Page MenuHomePhabricator
Differential D8037 Diff 24961 src/secp256k1/src/tests.c

Changeset View

Standalone View

View Options

src/secp256k1/src/tests.c

Show First 20 LinesShow All 436 Lines▼ Show 20 Linesvoid run_sha256_tests(void) {
}; };
int i; int i;
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
unsigned char out[32]; unsigned char out[32];
secp256k1_sha256 hasher; secp256k1_sha256 hasher;
secp256k1_sha256_initialize(&hasher); secp256k1_sha256_initialize(&hasher);
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i]));
secp256k1_sha256_finalize(&hasher, out); secp256k1_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0);
if (strlen(inputs[i]) > 0) { if (strlen(inputs[i]) > 0) {
int split = secp256k1_testrand_int(strlen(inputs[i])); int split = secp256k1_testrand_int(strlen(inputs[i]));
secp256k1_sha256_initialize(&hasher); secp256k1_sha256_initialize(&hasher);
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split);
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
secp256k1_sha256_finalize(&hasher, out); secp256k1_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0);
} }
} }
} }
void run_hmac_sha256_tests(void) { void run_hmac_sha256_tests(void) {
static const char *keys[6] = { static const char *keys[6] = {
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
"\x4a\x65\x66\x65", "\x4a\x65\x66\x65",
Show All 20 Linesvoid run_hmac_sha256_tests(void) {
}; };
int i; int i;
for (i = 0; i < 6; i++) { for (i = 0; i < 6; i++) {
secp256k1_hmac_sha256 hasher; secp256k1_hmac_sha256 hasher;
unsigned char out[32]; unsigned char out[32];
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i]));
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i]));
secp256k1_hmac_sha256_finalize(&hasher, out); secp256k1_hmac_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0);
if (strlen(inputs[i]) > 0) { if (strlen(inputs[i]) > 0) {
int split = secp256k1_testrand_int(strlen(inputs[i])); int split = secp256k1_testrand_int(strlen(inputs[i]));
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i]));
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split);
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
secp256k1_hmac_sha256_finalize(&hasher, out); secp256k1_hmac_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0);
} }
} }
} }
void run_rfc6979_hmac_sha256_tests(void) { void run_rfc6979_hmac_sha256_tests(void) {
static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0}; static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0};
static const unsigned char out1[3][32] = { static const unsigned char out1[3][32] = {
{0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb}, {0x4f, 0xe2, 0x95, 0x25, 0xb2, 0x08, 0x68, 0x09, 0x15, 0x9a, 0xcd, 0xf0, 0x50, 0x6e, 0xfb, 0x86, 0xb0, 0xec, 0x93, 0x2c, 0x7b, 0xa4, 0x42, 0x56, 0xab, 0x32, 0x1e, 0x42, 0x1e, 0x67, 0xe9, 0xfb},
Show All 10 Linesvoid run_rfc6979_hmac_sha256_tests(void) {
secp256k1_rfc6979_hmac_sha256 rng; secp256k1_rfc6979_hmac_sha256 rng;
unsigned char out[32]; unsigned char out[32];
int i; int i;
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64);
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32);
CHECK(memcmp(out, out1[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, out1[i], 32) == 0);
} }
secp256k1_rfc6979_hmac_sha256_finalize(&rng); secp256k1_rfc6979_hmac_sha256_finalize(&rng);
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65);
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32);
CHECK(memcmp(out, out1[i], 32) != 0); CHECK(secp256k1_memcmp_var(out, out1[i], 32) != 0);
} }
secp256k1_rfc6979_hmac_sha256_finalize(&rng); secp256k1_rfc6979_hmac_sha256_finalize(&rng);
secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64);
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32);
CHECK(memcmp(out, out2[i], 32) == 0); CHECK(secp256k1_memcmp_var(out, out2[i], 32) == 0);
} }
secp256k1_rfc6979_hmac_sha256_finalize(&rng); secp256k1_rfc6979_hmac_sha256_finalize(&rng);
} }
/***** RANDOM TESTS *****/ /***** RANDOM TESTS *****/
void test_rand_bits(int rand32, int bits) { void test_rand_bits(int rand32, int bits) {
/* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to /* (1-1/2^B)^rounds[B] < 1/10^9, so rounds is the number of iterations to
▲ Show 20 LinesShow All 607 Lines▼ Show 20 Lines#ifndef USE_NUM_NONE
CHECK(overflow == 1); CHECK(overflow == 1);
CHECK(secp256k1_scalar_is_zero(&scalar)); CHECK(secp256k1_scalar_is_zero(&scalar));
/* A scalar with value of the curve order minus one should not overflow. */ /* A scalar with value of the curve order minus one should not overflow. */
bin[31] -= 1; bin[31] -= 1;
secp256k1_scalar_set_b32(&scalar, bin, &overflow); secp256k1_scalar_set_b32(&scalar, bin, &overflow);
CHECK(overflow == 0); CHECK(overflow == 0);
secp256k1_scalar_get_b32(bin_tmp, &scalar); secp256k1_scalar_get_b32(bin_tmp, &scalar);
CHECK(memcmp(bin, bin_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(bin, bin_tmp, 32) == 0);
/* A scalar set to all 1s should overflow. */ /* A scalar set to all 1s should overflow. */
memset(bin, 0xFF, 32); memset(bin, 0xFF, 32);
