Browse Source

Merge pull request #119

597128d Make num optional (Pieter Wuille)
659b554 Make constant initializers independent from num (Pieter Wuille)
master
Pieter Wuille 8 years ago
parent
commit
bd313f7d6e
No known key found for this signature in database
GPG Key ID: 57896D2FF8F0B657
  1. 1
      .travis.yml
  2. 19
      configure.ac
  3. 12
      src/ecdsa_impl.h
  4. 2
      src/field.h
  5. 4
      src/field_impl.h
  6. 2
      src/group.h
  7. 9
      src/group_impl.h
  8. 4
      src/num.h
  9. 2
      src/num_impl.h
  10. 5
      src/scalar.h
  11. 26
      src/scalar_impl.h
  12. 154
      src/tests.c

1
.travis.yml

@ -18,6 +18,7 @@ env: @@ -18,6 +18,7 @@ env:
- FIELD=64bit ENDOMORPHISM=yes
- FIELD=32bit
- FIELD=32bit ENDOMORPHISM=yes
- BIGNUM=none
- BUILD=distcheck
- EXTRAFLAGS=CFLAGS=-DDETERMINISTIC
before_script: ./autogen.sh

19
configure.ac

@ -95,7 +95,7 @@ AC_ARG_ENABLE(endomorphism, @@ -95,7 +95,7 @@ AC_ARG_ENABLE(endomorphism,
AC_ARG_WITH([field], [AS_HELP_STRING([--with-field=gmp|64bit|64bit_asm|32bit|auto],
[Specify Field Implementation. Default is auto])],[req_field=$withval], [req_field=auto])
AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|auto],
AC_ARG_WITH([bignum], [AS_HELP_STRING([--with-bignum=gmp|none|auto],
[Specify Bignum Implementation. Default is auto])],[req_bignum=$withval], [req_bignum=auto])
AC_ARG_WITH([scalar], [AS_HELP_STRING([--with-scalar=64bit|32bit|auto],
@ -179,7 +179,7 @@ if test x"$req_bignum" = x"auto"; then @@ -179,7 +179,7 @@ if test x"$req_bignum" = x"auto"; then
fi
if test x"$set_bignum" = x; then
AC_MSG_ERROR([no working bignum implementation found])
set_bignum=none
fi
else
set_bignum=$req_bignum
@ -187,8 +187,7 @@ else @@ -187,8 +187,7 @@ else
gmp)
SECP_GMP_CHECK
;;
openssl)
SECP_OPENSSL_CHECK
none)
;;
*)
AC_MSG_ERROR([invalid bignum implementation selection])
@ -221,11 +220,16 @@ esac @@ -221,11 +220,16 @@ esac
# select bignum implementation
case $set_bignum in
gmp)
AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])
AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation])
AC_DEFINE(HAVE_LIBGMP, 1, [Define this symbol if libgmp is installed])
AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation for num])
AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation])
AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation])
;;
none)
AC_DEFINE(USE_NUM_NONE, 1, [Define this symbol to use no num implementation])
AC_DEFINE(USE_FIELD_INV_BUILTIN, 1, [Define this symbol to use the native field inverse implementation])
AC_DEFINE(USE_SCALAR_INV_BUILTIN, 1, [Define this symbol to use the native scalar inverse implementation])
;;
*)
AC_MSG_ERROR([invalid bignum implementation])
;;
@ -266,6 +270,9 @@ if test x"$set_field" = x"gmp" || test x"$set_bignum" = x"gmp"; then @@ -266,6 +270,9 @@ if test x"$set_field" = x"gmp" || test x"$set_bignum" = x"gmp"; then
fi
if test x"$use_endomorphism" = x"yes"; then
if test x"$set_bignum" = x"none"; then
AC_MSG_ERROR([Cannot use endomorphism optimization without a bignum implementation])
fi
AC_DEFINE(USE_ENDOMORPHISM, 1, [Define this symbol to use endomorphism])
fi

