def print_tv_hash(hash_in, ciphersuite, hash_fn, print_pt_fn, quiet):
if len(hash_in) > 2:
(msg, _, hash_expect) = hash_in[:3]
else:
msg = hash_in[0]
hash_expect = None
# hash to point
P = hash_fn(msg, ciphersuite)
if hash_expect is not None:
if serialize(P) != hash_expect:
raise SerError("serializing P did not give hash_expect")
if from_jacobian(deserialize(hash_expect)) != from_jacobian(P):
raise DeserError("deserializing hash_expect did not give P")
if quiet:
return
print("=============== begin hash test vector ==================")
sys.stdout.write("ciphersuite: ")
print_value(ciphersuite, 13, True)
sys.stdout.write("message: ")
print_value(msg, 13, True)
print("result:")
print_pt_fn(P)
print("=============== end hash test vector ==================")
def print_tv_sig(sig_in, ciphersuite, sign_fn, keygen_fn, print_pk_fn,
print_sig_fn, ver_fn, quiet):
if len(sig_in) > 2:
(msg, sk, sig_expect) = sig_in[:3]
else:
(msg, sk) = sig_in
sig_expect = None
# generate key and signature
(x_prime, pk) = keygen_fn(sk)
sig = sign_fn(x_prime, msg, ciphersuite)
if sig_expect is not None:
if serialize(sig) != sig_expect:
raise SerError("serializing sig did not give sig_expect")
if from_jacobian(deserialize(sig_expect)) != from_jacobian(sig):
raise DeserError("deserializing sig_expect did not give sig")
if ver_fn is not None and not ver_fn(pk, sig, msg, ciphersuite):
raise RuntimeError("verifying generated signature failed")
if quiet:
return
# output the test vector
print("================== begin test vector ====================")
print("g1 generator:")
print_g1_hex(g1gen)
print("g2 generator:")
print_g2_hex(g2gen)
print("group order: 0x%x" % q)
sys.stdout.write("ciphersuite: ")
print_value(ciphersuite, 13, True)
sys.stdout.write("message: ")
print_value(msg, 13, True)
sys.stdout.write("sk: ")
print_value(sk, 13, True)
sys.stdout.write("x_prime: ")
print_value(x_prime, 13, True)
print("public key:")
print_pk_fn(pk)
print("signature:")
print_sig_fn(sig)
print("================== end test vector ====================")
def _agg_ver_aug(pks, msgs, sig, ciphersuite, ver_fn):
assert len(pks) == len(
msgs), "FAIL: aggregate_verify_aug needs same number of sigs and msgs"
msgs_aug = [serialize(pk, True) + msg for (pk, msg) in zip(pks, msgs)]
return ver_fn(pks, msgs_aug, sig, ciphersuite)
def verify_aug(pk, sig, msg, ciphersuite):
pk_bytes = serialize(pk, True) # serialize in compressed form
return verify(pk, sig, pk_bytes + msg, ciphersuite)
def _sign_aug(x_prime, msg, ciphersuite, pk=None, gen):
if pk is None:
pk = point_mul(x_prime, gen)
pk_bytes = serialize(pk, True) # serialize in compressed form
return sign(x_prime, pk_bytes + msg, ciphersuite)
def pop_verify(pk, proof, ciphersuite):
pk_bytes = serialize(pk, True) # serialize in compressed form
P = map2curve_osswu(pk_bytes, ciphersuite)
pk_ok = subgroup_check_g2(pk)
proof_ok = multi_pairing((P, proof), (pk, point_neg(g2gen))) == 1
return pk_ok and proof_ok
def pop_prove(x_prime, pk, ciphersuite):
pk_bytes = serialize(pk, True) # serialize in compressed form
P = map2curve_osswu(pk_bytes, ciphersuite)
return point_mul(x_prime, P)