Gregory Maxwell
27bc1311af
Silence some warnings from pedantic static analysis tools, improve compatibility with C++.
...
C doesn't include the null in an array initilized from a
string literal if it doesn't fit, in C++ this is invalid.
The vararray style prototypes and init+calc also changed in
this commit are not C89 enough for some tools.
10 years ago
Pieter Wuille
3b7ea633fb
Merge pull request #221
...
443cd4b
Get rid of hex format and some binary conversions (Pieter Wuille)
10 years ago
Pieter Wuille
f789c5baf2
Merge pull request #215
...
8956111
use 128-bit hex seed (Pieter Wuille)
02efd06
Use RFC6979 for test PRNGs (Pieter Wuille)
10 years ago
Pieter Wuille
8956111802
use 128-bit hex seed
10 years ago
Pieter Wuille
02efd06554
Use RFC6979 for test PRNGs
10 years ago
Pieter Wuille
ae55e850c7
Use faster byteswapping and avoid alignment-increasing casts.
10 years ago
Pieter Wuille
443cd4b8ee
Get rid of hex format and some binary conversions
10 years ago
Pieter Wuille
8030d7c0e5
Improve signing API documentation & specification
10 years ago
Iang
11690d3bb9
Removed gotos, which are hard to trace and maintain.
10 years ago
Pieter Wuille
035406d6db
Merge pull request #206
...
34b898d
Additional comments for the testing PRNG and a seeding fix. (Gregory Maxwell)
6efd6e7
Some comments explaining some of the constants in the code. (Gregory Maxwell)
10 years ago
Pieter Wuille
2d4cd53087
Merge pull request #161
...
ffccfd2
x86_64 assembly optimization for scalar_4x64 (Pieter Wuille)
10 years ago
Gregory Maxwell
34b898dc84
Additional comments for the testing PRNG and a seeding fix.
...
Rw has additional short-cycle inputs because 2^32/0x464fffff >= 2.
10 years ago
Gregory Maxwell
6efd6e7777
Some comments explaining some of the constants in the code.
10 years ago
Pieter Wuille
ffccfd2d00
x86_64 assembly optimization for scalar_4x64
10 years ago
Pieter Wuille
039723d5da
Benchmarks for all internal operations
10 years ago
Pieter Wuille
d61e899531
Add group operation counts
10 years ago
Gregory Maxwell
f735446c4d
Convert the rest of the codebase to C89.
...
Update build system to enforce -std=c89 -pedantic.
10 years ago
Gregory Maxwell
bf2e1ac7cd
Convert tests to C89. (also fixes a use of bare "inline" in field)
10 years ago
Pieter Wuille
fc8285f18a
Merge pull request #199
...
fcc48c4
Remove the non-storage cmov (Pieter Wuille)
55422b6 Switch ecmult_gen to use storage types (Pieter Wuille)
41f8455
Use group element storage type in EC multiplications (Pieter Wuille)
e68d720
Add group element storage type (Pieter Wuille)
ff889f7
Field storage type (Pieter Wuille)
10 years ago
Gregory Maxwell
4be8d6fc42
Centralize the definition of uint128_t and use it uniformly.
...
This needs to be renamed along with the other _t types, because _t
is reserved. But that will be done later.
10 years ago
Gregory Maxwell
d9543c904f
Switch scalar code to C89.
10 years ago
Pieter Wuille
fcc48c4561
Remove the non-storage cmov
10 years ago
Pieter Wuille
55422b6aaf
Switch ecmult_gen to use storage types
10 years ago
Pieter Wuille
41f8455434
Use group element storage type in EC multiplications
10 years ago
Pieter Wuille
e68d7208ec
Add group element storage type
10 years ago
Pieter Wuille
ff889f7d90
Field storage type
10 years ago
Pieter Wuille
0768bd55a1
Get rid of variable-length hex string conversions
10 years ago
Gregory Maxwell
792bcdb015
Covert several more files to C89.
10 years ago
Pieter Wuille
45cdf4479d
Merge pull request #193
...
25b35c7
Convert field code to strict C89 (+ long long, +__int128) (Gregory Maxwell)
3627437
C89 nits and dead code removal. (Gregory Maxwell)
10 years ago
mb300sd
402878ae11
fix ifdef/ifndef
10 years ago
Gregory Maxwell
25b35c7ecb
Convert field code to strict C89 (+ long long, +__int128)
...
This makes the software more portable to embedded systems
and static analysis tools.
Sadly, it can't result in identical binaries because C99 mixed
declarations seem to make GCC emit superfluous stack-pointer
updates. The compiler is also somewhat dependent on the
declaration order.
10 years ago
Gregory Maxwell
3627437d80
C89 nits and dead code removal.
10 years ago
Pieter Wuille
4732d26069
Convert the field/group/ecdsa constant initialization to static consts
10 years ago
Pieter Wuille
19f3e76002
Remove unused secp256k1_fe_inner_{start, stop} functions
10 years ago
Pieter Wuille
f1ebfe399f
Convert the scalar constant initialization to static consts
10 years ago
Gregory Maxwell
941e221f66
Add tests for handling of the nonce function in signing.
