Differential D7587 Diff 23855 src/secp256k1/src/tests.c

Changeset View

Standalone View

src/secp256k1/src/tests.c

Show First 20 Lines • Show All 134 Lines • ▼ Show 20 Lines	do {
secp256k1_scalar_set_b32(num, b32, &overflow);		secp256k1_scalar_set_b32(num, b32, &overflow);
if (overflow \|\| secp256k1_scalar_is_zero(num)) {		if (overflow \|\| secp256k1_scalar_is_zero(num)) {
continue;		continue;
}		}
break;		break;
} while(1);		} while(1);
}		}

		void random_scalar_order_b32(unsigned char *b32) {
		secp256k1_scalar num;
		random_scalar_order(&num);
		secp256k1_scalar_get_b32(b32, &num);
		}

void run_context_tests(int use_prealloc) {		void run_context_tests(int use_prealloc) {
secp256k1_pubkey pubkey;		secp256k1_pubkey pubkey;
secp256k1_pubkey zero_pubkey;		secp256k1_pubkey zero_pubkey;
secp256k1_ecdsa_signature sig;		secp256k1_ecdsa_signature sig;
unsigned char ctmp[32];		unsigned char ctmp[32];
int32_t ecount;		int32_t ecount;
int32_t ecount2;		int32_t ecount2;
secp256k1_context *none;		secp256k1_context *none;
▲ Show 20 Lines • Show All 921 Lines • ▼ Show 20 Lines	#endif
secp256k1_scalar r1, v0;		secp256k1_scalar r1, v0;
secp256k1_scalar_set_int(&v0,0);		secp256k1_scalar_set_int(&v0,0);
secp256k1_scalar_mul(&r1, &s1, &v0);		secp256k1_scalar_mul(&r1, &s1, &v0);
CHECK(secp256k1_scalar_eq(&r1, &v0));		CHECK(secp256k1_scalar_eq(&r1, &v0));
}		}

}		}

		void run_scalar_set_b32_seckey_tests(void) {
		unsigned char b32[32];
		secp256k1_scalar s1;
		secp256k1_scalar s2;

		/* Usually set_b32 and set_b32_seckey give the same result */
		random_scalar_order_b32(b32);
		secp256k1_scalar_set_b32(&s1, b32, NULL);
		CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 1);
		CHECK(secp256k1_scalar_eq(&s1, &s2) == 1);

		memset(b32, 0, sizeof(b32));
		CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0);
		memset(b32, 0xFF, sizeof(b32));
		CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0);
		}

void run_scalar_tests(void) {		void run_scalar_tests(void) {
int i;		int i;
for (i = 0; i < 128 * count; i++) {		for (i = 0; i < 128 * count; i++) {
scalar_test();		scalar_test();
}		}
		for (i = 0; i < count; i++) {
		run_scalar_set_b32_seckey_tests();
		}

{		{
/* (-1)+1 should be zero. */		/* (-1)+1 should be zero. */
secp256k1_scalar s, o;		secp256k1_scalar s, o;
secp256k1_scalar_set_int(&s, 1);		secp256k1_scalar_set_int(&s, 1);
CHECK(secp256k1_scalar_is_one(&s));		CHECK(secp256k1_scalar_is_one(&s));
secp256k1_scalar_negate(&o, &s);		secp256k1_scalar_negate(&o, &s);
secp256k1_scalar_add(&o, &o, &s);		secp256k1_scalar_add(&o, &o, &s);
CHECK(secp256k1_scalar_is_zero(&o));		CHECK(secp256k1_scalar_is_zero(&o));
secp256k1_scalar_negate(&o, &o);		secp256k1_scalar_negate(&o, &o);
CHECK(secp256k1_scalar_is_zero(&o));		CHECK(secp256k1_scalar_is_zero(&o));
}		}

#ifndef USE_NUM_NONE		#ifndef USE_NUM_NONE
{		{
/* A scalar with value of the curve order should be 0. */		/* Test secp256k1_scalar_set_b32 boundary conditions */
secp256k1_num order;		secp256k1_num order;
secp256k1_scalar zero;		secp256k1_scalar scalar;
unsigned char bin[32];		unsigned char bin[32];
		unsigned char bin_tmp[32];
int overflow = 0;		int overflow = 0;
		/* 2^256-1 - order */
		static const secp256k1_scalar all_ones_minus_order = SECP256K1_SCALAR_CONST(
		0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000001UL,
		0x45512319UL, 0x50B75FC4UL, 0x402DA173UL, 0x2FC9BEBEUL
		);

