Source file src/github.com/decred/dcrd/dcrec/secp256k1/v4/field_test.go

Documentation: github.com/decred/dcrd/dcrec/secp256k1/v4

     1  // Copyright (c) 2013-2016 The btcsuite developers
     2  // Copyright (c) 2015-2022 The Decred developers
     3  // Copyright (c) 2013-2022 Dave Collins
     4  // Use of this source code is governed by an ISC
     5  // license that can be found in the LICENSE file.
     6  
     7  package secp256k1
     8  
     9  import (
    10  	"bytes"
    11  	"encoding/hex"
    12  	"fmt"
    13  	"math/big"
    14  	"math/rand"
    15  	"reflect"
    16  	"testing"
    17  	"time"
    18  )
    19  
    20  // SetHex decodes the passed big-endian hex string into the internal field value
    21  // representation.  Only the first 32-bytes are used.
    22  //
    23  // This is NOT constant time.
    24  //
    25  // The field value is returned to support chaining.  This enables syntax like:
    26  // f := new(FieldVal).SetHex("0abc").Add(1) so that f = 0x0abc + 1
    27  func (f *FieldVal) SetHex(hexString string) *FieldVal {
    28  	if len(hexString)%2 != 0 {
    29  		hexString = "0" + hexString
    30  	}
    31  	bytes, _ := hex.DecodeString(hexString)
    32  	f.SetByteSlice(bytes)
    33  	return f
    34  }
    35  
    36  // randFieldVal returns a field value created from a random value generated by
    37  // the passed rng.
    38  func randFieldVal(t *testing.T, rng *rand.Rand) *FieldVal {
    39  	t.Helper()
    40  
    41  	var buf [32]byte
    42  	if _, err := rng.Read(buf[:]); err != nil {
    43  		t.Fatalf("failed to read random: %v", err)
    44  	}
    45  
    46  	// Create and return a field value.
    47  	var fv FieldVal
    48  	fv.SetBytes(&buf)
    49  	return &fv
    50  }
    51  
    52  // randIntAndFieldVal returns a big integer and a field value both created from
    53  // the same random value generated by the passed rng.
    54  func randIntAndFieldVal(t *testing.T, rng *rand.Rand) (*big.Int, *FieldVal) {
    55  	t.Helper()
    56  
    57  	var buf [32]byte
    58  	if _, err := rng.Read(buf[:]); err != nil {
    59  		t.Fatalf("failed to read random: %v", err)
    60  	}
    61  
    62  	// Create and return both a big integer and a field value.
    63  	bigIntVal := new(big.Int).SetBytes(buf[:])
    64  	bigIntVal.Mod(bigIntVal, curveParams.N)
    65  	var fv FieldVal
    66  	fv.SetBytes(&buf)
    67  	return bigIntVal, &fv
    68  }
    69  
    70  // TestFieldSetInt ensures that setting a field value to various native
    71  // integers works as expected.
    72  func TestFieldSetInt(t *testing.T) {
    73  	tests := []struct {
    74  		name     string     // test description
    75  		in       uint16     // test value
    76  		expected [10]uint32 // expected raw ints
    77  	}{{
    78  		name:     "one",
    79  		in:       1,
    80  		expected: [10]uint32{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
    81  	}, {
    82  		name:     "five",
    83  		in:       5,
    84  		expected: [10]uint32{5, 0, 0, 0, 0, 0, 0, 0, 0, 0},
    85  	}, {
    86  		name:     "2^16 - 1",
    87  		in:       65535,
    88  		expected: [10]uint32{65535, 0, 0, 0, 0, 0, 0, 0, 0, 0},
    89  	}}
    90  
    91  	for _, test := range tests {
    92  		f := new(FieldVal).SetInt(test.in)
    93  		if !reflect.DeepEqual(f.n, test.expected) {
    94  			t.Errorf("%s: wrong result\ngot: %v\nwant: %v", test.name, f.n,
    95  				test.expected)
    96  			continue
    97  		}
    98  	}
    99  }
   100  
   101  // TestFieldSetBytes ensures that setting a field value to a 256-bit big-endian
   102  // unsigned integer via both the slice and array methods works as expected for
   103  // edge cases.  Random cases are tested via the various other tests.
   104  func TestFieldSetBytes(t *testing.T) {
   105  	tests := []struct {
   106  		name     string     // test description
   107  		in       string     // hex encoded test value
   108  		expected [10]uint32 // expected raw ints
   109  		overflow bool       // expected overflow result
   110  	}{{
   111  		name:     "zero",
   112  		in:       "00",
   113  		expected: [10]uint32{0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
   114  		overflow: false,
   115  	}, {
   116  		name: "field prime",
   117  		in:   "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   118  		expected: [10]uint32{
   119  			0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   120  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff,
   121  		},
   122  		overflow: true,
   123  	}, {
   124  		name: "field prime - 1",
   125  		in:   "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
   126  		expected: [10]uint32{
   127  			0x03fffc2e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   128  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff,
   129  		},
   130  		overflow: false,
   131  	}, {
   132  		name: "field prime + 1 (overflow in word zero)",
   133  		in:   "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   134  		expected: [10]uint32{
   135  			0x03fffc30, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   136  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff,
   137  		},
   138  		overflow: true,
   139  	}, {
   140  		name: "field prime first 32 bits",
   141  		in:   "fffffc2f",
   142  		expected: [10]uint32{
   143  			0x03fffc2f, 0x00000003f, 0x00000000, 0x00000000, 0x00000000,
   144  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   145  		},
   146  		overflow: false,
   147  	}, {
   148  		name: "field prime word zero",
   149  		in:   "03fffc2f",
   150  		expected: [10]uint32{
   151  			0x03fffc2f, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   152  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   153  		},
   154  		overflow: false,
   155  	}, {
   156  		name: "field prime first 64 bits",
   157  		in:   "fffffffefffffc2f",
   158  		expected: [10]uint32{
   159  			0x03fffc2f, 0x03ffffbf, 0x00000fff, 0x00000000, 0x00000000,
   160  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   161  		},
   162  		overflow: false,
   163  	}, {
   164  		name: "field prime word zero and one",
   165  		in:   "0ffffefffffc2f",
   166  		expected: [10]uint32{
   167  			0x03fffc2f, 0x03ffffbf, 0x00000000, 0x00000000, 0x00000000,
   168  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   169  		},
   170  		overflow: false,
   171  	}, {
   172  		name: "field prime first 96 bits",
   173  		in:   "fffffffffffffffefffffc2f",
   174  		expected: [10]uint32{
   175  			0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x0003ffff, 0x00000000,
   176  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   177  		},
   178  		overflow: false,
   179  	}, {
   180  		name: "field prime word zero, one, and two",
   181  		in:   "3ffffffffffefffffc2f",
   182  		expected: [10]uint32{
   183  			0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x00000000, 0x00000000,
   184  			0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
   185  		},
   186  		overflow: false,
   187  	}, {
   188  		name: "overflow in word one (prime + 1<<26)",
   189  		in:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff03fffc2f",
   190  		expected: [10]uint32{
   191  			0x03fffc2f, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   192  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff,
   193  		},
   194  		overflow: true,
   195  	}, {
   196  		name: "(field prime - 1) * 2 NOT mod P, truncated >32 bytes",
   197  		in:   "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c",
   198  		expected: [10]uint32{
   199  			0x01fffff8, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   200  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x00007fff,
   201  		},
   202  		overflow: false,
   203  	}, {
   204  		name: "2^256 - 1",
   205  		in:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
   206  		expected: [10]uint32{
   207  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff,
   208  			0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff,
   209  		},
   210  		overflow: true,
   211  	}, {
   212  		name: "alternating bits",
   213  		in:   "a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5",
   214  		expected: [10]uint32{
   215  			0x01a5a5a5, 0x01696969, 0x025a5a5a, 0x02969696, 0x01a5a5a5,
   216  			0x01696969, 0x025a5a5a, 0x02969696, 0x01a5a5a5, 0x00296969,
   217  		},
   218  		overflow: false,
   219  	}, {
   220  		name: "alternating bits 2",
   221  		in:   "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a",
   222  		expected: [10]uint32{
   223  			0x025a5a5a, 0x02969696, 0x01a5a5a5, 0x01696969, 0x025a5a5a,
   224  			0x02969696, 0x01a5a5a5, 0x01696969, 0x025a5a5a, 0x00169696,
   225  		},
   226  		overflow: false,
   227  	}}
   228  
   229  	for _, test := range tests {
   230  		inBytes := hexToBytes(test.in)
   231  
   232  		// Ensure setting the bytes via the slice method works as expected.
   233  		var f FieldVal
   234  		overflow := f.SetByteSlice(inBytes)
   235  		if !reflect.DeepEqual(f.n, test.expected) {
   236  			t.Errorf("%s: unexpected result\ngot: %x\nwant: %x", test.name, f.n,
   237  				test.expected)
   238  			continue
   239  		}
   240  
   241  		// Ensure the setting the bytes via the slice method produces the
   242  		// expected overflow result.
   243  		if overflow != test.overflow {
   244  			t.Errorf("%s: unexpected overflow -- got: %v, want: %v", test.name,
   245  				overflow, test.overflow)
   246  			continue
   247  		}
   248  
   249  		// Ensure setting the bytes via the array method works as expected.
   250  		var f2 FieldVal
   251  		var b32 [32]byte
   252  		truncatedInBytes := inBytes
   253  		if len(truncatedInBytes) > 32 {
   254  			truncatedInBytes = truncatedInBytes[:32]
   255  		}
   256  		copy(b32[32-len(truncatedInBytes):], truncatedInBytes)
   257  		overflow = f2.SetBytes(&b32) != 0
   258  		if !reflect.DeepEqual(f2.n, test.expected) {
   259  			t.Errorf("%s: unexpected result\ngot: %x\nwant: %x", test.name,
   260  				f2.n, test.expected)
   261  			continue
   262  		}
   263  
   264  		// Ensure the setting the bytes via the array method produces the
   265  		// expected overflow result.
