Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests.c
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 630 Lines • ▼ Show 20 Lines | void run_rand_int(void) { | ||||
unsigned int m, s; | unsigned int m, s; | ||||
for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { | for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { | ||||
for (s = 0; s < sizeof(ss) / sizeof(ss[0]); s++) { | for (s = 0; s < sizeof(ss) / sizeof(ss[0]); s++) { | ||||
test_rand_int(ms[m] * ss[s], ss[s]); | test_rand_int(ms[m] * ss[s], ss[s]); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
/***** NUM TESTS *****/ | |||||
#ifndef USE_NUM_NONE | |||||
void random_num_negate(secp256k1_num *num) { | |||||
if (secp256k1_testrand_bits(1)) { | |||||
secp256k1_num_negate(num); | |||||
} | |||||
} | |||||
void random_num_order_test(secp256k1_num *num) { | |||||
secp256k1_scalar sc; | |||||
random_scalar_order_test(&sc); | |||||
secp256k1_scalar_get_num(num, &sc); | |||||
} | |||||
void random_num_order(secp256k1_num *num) { | |||||
secp256k1_scalar sc; | |||||
random_scalar_order(&sc); | |||||
secp256k1_scalar_get_num(num, &sc); | |||||
} | |||||
void test_num_negate(void) { | |||||
secp256k1_num n1; | |||||
secp256k1_num n2; | |||||
random_num_order_test(&n1); /* n1 = R */ | |||||
random_num_negate(&n1); | |||||
secp256k1_num_copy(&n2, &n1); /* n2 = R */ | |||||
secp256k1_num_sub(&n1, &n2, &n1); /* n1 = n2-n1 = 0 */ | |||||
CHECK(secp256k1_num_is_zero(&n1)); | |||||
secp256k1_num_copy(&n1, &n2); /* n1 = R */ | |||||
secp256k1_num_negate(&n1); /* n1 = -R */ | |||||
CHECK(!secp256k1_num_is_zero(&n1)); | |||||
secp256k1_num_add(&n1, &n2, &n1); /* n1 = n2+n1 = 0 */ | |||||
CHECK(secp256k1_num_is_zero(&n1)); | |||||
secp256k1_num_copy(&n1, &n2); /* n1 = R */ | |||||
secp256k1_num_negate(&n1); /* n1 = -R */ | |||||
CHECK(secp256k1_num_is_neg(&n1) != secp256k1_num_is_neg(&n2)); | |||||
secp256k1_num_negate(&n1); /* n1 = R */ | |||||
CHECK(secp256k1_num_eq(&n1, &n2)); | |||||
} | |||||
void test_num_add_sub(void) { | |||||
int i; | |||||
secp256k1_scalar s; | |||||
secp256k1_num n1; | |||||
secp256k1_num n2; | |||||
secp256k1_num n1p2, n2p1, n1m2, n2m1; | |||||
random_num_order_test(&n1); /* n1 = R1 */ | |||||
if (secp256k1_testrand_bits(1)) { | |||||
random_num_negate(&n1); | |||||
} | |||||
random_num_order_test(&n2); /* n2 = R2 */ | |||||
if (secp256k1_testrand_bits(1)) { | |||||
random_num_negate(&n2); | |||||
} | |||||
secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ | |||||
secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ | |||||
secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ | |||||
secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ | |||||
CHECK(secp256k1_num_eq(&n1p2, &n2p1)); | |||||
CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); | |||||
secp256k1_num_negate(&n2m1); /* n2m1 = -R2 + R1 */ | |||||
CHECK(secp256k1_num_eq(&n2m1, &n1m2)); | |||||
CHECK(!secp256k1_num_eq(&n2m1, &n1)); | |||||
secp256k1_num_add(&n2m1, &n2m1, &n2); /* n2m1 = -R2 + R1 + R2 = R1 */ | |||||
CHECK(secp256k1_num_eq(&n2m1, &n1)); | |||||
CHECK(!secp256k1_num_eq(&n2p1, &n1)); | |||||
