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1341 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenOneExponent)1342 TEST_F(EcGroupTest, MultiExpBnWorksGivenOneExponent) {
1343 G1ElemStr efq_r_str;
1344 EcPoint const* pts[] = {this->efq_a};
1345 BigNumObj bno_x(this->x_str);
1346 BigNum const* b[] = {bno_x};
1347 size_t m = 1;
1348 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
1349 THROW_ON_EPIDERR(
1350 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1351 EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
1352 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenTwoExponents)1353 TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoExponents) {
1354 G1ElemStr efq_r_str;
1355 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1356 BigNumObj bno_x(this->x_str);
1357 BigNumObj bno_y(this->y_str);
1358 BigNum const* b[] = {bno_x, bno_y};
1359 size_t m = 2;
1360 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq, pts, b, m, this->efq_r));
1361 THROW_ON_EPIDERR(
1362 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1363 EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
1364 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenOneG2Exponent)1365 TEST_F(EcGroupTest, MultiExpBnWorksGivenOneG2Exponent) {
1366 G2ElemStr efq2_r_str;
1367 EcPoint const* pts[] = {this->efq2_a};
1368 BigNumObj bno_x(this->x_str);
1369 BigNum const* b[] = {bno_x};
1370 size_t m = 1;
1371 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1372 THROW_ON_EPIDERR(
1373 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1374 EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
1375 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenTwoG2Exponents)1376 TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoG2Exponents) {
1377 G2ElemStr efq2_r_str;
1378 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1379 BigNumObj bno_x(this->x_str);
1380 BigNumObj bno_y(this->y_str);
1381 BigNum const* b[] = {bno_x, bno_y};
1382 size_t m = 2;
1383 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1384 THROW_ON_EPIDERR(
1385 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1386 EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
1387 }
TEST_F(EcGroupTest,MultiExpBnWorksTwiceGivenSameOutputBuf)1388 TEST_F(EcGroupTest, MultiExpBnWorksTwiceGivenSameOutputBuf) {
1389 G2ElemStr efq2_r_str;
1390 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1391 BigNumObj bno_x(this->x_str);
1392 BigNumObj bno_y(this->y_str);
1393 BigNum const* b[] = {bno_x, bno_y};
1394 size_t m = 2;
1395 EcPointObj temp(&this->efq2);
1396 G2ElemStr temp_str;
1397 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1398 temp = this->efq2_r;
1399 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->efq2, pts, b, m, this->efq2_r));
1400 THROW_ON_EPIDERR(
1401 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1402 THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
1403 EXPECT_EQ(temp_str, efq2_r_str);
1404 }
TEST_F(EcGroupTest,MultiExpBnWorksGivenTwoDifferentSizeG3Exponents)1405 TEST_F(EcGroupTest, MultiExpBnWorksGivenTwoDifferentSizeG3Exponents) {
1406 const G1ElemStr g3_b_str = {
1407 {{{
1408 0x09, 0x0d, 0x6f, 0x82, 0x77, 0x88, 0x49, 0x53, 0xba, 0x1e, 0x1b,
1409 0x0e, 0x5e, 0xae, 0xc0, 0x27, 0xad, 0xe3, 0xb1, 0x09, 0x4f, 0xcd,
1410 0xb6, 0xe6, 0x6f, 0x7f, 0xa3, 0x1a, 0x1e, 0xfb, 0x52, 0x72,
1411 }}},
1412 {{{
1413 0xfa, 0x85, 0x0f, 0x5c, 0x97, 0x61, 0xbf, 0x46, 0x7e, 0xec, 0xd6,
1414 0x64, 0xda, 0xa9, 0x8e, 0xf5, 0xd3, 0xdf, 0xfa, 0x13, 0x5a, 0xb2,
1415 0x3e, 0xeb, 0x0a, 0x9d, 0x02, 0xc0, 0x33, 0xec, 0x2a, 0x70,
1416 }}}};
1417 const G1ElemStr g3_k_str = {
1418 {{{
1419 0x41, 0xb7, 0xa4, 0xc8, 0x43, 0x3f, 0x0b, 0xc2, 0x80, 0x31, 0xbe,
1420 0x75, 0x65, 0xe9, 0xbb, 0x81, 0x73, 0x5b, 0x91, 0x4f, 0x3f, 0xd7,
1421 0xbe, 0xb5, 0x19, 0x56, 0x3f, 0x18, 0x95, 0xea, 0xc1, 0xd7,
1422 }}},
1423 {{{
1424 0xa4, 0x5e, 0xb9, 0x86, 0xfc, 0xe5, 0xc4, 0x0f, 0x54, 0x37, 0xab,
1425 0xed, 0x59, 0x20, 0xce, 0x67, 0x68, 0x3c, 0x25, 0x4d, 0xbc, 0x5f,
1426 0x6a, 0x4d, 0x5a, 0xa7, 0x93, 0xce, 0x90, 0x2d, 0x3e, 0x5a,
1427 }}}};
1428 EcPointObj B(&this->epid11_G3, g3_b_str);
1429 EcPointObj K(&this->epid11_G3, g3_k_str);
1430 EcPoint const* pts[] = {B, K};
1431 const std::vector<uint8_t> bnm_sf_str = {
1432 0x00, 0x3c, 0xc1, 0x73, 0x35, 0x3c, 0x99, 0x61, 0xb0, 0x80, 0x9a,
1433 0x0e, 0x8d, 0xbf, 0x5d, 0x0b, 0xa9, 0x18, 0x2b, 0x36, 0x3c, 0x06,
1434 0xbc, 0x1c, 0xc7, 0x9f, 0x76, 0xba, 0x5a, 0x26, 0xcd, 0x5e, 0x24,
1435 0xb9, 0x68, 0xde, 0x47, 0x72, 0xf9, 0xf9, 0x1e, 0xaa, 0x74, 0x17,
1436 0x31, 0xe4, 0x66, 0x59, 0x69, 0xe5, 0x9e, 0x27, 0x1d, 0x57, 0xe5,
1437 0x39, 0x57, 0xd4, 0xc5, 0x78, 0xf2, 0x77, 0x5c, 0x9f, 0x6c, 0xfe,
1438 0x12, 0x00, 0xa8, 0xe0, 0xd3, 0x81, 0x38, 0xaa, 0x5a};
1439 const BigNumStr bnm_nc_tick_str = {{{
1440 0xcd, 0x2e, 0xe8, 0xf4, 0x85, 0x95, 0x04, 0x09, 0xbd, 0xa4, 0xfa,
1441 0x07, 0xe3, 0x1c, 0xb9, 0x5a, 0x82, 0x73, 0xa6, 0xea, 0x47, 0x5c,
1442 0x31, 0x74, 0x3c, 0x0a, 0xeb, 0x62, 0x94, 0x2f, 0x7b, 0x10,
