Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/schnorrsig/tests_impl.h
/********************************************************************** | /********************************************************************** | ||||
* Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * | * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick * | ||||
* Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.* | * file COPYING or http://www.opensource.org/licenses/mit-license.php.* | ||||
**********************************************************************/ | **********************************************************************/ | ||||
#ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_ | #ifndef _SECP256K1_MODULE_SCHNORRSIG_TESTS_ | ||||
#define _SECP256K1_MODULE_SCHNORRSIG_TESTS_ | #define _SECP256K1_MODULE_SCHNORRSIG_TESTS_ | ||||
#include "secp256k1_schnorrsig.h" | #include "secp256k1_schnorrsig.h" | ||||
/* Checks that a bit flip in the n_flip-th argument (that has n_bytes many | |||||
* bytes) changes the hash function | |||||
*/ | |||||
void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { | |||||
unsigned char nonces[2][32]; | |||||
CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1); | |||||
secp256k1_rand_flip(args[n_flip], n_bytes); | |||||
CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1); | |||||
CHECK(memcmp(nonces[0], nonces[1], 32) != 0); | |||||
} | |||||
/* Tests for the equality of two sha256 structs. This function only produces a | |||||
* correct result if an integer multiple of 64 many bytes have been written | |||||
* into the hash functions. */ | |||||
void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2) { | |||||
/* Is buffer fully consumed? */ | |||||
CHECK((sha1->bytes & 0x3F) == 0); | |||||
CHECK(sha1->bytes == sha2->bytes); | |||||
CHECK(memcmp(sha1->s, sha2->s, sizeof(sha1->s)) == 0); | |||||
} | |||||
void run_nonce_function_bip340_tests(void) { | |||||
unsigned char tag[13] = "BIP0340/nonce"; | |||||
unsigned char aux_tag[11] = "BIP0340/aux"; | |||||
unsigned char algo16[16] = "BIP0340/nonce\0\0\0"; | |||||
secp256k1_sha256 sha; | |||||
secp256k1_sha256 sha_optimized; | |||||
unsigned char nonce[32]; | |||||
unsigned char msg[32]; | |||||
unsigned char key[32]; | |||||
unsigned char pk[32]; | |||||
unsigned char aux_rand[32]; | |||||
unsigned char *args[5]; | |||||
int i; | |||||
/* Check that hash initialized by | |||||
* secp256k1_nonce_function_bip340_sha256_tagged has the expected | |||||
* state. */ | |||||
secp256k1_sha256_initialize_tagged(&sha, tag, sizeof(tag)); | |||||
secp256k1_nonce_function_bip340_sha256_tagged(&sha_optimized); | |||||
test_sha256_eq(&sha, &sha_optimized); | |||||
/* Check that hash initialized by | |||||
* secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected | |||||
* state. */ | |||||
secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); | |||||
secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); | |||||
test_sha256_eq(&sha, &sha_optimized); | |||||
secp256k1_rand256(msg); | |||||
secp256k1_rand256(key); | |||||
secp256k1_rand256(pk); | |||||
secp256k1_rand256(aux_rand); | |||||
/* Check that a bitflip in an argument results in different nonces. */ | |||||
args[0] = msg; | |||||
args[1] = key; | |||||
args[2] = pk; | |||||
args[3] = algo16; | |||||
args[4] = aux_rand; | |||||
for (i = 0; i < count; i++) { | |||||
nonce_function_bip340_bitflip(args, 0, 32); | |||||
nonce_function_bip340_bitflip(args, 1, 32); | |||||
nonce_function_bip340_bitflip(args, 2, 32); | |||||
/* Flip algo16 special case "BIP0340/nonce" */ | |||||
nonce_function_bip340_bitflip(args, 3, 16); | |||||
/* Flip algo16 again */ | |||||
nonce_function_bip340_bitflip(args, 3, 16); | |||||
nonce_function_bip340_bitflip(args, 4, 32); | |||||
} | |||||
/* NULL algo16 is disallowed */ | |||||
CHECK(nonce_function_bip340(nonce, msg, key, pk, NULL, NULL) == 0); | |||||
/* Empty algo16 is fine */ | |||||
memset(algo16, 0x00, 16); | |||||
CHECK(nonce_function_bip340(nonce, msg, key, pk, algo16, NULL) == 1); | |||||
/* algo16 with terminating null bytes is fine */ | |||||
algo16[1] = 65; | |||||
CHECK(nonce_function_bip340(nonce, msg, key, pk, algo16, NULL) == 1); | |||||
/* Other algo16 is fine */ | |||||
memset(algo16, 0xFF, 16); | |||||
CHECK(nonce_function_bip340(nonce, msg, key, pk, algo16, NULL) == 1); | |||||
/* NULL aux_rand argument is allowed. */ | |||||
CHECK(nonce_function_bip340(nonce, msg, key, pk, algo16, NULL) == 1); | |||||
} | |||||
void run_schnorrsig_tests(void) { | void run_schnorrsig_tests(void) { | ||||
/* TODO */ | run_nonce_function_bip340_tests(); | ||||
} | } | ||||
#endif | #endif |