Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/tests.c
Show First 20 Lines • Show All 436 Lines • ▼ Show 20 Lines | void run_sha256_tests(void) { | ||||
}; | }; | ||||
int i; | int i; | ||||
for (i = 0; i < 8; i++) { | for (i = 0; i < 8; i++) { | ||||
unsigned char out[32]; | unsigned char out[32]; | ||||
secp256k1_sha256 hasher; | secp256k1_sha256 hasher; | ||||
secp256k1_sha256_initialize(&hasher); | secp256k1_sha256_initialize(&hasher); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | ||||
secp256k1_sha256_finalize(&hasher, out); | secp256k1_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); | ||||
if (strlen(inputs[i]) > 0) { | if (strlen(inputs[i]) > 0) { | ||||
int split = secp256k1_testrand_int(strlen(inputs[i])); | int split = secp256k1_testrand_int(strlen(inputs[i])); | ||||
secp256k1_sha256_initialize(&hasher); | secp256k1_sha256_initialize(&hasher); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | ||||
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | ||||
secp256k1_sha256_finalize(&hasher, out); | secp256k1_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
void run_hmac_sha256_tests(void) { | void run_hmac_sha256_tests(void) { | ||||
static const char *keys[6] = { | static const char *keys[6] = { | ||||
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | ||||
"\x4a\x65\x66\x65", | "\x4a\x65\x66\x65", | ||||
Show All 20 Lines | void run_hmac_sha256_tests(void) { | ||||
}; | }; | ||||
int i; | int i; | ||||
for (i = 0; i < 6; i++) { | for (i = 0; i < 6; i++) { | ||||
secp256k1_hmac_sha256 hasher; | secp256k1_hmac_sha256 hasher; | ||||
unsigned char out[32]; | unsigned char out[32]; | ||||
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); | ||||
secp256k1_hmac_sha256_finalize(&hasher, out); | secp256k1_hmac_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); | ||||
if (strlen(inputs[i]) > 0) { | if (strlen(inputs[i]) > 0) { | ||||
int split = secp256k1_testrand_int(strlen(inputs[i])); | int split = secp256k1_testrand_int(strlen(inputs[i])); | ||||
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); | ||||
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); | ||||
secp256k1_hmac_sha256_finalize(&hasher, out); | secp256k1_hmac_sha256_finalize(&hasher, out); | ||||
CHECK(memcmp(out, outputs[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
void run_rfc6979_hmac_sha256_tests(void) { | void run_rfc6979_hmac_sha256_tests(void) { | ||||
static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; | static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; | ||||
static const unsigned char out1[3][32] = { | static const unsigned char out1[3][32] = { | ||||
{0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, | {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, | ||||
Show All 10 Lines | void run_rfc6979_hmac_sha256_tests(void) { | ||||
secp256k1_rfc6979_hmac_sha256 rng; | secp256k1_rfc6979_hmac_sha256 rng; | ||||
unsigned char out[32]; | unsigned char out[32]; | ||||
int i; | int i; | ||||
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); | secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); | ||||
for (i = 0; i < 3; i++) { | for (i = 0; i < 3; i++) { | ||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | ||||
CHECK(memcmp(out, out1[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, out1[i], 32) == 0); | ||||
} | } | ||||
secp256k1_rfc6979_hmac_sha256_finalize(&rng); | secp256k1_rfc6979_hmac_sha256_finalize(&rng); | ||||
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); | secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); | ||||
for (i = 0; i < 3; i++) { | for (i = 0; i < 3; i++) { | ||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | ||||
CHECK(memcmp(out, out1[i], 32) != 0); | CHECK(secp256k1_memcmp_var(out, out1[i], 32) != 0); | ||||
} | } | ||||
secp256k1_rfc6979_hmac_sha256_finalize(&rng); | secp256k1_rfc6979_hmac_sha256_finalize(&rng); | ||||
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); | secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); | ||||
for (i = 0; i < 3; i++) { | for (i = 0; i < 3; i++) { | ||||
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); | ||||
CHECK(memcmp(out, out2[i], 32) == 0); | CHECK(secp256k1_memcmp_var(out, out2[i], 32) == 0); | ||||
} | } | ||||
secp256k1_rfc6979_hmac_sha256_finalize(&rng); | secp256k1_rfc6979_hmac_sha256_finalize(&rng); | ||||
} | } | ||||
/***** RANDOM TESTS *****/ | /***** RANDOM TESTS *****/ | ||||
void test_rand_bits(int rand32, int bits) { | void test_rand_bits(int rand32, int bits) { | ||||
/* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to | /* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to | ||||
▲ Show 20 Lines • Show All 607 Lines • ▼ Show 20 Lines | #ifndef USE_NUM_NONE | ||||
CHECK(overflow == 1); | CHECK(overflow == 1); | ||||
CHECK(secp256k1_scalar_is_zero(&scalar)); | CHECK(secp256k1_scalar_is_zero(&scalar)); | ||||
/* A scalar with value of the curve order minus one should not overflow. */ | /* A scalar with value of the curve order minus one should not overflow. */ | ||||
bin[31] -= 1; | bin[31] -= 1; | ||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | secp256k1_scalar_set_b32(&scalar, bin, &overflow); | ||||
CHECK(overflow == 0); | CHECK(overflow == 0); | ||||
secp256k1_scalar_get_b32(bin_tmp, &scalar); | secp256k1_scalar_get_b32(bin_tmp, &scalar); | ||||
CHECK(memcmp(bin, bin_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(bin, bin_tmp, 32) == 0); | ||||
/* A scalar set to all 1s should overflow. */ | /* A scalar set to all 1s should overflow. */ | ||||
memset(bin, 0xFF, 32); | memset(bin, 0xFF, 32); | ||||
secp256k1_scalar_set_b32(&scalar, bin, &overflow); | secp256k1_scalar_set_b32(&scalar, bin, &overflow); | ||||
CHECK(overflow == 1); | CHECK(overflow == 1); | ||||
CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); | CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); | ||||
} | } | ||||
#endif | #endif | ||||
▲ Show 20 Lines • Show All 671 Lines • ▼ Show 20 Lines | void run_field_convert(void) { | ||||
secp256k1_fe_storage fes2; | secp256k1_fe_storage fes2; | ||||
/* Check conversions to fe. */ | /* Check conversions to fe. */ | ||||
CHECK(secp256k1_fe_set_b32(&fe2, b32)); | CHECK(secp256k1_fe_set_b32(&fe2, b32)); | ||||
CHECK(secp256k1_fe_equal_var(&fe, &fe2)); | CHECK(secp256k1_fe_equal_var(&fe, &fe2)); | ||||
secp256k1_fe_from_storage(&fe2, &fes); | secp256k1_fe_from_storage(&fe2, &fes); | ||||
CHECK(secp256k1_fe_equal_var(&fe, &fe2)); | CHECK(secp256k1_fe_equal_var(&fe, &fe2)); | ||||
/* Check conversion from fe. */ | /* Check conversion from fe. */ | ||||
secp256k1_fe_get_b32(b322, &fe); | secp256k1_fe_get_b32(b322, &fe); | ||||
CHECK(memcmp(b322, b32, 32) == 0); | CHECK(secp256k1_memcmp_var(b322, b32, 32) == 0); | ||||
secp256k1_fe_to_storage(&fes2, &fe); | secp256k1_fe_to_storage(&fes2, &fe); | ||||
CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); | CHECK(secp256k1_memcmp_var(&fes2, &fes, sizeof(fes)) == 0); | ||||
} | } | ||||
int fe_memcmp(const secp256k1_fe *a, const secp256k1_fe *b) { | int fe_secp256k1_memcmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { | ||||
secp256k1_fe t = *b; | secp256k1_fe t = *b; | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
t.magnitude = a->magnitude; | t.magnitude = a->magnitude; | ||||
t.normalized = a->normalized; | t.normalized = a->normalized; | ||||
#endif | #endif | ||||
return memcmp(a, &t, sizeof(secp256k1_fe)); | return secp256k1_memcmp_var(a, &t, sizeof(secp256k1_fe)); | ||||
} | } | ||||
void run_field_misc(void) { | void run_field_misc(void) { | ||||
secp256k1_fe x; | secp256k1_fe x; | ||||
secp256k1_fe y; | secp256k1_fe y; | ||||
secp256k1_fe z; | secp256k1_fe z; | ||||
secp256k1_fe q; | secp256k1_fe q; | ||||
secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); | secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); | ||||
Show All 9 Lines | for (i = 0; i < 5*count; i++) { | ||||
secp256k1_fe_add(&z,&y); | secp256k1_fe_add(&z,&y); | ||||
/* Test fe conditional move; z is not normalized here. */ | /* Test fe conditional move; z is not normalized here. */ | ||||
q = x; | q = x; | ||||
secp256k1_fe_cmov(&x, &z, 0); | secp256k1_fe_cmov(&x, &z, 0); | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
CHECK(x.normalized && x.magnitude == 1); | CHECK(x.normalized && x.magnitude == 1); | ||||
#endif | #endif | ||||
secp256k1_fe_cmov(&x, &x, 1); | secp256k1_fe_cmov(&x, &x, 1); | ||||
CHECK(fe_memcmp(&x, &z) != 0); | CHECK(fe_secp256k1_memcmp_var(&x, &z) != 0); | ||||
CHECK(fe_memcmp(&x, &q) == 0); | CHECK(fe_secp256k1_memcmp_var(&x, &q) == 0); | ||||
secp256k1_fe_cmov(&q, &z, 1); | secp256k1_fe_cmov(&q, &z, 1); | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
CHECK(!q.normalized && q.magnitude == z.magnitude); | CHECK(!q.normalized && q.magnitude == z.magnitude); | ||||
#endif | #endif | ||||
CHECK(fe_memcmp(&q, &z) == 0); | CHECK(fe_secp256k1_memcmp_var(&q, &z) == 0); | ||||
secp256k1_fe_normalize_var(&x); | secp256k1_fe_normalize_var(&x); | ||||
secp256k1_fe_normalize_var(&z); | secp256k1_fe_normalize_var(&z); | ||||
CHECK(!secp256k1_fe_equal_var(&x, &z)); | CHECK(!secp256k1_fe_equal_var(&x, &z)); | ||||
secp256k1_fe_normalize_var(&q); | secp256k1_fe_normalize_var(&q); | ||||
secp256k1_fe_cmov(&q, &z, (i&1)); | secp256k1_fe_cmov(&q, &z, (i&1)); | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
CHECK(q.normalized && q.magnitude == 1); | CHECK(q.normalized && q.magnitude == 1); | ||||
#endif | #endif | ||||
for (j = 0; j < 6; j++) { | for (j = 0; j < 6; j++) { | ||||
secp256k1_fe_negate(&z, &z, j+1); | secp256k1_fe_negate(&z, &z, j+1); | ||||
secp256k1_fe_normalize_var(&q); | secp256k1_fe_normalize_var(&q); | ||||
secp256k1_fe_cmov(&q, &z, (j&1)); | secp256k1_fe_cmov(&q, &z, (j&1)); | ||||
#ifdef VERIFY | #ifdef VERIFY | ||||
CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1)); | CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1)); | ||||
#endif | #endif | ||||
} | } | ||||
secp256k1_fe_normalize_var(&z); | secp256k1_fe_normalize_var(&z); | ||||
/* Test storage conversion and conditional moves. */ | /* Test storage conversion and conditional moves. */ | ||||
secp256k1_fe_to_storage(&xs, &x); | secp256k1_fe_to_storage(&xs, &x); | ||||
secp256k1_fe_to_storage(&ys, &y); | secp256k1_fe_to_storage(&ys, &y); | ||||
secp256k1_fe_to_storage(&zs, &z); | secp256k1_fe_to_storage(&zs, &z); | ||||
secp256k1_fe_storage_cmov(&zs, &xs, 0); | secp256k1_fe_storage_cmov(&zs, &xs, 0); | ||||
secp256k1_fe_storage_cmov(&zs, &zs, 1); | secp256k1_fe_storage_cmov(&zs, &zs, 1); | ||||
CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); | CHECK(secp256k1_memcmp_var(&xs, &zs, sizeof(xs)) != 0); | ||||
secp256k1_fe_storage_cmov(&ys, &xs, 1); | secp256k1_fe_storage_cmov(&ys, &xs, 1); | ||||
CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); | CHECK(secp256k1_memcmp_var(&xs, &ys, sizeof(xs)) == 0); | ||||
secp256k1_fe_from_storage(&x, &xs); | secp256k1_fe_from_storage(&x, &xs); | ||||
secp256k1_fe_from_storage(&y, &ys); | secp256k1_fe_from_storage(&y, &ys); | ||||
secp256k1_fe_from_storage(&z, &zs); | secp256k1_fe_from_storage(&z, &zs); | ||||
/* Test that mul_int, mul, and add agree. */ | /* Test that mul_int, mul, and add agree. */ | ||||
secp256k1_fe_add(&y, &x); | secp256k1_fe_add(&y, &x); | ||||
secp256k1_fe_add(&y, &x); | secp256k1_fe_add(&y, &x); | ||||
z = x; | z = x; | ||||
secp256k1_fe_mul_int(&z, 3); | secp256k1_fe_mul_int(&z, 3); | ||||
▲ Show 20 Lines • Show All 517 Lines • ▼ Show 20 Lines | for (i = 1; i <= 6; i++) { | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); | ||||
secp256k1_ge_set_gej(&Q, &Qj); | secp256k1_ge_set_gej(&Q, &Qj); | ||||
secp256k1_pubkey_save(&data[i - 1], &Q); | secp256k1_pubkey_save(&data[i - 1], &Q); | ||||
d[i - 1] = &data[i - 1]; | d[i - 1] = &data[i - 1]; | ||||
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); | secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); | ||||
secp256k1_ge_set_gej(&Q, &Qj); | secp256k1_ge_set_gej(&Q, &Qj); | ||||
secp256k1_pubkey_save(&sd, &Q); | secp256k1_pubkey_save(&sd, &Q); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); | CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); | ||||
CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); | CHECK(secp256k1_memcmp_var(&sd, &sd2, sizeof(sd)) == 0); | ||||
} | } | ||||
} | } | ||||
void run_ec_combine(void) { | void run_ec_combine(void) { | ||||
int i; | int i; | ||||
for (i = 0; i < count * 8; i++) { | for (i = 0; i < count * 8; i++) { | ||||
test_ec_combine(); | test_ec_combine(); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 1,104 Lines • ▼ Show 20 Lines | void test_scalar_split(void) { | ||||
if (secp256k1_scalar_is_high(&s1)) { | if (secp256k1_scalar_is_high(&s1)) { | ||||
secp256k1_scalar_negate(&s1, &s1); | secp256k1_scalar_negate(&s1, &s1); | ||||
} | } | ||||
if (secp256k1_scalar_is_high(&slam)) { | if (secp256k1_scalar_is_high(&slam)) { | ||||
secp256k1_scalar_negate(&slam, &slam); | secp256k1_scalar_negate(&slam, &slam); | ||||
} | } | ||||
secp256k1_scalar_get_b32(tmp, &s1); | secp256k1_scalar_get_b32(tmp, &s1); | ||||
CHECK(memcmp(zero, tmp, 16) == 0); | CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0); | ||||
secp256k1_scalar_get_b32(tmp, &slam); | secp256k1_scalar_get_b32(tmp, &slam); | ||||
CHECK(memcmp(zero, tmp, 16) == 0); | CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0); | ||||
} | } | ||||
void run_endomorphism_tests(void) { | void run_endomorphism_tests(void) { | ||||
test_scalar_split(); | test_scalar_split(); | ||||
} | } | ||||
#endif | #endif | ||||
void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { | void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { | ||||
