status-im
/
secp256k1
mirror of https://github.com/status-im/secp256k1.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #215 

8956111 use 128-bit hex seed (Pieter Wuille)
02efd06 Use RFC6979 for test PRNGs (Pieter Wuille)
This commit is contained in:
Pieter Wuille 2015-02-24 02:38:27 -08:00
parent 4bc273bd9c 8956111802
commit f789c5baf2
No known key found for this signature in database
GPG Key ID: 57896D2FF8F0B657
3 changed files with 53 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/testrand.h
View File

@ -14,7 +14,7 @@
/* A non-cryptographic RNG used only for test infrastructure. */
/** Seed the pseudorandom number generator for testing. */
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v);
SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16);
/** Generate a pseudorandom 32-bit number. */
static uint32_t secp256k1_rand32(void);

53
src/testrand_impl.h
View File

@ -11,49 +11,44 @@
#include <string.h>
#include "testrand.h"
#include "hash.h"
static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
static secp256k1_rfc6979_hmac_sha256_t secp256k1_test_rng;
static uint32_t secp256k1_test_rng_precomputed[8];
static int secp256k1_test_rng_precomputed_used = 8;
SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v) {
secp256k1_Rz = v >> 32;
secp256k1_Rw = v;
/* There are two seeds with short (length 1) cycles for the Rz PRNG. */
if (secp256k1_Rz == 0 || secp256k1_Rz == 0x9068ffffU) {
secp256k1_Rz = 111;
}
/* There are four seeds with short (length 1) cycles for the Rw PRNG. */
if (secp256k1_Rw == 0 || secp256k1_Rw == 0x464fffffU ||
secp256k1_Rw == 0x8c9ffffeU || secp256k1_Rw == 0xd2effffdU) {
secp256k1_Rw = 111;
}
SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16) {
secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, (const unsigned char*)"TestRNG", 7, seed16, 16);
}
SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
/* MWC PRNG for tests. */
secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
if (secp256k1_test_rng_precomputed_used == 8) {
secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed));
secp256k1_test_rng_precomputed_used = 0;
}
return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++];
}
static void secp256k1_rand256(unsigned char *b32) {
int i;
for (i = 0; i < 8; i++) {
uint32_t r = secp256k1_rand32();
b32[i*4 + 0] = (r >> 0) & 0xFF;
b32[i*4 + 1] = (r >> 8) & 0xFF;
b32[i*4 + 2] = (r >> 16) & 0xFF;
b32[i*4 + 3] = (r >> 24) & 0xFF;
}
secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32);
}
static void secp256k1_rand256_test(unsigned char *b32) {
int bits=0;
uint64_t ent = 0;
int entleft = 0;
memset(b32, 0, 32);
while (bits < 256) {
uint32_t ent = secp256k1_rand32();
int now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
uint32_t val = 1 & (ent >> 11);
int now;
uint32_t val;
if (entleft < 12) {
ent |= ((uint64_t)secp256k1_rand32()) << entleft;
entleft += 32;
}
now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
val = 1 & (ent >> 11);
ent >>= 12;
entleft -= 12;
while (now > 0 && bits < 256) {
b32[bits / 8] |= val << (bits % 8);
now--;

35
src/tests.c
View File

@ -1763,7 +1763,8 @@ void run_ecdsa_openssl(void) {
#endif
int main(int argc, char **argv) {
uint64_t seed;
unsigned char seed16[16] = {0};
unsigned char run32[32] = {0};
/* find iteration count */
if (argc > 1) {
count = strtol(argv[1], NULL, 0);
@ -1771,18 +1772,37 @@ int main(int argc, char **argv) {
/* find random seed */
if (argc > 2) {
sscanf(argv[2], "%" I64uFORMAT, (unsigned long long*)&seed);
int pos = 0;
const char* ch = argv[2];
while (pos < 16 && ch[0] != 0 && ch[1] != 0) {
unsigned short sh;
if (sscanf(ch, "%2hx", &sh)) {
seed16[pos] = sh;
} else {
break;
}
ch += 2;
pos++;
}
} else {
FILE *frand = fopen("/dev/urandom", "r");
if (!frand || !fread(&seed, sizeof(seed), 1, frand)) {
seed = time(NULL) * 1337;
if (!frand || !fread(&seed16, sizeof(seed16), 1, frand)) {
uint64_t t = time(NULL) * (uint64_t)1337;
seed16[0] ^= t;
seed16[1] ^= t >> 8;
seed16[2] ^= t >> 16;
seed16[3] ^= t >> 24;
seed16[4] ^= t >> 32;
seed16[5] ^= t >> 40;
seed16[6] ^= t >> 48;
seed16[7] ^= t >> 56;
}
fclose(frand);
}
secp256k1_rand_seed(seed);
secp256k1_rand_seed(seed16);
printf("test count = %i\n", count);
printf("random seed = %" I64uFORMAT "\n", (unsigned long long)seed);
printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]);
/* initialize */
secp256k1_start(SECP256K1_START_SIGN | SECP256K1_START_VERIFY);
@ -1828,7 +1848,8 @@ int main(int argc, char **argv) {
run_ecdsa_openssl();
#endif
printf("random run = %llu\n", (unsigned long long)secp256k1_rand32() + ((unsigned long long)secp256k1_rand32() << 32));
secp256k1_rand256(run32);
printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]);
/* shutdown */
secp256k1_stop();