Merge pull request #641 from input-output-hk/proptest-chain-crypto

Author: eugene-babichenko

.github/workflows/main.yml

@@ -7,6 +7,9 @@ on:
       - ci/test
   pull_request:
 
+env:
+  PROPTEST_CASES: 100
+
 jobs:
   update_deps:
     name: Update dependencies

chain-crypto/Cargo.toml

@@ -19,23 +19,25 @@ generic-array = "^0.14"
 rand_core = "0.6"
 rand = { version = "0.8", features = ["small_rng"], optional = true }
 rayon = "1.5"
-quickcheck = { version = "0.9", optional = true }
 ed25519-bip32 = "0.4"
 hex = "0.4.0"
 typed-bytes = { path = "../typed-bytes" }
 
 criterion = { version = "0.3.0", optional = true }
-
+quickcheck = { version = "0.9", optional = true }
+proptest = { git = "https://github.com/input-output-hk/proptest.git", optional = true }
+test-strategy = { version = "0.1", optional = true }
 
 [dev-dependencies]
 quickcheck = "0.9"
-quickcheck_macros = "0.9"
+proptest = { git = "https://github.com/input-output-hk/proptest.git" }
+test-strategy = "0.1"
 rand = { version = "0.8", features = ["small_rng"] }
 smoke = "^0.2.1"
 
 [features]
 with-bench = ["criterion"]
-property-test-api = [ "quickcheck", "rand" ]
+property-test-api = [ "quickcheck", "rand", "proptest", "test-strategy" ]
 p256k1 = ["eccoxide"]
 
 [[bench]]

chain-crypto/src/algorithms/ed25519.rs

@@ -123,13 +123,16 @@ mod test {
     use crate::key::KeyPair;
     use crate::sign::test::{keypair_signing_ko, keypair_signing_ok};
 
-    #[quickcheck]
-    fn sign_ok(input: (KeyPair<Ed25519>, Vec<u8>)) -> bool {
-        keypair_signing_ok(input)
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
+    #[proptest]
+    fn sign_ok(input: (KeyPair<Ed25519>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ok(input))
     }
 
-    #[quickcheck]
-    fn sign_ko(input: (KeyPair<Ed25519>, KeyPair<Ed25519>, Vec<u8>)) -> bool {
-        keypair_signing_ko(input)
+    #[proptest]
+    fn sign_ko(input: (KeyPair<Ed25519>, KeyPair<Ed25519>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ko(input))
     }
 }

chain-crypto/src/algorithms/ed25519_derive.rs

@@ -110,12 +110,15 @@ mod test {
     use crate::key::KeyPair;
     use crate::sign::test::{keypair_signing_ko, keypair_signing_ok};
 
-    #[quickcheck]
-    fn sign_ok(input: (KeyPair<Ed25519Bip32>, Vec<u8>)) -> bool {
-        keypair_signing_ok(input)
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
+    #[proptest]
+    fn sign_ok(input: (KeyPair<Ed25519Bip32>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ok(input))
     }
-    #[quickcheck]
-    fn sign_ko(input: (KeyPair<Ed25519Bip32>, KeyPair<Ed25519Bip32>, Vec<u8>)) -> bool {
-        keypair_signing_ko(input)
+    #[proptest]
+    fn sign_ko(input: (KeyPair<Ed25519Bip32>, KeyPair<Ed25519Bip32>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ko(input))
     }
 }

chain-crypto/src/algorithms/ed25519_extended.rs

@@ -75,24 +75,40 @@ mod test {
     use crate::key::KeyPair;
     use crate::sign::test::{keypair_signing_ko, keypair_signing_ok};
 
-    #[quickcheck]
-    fn sign_ok(input: (KeyPair<Ed25519Extended>, Vec<u8>)) -> bool {
-        keypair_signing_ok(input)
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
+    #[proptest]
+    fn sign_ok(input: (KeyPair<Ed25519Extended>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ok(input))
+    }
+
+    #[proptest]
+    fn sign_ko(input: (KeyPair<Ed25519Extended>, KeyPair<Ed25519Extended>, Vec<u8>)) {
+        prop_assert!(keypair_signing_ko(input))
+    }
+
+    #[test]
+    fn secret_from_binary_correct_size() {
+        Ed25519Extended::secret_from_binary(&vec![0; EXTENDED_KEY_SIZE]).unwrap();
     }
 