		/* A scalar set to 0s should be 0. */
		memset(bin, 0, 32);
		secp256k1_scalar_set_b32(&scalar, bin, &overflow);
		CHECK(overflow == 0);
		CHECK(secp256k1_scalar_is_zero(&scalar));

		/* A scalar with value of the curve order should be 0. */
secp256k1_scalar_order_get_num(&order);		secp256k1_scalar_order_get_num(&order);
secp256k1_num_get_bin(bin, 32, &order);		secp256k1_num_get_bin(bin, 32, &order);
secp256k1_scalar_set_b32(&zero, bin, &overflow);		secp256k1_scalar_set_b32(&scalar, bin, &overflow);
CHECK(overflow == 1);		CHECK(overflow == 1);
CHECK(secp256k1_scalar_is_zero(&zero));		CHECK(secp256k1_scalar_is_zero(&scalar));

		/* A scalar with value of the curve order minus one should not overflow. */
		bin[31] -= 1;
		secp256k1_scalar_set_b32(&scalar, bin, &overflow);
		CHECK(overflow == 0);
		secp256k1_scalar_get_b32(bin_tmp, &scalar);
		CHECK(memcmp(bin, bin_tmp, 32) == 0);

		/* A scalar set to all 1s should overflow. */
		memset(bin, 0xFF, 32);
		secp256k1_scalar_set_b32(&scalar, bin, &overflow);
		CHECK(overflow == 1);
		CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order));
}		}
#endif		#endif

