Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests.c
Show First 20 Lines • Show All 48 Lines • ▼ Show 20 Lines | static void uncounting_illegal_callback_fn(const char* str, void* data) { | ||||
(void)str; | (void)str; | ||||
p = data; | p = data; | ||||
(*p)--; | (*p)--; | ||||
} | } | ||||
void random_field_element_test(secp256k1_fe *fe) { | void random_field_element_test(secp256k1_fe *fe) { | ||||
do { | do { | ||||
unsigned char b32[32]; | unsigned char b32[32]; | ||||
secp256k1_rand256_test(b32); | secp256k1_testrand256_test(b32); | ||||
if (secp256k1_fe_set_b32(fe, b32)) { | if (secp256k1_fe_set_b32(fe, b32)) { | ||||
break; | break; | ||||
} | } | ||||
} while(1); | } while(1); | ||||
} | } | ||||
void random_field_element_magnitude(secp256k1_fe *fe) { | void random_field_element_magnitude(secp256k1_fe *fe) { | ||||
secp256k1_fe zero; | secp256k1_fe zero; | ||||
int n = secp256k1_rand_int(9); | int n = secp256k1_testrand_int(9); | ||||
secp256k1_fe_normalize(fe); | secp256k1_fe_normalize(fe); | ||||
if (n == 0) { | if (n == 0) { | ||||
return; | return; | ||||
} | } | ||||
secp256k1_fe_clear(&zero); | secp256k1_fe_clear(&zero); | ||||
secp256k1_fe_negate(&zero, &zero, 0); | secp256k1_fe_negate(&zero, &zero, 0); | ||||
secp256k1_fe_mul_int(&zero, n - 1); | secp256k1_fe_mul_int(&zero, n - 1); | ||||
secp256k1_fe_add(fe, &zero); | secp256k1_fe_add(fe, &zero); | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
CHECK(fe->magnitude == n); | CHECK(fe->magnitude == n); | ||||
#endif | #endif | ||||
} | } | ||||
void random_group_element_test(secp256k1_ge *ge) { | void random_group_element_test(secp256k1_ge *ge) { | ||||
secp256k1_fe fe; | secp256k1_fe fe; | ||||
do { | do { | ||||
random_field_element_test(&fe); | random_field_element_test(&fe); | ||||
if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand_bits(1))) { | if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_testrand_bits(1))) { | ||||
secp256k1_fe_normalize(&ge->y); | secp256k1_fe_normalize(&ge->y); | ||||
break; | break; | ||||
} | } | ||||
} while(1); | } while(1); | ||||
ge->infinity = 0; | ge->infinity = 0; | ||||
} | } | ||||
void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { | void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { | ||||
Show All 10 Lines | void random_group_element_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { | ||||
secp256k1_fe_mul(&gej->y, &ge->y, &z3); | secp256k1_fe_mul(&gej->y, &ge->y, &z3); | ||||
gej->infinity = ge->infinity; | gej->infinity = ge->infinity; | ||||
} | } | ||||
void random_scalar_order_test(secp256k1_scalar *num) { | void random_scalar_order_test(secp256k1_scalar *num) { | ||||
do { | do { | ||||
unsigned char b32[32]; | unsigned char b32[32]; | ||||
int overflow = 0; | int overflow = 0; | ||||
secp256k1_rand256_test(b32); | secp256k1_testrand256_test(b32); | ||||
secp256k1_scalar_set_b32(num, b32, &overflow); | secp256k1_scalar_set_b32(num, b32, &overflow); | ||||
if (overflow || secp256k1_scalar_is_zero(num)) { | if (overflow || secp256k1_scalar_is_zero(num)) { | ||||
continue; | continue; | ||||
} | } | ||||
break; | break; | ||||
} while(1); | } while(1); | ||||
} | } | ||||
void random_scalar_order(secp256k1_scalar *num) { | void random_scalar_order(secp256k1_scalar *num) { | ||||
do { | do { | ||||
unsigned char b32[32]; | unsigned char b32[32]; | ||||
int overflow = 0; | int overflow = 0; | ||||
secp256k1_rand256(b32); | secp256k1_testrand256(b32); | ||||
secp256k1_scalar_set_b32(num, b32, &overflow); | secp256k1_scalar_set_b32(num, b32, &overflow); | ||||
if (overflow || secp256k1_scalar_is_zero(num)) { | if (overflow || secp256k1_scalar_is_zero(num)) { | ||||
continue; | continue; | ||||
} | } | ||||
break; | break; | ||||
} while(1); | } while(1); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 306 Lines • ▼ Show 20 Lines | void run_sha256_tests(void) { | ||||
for (i = 0; i < 8; i++) { | for (i = 0; i < 8; i++) { | ||||
unsigned char out[32]; | unsigned char out[32]; | ||||
secp256k1_sha256 hasher; | secp256k1_sha256 hasher; | ||||
secp256k1_sha256_initialize(&hasher); | secp256k1_sha256_initialize(&hasher); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | ||||
secp256k1_sha256_finalize(&hasher, out); | secp256k1_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(memcmp(out, outputs[i], 32) == 0); | ||||
if (strlen(inputs[i]) > 0) { | if (strlen(inputs[i]) > 0) { | ||||
int split = secp256k1_rand_int(strlen(inputs[i])); | int split = secp256k1_testrand_int(strlen(inputs[i])); | ||||
secp256k1_sha256_initialize(&hasher); | secp256k1_sha256_initialize(&hasher); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | ||||
secp256k1_sha256_finalize(&hasher, out); | secp256k1_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(memcmp(out, outputs[i], 32) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
Show All 27 Lines | void run_hmac_sha256_tests(void) { | ||||
for (i = 0; i < 6; i++) { | for (i = 0; i < 6; i++) { | ||||
secp256k1_hmac_sha256 hasher; | secp256k1_hmac_sha256 hasher; | ||||
unsigned char out[32]; | unsigned char out[32]; | ||||
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | ||||
secp256k1_hmac_sha256_finalize(&hasher, out); | secp256k1_hmac_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(memcmp(out, outputs[i], 32) == 0); | ||||
if (strlen(inputs[i]) > 0) { | if (strlen(inputs[i]) > 0) { | ||||
int split = secp256k1_rand_int(strlen(inputs[i])); | int split = secp256k1_testrand_int(strlen(inputs[i])); | ||||
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | ||||
