From c5ff48b9a5091a30aa1ee0fa6e7e057f10febe39 Mon Sep 17 00:00:00 2001 From: sowle Date: Thu, 6 Apr 2023 02:50:12 +0200 Subject: [PATCH] crypto constants refactored: moved to headers as constexpr's, new constexpr ctors added, some were improved + tests greatly improved (crypto_constants and crypto_scalar_basics) --- src/crypto/crypto-sugar.cpp | 22 --- src/crypto/crypto-sugar.h | 139 ++++++++++++++---- src/currency_core/currency_basic.h | 6 +- src/currency_core/currency_format_utils.cpp | 3 - tests/functional_tests/crypto_tests.cpp | 154 ++++++++++++++------ 5 files changed, 220 insertions(+), 104 deletions(-) diff --git a/src/crypto/crypto-sugar.cpp b/src/crypto/crypto-sugar.cpp index 44cb960d..fe7cd63a 100644 --- a/src/crypto/crypto-sugar.cpp +++ b/src/crypto/crypto-sugar.cpp @@ -10,27 +10,5 @@ namespace crypto { - const point_g_t c_point_G; - - const scalar_t c_scalar_1 = { 1 }; - const scalar_t c_scalar_2p64 = { 0, 1, 0, 0 }; - const scalar_t c_scalar_L = { 0x5812631a5cf5d3ed, 0x14def9dea2f79cd6, 0x0, 0x1000000000000000 }; - const scalar_t c_scalar_Lm1 = { 0x5812631a5cf5d3ec, 0x14def9dea2f79cd6, 0x0, 0x1000000000000000 }; - const scalar_t c_scalar_P = { 0xffffffffffffffed, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff }; - const scalar_t c_scalar_Pm1 = { 0xffffffffffffffec, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff }; - const scalar_t c_scalar_256m1 = { 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff }; - const scalar_t c_scalar_1div8 = { 0x6106e529e2dc2f79, 0x07d39db37d1cdad0, 0x0, 0x0600000000000000 }; - - const point_t c_point_H = { 0x05087c1f5b9b32d6, 0x00547595f445c3b5, 0x764df64578552f2a, 0x8a49a651e0e0da45 }; // == Hp(G), this is being checked in bpp_basics - const point_t c_point_H2 = { 0x70c8d1ab9dbf1cc0, 0xc561bb12639a8516, 0x3cfff1def9e5b268, 0xe0936386f3bcce1a }; // == Hp("h2_generator"), checked in bpp_basics - const point_t c_point_U = { 0x5b17569f418e26d0, 0xd45af23bdf43c291, 0xe380f518f0a7432f, 0xa1c94a907d0bc61c }; // == Hp("U_generator"), checked in bpp_basics - const point_t c_point_X = { 0xc9d2f543dbbc253a, 0x87099e9ac33d06dd, 0x76bcf12dcf6ffcba, 0x20384a4a88752d32 }; // == Hp("X_generator"), checked in clsag_ggxg_basics - - const point_t c_point_0 = point_t(point_t::tag_zero()); - - const point_t c_point_H_plus_G = c_point_H + c_point_G; // checked in crypto_constants - const point_t c_point_H_minus_G = c_point_H - c_point_G; // checked in crypto_constants - - static_assert(sizeof(scalar_t::m_sk) == sizeof(scalar_t::m_u64) && sizeof(scalar_t::m_u64) == sizeof(scalar_t::m_s), "size missmatch"); } // namespace crypto diff --git a/src/crypto/crypto-sugar.h b/src/crypto/crypto-sugar.h index fac168b8..1160859e 100644 --- a/src/crypto/crypto-sugar.h +++ b/src/crypto/crypto-sugar.h @@ -98,6 +98,22 @@ namespace crypto return ss.str(); } + template + std::string pod_to_comma_separated_chars(const pod_t &h) + { + std::stringstream ss; + ss << std::hex << std::setfill('0'); + size_t len = sizeof h; + const unsigned char* p = (const unsigned char*)&h; + for (size_t i = 0; i < len; ++i) + { + ss << "'\\x" << std::setw(2) << static_cast(p[i]) << "'"; + if (i + 1 != len) + ss << ", "; + } + return