boxtec
/
bitcoin
mirror of https://github.com/bitcoin/bitcoin
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

Fix secp256k1_fe_inv_all_var parameter order

Browse Source 
Rearranged secp256k1_fe_inv_all_var parameters so length is after array.
Text editor removed some trailing whitespaces.
pull/11871/head
llamasoft 8 years ago
parent c5b32e16c4
commit 7d893f4980
4 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File

2
src/field.h
Unescape View File

@ -110,7 +110,7 @@ static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a);
/** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be /** Calculate the (modular) inverses of a batch of field elements. Requires the inputs' magnitudes to be
* at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and * at most 8. The output magnitudes are 1 (but not guaranteed to be normalized). The inputs and
* outputs must not overlap in memory. */ * outputs must not overlap in memory. */
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe *r, const secp256k1_fe *a); static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len);
/** Convert a field element to the storage type. */ /** Convert a field element to the storage type. */
static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a);

2
src/field_impl.h
Unescape View File

@ -260,7 +260,7 @@ static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) {
#endif #endif
} }
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe *r, const secp256k1_fe *a) { static void secp256k1_fe_inv_all_var(secp256k1_fe *r, const secp256k1_fe *a, size_t len) {
secp256k1_fe u; secp256k1_fe u;
size_t i; size_t i;
if (len < 1) { if (len < 1) {

6
src/group_impl.h
Unescape View File

@ -22,7 +22,7 @@ static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST(
); );
static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) {
secp256k1_fe zi2; secp256k1_fe zi2;
secp256k1_fe zi3; secp256k1_fe zi3;
secp256k1_fe_sqr(&zi2, zi); secp256k1_fe_sqr(&zi2, zi);
secp256k1_fe_mul(&zi3, &zi2, zi); secp256k1_fe_mul(&zi3, &zi2, zi);
@ -89,7 +89,7 @@ static void secp256k1_ge_set_all_gej_var(size_t len, secp256k1_ge *r, const secp
} }
azi = (secp256k1_fe *)checked_malloc(cb, sizeof(secp256k1_fe) * count); azi = (secp256k1_fe *)checked_malloc(cb, sizeof(secp256k1_fe) * count);
secp256k1_fe_inv_all_var(count, azi, az); secp256k1_fe_inv_all_var(azi, az, count);
free(az); free(az);
count = 0; count = 0;
@ -260,7 +260,7 @@ static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, s
/** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity,
* Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have * Q must equal -Q, or that Q.y == -(Q.y), or Q.y is 0. For a point on y^2 = x^3 + 7 to have
* y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p. * y=0, x^3 must be -7 mod p. However, -7 has no cube root mod p.
* *
* Having said this, if this function receives a point on a sextic twist, e.g. by * Having said this, if this function receives a point on a sextic twist, e.g. by
* a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6, * a fault attack, it is possible for y to be 0. This happens for y^2 = x^3 + 6,
* since -6 does have a cube root mod p. For this point, this function will not set * since -6 does have a cube root mod p. For this point, this function will not set

16
src/tests.c
Unescape View File

@ -520,7 +520,7 @@ void test_num_mod(void) {
secp256k1_num order, n; secp256k1_num order, n;
/* check that 0 mod anything is 0 */ /* check that 0 mod anything is 0 */
random_scalar_order_test(&s); random_scalar_order_test(&s);
secp256k1_scalar_get_num(&order, &s); secp256k1_scalar_get_num(&order, &s);
secp256k1_scalar_set_int(&s, 0); secp256k1_scalar_set_int(&s, 0);
secp256k1_scalar_get_num(&n, &s); secp256k1_scalar_get_num(&n, &s);
@ -535,7 +535,7 @@ void test_num_mod(void) {
CHECK(secp256k1_num_is_zero(&n)); CHECK(secp256k1_num_is_zero(&n));
/* check that increasing the number past 2^256 does not break this */ /* check that increasing the number past 2^256 does not break this */
random_scalar_order_test(&s); random_scalar_order_test(&s);
secp256k1_scalar_get_num(&n, &s); secp256k1_scalar_get_num(&n, &s);
/* multiply by 2^8, which'll test this case with high probability */ /* multiply by 2^8, which'll test this case with high probability */
for (i = 0; i < 8; ++i) { for (i = 0; i < 8; ++i) {
@ -568,7 +568,7 @@ void test_num_jacobi(void) {
/* we first need a scalar which is not a multiple of 5 */ /* we first need a scalar which is not a multiple of 5 */
do { do {
secp256k1_num fiven; secp256k1_num fiven;
random_scalar_order_test(&sqr); random_scalar_order_test(&sqr);
secp256k1_scalar_get_num(&fiven, &five); secp256k1_scalar_get_num(&fiven, &five);
secp256k1_scalar_get_num(&n, &sqr); secp256k1_scalar_get_num(&n, &sqr);
secp256k1_num_mod(&n, &fiven); secp256k1_num_mod(&n, &fiven);
@ -587,7 +587,7 @@ void test_num_jacobi(void) {
/** test with secp group order as order */ /** test with secp group order as order */
secp256k1_scalar_order_get_num(&order); secp256k1_scalar_order_get_num(&order);
random_scalar_order_test(&sqr); random_scalar_order_test(&sqr);
secp256k1_scalar_sqr(&sqr, &sqr); secp256k1_scalar_sqr(&sqr, &sqr);
/* test residue */ /* test residue */
secp256k1_scalar_get_num(&n, &sqr); secp256k1_scalar_get_num(&n, &sqr);
@ -1733,18 +1733,18 @@ void run_field_inv_all_var(void) {
secp256k1_fe x[16], xi[16], xii[16]; secp256k1_fe x[16], xi[16], xii[16];
int i; int i;
/* Check it's safe to call for 0 elements */ /* Check it's safe to call for 0 elements */
secp256k1_fe_inv_all_var(0, xi, x); secp256k1_fe_inv_all_var(xi, x, 0);
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
size_t j; size_t j;
size_t len = secp256k1_rand_int(15) + 1; size_t len = secp256k1_rand_int(15) + 1;
for (j = 0; j < len; j++) { for (j = 0; j < len; j++) {
random_fe_non_zero(&x[j]); random_fe_non_zero(&x[j]);
} }
secp256k1_fe_inv_all_var(len, xi, x); secp256k1_fe_inv_all_var(xi, x, len);
for (j = 0; j < len; j++) { for (j = 0; j < len; j++) {
CHECK(check_fe_inverse(&x[j], &xi[j])); CHECK(check_fe_inverse(&x[j], &xi[j]));
} }
secp256k1_fe_inv_all_var(len, xii, xi); secp256k1_fe_inv_all_var(xii, xi, len);
for (j = 0; j < len; j++) { for (j = 0; j < len; j++) {
CHECK(check_fe_equal(&x[j], &xii[j])); CHECK(check_fe_equal(&x[j], &xii[j]));
} }
@ -1930,7 +1930,7 @@ void test_ge(void) {
zs[i] = gej[i].z; zs[i] = gej[i].z;
} }
} }
secp256k1_fe_inv_all_var(4 * runs + 1, zinv, zs); secp256k1_fe_inv_all_var(zinv, zs, 4 * runs + 1);
free(zs); free(zs);
} }

Write Preview
Loading…
Cancel
Save