secp256k1_num_sub(&n2p1, &n2p1, &n2); /* n2p1 = R2 + R1 - R2 = R1 */ | |||||
CHECK(secp256k1_num_eq(&n2p1, &n1)); | |||||
/* check is_one */ | |||||
secp256k1_scalar_set_int(&s, 1); | |||||
secp256k1_scalar_get_num(&n1, &s); | |||||
CHECK(secp256k1_num_is_one(&n1)); | |||||
/* check that 2^n + 1 is never 1 */ | |||||
secp256k1_scalar_get_num(&n2, &s); | |||||
for (i = 0; i < 250; ++i) { | |||||
secp256k1_num_add(&n1, &n1, &n1); /* n1 *= 2 */ | |||||
secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = n1 + 1 */ | |||||
CHECK(!secp256k1_num_is_one(&n1p2)); | |||||
} | |||||
} | |||||
void test_num_mod(void) { | |||||
int i; | |||||
secp256k1_scalar s; | |||||
secp256k1_num order, n; | |||||
/* check that 0 mod anything is 0 */ | |||||
random_scalar_order_test(&s); | |||||
secp256k1_scalar_get_num(&order, &s); | |||||
secp256k1_scalar_set_int(&s, 0); | |||||
secp256k1_scalar_get_num(&n, &s); | |||||
secp256k1_num_mod(&n, &order); | |||||
CHECK(secp256k1_num_is_zero(&n)); | |||||
/* check that anything mod 1 is 0 */ | |||||
secp256k1_scalar_set_int(&s, 1); | |||||
secp256k1_scalar_get_num(&order, &s); | |||||
secp256k1_scalar_get_num(&n, &s); | |||||
secp256k1_num_mod(&n, &order); | |||||
CHECK(secp256k1_num_is_zero(&n)); | |||||
/* check that increasing the number past 2^256 does not break this */ | |||||
random_scalar_order_test(&s); | |||||
secp256k1_scalar_get_num(&n, &s); | |||||
/* multiply by 2^8, which'll test this case with high probability */ | |||||
for (i = 0; i < 8; ++i) { | |||||
secp256k1_num_add(&n, &n, &n); | |||||
} | |||||
secp256k1_num_mod(&n, &order); | |||||
CHECK(secp256k1_num_is_zero(&n)); | |||||
} | |||||
void test_num_jacobi(void) { | |||||
secp256k1_scalar sqr; | |||||
secp256k1_scalar small; | |||||
secp256k1_scalar five; /* five is not a quadratic residue */ | |||||
secp256k1_num order, n; | |||||
int i; | |||||
/* squares mod 5 are 1, 4 */ | |||||
const int jacobi5[10] = { 0, 1, -1, -1, 1, 0, 1, -1, -1, 1 }; | |||||
/* check some small values with 5 as the order */ | |||||
secp256k1_scalar_set_int(&five, 5); | |||||
secp256k1_scalar_get_num(&order, &five); | |||||
for (i = 0; i < 10; ++i) { | |||||
secp256k1_scalar_set_int(&small, i); | |||||
secp256k1_scalar_get_num(&n, &small); | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == jacobi5[i]); | |||||
} | |||||
/** test large values with 5 as group order */ | |||||
secp256k1_scalar_get_num(&order, &five); | |||||
/* we first need a scalar which is not a multiple of 5 */ | |||||
do { | |||||
secp256k1_num fiven; | |||||
random_scalar_order_test(&sqr); | |||||
secp256k1_scalar_get_num(&fiven, &five); | |||||
secp256k1_scalar_get_num(&n, &sqr); | |||||
secp256k1_num_mod(&n, &fiven); | |||||
} while (secp256k1_num_is_zero(&n)); | |||||
/* next force it to be a residue. 2 is a nonresidue mod 5 so we can | |||||
* just multiply by two, i.e. add the number to itself */ | |||||
if (secp256k1_num_jacobi(&n, &order) == -1) { | |||||
secp256k1_num_add(&n, &n, &n); | |||||
} | |||||
/* test residue */ | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == 1); | |||||
/* test nonresidue */ | |||||