{		{
/* Does check_overflow check catch all ones? */		/* Does check_overflow check catch all ones? */
static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST(		static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,		0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL		0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
▲ Show 20 Lines • Show All 2,812 Lines • ▼ Show 20 Lines	void run_eckey_edge_case_test(void) {
memset(&pubkey, 0, sizeof(pubkey));		memset(&pubkey, 0, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey));		VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1);		CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1);
VG_CHECK(&pubkey, sizeof(pubkey));		VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);		CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
pubkey_negone = pubkey;		pubkey_negone = pubkey;
/* Tweak of zero leaves the value unchanged. */		/* Tweak of zero leaves the value unchanged. */
memset(ctmp2, 0, 32);		memset(ctmp2, 0, 32);
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, ctmp2) == 1);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1);
CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40);		CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40);
memcpy(&pubkey2, &pubkey, sizeof(pubkey));		memcpy(&pubkey2, &pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);		CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Multiply tweak of zero zeroizes the output. */		/* Multiply tweak of zero zeroizes the output. */
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, ctmp2) == 0);		CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0);		CHECK(memcmp(zeros, ctmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0);		CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey));		memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* Overflowing key tweak zeroizes. */		/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing
		seckey, the seckey is zeroized. */
		memcpy(ctmp, orderc, 32);
		memset(ctmp2, 0, 32);
		ctmp2[31] = 0x01;
		CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1);
		CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0);
		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0);
		CHECK(memcmp(zeros, ctmp, 32) == 0);
		memcpy(ctmp, orderc, 32);
		CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0);
		CHECK(memcmp(zeros, ctmp, 32) == 0);
		/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing
		tweak, the seckey is zeroized. */
memcpy(ctmp, orderc, 32);		memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40;		ctmp[31] = 0x40;
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, orderc) == 0);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0);		CHECK(memcmp(zeros, ctmp, 32) == 0);
memcpy(ctmp, orderc, 32);		memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40;		ctmp[31] = 0x40;
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, orderc) == 0);		CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0);		CHECK(memcmp(zeros, ctmp, 32) == 0);
memcpy(ctmp, orderc, 32);		memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40;		ctmp[31] = 0x40;
		/* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing
		tweak, the pubkey is zeroized. */
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0);		CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey));		memcpy(&pubkey, &pubkey2, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0);		CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey));		memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* Private key tweaks results in a key of zero. */		/* If the resulting key in secp256k1_ec_seckey_tweak_add and
		* secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter
		* case the pubkey is zeroized. */
		memcpy(ctmp, orderc, 32);
		ctmp[31] = 0x40;
		memset(ctmp2, 0, 32);
ctmp2[31] = 1;		ctmp2[31] = 1;
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 0);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0);
CHECK(memcmp(zeros, ctmp2, 32) == 0);		CHECK(memcmp(zeros, ctmp2, 32) == 0);
ctmp2[31] = 1;		ctmp2[31] = 1;
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0);		CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey));		memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* Tweak computation wraps and results in a key of 1. */		/* Tweak computation wraps and results in a key of 1. */
ctmp2[31] = 2;		ctmp2[31] = 2;
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp2, ctmp) == 1);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1);
CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1);		CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1);
ctmp2[31] = 2;		ctmp2[31] = 2;
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);		CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
ctmp2[31] = 1;		ctmp2[31] = 1;
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1);		CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Tweak mul * 2 = 1+1. */		/* Tweak mul * 2 = 1+1. */
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);		CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
Show All 31 Lines	void run_eckey_edge_case_test(void) {
memset(ctmp2, 0, 32);		memset(ctmp2, 0, 32);
ctmp2[31] = 4;		ctmp2[31] = 4;
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0);		CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0);
CHECK(ecount == 1);		CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0);		CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0);
CHECK(ecount == 2);		CHECK(ecount == 2);
ecount = 0;		ecount = 0;
memset(ctmp2, 0, 32);		memset(ctmp2, 0, 32);
CHECK(secp256k1_ec_privkey_tweak_add(ctx, NULL, ctmp2) == 0);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0);
CHECK(ecount == 1);		CHECK(ecount == 1);
CHECK(secp256k1_ec_privkey_tweak_add(ctx, ctmp, NULL) == 0);		CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0);
CHECK(ecount == 2);		CHECK(ecount == 2);
ecount = 0;		ecount = 0;
memset(ctmp2, 0, 32);		memset(ctmp2, 0, 32);
ctmp2[31] = 1;		ctmp2[31] = 1;
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, NULL, ctmp2) == 0);		CHECK(secp256k1_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0);
CHECK(ecount == 1);		CHECK(ecount == 1);
CHECK(secp256k1_ec_privkey_tweak_mul(ctx, ctmp, NULL) == 0);		CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0);
CHECK(ecount == 2);		CHECK(ecount == 2);
ecount = 0;		ecount = 0;
CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0);		CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0);
CHECK(ecount == 1);		CHECK(ecount == 1);
memset(&pubkey, 1, sizeof(pubkey));		memset(&pubkey, 1, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0);		CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0);
CHECK(ecount == 2);		CHECK(ecount == 2);
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);		CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
▲ Show 20 Lines • Show All 56 Lines • ▼ Show 20 Lines	void run_eckey_edge_case_test(void) {
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));		VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1);		CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));		VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);		CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3);		CHECK(ecount == 3);
secp256k1_context_set_illegal_callback(ctx, NULL, NULL);		secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
}		}

		void run_eckey_negate_test(void) {
		unsigned char seckey[32];
		unsigned char seckey_tmp[32];

		random_scalar_order_b32(seckey);
		memcpy(seckey_tmp, seckey, 32);

		/* Verify negation changes the key and changes it back */
		CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
		CHECK(memcmp(seckey, seckey_tmp, 32) != 0);
		CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
		CHECK(memcmp(seckey, seckey_tmp, 32) == 0);

		/* Check that privkey alias gives same result */
		CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
		CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1);
		CHECK(memcmp(seckey, seckey_tmp, 32) == 0);

		/* Negating all 0s fails */
		memset(seckey, 0, 32);
		memset(seckey_tmp, 0, 32);
		CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0);
		/* Check that seckey is not modified */
		CHECK(memcmp(seckey, seckey_tmp, 32) == 0);