secp256k1_scalar_set_b32(&scalar, bin, &overflow); secp256k1_scalar_set_b32(&scalar, bin, &overflow);
CHECK(overflow == 1); CHECK(overflow == 1);
CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order)); CHECK(secp256k1_scalar_eq(&scalar, &all_ones_minus_order));
} }
#endif #endif
▲ Show 20 LinesShow All 671 Lines▼ Show 20 Linesvoid run_field_convert(void) {
secp256k1_fe_storage fes2; secp256k1_fe_storage fes2;
/* Check conversions to fe. */ /* Check conversions to fe. */
CHECK(secp256k1_fe_set_b32(&fe2, b32)); CHECK(secp256k1_fe_set_b32(&fe2, b32));
CHECK(secp256k1_fe_equal_var(&fe, &fe2)); CHECK(secp256k1_fe_equal_var(&fe, &fe2));
secp256k1_fe_from_storage(&fe2, &fes); secp256k1_fe_from_storage(&fe2, &fes);
CHECK(secp256k1_fe_equal_var(&fe, &fe2)); CHECK(secp256k1_fe_equal_var(&fe, &fe2));
/* Check conversion from fe. */ /* Check conversion from fe. */
secp256k1_fe_get_b32(b322, &fe); secp256k1_fe_get_b32(b322, &fe);
CHECK(memcmp(b322, b32, 32) == 0); CHECK(secp256k1_memcmp_var(b322, b32, 32) == 0);
secp256k1_fe_to_storage(&fes2, &fe); secp256k1_fe_to_storage(&fes2, &fe);
CHECK(memcmp(&fes2, &fes, sizeof(fes)) == 0); CHECK(secp256k1_memcmp_var(&fes2, &fes, sizeof(fes)) == 0);
} }
int fe_memcmp(const secp256k1_fe *a, const secp256k1_fe *b) { int fe_secp256k1_memcmp_var(const secp256k1_fe *a, const secp256k1_fe *b) {
secp256k1_fe t = *b; secp256k1_fe t = *b;
#ifdef VERIFY #ifdef VERIFY
t.magnitude = a->magnitude; t.magnitude = a->magnitude;
t.normalized = a->normalized; t.normalized = a->normalized;
#endif #endif
return memcmp(a, &t, sizeof(secp256k1_fe)); return secp256k1_memcmp_var(a, &t, sizeof(secp256k1_fe));
} }
void run_field_misc(void) { void run_field_misc(void) {
secp256k1_fe x; secp256k1_fe x;
secp256k1_fe y; secp256k1_fe y;
secp256k1_fe z; secp256k1_fe z;
secp256k1_fe q; secp256k1_fe q;
secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5);
Show All 9 Lines for (i = 0; i < 5*count; i++) {
secp256k1_fe_add(&z,&y); secp256k1_fe_add(&z,&y);
/* Test fe conditional move; z is not normalized here. */ /* Test fe conditional move; z is not normalized here. */
q = x; q = x;
secp256k1_fe_cmov(&x, &z, 0); secp256k1_fe_cmov(&x, &z, 0);
#ifdef VERIFY #ifdef VERIFY
CHECK(x.normalized && x.magnitude == 1); CHECK(x.normalized && x.magnitude == 1);
#endif #endif
secp256k1_fe_cmov(&x, &x, 1); secp256k1_fe_cmov(&x, &x, 1);
CHECK(fe_memcmp(&x, &z) != 0); CHECK(fe_secp256k1_memcmp_var(&x, &z) != 0);
CHECK(fe_memcmp(&x, &q) == 0); CHECK(fe_secp256k1_memcmp_var(&x, &q) == 0);
secp256k1_fe_cmov(&q, &z, 1); secp256k1_fe_cmov(&q, &z, 1);
#ifdef VERIFY #ifdef VERIFY
CHECK(!q.normalized && q.magnitude == z.magnitude); CHECK(!q.normalized && q.magnitude == z.magnitude);
#endif #endif
CHECK(fe_memcmp(&q, &z) == 0); CHECK(fe_secp256k1_memcmp_var(&q, &z) == 0);
secp256k1_fe_normalize_var(&x); secp256k1_fe_normalize_var(&x);
secp256k1_fe_normalize_var(&z); secp256k1_fe_normalize_var(&z);
CHECK(!secp256k1_fe_equal_var(&x, &z)); CHECK(!secp256k1_fe_equal_var(&x, &z));
secp256k1_fe_normalize_var(&q); secp256k1_fe_normalize_var(&q);
secp256k1_fe_cmov(&q, &z, (i&1)); secp256k1_fe_cmov(&q, &z, (i&1));
#ifdef VERIFY #ifdef VERIFY
CHECK(q.normalized && q.magnitude == 1); CHECK(q.normalized && q.magnitude == 1);
#endif #endif
for (j = 0; j < 6; j++) { for (j = 0; j < 6; j++) {
secp256k1_fe_negate(&z, &z, j+1); secp256k1_fe_negate(&z, &z, j+1);
secp256k1_fe_normalize_var(&q); secp256k1_fe_normalize_var(&q);
secp256k1_fe_cmov(&q, &z, (j&1)); secp256k1_fe_cmov(&q, &z, (j&1));
#ifdef VERIFY #ifdef VERIFY
CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1)); CHECK((q.normalized != (j&1)) && q.magnitude == ((j&1) ? z.magnitude : 1));
#endif #endif
} }
secp256k1_fe_normalize_var(&z); secp256k1_fe_normalize_var(&z);
/* Test storage conversion and conditional moves. */ /* Test storage conversion and conditional moves. */
secp256k1_fe_to_storage(&xs, &x); secp256k1_fe_to_storage(&xs, &x);
secp256k1_fe_to_storage(&ys, &y); secp256k1_fe_to_storage(&ys, &y);
secp256k1_fe_to_storage(&zs, &z); secp256k1_fe_to_storage(&zs, &z);
secp256k1_fe_storage_cmov(&zs, &xs, 0); secp256k1_fe_storage_cmov(&zs, &xs, 0);
secp256k1_fe_storage_cmov(&zs, &zs, 1); secp256k1_fe_storage_cmov(&zs, &zs, 1);
CHECK(memcmp(&xs, &zs, sizeof(xs)) != 0); CHECK(secp256k1_memcmp_var(&xs, &zs, sizeof(xs)) != 0);
secp256k1_fe_storage_cmov(&ys, &xs, 1); secp256k1_fe_storage_cmov(&ys, &xs, 1);
CHECK(memcmp(&xs, &ys, sizeof(xs)) == 0); CHECK(secp256k1_memcmp_var(&xs, &ys, sizeof(xs)) == 0);
secp256k1_fe_from_storage(&x, &xs); secp256k1_fe_from_storage(&x, &xs);
secp256k1_fe_from_storage(&y, &ys); secp256k1_fe_from_storage(&y, &ys);
secp256k1_fe_from_storage(&z, &zs); secp256k1_fe_from_storage(&z, &zs);
/* Test that mul_int, mul, and add agree. */ /* Test that mul_int, mul, and add agree. */
secp256k1_fe_add(&y, &x); secp256k1_fe_add(&y, &x);
secp256k1_fe_add(&y, &x); secp256k1_fe_add(&y, &x);
z = x; z = x;
secp256k1_fe_mul_int(&z, 3); secp256k1_fe_mul_int(&z, 3);
▲ Show 20 LinesShow All 517 Lines▼ Show 20 Lines for (i = 1; i <= 6; i++) {
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s);