secp256k1_num_add(&n, &n, &n); | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == -1); | |||||
/** test with secp group order as order */ | |||||
secp256k1_scalar_order_get_num(&order); | |||||
random_scalar_order_test(&sqr); | |||||
secp256k1_scalar_mul(&sqr, &sqr, &sqr); | |||||
/* test residue */ | |||||
secp256k1_scalar_get_num(&n, &sqr); | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == 1); | |||||
/* test nonresidue */ | |||||
secp256k1_scalar_mul(&sqr, &sqr, &five); | |||||
secp256k1_scalar_get_num(&n, &sqr); | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == -1); | |||||
/* test multiple of the order*/ | |||||
CHECK(secp256k1_num_jacobi(&order, &order) == 0); | |||||
/* check one less than the order */ | |||||
secp256k1_scalar_set_int(&small, 1); | |||||
secp256k1_scalar_get_num(&n, &small); | |||||
secp256k1_num_sub(&n, &order, &n); | |||||
CHECK(secp256k1_num_jacobi(&n, &order) == 1); /* sage confirms this is 1 */ | |||||
} | |||||
void run_num_smalltests(void) { | |||||
int i; | |||||
for (i = 0; i < 100*count; i++) { | |||||
test_num_negate(); | |||||
test_num_add_sub(); | |||||
test_num_mod(); | |||||
test_num_jacobi(); | |||||
} | |||||
} | |||||
#endif | |||||
/***** MODINV TESTS *****/ | /***** MODINV TESTS *****/ | ||||
/* Compute the modular inverse of (odd) x mod 2^64. */ | /* Compute the modular inverse of (odd) x mod 2^64. */ | ||||
uint64_t modinv2p64(uint64_t x) { | uint64_t modinv2p64(uint64_t x) { | ||||
/* If w = 1/x mod 2^(2^L), then w*(2 - w*x) = 1/x mod 2^(2^(L+1)). See | /* If w = 1/x mod 2^(2^L), then w*(2 - w*x) = 1/x mod 2^(2^(L+1)). See | ||||
* Hacker's Delight second edition, Henry S. Warren, Jr., pages 245-247 for | * Hacker's Delight second edition, Henry S. Warren, Jr., pages 245-247 for | ||||
* why. Start with L=0, for which it is true for every odd x that | * why. Start with L=0, for which it is true for every odd x that | ||||
* 1/x=1 mod 2. Iterating 6 times gives us 1/x mod 2^64. */ | * 1/x=1 mod 2. Iterating 6 times gives us 1/x mod 2^64. */ | ||||
▲ Show 20 Lines • Show All 426 Lines • ▼ Show 20 Lines | |||||
/***** SCALAR TESTS *****/ | /***** SCALAR TESTS *****/ | ||||
void scalar_test(void) { | void scalar_test(void) { | ||||
secp256k1_scalar s; | secp256k1_scalar s; | ||||
secp256k1_scalar s1; | secp256k1_scalar s1; | ||||
secp256k1_scalar s2; | secp256k1_scalar s2; | ||||
#ifndef USE_NUM_NONE | |||||
secp256k1_num snum, s1num, s2num; | |||||
secp256k1_num order, half_order; | |||||
#endif | |||||
unsigned char c[32]; | unsigned char c[32]; | ||||
/* Set 's' to a random scalar, with value 'snum'. */ | /* Set 's' to a random scalar, with value 'snum'. */ | ||||
random_scalar_order_test(&s); | random_scalar_order_test(&s); | ||||
/* Set 's1' to a random scalar, with value 's1num'. */ | /* Set 's1' to a random scalar, with value 's1num'. */ | ||||
random_scalar_order_test(&s1); | random_scalar_order_test(&s1); | ||||
/* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ | /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ | ||||
random_scalar_order_test(&s2); | random_scalar_order_test(&s2); | ||||
