Merge pull request #2 from anoma/tomas/arbitrary-rebased

add optional arbitrary impls

Cargo.toml

@@ -24,6 +24,7 @@ pairing = { version = "0.23", optional = true }
 rand_core = { version = "0.6", default-features = false }
 subtle = { version = "2.2.1", default-features = false }
 zeroize = { version = "1.4", optional = true, default-features = false }
+arbitrary = { version = "1.3", features = ["derive"], optional = true }
 
 [dev-dependencies]
 csv = ">= 1.0, < 1.2" # csv 1.2 has MSRV 1.60
@@ -41,6 +42,7 @@ pairings = ["groups", "pairing"]
 alloc = ["group/alloc"]
 experimental = ["digest", "groups"]
 nightly = ["subtle/nightly"]
+arbitrary = ["dep:arbitrary"]
 
 [[test]]
 name = "expand_msg"

rust-toolchain.toml

@@ -1,3 +1,3 @@
 [toolchain]
-channel = "1.56.0"
+channel = "1.63.0"
 components = [ "clippy", "rustfmt" ]

src/fp.rs

@@ -11,6 +11,7 @@ use crate::util::{adc, mac, sbb};
 // The internal representation of this type is six 64-bit unsigned
 // integers in little-endian order. `Fp` values are always in
 // Montgomery form; i.e., Scalar(a) = aR mod p, with R = 2^384.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[derive(Copy, Clone)]
 pub struct Fp(pub(crate) [u64; 6]);
 

src/fp12.rs

@@ -10,6 +10,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 use rand_core::RngCore;
 
 /// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6} / w^2 - v$.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 pub struct Fp12 {
     pub c0: Fp6,
     pub c1: Fp6,

src/fp2.rs

@@ -7,6 +7,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 use crate::fp::Fp;
 
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[derive(Copy, Clone)]
 pub struct Fp2 {
     pub c0: Fp,

src/fp6.rs

@@ -9,6 +9,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 use rand_core::RngCore;
 
 /// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2} / v^3 - u - 1$.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 pub struct Fp6 {
     pub c0: Fp2,
     pub c1: Fp2,

src/g1.rs

@@ -23,11 +23,13 @@ use crate::Scalar;
 ///
 /// Values of `G1Affine` are guaranteed to be in the $q$-order subgroup unless an
 /// "unchecked" API was misused.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "groups")))]
 #[derive(Copy, Clone, Debug)]
 pub struct G1Affine {
     pub(crate) x: Fp,
     pub(crate) y: Fp,
+    #[cfg_attr(feature = "arbitrary", arbitrary(with = crate::util::arbitrary_choice))]
     infinity: Choice,
 }
 
@@ -437,6 +439,7 @@ fn endomorphism(p: &G1Affine) -> G1Affine {
 }
 
 /// This is an element of $\mathbb{G}_1$ represented in the projective coordinate space.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "groups")))]
 #[derive(Copy, Clone, Debug)]
 pub struct G1Projective {

src/g2.rs

@@ -24,11 +24,13 @@ use crate::Scalar;
 ///
 /// Values of `G2Affine` are guaranteed to be in the $q$-order subgroup unless an
 /// "unchecked" API was misused.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "groups")))]
 #[derive(Copy, Clone, Debug)]
 pub struct G2Affine {
     pub(crate) x: Fp2,
     pub(crate) y: Fp2,
+    #[cfg_attr(feature = "arbitrary", arbitrary(with = crate::util::arbitrary_choice))]
     infinity: Choice,
 }
 
@@ -490,6 +492,7 @@ impl G2Affine {
 }
 
 /// This is an element of $\mathbb{G}_2$ represented in the projective coordinate space.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "groups")))]
 #[derive(Copy, Clone, Debug)]
 pub struct G2Projective {

src/lib.rs

@@ -8,7 +8,7 @@
 //! * This implementation does not require the Rust standard library.
 //! * All operations are constant time unless explicitly noted.
 
-#![no_std]
+#![cfg_attr(not(feature = "arbitrary"), no_std)]
 #![cfg_attr(docsrs, feature(doc_cfg))]
 // Catch documentation errors caused by code changes.
 #![deny(rustdoc::broken_intra_doc_links)]

src/pairings.rs

@@ -21,6 +21,7 @@ use pairing::MultiMillerLoop;
 /// Represents results of a Miller loop, one of the most expensive portions
 /// of the pairing function. `MillerLoopResult`s cannot be compared with each
 /// other until `.final_exponentiation()` is called, which is also expensive.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "pairings")))]
 #[derive(Copy, Clone, Debug)]
 pub struct MillerLoopResult(pub(crate) Fp12);
@@ -206,6 +207,7 @@ impl<'b> AddAssign<&'b MillerLoopResult> for MillerLoopResult {
 ///
 /// Typically, $\mathbb{G}_T$ is written multiplicatively but we will write it additively to
 /// keep code and abstractions consistent.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[cfg_attr(docsrs, doc(cfg(feature = "pairings")))]
 #[derive(Copy, Clone, Debug)]
 pub struct Gt(pub(crate) Fp12);

src/scalar.rs

@@ -18,6 +18,7 @@ use crate::util::{adc, mac, sbb};
 // The internal representation of this type is four 64-bit unsigned
 // integers in little-endian order. `Scalar` values are always in
 // Montgomery form; i.e., Scalar(a) = aR mod q, with R = 2^256.
+#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
 #[derive(Clone, Copy, Eq)]
 pub struct Scalar(pub(crate) [u64; 4]);
 

src/util.rs

@@ -172,3 +172,10 @@ macro_rules! impl_binops_multiplicative {
         }
     };
 }
+
+/// Generate arbitrary [`subtle::Choice`]
+#[cfg(feature = "arbitrary")]
+pub fn arbitrary_choice(u: &mut arbitrary::Unstructured) -> arbitrary::Result<subtle::Choice> {
+    let raw = u.int_in_range(0..=1)?;
+    Ok(subtle::Choice::from(raw))
+}