secp256k1_ge_set_gej(&Q, &Qj); secp256k1_ge_set_gej(&Q, &Qj);
secp256k1_pubkey_save(&data[i - 1], &Q); secp256k1_pubkey_save(&data[i - 1], &Q);
d[i - 1] = &data[i - 1]; d[i - 1] = &data[i - 1];
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum);
secp256k1_ge_set_gej(&Q, &Qj); secp256k1_ge_set_gej(&Q, &Qj);
secp256k1_pubkey_save(&sd, &Q); secp256k1_pubkey_save(&sd, &Q);
CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1);
CHECK(memcmp(&sd, &sd2, sizeof(sd)) == 0); CHECK(secp256k1_memcmp_var(&sd, &sd2, sizeof(sd)) == 0);
} }
} }
void run_ec_combine(void) { void run_ec_combine(void) {
int i; int i;
for (i = 0; i < count * 8; i++) { for (i = 0; i < count * 8; i++) {
test_ec_combine(); test_ec_combine();
} }
▲ Show 20 LinesShow All 1,104 Lines▼ Show 20 Linesvoid test_scalar_split(void) {
if (secp256k1_scalar_is_high(&s1)) { if (secp256k1_scalar_is_high(&s1)) {
secp256k1_scalar_negate(&s1, &s1); secp256k1_scalar_negate(&s1, &s1);
} }
if (secp256k1_scalar_is_high(&slam)) { if (secp256k1_scalar_is_high(&slam)) {
secp256k1_scalar_negate(&slam, &slam); secp256k1_scalar_negate(&slam, &slam);
} }
secp256k1_scalar_get_b32(tmp, &s1); secp256k1_scalar_get_b32(tmp, &s1);
CHECK(memcmp(zero, tmp, 16) == 0); CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0);
secp256k1_scalar_get_b32(tmp, &slam); secp256k1_scalar_get_b32(tmp, &slam);
CHECK(memcmp(zero, tmp, 16) == 0); CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0);
} }
void run_endomorphism_tests(void) { void run_endomorphism_tests(void) {
test_scalar_split(); test_scalar_split();
} }
#endif #endif
void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) {
Show All 31 Lines for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
ecount = 0; ecount = 0;
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
outl = 65; outl = 65;
VG_UNDEF(pubkeyo, 65); VG_UNDEF(pubkeyo, 65);
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
VG_CHECK(pubkeyo, outl); VG_CHECK(pubkeyo, outl);
CHECK(outl == 33); CHECK(outl == 33);
CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0); CHECK(secp256k1_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0);
CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
if (ypass) { if (ypass) {
/* This test isn't always done because we decode with alternative signs, so the y won't match. */ /* This test isn't always done because we decode with alternative signs, so the y won't match. */
CHECK(pubkeyo[0] == ysign); CHECK(pubkeyo[0] == ysign);
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1);
memset(&pubkey, 0, sizeof(pubkey)); memset(&pubkey, 0, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
secp256k1_pubkey_save(&pubkey, &ge); secp256k1_pubkey_save(&pubkey, &ge);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
outl = 65; outl = 65;
VG_UNDEF(pubkeyo, 65); VG_UNDEF(pubkeyo, 65);
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1);
VG_CHECK(pubkeyo, outl); VG_CHECK(pubkeyo, outl);
CHECK(outl == 65); CHECK(outl == 65);
CHECK(pubkeyo[0] == 4); CHECK(pubkeyo[0] == 4);
CHECK(memcmp(&pubkeyo[1], input, 64) == 0); CHECK(secp256k1_memcmp_var(&pubkeyo[1], input, 64) == 0);
} }
CHECK(ecount == 0); CHECK(ecount == 0);
} else { } else {
/* These cases must fail to parse. */ /* These cases must fail to parse. */
memset(&pubkey, 0xfe, sizeof(pubkey)); memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0; ecount = 0;
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0);
▲ Show 20 LinesShow All 352 Lines▼ Show 20 Linesvoid run_eckey_edge_case_test(void) {
const secp256k1_pubkey *pubkeys[3]; const secp256k1_pubkey *pubkeys[3];
size_t len; size_t len;
int32_t ecount; int32_t ecount;
/* Group order is too large, reject. */ /* Group order is too large, reject. */
CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0);
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* Maximum value is too large, reject. */ /* Maximum value is too large, reject. */
memset(ctmp, 255, 32); memset(ctmp, 255, 32);
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0);
memset(&pubkey, 1, sizeof(pubkey)); memset(&pubkey, 1, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* Zero is too small, reject. */ /* Zero is too small, reject. */
memset(ctmp, 0, 32); memset(ctmp, 0, 32);
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0);
memset(&pubkey, 1, sizeof(pubkey)); memset(&pubkey, 1, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* One must be accepted. */ /* One must be accepted. */
ctmp[31] = 0x01; ctmp[31] = 0x01;
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1);
memset(&pubkey, 0, sizeof(pubkey)); memset(&pubkey, 0, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
pubkey_one = pubkey; pubkey_one = pubkey;
/* Group order + 1 is too large, reject. */ /* Group order + 1 is too large, reject. */
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
ctmp[31] = 0x42; ctmp[31] = 0x42;
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0);
memset(&pubkey, 1, sizeof(pubkey)); memset(&pubkey, 1, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* -1 must be accepted. */ /* -1 must be accepted. */
