longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,724 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "circuits/mdoc/mdoc_zk.h"
|
|
16
|
+
|
|
17
|
+
#include <stdio.h>
|
|
18
|
+
#include <sys/types.h>
|
|
19
|
+
|
|
20
|
+
#include <cstddef>
|
|
21
|
+
#include <cstdint>
|
|
22
|
+
#include <cstdlib>
|
|
23
|
+
#include <string>
|
|
24
|
+
#include <vector>
|
|
25
|
+
|
|
26
|
+
#include "circuits/mdoc/mdoc_examples.h"
|
|
27
|
+
#include "circuits/mdoc/mdoc_test_attributes.h"
|
|
28
|
+
#include "random/secure_random_engine.h"
|
|
29
|
+
#include "util/log.h"
|
|
30
|
+
#include "benchmark/benchmark.h"
|
|
31
|
+
#include "gtest/gtest.h"
|
|
32
|
+
|
|
33
|
+
namespace proofs {
|
|
34
|
+
namespace {
|
|
35
|
+
|
|
36
|
+
// Test fixture for MdocZK that handles 1 and 2 attribute circuits.
|
|
37
|
+
// This class produces static versions of the 1- and 2- attribute circuits
|
|
38
|
+
// and reuses them for all tests.
|
|
39
|
+
class MdocZKTest : public testing::Test {
|
|
40
|
+
protected:
|
|
41
|
+
MdocZKTest() { set_log_level(INFO); }
|
|
42
|
+
|
|
43
|
+
static void SetUpTestCase() {
|
|
44
|
+
if (circuit1_ == nullptr) {
|
|
45
|
+
EXPECT_EQ(generate_circuit(&kZkSpecs[0], &circuit1_, &circuit_len1_),
|
|
46
|
+
CIRCUIT_GENERATION_SUCCESS);
|
|
47
|
+
EXPECT_EQ(generate_circuit(&kZkSpecs[1], &circuit2_, &circuit_len2_),
|
|
48
|
+
CIRCUIT_GENERATION_SUCCESS);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
static void TearDownTestCase() {
|
|
53
|
+
if (circuit1_ != nullptr) {
|
|
54
|
+
free(circuit1_);
|
|
55
|
+
free(circuit2_);
|
|
56
|
+
circuit1_ = nullptr;
|
|
57
|
+
circuit2_ = nullptr;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
void run_test(const char* test_name, size_t num_attrs,
|
|
62
|
+
const RequestedAttribute* attrs, const MdocTests* test,
|
|
63
|
+
MdocProverErrorCode want_ret = MDOC_PROVER_SUCCESS) {
|
|
64
|
+
uint8_t* circuit = num_attrs == 1 ? circuit1_ : circuit2_;
|
|
65
|
+
size_t circuit_len = num_attrs == 1 ? circuit_len1_ : circuit_len2_;
|
|
66
|
+
const ZkSpecStruct zk_spec = num_attrs == 1 ? kZkSpecs[0] : kZkSpecs[1];
|
|
67
|
+
EXPECT_TRUE(circuit != nullptr);
|
|
68
|
+
|
|
69
|
+
uint8_t* zkproof = nullptr;
|
|
70
|
+
size_t proof_len;
|
|
71
|
+
|
|
72
|
+
log(INFO, "========== Test %s", test_name);
|
|
73
|
+
{
|
|
74
|
+
log(INFO, "starting prover");
|
|
75
|
+
MdocProverErrorCode ret = run_mdoc_prover(
|
|
76
|
+
circuit, circuit_len, test->mdoc, test->mdoc_size,
|
|
77
|
+
test->pkx.as_pointer, test->pky.as_pointer, test->transcript,
|
|
78
|
+
test->transcript_size, attrs, num_attrs, (const char*)test->now,
|
|
79
|
+
&zkproof, &proof_len, &zk_spec);
|
|
80
|
+
EXPECT_EQ(ret, want_ret);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
if (want_ret == MDOC_PROVER_SUCCESS) {
|
|
84
|
+
log(INFO, "starting verifier");
|
|
85
|
+
MdocVerifierErrorCode ret = run_mdoc_verifier(
|
|
86
|
+
circuit, circuit_len, test->pkx.as_pointer, test->pky.as_pointer,
|
|
87
|
+
test->transcript, test->transcript_size, attrs, num_attrs,
|
|
88
|
+
(const char*)test->now, zkproof, proof_len, test->doc_type, &zk_spec);
|
|
89
|
+
EXPECT_EQ(ret, MDOC_VERIFIER_SUCCESS);
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
if (zkproof != nullptr) {
|
|
93
|
+
free(zkproof);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
// The two circuits are generated once and reused for all tests.
