frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
738 Commits 14 Branches 0 Tags
Commit Graph

417 Commits

Author SHA1 Message Date
Pieter Wuille
926836ad36 Make secp256k1_fe_sqrt constant time 2016-07-09 14:23:44 +02:00
Pieter Wuille
e2a8e92125
Merge #404: Replace 3M + 4S doubling formula with 2M + 5S one 
8ec49d8 Add note about 2M + 5S doubling formula (Andrew Poelstra)
 2016-07-07 17:06:49 +02:00
Andrew Poelstra
8ec49d8a5a Add note about 2M + 5S doubling formula 2016-07-07 15:04:36 +00:00
Andrew Poelstra
a6c6f994b5 Remove a bunch of unused stdlib #includes 2016-07-06 11:40:37 +00:00
Pieter Wuille
65285a63ee
Merge #403: configure: add flag to disable OpenSSL tests 
a9b2a5d configure: add flag to disable OpenSSL tests (Andrew Poelstra)
 2016-07-06 12:08:16 +02:00
Andrew Poelstra
a9b2a5d850 configure: add flag to disable OpenSSL tests 
OpenSSL messes up valgrind.
 2016-07-06 08:25:33 +00:00
Pieter Wuille
e6e9805fc4 Add function for testing quadratic residue field/group elements. 2016-07-04 13:55:04 +02:00
Peter Dettman
efd953a7a7 Add Jacobi symbol test via GMP 
Also add native Jacobi symbol test (Andrew)

Rebased-by: Andrew Poelstra
Rebased-by: Pieter Wuille
 2016-07-04 13:16:35 +02:00
Pieter Wuille
fa36a0ddb8
Merge #401: ecmult_const: unify endomorphism and non-endomorphism skew cases 
c6191fd ecmult_const: unify endomorphism and non-endomorphism skew cases (Andrew Poelstra)
 2016-06-30 15:52:21 +02:00
Andrew Poelstra
c6191fded8 ecmult_const: unify endomorphism and non-endomorphism skew cases 
We now do a skew correction even without the endomorphism optimization,
which costs one additional group addition but unifies a lot of code.
 2016-06-30 13:28:47 +00:00
Pieter Wuille
6042217d5d
Merge #384: JNI: align shared files copyright/comments to bitcoinj's 
6ceea2c align shared files copyright/comments to bitcoinj's (GreenAddress)
 2016-06-29 11:18:12 +02:00
Pieter Wuille
7b0fb18b75
Merge #366: ARM assembly implementation of field_10x26 inner (rebase of #173) 
001f176 ARM assembly implementation of field_10x26 inner (Wladimir J. van der Laan)
 2016-05-25 19:02:12 +02:00
Wladimir J. van der Laan
001f1763c7 ARM assembly implementation of field_10x26 inner 
Rebased-by: Pieter Wuille <pieter.wuille@gmail.com>
 2016-05-25 18:27:47 +02:00
Kirill Fomichev
3f8b78e5e9 Fix undefs in hash_impl.h 2016-05-21 10:18:57 +03:00
Kirill Fomichev
2ab46954cb Fix state size in sha256 struct 2016-05-21 10:17:06 +03:00
Pieter Wuille
6875b013e6
Merge #386: Add some missing VERIFY_CHECK(ctx != NULL) 
bcc4881 Add some missing `VERIFY_CHECK(ctx != NULL)` for functions that use `ARG_CHECK` (Andrew Poelstra)
 2016-05-08 20:02:45 +02:00
Pieter Wuille
2c52b5d244
Merge #389: Cast pointers through uintptr_t under JNI 
47b9e78 Cast pointers through uintptr_t under JNI (Jon Griffiths)
 2016-05-08 19:58:26 +02:00
Pieter Wuille
43097a44ef
Merge #390: Update bitcoin-core GitHub links 
faa2a11 Update bitcoin-core GitHub links (MarcoFalke)
 2016-05-08 19:56:34 +02:00
Pieter Wuille
31c9c12130
Merge #391: JNI: Only call ecdsa_verify if its inputs parsed correctly 
a40c701 JNI: Only call ecdsa_verify if its inputs parsed correctly (Jon Griffiths)
 2016-05-08 19:55:41 +02:00
Pieter Wuille
1cb2302cad
Merge #392: Add testcase which hits additional branch in secp256k1_scalar_sqr 
093a497 Add testcase which hits additional branch in secp256k1_scalar_sqr (Jonas Nick)
 2016-05-08 19:52:53 +02:00
Jonas Nick
093a497ac9 Add testcase which hits additional branch in secp256k1_scalar_sqr 2016-05-02 20:19:00 -07:00
Jon Griffiths
a40c701c83 JNI: Only call ecdsa_verify if its inputs parsed correctly 
Return 0 otherwise instead of calling it with bad parameters.
 2016-05-02 23:21:43 +12:00
MarcoFalke
faa2a11ce5 Update bitcoin-core GitHub links 2016-04-29 23:14:45 +02:00
Jon Griffiths
47b9e78e07 Cast pointers through uintptr_t under JNI 
Fixes warnings of the form "warning: cast to pointer from integer of
different size" when building on 32 bit platforms. This is the same
approach used for pointer conversions in the openjdk sources.
 2016-04-28 20:41:00 +12:00
Andrew Poelstra
f36f9c64bb bench_ecdh: fix call to secp256k1_context_create 2016-04-27 10:16:18 +00:00
Andrew Poelstra
bcc4881d3a Add some missing VERIFY_CHECK(ctx != NULL) for functions that use ARG_CHECK 
The `ARG_CHECK` macro requires that a variable called `ctx` exist and be
non-NULL. However, in several functions that do not use the context variable,
we simply ignore it with `(void)ctx`. Replace these with explicit checks for
non-NULLness to avoid invalid memory accesses.
 2016-04-26 15:49:02 +00:00
GreenAddress
6ceea2c527 align shared files copyright/comments to bitcoinj's 2016-03-27 16:21:34 +02:00
Pieter Wuille
bc7c93c6cd
Merge #374: Add note about y=0 being possible on one of the sextic twists 
e72e93a Add note about y=0 being possible on one of the sextic twists (Andrew Poelstra)
 2016-02-16 20:43:16 +01:00
GreenAddress
86e2d07e4c JNI library: cleanup, removed unimplemented code 2016-02-01 14:07:29 +01:00
GreenAddress
3093576aa4 JNI library 
Squashed and rebased. Thanks to @theuni and @faizkhan00 for doing
the majority of work here! Also thanks to @btchip for help with debugging
and review.
 2016-02-01 14:07:18 +01:00
Andrew Poelstra
e72e93ad9c Add note about y=0 being possible on one of the sextic twists 2016-01-10 08:35:59 +00:00
paveljanik
e5a904788e [Trivial] Remove double semicolons 2015-12-30 08:42:42 +01:00
Gregory Maxwell
5d4c5a31b9 Prevent damage_array in the signature test from going out of bounds. 2015-11-26 21:02:27 +00:00
Pieter Wuille
03d84a427f Benchmark against OpenSSL verification 2015-11-15 15:47:49 +01:00
Pieter Wuille
06aeea555e Turn secp256k1_ec_pubkey_serialize outlen to in/out 2015-11-05 06:01:56 +01:00
Pieter Wuille
646662517f Improvements for coordinate decompression 2015-11-05 00:04:39 +01:00
Gregory Maxwell
8e48787d97 Change secp256k1_ec_pubkey_combine's count argument to size_t. 2015-10-31 19:04:34 +00:00
Gregory Maxwell
c69dea025a Clear output in more cases for pubkey_combine, adds tests. 
Also corrects an outdated comment and adds an additional
 secp256k1_ecdsa_signature_parse_compact test.
 2015-10-31 09:52:30 +00:00
Gregory Maxwell
269d422703 Comment copyediting. 2015-10-31 08:31:15 +00:00
Pieter Wuille
b4d17da903
Merge pull request #344 
26abce7 Adds 32 static test vectors for scalar mul, sqr, inv. (Gregory Maxwell)
 2015-10-31 02:21:35 +01:00
Gregory Maxwell
26abce75ea Adds 32 static test vectors for scalar mul, sqr, inv. 
These were generated by testing more than 10^12 random test vectors
 for coverage on instrumented (comparison operator outcomes) 32-bit
 and 64-bit code, plus additional edge condition requirements (e.g.
 inputs of 0, 1, -1) and then solving a minimum set cover problem.