ctmp[31] = 0x40; ctmp[31] = 0x40;
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1);
memset(&pubkey, 0, sizeof(pubkey)); memset(&pubkey, 0, sizeof(pubkey));
VG_UNDEF(&pubkey, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1);
VG_CHECK(&pubkey, sizeof(pubkey)); VG_CHECK(&pubkey, sizeof(pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
pubkey_negone = pubkey; pubkey_negone = pubkey;
/* Tweak of zero leaves the value unchanged. */ /* Tweak of zero leaves the value unchanged. */
memset(ctmp2, 0, 32); memset(ctmp2, 0, 32);
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1);
CHECK(memcmp(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); CHECK(secp256k1_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40);
memcpy(&pubkey2, &pubkey, sizeof(pubkey)); memcpy(&pubkey2, &pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Multiply tweak of zero zeroizes the output. */ /* Multiply tweak of zero zeroizes the output. */
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing
seckey, the seckey is zeroized. */ seckey, the seckey is zeroized. */
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
memset(ctmp2, 0, 32); memset(ctmp2, 0, 32);
ctmp2[31] = 0x01; ctmp2[31] = 0x01;
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1);
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0);
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0);
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0);
/* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing
tweak, the seckey is zeroized. */ tweak, the seckey is zeroized. */
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40; ctmp[31] = 0x40;
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0);
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40; ctmp[31] = 0x40;
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0);
CHECK(memcmp(zeros, ctmp, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0);
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40; ctmp[31] = 0x40;
/* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing
tweak, the pubkey is zeroized. */ tweak, the pubkey is zeroized. */
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memcpy(&pubkey, &pubkey2, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* If the resulting key in secp256k1_ec_seckey_tweak_add and /* If the resulting key in secp256k1_ec_seckey_tweak_add and
* secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter * secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter
* case the pubkey is zeroized. */ * case the pubkey is zeroized. */
memcpy(ctmp, orderc, 32); memcpy(ctmp, orderc, 32);
ctmp[31] = 0x40; ctmp[31] = 0x40;
memset(ctmp2, 0, 32); memset(ctmp2, 0, 32);
ctmp2[31] = 1; ctmp2[31] = 1;
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0);
CHECK(memcmp(zeros, ctmp2, 32) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp2, 32) == 0);
ctmp2[31] = 1; ctmp2[31] = 1;
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memcpy(&pubkey, &pubkey2, sizeof(pubkey));
/* Tweak computation wraps and results in a key of 1. */ /* Tweak computation wraps and results in a key of 1. */
ctmp2[31] = 2; ctmp2[31] = 2;
CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1);
CHECK(memcmp(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); CHECK(secp256k1_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1);
ctmp2[31] = 2; ctmp2[31] = 2;
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
ctmp2[31] = 1; ctmp2[31] = 1;
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Tweak mul * 2 = 1+1. */ /* Tweak mul * 2 = 1+1. */
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1);
ctmp2[31] = 2; ctmp2[31] = 2;
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Test argument errors. */ /* Test argument errors. */
ecount = 0; ecount = 0;
secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
CHECK(ecount == 0); CHECK(ecount == 0);
/* Zeroize pubkey on parse error. */ /* Zeroize pubkey on parse error. */
memset(&pubkey, 0, 32); memset(&pubkey, 0, 32);
CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0);
CHECK(ecount == 1); CHECK(ecount == 1);
CHECK(memcmp(&pubkey, zeros, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memcpy(&pubkey, &pubkey2, sizeof(pubkey));
memset(&pubkey2, 0, 32); memset(&pubkey2, 0, 32);
CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0);
CHECK(ecount == 2); CHECK(ecount == 2);
CHECK(memcmp(&pubkey2, zeros, sizeof(pubkey2)) == 0); CHECK(secp256k1_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0);
/* Plain argument errors. */ /* Plain argument errors. */
ecount = 0; ecount = 0;
CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1);
CHECK(ecount == 0); CHECK(ecount == 0);
CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0);
CHECK(ecount == 1); CHECK(ecount == 1);
ecount = 0; ecount = 0;
memset(ctmp2, 0, 32); memset(ctmp2, 0, 32);
Show All 23 Linesvoid run_eckey_edge_case_test(void) {
CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0);
CHECK(ecount == 2); CHECK(ecount == 2);
ecount = 0; ecount = 0;
CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0);
CHECK(ecount == 1); CHECK(ecount == 1);
