Pieter Wuille
bc7c93c6cd
Merge #374 : Add note about y=0 being possible on one of the sextic twists
...
e72e93a
Add note about y=0 being possible on one of the sextic twists (Andrew Poelstra)
2016-02-16 20:43:16 +01:00
Pieter Wuille
e4570184ff
Merge #364 : JNI rebased
...
86e2d07
JNI library: cleanup, removed unimplemented code (GreenAddress)
3093576 JNI library (GreenAddress)
2016-02-16 20:34:27 +01:00
GreenAddress
86e2d07e4c
JNI library: cleanup, removed unimplemented code
2016-02-01 14:07:29 +01:00
GreenAddress
3093576aa4
JNI library
...
Squashed and rebased. Thanks to @theuni and @faizkhan00 for doing
the majority of work here! Also thanks to @btchip for help with debugging
and review.
2016-02-01 14:07:18 +01:00
Pieter Wuille
bd2895fdd9
Merge pull request #371
...
e5a9047
[Trivial] Remove double semicolons (paveljanik)
2016-01-27 20:59:02 +01:00
Andrew Poelstra
e72e93ad9c
Add note about y=0 being possible on one of the sextic twists
2016-01-10 08:35:59 +00:00
paveljanik
e5a904788e
[Trivial] Remove double semicolons
2015-12-30 08:42:42 +01:00
Pieter Wuille
c18b869e58
Merge pull request #360
...
83221ec
Add experimental features to configure (Pieter Wuille)
2015-12-12 21:42:10 +01:00
Pieter Wuille
3026daa095
Merge pull request #302
...
03d4611
Add sage verification script for the group laws (Pieter Wuille)
2015-12-01 21:02:23 +01:00
Pieter Wuille
03d4611c81
Add sage verification script for the group laws
2015-11-29 16:03:07 +01:00
Pieter Wuille
a965937290
Merge pull request #361
...
5d4c5a3
Prevent damage_array in the signature test from going out of bounds. (Gregory Maxwell)
2015-11-27 00:56:03 +01:00
Pieter Wuille
83221ecb00
Add experimental features to configure
2015-11-27 00:20:28 +01:00
Gregory Maxwell
5d4c5a31b9
Prevent damage_array in the signature test from going out of bounds.
2015-11-26 21:02:27 +00:00
Pieter Wuille
419bf7fd9d
Merge pull request #356
...
03d84a4
Benchmark against OpenSSL verification (Pieter Wuille)
2015-11-24 21:55:33 +01:00
Pieter Wuille
6c527eceee
Merge pull request #357
...
445f7f1
Fix for Windows compile issue (ptschip)
2015-11-17 01:47:32 +01:00
ptschip
445f7f104c
Fix for Windows compile issue
...
Change CPPFLAGS_FOR_BUILD path (by paveljanik)
2015-11-16 16:40:12 -08:00
Pieter Wuille
03d84a427f
Benchmark against OpenSSL verification
2015-11-15 15:47:49 +01:00
Pieter Wuille
2bfb82b10e
Merge pull request #351
...
06aeea5
Turn secp256k1_ec_pubkey_serialize outlen to in/out (Pieter Wuille)
2015-11-05 20:49:42 +01:00
Pieter Wuille
06aeea555e
Turn secp256k1_ec_pubkey_serialize outlen to in/out
2015-11-05 06:01:56 +01:00
Pieter Wuille
970164dace
Merge pull request #348
...
6466625
Improvements for coordinate decompression (Pieter Wuille)
2015-11-05 01:32:55 +01:00
Pieter Wuille
646662517f
Improvements for coordinate decompression
2015-11-05 00:04:39 +01:00
Pieter Wuille
e2100ad5b3
Merge pull request #347
...
8e48787
Change secp256k1_ec_pubkey_combine's count argument to size_t. (Gregory Maxwell)
c69dea0
Clear output in more cases for pubkey_combine, adds tests. (Gregory Maxwell)
269d422
Comment copyediting. (Gregory Maxwell)
2015-11-01 23:02:24 +01:00
Gregory Maxwell
8e48787d97
Change secp256k1_ec_pubkey_combine's count argument to size_t.
