Page MenuHomePhabricator
Differential D8044 Diff 24969 src/secp256k1/src/tests.c

Changeset View

Standalone View

View Options

src/secp256k1/src/tests.c

Show First 20 LinesShow All 2,096 Lines▼ Show 20 Linesvoid ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) {
secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z); secp256k1_fe_mul(&s1, &a->y, &z2s); secp256k1_fe_mul(&s1, &s1, &b->z);
s2 = b->y; secp256k1_fe_normalize_weak(&s2); s2 = b->y; secp256k1_fe_normalize_weak(&s2);
CHECK(secp256k1_fe_equal_var(&u1, &u2)); CHECK(secp256k1_fe_equal_var(&u1, &u2));
CHECK(secp256k1_fe_equal_var(&s1, &s2)); CHECK(secp256k1_fe_equal_var(&s1, &s2));
} }
void test_ge(void) { void test_ge(void) {
int i, i1; int i, i1;
#ifdef USE_ENDOMORPHISM
int runs = 6; int runs = 6;
#else /* 25 points are used:
int runs = 4; * - infinity
#endif * - for each of four random points p1 p2 p3 p4, we add the point, its
/* Points: (infinity, p1, p1, -p1, -p1, p2, p2, -p2, -p2, p3, p3, -p3, -p3, p4, p4, -p4, -p4). * negation, and then those two again but with randomized Z coordinate.
* The second in each pair of identical points uses a random Z coordinate in the Jacobian form. * - The same is then done for lambda*p1 and lambda^2*p1.
* All magnitudes are randomized.
* All 17*17 combinations of points are added to each other, using all applicable methods.
*
* When the endomorphism code is compiled in, p5 = lambda*p1 and p6 = lambda^2*p1 are added as well.
*/ */
secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs));
secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs));
secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs)); secp256k1_fe *zinv = (secp256k1_fe *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_fe) * (1 + 4 * runs));
secp256k1_fe zf; secp256k1_fe zf;
secp256k1_fe zfi2, zfi3; secp256k1_fe zfi2, zfi3;
secp256k1_gej_set_infinity(&gej[0]); secp256k1_gej_set_infinity(&gej[0]);
secp256k1_ge_clear(&ge[0]); secp256k1_ge_clear(&ge[0]);
secp256k1_ge_set_gej_var(&ge[0], &gej[0]); secp256k1_ge_set_gej_var(&ge[0], &gej[0]);
for (i = 0; i < runs; i++) { for (i = 0; i < runs; i++) {
int j; int j;
secp256k1_ge g; secp256k1_ge g;
random_group_element_test(&g); random_group_element_test(&g);
#ifdef USE_ENDOMORPHISM
if (i >= runs - 2) { if (i >= runs - 2) {
secp256k1_ge_mul_lambda(&g, &ge[1]); secp256k1_ge_mul_lambda(&g, &ge[1]);
} }
if (i >= runs - 1) { if (i >= runs - 1) {
secp256k1_ge_mul_lambda(&g, &g); secp256k1_ge_mul_lambda(&g, &g);
} }
#endif
ge[1 + 4 * i] = g; ge[1 + 4 * i] = g;
ge[2 + 4 * i] = g; ge[2 + 4 * i] = g;
secp256k1_ge_neg(&ge[3 + 4 * i], &g); secp256k1_ge_neg(&ge[3 + 4 * i], &g);
secp256k1_ge_neg(&ge[4 + 4 * i], &g); secp256k1_ge_neg(&ge[4 + 4 * i], &g);
secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]);
random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); random_group_element_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]);
secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]);
random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); random_group_element_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]);
▲ Show 20 LinesShow All 970 Lines▼ Show 20 Linesvoid test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) {
secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty); secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty);
} }
void test_secp256k1_pippenger_bucket_window_inv(void) { void test_secp256k1_pippenger_bucket_window_inv(void) {
int i; int i;
CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0); CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0);
for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) {
#ifdef USE_ENDOMORPHISM
/* Bucket_window of 8 is not used with endo */ /* Bucket_window of 8 is not used with endo */
if (i == 8) { if (i == 8) {
continue; continue;
} }
#endif
CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i); CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i);
if (i != PIPPENGER_MAX_BUCKET_WINDOW) { if (i != PIPPENGER_MAX_BUCKET_WINDOW) {
CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i); CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i);
} }
} }
} }
/** /**
▲ Show 20 LinesShow All 226 Lines▼ Show 20 Linesvoid test_constant_wnaf(const secp256k1_scalar *number, int w) {
int i; int i;
int skew; int skew;
int bits = 256; int bits = 256;
secp256k1_scalar num = *number; secp256k1_scalar num = *number;