1443 }}};
1444 BigNumObj bno_sf(bnm_sf_str);
1445 // In order to callculate exp sf data should be devided by group order
1446 THROW_ON_EPIDERR(BigNumMod(bno_sf, epid11_p_tick, bno_sf));
1447 BigNumObj bno_nc_tick(bnm_nc_tick_str);
1448 BigNum const* b[] = {bno_sf, bno_nc_tick};
1449 EcPointObj R3 = EcPointObj(&this->epid11_G3);
1450 const std::vector<uint8_t> expected_r_str = {
1451 // X
1452 0x1E, 0xDF, 0x9E, 0xA5, 0xF5, 0xED, 0xB3, 0x3F, 0xCC, 0x83, 0x10, 0x5E,
1453 0x3E, 0xB7, 0xE5, 0x06, 0x5F, 0x19, 0xF9, 0xFD, 0xE9, 0x57, 0x0B, 0x31,
1454 0xC8, 0xDA, 0x0A, 0x7B, 0xCD, 0xB5, 0xAA, 0x2E,
1455 // Y
1456 0x6A, 0x6B, 0x5A, 0x8D, 0x48, 0x5F, 0x2F, 0x72, 0x77, 0x93, 0xD6, 0xD0,
1457 0x49, 0xE1, 0x84, 0x35, 0x98, 0xF1, 0xDE, 0x71, 0xC5, 0xF4, 0x40, 0xFB,
1458 0x1C, 0x75, 0x83, 0xD7, 0x4F, 0x58, 0x0A, 0x8D};
1459 std::vector<uint8_t> g3_r_str;
1460 g3_r_str.resize(expected_r_str.size(), 0);
1461 size_t m = 2;
1462 EXPECT_EQ(kEpidNoErr, EcMultiExpBn(this->epid11_G3, pts, b, m, R3));
1463 THROW_ON_EPIDERR(
1464 WriteEcPoint(this->epid11_G3, R3, g3_r_str.data(), g3_r_str.size()));
1465 EXPECT_EQ(g3_r_str, expected_r_str);
1466 }
1467 ///////////////////////////////////////////////////////////////////////
1468 // EcSscmMultiExp
TEST_F(EcGroupTest,SscmMultiExpFailsGivenArgumentsMismatch)1469 TEST_F(EcGroupTest, SscmMultiExpFailsGivenArgumentsMismatch) {
1470 EcPoint const* pts_ec1[] = {this->efq_a, this->efq_b};
1471 EcPoint const* pts_ec2[] = {this->efq2_a, this->efq2_b};
1472 EcPoint const* pts_ec1_ec2[] = {this->efq_a, this->efq2_b};
1473 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1474 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1475 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1476 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1477 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1478 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1479 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1480 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1481 BigNumStr const* b[] = {&bnm0, &bnm1};
1482 size_t m = 2;
1483
1484 EXPECT_EQ(kEpidBadArgErr,
1485 EcSscmMultiExp(this->efq2, pts_ec1, b, m, this->efq_r));
1486 EXPECT_EQ(kEpidBadArgErr,
1487 EcSscmMultiExp(this->efq, pts_ec2, b, m, this->efq_r));
1488 EXPECT_EQ(kEpidBadArgErr,
1489 EcSscmMultiExp(this->efq, pts_ec1, b, m, this->efq2_r));
1490 EXPECT_EQ(kEpidBadArgErr,
1491 EcSscmMultiExp(this->efq, pts_ec1_ec2, b, m, this->efq_r));
1492 }
TEST_F(EcGroupTest,SscmMultiExpFailsGivenNullPointer)1493 TEST_F(EcGroupTest, SscmMultiExpFailsGivenNullPointer) {
1494 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1495 EcPoint const* pts_withnull[] = {nullptr, this->efq_b};
1496 const BigNumStr bnm0 = {{0x11, 0xFF, 0xFF, 0xFF, 0x4F, 0x59, 0xB1, 0xD3,
1497 0x6B, 0x08, 0xFF, 0xFF, 0x0B, 0xF3, 0xAF, 0x27,
1498 0xFF, 0xB8, 0xFF, 0xFF, 0x98, 0xFF, 0xEB, 0xFF,
1499 0xF2, 0x6A, 0xFF, 0xFF, 0xEA, 0x31, 0xFF, 0xFF}};
1500 const BigNumStr bnm1 = {{0xE2, 0xFF, 0x03, 0x1D, 0xFF, 0x19, 0x81, 0xCB,
1501 0xFF, 0xFF, 0x6B, 0xD5, 0x3E, 0xFF, 0xFF, 0xFF,
1502 0xFF, 0xBD, 0xFF, 0x5A, 0xFF, 0x5C, 0x7C, 0xFF,
1503 0x84, 0xFF, 0xFF, 0x8C, 0x03, 0xB2, 0x26, 0xFF}};
1504 BigNumStr const* b[] = {&bnm0, &bnm1};
1505 BigNumStr const* b_withnull[] = {nullptr, &bnm1};
1506 size_t m = 2;
1507
1508 EXPECT_EQ(kEpidBadArgErr, EcSscmMultiExp(nullptr, pts, b, m, this->efq_r));
1509 EXPECT_EQ(kEpidBadArgErr,
1510 EcSscmMultiExp(this->efq, nullptr, b, m, this->efq_r));
1511 EXPECT_EQ(kEpidBadArgErr,
1512 EcSscmMultiExp(this->efq, pts, nullptr, m, this->efq_r));
1513 EXPECT_EQ(kEpidBadArgErr, EcSscmMultiExp(this->efq, pts, b, m, nullptr));
1514 EXPECT_EQ(kEpidBadArgErr,
1515 EcSscmMultiExp(this->efq, pts_withnull, b, m, this->efq_r));
1516 EXPECT_EQ(kEpidBadArgErr,
1517 EcSscmMultiExp(this->efq, pts, b_withnull, m, this->efq_r));
1518 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenOneZeroExponent)1519 TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneZeroExponent) {
1520 G1ElemStr efq_r_str;
1521 BigNumStr zero_bn_str = {0};
1522 EcPoint const* pts[] = {this->efq_a};
1523 BigNumStr const* b[] = {&zero_bn_str};
1524 size_t m = 1;
1525 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
1526 THROW_ON_EPIDERR(
1527 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1528 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1529 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenTwoZeroExponent)1530 TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoZeroExponent) {
1531 G1ElemStr efq_r_str;
1532 BigNumStr zero_bn_str = {0};
1533 EcPoint const* pts[] = {this->efq_a, this->efq_a};
1534 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
1535 size_t m = 2;
1536 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
1537 THROW_ON_EPIDERR(
1538 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1539 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1540 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenSixZeroExponent)1541 TEST_F(EcGroupTest, SscmMultiExpWorksGivenSixZeroExponent) {