2015-10-31 19:04:34 +00:00
Gregory Maxwell
c69dea025a
Clear output in more cases for pubkey_combine, adds tests.
...
Also corrects an outdated comment and adds an additional
secp256k1_ecdsa_signature_parse_compact test.
2015-10-31 09:52:30 +00:00
Gregory Maxwell
269d422703
Comment copyediting.
2015-10-31 08:31:15 +00:00
Pieter Wuille
b4d17da903
Merge pull request #344
...
26abce7
Adds 32 static test vectors for scalar mul, sqr, inv. (Gregory Maxwell)
2015-10-31 02:21:35 +01:00
Pieter Wuille
47092650f9
Merge pull request #345
...
5b71a3f
Better error case handling for pubkey_create & pubkey_serialize, more tests. (Gregory Maxwell)
2015-10-31 00:41:21 +01:00
Gregory Maxwell
26abce75ea
Adds 32 static test vectors for scalar mul, sqr, inv.
...
These were generated by testing more than 10^12 random test vectors
for coverage on instrumented (comparison operator outcomes) 32-bit
and 64-bit code, plus additional edge condition requirements (e.g.
inputs of 0, 1, -1) and then solving a minimum set cover problem.
The required responses were generated with Sage.
This significantly improves the lcov branch coverage report and
makes the tests much more sensitive to mutation testing of the
scalar code.
The challenges and responses are in the form of pairs of scalars:
C1 * C2 == R1
(C1 * C2) * (1 / C2) == C1
C2 * (1 / C2) == 1
C1 * C1 == R2
C1^2 == R2
2015-10-30 21:17:19 +00:00
Gregory Maxwell
5b71a3f460
Better error case handling for pubkey_create & pubkey_serialize, more tests.
...
Makes secp256k1_ec_pubkey_serialize set the length to zero on failure,
also makes secp256k1_ec_pubkey_create set the pubkey to zeros when
the key argument is NULL.
Also adds many additional ARGCHECK tests.
2015-10-30 09:16:40 +00:00
Pieter Wuille
3b7bc695ef
Merge pull request #343
...
eed87af
Change contrib/laxder from headers-only to files compilable as standalone C (Andrew Poelstra)
2015-10-30 03:35:30 +01:00
Andrew Poelstra
eed87af10a
Change contrib/laxder from headers-only to files compilable as standalone C
...
Verified that both programs compile with
gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_privatekey_parsing.c
gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_parsing.c
2015-10-29 18:55:49 -05:00
Pieter Wuille
d7eb1ae96d
Merge pull request #342
...
7914a6e
Make lax_der_privatekey_parsing.h not depend on internal code (Pieter Wuille)
2015-10-26 19:47:40 +01:00
Pieter Wuille
7914a6ebae
Make lax_der_privatekey_parsing.h not depend on internal code
2015-10-26 02:53:06 +01:00
Pieter Wuille
73f64ff8f3
Merge pull request #339
...
9234391
Overhaul flags handling (Pieter Wuille)
1a36898
Make flags more explicit, add runtime checks. (Rusty Russell)
2015-10-25 20:10:41 +01:00
Pieter Wuille
9234391ed4
Overhaul flags handling
2015-10-24 19:47:13 +02:00
Rusty Russell
1a368980c8
Make flags more explicit, add runtime checks.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-24 19:39:44 +02:00
Pieter Wuille
1a3e03a348
Merge pull request #340
...
