From 88a60a294df0b34a872f99f6cd7a694acab2d830 Mon Sep 17 00:00:00 2001
From: Michael Hamburg <mike@shiftleft.org>
Date: Fri, 20 Nov 2015 17:10:43 -0800
Subject: [PATCH] add Group::FIELD_MODULUS_TYPE for testing purposes

---
 src/public_include/decaf/decaf_255.hxx |  3 +++
 src/public_include/decaf/decaf_448.hxx |  3 +++
 test/test_decaf.cxx                    | 16 ++++++++--------
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/public_include/decaf/decaf_255.hxx b/src/public_include/decaf/decaf_255.hxx
index c1ca053..3f43217 100644
--- a/src/public_include/decaf/decaf_255.hxx
+++ b/src/public_include/decaf/decaf_255.hxx
@@ -56,6 +56,9 @@ static inline const char *name() { return "IsoEd25519"; }
 /** The curve's cofactor (removed, but useful for testing) */
 static const int REMOVED_COFACTOR = 8;
 
+/** Residue class of field modulus: p == this mod 2*(this-1) */
+static const int FIELD_MODULUS_TYPE = 5;
+
 /** @cond internal */
 class Point;
 class Precomputed;
diff --git a/src/public_include/decaf/decaf_448.hxx b/src/public_include/decaf/decaf_448.hxx
index 105b1d7..334bb6f 100644
--- a/src/public_include/decaf/decaf_448.hxx
+++ b/src/public_include/decaf/decaf_448.hxx
@@ -56,6 +56,9 @@ static inline const char *name() { return "Ed448-Goldilocks"; }
 /** The curve's cofactor (removed, but useful for testing) */
 static const int REMOVED_COFACTOR = 4;
 
+/** Residue class of field modulus: p == this mod 2*(this-1) */
+static const int FIELD_MODULUS_TYPE = 3;
+
 /** @cond internal */
 class Point;
 class Precomputed;
diff --git a/test/test_decaf.cxx b/test/test_decaf.cxx
index b31cbf1..7e04bc5 100644
--- a/test/test_decaf.cxx
+++ b/test/test_decaf.cxx
@@ -232,12 +232,6 @@ static void test_elligator() {
                     hexprint("x",b1);
                     hexprint("X",*alts[j]);
                 }
-                /*
-                if (i == Point::HASH_BYTES) {
-                    printf("Identity, hint = %d\n", j);
-                    hexprint("einv(0)",*alts[j]);
-                }
-                */
             }
         }
         
@@ -277,7 +271,13 @@ static void test_ec() {
 
     Point id = Point::identity(), base = Point::base();
     point_check(test,id,id,id,0,0,Point::from_hash(""),id,"fh0");
-    //point_check(test,id,id,id,0,0,Point::from_hash("\x01"),id,"fh1"); FIXME
+    
+    if (Group::FIELD_MODULUS_TYPE == 3) {
+        /* When p == 3 mod 4, the QNR is -1, so u*1^2 = -1 also produces the
+         * identity.
+         */
+        point_check(test,id,id,id,0,0,Point::from_hash("\x01"),id,"fh1");
+    }
     
     for (int i=0; i<NTESTS && test.passing_now; i++) {
         /* TODO: pathological cases */
@@ -334,7 +334,7 @@ static void test_crypto() {
 
 }; // template<GroupId GROUP>
 
-// FIXME cross-field
+// TODO cross-field
 static void test_decaf() {
     Test test("Sample crypto");
     SpongeRng rng(Block("test_decaf"));