2013-03-10 21:25:19 +01:00
|
|
|
#include <assert.h>
|
|
|
|
|
2013-03-16 15:51:55 +01:00
|
|
|
#include "num.cpp"
|
|
|
|
#include "field.cpp"
|
|
|
|
#include "group.cpp"
|
|
|
|
#include "ecmult.cpp"
|
|
|
|
#include "ecdsa.cpp"
|
2013-03-10 21:25:19 +01:00
|
|
|
|
|
|
|
using namespace secp256k1;
|
|
|
|
|
2013-03-11 01:19:24 +01:00
|
|
|
void test_run_ecmult_chain() {
|
2013-03-10 22:23:33 +01:00
|
|
|
// random starting point A (on the curve)
|
2013-03-10 21:25:19 +01:00
|
|
|
FieldElem ax; ax.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004");
|
|
|
|
FieldElem ay; ay.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
|
|
|
|
GroupElemJac a(ax,ay);
|
2013-03-10 22:23:33 +01:00
|
|
|
// two random initial factors xn and gn
|
2013-03-14 01:20:10 +01:00
|
|
|
Number xn; xn.SetHex("84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407");
|
|
|
|
Number gn; gn.SetHex("a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de");
|
2013-03-10 22:23:33 +01:00
|
|
|
// two small multipliers to be applied to xn and gn in every iteration:
|
2013-03-14 01:20:10 +01:00
|
|
|
Number xf; xf.SetHex("1337");
|
|
|
|
Number gf; gf.SetHex("7113");
|
2013-03-10 22:23:33 +01:00
|
|
|
// accumulators with the resulting coefficients to A and G
|
2013-03-14 01:20:10 +01:00
|
|
|
Number ae; ae.SetHex("01");
|
|
|
|
Number ge; ge.SetHex("00");
|
2013-03-10 22:23:33 +01:00
|
|
|
// the point being computed
|
2013-03-10 21:41:54 +01:00
|
|
|
GroupElemJac x = a;
|
2013-03-10 21:25:19 +01:00
|
|
|
const Number &order = GetGroupConst().order;
|
2013-03-10 22:23:33 +01:00
|
|
|
for (int i=0; i<20000; i++) {
|
2013-03-10 21:41:54 +01:00
|
|
|
// in each iteration, compute X = xn*X + gn*G;
|
2013-03-14 01:20:10 +01:00
|
|
|
ECMult(x, x, xn, gn);
|
2013-03-10 21:41:54 +01:00
|
|
|
// also compute ae and ge: the actual accumulated factors for A and G
|
|
|
|
// if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G)
|
2013-03-14 01:20:10 +01:00
|
|
|
ae.SetModMul(ae, xn, order);
|
|
|
|
ge.SetModMul(ge, xn, order);
|
|
|
|
ge.SetAdd(ge, gn);
|
|
|
|
ge.SetMod(ge, order);
|
2013-03-10 21:41:54 +01:00
|
|
|
// modify xn and gn
|
2013-03-14 01:20:10 +01:00
|
|
|
xn.SetModMul(xn, xf, order);
|
|
|
|
gn.SetModMul(gn, gf, order);
|
2013-03-10 21:25:19 +01:00
|
|
|
}
|
2013-03-10 21:41:54 +01:00
|
|
|
std::string res = x.ToString();
|
2013-03-10 22:23:33 +01:00
|
|
|
assert(res == "(D6E96687F9B10D092A6F35439D86CEBEA4535D0D409F53586440BD74B933E830,B95CBCA2C77DA786539BE8FD53354D2D3B4F566AE658045407ED6015EE1B2A88)");
|
2013-03-10 21:41:54 +01:00
|
|
|
// redo the computation, but directly with the resulting ae and ge coefficients:
|
2013-03-14 01:20:10 +01:00
|
|
|
GroupElemJac x2; ECMult(x2, a, ae, ge);
|
2013-03-10 21:41:54 +01:00
|
|
|
std::string res2 = x2.ToString();
|
|
|
|
assert(res == res2);
|
2013-03-10 21:25:19 +01:00
|
|
|
}
|
|
|
|
|
2013-03-11 01:19:24 +01:00
|
|
|
void test_point_times_order(const GroupElemJac &point) {
|
|
|
|
// either the point is not on the curve, or multiplying it by the order results in O
|
|
|
|
if (!point.IsValid())
|
|
|
|
return;
|
|
|
|
|
|
|
|
const GroupConstants &c = GetGroupConst();
|
2013-03-14 01:20:10 +01:00
|
|
|
Number zero; zero.SetInt(0);
|
2013-03-11 01:19:24 +01:00
|
|
|
