First step in converting to C: num

2026-01-20 23:29:12 +01:00 · 2013-03-24 10:38:35 +01:00
parent 21b74c7e5f
commit 4adf6b2a32
17 changed files with 508 additions and 472 deletions
--- a/tests.cpp
+++ b/tests.cpp
@@ -6,6 +6,9 @@
 #include "ecmult.cpp"
 #include "ecdsa.cpp"

+// #define COUNT 2
+#define COUNT 100
+
 using namespace secp256k1;

 void test_run_ecmult_chain() {
@@ -14,36 +17,56 @@ void test_run_ecmult_chain() {
    FieldElem ay; ay.SetHex("a357ae915c4a65281309edf20504740f0eb3343990216b4f81063cb65f2f7e0f");
    GroupElemJac a(ax,ay);
    // two random initial factors xn and gn
-    Number xn; xn.SetHex("84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407");
-    Number gn; gn.SetHex("a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de");
+    secp256k1_num_t xn;
+    secp256k1_num_init(&xn);
+    secp256k1_num_set_hex(&xn, "84cc5452f7fde1edb4d38a8ce9b1b84ccef31f146e569be9705d357a42985407", 64);
+    secp256k1_num_t gn;
+    secp256k1_num_init(&gn);
+    secp256k1_num_set_hex(&gn, "a1e58d22553dcd42b23980625d4c57a96e9323d42b3152e5ca2c3990edc7c9de", 64);
    // two small multipliers to be applied to xn and gn in every iteration:
-    Number xf; xf.SetHex("1337");
-    Number gf; gf.SetHex("7113");
+    secp256k1_num_t xf;
+    secp256k1_num_init(&xf);
+    secp256k1_num_set_hex(&xf, "1337", 4);
+    secp256k1_num_t gf;
+    secp256k1_num_init(&gf);
+    secp256k1_num_set_hex(&gf, "7113", 4);
    // accumulators with the resulting coefficients to A and G
-    Number ae; ae.SetHex("01");
-    Number ge; ge.SetHex("00");
+    secp256k1_num_t ae;
+    secp256k1_num_init(&ae);
+    secp256k1_num_set_int(&ae, 1);
+    secp256k1_num_t ge;
+    secp256k1_num_init(&ge);
+    secp256k1_num_set_int(&ge, 0);
    // the point being computed
    GroupElemJac x = a;
-    const Number &order = GetGroupConst().order;
-    for (int i=0; i<20000; i++) {
+    const secp256k1_num_t &order = GetGroupConst().order;
+    for (int i=0; i<200*COUNT; i++) {
        // in each iteration, compute X = xn*X + gn*G;
        ECMult(x, x, xn, gn);
        // also compute ae and ge: the actual accumulated factors for A and G
        // if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G)
-        ae.SetModMul(ae, xn, order);
-        ge.SetModMul(ge, xn, order);
-        ge.SetAdd(ge, gn);
-        ge.SetMod(ge, order);
+        secp256k1_num_mod_mul(&ae, &ae, &xn, &order);
+        secp256k1_num_mod_mul(&ge, &ge, &xn, &order);
+        secp256k1_num_add(&ge, &ge, &gn);
+        secp256k1_num_mod(&ge, &ge, &order);
        // modify xn and gn
-        xn.SetModMul(xn, xf, order);
-        gn.SetModMul(gn, gf, order);
+        secp256k1_num_mod_mul(&xn, &xn, &xf, &order);
+        secp256k1_num_mod_mul(&gn, &gn, &gf, &order);
    }
    std::string res = x.ToString();
-    assert(res == "(D6E96687F9B10D092A6F35439D86CEBEA4535D0D409F53586440BD74B933E830,B95CBCA2C77DA786539BE8FD53354D2D3B4F566AE658045407ED6015EE1B2A88)");
+    if (COUNT == 100) {
+      assert(res == "(D6E96687F9B10D092A6F35439D86CEBEA4535D0D409F53586440BD74B933E830,B95CBCA2C77DA786539BE8FD53354D2D3B4F566AE658045407ED6015EE1B2A88)");
+    }
    // redo the computation, but directly with the resulting ae and ge coefficients:
    GroupElemJac x2; ECMult(x2, a, ae, ge);
    std::string res2 = x2.ToString();
    assert(res == res2);
+    secp256k1_num_free(&xn);
+    secp256k1_num_free(&gn);
+    secp256k1_num_free(&xf);
+    secp256k1_num_free(&gf);
+    secp256k1_num_free(&ae);
+    secp256k1_num_free(&ge);
 }

 void test_point_times_order(const GroupElemJac &point) {
@@ -52,10 +75,13 @@ void test_point_times_order(const GroupElemJac &point) {
        return;

