Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests.c
Show First 20 Lines • Show All 134 Lines • ▼ Show 20 Lines | do { | ||||
secp256k1_scalar_set_b32(num, b32, &overflow); | secp256k1_scalar_set_b32(num, b32, &overflow); | ||||
if (overflow || secp256k1_scalar_is_zero(num)) { | if (overflow || secp256k1_scalar_is_zero(num)) { | ||||
continue; | continue; | ||||
} | } | ||||
break; | break; | ||||
} while(1); | } while(1); | ||||
} | } | ||||
void random_scalar_order_b32(unsigned char *b32) { | |||||
secp256k1_scalar num; | |||||
random_scalar_order(&num); | |||||
secp256k1_scalar_get_b32(b32, &num); | |||||
} | |||||
void run_context_tests(int use_prealloc) { | void run_context_tests(int use_prealloc) { | ||||
secp256k1_pubkey pubkey; | secp256k1_pubkey pubkey; | ||||
secp256k1_pubkey zero_pubkey; | secp256k1_pubkey zero_pubkey; | ||||
secp256k1_ecdsa_signature sig; | secp256k1_ecdsa_signature sig; | ||||
unsigned char ctmp[32]; | unsigned char ctmp[32]; | ||||
int32_t ecount; | int32_t ecount; | ||||
int32_t ecount2; | int32_t ecount2; | ||||
secp256k1_context *none; | secp256k1_context *none; | ||||
▲ Show 20 Lines • Show All 921 Lines • ▼ Show 20 Lines | #endif | ||||
secp256k1_scalar r1, v0; | secp256k1_scalar r1, v0; | ||||
secp256k1_scalar_set_int(&v0,0); | secp256k1_scalar_set_int(&v0,0); | ||||
secp256k1_scalar_mul(&r1, &s1, &v0); | secp256k1_scalar_mul(&r1, &s1, &v0); | ||||
CHECK(secp256k1_scalar_eq(&r1, &v0)); | CHECK(secp256k1_scalar_eq(&r1, &v0)); | ||||
} | } | ||||
} | } | ||||
void run_scalar_set_b32_seckey_tests(void) { | |||||
unsigned char b32[32]; | |||||
secp256k1_scalar s1; | |||||
secp256k1_scalar s2; | |||||
/* Usually set_b32 and set_b32_seckey give the same result */ | |||||
random_scalar_order_b32(b32); | |||||
secp256k1_scalar_set_b32(&s1, b32, NULL); | |||||
CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 1); | |||||
CHECK(secp256k1_scalar_eq(&s1, &s2) == 1); | |||||
memset(b32, 0, sizeof(b32)); | |||||
CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); | |||||
memset(b32, 0xFF, sizeof(b32)); | |||||
CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); | |||||
} | |||||
void run_scalar_tests(void) { | void run_scalar_tests(void) { | ||||
int i; | int i; | ||||
for (i = 0; i < 128 * count; i++) { | for (i = 0; i < 128 * count; i++) { | ||||
scalar_test(); | scalar_test(); | ||||
} | } | ||||
for (i = 0; i < count; i++) { | |||||
run_scalar_set_b32_seckey_tests(); | |||||
} | |||||
{ | { | ||||
/* (-1)+1 should be zero. */ | /* (-1)+1 should be zero. */ | ||||
secp256k1_scalar s, o; | secp256k1_scalar s, o; | ||||
secp256k1_scalar_set_int(&s, 1); | secp256k1_scalar_set_int(&s, 1); | ||||
CHECK(secp256k1_scalar_is_one(&s)); | CHECK(secp256k1_scalar_is_one(&s)); | ||||
secp256k1_scalar_negate(&o, &s); | secp256k1_scalar_negate(&o, &s); | ||||
secp256k1_scalar_add(&o, &o, &s); | secp256k1_scalar_add(&o, &o, &s); | ||||
CHECK(secp256k1_scalar_is_zero(&o)); | CHECK(secp256k1_scalar_is_zero(&o)); | ||||
secp256k1_scalar_negate(&o, &o); | secp256k1_scalar_negate(&o, &o); | ||||
CHECK(secp256k1_scalar_is_zero(&o)); | CHECK(secp256k1_scalar_is_zero(&o)); | ||||
} | } | ||||
#ifndef USE_NUM_NONE | #ifndef USE_NUM_NONE | ||||
{ | { | ||||
/* A scalar with value of the curve order should be 0. */ | /* Test secp256k1_scalar_set_b32 boundary conditions */ | ||||
secp256k1_num order; | secp256k1_num order; | ||||
secp256k1_scalar zero; | secp256k1_scalar scalar; | ||||
unsigned char bin[32]; | unsigned char bin[32]; | ||||
unsigned char bin_tmp[32]; | |||||
int overflow = 0; | int overflow = 0; | ||||
/* 2^256-1 - order */ | |||||
static const secp256k1_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST( | |||||
0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000001UL, | |||||
0x45512319UL, 0x50B75FC4UL, 0x402DA173UL, 0x2FC9BEBEUL | |||||
); | |||||
/* A scalar set to 0s should be 0. */ | |||||
memset(bin, 0, 32); | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 0); | |||||
CHECK(secp256k1_scalar_is_zero(&scalar)); | |||||
/* A scalar with value of the curve order should be 0. */ | |||||
secp256k1_scalar_order_get_num(&order); | secp256k1_scalar_order_get_num(&order); | ||||
secp256k1_num_get_bin(bin, 32, &order); | secp256k1_num_get_bin(bin, 32, &order); | ||||
secp256k1_scalar_set_b32(&zero, bin, &overflow); | secp256k1_scalar_set_b32(&scalar, bin, &overflow); | ||||
CHECK(overflow == 1); | CHECK(overflow == 1); | ||||
CHECK(secp256k1_scalar_is_zero(&zero)); | CHECK(secp256k1_scalar_is_zero(&scalar)); | ||||
/* A scalar with value of the curve order minus one should not overflow. */ | |||||
bin[31] -= 1; | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 0); | |||||
secp256k1_scalar_get_b32(bin_tmp, &scalar); | |||||
CHECK(memcmp(bin, bin_tmp, 32) == 0); | |||||
/* A scalar set to all 1s should overflow. */ | |||||