|
|
98
|
+
static uint8_t *circuit1_, *circuit2_;
|
|
99
|
+
static size_t circuit_len1_, circuit_len2_;
|
|
100
|
+
};
|
|
101
|
+
|
|
102
|
+
uint8_t* MdocZKTest::circuit1_ = nullptr;
|
|
103
|
+
uint8_t* MdocZKTest::circuit2_ = nullptr;
|
|
104
|
+
size_t MdocZKTest::circuit_len1_ = 0;
|
|
105
|
+
size_t MdocZKTest::circuit_len2_ = 0;
|
|
106
|
+
|
|
107
|
+
typedef struct {
|
|
108
|
+
const char* test_name;
|
|
109
|
+
RequestedAttribute claims[1];
|
|
110
|
+
const MdocTests* mdoc;
|
|
111
|
+
} Claims;
|
|
112
|
+
|
|
113
|
+
typedef struct {
|
|
114
|
+
const char* test_name;
|
|
115
|
+
RequestedAttribute claims[2];
|
|
116
|
+
const MdocTests* mdoc;
|
|
117
|
+
} TwoClaims;
|
|
118
|
+
|
|
119
|
+
TEST_F(MdocZKTest, one_claim) {
|
|
120
|
+
const Claims tests[] = {
|
|
121
|
+
{"+18-mdoc[0]", {test::age_over_18}, &mdoc_tests[0]},
|
|
122
|
+
{"+18-mdoc[1]", {test::age_over_18}, &mdoc_tests[1]},
|
|
123
|
+
{"+18-mdoc[2]", {test::age_over_18}, &mdoc_tests[2]},
|
|
124
|
+
{"+18-mdoc[9]", {test::europa_age_over_18}, &mdoc_tests[9]},
|
|
125
|
+
{"familyname_mustermann-mdoc[3]",
|
|
126
|
+
{test::familyname_mustermann},
|
|
127
|
+
&mdoc_tests[3]},
|
|
128
|
+
{"birthdate_1971_09_01-mdoc[3]",
|
|
129
|
+
{test::birthdate_1971_09_01},
|
|
130
|
+
&mdoc_tests[3]},
|
|
131
|
+
{"height_175-mdoc[3]", {test::height_175}, &mdoc_tests[3]},
|
|
132
|
+
// Test Google IDPass which uses a different docType.
|
|
133
|
+
{"birthdate_1998_09_04-idpass-mdoc[4]",
|
|
134
|
+
{test::birthdate_1998_09_04},
|
|
135
|
+
&mdoc_tests[4]},
|
|
136
|
+
// Website explainer example.
|
|
137
|
+
{"age_over_18-website-mdoc[5]", {test::age_over_18}, &mdoc_tests[5]},
|
|
138
|
+
// Large mdoc from 2025-06-10.
|
|
139
|
+
{"not_over_18-large-mdoc[6]", {test::not_over_18}, &mdoc_tests[6]},
|
|
140
|
+
// Integer field.
|
|
141
|
+
{"age_birth_year-mdoc[8]", {test::age_birth_year}, &mdoc_tests[8]},
|
|
142
|
+
// AAMVA DHS_compliance field.
|
|
143
|
+
{"DHS_compliance-mdoc[10]",
|
|
144
|
+
{test::aamva_dhs_compliance},
|
|
145
|
+
&mdoc_tests[10]},
|
|
146
|
+
// Sparkasse Age Assurance test.
|
|
147
|
+
{"Sparkasse_Age-mdoc[11]", {test::age_over_18}, &mdoc_tests[11]},
|
|
148
|
+
// MT Prod test
|
|
149
|
+
{"MT_Prod_Age_Over_18-mdoc[12]", {test::age_over_18}, &mdoc_tests[12]},
|
|
150
|
+
{"MT_Prod_Age_Over_18-mdoc[14]", {test::age_over_18}, &mdoc_tests[14]},
|
|
151
|
+
// AZ Prod test
|
|
152
|
+
{"AZ_Prod_Age_Over_18-mdoc[13]", {test::age_over_18}, &mdoc_tests[13]},
|
|
153
|
+
// EUAV order tests
|
|
154
|
+
{"EUAV_Age_Over_18-mdoc[15]", {test::age_over_18}, &mdoc_tests[15]},
|
|
155
|
+
{"EUAV_Age_Over_18-mdoc[16]", {test::age_over_18}, &mdoc_tests[16]},
|
|
156
|
+
{"EUAV_Age_Over_18-mdoc[17]", {test::age_over_18}, &mdoc_tests[17]},
|
|
157
|
+
{"EUAV_Age_Over_18-mdoc[18]", {test::age_over_18}, &mdoc_tests[18]},
|
|
158
|
+
{"EUAV_Age_Over_18-mdoc[19]", {test::age_over_18}, &mdoc_tests[19]},
|
|
159
|
+
{"EUAV_Age_Over_18-mdoc[20]", {test::age_over_18}, &mdoc_tests[20]},
|
|
160
|
+
{"EUAV_Age_Over_18-mdoc[21]", {test::age_over_18}, &mdoc_tests[21]},
|
|
161
|
+
{"EUAV_Age_Over_18-mdoc[22]", {test::age_over_18}, &mdoc_tests[22]},
|
|
162
|
+
{"EUAV_Age_Over_18-mdoc[23]", {test::age_over_18}, &mdoc_tests[23]},
|
|
163
|
+
{"EUAV_Age_Over_18-mdoc[24]", {test::age_over_18}, &mdoc_tests[24]},
|
|
164
|
+
{"Aadhaar_age_above18-mdoc[25]", {test::age_above18}, &mdoc_tests[25]},
|
|
165
|
+
};
|
|
166
|
+
|
|
167
|
+
for (size_t i = 0; i < sizeof(tests) / sizeof(tests[0]); ++i) {
|
|
168
|
+
run_test(tests[i].test_name, 1, tests[i].claims, tests[i].mdoc);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
TEST_F(MdocZKTest, long_attribute) {
|
|
173
|
+
uint8_t* zkproof;
|
|
174
|
+
size_t proof_len;
|
|
175
|
+
RequestedAttribute attrs[1] = {test::age_over_18};
|
|
176
|
+
auto test = &mdoc_tests[0];
|
|
177
|
+
{
|
|
178
|
+
log(INFO, "starting prover");
|
|
179
|
+
MdocProverErrorCode ret = run_mdoc_prover(
|
|
180
|
+
circuit1_, circuit_len1_, test->mdoc, test->mdoc_size,
|
|
181
|
+
test->pkx.as_pointer, test->pky.as_pointer, test->transcript,
|
|
182
|
+
test->transcript_size, attrs, 1, (const char*)test->now, &zkproof,
|
|
183
|
+
&proof_len, &kZkSpecs[0]);
|
|
184
|
+
EXPECT_EQ(ret, MDOC_PROVER_SUCCESS);
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
// Attr is too long.