1542 G1ElemStr efq_r_str;
1543 BigNumStr zero_bn_str = {0};
1544 EcPoint const* pts[] = {this->efq_a, this->efq_a, this->efq_a,
1545 this->efq_a, this->efq_a, this->efq_a};
1546 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
1547 &zero_bn_str, &zero_bn_str, &zero_bn_str};
1548 size_t m = 6;
1549 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
1550 THROW_ON_EPIDERR(
1551 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1552 EXPECT_EQ(this->efq_identity_str, efq_r_str);
1553 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenOneG2ZeroExponent)1554 TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneG2ZeroExponent) {
1555 G2ElemStr efq2_r_str;
1556 BigNumStr zero_bn_str = {0};
1557 EcPoint const* pts[] = {this->efq2_a};
1558 BigNumStr const* b[] = {&zero_bn_str};
1559 size_t m = 1;
1560 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1561 THROW_ON_EPIDERR(
1562 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1563 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1564 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenTwoG2ZeroExponent)1565 TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoG2ZeroExponent) {
1566 G2ElemStr efq2_r_str;
1567 BigNumStr zero_bn_str = {0};
1568 EcPoint const* pts[] = {this->efq2_a, this->efq2_a};
1569 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str};
1570 size_t m = 2;
1571 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1572 THROW_ON_EPIDERR(
1573 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1574 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1575 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenSixG2ZeroExponent)1576 TEST_F(EcGroupTest, SscmMultiExpWorksGivenSixG2ZeroExponent) {
1577 G2ElemStr efq2_r_str;
1578 BigNumStr zero_bn_str = {0};
1579 EcPoint const* pts[] = {this->efq2_a, this->efq2_a, this->efq2_a,
1580 this->efq2_a, this->efq2_a, this->efq2_a};
1581 BigNumStr const* b[] = {&zero_bn_str, &zero_bn_str, &zero_bn_str,
1582 &zero_bn_str, &zero_bn_str, &zero_bn_str};
1583 size_t m = 6;
1584 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1585 THROW_ON_EPIDERR(
1586 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1587 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
1588 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenOneExponent)1589 TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneExponent) {
1590 G1ElemStr efq_r_str;
1591 EcPoint const* pts[] = {this->efq_a};
1592 BigNumStr const* b[] = {&this->x_str};
1593 size_t m = 1;
1594 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
1595 THROW_ON_EPIDERR(
1596 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1597 EXPECT_EQ(this->efq_exp_ax_str, efq_r_str);
1598 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenTwoExponents)1599 TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoExponents) {
1600 G1ElemStr efq_r_str;
1601 EcPoint const* pts[] = {this->efq_a, this->efq_b};
1602 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1603 size_t m = 2;
1604 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq, pts, b, m, this->efq_r));
1605 THROW_ON_EPIDERR(
1606 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1607 EXPECT_EQ(this->efq_multiexp_abxy_str, efq_r_str);
1608 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenOneG2Exponent)1609 TEST_F(EcGroupTest, SscmMultiExpWorksGivenOneG2Exponent) {
1610 G2ElemStr efq2_r_str;
1611 EcPoint const* pts[] = {this->efq2_a};
1612 BigNumStr const* b[] = {&this->x_str};
1613 size_t m = 1;
1614 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1615 THROW_ON_EPIDERR(
1616 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1617 EXPECT_EQ(this->efq2_exp_ax_str, efq2_r_str);
1618 }
TEST_F(EcGroupTest,SscmMultiExpWorksGivenTwoG2Exponents)1619 TEST_F(EcGroupTest, SscmMultiExpWorksGivenTwoG2Exponents) {
1620 G2ElemStr efq2_r_str;
1621 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1622 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1623 size_t m = 2;
1624 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1625 THROW_ON_EPIDERR(
1626 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1627 EXPECT_EQ(this->efq2_multiexp_abxy_str, efq2_r_str);
1628 }
TEST_F(EcGroupTest,SscmMultiExpWorksTwiceGivenSameOutputBuf)1629 TEST_F(EcGroupTest, SscmMultiExpWorksTwiceGivenSameOutputBuf) {
1630 G2ElemStr efq2_r_str;
1631 EcPoint const* pts[] = {this->efq2_a, this->efq2_b};
1632 BigNumStr const* b[] = {&this->x_str, &this->y_str};
1633 size_t m = 2;
1634 EcPointObj temp(&this->efq2);
1635 G2ElemStr temp_str;
1636 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1637 temp = this->efq2_r;
1638 EXPECT_EQ(kEpidNoErr, EcSscmMultiExp(this->efq2, pts, b, m, this->efq2_r));
1639 THROW_ON_EPIDERR(
1640 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
1641 THROW_ON_EPIDERR(WriteEcPoint(this->efq2, temp, &temp_str, sizeof(temp_str)));
1642 EXPECT_EQ(temp_str, efq2_r_str);
1643 }
