|
| 1 | +/*********************************************************************** |
| 2 | + * Distributed under the MIT software license, see the accompanying * |
| 3 | + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* |
| 4 | + ***********************************************************************/ |
| 5 | + |
| 6 | +#ifndef SECP256K1_MODULE_ELLSWIFT_TESTS_EXHAUSTIVE_H |
| 7 | +#define SECP256K1_MODULE_ELLSWIFT_TESTS_EXHAUSTIVE_H |
| 8 | + |
| 9 | +#include "../../../include/secp256k1_ellswift.h" |
| 10 | +#include "main_impl.h" |
| 11 | + |
| 12 | +static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256k1_ge *group) { |
| 13 | + int i; |
| 14 | + |
| 15 | + /* Note that SwiftEC/ElligatorSwift are inherently curve operations, not |
| 16 | + * group operations, and this test only checks the curve points which are in |
| 17 | + * a tiny subgroup. In that sense it can't be really seen as exhaustive as |
| 18 | + * it doesn't (and for computational reasons obviously cannot) test the |
| 19 | + * entire domain ellswift operates under. */ |
| 20 | + for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { |
| 21 | + secp256k1_scalar scalar_i; |
| 22 | + unsigned char sec32[32]; |
| 23 | + unsigned char ell64[64]; |
| 24 | + secp256k1_pubkey pub_decoded; |
| 25 | + secp256k1_ge ge_decoded; |
| 26 | + |
| 27 | + /* Construct ellswift pubkey from exhaustive loop scalar i. */ |
| 28 | + secp256k1_scalar_set_int(&scalar_i, i); |
| 29 | + secp256k1_scalar_get_b32(sec32, &scalar_i); |
| 30 | + CHECK(secp256k1_ellswift_create(ctx, ell64, sec32, NULL)); |
| 31 | + |
| 32 | + /* Decode ellswift pubkey and check that it matches the precomputed group element. */ |
| 33 | + secp256k1_ellswift_decode(ctx, &pub_decoded, ell64); |
| 34 | + secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded); |
| 35 | + ge_equals_ge(&ge_decoded, &group[i]); |
| 36 | + } |
| 37 | +} |
| 38 | + |
| 39 | +#endif |
0 commit comments