10 years ago
Pieter Wuille
10c81ffb5d
Merge pull request #177
...
7688e34
Add magnitude limits to secp256k1_fe_verify to ensure that it's own tests function correctly. (Gregory Maxwell)
70ae0d2
Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var. (Gregory Maxwell)
10 years ago
Gregory Maxwell
7688e341c5
Add magnitude limits to secp256k1_fe_verify to ensure that it's own tests function correctly.
10 years ago
Pieter Wuille
4ee4f7ac3f
Merge pull request #176
...
9ab9335
Add a reference consistency test to ge_tests. (Pieter Wuille)
60571c6
Rework group tests (Pieter Wuille)
10 years ago
Gregory Maxwell
70ae0d2851
Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var.
...
In theory this should be faster, since secp256k1_fe_equal_var is able to
shortcut the normalization. On x86_64 the improvement appears to be in
the noise for me. At least it makes the code cleaner.
10 years ago
Pieter Wuille
9ab93355f2
Add a reference consistency test to ge_tests.
...
This adds all points used in the test together in random order, which
should result in infinity.
Suggested by Greg Maxwell.
10 years ago
Pieter Wuille
60571c6e45
Rework group tests
10 years ago
Gregory Maxwell
d26e26f2f4
Avoid constructing an invalid signature with probability 1:2^256.
10 years ago
Pieter Wuille
b450c34843
Merge pull request #163
...
bbd5ba7
Use rfc6979 as default nonce generation function (Pieter Wuille)
b37fbc2
Implement SHA256 / HMAC-SHA256 / RFC6979. (Pieter Wuille)
c6e7f4e
[API BREAK] Use a nonce-generation function instead of a nonce (Pieter Wuille)
10 years ago
Peter Dettman
49ee0dbe16
Add _normalizes_to_zero_var variant
10 years ago
Peter Dettman
eed599dd72
Add _fe_normalizes_to_zero method
10 years ago
Pieter Wuille
d7174edf5f
Weak normalization for secp256k1_fe_equal
10 years ago
Pieter Wuille
0295f0a33d
weak normalization
10 years ago
Pieter Wuille
bbd5ba7cfa
Use rfc6979 as default nonce generation function
10 years ago
Pieter Wuille
b37fbc280e
Implement SHA256 / HMAC-SHA256 / RFC6979.
10 years ago
Pieter Wuille
c6e7f4e8d8
[API BREAK] Use a nonce-generation function instead of a nonce
10 years ago
Pieter Wuille
603c33bc80
Make signing fail if a too small buffer is passed.
...
Bug discovered by Sergio Demian Lerner.
10 years ago
Pieter Wuille
7277fd76e2
Remove GMP field implementation
10 years ago
Pieter Wuille
13278f642c
Add explanation about how inversion can be avoided
10 years ago
Pieter Wuille
ce7eb6fb3d
Optimize verification: avoid field inverse
...
Suggested by Greg Maxwell.
10 years ago
Pieter Wuille
1ba4a60a51
Configure options reorganization
10 years ago
Pieter Wuille
bccaf86caa
Merge pull request #150
...
cf7b2b4
Fix ECDSA message hashes to 32 bytes (Pieter Wuille)
10 years ago
Luke Dashjr
f22d73e757
Explicitly access %0..%2 as 64-bit so we use the right registers for x32 ABI
10 years ago
Pieter Wuille
e66d4d6d39
Avoid the stack in assembly and use explicit registers
10 years ago
Pieter Wuille
cf7b2b4647
Fix ECDSA message hashes to 32 bytes
10 years ago
Pieter Wuille
aaba2e0f4b
Merge pull request #136
...
6558a26
Make the benchmarks print out stats (Pieter Wuille)
000bdf6
Rename bench_verify to bench_recovery (Pieter Wuille)
10 years ago
Pieter Wuille
ee1eaa792d
Merge pull request #141
...
7c6fed2
Add a few more additional tests. (Gregory Maxwell)
8d11164
Add some additional tests. (Gregory Maxwell)
10 years ago
Pieter Wuille
6558a26770
Make the benchmarks print out stats
10 years ago
Pieter Wuille
000bdf6dc3
Rename bench_verify to bench_recovery
10 years ago
Gregory Maxwell
7c6fed2857
Add a few more additional tests.
10 years ago
Pavel Janík
e06a9244bf
Include time.h header for time().
10 years ago
Gregory Maxwell
8d11164bc0
Add some additional tests.
10 years ago
Pieter Wuille
3545627acb
Merge pull request #118
...
3ce74b1
Tweak precomputed table size for G (Pieter Wuille)
10 years ago
Pieter Wuille
6a9901e15b
Merge pull request #137
...