secp256k1_hmac_sha256_finalize(&hasher, out); | secp256k1_hmac_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(memcmp(out, outputs[i], 32) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | void test_rand_bits(int rand32, int bits) { | ||||
unsigned int maxshift = bits - usebits; | unsigned int maxshift = bits - usebits; | ||||
/* For each of the maxshift+1 usebits-bit sequences inside a bits-bit | /* For each of the maxshift+1 usebits-bit sequences inside a bits-bit | ||||
number, track all observed outcomes, one per bit in a uint64_t. */ | number, track all observed outcomes, one per bit in a uint64_t. */ | ||||
uint64_t x[6][27] = {{0}}; | uint64_t x[6][27] = {{0}}; | ||||
unsigned int i, shift, m; | unsigned int i, shift, m; | ||||
/* Multiply the output of all rand calls with the odd number m, which | /* Multiply the output of all rand calls with the odd number m, which | ||||
should not change the uniformity of its distribution. */ | should not change the uniformity of its distribution. */ | ||||
for (i = 0; i < rounds[usebits]; i++) { | for (i = 0; i < rounds[usebits]; i++) { | ||||
uint32_t r = (rand32 ? secp256k1_rand32() : secp256k1_rand_bits(bits)); | uint32_t r = (rand32 ? secp256k1_testrand32() : secp256k1_testrand_bits(bits)); | ||||
CHECK((((uint64_t)r) >> bits) == 0); | CHECK((((uint64_t)r) >> bits) == 0); | ||||
for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { | for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { | ||||
uint32_t rm = r * mults[m]; | uint32_t rm = r * mults[m]; | ||||
for (shift = 0; shift <= maxshift; shift++) { | for (shift = 0; shift <= maxshift; shift++) { | ||||
x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1))); | x[m][shift] |= (((uint64_t)1) << ((rm >> shift) & ((1 << usebits) - 1))); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { | for (m = 0; m < sizeof(mults) / sizeof(mults[0]); m++) { | ||||
for (shift = 0; shift <= maxshift; shift++) { | for (shift = 0; shift <= maxshift; shift++) { | ||||
/* Test that the lower usebits bits of x[shift] are 1 */ | /* Test that the lower usebits bits of x[shift] are 1 */ | ||||
CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0); | CHECK(((~x[m][shift]) << (64 - (1 << usebits))) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
/* Subrange must be a whole divisor of range, and at most 64 */ | /* Subrange must be a whole divisor of range, and at most 64 */ | ||||
void test_rand_int(uint32_t range, uint32_t subrange) { | void test_rand_int(uint32_t range, uint32_t subrange) { | ||||
/* (1-1/subrange)^rounds < 1/10^9 */ | /* (1-1/subrange)^rounds < 1/10^9 */ | ||||
int rounds = (subrange * 2073) / 100; | int rounds = (subrange * 2073) / 100; | ||||
int i; | int i; | ||||
uint64_t x = 0; | uint64_t x = 0; | ||||
CHECK((range % subrange) == 0); | CHECK((range % subrange) == 0); | ||||
for (i = 0; i < rounds; i++) { | for (i = 0; i < rounds; i++) { | ||||
uint32_t r = secp256k1_rand_int(range); | uint32_t r = secp256k1_testrand_int(range); | ||||
CHECK(r < range); | CHECK(r < range); | ||||
r = r % subrange; | r = r % subrange; | ||||
x |= (((uint64_t)1) << r); | x |= (((uint64_t)1) << r); | ||||
} | } | ||||
/* Test that the lower subrange bits of x are 1. */ | /* Test that the lower subrange bits of x are 1. */ | ||||
CHECK(((~x) << (64 - subrange)) == 0); | CHECK(((~x) << (64 - subrange)) == 0); | ||||
} | } | ||||
Show All 15 Lines | for (m = 0; m < sizeof(ms) / sizeof(ms[0]); m++) { | ||||
} | } | ||||
} | } | ||||
} | } | ||||
/***** NUM TESTS *****/ | /***** NUM TESTS *****/ | ||||
#ifndef USE_NUM_NONE | #ifndef USE_NUM_NONE | ||||
void random_num_negate(secp256k1_num *num) { | void random_num_negate(secp256k1_num *num) { | ||||
if (secp256k1_rand_bits(1)) { | if (secp256k1_testrand_bits(1)) { | ||||
secp256k1_num_negate(num); | secp256k1_num_negate(num); | ||||
} | } | ||||
} | } | ||||
void random_num_order_test(secp256k1_num *num) { | void random_num_order_test(secp256k1_num *num) { | ||||
secp256k1_scalar sc; | secp256k1_scalar sc; | ||||
random_scalar_order_test(&sc); | random_scalar_order_test(&sc); | ||||
secp256k1_scalar_get_num(num, &sc); | secp256k1_scalar_get_num(num, &sc); | ||||
Show All 27 Lines | |||||
void test_num_add_sub(void) { | void test_num_add_sub(void) { | ||||
int i; | int i; | ||||
secp256k1_scalar s; | secp256k1_scalar s; | ||||
secp256k1_num n1; | secp256k1_num n1; | ||||
secp256k1_num n2; | secp256k1_num n2; | ||||
secp256k1_num n1p2, n2p1, n1m2, n2m1; | secp256k1_num n1p2, n2p1, n1m2, n2m1; | ||||
random_num_order_test(&n1); /* n1 = R1 */ | random_num_order_test(&n1); /* n1 = R1 */ | ||||
if (secp256k1_rand_bits(1)) { | if (secp256k1_testrand_bits(1)) { | ||||
random_num_negate(&n1); | random_num_negate(&n1); | ||||
} | } | ||||
random_num_order_test(&n2); /* n2 = R2 */ | random_num_order_test(&n2); /* n2 = R2 */ | ||||
if (secp256k1_rand_bits(1)) { | if (secp256k1_testrand_bits(1)) { | ||||
random_num_negate(&n2); | random_num_negate(&n2); | ||||
} | } | ||||
secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ | secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */ | ||||
secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ | secp256k1_num_add(&n2p1, &n2, &n1); /* n2p1 = R2 + R1 */ | ||||
secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ | secp256k1_num_sub(&n1m2, &n1, &n2); /* n1m2 = R1 - R2 */ | ||||
secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ | secp256k1_num_sub(&n2m1, &n2, &n1); /* n2m1 = R2 - R1 */ | ||||
CHECK(secp256k1_num_eq(&n1p2, &n2p1)); | CHECK(secp256k1_num_eq(&n1p2, &n2p1)); | ||||
CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); | CHECK(!secp256k1_num_eq(&n1p2, &n1m2)); | ||||