ss.str(); + } + template std::string pod_to_hex_comma_separated_uint64(const pod_t &h) { @@ -115,6 +131,22 @@ namespace crypto return ss.str(); } + template + std::string pod_to_comma_separated_int32(const pod_t &h) + { + static_assert((sizeof h) % 4 == 0, "size of h should be a multiple of 32 bit"); + size_t len = (sizeof h) / 4; + std::stringstream ss; + const int32_t* p = (const int32_t*)&h; + for (size_t i = 0; i < len; ++i) + { + ss << static_cast(p[i]); + if (i + 1 != len) + ss << ", "; + } + return ss.str(); + } + template bool parse_tpod_from_hex_string(const std::string& hex_str, t_pod_type& t_pod) { @@ -172,12 +204,9 @@ namespace crypto scalar_t() = default; // won't check scalar range validity (< L) - scalar_t(uint64_t a0, uint64_t a1, uint64_t a2, uint64_t a3) + constexpr scalar_t(uint64_t a0, uint64_t a1, uint64_t a2, uint64_t a3) noexcept + : m_u64{a0, a1, a2, a3} { - m_u64[0] = a0; - m_u64[1] = a1; - m_u64[2] = a2; - m_u64[3] = a3; } // won't check scalar range validity (< L) @@ -486,6 +515,7 @@ namespace crypto m_u64[bit_index >> 6] &= ~(1ull << (bit_index & 63)); } + // does not reduce static scalar_t power_of_2(uint8_t exponent) { scalar_t result = 0; @@ -496,17 +526,20 @@ namespace crypto }; // struct scalar_t // - // Global constants + // Global constants (checked in crypto_constants) // - extern const scalar_t c_scalar_1; - extern const scalar_t c_scalar_2p64; - extern const scalar_t c_scalar_L; - extern const scalar_t c_scalar_Lm1; - extern const scalar_t c_scalar_P; - extern const scalar_t c_scalar_Pm1; - extern const scalar_t c_scalar_256m1; - extern const scalar_t c_scalar_1div8; + static constexpr scalar_t c_scalar_0 = { 0, 0, 0, 0 }; + static constexpr scalar_t c_scalar_1 = { 1, 0, 0, 0 }; + static constexpr scalar_t c_scalar_2p64 = { 0, 1, 0, 0 }; + static constexpr scalar_t c_scalar_L = { 0x5812631a5cf5d3ed, 0x14def9dea2f79cd6, 0x0, 0x1000000000000000 }; + static constexpr scalar_t c_scalar_Lm1 = { 0x5812631a5cf5d3ec, 0x14def9dea2f79cd6, 0x0, 0x1000000000000000 }; + static constexpr scalar_t c_scalar_P = { 0xffffffffffffffed, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff }; + static constexpr scalar_t c_scalar_Pm1 = { 0xffffffffffffffec, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff }; + static constexpr scalar_t c_scalar_256m1 = { 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff }; + static constexpr scalar_t c_scalar_1div8 = { 0x6106e529e2dc2f79, 0x07d39db37d1cdad0, 0x0, 0x0600000000000000 }; + + static_assert(sizeof(scalar_t::m_sk) == sizeof(scalar_t::m_u64) && sizeof(scalar_t::m_u64) == sizeof(scalar_t::m_s), "size missmatch"); // // @@ -559,6 +592,53 @@ namespace crypto { } + explicit constexpr point_t(const int32_t(&v)[40]) noexcept + { + m_p3.X[0] = v[0]; + m_p3.X[1] = v[1]; + m_p3.X[2] = v[2]; + m_p3.X[3] = v[3]; + m_p3.X[4] = v[4]; + m_p3.X[5] = v[5]; + m_p3.X[6] = v[6]; + m_p3.X[7] = v[7]; + m_p3.X[8] = v[8]; + m_p3.X[9] = v[9]; + + m_p3.Y[0] = v[10]; + m_p3.Y[1] = v[11]; + m_p3.Y[2] = v[12]; + m_p3.Y[3] = v[13]; + m_p3.Y[4] = v[14]; + m_p3.Y[5] = v[15]; + m_p3.Y[6] = v[16]; + m_p3.Y[7] = v[17]; + m_p3.Y[8] = v[18]; + m_p3.Y[9] = v[19]; + + m_p3.Z[0] = v[20]; + m_p3.Z[1] = v[21]; + m_p3.Z[2] = v[22]; + m_p3.Z[3] = v[23]; + m_p3.Z[4] = v[24]; + m_p3.Z[5] = v[25]; + m_p3.Z[6] = v[26]; + m_p3.Z[7] = v[27]; + m_p3.Z[8] = v[28]; + m_p3.Z[9] = v[29]; + + m_p3.T[0] = v[30]; + m_p3.T[1] = v[31]; + m_p3.T[2] = v[32]; + m_p3.T[3] = v[33]; + m_p3.T[4] = v[34]; + m_p3.T[5] = v[35]; + m_p3.T[6] = v[36]; + m_p3.T[7] = v[37]; + m_p3.T[8] = v[38]; + m_p3.T[9] = v[39]; + } + // as