The required responses were generated with Sage.

This significantly improves the lcov branch coverage report and
 makes the tests much more sensitive to mutation testing of the
 scalar code.

The challenges and responses are in the form of pairs of scalars:
  C1 * C2 == R1
  (C1 * C2) * (1 / C2) == C1
  C2 * (1 / C2) == 1
  C1 * C1 == R2
  C1^2    == R2
 2015-10-30 21:17:19 +00:00
Gregory Maxwell
5b71a3f460 Better error case handling for pubkey_create & pubkey_serialize, more tests. 
Makes secp256k1_ec_pubkey_serialize set the length to zero on failure,
 also makes secp256k1_ec_pubkey_create set the pubkey to zeros when
 the key argument is NULL.

Also adds many additional ARGCHECK tests.
 2015-10-30 09:16:40 +00:00
Andrew Poelstra
eed87af10a Change contrib/laxder from headers-only to files compilable as standalone C 
Verified that both programs compile with

    gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_privatekey_parsing.c
    gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_parsing.c
 2015-10-29 18:55:49 -05:00
Pieter Wuille
7914a6ebae Make lax_der_privatekey_parsing.h not depend on internal code 2015-10-26 02:53:06 +01:00
Pieter Wuille
9234391ed4 Overhaul flags handling 2015-10-24 19:47:13 +02:00
Rusty Russell
1a368980c8 Make flags more explicit, add runtime checks. 
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
 2015-10-24 19:39:44 +02:00
Gregory Maxwell
96be20463f Add additional tests for eckey and arg-checks. 
This gets branch coverage up over 90% for me.
 2015-10-22 22:57:33 +00:00
Gregory Maxwell
bb5aa4df55 Make the tweak function zeroize-output-on-fail behavior consistent. 
Previously the private key tweak operations left the input unchanged
 on failure but the pubkey versions zeroized on failure.
 2015-10-22 22:57:33 +00:00
Gregory Maxwell
4a243da47c Move secp256k1_ec_privkey_import/export to contrib. 
These functions are intended for compatibility with legacy software,
 and are not normally needed in new secp256k1 applications.

They also do not obeying any particular standard (and likely cannot
 without without undermining their compatibility), and so are a
 better fit for contrib.
 2015-10-22 22:57:33 +00:00
Gregory Maxwell
1b3efc1147 Move secp256k1_ecdsa_sig_recover into the recovery module. 2015-10-22 22:57:33 +00:00