memset(bin, 0xFF, 32); | |||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | |||||
CHECK(overflow == 1); | |||||
CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); | |||||
} | } | ||||
#endif | #endif | ||||
{ | { | ||||
/* Does check_overflow check catch all ones? */ | /* Does check_overflow check catch all ones? */ | ||||
static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( | static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
▲ Show 20 Lines • Show All 2,812 Lines • ▼ Show 20 Lines | void run_eckey_edge_case_test(void) { | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
pubkey_negone = pubkey; | pubkey_negone = pubkey; | ||||
/* Tweak of zero leaves the value unchanged. */ | /* Tweak of zero leaves the value unchanged. */ | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, ctmp2) == 1); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); | ||||
CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); | CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); | ||||
memcpy(&pubkey2, &pubkey, sizeof(pubkey)); | memcpy(&pubkey2, &pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
/* Multiply tweak of zero zeroizes the output. */ | /* Multiply tweak of zero zeroizes the output. */ | ||||
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(memcmp(zeros, ctmp, 32) == 0); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* Overflowing key tweak zeroizes. */ | /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | ||||
seckey, the seckey is zeroized. */ | |||||
memcpy(ctmp, orderc, 32); | |||||
memset(ctmp2, 0, 32); | |||||
ctmp2[31] = 0x01; | |||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); | |||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | |||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); | |||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | |||||
memcpy(ctmp, orderc, 32); | |||||
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | |||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | |||||
/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | |||||
tweak, the seckey is zeroized. */ | |||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, orderc) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(memcmp(zeros, ctmp, 32) == 0); | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, orderc) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(memcmp(zeros, ctmp, 32) == 0); | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
/* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing | |||||
tweak, the pubkey is zeroized. */ | |||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* Private key tweaks results in a key of zero. */ | /* If the resulting key in secp256k1_ec_seckey_tweak_add and | ||||
* secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter | |||||
* case the pubkey is zeroized. */ | |||||
memcpy(ctmp, orderc, 32); | |||||
ctmp[31] = 0x40; | |||||
memset(ctmp2, 0, 32); | |||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); | ||||
CHECK(memcmp(zeros, ctmp2, 32) == 0); | CHECK(memcmp(zeros, ctmp2, 32) == 0); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* Tweak computation wraps and results in a key of 1. */ | /* Tweak computation wraps and results in a key of 1. */ | ||||
ctmp2[31] = 2; | ctmp2[31] = 2; | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 1); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); | ||||
CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); | CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); | ||||
ctmp2[31] = 2; | ctmp2[31] = 2; | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
/* Tweak mul * 2 = 1+1. */ | /* Tweak mul * 2 = 1+1. */ | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
Show All 31 Lines | void run_eckey_edge_case_test(void) { | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
ctmp2[31] = 4; | ctmp2[31] = 4; | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
ecount = 0; | ecount = 0; | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, NULL, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, NULL) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
ecount = 0; | ecount = 0; | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, NULL, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, NULL) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
ecount = 0; | ecount = 0; | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
memset(&pubkey, 1, sizeof(pubkey)); | memset(&pubkey, 1, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
▲ Show 20 Lines • Show All 56 Lines • ▼ Show 20 Lines | void run_eckey_edge_case_test(void) { | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
secp256k1_context_set_illegal_callback(ctx, NULL, NULL); | secp256k1_context_set_illegal_callback(ctx, NULL, NULL); | ||||
} | } | ||||
void run_eckey_negate_test(void) { | |||||
unsigned char seckey[32]; | |||||
unsigned char seckey_tmp[32]; | |||||
