Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/modules/schnorrsig/tests_impl.h
Show All 9 Lines | |||||
#include "secp256k1_schnorrsig.h" | #include "secp256k1_schnorrsig.h" | ||||
/* Checks that a bit flip in the n_flip-th argument (that has n_bytes many | /* Checks that a bit flip in the n_flip-th argument (that has n_bytes many | ||||
* bytes) changes the hash function | * bytes) changes the hash function | ||||
*/ | */ | ||||
void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { | void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { | ||||
unsigned char nonces[2][32]; | unsigned char nonces[2][32]; | ||||
CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1); | CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1); | ||||
secp256k1_rand_flip(args[n_flip], n_bytes); | secp256k1_testrand_flip(args[n_flip], n_bytes); | ||||
CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1); | CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1); | ||||
CHECK(memcmp(nonces[0], nonces[1], 32) != 0); | CHECK(memcmp(nonces[0], nonces[1], 32) != 0); | ||||
} | } | ||||
/* Tests for the equality of two sha256 structs. This function only produces a | /* Tests for the equality of two sha256 structs. This function only produces a | ||||
* correct result if an integer multiple of 64 many bytes have been written | * correct result if an integer multiple of 64 many bytes have been written | ||||
* into the hash functions. */ | * into the hash functions. */ | ||||
void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2) { | void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2) { | ||||
Show All 27 Lines | void run_nonce_function_bip340_tests(void) { | ||||
/* Check that hash initialized by | /* Check that hash initialized by | ||||
* secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected | * secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected | ||||
* state. */ | * state. */ | ||||
secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); | secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); | ||||
secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); | secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); | ||||
test_sha256_eq(&sha, &sha_optimized); | test_sha256_eq(&sha, &sha_optimized); | ||||
secp256k1_rand256(msg); | secp256k1_testrand256(msg); | ||||
secp256k1_rand256(key); | secp256k1_testrand256(key); | ||||
secp256k1_rand256(pk); | secp256k1_testrand256(pk); | ||||
secp256k1_rand256(aux_rand); | secp256k1_testrand256(aux_rand); | ||||
/* Check that a bitflip in an argument results in different nonces. */ | /* Check that a bitflip in an argument results in different nonces. */ | ||||
args[0] = msg; | args[0] = msg; | ||||
args[1] = key; | args[1] = key; | ||||
args[2] = pk; | args[2] = pk; | ||||
args[3] = algo16; | args[3] = algo16; | ||||
args[4] = aux_rand; | args[4] = aux_rand; | ||||
for (i = 0; i < count; i++) { | for (i = 0; i < count; i++) { | ||||
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | void test_schnorrsig_api(void) { | ||||
secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); | ||||
secp256k1_rand256(sk1); | secp256k1_testrand256(sk1); | ||||
secp256k1_rand256(sk2); | secp256k1_testrand256(sk2); | ||||
secp256k1_rand256(sk3); | secp256k1_testrand256(sk3); | ||||
secp256k1_rand256(msg); | secp256k1_testrand256(msg); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1); | CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1); | CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1); | CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); | CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); | CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); | CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); | ||||
memset(&zero_pk, 0, sizeof(zero_pk)); | memset(&zero_pk, 0, sizeof(zero_pk)); | ||||
▲ Show 20 Lines • Show All 531 Lines • ▼ Show 20 Lines | |||||
void test_schnorrsig_sign(void) { | void test_schnorrsig_sign(void) { | ||||
unsigned char sk[32]; | unsigned char sk[32]; | ||||
secp256k1_keypair keypair; | secp256k1_keypair keypair; | ||||
const unsigned char msg[32] = "this is a msg for a schnorrsig.."; | const unsigned char msg[32] = "this is a msg for a schnorrsig.."; | ||||
unsigned char sig[64]; | unsigned char sig[64]; | ||||
unsigned char zeros64[64] = { 0 }; | unsigned char zeros64[64] = { 0 }; | ||||
secp256k1_rand256(sk); | secp256k1_testrand256(sk); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); | CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); | ||||
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); | CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); | ||||
/* Test different nonce functions */ | /* Test different nonce functions */ | ||||
memset(sig, 1, sizeof(sig)); | memset(sig, 1, sizeof(sig)); | ||||
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0); | CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0); | ||||
CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0); | CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0); | ||||
memset(&sig, 1, sizeof(sig)); | memset(&sig, 1, sizeof(sig)); | ||||
Show All 11 Lines | void test_schnorrsig_sign_verify(void) { | ||||
unsigned char sk[32]; | unsigned char sk[32]; | ||||
unsigned char msg[N_SIGS][32]; | unsigned char msg[N_SIGS][32]; | ||||
unsigned char sig[N_SIGS][64]; | unsigned char sig[N_SIGS][64]; | ||||
size_t i; | size_t i; | ||||
secp256k1_keypair keypair; | secp256k1_keypair keypair; | ||||
secp256k1_xonly_pubkey pk; | secp256k1_xonly_pubkey pk; | ||||
secp256k1_scalar s; | secp256k1_scalar s; | ||||
secp256k1_rand256(sk); | secp256k1_testrand256(sk); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); | CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); | CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); | ||||
for (i = 0; i < N_SIGS; i++) { | for (i = 0; i < N_SIGS; i++) { | ||||
secp256k1_rand256(msg[i]); | secp256k1_testrand256(msg[i]); | ||||
CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL)); | CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL)); | ||||
CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], &pk)); | CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], &pk)); | ||||
} | } | ||||
{ | { | ||||
/* Flip a few bits in the signature and in the message and check that | /* Flip a few bits in the signature and in the message and check that | ||||
* verify and verify_batch (TODO) fail */ | * verify and verify_batch (TODO) fail */ | ||||
size_t sig_idx = secp256k1_rand_int(N_SIGS); | size_t sig_idx = secp256k1_testrand_int(N_SIGS); | ||||
size_t byte_idx = secp256k1_rand_int(32); | size_t byte_idx = secp256k1_testrand_int(32); | ||||
unsigned char xorbyte = secp256k1_rand_int(254)+1; | unsigned char xorbyte = secp256k1_testrand_int(254)+1; | ||||
sig[sig_idx][byte_idx] ^= xorbyte; | sig[sig_idx][byte_idx] ^= xorbyte; | ||||
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | ||||
sig[sig_idx][byte_idx] ^= xorbyte; | sig[sig_idx][byte_idx] ^= xorbyte; | ||||
byte_idx = secp256k1_rand_int(32); | byte_idx = secp256k1_testrand_int(32); | ||||
sig[sig_idx][32+byte_idx] ^= xorbyte; | sig[sig_idx][32+byte_idx] ^= xorbyte; | ||||
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | ||||
sig[sig_idx][32+byte_idx] ^= xorbyte; | sig[sig_idx][32+byte_idx] ^= xorbyte; | ||||
byte_idx = secp256k1_rand_int(32); | byte_idx = secp256k1_testrand_int(32); | ||||
msg[sig_idx][byte_idx] ^= xorbyte; | msg[sig_idx][byte_idx] ^= xorbyte; | ||||
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | ||||
msg[sig_idx][byte_idx] ^= xorbyte; | msg[sig_idx][byte_idx] ^= xorbyte; | ||||
/* Check that above bitflips have been reversed correctly */ | /* Check that above bitflips have been reversed correctly */ | ||||
CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk)); | ||||
} | } | ||||
Show All 21 Lines | void test_schnorrsig_taproot(void) { | ||||
secp256k1_xonly_pubkey output_pk; | secp256k1_xonly_pubkey output_pk; | ||||
unsigned char output_pk_bytes[32]; | unsigned char output_pk_bytes[32]; | ||||
unsigned char tweak[32]; | unsigned char tweak[32]; | ||||
int pk_parity; | int pk_parity; | ||||
unsigned char msg[32]; | unsigned char msg[32]; | ||||
unsigned char sig[64]; | unsigned char sig[64]; | ||||
/* Create output key */ | /* Create output key */ | ||||
secp256k1_rand256(sk); | secp256k1_testrand256(sk); | ||||
CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); | CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); | CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); | ||||
/* In actual taproot the tweak would be hash of internal_pk */ | /* In actual taproot the tweak would be hash of internal_pk */ | ||||
CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); | CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); | ||||
CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); | CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); | ||||
CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); | CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); | ||||
CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); | CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); | ||||
/* Key spend */ | /* Key spend */ | ||||
secp256k1_rand256(msg); | secp256k1_testrand256(msg); | ||||
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); | CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1); | ||||
/* Verify key spend */ | /* Verify key spend */ | ||||
CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); | CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); | ||||
CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1); | CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1); | ||||
/* Script spend */ | /* Script spend */ | ||||
CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); | CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); | ||||
/* Verify script spend */ | /* Verify script spend */ | ||||
Show All 19 Lines |