▲ Show 20 Lines • Show All 174 Lines • ▼ Show 20 Lines | #endif | ||||
{ | { | ||||
/* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ | /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ | ||||
secp256k1_scalar n; | secp256k1_scalar n; | ||||
int i = 0; | int i = 0; | ||||
secp256k1_scalar_set_int(&n, 0); | secp256k1_scalar_set_int(&n, 0); | ||||
while (i < 256) { | while (i < 256) { | ||||
secp256k1_scalar t; | secp256k1_scalar t; | ||||
int j; | int j; | ||||
int now = secp256k1_rand_int(15) + 1; | int now = secp256k1_testrand_int(15) + 1; | ||||
if (now + i > 256) { | if (now + i > 256) { | ||||
now = 256 - i; | now = 256 - i; | ||||
} | } | ||||
secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); | secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); | ||||
for (j = 0; j < now; j++) { | for (j = 0; j < now; j++) { | ||||
secp256k1_scalar_add(&n, &n, &n); | secp256k1_scalar_add(&n, &n, &n); | ||||
} | } | ||||
secp256k1_scalar_add(&n, &n, &t); | secp256k1_scalar_add(&n, &n, &t); | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | #ifndef USE_NUM_NONE | ||||
{ | { | ||||
/* Test secp256k1_scalar_mul_shift_var. */ | /* Test secp256k1_scalar_mul_shift_var. */ | ||||
secp256k1_scalar r; | secp256k1_scalar r; | ||||
secp256k1_num one; | secp256k1_num one; | ||||
secp256k1_num rnum; | secp256k1_num rnum; | ||||
secp256k1_num rnum2; | secp256k1_num rnum2; | ||||
unsigned char cone[1] = {0x01}; | unsigned char cone[1] = {0x01}; | ||||
unsigned int shift = 256 + secp256k1_rand_int(257); | unsigned int shift = 256 + secp256k1_testrand_int(257); | ||||
secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); | secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift); | ||||
secp256k1_num_mul(&rnum, &s1num, &s2num); | secp256k1_num_mul(&rnum, &s1num, &s2num); | ||||
secp256k1_num_shift(&rnum, shift - 1); | secp256k1_num_shift(&rnum, shift - 1); | ||||
secp256k1_num_set_bin(&one, cone, 1); | secp256k1_num_set_bin(&one, cone, 1); | ||||
secp256k1_num_add(&rnum, &rnum, &one); | secp256k1_num_add(&rnum, &rnum, &one); | ||||
secp256k1_num_shift(&rnum, 1); | secp256k1_num_shift(&rnum, 1); | ||||
secp256k1_scalar_get_num(&rnum2, &r); | secp256k1_scalar_get_num(&rnum2, &r); | ||||
CHECK(secp256k1_num_eq(&rnum, &rnum2)); | CHECK(secp256k1_num_eq(&rnum, &rnum2)); | ||||
} | } | ||||
{ | { | ||||
/* test secp256k1_scalar_shr_int */ | /* test secp256k1_scalar_shr_int */ | ||||
secp256k1_scalar r; | secp256k1_scalar r; | ||||
int i; | int i; | ||||
random_scalar_order_test(&r); | random_scalar_order_test(&r); | ||||
for (i = 0; i < 100; ++i) { | for (i = 0; i < 100; ++i) { | ||||
int low; | int low; | ||||
int shift = 1 + secp256k1_rand_int(15); | int shift = 1 + secp256k1_testrand_int(15); | ||||
int expected = r.d[0] % (1 << shift); | int expected = r.d[0] % (1 << shift); | ||||
low = secp256k1_scalar_shr_int(&r, shift); | low = secp256k1_scalar_shr_int(&r, shift); | ||||
CHECK(expected == low); | CHECK(expected == low); | ||||
} | } | ||||
} | } | ||||
#endif | #endif | ||||
{ | { | ||||
Show All 31 Lines | #endif | ||||
CHECK(secp256k1_scalar_eq(&r1, &r2)); | CHECK(secp256k1_scalar_eq(&r1, &r2)); | ||||
} | } | ||||
{ | { | ||||
secp256k1_scalar r1, r2; | secp256k1_scalar r1, r2; | ||||
secp256k1_scalar b; | secp256k1_scalar b; | ||||
int i; | int i; | ||||
/* Test add_bit. */ | /* Test add_bit. */ | ||||
int bit = secp256k1_rand_bits(8); | int bit = secp256k1_testrand_bits(8); | ||||
secp256k1_scalar_set_int(&b, 1); | secp256k1_scalar_set_int(&b, 1); | ||||
CHECK(secp256k1_scalar_is_one(&b)); | CHECK(secp256k1_scalar_is_one(&b)); | ||||
for (i = 0; i < bit; i++) { | for (i = 0; i < bit; i++) { | ||||
secp256k1_scalar_add(&b, &b, &b); | secp256k1_scalar_add(&b, &b, &b); | ||||
} | } | ||||
r1 = s1; | r1 = s1; | ||||
r2 = s1; | r2 = s1; | ||||
if (!secp256k1_scalar_add(&r1, &r1, &b)) { | if (!secp256k1_scalar_add(&r1, &r1, &b)) { | ||||
▲ Show 20 Lines • Show All 754 Lines • ▼ Show 20 Lines | #endif | ||||
} | } | ||||
} | } | ||||
/***** FIELD TESTS *****/ | /***** FIELD TESTS *****/ | ||||
void random_fe(secp256k1_fe *x) { | void random_fe(secp256k1_fe *x) { | ||||
unsigned char bin[32]; | unsigned char bin[32]; | ||||
do { | do { | ||||
secp256k1_rand256(bin); | secp256k1_testrand256(bin); | ||||
if (secp256k1_fe_set_b32(x, bin)) { | if (secp256k1_fe_set_b32(x, bin)) { | ||||
return; | return; | ||||
} | } | ||||
} while(1); | } while(1); | ||||
} | } | ||||
void random_fe_test(secp256k1_fe *x) { | void random_fe_test(secp256k1_fe *x) { | ||||
unsigned char bin[32]; | unsigned char bin[32]; | ||||
do { | do { | ||||
secp256k1_rand256_test(bin); | secp256k1_testrand256_test(bin); | ||||
if (secp256k1_fe_set_b32(x, bin)) { | if (secp256k1_fe_set_b32(x, bin)) { | ||||
return; | return; | ||||
} | } | ||||
} while(1); | } while(1); | ||||
} | } | ||||
void random_fe_non_zero(secp256k1_fe *nz) { | void random_fe_non_zero(secp256k1_fe *nz) { | ||||
int tries = 10; | int tries = 10; | ||||
▲ Show 20 Lines • Show All 176 Lines • ▼ Show 20 Lines | |||||
void run_field_inv_all_var(void) { | void run_field_inv_all_var(void) { | ||||
secp256k1_fe x[16], xi[16], xii[16]; | secp256k1_fe x[16], xi[16], xii[16]; | ||||
int i; | int i; | ||||
/* Check it's safe to call for 0 elements */ | /* Check it's safe to call for 0 elements */ | ||||
secp256k1_fe_inv_all_var(xi, x, 0); | secp256k1_fe_inv_all_var(xi, x, 0); | ||||
for (i = 0; i < count; i++) { | for (i = 0; i < count; i++) { | ||||
size_t j; | size_t j; | ||||
size_t len = secp256k1_rand_int(15) + 1; | size_t len = secp256k1_testrand_int(15) + 1; | ||||
for (j = 0; j < len; j++) { | for (j = 0; j < len; j++) { | ||||
