diff --git a/src/field.h b/src/field.h index 1d0bc169126..9e6d7d3c042 100644 --- a/src/field.h +++ b/src/field.h @@ -104,12 +104,6 @@ static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a); * outputs must not overlap in memory. */ static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t *r, const secp256k1_fe_t *a); -/** Convert a field element to a 64-character hexadecimal string. */ -static void secp256k1_fe_get_hex(char *r64, const secp256k1_fe_t *a); - -/** Convert a 64-character hexadecimal string to a field element. */ -static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a64); - /** Convert a field element to the storage type. */ static void secp256k1_fe_to_storage(secp256k1_fe_storage_t *r, const secp256k1_fe_t*); diff --git a/src/field_impl.h b/src/field_impl.h index 56692e3408e..047914cf28e 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -21,47 +21,6 @@ #error "Please select field implementation" #endif -static void secp256k1_fe_get_hex(char *r64, const secp256k1_fe_t *a) { - secp256k1_fe_t b; - int i; - unsigned char tmp[32]; - b = *a; - secp256k1_fe_normalize(&b); - secp256k1_fe_get_b32(tmp, &b); - for (i=0; i<32; i++) { - /* Hex character table. */ - static const char *c = "0123456789ABCDEF"; - r64[2*i] = c[(tmp[i] >> 4) & 0xF]; - r64[2*i+1] = c[(tmp[i]) & 0xF]; - } -} - -static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a64) { - int i; - unsigned char tmp[32]; - /* Byte to hex value table. */ - static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 1, 2, 3, 4, 5, 6,7,8,9,0,0,0,0,0,0, - 0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0,10,11,12,13,14,15,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, - 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0}; - for (i=0; i<32; i++) { - tmp[i] = (cvt[(unsigned char)a64[2*i]] << 4) + cvt[(unsigned char)a64[2*i+1]]; - } - return secp256k1_fe_set_b32(r, tmp); -} - SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe_t *a, const secp256k1_fe_t *b) { secp256k1_fe_t na; secp256k1_fe_negate(&na, a, 1); diff --git a/src/group.h b/src/group.h index db2553d88e3..d1e58349096 100644 --- a/src/group.h +++ b/src/group.h @@ -17,6 +17,9 @@ typedef struct { int infinity; /* whether this represents the point at infinity */ } secp256k1_ge_t; +#define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} +#define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + /** A group element of the secp256k1 curve, in jacobian coordinates. */ typedef struct { secp256k1_fe_t x; /* actual X: x/z^2 */ @@ -25,11 +28,16 @@ typedef struct { int infinity; /* whether this represents the point at infinity */ } secp256k1_gej_t; +#define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} +#define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} + typedef struct { secp256k1_fe_storage_t x; secp256k1_fe_storage_t y; } secp256k1_ge_storage_t; +#define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} + /** Set a group element equal to the point at infinity */ static void secp256k1_ge_set_infinity(secp256k1_ge_t *r); @@ -48,9 +56,6 @@ static int secp256k1_ge_is_valid_var(const secp256k1_ge_t *a); static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a); -/** Get a 131-character hex representation of a point. */ -static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a); - /** Set a group element equal to another which is given in jacobian coordinates */ static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a); @@ -90,9 +95,6 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c guarantee, and b is allowed to be infinity. */ static void secp256k1_gej_add_ge_var(secp256k1_gej_t *r, const secp256k1_gej_t *a, const secp256k1_ge_t *b); -/** Get a 131-character hex representation of a point. */ -static void secp256k1_gej_get_hex(char *r131, const secp256k1_gej_t *a); - #ifdef USE_ENDOMORPHISM /** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ static void secp256k1_gej_mul_lambda(secp256k1_gej_t *r, const secp256k1_gej_t *a); diff --git a/src/group_impl.h b/src/group_impl.h index c606894a6b6..8d8c359c5a4 100644 --- a/src/group_impl.h +++ b/src/group_impl.h @@ -16,17 +16,12 @@ /** Generator for secp256k1, value 'g' defined in * "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ -static const secp256k1_ge_t secp256k1_ge_const_g = { - SECP256K1_FE_CONST( - 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, - 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL - ), - SECP256K1_FE_CONST( - 