From 251b1a62d34e0ccdb0b016ce480844821e0271b7 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Sat, 17 Oct 2015 20:56:53 +0200
Subject: [PATCH] Improve testrand: add extra random functions

This commit adds functions:
* secp256k1_rand_bits, which works like secp256k1_rand32, but consumes
  less randomness
* secp256k1_rand_int, which produces a uniform integer over any range
* secp256k1_rand_bytes_test, which works like secp256k1_rand256_test
  but for arbitrary byte array
---
 src/testrand.h      | 12 ++++++++-
 src/testrand_impl.h | 63 +++++++++++++++++++++++++++++++++------------
 2 files changed, 57 insertions(+), 18 deletions(-)

diff --git a/src/testrand.h b/src/testrand.h
index 041bb92..f8efa93 100644
--- a/src/testrand.h
+++ b/src/testrand.h
@@ -16,13 +16,23 @@
 /** Seed the pseudorandom number generator for testing. */
 SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16);
 
-/** Generate a pseudorandom 32-bit number. */
+/** Generate a pseudorandom number in the range [0..2**32-1]. */
 static uint32_t secp256k1_rand32(void);
 
+/** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or
+ *  more. */
+static uint32_t secp256k1_rand_bits(int bits);
+
+/** Generate a pseudorandom number in the range [0..range-1]. */
+static uint32_t secp256k1_rand_int(uint32_t range);
+
 /** Generate a pseudorandom 32-byte array. */
 static void secp256k1_rand256(unsigned char *b32);
 
 /** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
 static void secp256k1_rand256_test(unsigned char *b32);
 
+/** Generate pseudorandom bytes with long sequences of zero and one bits. */
+static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len);
+
 #endif
diff --git a/src/testrand_impl.h b/src/testrand_impl.h
index 7c35542..057dc54 100644
--- a/src/testrand_impl.h
+++ b/src/testrand_impl.h
@@ -1,5 +1,5 @@
 /**********************************************************************
- * Copyright (c) 2013, 2014 Pieter Wuille                             *
+ * Copyright (c) 2013-2015 Pieter Wuille                              *
  * Distributed under the MIT software license, see the accompanying   *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  **********************************************************************/
@@ -16,6 +16,8 @@
 static secp256k1_rfc6979_hmac_sha256_t secp256k1_test_rng;
 static uint32_t secp256k1_test_rng_precomputed[8];
 static int secp256k1_test_rng_precomputed_used = 8;
+static uint64_t secp256k1_test_rng_integer;
+static int secp256k1_test_rng_integer_bits_left = 0;
 
 SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) {
     secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, seed16, 16);
@@ -29,32 +31,59 @@ SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
     return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++];
 }
 
+static uint32_t secp256k1_rand_bits(int bits) {
+    uint32_t ret;
+    if (secp256k1_test_rng_integer_bits_left < bits) {
+        secp256k1_test_rng_integer |= (((uint64_t)secp256k1_rand32()) << secp256k1_test_rng_integer_bits_left);
+        secp256k1_test_rng_integer_bits_left += 32;
+    }
+    ret = secp256k1_test_rng_integer;
+    secp256k1_test_rng_integer >>= bits;
+    secp256k1_test_rng_integer_bits_left -= bits;
+    ret &= ((~((uint32_t)0)) >> (32 - bits));
+    return ret;
+}
+
+static uint32_t secp256k1_rand_int(uint32_t range) {
+    int bits = 0;
+    uint32_t ret = range - 1;
+    if (range <= 1) {
+        return 0;
+    }
+    while (ret > 0) {
+        ret >>= 1;
+        bits++;
+    }
+    while (1) {
+        ret = secp256k1_rand_bits(bits);
+        if (ret < range) {
+            return ret;
+        }
+    }
+}
+
 static void secp256k1_rand256(unsigned char *b32) {
     secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32);
 }
 
-static void secp256k1_rand256_test(unsigned char *b32) {
-    int bits=0;
-    uint64_t ent = 0;
-    int entleft = 0;
-    memset(b32, 0, 32);
-    while (bits < 256) {
+static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len) {
+    size_t bits = 0;
+    memset(bytes, 0, len);
+    while (bits < len * 8) {
         int now;
         uint32_t val;
-        if (entleft < 12) {
-            ent |= ((uint64_t)secp256k1_rand32()) << entleft;
-            entleft += 32;
-        }
-        now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
-        val = 1 & (ent >> 11);
-        ent >>= 12;
-        entleft -= 12;
-        while (now > 0 && bits < 256) {
-            b32[bits / 8] |= val << (bits % 8);
+        now = 1 + (secp256k1_rand_bits(6) * secp256k1_rand_bits(5) + 16) / 31;
+        val = secp256k1_rand_bits(1);
+        while (now > 0 && bits < len * 8) {
+            bytes[bits / 8] |= val << (bits % 8);
             now--;
             bits++;
         }
     }
 }
 
+static void secp256k1_rand256_test(unsigned char *b32) {
+    secp256k1_rand_bytes_test(b32, 32);
+}
+
 #endif