From 02efd06554c9afbe00156c6e4be7f303a47bfbad Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Fri, 13 Feb 2015 15:56:08 -0800
Subject: [PATCH] Use RFC6979 for test PRNGs

---
 src/testrand_impl.h | 51 ++++++++++++++++++++-------------------------
 1 file changed, 23 insertions(+), 28 deletions(-)

diff --git a/src/testrand_impl.h b/src/testrand_impl.h
index d6fc4277d94..42b23e84032 100644
--- a/src/testrand_impl.h
+++ b/src/testrand_impl.h
@@ -11,49 +11,44 @@
 #include <string.h>
 
 #include "testrand.h"
+#include "hash.h"
 
-static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11;
+static secp256k1_rfc6979_hmac_sha256_t secp256k1_test_rng;
+static uint32_t secp256k1_test_rng_precomputed[8];
+static int secp256k1_test_rng_precomputed_used = 8;
 
 SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v) {
-    secp256k1_Rz = v >> 32;
-    secp256k1_Rw = v;
-
-    /* There are two seeds with short (length 1) cycles for the Rz PRNG. */
-    if (secp256k1_Rz == 0 || secp256k1_Rz == 0x9068ffffU) {
-        secp256k1_Rz = 111;
-    }
-    /* There are four seeds with short (length 1) cycles for the Rw PRNG. */
-    if (secp256k1_Rw == 0 || secp256k1_Rw == 0x464fffffU ||
-         secp256k1_Rw == 0x8c9ffffeU || secp256k1_Rw == 0xd2effffdU) {
-        secp256k1_Rw = 111;
-    }
+    secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, (const unsigned char*)"PRNG", 4, (const unsigned char*)&v, sizeof(v));
 }
 
 SECP256K1_INLINE static uint32_t secp256k1_rand32(void) {
-    /* MWC PRNG for tests. */
-    secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16);
-    secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16);
-    return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz;
+    if (secp256k1_test_rng_precomputed_used == 8) {
+        secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed));
+        secp256k1_test_rng_precomputed_used = 0;
+    }
+    return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++];
 }
 
 static void secp256k1_rand256(unsigned char *b32) {
-    int i;
-    for (i = 0; i < 8; i++) {
-        uint32_t r = secp256k1_rand32();
-        b32[i*4 + 0] = (r >>  0) & 0xFF;
-        b32[i*4 + 1] = (r >>  8) & 0xFF;
-        b32[i*4 + 2] = (r >> 16) & 0xFF;
-        b32[i*4 + 3] = (r >> 24) & 0xFF;
-    }
+    secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32);
 }
 
 static void secp256k1_rand256_test(unsigned char *b32) {
     int bits=0;
+    uint64_t ent = 0;
+    int entleft = 0;
     memset(b32, 0, 32);
     while (bits < 256) {
-        uint32_t ent = secp256k1_rand32();
-        int now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
-        uint32_t val = 1 & (ent >> 11);
+        int now;
+        uint32_t val;
+        if (entleft < 12) {
+            ent |= ((uint64_t)secp256k1_rand32()) << entleft;
+            entleft += 32;
+        }
+        now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31;
+        val = 1 & (ent >> 11);
+        ent >>= 12;
+        entleft -= 12;
         while (now > 0 && bits < 256) {
             b32[bits / 8] |= val << (bits % 8);
             now--;