Show All 31 Lines | for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { | ||||
ecount = 0; | ecount = 0; | ||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
outl = 65; | outl = 65; | ||||
VG_UNDEF(pubkeyo, 65); | VG_UNDEF(pubkeyo, 65); | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | ||||
VG_CHECK(pubkeyo, outl); | VG_CHECK(pubkeyo, outl); | ||||
CHECK(outl == 33); | CHECK(outl == 33); | ||||
CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); | CHECK(secp256k1_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0); | ||||
CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); | CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); | ||||
if (ypass) { | if (ypass) { | ||||
/* This test isn't always done because we decode with alternative signs, so the y won't match. */ | /* This test isn't always done because we decode with alternative signs, so the y won't match. */ | ||||
CHECK(pubkeyo[0] == ysign); | CHECK(pubkeyo[0] == ysign); | ||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); | CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
secp256k1_pubkey_save(&pubkey, &ge); | secp256k1_pubkey_save(&pubkey, &ge); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
outl = 65; | outl = 65; | ||||
VG_UNDEF(pubkeyo, 65); | VG_UNDEF(pubkeyo, 65); | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); | ||||
VG_CHECK(pubkeyo, outl); | VG_CHECK(pubkeyo, outl); | ||||
CHECK(outl == 65); | CHECK(outl == 65); | ||||
CHECK(pubkeyo[0] == 4); | CHECK(pubkeyo[0] == 4); | ||||
CHECK(memcmp(&pubkeyo[1], input, 64) == 0); | CHECK(secp256k1_memcmp_var(&pubkeyo[1], input, 64) == 0); | ||||
} | } | ||||
CHECK(ecount == 0); | CHECK(ecount == 0); | ||||
} else { | } else { | ||||
/* These cases must fail to parse. */ | /* These cases must fail to parse. */ | ||||
memset(&pubkey, 0xfe, sizeof(pubkey)); | memset(&pubkey, 0xfe, sizeof(pubkey)); | ||||
ecount = 0; | ecount = 0; | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); | CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); | ||||
▲ Show 20 Lines • Show All 352 Lines • ▼ Show 20 Lines | void run_eckey_edge_case_test(void) { | ||||
const secp256k1_pubkey *pubkeys[3]; | const secp256k1_pubkey *pubkeys[3]; | ||||
size_t len; | size_t len; | ||||
int32_t ecount; | int32_t ecount; | ||||
/* Group order is too large, reject. */ | /* Group order is too large, reject. */ | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
/* Maximum value is too large, reject. */ | /* Maximum value is too large, reject. */ | ||||
memset(ctmp, 255, 32); | memset(ctmp, 255, 32); | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | ||||
memset(&pubkey, 1, sizeof(pubkey)); | memset(&pubkey, 1, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
/* Zero is too small, reject. */ | /* Zero is too small, reject. */ | ||||
memset(ctmp, 0, 32); | memset(ctmp, 0, 32); | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | ||||
memset(&pubkey, 1, sizeof(pubkey)); | memset(&pubkey, 1, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
/* One must be accepted. */ | /* One must be accepted. */ | ||||
ctmp[31] = 0x01; | ctmp[31] = 0x01; | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
pubkey_one = pubkey; | pubkey_one = pubkey; | ||||
/* Group order + 1 is too large, reject. */ | /* Group order + 1 is too large, reject. */ | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x42; | ctmp[31] = 0x42; | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | ||||
memset(&pubkey, 1, sizeof(pubkey)); | memset(&pubkey, 1, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
/* -1 must be accepted. */ | /* -1 must be accepted. */ | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(pubkey)); | VG_UNDEF(&pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); | ||||
VG_CHECK(&pubkey, sizeof(pubkey)); | VG_CHECK(&pubkey, sizeof(pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
pubkey_negone = pubkey; | pubkey_negone = pubkey; | ||||
/* Tweak of zero leaves the value unchanged. */ | /* Tweak of zero leaves the value unchanged. */ | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); | ||||
CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); | CHECK(secp256k1_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); | ||||
memcpy(&pubkey2, &pubkey, sizeof(pubkey)); | memcpy(&pubkey2, &pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
/* Multiply tweak of zero zeroizes the output. */ | /* Multiply tweak of zero zeroizes the output. */ | ||||
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | ||||
seckey, the seckey is zeroized. */ | seckey, the seckey is zeroized. */ | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
ctmp2[31] = 0x01; | ctmp2[31] = 0x01; | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); | ||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); | ||||
/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing | ||||
tweak, the seckey is zeroized. */ | tweak, the seckey is zeroized. */ | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); | ||||
CHECK(memcmp(zeros, ctmp, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
/* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing | /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing | ||||
tweak, the pubkey is zeroized. */ | tweak, the pubkey is zeroized. */ | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* If the resulting key in secp256k1_ec_seckey_tweak_add and | /* If the resulting key in secp256k1_ec_seckey_tweak_add and | ||||
* secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter | * secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter | ||||
* case the pubkey is zeroized. */ | * case the pubkey is zeroized. */ | ||||
memcpy(ctmp, orderc, 32); | memcpy(ctmp, orderc, 32); | ||||
ctmp[31] = 0x40; | ctmp[31] = 0x40; | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); | ||||
CHECK(memcmp(zeros, ctmp2, 32) == 0); | CHECK(secp256k1_memcmp_var(zeros, ctmp2, 32) == 0); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
/* Tweak computation wraps and results in a key of 1. */ | /* Tweak computation wraps and results in a key of 1. */ | ||||
ctmp2[31] = 2; | ctmp2[31] = 2; | ||||
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); | CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); | ||||
CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); | CHECK(secp256k1_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); | ||||
ctmp2[31] = 2; | ctmp2[31] = 2; | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
ctmp2[31] = 1; | ctmp2[31] = 1; | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
/* Tweak mul * 2 = 1+1. */ | /* Tweak mul * 2 = 1+1. */ | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); | ||||
ctmp2[31] = 2; | ctmp2[31] = 2; | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