memset(&pubkey, 1, sizeof(pubkey)); memset(&pubkey, 1, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0);
CHECK(ecount == 2); CHECK(ecount == 2);
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* secp256k1_ec_pubkey_combine tests. */ /* secp256k1_ec_pubkey_combine tests. */
ecount = 0; ecount = 0;
pubkeys[0] = &pubkey_one; pubkeys[0] = &pubkey_one;
VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *)); VG_UNDEF(&pubkeys[0], sizeof(secp256k1_pubkey *));
VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *)); VG_UNDEF(&pubkeys[1], sizeof(secp256k1_pubkey *));
VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *));
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 1); CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0);
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 2); CHECK(ecount == 2);
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 3); CHECK(ecount == 3);
pubkeys[0] = &pubkey_negone; pubkeys[0] = &pubkey_negone;
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3); CHECK(ecount == 3);
len = 33; len = 33;
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1);
CHECK(memcmp(ctmp, ctmp2, 33) == 0); CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0);
/* Result is infinity. */ /* Result is infinity. */
pubkeys[0] = &pubkey_one; pubkeys[0] = &pubkey_one;
pubkeys[1] = &pubkey_negone; pubkeys[1] = &pubkey_negone;
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 3); CHECK(ecount == 3);
/* Passes through infinity but comes out one. */ /* Passes through infinity but comes out one. */
pubkeys[2] = &pubkey_one; pubkeys[2] = &pubkey_one;
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3); CHECK(ecount == 3);
len = 33; len = 33;
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1);
CHECK(memcmp(ctmp, ctmp2, 33) == 0); CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0);
/* Adds to two. */ /* Adds to two. */
pubkeys[1] = &pubkey_one; pubkeys[1] = &pubkey_one;
memset(&pubkey, 255, sizeof(secp256k1_pubkey)); memset(&pubkey, 255, sizeof(secp256k1_pubkey));
VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1);
VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(memcmp(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3); CHECK(ecount == 3);
secp256k1_context_set_illegal_callback(ctx, NULL, NULL); secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
} }
void run_eckey_negate_test(void) { void run_eckey_negate_test(void) {
unsigned char seckey[32]; unsigned char seckey[32];
unsigned char seckey_tmp[32]; unsigned char seckey_tmp[32];
random_scalar_order_b32(seckey); random_scalar_order_b32(seckey);
memcpy(seckey_tmp, seckey, 32); memcpy(seckey_tmp, seckey, 32);
/* Verify negation changes the key and changes it back */ /* Verify negation changes the key and changes it back */
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
CHECK(memcmp(seckey, seckey_tmp, 32) != 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) != 0);
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0);
/* Check that privkey alias gives same result */ /* Check that privkey alias gives same result */
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1);
CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1);
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0);
/* Negating all 0s fails */ /* Negating all 0s fails */
memset(seckey, 0, 32); memset(seckey, 0, 32);
memset(seckey_tmp, 0, 32); memset(seckey_tmp, 0, 32);
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0);
/* Check that seckey is not modified */ /* Check that seckey is not modified */
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0);
/* Negating an overflowing seckey fails and the seckey is zeroed. In this /* Negating an overflowing seckey fails and the seckey is zeroed. In this
* test, the seckey has 16 random bytes to ensure that ec_seckey_negate * test, the seckey has 16 random bytes to ensure that ec_seckey_negate
* doesn't just set seckey to a constant value in case of failure. */ * doesn't just set seckey to a constant value in case of failure. */
random_scalar_order_b32(seckey); random_scalar_order_b32(seckey);
memset(seckey, 0xFF, 16); memset(seckey, 0xFF, 16);
memset(seckey_tmp, 0, 32); memset(seckey_tmp, 0, 32);
CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0);
CHECK(memcmp(seckey, seckey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0);
} }
void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) {
secp256k1_scalar nonce; secp256k1_scalar nonce;
do { do {
random_scalar_order_test(&nonce); random_scalar_order_test(&nonce);
} while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid));
} }
▲ Show 20 LinesShow All 72 Lines▼ Show 20 Linesstatic int nonce_function_test_retry(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
if (counter > 5) { if (counter > 5) {
return 0; return 0;
} }
return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5);
} }
int is_empty_signature(const secp256k1_ecdsa_signature *sig) { int is_empty_signature(const secp256k1_ecdsa_signature *sig) {
static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0};
