frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace ge_equals_ge[,j] calls with group.h equality calls

Browse Source
This commit is contained in:
Pieter Wuille 2023-12-01 11:38:50 -05:00
parent 60525f6c14
commit 04af0ba162
5 changed files with 45 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/modules/ellswift/tests_exhaustive_impl.h
View File

@ -32,7 +32,7 @@ static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256
/* Decode ellswift pubkey and check that it matches the precomputed group element. */
secp256k1_ellswift_decode(ctx, &pub_decoded, ell64);
secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded);
ge_equals_ge(&ge_decoded, &group[i]);
CHECK(secp256k1_ge_eq_var(&ge_decoded, &group[i]));
}
}

4
src/modules/ellswift/tests_impl.h
View File

@ -237,7 +237,7 @@ void run_ellswift_tests(void) {
secp256k1_ellswift_decode(CTX, &pubkey2, ell64);
secp256k1_pubkey_load(CTX, &g2, &pubkey2);
/* Compare with original. */
ge_equals_ge(&g, &g2);
CHECK(secp256k1_ge_eq_var(&g, &g2));
}
/* Verify the behavior of secp256k1_ellswift_create */
for (i = 0; i < 400 * COUNT; i++) {
@ -259,7 +259,7 @@ void run_ellswift_tests(void) {
secp256k1_ellswift_decode(CTX, &pub, ell64);
secp256k1_pubkey_load(CTX, &dec, &pub);
secp256k1_ecmult(&res, NULL, &secp256k1_scalar_zero, &sec);
ge_equals_gej(&dec, &res);
CHECK(secp256k1_gej_eq_ge_var(&res, &dec));
}
/* Verify that secp256k1_ellswift_xdh computes the right shared X coordinate. */
for (i = 0; i < 800 * COUNT; i++) {

