Commit Graph

697 Commits

Author SHA1 Message Date
Pieter Wuille
bc7c93c6cd
Merge #374: Add note about y=0 being possible on one of the sextic twists
e72e93a Add note about y=0 being possible on one of the sextic twists (Andrew Poelstra)
2016-02-16 20:43:16 +01:00
Pieter Wuille
e4570184ff
Merge #364: JNI rebased
86e2d07 JNI library: cleanup, removed unimplemented code (GreenAddress)
3093576 JNI library (GreenAddress)
2016-02-16 20:34:27 +01:00
GreenAddress
86e2d07e4c JNI library: cleanup, removed unimplemented code 2016-02-01 14:07:29 +01:00
GreenAddress
3093576aa4 JNI library
Squashed and rebased. Thanks to @theuni and @faizkhan00 for doing
the majority of work here! Also thanks to @btchip for help with debugging
and review.
2016-02-01 14:07:18 +01:00
Pieter Wuille
bd2895fdd9
Merge pull request #371
e5a9047 [Trivial] Remove double semicolons (paveljanik)
2016-01-27 20:59:02 +01:00
Andrew Poelstra
e72e93ad9c Add note about y=0 being possible on one of the sextic twists 2016-01-10 08:35:59 +00:00
paveljanik
e5a904788e [Trivial] Remove double semicolons 2015-12-30 08:42:42 +01:00
Pieter Wuille
c18b869e58
Merge pull request #360
83221ec Add experimental features to configure (Pieter Wuille)
2015-12-12 21:42:10 +01:00
Pieter Wuille
3026daa095
Merge pull request #302
03d4611 Add sage verification script for the group laws (Pieter Wuille)
2015-12-01 21:02:23 +01:00
Pieter Wuille
03d4611c81 Add sage verification script for the group laws 2015-11-29 16:03:07 +01:00
Pieter Wuille
a965937290
Merge pull request #361
5d4c5a3 Prevent damage_array in the signature test from going out of bounds. (Gregory Maxwell)
2015-11-27 00:56:03 +01:00
Pieter Wuille
83221ecb00 Add experimental features to configure 2015-11-27 00:20:28 +01:00
Gregory Maxwell
5d4c5a31b9 Prevent damage_array in the signature test from going out of bounds. 2015-11-26 21:02:27 +00:00
Pieter Wuille
419bf7fd9d
Merge pull request #356
03d84a4 Benchmark against OpenSSL verification (Pieter Wuille)
2015-11-24 21:55:33 +01:00
Pieter Wuille
6c527eceee
Merge pull request #357
445f7f1 Fix for Windows compile issue (ptschip)
2015-11-17 01:47:32 +01:00
ptschip
445f7f104c Fix for Windows compile issue
Change CPPFLAGS_FOR_BUILD path  (by paveljanik)
2015-11-16 16:40:12 -08:00
Pieter Wuille
03d84a427f Benchmark against OpenSSL verification 2015-11-15 15:47:49 +01:00
Pieter Wuille
2bfb82b10e
Merge pull request #351
06aeea5 Turn secp256k1_ec_pubkey_serialize outlen to in/out (Pieter Wuille)
2015-11-05 20:49:42 +01:00
Pieter Wuille
06aeea555e Turn secp256k1_ec_pubkey_serialize outlen to in/out 2015-11-05 06:01:56 +01:00
Pieter Wuille
970164dace
Merge pull request #348
6466625 Improvements for coordinate decompression (Pieter Wuille)
2015-11-05 01:32:55 +01:00
Pieter Wuille
646662517f Improvements for coordinate decompression 2015-11-05 00:04:39 +01:00
Pieter Wuille
e2100ad5b3
Merge pull request #347
8e48787 Change secp256k1_ec_pubkey_combine's count argument to size_t. (Gregory Maxwell)
c69dea0 Clear output in more cases for pubkey_combine, adds tests. (Gregory Maxwell)
269d422 Comment copyediting. (Gregory Maxwell)
2015-11-01 23:02:24 +01:00
Gregory Maxwell
8e48787d97 Change secp256k1_ec_pubkey_combine's count argument to size_t. 2015-10-31 19:04:34 +00:00
Gregory Maxwell
c69dea025a Clear output in more cases for pubkey_combine, adds tests.
Also corrects an outdated comment and adds an additional
 secp256k1_ecdsa_signature_parse_compact test.
2015-10-31 09:52:30 +00:00
Gregory Maxwell
269d422703 Comment copyediting. 2015-10-31 08:31:15 +00:00
Pieter Wuille
b4d17da903
Merge pull request #344
26abce7 Adds 32 static test vectors for scalar mul, sqr, inv. (Gregory Maxwell)
2015-10-31 02:21:35 +01:00
Pieter Wuille
47092650f9
Merge pull request #345
5b71a3f Better error case handling for pubkey_create & pubkey_serialize, more tests. (Gregory Maxwell)
2015-10-31 00:41:21 +01:00
Gregory Maxwell
26abce75ea Adds 32 static test vectors for scalar mul, sqr, inv.
These were generated by testing more than 10^12 random test vectors
 for coverage on instrumented (comparison operator outcomes) 32-bit
 and 64-bit code, plus additional edge condition requirements (e.g.
 inputs of 0, 1, -1) and then solving a minimum set cover problem.

