Differential D7669 Diff 24030 src/secp256k1/src/modules/schnorrsig/tests_impl.h

Changeset View

Standalone View

src/secp256k1/src/modules/schnorrsig/tests_impl.h

Show All 9 Lines
#include "secp256k1_schnorrsig.h"		#include "secp256k1_schnorrsig.h"

/* Checks that a bit flip in the n_flip-th argument (that has n_bytes many		/* Checks that a bit flip in the n_flip-th argument (that has n_bytes many
* bytes) changes the hash function		* bytes) changes the hash function
*/		*/
void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) {		void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) {
unsigned char nonces[2][32];		unsigned char nonces[2][32];
CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1);		CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1);
secp256k1_rand_flip(args[n_flip], n_bytes);		secp256k1_testrand_flip(args[n_flip], n_bytes);
CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1);		CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1);
CHECK(memcmp(nonces[0], nonces[1], 32) != 0);		CHECK(memcmp(nonces[0], nonces[1], 32) != 0);
}		}

/* Tests for the equality of two sha256 structs. This function only produces a		/* Tests for the equality of two sha256 structs. This function only produces a
* correct result if an integer multiple of 64 many bytes have been written		* correct result if an integer multiple of 64 many bytes have been written
* into the hash functions. */		* into the hash functions. */
void test_sha256_eq(const secp256k1_sha256 sha1, const secp256k1_sha256 sha2) {		void test_sha256_eq(const secp256k1_sha256 sha1, const secp256k1_sha256 sha2) {
Show All 27 Lines	void run_nonce_function_bip340_tests(void) {

/* Check that hash initialized by		/* Check that hash initialized by
* secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected		* secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected
* state. */		* state. */
secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag));		secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag));
secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);		secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);
test_sha256_eq(&sha, &sha_optimized);		test_sha256_eq(&sha, &sha_optimized);

secp256k1_rand256(msg);		secp256k1_testrand256(msg);
secp256k1_rand256(key);		secp256k1_testrand256(key);
secp256k1_rand256(pk);		secp256k1_testrand256(pk);
secp256k1_rand256(aux_rand);		secp256k1_testrand256(aux_rand);

/* Check that a bitflip in an argument results in different nonces. */		/* Check that a bitflip in an argument results in different nonces. */
args[0] = msg;		args[0] = msg;
args[1] = key;		args[1] = key;
args[2] = pk;		args[2] = pk;
args[3] = algo16;		args[3] = algo16;
args[4] = aux_rand;		args[4] = aux_rand;
for (i = 0; i < count; i++) {		for (i = 0; i < count; i++) {
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines	void test_schnorrsig_api(void) {
secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount);		secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount);

secp256k1_rand256(sk1);		secp256k1_testrand256(sk1);
secp256k1_rand256(sk2);		secp256k1_testrand256(sk2);
secp256k1_rand256(sk3);		secp256k1_testrand256(sk3);
secp256k1_rand256(msg);		secp256k1_testrand256(msg);
CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1);		CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1);
CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1);		CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1);
CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1);		CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1);
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1);		CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1);
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1);		CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1);
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1);		CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1);
memset(&zero_pk, 0, sizeof(zero_pk));		memset(&zero_pk, 0, sizeof(zero_pk));

▲ Show 20 Lines • Show All 531 Lines • ▼ Show 20 Lines

void test_schnorrsig_sign(void) {		void test_schnorrsig_sign(void) {
unsigned char sk[32];		unsigned char sk[32];
secp256k1_keypair keypair;		secp256k1_keypair keypair;
const unsigned char msg[32] = "this is a msg for a schnorrsig..";		const unsigned char msg[32] = "this is a msg for a schnorrsig..";
unsigned char sig[64];		unsigned char sig[64];
unsigned char zeros64[64] = { 0 };		unsigned char zeros64[64] = { 0 };

secp256k1_rand256(sk);		secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(ctx, &keypair, sk));		CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);		CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);