12
src/ecdsa_impl.h

@ -29,10 +29,14 @@ static void secp256k1_ecdsa_start(void) { @@ -29,10 +29,14 @@ static void secp256k1_ecdsa_start(void) {
/* Allocate. */
secp256k1_ecdsa_consts_t *ret = (secp256k1_ecdsa_consts_t*)malloc(sizeof(secp256k1_ecdsa_consts_t));
unsigned char p[32];
secp256k1_num_get_bin(p, 32, &secp256k1_ge_consts->order);
secp256k1_fe_set_b32(&ret->order_as_fe, p);
static const unsigned char order[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
};
secp256k1_fe_set_b32(&ret->order_as_fe, order);
secp256k1_fe_negate(&ret->p_minus_order, &ret->order_as_fe, 1);
secp256k1_fe_normalize(&ret->p_minus_order);

2
src/field.h

@ -33,7 +33,9 @@ @@ -33,7 +33,9 @@
#endif
typedef struct {
#ifndef USE_NUM_NONE
secp256k1_num_t p;
#endif
secp256k1_fe_t order;
} secp256k1_fe_consts_t;

4
src/field_impl.h

@ -267,16 +267,20 @@ static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const se @@ -267,16 +267,20 @@ static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t r[len], const se
}
static void secp256k1_fe_start(void) {
#ifndef USE_NUM_NONE
static const unsigned char secp256k1_fe_consts_p[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F
};
#endif
if (secp256k1_fe_consts == NULL) {
secp256k1_fe_inner_start();
secp256k1_fe_consts_t *ret = (secp256k1_fe_consts_t*)malloc(sizeof(secp256k1_fe_consts_t));
#ifndef USE_NUM_NONE
secp256k1_num_set_bin(&ret->p, secp256k1_fe_consts_p, sizeof(secp256k1_fe_consts_p));
#endif
secp256k1_fe_consts = ret;
}
}

2
src/group.h

@ -27,8 +27,6 @@ typedef struct { @@ -27,8 +27,6 @@ typedef struct {
/** Global constants related to the group */
typedef struct {
secp256k1_num_t order; /* the order of the curve (= order of its generator) */
secp256k1_num_t half_order; /* half the order of the curve (= order of its generator) */
secp256k1_ge_t g; /* the generator point */
#ifdef USE_ENDOMORPHISM

9
src/group_impl.h

@ -413,12 +413,6 @@ static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t * @@ -413,12 +413,6 @@ static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *
static void secp256k1_ge_start(void) {
static const unsigned char secp256k1_ge_consts_order[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
};
static const unsigned char secp256k1_ge_consts_g_x[] = {
0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,
0x55,0xA0,0x62,0x95,0xCE,0x87,0x0B,0x07,
@ -442,9 +436,6 @@ static void secp256k1_ge_start(void) { @@ -442,9 +436,6 @@ static void secp256k1_ge_start(void) {
#endif
if (secp256k1_ge_consts == NULL) {
secp256k1_ge_consts_t *ret = (secp256k1_ge_consts_t*)malloc(sizeof(secp256k1_ge_consts_t));
secp256k1_num_set_bin(&ret->order, secp256k1_ge_consts_order, sizeof(secp256k1_ge_consts_order));
secp256k1_num_copy(&ret->half_order, &ret->order);
secp256k1_num_shift(&ret->half_order, 1);
#ifdef USE_ENDOMORPHISM
VERIFY_CHECK(secp256k1_fe_set_b32(&ret->beta, secp256k1_ge_consts_beta));
#endif

4
src/num.h

@ -7,6 +7,8 @@ @@ -7,6 +7,8 @@
#ifndef _SECP256K1_NUM_
#define _SECP256K1_NUM_
#ifndef USE_NUM_NONE
#if defined HAVE_CONFIG_H
#include "libsecp256k1-config.h"
#endif
@ -65,3 +67,5 @@ static int secp256k1_num_is_neg(const secp256k1_num_t *a); @@ -65,3 +67,5 @@ static int secp256k1_num_is_neg(const secp256k1_num_t *a);
static void secp256k1_num_negate(secp256k1_num_t *r);
#endif
#endif