|
|
188
|
+
RequestedAttribute long_attr[1] = {
|
|
189
|
+
{.namespace_id = {'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1', '8', '0',
|
|
190
|
+
'1', '3', '.', '5', '.', '1'},
|
|
191
|
+
.id = {'a', 'g', 'e', '_', 'o', 'v', 'e', 'r', '_', '1', '8',
|
|
192
|
+
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0',
|
|
193
|
+
'0', '0', '0', '0', '0', '0', '0', '0', '0', '0'},
|
|
194
|
+
.cbor_value = {0xf5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
195
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
196
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
197
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
|
|
198
|
+
.namespace_len = 17,
|
|
199
|
+
.id_len = 32,
|
|
200
|
+
.cbor_value_len = 64}};
|
|
201
|
+
|
|
202
|
+
MdocVerifierErrorCode ret = run_mdoc_verifier(
|
|
203
|
+
circuit1_, circuit_len1_, test->pkx.as_pointer, test->pky.as_pointer,
|
|
204
|
+
test->transcript, test->transcript_size, long_attr, 1,
|
|
205
|
+
(const char*)test->now, zkproof, proof_len, test->doc_type, &kZkSpecs[0]);
|
|
206
|
+
EXPECT_EQ(ret, MDOC_VERIFIER_INVALID_CBOR);
|
|
207
|
+
free(zkproof);
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
TEST_F(MdocZKTest, two_claims) {
|
|
211
|
+
const TwoClaims two_tests[] = {
|
|
212
|
+
{
|
|
213
|
+
"18+,familyname_mustermann-mdoc[3]",
|
|
214
|
+
{
|
|
215
|
+
test::age_over_18,
|
|
216
|
+
test::familyname_mustermann,
|
|
217
|
+
},
|
|
218
|
+
&mdoc_tests[3],
|
|
219
|
+
},
|
|
220
|
+
{
|
|
221
|
+
"18+,birthdate_1971_09_01-mdoc[3]",
|
|
222
|
+
{
|
|
223
|
+
test::age_over_18,
|
|
224
|
+
test::birthdate_1971_09_01,
|
|
225
|
+
},
|
|
226
|
+
&mdoc_tests[3],
|
|
227
|
+
},
|
|
228
|
+
{
|
|
229
|
+
"height175,issue_date_2024-03-15-mdoc[3]",
|
|
230
|
+
{
|
|
231
|
+
test::height_175,
|
|
232
|
+
test::issue_date_2024_03_15,
|
|
233
|
+
},
|
|
234
|
+
&mdoc_tests[3],
|
|
235
|
+
},
|
|
236
|
+
{
|
|
237
|
+
"birthdate_1968_04_27,issue_date_2025-07-21T04:00:00Z-mdoc[8]",
|
|
238
|
+
{
|
|
239
|
+
test::birthdate_1968_04_27,
|
|
240
|
+
test::issue_date_2025_07_21,
|
|
241
|
+
},
|
|
242
|
+
&mdoc_tests[7],
|
|
243
|
+
},
|
|
244
|
+
};
|
|
245
|
+
|
|
246
|
+
for (size_t i = 0; i < sizeof(two_tests) / sizeof(two_tests[0]); ++i) {
|
|
247
|
+
run_test(two_tests[i].test_name, 2, two_tests[i].claims, two_tests[i].mdoc);
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
TEST_F(MdocZKTest, wrong_witness) {
|
|
252
|
+
const Claims fail_tests[] = {
|
|
253
|
+
{"fail-not_over_18-mdoc[0]", {test::not_over_18}, &mdoc_tests[0]},
|
|
254
|
+
{"fail-not_over_18-mdoc[1]", {test::not_over_18}, &mdoc_tests[1]},
|
|
255
|
+
{"fail-not_over_18-mdoc[2]", {test::not_over_18}, &mdoc_tests[2]},
|
|
256
|
+
{
|
|
257
|
+
"fail-birthdate_1971_09_01-mdoc[3]",
|
|
258
|
+
{RequestedAttribute(
|
|
259
|
+
{.namespace_id = {'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1',
|
|
260
|
+
'8', '0', '1', '3', '.', '5', '.', '1'},
|
|
261
|
+
.id = {'b', 'i', 'r', 't', 'h', '_', 'd', 'a', 't', 'e'},
|
|
262
|
+
.cbor_value = {0xD9, 0x03, 0xEC, 0x6A, '0', '9', '7', '1', '-',
|
|
263
|
+
'0', '9', '-', '0', '1'},
|
|
264
|
+
.namespace_len = 17,
|
|
265
|
+
.id_len = 10,
|
|
266
|
+
.cbor_value_len = 14})},
|
|
267
|
+
&mdoc_tests[3],
|
|
268
|
+
},
|
|
269
|
+
{
|
|
270
|
+
"fail-birthdate_1871_09_01-mdoc[3]",
|
|
271
|
+
{RequestedAttribute(
|
|
272
|
+
{.namespace_id = {'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1',
|
|
273
|
+
'8', '0', '1', '3', '.', '5', '.', '1'},
|
|
274
|
+
.id = {'b', 'i', 'r', 't', 'h', '_', 'd', 'a', 't', 'e'},
|
|
275
|
+
.cbor_value = {0xD9, 0x03, 0xEC, 0x6A, '1', '8', '7', '1', '-',
|
|
276
|
+
'0', '9', '-', '0', '1'},
|
|
277
|
+
.namespace_len = 17,
|
|
278
|
+
.id_len = 10,
|
|
279
|
+
.cbor_value_len = 14})},
|
|
280
|
+
&mdoc_tests[3],
|
|
281
|
+
},
|
|
282
|
+
{
|
|
283
|
+
"fail-birthdate_1971_09_01-mdoc[3]",
|
|
284
|
+
{RequestedAttribute(
|
|
285
|
+
{.namespace_id = {'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1',
|
|
286
|
+
'8', '0', '1', '3', '.', '5', '.', '1'},
|
|
287
|
+
.id = {'b', 'i', 'r', 't', 'h', '_', 'd', 'a', 't', 'e'},
|
|
288
|
+
.cbor_value = {0xD9, 0x03, 0xEC, 0x6A, '1', '9', '7', '1', '-',
|
|
289
|
+