we're using additive notation, zero means identity group element (EC point (0, 1)) here and after void zero() { @@ -772,6 +852,11 @@ namespace crypto return pod_to_hex_comma_separated_uint64(pk); } + std::string to_comma_separated_int32_str() const + { + return pod_to_comma_separated_int32(m_p3); + } + }; // struct point_t @@ -780,10 +865,9 @@ namespace crypto // struct point_g_t : public point_t { - point_g_t() + explicit constexpr point_g_t(const int32_t(&v)[40]) noexcept + : point_t(v) { - scalar_t one(1); - ge_scalarmult_base(&m_p3, &one.m_s[0]); } friend point_t operator*(const scalar_t& lhs, const point_g_t&) @@ -964,19 +1048,18 @@ namespace crypto // - // Global constants + // Global constants (checked in crypto_constants test) // - extern const point_g_t c_point_G; - - extern const point_t c_point_H; - extern const point_t c_point_H2; - extern const point_t c_point_U; - extern const point_t c_point_X; - extern const point_t c_point_0; - extern const point_t c_point_H_plus_G; - extern const point_t c_point_H_minus_G; - + static constexpr point_t c_point_0 {{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }}; + static constexpr point_g_t c_point_G {{ 25485296, 5318399, 8791791, -8299916, -14349720, 6939349, -3324311, -7717049, 7287234, -6577708, -758052, -1832720, 13046421, -4857925, 6576754, 14371947, -13139572, 6845540, -2198883, -4003719, -947565, 6097708, -469190, 10704810, -8556274, -15589498, -16424464, -16608899, 14028613, -5004649, 6966464, -2456167, 7033433, 6781840, 28785542, 12262365, -2659449, 13959020, -21013759, -5262166 }}; + static constexpr point_t c_point_H {{ 20574939, 16670001, -29137604, 14614582, 24883426, 3503293, 2667523, 420631, 2267646, -4769165, -11764015, -12206428, -14187565, -2328122, -16242653, -788308, -12595746, -8251557, -10110987, 853396, -4982135, 6035602, -21214320, 16156349, 977218, 2807645, 31002271, 5694305, -16054128, 5644146, -15047429, -568775, -22568195, -8089957, -27721961, -10101877, -29459620, -13359100, -31515170, -6994674 }}; + static constexpr point_t c_point_H2 {{ 1318371, 14804112, 12545972, -13482561, -12089798, -16020744, -21221907, -8410994, -33080606, 11275578, 3807637, 11185450, -23227561, -12892068, 1356866, -1025012, -8022738, -8139671, -20315029, -13916324, -6475650, -7025596, 12403179, -5139984, -12068178, 10445584, -14826705, -4927780, 13964546, 12525942, -2314107, -10566315, 32243863, 15603849, 5154154, 4276633, -20918372, -15718796, -26386151, 8434696 }}; + static constexpr point_t c_point_U {{ 30807552, 984924, 23426137, -5598760, 7545909, 16325843, 993742, 2594106, -31962071, -959867, 16454190, -4091093, 1197656, 13586872, -9269020, -14133290, 1869274, 13360979, -24627258, -10663086, 2212027, 1198856, 20515811, 15870563, -23833732, 9839517, -19416306, 11567295, -4212053, 348531, -2671541, 