more tests

12 years ago · 4e0ed53985
parent cbd3617ea1
commit 4e0ed53985
4 changed files with 74 additions and 9 deletions
--- a/ecmult.h
+++ b/ecmult.h
@ -8,7 +8,7 @@
 #include "num.h"

 #define WINDOW_A 5
-#define WINDOW_G 15
+#define WINDOW_G 13

 namespace secp256k1 {

@ -51,6 +51,7 @@ private:
    int used;

    void PushNAF(int num, int zeroes) {
+        assert(used < B+1);
        for (int i=0; i<zeroes; i++) {
            naf[used++]=0;
        }
@ -73,7 +74,7 @@ public:
                zeroes++;
                x.Shift1();
            }
-            int word = x.ShiftLowBits(ctx,w);
+            int word = x.ShiftLowBits(ct,w);
            if (word & (1 << (w-1))) {
                x.Inc();
                PushNAF(sign * (word - (1 << w)), zeroes);
@ -112,7 +113,6 @@ public:
    WNAFPrecomp<GroupElem,WINDOW_G> wpg128;

    ECMultConsts() {
-        printf("Precomputing G multiplies...\n");
        const GroupElem &g = GetGroupConst().g;
        GroupElemJac g128j(g);
        for (int i=0; i<128; i++)
@ -120,7 +120,6 @@ public:
        GroupElem g128; g128.SetJac(g128j);
        wpg.Build(g);
        wpg128.Build(g128);
-        printf("Done precomputing\n");
    }
 };

@ -129,7 +128,7 @@ const ECMultConsts &GetECMultConsts() {
    return ecmult_consts;
 }

-void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, Number &an, Number &gn) {
+void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn) {
    Context ct(ctx);
    Number an1(ct), an2(ct);
    Number gn1(ct), gn2(ct);
--- a/group.h
+++ b/group.h
@ -78,7 +78,7 @@ public:
    }

    /** Checks whether this is a non-infinite point on the curve */
-    bool IsValid() {
+    bool IsValid() const {
        if (IsInfinity())
            return false;
        // y^2 = x^3 + 7
--- a/num_openssl.h
+++ b/num_openssl.h
@ -74,7 +74,12 @@ public:
        BN_bn2bin(bn, bin + size - len);
    }
    void SetInt(int x) {
+        if (x >= 0) {
            BN_set_word(bn, x);
+        } else {
+            BN_set_word(bn, -x);
+            BN_set_negative(bn, 1);
+        }
    }
    void SetModInverse(Context &ctx, const Number &x, const Number &m) {
        BN_mod_inverse(bn, x.bn, m.bn, ctx);
--- a/tests.cpp
+++ b/tests.cpp
@ -8,7 +8,7 @@

 using namespace secp256k1;

-void test_ecmult() {
+void test_run_ecmult_chain() {
    Context ctx;
    // random starting point A (on the curve)
    FieldElem ax; ax.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004");
@ -47,8 +47,69 @@ void test_ecmult() {
    assert(res == res2);
 }

+void test_point_times_order(const GroupElemJac &point) {
+    // either the point is not on the curve, or multiplying it by the order results in O
+    if (!point.IsValid())
+        return;
+
+    const GroupConstants &c = GetGroupConst();
+    Context ctx;
+    Number zero(ctx); zero.SetInt(0);
+    GroupElemJac res;
+    ECMult(ctx, res, point, c.order, zero); // calc res = order * point + 0 * G;
+    assert(res.IsInfinity());
+}
+
+void test_run_point_times_order() {
+    Context ctx;
+    FieldElem x; x.SetHex("0000000000000000000000000000000000000000000000000000000000000002");
+    for (int i=0; i<500; i++) {
+        GroupElemJac j; j.SetCompressed(x, true);
+        test_point_times_order(j);
+        x.SetSquare(x);
+    }
+}
+
+void test_wnaf(const Number &number, int w) {
+    Context ctx;
+    Number x(ctx), two(ctx), t(ctx);
+    x.SetInt(0);
+    two.SetInt(2);
+    WNAF<1023> wnaf(ctx, number, w);
+    int zeroes = -1;
+    for (int i=wnaf.GetSize()-1; i>=0; i--) {
+        x.SetMult(ctx, x, two);
+        int v = wnaf.Get(i);
+        if (v) {
+            assert(zeroes == -1 || zeroes >= w-1); // check that distance between non-zero elements is at least w-1
+            zeroes=0;
+            assert((v & 1) == 1); // check non-zero elements are odd
+            assert(v <= (1 << (w-1)) - 1); // check range below
+            assert(v >= -(1 << (w-1)) - 1); // check range above
+        } else {
+            assert(zeroes != -1); // check that no unnecessary zero padding exists
+            zeroes++;
+        }
+        t.SetInt(v);
+        x.SetAdd(ctx, x, t);
+    }
+    assert(x.Compare(number) == 0); // check that wnaf represents number
+}
+
+void test_run_wnaf() {
+    Context ctx;
+    Number range(ctx), min(ctx), n(ctx);
+    range.SetHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+    min = range; min.Shift1(); min.Negate();
+    for (int i=0; i<100; i++) {
+        n.SetPseudoRand(range); n.SetAdd(ctx,n,min);
+        test_wnaf(n, 4+(i%10));
+    }
+}

 int main(void) {
-    test_ecmult();
+    test_run_wnaf();
+    test_run_point_times_order();
+    test_run_ecmult_chain();
    return 0;
 }