random_fe_non_zero(&x[j]); | random_fe_non_zero(&x[j]); | ||||
} | } | ||||
secp256k1_fe_inv_all_var(xi, x, len); | secp256k1_fe_inv_all_var(xi, x, len); | ||||
for (j = 0; j < len; j++) { | for (j = 0; j < len; j++) { | ||||
CHECK(check_fe_inverse(&x[j], &xi[j])); | CHECK(check_fe_inverse(&x[j], &xi[j])); | ||||
} | } | ||||
secp256k1_fe_inv_all_var(xii, xi, len); | secp256k1_fe_inv_all_var(xii, xi, len); | ||||
▲ Show 20 Lines • Show All 275 Lines • ▼ Show 20 Lines | #endif | ||||
/* Test adding all points together in random order equals infinity. */ | /* Test adding all points together in random order equals infinity. */ | ||||
{ | { | ||||
secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; | secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; | ||||
secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); | secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); | ||||
for (i = 0; i < 4 * runs + 1; i++) { | for (i = 0; i < 4 * runs + 1; i++) { | ||||
gej_shuffled[i] = gej[i]; | gej_shuffled[i] = gej[i]; | ||||
} | } | ||||
for (i = 0; i < 4 * runs + 1; i++) { | for (i = 0; i < 4 * runs + 1; i++) { | ||||
int swap = i + secp256k1_rand_int(4 * runs + 1 - i); | int swap = i + secp256k1_testrand_int(4 * runs + 1 - i); | ||||
if (swap != i) { | if (swap != i) { | ||||
secp256k1_gej t = gej_shuffled[i]; | secp256k1_gej t = gej_shuffled[i]; | ||||
gej_shuffled[i] = gej_shuffled[swap]; | gej_shuffled[i] = gej_shuffled[swap]; | ||||
gej_shuffled[swap] = t; | gej_shuffled[swap] = t; | ||||
} | } | ||||
} | } | ||||
for (i = 0; i < 4 * runs + 1; i++) { | for (i = 0; i < 4 * runs + 1; i++) { | ||||
secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); | secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); | ||||
▲ Show 20 Lines • Show All 778 Lines • ▼ Show 20 Lines | #endif | ||||
} | } | ||||
} | } | ||||
/** | /** | ||||
* Probabilistically test the function returning the maximum number of possible points | * Probabilistically test the function returning the maximum number of possible points | ||||
* for a given scratch space. | * for a given scratch space. | ||||
*/ | */ | ||||
void test_ecmult_multi_pippenger_max_points(void) { | void test_ecmult_multi_pippenger_max_points(void) { | ||||
size_t scratch_size = secp256k1_rand_int(256); | size_t scratch_size = secp256k1_testrand_int(256); | ||||
size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); | size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); | ||||
secp256k1_scratch *scratch; | secp256k1_scratch *scratch; | ||||
size_t n_points_supported; | size_t n_points_supported; | ||||
int bucket_window = 0; | int bucket_window = 0; | ||||
for(; scratch_size < max_size; scratch_size+=256) { | for(; scratch_size < max_size; scratch_size+=256) { | ||||
size_t i; | size_t i; | ||||
size_t total_alloc; | size_t total_alloc; | ||||
▲ Show 20 Lines • Show All 443 Lines • ▼ Show 20 Lines | void test_ecmult_gen_blind(void) { | ||||
secp256k1_scalar b; | secp256k1_scalar b; | ||||
unsigned char seed32[32]; | unsigned char seed32[32]; | ||||
secp256k1_gej pgej; | secp256k1_gej pgej; | ||||
secp256k1_gej pgej2; | secp256k1_gej pgej2; | ||||
secp256k1_gej i; | secp256k1_gej i; | ||||
secp256k1_ge pge; | secp256k1_ge pge; | ||||
random_scalar_order_test(&key); | random_scalar_order_test(&key); | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); | ||||
secp256k1_rand256(seed32); | secp256k1_testrand256(seed32); | ||||
b = ctx->ecmult_gen_ctx.blind; | b = ctx->ecmult_gen_ctx.blind; | ||||
i = ctx->ecmult_gen_ctx.initial; | i = ctx->ecmult_gen_ctx.initial; | ||||
secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); | secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); | ||||
CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); | CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); | ||||
CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); | CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); | ||||
CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); | CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); | ||||
secp256k1_ge_set_gej(&pge, &pgej); | secp256k1_ge_set_gej(&pge, &pgej); | ||||
▲ Show 20 Lines • Show All 758 Lines • ▼ Show 20 Lines | void test_ecdsa_sign_verify(void) { | ||||
secp256k1_scalar msg, key; | secp256k1_scalar msg, key; | ||||
secp256k1_scalar sigr, sigs; | secp256k1_scalar sigr, sigs; | ||||
int recid; | int recid; | ||||
int getrec; | int getrec; | ||||
random_scalar_order_test(&msg); | random_scalar_order_test(&msg); | ||||
random_scalar_order_test(&key); | random_scalar_order_test(&key); | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); | ||||
secp256k1_ge_set_gej(&pub, &pubj); | secp256k1_ge_set_gej(&pub, &pubj); | ||||
getrec = secp256k1_rand_bits(1); | getrec = secp256k1_testrand_bits(1); | ||||
random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); | random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL); | ||||
if (getrec) { | if (getrec) { | ||||
CHECK(recid >= 0 && recid < 4); | CHECK(recid >= 0 && recid < 4); | ||||
} | } | ||||
CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); | CHECK(secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); | ||||
secp256k1_scalar_set_int(&one, 1); | secp256k1_scalar_set_int(&one, 1); | ||||
secp256k1_scalar_add(&msg, &msg, &one); | secp256k1_scalar_add(&msg, &msg, &one); | ||||
CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); | CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg)); | ||||
▲ Show 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | /* Generate a random key and message. */ | ||||