39bd94d
Variable time normalize (Pieter Wuille)
10 years ago
Pieter Wuille
376b28b096
Merge pull request #128
...
b2c9681
Make {mul,sqr}_inner use the same argument order as {mul,sqr} (Pieter Wuille)
6793505
Convert YASM code into inline assembly (Pieter Wuille)
f048615
Rewrite field assembly to match the C version (Pieter Wuille)
10 years ago
Pieter Wuille
17288069fb
Merge pull request #138
...
a5759c5
Check return value of malloc (Pieter Wuille)
2b9388b
Remove unused secp256k1_fe_inv_all (Pieter Wuille)
f461b76
Allocate precomputation arrays on the heap (Pieter Wuille)
10 years ago
Pieter Wuille
a5759c572e
Check return value of malloc
10 years ago
Pieter Wuille
39bd94d86d
Variable time normalize
10 years ago
Pieter Wuille
54b768c6da
Another redundant secp256k1_fe_normalize
10 years ago
Gregory Maxwell
1c29f2eb49
Remove redundant secp256k1_fe_normalize from secp256k1_gej_add_ge_var.
...
This was a missed optimization in the extraction of gej+ge from gej+gej.
10 years ago
Pieter Wuille
2b9388b647
Remove unused secp256k1_fe_inv_all
10 years ago
Pieter Wuille
f461b76925
Allocate precomputation arrays on the heap
10 years ago
Pieter Wuille
b0210a95da
Merge pull request #135
...
ee3eb4b
Fix a memory leak and add a number of small tests. (Gregory Maxwell)
10 years ago
Gregory Maxwell
ee3eb4be9e
Fix a memory leak and add a number of small tests.
...
This fixes a simple copy and paste induced memory leak for the ecdsa init.
The tests are mostly just improving coverage and aren't interesting.
10 years ago
Pieter Wuille
b2c9681c6f
Make {mul,sqr}_inner use the same argument order as {mul,sqr}
10 years ago
Pieter Wuille
67935050e1
Convert YASM code into inline assembly
10 years ago
Pieter Wuille
f048615970
Rewrite field assembly to match the C version
10 years ago
Pieter Wuille
4d879a3a66
Merge pull request #134
...
29ae131
Make scalar_add_bit test's overflow detection exact (Pieter Wuille)
10 years ago
Pieter Wuille
d5e8362ae5
Merge pull request #127
...
c35ff1e
Convert lambda splitter to pure scalar code. (Pieter Wuille)
cc604e9
Avoid division when decomposing scalars (Peter Dettman)
ff8746d
Add secp256k1_scalar_mul_shift_var (Pieter Wuille)
10 years ago
Pieter Wuille
7b92cf66c7
Merge pull request #132
...
efb7d4b
Use constant-time conditional moves instead of byte slicing (Pieter Wuille)
10 years ago
Pieter Wuille
29ae1310ce
Make scalar_add_bit test's overflow detection exact
10 years ago
Pieter Wuille
9048def7c7
Avoid undefined shift behaviour
10 years ago
Pieter Wuille
efb7d4b299
Use constant-time conditional moves instead of byte slicing
10 years ago
Pieter Wuille
82f9254cc0
Fix typo
10 years ago
Pieter Wuille
35399e08c4
Bugfix: b is restricted, not r
10 years ago
Pieter Wuille
c35ff1ea44
Convert lambda splitter to pure scalar code.
...
This enables the use of the endomorphism optimization without bignum.
10 years ago
Peter Dettman
cc604e9842
Avoid division when decomposing scalars
...
- In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
- Add the constants g1, g2 for this purpose and rewrite secp256k1_scalar_split_lambda_var accordingly.
- Remove secp256k1_num_div since no longer used
Rebased-by: Pieter Wuille
10 years ago
Pieter Wuille
ff8746d457
Add secp256k1_scalar_mul_shift_var
10 years ago
Pieter Wuille
bd313f7d6e
Merge pull request #119
...
597128d
Make num optional (Pieter Wuille)
659b554
Make constant initializers independent from num (Pieter Wuille)
10 years ago
Pieter Wuille
276f987d70
Merge pull request #124
...
4d4eeea
Make secp256k1_fe_mul_inner use the r != property (Pieter Wuille)
be82e92
Require that r and b are different for field multiplication. (Pieter Wuille)
10 years ago
Pieter Wuille
24b3c65e0d
Add a test case for ECDSA recomputing infinity
10 years ago
Pieter Wuille
32600e5086
Add a test for r >= order signature handling
...
Suggested by Greg Maxwell.
10 years ago
Pieter Wuille
4d4eeea4ac
Make secp256k1_fe_mul_inner use the r != property
...
Suggested by Peter Dettman.
10 years ago
Pieter Wuille
be82e92fc4
Require that r and b are different for field multiplication.
...
Suggested by Peter Dettman, this prepares for slightly faster muitiplication
which writes results immediately to r before finishing reading b.
10 years ago
Pieter Wuille
597128d389
Make num optional
10 years ago