 |
Bitcoin Core
22.99.0
P2P Digital Currency
|
Go to the documentation of this file.
7 #if defined HAVE_CONFIG_H
15 #ifndef EXHAUSTIVE_TEST_ORDER
17 #define EXHAUSTIVE_TEST_ORDER 13
21 #include "../include/secp256k1.h"
57 unsigned char bin[32];
72 *iter += 0xe7037ed1a0b428dbULL;
77 const unsigned char *key32,
const unsigned char *algo16,
78 void *data,
unsigned int attempt) {
138 zless_gej.
x = groupj[j].
x;
139 zless_gej.
y = groupj[j].
y;
218 data.
pt[0] = group[x];
219 data.
pt[1] = group[y];
233 unsigned char x_bin[32];
253 int k, should_verify;
254 unsigned char msg32[32];
270 if (r_s == check_x_s) {
283 memcpy(&nonconst_ge, &group[sk_s],
sizeof(nonconst_ge));
286 CHECK(should_verify ==
303 const int starting_k =
k;
307 unsigned char sk32[32], msg32[32];
321 CHECK(r == expected_r);
326 if (
k < starting_k) {
343 #ifdef ENABLE_MODULE_RECOVERY
347 #ifdef ENABLE_MODULE_EXTRAKEYS
351 #ifdef ENABLE_MODULE_SCHNORRSIG
355 int main(
int argc,
char** argv) {
359 unsigned char rand32[32];
365 setbuf(stdout, NULL);
368 setbuf(stderr, NULL);
374 count = strtol(argv[1], NULL, 0);
385 if (num_cores < 1 || this_core >=
num_cores) {
386 fprintf(stderr,
"Usage: %s [count] [seed] [numcores] [thiscore]\n", argv[0]);
425 CHECK(group[i].infinity == 0);
440 #ifdef ENABLE_MODULE_RECOVERY
443 #ifdef ENABLE_MODULE_EXTRAKEYS
446 #ifdef ENABLE_MODULE_SCHNORRSIG
455 printf(
"no problems found\n");
static void secp256k1_testrand_finish(void)
Print final test information.
void test_exhaustive_endomorphism(const secp256k1_ge *group)
Opaque data structured that holds a parsed ECDSA signature.
static void secp256k1_gej_set_infinity(secp256k1_gej *r)
Set a group element (jacobian) equal to the point at infinity.
static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the (modular) inverse of another.
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
#define SECP256K1_CONTEXT_SIGN
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
#define EXHAUSTIVE_TEST_ORDER
static void secp256k1_testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
static void secp256k1_ecdsa_signature_load(const secp256k1_context *ctx, secp256k1_scalar *r, secp256k1_scalar *s, const secp256k1_ecdsa_signature *sig)
int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt)
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a)
Set a field element equal to 32-byte big endian value.
static void secp256k1_fe_normalize(secp256k1_fe *r)
Field element module.
static int secp256k1_scalar_is_high(const secp256k1_scalar *a)
Check whether a scalar is higher than the group order divided by 2.
void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group)
static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a)
Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast.
static void secp256k1_scratch_destroy(const secp256k1_callback *error_callback, secp256k1_scratch *scratch)
static void secp256k1_ecmult_gen_create_prec_table(secp256k1_ge_storage *table, const secp256k1_ge *gen, int bits)
void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b)
static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b)
Rescale a jacobian point by b which must be non-zero.
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).
static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng)
Double multiply: R = na*A + ng*G.
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
static void secp256k1_pubkey_save(secp256k1_pubkey *pubkey, secp256k1_ge *ge)
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata)
A scalar modulo the group order of the secp256k1 curve.
static uint32_t num_cores
END stolen from tests.c.
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)
Multiply with the generator: R = a*G.
static const secp256k1_ge secp256k1_ge_const_g
A group element of the secp256k1 curve, in jacobian coordinates.
static void test_exhaustive_recovery(const secp256k1_context *ctx, const secp256k1_ge *group)
static int secp256k1_fe_equal_var(const secp256k1_fe *a, const secp256k1_fe *b)
Same as secp256k1_fe_equal, but may be variable time.
void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj)
static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe *SECP256K1_RESTRICT b)
Sets a field element to be the product of two others.
secp256k1_ecmult_gen_context ecmult_gen_ctx
static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a)
Set r equal to the inverse of a (i.e., mirrored around the X axis)
int main(int argc, char **argv)
static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q, int bits)
Multiply: R = q*A (in constant-time) Here bits should be set to the maximum bitlength of the absolute...
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a)
Convert a field element to a 32-byte big endian value.
static SECP256K1_INLINE int skip_section(uint64_t *iter)
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
#define CHECK(cond)
Unconditional failure on condition failure.
static int secp256k1_ecmult_multi_var(const secp256k1_callback *error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n)
Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai.
secp256k1_callback error_callback
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b)
Compare two scalars.
void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k, int *overflow)
static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the square of another.
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group)
static void secp256k1_testrand_init(const char *hexseed)
Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL.
void test_exhaustive_ecmult(const secp256k1_ge *group, const secp256k1_gej *groupj)
void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b)
stolen from tests.c
#define ECMULT_GEN_PREC_BITS
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
static void test_exhaustive_schnorrsig(const secp256k1_context *ctx)
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.
static const secp256k1_ge_storage secp256k1_ecmult_gen_prec_table[ECMULT_GEN_PREC_N(ECMULT_GEN_PREC_BITS)][ECMULT_GEN_PREC_G(ECMULT_GEN_PREC_BITS)]
static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature *sig, const secp256k1_scalar *r, const secp256k1_scalar *s)
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
static void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a)
Set r equal to the double of a.
static int secp256k1_gej_is_infinity(const secp256k1_gej *a)
Check whether a group element is the point at infinity.
static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv)
Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv).
static void secp256k1_fe_normalize_weak(secp256k1_fe *r)
Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize.
void random_fe(secp256k1_fe *x)
static secp256k1_scratch * secp256k1_scratch_create(const secp256k1_callback *error_callback, size_t max_size)
static int secp256k1_ge_is_infinity(const secp256k1_ge *a)
Check whether a group element is the point at infinity.
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
Opaque data structure that holds a parsed and valid public key.
void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group)
A group element of the secp256k1 curve, in affine coordinates.
static secp256k1_context * ctx
static uint32_t this_core
static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a)
Set a group element equal to another which is given in jacobian coordinates.
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.