60
src/tests.c
View File

@ -3770,7 +3770,7 @@ static void test_ge(void) {
/* Test gej + ge with Z ratio result (var). */
secp256k1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&resj)) {
secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z);
CHECK(secp256k1_fe_equal(&zrz, &resj.z));
@ -3784,14 +3784,14 @@ static void test_ge(void) {
random_ge_x_magnitude(&ge2_zfi);
random_ge_y_magnitude(&ge2_zfi);
secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
}
/* Test gej + ge (const). */
if (i2 != 0) {
/* secp256k1_gej_add_ge does not support its second argument being infinity. */
secp256k1_gej_add_ge(&resj, &gej[i1], &ge[i2]);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
}
/* Test doubling (var). */
@ -3799,16 +3799,16 @@ static void test_ge(void) {
secp256k1_fe zr2;
/* Normal doubling with Z ratio result. */
secp256k1_gej_double_var(&resj, &gej[i1], &zr2);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
/* Check Z ratio. */
secp256k1_fe_mul(&zr2, &zr2, &gej[i1].z);
CHECK(secp256k1_fe_equal(&zr2, &resj.z));
/* Normal doubling. */
secp256k1_gej_double_var(&resj, &gej[i2], NULL);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
/* Constant-time doubling. */
secp256k1_gej_double(&resj, &gej[i2]);
ge_equals_gej(&ref, &resj);
CHECK(secp256k1_gej_eq_ge_var(&resj, &ref));
}
/* Test adding opposites. */
@ -3820,12 +3820,12 @@ static void test_ge(void) {
if (i1 == 0) {
CHECK(secp256k1_ge_is_infinity(&ge[i1]));
CHECK(secp256k1_gej_is_infinity(&gej[i1]));
ge_equals_gej(&ref, &gej[i2]);
CHECK(secp256k1_gej_eq_ge_var(&gej[i2], &ref));
}
if (i2 == 0) {
CHECK(secp256k1_ge_is_infinity(&ge[i2]));
CHECK(secp256k1_gej_is_infinity(&gej[i2]));
ge_equals_gej(&ref, &gej[i1]);
CHECK(secp256k1_gej_eq_ge_var(&gej[i1], &ref));
}
}
}
@ -3860,7 +3860,7 @@ static void test_ge(void) {
secp256k1_fe s;
random_fe_non_zero(&s);
secp256k1_gej_rescale(&gej[i], &s);
ge_equals_gej(&ge_set_all[i], &gej[i]);
CHECK(secp256k1_gej_eq_ge_var(&gej[i], &ge_set_all[i]));
}
free(ge_set_all);
}
@ -3904,7 +3904,7 @@ static void test_ge(void) {
secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
/* check result */
for (i = 0; i < 4 * runs + 1; i++) {
ge_equals_gej(&ge[i], &gej[i]);
CHECK(secp256k1_gej_eq_ge_var(&gej[i], &ge[i]));
}
/* Test batch gej -> ge conversion with all infinities. */
@ -4003,15 +4003,15 @@ static void test_add_neg_y_diff_x(void) {
secp256k1_gej_add_var(&resj, &aj, &bj, NULL);
secp256k1_ge_set_gej(&res, &resj);
ge_equals_gej(&res, &sumj);
CHECK(secp256k1_gej_eq_ge_var(&sumj, &res));
secp256k1_gej_add_ge(&resj, &aj, &b);
secp256k1_ge_set_gej(&res, &resj);
ge_equals_gej(&res, &sumj);
CHECK(secp256k1_gej_eq_ge_var(&sumj, &res));
secp256k1_gej_add_ge_var(&resj, &aj, &b, NULL);
secp256k1_ge_set_gej(&res, &resj);
ge_equals_gej(&res, &sumj);
CHECK(secp256k1_gej_eq_ge_var(&sumj, &res));
}
static void run_ge(void) {
@ -4304,10 +4304,10 @@ static void test_point_times_order(const secp256k1_gej *point) {
CHECK(secp256k1_ge_is_infinity(&res3));
secp256k1_ecmult(&res1, point, &secp256k1_scalar_one, &secp256k1_scalar_zero);
secp256k1_ge_set_gej(&res3, &res1);
ge_equals_gej(&res3, point);
CHECK(secp256k1_gej_eq_ge_var(point, &res3));
secp256k1_ecmult(&res1, point, &secp256k1_scalar_zero, &secp256k1_scalar_one);
secp256k1_ge_set_gej(&res3, &res1);
ge_equals_ge(&res3, &secp256k1_ge_const_g);
CHECK(secp256k1_ge_eq_var(&secp256k1_ge_const_g, &res3));
}
/* These scalars reach large (in absolute value) outputs when fed to secp256k1_scalar_split_lambda.
@ -4435,7 +4435,7 @@ static void ecmult_const_random_mult(void) {
secp256k1_ecmult_const(&b, &a, &xn);
CHECK(secp256k1_ge_is_valid_var(&a));
ge_equals_gej(&expected_b, &b);
CHECK(secp256k1_gej_eq_ge_var(&b, &expected_b));
}
