Get rid of hex format and some binary conversions
This commit is contained in:
parent
0bada0e2a9
commit
443cd4b8ee
|
@ -104,12 +104,6 @@ static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
* outputs must not overlap in memory. */
|
* outputs must not overlap in memory. */
|
||||||
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t *r, const secp256k1_fe_t *a);
|
||||||
|
|
||||||
/** Convert a field element to a 64-character hexadecimal string. */
|
|
||||||
static void secp256k1_fe_get_hex(char *r64, const secp256k1_fe_t *a);
|
|
||||||
|
|
||||||
/** Convert a 64-character hexadecimal string to a field element. */
|
|
||||||
static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a64);
|
|
||||||
|
|
||||||
/** Convert a field element to the storage type. */
|
/** Convert a field element to the storage type. */
|
||||||
static void secp256k1_fe_to_storage(secp256k1_fe_storage_t *r, const secp256k1_fe_t*);
|
static void secp256k1_fe_to_storage(secp256k1_fe_storage_t *r, const secp256k1_fe_t*);
|
||||||
|
|
||||||
|
|
|
@ -21,47 +21,6 @@
|
||||||
#error "Please select field implementation"
|
#error "Please select field implementation"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static void secp256k1_fe_get_hex(char *r64, const secp256k1_fe_t *a) {
|
|
||||||
secp256k1_fe_t b;
|
|
||||||
int i;
|
|
||||||
unsigned char tmp[32];
|
|
||||||
b = *a;
|
|
||||||
secp256k1_fe_normalize(&b);
|
|
||||||
secp256k1_fe_get_b32(tmp, &b);
|
|
||||||
for (i=0; i<32; i++) {
|
|
||||||
/* Hex character table. */
|
|
||||||
static const char *c = "0123456789ABCDEF";
|
|
||||||
r64[2*i] = c[(tmp[i] >> 4) & 0xF];
|
|
||||||
r64[2*i+1] = c[(tmp[i]) & 0xF];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a64) {
|
|
||||||
int i;
|
|
||||||
unsigned char tmp[32];
|
|
||||||
/* Byte to hex value table. */
|
|
||||||
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 1, 2, 3, 4, 5, 6,7,8,9,0,0,0,0,0,0,
|
|
||||||
0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
|
|
||||||
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0};
|
|
||||||
for (i=0; i<32; i++) {
|
|
||||||
tmp[i] = (cvt[(unsigned char)a64[2*i]] << 4) + cvt[(unsigned char)a64[2*i+1]];
|
|
||||||
}
|
|
||||||
return secp256k1_fe_set_b32(r, tmp);
|
|
||||||
}
|
|
||||||
|
|
||||||
SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
secp256k1_fe_t na;
|
secp256k1_fe_t na;
|
||||||
secp256k1_fe_negate(&na, a, 1);
|
secp256k1_fe_negate(&na, a, 1);
|
||||||
|
|
14
src/group.h
14
src/group.h
|
@ -17,6 +17,9 @@ typedef struct {
|
||||||
int infinity; /* whether this represents the point at infinity */
|
int infinity; /* whether this represents the point at infinity */
|
||||||
} secp256k1_ge_t;
|
} secp256k1_ge_t;
|
||||||
|
|
||||||
|
#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0}
|
||||||
|
#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}
|
||||||
|
|
||||||
/** A group element of the secp256k1 curve, in jacobian coordinates. */
|
/** A group element of the secp256k1 curve, in jacobian coordinates. */
|
||||||
typedef struct {
|
typedef struct {
|
||||||
secp256k1_fe_t x; /* actual X: x/z^2 */
|
secp256k1_fe_t x; /* actual X: x/z^2 */
|
||||||
|
@ -25,11 +28,16 @@ typedef struct {
|
||||||
int infinity; /* whether this represents the point at infinity */
|
int infinity; /* whether this represents the point at infinity */
|
||||||
} secp256k1_gej_t;
|
} secp256k1_gej_t;
|
||||||
|
|
||||||
|
#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0}
|
||||||
|
#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1}
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
secp256k1_fe_storage_t x;
|
secp256k1_fe_storage_t x;
|
||||||
secp256k1_fe_storage_t y;
|
secp256k1_fe_storage_t y;
|
||||||
} secp256k1_ge_storage_t;
|
} secp256k1_ge_storage_t;
|
||||||
|
|
||||||
|
#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))}
