Skip to content

Commit

Permalink
Merge pull request #230
Browse files Browse the repository at this point in the history 
2632019 Brace all the if/for/while. (Gregory Maxwell)
  • Loading branch information
@sipa
sipa committed Mar 27, 2015
2 parents 1897b8e + 2632019 commit 41603aa
Show file tree
Hide file tree
Showing 12 changed files with 385 additions and 162 deletions.
72 changes: 52 additions & 20 deletions src/ecdsa_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,35 +53,59 @@ static int secp256k1_ecdsa_sig_parse(secp256k1_ecdsa_sig_t *r, const unsigned ch
int lenr;
int lens;
int overflow;
if (sig[0] != 0x30) return 0;
if (sig[0] != 0x30) {
return 0;
}
lenr = sig[3];
if (5+lenr >= size) return 0;
if (5+lenr >= size) {
return 0;
}
lens = sig[lenr+5];
if (sig[1] != lenr+lens+4) return 0;
if (lenr+lens+6 > size) return 0;
if (sig[2] != 0x02) return 0;
if (lenr == 0) return 0;
if (sig[lenr+4] != 0x02) return 0;
if (lens == 0) return 0;
if (sig[1] != lenr+lens+4) {
return 0;
}
if (lenr+lens+6 > size) {
return 0;
}
if (sig[2] != 0x02) {
return 0;
}
if (lenr == 0) {
return 0;
}
if (sig[lenr+4] != 0x02) {
return 0;
}
if (lens == 0) {
return 0;
}
sp = sig + 6 + lenr;
while (lens > 0 && sp[0] == 0) {
lens--;
sp++;
}
if (lens > 32) return 0;
if (lens > 32) {
return 0;
}
rp = sig + 4;
while (lenr > 0 && rp[0] == 0) {
lenr--;
rp++;
}
if (lenr > 32) return 0;
if (lenr > 32) {
return 0;
}
memcpy(ra + 32 - lenr, rp, lenr);
memcpy(sa + 32 - lens, sp, lens);
overflow = 0;
secp256k1_scalar_set_b32(&r->r, ra, &overflow);
if (overflow) return 0;
if (overflow) {
return 0;
}
secp256k1_scalar_set_b32(&r->s, sa, &overflow);
if (overflow) return 0;
if (overflow) {
return 0;
}
return 1;
}

Expand All @@ -93,8 +117,9 @@ static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, int *size, const se
secp256k1_scalar_get_b32(&s[1], &a->s);
while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; }
while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; }
if (*size < 6+lenS+lenR)
if (*size < 6+lenS+lenR) {
return 0;
}
*size = 6 + lenS + lenR;
sig[0] = 0x30;
sig[1] = 4 + lenS + lenR;
Expand All @@ -114,8 +139,9 @@ static int secp256k1_ecdsa_sig_verify(const secp256k1_ecdsa_sig_t *sig, const se
secp256k1_gej_t pubkeyj;
secp256k1_gej_t pr;

if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s))
if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
return 0;
}

secp256k1_scalar_inverse_var(&sn, &sig->s);
secp256k1_scalar_mul(&u1, &sn, message);
Expand Down Expand Up @@ -168,18 +194,21 @@ static int secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
secp256k1_scalar_t rn, u1, u2;
secp256k1_gej_t qj;

if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s))
if (secp256k1_scalar_is_zero(&sig->r) || secp256k1_scalar_is_zero(&sig->s)) {
return 0;
}

secp256k1_scalar_get_b32(brx, &sig->r);
VERIFY_CHECK(secp256k1_fe_set_b32(&fx, brx)); /* brx comes from a scalar, so is less than the order; certainly less than p */
if (recid & 2) {
if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0)
if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) {
return 0;
}
secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe);
}
if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1))
if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) {
return 0;
}
secp256k1_gej_set_ge(&xj, &x);
secp256k1_scalar_inverse_var(&rn, &sig->r);
secp256k1_scalar_mul(&u1, &rn, message);
Expand Down Expand Up @@ -209,21 +238,24 @@ static int secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
secp256k1_ge_clear(&r);
return 0;
}
if (recid)
if (recid) {
*recid = (overflow ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0);
}
secp256k1_scalar_mul(&n, &sig->r, seckey);
secp256k1_scalar_add(&n, &n, message);
secp256k1_scalar_inverse(&sig->s, nonce);
secp256k1_scalar_mul(&sig->s, &sig->s, &n);
secp256k1_scalar_clear(&n);
secp256k1_gej_clear(&rp);
secp256k1_ge_clear(&r);
if (secp256k1_scalar_is_zero(&sig->s))
if (secp256k1_scalar_is_zero(&sig->s)) {
return 0;
}
if (secp256k1_scalar_is_high(&sig->s)) {
secp256k1_scalar_negate(&sig->s, &sig->s);
if (recid)
if (recid) {
*recid ^= 1;
}
}
return 1;
}
Expand Down
36 changes: 24 additions & 12 deletions src/eckey_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ static int secp256k1_eckey_pubkey_parse(secp256k1_ge_t *elem, const unsigned cha
return 0;
}
secp256k1_ge_set_xy(elem, &x, &y);
if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07))
if ((pub[0] == 0x06 || pub[0] == 0x07) && secp256k1_fe_is_odd(&y) != (pub[0] == 0x07)) {
return 0;
}
return secp256k1_ge_is_valid_var(elem);
} else {
return 0;
Expand Down Expand Up @@ -57,29 +58,36 @@ static int secp256k1_eckey_privkey_parse(secp256k1_scalar_t *key, const unsigned
int len = 0;
int overflow = 0;
/* sequence header */
if (end < privkey+1 || *privkey != 0x30)
if (end < privkey+1 || *privkey != 0x30) {
return 0;
}
privkey++;
/* sequence length constructor */
if (end < privkey+1 || !(*privkey & 0x80))
if (end < privkey+1 || !(*privkey & 0x80)) {
return 0;
}
lenb = *privkey & ~0x80; privkey++;
if (lenb < 1 || lenb > 2)
if (lenb < 1 || lenb > 2) {
return 0;
if (end < privkey+lenb)
}
if (end < privkey+lenb) {
return 0;
}
/* sequence length */
len = privkey[lenb-1] | (lenb > 1 ? privkey[lenb-2] << 8 : 0);
privkey += lenb;
if (end < privkey+len)
if (end < privkey+len) {
return 0;
}
/* sequence element 0: version number (=1) */
if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01)
if (end < privkey+3 || privkey[0] != 0x02 || privkey[1] != 0x01 || privkey[2] != 0x01) {
return 0;
}
privkey += 3;
/* sequence element 1: octet string, up to 32 bytes */
if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1])
if (end < privkey+2 || privkey[0] != 0x04 || privkey[1] > 0x20 || end < privkey+2+privkey[1]) {
return 0;
}
memcpy(c + 32 - privkey[1], privkey + 2, privkey[1]);
secp256k1_scalar_set_b32(key, c, &overflow);
memset(c, 0, 32);
Expand Down Expand Up @@ -148,8 +156,9 @@ static int secp256k1_eckey_privkey_serialize(unsigned char *privkey, int *privke

static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
secp256k1_scalar_add(key, key, tweak);
if (secp256k1_scalar_is_zero(key))
if (secp256k1_scalar_is_zero(key)) {
return 0;
}
return 1;
}

Expand All @@ -160,15 +169,17 @@ static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge_t *key, const secp256k1
secp256k1_scalar_set_int(&one, 1);
secp256k1_ecmult(&pt, &pt, &one, tweak);

if (secp256k1_gej_is_infinity(&pt))
if (secp256k1_gej_is_infinity(&pt)) {
return 0;
}
secp256k1_ge_set_gej(key, &pt);
return 1;
}

static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp256k1_scalar_t *tweak) {
if (secp256k1_scalar_is_zero(tweak))
if (secp256k1_scalar_is_zero(tweak)) {
return 0;
}

secp256k1_scalar_mul(key, key, tweak);
return 1;
Expand All @@ -177,8 +188,9 @@ static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar_t *key, const secp
static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge_t *key, const secp256k1_scalar_t *tweak) {
secp256k1_scalar_t zero;
secp256k1_gej_t pt;
if (secp256k1_scalar_is_zero(tweak))
if (secp256k1_scalar_is_zero(tweak)) {
return 0;
}

secp256k1_scalar_set_int(&zero, 0);
secp256k1_gej_set_ge(&pt, key);
Expand Down
6 changes: 4 additions & 2 deletions src/ecmult_gen_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,9 @@ static void secp256k1_ecmult_gen_start(void) {
secp256k1_gej_t nums_gej;
secp256k1_ecmult_gen_consts_t *ret;
int i, j;
if (secp256k1_ecmult_gen_consts != NULL)
if (secp256k1_ecmult_gen_consts != NULL) {
return;
}