The required responses were generated with Sage.

This significantly improves the lcov branch coverage report and
 makes the tests much more sensitive to mutation testing of the
 scalar code.

The challenges and responses are in the form of pairs of scalars:
  C1 * C2 == R1
  (C1 * C2) * (1 / C2) == C1
  C2 * (1 / C2) == 1
  C1 * C1 == R2
  C1^2    == R2
2015-10-30 21:17:19 +00:00
Gregory Maxwell
5b71a3f460 Better error case handling for pubkey_create & pubkey_serialize, more tests.
Makes secp256k1_ec_pubkey_serialize set the length to zero on failure,
 also makes secp256k1_ec_pubkey_create set the pubkey to zeros when
 the key argument is NULL.

Also adds many additional ARGCHECK tests.
2015-10-30 09:16:40 +00:00
Pieter Wuille
3b7bc695ef
Merge pull request #343
eed87af Change contrib/laxder from headers-only to files compilable as standalone C (Andrew Poelstra)
2015-10-30 03:35:30 +01:00
Andrew Poelstra
eed87af10a Change contrib/laxder from headers-only to files compilable as standalone C
Verified that both programs compile with

    gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_privatekey_parsing.c
    gcc -I. -I../include -lsecp256k1 -c -W -Wextra -Wall -Werror -ansi -pedantic lax_der_parsing.c
2015-10-29 18:55:49 -05:00
Pieter Wuille
d7eb1ae96d
Merge pull request #342
7914a6e Make lax_der_privatekey_parsing.h not depend on internal code (Pieter Wuille)
2015-10-26 19:47:40 +01:00
Pieter Wuille
7914a6ebae Make lax_der_privatekey_parsing.h not depend on internal code 2015-10-26 02:53:06 +01:00
Pieter Wuille
73f64ff8f3
Merge pull request #339
9234391 Overhaul flags handling (Pieter Wuille)
1a36898 Make flags more explicit, add runtime checks. (Rusty Russell)
2015-10-25 20:10:41 +01:00
Pieter Wuille
9234391ed4 Overhaul flags handling 2015-10-24 19:47:13 +02:00
Rusty Russell
1a368980c8 Make flags more explicit, add runtime checks.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-10-24 19:39:44 +02:00
Pieter Wuille
1a3e03a348
Merge pull request #340
96be204 Add additional tests for eckey and arg-checks. (Gregory Maxwell)
bb5aa4d Make the tweak function zeroize-output-on-fail behavior consistent. (Gregory Maxwell)
4a243da Move secp256k1_ec_privkey_import/export to contrib. (Gregory Maxwell)
1b3efc1 Move secp256k1_ecdsa_sig_recover into the recovery module. (Gregory Maxwell)
e3cd679 Eliminate all side-effects from VERIFY_CHECK() usage. (Gregory Maxwell)
b30fc85 Avoid nonce_function_rfc6979 algo16 argument emulation. (Gregory Maxwell)
70d4640 Make secp256k1_ec_pubkey_create skip processing invalid secret keys. (Gregory Maxwell)
6c476a8 Minor comment improvements. (Gregory Maxwell)
2015-10-24 19:32:31 +02:00
Gregory Maxwell
96be20463f Add additional tests for eckey and arg-checks.
This gets branch coverage up over 90% for me.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
bb5aa4df55 Make the tweak function zeroize-output-on-fail behavior consistent.
Previously the private key tweak operations left the input unchanged
 on failure but the pubkey versions zeroized on failure.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
4a243da47c Move secp256k1_ec_privkey_import/export to contrib.
These functions are intended for compatibility with legacy software,
 and are not normally needed in new secp256k1 applications.