   266  		if overflow != test.overflow {
   267  			t.Errorf("%s: unexpected overflow -- got: %v, want: %v", test.name,
   268  				overflow, test.overflow)
   269  			continue
   270  		}
   271  	}
   272  }
   273  
   274  // TestFieldBytes ensures that retrieving the bytes for a 256-bit big-endian
   275  // unsigned integer via the various methods works as expected for edge cases.
   276  // Random cases are tested via the various other tests.
   277  func TestFieldBytes(t *testing.T) {
   278  	tests := []struct {
   279  		name     string // test description
   280  		in       string // hex encoded test value
   281  		expected string // expected hex encoded bytes
   282  	}{{
   283  		name:     "zero",
   284  		in:       "0",
   285  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   286  	}, {
   287  		name:     "field prime (aka 0)",
   288  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   289  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   290  	}, {
   291  		name:     "field prime - 1",
   292  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
   293  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
   294  	}, {
   295  		name:     "field prime + 1 (aka 1, overflow in word zero)",
   296  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   297  		expected: "0000000000000000000000000000000000000000000000000000000000000001",
   298  	}, {
   299  		name:     "field prime first 32 bits",
   300  		in:       "fffffc2f",
   301  		expected: "00000000000000000000000000000000000000000000000000000000fffffc2f",
   302  	}, {
   303  		name:     "field prime word zero",
   304  		in:       "03fffc2f",
   305  		expected: "0000000000000000000000000000000000000000000000000000000003fffc2f",
   306  	}, {
   307  		name:     "field prime first 64 bits",
   308  		in:       "fffffffefffffc2f",
   309  		expected: "000000000000000000000000000000000000000000000000fffffffefffffc2f",
   310  	}, {
   311  		name:     "field prime word zero and one",
   312  		in:       "0ffffefffffc2f",
   313  		expected: "000000000000000000000000000000000000000000000000000ffffefffffc2f",
   314  	}, {
   315  		name:     "field prime first 96 bits",
   316  		in:       "fffffffffffffffefffffc2f",
   317  		expected: "0000000000000000000000000000000000000000fffffffffffffffefffffc2f",
   318  	}, {
   319  		name:     "field prime word zero, one, and two",
   320  		in:       "3ffffffffffefffffc2f",
   321  		expected: "000000000000000000000000000000000000000000003ffffffffffefffffc2f",
   322  	}, {
   323  		name:     "overflow in word one (prime + 1<<26)",
   324  		in:       "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff03fffc2f",
   325  		expected: "0000000000000000000000000000000000000000000000000000000004000000",
   326  	}, {
   327  		name:     "2^256 - 1",
   328  		in:       "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
   329  		expected: "00000000000000000000000000000000000000000000000000000001000003d0",
   330  	}, {
   331  		name:     "alternating bits",
   332  		in:       "a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5",
   333  		expected: "a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5",
   334  	}, {
   335  		name:     "alternating bits 2",
   336  		in:       "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a",
   337  		expected: "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a",
   338  	}}
   339  
   340  	for _, test := range tests {
   341  		f := new(FieldVal).SetHex(test.in).Normalize()
   342  		expected := hexToBytes(test.expected)
   343  
   344  		// Ensure getting the bytes works as expected.
   345  		gotBytes := f.Bytes()
   346  		if !bytes.Equal(gotBytes[:], expected) {
   347  			t.Errorf("%s: unexpected result\ngot: %x\nwant: %x", test.name,
   348  				*gotBytes, expected)
   349  			continue
   350  		}
   351  
   352  		// Ensure getting the bytes directly into an array works as expected.
   353  		var b32 [32]byte
   354  		f.PutBytes(&b32)
   355  		if !bytes.Equal(b32[:], expected) {
   356  			t.Errorf("%s: unexpected result\ngot: %x\nwant: %x", test.name,
   357  				b32, expected)
   358  			continue
   359  		}
   360  
   361  		// Ensure getting the bytes directly into a slice works as expected.
   362  		var buffer [64]byte
   363  		f.PutBytesUnchecked(buffer[:])
   364  		if !bytes.Equal(buffer[:32], expected) {
   365  			t.Errorf("%s: unexpected result\ngot: %x\nwant: %x", test.name,
   366  				buffer[:32], expected)
   367  			continue
   368  		}
   369  	}
   370  }
   371  
   372  // TestFieldZero ensures that zeroing a field value works as expected.
   373  func TestFieldZero(t *testing.T) {
   374  	var f FieldVal
   375  	f.SetHex("a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5")
   376  	f.Zero()
   377  	for idx, rawInt := range f.n {
   378  		if rawInt != 0 {
   379  			t.Errorf("internal integer at index #%d is not zero - got %d", idx,
   380  				rawInt)
   381  		}
   382  	}
   383  }
   384  
   385  // TestFieldIsZero ensures that checking if a field is zero via IsZero and
   386  // IsZeroBit works as expected.
   387  func TestFieldIsZero(t *testing.T) {
   388  	f := new(FieldVal)
   389  	if !f.IsZero() {
   390  		t.Errorf("new field value is not zero - got %v (rawints %x)", f, f.n)
   391  	}
   392  	if f.IsZeroBit() != 1 {
   393  		t.Errorf("new field value is not zero - got %v (rawints %x)", f, f.n)
   394  	}
   395  
   396  	f.SetInt(1)
   397  	if f.IsZero() {
   398  		t.Errorf("claims zero for nonzero field - got %v (rawints %x)", f, f.n)
   399  	}
   400  	if f.IsZeroBit() == 1 {
   401  		t.Errorf("claims zero for nonzero field - got %v (rawints %x)", f, f.n)
   402  	}
   403  
   404  	f.Zero()
   405  	if !f.IsZero() {
   406  		t.Errorf("claims nonzero for zero field - got %v (rawints %x)", f, f.n)
   407  	}
   408  	if f.IsZeroBit() != 1 {
   409  		t.Errorf("claims nonzero for zero field - got %v (rawints %x)", f, f.n)
   410  	}
   411  
   412  	f.SetInt(1)
   413  	f.Zero()
   414  	if !f.IsZero() {
   415  		t.Errorf("claims zero for nonzero field - got %v (rawints %x)", f, f.n)
   416  	}
   417  	if f.IsZeroBit() != 1 {
   418  		t.Errorf("claims zero for nonzero field - got %v (rawints %x)", f, f.n)
   419  	}
   420  }
   421  
   422  // TestFieldIsOne ensures that checking if a field is one via IsOne and IsOneBit
   423  // works as expected.
   424  func TestFieldIsOne(t *testing.T) {
   425  	tests := []struct {
   426  		name      string // test description
   427  		in        string // hex encoded test value
   428  		normalize bool   // whether or not to normalize the test value
   429  		expected  bool   // expected result
   430  	}{{
   431  		name:      "zero",
   432  		in:        "0",
   433  		normalize: true,
   434  		expected:  false,
   435  	}, {
   436  		name:      "one",
   437  		in:        "1",
   438  		normalize: true,
   439  		expected:  true,
   440  	}, {
   441  		name:      "secp256k1 prime NOT normalized (would be 0)",
   442  		in:        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   443  		normalize: false,
   444  		expected:  false,
   445  	}, {
   446  		name:      "secp256k1 prime normalized (aka 0)",
   447  		in:        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   448  		normalize: true,
   449  		expected:  false,
   450  	}, {
   451  		name:      "secp256k1 prime + 1 normalized (aka 1)",
   452  		in:        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   453  		normalize: true,
   454  		expected:  true,
   455  	}, {
   456  		name:      "secp256k1 prime + 1 NOT normalized (would be 1)",
   457  		in:        "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   458  		normalize: false,
   459  		expected:  false,
   460  	}, {
   461  		name:      "2^26 (one bit in second internal field word",
   462  		in:        "4000000",
   463  		normalize: false,
   464  		expected:  false,
   465  	}, {
   466  		name:      "2^52 (one bit in third internal field word",
   467  		in:        "10000000000000",
   468  		normalize: false,
   469  		expected:  false,
   470  	}, {
   471  		name:      "2^78 (one bit in fourth internal field word",
   472  		in:        "40000000000000000000",
   473  		normalize: false,
   474  		expected:  false,
   475  	}, {
   476  		name:      "2^104 (one bit in fifth internal field word",
   477  		in:        "100000000000000000000000000",
   478  		normalize: false,
   479  		expected:  false,
   480  	}, {
   481  		name:      "2^130 (one bit in sixth internal field word",
   482  		in:        "400000000000000000000000000000000",
   483  		normalize: false,
   484  		expected:  false,
   485  	}, {
   486  		name:      "2^156 (one bit in seventh internal field word",
   487  		in:        "1000000000000000000000000000000000000000",
   488  		normalize: false,
   489  		expected:  false,
   490  	}, {
   491  		name:      "2^182 (one bit in eighth internal field word",
   492  		in:        "4000000000000000000000000000000000000000000000",
   493  		normalize: false,
   494  		expected:  false,
   495  	}, {
   496  		name:      "2^208 (one bit in ninth internal field word",
   497  		in:        "10000000000000000000000000000000000000000000000000000",
   498  		normalize: false,
   499  		expected:  false,
   500  	}, {
   501  		name:      "2^234 (one bit in tenth internal field word",
   502  		in:        "40000000000000000000000000000000000000000000000000000000000",
   503  		normalize: false,
   504  		expected:  false,
   505  	}}
   506  
   507  	for _, test := range tests {
   508  		f := new(FieldVal).SetHex(test.in)
   509  		if test.normalize {
   510  			f.Normalize()
   511  		}
   512  		result := f.IsOne()
   513  		if result != test.expected {
   514  			t.Errorf("%s: wrong result -- got: %v, want: %v", test.name, result,
   515  				test.expected)
   516  			continue
   517  		}
   518  
   519  		result2 := f.IsOneBit() == 1
   520  		if result2 != test.expected {
   521  			t.Errorf("%s: wrong result -- got: %v, want: %v", test.name,
   522  				result2, test.expected)
   523  			continue
   524  		}
   525  	}
   526  }
   527  
   528  // TestFieldStringer ensures the stringer returns the appropriate hex string.