'0', '9', '-', '0', '1', '0'},
|
|
290
|
+
.namespace_len = 17,
|
|
291
|
+
.id_len = 10,
|
|
292
|
+
.cbor_value_len = 15})},
|
|
293
|
+
&mdoc_tests[3],
|
|
294
|
+
},
|
|
295
|
+
};
|
|
296
|
+
|
|
297
|
+
for (size_t i = 0; i < sizeof(fail_tests) / sizeof(fail_tests[0]); ++i) {
|
|
298
|
+
run_test(fail_tests[i].test_name, 1, fail_tests[i].claims,
|
|
299
|
+
fail_tests[i].mdoc, MDOC_PROVER_GENERAL_FAILURE);
|
|
300
|
+
}
|
|
301
|
+
}
|
|
302
|
+
|
|
303
|
+
TEST_F(MdocZKTest, bad_arguments) {
|
|
304
|
+
constexpr int num_attrs = 1;
|
|
305
|
+
const ZkSpecStruct& zk_spec_1 = kZkSpecs[0];
|
|
306
|
+
RequestedAttribute attrs[num_attrs] = {
|
|
307
|
+
test::age_over_18,
|
|
308
|
+
};
|
|
309
|
+
uint8_t tr[100] = {0};
|
|
310
|
+
uint8_t zkproof[30000] = {0};
|
|
311
|
+
uint8_t circuit[60000] = {0};
|
|
312
|
+
uint8_t mdoc[60000] = {0};
|
|
313
|
+
const char* pk = "0x15";
|
|
314
|
+
const char* pk2 = "bad_pk";
|
|
315
|
+
const char* now = "2023-11-02T09:00:00Z";
|
|
316
|
+
size_t proof_len;
|
|
317
|
+
// ZStd encoding for "hello".
|
|
318
|
+
uint8_t bad_circuit[50001] = {0x28, 0xb5, 0x2f, 0xfd, 0x20, 0x05, 0x29,
|
|
319
|
+
0x00, 0x00, 0x68, 0x65, 0x6c, 0x6c, 0x6f};
|
|
320
|
+
|
|
321
|
+
// Invalid arguments to generate_circuit.
|
|
322
|
+
size_t circuit_len;
|
|
323
|
+
EXPECT_EQ(generate_circuit(nullptr, (uint8_t**)&circuit, &circuit_len),
|
|
324
|
+
CIRCUIT_GENERATION_NULL_INPUT);
|
|
325
|
+
EXPECT_EQ(generate_circuit(&zk_spec_1, nullptr, &circuit_len),
|
|
326
|
+
CIRCUIT_GENERATION_NULL_INPUT);
|
|
327
|
+
EXPECT_EQ(generate_circuit(&zk_spec_1, (uint8_t**)&circuit, nullptr),
|
|
328
|
+
CIRCUIT_GENERATION_NULL_INPUT);
|
|
329
|
+
|
|
330
|
+
// Basic prover tests that pass in a null ptr.
|
|
331
|
+
EXPECT_EQ(run_mdoc_prover(nullptr, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
332
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
333
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
334
|
+
MDOC_PROVER_NULL_INPUT);
|
|
335
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), nullptr, sizeof(mdoc), pk,
|
|
336
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
337
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
338
|
+
MDOC_PROVER_NULL_INPUT);
|
|
339
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc),
|
|
340
|
+
nullptr, pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
341
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
342
|
+
MDOC_PROVER_NULL_INPUT);
|
|
343
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
344
|
+
nullptr, tr, sizeof(tr), attrs, num_attrs, now,
|
|
345
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
346
|
+
MDOC_PROVER_NULL_INPUT);
|
|
347
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
348
|
+
pk, nullptr, sizeof(tr), attrs, num_attrs, now,
|
|
349
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
350
|
+
MDOC_PROVER_NULL_INPUT);
|
|
351
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
352
|
+
pk, tr, sizeof(tr), nullptr, num_attrs, now,
|
|
353
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
354
|
+
MDOC_PROVER_NULL_INPUT);
|
|
355
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
356
|
+
pk, tr, sizeof(tr), attrs, num_attrs, nullptr,
|
|
357
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
358
|
+
MDOC_PROVER_NULL_INPUT);
|
|
359
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
360
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now, nullptr,
|
|
361
|
+
&proof_len, &zk_spec_1),
|
|
362
|
+
MDOC_PROVER_NULL_INPUT);
|
|
363
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
364
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
365
|
+
(uint8_t**)&zkproof, nullptr, &zk_spec_1),
|
|
366
|
+
MDOC_PROVER_NULL_INPUT);
|
|
367
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
368
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
369
|
+
(uint8_t**)&zkproof, &proof_len, nullptr),
|
|
370
|
+
MDOC_PROVER_NULL_INPUT);
|
|
371
|
+
|
|
372
|
+
// Invalid pk.
|
|
373
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk2,
|
|
374
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
375
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
376
|
+
MDOC_PROVER_INVALID_INPUT);
|
|
377
|
+
|
|
378
|
+
// Invalid circuit.