|
||||||
|
|
||||||
/** Set a group element equal to the point at infinity */
|
/** Set a group element equal to the point at infinity */
|
||||||
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r);
|
||||||
|
|
||||||
|
@ -48,9 +56,6 @@ static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a);
|
||||||
|
|
||||||
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a);
|
||||||
|
|
||||||
/** Get a 131-character hex representation of a point. */
|
|
||||||
static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a);
|
|
||||||
|
|
||||||
/** Set a group element equal to another which is given in jacobian coordinates */
|
/** Set a group element equal to another which is given in jacobian coordinates */
|
||||||
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a);
|
||||||
|
|
||||||
|
@ -90,9 +95,6 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
|
||||||
guarantee, and b is allowed to be infinity. */
|
guarantee, and b is allowed to be infinity. */
|
||||||
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b);
|
||||||
|
|
||||||
/** Get a 131-character hex representation of a point. */
|
|
||||||
static void secp256k1_gej_get_hex(char *r131, const secp256k1_gej_t *a);
|
|
||||||
|
|
||||||
#ifdef USE_ENDOMORPHISM
|
#ifdef USE_ENDOMORPHISM
|
||||||
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
/** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */
|
||||||
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a);
|
||||||
|
|
|
@ -16,17 +16,12 @@
|
||||||
/** Generator for secp256k1, value 'g' defined in
|
/** Generator for secp256k1, value 'g' defined in
|
||||||
* "Standards for Efficient Cryptography" (SEC2) 2.7.1.
|
* "Standards for Efficient Cryptography" (SEC2) 2.7.1.
|
||||||
*/
|
*/
|
||||||
static const secp256k1_ge_t secp256k1_ge_const_g = {
|
static const secp256k1_ge_t secp256k1_ge_const_g = SECP256K1_GE_CONST(
|
||||||
SECP256K1_FE_CONST(
|
|
||||||
0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL,
|
0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL,
|
||||||
0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL
|
0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL,
|
||||||
),
|
|
||||||
SECP256K1_FE_CONST(
|
|
||||||
0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL,
|
0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL,
|
||||||
0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL
|
0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL
|
||||||
),
|
);
|
||||||
0
|
|
||||||
};
|
|
||||||
|
|
||||||
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
static void secp256k1_ge_set_infinity(secp256k1_ge_t *r) {
|
||||||
r->infinity = 1;
|
r->infinity = 1;
|
||||||
|
@ -48,14 +43,6 @@ static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) {
|
||||||
secp256k1_fe_negate(&r->y, &r->y, 1);
|
secp256k1_fe_negate(&r->y, &r->y, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a) {
|
|
||||||
r131[0] = '(';
|
|
||||||
secp256k1_fe_get_hex(r131 + 1, &a->x);
|
|
||||||
r131[65] = ',';
|
|
||||||
secp256k1_fe_get_hex(r131 + 66, &a->y);
|
|
||||||
r131[130] = ')';
|
|
||||||
}
|
|
||||||
|
|
||||||
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) {
|
||||||
secp256k1_fe_t z2, z3;
|
secp256k1_fe_t z2, z3;
|
||||||
r->infinity = a->infinity;
|
r->infinity = a->infinity;
|
||||||
|
@ -407,12 +394,6 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c
|
||||||
r->infinity = infinity;
|
r->infinity = infinity;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_gej_get_hex(char *r131, const secp256k1_gej_t *a) {
|
|
||||||
secp256k1_gej_t c = *a;
|
|
||||||
secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c);
|
|
||||||
secp256k1_ge_get_hex(r131, &t);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void secp256k1_ge_to_storage(secp256k1_ge_storage_t *r, const secp256k1_ge_t *a) {
|