return memcmp(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; return secp256k1_memcmp_var(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0;
} }
void test_ecdsa_end_to_end(void) { void test_ecdsa_end_to_end(void) {
unsigned char extra[32] = {0x00}; unsigned char extra[32] = {0x00};
unsigned char privkey[32]; unsigned char privkey[32];
unsigned char message[32]; unsigned char message[32];
unsigned char privkey2[32]; unsigned char privkey2[32];
secp256k1_ecdsa_signature signature[6]; secp256k1_ecdsa_signature signature[6];
Show All 23 Linesvoid test_ecdsa_end_to_end(void) {
/* Verify exporting and importing public key. */ /* Verify exporting and importing public key. */
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED));
memset(&pubkey, 0, sizeof(pubkey)); memset(&pubkey, 0, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1);
/* Verify negation changes the key and changes it back */ /* Verify negation changes the key and changes it back */
memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1);
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0);
CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1);
CHECK(memcmp(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0);
/* Verify private key import and export. */ /* Verify private key import and export. */
CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1));
CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1);
CHECK(memcmp(privkey, privkey2, 32) == 0); CHECK(secp256k1_memcmp_var(privkey, privkey2, 32) == 0);
/* Optionally tweak the keys using addition. */ /* Optionally tweak the keys using addition. */
if (secp256k1_testrand_int(3) == 0) { if (secp256k1_testrand_int(3) == 0) {
int ret1; int ret1;
int ret2; int ret2;
int ret3; int ret3;
unsigned char rnd[32]; unsigned char rnd[32];
unsigned char privkey_tmp[32]; unsigned char privkey_tmp[32];
secp256k1_pubkey pubkey2; secp256k1_pubkey pubkey2;
secp256k1_testrand256_test(rnd); secp256k1_testrand256_test(rnd);
memcpy(privkey_tmp, privkey, 32); memcpy(privkey_tmp, privkey, 32);
ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd);
ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd);
/* Check that privkey alias gives same result */ /* Check that privkey alias gives same result */
ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd);
CHECK(ret1 == ret2); CHECK(ret1 == ret2);
CHECK(ret2 == ret3); CHECK(ret2 == ret3);
if (ret1 == 0) { if (ret1 == 0) {
return; return;
} }
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
} }
/* Optionally tweak the keys using multiplication. */ /* Optionally tweak the keys using multiplication. */
if (secp256k1_testrand_int(3) == 0) { if (secp256k1_testrand_int(3) == 0) {
int ret1; int ret1;
int ret2; int ret2;
int ret3; int ret3;
unsigned char rnd[32]; unsigned char rnd[32];
unsigned char privkey_tmp[32]; unsigned char privkey_tmp[32];
secp256k1_pubkey pubkey2; secp256k1_pubkey pubkey2;
secp256k1_testrand256_test(rnd); secp256k1_testrand256_test(rnd);
memcpy(privkey_tmp, privkey, 32); memcpy(privkey_tmp, privkey, 32);
ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd);
ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd);
/* Check that privkey alias gives same result */ /* Check that privkey alias gives same result */
ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd);
CHECK(ret1 == ret2); CHECK(ret1 == ret2);
CHECK(ret2 == ret3); CHECK(ret2 == ret3);
if (ret1 == 0) { if (ret1 == 0) {
return; return;
} }
CHECK(memcmp(privkey, privkey_tmp, 32) == 0); CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0);
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1);
CHECK(memcmp(&pubkey, &pubkey2, sizeof(pubkey)) == 0); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
} }
/* Sign. */ /* Sign. */
CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1);
CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1);
CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1);
extra[31] = 1; extra[31] = 1;
CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1);
extra[31] = 0; extra[31] = 0;
extra[0] = 1; extra[0] = 1;
CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1);
CHECK(memcmp(&signature[0], &signature[4], sizeof(signature[0])) == 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0);
CHECK(memcmp(&signature[0], &signature[1], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0);
CHECK(memcmp(&signature[0], &signature[2], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0);
CHECK(memcmp(&signature[0], &signature[3], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[3], sizeof(signature[0])) != 0);
CHECK(memcmp(&signature[1], &signature[2], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[1], &signature[2], sizeof(signature[0])) != 0);
CHECK(memcmp(&signature[1], &signature[3], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0);
CHECK(memcmp(&signature[2], &signature[3], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0);
/* Verify. */ /* Verify. */
CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1);
/* Test lower-S form, malleate, verify and fail, test again, malleate again */ /* Test lower-S form, malleate, verify and fail, test again, malleate again */
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0]));
secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]);
secp256k1_scalar_negate(&s, &s); secp256k1_scalar_negate(&s, &s);
secp256k1_ecdsa_signature_save(&signature[5], &r, &s); secp256k1_ecdsa_signature_save(&signature[5], &r, &s);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0);
CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5]));
CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5]));
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5]));
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5]));
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1);
secp256k1_scalar_negate(&s, &s); secp256k1_scalar_negate(&s, &s);
secp256k1_ecdsa_signature_save(&signature[5], &r, &s); secp256k1_ecdsa_signature_save(&signature[5], &r, &s);
CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5]));
CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1);
CHECK(memcmp(&signature[5], &signature[0], 64) == 0); CHECK(secp256k1_memcmp_var(&signature[5], &signature[0], 64) == 0);
/* Serialize/parse DER and verify again */ /* Serialize/parse DER and verify again */
CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1);
memset(&signature[0], 0, sizeof(signature[0])); memset(&signature[0], 0, sizeof(signature[0]));
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1);
/* Serialize/destroy/parse DER and verify again. */ /* Serialize/destroy/parse DER and verify again. */
siglen = 74; siglen = 74;
Show All 30 Lines if (secp256k1_eckey_pubkey_parse(&elem, in, len)) {
unsigned char out[65]; unsigned char out[65];
unsigned char firstb; unsigned char firstb;
int res; int res;
size_t size = len; size_t size = len;
firstb = in[0]; firstb = in[0];
/* If the pubkey can be parsed, it should round-trip... */ /* If the pubkey can be parsed, it should round-trip... */
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33));
CHECK(size == len); CHECK(size == len);
CHECK(memcmp(&in[1], &out[1], len-1) == 0); CHECK(secp256k1_memcmp_var(&in[1], &out[1], len-1) == 0);
/* ... except for the type of hybrid inputs. */ /* ... except for the type of hybrid inputs. */
if ((in[0] != 6) && (in[0] != 7)) { if ((in[0] != 6) && (in[0] != 7)) {
CHECK(in[0] == out[0]); CHECK(in[0] == out[0]);
} }
size = 65; size = 65;
CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0));
CHECK(size == 65); CHECK(size == 65);
CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size));
ge_equals_ge(&elem,&elem2); ge_equals_ge(&elem,&elem2);
/* Check that the X9.62 hybrid type is checked. */ /* Check that the X9.62 hybrid type is checked. */
in[0] = secp256k1_testrand_bits(1) ? 6 : 7; in[0] = secp256k1_testrand_bits(1) ? 6 : 7;
res = secp256k1_eckey_pubkey_parse(&elem2, in, size); res = secp256k1_eckey_pubkey_parse(&elem2, in, size);
if (firstb == 2 || firstb == 3) { if (firstb == 2 || firstb == 3) {
if (in[0] == firstb + 4) { if (in[0] == firstb + 4) {
CHECK(res); CHECK(res);
} else { } else {
CHECK(!res); CHECK(!res);
} }
} }
if (res) { if (res) {
ge_equals_ge(&elem,&elem2); ge_equals_ge(&elem,&elem2);
CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0));
CHECK(memcmp(&in[1], &out[1], 64) == 0); CHECK(secp256k1_memcmp_var(&in[1], &out[1], 64) == 0);
} }
} }
} }
void run_random_pubkeys(void) { void run_random_pubkeys(void) {
int i; int i;
for (i = 0; i < 10*count; i++) { for (i = 0; i < 10*count; i++) {
test_random_pubkeys(); test_random_pubkeys();
Show All 39 Lines#ifdef ENABLE_OPENSSL_TESTS
unsigned char roundtrip_openssl[2048]; unsigned char roundtrip_openssl[2048];
int len_openssl = 2048; int len_openssl = 2048;
int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0; int parsed_openssl, valid_openssl = 0, roundtrips_openssl = 0;
#endif #endif
parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen);
if (parsed_der) { if (parsed_der) {
ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0;
valid_der = (memcmp(compact_der, zeroes, 32) != 0) && (memcmp(compact_der + 32, zeroes, 32) != 0); valid_der = (secp256k1_memcmp_var(compact_der, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der + 32, zeroes, 32) != 0);
} }
if (valid_der) { if (valid_der) {
ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1;
roundtrips_der = (len_der == siglen) && memcmp(roundtrip_der, sig, siglen) == 0; roundtrips_der = (len_der == siglen) && secp256k1_memcmp_var(roundtrip_der, sig, siglen) == 0;
} }
parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen);
if (parsed_der_lax) { if (parsed_der_lax) {
ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10;
valid_der_lax = (memcmp(compact_der_lax, zeroes, 32) != 0) && (memcmp(compact_der_lax + 32, zeroes, 32) != 0); valid_der_lax = (secp256k1_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0);
} }
if (valid_der_lax) { if (valid_der_lax) {
ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11;
roundtrips_der_lax = (len_der_lax == siglen) && memcmp(roundtrip_der_lax, sig, siglen) == 0; roundtrips_der_lax = (len_der_lax == siglen) && secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0;