   529  func TestFieldStringer(t *testing.T) {
   530  	tests := []struct {
   531  		name     string //test description
   532  		in       string // hex encoded test value
   533  		expected string // expected result
   534  	}{{
   535  		name:     "zero",
   536  		in:       "0",
   537  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   538  	}, {
   539  		name:     "one",
   540  		in:       "1",
   541  		expected: "0000000000000000000000000000000000000000000000000000000000000001",
   542  	}, {
   543  		name:     "ten",
   544  		in:       "a",
   545  		expected: "000000000000000000000000000000000000000000000000000000000000000a",
   546  	}, {
   547  		name:     "eleven",
   548  		in:       "b",
   549  		expected: "000000000000000000000000000000000000000000000000000000000000000b",
   550  	}, {
   551  		name:     "twelve",
   552  		in:       "c",
   553  		expected: "000000000000000000000000000000000000000000000000000000000000000c",
   554  	}, {
   555  		name:     "thirteen",
   556  		in:       "d",
   557  		expected: "000000000000000000000000000000000000000000000000000000000000000d",
   558  	}, {
   559  		name:     "fourteen",
   560  		in:       "e",
   561  		expected: "000000000000000000000000000000000000000000000000000000000000000e",
   562  	}, {
   563  		name:     "fifteen",
   564  		in:       "f",
   565  		expected: "000000000000000000000000000000000000000000000000000000000000000f",
   566  	}, {
   567  		name:     "240",
   568  		in:       "f0",
   569  		expected: "00000000000000000000000000000000000000000000000000000000000000f0",
   570  	}, {
   571  		name:     "2^26 - 1",
   572  		in:       "3ffffff",
   573  		expected: "0000000000000000000000000000000000000000000000000000000003ffffff",
   574  	}, {
   575  		name:     "2^32 - 1",
   576  		in:       "ffffffff",
   577  		expected: "00000000000000000000000000000000000000000000000000000000ffffffff",
   578  	}, {
   579  		name:     "2^64 - 1",
   580  		in:       "ffffffffffffffff",
   581  		expected: "000000000000000000000000000000000000000000000000ffffffffffffffff",
   582  	}, {
   583  		name:     "2^96 - 1",
   584  		in:       "ffffffffffffffffffffffff",
   585  		expected: "0000000000000000000000000000000000000000ffffffffffffffffffffffff",
   586  	}, {
   587  		name:     "2^128 - 1",
   588  		in:       "ffffffffffffffffffffffffffffffff",
   589  		expected: "00000000000000000000000000000000ffffffffffffffffffffffffffffffff",
   590  	}, {
   591  		name:     "2^160 - 1",
   592  		in:       "ffffffffffffffffffffffffffffffffffffffff",
   593  		expected: "000000000000000000000000ffffffffffffffffffffffffffffffffffffffff",
   594  	}, {
   595  		name:     "2^192 - 1",
   596  		in:       "ffffffffffffffffffffffffffffffffffffffffffffffff",
   597  		expected: "0000000000000000ffffffffffffffffffffffffffffffffffffffffffffffff",
   598  	}, {
   599  		name:     "2^224 - 1",
   600  		in:       "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
   601  		expected: "00000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
   602  	}, {
   603  		name:     "2^256-4294968273 (the secp256k1 prime, so should result in 0)",
   604  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   605  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   606  	}, {
   607  		name:     "2^256-4294968274 (the secp256k1 prime+1, so should result in 1)",
   608  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   609  		expected: "0000000000000000000000000000000000000000000000000000000000000001",
   610  	}, {
   611  		name:     "invalid hex g",
   612  		in:       "g",
   613  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   614  	}, {
   615  		name:     "invalid hex 1h",
   616  		in:       "1h",
   617  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   618  	}, {
   619  		name:     "invalid hex i1",
   620  		in:       "i1",
   621  		expected: "0000000000000000000000000000000000000000000000000000000000000000",
   622  	}}
   623  
   624  	for _, test := range tests {
   625  		f := new(FieldVal).SetHex(test.in)
   626  		result := f.String()
   627  		if result != test.expected {
   628  			t.Errorf("%s: wrong result\ngot: %v\nwant: %v", test.name, result,
   629  				test.expected)
   630  			continue
   631  		}
   632  	}
   633  }
   634  
   635  // TestFieldNormalize ensures that normalizing the internal field words works as
   636  // expected.
   637  func TestFieldNormalize(t *testing.T) {
   638  	tests := []struct {
   639  		name       string     // test description
   640  		raw        [10]uint32 // Intentionally denormalized value
   641  		normalized [10]uint32 // Normalized form of the raw value
   642  	}{{
   643  		name:       "5",
   644  		raw:        [10]uint32{0x00000005, 0, 0, 0, 0, 0, 0, 0, 0, 0},
   645  		normalized: [10]uint32{0x00000005, 0, 0, 0, 0, 0, 0, 0, 0, 0},
   646  	}, {
   647  		name:       "2^26",
   648  		raw:        [10]uint32{0x04000000, 0x0, 0, 0, 0, 0, 0, 0, 0, 0},
   649  		normalized: [10]uint32{0x00000000, 0x1, 0, 0, 0, 0, 0, 0, 0, 0},
   650  	}, {
   651  		name:       "2^26 + 1",
   652  		raw:        [10]uint32{0x04000001, 0x0, 0, 0, 0, 0, 0, 0, 0, 0},
   653  		normalized: [10]uint32{0x00000001, 0x1, 0, 0, 0, 0, 0, 0, 0, 0},
   654  	}, {
   655  		name:       "2^32 - 1",
   656  		raw:        [10]uint32{0xffffffff, 0x00, 0, 0, 0, 0, 0, 0, 0, 0},
   657  		normalized: [10]uint32{0x03ffffff, 0x3f, 0, 0, 0, 0, 0, 0, 0, 0},
   658  	}, {
   659  		name:       "2^32",
   660  		raw:        [10]uint32{0x04000000, 0x3f, 0, 0, 0, 0, 0, 0, 0, 0},
   661  		normalized: [10]uint32{0x00000000, 0x40, 0, 0, 0, 0, 0, 0, 0, 0},
   662  	}, {
   663  		name:       "2^32 + 1",
   664  		raw:        [10]uint32{0x04000001, 0x3f, 0, 0, 0, 0, 0, 0, 0, 0},
   665  		normalized: [10]uint32{0x00000001, 0x40, 0, 0, 0, 0, 0, 0, 0, 0},
   666  	}, {
   667  		name:       "2^64 - 1",
   668  		raw:        [10]uint32{0xffffffff, 0xffffffc0, 0xfc0, 0, 0, 0, 0, 0, 0, 0},
   669  		normalized: [10]uint32{0x03ffffff, 0x03ffffff, 0xfff, 0, 0, 0, 0, 0, 0, 0},
   670  	}, {
   671  		name:       "2^64",
   672  		raw:        [10]uint32{0x04000000, 0x03ffffff, 0x0fff, 0, 0, 0, 0, 0, 0, 0},
   673  		normalized: [10]uint32{0x00000000, 0x00000000, 0x1000, 0, 0, 0, 0, 0, 0, 0},
   674  	}, {
   675  		name:       "2^64 + 1",
   676  		raw:        [10]uint32{0x04000001, 0x03ffffff, 0x0fff, 0, 0, 0, 0, 0, 0, 0},
   677  		normalized: [10]uint32{0x00000001, 0x00000000, 0x1000, 0, 0, 0, 0, 0, 0, 0},
   678  	}, {
   679  		name:       "2^96 - 1",
   680  		raw:        [10]uint32{0xffffffff, 0xffffffc0, 0xffffffc0, 0x3ffc0, 0, 0, 0, 0, 0, 0},
   681  		normalized: [10]uint32{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x3ffff, 0, 0, 0, 0, 0, 0},
   682  	}, {
   683  		name:       "2^96",
   684  		raw:        [10]uint32{0x04000000, 0x03ffffff, 0x03ffffff, 0x3ffff, 0, 0, 0, 0, 0, 0},
   685  		normalized: [10]uint32{0x00000000, 0x00000000, 0x00000000, 0x40000, 0, 0, 0, 0, 0, 0},
   686  	}, {
   687  		name:       "2^128 - 1",
   688  		raw:        [10]uint32{0xffffffff, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffc0, 0, 0, 0, 0, 0},
   689  		normalized: [10]uint32{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0xffffff, 0, 0, 0, 0, 0},
   690  	}, {
   691  		name:       "2^128",
   692  		raw:        [10]uint32{0x04000000, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x0ffffff, 0, 0, 0, 0, 0},
   693  		normalized: [10]uint32{0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x1000000, 0, 0, 0, 0, 0},
   694  	}, {
   695  		name:       "2^256 - 4294968273 (secp256k1 prime)",
   696  		raw:        [10]uint32{0xfffffc2f, 0xffffff80, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0x3fffc0},
   697  		normalized: [10]uint32{0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x000000},
   698  	}, {
   699  		// Value larger than P where both first and second words are larger than
   700  		// P's first and second words
   701  		name:       "Value > P with 1st and 2nd words > P's 1st and 2nd words",
   702  		raw:        [10]uint32{0xfffffc30, 0xffffff86, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0x3fffc0},
   703  		normalized: [10]uint32{0x00000001, 0x00000006, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x000000},
   704  	}, {
   705  		// Value larger than P where only the second word is larger than P's
   706  		// second word.
