status-im
/
secp256k1
mirror of https://github.com/status-im/secp256k1.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
468 Commits 1 Branch 0 Tags 12 MiB
Commit Graph

468 Commits

Author SHA1 Message Date
Pieter Wuille 000bdf6dc3 Rename bench_verify to bench_recovery 2014-12-09 00:12:02 +01:00
Gregory Maxwell 7c6fed2857 Add a few more additional tests. 2014-12-08 14:15:09 -08:00
Cory Fields 992e03bc28 travis: add clang to the test matrix 2014-12-08 17:06:41 -05:00
Pieter Wuille b43b79a5b1
Merge pull request #143 
e06a924 Include time.h header for time(). (Pavel Janík)
 2014-12-08 23:03:31 +01:00
Pavel Janík e06a9244bf Include time.h header for time(). 2014-12-08 20:48:58 +01:00
Gregory Maxwell 8d11164bc0 Add some additional tests. 2014-12-08 09:13:35 -08:00
Pieter Wuille 3545627acb
Merge pull request #118 
3ce74b1 Tweak precomputed table size for G (Pieter Wuille)
 2014-12-07 14:37:12 +01:00
Pieter Wuille 6a9901e15b
Merge pull request #137 
39bd94d Variable time normalize (Pieter Wuille)
 2014-12-07 14:35:23 +01:00
Pieter Wuille 376b28b096
Merge pull request #128 
b2c9681 Make {mul,sqr}_inner use the same argument order as {mul,sqr} (Pieter Wuille)
6793505 Convert YASM code into inline assembly (Pieter Wuille)
f048615 Rewrite field assembly to match the C version (Pieter Wuille)
 2014-12-07 14:34:20 +01:00
Pieter Wuille 17288069fb
Merge pull request #138 
a5759c5 Check return value of malloc (Pieter Wuille)
2b9388b Remove unused secp256k1_fe_inv_all (Pieter Wuille)
f461b76 Allocate precomputation arrays on the heap (Pieter Wuille)
 2014-12-07 13:19:21 +01:00
Pieter Wuille a5759c572e Check return value of malloc 2014-12-07 02:58:24 +01:00
Pieter Wuille 39bd94d86d Variable time normalize 2014-12-06 18:18:28 +01:00
Pieter Wuille ad86bdf1f2
Merge pull request #140 
54b768c Another redundant secp256k1_fe_normalize (Pieter Wuille)
 2014-12-06 18:18:06 +01:00
Pieter Wuille 54b768c6da Another redundant secp256k1_fe_normalize 2014-12-06 17:30:08 +01:00
Pieter Wuille 69dcaab08d
Merge pull request #139 
1c29f2e Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var. (Gregory Maxwell)
 2014-12-06 17:27:33 +01:00
Gregory Maxwell 1c29f2eb49 Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var. 
This was a missed optimization in the extraction of gej+ge from gej+gej.
 2014-12-06 05:09:57 -08:00
Pieter Wuille 2b9388b647 Remove unused secp256k1_fe_inv_all 2014-12-05 18:13:51 +01:00
Pieter Wuille f461b76925 Allocate precomputation arrays on the heap 2014-12-05 18:13:28 +01:00
Pieter Wuille b0210a95da
Merge pull request #135 
ee3eb4b Fix a memory leak and add a number of small tests. (Gregory Maxwell)
 2014-12-04 19:16:09 +01:00
Gregory Maxwell ee3eb4be9e Fix a memory leak and add a number of small tests. 
This fixes a simple copy and paste induced memory leak for the ecdsa init.