		/* Negating an overflowing seckey fails and the seckey is zeroed. In this
		* test, the seckey has 16 random bytes to ensure that ec_seckey_negate
		* doesn't just set seckey to a constant value in case of failure. */
		random_scalar_order_b32(seckey);
		memset(seckey, 0xFF, 16);
		memset(seckey_tmp, 0, 32);
		CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0);
		CHECK(memcmp(seckey, seckey_tmp, 32) == 0);
		}

void random_sign(secp256k1_scalar sigr, secp256k1_scalar sigs, const secp256k1_scalar key, const secp256k1_scalar msg, int *recid) {		void random_sign(secp256k1_scalar sigr, secp256k1_scalar sigs, const secp256k1_scalar key, const secp256k1_scalar msg, int *recid) {
secp256k1_scalar nonce;		secp256k1_scalar nonce;
do {		do {
random_scalar_order_test(&nonce);		random_scalar_order_test(&nonce);
} while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid));		} while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid));
}		}

void test_ecdsa_sign_verify(void) {		void test_ecdsa_sign_verify(void) {
▲ Show 20 Lines • Show All 123 Lines • ▼ Show 20 Lines	void test_ecdsa_end_to_end(void) {
CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1));		CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1));
CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1);		CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1);
CHECK(memcmp(privkey, privkey2, 32) == 0);		CHECK(memcmp(privkey, privkey2, 32) == 0);

/* Optionally tweak the keys using addition. */		/* Optionally tweak the keys using addition. */
if (secp256k1_rand_int(3) == 0) {		if (secp256k1_rand_int(3) == 0) {
int ret1;		int ret1;
int ret2;		int ret2;
		int ret3;
unsigned char rnd[32];		unsigned char rnd[32];
		unsigned char privkey_tmp[32];
secp256k1_pubkey pubkey2;		secp256k1_pubkey pubkey2;
secp256k1_rand256_test(rnd);		secp256k1_rand256_test(rnd);
ret1 = secp256k1_ec_privkey_tweak_add(ctx, privkey, rnd);		memcpy(privkey_tmp, privkey, 32);
		ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd);
ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd);		ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd);
		/* Check that privkey alias gives same result */
		ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd);
CHECK(ret1 == ret2);		CHECK(ret1 == ret2);
		CHECK(ret2 == ret3);
if (ret1 == 0) {		if (ret1 == 0) {
return;		return;
}		}
		CHECK(memcmp(privkey, privkey_tmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);		CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
}		}

/* Optionally tweak the keys using multiplication. */		/* Optionally tweak the keys using multiplication. */
if (secp256k1_rand_int(3) == 0) {		if (secp256k1_rand_int(3) == 0) {
int ret1;		int ret1;
int ret2;		int ret2;
		int ret3;
unsigned char rnd[32];		unsigned char rnd[32];
		unsigned char privkey_tmp[32];
secp256k1_pubkey pubkey2;		secp256k1_pubkey pubkey2;
secp256k1_rand256_test(rnd);		secp256k1_rand256_test(rnd);
ret1 = secp256k1_ec_privkey_tweak_mul(ctx, privkey, rnd);		memcpy(privkey_tmp, privkey, 32);
		ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd);
ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd);		ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd);
		/* Check that privkey alias gives same result */
		ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd);
CHECK(ret1 == ret2);		CHECK(ret1 == ret2);
		CHECK(ret2 == ret3);
if (ret1 == 0) {		if (ret1 == 0) {
return;		return;
}		}
		CHECK(memcmp(privkey, privkey_tmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);		CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);		CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
}		}

/* Sign. */		/* Sign. */
CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1);		CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1);
CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1);		CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1);
CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1);		CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1);
▲ Show 20 Lines • Show All 1,017 Lines • ▼ Show 20 Lines
#endif		#endif

/* EC point parser test */		/* EC point parser test */
run_ec_pubkey_parse_test();		run_ec_pubkey_parse_test();

/* EC key edge cases */		/* EC key edge cases */
run_eckey_edge_case_test();		run_eckey_edge_case_test();

		/* EC key arithmetic test */
		run_eckey_negate_test();

#ifdef ENABLE_MODULE_ECDH		#ifdef ENABLE_MODULE_ECDH
/* ecdh tests */		/* ecdh tests */
run_ecdh_tests();		run_ecdh_tests();
#endif		#endif

/* ecdsa tests */		/* ecdsa tests */
run_random_pubkeys();		run_random_pubkeys();
run_ecdsa_der_parse();		run_ecdsa_der_parse();
Show All 33 Lines