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, - 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL - ), - 0 -}; +static const secp256k1_ge_t secp256k1_ge_const_g = SECP256K1_GE_CONST( + 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, + 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, + 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, + 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL +); static void secp256k1_ge_set_infinity(secp256k1_ge_t *r) { r->infinity = 1; @@ -48,14 +43,6 @@ static void secp256k1_ge_neg(secp256k1_ge_t *r, const secp256k1_ge_t *a) { secp256k1_fe_negate(&r->y, &r->y, 1); } -static void secp256k1_ge_get_hex(char *r131, const secp256k1_ge_t *a) { - r131[0] = '('; - secp256k1_fe_get_hex(r131 + 1, &a->x); - r131[65] = ','; - secp256k1_fe_get_hex(r131 + 66, &a->y); - r131[130] = ')'; -} - static void secp256k1_ge_set_gej(secp256k1_ge_t *r, secp256k1_gej_t *a) { secp256k1_fe_t z2, z3; r->infinity = a->infinity; @@ -407,12 +394,6 @@ static void secp256k1_gej_add_ge(secp256k1_gej_t *r, const secp256k1_gej_t *a, c r->infinity = infinity; } -static void secp256k1_gej_get_hex(char *r131, const secp256k1_gej_t *a) { - secp256k1_gej_t c = *a; - secp256k1_ge_t t; secp256k1_ge_set_gej(&t, &c); - secp256k1_ge_get_hex(r131, &t); -} - static void secp256k1_ge_to_storage(secp256k1_ge_storage_t *r, const secp256k1_ge_t *a) { secp256k1_fe_t x, y; VERIFY_CHECK(!a->infinity); diff --git a/src/tests.c b/src/tests.c index b8471d09d92..e8ec2daf088 100644 --- a/src/tests.c +++ b/src/tests.c @@ -641,9 +641,8 @@ int check_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) { int check_fe_inverse(const secp256k1_fe_t *a, const secp256k1_fe_t *ai) { secp256k1_fe_t x; - secp256k1_fe_t one; + secp256k1_fe_t one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); secp256k1_fe_mul(&x, a, ai); - secp256k1_fe_set_int(&one, 1); return check_fe_equal(&x, &one); } @@ -654,7 +653,6 @@ void run_field_convert(void) { 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 }; - static const char *c64 = "0001020304050607111213141516171822232425262728293334353637383940"; static const secp256k1_fe_storage_t fes = SECP256K1_FE_STORAGE_CONST( 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL @@ -665,38 +663,26 @@ void run_field_convert(void) { ); secp256k1_fe_t fe2; unsigned char b322[32]; - char c642[64]; secp256k1_fe_storage_t fes2; /* Check conversions to fe. */ CHECK(secp256k1_fe_set_b32(&fe2, b32)); CHECK(secp256k1_fe_equal_var(&fe, &fe2)); - CHECK(secp256k1_fe_set_hex(&fe2, c64)); - CHECK(secp256k1_fe_equal_var(&fe, &fe2)); secp256k1_fe_from_storage(&fe2, &fes); CHECK(secp256k1_fe_equal_var(&fe, &fe2)); /* Check conversion from fe. */ secp256k1_fe_get_b32(b322, &fe); CHECK(memcmp(b322, b32, 32) == 0); - secp256k1_fe_get_hex(c642, &fe); - CHECK(memcmp(c642, c64, 64) == 0); secp256k1_fe_to_storage(&fes2, &fe); CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); } void run_field_misc(void) { - const unsigned char f32_5[32] = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, - }; secp256k1_fe_t x; secp256k1_fe_t y; secp256k1_fe_t z; secp256k1_fe_t q; - secp256k1_fe_t fe5; + secp256k1_fe_t fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); int i; - CHECK(secp256k1_fe_set_b32(&fe5, f32_5)); for (i = 0; i < 5*count; i++) { secp256k1_fe_storage_t xs, ys, zs; random_fe(&x); @@ -956,7 +942,7 @@ void test_ge(void) { /* Test adding all points together in random order equals infinity. */ { - secp256k1_gej_t sum; + secp256k1_gej_t sum = SECP256K1_GEJ_CONST_INFINITY; secp256k1_gej_t *gej_shuffled = malloc((4 * runs + 1) * sizeof(secp256k1_gej_t)); for (i = 0; i < 4 * runs + 1; i++) { gej_shuffled[i] = gej[i]; @@ -969,7 +955,6 @@ void test_ge(void) { gej_shuffled[swap] = t; } } - secp256k1_gej_set_infinity(&sum); for (i = 0; i < 4 * runs + 1; i++) { secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i]); } @@ -1001,47 +986,33 @@ void run_ge(void) { /***** ECMULT TESTS *****/ void run_ecmult_chain(void) { - secp256k1_gej_t a; - secp256k1_gej_t x; - secp256k1_gej_t x2; - secp256k1_fe_t ax; - secp256k1_fe_t ay; - secp256k1_scalar_t xn; - secp256k1_scalar_t gn; - secp256k1_scalar_t xf; - secp256k1_scalar_t gf; - secp256k1_scalar_t ae; - secp256k1_scalar_t ge; - int i; - /* two random initial factors xn and gn */ - static const unsigned char xni[32] = { - 0x84, 0xcc, 0x54, 0x52, 0xf7, 0xfd, 0xe1, 0xed, - 0xb4, 0xd3, 0x8a, 0x8c, 0xe9, 0xb1, 0xb8, 0x4c, - 0xce, 0xf3, 0x1f, 0x14, 0x6e, 0x56, 0x9b, 0xe9, - 0x70, 