    const GroupConstants &c = GetGroupConst();
-    Number zero; zero.SetInt(0);
+    secp256k1_num_t zero;
+    secp256k1_num_init(&zero);
+    secp256k1_num_set_int(&zero, 0);
    GroupElemJac res;
    ECMult(res, point, c.order, zero); // calc res = order * point + 0 * G;
    assert(res.IsInfinity());
+    secp256k1_num_free(&zero);
 }

 void test_run_point_times_order() {
@@ -68,14 +94,17 @@ void test_run_point_times_order() {
    assert(x.ToString() == "7603CB59B0EF6C63FE6084792A0C378CDB3233A80F8A9A09A877DEAD31B38C45"); // 0x02 ^ (2^500)
 }

-void test_wnaf(const Number &number, int w) {
-    Number x, two, t;
-    x.SetInt(0);
-    two.SetInt(2);
+void test_wnaf(const secp256k1_num_t &number, int w) {
+    secp256k1_num_t x, two, t;
+    secp256k1_num_init(&x);
+    secp256k1_num_init(&two);
+    secp256k1_num_init(&t);
+    secp256k1_num_set_int(&x, 0);
+    secp256k1_num_set_int(&two, 2);
    WNAF<1023> wnaf(number, w);
    int zeroes = -1;
    for (int i=wnaf.GetSize()-1; i>=0; i--) {
-        x.SetMult(x, two);
+        secp256k1_num_mul(&x, &x, &two);
        int v = wnaf.Get(i);
        if (v) {
            assert(zeroes == -1 || zeroes >= w-1); // check that distance between non-zero elements is at least w-1
@@ -87,44 +116,64 @@ void test_wnaf(const Number &number, int w) {
            assert(zeroes != -1); // check that no unnecessary zero padding exists
            zeroes++;
        }
-        t.SetInt(v);
-        x.SetAdd(x, t);
+        secp256k1_num_set_int(&t, v);
+        secp256k1_num_add(&x, &x, &t);
    }
-    assert(x.Compare(number) == 0); // check that wnaf represents number
+    assert(secp256k1_num_cmp(&x, &number) == 0); // check that wnaf represents number
+    secp256k1_num_free(&x);
+    secp256k1_num_free(&two);
+    secp256k1_num_free(&t);
 }

 void test_run_wnaf() {
-    Number range, min, n;
-    range.SetHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); // 2^1024-1
-    min = range; min.Shift1(); min.Negate();
-    for (int i=0; i<100; i++) {
-        n.SetPseudoRand(range); n.SetAdd(n,min);
+    secp256k1_num_t range, min, n;
+    secp256k1_num_init(&range);
+    secp256k1_num_init(&min);
+    secp256k1_num_init(&n);
+    secp256k1_num_set_hex(&range, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 256);
+    secp256k1_num_copy(&min, &range);
+    secp256k1_num_shift(&min, 1);
+    secp256k1_num_negate(&min);
+    for (int i=0; i<COUNT; i++) {
+        secp256k1_num_set_rand(&n, &range);
+        secp256k1_num_add(&n, &n, &min);
        test_wnaf(n, 4+(i%10));
    }
+    secp256k1_num_free(&range);
+    secp256k1_num_free(&min);
+    secp256k1_num_free(&n);
 }

 void test_ecdsa_sign_verify() {
    const GroupConstants &c = GetGroupConst();
-    Number msg; msg.SetPseudoRand(c.order);
-    Number key; key.SetPseudoRand(c.order);
-    Number nonce;
+    secp256k1_num_t msg, key, nonce;
+    secp256k1_num_init(&msg);
+    secp256k1_num_set_rand(&msg, &c.order);
+    secp256k1_num_init(&key);
+    secp256k1_num_set_rand(&key, &c.order);
+    secp256k1_num_init(&nonce);
    GroupElemJac pub; ECMultBase(pub, key);
    Signature sig;
    do {
-        nonce.SetPseudoRand(c.order);
+        secp256k1_num_set_rand(&nonce, &c.order);
    } while(!sig.Sign(key, msg, nonce));
    assert(sig.Verify(pub, msg));
-    msg.Inc();
+    secp256k1_num_inc(&msg);
    assert(!sig.Verify(pub, msg));
+    secp256k1_num_free(&msg);
+    secp256k1_num_free(&key);
+    secp256k1_num_free(&nonce);
 }

 void test_run_ecdsa_sign_verify() {
-    for (int i=0; i<1000; i++) {
+    for (int i=0; i<10*COUNT; i++) {
        test_ecdsa_sign_verify();
    }
 }

 int main(void) {
+    secp256k1_num_start();
+
    test_run_wnaf();
    test_run_point_times_order();
    test_run_ecmult_chain();