Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h
Show First 20 Lines • Show All 94 Lines • ▼ Show 20 Lines | for (d = 1; d <= EXHAUSTIVE_TEST_ORDER / 2; ++d) { | ||||
actual_k = parities[k - 1] ? EXHAUSTIVE_TEST_ORDER - k : k; | actual_k = parities[k - 1] ? EXHAUSTIVE_TEST_ORDER - k : k; | ||||
} else { | } else { | ||||
memcpy(sig64, invalid_pubkey_bytes[k - 1 - EXHAUSTIVE_TEST_ORDER / 2], 32); | memcpy(sig64, invalid_pubkey_bytes[k - 1 - EXHAUSTIVE_TEST_ORDER / 2], 32); | ||||
} | } | ||||
/* Randomly generate messages until all challenges have been hit. */ | /* Randomly generate messages until all challenges have been hit. */ | ||||
while (e_count_done < EXHAUSTIVE_TEST_ORDER) { | while (e_count_done < EXHAUSTIVE_TEST_ORDER) { | ||||
secp256k1_scalar e; | secp256k1_scalar e; | ||||
unsigned char msg32[32]; | unsigned char msg32[32]; | ||||
secp256k1_rand256(msg32); | secp256k1_testrand256(msg32); | ||||
secp256k1_schnorrsig_challenge(&e, sig64, msg32, pk32); | secp256k1_schnorrsig_challenge(&e, sig64, msg32, pk32); | ||||
/* Only do work if we hit a challenge we haven't tried before. */ | /* Only do work if we hit a challenge we haven't tried before. */ | ||||
if (!e_done[e]) { | if (!e_done[e]) { | ||||
/* Iterate over the possible valid last 32 bytes in the signature. | /* Iterate over the possible valid last 32 bytes in the signature. | ||||
0..order=that s value; order+1=random bytes */ | 0..order=that s value; order+1=random bytes */ | ||||
int count_valid = 0, s; | int count_valid = 0, s; | ||||
for (s = 0; s <= EXHAUSTIVE_TEST_ORDER + 1; ++s) { | for (s = 0; s <= EXHAUSTIVE_TEST_ORDER + 1; ++s) { | ||||
int expect_valid, valid; | int expect_valid, valid; | ||||
if (s <= EXHAUSTIVE_TEST_ORDER) { | if (s <= EXHAUSTIVE_TEST_ORDER) { | ||||
secp256k1_scalar s_s; | secp256k1_scalar s_s; | ||||
secp256k1_scalar_set_int(&s_s, s); | secp256k1_scalar_set_int(&s_s, s); | ||||
secp256k1_scalar_get_b32(sig64 + 32, &s_s); | secp256k1_scalar_get_b32(sig64 + 32, &s_s); | ||||
expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER && | expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER && | ||||
(s_s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER); | (s_s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER); | ||||
} else { | } else { | ||||
secp256k1_rand256(sig64 + 32); | secp256k1_testrand256(sig64 + 32); | ||||
expect_valid = 0; | expect_valid = 0; | ||||
} | } | ||||
valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, &pubkeys[d - 1]); | valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, &pubkeys[d - 1]); | ||||
CHECK(valid == expect_valid); | CHECK(valid == expect_valid); | ||||
count_valid += valid; | count_valid += valid; | ||||
} | } | ||||
/* Exactly one s value must verify, unless R is illegal. */ | /* Exactly one s value must verify, unless R is illegal. */ | ||||
CHECK(count_valid == (actual_k != -1)); | CHECK(count_valid == (actual_k != -1)); | ||||
Show All 20 Lines | for (d = 1; d < EXHAUSTIVE_TEST_ORDER; ++d) { | ||||
unsigned char msg32[32]; | unsigned char msg32[32]; | ||||
unsigned char sig64[64]; | unsigned char sig64[64]; | ||||
int actual_k = k; | int actual_k = k; | ||||
if (skip_section(&iter)) continue; | if (skip_section(&iter)) continue; | ||||
if (parities[k - 1]) actual_k = EXHAUSTIVE_TEST_ORDER - k; | if (parities[k - 1]) actual_k = EXHAUSTIVE_TEST_ORDER - k; | ||||
/* Generate random messages until all challenges have been tried. */ | /* Generate random messages until all challenges have been tried. */ | ||||
while (e_count_done < EXHAUSTIVE_TEST_ORDER) { | while (e_count_done < EXHAUSTIVE_TEST_ORDER) { | ||||
secp256k1_scalar e; | secp256k1_scalar e; | ||||
secp256k1_rand256(msg32); | secp256k1_testrand256(msg32); | ||||
secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, xonly_pubkey_bytes[d - 1]); | secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, xonly_pubkey_bytes[d - 1]); | ||||
/* Only do work if we hit a challenge we haven't tried before. */ | /* Only do work if we hit a challenge we haven't tried before. */ | ||||
if (!e_done[e]) { | if (!e_done[e]) { | ||||
secp256k1_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; | secp256k1_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; | ||||
unsigned char expected_s_bytes[32]; | unsigned char expected_s_bytes[32]; | ||||
secp256k1_scalar_get_b32(expected_s_bytes, &expected_s); | secp256k1_scalar_get_b32(expected_s_bytes, &expected_s); | ||||
/* Invoke the real function to construct a signature. */ | /* Invoke the real function to construct a signature. */ | ||||
CHECK(secp256k1_schnorrsig_sign(ctx, sig64, msg32, &keypairs[d - 1], secp256k1_hardened_nonce_function_smallint, &k)); | CHECK(secp256k1_schnorrsig_sign(ctx, sig64, msg32, &keypairs[d - 1], secp256k1_hardened_nonce_function_smallint, &k)); | ||||
▲ Show 20 Lines • Show All 42 Lines • Show Last 20 Lines |