They also do not obeying any particular standard (and likely cannot
 without without undermining their compatibility), and so are a
 better fit for contrib.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
1b3efc1147 Move secp256k1_ecdsa_sig_recover into the recovery module. 2015-10-22 22:57:33 +00:00
Gregory Maxwell
e3cd679634 Eliminate all side-effects from VERIFY_CHECK() usage.
The side-effects make review somewhat harder because 99.9% of the
 time the macro usage has no sideeffects, so they're easily ignored.

The main motivation for avoiding the side effects is so that the
 macro can be completely stubbed out for branch coverage analysis
 otherwise all the unreachable verify code gets counted against
 coverage.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
b30fc85c9e Avoid nonce_function_rfc6979 algo16 argument emulation.
This avoids data=NULL and data = zeros to producing the same nonce.

Previously the code tried to avoid the case where some data inputs
 aliased algo16 inputs by always padding out the data.

But because algo16 and data are different lengths they cannot
 emulate each other, and the padding would match a data value of
 all zeros.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
70d4640172 Make secp256k1_ec_pubkey_create skip processing invalid secret keys.
This makes it somewhat less constant time in error conditions, but
 avoids encountering an internal assertion failure when trying
 to write out the point at infinity.
2015-10-22 22:57:33 +00:00
Gregory Maxwell
6c476a8a9b Minor comment improvements. 2015-10-22 22:57:33 +00:00
Pieter Wuille
131afe5bf5
Merge pull request #334
0c6ab2f Introduce explicit lower-S normalization (Pieter Wuille)
fea19e7 Add contrib/lax_der_parsing.h (Pieter Wuille)
3bb9c44 Rewrite ECDSA signature parsing code (Pieter Wuille)
fa57f1b Use secp256k1_rand_int and secp256k1_rand_bits more (Pieter Wuille)
49b3749 Add new tests for the extra testrand functions (Pieter Wuille)
f684d7d Faster secp256k1_rand_int implementation (Pieter Wuille)
251b1a6 Improve testrand: add extra random functions (Pieter Wuille)
2015-10-23 00:23:54 +02:00
Pieter Wuille
0c6ab2ff18 Introduce explicit lower-S normalization
ECDSA signature verification now requires normalized signatures (with S in the
lower half of the range). In case the input cannot be guaranteed to provide this,
a new function secp256k1_ecdsa_signature_normalize is provided to preprocess it.
2015-10-21 16:14:42 +02:00
Pieter Wuille
fea19e7bb7 Add contrib/lax_der_parsing.h
This shows a snippet of code to do lax DER parsing, without obeying to any
particular standard.
2015-10-21 16:14:35 +02:00
Pieter Wuille
3bb9c44719 Rewrite ECDSA signature parsing code
There are now 2 encoding formats supported: 64-byte "compact" and DER.
The latter is strict: the data has to be exact DER, though the values
inside don't need to be valid.
2015-10-21 16:13:37 +02:00
Pieter Wuille
fa57f1bdf1 Use secp256k1_rand_int and secp256k1_rand_bits more
Update the unit tests to make use of the new RNG functions.
2015-10-21 16:13:37 +02:00