secp256k1_scalar_get_b32(message, &msg); | secp256k1_scalar_get_b32(message, &msg); | ||||
} | } | ||||
/* Construct and verify corresponding public key. */ | /* Construct and verify corresponding public key. */ | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); | CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); | ||||
/* Verify exporting and importing public key. */ | /* Verify exporting and importing public key. */ | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); | CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | ||||
/* Verify negation changes the key and changes it back */ | /* Verify negation changes the key and changes it back */ | ||||
memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); | memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | ||||
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); | CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); | ||||
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | ||||
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); | ||||
/* Verify private key import and export. */ | /* Verify private key import and export. */ | ||||
CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1)); | CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); | ||||
CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | ||||
CHECK(memcmp(privkey, privkey2, 32) == 0); | CHECK(memcmp(privkey, privkey2, 32) == 0); | ||||
/* Optionally tweak the keys using addition. */ | /* Optionally tweak the keys using addition. */ | ||||
if (secp256k1_rand_int(3) == 0) { | if (secp256k1_testrand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | int ret3; | ||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | unsigned char privkey_tmp[32]; | ||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_rand256_test(rnd); | secp256k1_testrand256_test(rnd); | ||||
memcpy(privkey_tmp, privkey, 32); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); | ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); | ||||
ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | /* Check that privkey alias gives same result */ | ||||
ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); | ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); | ||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | CHECK(ret2 == ret3); | ||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
return; | return; | ||||
} | } | ||||
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
} | } | ||||
/* Optionally tweak the keys using multiplication. */ | /* Optionally tweak the keys using multiplication. */ | ||||
if (secp256k1_rand_int(3) == 0) { | if (secp256k1_testrand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | int ret3; | ||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | unsigned char privkey_tmp[32]; | ||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_rand256_test(rnd); | secp256k1_testrand256_test(rnd); | ||||
memcpy(privkey_tmp, privkey, 32); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); | ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); | ||||
ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | /* Check that privkey alias gives same result */ | ||||
ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); | ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); | ||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | CHECK(ret2 == ret3); | ||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
▲ Show 20 Lines • Show All 45 Lines • ▼ Show 20 Lines | void test_ecdsa_end_to_end(void) { | ||||
/* Serialize/parse DER and verify again */ | /* Serialize/parse DER and verify again */ | ||||
CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | ||||
memset(&signature[0], 0, sizeof(signature[0])); | memset(&signature[0], 0, sizeof(signature[0])); | ||||
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); | CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | ||||
/* Serialize/destroy/parse DER and verify again. */ | /* Serialize/destroy/parse DER and verify again. */ | ||||
siglen = 74; | siglen = 74; | ||||
CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | ||||
sig[secp256k1_rand_int(siglen)] += 1 + secp256k1_rand_int(255); | sig[secp256k1_testrand_int(siglen)] += 1 + secp256k1_testrand_int(255); | ||||
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || | CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || | ||||
secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); | secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); | ||||
} | } | ||||
void test_random_pubkeys(void) { | void test_random_pubkeys(void) { | ||||
secp256k1_ge elem; | secp256k1_ge elem; | ||||
secp256k1_ge elem2; | secp256k1_ge elem2; | ||||
unsigned char in[65]; | unsigned char in[65]; | ||||
/* Generate some randomly sized pubkeys. */ | /* Generate some randomly sized pubkeys. */ | ||||
size_t len = secp256k1_rand_bits(2) == 0 ? 65 : 33; | size_t len = secp256k1_testrand_bits(2) == 0 ? 65 : 33; | ||||
if (secp256k1_rand_bits(2) == 0) { | if (secp256k1_testrand_bits(2) == 0) { | ||||
len = secp256k1_rand_bits(6); | len = secp256k1_testrand_bits(6); | ||||
} | } | ||||
if (len == 65) { | if (len == 65) { | ||||
in[0] = secp256k1_rand_bits(1) ? 4 : (secp256k1_rand_bits(1) ? 6 : 7); | in[0] = secp256k1_testrand_bits(1) ? 4 : (secp256k1_testrand_bits(1) ? 6 : 7); | ||||
} else { | } else { | ||||
in[0] = secp256k1_rand_bits(1) ? 2 : 3; | in[0] = secp256k1_testrand_bits(1) ? 2 : 3; | ||||
} | } | ||||
if (secp256k1_rand_bits(3) == 0) { | if (secp256k1_testrand_bits(3) == 0) { | ||||
in[0] = secp256k1_rand_bits(8); | in[0] = secp256k1_testrand_bits(8); | ||||
} | } | ||||