secp256k1_scalar scalar_skew; secp256k1_scalar scalar_skew;
secp256k1_scalar_set_int(&x, 0); secp256k1_scalar_set_int(&x, 0);
secp256k1_scalar_set_int(&shift, 1 << w); secp256k1_scalar_set_int(&shift, 1 << w);
/* With USE_ENDOMORPHISM on we only consider 128-bit numbers */
#ifdef USE_ENDOMORPHISM
for (i = 0; i < 16; ++i) { for (i = 0; i < 16; ++i) {
secp256k1_scalar_shr_int(&num, 8); secp256k1_scalar_shr_int(&num, 8);
} }
bits = 128; bits = 128;
#endif
skew = secp256k1_wnaf_const(wnaf, &num, w, bits); skew = secp256k1_wnaf_const(wnaf, &num, w, bits);
for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) {
secp256k1_scalar t; secp256k1_scalar t;
int v = wnaf[i]; int v = wnaf[i];
CHECK(v != 0); /* check nonzero */ CHECK(v != 0); /* check nonzero */
CHECK(v & 1); /* check parity */ CHECK(v & 1); /* check parity */
CHECK(v > -(1 << w)); /* check range above */ CHECK(v > -(1 << w)); /* check range above */
Show All 18 Linesvoid test_fixed_wnaf(const secp256k1_scalar *number, int w) {
secp256k1_scalar x, shift; secp256k1_scalar x, shift;
int wnaf[256] = {0}; int wnaf[256] = {0};
int i; int i;
int skew; int skew;
secp256k1_scalar num = *number; secp256k1_scalar num = *number;
secp256k1_scalar_set_int(&x, 0); secp256k1_scalar_set_int(&x, 0);
secp256k1_scalar_set_int(&shift, 1 << w); secp256k1_scalar_set_int(&shift, 1 << w);
/* With USE_ENDOMORPHISM on we only consider 128-bit numbers */
#ifdef USE_ENDOMORPHISM
for (i = 0; i < 16; ++i) { for (i = 0; i < 16; ++i) {
secp256k1_scalar_shr_int(&num, 8); secp256k1_scalar_shr_int(&num, 8);
} }
#endif
skew = secp256k1_wnaf_fixed(wnaf, &num, w); skew = secp256k1_wnaf_fixed(wnaf, &num, w);
for (i = WNAF_SIZE(w)-1; i >= 0; --i) { for (i = WNAF_SIZE(w)-1; i >= 0; --i) {
secp256k1_scalar t; secp256k1_scalar t;
int v = wnaf[i]; int v = wnaf[i];
CHECK(v == 0 || v & 1); /* check parity */ CHECK(v == 0 || v & 1); /* check parity */
CHECK(v > -(1 << w)); /* check range above */ CHECK(v > -(1 << w)); /* check range above */
CHECK(v < (1 << w)); /* check range below */ CHECK(v < (1 << w)); /* check range below */
▲ Show 20 LinesShow All 199 Lines▼ Show 20 Lines
void run_ecmult_gen_blind(void) { void run_ecmult_gen_blind(void) {
int i; int i;
test_ecmult_gen_blind_reset(); test_ecmult_gen_blind_reset();
for (i = 0; i < 10; i++) { for (i = 0; i < 10; i++) {
test_ecmult_gen_blind(); test_ecmult_gen_blind();
} }
} }
#ifdef USE_ENDOMORPHISM
/***** ENDOMORPHISH TESTS *****/ /***** ENDOMORPHISH TESTS *****/
void test_scalar_split(const secp256k1_scalar* full) { void test_scalar_split(const secp256k1_scalar* full) {
secp256k1_scalar s, s1, slam; secp256k1_scalar s, s1, slam;
const unsigned char zero[32] = {0}; const unsigned char zero[32] = {0};
unsigned char tmp[32]; unsigned char tmp[32];
secp256k1_scalar_split_lambda(&s1, &slam, full); secp256k1_scalar_split_lambda(&s1, &slam, full);
Show All 32 Lines for (i = 0; i < 100U * count; ++i) {
secp256k1_scalar full; secp256k1_scalar full;
random_scalar_order_test(&full); random_scalar_order_test(&full);
test_scalar_split(&full); test_scalar_split(&full);
} }
for (i = 0; i < sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); ++i) { for (i = 0; i < sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); ++i) {
test_scalar_split(&scalars_near_split_bounds[i]); test_scalar_split(&scalars_near_split_bounds[i]);
} }
} }
#endif
void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) {
unsigned char pubkeyc[65]; unsigned char pubkeyc[65];
secp256k1_pubkey pubkey; secp256k1_pubkey pubkey;
secp256k1_ge ge; secp256k1_ge ge;
size_t pubkeyclen; size_t pubkeyclen;
int32_t ecount; int32_t ecount;
ecount = 0; ecount = 0;
▲ Show 20 LinesShow All 2,010 Lines▼ Show 20 Lines#endif
run_ecmult_chain(); run_ecmult_chain();
run_ecmult_constants(); run_ecmult_constants();
run_ecmult_gen_blind(); run_ecmult_gen_blind();
run_ecmult_const_tests(); run_ecmult_const_tests();
run_ecmult_multi_tests(); run_ecmult_multi_tests();
run_ec_combine(); run_ec_combine();
/* endomorphism tests */ /* endomorphism tests */
#ifdef USE_ENDOMORPHISM
run_endomorphism_tests(); run_endomorphism_tests();
#endif
/* EC point parser test */ /* EC point parser test */
run_ec_pubkey_parse_test(); run_ec_pubkey_parse_test();
/* EC key edge cases */ /* EC key edge cases */
run_eckey_edge_case_test(); run_eckey_edge_case_test();
/* EC key arithmetic test */ /* EC key arithmetic test */
▲ Show 20 LinesShow All 52 LinesShow Last 20 Lines