|
|
379
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
380
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
381
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
382
|
+
MDOC_PROVER_CIRCUIT_PARSING_FAILURE);
|
|
383
|
+
EXPECT_EQ(
|
|
384
|
+
run_mdoc_prover(bad_circuit, sizeof(bad_circuit), mdoc, sizeof(mdoc), pk,
|
|
385
|
+
pk, tr, sizeof(tr), attrs, num_attrs, now,
|
|
386
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
387
|
+
MDOC_PROVER_CIRCUIT_PARSING_FAILURE);
|
|
388
|
+
|
|
389
|
+
// Invalid attributes, two different namespaces.
|
|
390
|
+
RequestedAttribute attrs2[2] = {test::age_over_18,
|
|
391
|
+
test::aamva_name_suffix_mr};
|
|
392
|
+
|
|
393
|
+
EXPECT_EQ(run_mdoc_prover(circuit, sizeof(circuit), mdoc, sizeof(mdoc), pk,
|
|
394
|
+
pk, tr, sizeof(tr), attrs2, 2, now,
|
|
395
|
+
(uint8_t**)&zkproof, &proof_len, &zk_spec_1),
|
|
396
|
+
MDOC_PROVER_INVALID_INPUT);
|
|
397
|
+
EXPECT_EQ(run_mdoc_verifier(circuit1_, circuit_len1_, pk, pk, tr, sizeof(tr),
|
|
398
|
+
attrs2, 2, now, zkproof, 100, kDefaultDocType,
|
|
399
|
+
&zk_spec_1),
|
|
400
|
+
MDOC_VERIFIER_INVALID_INPUT);
|
|
401
|
+
|
|
402
|
+
// Basic verifier tests that pass in a null ptr.
|
|
403
|
+
// Broken circuit.
|
|
404
|
+
EXPECT_EQ(run_mdoc_verifier(nullptr, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
405
|
+
attrs, num_attrs, now, zkproof, sizeof(zkproof),
|
|
406
|
+
kDefaultDocType, &zk_spec_1),
|
|
407
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
408
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, 49999, pk, pk, tr, sizeof(tr), attrs,
|
|
409
|
+
num_attrs, now, zkproof, sizeof(zkproof),
|
|
410
|
+
kDefaultDocType, &zk_spec_1),
|
|
411
|
+
MDOC_VERIFIER_ARGUMENTS_TOO_SMALL);
|
|
412
|
+
EXPECT_EQ(run_mdoc_verifier(bad_circuit, sizeof(bad_circuit), pk, pk, tr,
|
|
413
|
+
sizeof(tr), attrs, num_attrs, now, zkproof,
|
|
414
|
+
sizeof(zkproof), kDefaultDocType, &zk_spec_1),
|
|
415
|
+
MDOC_VERIFIER_CIRCUIT_PARSING_FAILURE);
|
|
416
|
+
|
|
417
|
+
// Broken pk.
|
|
418
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), nullptr, pk, tr,
|
|
419
|
+
sizeof(tr), attrs, num_attrs, now, zkproof,
|
|
420
|
+
sizeof(zkproof), kDefaultDocType, &zk_spec_1),
|
|
421
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
422
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, nullptr, tr,
|
|
423
|
+
sizeof(tr), attrs, num_attrs, now, zkproof,
|
|
424
|
+
sizeof(zkproof), kDefaultDocType, &zk_spec_1),
|
|
425
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
426
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk2, tr, sizeof(tr),
|
|
427
|
+
attrs, num_attrs, now, zkproof, sizeof(zkproof),
|
|
428
|
+
kDefaultDocType, &zk_spec_1),
|
|
429
|
+
MDOC_VERIFIER_INVALID_INPUT);
|
|
430
|
+
|
|
431
|
+
// Broken transcript.
|
|
432
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, nullptr,
|
|
433
|
+
sizeof(tr), attrs, num_attrs, now, zkproof,
|
|
434
|
+
sizeof(zkproof), kDefaultDocType, &zk_spec_1),
|
|
435
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
436
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, 0, attrs,
|
|
437
|
+
num_attrs, now, zkproof, sizeof(zkproof),
|
|
438
|
+
kDefaultDocType, &zk_spec_1),
|
|
439
|
+
MDOC_VERIFIER_ARGUMENTS_TOO_SMALL);
|
|
440
|
+
// Broken attrs.
|
|
441
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
442
|
+
nullptr, num_attrs, now, zkproof, sizeof(zkproof),
|
|
443
|
+
kDefaultDocType, &zk_spec_1),
|
|
444
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
445
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
446
|
+
attrs, 0, now, zkproof, sizeof(zkproof),
|
|
447
|
+
kDefaultDocType, &zk_spec_1),
|
|
448
|
+
MDOC_VERIFIER_ARGUMENTS_TOO_SMALL);
|
|
449
|
+
|
|
450
|
+
RequestedAttribute attrs_prefix[1] = {RequestedAttribute(
|
|
451
|
+
{.namespace_id = {'o', 'r', 'g', '.', 'i', 's', 'o', '.', '1', '8', '0',
|
|
452
|
+
'1', '3', '.', '5', '.', '1'},
|
|
453
|
+
.id = {'b', 'i', 'r', 't', 'h', '_', 'd', 'a', 't', 'e'},
|
|
454
|
+
.cbor_value = {0xD9, 0x03, 0xEC, 0x6A, '1', '9', '7', '1', '-', '0', '9',
|
|
455
|
+
'-', '0'},
|
|
456
|
+
.namespace_len = 17,
|
|
457
|
+
.id_len = 10,
|
|
458
|
+
.cbor_value_len = 13})};
|
|
459
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
460
|
+
attrs_prefix, 1, now, zkproof, sizeof(zkproof),
|
|
461
|
+
kDefaultDocType, &zk_spec_1),
|
|
462
|
+
MDOC_VERIFIER_INVALID_CBOR);
|
|
463
|
+
|
|
464
|
+
// Broken now.
