Google Git
Sign in
apache / incubator-milagro-crypto-c / 34e32ecfe655141271e23c57d03f2b414424c751 / . / test / test_pair_ZZZ.c.in
blob: e84eb867ee250f5b8faf85efb6f1cfaf7c4497f8 [file] [log] [blame]
/**
* @file test_pair_ZZZ.c
* @author Alessandro Budroni
* @brief Test function for pairing
*
* LICENSE
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "randapi.h"
#include "config_curve_ZZZ.h"
#if CURVE_SECURITY_ZZZ == 128
#include "pair_ZZZ.h"
#elif CURVE_SECURITY_ZZZ == 192
#include "pair192_ZZZ.h"
#elif CURVE_SECURITY_ZZZ == 256
#include "pair256_ZZZ.h"
#endif
// Number of iterations in pairing test
#if CURVE_SECURITY_ZZZ == 128
#define N_ITER 16
#elif CURVE_SECURITY_ZZZ == 192
#define N_ITER 12
#elif CURVE_SECURITY_ZZZ == 256
#define N_ITER 8
#endif
// Renamings for multiple security level support
#if CURVE_SECURITY_ZZZ == 128
#define ECPG2_ZZZ_generator ECP2_ZZZ_generator
#define ECPG2_ZZZ_copy ECP2_ZZZ_copy
#define ECPG2_ZZZ_mul ECP2_ZZZ_mul
#define ECPG2_ZZZ_add ECP2_ZZZ_add
#define ECPG2_ZZZ_affine ECP2_ZZZ_affine
#define ECPG2_ZZZ_isinf ECP2_ZZZ_isinf
#define GT_YYY_equals FP12_YYY_equals
#define GT_YYY_copy FP12_YYY_copy
#define GT_YYY_mul FP12_YYY_mul
#elif CURVE_SECURITY_ZZZ == 192
#define ECPG2_ZZZ_generator ECP4_ZZZ_generator
#define ECPG2_ZZZ_copy ECP4_ZZZ_copy
#define ECPG2_ZZZ_mul ECP4_ZZZ_mul
#define ECPG2_ZZZ_add ECP4_ZZZ_add
#define ECPG2_ZZZ_affine ECP4_ZZZ_affine
#define ECPG2_ZZZ_isinf ECP4_ZZZ_isinf
#define GT_YYY_equals FP24_YYY_equals
#define GT_YYY_copy FP24_YYY_copy
#define GT_YYY_mul FP24_YYY_mul
#elif CURVE_SECURITY_ZZZ == 256
#define ECPG2_ZZZ_generator ECP8_ZZZ_generator
#define ECPG2_ZZZ_copy ECP8_ZZZ_copy
#define ECPG2_ZZZ_mul ECP8_ZZZ_mul
#define ECPG2_ZZZ_add ECP8_ZZZ_add
#define ECPG2_ZZZ_affine ECP8_ZZZ_affine
#define ECPG2_ZZZ_isinf ECP8_ZZZ_isinf
#define GT_YYY_equals FP48_YYY_equals
#define GT_YYY_copy FP48_YYY_copy
#define GT_YYY_mul FP48_YYY_mul
#endif
int main()
{
int i;
BIG_XXX s,r,x,y;
ECP_ZZZ G,P1,P2,P3;
#if CURVE_SECURITY_ZZZ == 128
ECP2_ZZZ W,Q1,Q2,Q3;
FP12_YYY g11,gs1,gs2;
#elif CURVE_SECURITY_ZZZ == 192
ECP4_ZZZ W,Q1,Q2,Q3;
FP24_YYY g11,gs1,gs2;
#elif CURVE_SECURITY_ZZZ == 256
ECP8_ZZZ W,Q1,Q2,Q3;
FP48_YYY g11,gs1,gs2;
#endif
char seed[100] = {0};
octet SEED = {0,sizeof(seed),seed};
csprng RNG;
/* non random seed value! */
SEED.len=100;
for (i=0; i<100; i++) SEED.val[i]=i+1;
/* initialise random number generator */
CREATE_CSPRNG(&RNG,&SEED);