GroupElemJac res;
|
2013-03-14 01:20:10 +01:00
|
|
|
ECMult(res, point, c.order, zero); // calc res = order * point + 0 * G;
|
2013-03-11 01:19:24 +01:00
|
|
|
assert(res.IsInfinity());
|
|
|
|
}
|
|
|
|
|
|
|
|
void test_run_point_times_order() {
|
2013-03-11 01:35:46 +01:00
|
|
|
FieldElem x; x.SetHex("02");
|
2013-03-11 01:19:24 +01:00
|
|
|
for (int i=0; i<500; i++) {
|
|
|
|
GroupElemJac j; j.SetCompressed(x, true);
|
|
|
|
test_point_times_order(j);
|
|
|
|
x.SetSquare(x);
|
|
|
|
}
|
2013-03-11 01:40:29 +01:00
|
|
|
assert(x.ToString() == "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45"); // 0x02 ^ (2^500)
|
2013-03-11 01:19:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void test_wnaf(const Number &number, int w) {
|
2013-03-14 01:20:10 +01:00
|
|
|
Number x, two, t;
|
2013-03-11 01:19:24 +01:00
|
|
|
x.SetInt(0);
|
|
|
|
two.SetInt(2);
|
2013-03-14 01:20:10 +01:00
|
|
|
WNAF<1023> wnaf(number, w);
|
2013-03-11 01:19:24 +01:00
|
|
|
int zeroes = -1;
|
|
|
|
for (int i=wnaf.GetSize()-1; i>=0; i--) {
|
2013-03-14 01:20:10 +01:00
|
|
|
x.SetMult(x, two);
|
2013-03-11 01:19:24 +01:00
|
|
|
int v = wnaf.Get(i);
|
|
|
|
if (v) {
|
|
|
|
assert(zeroes == -1 || zeroes >= w-1); // check that distance between non-zero elements is at least w-1
|
|
|
|
zeroes=0;
|
|
|
|
assert((v & 1) == 1); // check non-zero elements are odd
|
|
|
|
assert(v <= (1 << (w-1)) - 1); // check range below
|
|
|
|
assert(v >= -(1 << (w-1)) - 1); // check range above
|
|
|
|
} else {
|
|
|
|
assert(zeroes != -1); // check that no unnecessary zero padding exists
|
|
|
|
zeroes++;
|
|
|
|
}
|
|
|
|
t.SetInt(v);
|
2013-03-14 01:20:10 +01:00
|
|
|
x.SetAdd(x, t);
|
2013-03-11 01:19:24 +01:00
|
|
|
}
|
|
|
|
assert(x.Compare(number) == 0); // check that wnaf represents number
|
|
|
|
}
|
|
|
|
|
|
|
|
void test_run_wnaf() {
|
2013-03-14 01:20:10 +01:00
|
|
|
Number range, min, n;
|
2013-03-11 01:40:29 +01:00
|
|
|
range.SetHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); // 2^1024-1
|
2013-03-11 01:19:24 +01:00
|
|
|
min = range; min.Shift1(); min.Negate();
|
|
|
|
for (int i=0; i<100; i++) {
|
2013-03-14 01:20:10 +01:00
|
|
|
n.SetPseudoRand(range); n.SetAdd(n,min);
|
2013-03-11 01:19:24 +01:00
|
|
|
test_wnaf(n, 4+(i%10));
|
|
|
|
}
|
|
|
|
}
|
2013-03-10 21:25:19 +01:00
|
|
|
|
2013-03-18 02:41:01 +01:00
|
|
|
void test_ecdsa_sign_verify() {
|
|
|
|
const GroupConstants &c = GetGroupConst();
|
|
|
|
Number msg; msg.SetPseudoRand(c.order);
|
|
|
|
Number key; key.SetPseudoRand(c.order);
|
|
|
|
Number nonce;
|
|
|
|
GroupElemJac pub; ECMultBase(pub, key);
|
|
|
|
Signature sig;
|
|
|
|
do {
|
|
|
|
nonce.SetPseudoRand(c.order);
|
|
|
|
} while(!sig.Sign(key, msg, nonce));
|
|
|
|
assert(sig.Verify(pub, msg));
|
|
|
|
msg.Inc();
|
|
|
|
assert(!sig.Verify(pub, msg));
|
|
|
|
}
|
|
|
|
|
|
|
|
void test_run_ecdsa_sign_verify() {
|
|
|
|
for (int i=0; i<1000; i++) {
|
|
|
|
test_ecdsa_sign_verify();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-10 21:25:19 +01:00
|
|
|
int main(void) {
|
2013-03-11 01:19:24 +01:00
|
|
|
test_run_wnaf();
|
|
|
|
test_run_point_times_order();
|
|
|
|
test_run_ecmult_chain();
|
2013-03-18 02:41:01 +01:00
|
|
|
test_run_ecdsa_sign_verify();
|
2013-03-10 21:25:19 +01:00
|
|
|
return 0;
|
|
|
|
}
|