Make group order purely compile-time in exhaustive tests
This commit is contained in:
		
							parent
							
								
									4ad408faf3
								
							
						
					
					
						commit
						be31791543
					
				| @ -91,9 +91,9 @@ int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned cha | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef USE_ENDOMORPHISM | #ifdef USE_ENDOMORPHISM | ||||||
| void test_exhaustive_endomorphism(const secp256k1_ge *group, int order) { | void test_exhaustive_endomorphism(const secp256k1_ge *group) { | ||||||
|     int i; |     int i; | ||||||
|     for (i = 0; i < order; i++) { |     for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|         secp256k1_ge res; |         secp256k1_ge res; | ||||||
|         secp256k1_ge_mul_lambda(&res, &group[i]); |         secp256k1_ge_mul_lambda(&res, &group[i]); | ||||||
|         ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); |         ge_equals_ge(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res); | ||||||
| @ -101,80 +101,80 @@ void test_exhaustive_endomorphism(const secp256k1_ge *group, int order) { | |||||||
| } | } | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { | void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj) { | ||||||
|     int i, j; |     int i, j; | ||||||
| 
 | 
 | ||||||
|     /* Sanity-check (and check infinity functions) */ |     /* Sanity-check (and check infinity functions) */ | ||||||
|     CHECK(secp256k1_ge_is_infinity(&group[0])); |     CHECK(secp256k1_ge_is_infinity(&group[0])); | ||||||
|     CHECK(secp256k1_gej_is_infinity(&groupj[0])); |     CHECK(secp256k1_gej_is_infinity(&groupj[0])); | ||||||
|     for (i = 1; i < order; i++) { |     for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|         CHECK(!secp256k1_ge_is_infinity(&group[i])); |         CHECK(!secp256k1_ge_is_infinity(&group[i])); | ||||||
|         CHECK(!secp256k1_gej_is_infinity(&groupj[i])); |         CHECK(!secp256k1_gej_is_infinity(&groupj[i])); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Check all addition formulae */ |     /* Check all addition formulae */ | ||||||
|     for (j = 0; j < order; j++) { |     for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { | ||||||
|         secp256k1_fe fe_inv; |         secp256k1_fe fe_inv; | ||||||
|         secp256k1_fe_inv(&fe_inv, &groupj[j].z); |         secp256k1_fe_inv(&fe_inv, &groupj[j].z); | ||||||
|         for (i = 0; i < order; i++) { |         for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|             secp256k1_ge zless_gej; |             secp256k1_ge zless_gej; | ||||||
|             secp256k1_gej tmp; |             secp256k1_gej tmp; | ||||||
|             /* add_var */ |             /* add_var */ | ||||||
|             secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); |             secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); | ||||||
|             ge_equals_gej(&group[(i + j) % order], &tmp); |             ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|             /* add_ge */ |             /* add_ge */ | ||||||
|             if (j > 0) { |             if (j > 0) { | ||||||
|                 secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); |                 secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); | ||||||
|                 ge_equals_gej(&group[(i + j) % order], &tmp); |                 ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|             } |             } | ||||||
|             /* add_ge_var */ |             /* add_ge_var */ | ||||||
|             secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); |             secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); | ||||||
|             ge_equals_gej(&group[(i + j) % order], &tmp); |             ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|             /* add_zinv_var */ |             /* add_zinv_var */ | ||||||
|             zless_gej.infinity = groupj[j].infinity; |             zless_gej.infinity = groupj[j].infinity; | ||||||
|             zless_gej.x = groupj[j].x; |             zless_gej.x = groupj[j].x; | ||||||
|             zless_gej.y = groupj[j].y; |             zless_gej.y = groupj[j].y; | ||||||
|             secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); |             secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); | ||||||
|             ge_equals_gej(&group[(i + j) % order], &tmp); |             ge_equals_gej(&group[(i + j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Check doubling */ |     /* Check doubling */ | ||||||