|
|
465
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
466
|
+
attrs, num_attrs, nullptr, zkproof,
|
|
467
|
+
sizeof(zkproof), kDefaultDocType, &zk_spec_1),
|
|
468
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
469
|
+
|
|
470
|
+
// Broken zkproof.
|
|
471
|
+
EXPECT_EQ(run_mdoc_verifier(circuit, sizeof(circuit), pk, pk, tr, sizeof(tr),
|
|
472
|
+
attrs, num_attrs, now, nullptr, sizeof(zkproof),
|
|
473
|
+
kDefaultDocType, &zk_spec_1),
|
|
474
|
+
MDOC_VERIFIER_NULL_INPUT);
|
|
475
|
+
EXPECT_EQ(run_mdoc_verifier(circuit1_, circuit_len1_, pk, pk, tr, sizeof(tr),
|
|
476
|
+
attrs, num_attrs, now, zkproof, 100,
|
|
477
|
+
kDefaultDocType, &zk_spec_1),
|
|
478
|
+
MDOC_VERIFIER_ARGUMENTS_TOO_SMALL);
|
|
479
|
+
|
|
480
|
+
uint8_t id[32];
|
|
481
|
+
EXPECT_EQ(circuit_id(nullptr, circuit1_, circuit_len1_, &zk_spec_1), 0);
|
|
482
|
+
EXPECT_EQ(circuit_id(id, nullptr, 0, &zk_spec_1), 0);
|
|
483
|
+
EXPECT_EQ(
|
|
484
|
+
circuit_id(id, circuit1_, circuit_len1_, (const ZkSpecStruct*)nullptr),
|
|
485
|
+
0);
|
|
486
|
+
EXPECT_EQ(circuit_id(id, circuit1_, 10, &zk_spec_1), 0);
|
|
487
|
+
EXPECT_EQ(circuit_id(id, circuit1_, circuit_len1_ - 8, &zk_spec_1), 0);
|
|
488
|
+
}
|
|
489
|
+
|
|
490
|
+
TEST_F(MdocZKTest, attr_mismatch) {
|
|
491
|
+
uint8_t* zkproof;
|
|
492
|
+
size_t proof_len;
|
|
493
|
+
constexpr int num_attrs = 2;
|
|
494
|
+
const ZkSpecStruct& zk_spec_2 = kZkSpecs[1];
|
|
495
|
+
RequestedAttribute attrs[num_attrs] = {test::age_over_18, test::age_over_18};
|
|
496
|
+
const struct MdocTests* test = &mdoc_tests[0];
|
|
497
|
+
|
|
498
|
+
{
|
|
499
|
+
MdocProverErrorCode ret = run_mdoc_prover(
|
|
500
|
+
circuit2_, circuit_len2_, test->mdoc, test->mdoc_size,
|
|
501
|
+
test->pkx.as_pointer, test->pky.as_pointer, test->transcript,
|
|
502
|
+
test->transcript_size, attrs, num_attrs, (const char*)test->now,
|
|
503
|
+
&zkproof, &proof_len, &zk_spec_2);
|
|
504
|
+
EXPECT_EQ(ret, MDOC_PROVER_SUCCESS);
|
|
505
|
+
}
|
|
506
|
+
{
|
|
507
|
+
MdocVerifierErrorCode ret = run_mdoc_verifier(
|
|
508
|
+
circuit2_, circuit_len2_, test->pkx.as_pointer, test->pky.as_pointer,
|
|
509
|
+
test->transcript, test->transcript_size, attrs, num_attrs - 1,
|
|
510
|
+
(const char*)test->now, zkproof, proof_len, kDefaultDocType,
|
|
511
|
+
&zk_spec_2);
|
|
512
|
+
EXPECT_EQ(ret, MDOC_VERIFIER_ATTRIBUTE_NUMBER_MISMATCH);
|
|
513
|
+
}
|
|
514
|
+
free(zkproof);
|
|
515
|
+
}
|
|
516
|
+
|
|
517
|
+
TEST_F(MdocZKTest, bad_proofs) {
|
|
518
|
+
set_log_level(ERROR);
|
|
519
|
+
constexpr int num_attrs = 1;
|
|
520
|
+
const ZkSpecStruct& zk_spec_1 = kZkSpecs[0];
|
|
521
|
+
RequestedAttribute attrs[num_attrs] = {test::age_over_18};
|
|
522
|
+
const struct MdocTests* test = &mdoc_tests[0];
|
|
523
|
+
|
|
524
|
+
constexpr size_t kMaxProofLen = 100000;
|
|
525
|
+
uint8_t zkproof[kMaxProofLen];
|
|
526
|
+
SecureRandomEngine rng;
|
|
527
|
+
rng.bytes(zkproof, sizeof(zkproof));
|
|
528
|
+
for (size_t proof_len = 0; proof_len < kMaxProofLen; proof_len += 1000) {
|
|
529
|
+
MdocVerifierErrorCode ret = run_mdoc_verifier(
|
|
530
|
+
circuit1_, circuit_len1_, test->pkx.as_pointer, test->pky.as_pointer,
|
|
531
|
+
test->transcript, test->transcript_size, attrs, num_attrs,
|
|
532
|
+
(const char*)test->now, zkproof, proof_len, kDefaultDocType,
|
|
533
|
+
&zk_spec_1);
|
|
534
|
+
EXPECT_NE(ret, MDOC_VERIFIER_SUCCESS);
|
|
535
|
+
}
|
|
536
|
+
}
|
|
537
|
+
|
|
538
|
+
TEST(CircuitGenerationTest, attempt_to_generate_old_circuit) {
|
|
539
|
+
set_log_level(ERROR);
|
|
540
|
+
constexpr int num_attrs = 1;
|
|
541
|
+
|
|
542
|
+
// Find the smallest version of the circuit for the given number of
|
|
543
|
+
// attributes.