secp256k1_scalar_get_b32(c, &s2); | secp256k1_scalar_get_b32(c, &s2); | ||||
#ifndef USE_NUM_NONE | |||||
secp256k1_scalar_get_num(&snum, &s); | |||||
secp256k1_scalar_get_num(&s1num, &s1); | |||||
secp256k1_scalar_get_num(&s2num, &s2); | |||||
secp256k1_scalar_order_get_num(&order); | |||||
half_order = order; | |||||
secp256k1_num_shift(&half_order, 1); | |||||
#endif | |||||
{ | { | ||||
int i; | int i; | ||||
/* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ | /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ | ||||
secp256k1_scalar n; | secp256k1_scalar n; | ||||
secp256k1_scalar_set_int(&n, 0); | secp256k1_scalar_set_int(&n, 0); | ||||
for (i = 0; i < 256; i += 4) { | for (i = 0; i < 256; i += 4) { | ||||
secp256k1_scalar t; | secp256k1_scalar t; | ||||
int j; | int j; | ||||
Show All 23 Lines | secp256k1_scalar_get_b32(c, &s2); | ||||
secp256k1_scalar_add(&n, &n, &n); | secp256k1_scalar_add(&n, &n, &n); | ||||
} | } | ||||
secp256k1_scalar_add(&n, &n, &t); | secp256k1_scalar_add(&n, &n, &t); | ||||
i += now; | i += now; | ||||
} | } | ||||
CHECK(secp256k1_scalar_eq(&n, &s)); | CHECK(secp256k1_scalar_eq(&n, &s)); | ||||
} | } | ||||
#ifndef USE_NUM_NONE | |||||
{ | |||||
/* Test that adding the scalars together is equal to adding their numbers together modulo the order. */ | |||||
secp256k1_num rnum; | |||||
secp256k1_num r2num; | |||||
secp256k1_scalar r; | |||||
secp256k1_num_add(&rnum, &snum, &s2num); | |||||
secp256k1_num_mod(&rnum, &order); | |||||
secp256k1_scalar_add(&r, &s, &s2); | |||||
secp256k1_scalar_get_num(&r2num, &r); | |||||
CHECK(secp256k1_num_eq(&rnum, &r2num)); | |||||
} | |||||
{ | |||||
/* Test that multiplying the scalars is equal to multiplying their numbers modulo the order. */ | |||||
secp256k1_scalar r; | |||||
secp256k1_num r2num; | |||||
secp256k1_num rnum; | |||||
secp256k1_num_mul(&rnum, &snum, &s2num); | |||||
secp256k1_num_mod(&rnum, &order); | |||||
secp256k1_scalar_mul(&r, &s, &s2); | |||||
secp256k1_scalar_get_num(&r2num, &r); | |||||
CHECK(secp256k1_num_eq(&rnum, &r2num)); | |||||
/* The result can only be zero if at least one of the factors was zero. */ | |||||
CHECK(secp256k1_scalar_is_zero(&r) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_zero(&s2))); | |||||
/* The results can only be equal to one of the factors if that factor was zero, or the other factor was one. */ | |||||
CHECK(secp256k1_num_eq(&rnum, &snum) == (secp256k1_scalar_is_zero(&s) || secp256k1_scalar_is_one(&s2))); | |||||
CHECK(secp256k1_num_eq(&rnum, &s2num) == (secp256k1_scalar_is_zero(&s2) || secp256k1_scalar_is_one(&s))); | |||||
} | |||||
{ | |||||
secp256k1_scalar neg; | |||||
secp256k1_num negnum; | |||||
secp256k1_num negnum2; | |||||
/* Check that comparison with zero matches comparison with zero on the number. */ | |||||
CHECK(secp256k1_num_is_zero(&snum) == secp256k1_scalar_is_zero(&s)); | |||||
/* Check that comparison with the half order is equal to testing for high scalar. */ | |||||
CHECK(secp256k1_scalar_is_high(&s) == (secp256k1_num_cmp(&snum, &half_order) > 0)); | |||||
secp256k1_scalar_negate(&neg, &s); | |||||