1644 ///////////////////////////////////////////////////////////////////////
1645 // EcGetRandom
TEST_F(EcGroupTest,GetRandomFailsGivenArgumentsMismatch)1646 TEST_F(EcGroupTest, GetRandomFailsGivenArgumentsMismatch) {
1647 Prng my_prng;
1648 EXPECT_EQ(kEpidBadArgErr,
1649 EcGetRandom(this->efq2, &Prng::Generate, &my_prng, this->efq_r));
1650 EXPECT_EQ(kEpidBadArgErr,
1651 EcGetRandom(this->efq, &Prng::Generate, &my_prng, this->efq2_r));
1652 }
TEST_F(EcGroupTest,GetRandomFailsGivenNullPointer)1653 TEST_F(EcGroupTest, GetRandomFailsGivenNullPointer) {
1654 Prng my_prng;
1655 EXPECT_EQ(kEpidBadArgErr,
1656 EcGetRandom(nullptr, &Prng::Generate, &my_prng, this->efq_r));
1657 EXPECT_EQ(kEpidBadArgErr,
1658 EcGetRandom(this->efq, nullptr, &my_prng, this->efq_r));
1659 EXPECT_EQ(kEpidBadArgErr,
1660 EcGetRandom(this->efq, &Prng::Generate, &my_prng, nullptr));
1661 }
TEST_F(EcGroupTest,GetRandomGeneratesDifferentECPoints)1662 TEST_F(EcGroupTest, GetRandomGeneratesDifferentECPoints) {
1663 Prng my_prng;
1664 EcPointObj r1(&this->efq);
1665 EcPointObj r2(&this->efq);
1666 bool result;
1667 // __LINE__ makes sure that r1 and r2 are generated using distinct seeds
1668 my_prng.set_seed(__LINE__);
1669 EXPECT_EQ(kEpidNoErr, EcGetRandom(this->efq, &Prng::Generate, &my_prng, r1));
1670 my_prng.set_seed(__LINE__);
1671 EXPECT_EQ(kEpidNoErr, EcGetRandom(this->efq, &Prng::Generate, &my_prng, r2));
1672 THROW_ON_EPIDERR(EcIsEqual(this->efq, r1, r2, &result));
1673 EXPECT_FALSE(result);
1674 }
1675 ///////////////////////////////////////////////////////////////////////
1676 // EcInGroup
TEST_F(EcGroupTest,InGroupFailsGivenNullPointer)1677 TEST_F(EcGroupTest, InGroupFailsGivenNullPointer) {
1678 bool in_group;
1679 EXPECT_EQ(kEpidBadArgErr, EcInGroup(nullptr, &(this->efq_a_str),
1680 sizeof(this->efq_a_str), &in_group));
1681 EXPECT_EQ(kEpidBadArgErr,
1682 EcInGroup(this->efq, nullptr, sizeof(this->efq_a_str), &in_group));
1683 EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq, &(this->efq_a_str),
1684 sizeof(this->efq_a_str), nullptr));
1685 }
TEST_F(EcGroupTest,InGroupFailsGivenInvalidBufferSize)1686 TEST_F(EcGroupTest, InGroupFailsGivenInvalidBufferSize) {
1687 bool in_group;
1688 EXPECT_EQ(kEpidBadArgErr,
1689 EcInGroup(this->efq, &(this->efq_a_str), 0, &in_group));
1690 EXPECT_EQ(kEpidBadArgErr,
1691 EcInGroup(this->efq, &(this->efq_a_str),
1692 std::numeric_limits<size_t>::max(), &in_group));
1693 #if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
1694 EXPECT_EQ(kEpidBadArgErr,
1695 EcInGroup(this->efq, &(this->efq_a_str), 0x100000001, &in_group));
1696 #endif
1697 }
TEST_F(EcGroupTest,InGroupDetectsElementNotInGroup)1698 TEST_F(EcGroupTest, InGroupDetectsElementNotInGroup) {
1699 // element be not in group if Y coordinate increased by 1
1700 G1ElemStr p_str = this->efq_a_str;
1701 p_str.y.data.data[31] -= 1;
1702
1703 bool in_group;
1704 EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq, &p_str, sizeof(p_str), &in_group));
1705 EXPECT_FALSE(in_group);
1706
1707 G2ElemStr p2_str = this->efq2_a_str;
1708 p2_str.y[0].data.data[31] -= 1;
1709
1710 EXPECT_EQ(kEpidNoErr,
1711 EcInGroup(this->efq2, &p2_str, sizeof(p2_str), &in_group));
1712 EXPECT_FALSE(in_group);
1713 }
TEST_F(EcGroupTest,InGroupDetectsIdentityElementInGroup)1714 TEST_F(EcGroupTest, InGroupDetectsIdentityElementInGroup) {
1715 bool in_group;
1716 EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq, &(this->efq_identity_str),
1717 sizeof(this->efq_identity_str), &in_group));
1718 EXPECT_TRUE(in_group);
1719
1720 EXPECT_EQ(kEpidNoErr, EcInGroup(this->efq2, &(this->efq2_identity_str),
1721 sizeof(this->efq2_identity_str), &in_group));
1722 EXPECT_TRUE(in_group);
1723 }
TEST_F(EcGroupTest,InGroupFailsGivenContextMismatch)1724 TEST_F(EcGroupTest, InGroupFailsGivenContextMismatch) {
1725 bool in_group;
1726 EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq2, &(this->efq_a_str),
1727 sizeof(this->efq_a_str), &in_group));
1728 EXPECT_FALSE(in_group);
1729
1730 EXPECT_EQ(kEpidBadArgErr, EcInGroup(this->efq, &(this->efq2_a_str),
1731 sizeof(this->efq2_a_str), &in_group));
1732 EXPECT_FALSE(in_group);
1733 }
1734 ///////////////////////////////////////////////////////////////////////
1735 // EcHash
TEST_F(EcGroupTest,HashFailsGivenArgumentsMismatch)1736 TEST_F(EcGroupTest, HashFailsGivenArgumentsMismatch) {
1737 uint8_t const msg[] = {0};
1738 EXPECT_EQ(kEpidBadArgErr,
1739 EcHash(this->efq2, msg, sizeof(msg), kSha256, this->efq_r, NULL));
1740 EXPECT_EQ(kEpidBadArgErr,
1741 EcHash(this->efq, msg, sizeof(msg), kSha256, this->efq2_r, NULL));
1742 }
TEST_F(EcGroupTest,HashFailsGivenNullPointer)1743 TEST_F(EcGroupTest, HashFailsGivenNullPointer) {
1744 uint8_t const msg[] = {0};
1745 EXPECT_EQ(kEpidBadArgErr,
1746 EcHash(nullptr, msg, sizeof(msg), kSha256, this->efq_r, NULL));
1747 EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, nullptr, sizeof(msg), kSha256,
1748 this->efq_r, NULL));
1749 EXPECT_EQ(kEpidBadArgErr,
1750 EcHash(this->efq, msg, sizeof(msg), kSha256, nullptr, NULL));
