update max scalar in scalar_cmov_test and fix schnorrsig_verify exhau…

…stive test - `secp256k1_scalar_set_int` in scalar_low uses input mod EXHAUSTIVE_TEST_ORDER - directly store s in sig64 without reducing it mod the group order for testing
bitcoin-core · Jul 25, 2023 · 6a8fb81 · 6a8fb81
1 parent ec5a674
commit 6a8fb81
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/src/modules/schnorrsig/tests_exhaustive_impl.h b/src/modules/schnorrsig/tests_exhaustive_impl.h
@@ -116,7 +116,8 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
                         if (s <= EXHAUSTIVE_TEST_ORDER) {
                             secp256k1_scalar s_s;
                             secp256k1_scalar_set_int(&s_s, s);
-                            secp256k1_scalar_get_b32(sig64 + 32, &s_s);
+                            memset(sig64 + 32, 0, 32);
+                            sig64[63] = s;
                             expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER &&
                                            (s_s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER);
                         } else {

diff --git a/src/scalar_low_impl.h b/src/scalar_low_impl.h
@@ -19,7 +19,10 @@ SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a)
 }
 
 SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { *r = 0; }
-SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v; secp256k1_scalar_verify(r);}
+SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) {
+    *r = v % EXHAUSTIVE_TEST_ORDER;
+    secp256k1_scalar_verify(r);
+}
 
 SECP256K1_INLINE static unsigned int secp256k1_scalar_get_bits(const secp256k1_scalar *a, unsigned int offset, unsigned int count) {
     secp256k1_scalar_verify(a);

diff --git a/src/tests.c b/src/tests.c
@@ -7652,8 +7652,8 @@ static void scalar_cmov_test(void) {
     static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
     static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1);
     static const secp256k1_scalar max = SECP256K1_SCALAR_CONST(
-        0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
-        0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
+        0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL,
+        0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364140UL
     );
     secp256k1_scalar r = max;
     secp256k1_scalar a = zero;