static void secp256k1_ge_to_storage(secp256k1_ge_storage_t *r, const secp256k1_ge_t *a) {
|
||||||
secp256k1_fe_t x, y;
|
secp256k1_fe_t x, y;
|
||||||
VERIFY_CHECK(!a->infinity);
|
VERIFY_CHECK(!a->infinity);
|
||||||
|
|
115
src/tests.c
115
src/tests.c
|
@ -641,9 +641,8 @@ int check_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
|
||||||
|
|
||||||
int check_fe_inverse(const secp256k1_fe_t *a, const secp256k1_fe_t *ai) {
|
int check_fe_inverse(const secp256k1_fe_t *a, const secp256k1_fe_t *ai) {
|
||||||
secp256k1_fe_t x;
|
secp256k1_fe_t x;
|
||||||
secp256k1_fe_t one;
|
secp256k1_fe_t one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1);
|
||||||
secp256k1_fe_mul(&x, a, ai);
|
secp256k1_fe_mul(&x, a, ai);
|
||||||
secp256k1_fe_set_int(&one, 1);
|
|
||||||
return check_fe_equal(&x, &one);
|
return check_fe_equal(&x, &one);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -654,7 +653,6 @@ void run_field_convert(void) {
|
||||||
0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
|
0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29,
|
||||||
0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40
|
0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40
|
||||||
};
|
};
|
||||||
static const char *c64 = "0001020304050607111213141516171822232425262728293334353637383940";
|
|
||||||
static const secp256k1_fe_storage_t fes = SECP256K1_FE_STORAGE_CONST(
|
static const secp256k1_fe_storage_t fes = SECP256K1_FE_STORAGE_CONST(
|
||||||
0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
|
0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL,
|
||||||
0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
|
0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL
|
||||||
|
@ -665,38 +663,26 @@ void run_field_convert(void) {
|
||||||
);
|
);
|
||||||
secp256k1_fe_t fe2;
|
secp256k1_fe_t fe2;
|
||||||
unsigned char b322[32];
|
unsigned char b322[32];
|
||||||
char c642[64];
|
|
||||||
secp256k1_fe_storage_t fes2;
|
secp256k1_fe_storage_t fes2;
|
||||||
/* Check conversions to fe. */
|
/* Check conversions to fe. */
|
||||||
CHECK(secp256k1_fe_set_b32(&fe2, b32));
|
CHECK(secp256k1_fe_set_b32(&fe2, b32));
|
||||||
CHECK(secp256k1_fe_equal_var(&fe, &fe2));
|
CHECK(secp256k1_fe_equal_var(&fe, &fe2));
|
||||||
CHECK(secp256k1_fe_set_hex(&fe2, c64));
|
|
||||||
CHECK(secp256k1_fe_equal_var(&fe, &fe2));
|
|
||||||
secp256k1_fe_from_storage(&fe2, &fes);
|
secp256k1_fe_from_storage(&fe2, &fes);
|
||||||
CHECK(secp256k1_fe_equal_var(&fe, &fe2));
|
CHECK(secp256k1_fe_equal_var(&fe, &fe2));
|
||||||
/* Check conversion from fe. */
|
/* Check conversion from fe. */
|
||||||
secp256k1_fe_get_b32(b322, &fe);
|
secp256k1_fe_get_b32(b322, &fe);
|
||||||
CHECK(memcmp(b322, b32, 32) == 0);
|
CHECK(memcmp(b322, b32, 32) == 0);
|
||||||
secp256k1_fe_get_hex(c642, &fe);
|
|
||||||
CHECK(memcmp(c642, c64, 64) == 0);
|
|
||||||
secp256k1_fe_to_storage(&fes2, &fe);
|
secp256k1_fe_to_storage(&fes2, &fe);
|
||||||
CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0);
|
CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void run_field_misc(void) {
|
void run_field_misc(void) {
|
||||||
const unsigned char f32_5[32] = {
|
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
|
|
||||||
};
|
|
||||||
secp256k1_fe_t x;
|
secp256k1_fe_t x;
|
||||||
secp256k1_fe_t y;
|
secp256k1_fe_t y;
|
||||||
secp256k1_fe_t z;
|
secp256k1_fe_t z;
|
||||||
secp256k1_fe_t q;
|
secp256k1_fe_t q;
|
||||||
secp256k1_fe_t fe5;
|
secp256k1_fe_t fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5);
|
||||||
int i;
|
int i;
|
||||||
CHECK(secp256k1_fe_set_b32(&fe5, f32_5));
|
|
||||||
for (i = 0; i < 5*count; i++) {
|
for (i = 0; i < 5*count; i++) {
|
||||||
secp256k1_fe_storage_t xs, ys, zs;
|
secp256k1_fe_storage_t xs, ys, zs;
|
||||||
random_fe(&x);
|
random_fe(&x);
|
||||||
|
@ -956,7 +942,7 @@ void test_ge(void) {
|
||||||
|
|
||||||