if (len > 1) { | if (len > 1) { | ||||
secp256k1_rand256(&in[1]); | secp256k1_testrand256(&in[1]); | ||||
} | } | ||||
if (len > 33) { | if (len > 33) { | ||||
secp256k1_rand256(&in[33]); | secp256k1_testrand256(&in[33]); | ||||
} | } | ||||
if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { | if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { | ||||
unsigned char out[65]; | unsigned char out[65]; | ||||
unsigned char firstb; | unsigned char firstb; | ||||
int res; | int res; | ||||
size_t size = len; | size_t size = len; | ||||
firstb = in[0]; | firstb = in[0]; | ||||
/* If the pubkey can be parsed, it should round-trip... */ | /* If the pubkey can be parsed, it should round-trip... */ | ||||
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); | CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); | ||||
CHECK(size == len); | CHECK(size == len); | ||||
CHECK(memcmp(&in[1], &out[1], len-1) == 0); | CHECK(memcmp(&in[1], &out[1], len-1) == 0); | ||||
/* ... except for the type of hybrid inputs. */ | /* ... except for the type of hybrid inputs. */ | ||||
if ((in[0] != 6) && (in[0] != 7)) { | if ((in[0] != 6) && (in[0] != 7)) { | ||||
CHECK(in[0] == out[0]); | CHECK(in[0] == out[0]); | ||||
} | } | ||||
size = 65; | size = 65; | ||||
CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); | CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); | ||||
CHECK(size == 65); | CHECK(size == 65); | ||||
CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); | CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); | ||||
ge_equals_ge(&elem,&elem2); | ge_equals_ge(&elem,&elem2); | ||||
/* Check that the X9.62 hybrid type is checked. */ | /* Check that the X9.62 hybrid type is checked. */ | ||||
in[0] = secp256k1_rand_bits(1) ? 6 : 7; | in[0] = secp256k1_testrand_bits(1) ? 6 : 7; | ||||
res = secp256k1_eckey_pubkey_parse(&elem2, in, size); | res = secp256k1_eckey_pubkey_parse(&elem2, in, size); | ||||
if (firstb == 2 || firstb == 3) { | if (firstb == 2 || firstb == 3) { | ||||
if (in[0] == firstb + 4) { | if (in[0] == firstb + 4) { | ||||
CHECK(res); | CHECK(res); | ||||
} else { | } else { | ||||
CHECK(!res); | CHECK(!res); | ||||
} | } | ||||
} | } | ||||
▲ Show 20 Lines • Show All 142 Lines • ▼ Show 20 Lines | for (i = 0; i < ptrlen; i++) { | ||||
} else { | } else { | ||||
ptr[i] = (val >> shift) & 0xFF; | ptr[i] = (val >> shift) & 0xFF; | ||||
} | } | ||||
} | } | ||||
} | } | ||||
static void damage_array(unsigned char *sig, size_t *len) { | static void damage_array(unsigned char *sig, size_t *len) { | ||||
int pos; | int pos; | ||||
int action = secp256k1_rand_bits(3); | int action = secp256k1_testrand_bits(3); | ||||
if (action < 1 && *len > 3) { | if (action < 1 && *len > 3) { | ||||
/* Delete a byte. */ | /* Delete a byte. */ | ||||
pos = secp256k1_rand_int(*len); | pos = secp256k1_testrand_int(*len); | ||||
memmove(sig + pos, sig + pos + 1, *len - pos - 1); | memmove(sig + pos, sig + pos + 1, *len - pos - 1); | ||||
(*len)--; | (*len)--; | ||||
return; | return; | ||||
} else if (action < 2 && *len < 2048) { | } else if (action < 2 && *len < 2048) { | ||||
/* Insert a byte. */ | /* Insert a byte. */ | ||||
pos = secp256k1_rand_int(1 + *len); | pos = secp256k1_testrand_int(1 + *len); | ||||
memmove(sig + pos + 1, sig + pos, *len - pos); | memmove(sig + pos + 1, sig + pos, *len - pos); | ||||
sig[pos] = secp256k1_rand_bits(8); | sig[pos] = secp256k1_testrand_bits(8); | ||||
(*len)++; | (*len)++; | ||||
return; | return; | ||||
} else if (action < 4) { | } else if (action < 4) { | ||||
/* Modify a byte. */ | /* Modify a byte. */ | ||||
sig[secp256k1_rand_int(*len)] += 1 + secp256k1_rand_int(255); | sig[secp256k1_testrand_int(*len)] += 1 + secp256k1_testrand_int(255); | ||||
return; | return; | ||||
} else { /* action < 8 */ | } else { /* action < 8 */ | ||||
/* Modify a bit. */ | /* Modify a bit. */ | ||||
sig[secp256k1_rand_int(*len)] ^= 1 << secp256k1_rand_bits(3); | sig[secp256k1_testrand_int(*len)] ^= 1 << secp256k1_testrand_bits(3); | ||||
return; | return; | ||||
} | } | ||||
} | } | ||||
static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly_der, int* certainly_not_der) { | static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly_der, int* certainly_not_der) { | ||||
int der; | int der; | ||||
int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2]; | int nlow[2], nlen[2], nlenlen[2], nhbit[2], nhbyte[2], nzlen[2]; | ||||
size_t tlen, elen, glen; | size_t tlen, elen, glen; | ||||
int indet; | int indet; | ||||
int n; | int n; | ||||
*len = 0; | *len = 0; | ||||
der = secp256k1_rand_bits(2) == 0; | der = secp256k1_testrand_bits(2) == 0; | ||||
*certainly_der = der; | *certainly_der = der; | ||||
*certainly_not_der = 0; | *certainly_not_der = 0; | ||||
indet = der ? 0 : secp256k1_rand_int(10) == 0; | indet = der ? 0 : secp256k1_testrand_int(10) == 0; | ||||
for (n = 0; n < 2; n++) { | for (n = 0; n < 2; n++) { | ||||
/* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ | /* We generate two classes of numbers: nlow==1 "low" ones (up to 32 bytes), nlow==0 "high" ones (32 bytes with 129 top bits set, or larger than 32 bytes) */ | ||||
nlow[n] = der ? 1 : (secp256k1_rand_bits(3) != 0); | nlow[n] = der ? 1 : (secp256k1_testrand_bits(3) != 0); | ||||
/* The length of the number in bytes (the first byte of which will always be nonzero) */ | /* The length of the number in bytes (the first byte of which will always be nonzero) */ | ||||
nlen[n] = nlow[n] ? secp256k1_rand_int(33) : 32 + secp256k1_rand_int(200) * secp256k1_rand_int(8) / 8; | nlen[n] = nlow[n] ? secp256k1_testrand_int(33) : 32 + secp256k1_testrand_int(200) * secp256k1_testrand_int(8) / 8; | ||||