-    #[quickcheck]
-    fn sign_ko(input: (KeyPair<Ed25519Extended>, KeyPair<Ed25519Extended>, Vec<u8>)) -> bool {
-        keypair_signing_ko(input)
+    #[test]
+    fn secret_from_binary_empty_slice() {
+        assert!(matches!(
+            Ed25519Extended::secret_from_binary(&[]),
+            Err(SecretKeyError::SizeInvalid)
+        ))
     }
 
-    #[quickcheck]
-    /// `secret_from_binary` should fail if the provided byte array does not match the public key size
-    fn secret_from_binary_size_check(n: usize) {
+    // `secret_from_binary` should fail if the provided byte array does not match the public key size
+    #[proptest]
+    fn secret_from_binary_size_check(#[strategy(..EXTENDED_KEY_SIZE * 10)] n: usize) {
         let secret_key = Ed25519Extended::secret_from_binary(&vec![0; n]);
 
-        assert_eq!(
+        prop_assert_eq!(
             n != EXTENDED_KEY_SIZE,
-            matches!(secret_key, Err(SecretKeyError::SizeInvalid { .. }))
+            matches!(secret_key, Err(SecretKeyError::SizeInvalid))
         );
     }
 }

chain-crypto/src/algorithms/sumed25519/common.rs

@@ -4,6 +4,10 @@ use ed25519_dalek as ed25519;
 pub struct Hash([u8; 32]);
 
 #[derive(Debug, Clone, PartialEq, Eq)]
+#[cfg_attr(
+    any(test, feature = "property-test-api"),
+    derive(test_strategy::Arbitrary)
+)]
 pub struct Seed([u8; 32]);
 
 impl AsRef<[u8]> for Seed {
@@ -36,7 +40,19 @@ impl Seed {
 }
 
 #[derive(Debug, Copy, Clone)]
-pub struct Depth(pub usize);
+#[cfg_attr(
+    any(test, feature = "property-test-api"),
+    derive(test_strategy::Arbitrary)
+)]
+pub struct Depth(
+    // a bigger range here would result into unreasobable testing times and
+    // possible segfaults due to excessive allocations
+    #[cfg_attr(
+        any(test, feature = "property-test-api"),
+        strategy(..10usize)
+    )]
+    pub usize,
+);
 
 impl Depth {
     pub fn total(self) -> usize {

chain-crypto/src/algorithms/sumed25519/mod.rs

@@ -120,28 +120,56 @@ impl KeyEvolvingSignatureAlgorithm for SumEd25519_12 {
 mod tests {
     use super::*;
 
-    #[quickcheck]
-    /// `public_from_binary`should fail if the provided byte array does not match the public key size
-    fn public_from_binary_size_check(n: usize) {
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
+    #[test]
+    fn public_from_binary_correct_size() {
+        SumEd25519_12::public_from_binary(&vec![0; SumEd25519_12::PUBLIC_KEY_SIZE]).unwrap();
+    }
+
+    #[test]
+    fn public_from_binary_empty_slice() {
+        assert!(matches!(
+            SumEd25519_12::public_from_binary(&[]),
+            Err(PublicKeyError::SizeInvalid)
+        ))
+    }
+
+    // `secret_from_binary` should fail if the provided byte array does not match the public key size
+    #[proptest]
+    fn public_from_binary_size_check(#[strategy(..SumEd25519_12::PUBLIC_KEY_SIZE * 10)] n: usize) {
         let public_key = SumEd25519_12::public_from_binary(&vec![0; n]);
 
-        assert_eq!(
+        prop_assert_eq!(
             n != SumEd25519_12::PUBLIC_KEY_SIZE,
-            public_key == Err(PublicKeyError::SizeInvalid)
+            matches!(public_key, Err(PublicKeyError::SizeInvalid))
         );
     }
 