secp256k1_num_sub(&negnum, &order, &snum); | |||||
secp256k1_num_mod(&negnum, &order); | |||||
/* Check that comparison with the half order is equal to testing for high scalar after negation. */ | |||||
CHECK(secp256k1_scalar_is_high(&neg) == (secp256k1_num_cmp(&negnum, &half_order) > 0)); | |||||
/* Negating should change the high property, unless the value was already zero. */ | |||||
CHECK((secp256k1_scalar_is_high(&s) == secp256k1_scalar_is_high(&neg)) == secp256k1_scalar_is_zero(&s)); | |||||
secp256k1_scalar_get_num(&negnum2, &neg); | |||||
/* Negating a scalar should be equal to (order - n) mod order on the number. */ | |||||
CHECK(secp256k1_num_eq(&negnum, &negnum2)); | |||||
secp256k1_scalar_add(&neg, &neg, &s); | |||||
/* Adding a number to its negation should result in zero. */ | |||||
CHECK(secp256k1_scalar_is_zero(&neg)); | |||||
secp256k1_scalar_negate(&neg, &neg); | |||||
/* Negating zero should still result in zero. */ | |||||
CHECK(secp256k1_scalar_is_zero(&neg)); | |||||
} | |||||
{ | |||||
/* Test secp256k1_scalar_mul_shift_var. */ | |||||
secp256k1_scalar r; | |||||
secp256k1_num one; | |||||
secp256k1_num rnum; | |||||
secp256k1_num rnum2; | |||||
unsigned char cone[1] = {0x01}; | |||||
unsigned int shift = 256 + secp256k1_testrand_int(257); | |||||
secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); | |||||
secp256k1_num_mul(&rnum, &s1num, &s2num); | |||||
secp256k1_num_shift(&rnum, shift - 1); | |||||
secp256k1_num_set_bin(&one, cone, 1); | |||||
secp256k1_num_add(&rnum, &rnum, &one); | |||||
secp256k1_num_shift(&rnum, 1); | |||||
secp256k1_scalar_get_num(&rnum2, &r); | |||||
CHECK(secp256k1_num_eq(&rnum, &rnum2)); | |||||
} | |||||
{ | { | ||||
/* test secp256k1_scalar_shr_int */ | /* test secp256k1_scalar_shr_int */ | ||||
secp256k1_scalar r; | secp256k1_scalar r; | ||||
int i; | int i; | ||||
random_scalar_order_test(&r); | random_scalar_order_test(&r); | ||||
for (i = 0; i < 100; ++i) { | for (i = 0; i < 100; ++i) { | ||||
int low; | int low; | ||||
int shift = 1 + secp256k1_testrand_int(15); | int shift = 1 + secp256k1_testrand_int(15); | ||||
int expected = r.d[0] % (1 << shift); | int expected = r.d[0] % (1 << shift); | ||||
low = secp256k1_scalar_shr_int(&r, shift); | low = secp256k1_scalar_shr_int(&r, shift); | ||||
CHECK(expected == low); | CHECK(expected == low); | ||||
} | } | ||||
} | } | ||||
#endif | |||||
{ | { | ||||
/* Test commutativity of add. */ | /* Test commutativity of add. */ | ||||
secp256k1_scalar r1, r2; | secp256k1_scalar r1, r2; | ||||
secp256k1_scalar_add(&r1, &s1, &s2); | secp256k1_scalar_add(&r1, &s1, &s2); | ||||
secp256k1_scalar_add(&r2, &s2, &s1); | secp256k1_scalar_add(&r2, &s2, &s1); | ||||
CHECK(secp256k1_scalar_eq(&r1, &r2)); | CHECK(secp256k1_scalar_eq(&r1, &r2)); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 119 Lines • ▼ Show 20 Lines | for (i = 0; i < count; i++) { | ||||
CHECK(secp256k1_scalar_is_one(&s)); | CHECK(secp256k1_scalar_is_one(&s)); | ||||
secp256k1_scalar_negate(&o, &s); | secp256k1_scalar_negate(&o, &s); | ||||
secp256k1_scalar_add(&o, &o, &s); | secp256k1_scalar_add(&o, &o, &s); | ||||