/* Test argument errors. */ | /* Test argument errors. */ | ||||
ecount = 0; | ecount = 0; | ||||
secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); | secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); | ||||
CHECK(ecount == 0); | CHECK(ecount == 0); | ||||
/* Zeroize pubkey on parse error. */ | /* Zeroize pubkey on parse error. */ | ||||
memset(&pubkey, 0, 32); | memset(&pubkey, 0, 32); | ||||
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); | ||||
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | memcpy(&pubkey, &pubkey2, sizeof(pubkey)); | ||||
memset(&pubkey2, 0, 32); | memset(&pubkey2, 0, 32); | ||||
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); | CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0); | ||||
/* Plain argument errors. */ | /* Plain argument errors. */ | ||||
ecount = 0; | ecount = 0; | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); | ||||
CHECK(ecount == 0); | CHECK(ecount == 0); | ||||
CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); | CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
ecount = 0; | ecount = 0; | ||||
memset(ctmp2, 0, 32); | memset(ctmp2, 0, 32); | ||||
Show All 23 Lines | void run_eckey_edge_case_test(void) { | ||||
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); | CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
ecount = 0; | ecount = 0; | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
memset(&pubkey, 1, sizeof(pubkey)); | memset(&pubkey, 1, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
/* secp256k1_ec_pubkey_combine tests. */ | /* secp256k1_ec_pubkey_combine tests. */ | ||||
ecount = 0; | ecount = 0; | ||||
pubkeys[0] = &pubkey_one; | pubkeys[0] = &pubkey_one; | ||||
VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); | VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); | ||||
VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); | VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); | ||||
VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); | VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
CHECK(ecount == 1); | CHECK(ecount == 1); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); | CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
CHECK(ecount == 2); | CHECK(ecount == 2); | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
pubkeys[0] = &pubkey_negone; | pubkeys[0] = &pubkey_negone; | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
len = 33; | len = 33; | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); | ||||
CHECK(memcmp(ctmp, ctmp2, 33) == 0); | CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); | ||||
/* Result is infinity. */ | /* Result is infinity. */ | ||||
pubkeys[0] = &pubkey_one; | pubkeys[0] = &pubkey_one; | ||||
pubkeys[1] = &pubkey_negone; | pubkeys[1] = &pubkey_negone; | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
/* Passes through infinity but comes out one. */ | /* Passes through infinity but comes out one. */ | ||||
pubkeys[2] = &pubkey_one; | pubkeys[2] = &pubkey_one; | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
len = 33; | len = 33; | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); | CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); | ||||
CHECK(memcmp(ctmp, ctmp2, 33) == 0); | CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); | ||||
/* Adds to two. */ | /* Adds to two. */ | ||||
pubkeys[1] = &pubkey_one; | pubkeys[1] = &pubkey_one; | ||||
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | memset(&pubkey, 255, sizeof(secp256k1_pubkey)); | ||||
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); | CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); | ||||
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); | ||||
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); | ||||
CHECK(ecount == 3); | CHECK(ecount == 3); | ||||
secp256k1_context_set_illegal_callback(ctx, NULL, NULL); | secp256k1_context_set_illegal_callback(ctx, NULL, NULL); | ||||
} | } | ||||
void run_eckey_negate_test(void) { | void run_eckey_negate_test(void) { | ||||
unsigned char seckey[32]; | unsigned char seckey[32]; | ||||
unsigned char seckey_tmp[32]; | unsigned char seckey_tmp[32]; | ||||
random_scalar_order_b32(seckey); | random_scalar_order_b32(seckey); | ||||
memcpy(seckey_tmp, seckey, 32); | memcpy(seckey_tmp, seckey, 32); | ||||
/* Verify negation changes the key and changes it back */ | /* Verify negation changes the key and changes it back */ | ||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | ||||
CHECK(memcmp(seckey, seckey_tmp, 32) != 0); | CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) != 0); | ||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | ||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); | ||||
/* Check that privkey alias gives same result */ | /* Check that privkey alias gives same result */ | ||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); | ||||
CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); | CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); | ||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); | ||||
/* Negating all 0s fails */ | /* Negating all 0s fails */ | ||||
memset(seckey, 0, 32); | memset(seckey, 0, 32); | ||||
memset(seckey_tmp, 0, 32); | memset(seckey_tmp, 0, 32); | ||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | ||||
/* Check that seckey is not modified */ | /* Check that seckey is not modified */ | ||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); | ||||
/* Negating an overflowing seckey fails and the seckey is zeroed. In this | /* Negating an overflowing seckey fails and the seckey is zeroed. In this | ||||
* test, the seckey has 16 random bytes to ensure that ec_seckey_negate | * test, the seckey has 16 random bytes to ensure that ec_seckey_negate | ||||
* doesn't just set seckey to a constant value in case of failure. */ | * doesn't just set seckey to a constant value in case of failure. */ | ||||
random_scalar_order_b32(seckey); | random_scalar_order_b32(seckey); | ||||
memset(seckey, 0xFF, 16); | memset(seckey, 0xFF, 16); | ||||
memset(seckey_tmp, 0, 32); | memset(seckey_tmp, 0, 32); | ||||
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); | ||||
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); | ||||
} | } | ||||
void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { | void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { | ||||
secp256k1_scalar nonce; | secp256k1_scalar nonce; | ||||
do { | do { | ||||
random_scalar_order_test(&nonce); | random_scalar_order_test(&nonce); | ||||
} while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); | } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 72 Lines • ▼ Show 20 Lines | static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { | ||||
if (counter > 5) { | if (counter > 5) { | ||||
return 0; | return 0; | ||||