-    #[quickcheck]
-    /// `signature_from_bytes` should fail if the provided byte array does not match the public key size
-    fn signature_from_bytes_size_check(n: usize) {
-        let verification_algorithm = SumEd25519_12::signature_from_bytes(&vec![0; n]);
+    #[test]
+    fn signature_from_binary_correct_size() {
+        SumEd25519_12::signature_from_bytes(&vec![0; SumEd25519_12::SIGNATURE_SIZE]).unwrap();
+    }
+
+    #[test]
+    fn signature_from_binary_empty_slice() {
+        assert!(matches!(
+            SumEd25519_12::signature_from_bytes(&[]),
+            Err(SignatureError::SizeInvalid { .. })
+        ))
+    }
+
+    // `secret_from_binary` should fail if the provided byte array does not match the public key size
+    #[proptest]
+    fn signature_from_binary_size_check(
+        #[strategy(..SumEd25519_12::SIGNATURE_SIZE * 10)] n: usize,
+    ) {
+        let signature = SumEd25519_12::signature_from_bytes(&vec![0; n]);
 
-        assert_eq!(
+        prop_assert_eq!(
             n != SumEd25519_12::SIGNATURE_SIZE,
-            matches!(
-                verification_algorithm,
-                Err(SignatureError::SizeInvalid { .. })
-            )
+            matches!(signature, Err(SignatureError::SizeInvalid { .. }))
         );
     }
 }

chain-crypto/src/algorithms/sumed25519/sum.rs

@@ -681,10 +681,14 @@ pub fn update(secret: &mut SecretKey) -> Result<(), Error> {
 
 #[cfg(test)]
 mod tests {
+    use super::super::sumrec;
     use super::*;
 
-    use super::super::sumrec;
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
     use quickcheck::{Arbitrary, Gen};
+
     impl Arbitrary for Seed {
         fn arbitrary<G: Gen>(g: &mut G) -> Self {
             let mut b = [0u8; 32];
@@ -782,28 +786,28 @@ mod tests {
         }
     }
 
-    #[quickcheck]
-    fn check_public(depth: Depth, seed: Seed) -> bool {
+    #[proptest]
+    fn check_public(depth: Depth, seed: Seed) {
         let (_, pk) = keygen(depth, &seed);
         let pk_pub = pkeygen(depth, &seed);
-        pk == pk_pub
+        prop_assert_eq!(pk, pk_pub);
     }
 
-    #[quickcheck]
-    fn check_sig(depth: Depth, seed: Seed) -> bool {
+    #[proptest]
+    fn check_sig(depth: Depth, seed: Seed) {
         let (sk, pk) = keygen(depth, &seed);
 
         let m = b"Arbitrary message";
 
         let sig = sign(&sk, m);
-        verify(&pk, m, &sig)
+        prop_assert!(verify(&pk, m, &sig));
     }
 
-    #[quickcheck]
-    fn check_recver_equivalent(depth: Depth, seed: Seed) -> bool {
+    #[proptest]
+    fn check_recver_equivalent(depth: Depth, seed: Seed) {
         let (_, pk) = keygen(depth, &seed);
 
         let (_, pkrec) = sumrec::keygen(depth, &seed);
-        pk.as_bytes() == pkrec.as_bytes()
+        prop_assert_eq!(pk.as_bytes(), pkrec.as_bytes());
     }
 }

chain-crypto/src/algorithms/vrf/mod.rs

@@ -89,14 +89,30 @@ impl VerifiableRandomFunction for RistrettoGroup2HashDh {
 mod tests {
     use super::*;
 
-    #[quickcheck]
-    /// `secret_from_binary` should fail if the provided byte array does not match the public key size
-    fn secret_from_binary_size_check(n: usize) {
+    use proptest::prelude::*;
+    use test_strategy::proptest;
+
+    #[test]
+    fn secret_from_binary_correct_size() {
+        RistrettoGroup2HashDh::secret_from_binary(&vec![0; vrf::SecretKey::BYTES_LEN]).unwrap();
+    }
+
+    #[test]
+    fn secret_from_binary_empty_slice() {
+        assert!(matches!(
+            RistrettoGroup2HashDh::secret_from_binary(&[]),
+            Err(SecretKeyError::SizeInvalid)
+        ))
+    }
+
+    // `secret_from_binary` should fail if the provided byte array does not match the public key size
+    #[proptest]
+    fn secret_from_binary_size_check(#[strategy(..vrf::SecretKey::BYTES_LEN * 10)] n: usize) {
         let secret_key = RistrettoGroup2HashDh::secret_from_binary(&vec![0; n]);
 
-        assert_eq!(
+        prop_assert_eq!(
             n != vrf::SecretKey::BYTES_LEN,
-            secret_key == Err(SecretKeyError::SizeInvalid)
+            matches!(secret_key, Err(SecretKeyError::SizeInvalid))
         );
     }
 }