/* Test adding all points together in random order equals infinity. */
|
/* Test adding all points together in random order equals infinity. */
|
||||||
{
|
{
|
||||||
secp256k1_gej_t sum;
|
secp256k1_gej_t sum = SECP256K1_GEJ_CONST_INFINITY;
|
||||||
secp256k1_gej_t *gej_shuffled = malloc((4 * runs + 1) * sizeof(secp256k1_gej_t));
|
secp256k1_gej_t *gej_shuffled = malloc((4 * runs + 1) * sizeof(secp256k1_gej_t));
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
gej_shuffled[i] = gej[i];
|
gej_shuffled[i] = gej[i];
|
||||||
|
@ -969,7 +955,6 @@ void test_ge(void) {
|
||||||
gej_shuffled[swap] = t;
|
gej_shuffled[swap] = t;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
secp256k1_gej_set_infinity(&sum);
|
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i]);
|
secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i]);
|
||||||
}
|
}
|
||||||
|
@ -1001,47 +986,33 @@ void run_ge(void) {
|
||||||
/***** ECMULT TESTS *****/
|
/***** ECMULT TESTS *****/
|
||||||
|
|
||||||
void run_ecmult_chain(void) {
|
void run_ecmult_chain(void) {
|
||||||
secp256k1_gej_t a;
|
|
||||||
secp256k1_gej_t x;
|
|
||||||
secp256k1_gej_t x2;
|
|
||||||
secp256k1_fe_t ax;
|
|
||||||
secp256k1_fe_t ay;
|
|
||||||
secp256k1_scalar_t xn;
|
|
||||||
secp256k1_scalar_t gn;
|
|
||||||
secp256k1_scalar_t xf;
|
|
||||||
secp256k1_scalar_t gf;
|
|
||||||
secp256k1_scalar_t ae;
|
|
||||||
secp256k1_scalar_t ge;
|
|
||||||
int i;
|
|
||||||
/* two random initial factors xn and gn */
|
|
||||||
static const unsigned char xni[32] = {
|
|
||||||
0x84, 0xcc, 0x54, 0x52, 0xf7, 0xfd, 0xe1, 0xed,
|
|
||||||
0xb4, 0xd3, 0x8a, 0x8c, 0xe9, 0xb1, 0xb8, 0x4c,
|
|
||||||
0xce, 0xf3, 0x1f, 0x14, 0x6e, 0x56, 0x9b, 0xe9,
|
|
||||||
0x70, 0x5d, 0x35, 0x7a, 0x42, 0x98, 0x54, 0x07
|
|
||||||
};
|
|
||||||
static const unsigned char gni[32] = {
|
|
||||||
0xa1, 0xe5, 0x8d, 0x22, 0x55, 0x3d, 0xcd, 0x42,
|
|
||||||
0xb2, 0x39, 0x80, 0x62, 0x5d, 0x4c, 0x57, 0xa9,
|
|
||||||
0x6e, 0x93, 0x23, 0xd4, 0x2b, 0x31, 0x52, 0xe5,
|
|
||||||
0xca, 0x2c, 0x39, 0x90, 0xed, 0xc7, 0xc9, 0xde
|
|
||||||
};
|
|
||||||
/* two small multipliers to be applied to xn and gn in every iteration: */
|
|
||||||
static const unsigned char xfi[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x13,0x37};
|
|
||||||
static const unsigned char gfi[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x71,0x13};
|
|
||||||
char res[131];
|
|
||||||
char res2[131];
|
|
||||||
/* random starting point A (on the curve) */
|
/* random starting point A (on the curve) */
|
||||||
VERIFY_CHECK(secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004"));
|
secp256k1_gej_t a = SECP256K1_GEJ_CONST(
|
||||||
VERIFY_CHECK(secp256k1_fe_set_hex(&ay, "a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f"));
|
0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3,
|
||||||
secp256k1_gej_set_xy(&a, &ax, &ay);
|
0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004,
|
||||||
secp256k1_scalar_set_b32(&xn, xni, NULL);
|
0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f,
|
||||||
secp256k1_scalar_set_b32(&gn, gni, NULL);
|
0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f
|
||||||
secp256k1_scalar_set_b32(&xf, xfi, NULL);
|
);
|
||||||
secp256k1_scalar_set_b32(&gf, gfi, NULL);
|
/* two random initial factors xn and gn */
|
||||||
|
secp256k1_scalar_t xn = SECP256K1_SCALAR_CONST(
|
||||||
|
0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c,
|
||||||
|
0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407
|
||||||
|
);
|
||||||
|
secp256k1_scalar_t gn = SECP256K1_SCALAR_CONST(
|
||||||
|
0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9,
|
||||||
|
0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de
|
||||||
|
);
|
||||||
|
/* two small multipliers to be applied to xn and gn in every iteration: */
|
||||||
|
