|
26 | 26 | #include "secp256k1.c" |
27 | 27 | #include "testrand_impl.h" |
28 | 28 |
|
| 29 | +static int count = 2; |
| 30 | + |
29 | 31 | /** stolen from tests.c */ |
30 | 32 | void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) { |
31 | 33 | CHECK(a->infinity == b->infinity); |
@@ -324,59 +326,80 @@ void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *grou |
324 | 326 | #include "src/modules/recovery/tests_exhaustive_impl.h" |
325 | 327 | #endif |
326 | 328 |
|
327 | | -int main(void) { |
| 329 | +int main(int argc, char** argv) { |
328 | 330 | int i; |
329 | 331 | secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; |
330 | 332 | secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; |
| 333 | + unsigned char rand32[32]; |
| 334 | + secp256k1_context *ctx; |
| 335 | + |
| 336 | + printf("Exhaustive tests for order %lu\n", (unsigned long)EXHAUSTIVE_TEST_ORDER); |
| 337 | + |
| 338 | + /* find iteration count */ |
| 339 | + if (argc > 1) { |
| 340 | + count = strtol(argv[1], NULL, 0); |
| 341 | + } |
| 342 | + printf("test count = %i\n", count); |
| 343 | + |
| 344 | + /* find random seed */ |
| 345 | + secp256k1_rand_init(argc > 2 ? argv[2] : NULL); |
| 346 | + |
| 347 | + while (count--) { |
| 348 | + /* Build context */ |
| 349 | + ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); |
| 350 | + secp256k1_rand256(rand32); |
| 351 | + CHECK(secp256k1_context_randomize(ctx, rand32)); |
| 352 | + |
| 353 | + /* Generate the entire group */ |
| 354 | + secp256k1_gej_set_infinity(&groupj[0]); |
| 355 | + secp256k1_ge_set_gej(&group[0], &groupj[0]); |
| 356 | + for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { |
| 357 | + secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); |
| 358 | + secp256k1_ge_set_gej(&group[i], &groupj[i]); |
| 359 | + if (count != 0) { |
| 360 | + /* Set a different random z-value for each Jacobian point, except z=1 |
| 361 | + is used in the last iteration. */ |
| 362 | + secp256k1_fe z; |
| 363 | + random_fe(&z); |
| 364 | + secp256k1_gej_rescale(&groupj[i], &z); |
| 365 | + } |
331 | 366 |
|
332 | | - /* Build context */ |
333 | | - secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); |
| 367 | + /* Verify against ecmult_gen */ |
| 368 | + { |
| 369 | + secp256k1_scalar scalar_i; |
| 370 | + secp256k1_gej generatedj; |
| 371 | + secp256k1_ge generated; |
334 | 372 |
|
335 | | - /* TODO set z = 1, then do num_tests runs with random z values */ |
| 373 | + secp256k1_scalar_set_int(&scalar_i, i); |
| 374 | + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); |
| 375 | + secp256k1_ge_set_gej(&generated, &generatedj); |
336 | 376 |
|
337 | | - /* Generate the entire group */ |
338 | | - secp256k1_gej_set_infinity(&groupj[0]); |
339 | | - secp256k1_ge_set_gej(&group[0], &groupj[0]); |
340 | | - for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { |
341 | | - /* Set a different random z-value for each Jacobian point */ |
342 | | - secp256k1_fe z; |
343 | | - random_fe(&z); |
344 | | - |
345 | | - secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); |
346 | | - secp256k1_ge_set_gej(&group[i], &groupj[i]); |
347 | | - secp256k1_gej_rescale(&groupj[i], &z); |
348 | | - |
349 | | - /* Verify against ecmult_gen */ |
350 | | - { |
351 | | - secp256k1_scalar scalar_i; |
352 | | - secp256k1_gej generatedj; |
353 | | - secp256k1_ge generated; |
354 | | - |
355 | | - secp256k1_scalar_set_int(&scalar_i, i); |
356 | | - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); |
357 | | - secp256k1_ge_set_gej(&generated, &generatedj); |
358 | | - |
359 | | - CHECK(group[i].infinity == 0); |
360 | | - CHECK(generated.infinity == 0); |
361 | | - CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); |
362 | | - CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); |
| 377 | + CHECK(group[i].infinity == 0); |
| 378 | + CHECK(generated.infinity == 0); |
| 379 | + CHECK(secp256k1_fe_equal_var(&generated.x, &group[i].x)); |
| 380 | + CHECK(secp256k1_fe_equal_var(&generated.y, &group[i].y)); |
| 381 | + } |
363 | 382 | } |
364 | | - } |
365 | 383 |
|
366 | | - /* Run the tests */ |
| 384 | + /* Run the tests */ |
367 | 385 | #ifdef USE_ENDOMORPHISM |
368 | | - test_exhaustive_endomorphism(group); |
| 386 | + test_exhaustive_endomorphism(group); |
369 | 387 | #endif |
370 | | - test_exhaustive_addition(group, groupj); |
371 | | - test_exhaustive_ecmult(ctx, group, groupj); |
372 | | - test_exhaustive_ecmult_multi(ctx, group); |
373 | | - test_exhaustive_sign(ctx, group); |
374 | | - test_exhaustive_verify(ctx, group); |
| 388 | + test_exhaustive_addition(group, groupj); |
| 389 | + test_exhaustive_ecmult(ctx, group, groupj); |
| 390 | + test_exhaustive_ecmult_multi(ctx, group); |
| 391 | + test_exhaustive_sign(ctx, group); |
| 392 | + test_exhaustive_verify(ctx, group); |
375 | 393 |
|
376 | 394 | #ifdef ENABLE_MODULE_RECOVERY |
377 | | - test_exhaustive_recovery(ctx, group); |
| 395 | + test_exhaustive_recovery(ctx, group); |
378 | 396 | #endif |
379 | 397 |
|
380 | | - secp256k1_context_destroy(ctx); |
| 398 | + secp256k1_context_destroy(ctx); |
| 399 | + } |
| 400 | + |
| 401 | + secp256k1_rand_finish(); |
| 402 | + |
| 403 | + printf("no problems found\n"); |
381 | 404 | return 0; |
382 | 405 | } |
0 commit comments