From 6de97b5d1e3d814ce65f703dba5ccddd469d45b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mamy=20Andr=C3=A9-Ratsimbazafy?= <mamy_github@numforge.co>
Date: Wed, 26 Feb 2020 10:28:54 +0100
Subject: [PATCH] Random init was producing invalid montgomery form for field
 elements

---
 tests/prng.nim     |  5 +++--
 tests/test_fp2.nim | 52 +++++++++++++++++++++-------------------------
 2 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/tests/prng.nim b/tests/prng.nim
index 3b8c8f8..37c4967 100644
--- a/tests/prng.nim
+++ b/tests/prng.nim
@@ -84,14 +84,15 @@ func next(rng: var RngState): uint64 =
 func random[T](rng: var RngState, a: var T, C: static Curve) {.noInit.}=
   ## Recursively initialize a BigInt or Field element
   when T is BigInt:
-    var unreduced{.noInit.}: T
+    var reduced, unreduced{.noInit.}: T
 
     unreduced.setInternalBitLength()
     for i in 0 ..< unreduced.limbs.len:
       unreduced.limbs[i] = Word(rng.next())
 
     # Note: a simple modulo will be biaised but it's simple and "fast"
-    a.reduce(unreduced, C.Mod.mres)
+    reduced.reduce(unreduced, C.Mod.mres)
+    a.montyResidue(reduced, C.Mod.mres, C.getR2modP(), C.getNegInvModWord())
 
   else:
     for field in fields(a):
diff --git a/tests/test_fp2.nim b/tests/test_fp2.nim
index 8f314c1..44cbe20 100644
--- a/tests/test_fp2.nim
+++ b/tests/test_fp2.nim
@@ -106,49 +106,45 @@ suite "𝔽p2 = 𝔽p[𝑖] (irreducible polynomial x²+1)":
     test(BN254):
       r.prod(Zero, x)
       check: bool(r == Zero)
-    # test(BN254):
-    #   r.prod(x, One)
-    #   echo "r: ", r
-    #   echo "x: ", x
-    #   check: bool(r == x)
-    # test(BN254):
-    #   r.prod(One, x)
-    #   echo "r: ", r
-    #   echo "x: ", x
-    #   check: bool(r == x)
+    test(BN254):
+      r.prod(x, One)
+      check: bool(r == x)
+    test(BN254):
+      r.prod(One, x)
+      check: bool(r == x)
     test(BLS12_381):
       r.prod(x, Zero)
       check: bool(r == Zero)
     test(BLS12_381):
       r.prod(Zero, x)
       check: bool(r == Zero)
-    # test(BLS12_381):
-    #   r.prod(x, One)
-    #   check: bool(r == x)
-    # test(BLS12_381):
-    #   r.prod(One, x)
-    #   check: bool(r == x)
+    test(BLS12_381):
+      r.prod(x, One)
+      check: bool(r == x)
+    test(BLS12_381):
+      r.prod(One, x)
+      check: bool(r == x)
     test(P256):
       r.prod(x, Zero)
       check: bool(r == Zero)
     test(P256):
       r.prod(Zero, x)
       check: bool(r == Zero)
-    # test(P256):
-    #   r.prod(x, One)
-    #   check: bool(r == x)
-    # test(P256):
-    #   r.prod(One, x)
-    #   check: bool(r == x)
+    test(P256):
+      r.prod(x, One)
+      check: bool(r == x)
+    test(P256):
+      r.prod(One, x)
+      check: bool(r == x)
     test(Secp256k1):
       r.prod(x, Zero)
       check: bool(r == Zero)
     test(Secp256k1):
       r.prod(Zero, x)
       check: bool(r == Zero)
-    # test(Secp256k1):
-    #   r.prod(x, One)
-    #   check: bool(r == x)
-    # test(Secp256k1):
-    #   r.prod(One, x)
-    #   check: bool(r == x)
+    test(Secp256k1):
+      r.prod(x, One)
+      check: bool(r == x)
+    test(Secp256k1):
+      r.prod(One, x)
+      check: bool(r == x)