CHECK(nlen[n] <= 232); | CHECK(nlen[n] <= 232); | ||||
/* The top bit of the number. */ | /* The top bit of the number. */ | ||||
nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : secp256k1_rand_bits(1)); | nhbit[n] = (nlow[n] == 0 && nlen[n] == 32) ? 1 : (nlen[n] == 0 ? 0 : secp256k1_testrand_bits(1)); | ||||
/* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ | /* The top byte of the number (after the potential hardcoded 16 0xFF characters for "high" 32 bytes numbers) */ | ||||
nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + secp256k1_rand_bits(7) : 1 + secp256k1_rand_int(127)); | nhbyte[n] = nlen[n] == 0 ? 0 : (nhbit[n] ? 128 + secp256k1_testrand_bits(7) : 1 + secp256k1_testrand_int(127)); | ||||
/* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ | /* The number of zero bytes in front of the number (which is 0 or 1 in case of DER, otherwise we extend up to 300 bytes) */ | ||||
nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? secp256k1_rand_int(3) : secp256k1_rand_int(300 - nlen[n]) * secp256k1_rand_int(8) / 8); | nzlen[n] = der ? ((nlen[n] == 0 || nhbit[n]) ? 1 : 0) : (nlow[n] ? secp256k1_testrand_int(3) : secp256k1_testrand_int(300 - nlen[n]) * secp256k1_testrand_int(8) / 8); | ||||
if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { | if (nzlen[n] > ((nlen[n] == 0 || nhbit[n]) ? 1 : 0)) { | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} | } | ||||
CHECK(nlen[n] + nzlen[n] <= 300); | CHECK(nlen[n] + nzlen[n] <= 300); | ||||
/* The length of the length descriptor for the number. 0 means short encoding, anything else is long encoding. */ | /* The length of the length descriptor for the number. 0 means short encoding, anything else is long encoding. */ | ||||
nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); | nlenlen[n] = nlen[n] + nzlen[n] < 128 ? 0 : (nlen[n] + nzlen[n] < 256 ? 1 : 2); | ||||
if (!der) { | if (!der) { | ||||
/* nlenlen[n] max 127 bytes */ | /* nlenlen[n] max 127 bytes */ | ||||
int add = secp256k1_rand_int(127 - nlenlen[n]) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; | int add = secp256k1_testrand_int(127 - nlenlen[n]) * secp256k1_testrand_int(16) * secp256k1_testrand_int(16) / 256; | ||||
nlenlen[n] += add; | nlenlen[n] += add; | ||||
if (add != 0) { | if (add != 0) { | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} | } | ||||
} | } | ||||
CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427); | CHECK(nlen[n] + nzlen[n] + nlenlen[n] <= 427); | ||||
} | } | ||||
/* The total length of the data to go, so far */ | /* The total length of the data to go, so far */ | ||||
tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1]; | tlen = 2 + nlenlen[0] + nlen[0] + nzlen[0] + 2 + nlenlen[1] + nlen[1] + nzlen[1]; | ||||
CHECK(tlen <= 856); | CHECK(tlen <= 856); | ||||
/* The length of the garbage inside the tuple. */ | /* The length of the garbage inside the tuple. */ | ||||
elen = (der || indet) ? 0 : secp256k1_rand_int(980 - tlen) * secp256k1_rand_int(8) / 8; | elen = (der || indet) ? 0 : secp256k1_testrand_int(980 - tlen) * secp256k1_testrand_int(8) / 8; | ||||
if (elen != 0) { | if (elen != 0) { | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} | } | ||||
tlen += elen; | tlen += elen; | ||||
CHECK(tlen <= 980); | CHECK(tlen <= 980); | ||||
/* The length of the garbage after the end of the tuple. */ | /* The length of the garbage after the end of the tuple. */ | ||||
glen = der ? 0 : secp256k1_rand_int(990 - tlen) * secp256k1_rand_int(8) / 8; | glen = der ? 0 : secp256k1_testrand_int(990 - tlen) * secp256k1_testrand_int(8) / 8; | ||||
if (glen != 0) { | if (glen != 0) { | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} | } | ||||
CHECK(tlen + glen <= 990); | CHECK(tlen + glen <= 990); | ||||
/* Write the tuple header. */ | /* Write the tuple header. */ | ||||
sig[(*len)++] = 0x30; | sig[(*len)++] = 0x30; | ||||
if (indet) { | if (indet) { | ||||
/* Indeterminate length */ | /* Indeterminate length */ | ||||
sig[(*len)++] = 0x80; | sig[(*len)++] = 0x80; | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} else { | } else { | ||||
int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); | int tlenlen = tlen < 128 ? 0 : (tlen < 256 ? 1 : 2); | ||||
if (!der) { | if (!der) { | ||||
int add = secp256k1_rand_int(127 - tlenlen) * secp256k1_rand_int(16) * secp256k1_rand_int(16) / 256; | int add = secp256k1_testrand_int(127 - tlenlen) * secp256k1_testrand_int(16) * secp256k1_testrand_int(16) / 256; | ||||
tlenlen += add; | tlenlen += add; | ||||
if (add != 0) { | if (add != 0) { | ||||
*certainly_not_der = 1; | *certainly_not_der = 1; | ||||
} | } | ||||
} | } | ||||
if (tlenlen == 0) { | if (tlenlen == 0) { | ||||
/* Short length notation */ | /* Short length notation */ | ||||
sig[(*len)++] = tlen; | sig[(*len)++] = tlen; | ||||
Show All 34 Lines | for (n = 0; n < 2; n++) { | ||||
nlen[n] -= 16; | nlen[n] -= 16; | ||||
} | } | ||||
/* Write first byte of number */ | /* Write first byte of number */ | ||||
if (nlen[n] > 0) { | if (nlen[n] > 0) { | ||||
sig[(*len)++] = nhbyte[n]; | sig[(*len)++] = nhbyte[n]; | ||||
nlen[n]--; | nlen[n]--; | ||||
} | } | ||||
/* Generate remaining random bytes of number */ | /* Generate remaining random bytes of number */ | ||||
secp256k1_rand_bytes_test(sig + *len, nlen[n]); | secp256k1_testrand_bytes_test(sig + *len, nlen[n]); | ||||
*len += nlen[n]; | *len += nlen[n]; | ||||
nlen[n] = 0; | nlen[n] = 0; | ||||
} | } | ||||
/* Generate random garbage inside tuple. */ | /* Generate random garbage inside tuple. */ | ||||
secp256k1_rand_bytes_test(sig + *len, elen); | secp256k1_testrand_bytes_test(sig + *len, elen); | ||||
