Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests.c
| Show First 20 Lines • Show All 2,437 Lines • ▼ Show 20 Lines | void ecmult_const_random_mult(void) { | ||||
| /* expected xn * A (from sage) */ | /* expected xn * A (from sage) */ | ||||
| secp256k1_ge expected_b = SECP256K1_GE_CONST( | secp256k1_ge expected_b = SECP256K1_GE_CONST( | ||||
| 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, | 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, | ||||
| 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, | 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, | ||||
| 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, | 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, | ||||
| 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 | 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 | ||||
| ); | ); | ||||
| secp256k1_gej b; | secp256k1_gej b; | ||||
| secp256k1_ecmult_const(&b, &a, &xn); | secp256k1_ecmult_const(&b, &a, &xn, 256); | ||||
| CHECK(secp256k1_ge_is_valid_var(&a)); | CHECK(secp256k1_ge_is_valid_var(&a)); | ||||
| ge_equals_gej(&expected_b, &b); | ge_equals_gej(&expected_b, &b); | ||||
| } | } | ||||
| void ecmult_const_commutativity(void) { | void ecmult_const_commutativity(void) { | ||||
| secp256k1_scalar a; | secp256k1_scalar a; | ||||
| secp256k1_scalar b; | secp256k1_scalar b; | ||||
| secp256k1_gej res1; | secp256k1_gej res1; | ||||
| secp256k1_gej res2; | secp256k1_gej res2; | ||||
| secp256k1_ge mid1; | secp256k1_ge mid1; | ||||
| secp256k1_ge mid2; | secp256k1_ge mid2; | ||||
| random_scalar_order_test(&a); | random_scalar_order_test(&a); | ||||
| random_scalar_order_test(&b); | random_scalar_order_test(&b); | ||||
| secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a); | secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a, 256); | ||||
| secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b); | secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b, 256); | ||||
| secp256k1_ge_set_gej(&mid1, &res1); | secp256k1_ge_set_gej(&mid1, &res1); | ||||
| secp256k1_ge_set_gej(&mid2, &res2); | secp256k1_ge_set_gej(&mid2, &res2); | ||||
| secp256k1_ecmult_const(&res1, &mid1, &b); | secp256k1_ecmult_const(&res1, &mid1, &b, 256); | ||||
| secp256k1_ecmult_const(&res2, &mid2, &a); | secp256k1_ecmult_const(&res2, &mid2, &a, 256); | ||||
| secp256k1_ge_set_gej(&mid1, &res1); | secp256k1_ge_set_gej(&mid1, &res1); | ||||
| secp256k1_ge_set_gej(&mid2, &res2); | secp256k1_ge_set_gej(&mid2, &res2); | ||||
| ge_equals_ge(&mid1, &mid2); | ge_equals_ge(&mid1, &mid2); | ||||
| } | } | ||||
| void ecmult_const_mult_zero_one(void) { | void ecmult_const_mult_zero_one(void) { | ||||
| secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); | secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); | ||||
| secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); | secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); | ||||
| secp256k1_scalar negone; | secp256k1_scalar negone; | ||||
| secp256k1_gej res1; | secp256k1_gej res1; | ||||
| secp256k1_ge res2; | secp256k1_ge res2; | ||||
| secp256k1_ge point; | secp256k1_ge point; | ||||
| secp256k1_scalar_negate(&negone, &one); | secp256k1_scalar_negate(&negone, &one); | ||||
| random_group_element_test(&point); | random_group_element_test(&point); | ||||
| secp256k1_ecmult_const(&res1, &point, &zero); | secp256k1_ecmult_const(&res1, &point, &zero, 3); | ||||
| secp256k1_ge_set_gej(&res2, &res1); | secp256k1_ge_set_gej(&res2, &res1); | ||||
| CHECK(secp256k1_ge_is_infinity(&res2)); | CHECK(secp256k1_ge_is_infinity(&res2)); | ||||
| secp256k1_ecmult_const(&res1, &point, &one); | secp256k1_ecmult_const(&res1, &point, &one, 2); | ||||
| secp256k1_ge_set_gej(&res2, &res1); | secp256k1_ge_set_gej(&res2, &res1); | ||||
| ge_equals_ge(&res2, &point); | ge_equals_ge(&res2, &point); | ||||
