|
11 | 11 | #include <string.h> |
12 | 12 |
|
13 | 13 | #include "testrand.h" |
| 14 | +#include "hash.h" |
14 | 15 |
|
15 | | -static uint32_t secp256k1_Rz = 11, secp256k1_Rw = 11; |
| 16 | +static secp256k1_rfc6979_hmac_sha256_t secp256k1_test_rng; |
| 17 | +static uint32_t secp256k1_test_rng_precomputed[8]; |
| 18 | +static int secp256k1_test_rng_precomputed_used = 8; |
16 | 19 |
|
17 | 20 | SECP256K1_INLINE static void secp256k1_rand_seed(uint64_t v) { |
18 | | - secp256k1_Rz = v >> 32; |
19 | | - secp256k1_Rw = v; |
20 | | - |
21 | | - /* There are two seeds with short (length 1) cycles for the Rz PRNG. */ |
22 | | - if (secp256k1_Rz == 0 || secp256k1_Rz == 0x9068ffffU) { |
23 | | - secp256k1_Rz = 111; |
24 | | - } |
25 | | - /* There are four seeds with short (length 1) cycles for the Rw PRNG. */ |
26 | | - if (secp256k1_Rw == 0 || secp256k1_Rw == 0x464fffffU || |
27 | | - secp256k1_Rw == 0x8c9ffffeU || secp256k1_Rw == 0xd2effffdU) { |
28 | | - secp256k1_Rw = 111; |
29 | | - } |
| 21 | + secp256k1_rfc6979_hmac_sha256_initialize(&secp256k1_test_rng, (const unsigned char*)"PRNG", 4, (const unsigned char*)&v, sizeof(v)); |
30 | 22 | } |
31 | 23 |
|
32 | 24 | SECP256K1_INLINE static uint32_t secp256k1_rand32(void) { |
33 | | - /* MWC PRNG for tests. */ |
34 | | - secp256k1_Rz = 36969 * (secp256k1_Rz & 0xFFFF) + (secp256k1_Rz >> 16); |
35 | | - secp256k1_Rw = 18000 * (secp256k1_Rw & 0xFFFF) + (secp256k1_Rw >> 16); |
36 | | - return (secp256k1_Rw << 16) + (secp256k1_Rw >> 16) + secp256k1_Rz; |
| 25 | + if (secp256k1_test_rng_precomputed_used == 8) { |
| 26 | + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, (unsigned char*)(&secp256k1_test_rng_precomputed[0]), sizeof(secp256k1_test_rng_precomputed)); |
| 27 | + secp256k1_test_rng_precomputed_used = 0; |
| 28 | + } |
| 29 | + return secp256k1_test_rng_precomputed[secp256k1_test_rng_precomputed_used++]; |
37 | 30 | } |
38 | 31 |
|
39 | 32 | static void secp256k1_rand256(unsigned char *b32) { |
40 | | - int i; |
41 | | - for (i = 0; i < 8; i++) { |
42 | | - uint32_t r = secp256k1_rand32(); |
43 | | - b32[i*4 + 0] = (r >> 0) & 0xFF; |
44 | | - b32[i*4 + 1] = (r >> 8) & 0xFF; |
45 | | - b32[i*4 + 2] = (r >> 16) & 0xFF; |
46 | | - b32[i*4 + 3] = (r >> 24) & 0xFF; |
47 | | - } |
| 33 | + secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, b32, 32); |
48 | 34 | } |
49 | 35 |
|
50 | 36 | static void secp256k1_rand256_test(unsigned char *b32) { |
51 | 37 | int bits=0; |
| 38 | + uint64_t ent = 0; |
| 39 | + int entleft = 0; |
52 | 40 | memset(b32, 0, 32); |
53 | 41 | while (bits < 256) { |
54 | | - uint32_t ent = secp256k1_rand32(); |
55 | | - int now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31; |
56 | | - uint32_t val = 1 & (ent >> 11); |
| 42 | + int now; |
| 43 | + uint32_t val; |
| 44 | + if (entleft < 12) { |
| 45 | + ent |= ((uint64_t)secp256k1_rand32()) << entleft; |
| 46 | + entleft += 32; |
| 47 | + } |
| 48 | + now = 1 + ((ent % 64)*((ent >> 6) % 32)+16)/31; |
| 49 | + val = 1 & (ent >> 11); |
| 50 | + ent >>= 12; |
| 51 | + entleft -= 12; |
57 | 52 | while (now > 0 && bits < 256) { |
58 | 53 | b32[bits / 8] |= val << (bits % 8); |
59 | 54 | now--; |
|
0 commit comments