2
src/num_impl.h

@ -15,6 +15,8 @@ @@ -15,6 +15,8 @@
#if defined(USE_NUM_GMP)
#include "num_gmp_impl.h"
#elif defined(USE_NUM_NONE)
/* Nothing. */
#else
#error "Please select num implementation"
#endif

5
src/scalar.h

@ -72,9 +72,14 @@ static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a); @@ -72,9 +72,14 @@ static int secp256k1_scalar_is_one(const secp256k1_scalar_t *a);
/** Check whether a scalar is higher than the group order divided by 2. */
static int secp256k1_scalar_is_high(const secp256k1_scalar_t *a);
#ifndef USE_NUM_NONE
/** Convert a scalar to a number. */
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a);
/** Get the order of the group as a number. */
static void secp256k1_scalar_order_get_num(secp256k1_num_t *r);
#endif
/** Compare two scalars. */
static int secp256k1_scalar_eq(const secp256k1_scalar_t *a, const secp256k1_scalar_t *b);

26
src/scalar_impl.h

@ -25,6 +25,9 @@ @@ -25,6 +25,9 @@
#endif
typedef struct {
#ifndef USE_NUM_NONE
secp256k1_num_t order;
#endif
#ifdef USE_ENDOMORPHISM
secp256k1_num_t a1b2, b1, a2;
#endif
@ -39,6 +42,15 @@ static void secp256k1_scalar_start(void) { @@ -39,6 +42,15 @@ static void secp256k1_scalar_start(void) {
/* Allocate. */
secp256k1_scalar_consts_t *ret = (secp256k1_scalar_consts_t*)malloc(sizeof(secp256k1_scalar_consts_t));
#ifndef USE_NUM_NONE
static const unsigned char secp256k1_scalar_consts_order[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41
};
secp256k1_num_set_bin(&ret->order, secp256k1_scalar_consts_order, sizeof(secp256k1_scalar_consts_order));
#endif
#ifdef USE_ENDOMORPHISM
static const unsigned char secp256k1_scalar_consts_a1b2[] = {
0x30,0x86,0xd2,0x21,0xa7,0xd4,0x6b,0xcd,
@ -72,12 +84,17 @@ static void secp256k1_scalar_stop(void) { @@ -72,12 +84,17 @@ static void secp256k1_scalar_stop(void) {
free(c);
}
#ifndef USE_NUM_NONE
static void secp256k1_scalar_get_num(secp256k1_num_t *r, const secp256k1_scalar_t *a) {
unsigned char c[32];
secp256k1_scalar_get_b32(c, a);
secp256k1_num_set_bin(r, c, 32);
}
static void secp256k1_scalar_order_get_num(secp256k1_num_t *r) {
*r = secp256k1_scalar_consts->order;
}
#endif
static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
/* First compute x ^ (2^N - 1) for some values of N. */
@ -238,7 +255,7 @@ static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_ @@ -238,7 +255,7 @@ static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_
secp256k1_scalar_get_b32(b, x);
secp256k1_num_t n;
secp256k1_num_set_bin(&n, b, 32);
secp256k1_num_mod_inverse(&n, &n, &secp256k1_ge_consts->order);
secp256k1_num_mod_inverse(&n, &n, &secp256k1_scalar_consts->order);
secp256k1_num_get_bin(b, 32, &n);
secp256k1_scalar_set_b32(r, b, NULL);
#else
@ -256,19 +273,18 @@ static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_ @@ -256,19 +273,18 @@ static void secp256k1_scalar_split_lambda_var(secp256k1_scalar_t *r1, secp256k1_
secp256k1_num_t rn1, rn2;
const secp256k1_scalar_consts_t *c = secp256k1_scalar_consts;
const secp256k1_num_t *order = &secp256k1_ge_consts->order;
secp256k1_num_t bnc1, bnc2, bnt1, bnt2, bnn2;
secp256k1_num_copy(&bnn2, order);
secp256k1_num_copy(&bnn2, &c->order);
secp256k1_num_shift(&bnn2, 1);
secp256k1_num_mul(&bnc1, &na, &c->a1b2);
secp256k1_num_add(&bnc1, &bnc1, &bnn2);
secp256k1_num_div(&bnc1, &bnc1, order);
secp256k1_num_div(&bnc1, &bnc1, &c->order);
secp256k1_num_mul(&bnc2, &na, &c->b1);
secp256k1_num_add(&bnc2, &bnc2, &bnn2);
secp256k1_num_div(&bnc2, &bnc2, order);
secp256k1_num_div(&bnc2, &bnc2, &c->order);
secp256k1_num_mul(&bnt1, &bnc1, &c->a1b2);
secp256k1_num_mul(&bnt2, &bnc2, &c->a2);