|
|
544
|
+
const ZkSpecStruct* old_zk_spec = nullptr;
|
|
545
|
+
int num_circuits = 0;
|
|
546
|
+
for (int i = 0; i < kNumZkSpecs; ++i) {
|
|
547
|
+
if (kZkSpecs[i].num_attributes == num_attrs) {
|
|
548
|
+
num_circuits++;
|
|
549
|
+
if (old_zk_spec == nullptr ||
|
|
550
|
+
kZkSpecs[i].version < old_zk_spec->version) {
|
|
551
|
+
old_zk_spec = &kZkSpecs[i];
|
|
552
|
+
}
|
|
553
|
+
}
|
|
554
|
+
}
|
|
555
|
+
|
|
556
|
+
EXPECT_GE(num_circuits, 1);
|
|
557
|
+
if (num_circuits == 1) {
|
|
558
|
+
return; // No old circuit to test against, it's OK to skip this test.
|
|
559
|
+
}
|
|
560
|
+
|
|
561
|
+
static uint8_t* circuit = nullptr;
|
|
562
|
+
static size_t circuit_len;
|
|
563
|
+
EXPECT_EQ(generate_circuit(old_zk_spec, &circuit, &circuit_len),
|
|
564
|
+
CIRCUIT_GENERATION_INVALID_ZK_SPEC_VERSION);
|
|
565
|
+
}
|
|
566
|
+
|
|
567
|
+
TEST(CborValidate, ValidInputs) {
|
|
568
|
+
// Integer 0
|
|
569
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x00}, 1));
|
|
570
|
+
// Integer 1
|
|
571
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x01}, 1));
|
|
572
|
+
// Integer -1
|
|
573
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x20}, 1));
|
|
574
|
+
// Boolean True
|
|
575
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0xF5}, 1));
|
|
576
|
+
// Boolean False
|
|
577
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0xF4}, 1));
|
|
578
|
+
// Empty String
|
|
579
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x60}, 1));
|
|
580
|
+
// String "a"
|
|
581
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x61, 'a'}, 2));
|
|
582
|
+
// Empty Bytes
|
|
583
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x40}, 1));
|
|
584
|
+
// Bytes 0x01
|
|
585
|
+
EXPECT_TRUE(proofs::cbor_validate((const uint8_t[]){0x41, 0x01}, 2));
|
|
586
|
+
|
|
587
|
+
// Fulldate: Tag 1004 (D9 03 EC) + String (6A) + 10 bytes -> 14 bytes
|
|
588
|
+
std::vector<uint8_t> fulldate = {0xD9, 0x03, 0xEC, 0x6A};
|
|
589
|
+
fulldate.insert(fulldate.end(), 10, '0');
|
|
590
|
+
EXPECT_EQ(fulldate.size(), 14);
|
|
591
|
+
EXPECT_TRUE(proofs::cbor_validate(fulldate.data(), fulldate.size()));
|
|
592
|
+
|
|
593
|
+
// Tdate: Tag 0 (C0) + String (74, len 20) + 20 bytes -> 22 bytes
|
|
594
|
+
std::vector<uint8_t> tdate = {0xC0, 0x74};
|
|
595
|
+
tdate.insert(tdate.end(), 20, '0');
|
|
596
|
+
EXPECT_EQ(tdate.size(), 22);
|
|
597
|
+
EXPECT_TRUE(proofs::cbor_validate(tdate.data(), tdate.size()));
|
|
598
|
+
}
|
|
599
|
+
|
|
600
|
+
TEST(CborValidate, InvalidInputs) {
|
|
601
|
+
// Null/Empty
|
|
602
|
+
EXPECT_FALSE(proofs::cbor_validate(nullptr, 0));
|
|
603
|
+
|
|
604
|
+
// Array (not allowed)
|
|
605
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0x80}, 1));
|
|
606
|
+
// Map (not allowed)
|
|
607
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0xA0}, 1));
|
|
608
|
+
|
|
609
|
+
// Malformed length (String len 1 but missing data)
|
|
610
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0x61}, 1));
|
|
611
|
+
|
|
612
|
+
// Boolean, wrong length
|
|
613
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0xF5, 0xF5}, 2));
|
|
614
|
+
|
|
615
|
+
// Wrong Tag (e.g. Tag 2)
|
|
616
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0xC2, 0x40},
|
|
617
|
+
2)); // Tag 2 + Bytes
|
|
618
|
+
|
|
619
|
+
// Fulldate wrong length
|
|
620
|
+
// 14 bytes expected. Try 13.
|
|
621
|
+
std::vector<uint8_t> fulldate_wrong = {0xD9, 0x03, 0xEC,
|
|
622
|
+
0x69}; // String len 9
|
|
623
|
+
fulldate_wrong.insert(fulldate_wrong.end(), 9, '0');
|
|
624
|
+
EXPECT_EQ(fulldate_wrong.size(), 13);
|
|
625
|
+
EXPECT_FALSE(
|
|
626
|
+
proofs::cbor_validate(fulldate_wrong.data(), fulldate_wrong.size()));
|
|
627
|
+
// Try 15 bytes
|
|
628
|
+
fulldate_wrong.insert(fulldate_wrong.end(), 2, '0');
|
|
629
|
+
EXPECT_FALSE(
|
|
630
|
+
proofs::cbor_validate(fulldate_wrong.data(), fulldate_wrong.size()));
|
|
631
|
+
// Try 22 bytes
|
|
632
|
+
fulldate_wrong.insert(fulldate_wrong.end(), 7, '0');
|
|
633
|
+
EXPECT_FALSE(
|
|
634
|
+
proofs::cbor_validate(fulldate_wrong.data(), fulldate_wrong.size()));
|
|
635
|
+
|
|
636
|
+
// Fulldate inner type mismatch (Tag 1004 + Integer)
|
|
637
|
+
EXPECT_FALSE(
|
|
638
|
+
proofs::cbor_validate((const uint8_t[]){0xD9, 0x03, 0xEC, 0x00}, 4));
|
|
639
|
+
|
|
640
|
+
// Tdate wrong length
|
|
641
|
+
// 22 bytes expected. Try 21.
