Merge #937: Have ge_set_gej_var, gej_double_var and ge_set_all_gej_var initialize all fields of their outputs.
14c9739a1f
tests: Improve secp256k1_ge_set_all_gej_var for some infinity inputs (Tim Ruffing)4a19668c37
tests: Test secp256k1_ge_set_all_gej_var for all infinity inputs (Tim Ruffing)45b6468d7e
Have secp256k1_ge_set_all_gej_var initialize all fields. Previous behaviour would not initialize r->y values in the case where infinity is passed in. Furthermore, the previous behaviour wouldn't initialize anything in the case where all inputs were infinity. (Russell O'Connor)31c0f6de41
Have secp256k1_gej_double_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor)dd6c3de322
Have secp256k1_ge_set_gej_var initialize all fields. Previous behaviour would not initialize r->x and r->y values in the case where infinity is passed in. (Russell O'Connor) Pull request description: Previous behaviour would not initialize `r->x` and `r->y` values in the case where infinity is passed in. ACKs for top commit: gmaxwell: ACK14c9739a1f
sipa: utACK14c9739a1f
real-or-random: ACK14c9739a1f
Tree-SHA512: 2e779b767f02e348af4bbc62aa9871c3d1d29e61a6c643c879c49f2de27556a3588850acd2f7c7483790677597d01064025e14befdbf29e783f57996fe4430f9
This commit is contained in:
commit
6c52ae8724
|
@ -100,8 +100,8 @@ static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a) {
|
||||||
|
|
||||||
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) {
|
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) {
|
||||||
secp256k1_fe z2, z3;
|
secp256k1_fe z2, z3;
|
||||||
r->infinity = a->infinity;
|
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
|
secp256k1_ge_set_infinity(r);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
secp256k1_fe_inv_var(&a->z, &a->z);
|
secp256k1_fe_inv_var(&a->z, &a->z);
|
||||||
|
@ -110,8 +110,7 @@ static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) {
|
||||||
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
secp256k1_fe_mul(&a->x, &a->x, &z2);
|
||||||
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
secp256k1_fe_mul(&a->y, &a->y, &z3);
|
||||||
secp256k1_fe_set_int(&a->z, 1);
|
secp256k1_fe_set_int(&a->z, 1);
|
||||||
r->x = a->x;
|
secp256k1_ge_set_xy(r, &a->x, &a->y);
|
||||||
r->y = a->y;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) {
|
static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) {
|
||||||
|
@ -120,7 +119,9 @@ static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a
|
||||||
size_t last_i = SIZE_MAX;
|
size_t last_i = SIZE_MAX;
|
||||||
|
|
||||||
for (i = 0; i < len; i++) {
|
for (i = 0; i < len; i++) {
|
||||||
if (!a[i].infinity) {
|
if (a[i].infinity) {
|
||||||
|
secp256k1_ge_set_infinity(&r[i]);
|
||||||
|
} else {
|
||||||
/* Use destination's x coordinates as scratch space */
|
/* Use destination's x coordinates as scratch space */
|
||||||
if (last_i == SIZE_MAX) {
|
if (last_i == SIZE_MAX) {
|
||||||
r[i].x = a[i].z;
|
r[i].x = a[i].z;
|
||||||
|
@ -148,7 +149,6 @@ static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a
|
||||||
r[last_i].x = u;
|
r[last_i].x = u;
|
||||||
|
|
||||||
for (i = 0; i < len; i++) {
|
for (i = 0; i < len; i++) {
|
||||||
r[i].infinity = a[i].infinity;
|
|
||||||
if (!a[i].infinity) {
|
if (!a[i].infinity) {
|
||||||
secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x);
|
secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x);
|
||||||
}
|
}
|
||||||
|
@ -311,7 +311,7 @@ static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, s
|
||||||
* point will be gibberish (z = 0 but infinity = 0).
|
* point will be gibberish (z = 0 but infinity = 0).
|
||||||
*/
|
*/
|
||||||
if (a->infinity) {
|
if (a->infinity) {
|
||||||
r->infinity = 1;
|
secp256k1_gej_set_infinity(r);
|
||||||
if (rzr != NULL) {
|
if (rzr != NULL) {
|
||||||
secp256k1_fe_set_int(rzr, 1);
|
secp256k1_fe_set_int(rzr, 1);
|
||||||
}
|
}
|
||||||
|
|
18
src/tests.c
18
src/tests.c
|
@ -3101,20 +3101,34 @@ void test_ge(void) {
|
||||||
|
|
||||||
/* Test batch gej -> ge conversion with many infinities. */
|
/* Test batch gej -> ge conversion with many infinities. */
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
|
int odd;
|
||||||
random_group_element_test(&ge[i]);
|
random_group_element_test(&ge[i]);
|
||||||
|
odd = secp256k1_fe_is_odd(&ge[i].x);
|
||||||
|
CHECK(odd == 0 || odd == 1);
|
||||||
/* randomly set half the points to infinity */
|
/* randomly set half the points to infinity */
|
||||||
if(secp256k1_fe_is_odd(&ge[i].x)) {
|
if (odd == i % 2) {
|
||||||
secp256k1_ge_set_infinity(&ge[i]);
|
secp256k1_ge_set_infinity(&ge[i]);
|
||||||
}
|
}
|
||||||
secp256k1_gej_set_ge(&gej[i], &ge[i]);
|
secp256k1_gej_set_ge(&gej[i], &ge[i]);
|
||||||
}
|
}
|
||||||
/* batch invert */
|
/* batch convert */
|
||||||
secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
|
secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
|
||||||
/* check result */
|
/* check result */
|
||||||
for (i = 0; i < 4 * runs + 1; i++) {
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
ge_equals_gej(&ge[i], &gej[i]);
|
ge_equals_gej(&ge[i], &gej[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Test batch gej -> ge conversion with all infinities. */
|
||||||
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
|
secp256k1_gej_set_infinity(&gej[i]);
|
||||||
|
}
|
||||||
|
/* batch convert */
|
||||||
|
secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
|
||||||
|
/* check result */
|
||||||
|
for (i = 0; i < 4 * runs + 1; i++) {
|
||||||
|
CHECK(secp256k1_ge_is_infinity(&ge[i]));
|
||||||
|
}
|
||||||
|
|
||||||
free(ge);
|
free(ge);
|
||||||
free(gej);
|
free(gej);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue