fixup! Add initial zig bindings.

Author: dot-asm

bindings/zig/README.md

@@ -1,6 +1,6 @@
 # blst for [Zig](https://ziglang.org/)
 
-The object-oriented interface is modeled after [C++ interface](../blst.hpp), but for the moment of this writing is a subset of it, sufficient to produce and verify individual and aggregated signatures.
+The object-oriented interface is modeled after [C++ interface](../blst.hpp), but for the moment of this writing is a subset of it, sufficient to produce and verify individual and aggregated signatures. See [tests.zig](tests.zig) for usage examples.
 
 ## Adding dependency to your project
 

bindings/zig/blst.zig

@@ -131,7 +131,7 @@ pub const Pairing = struct {
 
     pub fn raw_aggregate(self: *Pairing, q: *const P2_Affine,
                                          p: *const P1_Affine) void {
-        c.blst_pairing_raw_aggregate(@ptrCast(self.ctx), q, p);
+        c.blst_pairing_raw_aggregate(@ptrCast(self.ctx), &q.point, &p.point);
     }
 
     pub fn as_fp12(self: *Pairing) *const PT {
@@ -230,7 +230,7 @@ pub const P1_Affine = struct {
     }
 
     pub fn in_group(self: *const P1_Affine) bool {
-        return c.blst_p1_affine_in_group(&self.point);
+        return c.blst_p1_affine_in_g1(&self.point);
     }
 
     pub fn is_inf(self: *const P1_Affine) bool {
@@ -334,7 +334,7 @@ pub const P1 = struct {
     }
 
     pub fn in_group(self: *const P1) bool {
-        return c.blst_p1_in_group(&self.point);
+        return c.blst_p1_in_g1(&self.point);
     }
 
     pub fn is_inf(self: *const P1) bool {
@@ -346,7 +346,7 @@ pub const P1 = struct {
     }
 
     pub fn aggregate(self: *P1, p: *const P1_Affine) !void {
-        if (!c.blst_p1_affine_in_g1(p)) {
+        if (!c.blst_p1_affine_in_g1(&p.point)) {
             return Error.POINT_NOT_IN_GROUP;
         }
         c.blst_p1_add_or_double_affine(&self.point, &self.point, &p.point);
@@ -449,7 +449,7 @@ pub const P2_Affine = struct {
     }
 
     pub fn in_group(self: *const P2_Affine) bool {
-        return c.blst_p2_affine_in_group(&self.point);
+        return c.blst_p2_affine_in_g2(&self.point);
     }
 
     pub fn is_inf(self: *const P2_Affine) bool {
@@ -553,7 +553,7 @@ pub const P2 = struct {
     }
 
     pub fn in_group(self: *const P2) bool {
-        return c.blst_p2_in_group(&self.point);
+        return c.blst_p2_in_g2(&self.point);
     }
 
     pub fn is_inf(self: *const P2) bool {
@@ -565,7 +565,7 @@ pub const P2 = struct {
     }
 
     pub fn aggregate(self: *P2, p: *const P2_Affine) !void {
-        if (!c.blst_p2_affine_in_g2(p)) {
+        if (!c.blst_p2_affine_in_g2(&p.point)) {
             return Error.POINT_NOT_IN_GROUP;
         }
         c.blst_p2_add_or_double_affine(&self.point, &self.point, &p.point);

bindings/zig/generate.py

@@ -131,7 +131,7 @@
 
     pub fn raw_aggregate(self: *Pairing, q: *const P2_Affine,
                                          p: *const P1_Affine) void {
-        c.blst_pairing_raw_aggregate(@ptrCast(self.ctx), q, p);
+        c.blst_pairing_raw_aggregate(@ptrCast(self.ctx), &q.point, &p.point);
     }
 
     pub fn as_fp12(self: *Pairing) *const PT {
@@ -230,7 +230,7 @@
     }
 
     pub fn in_group(self: *const P1_Affine) bool {
-        return c.blst_p1_affine_in_group(&self.point);
+        return c.blst_p1_affine_in_g1(&self.point);
     }
 
     pub fn is_inf(self: *const P1_Affine) bool {
@@ -334,7 +334,7 @@
     }
 
     pub fn in_group(self: *const P1) bool {
-        return c.blst_p1_in_group(&self.point);
+        return c.blst_p1_in_g1(&self.point);
     }
 