   707  		name:       "Value > P with 2nd word > P's 2nd word",
   708  		raw:        [10]uint32{0xfffffc2a, 0xffffff87, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0x3fffc0},
   709  		normalized: [10]uint32{0x03fffffb, 0x00000006, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x000000},
   710  	}, {
   711  		name:       "2^256 - 1",
   712  		raw:        [10]uint32{0xffffffff, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0xffffffc0, 0x3fffc0},
   713  		normalized: [10]uint32{0x000003d0, 0x00000040, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x000000},
   714  	}, {
   715  		// Prime with field representation such that the initial reduction does
   716  		// not result in a carry to bit 256.
   717  		//
   718  		// 2^256 - 4294968273 (secp256k1 prime)
   719  		name:       "2^256 - 4294968273 (secp256k1 prime)",
   720  		raw:        [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff},
   721  		normalized: [10]uint32{0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
   722  	}, {
   723  		// Value larger than P that reduces to a value which is still larger
   724  		// than P when it has a magnitude of 1 due to its first word and does
   725  		// not result in a carry to bit 256.
   726  		//
   727  		// 2^256 - 4294968272 (secp256k1 prime + 1)
   728  		name:       "2^256 - 4294968272 (secp256k1 prime + 1)",
   729  		raw:        [10]uint32{0x03fffc30, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff},
   730  		normalized: [10]uint32{0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
   731  	}, {
   732  		// Value larger than P that reduces to a value which is still larger
   733  		// than P when it has a magnitude of 1 due to its second word and does
   734  		// not result in a carry to bit 256.
   735  		//
   736  		// 2^256 - 4227859409 (secp256k1 prime + 0x4000000)
   737  		name:       "2^256 - 4227859409 (secp256k1 prime + 0x4000000)",
   738  		raw:        [10]uint32{0x03fffc2f, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff},
   739  		normalized: [10]uint32{0x00000000, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000},
   740  	}, {
   741  		// Value larger than P that reduces to a value which is still larger
   742  		// than P when it has a magnitude of 1 due to a carry to bit 256, but
   743  		// would not be without the carry.  These values come from the fact that
   744  		// P is 2^256 - 4294968273 and 977 is the low order word in the internal
   745  		// field representation.
   746  		//
   747  		// 2^256 * 5 - ((4294968273 - (977+1)) * 4)
   748  		name:       "2^256 * 5 - ((4294968273 - (977+1)) * 4)",
   749  		raw:        [10]uint32{0x03ffffff, 0x03fffeff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x0013fffff},
   750  		normalized: [10]uint32{0x00001314, 0x00000040, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x000000000},
   751  	}, {
   752  		// Value larger than P that reduces to a value which is still larger
   753  		// than P when it has a magnitude of 1 due to both a carry to bit 256
   754  		// and the first word.
   755  		name:       "Value > P with redux > P at mag 1 due to 1st word and carry to bit 256",
   756  		raw:        [10]uint32{0x03fffc30, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x07ffffff, 0x003fffff},
   757  		normalized: [10]uint32{0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000001},
   758  	}, {
   759  		// Value larger than P that reduces to a value which is still larger
   760  		// than P when it has a magnitude of 1 due to both a carry to bit 256
   761  		// and the second word.
   762  		name:       "Value > P with redux > P at mag 1 due to 2nd word and carry to bit 256",
   763  		raw:        [10]uint32{0x03fffc2f, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x3ffffff, 0x07ffffff, 0x003fffff},
   764  		normalized: [10]uint32{0x00000000, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x0000000, 0x00000000, 0x00000001},
   765  	}, {
   766  		// Value larger than P that reduces to a value which is still larger
   767  		// than P when it has a magnitude of 1 due to a carry to bit 256 and the
   768  		// first and second words.
   769  		name:       "Value > P with redux > P at mag 1 due to 1st and 2nd words and carry to bit 256",
   770  		raw:        [10]uint32{0x03fffc30, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x07ffffff, 0x003fffff},
   771  		normalized: [10]uint32{0x00000001, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000001},
   772  	}, {
   773  		// ---------------------------------------------------------------------
   774  		// There are 3 main conditions that must be true if the final reduction
   775  		// is needed after the initial reduction to magnitude 1 when there was
   776  		// NOT a carry to bit 256 (in other words when the original value was <
   777  		// 2^256):
   778  		// 1) The final word of the reduced value is equal to the one of P
   779  		// 2) The 3rd through 9th words are equal to those of P
   780  		// 3) Either:
   781  		//    - The 2nd word is greater than the one of P; or
   782  		//    - The 2nd word is equal to that of P AND the 1st word is greater
   783  		//
   784  		// Therefore the eight possible combinations of those 3 main conditions
   785  		// can be thought of in binary where each bit starting from the left
   786  		// corresponds to the aforementioned conditions as such:
   787  		// 000, 001, 010, 011, 100, 101, 110, 111
   788  		//
   789  		// For example, combination 6 is when both conditons 1 and 2 are true,
   790  		// but condition 3 is NOT true.
   791  		//
   792  		// The following tests hit each of these combinations and refer to each
   793  		// by its decimal equivalent for ease of reference.
   794  		//
   795  		// NOTE: The final combination (7) is already tested above since it only
   796  		// happens when the original value is already the normalized
   797  		// representation of P.
   798  		// ---------------------------------------------------------------------
   799  
   800  		name:       "Value < 2^256 final reduction combination 0",
   801  		raw:        [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   802  		normalized: [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   803  	}, {
   804  		name:       "Value < 2^256 final reduction combination 1 via 2nd word",
   805  		raw:        [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   806  		normalized: [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   807  	}, {
   808  		name:       "Value < 2^256 final reduction combination 1 via 1st word",
   809  		raw:        [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   810  		normalized: [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003ffffe},
   811  	}, {
   812  		name:       "Value < 2^256 final reduction combination 2",
   813  		raw:        [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   814  		normalized: [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   815  	}, {
   816  		name:       "Value < 2^256 final reduction combination 3 via 2nd word",
   817  		raw:        [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   818  		normalized: [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   819  	}, {
   820  		name:       "Value < 2^256 final reduction combination 3 via 1st word",
   821  		raw:        [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   822  		normalized: [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003ffffe},
   823  	}, {
   824  		name:       "Value < 2^256 final reduction combination 4",
   825  		raw:        [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   826  		normalized: [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   827  	}, {
   828  		name:       "Value < 2^256 final reduction combination 5 via 2nd word",
   829  		raw:        [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   830  		normalized: [10]uint32{0x03fff85e, 0x03ffffc0, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   831  	}, {
   832  		name:       "Value < 2^256 final reduction combination 5 via 1st word",
   833  		raw:        [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   834  		normalized: [10]uint32{0x03fffc2f, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03fffffe, 0x003fffff},
   835  	}, {
   836  		name:       "Value < 2^256 final reduction combination 6",
   837  		raw:        [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff},
   838  		normalized: [10]uint32{0x03fff85e, 0x03ffffbf, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x003fffff},
   839  	}}
   840  
   841  	for _, test := range tests {
   842  		f := new(FieldVal)
   843  		f.n = test.raw
   844  		f.Normalize()
   845  		if !reflect.DeepEqual(f.n, test.normalized) {
   846  			t.Errorf("%s: wrong normalized result\ngot: %x\nwant: %x",
   847  				test.name, f.n, test.normalized)
   848  			continue
   849  		}
   850  	}
   851  }
   852  
   853  // TestFieldIsOdd ensures that checking if a field value is odd via IsOdd and
   854  // IsOddBit works as expected.
   855  func TestFieldIsOdd(t *testing.T) {
   856  	tests := []struct {
   857  		name     string // test description
   858  		in       string // hex encoded value
   859  		expected bool   // expected oddness
   860  	}{{
   861  		name:     "zero",
   862  		in:       "0",
   863  		expected: false,
   864  	}, {
   865  		name:     "one",
   866  		in:       "1",
   867  		expected: true,
   868  	}, {
   869  		name:     "two",
   870  		in:       "2",
   871  		expected: false,
   872  	}, {
   873  		name:     "2^32 - 1",
   874  		in:       "ffffffff",
   875  		expected: true,
   876  	}, {
   877  		name:     "2^64 - 2",
   878  		in:       "fffffffffffffffe",
   879  		expected: false,
   880  	}, {
   881  		name:     "secp256k1 prime (not normalized so should be incorrect result)",
   882  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   883  		expected: true,
   884  	}, {
   885  		name:     "secp256k1 prime + 1 (not normalized so should be incorrect result)",
   886  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   887  		expected: false,
   888  	}}
   889  
   890  	for _, test := range tests {
   891  		f := new(FieldVal).SetHex(test.in)
   892  		result := f.IsOdd()
   893  		if result != test.expected {
   894  			t.Errorf("%s: wrong result -- got: %v, want: %v", test.name,
   895  				result, test.expected)
   896  			continue
   897  		}
   898  
   899  		result2 := f.IsOddBit() == 1
   900  		if result2 != test.expected {
   901  			t.Errorf("%s: wrong result -- got: %v, want: %v", test.name,
   902  				result2, test.expected)
   903  			continue
   904  		}
   905  	}
   906  }
   907  
   908  // TestFieldEquals ensures that checking two field values for equality via
   909  // Equals works as expected.
   910  func TestFieldEquals(t *testing.T) {
   911  	tests := []struct {
   912  		name     string // test description
   913  		in1      string // hex encoded value
   914  		in2      string // hex encoded value
   915  		expected bool   // expected equality
   916  	}{{
   917  		name:     "0 == 0?",
   918  		in1:      "0",
   919  		in2:      "0",
   920  		expected: true,
   921  	}, {
   922  		name:     "0 == 1?",
   923  		in1:      "0",
   924  		in2:      "1",
   925  		expected: false,
   926  	}, {
   927  		name:     "1 == 0?",
   928  		in1:      "1",
   929  		in2:      "0",
   930  		expected: false,
   931  	}, {
   932  		name:     "2^32 - 1 == 2^32 - 1?",
   933  		in1:      "ffffffff",
   934  		in2:      "ffffffff",
   935  		expected: true,
   936  	}, {
   937  		name:     "2^64 - 1 == 2^64 - 2?",
   938  		in1:      "ffffffffffffffff",
   939  		in2:      "fffffffffffffffe",
   940  		expected: false,
   941  	}, {
   942  		name:     "0 == prime (mod prime)?",
   943  		in1:      "0",
   944  		in2:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   945  		expected: true,
   946  	}, {
   947  		name:     "1 == prime + 1 (mod prime)?",
   948  		in1:      "1",
   949  		in2:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
   950  		expected: true,
   951  	}}
   952  
   953  	for _, test := range tests {
   954  		f := new(FieldVal).SetHex(test.in1).Normalize()
   955  		f2 := new(FieldVal).SetHex(test.in2).Normalize()
   956  		result := f.Equals(f2)
   957  		if result != test.expected {
   958  			t.Errorf("%s: wrong result -- got: %v, want: %v", test.name, result,
   959  				test.expected)
   960  			continue
   961  		}
   962  	}
   963  }
   964  
   965  // TestFieldNegate ensures that negating field values via Negate works as
   966  // expected.
   967  func TestFieldNegate(t *testing.T) {
   968  	tests := []struct {
   969  		name     string // test description
   970  		in       string // hex encoded test value
   971  		expected string // hex encoded expected result
   972  	}{{
   973  		name:     "zero",
   974  		in:       "0",
   975  		expected: "0",
   976  	}, {
   977  		name:     "secp256k1 prime (direct val in with 0 out)",
   978  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   979  		expected: "0",
   980  	}, {
   981  		name:     "secp256k1 prime (0 in with direct val out)",
   982  		in:       "0",
   983  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
   984  	}, {
   985  		name:     "1 -> secp256k1 prime - 1",
   986  		in:       "1",
   987  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
   988  	}, {
   989  		name:     "secp256k1 prime - 1 -> 1",
   990  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
   991  		expected: "1",
   992  	}, {
   993  		name:     "2 -> secp256k1 prime - 2",
   994  		in:       "2",
   995  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
   996  	}, {
   997  		name:     "secp256k1 prime - 2 -> 2",
   998  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
   999  		expected: "2",
  1000  	}, {
  1001  		name:     "random sampling #1",
  1002  		in:       "b3d9aac9c5e43910b4385b53c7e78c21d4cd5f8e683c633aed04c233efc2e120",
  1003  		expected: "4c2655363a1bc6ef4bc7a4ac381873de2b32a07197c39cc512fb3dcb103d1b0f",
  1004  	}, {
  1005  		name:     "random sampling #2",
  1006  		in:       "f8a85984fee5a12a7c8dd08830d83423c937d77c379e4a958e447a25f407733f",
  1007  		expected: "757a67b011a5ed583722f77cf27cbdc36c82883c861b56a71bb85d90bf888f0",
  1008  	}, {
  1009  		name:     "random sampling #3",
  1010  		in:       "45ee6142a7fda884211e93352ed6cb2807800e419533be723a9548823ece8312",
  1011  		expected: "ba119ebd5802577bdee16ccad12934d7f87ff1be6acc418dc56ab77cc131791d",
  1012  	}, {
  1013  		name:     "random sampling #4",
  1014  		in:       "53c2a668f07e411a2e473e1c3b6dcb495dec1227af27673761d44afe5b43d22b",
  1015  		expected: "ac3d59970f81bee5d1b8c1e3c49234b6a213edd850d898c89e2bb500a4bc2a04",
  1016  	}}
  1017  
  1018  	for _, test := range tests {
  1019  		f := new(FieldVal).SetHex(test.in).Normalize()
  1020  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1021  
  1022  		// Ensure negating another value produces the expected result.
  1023  		result := new(FieldVal).NegateVal(f, 1).Normalize()
  1024  		if !result.Equals(expected) {
  1025  			t.Errorf("%s: unexpected result -- got: %v, want: %v", test.name,
  1026  				result, expected)
  1027  			continue
  1028  		}
  1029  
  1030  		// Ensure self negating also produces the expected result.
  1031  		result2 := f.Negate(1).Normalize()
  1032  		if !result2.Equals(expected) {
  1033  			t.Errorf("%s: unexpected result -- got: %v, want: %v", test.name,
  1034  				result2, expected)
  1035  			continue
  1036  		}
  1037  	}
  1038  }
  1039  
  1040  // TestFieldAddInt ensures that adding an integer to field values via AddInt
  1041  // works as expected.
  1042  func TestFieldAddInt(t *testing.T) {
  1043  	tests := []struct {
  1044  		name     string // test description
  1045  		in1      string // hex encoded value
  1046  		in2      uint16 // unsigned integer to add to the value above
  1047  		expected string // expected hex encoded value
  1048  	}{{
  1049  		name:     "zero + one",
  1050  		in1:      "0",
  1051  		in2:      1,
  1052  		expected: "1",
  1053  	}, {
  1054  		name:     "one + zero",
  1055  		in1:      "1",
  1056  		in2:      0,
  1057  		expected: "1",
  1058  	}, {
  1059  		name:     "one + one",
  1060  		in1:      "1",
  1061  		in2:      1,
  1062  		expected: "2",
  1063  	}, {
  1064  		name:     "secp256k1 prime-1 + 1",
  1065  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1066  		in2:      1,
  1067  		expected: "0",
  1068  	}, {
  1069  		name:     "secp256k1 prime + 1",
  1070  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1071  		in2:      1,
  1072  		expected: "1",
  1073  	}, {
  1074  		name:     "random sampling #1",
  1075  		in1:      "ff95ad9315aff04ab4af0ce673620c7145dc85d03bab5ba4b09ca2c4dec2d6c1",
  1076  		in2:      0x10f,
  1077  		expected: "ff95ad9315aff04ab4af0ce673620c7145dc85d03bab5ba4b09ca2c4dec2d7d0",
  1078  	}, {
  1079  		name:     "random sampling #2",
  1080  		in1:      "44bdae6b772e7987941f1ba314e6a5b7804a4c12c00961b57d20f41deea9cecf",
  1081  		in2:      0x3196,
  1082  		expected: "44bdae6b772e7987941f1ba314e6a5b7804a4c12c00961b57d20f41deeaa0065",
  1083  	}, {
  1084  		name:     "random sampling #3",
  1085  		in1:      "88c3ecae67b591935fb1f6a9499c35315ffad766adca665c50b55f7105122c9c",
  1086  		in2:      0x966f,
  1087  		expected: "88c3ecae67b591935fb1f6a9499c35315ffad766adca665c50b55f710512c30b",
  1088  	}, {
  1089  		name:     "random sampling #4",
  1090  		in1:      "8523e9edf360ca32a95aae4e57fcde5a542b471d08a974d94ea0ee09a015e2a6",
  1091  		in2:      0xc54,
  1092  		expected: "8523e9edf360ca32a95aae4e57fcde5a542b471d08a974d94ea0ee09a015eefa",
  1093  	}}
  1094  
  1095  	for _, test := range tests {
  1096  		f := new(FieldVal).SetHex(test.in1).Normalize()
  1097  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1098  		result := f.AddInt(test.in2).Normalize()
  1099  		if !result.Equals(expected) {
  1100  			t.Errorf("%s: wrong result -- got: %v -- want: %v", test.name,
  1101  				result, expected)
  1102  			continue
  1103  		}
  1104  	}
  1105  }
  1106  
  1107  // TestFieldAdd ensures that adding two field values together via Add and Add2
  1108  // works as expected.
  1109  func TestFieldAdd(t *testing.T) {
  1110  	tests := []struct {
  1111  		name     string // test description
  1112  		in1      string // first hex encoded value
  1113  		in2      string // second hex encoded value to add
  1114  		expected string // expected hex encoded value
  1115  	}{{
  1116  		name:     "zero + one",
  1117  		in1:      "0",
  1118  		in2:      "1",
  1119  		expected: "1",
  1120  	}, {
  1121  		name:     "one + zero",
  1122  		in1:      "1",
  1123  		in2:      "0",
  1124  		expected: "1",
  1125  	}, {
  1126  		name:     "secp256k1 prime-1 + 1",
  1127  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1128  		in2:      "1",
  1129  		expected: "0",
  1130  	}, {
  1131  		name:     "secp256k1 prime + 1",
  1132  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1133  		in2:      "1",
  1134  		expected: "1",
  1135  	}, {
  1136  		name:     "random sampling #1",
  1137  		in1:      "2b2012f975404e5065b4292fb8bed0a5d315eacf24c74d8b27e73bcc5430edcc",
  1138  		in2:      "2c3cefa4e4753e8aeec6ac4c12d99da4d78accefda3b7885d4c6bab46c86db92",
  1139  		expected: "575d029e59b58cdb547ad57bcb986e4aaaa0b7beff02c610fcadf680c0b7c95e",
  1140  	}, {
  1141  		name:     "random sampling #2",
  1142  		in1:      "8131e8722fe59bb189692b96c9f38de92885730f1dd39ab025daffb94c97f79c",
  1143  		in2:      "ff5454b765f0aab5f0977dcc629becc84cabeb9def48e79c6aadb2622c490fa9",
  1144  		expected: "80863d2995d646677a00a9632c8f7ab175315ead0d1c824c9088b21c78e10b16",
  1145  	}, {
  1146  		name:     "random sampling #3",
  1147  		in1:      "c7c95e93d0892b2b2cdd77e80eb646ea61be7a30ac7e097e9f843af73fad5c22",
  1148  		in2:      "3afe6f91a74dfc1c7f15c34907ee981656c37236d946767dd53ccad9190e437c",
  1149  		expected: "2c7ce2577d72747abf33b3116a4df00b881ec6785c47ffc74c105d158bba36f",
  1150  	}, {
  1151  		name:     "random sampling #4",
  1152  		in1:      "fd1c26f6a23381e5d785ba889494ec059369b888ad8431cd67d8c934b580dbe1",
  1153  		in2:      "a475aa5a31dcca90ef5b53c097d9133d6b7117474b41e7877bb199590fc0489c",
  1154  		expected: "a191d150d4104c76c6e10e492c6dff42fedacfcff8c61954e38a628ec541284e",
  1155  	}, {
  1156  		name:     "random sampling #5",
  1157  		in1:      "ad82b8d1cc136e23e9fd77fe2c7db1fe5a2ecbfcbde59ab3529758334f862d28",
  1158  		in2:      "4d6a4e95d6d61f4f46b528bebe152d408fd741157a28f415639347a84f6f574b",
  1159  		expected: "faed0767a2e98d7330b2a0bcea92df3eea060d12380e8ec8b62a9fdb9ef58473",
  1160  	}, {
  1161  		name:     "random sampling #6",
  1162  		in1:      "f3f43a2540054a86e1df98547ec1c0e157b193e5350fb4a3c3ea214b228ac5e7",
  1163  		in2:      "25706572592690ea3ddc951a1b48b504a4c83dc253756e1b96d56fdfb3199522",
  1164  		expected: "19649f97992bdb711fbc2d6e9a0a75e5fc79d1a7888522bf5abf912bd5a45eda",
  1165  	}, {
  1166  		name:     "random sampling #7",
  1167  		in1:      "6915bb94eef13ff1bb9b2633d997e13b9b1157c713363cc0e891416d6734f5b8",
  1168  		in2:      "11f90d6ac6fe1c4e8900b1c85fb575c251ec31b9bc34b35ada0aea1c21eded22",
  1169  		expected: "7b0ec8ffb5ef5c40449bd7fc394d56fdecfd8980cf6af01bc29c2b898922e2da",
  1170  	}, {
  1171  		name:     "random sampling #8",
  1172  		in1:      "48b0c9eae622eed9335b747968544eb3e75cb2dc8128388f948aa30f88cabde4",
  1173  		in2:      "0989882b52f85f9d524a3a3061a0e01f46d597839d2ba637320f4b9510c8d2d5",
  1174  		expected: "523a5216391b4e7685a5aea9c9f52ed32e324a601e53dec6c699eea4999390b9",
  1175  	}}
  1176  
  1177  	for _, test := range tests {
  1178  		// Parse test hex.
  1179  		f1 := new(FieldVal).SetHex(test.in1).Normalize()
  1180  		f2 := new(FieldVal).SetHex(test.in2).Normalize()
  1181  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1182  
  1183  		// Ensure adding the two values with the result going to another
  1184  		// variable produces the expected result.
  1185  		result := new(FieldVal).Add2(f1, f2).Normalize()
  1186  		if !result.Equals(expected) {
  1187  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1188  				result, expected)
  1189  			continue
  1190  		}
  1191  
  1192  		// Ensure adding the value to an existing field value produces the
  1193  		// expected result.
  1194  		f1.Add(f2).Normalize()
  1195  		if !f1.Equals(expected) {
  1196  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1197  				f1, expected)
  1198  			continue
  1199  		}
  1200  	}
  1201  }
  1202  
  1203  // TestFieldMulInt ensures that multiplying an integer to field values via
  1204  // MulInt works as expected.
  1205  func TestFieldMulInt(t *testing.T) {
  1206  	tests := []struct {
  1207  		name     string // test description
  1208  		in1      string // hex encoded value
  1209  		in2      uint8  // unsigned integer to multiply with value above
  1210  		expected string // expected hex encoded value
  1211  	}{{
  1212  		name:     "zero * zero",
  1213  		in1:      "0",
  1214  		in2:      0,
  1215  		expected: "0",
  1216  	}, {
  1217  		name:     "one * zero",
  1218  		in1:      "1",
  1219  		in2:      0,
  1220  		expected: "0",
  1221  	}, {
  1222  		name:     "zero * one",
  1223  		in1:      "0",
  1224  		in2:      1,
  1225  		expected: "0",
  1226  	}, {
  1227  		name:     "one * one",
  1228  		in1:      "1",
  1229  		in2:      1,
  1230  		expected: "1",
  1231  	}, {
  1232  		name:     "secp256k1 prime-1 * 2",
  1233  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1234  		in2:      2,
  1235  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
  1236  	}, {
  1237  		name:     "secp256k1 prime * 3",
  1238  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1239  		in2:      3,
  1240  		expected: "0",
  1241  	}, {
  1242  		name:     "secp256k1 prime-1 * 8",
  1243  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1244  		in2:      8,
  1245  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc27",
  1246  	}, {
  1247  		// Random samples for first value.  The second value is limited
  1248  		// to 8 since that is the maximum int used in the elliptic curve
  1249  		// calculations.
  1250  		name:     "random sampling #1",
  1251  		in1:      "b75674dc9180d306c692163ac5e089f7cef166af99645c0c23568ab6d967288a",
  1252  		in2:      6,
  1253  		expected: "4c06bd2b6904f228a76c8560a3433bced9a8681d985a2848d407404d186b0280",
  1254  	}, {
  1255  		name:     "random sampling #2",
  1256  		in1:      "54873298ac2b5ba8591c125ae54931f5ea72040aee07b208d6135476fb5b9c0e",
  1257  		in2:      3,
  1258  		expected: "fd9597ca048212f90b543710afdb95e1bf560c20ca17161a8239fd64f212d42a",
  1259  	}, {
  1260  		name:     "random sampling #3",
  1261  		in1:      "7c30fbd363a74c17e1198f56b090b59bbb6c8755a74927a6cba7a54843506401",
  1262  		in2:      5,
  1263  		expected: "6cf4eb20f2447c77657fccb172d38c0aa91ea4ac446dc641fa463a6b5091fba7",
  1264  	}, {
  1265  		name:     "random sampling #3",
  1266  		in1:      "fb4529be3e027a3d1587d8a500b72f2d312e3577340ef5175f96d113be4c2ceb",
  1267  		in2:      8,
  1268  		expected: "da294df1f013d1e8ac3ec52805b979698971abb9a077a8bafcb688a4f261820f",
  1269  	}}
  1270  
  1271  	for _, test := range tests {
  1272  		f := new(FieldVal).SetHex(test.in1).Normalize()
  1273  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1274  		result := f.MulInt(test.in2).Normalize()
  1275  		if !result.Equals(expected) {
  1276  			t.Errorf("%s: wrong result -- got: %v -- want: %v", test.name,
  1277  				result, expected)
  1278  			continue
  1279  		}
  1280  	}
  1281  }
  1282  
  1283  // TestFieldMul ensures that multiplying two field values via Mul and Mul2 works
  1284  // as expected.
  1285  func TestFieldMul(t *testing.T) {
  1286  	tests := []struct {
  1287  		name     string // test description
  1288  		in1      string // first hex encoded value
  1289  		in2      string // second hex encoded value to multiply with
  1290  		expected string // expected hex encoded value
  1291  	}{{
  1292  		name:     "zero * zero",
  1293  		in1:      "0",
  1294  		in2:      "0",
  1295  		expected: "0",
  1296  	}, {
  1297  		name:     "one * zero",
  1298  		in1:      "1",
  1299  		in2:      "0",
  1300  		expected: "0",
  1301  	}, {
  1302  		name:     "zero * one",
  1303  		in1:      "0",
  1304  		in2:      "1",
  1305  		expected: "0",
  1306  	}, {
  1307  		name:     "one * one",
  1308  		in1:      "1",
  1309  		in2:      "1",
  1310  		expected: "1",
  1311  	}, {
  1312  		name:     "slightly over prime",
  1313  		in1:      "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff1ffff",
  1314  		in2:      "1000",
  1315  		expected: "1ffff3d1",
  1316  	}, {
  1317  		name:     "secp256k1 prime-1 * 2",
  1318  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1319  		in2:      "2",
  1320  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
  1321  	}, {
  1322  		name:     "secp256k1 prime * 3",
  1323  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1324  		in2:      "3",
  1325  		expected: "0",
  1326  	}, {
  1327  		name:     "secp256k1 prime * 3",
  1328  		in1:      "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1329  		in2:      "8",
  1330  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc27",
  1331  	}, {
  1332  		name:     "random sampling #1",
  1333  		in1:      "cfb81753d5ef499a98ecc04c62cb7768c2e4f1740032946db1c12e405248137e",
  1334  		in2:      "58f355ad27b4d75fb7db0442452e732c436c1f7c5a7c4e214fa9cc031426a7d3",
  1335  		expected: "1018cd2d7c2535235b71e18db9cd98027386328d2fa6a14b36ec663c4c87282b",
  1336  	}, {
  1337  		name:     "random sampling #2",
  1338  		in1:      "26e9d61d1cdf3920e9928e85fa3df3e7556ef9ab1d14ec56d8b4fc8ed37235bf",
  1339  		in2:      "2dfc4bbe537afee979c644f8c97b31e58be5296d6dbc460091eae630c98511cf",
  1340  		expected: "da85f48da2dc371e223a1ae63bd30b7e7ee45ae9b189ac43ff357e9ef8cf107a",
  1341  	}, {
  1342  		name:     "random sampling #3",
  1343  		in1:      "5db64ed5afb71646c8b231585d5b2bf7e628590154e0854c4c29920b999ff351",
  1344  		in2:      "279cfae5eea5d09ade8e6a7409182f9de40981bc31c84c3d3dfe1d933f152e9a",
  1345  		expected: "2c78fbae91792dd0b157abe3054920049b1879a7cc9d98cfda927d83be411b37",
  1346  	}, {
  1347  		name:     "random sampling #4",
  1348  		in1:      "b66dfc1f96820b07d2bdbd559c19319a3a73c97ceb7b3d662f4fe75ecb6819e6",
  1349  		in2:      "bf774aba43e3e49eb63a6e18037d1118152568f1a3ac4ec8b89aeb6ff8008ae1",
  1350  		expected: "c4f016558ca8e950c21c3f7fc15f640293a979c7b01754ee7f8b3340d4902ebb",
  1351  	}}
  1352  
  1353  	for _, test := range tests {
  1354  		f1 := new(FieldVal).SetHex(test.in1).Normalize()
  1355  		f2 := new(FieldVal).SetHex(test.in2).Normalize()
  1356  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1357  
  1358  		// Ensure multiplying the two values with the result going to another
  1359  		// variable produces the expected result.
