diff --git a/src/bench.c b/src/bench.c index eeee710..be5f40a 100644 --- a/src/bench.c +++ b/src/bench.c @@ -5,9 +5,22 @@ #include "impl/group.h" #include "impl/ecmult.h" #include "impl/ecdsa.h" +#include "impl/util.h" + +void random_num_order(secp256k1_num_t *num) { + do { + unsigned char b32[32]; + secp256k1_rand256(b32); + secp256k1_num_set_bin(num, b32, 32); + if (secp256k1_num_is_zero(num)) + continue; + if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0) + continue; + break; + } while(1); +} int main() { - secp256k1_num_start(); secp256k1_fe_start(); secp256k1_ge_start(); secp256k1_ecmult_start(); @@ -24,9 +37,9 @@ int main() { int cnt = 0; int good = 0; for (int i=0; i<1000000; i++) { - secp256k1_num_set_rand(&r, order); - secp256k1_num_set_rand(&s, order); - secp256k1_num_set_rand(&m, order); + random_num_order(&r); + random_num_order(&s); + random_num_order(&m); secp256k1_ecdsa_sig_set_rs(&sig, &r, &s); secp256k1_gej_t pubkey; secp256k1_gej_set_xo(&pubkey, &x, 1); if (secp256k1_gej_is_valid(&pubkey)) { @@ -43,6 +56,5 @@ int main() { secp256k1_ecmult_stop(); secp256k1_ge_stop(); secp256k1_fe_stop(); - secp256k1_num_stop(); return 0; } diff --git a/src/impl/num_gmp.h b/src/impl/num_gmp.h index a43be1f..0d6353d 100644 --- a/src/impl/num_gmp.h +++ b/src/impl/num_gmp.h @@ -16,12 +16,6 @@ void static secp256k1_num_sanity(const secp256k1_num_t *a) { #define secp256k1_num_sanity(a) do { } while(0) #endif -void static secp256k1_num_start(void) { -} - -void static secp256k1_num_stop(void) { -} - void static secp256k1_num_init(secp256k1_num_t *r) { r->neg = 0; r->limbs = 1; @@ -385,11 +379,4 @@ void static secp256k1_num_negate(secp256k1_num_t *r) { r->neg ^= 1; } -void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) { - mpn_random(r->data, a->limbs); - r->limbs = a->limbs; - r->neg = 0; - secp256k1_num_mod(r, a); -} - #endif diff --git a/src/impl/num_openssl.h b/src/impl/num_openssl.h index cb3f951..9153252 100644 --- a/src/impl/num_openssl.h +++ b/src/impl/num_openssl.h @@ -9,13 +9,6 @@ #include "../num.h" -void static secp256k1_num_start() { -} - -void static secp256k1_num_stop() { -} - - void static secp256k1_num_init(secp256k1_num_t *r) { BN_init(&r->bn); } @@ -145,8 +138,4 @@ void static secp256k1_num_negate(secp256k1_num_t *r) { BN_set_negative(&r->bn, !BN_is_negative(&r->bn)); } -void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a) { - BN_pseudo_rand_range(&r->bn, &a->bn); -} - #endif diff --git a/src/impl/util.h b/src/impl/util.h new file mode 100644 index 0000000..a031ed6 --- /dev/null +++ b/src/impl/util.h @@ -0,0 +1,48 @@ +#ifndef _SECP256K1_UTIL_IMPL_H_ +#define _SECP256K1_UTIL_IMPL_H_ + +#include +#include + +#include "../util.h" + +static inline uint32_t secp256k1_rand32(void) { + static uint32_t Rz = 11, Rw = 11; + Rz = 36969 * (Rz & 0xFFFF) + (Rz >> 16); + Rw = 18000 * (Rw & 0xFFFF) + (Rw >> 16); + return (Rw << 16) + Rz; +} + +static void secp256k1_rand256(unsigned char *b32) { + for (int i=0; i<8; i++) { + uint32_t r = secp256k1_rand32(); + b32[i*4 + 0] = (r >> 0) & 0xFF; + b32[i*4 + 1] = (r >> 8) & 0xFF; + b32[i*4 + 2] = (r >> 16) & 0xFF; + b32[i*4 + 3] = (r >> 24) & 0xFF; + } +} + +static void secp256k1_rand256_test(unsigned char *b32) { + int bits=0; + uint32_t ent; + int entbits = 0; + memset(b32, 0, 32); + while (bits < 256) { + if (entbits < 15) { + ent = secp256k1_rand32(); + entbits = 32; + } + int now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31; + uint32_t val = 1 & (ent >> 11); + ent -= 12; + entbits >>= 12; + while (now > 0 && bits < 256) { + b32[bits / 8] |= val << (bits % 8); + now--; + bits++; + } + } +} + +#endif diff --git a/src/num.h b/src/num.h index 060ea64..633200c 100644 --- a/src/num.h +++ b/src/num.h @@ -11,12 +11,6 @@ #error "Please select num implementation" #endif -/** Initialize the num module. */ -void static secp256k1_num_start(void); - -/** De-initialize the num module. */ -void static secp256k1_num_stop(void); - /** Initialize a number. */ void static secp256k1_num_init(secp256k1_num_t *r); @@ -93,7 +87,4 @@ void static secp256k1_num_split(secp256k1_num_t *rl, secp256k1_num_t *rh, const /** Change a number's sign. */ void static secp256k1_num_negate(secp256k1_num_t *r); -/** Set a number to an random value below the passed number. */ -void static secp256k1_num_set_rand(secp256k1_num_t *r, const secp256k1_num_t *a); - #endif diff --git a/src/secp256k1.c b/src/secp256k1.c index aecdad9..4d7929a 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -5,7 +5,6 @@ #include "impl/ecdsa.h" void secp256k1_start(void) { - secp256k1_num_start(); secp256k1_fe_start(); secp256k1_ge_start(); secp256k1_ecmult_start(); @@ -15,7 +14,6 @@ void secp256k1_stop(void) { secp256k1_ecmult_stop(); secp256k1_ge_stop(); secp256k1_fe_stop(); - secp256k1_num_stop(); } int secp256k1_ecdsa_verify(const unsigned char *msg, int msglen, const unsigned char *sig, int siglen, const unsigned char *pubkey, int pubkeylen) { diff --git a/src/tests.c b/src/tests.c index 51f42f6..65f0317 100644 --- a/src/tests.c +++ b/src/tests.c @@ -5,10 +5,24 @@ #include "impl/group.h" #include "impl/ecmult.h" #include "impl/ecdsa.h" +#include "impl/util.h" // #define COUNT 2 #define COUNT 100 +void random_num_order(secp256k1_num_t *num) { + do { + unsigned char b32[32]; + secp256k1_rand256_test(b32); + secp256k1_num_set_bin(num, b32, 32); + if (secp256k1_num_is_zero(num)) + continue; + if (secp256k1_num_cmp(num, &secp256k1_ge_consts->order) >= 0) + continue; + break; + } while(1); +} + void test_run_ecmult_chain() { // random starting point A (on the curve) secp256k1_fe_t ax; secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004", 64); @@ -130,21 +144,14 @@ void test_wnaf(const secp256k1_num_t *number, int w) { } void test_run_wnaf() { - secp256k1_num_t range, min, n; - secp256k1_num_init(&range); - secp256k1_num_init(&min); + secp256k1_num_t n; secp256k1_num_init(&n); - secp256k1_num_set_hex(&range, "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 66); - secp256k1_num_copy(&min, &range); - secp256k1_num_shift(&min, 1); - secp256k1_num_negate(&min); for (int i=0; iorder); + random_num_order(&msg); secp256k1_num_init(&key); - secp256k1_num_set_rand(&key, &c->order); + random_num_order(&key); secp256k1_num_init(&nonce); secp256k1_gej_t pub; secp256k1_ecmult_gen(&pub, &key); secp256k1_ecdsa_sig_t sig; secp256k1_ecdsa_sig_init(&sig); do { - secp256k1_num_set_rand(&nonce, &c->order); + random_num_order(&nonce); } while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce)); assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg)); secp256k1_num_inc(&msg); @@ -178,7 +185,6 @@ void test_run_ecdsa_sign_verify() { } int main(void) { - secp256k1_num_start(); secp256k1_fe_start(); secp256k1_ge_start(); secp256k1_ecmult_start(); @@ -191,6 +197,5 @@ int main(void) { secp256k1_ecmult_stop(); secp256k1_ge_stop(); secp256k1_fe_stop(); - secp256k1_num_stop(); return 0; } diff --git a/src/util.h b/src/util.h new file mode 100644 index 0000000..3aced7a --- /dev/null +++ b/src/util.h @@ -0,0 +1,15 @@ +#ifndef _SECP256K1_UTIL_H_ +#define _SECP256K1_UTIL_H_ + +/** Generate a pseudorandom 32-bit number. */ +static uint32_t secp256k1_rand32(void); + +/** Generate a pseudorandom 32-byte array. */ +static void secp256k1_rand256(unsigned char *b32); + +/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */ +static void secp256k1_rand256_test(unsigned char *b32); + +#include "impl/util.h" + +#endif