1751 }
TEST_F(EcGroupTest,HashFailsGivenUnsupportedHashAlg)1752 TEST_F(EcGroupTest, HashFailsGivenUnsupportedHashAlg) {
1753 uint8_t const msg[] = {0};
1754 EXPECT_EQ(kEpidHashAlgorithmNotSupported,
1755 EcHash(this->efq, msg, sizeof(msg), kSha3_256, this->efq_r, NULL));
1756 EXPECT_EQ(kEpidHashAlgorithmNotSupported,
1757 EcHash(this->efq, msg, sizeof(msg), kSha3_384, this->efq_r, NULL));
1758 EXPECT_EQ(kEpidHashAlgorithmNotSupported,
1759 EcHash(this->efq, msg, sizeof(msg), kSha3_512, this->efq_r, NULL));
1760 }
TEST_F(EcGroupTest,HashFailsGivenIncorrectMsgLen)1761 TEST_F(EcGroupTest, HashFailsGivenIncorrectMsgLen) {
1762 uint8_t const msg[] = {0};
1763 EXPECT_EQ(kEpidBadArgErr,
1764 EcHash(this->efq, nullptr, 1, kSha256, this->efq_r, NULL));
1765 EXPECT_EQ(kEpidBadArgErr,
1766 EcHash(this->efq, msg, std::numeric_limits<size_t>::max(), kSha256,
1767 this->efq_r, NULL));
1768 EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, msg, (size_t)INT_MAX + 1, kSha256,
1769 this->efq_r, NULL));
1770 #if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
1771 EXPECT_EQ(kEpidBadArgErr, EcHash(this->efq, msg, (size_t)0x100000001, kSha256,
1772 this->efq_r, NULL));
1773 #endif
1774 }
TEST_F(EcGroupTest,HashAcceptsZeroLengthMessage)1775 TEST_F(EcGroupTest, HashAcceptsZeroLengthMessage) {
1776 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, "", 0, kSha256, this->efq_r, NULL));
1777 }
TEST_F(EcGroupTest,HashWorksGivenSHA256HashAlg)1778 TEST_F(EcGroupTest, HashWorksGivenSHA256HashAlg) {
1779 G1ElemStr efq_r_str;
1780 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha256,
1781 this->efq_r, NULL));
1782 THROW_ON_EPIDERR(
1783 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1784 EXPECT_EQ(this->efq_r_sha256_str, efq_r_str);
1785 }
TEST_F(EcGroupTest,HashWorksGivenSHA384HashAlg)1786 TEST_F(EcGroupTest, HashWorksGivenSHA384HashAlg) {
1787 G1ElemStr efq_r_str;
1788 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha384,
1789 this->efq_r, NULL));
1790 THROW_ON_EPIDERR(
1791 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1792 EXPECT_EQ(this->efq_r_sha384_str, efq_r_str);
1793 }
TEST_F(EcGroupTest,HashWorksGivenSHA512HashAlg)1794 TEST_F(EcGroupTest, HashWorksGivenSHA512HashAlg) {
1795 G1ElemStr efq_r_str;
1796 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512,
1797 this->efq_r, NULL));
1798 THROW_ON_EPIDERR(
1799 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1800 EXPECT_EQ(this->efq_r_sha512_str, efq_r_str);
1801 }
TEST_F(EcGroupTest,HashWorksGivenSHA512256HashAlg)1802 TEST_F(EcGroupTest, HashWorksGivenSHA512256HashAlg) {
1803 G1ElemStr efq_r_str;
1804 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512_256,
1805 this->efq_r, NULL));
1806 THROW_ON_EPIDERR(
1807 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
1808 EXPECT_EQ(this->efq_r_sha512256_str, efq_r_str);
1809 }
TEST_F(EcGroupTest,HashReturnsValidISha256)1810 TEST_F(EcGroupTest, HashReturnsValidISha256) {
1811 uint32_t i = 0;
1812 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha256,
1813 this->efq_r, &i));
1814 EXPECT_EQ((uint32_t)4, i);
1815 }
TEST_F(EcGroupTest,HashReturnsValidISha384)1816 TEST_F(EcGroupTest, HashReturnsValidISha384) {
1817 uint32_t i = 0;
1818 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha384,
1819 this->efq_r, &i));
1820 EXPECT_EQ((uint32_t)0, i);
1821 }
TEST_F(EcGroupTest,HashReturnsValidISha512)1822 TEST_F(EcGroupTest, HashReturnsValidISha512) {
1823 uint32_t i = 0;
1824 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512,
1825 this->efq_r, &i));
1826 EXPECT_EQ((uint32_t)1, i);
1827 }
TEST_F(EcGroupTest,HashReturnsValidISha512256)1828 TEST_F(EcGroupTest, HashReturnsValidISha512256) {
1829 uint32_t i = 0;
1830 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, sha_msg, sizeof(sha_msg), kSha512_256,
1831 this->efq_r, &i));
1832 EXPECT_EQ((uint32_t)0, i);
1833 }
TEST_F(EcGroupTest,HashWorksForArbitraryMsg)1834 TEST_F(EcGroupTest, HashWorksForArbitraryMsg) {
1835 uint32_t i = 0;
1836 std::vector<uint8_t> msg_aad = {'a', 'a', 'd'};
1837 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_aad.data(), msg_aad.size(),
1838 kSha512, this->efq_r, &i));
1839 G1ElemStr exp_aad = {
1840 0x5e, 0x73, 0xbe, 0x39, 0x6b, 0xd8, 0x50, 0x2f, 0xb1, 0x93, 0xbf,
1841 0x9a, 0x3f, 0x42, 0x9d, 0x2a, 0xeb, 0xb7, 0x89, 0xb6, 0xcf, 0x52,
1842 0x78, 0x61, 0x19, 0x24, 0xae, 0x56, 0xb3, 0x15, 0xd6, 0x7e, 0x0d,
1843 0xb4, 0x3c, 0x33, 0xf3, 0x0a, 0xf1, 0x80, 0x21, 0x23, 0xd5, 0x6c,
1844 0x4a, 0xb6, 0x68, 0xcf, 0xa9, 0xcd, 0x44, 0x91, 0xc9, 0x6b, 0x50,
1845 0x96, 0x0f, 0x13, 0x47, 0x2d, 0x0b, 0xd5, 0x19, 0x68};
1846 G1ElemStr res_aad;
1847 THROW_ON_EPIDERR(
1848 WriteEcPoint(this->efq, this->efq_r, &res_aad, sizeof(res_aad)));
1849 EXPECT_EQ(exp_aad, res_aad);
1850 i = 0;
1851 std::vector<uint8_t> msg_1_MB(1024 * 1024); // exactly 1 MB;
1852 uint8_t c = 0;
1853 for (size_t j = 0; j < msg_1_MB.size(); ++j) {
1854 msg_1_MB[j] = c++;
1855 }
1856 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_1_MB.data(), msg_1_MB.size(),
1857 kSha512, this->efq_r, &i));
1858 G1ElemStr exp_1_MB = {
1859 0xd8, 0xf7, 0xcd, 0x26, 0xa1, 0x86, 0x2e, 0x25, 0xa5, 0x17, 0x84,
1860 0x98, 0x80, 0x5b, 0xb6, 0x10, 0x1c, 0x0d, 0xe1, 0xf4, 0xaa, 0x50,
1861 0xfa, 0xdd, 0x67, 0x2f, 0xfd, 0x96, 0x95, 0x57, 0x1d, 0x0f, 0x92,
1862 0xcd, 0xd1, 0x99, 0x27, 0x29, 0xbe, 0x7c, 0x66, 0x27, 0x8e, 0x5b,
1863 0xc7, 0x0f, 0x9f, 0xad, 0xd7, 0x29, 0x54, 0x0f, 0xea, 0xa8, 0x01,
1864 0x42, 0xf9, 0x47, 0x1d, 0xec, 0x5c, 0x0c, 0x2e, 0xdb};
1865 G1ElemStr res_1_MB;
1866 THROW_ON_EPIDERR(
1867 WriteEcPoint(this->efq, this->efq_r, &res_1_MB, sizeof(res_1_MB)));
1868 EXPECT_EQ(exp_1_MB, res_1_MB);
1869 i = 0;
1870 std::vector<uint8_t> msg_1_MB_Minus_2(1024 * 1024 - 2); // exactly 1 MB;
1871 c = 0;
1872 for (size_t j = 0; j < msg_1_MB_Minus_2.size(); ++j) {
1873 msg_1_MB_Minus_2[j] = c++;
1874 }
1875 EXPECT_EQ(kEpidNoErr,
1876 EcHash(this->efq, msg_1_MB_Minus_2.data(), msg_1_MB_Minus_2.size(),
1877 kSha512, this->efq_r, &i));
1878 G1ElemStr exp_1_MB_Minus_2 = {
1879 0x96, 0x31, 0xc8, 0xf7, 0x63, 0x82, 0x4b, 0x69, 0xae, 0xcd, 0x7a,
1880 0x54, 0xed, 0x66, 0x45, 0x22, 0xa1, 0xd3, 0x5a, 0x07, 0x56, 0xf4,
1881 0xfb, 0x47, 0xc7, 0xdf, 0x07, 0xf7, 0x21, 0xfb, 0x77, 0x2b, 0x65,
1882 0xe1, 0xa2, 0x2e, 0x3b, 0x1a, 0xc8, 0x62, 0x0b, 0xb8, 0xac, 0x32,
1883 0x21, 0xce, 0xa1, 0x74, 0x50, 0x55, 0xc2, 0x03, 0x91, 0x35, 0x63,
1884 0x25, 0x45, 0xb3, 0xc6, 0x3c, 0xe0, 0xe8, 0x74, 0xb4};
1885 G1ElemStr res_1_MB_Minus_2;
1886 THROW_ON_EPIDERR(WriteEcPoint(this->efq, this->efq_r, &res_1_MB_Minus_2,
1887 sizeof(res_1_MB_Minus_2)));
1888 EXPECT_EQ(exp_1_MB_Minus_2, res_1_MB_Minus_2);
1889 i = 0;
1890 std::vector<uint8_t> msg_102(102); // exactly 1 MB;
1891 c = 0;
1892 for (size_t j = 0; j < msg_102.size(); ++j) {
1893 msg_102[j] = c++;
1894 }
1895 EXPECT_EQ(kEpidNoErr, EcHash(this->efq, msg_102.data(), msg_102.size(),
1896 kSha512, this->efq_r, &i));
1897 G1ElemStr exp_102 = {
1898 0x21, 0xf6, 0xb5, 0x2c, 0xbc, 0xb7, 0x90, 0x2b, 0x36, 0xe1, 0x43,
1899 0xb6, 0xca, 0x66, 0x7e, 0x0a, 0x87, 0x66, 0x32, 0xe0, 0x70, 0x74,
1900 0x2b, 0x20, 0x92, 0x8f, 0x8b, 0x3d, 0xd7, 0xe1, 0x95, 0xc7, 0xa9,
1901 0x1b, 0x46, 0x94, 0xab, 0xfc, 0x59, 0x0e, 0x63, 0x9d, 0x42, 0x15,
1902 0x85, 0xcb, 0x91, 0x12, 0xca, 0x19, 0x54, 0xa3, 0xe9, 0x77, 0xd0,
1903 0x1b, 0x2a, 0x97, 0x1e, 0xd0, 0x59, 0x33, 0xe1, 0x1d};
1904 G1ElemStr res_102;
1905 THROW_ON_EPIDERR(
1906 WriteEcPoint(this->efq, this->efq_r, &res_102, sizeof(res_102)));
1907 EXPECT_EQ(exp_102, res_102);
1908 }
1909 ///////////////////////////////////////////////////////////////////////
1910 // 1.1 EcHash
TEST_F(EcGroupTest,Epid11HashFailsGivenMismatchedArguments)1911 TEST_F(EcGroupTest, Epid11HashFailsGivenMismatchedArguments) {
1912 uint8_t const msg[] = {0};
1913 EXPECT_EQ(kEpidBadArgErr,
1914 Epid11EcHash(this->efq2, msg, sizeof(msg), this->efq_r));
1915 EXPECT_EQ(kEpidBadArgErr,
1916 Epid11EcHash(this->efq, msg, sizeof(msg), this->efq2_r));
1917 }
TEST_F(EcGroupTest,Epid11HashFailsGivenNullPointer)1918 TEST_F(EcGroupTest, Epid11HashFailsGivenNullPointer) {
1919 uint8_t const msg[] = {0};
1920 EXPECT_EQ(kEpidBadArgErr,
1921 Epid11EcHash(nullptr, msg, sizeof(msg), this->epid11_G3_r));
1922 EXPECT_EQ(kEpidBadArgErr, Epid11EcHash(this->epid11_G3, nullptr, sizeof(msg),
1923 this->epid11_G3_r));
1924 EXPECT_EQ(kEpidBadArgErr,
1925 Epid11EcHash(this->epid11_G3, msg, sizeof(msg), nullptr));
1926 }
TEST_F(EcGroupTest,Epid11HashFailsGivenInvalidMsgLen)1927 TEST_F(EcGroupTest, Epid11HashFailsGivenInvalidMsgLen) {
1928 uint8_t const msg[] = {0};
1929 EXPECT_EQ(kEpidBadArgErr,
1930 Epid11EcHash(this->epid11_G3, nullptr, 1, this->epid11_G3_r));
1931 EXPECT_EQ(kEpidBadArgErr, Epid11EcHash(this->epid11_G3, msg,
1932 std::numeric_limits<size_t>::max(),
1933 this->epid11_G3_r));
1934 EXPECT_EQ(kEpidBadArgErr,
1935 Epid11EcHash(this->epid11_G3, msg, (size_t)INT_MAX + 1,
1936 this->epid11_G3_r));
1937 #if (SIZE_MAX >= 0x100000001) // When size_t value allowed to be 0x100000001
1938 EXPECT_EQ(kEpidBadArgErr,
1939 Epid11EcHash(this->epid11_G3, msg, (size_t)0x100000001,
1940 this->epid11_G3_r));
1941 #endif
1942 }
TEST_F(EcGroupTest,Epid11HashAcceptsZeroLengthMessage)1943 TEST_F(EcGroupTest, Epid11HashAcceptsZeroLengthMessage) {
1944 EXPECT_EQ(kEpidNoErr,
1945 Epid11EcHash(this->epid11_G3, "", 0, this->epid11_G3_r));
1946 }
TEST_F(EcGroupTest,Epid11HashWorksGivenValidParameters)1947 TEST_F(EcGroupTest, Epid11HashWorksGivenValidParameters) {
1948 Epid11G3ElemStr r_str;
1949
1950 uint8_t const msg0[] = {'a', 'a', 'd'};
1951 EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg0, sizeof(msg0),
1952 this->epid11_G3_r));
1953 THROW_ON_EPIDERR(
1954 WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
1955 EXPECT_EQ(this->kAadHash, r_str);
1956
1957 uint8_t const msg1[] = {'b', 's', 'n', '0'};
1958 EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg1, sizeof(msg1),
1959 this->epid11_G3_r));
1960 THROW_ON_EPIDERR(