  1360  		result := new(FieldVal).Mul2(f1, f2).Normalize()
  1361  		if !result.Equals(expected) {
  1362  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1363  				result, expected)
  1364  			continue
  1365  		}
  1366  
  1367  		// Ensure multiplying the value to an existing field value produces the
  1368  		// expected result.
  1369  		f1.Mul(f2).Normalize()
  1370  		if !f1.Equals(expected) {
  1371  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1372  				f1, expected)
  1373  			continue
  1374  		}
  1375  	}
  1376  }
  1377  
  1378  // TestFieldSquare ensures that squaring field values via Square and SqualVal
  1379  // works as expected.
  1380  func TestFieldSquare(t *testing.T) {
  1381  	tests := []struct {
  1382  		name     string // test description
  1383  		in       string // hex encoded value
  1384  		expected string // expected hex encoded value
  1385  	}{{
  1386  		name:     "zero",
  1387  		in:       "0",
  1388  		expected: "0",
  1389  	}, {
  1390  		name:     "secp256k1 prime (direct val in with 0 out)",
  1391  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1392  		expected: "0",
  1393  	}, {
  1394  		name:     "secp256k1 prime (0 in with direct val out)",
  1395  		in:       "0",
  1396  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1397  	}, {
  1398  		name:     "secp256k1 prime - 1",
  1399  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1400  		expected: "1",
  1401  	}, {
  1402  		name:     "secp256k1 prime - 2",
  1403  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
  1404  		expected: "4",
  1405  	}, {
  1406  		name:     "random sampling #1",
  1407  		in:       "b0ba920360ea8436a216128047aab9766d8faf468895eb5090fc8241ec758896",
  1408  		expected: "133896b0b69fda8ce9f648b9a3af38f345290c9eea3cbd35bafcadf7c34653d3",
  1409  	}, {
  1410  		name:     "random sampling #2",
  1411  		in:       "c55d0d730b1d0285a1599995938b042a756e6e8857d390165ffab480af61cbd5",
  1412  		expected: "cd81758b3f5877cbe7e5b0a10cebfa73bcbf0957ca6453e63ee8954ab7780bee",
  1413  	}, {
  1414  		name:     "random sampling #3",
  1415  		in:       "e89c1f9a70d93651a1ba4bca5b78658f00de65a66014a25544d3365b0ab82324",
  1416  		expected: "39ffc7a43e5dbef78fd5d0354fb82c6d34f5a08735e34df29da14665b43aa1f",
  1417  	}, {
  1418  		name:     "random sampling #4",
  1419  		in:       "7dc26186079d22bcbe1614aa20ae627e62d72f9be7ad1e99cac0feb438956f05",
  1420  		expected: "bf86bcfc4edb3d81f916853adfda80c07c57745b008b60f560b1912f95bce8ae",
  1421  	}}
  1422  
  1423  	for _, test := range tests {
  1424  		f := new(FieldVal).SetHex(test.in).Normalize()
  1425  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1426  
  1427  		// Ensure squaring the value with the result going to another variable
  1428  		// produces the expected result.
  1429  		result := new(FieldVal).SquareVal(f).Normalize()
  1430  		if !result.Equals(expected) {
  1431  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1432  				result, expected)
  1433  			continue
  1434  		}
  1435  
  1436  		// Ensure self squaring an existing field value produces the expected
  1437  		// result.
  1438  		f.Square().Normalize()
  1439  		if !f.Equals(expected) {
  1440  			t.Errorf("%s: unexpected result\ngot: %v\nwant: %v", test.name,
  1441  				f, expected)
  1442  			continue
  1443  		}
  1444  	}
  1445  }
  1446  
  1447  // TestFieldSquareRoot ensures that calculating the square root of field values
  1448  // via SquareRootVal works as expected for edge cases.
  1449  func TestFieldSquareRoot(t *testing.T) {
  1450  	tests := []struct {
  1451  		name  string // test description
  1452  		in    string // hex encoded value
  1453  		valid bool   // whether or not the value has a square root
  1454  		want  string // expected hex encoded value
  1455  	}{{
  1456  		name:  "secp256k1 prime (as 0 in and out)",
  1457  		in:    "0",
  1458  		valid: true,
  1459  		want:  "0",
  1460  	}, {
  1461  		name:  "secp256k1 prime (direct val with 0 out)",
  1462  		in:    "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1463  		valid: true,
  1464  		want:  "0",
  1465  	}, {
  1466  		name:  "secp256k1 prime (as 0 in direct val out)",
  1467  		in:    "0",
  1468  		valid: true,
  1469  		want:  "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1470  	}, {
  1471  		name:  "secp256k1 prime-1",
  1472  		in:    "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1473  		valid: false,
  1474  		want:  "0000000000000000000000000000000000000000000000000000000000000001",
  1475  	}, {
  1476  		name:  "secp256k1 prime-2",
  1477  		in:    "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
  1478  		valid: false,
  1479  		want:  "210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f7",
  1480  	}, {
  1481  		name:  "(secp256k1 prime-2)^2",
  1482  		in:    "0000000000000000000000000000000000000000000000000000000000000004",
  1483  		valid: true,
  1484  		want:  "0000000000000000000000000000000000000000000000000000000000000002",
  1485  	}, {
  1486  		name:  "value 1",
  1487  		in:    "0000000000000000000000000000000000000000000000000000000000000001",
  1488  		valid: true,
  1489  		want:  "0000000000000000000000000000000000000000000000000000000000000001",
  1490  	}, {
  1491  		name:  "value 2",
  1492  		in:    "0000000000000000000000000000000000000000000000000000000000000002",
  1493  		valid: true,
  1494  		want:  "210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f7",
  1495  	}, {
  1496  		name:  "random sampling 1",
  1497  		in:    "16fb970147a9acc73654d4be233cc48b875ce20a2122d24f073d29bd28805aca",
  1498  		valid: false,
  1499  		want:  "6a27dcfca440cf7930a967be533b9620e397f122787c53958aaa7da7ad3d89a4",
  1500  	}, {
  1501  		name:  "square of random sampling 1",
  1502  		in:    "f4a8c3738ace0a1c3abf77737ae737f07687b5e24c07a643398298bd96893a18",
  1503  		valid: true,
  1504  		want:  "e90468feb8565338c9ab2b41dcc33b7478a31df5dedd2db0f8c2d641d77fa165",
  1505  	}, {
  1506  		name:  "random sampling 2",
  1507  		in:    "69d1323ce9f1f7b3bd3c7320b0d6311408e30281e273e39a0d8c7ee1c8257919",
  1508  		valid: true,
  1509  		want:  "61f4a7348274a52d75dfe176b8e3aaff61c1c833b6678260ba73def0fb2ad148",
  1510  	}, {
  1511  		name:  "random sampling 3",
  1512  		in:    "e0debf988ae098ecda07d0b57713e97c6d213db19753e8c95aa12a2fc1cc5272",
  1513  		valid: false,
  1514  		want:  "6e1cc9c311d33d901670135244f994b1ea39501f38002269b34ce231750cfbac",
  1515  	}, {
  1516  		name:  "random sampling 4",
  1517  		in:    "dcd394f91f74c2ba16aad74a22bb0ed47fe857774b8f2d6c09e28bfb14642878",
  1518  		valid: true,
  1519  		want:  "72b22fe6f173f8bcb21898806142ed4c05428601256eafce5d36c1b08fb82bab",
  1520  	}}
  1521  
  1522  	for _, test := range tests {
  1523  		input := new(FieldVal).SetHex(test.in).Normalize()
  1524  		want := new(FieldVal).SetHex(test.want).Normalize()
  1525  
  1526  		// Calculate the square root and enusre the validity flag matches the
  1527  		// expected value.
  1528  		var result FieldVal
  1529  		isValid := result.SquareRootVal(input)
  1530  		if isValid != test.valid {
  1531  			t.Errorf("%s: mismatched validity -- got %v, want %v", test.name,
  1532  				isValid, test.valid)
  1533  			continue
  1534  		}
  1535  
  1536  		// Ensure the calculated result matches the expected value.
  1537  		result.Normalize()
  1538  		if !result.Equals(want) {
  1539  			t.Errorf("%s: d wrong result\ngot: %v\nwant: %v", test.name, result,
  1540  				want)
  1541  			continue
  1542  		}
  1543  	}
  1544  }
  1545  
  1546  // TestFieldSquareRootRandom ensures that calculating the square root for random
  1547  // field values works as expected by also performing the same operation with big
  1548  // ints and comparing the results.