/* Allocate the precomputation table. */
ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
Expand Down Expand Up @@ -95,8 +96,9 @@ static void secp256k1_ecmult_gen_start(void) {

static void secp256k1_ecmult_gen_stop(void) {
secp256k1_ecmult_gen_consts_t *c;
if (secp256k1_ecmult_gen_consts == NULL)
if (secp256k1_ecmult_gen_consts == NULL) {
return;
}

c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
secp256k1_ecmult_gen_consts = NULL;
Expand Down
40 changes: 27 additions & 13 deletions src/ecmult_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,9 @@ static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const s
int i;
pre[0] = *a;
secp256k1_gej_double_var(&d, &pre[0]);
for (i = 1; i < (1 << (w-2)); i++)
for (i = 1; i < (1 << (w-2)); i++) {
secp256k1_gej_add_var(&pre[i], &d, &pre[i-1]);
}
}

static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t *pre, const secp256k1_gej_t *a, int w) {
Expand Down Expand Up @@ -73,18 +74,19 @@ static void secp256k1_ecmult_table_precomp_ge_storage_var(secp256k1_ge_storage_t
VERIFY_CHECK(((n) & 1) == 1); \
VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \
if ((n) > 0) \
if ((n) > 0) { \
*(r) = (pre)[((n)-1)/2]; \
else \
} else { \
secp256k1_gej_neg((r), &(pre)[(-(n)-1)/2]); \
} \
} while(0)
#define ECMULT_TABLE_GET_GE_STORAGE(r,pre,n,w) do { \
VERIFY_CHECK(((n) & 1) == 1); \
VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \
if ((n) > 0) \
if ((n) > 0) { \
secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \
else {\
} else { \
secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \
secp256k1_ge_neg((r), (r)); \
} \
Expand All @@ -103,8 +105,9 @@ static const secp256k1_ecmult_consts_t *secp256k1_ecmult_consts = NULL;
static void secp256k1_ecmult_start(void) {
secp256k1_gej_t gj;
secp256k1_ecmult_consts_t *ret;
if (secp256k1_ecmult_consts != NULL)
if (secp256k1_ecmult_consts != NULL) {
return;
}

/* Allocate the precomputation table. */
ret = (secp256k1_ecmult_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_consts_t));
Expand All @@ -122,8 +125,9 @@ static void secp256k1_ecmult_start(void) {
int i;
/* calculate 2^128*generator */
g_128j = gj;
for (i = 0; i < 128; i++)
for (i = 0; i < 128; i++) {
secp256k1_gej_double_var(&g_128j, &g_128j);
}
secp256k1_ecmult_table_precomp_ge_storage_var(ret->pre_g_128, &g_128j, WINDOW_G);
}
#endif
Expand All @@ -134,8 +138,9 @@ static void secp256k1_ecmult_start(void) {

static void secp256k1_ecmult_stop(void) {
secp256k1_ecmult_consts_t *c;
if (secp256k1_ecmult_consts == NULL)
if (secp256k1_ecmult_consts == NULL) {
return;
}

c = (secp256k1_ecmult_consts_t*)secp256k1_ecmult_consts;
secp256k1_ecmult_consts = NULL;
Expand Down Expand Up @@ -223,7 +228,9 @@ static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
VERIFY_CHECK(bits_na_1 <= 130);
VERIFY_CHECK(bits_na_lam <= 130);
bits = bits_na_1;
if (bits_na_lam > bits) bits = bits_na_lam;
if (bits_na_lam > bits) {
bits = bits_na_lam;
}
#else
/* build wnaf representation for na. */
bits_na = secp256k1_ecmult_wnaf(wnaf_na, na, WINDOW_A);
Expand All @@ -234,20 +241,27 @@ static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
secp256k1_ecmult_table_precomp_gej_var(pre_a, a, WINDOW_A);

#ifdef USE_ENDOMORPHISM
for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++)
for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) {
secp256k1_gej_mul_lambda(&pre_a_lam[i], &pre_a[i]);
}

/* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */
secp256k1_scalar_split_128(&ng_1, &ng_128, ng);

/* Build wnaf representation for ng_1 and ng_128 */
bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, &ng_1, WINDOW_G);
bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, &ng_128, WINDOW_G);
if (bits_ng_1 > bits) bits = bits_ng_1;
if (bits_ng_128 > bits) bits = bits_ng_128;
if (bits_ng_1 > bits) {
bits = bits_ng_1;
}
if (bits_ng_128 > bits) {
bits = bits_ng_128;
}
#else
bits_ng = secp256k1_ecmult_wnaf(wnaf_ng, ng, WINDOW_G);
if (bits_ng > bits) bits = bits_ng;
if (bits_ng > bits) {
bits = bits_ng;
}
#endif

secp256k1_gej_set_infinity(r);
Expand Down
Loading

0 comments on commit 41603aa

Please sign in to comment.