From 1fea3145f1a595de561527888ffc961bdf7907af Mon Sep 17 00:00:00 2001
From: MITSUNARI Shigeo <herumi@nifty.com>
Date: Sun, 26 Aug 2018 11:32:13 +0900
Subject: add verifyOrder

---
 include/bls/bls.h      | 12 ++++++++++++
 src/bls_c.cpp          | 17 +++++++++++++++++
 test/bls_c384_test.cpp | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+)

diff --git a/include/bls/bls.h b/include/bls/bls.h
index 0592b95..7188097 100644
--- a/include/bls/bls.h
+++ b/include/bls/bls.h
@@ -108,6 +108,18 @@ BLS_DLL_API void blsSecretKeyAdd(blsSecretKey *sec, const blsSecretKey *rhs);
 BLS_DLL_API void blsPublicKeyAdd(blsPublicKey *pub, const blsPublicKey *rhs);
 BLS_DLL_API void blsSignatureAdd(blsSignature *sig, const blsSignature *rhs);
 
+/*
+	verify whether a point of an elliptic curve has order r
+	This api affetcs setStr(), deserialize() for G2 on BN or G1/G2 on BLS12
+	@param doVerify [in] does not verify if zero(default 1)
+	Signature = G1, PublicKey = G2
+*/
+BLS_DLL_API void blsSignatureVerifyOrder(int doVerify);
+BLS_DLL_API void blsPublicKeyVerifyOrder(int doVerify);
+//	deserialize under VerifyOrder(true) = deserialize under VerifyOrder(false) + IsValidOrder
+BLS_DLL_API int blsSignatureIsValidOrder(const blsSignature *sig);
+BLS_DLL_API int blsPublicKeyIsValidOrder(const blsPublicKey *pub);
+
 #ifndef BLS_MINIMUM_API
 
 // not thread safe version (old blsInit)
diff --git a/src/bls_c.cpp b/src/bls_c.cpp
index 5ea665c..a03850a 100644
--- a/src/bls_c.cpp
+++ b/src/bls_c.cpp
@@ -224,6 +224,23 @@ void blsSignatureAdd(blsSignature *sig, const blsSignature *rhs)
 	mclBnG1_add(&sig->v, &sig->v, &rhs->v);
 }
 
+void blsSignatureVerifyOrder(int doVerify)
+{
+	mclBn_verifyOrderG1(doVerify);
+}
+void blsPublicKeyVerifyOrder(int doVerify)
+{
+	mclBn_verifyOrderG2(doVerify);
+}
+int blsSignatureIsValidOrder(const blsSignature *sig)
+{
+	return mclBnG1_isValidOrder(&sig->v);
+}
+int blsPublicKeyIsValidOrder(const blsPublicKey *pub)
+{
+	return mclBnG2_isValidOrder(&pub->v);
+}
+
 #ifndef BLS_MINIMUM_API
 mclSize blsGetOpUnitSize() // FpUint64Size
 {
diff --git a/test/bls_c384_test.cpp b/test/bls_c384_test.cpp
index 6202697..984c9c3 100644
--- a/test/bls_c384_test.cpp
+++ b/test/bls_c384_test.cpp
@@ -179,6 +179,7 @@ void blsSerializeTest()
 	blsGetPublicKey(&pub1, &sec1);
 	n = blsPublicKeySerialize(buf, sizeof(buf), &pub1);
 	CYBOZU_TEST_EQUAL(n, expectSize);
+	CYBOZU_TEST_ASSERT(blsPublicKeyIsValidOrder(&pub1));
 
 	ret = blsPublicKeyDeserialize(&pub2, buf, n);
 	CYBOZU_TEST_EQUAL(ret, n);
@@ -201,6 +202,7 @@ void blsSerializeTest()
 	blsSign(&sig1, &sec1, "abc", 3);
 	n = blsSignatureSerialize(buf, sizeof(buf), &sig1);
 	CYBOZU_TEST_EQUAL(n, expectSize);
+	CYBOZU_TEST_ASSERT(blsSignatureIsValidOrder(&sig1));
 
 	ret = blsSignatureDeserialize(&sig2, buf, n);
 	CYBOZU_TEST_EQUAL(ret, n);
@@ -219,6 +221,35 @@ void blsSerializeTest()
 	CYBOZU_TEST_EQUAL(n, expectSize);
 }
 
+void blsVerifyOrderTest()
+{
+	puts("blsVerifyOrderTest");
+	const uint8_t Ps[] = {
+0x7b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+	};
+	const uint8_t Qs[] = {
+0x7c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+	};
+	size_t n;
+	blsPublicKey pub;
+	n = blsPublicKeyDeserialize(&pub, Ps, sizeof(Ps));
+	CYBOZU_TEST_EQUAL(n, 0);
+	blsPublicKeyVerifyOrder(0);
+	n = blsPublicKeyDeserialize(&pub, Ps, sizeof(Ps));
+	CYBOZU_TEST_ASSERT(n > 0);
+	CYBOZU_TEST_ASSERT(!blsPublicKeyIsValidOrder(&pub));
+	blsPublicKeyVerifyOrder(1);
+
+	blsSignature sig;
+	n = blsSignatureDeserialize(&sig, Qs, sizeof(Ps));
+	CYBOZU_TEST_EQUAL(n, 0);
+	blsSignatureVerifyOrder(0);
+	n = blsSignatureDeserialize(&sig, Qs, sizeof(Ps));
+	CYBOZU_TEST_ASSERT(n > 0);
+	CYBOZU_TEST_ASSERT(!blsSignatureIsValidOrder(&sig));
+	blsSignatureVerifyOrder(1);
+}
+
 CYBOZU_TEST_AUTO(all)
 {
 	const int tbl[] = {
@@ -245,5 +276,6 @@ CYBOZU_TEST_AUTO(all)
 		blsDataTest();
 		blsOrderTest(curveOrderTbl[i], fieldOrderTbl[i]);
 		blsSerializeTest();
+		if (tbl[i] == MCL_BLS12_381) blsVerifyOrderTest();
 	}
 }
-- 
cgit v1.2.3