|     for (i = 0; i < order; i++) { |     for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|         secp256k1_gej tmp; |         secp256k1_gej tmp; | ||||||
|         secp256k1_gej_double(&tmp, &groupj[i]); |         secp256k1_gej_double(&tmp, &groupj[i]); | ||||||
|         ge_equals_gej(&group[(2 * i) % order], &tmp); |         ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|         secp256k1_gej_double_var(&tmp, &groupj[i], NULL); |         secp256k1_gej_double_var(&tmp, &groupj[i], NULL); | ||||||
|         ge_equals_gej(&group[(2 * i) % order], &tmp); |         ge_equals_gej(&group[(2 * i) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Check negation */ |     /* Check negation */ | ||||||
|     for (i = 1; i < order; i++) { |     for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|         secp256k1_ge tmp; |         secp256k1_ge tmp; | ||||||
|         secp256k1_gej tmpj; |         secp256k1_gej tmpj; | ||||||
|         secp256k1_ge_neg(&tmp, &group[i]); |         secp256k1_ge_neg(&tmp, &group[i]); | ||||||
|         ge_equals_ge(&group[order - i], &tmp); |         ge_equals_ge(&group[EXHAUSTIVE_TEST_ORDER - i], &tmp); | ||||||
|         secp256k1_gej_neg(&tmpj, &groupj[i]); |         secp256k1_gej_neg(&tmpj, &groupj[i]); | ||||||
|         ge_equals_gej(&group[order - i], &tmpj); |         ge_equals_gej(&group[EXHAUSTIVE_TEST_ORDER - i], &tmpj); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_ecmult(const secp256k1_context *ctx, const secp256k1_ge *group, const secp256k1_gej *groupj, int order) { | void test_exhaustive_ecmult(const secp256k1_context *ctx, const secp256k1_ge *group, const secp256k1_gej *groupj) { | ||||||
|     int i, j, r_log; |     int i, j, r_log; | ||||||
|     for (r_log = 1; r_log < order; r_log++) { |     for (r_log = 1; r_log < EXHAUSTIVE_TEST_ORDER; r_log++) { | ||||||
|         for (j = 0; j < order; j++) { |         for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { | ||||||
|             for (i = 0; i < order; i++) { |             for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|                 secp256k1_gej tmp; |                 secp256k1_gej tmp; | ||||||
|                 secp256k1_scalar na, ng; |                 secp256k1_scalar na, ng; | ||||||
|                 secp256k1_scalar_set_int(&na, i); |                 secp256k1_scalar_set_int(&na, i); | ||||||
|                 secp256k1_scalar_set_int(&ng, j); |                 secp256k1_scalar_set_int(&ng, j); | ||||||
| 
 | 
 | ||||||
|                 secp256k1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); |                 secp256k1_ecmult(&ctx->ecmult_ctx, &tmp, &groupj[r_log], &na, &ng); | ||||||
|                 ge_equals_gej(&group[(i * r_log + j) % order], &tmp); |                 ge_equals_gej(&group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
| 
 | 
 | ||||||
|                 if (i > 0) { |                 if (i > 0) { | ||||||
|                     secp256k1_ecmult_const(&tmp, &group[i], &ng, 256); |                     secp256k1_ecmult_const(&tmp, &group[i], &ng, 256); | ||||||
|                     ge_equals_gej(&group[(i * j) % order], &tmp); |                     ge_equals_gej(&group[(i * j) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|                 } |                 } | ||||||
|             } |             } | ||||||
|         } |         } | ||||||
| @ -193,14 +193,14 @@ static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t | |||||||
|     return 1; |     return 1; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { | void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||||
|     int i, j, k, x, y; |     int i, j, k, x, y; | ||||||
|     secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); |     secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); | ||||||
|     for (i = 0; i < order; i++) { |     for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { | ||||||
|         for (j = 0; j < order; j++) { |         for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { | ||||||
|             for (k = 0; k < order; k++) { |             for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { | ||||||
|                 for (x = 0; x < order; x++) { |                 for (x = 0; x < EXHAUSTIVE_TEST_ORDER; x++) { | ||||||
|                     for (y = 0; y < order; y++) { |                     for (y = 0; y < EXHAUSTIVE_TEST_ORDER; y++) { | ||||||
|                         secp256k1_gej tmp; |                         secp256k1_gej tmp; | ||||||
|                         secp256k1_scalar g_sc; |                         secp256k1_scalar g_sc; | ||||||