} | } | ||||
return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); | return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); | ||||
} | } | ||||
int is_empty_signature(const secp256k1_ecdsa_signature *sig) { | int is_empty_signature(const secp256k1_ecdsa_signature *sig) { | ||||
static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; | static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; | ||||
return memcmp(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; | return secp256k1_memcmp_var(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; | ||||
} | } | ||||
void test_ecdsa_end_to_end(void) { | void test_ecdsa_end_to_end(void) { | ||||
unsigned char extra[32] = {0x00}; | unsigned char extra[32] = {0x00}; | ||||
unsigned char privkey[32]; | unsigned char privkey[32]; | ||||
unsigned char message[32]; | unsigned char message[32]; | ||||
unsigned char privkey2[32]; | unsigned char privkey2[32]; | ||||
secp256k1_ecdsa_signature signature[6]; | secp256k1_ecdsa_signature signature[6]; | ||||
Show All 23 Lines | void test_ecdsa_end_to_end(void) { | ||||
/* Verify exporting and importing public key. */ | /* Verify exporting and importing public key. */ | ||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); | CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); | ||||
memset(&pubkey, 0, sizeof(pubkey)); | memset(&pubkey, 0, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); | ||||
/* Verify negation changes the key and changes it back */ | /* Verify negation changes the key and changes it back */ | ||||
memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); | memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); | ||||
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | ||||
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); | CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); | ||||
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); | ||||
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); | ||||
/* Verify private key import and export. */ | /* Verify private key import and export. */ | ||||
CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); | CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); | ||||
CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); | ||||
CHECK(memcmp(privkey, privkey2, 32) == 0); | CHECK(secp256k1_memcmp_var(privkey, privkey2, 32) == 0); | ||||
/* Optionally tweak the keys using addition. */ | /* Optionally tweak the keys using addition. */ | ||||
if (secp256k1_testrand_int(3) == 0) { | if (secp256k1_testrand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | int ret3; | ||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | unsigned char privkey_tmp[32]; | ||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_testrand256_test(rnd); | secp256k1_testrand256_test(rnd); | ||||
memcpy(privkey_tmp, privkey, 32); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); | ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); | ||||
ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | /* Check that privkey alias gives same result */ | ||||
ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); | ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); | ||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | CHECK(ret2 == ret3); | ||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
return; | return; | ||||
} | } | ||||
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
} | } | ||||
/* Optionally tweak the keys using multiplication. */ | /* Optionally tweak the keys using multiplication. */ | ||||
if (secp256k1_testrand_int(3) == 0) { | if (secp256k1_testrand_int(3) == 0) { | ||||
int ret1; | int ret1; | ||||
int ret2; | int ret2; | ||||
int ret3; | int ret3; | ||||
unsigned char rnd[32]; | unsigned char rnd[32]; | ||||
unsigned char privkey_tmp[32]; | unsigned char privkey_tmp[32]; | ||||
secp256k1_pubkey pubkey2; | secp256k1_pubkey pubkey2; | ||||
secp256k1_testrand256_test(rnd); | secp256k1_testrand256_test(rnd); | ||||
memcpy(privkey_tmp, privkey, 32); | memcpy(privkey_tmp, privkey, 32); | ||||
ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); | ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); | ||||
ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); | ||||
/* Check that privkey alias gives same result */ | /* Check that privkey alias gives same result */ | ||||
ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); | ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); | ||||
CHECK(ret1 == ret2); | CHECK(ret1 == ret2); | ||||
CHECK(ret2 == ret3); | CHECK(ret2 == ret3); | ||||
if (ret1 == 0) { | if (ret1 == 0) { | ||||
return; | return; | ||||
} | } | ||||
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); | CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0); | ||||
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); | ||||
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); | ||||
} | } | ||||
/* Sign. */ | /* Sign. */ | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); | ||||
extra[31] = 1; | extra[31] = 1; | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); | ||||
extra[31] = 0; | extra[31] = 0; | ||||
extra[0] = 1; | extra[0] = 1; | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); | ||||
CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); | CHECK(secp256k1_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0); | ||||
CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0); | ||||
CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0); | ||||
CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[0], &signature[3], sizeof(signature[0])) != 0); | ||||
CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[1], &signature[2], sizeof(signature[0])) != 0); | ||||
CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0); | ||||
CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); | CHECK(secp256k1_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0); | ||||
/* Verify. */ | /* Verify. */ | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); | ||||
/* Test lower-S form, malleate, verify and fail, test again, malleate again */ | /* Test lower-S form, malleate, verify and fail, test again, malleate again */ | ||||
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); | CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); | ||||
secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); | secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); | ||||
secp256k1_scalar_negate(&s, &s); | secp256k1_scalar_negate(&s, &s); | ||||
secp256k1_ecdsa_signature_save(&signature[5], &r, &s); | secp256k1_ecdsa_signature_save(&signature[5], &r, &s); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); | ||||
CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | ||||
CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); | CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); | ||||