static const secp256k1_scalar_t xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337);
|
||||||
|
static const secp256k1_scalar_t gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113);
|
||||||
/* accumulators with the resulting coefficients to A and G */
|
/* accumulators with the resulting coefficients to A and G */
|
||||||
secp256k1_scalar_set_int(&ae, 1);
|
secp256k1_scalar_t ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1);
|
||||||
secp256k1_scalar_set_int(&ge, 0);
|
secp256k1_scalar_t ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
|
||||||
|
/* actual points */
|
||||||
|
secp256k1_gej_t x = a;
|
||||||
|
secp256k1_gej_t x2;
|
||||||
|
int i;
|
||||||
|
|
||||||
/* the point being computed */
|
/* the point being computed */
|
||||||
x = a;
|
x = a;
|
||||||
for (i = 0; i < 200*count; i++) {
|
for (i = 0; i < 200*count; i++) {
|
||||||
|
@ -1058,15 +1029,24 @@ void run_ecmult_chain(void) {
|
||||||
|
|
||||||
/* verify */
|
/* verify */
|
||||||
if (i == 19999) {
|
if (i == 19999) {
|
||||||
secp256k1_gej_get_hex(res, &x);
|
/* expected result after 19999 iterations */
|
||||||
CHECK(memcmp(res, "(D6E96687F9B10D092A6F35439D86CEBEA4535D0D409F53586440BD74B933E830,B95CBCA2C77DA786539BE8FD53354D2D3B4F566AE658045407ED6015EE1B2A88)", 131) == 0);
|
secp256k1_gej_t rp = SECP256K1_GEJ_CONST(
|
||||||
|
0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE,
|
||||||
|
0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830,
|
||||||
|
0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D,
|
||||||
|
0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88
|
||||||
|
);
|
||||||
|
|
||||||
|
secp256k1_gej_neg(&rp, &rp);
|
||||||
|
secp256k1_gej_add_var(&rp, &rp, &x);
|
||||||
|
CHECK(secp256k1_gej_is_infinity(&rp));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* redo the computation, but directly with the resulting ae and ge coefficients: */
|
/* redo the computation, but directly with the resulting ae and ge coefficients: */
|
||||||
secp256k1_ecmult(&x2, &a, &ae, &ge);
|
secp256k1_ecmult(&x2, &a, &ae, &ge);
|
||||||
secp256k1_gej_get_hex(res, &x);
|
secp256k1_gej_neg(&x2, &x2);
|
||||||
secp256k1_gej_get_hex(res2, &x2);
|
secp256k1_gej_add_var(&x2, &x2, &x);
|
||||||
CHECK(memcmp(res, res2, 131) == 0);
|
CHECK(secp256k1_gej_is_infinity(&x2));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_point_times_order(const secp256k1_gej_t *point) {
|
void test_point_times_order(const secp256k1_gej_t *point) {
|
||||||
|
@ -1094,8 +1074,11 @@ void test_point_times_order(const secp256k1_gej_t *point) {
|
||||||
|
|
||||||
void run_point_times_order(void) {
|
void run_point_times_order(void) {
|
||||||
int i;
|
int i;
|
||||||
char c[64];
|
secp256k1_fe_t x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2);
|
||||||
secp256k1_fe_t x; VERIFY_CHECK(secp256k1_fe_set_hex(&x, "0000000000000000000000000000000000000000000000000000000000000002"));
|
static const secp256k1_fe_t xr = SECP256K1_FE_CONST(
|
||||||
|
0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C,
|
||||||
|
0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45
|
||||||
|
);
|
||||||
for (i = 0; i < 500; i++) {
|
for (i = 0; i < 500; i++) {
|
||||||
secp256k1_ge_t p;
|
secp256k1_ge_t p;
|
||||||
if (secp256k1_ge_set_xo_var(&p, &x, 1)) {
|
if (secp256k1_ge_set_xo_var(&p, &x, 1)) {
|
||||||
|
@ -1107,8 +1090,8 @@ void run_point_times_order(void) {
|
||||||
}
|
}
|
||||||
secp256k1_fe_sqr(&x, &x);
|
secp256k1_fe_sqr(&x, &x);
|
||||||
}
|
}
|
||||||
secp256k1_fe_get_hex(c, &x);
|
secp256k1_fe_normalize_var(&x);
|
||||||
CHECK(memcmp(c, "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45", 64) == 0);
|
CHECK(secp256k1_fe_equal_var(&x, &xr));
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_wnaf(const secp256k1_scalar_t *number, int w) {
|
void test_wnaf(const secp256k1_scalar_t *number, int w) {
|
||||||
|
|
Loading…
Reference in New Issue