// Set Generator of G1
ECP_ZZZ_generator(&G);
// Set Generator of G2
ECPG2_ZZZ_generator(&W);
// Check that scalar multiplication by curve order gives the infinte point
BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
ECP_ZZZ_copy(&P1,&G);
PAIR_ZZZ_G1mul(&P1,r);
if (!ECP_ZZZ_isinf(&P1))
{
printf("FAILURE - rP!=O\n");
return 1;
}
BIG_XXX_randomnum(s,r,&RNG);
ECPG2_ZZZ_copy(&Q1,&W);
ECPG2_ZZZ_mul(&Q1,r);
if (!ECPG2_ZZZ_isinf(&Q1))
{
printf("FAILURE - rQ!=O\n");
return 0;
}
for (i = 0; i < N_ITER; ++i)
{
// Pick a random point in G1
BIG_XXX_randomnum(x,r,&RNG);
ECP_ZZZ_copy(&P1,&G);
ECP_ZZZ_mul(&P1,x);
ECP_ZZZ_copy(&P2,&P1);
// Pick a random point in G2
BIG_XXX_randomnum(y,r,&RNG);
ECPG2_ZZZ_copy(&Q1,&W);
ECPG2_ZZZ_mul(&Q1,y);
ECPG2_ZZZ_copy(&Q2,&Q1);
// Precompute e(Q1,P1)
PAIR_ZZZ_ate(&g11,&Q1,&P1);
PAIR_ZZZ_fexp(&g11);
// Test that e(sQ,P) = e(Q,sP) = e(Q,P)^s, s random
BIG_XXX_randomnum(s,r,&RNG);
PAIR_ZZZ_G1mul(&P2,s);
ECPG2_ZZZ_mul(&Q2,s);
PAIR_ZZZ_ate(&gs1,&Q1,&P2);
PAIR_ZZZ_fexp(&gs1);
PAIR_ZZZ_ate(&gs2,&Q2,&P1);
PAIR_ZZZ_fexp(&gs2);
if (!GT_ZZZ_equals(&gs1,&gs2))
{
printf("FAILURE - e(sQ,P)!=e(Q,sP)\n");
return 1;
}
GT_ZZZ_copy(&gs2,&g11);
PAIR_ZZZ_GTpow(&gs2,s);
if (!GT_ZZZ_equals(&gs1,&gs2))
{
printf("FAILURE - e(sQ,P)!=e(Q,P)^s\n");
return 1;
}
// Test that e(Q,P1+P2) = e(Q,P1).e(Q,P2)
PAIR_ZZZ_ate(&gs2,&Q1,&P2);
PAIR_ZZZ_fexp(&gs2);
GT_YYY_copy(&gs1,&g11);
GT_YYY_mul(&gs1,&gs2);
ECP_ZZZ_copy(&P3,&P1);
ECP_ZZZ_add(&P3,&P2);
ECP_ZZZ_affine(&P3);
PAIR_ZZZ_ate(&gs2,&Q1,&P3);
PAIR_ZZZ_fexp(&gs2);
if (!GT_YYY_equals(&gs1,&gs2))
{
printf("FAILURE - e(Q,P1+P2)!=e(Q,P1).e(Q,P2)\n");
return 1;
}
// Test double_ate function on G1
PAIR_ZZZ_double_ate(&gs1,&Q1,&P1,&Q1,&P2);
PAIR_ZZZ_fexp(&gs1);
if (!GT_YYY_equals(&gs1,&gs2))
{
printf("FAILURE - double ate failed\n");
return 1;
}
// Test that e(Q1+Q2,P1) = e(Q1,P1).e(Q2,P1)
PAIR_ZZZ_ate(&gs2,&Q2,&P1);
PAIR_ZZZ_fexp(&gs2);
GT_YYY_copy(&gs1,&g11);
GT_YYY_mul(&gs1,&gs2);
ECPG2_ZZZ_copy(&Q3,&Q1);
ECPG2_ZZZ_add(&Q3,&Q2);
ECPG2_ZZZ_affine(&Q3);
PAIR_ZZZ_ate(&gs2,&Q3,&P1);
PAIR_ZZZ_fexp(&gs2);
if (!GT_YYY_equals(&gs1,&gs2))
{
printf("FAILURE - e(Q1+Q2,P1)!=e(Q1,P1).e(Q2,P1)\n");
return 1;
}
// Test double_ate function on G2
PAIR_ZZZ_double_ate(&gs1,&Q1,&P1,&Q2,&P1);
PAIR_ZZZ_fexp(&gs1);
if (!GT_YYY_equals(&gs1,&gs2))
{
printf("FAILURE - double ate failed\n");
return 1;
}
}
KILL_CSPRNG(&RNG);
printf("SUCCESS\n");
return 0;
}