|
|
642
|
+
std::vector<uint8_t> tdate_short = {0xC0, 0x73}; // String len 19
|
|
643
|
+
tdate_short.insert(tdate_short.end(), 19, '0');
|
|
644
|
+
EXPECT_EQ(tdate_short.size(), 21);
|
|
645
|
+
EXPECT_FALSE(proofs::cbor_validate(tdate_short.data(), tdate_short.size()));
|
|
646
|
+
|
|
647
|
+
// Tdate inner type mismatch (Tag 0 + Integer)
|
|
648
|
+
EXPECT_FALSE(proofs::cbor_validate((const uint8_t[]){0xC0, 0x00}, 2));
|
|
649
|
+
}
|
|
650
|
+
|
|
651
|
+
// ============================ Benchmarks ====================================
|
|
652
|
+
static const Claims benchmark_claim = {
|
|
653
|
+
"benchmark",
|
|
654
|
+
{test::age_over_18},
|
|
655
|
+
&mdoc_tests[0],
|
|
656
|
+
};
|
|
657
|
+
|
|
658
|
+
void BM_MdocProver(benchmark::State& state) {
|
|
659
|
+
set_log_level(ERROR);
|
|
660
|
+
|
|
661
|
+
const ZkSpecStruct& zk_spec_1 = kZkSpecs[0];
|
|
662
|
+
size_t circuit_len;
|
|
663
|
+
uint8_t* circuit;
|
|
664
|
+
EXPECT_EQ(generate_circuit(&zk_spec_1, &circuit, &circuit_len),
|
|
665
|
+
CIRCUIT_GENERATION_SUCCESS);
|
|
666
|
+
|
|
667
|
+
const RequestedAttribute* attrs = benchmark_claim.claims;
|
|
668
|
+
const MdocTests* test = benchmark_claim.mdoc;
|
|
669
|
+
size_t num_attrs = 1;
|
|
670
|
+
const ZkSpecStruct zk_spec = kZkSpecs[0];
|
|
671
|
+
|
|
672
|
+
for (auto _ : state) {
|
|
673
|
+
uint8_t* zkproof;
|
|
674
|
+
size_t proof_len;
|
|
675
|
+
|
|
676
|
+
MdocProverErrorCode ret = run_mdoc_prover(
|
|
677
|
+
circuit, circuit_len, test->mdoc, test->mdoc_size, test->pkx.as_pointer,
|
|
678
|
+
test->pky.as_pointer, test->transcript, test->transcript_size, attrs,
|
|
679
|
+
num_attrs, (const char*)test->now, &zkproof, &proof_len, &zk_spec);
|
|
680
|
+
EXPECT_EQ(ret, MDOC_PROVER_SUCCESS);
|
|
681
|
+
free(zkproof);
|
|
682
|
+
}
|
|
683
|
+
}
|
|
684
|
+
|
|
685
|
+
BENCHMARK(BM_MdocProver);
|
|
686
|
+
|
|
687
|
+
void BM_MdocVerifier(benchmark::State& state) {
|
|
688
|
+
set_log_level(ERROR);
|
|
689
|
+
|
|
690
|
+
const ZkSpecStruct& zk_spec_1 = kZkSpecs[0];
|
|
691
|
+
size_t circuit_len;
|
|
692
|
+
uint8_t* circuit;
|
|
693
|
+
EXPECT_EQ(generate_circuit(&zk_spec_1, &circuit, &circuit_len),
|
|
694
|
+
CIRCUIT_GENERATION_SUCCESS);
|
|
695
|
+
|
|
696
|
+
const RequestedAttribute* attrs = benchmark_claim.claims;
|
|
697
|
+
const MdocTests* test = benchmark_claim.mdoc;
|
|
698
|
+
size_t num_attrs = 1;
|
|
699
|
+
const ZkSpecStruct zk_spec = kZkSpecs[0];
|
|
700
|
+
|
|
701
|
+
uint8_t* zkproof;
|
|
702
|
+
size_t proof_len;
|
|
703
|
+
|
|
704
|
+
MdocProverErrorCode retp = run_mdoc_prover(
|
|
705
|
+
circuit, circuit_len, test->mdoc, test->mdoc_size, test->pkx.as_pointer,
|
|
706
|
+
test->pky.as_pointer, test->transcript, test->transcript_size, attrs,
|
|
707
|
+
num_attrs, (const char*)test->now, &zkproof, &proof_len, &zk_spec);
|
|
708
|
+
EXPECT_EQ(retp, MDOC_PROVER_SUCCESS);
|
|
709
|
+
|
|
710
|
+
for (auto _ : state) {
|
|
711
|
+
MdocVerifierErrorCode retv = run_mdoc_verifier(
|
|
712
|
+
circuit, circuit_len, test->pkx.as_pointer, test->pky.as_pointer,
|
|
713
|
+
test->transcript, test->transcript_size, attrs, num_attrs,
|
|
714
|
+
(const char*)test->now, zkproof, proof_len, test->doc_type, &zk_spec);
|
|
715
|
+
EXPECT_EQ(retv, MDOC_VERIFIER_SUCCESS);
|
|
716
|
+
}
|
|
717
|
+
|
|
718
|
+
free(zkproof);
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
BENCHMARK(BM_MdocVerifier);
|
|
722
|
+
|
|
723
|
+
} // namespace
|
|
724
|
+
} // namespace proofs
|