static void ecmult_const_commutativity(void) {
@ -4456,7 +4456,7 @@ static void ecmult_const_commutativity(void) {
secp256k1_ecmult_const(&res2, &mid2, &a);
secp256k1_ge_set_gej(&mid1, &res1);
secp256k1_ge_set_gej(&mid2, &res2);
ge_equals_ge(&mid1, &mid2);
CHECK(secp256k1_ge_eq_var(&mid1, &mid2));
}
static void ecmult_const_mult_zero_one(void) {
@ -4483,13 +4483,13 @@ static void ecmult_const_mult_zero_one(void) {
/* 1*point */
secp256k1_ecmult_const(&res1, &point, &secp256k1_scalar_one);
secp256k1_ge_set_gej(&res2, &res1);
ge_equals_ge(&res2, &point);
CHECK(secp256k1_ge_eq_var(&res2, &point));
/* -1*point */
secp256k1_ecmult_const(&res1, &point, &negone);
secp256k1_gej_neg(&res1, &res1);
secp256k1_ge_set_gej(&res2, &res1);
ge_equals_ge(&res2, &point);
CHECK(secp256k1_ge_eq_var(&res2, &point));
}
static void ecmult_const_check_result(const secp256k1_ge *A, const secp256k1_scalar* q, const secp256k1_gej *res) {
@ -4498,7 +4498,7 @@ static void ecmult_const_check_result(const secp256k1_ge *A, const secp256k1_sca
secp256k1_gej_set_ge(&pointj, A);
secp256k1_ecmult(&res2j, &pointj, q, &secp256k1_scalar_zero);
secp256k1_ge_set_gej(&res2, &res2j);
ge_equals_gej(&res2, res);
CHECK(secp256k1_gej_eq_ge_var(res, &res2));
}
static void ecmult_const_edges(void) {
@ -4606,7 +4606,7 @@ static void ecmult_const_chain_multiply(void) {
secp256k1_ecmult_const(&point, &tmp, &scalar);
}
secp256k1_ge_set_gej(&res, &point);
ge_equals_gej(&res, &expected_point);
CHECK(secp256k1_gej_eq_ge_var(&expected_point, &res));
}
static void run_ecmult_const_tests(void) {
@ -5414,11 +5414,11 @@ static void test_ecmult_accumulate(secp256k1_sha256* acc, const secp256k1_scalar
secp256k1_ecmult_multi_var(NULL, scratch, &rj5, &secp256k1_scalar_zero, test_ecmult_accumulate_cb, (void*)x, 1);
secp256k1_ecmult_const(&rj6, &secp256k1_ge_const_g, x);
secp256k1_ge_set_gej_var(&r, &rj1);
ge_equals_gej(&r, &rj2);
ge_equals_gej(&r, &rj3);
ge_equals_gej(&r, &rj4);
ge_equals_gej(&r, &rj5);
ge_equals_gej(&r, &rj6);
CHECK(secp256k1_gej_eq_ge_var(&rj2, &r));
CHECK(secp256k1_gej_eq_ge_var(&rj3, &r));
CHECK(secp256k1_gej_eq_ge_var(&rj4, &r));
CHECK(secp256k1_gej_eq_ge_var(&rj5, &r));
CHECK(secp256k1_gej_eq_ge_var(&rj6, &r));
if (secp256k1_ge_is_infinity(&r)) {
/* Store infinity as 0x00 */
const unsigned char zerobyte[1] = {0};
@ -5572,7 +5572,7 @@ static void test_ecmult_gen_blind(void) {
CHECK(!gej_xyz_equals_gej(&pgej, &pgej2));
CHECK(!gej_xyz_equals_gej(&i, &CTX->ecmult_gen_ctx.initial));
secp256k1_ge_set_gej(&pge, &pgej);
ge_equals_gej(&pge, &pgej2);
CHECK(secp256k1_gej_eq_ge_var(&pgej2, &pge));
}
static void test_ecmult_gen_blind_reset(void) {
@ -5963,7 +5963,7 @@ static void run_ec_pubkey_parse_test(void) {
SECP256K1_CHECKMEM_CHECK(&ge.x, sizeof(ge.x));
SECP256K1_CHECKMEM_CHECK(&ge.y, sizeof(ge.y));
SECP256K1_CHECKMEM_CHECK(&ge.infinity, sizeof(ge.infinity));
ge_equals_ge(&secp256k1_ge_const_g, &ge);
CHECK(secp256k1_ge_eq_var(&ge, &secp256k1_ge_const_g));
/* secp256k1_ec_pubkey_serialize illegal args. */
len = 65;
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED));
@ -6532,7 +6532,7 @@ static void test_random_pubkeys(void) {
CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0));
CHECK(size == 65);
CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size));
ge_equals_ge(&elem,&elem2);
CHECK(secp256k1_ge_eq_var(&elem2, &elem));
/* Check that the X9.62 hybrid type is checked. */
in[0] = secp256k1_testrand_bits(1) ? 6 : 7;
res = secp256k1_eckey_pubkey_parse(&elem2, in, size);
@ -6544,7 +6544,7 @@ static void test_random_pubkeys(void) {
}
}
if (res) {
ge_equals_ge(&elem,&elem2);
CHECK(secp256k1_ge_eq_var(&elem, &elem2));
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0));
CHECK(secp256k1_memcmp_var(&in[1], &out[1], 64) == 0);
}

