foster/bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-04 13:55:23 -05:00
Code Issues Activity

Merge pull request #266

Browse source 
3f3964e Add specific VERIFY tests for _fe_cmov (Peter Dettman)
a0601cd Fix VERIFY calculations in _fe_cmov methods (Peter Dettman)
This commit is contained in:
Pieter Wuille 2015-07-08 16:59:19 -04:00
commit 0cbc8600f3
No known key found for this signature in database
GPG key ID: 57896D2FF8F0B657
3 changed files with 38 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/field_10x26_impl.h
View file

@ -1083,8 +1083,10 @@ static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe_t *r, const secp256k
r->n[8] = (r->n[8] & mask0) | (a->n[8] & mask1); r->n[8] = (r->n[8] & mask0) | (a->n[8] & mask1);
r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1); r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1);
#ifdef VERIFY #ifdef VERIFY
r->magnitude = (r->magnitude & mask0) | (a->magnitude & mask1); if (a->magnitude > r->magnitude) {
r->normalized = (r->normalized & mask0) | (a->normalized & mask1); r->magnitude = a->magnitude;
}
r->normalized &= a->normalized;
#endif #endif
} }

6
src/field_5x52_impl.h
View file

@ -414,8 +414,10 @@ static SECP256K1_INLINE void secp256k1_fe_cmov(secp256k1_fe_t *r, const secp256k
r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1);
r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1);
#ifdef VERIFY #ifdef VERIFY
r->magnitude = (r->magnitude & mask0) | (a->magnitude & mask1); if (a->magnitude > r->magnitude) {
r->normalized = (r->normalized & mask0) | (a->normalized & mask1); r->magnitude = a->magnitude;
}
r->normalized &= a->normalized;
#endif #endif
} }

40
src/tests.c
View file

@ -47,9 +47,7 @@ void random_field_element_magnitude(secp256k1_fe_t *fe) {
secp256k1_fe_negate(&zero, &zero, 0); secp256k1_fe_negate(&zero, &zero, 0);
secp256k1_fe_mul_int(&zero, n - 1); secp256k1_fe_mul_int(&zero, n - 1);
secp256k1_fe_add(fe, &zero); secp256k1_fe_add(fe, &zero);
#ifdef VERIFY VERIFY_CHECK(fe->magnitude == n);
CHECK(fe->magnitude == n);
#endif
} }
void random_group_element_test(secp256k1_ge_t *ge) { void random_group_element_test(secp256k1_ge_t *ge) {
@ -737,13 +735,22 @@ void run_field_convert(void) {
CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0);
} }
int fe_memcmp(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
secp256k1_fe_t t = *b;
#ifdef VERIFY
t.magnitude = a->magnitude;
t.normalized = a->normalized;
#endif
return memcmp(a, &t, sizeof(secp256k1_fe_t));
}
void run_field_misc(void) { void run_field_misc(void) {
secp256k1_fe_t x; secp256k1_fe_t x;
secp256k1_fe_t y; secp256k1_fe_t y;
secp256k1_fe_t z; secp256k1_fe_t z;
secp256k1_fe_t q; secp256k1_fe_t q;
secp256k1_fe_t fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); secp256k1_fe_t fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5);
int i; int i, j;
for (i = 0; i < 5*count; i++) { for (i = 0; i < 5*count; i++) {
secp256k1_fe_storage_t xs, ys, zs; secp256k1_fe_storage_t xs, ys, zs;
random_fe(&x); random_fe(&x);
@ -756,14 +763,27 @@ void run_field_misc(void) {
/* Test fe conditional move; z is not normalized here. */ /* Test fe conditional move; z is not normalized here. */
q = x; q = x;
secp256k1_fe_cmov(&x, &z, 0); secp256k1_fe_cmov(&x, &z, 0);
VERIFY_CHECK(!x.normalized && x.magnitude == z.magnitude);
secp256k1_fe_cmov(&x, &x, 1); secp256k1_fe_cmov(&x, &x, 1);
CHECK(memcmp(&x, &z, sizeof(x)) != 0); CHECK(fe_memcmp(&x, &z) != 0);
CHECK(memcmp(&x, &q, sizeof(x)) == 0); CHECK(fe_memcmp(&x, &q) == 0);
secp256k1_fe_cmov(&q, &z, 1); secp256k1_fe_cmov(&q, &z, 1);
CHECK(memcmp(&q, &z, sizeof(q)) == 0); VERIFY_CHECK(!q.normalized && q.magnitude == z.magnitude);
/* Test storage conversion and conditional moves. */ CHECK(fe_memcmp(&q, &z) == 0);
secp256k1_fe_normalize(&z); secp256k1_fe_normalize_var(&x);
secp256k1_fe_normalize_var(&z);
CHECK(!secp256k1_fe_equal_var(&x, &z)); CHECK(!secp256k1_fe_equal_var(&x, &z));
secp256k1_fe_normalize_var(&q);
secp256k1_fe_cmov(&q, &z, (i&1));
VERIFY_CHECK(q.normalized && q.magnitude == 1);
for (j = 0; j < 6; j++) {
secp256k1_fe_negate(&z, &z, j+1);
secp256k1_fe_normalize_var(&q);
secp256k1_fe_cmov(&q, &z, (j&1));
VERIFY_CHECK(!q.normalized && q.magnitude == (j+2));
}
secp256k1_fe_normalize_var(&z);
/* Test storage conversion and conditional moves. */
secp256k1_fe_to_storage(&xs, &x); secp256k1_fe_to_storage(&xs, &x);
secp256k1_fe_to_storage(&ys, &y); secp256k1_fe_to_storage(&ys, &y);
secp256k1_fe_to_storage(&zs, &z); secp256k1_fe_to_storage(&zs, &z);
@ -1661,7 +1681,7 @@ void test_ecdsa_end_to_end(void) {
extra[31] = 0; extra[31] = 0;
extra[0] = 1; extra[0] = 1;
CHECK(secp256k1_ecdsa_sign(ctx, message, signature4, &signaturelen4, privkey, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, message, signature4, &signaturelen4, privkey, NULL, extra) == 1);
CHECK(signaturelen3 > 0); CHECK(signaturelen4 > 0);
CHECK((signaturelen != signaturelen2) || (memcmp(signature, signature2, signaturelen) != 0)); CHECK((signaturelen != signaturelen2) || (memcmp(signature, signature2, signaturelen) != 0));
CHECK((signaturelen != signaturelen3) || (memcmp(signature, signature3, signaturelen) != 0)); CHECK((signaturelen != signaturelen3) || (memcmp(signature, signature3, signaturelen) != 0));
CHECK((signaturelen3 != signaturelen2) || (memcmp(signature3, signature2, signaturelen3) != 0)); CHECK((signaturelen3 != signaturelen2) || (memcmp(signature3, signature2, signaturelen3) != 0));