  1549  func TestFieldSquareRootRandom(t *testing.T) {
  1550  	// Use a unique random seed each test instance and log it if the tests fail.
  1551  	seed := time.Now().Unix()
  1552  	rng := rand.New(rand.NewSource(seed))
  1553  	defer func(t *testing.T, seed int64) {
  1554  		if t.Failed() {
  1555  			t.Logf("random seed: %d", seed)
  1556  		}
  1557  	}(t, seed)
  1558  
  1559  	for i := 0; i < 100; i++ {
  1560  		// Generate big integer and field value with the same random value.
  1561  		bigIntVal, fVal := randIntAndFieldVal(t, rng)
  1562  
  1563  		// Calculate the square root of the value using big ints.
  1564  		bigIntResult := new(big.Int).ModSqrt(bigIntVal, curveParams.P)
  1565  		bigIntHasSqrt := bigIntResult != nil
  1566  
  1567  		// Calculate the square root of the value using a field value.
  1568  		var fValResult FieldVal
  1569  		fValHasSqrt := fValResult.SquareRootVal(fVal)
  1570  
  1571  		// Ensure they match.
  1572  		if bigIntHasSqrt != fValHasSqrt {
  1573  			t.Fatalf("mismatched square root existence\nbig int in: %x\nfield "+
  1574  				"in: %v\nbig int result: %v\nfield result %v", bigIntVal, fVal,
  1575  				bigIntHasSqrt, fValHasSqrt)
  1576  		}
  1577  		if !fValHasSqrt {
  1578  			continue
  1579  		}
  1580  		bigIntResultHex := fmt.Sprintf("%064x", bigIntResult)
  1581  		fieldValResultHex := fmt.Sprintf("%v", fValResult)
  1582  		if bigIntResultHex != fieldValResultHex {
  1583  			t.Fatalf("mismatched square root\nbig int in: %x\nfield in: %v\n"+
  1584  				"big int result: %x\nfield result %v", bigIntVal, fVal,
  1585  				bigIntResult, fValResult)
  1586  		}
  1587  	}
  1588  }
  1589  
  1590  // TestFieldInverse ensures that finding the multiplicative inverse via Inverse
  1591  // works as expected.
  1592  func TestFieldInverse(t *testing.T) {
  1593  	tests := []struct {
  1594  		name     string // test description
  1595  		in       string // hex encoded value
  1596  		expected string // expected hex encoded value
  1597  	}{{
  1598  		name:     "zero",
  1599  		in:       "0",
  1600  		expected: "0",
  1601  	}, {
  1602  		name:     "secp256k1 prime (direct val in with 0 out)",
  1603  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1604  		expected: "0",
  1605  	}, {
  1606  		name:     "secp256k1 prime (0 in with direct val out)",
  1607  		in:       "0",
  1608  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
  1609  	}, {
  1610  		name:     "secp256k1 prime - 1",
  1611  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1612  		expected: "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
  1613  	}, {
  1614  		name:     "secp256k1 prime - 2",
  1615  		in:       "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d",
  1616  		expected: "7fffffffffffffffffffffffffffffffffffffffffffffffffffffff7ffffe17",
  1617  	}, {
  1618  		name:     "random sampling #1",
  1619  		in:       "16fb970147a9acc73654d4be233cc48b875ce20a2122d24f073d29bd28805aca",
  1620  		expected: "987aeb257b063df0c6d1334051c47092b6d8766c4bf10c463786d93f5bc54354",
  1621  	}, {
  1622  		name:     "random sampling #2",
  1623  		in:       "69d1323ce9f1f7b3bd3c7320b0d6311408e30281e273e39a0d8c7ee1c8257919",
  1624  		expected: "49340981fa9b8d3dad72de470b34f547ed9179c3953797d0943af67806f4bb6",
  1625  	}, {
  1626  		name:     "random sampling #3",
  1627  		in:       "e0debf988ae098ecda07d0b57713e97c6d213db19753e8c95aa12a2fc1cc5272",
  1628  		expected: "64f58077b68af5b656b413ea366863f7b2819f8d27375d9c4d9804135ca220c2",
  1629  	}, {
  1630  		name:     "random sampling #4",
  1631  		in:       "dcd394f91f74c2ba16aad74a22bb0ed47fe857774b8f2d6c09e28bfb14642878",
  1632  		expected: "fb848ec64d0be572a63c38fe83df5e7f3d032f60bf8c969ef67d36bf4ada22a9",
  1633  	}}
  1634  
  1635  	for _, test := range tests {
  1636  		f := new(FieldVal).SetHex(test.in).Normalize()
  1637  		expected := new(FieldVal).SetHex(test.expected).Normalize()
  1638  		result := f.Inverse().Normalize()
  1639  		if !result.Equals(expected) {
  1640  			t.Errorf("%s: d wrong result\ngot: %v\nwant: %v", test.name, result,
  1641  				expected)
  1642  			continue
  1643  		}
  1644  	}
  1645  }
  1646  
  1647  // TestFieldIsGtOrEqPrimeMinusOrder ensures that field values report whether or
  1648  // not they are greater than or equal to the field prime minus the group order
  1649  // as expected for edge cases.
  1650  func TestFieldIsGtOrEqPrimeMinusOrder(t *testing.T) {
  1651  	tests := []struct {
  1652  		name     string // test description
  1653  		in       string // hex encoded test value
  1654  		expected bool   // expected result
  1655  	}{{
  1656  		name:     "zero",
  1657  		in:       "0",
  1658  		expected: false,
  1659  	}, {
  1660  		name:     "one",
  1661  		in:       "1",
  1662  		expected: false,
  1663  	}, {
  1664  		name:     "p - n - 1",
  1665  		in:       "14551231950b75fc4402da1722fc9baed",
  1666  		expected: false,
  1667  	}, {
  1668  		name:     "p - n",
  1669  		in:       "14551231950b75fc4402da1722fc9baee",
  1670  		expected: true,
  1671  	}, {
  1672  		name:     "p - n + 1",
  1673  		in:       "14551231950b75fc4402da1722fc9baef",
  1674  		expected: true,
  1675  	}, {
  1676  		name:     "over p - n word one",
  1677  		in:       "14551231950b75fc4402da17233c9baee",
  1678  		expected: true,
  1679  	}, {
  1680  		name:     "over p - n word two",
  1681  		in:       "14551231950b75fc4403da1722fc9baee",
  1682  		expected: true,
  1683  	}, {
  1684  		name:     "over p - n word three",
  1685  		in:       "14551231950b79fc4402da1722fc9baee",
  1686  		expected: true,
  1687  	}, {
  1688  		name:     "over p - n word four",
  1689  		in:       "14551241950b75fc4402da1722fc9baee",
  1690  		expected: true,
  1691  	}, {
  1692  		name:     "over p - n word five",
  1693  		in:       "54551231950b75fc4402da1722fc9baee",
  1694  		expected: true,
  1695  	}, {
  1696  		name:     "over p - n word six",
  1697  		in:       "100000014551231950b75fc4402da1722fc9baee",
  1698  		expected: true,
  1699  	}, {
  1700  		name:     "over p - n word seven",
  1701  		in:       "000000000000000000400000000000014551231950b75fc4402da1722fc9baee",
  1702  		expected: true,
  1703  	}, {
  1704  		name:     "over p - n word eight",
  1705  		in:       "000000000001000000000000000000014551231950b75fc4402da1722fc9baee",
  1706  		expected: true,
  1707  	}, {
  1708  		name:     "over p - n word nine",
  1709  		in:       "000004000000000000000000000000014551231950b75fc4402da1722fc9baee",
  1710  		expected: true,
  1711  	}}
  1712  
  1713  	for _, test := range tests {
  1714  		result := new(FieldVal).SetHex(test.in).IsGtOrEqPrimeMinusOrder()
  1715  		if result != test.expected {
  1716  			t.Errorf("%s: unexpected result -- got: %v, want: %v", test.name,
  1717  				result, test.expected)
  1718  			continue
  1719  		}
  1720  	}
  1721  }
  1722  
  1723  // TestFieldIsGtOrEqPrimeMinusOrderRandom ensures that field values report
  1724  // whether or not they are greater than or equal to the field prime minus the
  1725  // group order as expected by also performing the same operation with big ints
  1726  // and comparing the results.
  1727  func TestFieldIsGtOrEqPrimeMinusOrderRandom(t *testing.T) {
  1728  	// Use a unique random seed each test instance and log it if the tests fail.
  1729  	seed := time.Now().Unix()
  1730  	rng := rand.New(rand.NewSource(seed))
  1731  	defer func(t *testing.T, seed int64) {
  1732  		if t.Failed() {
  1733  			t.Logf("random seed: %d", seed)
  1734  		}
  1735  	}(t, seed)
  1736  
  1737  	bigPMinusN := new(big.Int).Sub(curveParams.P, curveParams.N)
  1738  	for i := 0; i < 100; i++ {
  1739  		// Generate big integer and field value with the same random value.
  1740  		bigIntVal, fVal := randIntAndFieldVal(t, rng)
  1741  
  1742  		// Determine the value is greater than or equal to the prime minus the
  1743  		// order using big ints.
  1744  		bigIntResult := bigIntVal.Cmp(bigPMinusN) >= 0
  1745  
  1746  		// Determine the value is greater than or equal to the prime minus the
  1747  		// order using a field value.
  1748  		fValResult := fVal.IsGtOrEqPrimeMinusOrder()
  1749  
  1750  		// Ensure they match.
  1751  		if bigIntResult != fValResult {
  1752  			t.Fatalf("mismatched is gt or eq prime minus order\nbig int in: "+
  1753  				"%x\nscalar in: %v\nbig int result: %v\nscalar result %v",
  1754  				bigIntVal, fVal, bigIntResult, fValResult)
  1755  		}
  1756  	}
  1757  }
  1758  

View as plain text