/* Test different nonce functions */		/* Test different nonce functions */
memset(sig, 1, sizeof(sig));		memset(sig, 1, sizeof(sig));
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0);		CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, nonce_function_failing, NULL) == 0);
CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0);		CHECK(memcmp(sig, zeros64, sizeof(sig)) == 0);
memset(&sig, 1, sizeof(sig));		memset(&sig, 1, sizeof(sig));
Show All 11 Lines	void test_schnorrsig_sign_verify(void) {
unsigned char sk[32];		unsigned char sk[32];
unsigned char msg[N_SIGS][32];		unsigned char msg[N_SIGS][32];
unsigned char sig[N_SIGS][64];		unsigned char sig[N_SIGS][64];
size_t i;		size_t i;
secp256k1_keypair keypair;		secp256k1_keypair keypair;
secp256k1_xonly_pubkey pk;		secp256k1_xonly_pubkey pk;
secp256k1_scalar s;		secp256k1_scalar s;

secp256k1_rand256(sk);		secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(ctx, &keypair, sk));		CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));		CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));

for (i = 0; i < N_SIGS; i++) {		for (i = 0; i < N_SIGS; i++) {
secp256k1_rand256(msg[i]);		secp256k1_testrand256(msg[i]);
CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL));		CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL));
CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], &pk));		CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], &pk));
}		}

{		{
/* Flip a few bits in the signature and in the message and check that		/* Flip a few bits in the signature and in the message and check that
* verify and verify_batch (TODO) fail */		* verify and verify_batch (TODO) fail */
size_t sig_idx = secp256k1_rand_int(N_SIGS);		size_t sig_idx = secp256k1_testrand_int(N_SIGS);
size_t byte_idx = secp256k1_rand_int(32);		size_t byte_idx = secp256k1_testrand_int(32);
unsigned char xorbyte = secp256k1_rand_int(254)+1;		unsigned char xorbyte = secp256k1_testrand_int(254)+1;
sig[sig_idx][byte_idx] ^= xorbyte;		sig[sig_idx][byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));		CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
sig[sig_idx][byte_idx] ^= xorbyte;		sig[sig_idx][byte_idx] ^= xorbyte;

byte_idx = secp256k1_rand_int(32);		byte_idx = secp256k1_testrand_int(32);
sig[sig_idx][32+byte_idx] ^= xorbyte;		sig[sig_idx][32+byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));		CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
sig[sig_idx][32+byte_idx] ^= xorbyte;		sig[sig_idx][32+byte_idx] ^= xorbyte;

byte_idx = secp256k1_rand_int(32);		byte_idx = secp256k1_testrand_int(32);
msg[sig_idx][byte_idx] ^= xorbyte;		msg[sig_idx][byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));		CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
msg[sig_idx][byte_idx] ^= xorbyte;		msg[sig_idx][byte_idx] ^= xorbyte;

/* Check that above bitflips have been reversed correctly */		/* Check that above bitflips have been reversed correctly */
CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));		CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
}		}

Show All 21 Lines	void test_schnorrsig_taproot(void) {
secp256k1_xonly_pubkey output_pk;		secp256k1_xonly_pubkey output_pk;
unsigned char output_pk_bytes[32];		unsigned char output_pk_bytes[32];
unsigned char tweak[32];		unsigned char tweak[32];
int pk_parity;		int pk_parity;
unsigned char msg[32];		unsigned char msg[32];
unsigned char sig[64];		unsigned char sig[64];

/* Create output key */		/* Create output key */
secp256k1_rand256(sk);		secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);		CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);		CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);
/* In actual taproot the tweak would be hash of internal_pk */		/* In actual taproot the tweak would be hash of internal_pk */
CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1);		CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1);
CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1);		CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1);
CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1);		CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1);
CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1);		CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1);

/* Key spend */		/* Key spend */
secp256k1_rand256(msg);		secp256k1_testrand256(msg);
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);		CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);
/* Verify key spend */		/* Verify key spend */
CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1);		CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1);
CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1);		CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, &output_pk) == 1);

/* Script spend */		/* Script spend */
CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1);		CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1);
/* Verify script spend */		/* Verify script spend */
Show All 19 Lines