25
src/tests_exhaustive.c
View File

@ -67,7 +67,7 @@ static void test_exhaustive_endomorphism(const secp256k1_ge *group) {
for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) {
secp256k1_ge res;
secp256k1_ge_mul_lambda(&res, &group[i]);
ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res);
CHECK(secp256k1_ge_eq_var(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res));
}
}
@ -93,21 +93,21 @@ static void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_
secp256k1_gej tmp;
/* add_var */
secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL);
ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER]));
/* add_ge */
if (j > 0) {
secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]);
ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER]));
}
/* add_ge_var */
secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL);
ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER]));
/* add_zinv_var */
zless_gej.infinity = groupj[j].infinity;
zless_gej.x = groupj[j].x;
zless_gej.y = groupj[j].y;
secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv);
ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER]));
}
}
@ -115,9 +115,9 @@ static void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_
for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) {
secp256k1_gej tmp;
secp256k1_gej_double(&tmp, &groupj[i]);
ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER]));
secp256k1_gej_double_var(&tmp, &groupj[i], NULL);
ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER]));
}
/* Check negation */
@ -125,9 +125,9 @@ static void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_
secp256k1_ge tmp;
secp256k1_gej tmpj;
secp256k1_ge_neg(&tmp, &group[i]);
ge_equals_ge(&group[EXHAUSTIVE_TEST_ORDER - i], &tmp);
CHECK(secp256k1_ge_eq_var(&tmp, &group[EXHAUSTIVE_TEST_ORDER - i]));
secp256k1_gej_neg(&tmpj, &groupj[i]);
ge_equals_gej(&group[EXHAUSTIVE_TEST_ORDER - i], &tmpj);
CHECK(secp256k1_gej_eq_ge_var(&tmpj, &group[EXHAUSTIVE_TEST_ORDER - i]));
}
}
@ -144,8 +144,7 @@ static void test_exhaustive_ecmult(const secp256k1_ge *group, const secp256k1_ge
secp256k1_scalar_set_int(&ng, j);
secp256k1_ecmult(&tmp, &groupj[r_log], &na, &ng);
ge_equals_gej(&group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER]));
}
}
}
@ -163,7 +162,7 @@ static void test_exhaustive_ecmult(const secp256k1_ge *group, const secp256k1_ge
/* Test secp256k1_ecmult_const. */
secp256k1_ecmult_const(&tmp, &group[i], &ng);
ge_equals_gej(&group[(i * j) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * j) % EXHAUSTIVE_TEST_ORDER]));
if (i != 0 && j != 0) {
/* Test secp256k1_ecmult_const_xonly with all curve X coordinates, and xd=NULL. */
@ -215,7 +214,7 @@ static void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const sec
data.pt[1] = group[y];
secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2);
ge_equals_gej(&group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER], &tmp);
CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER]));
}
}
}

9
src/testutil.h
View File

@ -7,7 +7,6 @@
#define SECP256K1_TESTUTIL_H
#include "field.h"
#include "group.h"
#include "testrand.h"
#include "util.h"
@ -27,12 +26,4 @@ static void random_fe_non_zero(secp256k1_fe *nz) {
} while (secp256k1_fe_is_zero(nz));
}
static void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) {
CHECK(secp256k1_ge_eq_var(a, b));
}
static void ge_equals_gej(const secp256k1_ge *a, const secp256k1_gej *b) {
CHECK(secp256k1_gej_eq_ge_var(b, a));
}
#endif /* SECP256K1_TESTUTIL_H */