96be204
Add additional tests for eckey and arg-checks. (Gregory Maxwell)
bb5aa4d
Make the tweak function zeroize-output-on-fail behavior consistent. (Gregory Maxwell)
4a243da
Move secp256k1_ec_privkey_import/export to contrib. (Gregory Maxwell)
1b3efc1
Move secp256k1_ecdsa_sig_recover into the recovery module. (Gregory Maxwell)
e3cd679
Eliminate all side-effects from VERIFY_CHECK() usage. (Gregory Maxwell)
b30fc85
Avoid nonce_function_rfc6979 algo16 argument emulation. (Gregory Maxwell)
70d4640
Make secp256k1_ec_pubkey_create skip processing invalid secret keys. (Gregory Maxwell)
6c476a8
Minor comment improvements. (Gregory Maxwell)
2015-10-24 19:32:31 +02:00
Gregory Maxwell
96be20463f
Add additional tests for eckey and arg-checks.
...
This gets branch coverage up over 90% for me.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
bb5aa4df55
Make the tweak function zeroize-output-on-fail behavior consistent.
...
Previously the private key tweak operations left the input unchanged
on failure but the pubkey versions zeroized on failure.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
4a243da47c
Move secp256k1_ec_privkey_import/export to contrib.
...
These functions are intended for compatibility with legacy software,
and are not normally needed in new secp256k1 applications.
They also do not obeying any particular standard (and likely cannot
without without undermining their compatibility), and so are a
better fit for contrib.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
1b3efc1147
Move secp256k1_ecdsa_sig_recover into the recovery module.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
e3cd679634
Eliminate all side-effects from VERIFY_CHECK() usage.
...
The side-effects make review somewhat harder because 99.9% of the
time the macro usage has no sideeffects, so they're easily ignored.
The main motivation for avoiding the side effects is so that the
macro can be completely stubbed out for branch coverage analysis
otherwise all the unreachable verify code gets counted against
coverage.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
b30fc85c9e
Avoid nonce_function_rfc6979 algo16 argument emulation.
...
This avoids data=NULL and data = zeros to producing the same nonce.
Previously the code tried to avoid the case where some data inputs
aliased algo16 inputs by always padding out the data.
But because algo16 and data are different lengths they cannot
emulate each other, and the padding would match a data value of
all zeros.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
70d4640172
Make secp256k1_ec_pubkey_create skip processing invalid secret keys.
...
This makes it somewhat less constant time in error conditions, but
avoids encountering an internal assertion failure when trying
to write out the point at infinity.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
6c476a8a9b
Minor comment improvements.
2015-10-22 22:57:33 +00:00
Pieter Wuille
131afe5bf5
Merge pull request #334
...
0c6ab2f
Introduce explicit lower-S normalization (Pieter Wuille)
fea19e7
Add contrib/lax_der_parsing.h (Pieter Wuille)
3bb9c44
Rewrite ECDSA signature parsing code (Pieter Wuille)
fa57f1b
Use secp256k1_rand_int and secp256k1_rand_bits more (Pieter Wuille)
49b3749
Add new tests for the extra testrand functions (Pieter Wuille)
f684d7d
Faster secp256k1_rand_int implementation (Pieter Wuille)
251b1a6
Improve testrand: add extra random functions (Pieter Wuille)
2015-10-23 00:23:54 +02:00
Pieter Wuille
0c6ab2ff18
Introduce explicit lower-S normalization
...
ECDSA signature verification now requires normalized signatures (with S in the
lower half of the range). In case the input cannot be guaranteed to provide this,
a new function secp256k1_ecdsa_signature_normalize is provided to preprocess it.
2015-10-21 16:14:42 +02:00
Pieter Wuille
fea19e7bb7
Add contrib/lax_der_parsing.h
...
This shows a snippet of code to do lax DER parsing, without obeying to any
particular standard.
2015-10-21 16:14:35 +02:00
Pieter Wuille
3bb9c44719
Rewrite ECDSA signature parsing code
...
There are now 2 encoding formats supported: 64-byte "compact" and DER.
The latter is strict: the data has to be exact DER, though the values
inside don't need to be valid.
2015-10-21 16:13:37 +02:00
Pieter Wuille
fa57f1bdf1
Use secp256k1_rand_int and secp256k1_rand_bits more
...
Update the unit tests to make use of the new RNG functions.
2015-10-21 16:13:37 +02:00