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | ||||
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); | CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); | ||||
secp256k1_scalar_negate(&s, &s); | secp256k1_scalar_negate(&s, &s); | ||||
secp256k1_ecdsa_signature_save(&signature[5], &r, &s); | secp256k1_ecdsa_signature_save(&signature[5], &r, &s); | ||||
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); | ||||
CHECK(memcmp(&signature[5], &signature[0], 64) == 0); | CHECK(secp256k1_memcmp_var(&signature[5], &signature[0], 64) == 0); | ||||
/* Serialize/parse DER and verify again */ | /* Serialize/parse DER and verify again */ | ||||
CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); | ||||
memset(&signature[0], 0, sizeof(signature[0])); | memset(&signature[0], 0, sizeof(signature[0])); | ||||
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); | CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); | ||||
CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); | ||||
/* Serialize/destroy/parse DER and verify again. */ | /* Serialize/destroy/parse DER and verify again. */ | ||||
siglen = 74; | siglen = 74; | ||||
Show All 30 Lines | if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { | ||||
unsigned char out[65]; | unsigned char out[65]; | ||||
unsigned char firstb; | unsigned char firstb; | ||||
int res; | int res; | ||||
size_t size = len; | size_t size = len; | ||||
firstb = in[0]; | firstb = in[0]; | ||||
/* If the pubkey can be parsed, it should round-trip... */ | /* If the pubkey can be parsed, it should round-trip... */ | ||||
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); | CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); | ||||
CHECK(size == len); | CHECK(size == len); | ||||
CHECK(memcmp(&in[1], &out[1], len-1) == 0); | CHECK(secp256k1_memcmp_var(&in[1], &out[1], len-1) == 0); | ||||
/* ... except for the type of hybrid inputs. */ | /* ... except for the type of hybrid inputs. */ | ||||
if ((in[0] != 6) && (in[0] != 7)) { | if ((in[0] != 6) && (in[0] != 7)) { | ||||
CHECK(in[0] == out[0]); | CHECK(in[0] == out[0]); | ||||
} | } | ||||
size = 65; | size = 65; | ||||
CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); | CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); | ||||
CHECK(size == 65); | CHECK(size == 65); | ||||
CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); | CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); | ||||
ge_equals_ge(&elem,&elem2); | ge_equals_ge(&elem,&elem2); | ||||
/* Check that the X9.62 hybrid type is checked. */ | /* Check that the X9.62 hybrid type is checked. */ | ||||
in[0] = secp256k1_testrand_bits(1) ? 6 : 7; | in[0] = secp256k1_testrand_bits(1) ? 6 : 7; | ||||
res = secp256k1_eckey_pubkey_parse(&elem2, in, size); | res = secp256k1_eckey_pubkey_parse(&elem2, in, size); | ||||
if (firstb == 2 || firstb == 3) { | if (firstb == 2 || firstb == 3) { | ||||
if (in[0] == firstb + 4) { | if (in[0] == firstb + 4) { | ||||
CHECK(res); | CHECK(res); | ||||
} else { | } else { | ||||
CHECK(!res); | CHECK(!res); | ||||
} | } | ||||
} | } | ||||
if (res) { | if (res) { | ||||
ge_equals_ge(&elem,&elem2); | ge_equals_ge(&elem,&elem2); | ||||
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); | CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); | ||||
CHECK(memcmp(&in[1], &out[1], 64) == 0); | CHECK(secp256k1_memcmp_var(&in[1], &out[1], 64) == 0); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
void run_random_pubkeys(void) { | void run_random_pubkeys(void) { | ||||
int i; | int i; | ||||
for (i = 0; i < 10*count; i++) { | for (i = 0; i < 10*count; i++) { | ||||
test_random_pubkeys(); | test_random_pubkeys(); | ||||
Show All 39 Lines | #ifdef ENABLE_OPENSSL_TESTS | ||||
unsigned char roundtrip_openssl[2048]; | unsigned char roundtrip_openssl[2048]; | ||||
int len_openssl = 2048; | int len_openssl = 2048; | ||||
int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; | int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; | ||||
#endif | #endif | ||||
parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); | parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); | ||||
if (parsed_der) { | if (parsed_der) { | ||||
ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; | ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; | ||||
valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); | valid_der = (secp256k1_memcmp_var(compact_der, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der + 32, zeroes, 32) != 0); | ||||
} | } | ||||
if (valid_der) { | if (valid_der) { | ||||
ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; | ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; | ||||
roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; | roundtrips_der = (len_der == siglen) && secp256k1_memcmp_var(roundtrip_der, sig, siglen) == 0; | ||||
} | } | ||||
parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); | parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); | ||||
if (parsed_der_lax) { | if (parsed_der_lax) { | ||||
ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; | ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; | ||||
valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); | valid_der_lax = (secp256k1_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0); | ||||
} | } | ||||
if (valid_der_lax) { | if (valid_der_lax) { | ||||
ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; | ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; | ||||
roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; | roundtrips_der_lax = (len_der_lax == siglen) && secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0; | ||||
} | } | ||||
if (certainly_der) { | if (certainly_der) { | ||||
ret |= (!parsed_der) << 2; | ret |= (!parsed_der) << 2; | ||||
} | } | ||||
if (certainly_not_der) { | if (certainly_not_der) { | ||||
ret |= (parsed_der) << 17; | ret |= (parsed_der) << 17; | ||||
} | } | ||||
if (valid_der) { | if (valid_der) { | ||||
ret |= (!roundtrips_der) << 3; | ret |= (!roundtrips_der) << 3; | ||||
} | } | ||||
if (valid_der) { | if (valid_der) { | ||||
ret |= (!roundtrips_der_lax) << 12; | ret |= (!roundtrips_der_lax) << 12; | ||||
ret |= (len_der != len_der_lax) << 13; | ret |= (len_der != len_der_lax) << 13; | ||||
ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; | ret |= ((len_der != len_der_lax) || (secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; | ||||
} | } | ||||
ret |= (roundtrips_der != roundtrips_der_lax) << 15; | ret |= (roundtrips_der != roundtrips_der_lax) << 15; | ||||
if (parsed_der) { | if (parsed_der) { | ||||
ret |= (!parsed_der_lax) << 16; | ret |= (!parsed_der_lax) << 16; | ||||
} | } | ||||
#ifdef ENABLE_OPENSSL_TESTS | #ifdef ENABLE_OPENSSL_TESTS | ||||