154
src/tests.c

@ -23,23 +23,13 @@ @@ -23,23 +23,13 @@
static int count = 64;
/***** NUM TESTS *****/
void random_num_negate(secp256k1_num_t *num) {
if (secp256k1_rand32() & 1)
secp256k1_num_negate(num);
}
void random_field_element_test(secp256k1_fe_t *fe) {
do {
unsigned char b32[32];
secp256k1_rand256_test(b32);
secp256k1_num_t num;
secp256k1_num_set_bin(&num, b32, 32);
if (secp256k1_num_cmp(&num, &secp256k1_fe_consts->p) >= 0)
continue;
VERIFY_CHECK(secp256k1_fe_set_b32(fe, b32));
break;
if (secp256k1_fe_set_b32(fe, b32)) {
break;
}
} while(1);
}
@ -75,19 +65,6 @@ void random_group_element_jacobian_test(secp256k1_gej_t *gej, const secp256k1_ge @@ -75,19 +65,6 @@ void random_group_element_jacobian_test(secp256k1_gej_t *gej, const secp256k1_ge
gej->infinity = ge->infinity;
}
void random_num_order_test(secp256k1_num_t *num) {
do {
unsigned char b32[32];
secp256k1_rand256_test(b32);
secp256k1_num_set_bin(num, b32, 32);
if (secp256k1_num_is_zero(num))
continue;
if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0)
continue;
break;
} while(1);
}
void random_scalar_order_test(secp256k1_scalar_t *num) {
do {
unsigned char b32[32];
@ -112,17 +89,24 @@ void random_scalar_order(secp256k1_scalar_t *num) { @@ -112,17 +89,24 @@ void random_scalar_order(secp256k1_scalar_t *num) {
} while(1);
}
/***** NUM TESTS *****/
#ifndef USE_NUM_NONE
void random_num_negate(secp256k1_num_t *num) {
if (secp256k1_rand32() & 1)
secp256k1_num_negate(num);
}
void random_num_order_test(secp256k1_num_t *num) {
secp256k1_scalar_t sc;
random_scalar_order_test(&sc);
secp256k1_scalar_get_num(num, &sc);
}
void random_num_order(secp256k1_num_t *num) {
do {
unsigned char b32[32];
secp256k1_rand256(b32);
secp256k1_num_set_bin(num, b32, 32);
if (secp256k1_num_is_zero(num))
continue;
if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0)
continue;
break;
} while(1);
secp256k1_scalar_t sc;
random_scalar_order(&sc);
secp256k1_scalar_get_num(num, &sc);
}
void test_num_get_set_bin(void) {
@ -201,6 +185,7 @@ void run_num_smalltests(void) { @@ -201,6 +185,7 @@ void run_num_smalltests(void) {
test_num_add_sub();
}
}
#endif
/***** SCALAR TESTS *****/
@ -208,29 +193,29 @@ void scalar_test(void) { @@ -208,29 +193,29 @@ void scalar_test(void) {
unsigned char c[32];
/* Set 's' to a random scalar, with value 'snum'. */
secp256k1_rand256_test(c);
secp256k1_scalar_t s;
secp256k1_scalar_set_b32(&s, c, NULL);
secp256k1_num_t snum;
secp256k1_num_set_bin(&snum, c, 32);
secp256k1_num_mod(&snum, &secp256k1_ge_consts->order);
random_scalar_order_test(&s);
/* Set 's1' to a random scalar, with value 's1num'. */
secp256k1_rand256_test(c);
secp256k1_scalar_t s1;
secp256k1_scalar_set_b32(&s1, c, NULL);
secp256k1_num_t s1num;
secp256k1_num_set_bin(&s1num, c, 32);
secp256k1_num_mod(&s1num, &secp256k1_ge_consts->order);
random_scalar_order_test(&s1);
/* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */
secp256k1_rand256_test(c);
secp256k1_scalar_t s2;
int overflow = 0;
secp256k1_scalar_set_b32(&s2, c, &overflow);
secp256k1_num_t s2num;
secp256k1_num_set_bin(&s2num, c, 32);
secp256k1_num_mod(&s2num, &secp256k1_ge_consts->order);
random_scalar_order_test(&s2);
secp256k1_scalar_get_b32(c, &s2);
#ifndef USE_NUM_NONE
secp256k1_num_t snum, s1num, s2num;
secp256k1_scalar_get_num(&snum, &s);
secp256k1_scalar_get_num(&s1num, &s1);
secp256k1_scalar_get_num(&s2num, &s2);
secp256k1_num_t order;
secp256k1_scalar_order_get_num(&order);
secp256k1_num_t half_order = order;
secp256k1_num_shift(&half_order, 1);
#endif
{
/* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */
@ -268,22 +253,12 @@ void scalar_test(void) { @@ -268,22 +253,12 @@ void scalar_test(void) {
CHECK(secp256k1_scalar_eq(&n, &s));
}
{
/* Test that get_b32 returns the same as get_bin on the number. */
unsigned char r1[32];
secp256k1_scalar_get_b32(r1, &s2);
unsigned char r2[32];
secp256k1_num_get_bin(r2, 32, &s2num);
CHECK(memcmp(r1, r2, 32) == 0);
/* If no overflow occurred when assigning, it should also be equal to the original byte array. */
CHECK((memcmp(r1, c, 32) == 0) == (overflow == 0));
}
#ifndef USE_NUM_NONE
{
/* Test that adding the scalars together is equal to adding their numbers together modulo the order. */
secp256k1_num_t rnum;
secp256k1_num_add(&rnum, &snum, &s2num);
secp256k1_num_mod(&rnum, &secp256k1_ge_consts->order);
secp256k1_num_mod(&rnum, &order);
secp256k1_scalar_t r;
secp256k1_scalar_add(&r, &s, &s2);
secp256k1_num_t r2num;
@ -295,7 +270,7 @@ void scalar_test(void) { @@ -295,7 +270,7 @@ void scalar_test(void) {
/* Test that multipying the scalars is equal to multiplying their numbers modulo the order. */
secp256k1_num_t rnum;
secp256k1_num_mul(&rnum, &snum, &s2num);
secp256k1_num_mod(&rnum, &secp256k1_ge_consts->order);
secp256k1_num_mod(&rnum, &order);
secp256k1_scalar_t r;
secp256k1_scalar_mul(&r, &s, &s2);
secp256k1_num_t r2num;
@ -312,14 +287,14 @@ void scalar_test(void) { @@ -312,14 +287,14 @@ void scalar_test(void) {
/* Check that comparison with zero matches comparison with zero on the number. */
CHECK(secp256k1_num_is_zero(&snum) == secp256k1_scalar_is_zero(&s));
/* Check that comparison with the half order is equal to testing for high scalar. */
CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &secp256k1_ge_consts->half_order) > 0));
CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &half_order) > 0));
secp256k1_scalar_t neg;
secp256k1_scalar_negate(&neg, &s);
secp256k1_num_t negnum;
secp256k1_num_sub(&negnum, &secp256k1_ge_consts->order, &snum);
secp256k1_num_mod(&negnum, &secp256k1_ge_consts->order);
secp256k1_num_sub(&negnum, &order, &snum);
secp256k1_num_mod(&negnum, &order);
/* Check that comparison with the half order is equal to testing for high scalar after negation. */
CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &secp256k1_ge_consts->half_order) > 0));
CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &half_order) > 0));
/* Negating should change the high property, unless the value was already zero. */
CHECK((secp256k1_scalar_is_high(&s) == secp256k1_scalar_is_high(&neg)) == secp256k1_scalar_is_zero(&s));
secp256k1_num_t negnum2;
@ -333,17 +308,20 @@ void scalar_test(void) { @@ -333,17 +308,20 @@ void scalar_test(void) {
/* Negating zero should still result in zero. */
CHECK(secp256k1_scalar_is_zero(&neg));
}
#endif
{
/* Test that scalar inverses are equal to the inverse of their number modulo the order. */
if (!secp256k1_scalar_is_zero(&s)) {
secp256k1_scalar_t inv;
secp256k1_scalar_inverse(&inv, &s);
#ifndef USE_NUM_NONE
secp256k1_num_t invnum;
secp256k1_num_mod_inverse(&invnum, &snum, &secp256k1_ge_consts->order);
secp256k1_num_mod_inverse(&invnum, &snum, &order);
secp256k1_num_t invnum2;
secp256k1_scalar_get_num(&invnum2, &inv);
CHECK(secp256k1_num_eq(&invnum, &invnum2));
#endif
secp256k1_scalar_mul(&inv, &inv, &s);
/* Multiplying a scalar with its inverse must result in one. */
CHECK(secp256k1_scalar_is_one(&inv));
@ -431,6 +409,30 @@ void run_scalar_tests(void) { @@ -431,6 +409,30 @@ void run_scalar_tests(void) {
for (int i = 0; i < 128 * count; i++) {
scalar_test();
}
{
// (-1)+1 should be zero.
secp256k1_scalar_t s, o;
secp256k1_scalar_set_int(&s, 1);
secp256k1_scalar_negate(&o, &s);
secp256k1_scalar_add(&o, &o, &s);
CHECK(secp256k1_scalar_is_zero(&o));
}
#ifndef USE_NUM_NONE
{
// A scalar with value of the curve order should be 0.
secp256k1_num_t order;
secp256k1_scalar_order_get_num(&order);
unsigned char bin[32];
secp256k1_num_get_bin(bin, 32, &order);
secp256k1_scalar_t zero;
int overflow = 0;
secp256k1_scalar_set_b32(&zero, bin, &overflow);
CHECK(overflow == 1);
CHECK(secp256k1_scalar_is_zero(&zero));
}
#endif
}
/***** FIELD TESTS *****/
@ -868,11 +870,11 @@ void test_ecdsa_end_to_end(void) { @@ -868,11 +870,11 @@ void test_ecdsa_end_to_end(void) {
/* Generate a random key and message. */
{
secp256k1_num_t msg, key;
random_num_order_test(&msg);
random_num_order_test(&key);
secp256k1_num_get_bin(privkey, 32, &key);
secp256k1_num_get_bin(message, 32, &msg);
secp256k1_scalar_t msg, key;
random_scalar_order_test(&msg);
random_scalar_order_test(&key);
secp256k1_scalar_get_b32(privkey, &key);
secp256k1_scalar_get_b32(message, &msg);
}
/* Construct and verify corresponding public key. */
@ -1119,8 +1121,10 @@ int main(int argc, char **argv) { @@ -1119,8 +1121,10 @@ int main(int argc, char **argv) {
/* initialize */
secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY);
#ifndef USE_NUM_NONE
/* num tests */
run_num_smalltests();
#endif
/* scalar tests */
run_scalar_tests();

Loading…
Cancel
Save