|                         ecmult_multi_data data; |                         ecmult_multi_data data; | ||||||
| @ -212,7 +212,7 @@ void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ | |||||||
|                         data.pt[1] = group[y]; |                         data.pt[1] = group[y]; | ||||||
| 
 | 
 | ||||||
|                         secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); |                         secp256k1_ecmult_multi_var(&ctx->error_callback, &ctx->ecmult_ctx, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); | ||||||
|                         ge_equals_gej(&group[(i * x + j * y + k) % order], &tmp); |                         ge_equals_gej(&group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER], &tmp); | ||||||
|                     } |                     } | ||||||
|                 } |                 } | ||||||
|             } |             } | ||||||
| @ -231,12 +231,12 @@ void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k) { | |||||||
|     secp256k1_scalar_set_b32(r, x_bin, NULL); |     secp256k1_scalar_set_b32(r, x_bin, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { | void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||||
|     int s, r, msg, key; |     int s, r, msg, key; | ||||||
|     for (s = 1; s < order; s++) { |     for (s = 1; s < EXHAUSTIVE_TEST_ORDER; s++) { | ||||||
|         for (r = 1; r < order; r++) { |         for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { | ||||||
|             for (msg = 1; msg < order; msg++) { |             for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { | ||||||
|                 for (key = 1; key < order; key++) { |                 for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { | ||||||
|                     secp256k1_ge nonconst_ge; |                     secp256k1_ge nonconst_ge; | ||||||
|                     secp256k1_ecdsa_signature sig; |                     secp256k1_ecdsa_signature sig; | ||||||
|                     secp256k1_pubkey pk; |                     secp256k1_pubkey pk; | ||||||
| @ -254,7 +254,7 @@ void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *gr | |||||||
|                     /* Run through every k value that gives us this r and check that *one* works.
 |                     /* Run through every k value that gives us this r and check that *one* works.
 | ||||||
|                      * Note there could be none, there could be multiple, ECDSA is weird. */ |                      * Note there could be none, there could be multiple, ECDSA is weird. */ | ||||||
|                     should_verify = 0; |                     should_verify = 0; | ||||||
|                     for (k = 0; k < order; k++) { |                     for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { | ||||||
|                         secp256k1_scalar check_x_s; |                         secp256k1_scalar check_x_s; | ||||||
|                         r_from_k(&check_x_s, group, k); |                         r_from_k(&check_x_s, group, k); | ||||||
|                         if (r_s == check_x_s) { |                         if (r_s == check_x_s) { | ||||||
| @ -281,13 +281,13 @@ void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *gr | |||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { | void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||||
|     int i, j, k; |     int i, j, k; | ||||||
| 
 | 
 | ||||||
|     /* Loop */ |     /* Loop */ | ||||||
|     for (i = 1; i < order; i++) {  /* message */ |     for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {  /* message */ | ||||||
|         for (j = 1; j < order; j++) {  /* key */ |         for (j = 1; j < EXHAUSTIVE_TEST_ORDER; j++) {  /* key */ | ||||||
|             for (k = 1; k < order; k++) {  /* nonce */ |             for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) {  /* nonce */ | ||||||
|                 const int starting_k = k; |                 const int starting_k = k; | ||||||
|                 secp256k1_ecdsa_signature sig; |                 secp256k1_ecdsa_signature sig; | ||||||
|                 secp256k1_scalar sk, msg, r, s, expected_r; |                 secp256k1_scalar sk, msg, r, s, expected_r; | ||||||
| @ -305,8 +305,8 @@ void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *grou | |||||||
|                  * signing. */ |                  * signing. */ | ||||||
|                 r_from_k(&expected_r, group, k); |                 r_from_k(&expected_r, group, k); | ||||||
|                 CHECK(r == expected_r); |                 CHECK(r == expected_r); | ||||||