CHECK(secp256k1_scalar_is_zero(&o)); | CHECK(secp256k1_scalar_is_zero(&o)); | ||||
secp256k1_scalar_negate(&o, &o); | secp256k1_scalar_negate(&o, &o); | ||||
CHECK(secp256k1_scalar_is_zero(&o)); | CHECK(secp256k1_scalar_is_zero(&o)); | ||||
} | } | ||||
#ifndef USE_NUM_NONE | |||||
{ | |||||
/* Test secp256k1_scalar_set_b32 boundary conditions */ | |||||
secp256k1_num order; | |||||
secp256k1_scalar scalar; | |||||
unsigned char bin[32]; | |||||
unsigned char bin_tmp[32]; | |||||
int overflow = 0; | |||||
/* 2^256-1 - order */ | |||||
static const secp256k1_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST( | |||||
0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000001UL, | |||||
0x45512319UL, 0x50B75FC4UL, 0x402DA173UL, 0x2FC9BEBEUL | |||||
); | |||||
/* A scalar set to 0s should be 0. */ | |||||
memset(bin, 0, 32); | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 0); | |||||
CHECK(secp256k1_scalar_is_zero(&scalar)); | |||||
/* A scalar with value of the curve order should be 0. */ | |||||
secp256k1_scalar_order_get_num(&order); | |||||
secp256k1_num_get_bin(bin, 32, &order); | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 1); | |||||
CHECK(secp256k1_scalar_is_zero(&scalar)); | |||||
/* A scalar with value of the curve order minus one should not overflow. */ | |||||
bin[31] -= 1; | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 0); | |||||
secp256k1_scalar_get_b32(bin_tmp, &scalar); | |||||
CHECK(secp256k1_memcmp_var(bin, bin_tmp, 32) == 0); | |||||
/* A scalar set to all 1s should overflow. */ | |||||
memset(bin, 0xFF, 32); | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 1); | |||||
CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); | |||||
} | |||||
#endif | |||||
{ | { | ||||
/* Does check_overflow check catch all ones? */ | /* Does check_overflow check catch all ones? */ | ||||
static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( | static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
); | ); | ||||
CHECK(secp256k1_scalar_check_overflow(&overflowed)); | CHECK(secp256k1_scalar_check_overflow(&overflowed)); | ||||
} | } | ||||
{ | { | ||||
/* Static test vectors. | /* Static test vectors. | ||||
* These were reduced from ~10^12 random vectors based on comparison-decision | * These were reduced from ~10^12 random vectors based on comparison-decision | ||||
* and edge-case coverage on 32-bit and 64-bit implementations. | * and edge-case coverage on 32-bit and 64-bit implementations. | ||||
* The responses were generated with Sage 5.9. | * The responses were generated with Sage 5.9. | ||||
*/ | */ | ||||
secp256k1_scalar x; | secp256k1_scalar x; | ||||
secp256k1_scalar y; | secp256k1_scalar y; | ||||
secp256k1_scalar z; | secp256k1_scalar z; | ||||
secp256k1_scalar zz; | secp256k1_scalar zz; | ||||
secp256k1_scalar one; | secp256k1_scalar one; | ||||
secp256k1_scalar r1; | secp256k1_scalar r1; | ||||
secp256k1_scalar r2; | secp256k1_scalar r2; | ||||
#if defined(USE_SCALAR_INV_NUM) | |||||
secp256k1_scalar zzv; | secp256k1_scalar zzv; | ||||
#endif | |||||
int overflow; | int overflow; | ||||