sig_openssl = ECDSA_SIG_new(); | sig_openssl = ECDSA_SIG_new(); | ||||
sigptr = sig; | sigptr = sig; | ||||
parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); | parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); | ||||
if (parsed_openssl) { | if (parsed_openssl) { | ||||
ECDSA_SIG_get0(sig_openssl, &r, &s); | ECDSA_SIG_get0(sig_openssl, &r, &s); | ||||
valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; | valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; | ||||
if (valid_openssl) { | if (valid_openssl) { | ||||
unsigned char tmp[32] = {0}; | unsigned char tmp[32] = {0}; | ||||
BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); | BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); | ||||
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; | valid_openssl = secp256k1_memcmp_var(tmp, max_scalar, 32) < 0; | ||||
} | } | ||||
if (valid_openssl) { | if (valid_openssl) { | ||||
unsigned char tmp[32] = {0}; | unsigned char tmp[32] = {0}; | ||||
BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); | BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); | ||||
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; | valid_openssl = secp256k1_memcmp_var(tmp, max_scalar, 32) < 0; | ||||
} | } | ||||
} | } | ||||
len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); | len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); | ||||
if (len_openssl <= 2048) { | if (len_openssl <= 2048) { | ||||
unsigned char *ptr = roundtrip_openssl; | unsigned char *ptr = roundtrip_openssl; | ||||
CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); | CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); | ||||
roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); | roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (secp256k1_memcmp_var(roundtrip_openssl, sig, siglen) == 0); | ||||
} else { | } else { | ||||
len_openssl = 0; | len_openssl = 0; | ||||
} | } | ||||
ECDSA_SIG_free(sig_openssl); | ECDSA_SIG_free(sig_openssl); | ||||
ret |= (parsed_der && !parsed_openssl) << 4; | ret |= (parsed_der && !parsed_openssl) << 4; | ||||
ret |= (valid_der && !valid_openssl) << 5; | ret |= (valid_der && !valid_openssl) << 5; | ||||
ret |= (roundtrips_openssl && !parsed_der) << 6; | ret |= (roundtrips_openssl && !parsed_der) << 6; | ||||
ret |= (roundtrips_der != roundtrips_openssl) << 7; | ret |= (roundtrips_der != roundtrips_openssl) << 7; | ||||
if (roundtrips_openssl) { | if (roundtrips_openssl) { | ||||
ret |= (len_der != (size_t)len_openssl) << 8; | ret |= (len_der != (size_t)len_openssl) << 8; | ||||
ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; | ret |= ((len_der != (size_t)len_openssl) || (secp256k1_memcmp_var(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; | ||||
} | } | ||||
#endif | #endif | ||||
return ret; | return ret; | ||||
} | } | ||||
static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { | static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { | ||||
size_t i; | size_t i; | ||||
for (i = 0; i < ptrlen; i++) { | for (i = 0; i < ptrlen; i++) { | ||||
▲ Show 20 Lines • Show All 499 Lines • ▼ Show 20 Lines | for (t = 0; t < 2; t++) { | ||||
key[31] = 1; | key[31] = 1; | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); | CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); | ||||
CHECK(is_empty_signature(&sig)); | CHECK(is_empty_signature(&sig)); | ||||
/* The retry loop successfully makes its way to the first good value. */ | /* The retry loop successfully makes its way to the first good value. */ | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); | ||||
CHECK(!is_empty_signature(&sig)); | CHECK(!is_empty_signature(&sig)); | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); | ||||
CHECK(!is_empty_signature(&sig2)); | CHECK(!is_empty_signature(&sig2)); | ||||
CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); | CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); | ||||
/* The default nonce function is deterministic. */ | /* The default nonce function is deterministic. */ | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); | ||||
CHECK(!is_empty_signature(&sig2)); | CHECK(!is_empty_signature(&sig2)); | ||||
CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); | CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); | ||||
/* The default nonce function changes output with different messages. */ | /* The default nonce function changes output with different messages. */ | ||||
for(i = 0; i < 256; i++) { | for(i = 0; i < 256; i++) { | ||||
int j; | int j; | ||||
msg[0] = i; | msg[0] = i; | ||||
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); | CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); | ||||
CHECK(!is_empty_signature(&sig2)); | CHECK(!is_empty_signature(&sig2)); | ||||
secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); | secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); | ||||
for (j = 0; j < i; j++) { | for (j = 0; j < i; j++) { | ||||
Show All 30 Lines | for (t = 0; t < 2; t++) { | ||||
CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); | CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); | ||||
VG_CHECK(nonce,32); | VG_CHECK(nonce,32); | ||||
CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); | CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); | ||||
VG_CHECK(nonce2,32); | VG_CHECK(nonce2,32); | ||||
CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); | CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); | ||||
VG_CHECK(nonce3,32); | VG_CHECK(nonce3,32); | ||||
CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); | CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); | ||||
VG_CHECK(nonce4,32); | VG_CHECK(nonce4,32); | ||||
CHECK(memcmp(nonce, nonce2, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0); | ||||
CHECK(memcmp(nonce, nonce3, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce, nonce3, 32) != 0); | ||||
CHECK(memcmp(nonce, nonce4, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce, nonce4, 32) != 0); | ||||
CHECK(memcmp(nonce2, nonce3, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce2, nonce3, 32) != 0); | ||||
CHECK(memcmp(nonce2, nonce4, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce2, nonce4, 32) != 0); | ||||
CHECK(memcmp(nonce3, nonce4, 32) != 0); | CHECK(secp256k1_memcmp_var(nonce3, nonce4, 32) != 0); | ||||
} | } | ||||
/* Privkey export where pubkey is the point at infinity. */ | /* Privkey export where pubkey is the point at infinity. */ | ||||
{ | { | ||||
unsigned char privkey[300]; | unsigned char privkey[300]; | ||||
unsigned char seckey[32] = { | unsigned char seckey[32] = { | ||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||||
▲ Show 20 Lines • Show All 94 Lines • ▼ Show 20 Lines | |||||
void run_memczero_test(void) { | void run_memczero_test(void) { | ||||