The tests are mostly just improving coverage and aren't interesting.
 2014-12-04 07:17:08 -08:00
Pieter Wuille b2c9681c6f Make {mul,sqr}_inner use the same argument order as {mul,sqr} 2014-12-04 13:54:36 +01:00
Pieter Wuille 67935050e1 Convert YASM code into inline assembly 2014-12-04 13:54:01 +01:00
Pieter Wuille f048615970 Rewrite field assembly to match the C version 2014-12-04 13:46:09 +01:00
Pieter Wuille 4d879a3a66
Merge pull request #134 
29ae131 Make scalar_add_bit test's overflow detection exact (Pieter Wuille)
 2014-12-04 12:21:06 +01:00
Pieter Wuille d5e8362ae5
Merge pull request #127 
c35ff1e Convert lambda splitter to pure scalar code. (Pieter Wuille)
cc604e9 Avoid division when decomposing scalars (Peter Dettman)
ff8746d Add secp256k1_scalar_mul_shift_var (Pieter Wuille)
 2014-12-03 21:22:57 +01:00
Pieter Wuille 7b92cf66c7
Merge pull request #132 
efb7d4b Use constant-time conditional moves instead of byte slicing (Pieter Wuille)
 2014-12-03 21:21:42 +01:00
Pieter Wuille 0bf70a5d6c
Merge pull request #133 
9048def Avoid undefined shift behaviour (Pieter Wuille)
 2014-12-03 21:20:26 +01:00
Pieter Wuille 29ae1310ce Make scalar_add_bit test's overflow detection exact 2014-12-03 18:54:01 +01:00
Pieter Wuille 9048def7c7 Avoid undefined shift behaviour 2014-12-03 18:10:52 +01:00
Pieter Wuille efb7d4b299 Use constant-time conditional moves instead of byte slicing 2014-12-03 02:41:55 +01:00
Pieter Wuille d220062ac2
Merge pull request #131 
82f9254 Fix typo (Pieter Wuille)
 2014-12-02 18:36:55 +01:00
Pieter Wuille 82f9254cc0 Fix typo 2014-12-02 18:35:33 +01:00
Pieter Wuille 601ca04f9a
Merge pull request #129 
35399e0 Bugfix: b is restricted, not r (Pieter Wuille)
 2014-12-02 17:52:43 +01:00
Pieter Wuille 35399e08c4 Bugfix: b is restricted, not r 2014-12-02 17:43:42 +01:00
Pieter Wuille c35ff1ea44 Convert lambda splitter to pure scalar code. 
This enables the use of the endomorphism optimization without bignum.
 2014-12-02 16:50:00 +01:00
Peter Dettman cc604e9842 Avoid division when decomposing scalars 
- In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
- Add the constants g1, g2 for this purpose and rewrite secp256k1_scalar_split_lambda_var accordingly.
- Remove secp256k1_num_div since no longer used

Rebased-by: Pieter Wuille
 2014-12-02 16:50:00 +01:00
Pieter Wuille ff8746d457 Add secp256k1_scalar_mul_shift_var 2014-12-02 16:50:00 +01:00
Pieter Wuille bd313f7d6e
Merge pull request #119 
597128d Make num optional (Pieter Wuille)
659b554 Make constant initializers independent from num (Pieter Wuille)
 2014-12-02 16:42:50 +01:00
Pieter Wuille 276f987d70
Merge pull request #124 
4d4eeea Make secp256k1_fe_mul_inner use the r != property (Pieter Wuille)
be82e92 Require that r and b are different for field multiplication. (Pieter Wuille)
 2014-12-02 16:39:20 +01:00
Pieter Wuille 25d125ec26
Merge pull request #126 
24b3c65 Add a test case for ECDSA recomputing infinity (Pieter Wuille)
32600e5 Add a test for r >= order signature handling (Pieter Wuille)
 2014-12-01 22:41:54 +01:00
Pieter Wuille 24b3c65e0d Add a test case for ECDSA recomputing infinity 2014-12-01 14:45:05 +01:00
Pieter Wuille 32600e5086 Add a test for r >= order signature handling 
Suggested by Greg Maxwell.
 2014-12-01 14:23:09 +01:00
Pieter Wuille 4d4eeea4ac Make secp256k1_fe_mul_inner use the r != property 
Suggested by Peter Dettman.
 2014-12-01 13:40:36 +01:00
Pieter Wuille be82e92fc4 Require that r and b are different for field multiplication. 
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
 2014-12-01 13:40:34 +01:00
Pieter Wuille 597128d389 Make num optional 2014-12-01 12:38:38 +01:00
Pieter Wuille 659b554d7b Make constant initializers independent from num 2014-12-01 12:38:38 +01:00
Pieter Wuille 0af5b47133
Merge pull request #120 
e3d692f Explain why no y=0 check is necessary for doubling (Pieter Wuille)
f7dc1c6 Optimize doubling: secp256k1 has no y=0 point (Pieter Wuille)
 2014-12-01 12:38:13 +01:00
Pieter Wuille e2e8a362ad
Merge pull request #117 
c76be9e Remove unused num functions (Pieter Wuille)
4285a98 Move lambda-splitting code to scalar. (Pieter Wuille)
f24041d Switch all EC/ECDSA logic from num to scalar (Pieter Wuille)
6794be6 Add scalar splitting functions (Pieter Wuille)
d1502eb Add secp256k1_scalar_inverse_var which delegates to GMP (Pieter Wuille)
b5c9ee7 Make test_point_times_order test meaningful again (Pieter Wuille)
0b73059 Switch wnaf splitting from num-based to scalar-based (Pieter Wuille)
1e6c77c Generalize secp256k1_scalar_get_bits (Pieter Wuille)
5213207 Add secp256k1_scalar_add_bit (Pieter Wuille)
 2014-12-01 12:32:19 +01:00
Pieter Wuille c76be9efa0 Remove unused num functions 2014-11-30 23:38:01 +01:00
Pieter Wuille 4285a98722 Move lambda-splitting code to scalar. 
It's not really an operation on group elements.
 2014-11-30 23:38:01 +01:00