random_scalar_order_b32(seckey); | |||||
memcpy(seckey_tmp, seckey, 32); | |||||
/* Verify negation changes the key and changes it back */ | |||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | |||||
CHECK(memcmp(seckey, seckey_tmp, 32) != 0); | |||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | |||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | |||||
/* Check that privkey alias gives same result */ | |||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | |||||
CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); | |||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | |||||
/* Negating all 0s fails */ | |||||
memset(seckey, 0, 32); | |||||
memset(seckey_tmp, 0, 32); | |||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | |||||
/* Check that seckey is not modified */ | |||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | |||||
/* Negating an overflowing seckey fails and the seckey is zeroed. In this | |||||
* test, the seckey has 16 random bytes to ensure that ec_seckey_negate | |||||
* doesn't just set seckey to a constant value in case of failure. */ | |||||
random_scalar_order_b32(seckey); | |||||
memset(seckey, 0xFF, 16); | |||||
memset(seckey_tmp, 0, 32); | |||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | |||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | |||||
} | |||||
void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { | void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { | ||||
secp256k1_scalar nonce; | secp256k1_scalar nonce; | ||||
do { | do { | ||||
random_scalar_order_test(&nonce); | random_scalar_order_test(&nonce); | ||||
} while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); | } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); | ||||
} | } | ||||
void test_ecdsa_sign_verify(void) { | void test_ecdsa_sign_verify(void) { | ||||
▲ Show 20 Lines • Show All 123 Lines • ▼ Show 20 Lines | void test_ecdsa_end_to_end(void) { | ||||
CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); | CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); | ||||
CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | ||||
CHECK(memcmp(privkey, privkey2, 32) == 0); | CHECK(memcmp(privkey, privkey2, 32) == 0); | ||||
/* Optionally tweak the keys using addition. */ | /* Optionally tweak the keys using addition. */ | ||||
if (secp256k1_rand_int(3) == 0) { | if (secp256k1_rand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | |||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | |||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_rand256_test(rnd); | secp256k1_rand256_test(rnd); | ||||
ret1 = secp256k1_ec_privkey_tweak_add(ctx, privkey, rnd); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); | |||||
ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | |||||
ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); | |||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | |||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
return; | return; | ||||
} | } | ||||
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | |||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
} | } | ||||
/* Optionally tweak the keys using multiplication. */ | /* Optionally tweak the keys using multiplication. */ | ||||
if (secp256k1_rand_int(3) == 0) { | if (secp256k1_rand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | |||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | |||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_rand256_test(rnd); | secp256k1_rand256_test(rnd); | ||||
ret1 = secp256k1_ec_privkey_tweak_mul(ctx, privkey, rnd); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); | |||||
ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | |||||
ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); | |||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | |||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
return; | return; | ||||
} | } | ||||
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | |||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
} | } | ||||
/* Sign. */ | /* Sign. */ | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); | ||||
▲ Show 20 Lines • Show All 1,017 Lines • ▼ Show 20 Lines | |||||
#endif | #endif | ||||
/* EC point parser test */ | /* EC point parser test */ | ||||
run_ec_pubkey_parse_test(); | run_ec_pubkey_parse_test(); | ||||
/* EC key edge cases */ | /* EC key edge cases */ | ||||
run_eckey_edge_case_test(); | run_eckey_edge_case_test(); | ||||
/* EC key arithmetic test */ | |||||
run_eckey_negate_test(); | |||||
#ifdef ENABLE_MODULE_ECDH | #ifdef ENABLE_MODULE_ECDH | ||||
/* ecdh tests */ | /* ecdh tests */ | ||||
run_ecdh_tests(); | run_ecdh_tests(); | ||||
#endif | #endif | ||||
/* ecdsa tests */ | /* ecdsa tests */ | ||||
run_random_pubkeys(); | run_random_pubkeys(); | ||||
run_ecdsa_der_parse(); | run_ecdsa_der_parse(); | ||||
Show All 33 Lines |