0x5d, 0x35, 0x7a, 0x42, 0x98, 0x54, 0x07 - }; - static const unsigned char gni[32] = { - 0xa1, 0xe5, 0x8d, 0x22, 0x55, 0x3d, 0xcd, 0x42, - 0xb2, 0x39, 0x80, 0x62, 0x5d, 0x4c, 0x57, 0xa9, - 0x6e, 0x93, 0x23, 0xd4, 0x2b, 0x31, 0x52, 0xe5, - 0xca, 0x2c, 0x39, 0x90, 0xed, 0xc7, 0xc9, 0xde - }; - /* two small multipliers to be applied to xn and gn in every iteration: */ - static const unsigned char xfi[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x13,0x37}; - static const unsigned char gfi[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x71,0x13}; - char res[131]; - char res2[131]; /* random starting point A (on the curve) */ - VERIFY_CHECK(secp256k1_fe_set_hex(&ax, "8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004")); - VERIFY_CHECK(secp256k1_fe_set_hex(&ay, "a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f")); - secp256k1_gej_set_xy(&a, &ax, &ay); - secp256k1_scalar_set_b32(&xn, xni, NULL); - secp256k1_scalar_set_b32(&gn, gni, NULL); - secp256k1_scalar_set_b32(&xf, xfi, NULL); - secp256k1_scalar_set_b32(&gf, gfi, NULL); + secp256k1_gej_t a = SECP256K1_GEJ_CONST( + 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, + 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, + 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, + 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f + ); + /* two random initial factors xn and gn */ + secp256k1_scalar_t xn = SECP256K1_SCALAR_CONST( + 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, + 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 + ); + secp256k1_scalar_t gn = SECP256K1_SCALAR_CONST( + 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, + 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de + ); + /* two small multipliers to be applied to xn and gn in every iteration: */ + static const secp256k1_scalar_t xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); + static const secp256k1_scalar_t gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); /* accumulators with the resulting coefficients to A and G */ - secp256k1_scalar_set_int(&ae, 1); - secp256k1_scalar_set_int(&ge, 0); + secp256k1_scalar_t ae = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); + secp256k1_scalar_t ge = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + /* actual points */ + secp256k1_gej_t x = a; + secp256k1_gej_t x2; + int i; + /* the point being computed */ x = a; for (i = 0; i < 200*count; i++) { @@ -1058,15 +1029,24 @@ void run_ecmult_chain(void) { /* verify */ if (i == 19999) { - secp256k1_gej_get_hex(res, &x); - CHECK(memcmp(res, "(D6E96687F9B10D092A6F35439D86CEBEA4535D0D409F53586440BD74B933E830,B95CBCA2C77DA786539BE8FD53354D2D3B4F566AE658045407ED6015EE1B2A88)", 131) == 0); + /* expected result after 19999 iterations */ + secp256k1_gej_t rp = SECP256K1_GEJ_CONST( + 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, + 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, + 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, + 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 + ); + + secp256k1_gej_neg(&rp, &rp); + secp256k1_gej_add_var(&rp, &rp, &x); + CHECK(secp256k1_gej_is_infinity(&rp)); } } /* redo the computation, but directly with the resulting ae and ge coefficients: */ secp256k1_ecmult(&x2, &a, &ae, &ge); - secp256k1_gej_get_hex(res, &x); - secp256k1_gej_get_hex(res2, &x2); - CHECK(memcmp(res, res2, 131) == 0); + secp256k1_gej_neg(&x2, &x2); + secp256k1_gej_add_var(&x2, &x2, &x); + CHECK(secp256k1_gej_is_infinity(&x2)); } void test_point_times_order(const secp256k1_gej_t *point) { @@ -1094,8 +1074,11 @@ void test_point_times_order(const secp256k1_gej_t *point) { void run_point_times_order(void) { int i; - char c[64]; - secp256k1_fe_t x; VERIFY_CHECK(secp256k1_fe_set_hex(&x, "0000000000000000000000000000000000000000000000000000000000000002")); + secp256k1_fe_t x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); + static const secp256k1_fe_t xr = SECP256K1_FE_CONST( + 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, + 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 + ); for (i = 0; i < 500; i++) { secp256k1_ge_t p; if (secp256k1_ge_set_xo_var(&p, &x, 1)) { @@ -1107,8 +1090,8 @@ void run_point_times_order(void) { } secp256k1_fe_sqr(&x, &x); } - secp256k1_fe_get_hex(c, &x); - CHECK(memcmp(c, "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45", 64) == 0); + secp256k1_fe_normalize_var(&x); + CHECK(secp256k1_fe_equal_var(&x, &xr)); } void test_wnaf(const secp256k1_scalar_t *number, int w) {