Skip to content

Commit 6bb0b77

Browse files
jonasnickjonasnick
committed
Fix test_constant_wnaf for -1 and add a test for it.
Before, test_constant_wnaf used scalar_cadd_bit to correct for the skew. But this function does not correctly deal with overflows which is why num = -1 couldn't be tested. This commit also adds tests for 0, 1/2 and 1/2-1 as they are corner cases in constant_wnaf.
1 parent 3b7d26b commit 6bb0b77

File tree

1 file changed

+23
-2
lines changed

1 file changed

+23
-2
lines changed

src/tests.c

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3190,6 +3190,7 @@ void test_constant_wnaf(const secp256k1_scalar *number, int w) {
31903190
int skew;
31913191
int bits = 256;
31923192
secp256k1_scalar num = *number;
3193+
secp256k1_scalar scalar_skew;
31933194

31943195
secp256k1_scalar_set_int(&x, 0);
31953196
secp256k1_scalar_set_int(&shift, 1 << w);
@@ -3220,7 +3221,8 @@ void test_constant_wnaf(const secp256k1_scalar *number, int w) {
32203221
secp256k1_scalar_add(&x, &x, &t);
32213222
}
32223223
/* Skew num because when encoding numbers as odd we use an offset */
3223-
secp256k1_scalar_cadd_bit(&num, skew == 2, 1);
3224+
secp256k1_scalar_set_int(&scalar_skew, 1 << (skew == 2));
3225+
secp256k1_scalar_add(&num, &num, &scalar_skew);
32243226
CHECK(secp256k1_scalar_eq(&x, &num));
32253227
}
32263228

@@ -3332,13 +3334,32 @@ void run_wnaf(void) {
33323334
int i;
33333335
secp256k1_scalar n = {{0}};
33343336

3337+
test_constant_wnaf(&n, 4);
33353338
/* Sanity check: 1 and 2 are the smallest odd and even numbers and should
33363339
* have easier-to-diagnose failure modes */
33373340
n.d[0] = 1;
33383341
test_constant_wnaf(&n, 4);
33393342
n.d[0] = 2;
33403343
test_constant_wnaf(&n, 4);
3341-
/* Test 0 */
3344+
/* Test -1, because it's a special case in wnaf_const */
3345+
n = secp256k1_scalar_one;
3346+
secp256k1_scalar_negate(&n, &n);
3347+
test_constant_wnaf(&n, 4);
3348+
3349+
/* Test -2, which may not lead to overflows in wnaf_const */
3350+
secp256k1_scalar_add(&n, &secp256k1_scalar_one, &secp256k1_scalar_one);
3351+
secp256k1_scalar_negate(&n, &n);
3352+
test_constant_wnaf(&n, 4);
3353+
3354+
/* Test (1/2) - 1 = 1/-2 and 1/2 = (1/-2) + 1
3355+
as corner cases of negation handling in wnaf_const */
3356+
secp256k1_scalar_inverse(&n, &n);
3357+
test_constant_wnaf(&n, 4);
3358+
3359+
secp256k1_scalar_add(&n, &n, &secp256k1_scalar_one);
3360+
test_constant_wnaf(&n, 4);
3361+
3362+
/* Test 0 for fixed wnaf */
33423363
test_fixed_wnaf_small();
33433364
/* Random tests */
33443365
for (i = 0; i < count; i++) {

0 commit comments

Comments
 (0)