|                 CHECK((k * s) % order == (i + r * j) % order || |                 CHECK((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER || | ||||||
|                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); |                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER); | ||||||
| 
 | 
 | ||||||
|                 /* Overflow means we've tried every possible nonce */ |                 /* Overflow means we've tried every possible nonce */ | ||||||
|                 if (k < starting_k) { |                 if (k < starting_k) { | ||||||
| @ -327,13 +327,13 @@ void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *grou | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #ifdef ENABLE_MODULE_RECOVERY | #ifdef ENABLE_MODULE_RECOVERY | ||||||
| void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { | void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||||
|     int i, j, k; |     int i, j, k; | ||||||
| 
 | 
 | ||||||
|     /* Loop */ |     /* Loop */ | ||||||
|     for (i = 1; i < order; i++) {  /* message */ |     for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {  /* message */ | ||||||
|         for (j = 1; j < order; j++) {  /* key */ |         for (j = 1; j < EXHAUSTIVE_TEST_ORDER; j++) {  /* key */ | ||||||
|             for (k = 1; k < order; k++) {  /* nonce */ |             for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) {  /* nonce */ | ||||||
|                 const int starting_k = k; |                 const int starting_k = k; | ||||||
|                 secp256k1_fe r_dot_y_normalized; |                 secp256k1_fe r_dot_y_normalized; | ||||||
|                 secp256k1_ecdsa_recoverable_signature rsig; |                 secp256k1_ecdsa_recoverable_signature rsig; | ||||||
| @ -353,8 +353,8 @@ void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1 | |||||||
|                 secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); |                 secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); | ||||||
|                 r_from_k(&expected_r, group, k); |                 r_from_k(&expected_r, group, k); | ||||||
|                 CHECK(r == expected_r); |                 CHECK(r == expected_r); | ||||||
|                 CHECK((k * s) % order == (i + r * j) % order || |                 CHECK((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER || | ||||||
|                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); |                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER); | ||||||
|                 /* In computing the recid, there is an overflow condition that is disabled in
 |                 /* In computing the recid, there is an overflow condition that is disabled in
 | ||||||
|                  * scalar_low_impl.h `secp256k1_scalar_set_b32` because almost every r.y value |                  * scalar_low_impl.h `secp256k1_scalar_set_b32` because almost every r.y value | ||||||
|                  * will exceed the group order, and our signing code always holds out for r |                  * will exceed the group order, and our signing code always holds out for r | ||||||
| @ -363,7 +363,7 @@ void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1 | |||||||
|                 r_dot_y_normalized = group[k].y; |                 r_dot_y_normalized = group[k].y; | ||||||
|                 secp256k1_fe_normalize(&r_dot_y_normalized); |                 secp256k1_fe_normalize(&r_dot_y_normalized); | ||||||
|                 /* Also the recovery id is flipped depending if we hit the low-s branch */ |                 /* Also the recovery id is flipped depending if we hit the low-s branch */ | ||||||
|                 if ((k * s) % order == (i + r * j) % order) { |                 if ((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER) { | ||||||
|                     expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 1 : 0; |                     expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 1 : 0; | ||||||
|                 } else { |                 } else { | ||||||
|                     expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 0 : 1; |                     expected_recid = secp256k1_fe_is_odd(&r_dot_y_normalized) ? 0 : 1; | ||||||
| @ -378,8 +378,8 @@ void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1 | |||||||
|                  * signing. */ |                  * signing. */ | ||||||
|                 r_from_k(&expected_r, group, k); |                 r_from_k(&expected_r, group, k); | ||||||
|                 CHECK(r == expected_r); |                 CHECK(r == expected_r); | ||||||