| secp256k1_ecmult_const(&res1, &point, &negone); | secp256k1_ecmult_const(&res1, &point, &negone, 256); | ||||
| secp256k1_gej_neg(&res1, &res1); | secp256k1_gej_neg(&res1, &res1); | ||||
| secp256k1_ge_set_gej(&res2, &res1); | secp256k1_ge_set_gej(&res2, &res1); | ||||
| ge_equals_ge(&res2, &point); | ge_equals_ge(&res2, &point); | ||||
| } | } | ||||
| void ecmult_const_chain_multiply(void) { | void ecmult_const_chain_multiply(void) { | ||||
| /* Check known result (randomly generated test problem from sage) */ | /* Check known result (randomly generated test problem from sage) */ | ||||
| const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( | const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( | ||||
| Show All 9 Lines | void ecmult_const_chain_multiply(void) { | ||||
| secp256k1_gej point; | secp256k1_gej point; | ||||
| secp256k1_ge res; | secp256k1_ge res; | ||||
| int i; | int i; | ||||
| secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); | secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); | ||||
| for (i = 0; i < 100; ++i) { | for (i = 0; i < 100; ++i) { | ||||
| secp256k1_ge tmp; | secp256k1_ge tmp; | ||||
| secp256k1_ge_set_gej(&tmp, &point); | secp256k1_ge_set_gej(&tmp, &point); | ||||
| secp256k1_ecmult_const(&point, &tmp, &scalar); | secp256k1_ecmult_const(&point, &tmp, &scalar, 256); | ||||
| } | } | ||||
| secp256k1_ge_set_gej(&res, &point); | secp256k1_ge_set_gej(&res, &point); | ||||
| ge_equals_gej(&res, &expected_point); | ge_equals_gej(&res, &expected_point); | ||||
| } | } | ||||
| void run_ecmult_const_tests(void) { | void run_ecmult_const_tests(void) { | ||||
| ecmult_const_mult_zero_one(); | ecmult_const_mult_zero_one(); | ||||
| ecmult_const_random_mult(); | ecmult_const_random_mult(); | ||||
| ▲ Show 20 Lines • Show All 439 Lines • ▼ Show 20 Lines | void test_constant_wnaf_negate(const secp256k1_scalar *number) { | ||||
| CHECK(secp256k1_scalar_eq(&neg1, &neg2)); | CHECK(secp256k1_scalar_eq(&neg1, &neg2)); | ||||
| } | } | ||||
| void test_constant_wnaf(const secp256k1_scalar *number, int w) { | void test_constant_wnaf(const secp256k1_scalar *number, int w) { | ||||
| secp256k1_scalar x, shift; | secp256k1_scalar x, shift; | ||||
| int wnaf[256] = {0}; | int wnaf[256] = {0}; | ||||
| int i; | int i; | ||||
| int skew; | int skew; | ||||
| int bits = 256; | |||||
| secp256k1_scalar num = *number; | secp256k1_scalar num = *number; | ||||
| secp256k1_scalar_set_int(&x, 0); | secp256k1_scalar_set_int(&x, 0); | ||||
| secp256k1_scalar_set_int(&shift, 1 << w); | secp256k1_scalar_set_int(&shift, 1 << w); | ||||
| /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ | /* With USE_ENDOMORPHISM on we only consider 128-bit numbers */ | ||||
| #ifdef USE_ENDOMORPHISM | #ifdef USE_ENDOMORPHISM | ||||
| for (i = 0; i < 16; ++i) { | for (i = 0; i < 16; ++i) { | ||||
| secp256k1_scalar_shr_int(&num, 8); | secp256k1_scalar_shr_int(&num, 8); | ||||
| } | } | ||||
| bits = 128; | |||||
| #endif | #endif | ||||
| skew = secp256k1_wnaf_const(wnaf, num, w); | skew = secp256k1_wnaf_const(wnaf, num, w, bits); | ||||
| for (i = WNAF_SIZE(w); i >= 0; --i) { | for (i = WNAF_SIZE_BITS(bits, w); i >= 0; --i) { | ||||
| secp256k1_scalar t; | secp256k1_scalar t; | ||||
| int v = wnaf[i]; | int v = wnaf[i]; | ||||
| CHECK(v != 0); /* check nonzero */ | CHECK(v != 0); /* check nonzero */ | ||||
| CHECK(v & 1); /* check parity */ | CHECK(v & 1); /* check parity */ | ||||
| CHECK(v > -(1 << w)); /* check range above */ | CHECK(v > -(1 << w)); /* check range above */ | ||||
| CHECK(v < (1 << w)); /* check range below */ | CHECK(v < (1 << w)); /* check range below */ | ||||
| secp256k1_scalar_mul(&x, &x, &shift); | secp256k1_scalar_mul(&x, &x, &shift); | ||||
| ▲ Show 20 Lines • Show All 2,102 Lines • Show Last 20 Lines | |||||