Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests_exhaustive.c
| Show All 20 Lines | |||||
| #endif | #endif | ||||
| #include "include/secp256k1.h" | #include "include/secp256k1.h" | ||||
| #include "assumptions.h" | #include "assumptions.h" | ||||
| #include "group.h" | #include "group.h" | ||||
| #include "secp256k1.c" | #include "secp256k1.c" | ||||
| #include "testrand_impl.h" | #include "testrand_impl.h" | ||||
| static int count = 2; | |||||
| /** stolen from tests.c */ | /** stolen from tests.c */ | ||||
| void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { | void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { | ||||
| CHECK(a->infinity == b->infinity); | CHECK(a->infinity == b->infinity); | ||||
| if (a->infinity) { | if (a->infinity) { | ||||
| return; | return; | ||||
| } | } | ||||
| CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); | CHECK(secp256k1_fe_equal_var(&a->x, &b->x)); | ||||
| CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); | CHECK(secp256k1_fe_equal_var(&a->y, &b->y)); | ||||
| ▲ Show 20 Lines • Show All 282 Lines • ▼ Show 20 Lines | void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||
| * computationally bounded attacker.) | * computationally bounded attacker.) | ||||
| */ | */ | ||||
| } | } | ||||
| #ifdef ENABLE_MODULE_RECOVERY | #ifdef ENABLE_MODULE_RECOVERY | ||||
| #include "src/modules/recovery/tests_exhaustive_impl.h" | #include "src/modules/recovery/tests_exhaustive_impl.h" | ||||
| #endif | #endif | ||||
| int main(void) { | int main(int argc, char** argv) { | ||||
| int i; | int i; | ||||
| secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; | secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; | ||||
| secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; | secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; | ||||
| unsigned char rand32[32]; | |||||
| secp256k1_context *ctx; | |||||
| /* Build context */ | printf("Exhaustive tests for order %lu\n", (unsigned long)EXHAUSTIVE_TEST_ORDER); | ||||
| secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); | |||||
| /* find iteration count */ | |||||
| if (argc > 1) { | |||||
| count = strtol(argv[1], NULL, 0); | |||||
| } | |||||
| printf("test count = %i\n", count); | |||||
| /* TODO set z = 1, then do num_tests runs with random z values */ | /* find random seed */ | ||||
| secp256k1_rand_init(argc > 2 ? argv[2] : NULL); | |||||
| while (count--) { | |||||
| /* Build context */ | |||||
| ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); | |||||
| secp256k1_rand256(rand32); | |||||
| CHECK(secp256k1_context_randomize(ctx, rand32)); | |||||
| /* Generate the entire group */ | /* Generate the entire group */ | ||||
| secp256k1_gej_set_infinity(&groupj[0]); | secp256k1_gej_set_infinity(&groupj[0]); | ||||
| secp256k1_ge_set_gej(&group[0], &groupj[0]); | secp256k1_ge_set_gej(&group[0], &groupj[0]); | ||||
| for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { | for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||
| /* Set a different random z-value for each Jacobian point */ | |||||
| secp256k1_fe z; | |||||
| random_fe(&z); | |||||
| secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); | secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); | ||||
| secp256k1_ge_set_gej(&group[i], &groupj[i]); | secp256k1_ge_set_gej(&group[i], &groupj[i]); | ||||
| if (count != 0) { | |||||
| /* Set a different random z-value for each Jacobian point, except z=1 | |||||
| is used in the last iteration. */ | |||||
| secp256k1_fe z; | |||||
| random_fe(&z); | |||||
| secp256k1_gej_rescale(&groupj[i], &z); | secp256k1_gej_rescale(&groupj[i], &z); | ||||
| } | |||||
| /* Verify against ecmult_gen */ | /* Verify against ecmult_gen */ | ||||
| { | { | ||||
| secp256k1_scalar scalar_i; | secp256k1_scalar scalar_i; | ||||
| secp256k1_gej generatedj; | secp256k1_gej generatedj; | ||||
| secp256k1_ge generated; | secp256k1_ge generated; | ||||
| secp256k1_scalar_set_int(&scalar_i, i); | secp256k1_scalar_set_int(&scalar_i, i); | ||||
| secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); | ||||
| secp256k1_ge_set_gej(&generated, &generatedj); | secp256k1_ge_set_gej(&generated, &generatedj); | ||||
| CHECK(group[i].infinity == 0); | CHECK(group[i].infinity == 0); | ||||
| CHECK(generated.infinity == 0); | CHECK(generated.infinity == 0); | ||||
| CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); | CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); | ||||
| CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); | CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); | ||||
| } | } | ||||
| } | } | ||||
| /* Run the tests */ | /* Run the tests */ | ||||
| #ifdef USE_ENDOMORPHISM | #ifdef USE_ENDOMORPHISM | ||||
| test_exhaustive_endomorphism(group); | test_exhaustive_endomorphism(group); | ||||
| #endif | #endif | ||||
| test_exhaustive_addition(group, groupj); | test_exhaustive_addition(group, groupj); | ||||
| test_exhaustive_ecmult(ctx, group, groupj); | test_exhaustive_ecmult(ctx, group, groupj); | ||||
| test_exhaustive_ecmult_multi(ctx, group); | test_exhaustive_ecmult_multi(ctx, group); | ||||
| test_exhaustive_sign(ctx, group); | test_exhaustive_sign(ctx, group); | ||||
| test_exhaustive_verify(ctx, group); | test_exhaustive_verify(ctx, group); | ||||
| #ifdef ENABLE_MODULE_RECOVERY | #ifdef ENABLE_MODULE_RECOVERY | ||||
| test_exhaustive_recovery(ctx, group); | test_exhaustive_recovery(ctx, group); | ||||
| #endif | #endif | ||||
| secp256k1_context_destroy(ctx); | secp256k1_context_destroy(ctx); | ||||
| } | |||||
| secp256k1_rand_finish(); | |||||
| printf("no problems found\n"); | |||||
| return 0; | return 0; | ||||
| } | } | ||||