1961 WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
1962 EXPECT_EQ(this->kBsn0Hash, r_str);
1963
1964 uint8_t const msg2[] = {'t', 'e', 's', 't'};
1965 EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg2, sizeof(msg2),
1966 this->epid11_G3_r));
1967 THROW_ON_EPIDERR(
1968 WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
1969 EXPECT_EQ(this->kTestHash, r_str);
1970
1971 uint8_t const msg3[] = {'a', 'a', 'c'};
1972 EXPECT_EQ(kEpidNoErr, Epid11EcHash(this->epid11_G3, msg3, sizeof(msg3),
1973 this->epid11_G3_r));
1974 THROW_ON_EPIDERR(
1975 WriteEcPoint(this->epid11_G3, this->epid11_G3_r, &r_str, sizeof(r_str)));
1976 EXPECT_EQ(this->kAacHash, r_str);
1977 }
1978 ///////////////////////////////////////////////////////////////////////
1979 // EcMakePoint
TEST_F(EcGroupTest,MakePointFailsGivenArgumentsMismatch)1980 TEST_F(EcGroupTest, MakePointFailsGivenArgumentsMismatch) {
1981 FfElementObj fq2_a(&this->efq2_par->fq2);
1982
1983 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq2, this->fq_a, this->efq_r));
1984 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, fq2_a, this->efq_r));
1985 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq2, this->fq_a, this->efq2_r));
1986 }
TEST_F(EcGroupTest,MakePointFailsGivenNullPointer)1987 TEST_F(EcGroupTest, MakePointFailsGivenNullPointer) {
1988 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(nullptr, this->fq_a, this->efq_r));
1989 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, nullptr, this->efq_r));
1990 EXPECT_EQ(kEpidBadArgErr, EcMakePoint(this->efq, this->fq_a, nullptr));
1991 }
TEST_F(EcGroupTest,MakePointSucceedsGivenElement)1992 TEST_F(EcGroupTest, MakePointSucceedsGivenElement) {
1993 Prng my_prng;
1994 G1ElemStr efq_r_str;
1995
1996 // a pre-computed point in eqf
1997 G1ElemStr efq_ref_str = {
1998 {{0X1C, 0X53, 0X40, 0X69, 0X8B, 0X77, 0X75, 0XAA, 0X2B, 0X7D, 0X91,
1999 0XD6, 0X29, 0X49, 0X05, 0X7F, 0XF6, 0X4C, 0X63, 0X90, 0X58, 0X22,
2000 0X06, 0XF5, 0X1F, 0X3B, 0X9F, 0XA2, 0X04, 0X39, 0XA9, 0X67}},
2001 {{0X3B, 0X65, 0X58, 0XAC, 0X97, 0X46, 0X47, 0XC9, 0X84, 0X57, 0X3F,
2002 0XFA, 0X4F, 0XB0, 0X64, 0X8D, 0X48, 0XC8, 0X14, 0XEB, 0XF1, 0X94,
2003 0X87, 0XDC, 0XB3, 0X73, 0X90, 0X1D, 0X75, 0XAD, 0XD5, 0X56}}};
2004
2005 // create a point with x == ref.x
2006 FfElementObj elem(&this->fq, efq_ref_str.x);
2007 EXPECT_EQ(kEpidNoErr, EcMakePoint(this->efq, elem, this->efq_r));
2008
2009 // check that the point matches ref
2010 THROW_ON_EPIDERR(
2011 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
2012 EXPECT_EQ(efq_ref_str, efq_r_str);
2013 }
TEST_F(EcGroupTest,MakePointFailsGivenZeroElement)2014 TEST_F(EcGroupTest, MakePointFailsGivenZeroElement) {
2015 EXPECT_EQ(kEpidBadArgErr,
2016 EcMakePoint(this->efq, FfElementObj(&this->fq), this->efq_r));
2017 // EcMakePoint is only defined for G1
2018 EXPECT_EQ(kEpidBadArgErr,
2019 EcMakePoint(this->efq2, FfElementObj(&this->efq2_par->fq2),
2020 this->efq2_r));
2021 }
2022 ///////////////////////////////////////////////////////////////////////
2023 // EcInverse
TEST_F(EcGroupTest,InverseFailsGivenArgumentsMismatch)2024 TEST_F(EcGroupTest, InverseFailsGivenArgumentsMismatch) {
2025 EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq2, this->efq_a, this->efq_r));
2026 EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq2_a, this->efq_r));
2027 EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq_a, this->efq2_r));
2028 }
2029
TEST_F(EcGroupTest,InverseFailsGivenNullPointer)2030 TEST_F(EcGroupTest, InverseFailsGivenNullPointer) {
2031 EXPECT_EQ(kEpidBadArgErr, EcInverse(nullptr, this->efq_a, this->efq_r));
2032 EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, nullptr, this->efq_r));
2033 EXPECT_EQ(kEpidBadArgErr, EcInverse(this->efq, this->efq_a, nullptr));
2034 }
2035
TEST_F(EcGroupTest,InverseSucceedsGivenIdentity)2036 TEST_F(EcGroupTest, InverseSucceedsGivenIdentity) {
2037 G1ElemStr efq_r_str;
2038 EXPECT_EQ(kEpidNoErr, EcInverse(this->efq, this->efq_identity, this->efq_r));
2039 THROW_ON_EPIDERR(
2040 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
2041 EXPECT_EQ(this->efq_identity_str, efq_r_str);
2042
2043 G2ElemStr efq2_r_str;
2044 EXPECT_EQ(kEpidNoErr,
2045 EcInverse(this->efq2, this->efq2_identity, this->efq2_r));
2046 THROW_ON_EPIDERR(
2047 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
2048 EXPECT_EQ(this->efq2_identity_str, efq2_r_str);
2049 }
2050
TEST_F(EcGroupTest,InverseSucceedsGivenElement)2051 TEST_F(EcGroupTest, InverseSucceedsGivenElement) {
2052 G1ElemStr efq_r_str;
2053 EXPECT_EQ(kEpidNoErr, EcInverse(this->efq, this->efq_a, this->efq_r));
2054 THROW_ON_EPIDERR(
2055 WriteEcPoint(this->efq, this->efq_r, &efq_r_str, sizeof(efq_r_str)));
2056 EXPECT_EQ(this->efq_inv_a_str, efq_r_str);
2057
2058 G2ElemStr efq2_r_str;
2059 EXPECT_EQ(kEpidNoErr, EcInverse(this->efq2, this->efq2_a, this->efq2_r));
2060 THROW_ON_EPIDERR(
2061 WriteEcPoint(this->efq2, this->efq2_r, &efq2_r_str, sizeof(efq2_r_str)));
2062 EXPECT_EQ(this->efq2_inv_a_str, efq2_r_str);
2063 }