484270, -19128078, 1236698, -16002690, 9321345, 9776066, 10711838, 11187722, -16371275 }}; + static constexpr point_t c_point_X {{ 25635916, -5459446, 5768861, 5666160, -6357364, -12939311, 29490001, -4543704, -31266450, -2582476, 23705213, 9562626, -716512, 16560168, 7947407, 2039790, -2752711, 4742449, 3356761, 16338966, 17303421, -5790717, -5684800, 12062431, -3307947, 8139265, -26544839, 12058874, 3452748, 3359034, 26514848, -6060876, 31255039, 11154418, -21741975, -3782423, -19871841, 5729859, 21754676, -12454027 }}; + static constexpr point_t c_point_H_plus_G {{ 12291435, 3330843, -3390294, 13894858, -1099584, -6848191, 12040668, -15950068, -7494633, 12566672, -5526901, -16645799, -31081168, -1095427, -13082463, 4573480, -11255691, 4344628, 33477173, 11137213, -3837023, -12436594, -8471924, -814016, 10785607, 9492721, 10992667, 7406385, -5687296, -127915, -6229107, -9324867, 558657, 6493750, 4895261, 12642545, 9549220, 696086, 21894285, -10521807 }}; + static constexpr point_t c_point_H_minus_G {{ -28347682, 3523701, -3380175, -14453727, 4238027, -6032522, 20235758, 4091609, 12557126, -8064113, 4212476, -13419094, -114185, -7650727, -24238, 16663404, 23676363, -6819610, 18286466, 8714527, -3837023, -12436594, -8471924, -814016, 10785607, 9492721, 10992667, 7406385, -5687296, -127915, -20450317, 13815641, -11604061, -447489, 27380225, 9400847, -8551293, -1173627, -28110171, 14241295 }}; + // // hash functions' helper // diff --git a/src/currency_core/currency_basic.h b/src/currency_core/currency_basic.h index 9133873a..76b48224 100644 --- a/src/currency_core/currency_basic.h +++ b/src/currency_core/currency_basic.h @@ -59,9 +59,9 @@ namespace currency const static crypto::hash ffff_hash = epee::string_tools::hex_to_pod("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); const static crypto::public_key ffff_pkey = epee::string_tools::hex_to_pod("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); // TODO @#@# consider getting rid of this - extern const crypto::public_key native_coin_asset_id; - extern const crypto::point_t native_coin_asset_id_pt; - extern const crypto::public_key native_coin_asset_id_1div8; + const static crypto::point_t native_coin_asset_id_pt = crypto::c_point_H; + const static crypto::public_key native_coin_asset_id = reinterpret_cast(crypto::ec_scalar{'\xd6', '\x32', '\x9b', '\x5b', '\x1f', '\x7c', '\x08', '\x05', '\xb5', '\xc3', '\x45', '\xf4', '\x95', '\x75', '\x54', '\x00', '\x2a', '\x2f', '\x55', '\x78', '\x45', '\xf6', '\x4d', '\x76', '\x45', '\xda', '\xe0', '\xe0', '\x51', '\xa6', '\x49', '\x8a'}); // == crypto::c_point_H, checked in crypto_constants + const static crypto::public_key native_coin_asset_id_1div8 = reinterpret_cast(crypto::ec_scalar{'\x74', '\xc3', '\x2d', '\x3e', '\xaa', '\xfa', '\xfc', '\x62', '\x3b', '\xf4', '\x83', '\xe8', '\x58', '\xd4', '\x2e', '\x8b', '\xf4', '\xec', '\x7d', '\xf0', '\x64', '\xad', '\xa2', '\xe3', '\x49', '\x34', '\x46', '\x9c', '\xff', '\x6b', '\x62', '\x68'}); // == 1/8 * crypto::c_point_H, checked in crypto_constants const static wide_difficulty_type global_difficulty_pow_starter = DIFFICULTY_POW_STARTER; const static wide_difficulty_type global_difficulty_pos_starter = DIFFICULTY_POS_STARTER; diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp index 7b3bb029..cfb55c61 100644 --- a/src/currency_core/currency_format_utils.cpp +++ b/src/currency_core/currency_format_utils.cpp @@ -37,9 +37,6 @@ using namespace epee; namespace currency { - const crypto::point_t native_coin_asset_id_pt = crypto::point_t(0x05087c1f5b9b32d6, 0x00547595f445c3b5, 0x764df64578552f2a, 0x8a49a651e0e0da45); // == crypto::c_point_H, checked in crypto_basics test - const crypto::public_key native_coin_asset_id = native_coin_asset_id_pt.to_public_key(); // == crypto::c_point_H, checked in crypto_basics test - const crypto::public_key native_coin_asset_id_1div8 = crypto::point_t(0x62fcfaaa3e2dc374, 0x8b2ed458e883f43b, 0xe3a2ad64f07decf4, 0x68626bff9c463449).to_public_key(); // == 1/8 * crypto::c_point_H, checked in crypto_basics test //--------------------------------------------------------------- bool add_tx_extra_alias(transaction& tx, const extra_alias_entry& alinfo) diff --git a/tests/functional_tests/crypto_tests.cpp b/tests/functional_tests/crypto_tests.cpp index b6d1a7ab..2e3799ba 100644 --- a/tests/functional_tests/crypto_tests.cpp +++ b/tests/functional_tests/crypto_tests.cpp @@ -503,32 +503,112 @@ struct test_keeper_t // Tests // -TEST(crypto, basics) +TEST(crypto, constants) { - ASSERT_EQ(c_point_H, hash_helper_t::hp(c_point_G)); - ASSERT_EQ(c_point_H2, hash_helper_t::hp("h2_generator")); - ASSERT_EQ(c_point_U, hash_helper_t::hp("U_generator")); - ASSERT_EQ(c_point_X, hash_helper_t::hp("X_generator")); + // + // field elements + // + scalar_t zero = {0, 0, 0, 0}; + scalar_t one = {1, 0, 0, 0}; + ASSERT_TRUE(zero.is_zero()); + ASSERT_FALSE(one.is_zero()); + ASSERT_TRUE(one > zero); + scalar_t r = scalar_t::random(); + ASSERT_EQ(r * zero, zero); + ASSERT_EQ(r * one, r); + ASSERT_EQ(c_scalar_0, zero); + ASSERT_EQ(c_scalar_1, one); + + ASSERT_EQ(c_scalar_2p64 - c_scalar_1, scalar_t(UINT64_MAX)); + ASSERT_EQ(c_scalar_2p64, scalar_t(UINT64_MAX) + c_scalar_1); + ASSERT_EQ(c_scalar_2p64, scalar_t::power_of_2(64)); + + ASSERT_EQ(zero + c_scalar_L, zero); + ASSERT_EQ(c_scalar_L + zero, zero); + ASSERT_EQ(r + c_scalar_L, r); + ASSERT_EQ(c_scalar_L + r, r); + + ASSERT_EQ(c_scalar_Lm1 + c_scalar_1, c_scalar_0); + ASSERT_EQ(c_scalar_0 - c_scalar_1, c_scalar_Lm1); + + ASSERT_EQ(c_scalar_P.as_boost_mp_type(), scalar_t::power_of_2(255).as_boost_mp_type() - 19); + + ASSERT_EQ(c_scalar_P.as_boost_mp_type() - c_scalar_Pm1.as_boost_mp_type(), mp::uint256_t(1)); + ASSERT_EQ(c_scalar_Pm1 + r, c_scalar_P - c_scalar_1 + r); + + ASSERT_EQ(c_scalar_256m1.as_boost_mp_type(), scalar_t::power_of_2(255).as_boost_mp_type() * 2 - 1); + + ASSERT_EQ(c_scalar_1div8 * scalar_t(8), c_scalar_1); + ASSERT_NEQ(c_scalar_1div8, c_scalar_1); + ASSERT_NEQ(c_scalar_1div8 * scalar_t(2), c_scalar_1); + ASSERT_NEQ(c_scalar_1div8 * scalar_t(4), c_scalar_1); + + LOG_PRINT_L0("0 = " << c_scalar_0 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_0) << " }"); + LOG_PRINT_L0("1 = " << c_scalar_1 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_1) << " }"); + LOG_PRINT_L0("2^64 = " << c_scalar_2p64 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_2p64) << " }"); + LOG_PRINT_L0("L = " << c_scalar_L << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_L) << " }"); + LOG_PRINT_L0("L - 1 = " << c_scalar_Lm1 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_Lm1) << " }"); + LOG_PRINT_L0("P = " << c_scalar_P << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_P) << " }"); + LOG_PRINT_L0("P - 1 = " << c_scalar_Pm1 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_Pm1) << " }"); + LOG_PRINT_L0("2^256 - 1 = " << c_scalar_256m1 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_256m1) << " }"); + LOG_PRINT_L0("1/8 = " << c_scalar_1div8 << " = { " << pod_to_hex_comma_separated_uint64(c_scalar_1div8) << " }"); + LOG_PRINT_L0(ENDL); + + + // + // group elements + // + + // calculate all generators manually using on external constants + point_t p_0{}; + ge_p3_0(&p_0.m_p3); + + point_t G{}; + ge_scalarmult_base(&G.m_p3, c_scalar_1.data()); + + point_t H = hash_helper_t::hp(G); + point_t H2 = hash_helper_t::hp("H2_generator"); + point_t U = hash_helper_t::hp("U_generator"); + point_t X = hash_helper_t::hp("X_generator"); + point_t HpG = H + G; + point_t HmG = H - G; + point_t Hd8 = c_scalar_1div8 * H; + + ASSERT_EQ(scalar_t(8) * Hd8, H); + + // print them + LOG_PRINT_L0("0 = " << p_0 << " = { " << p_0.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("G = " << G << " = { " << G.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("H = " << H << " = { " << H.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0(" = { " << pod_to_comma_separated_chars(H.to_public_key()) << " }"); + LOG_PRINT_L0("H2 = " << H2 << " = { " << H2.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("U = " << U << " = { " << U.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("X = " << X << " = { " << X.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("H+G = " << HpG << " = { " << HpG.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("H-G = " << HmG << " = { " << HmG.to_comma_separated_int32_str() << " }"); + LOG_PRINT_L0("H / 8 = " << Hd8 << " = { " << pod_to_hex_comma_separated_bytes(Hd8.to_public_key()) << " }"); + LOG_PRINT_L0(" = { " << pod_to_comma_separated_chars(Hd8.to_public_key()) << " }"); + + // check constants + ASSERT_EQ(p_0, c_point_0); + ASSERT_EQ(G, c_point_G); + ASSERT_EQ(H, c_point_H); + ASSERT_EQ(H2, c_point_H2); + ASSERT_EQ(U, c_point_U); + ASSERT_EQ(X, c_point_X); + ASSERT_EQ(HpG, c_point_H_plus_G); + ASSERT_EQ(HmG, c_point_H_minus_G); ASSERT_EQ(currency::native_coin_asset_id, c_point_H.to_public_key()); ASSERT_EQ(currency::native_coin_asset_id_pt, c_point_H); ASSERT_EQ(currency::native_coin_asset_id_pt.to_public_key(), currency::native_coin_asset_id); - - const point_t с_1_div_8_H = c_scalar_1div8 * c_point_H; - LOG_PRINT_L0("1/8 * H = " << с_1_div_8_H << " = { " << с_1_div_8_H.to_hex_comma_separated_uint64_str() << " }"); - ASSERT_EQ(currency::native_coin_asset_id_1div8, (c_scalar_1div8 * c_point_H).to_public_key()); - - LOG_PRINT_L0("c_point_0 = " << c_point_0 << " = { " << c_point_0.to_hex_comma_separated_uint64_str() << " }"); - LOG_PRINT_L0("Zano G = " << c_point_G << " = { " << c_point_G.to_hex_comma_separated_bytes_str() << " }"); - LOG_PRINT_L0("Zano H = " << c_point_H << " = { " << c_point_H.to_hex_comma_separated_uint64_str() << " }"); - LOG_PRINT_L0("Zano H2 = " << c_point_H2 << " = { " << c_point_H2.to_hex_comma_separated_uint64_str() << " }"); - LOG_PRINT_L0("Zano U = " << c_point_U << " = { " << c_point_U.to_hex_comma_separated_uint64_str() << " }"); - LOG_PRINT_L0("Zano X = " << c_point_X << " = { " << c_point_X.to_hex_comma_separated_uint64_str() << " }"); + ASSERT_EQ(currency::native_coin_asset_id_1div8, Hd8.to_public_key()); return true; } + #include "crypto_tests_performance.h" TEST(crypto, ge_scalarmult_vartime_p3) @@ -833,17 +913,12 @@ TEST(crypto, keys) TEST(crypto, scalar_basics) { - const scalar_t zero = 0; - ASSERT_TRUE(zero.is_zero()); - const scalar_t one = 1; - ASSERT_FALSE(one.is_zero()); - ASSERT_TRUE(one > zero); - ASSERT_TRUE(one.muladd(zero, zero) == zero); + ASSERT_EQ(c_scalar_1.muladd(c_scalar_0, c_scalar_0), c_scalar_0); - ASSERT_EQ(-one, c_scalar_Lm1); - ASSERT_EQ(-one, scalar_t(0) - one); - ASSERT_EQ(-zero, zero); - ASSERT_EQ(-c_scalar_Lm1, one); + ASSERT_EQ(-c_scalar_1, c_scalar_Lm1); + ASSERT_EQ(-c_scalar_1, scalar_t(0) - c_scalar_1); + ASSERT_EQ(-c_scalar_0, c_scalar_0); + ASSERT_EQ(-c_scalar_Lm1, c_scalar_1); scalar_t z = 0; for (size_t j = 0; j < 1000; ++j) @@ -853,8 +928,8 @@ TEST(crypto, scalar_basics) ASSERT_TRUE(z.is_reduced()); ASSERT_TRUE(z > z - 1); ASSERT_TRUE(z < z + 1); - ASSERT_TRUE(z.muladd(one, zero) == z); - ASSERT_TRUE(z.muladd(zero, one) == one); + ASSERT_TRUE(z.muladd(c_scalar_1, c_scalar_0) == z); + ASSERT_TRUE(z.muladd(c_scalar_0, c_scalar_1) == c_scalar_1); ASSERT_TRUE(z.muladd(z, z) == z * z + z); } @@ -865,17 +940,7 @@ TEST(crypto, scalar_basics) ASSERT_TRUE(c_scalar_P > c_scalar_Pm1); ASSERT_FALSE(c_scalar_P < c_scalar_Pm1); - std::cout << "0 = " << zero << std::endl; - std::cout << "1 = " << one << std::endl; - std::cout << "L = " << c_scalar_L << std::endl; - std::cout << "L-1 = " << c_scalar_Lm1 << std::endl; - std::cout << "P = " << c_scalar_P << std::endl; - std::cout << "P-1 = " << c_scalar_Pm1 << std::endl; - std::cout << std::endl; - // check rolling over L for scalars arithmetics - ASSERT_EQ(c_scalar_Lm1 + 1, 0); - ASSERT_EQ(scalar_t(0) - 1, c_scalar_Lm1); ASSERT_EQ(c_scalar_Lm1 * 2, c_scalar_Lm1 - 1); // (L - 1) * 2 = L + L - 2 = (L - 1) - 1 (mod L) ASSERT_EQ(c_scalar_Lm1 * 100, c_scalar_Lm1 - 99); ASSERT_EQ(c_scalar_Lm1 * c_scalar_Lm1, 1); // (L - 1) * (L - 1) = L*L - 2L + 1 = 1 (mod L) @@ -896,9 +961,10 @@ TEST(crypto, scalar_basics) ASSERT_TRUE(p.is_reduced()); mp::uint256_t mp_p_mod_l = c_scalar_P.as_boost_mp_type() % c_scalar_L.as_boost_mp_type(); ASSERT_EQ(p, scalar_t(mp_p_mod_l)); + ASSERT_FALSE(c_scalar_P.is_reduced()); + ASSERT_FALSE(c_scalar_Pm1.is_reduced()); + ASSERT_FALSE(c_scalar_256m1.is_reduced()); - ASSERT_EQ(c_scalar_2p64 - c_scalar_1, scalar_t(UINT64_MAX)); - ASSERT_EQ(c_scalar_2p64, scalar_t(UINT64_MAX) + c_scalar_1); p.make_random(); z.make_random(); @@ -1159,14 +1225,6 @@ TEST(crypto, scalar_arithmetic_assignment) return true; } -TEST(crypto, constants) -{ - ASSERT_EQ(c_point_H_plus_G, c_point_H + c_point_G); - ASSERT_EQ(c_point_H_minus_G, c_point_H - c_point_G); - - return true; -} - TEST(crypto, point_basics) { scalar_t s = 4;