unsigned char chal[33][2][32] = { | unsigned char chal[33][2][32] = { | ||||
{{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, | {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, | ||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, | ||||
0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, | 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0xff, 0xff, | ||||
0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff}, | 0xff, 0xff, 0x03, 0x00, 0xc0, 0xff, 0xff, 0xff}, | ||||
{0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00, | {0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, 0x00, 0x00, | ||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, | ||||
▲ Show 20 Lines • Show All 533 Lines • ▼ Show 20 Lines | for (i = 0; i < count; i++) { | ||||
secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); | secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); | ||||
CHECK(!overflow); | CHECK(!overflow); | ||||
secp256k1_scalar_mul(&z, &x, &y); | secp256k1_scalar_mul(&z, &x, &y); | ||||
CHECK(!secp256k1_scalar_check_overflow(&z)); | CHECK(!secp256k1_scalar_check_overflow(&z)); | ||||
CHECK(secp256k1_scalar_eq(&r1, &z)); | CHECK(secp256k1_scalar_eq(&r1, &z)); | ||||
if (!secp256k1_scalar_is_zero(&y)) { | if (!secp256k1_scalar_is_zero(&y)) { | ||||
secp256k1_scalar_inverse(&zz, &y); | secp256k1_scalar_inverse(&zz, &y); | ||||
CHECK(!secp256k1_scalar_check_overflow(&zz)); | CHECK(!secp256k1_scalar_check_overflow(&zz)); | ||||
#if defined(USE_SCALAR_INV_NUM) | |||||
secp256k1_scalar_inverse_var(&zzv, &y); | secp256k1_scalar_inverse_var(&zzv, &y); | ||||
CHECK(secp256k1_scalar_eq(&zzv, &zz)); | CHECK(secp256k1_scalar_eq(&zzv, &zz)); | ||||
#endif | |||||
secp256k1_scalar_mul(&z, &z, &zz); | secp256k1_scalar_mul(&z, &z, &zz); | ||||
CHECK(!secp256k1_scalar_check_overflow(&z)); | CHECK(!secp256k1_scalar_check_overflow(&z)); | ||||
CHECK(secp256k1_scalar_eq(&x, &z)); | CHECK(secp256k1_scalar_eq(&x, &z)); | ||||
secp256k1_scalar_mul(&zz, &zz, &y); | secp256k1_scalar_mul(&zz, &zz, &y); | ||||
CHECK(!secp256k1_scalar_check_overflow(&zz)); | CHECK(!secp256k1_scalar_check_overflow(&zz)); | ||||
CHECK(secp256k1_scalar_eq(&one, &zz)); | CHECK(secp256k1_scalar_eq(&one, &zz)); | ||||
} | } | ||||
} | } | ||||
▲ Show 20 Lines • Show All 3,987 Lines • ▼ Show 20 Lines | int main(int argc, char **argv) { | ||||
run_ctz_tests(); | run_ctz_tests(); | ||||
run_modinv_tests(); | run_modinv_tests(); | ||||
run_inverse_tests(); | run_inverse_tests(); | ||||
run_sha256_tests(); | run_sha256_tests(); | ||||
run_hmac_sha256_tests(); | run_hmac_sha256_tests(); | ||||
run_rfc6979_hmac_sha256_tests(); | run_rfc6979_hmac_sha256_tests(); | ||||
#ifndef USE_NUM_NONE | |||||
/* num tests */ | |||||
run_num_smalltests(); | |||||
#endif | |||||
/* scalar tests */ | /* scalar tests */ | ||||
run_scalar_tests(); | run_scalar_tests(); | ||||
/* field tests */ | /* field tests */ | ||||
run_field_misc(); | run_field_misc(); | ||||
run_field_convert(); | run_field_convert(); | ||||
run_sqr(); | run_sqr(); | ||||
run_sqrt(); | run_sqrt(); | ||||
▲ Show 20 Lines • Show All 78 Lines • Show Last 20 Lines |