     pub fn is_inf(self: *const P1) bool {
@@ -346,7 +346,7 @@
     }
 
     pub fn aggregate(self: *P1, p: *const P1_Affine) !void {
-        if (!c.blst_p1_affine_in_g1(p)) {
+        if (!c.blst_p1_affine_in_g1(&p.point)) {
             return Error.POINT_NOT_IN_GROUP;
         }
         c.blst_p1_add_or_double_affine(&self.point, &self.point, &p.point);

bindings/zig/tests.zig

@@ -24,17 +24,6 @@ test "sign/verify" {
     const ret = sig.core_verify(&pk, true, msg, DST, &pk_for_wire);
 
     try std.testing.expectEqual(ret, .SUCCESS);
-
-    // ... the same thing through Pairing interface.
-
-    var ctx = try blst.Pairing.init(true, DST, std.testing.allocator);
-    defer ctx.deinit();
-
-    try std.testing.expectEqual(ctx.aggregate(&pk, &sig, msg, &pk_for_wire), .SUCCESS);
-    ctx.commit();
-    try std.testing.expectEqual(ctx.finalverify(null), true);
-
-    std.debug.print("OK\n", .{});
 }
 
 test "uniq" {
@@ -49,3 +38,75 @@ test "uniq" {
         try std.testing.expectEqual(ctx.is_uniq(msg), next < msgs.len);
     }
 }
+
+fn box(allocator: std.mem.Allocator, src: []const u8) ![]u8 {
+    const ret = try allocator.alloc(u8, src.len);
+    @memcpy(ret, src);
+    return ret;
+}
+
+test "aggregateverify" {
+    const allocator = std.testing.allocator;
+    const N = 3;
+    var msgs: [N][]const u8 = undefined;
+
+    for (0..N) |i| {
+        msgs[i] = try std.fmt.allocPrint(allocator, "assertion{}", .{i});
+    }
+
+    const password = [_]u8{'*'} ** 32;
+    var SK = blst.SecretKey{};
+    defer SK.deinit();
+
+    // emulate N "senders"...
+
+    const DST = "MY-DST";
+    var pks: [N][]const u8 = undefined;
+    var sigs: [N][]const u8 = undefined;
+
+    for (0..N) |i| {
+        SK.keygen(&password, msgs[i]);
+        pks[i] = try box(allocator, &(try blst.P1.from(&SK)).serialize());
+        sigs[i] = try box(allocator, &blst.P2.hash_to(msgs[i], DST, null).sign_with(&SK).serialize());
+    }
+
+    // ... basic scheme on the "receiver" side.
+
+    var uniq = try blst.Uniq.init(msgs.len, std.testing.allocator);
+    defer uniq.deinit();
+
+    var aggregated = try blst.P2.from(sigs[0]);
+    try std.testing.expectEqual(aggregated.in_group(), true);
+    for (1..N) |i| {
+        try aggregated.aggregate(&try blst.P2_Affine.from(sigs[i]));
+    }
+
+    var ctx = try blst.Pairing.init(true, DST, std.testing.allocator);
+    defer ctx.deinit();
+
+    // The basic scheme requires messages to be checked for uniqueness.
+    try std.testing.expectEqual(uniq.is_uniq(msgs[0]), true);
+    // The below .aggregate() method doesn't vet public keys with
+    // rationale that application would cache the results of the
+    // group checks. Hence they need to be vetted separately.
+    var pk = try blst.P1_Affine.from(pks[0]);
+    try std.testing.expectEqual(pk.in_group(), true);
+    try std.testing.expectEqual(ctx.aggregate(&pk, &aggregated.to_affine(), msgs[0], null),
+                                .SUCCESS);
+    for (1..N) |i| {
+        try std.testing.expectEqual(uniq.is_uniq(msgs[i]), true);
+        pk = try blst.P1_Affine.from(pks[i]);
+        try std.testing.expectEqual(pk.in_group(), true);
+        try std.testing.expectEqual(ctx.aggregate(&pk, null, msgs[i], null),
+                                    .SUCCESS);
+    }
+
+    ctx.commit();
+    try std.testing.expectEqual(ctx.finalverify(null), true);
+
+    for (0..N) |i| {
+        allocator.free(pks[i]);
+        allocator.free(sigs[i]);
+        allocator.free(msgs[i]);
+    }
+}