2064 ///////////////////////////////////////////////////////////////////////
2065 // EcIsEqual
TEST_F(EcGroupTest,IsEqualFailsGivenArgumentsMismatch)2066 TEST_F(EcGroupTest, IsEqualFailsGivenArgumentsMismatch) {
2067 bool result;
2068 EXPECT_EQ(kEpidBadArgErr,
2069 EcIsEqual(this->efq2, this->efq_a, this->efq_a, &result));
2070 EXPECT_EQ(kEpidBadArgErr,
2071 EcIsEqual(this->efq, this->efq2_a, this->efq_a, &result));
2072 EXPECT_EQ(kEpidBadArgErr,
2073 EcIsEqual(this->efq, this->efq_a, this->efq2_a, &result));
2074 }
TEST_F(EcGroupTest,IsEqualFailsGivenNullPointer)2075 TEST_F(EcGroupTest, IsEqualFailsGivenNullPointer) {
2076 bool result;
2077 EXPECT_EQ(kEpidBadArgErr,
2078 EcIsEqual(nullptr, this->efq_a, this->efq_a, &result));
2079 EXPECT_EQ(kEpidBadArgErr,
2080 EcIsEqual(this->efq, nullptr, this->efq_a, &result));
2081 EXPECT_EQ(kEpidBadArgErr,
2082 EcIsEqual(this->efq, this->efq_a, nullptr, &result));
2083 EXPECT_EQ(kEpidBadArgErr,
2084 EcIsEqual(this->efq, this->efq_a, this->efq_a, nullptr));
2085 }
TEST_F(EcGroupTest,IsEqualCanCompareElementWithItself)2086 TEST_F(EcGroupTest, IsEqualCanCompareElementWithItself) {
2087 bool result;
2088 ASSERT_EQ(kEpidNoErr,
2089 EcIsEqual(this->efq, this->efq_a, this->efq_a, &result));
2090 EXPECT_TRUE(result);
2091
2092 ASSERT_EQ(kEpidNoErr,
2093 EcIsEqual(this->efq2, this->efq2_a, this->efq2_a, &result));
2094 EXPECT_TRUE(result);
2095 }
TEST_F(EcGroupTest,DifferentEFqElementsAreNotEqual)2096 TEST_F(EcGroupTest, DifferentEFqElementsAreNotEqual) {
2097 bool result;
2098 ASSERT_EQ(kEpidNoErr,
2099 EcIsEqual(this->efq, this->efq_a, this->efq_b, &result));
2100 EXPECT_FALSE(result);
2101 }
TEST_F(EcGroupTest,SameEFqElementsAreEqual)2102 TEST_F(EcGroupTest, SameEFqElementsAreEqual) {
2103 THROW_ON_EPIDERR(ReadEcPoint(this->efq, &(this->efq_a_str),
2104 sizeof(this->efq_a_str), this->efq_b));
2105 bool result;
2106 ASSERT_EQ(kEpidNoErr,
2107 EcIsEqual(this->efq, this->efq_a, this->efq_b, &result));
2108 EXPECT_TRUE(result);
2109 }
TEST_F(EcGroupTest,IsEqualCanCompareIdentityEFqElements)2110 TEST_F(EcGroupTest, IsEqualCanCompareIdentityEFqElements) {
2111 THROW_ON_EPIDERR(ReadEcPoint(this->efq, &(this->efq_identity_str),
2112 sizeof(this->efq_identity_str), this->efq_b));
2113 bool result;
2114 ASSERT_EQ(kEpidNoErr,
2115 EcIsEqual(this->efq, this->efq_identity, this->efq_b, &result));
2116 EXPECT_TRUE(result);
2117 }
2118
TEST_F(EcGroupTest,DifferentEFq2ElementsAreNotEqual)2119 TEST_F(EcGroupTest, DifferentEFq2ElementsAreNotEqual) {
2120 bool result;
2121 ASSERT_EQ(kEpidNoErr,
2122 EcIsEqual(this->efq2, this->efq2_a, this->efq2_b, &result));
2123 EXPECT_FALSE(result);
2124 }
TEST_F(EcGroupTest,SameEFq2ElementsAreEqual)2125 TEST_F(EcGroupTest, SameEFq2ElementsAreEqual) {
2126 THROW_ON_EPIDERR(ReadEcPoint(this->efq2, &(this->efq2_a_str),
2127 sizeof(this->efq2_a_str), this->efq2_b));
2128 bool result;
2129 ASSERT_EQ(kEpidNoErr,
2130 EcIsEqual(this->efq2, this->efq2_a, this->efq2_b, &result));
2131 EXPECT_TRUE(result);
2132 }
TEST_F(EcGroupTest,IsEqualCanCompareIdentityEFq2Elements)2133 TEST_F(EcGroupTest, IsEqualCanCompareIdentityEFq2Elements) {
2134 THROW_ON_EPIDERR(ReadEcPoint(this->efq2, &(this->efq2_identity_str),
2135 sizeof(this->efq2_identity_str), this->efq2_b));
2136 bool result;
2137 ASSERT_EQ(kEpidNoErr,
2138 EcIsEqual(this->efq2, this->efq2_identity, this->efq2_b, &result));
2139 EXPECT_TRUE(result);
2140 }
2141 ///////////////////////////////////////////////////////////////////////
2142 // EcIsIdentity
TEST_F(EcGroupTest,IsIdentityFailsGivenArgumentsMismatch)2143 TEST_F(EcGroupTest, IsIdentityFailsGivenArgumentsMismatch) {
2144 bool result;
2145 EXPECT_EQ(kEpidBadArgErr,
2146 EcIsIdentity(this->efq2, this->efq_identity, &result));
2147 EXPECT_EQ(kEpidBadArgErr,
2148 EcIsIdentity(this->efq, this->efq2_identity, &result));
2149 }
TEST_F(EcGroupTest,IsIdentityFailsGivenNullPointer)2150 TEST_F(EcGroupTest, IsIdentityFailsGivenNullPointer) {
2151 bool result;
2152 EXPECT_EQ(kEpidBadArgErr, EcIsIdentity(nullptr, this->efq_identity, &result));
2153 EXPECT_EQ(kEpidBadArgErr, EcIsIdentity(this->efq, nullptr, &result));
2154 EXPECT_EQ(kEpidBadArgErr,
2155 EcIsIdentity(this->efq, this->efq_identity, nullptr));
2156 }
TEST_F(EcGroupTest,IsIdentityDetectsIdentityElement)2157 TEST_F(EcGroupTest, IsIdentityDetectsIdentityElement) {
2158 bool result;
2159 EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq, this->efq_identity, &result));
2160 EXPECT_TRUE(result);
2161 EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq2, this->efq2_identity, &result));
2162 EXPECT_TRUE(result);
2163 }
TEST_F(EcGroupTest,IsIdentityDetectsNonIdentityElement)2164 TEST_F(EcGroupTest, IsIdentityDetectsNonIdentityElement) {
2165 bool result;
2166 EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq, this->efq_a, &result));
2167 EXPECT_FALSE(result);
2168 EXPECT_EQ(kEpidNoErr, EcIsIdentity(this->efq2, this->efq2_a, &result));
2169 EXPECT_FALSE(result);
2170 }
2171 } // namespace
2172