|                 CHECK((k * s) % order == (i + r * j) % order || |                 CHECK((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER || | ||||||
|                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % order == (i + r * j) % order); |                       (k * (EXHAUSTIVE_TEST_ORDER - s)) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER); | ||||||
| 
 | 
 | ||||||
|                 /* Overflow means we've tried every possible nonce */ |                 /* Overflow means we've tried every possible nonce */ | ||||||
|                 if (k < starting_k) { |                 if (k < starting_k) { | ||||||
| @ -390,13 +390,13 @@ void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1 | |||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group, int order) { | void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group) { | ||||||
|     /* This is essentially a copy of test_exhaustive_verify, with recovery added */ |     /* This is essentially a copy of test_exhaustive_verify, with recovery added */ | ||||||
|     int s, r, msg, key; |     int s, r, msg, key; | ||||||
|     for (s = 1; s < order; s++) { |     for (s = 1; s < EXHAUSTIVE_TEST_ORDER; s++) { | ||||||
|         for (r = 1; r < order; r++) { |         for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { | ||||||
|             for (msg = 1; msg < order; msg++) { |             for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { | ||||||
|                 for (key = 1; key < order; key++) { |                 for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { | ||||||
|                     secp256k1_ge nonconst_ge; |                     secp256k1_ge nonconst_ge; | ||||||
|                     secp256k1_ecdsa_recoverable_signature rsig; |                     secp256k1_ecdsa_recoverable_signature rsig; | ||||||
|                     secp256k1_ecdsa_signature sig; |                     secp256k1_ecdsa_signature sig; | ||||||
| @ -417,7 +417,7 @@ void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256 | |||||||
|                     /* Run through every k value that gives us this r and check that *one* works.
 |                     /* Run through every k value that gives us this r and check that *one* works.
 | ||||||
|                      * Note there could be none, there could be multiple, ECDSA is weird. */ |                      * Note there could be none, there could be multiple, ECDSA is weird. */ | ||||||
|                     should_verify = 0; |                     should_verify = 0; | ||||||
|                     for (k = 0; k < order; k++) { |                     for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { | ||||||
|                         secp256k1_scalar check_x_s; |                         secp256k1_scalar check_x_s; | ||||||
|                         r_from_k(&check_x_s, group, k); |                         r_from_k(&check_x_s, group, k); | ||||||
|                         if (r_s == check_x_s) { |                         if (r_s == check_x_s) { | ||||||
| @ -491,20 +491,19 @@ int main(void) { | |||||||
| 
 | 
 | ||||||
|     /* Run the tests */ |     /* Run the tests */ | ||||||
| #ifdef USE_ENDOMORPHISM | #ifdef USE_ENDOMORPHISM | ||||||
|     test_exhaustive_endomorphism(group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_endomorphism(group); | ||||||
| #endif | #endif | ||||||
|     test_exhaustive_addition(group, groupj, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_addition(group, groupj); | ||||||
|     test_exhaustive_ecmult(ctx, group, groupj, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_ecmult(ctx, group, groupj); | ||||||
|     test_exhaustive_ecmult_multi(ctx, group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_ecmult_multi(ctx, group); | ||||||
|     test_exhaustive_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_sign(ctx, group); | ||||||
|     test_exhaustive_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_verify(ctx, group); | ||||||
| 
 | 
 | ||||||
| #ifdef ENABLE_MODULE_RECOVERY | #ifdef ENABLE_MODULE_RECOVERY | ||||||
|     test_exhaustive_recovery_sign(ctx, group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_recovery_sign(ctx, group); | ||||||
|     test_exhaustive_recovery_verify(ctx, group, EXHAUSTIVE_TEST_ORDER); |     test_exhaustive_recovery_verify(ctx, group); | ||||||
| #endif | #endif | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(ctx); |     secp256k1_context_destroy(ctx); | ||||||
|     return 0; |     return 0; | ||||||
| } | } | ||||||
| 
 |  | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user