2015-10-26 14:54:21 +00:00
|
|
|
/**********************************************************************
|
|
|
|
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
|
|
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
|
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
2018-07-09 11:17:44 +00:00
|
|
|
#ifndef SECP256K1_TESTRAND_IMPL_H
|
|
|
|
|
#define SECP256K1_TESTRAND_IMPL_H
|
2015-10-26 14:54:21 +00:00
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include "testrand.h"
|
|
|
|
|
#include "hash.h"
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static rustsecp256k1_v0_1_0_rfc6979_hmac_sha256 rustsecp256k1_v0_1_0_test_rng;
|
|
|
|
|
static uint32_t rustsecp256k1_v0_1_0_test_rng_precomputed[8];
|
|
|
|
|
static int rustsecp256k1_v0_1_0_test_rng_precomputed_used = 8;
|
|
|
|
|
static uint64_t rustsecp256k1_v0_1_0_test_rng_integer;
|
|
|
|
|
static int rustsecp256k1_v0_1_0_test_rng_integer_bits_left = 0;
|
2015-10-26 14:54:21 +00:00
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
SECP256K1_INLINE static void rustsecp256k1_v0_1_0_rand_seed(const unsigned char *seed16) {
|
|
|
|
|
rustsecp256k1_v0_1_0_rfc6979_hmac_sha256_initialize(&rustsecp256k1_v0_1_0_test_rng, seed16, 16);
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
SECP256K1_INLINE static uint32_t rustsecp256k1_v0_1_0_rand32(void) {
|
|
|
|
|
if (rustsecp256k1_v0_1_0_test_rng_precomputed_used == 8) {
|
|
|
|
|
rustsecp256k1_v0_1_0_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_1_0_test_rng, (unsigned char*)(&rustsecp256k1_v0_1_0_test_rng_precomputed[0]), sizeof(rustsecp256k1_v0_1_0_test_rng_precomputed));
|
|
|
|
|
rustsecp256k1_v0_1_0_test_rng_precomputed_used = 0;
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
2019-10-21 15:06:23 +00:00
|
|
|
return rustsecp256k1_v0_1_0_test_rng_precomputed[rustsecp256k1_v0_1_0_test_rng_precomputed_used++];
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static uint32_t rustsecp256k1_v0_1_0_rand_bits(int bits) {
|
2015-10-26 14:54:21 +00:00
|
|
|
uint32_t ret;
|
2019-10-21 15:06:23 +00:00
|
|
|
if (rustsecp256k1_v0_1_0_test_rng_integer_bits_left < bits) {
|
|
|
|
|
rustsecp256k1_v0_1_0_test_rng_integer |= (((uint64_t)rustsecp256k1_v0_1_0_rand32()) << rustsecp256k1_v0_1_0_test_rng_integer_bits_left);
|
|
|
|
|
rustsecp256k1_v0_1_0_test_rng_integer_bits_left += 32;
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
2019-10-21 15:06:23 +00:00
|
|
|
ret = rustsecp256k1_v0_1_0_test_rng_integer;
|
|
|
|
|
rustsecp256k1_v0_1_0_test_rng_integer >>= bits;
|
|
|
|
|
rustsecp256k1_v0_1_0_test_rng_integer_bits_left -= bits;
|
2015-10-26 14:54:21 +00:00
|
|
|
ret &= ((~((uint32_t)0)) >> (32 - bits));
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static uint32_t rustsecp256k1_v0_1_0_rand_int(uint32_t range) {
|
2015-10-26 14:54:21 +00:00
|
|
|
/* We want a uniform integer between 0 and range-1, inclusive.
|
|
|
|
|
* B is the smallest number such that range <= 2**B.
|
|
|
|
|
* two mechanisms implemented here:
|
|
|
|
|
* - generate B bits numbers until one below range is found, and return it
|
|
|
|
|
* - find the largest multiple M of range that is <= 2**(B+A), generate B+A
|
|
|
|
|
* bits numbers until one below M is found, and return it modulo range
|
|
|
|
|
* The second mechanism consumes A more bits of entropy in every iteration,
|
|
|
|
|
* but may need fewer iterations due to M being closer to 2**(B+A) then
|
|
|
|
|
* range is to 2**B. The array below (indexed by B) contains a 0 when the
|
|
|
|
|
* first mechanism is to be used, and the number A otherwise.
|
|
|
|
|
*/
|
|
|
|
|
static const int addbits[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 1, 0};
|
|
|
|
|
uint32_t trange, mult;
|
|
|
|
|
int bits = 0;
|
|
|
|
|
if (range <= 1) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
trange = range - 1;
|
|
|
|
|
while (trange > 0) {
|
|
|
|
|
trange >>= 1;
|
|
|
|
|
bits++;
|
|
|
|
|
}
|
|
|
|
|
if (addbits[bits]) {
|
|
|
|
|
bits = bits + addbits[bits];
|
|
|
|
|
mult = ((~((uint32_t)0)) >> (32 - bits)) / range;
|
|
|
|
|
trange = range * mult;
|
|
|
|
|
} else {
|
|
|
|
|
trange = range;
|
|
|
|
|
mult = 1;
|
|
|
|
|
}
|
|
|
|
|
while(1) {
|
2019-10-21 15:06:23 +00:00
|
|
|
uint32_t x = rustsecp256k1_v0_1_0_rand_bits(bits);
|
2015-10-26 14:54:21 +00:00
|
|
|
if (x < trange) {
|
|
|
|
|
return (mult == 1) ? x : (x % range);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static void rustsecp256k1_v0_1_0_rand256(unsigned char *b32) {
|
|
|
|
|
rustsecp256k1_v0_1_0_rfc6979_hmac_sha256_generate(&rustsecp256k1_v0_1_0_test_rng, b32, 32);
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static void rustsecp256k1_v0_1_0_rand_bytes_test(unsigned char *bytes, size_t len) {
|
2015-10-26 14:54:21 +00:00
|
|
|
size_t bits = 0;
|
|
|
|
|
memset(bytes, 0, len);
|
|
|
|
|
while (bits < len * 8) {
|
|
|
|
|
int now;
|
|
|
|
|
uint32_t val;
|
2019-10-21 15:06:23 +00:00
|
|
|
now = 1 + (rustsecp256k1_v0_1_0_rand_bits(6) * rustsecp256k1_v0_1_0_rand_bits(5) + 16) / 31;
|
|
|
|
|
val = rustsecp256k1_v0_1_0_rand_bits(1);
|
2015-10-26 14:54:21 +00:00
|
|
|
while (now > 0 && bits < len * 8) {
|
|
|
|
|
bytes[bits / 8] |= val << (bits % 8);
|
|
|
|
|
now--;
|
|
|
|
|
bits++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-21 15:06:23 +00:00
|
|
|
static void rustsecp256k1_v0_1_0_rand256_test(unsigned char *b32) {
|
|
|
|
|
rustsecp256k1_v0_1_0_rand_bytes_test(b32, 32);
|
2015-10-26 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2018-07-09 11:17:44 +00:00
|
|
|
#endif /* SECP256K1_TESTRAND_IMPL_H */
|