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; | unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; | ||||
unsigned char buf2[sizeof(buf1)]; | unsigned char buf2[sizeof(buf1)]; | ||||
/* memczero(..., ..., 0) is a noop. */ | /* memczero(..., ..., 0) is a noop. */ | ||||
memcpy(buf2, buf1, sizeof(buf1)); | memcpy(buf2, buf1, sizeof(buf1)); | ||||
memczero(buf1, sizeof(buf1), 0); | memczero(buf1, sizeof(buf1), 0); | ||||
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); | CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); | ||||
/* memczero(..., ..., 1) zeros the buffer. */ | /* memczero(..., ..., 1) zeros the buffer. */ | ||||
memset(buf2, 0, sizeof(buf2)); | memset(buf2, 0, sizeof(buf2)); | ||||
memczero(buf1, sizeof(buf1) , 1); | memczero(buf1, sizeof(buf1) , 1); | ||||
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); | CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); | ||||
} | } | ||||
void int_cmov_test(void) { | void int_cmov_test(void) { | ||||
int r = INT_MAX; | int r = INT_MAX; | ||||
int a = 0; | int a = 0; | ||||
secp256k1_int_cmov(&r, &a, 0); | secp256k1_int_cmov(&r, &a, 0); | ||||
CHECK(r == INT_MAX); | CHECK(r == INT_MAX); | ||||
Show All 22 Lines | void fe_cmov_test(void) { | ||||
static const secp256k1_fe max = SECP256K1_FE_CONST( | static const secp256k1_fe max = SECP256K1_FE_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
); | ); | ||||
secp256k1_fe r = max; | secp256k1_fe r = max; | ||||
secp256k1_fe a = zero; | secp256k1_fe a = zero; | ||||
secp256k1_fe_cmov(&r, &a, 0); | secp256k1_fe_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
r = zero; a = max; | r = zero; a = max; | ||||
secp256k1_fe_cmov(&r, &a, 1); | secp256k1_fe_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
a = zero; | a = zero; | ||||
secp256k1_fe_cmov(&r, &a, 1); | secp256k1_fe_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); | ||||
a = one; | a = one; | ||||
secp256k1_fe_cmov(&r, &a, 1); | secp256k1_fe_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
r = one; a = zero; | r = one; a = zero; | ||||
secp256k1_fe_cmov(&r, &a, 0); | secp256k1_fe_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
} | } | ||||
void fe_storage_cmov_test(void) { | void fe_storage_cmov_test(void) { | ||||
static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); | static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); | ||||
static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); | static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); | ||||
static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST( | static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
); | ); | ||||
secp256k1_fe_storage r = max; | secp256k1_fe_storage r = max; | ||||
secp256k1_fe_storage a = zero; | secp256k1_fe_storage a = zero; | ||||
secp256k1_fe_storage_cmov(&r, &a, 0); | secp256k1_fe_storage_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
r = zero; a = max; | r = zero; a = max; | ||||
secp256k1_fe_storage_cmov(&r, &a, 1); | secp256k1_fe_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
a = zero; | a = zero; | ||||
secp256k1_fe_storage_cmov(&r, &a, 1); | secp256k1_fe_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); | ||||
a = one; | a = one; | ||||
secp256k1_fe_storage_cmov(&r, &a, 1); | secp256k1_fe_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
r = one; a = zero; | r = one; a = zero; | ||||
secp256k1_fe_storage_cmov(&r, &a, 0); | secp256k1_fe_storage_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
} | } | ||||
void scalar_cmov_test(void) { | void scalar_cmov_test(void) { | ||||
static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); | static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); | ||||
static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); | static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); | ||||
static const secp256k1_scalar max = SECP256K1_SCALAR_CONST( | static const secp256k1_scalar max = SECP256K1_SCALAR_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
); | ); | ||||
secp256k1_scalar r = max; | secp256k1_scalar r = max; | ||||
secp256k1_scalar a = zero; | secp256k1_scalar a = zero; | ||||
secp256k1_scalar_cmov(&r, &a, 0); | secp256k1_scalar_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
r = zero; a = max; | r = zero; a = max; | ||||
secp256k1_scalar_cmov(&r, &a, 1); | secp256k1_scalar_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
a = zero; | a = zero; | ||||
secp256k1_scalar_cmov(&r, &a, 1); | secp256k1_scalar_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); | ||||
a = one; | a = one; | ||||
secp256k1_scalar_cmov(&r, &a, 1); | secp256k1_scalar_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
r = one; a = zero; | r = one; a = zero; | ||||
secp256k1_scalar_cmov(&r, &a, 0); | secp256k1_scalar_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
} | } | ||||
void ge_storage_cmov_test(void) { | void ge_storage_cmov_test(void) { | ||||
static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); | static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); | ||||
static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); | static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); | ||||
static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST( | static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST( | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, | ||||
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL | ||||
); | ); | ||||
secp256k1_ge_storage r = max; | secp256k1_ge_storage r = max; | ||||
secp256k1_ge_storage a = zero; | secp256k1_ge_storage a = zero; | ||||
secp256k1_ge_storage_cmov(&r, &a, 0); | secp256k1_ge_storage_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
r = zero; a = max; | r = zero; a = max; | ||||
secp256k1_ge_storage_cmov(&r, &a, 1); | secp256k1_ge_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &max, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); | ||||
a = zero; | a = zero; | ||||
secp256k1_ge_storage_cmov(&r, &a, 1); | secp256k1_ge_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); | ||||
a = one; | a = one; | ||||
secp256k1_ge_storage_cmov(&r, &a, 1); | secp256k1_ge_storage_cmov(&r, &a, 1); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
r = one; a = zero; | r = one; a = zero; | ||||
secp256k1_ge_storage_cmov(&r, &a, 0); | secp256k1_ge_storage_cmov(&r, &a, 0); | ||||
CHECK(memcmp(&r, &one, sizeof(r)) == 0); | CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); | ||||
} | } | ||||
void run_cmov_tests(void) { | void run_cmov_tests(void) { | ||||
int_cmov_test(); | int_cmov_test(); | ||||
fe_cmov_test(); | fe_cmov_test(); | ||||
fe_storage_cmov_test(); | fe_storage_cmov_test(); | ||||
scalar_cmov_test(); | scalar_cmov_test(); | ||||
ge_storage_cmov_test(); | ge_storage_cmov_test(); | ||||
▲ Show 20 Lines • Show All 133 Lines • Show Last 20 Lines |