diff --git a/README.md b/README.md index 6d2baf2..025e7aa 100644 --- a/README.md +++ b/README.md @@ -260,5 +260,5 @@ Please add yourself here if you make or have made a contribution. 1. [Check for open issues](https://github.com/apache/incubator-milagro-crypto-c/issues) or start a discussion around a feature idea or a bug by sending a mail to dev@milagro.incubator.apache.org 2. Fork the repository to start making your changes. Please use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request with a reference to the issue +4. Make a pull request with a reference to the issue diff --git a/examples/testbls_ZZZ.c.in b/examples/testbls_ZZZ.c.in index f84525e..61a5b23 100644 --- a/examples/testbls_ZZZ.c.in +++ b/examples/testbls_ZZZ.c.in @@ -16,8 +16,6 @@ specific language governing permissions and limitations under the License. */ -/* test driver and function exerciser for BLS Signature API Functions */ - /* Build executable after installation: gcc -O0 -g ./testbls_ZZZ.c $(pkg-config --libs --cflags amcl) -o testbls_ZZZ @@ -47,30 +45,73 @@ under the License. #define G2LEN 16*BFS_ZZZ #endif -static char message[]="This is a test message"; +static char message[]="test message"; int bls(csprng *RNG) { int rc; - char s[BGS_ZZZ]; - char w[G2LEN]; + + char sk1[BGS_ZZZ]; + octet SK1 = {0,sizeof(sk1),sk1}; + char pk1[G2LEN]; + octet PK1 = {0,sizeof(pk1),pk1}; + char sig1[BFS_ZZZ+1]; + octet SIG1 = {0,sizeof(sig1),sig1}; + + char sk2[BGS_ZZZ]; + octet SK2 = {0,sizeof(sk2),sk2}; + char pk2[G2LEN]; + octet PK2 = {0,sizeof(pk2),pk2}; + char sig2[BFS_ZZZ+1]; + octet SIG2 = {0,sizeof(sig2),sig2}; + + char sk3[BGS_ZZZ]; + octet SK3 = {0,sizeof(sk3),sk3}; + char pk3[G2LEN]; + octet PK3 = {0,sizeof(pk3),pk3}; + char sig3[BFS_ZZZ+1]; + octet SIG3 = {0,sizeof(sig3),sig3}; + + // Combined signature and public keys + char pk[G2LEN]; + octet PK = {0,sizeof(pk),pk}; char sig[BFS_ZZZ+1]; - octet S= {0,sizeof(s),s}; - octet W= {0,sizeof(w),w}; - octet SIG= {0,sizeof(sig),sig}; + octet SIG = {0,sizeof(sig),sig}; - BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&S,&W); + // Generate key pairs + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK1,&PK1); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK2,&PK2); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); - printf("Private key: 0x"); - OCT_output(&S); - printf("Public key: 0x"); - OCT_output(&W); + printf("Private key SK1: "); + OCT_output(&SK1); + printf("Public key PK1: "); + OCT_output(&PK1); + printf("Private key SK2: "); + OCT_output(&SK2); + printf("Public key PK2: "); + OCT_output(&PK2); + printf("Private key SK3: "); + OCT_output(&SK2); + printf("Public key PK3: "); + OCT_output(&PK2); + printf("\n"); - BLS_ZZZ_SIGN(&SIG,message,&S); - printf("Signature: 0x"); - OCT_output(&SIG); + // Sign the message + BLS_ZZZ_SIGN(&SIG1,message,&SK1); + BLS_ZZZ_SIGN(&SIG2,message,&SK2); + BLS_ZZZ_SIGN(&SIG3,message,&SK3); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + printf("SIG1: "); + OCT_output(&SIG1); + printf("SIG2: "); + OCT_output(&SIG2); + printf("SIG3: "); + OCT_output(&SIG3); + printf("\n"); + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); @@ -78,15 +119,100 @@ int bls(csprng *RNG) else { printf("Error: Invalid Signature\n"); + return 1; } + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG2,message,&PK2); + if (rc==BLS_OK) + { + printf("Success: Signature is valid\n"); + } + else + { + printf("Error: Invalid Signature\n"); + return 1; + } + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG3,message,&PK3); + if (rc==BLS_OK) + { + printf("Success: Signature is valid\n"); + } + else + { + printf("Error: Invalid Signature\n"); + return 1; + } + + // Add Public keys + rc = BLS_ZZZ_ADD_G2(&PK1,&PK2,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + rc = BLS_ZZZ_ADD_G2(&PK,&PK3,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + printf("Public key PK: "); + OCT_output(&PK); + printf("\n"); + + // Add signatures + rc = BLS_ZZZ_ADD_G1(&SIG1,&SIG2,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + + // Verify combined signature. This should fail. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Success: Combined signature is valid\n"); + return 1; + } + else + { + printf("Error: Combined signature is invalid\n"); + } + + rc = BLS_ZZZ_ADD_G1(&SIG,&SIG3,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + printf("SIG: "); + OCT_output(&SIG); + printf("\n"); + // Verify combined signature. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Success: Combined signature is valid\n"); + } + else + { + printf("Error: Combined signature is invalid\n"); + return 1; + } + + // change the message message[0]='Z'; printf("message %s\n", message); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); + return 1; } else { @@ -94,22 +220,28 @@ int bls(csprng *RNG) } // Change the signature - message[0]='T'; - SIG.val[0]=5; + message[0]='t'; + SIG1.val[0]=5; printf("message %s\n", message); - printf("Signature: 0x"); - OCT_output(&SIG); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + printf("Sig1nature SIG1: "); + OCT_output(&SIG1); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); + return 1; } else { printf("Error: Invalid Signature\n"); } - return rc; + /* clear memory */ + OCT_clear(&SK1); + OCT_clear(&SK2); + OCT_clear(&SK3); + + return 0; } diff --git a/include/bls.h.in b/include/bls.h.in index de179c8..8905ddd 100644 --- a/include/bls.h.in +++ b/include/bls.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,23 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); + #endif diff --git a/include/bls192.h.in b/include/bls192.h.in index 8bd7fae..ae8ab26 100644 --- a/include/bls192.h.in +++ b/include/bls192.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,23 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); + #endif diff --git a/include/bls256.h.in b/include/bls256.h.in index 977c4ee..ad9dfb0 100644 --- a/include/bls256.h.in +++ b/include/bls256.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,23 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); + #endif diff --git a/src/bls.c.in b/src/bls.c.in index 277d3cd..0d4c899 100644 --- a/src/bls.c.in +++ b/src/bls.c.in @@ -26,7 +26,6 @@ under the License. #include "bls_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP2_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -65,29 +62,82 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) BLS_HASHIT(&D,m); BIG_XXX_fromBytes(s,S->val); PAIR_ZZZ_G1mul(&D,s); - ECP_ZZZ_toOctet(SIG,&D,true); /* compress output */ + // compress output + ECP_ZZZ_toOctet(SIG,&D,true); return BLS_OK; } /* Verify signature of message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP12_YYY v; ECP2_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } + ECP2_ZZZ_generator(&G); - ECP2_ZZZ_fromOctet(&PK,W); - ECP_ZZZ_neg(&D); + if (!ECP2_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } + ECP_ZZZ_neg(&D); PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); - PAIR_ZZZ_fexp(&v); - if (FP12_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + if (!FP12_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; } +/* R=R1+R2 in group G1 */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; +} + +/* W=W1+W2 in group G2 */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP2_ZZZ Q; + ECP2_ZZZ T; + + if (!ECP2_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP2_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP2_ZZZ_add(&Q,&T); + ECP2_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} diff --git a/src/bls192.c.in b/src/bls192.c.in index bab100c..79a1c20 100644 --- a/src/bls192.c.in +++ b/src/bls192.c.in @@ -26,7 +26,6 @@ under the License. #include "bls192_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP4_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -70,22 +67,77 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) } /* Verify signature given message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP24_YYY v; ECP4_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } + ECP4_ZZZ_generator(&G); - ECP4_ZZZ_fromOctet(&PK,W); + + if (!ECP4_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } ECP_ZZZ_neg(&D); PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); - PAIR_ZZZ_fexp(&v); - if (FP24_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + + if (!FP24_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; +} + + +/* R=R1+R2 in group G1 */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; } +/* W=W1+W2 in group G2 */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP4_ZZZ Q; + ECP4_ZZZ T; + + if (!ECP4_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP4_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP4_ZZZ_add(&Q,&T); + ECP4_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} diff --git a/src/bls256.c.in b/src/bls256.c.in index 6b250d1..19f7e43 100644 --- a/src/bls256.c.in +++ b/src/bls256.c.in @@ -26,7 +26,6 @@ under the License. #include "bls256_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP8_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -70,23 +67,77 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) } /* Verify signature given message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP48_YYY v; ECP8_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); - ECP8_ZZZ_generator(&G); - ECP8_ZZZ_fromOctet(&PK,W); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } ECP_ZZZ_neg(&D); + ECP8_ZZZ_generator(&G); + + if (!ECP8_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } + PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); PAIR_ZZZ_fexp(&v); - if (FP48_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + if (!FP48_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; } +/* R=R1+R2 in group G1 */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; +} + +/* W=W1+W2 in group G2 */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP8_ZZZ Q; + ECP8_ZZZ T; + + if (!ECP8_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP8_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP8_ZZZ_add(&Q,&T); + ECP8_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} diff --git a/test/test_bls_ZZZ.c.in b/test/test_bls_ZZZ.c.in index c35c75b..bd6f56a 100644 --- a/test/test_bls_ZZZ.c.in +++ b/test/test_bls_ZZZ.c.in @@ -16,7 +16,7 @@ specific language governing permissions and limitations under the License. */ -/* smoke test for BLS */ +// smoke test for BLS #include #include @@ -41,30 +41,85 @@ under the License. #define G2LEN 16*BFS_ZZZ #endif -static char message[]="This is a test message"; +static char message[]="test message"; int bls(csprng *RNG) { int rc; - char s[BGS_ZZZ]; - char w[G2LEN]; + + char sk1[BGS_ZZZ]; + octet SK1 = {0,sizeof(sk1),sk1}; + char pk1[G2LEN]; + octet PK1 = {0,sizeof(pk1),pk1}; + char sig1[BFS_ZZZ+1]; + octet SIG1 = {0,sizeof(sig1),sig1}; + + char sk2[BGS_ZZZ]; + octet SK2 = {0,sizeof(sk2),sk2}; + char pk2[G2LEN]; + octet PK2 = {0,sizeof(pk2),pk2}; + char sig2[BFS_ZZZ+1]; + octet SIG2 = {0,sizeof(sig2),sig2}; + + char sk3[BGS_ZZZ]; + octet SK3 = {0,sizeof(sk3),sk3}; + char pk3[G2LEN]; + octet PK3 = {0,sizeof(pk3),pk3}; + char sig3[BFS_ZZZ+1]; + octet SIG3 = {0,sizeof(sig3),sig3}; + + // Combined signature and public keys + char pk[G2LEN]; + octet PK = {0,sizeof(pk),pk}; char sig[BFS_ZZZ+1]; - octet S= {0,sizeof(s),s}; - octet W= {0,sizeof(w),w}; - octet SIG= {0,sizeof(sig),sig}; + octet SIG = {0,sizeof(sig),sig}; - BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&S,&W); + // Generate key pairs + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK1,&PK1); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK2,&PK2); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); - printf("Private key: 0x"); - OCT_output(&S); - printf("Public key: 0x"); - OCT_output(&W); + printf("Private key SK1: "); + OCT_output(&SK1); + printf("Public key PK1: "); + OCT_output(&PK1); + printf("Private key SK2: "); + OCT_output(&SK2); + printf("Public key PK2: "); + OCT_output(&PK2); + printf("Private key SK3: "); + OCT_output(&SK2); + printf("Public key PK3: "); + OCT_output(&PK2); + printf("\n"); - BLS_ZZZ_SIGN(&SIG,message,&S); - printf("Signature: 0x"); - OCT_output(&SIG); + // Sign the message + BLS_ZZZ_SIGN(&SIG1,message,&SK1); + BLS_ZZZ_SIGN(&SIG2,message,&SK2); + BLS_ZZZ_SIGN(&SIG3,message,&SK3); + + printf("SIG1: "); + OCT_output(&SIG1); + printf("SIG2: "); + OCT_output(&SIG2); + printf("SIG3: "); + OCT_output(&SIG3); + printf("\n"); + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature / message\n"); + } + else + { + printf("Test Failed valid Signature / message\n"); + return 1; + } - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG2,message,&PK2); if (rc==BLS_OK) { printf("Test Passed valid Signature / message\n"); @@ -75,37 +130,115 @@ int bls(csprng *RNG) return 1; } + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG3,message,&PK3); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature / message\n"); + } + else + { + printf("Test Failed valid Signature / message\n"); + return 1; + } + + // Add Public keys + rc = BLS_ZZZ_ADD_G2(&PK1,&PK2,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + rc = BLS_ZZZ_ADD_G2(&PK,&PK3,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + printf("Public key PK: "); + OCT_output(&PK); + printf("\n"); + + // Add signatures + rc = BLS_ZZZ_ADD_G1(&SIG1,&SIG2,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + + // Verify combined signature. This should fail. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_FAIL) + { + printf("Test Passed invalid signature SIG = SIG1 + SIG2 \n"); + } + else + { + printf("Test Failed invalid signature SIG = SIG1 + SIG2 \n"); + return 1; + } + + rc = BLS_ZZZ_ADD_G1(&SIG,&SIG3,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + printf("SIG: "); + OCT_output(&SIG); + printf("\n"); + + // Verify combined signature. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature SIG = SIG1 + SIG2 + SIG3\n"); + } + else + { + printf("Test Failed valid Signature SIG = SIG1 + SIG2 + SIG3\n"); + return 1; + } + + // change the message message[0]='Z'; printf("message %s\n", message); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); - if (rc!=BLS_OK) + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_FAIL) { - printf("Test Passed valid Signature / invalid message\n"); + printf("Test Passed valid signature / invalid message\n"); } else { - printf("Test Failed valid Signature / invalid message\n"); + printf("Test Failed valid signature / invalid message\n"); return 1; } - // Invalid signature - message[0]='T'; - SIG.val[0]=5; + + // Change the signature + message[0]='t'; + SIG1.val[0]=5; printf("message %s\n", message); - printf("Signature: 0x"); - OCT_output(&SIG); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); - if (rc!=BLS_OK) + printf("Sig1nature SIG1: "); + OCT_output(&SIG1); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_FAIL) { - printf("Test Passed invalid Signature / valid message\n"); + printf("Test Passed invalid signature / valid message\n"); } else { - printf("Test Failed invalid Signature / valid message\n"); + printf("Test Failed invalid signature / valid message\n"); return 1; } + /* clear memory */ + OCT_clear(&SK1); + OCT_clear(&SK2); + OCT_clear(&SK3); + return 0; } @@ -129,8 +262,7 @@ int main() CREATE_CSPRNG(&RNG,&SEED); printf("\nTesting BLS signature for curve ZZZ\n"); - int rc = bls(&RNG); - if (rc == 0) + if (bls(&RNG)) { printf("SUCCESS"); }