test: add negative BLS verify and FAV cases #304
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -22,15 +22,18 @@ pub fn verify(msg: []const u8, pk: *const PublicKey, sig: *const Signature, in_p | |
| try sig.verify(sig_groupcheck, msg, DST, null, pk, pk_validate); | ||
| } | ||
|
|
||
| /// The `msg` must be at least 32 bytes; only the first 32 are passed to | ||
| /// fast aggregate verification. | ||
| pub fn fastAggregateVerify(msg: []const u8, pks: []const PublicKey, sig: *const Signature, in_pk_validate: ?bool, in_sigs_group_check: ?bool) !bool { | ||
| std.debug.assert(msg.len >= 32); | ||
|
|
||
| var pairing_buf: [bls.Pairing.sizeOf()]u8 align(bls.Pairing.buf_align) = undefined; | ||
|
|
||
| const sigs_groupcheck = in_sigs_group_check orelse false; | ||
| const pks_validate = in_pk_validate orelse false; | ||
| return sig.fastAggregateVerify(sigs_groupcheck, &pairing_buf, msg[0..32], DST, pks, pks_validate) catch return false; | ||
| } | ||
|
|
||
|
Contributor
There was a problem hiding this comment. Perhaps adding more positive tests for other functions if dropped this comment |
||
| test "bls - sanity" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
|
|
@@ -49,3 +52,102 @@ test "bls - sanity" { | |
| const result = try fastAggregateVerify(&msg, pks_slice[0..], &sig, null, null); | ||
| try std.testing.expect(result); | ||
| } | ||
|
|
||
| test "bls - sign and verify round trip variable-length message" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const sk = try SecretKey.keyGen(ikm[0..], null); | ||
| const msg = "ethereum consensus"; | ||
| const sig = sign(sk, msg); | ||
| const pk = sk.toPublicKey(); | ||
| try verify(msg, &pk, &sig, null, null); | ||
| } | ||
|
|
||
| test "bls - verify with pubkey and signature subgroup checks" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const sk = try SecretKey.keyGen(ikm[0..], null); | ||
| const msg = [_]u8{0xab} ** 32; | ||
| const sig = sign(sk, &msg); | ||
| const pk = sk.toPublicKey(); | ||
| try verify(&msg, &pk, &sig, true, true); | ||
| } | ||
|
|
||
| test "bls - fastAggregateVerify uses only first 32 bytes of longer buffer" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const sk = try SecretKey.keyGen(ikm[0..], null); | ||
| var msg64: [64]u8 = undefined; | ||
| @memset(msg64[32..], 0xcd); | ||
| @memset(msg64[0..32], 0x42); | ||
| const sig = sign(sk, msg64[0..32]); | ||
| const pk = sk.toPublicKey(); | ||
| var pks = [_]PublicKey{pk}; | ||
| const ok = try fastAggregateVerify(&msg64, pks[0..], &sig, null, null); | ||
| try std.testing.expect(ok); | ||
| } | ||
|
|
||
| test "bls - verify fails on wrong message" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const sk = try SecretKey.keyGen(ikm[0..], null); | ||
| var msg = [_]u8{1} ** 32; | ||
| const sig = sign(sk, &msg); | ||
| const pk = sk.toPublicKey(); | ||
| msg[0] ^= 1; | ||
| try std.testing.expectError(bls.BlstError.VerifyFail, verify(&msg, &pk, &sig, null, null)); | ||
|
Contributor
There was a problem hiding this comment. The style guide prohibits the use of abbreviations for variable names (except for specific cases like sort indices). Please expand References
|
||
| } | ||
|
|
||
| test "bls - verify fails on wrong public key" { | ||
| const ikm_a: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const ikm_b: [32]u8 = [_]u8{ | ||
| 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, | ||
| 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, | ||
| 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, | ||
| 0x0f, 0x10, | ||
| }; | ||
| const sk_a = try SecretKey.keyGen(ikm_a[0..], null); | ||
| const sk_b = try SecretKey.keyGen(ikm_b[0..], null); | ||
| const msg = [_]u8{1} ** 32; | ||
| const sig = sign(sk_a, &msg); | ||
| const pk_b = sk_b.toPublicKey(); | ||
| try std.testing.expectError(bls.BlstError.VerifyFail, verify(&msg, &pk_b, &sig, null, null)); | ||
|
Contributor
There was a problem hiding this comment. Expand abbreviations References
|
||
| } | ||
|
|
||
| test "bls - fastAggregateVerify false on wrong message" { | ||
| const ikm: [32]u8 = [_]u8{ | ||
| 0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a, | ||
| 0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56, | ||
| 0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c, | ||
| 0x48, 0x99, | ||
| }; | ||
| const sk = try SecretKey.keyGen(ikm[0..], null); | ||
| var msg = [_]u8{1} ** 32; | ||
| const sig = sign(sk, &msg); | ||
| const pk = sk.toPublicKey(); | ||
| msg[31] ^= 0xff; | ||
| var pks = [_]PublicKey{pk}; | ||
| const result = try fastAggregateVerify(&msg, pks[0..], &sig, null, null); | ||
| try std.testing.expect(!result); | ||
|
Contributor
There was a problem hiding this comment. Expand abbreviations References
|
||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The style guide requires that all function arguments be asserted to ensure the function does not operate blindly on data it has not checked. Furthermore, the assertion density should average at least two assertions per function. Adding an assertion for
pks.lenhelps satisfy these requirements.References