*len += elen; | *len += elen; | ||||
/* Generate end-of-contents bytes. */ | /* Generate end-of-contents bytes. */ | ||||
if (indet) { | if (indet) { | ||||
sig[(*len)++] = 0; | sig[(*len)++] = 0; | ||||
sig[(*len)++] = 0; | sig[(*len)++] = 0; | ||||
tlen += 2; | tlen += 2; | ||||
} | } | ||||
CHECK(tlen + glen <= 1121); | CHECK(tlen + glen <= 1121); | ||||
/* Generate random garbage outside tuple. */ | /* Generate random garbage outside tuple. */ | ||||
secp256k1_rand_bytes_test(sig + *len, glen); | secp256k1_testrand_bytes_test(sig + *len, glen); | ||||
*len += glen; | *len += glen; | ||||
tlen += glen; | tlen += glen; | ||||
CHECK(tlen <= 1121); | CHECK(tlen <= 1121); | ||||
CHECK(tlen == *len); | CHECK(tlen == *len); | ||||
} | } | ||||
void run_ecdsa_der_parse(void) { | void run_ecdsa_der_parse(void) { | ||||
int i,j; | int i,j; | ||||
▲ Show 20 Lines • Show All 400 Lines • ▼ Show 20 Lines | void run_ecdsa_edge_cases(void) { | ||||
test_ecdsa_edge_cases(); | test_ecdsa_edge_cases(); | ||||
} | } | ||||
#ifdef ENABLE_OPENSSL_TESTS | #ifdef ENABLE_OPENSSL_TESTS | ||||
EC_KEY *get_openssl_key(const unsigned char *key32) { | EC_KEY *get_openssl_key(const unsigned char *key32) { | ||||
unsigned char privkey[300]; | unsigned char privkey[300]; | ||||
size_t privkeylen; | size_t privkeylen; | ||||
const unsigned char* pbegin = privkey; | const unsigned char* pbegin = privkey; | ||||
int compr = secp256k1_rand_bits(1); | int compr = secp256k1_testrand_bits(1); | ||||
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); | EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1); | ||||
CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); | CHECK(ec_privkey_export_der(ctx, privkey, &privkeylen, key32, compr)); | ||||
CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); | CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen)); | ||||
CHECK(EC_KEY_check_key(ec_key)); | CHECK(EC_KEY_check_key(ec_key)); | ||||
return ec_key; | return ec_key; | ||||
} | } | ||||
void test_ecdsa_openssl(void) { | void test_ecdsa_openssl(void) { | ||||
secp256k1_gej qj; | secp256k1_gej qj; | ||||
secp256k1_ge q; | secp256k1_ge q; | ||||
secp256k1_scalar sigr, sigs; | secp256k1_scalar sigr, sigs; | ||||
secp256k1_scalar one; | secp256k1_scalar one; | ||||
secp256k1_scalar msg2; | secp256k1_scalar msg2; | ||||
secp256k1_scalar key, msg; | secp256k1_scalar key, msg; | ||||
EC_KEY *ec_key; | EC_KEY *ec_key; | ||||
unsigned int sigsize = 80; | unsigned int sigsize = 80; | ||||
size_t secp_sigsize = 80; | size_t secp_sigsize = 80; | ||||
unsigned char message[32]; | unsigned char message[32]; | ||||
unsigned char signature[80]; | unsigned char signature[80]; | ||||
unsigned char key32[32]; | unsigned char key32[32]; | ||||
secp256k1_rand256_test(message); | secp256k1_testrand256_test(message); | ||||
secp256k1_scalar_set_b32(&msg, message, NULL); | secp256k1_scalar_set_b32(&msg, message, NULL); | ||||
random_scalar_order_test(&key); | random_scalar_order_test(&key); | ||||
secp256k1_scalar_get_b32(key32, &key); | secp256k1_scalar_get_b32(key32, &key); | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &qj, &key); | ||||
secp256k1_ge_set_gej(&q, &qj); | secp256k1_ge_set_gej(&q, &qj); | ||||
ec_key = get_openssl_key(key32); | ec_key = get_openssl_key(key32); | ||||
CHECK(ec_key != NULL); | CHECK(ec_key != NULL); | ||||
CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); | CHECK(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key)); | ||||
▲ Show 20 Lines • Show All 223 Lines • ▼ Show 20 Lines | int main(int argc, char **argv) { | ||||
/* find iteration count */ | /* find iteration count */ | ||||
if (argc > 1) { | if (argc > 1) { | ||||
count = strtol(argv[1], NULL, 0); | count = strtol(argv[1], NULL, 0); | ||||
} | } | ||||
printf("test count = %i\n", count); | printf("test count = %i\n", count); | ||||
/* find random seed */ | /* find random seed */ | ||||
secp256k1_rand_init(argc > 2 ? argv[2] : NULL); | secp256k1_testrand_init(argc > 2 ? argv[2] : NULL); | ||||
/* initialize */ | /* initialize */ | ||||
run_context_tests(0); | run_context_tests(0); | ||||
run_context_tests(1); | run_context_tests(1); | ||||
run_scratch_tests(); | run_scratch_tests(); | ||||
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); | ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); | ||||
if (secp256k1_rand_bits(1)) { | if (secp256k1_testrand_bits(1)) { | ||||
unsigned char rand32[32]; | unsigned char rand32[32]; | ||||
secp256k1_rand256(rand32); | secp256k1_testrand256(rand32); | ||||
CHECK(secp256k1_context_randomize(ctx, secp256k1_rand_bits(1) ? rand32 : NULL)); | CHECK(secp256k1_context_randomize(ctx, secp256k1_testrand_bits(1) ? rand32 : NULL)); | ||||
} | } | ||||
run_rand_bits(); | run_rand_bits(); | ||||
run_rand_int(); | run_rand_int(); | ||||
run_sha256_tests(); | run_sha256_tests(); | ||||
run_hmac_sha256_tests(); | run_hmac_sha256_tests(); | ||||
run_rfc6979_hmac_sha256_tests(); | run_rfc6979_hmac_sha256_tests(); | ||||
▲ Show 20 Lines • Show All 80 Lines • ▼ Show 20 Lines | #ifdef ENABLE_MODULE_SCHNORRSIG | ||||
run_schnorrsig_tests(); | run_schnorrsig_tests(); | ||||
#endif | #endif | ||||
/* util tests */ | /* util tests */ | ||||
run_memczero_test(); | run_memczero_test(); | ||||
run_cmov_tests(); | run_cmov_tests(); | ||||
secp256k1_rand_finish(); | secp256k1_testrand_finish(); | ||||
/* shutdown */ | /* shutdown */ | ||||
secp256k1_context_destroy(ctx); | secp256k1_context_destroy(ctx); | ||||
printf("no problems found\n"); | printf("no problems found\n"); | ||||
return 0; | return 0; | ||||
} | } |