} }
if (certainly_der) { if (certainly_der) {
ret |= (!parsed_der) << 2; ret |= (!parsed_der) << 2;
} }
if (certainly_not_der) { if (certainly_not_der) {
ret |= (parsed_der) << 17; ret |= (parsed_der) << 17;
} }
if (valid_der) { if (valid_der) {
ret |= (!roundtrips_der) << 3; ret |= (!roundtrips_der) << 3;
} }
if (valid_der) { if (valid_der) {
ret |= (!roundtrips_der_lax) << 12; ret |= (!roundtrips_der_lax) << 12;
ret |= (len_der != len_der_lax) << 13; ret |= (len_der != len_der_lax) << 13;
ret |= ((len_der != len_der_lax) || (memcmp(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; ret |= ((len_der != len_der_lax) || (secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14;
} }
ret |= (roundtrips_der != roundtrips_der_lax) << 15; ret |= (roundtrips_der != roundtrips_der_lax) << 15;
if (parsed_der) { if (parsed_der) {
ret |= (!parsed_der_lax) << 16; ret |= (!parsed_der_lax) << 16;
} }
#ifdef ENABLE_OPENSSL_TESTS #ifdef ENABLE_OPENSSL_TESTS
sig_openssl = ECDSA_SIG_new(); sig_openssl = ECDSA_SIG_new();
sigptr = sig; sigptr = sig;
parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL); parsed_openssl = (d2i_ECDSA_SIG(&sig_openssl, &sigptr, siglen) != NULL);
if (parsed_openssl) { if (parsed_openssl) {
ECDSA_SIG_get0(sig_openssl, &r, &s); ECDSA_SIG_get0(sig_openssl, &r, &s);
valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256; valid_openssl = !BN_is_negative(r) && !BN_is_negative(s) && BN_num_bits(r) > 0 && BN_num_bits(r) <= 256 && BN_num_bits(s) > 0 && BN_num_bits(s) <= 256;
if (valid_openssl) { if (valid_openssl) {
unsigned char tmp[32] = {0}; unsigned char tmp[32] = {0};
BN_bn2bin(r, tmp + 32 - BN_num_bytes(r)); BN_bn2bin(r, tmp + 32 - BN_num_bytes(r));
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; valid_openssl = secp256k1_memcmp_var(tmp, max_scalar, 32) < 0;
} }
if (valid_openssl) { if (valid_openssl) {
unsigned char tmp[32] = {0}; unsigned char tmp[32] = {0};
BN_bn2bin(s, tmp + 32 - BN_num_bytes(s)); BN_bn2bin(s, tmp + 32 - BN_num_bytes(s));
valid_openssl = memcmp(tmp, max_scalar, 32) < 0; valid_openssl = secp256k1_memcmp_var(tmp, max_scalar, 32) < 0;
} }
} }
len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL); len_openssl = i2d_ECDSA_SIG(sig_openssl, NULL);
if (len_openssl <= 2048) { if (len_openssl <= 2048) {
unsigned char *ptr = roundtrip_openssl; unsigned char *ptr = roundtrip_openssl;
CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl); CHECK(i2d_ECDSA_SIG(sig_openssl, &ptr) == len_openssl);
roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (memcmp(roundtrip_openssl, sig, siglen) == 0); roundtrips_openssl = valid_openssl && ((size_t)len_openssl == siglen) && (secp256k1_memcmp_var(roundtrip_openssl, sig, siglen) == 0);
} else { } else {
len_openssl = 0; len_openssl = 0;
} }
ECDSA_SIG_free(sig_openssl); ECDSA_SIG_free(sig_openssl);
ret |= (parsed_der && !parsed_openssl) << 4; ret |= (parsed_der && !parsed_openssl) << 4;
ret |= (valid_der && !valid_openssl) << 5; ret |= (valid_der && !valid_openssl) << 5;
ret |= (roundtrips_openssl && !parsed_der) << 6; ret |= (roundtrips_openssl && !parsed_der) << 6;
ret |= (roundtrips_der != roundtrips_openssl) << 7; ret |= (roundtrips_der != roundtrips_openssl) << 7;
if (roundtrips_openssl) { if (roundtrips_openssl) {
ret |= (len_der != (size_t)len_openssl) << 8; ret |= (len_der != (size_t)len_openssl) << 8;
ret |= ((len_der != (size_t)len_openssl) || (memcmp(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9; ret |= ((len_der != (size_t)len_openssl) || (secp256k1_memcmp_var(roundtrip_der, roundtrip_openssl, len_der) != 0)) << 9;
} }
#endif #endif
return ret; return ret;
} }
static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) { static void assign_big_endian(unsigned char *ptr, size_t ptrlen, uint32_t val) {
size_t i; size_t i;
for (i = 0; i < ptrlen; i++) { for (i = 0; i < ptrlen; i++) {
▲ Show 20 LinesShow All 499 Lines▼ Show 20 Lines for (t = 0; t < 2; t++) {
key[31] = 1; key[31] = 1;
CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0);
CHECK(is_empty_signature(&sig)); CHECK(is_empty_signature(&sig));
/* The retry loop successfully makes its way to the first good value. */ /* The retry loop successfully makes its way to the first good value. */
CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1);
CHECK(!is_empty_signature(&sig)); CHECK(!is_empty_signature(&sig));
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1);
CHECK(!is_empty_signature(&sig2)); CHECK(!is_empty_signature(&sig2));
CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0);
/* The default nonce function is deterministic. */ /* The default nonce function is deterministic. */
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1);
CHECK(!is_empty_signature(&sig2)); CHECK(!is_empty_signature(&sig2));
CHECK(memcmp(&sig, &sig2, sizeof(sig)) == 0); CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0);
/* The default nonce function changes output with different messages. */ /* The default nonce function changes output with different messages. */
for(i = 0; i < 256; i++) { for(i = 0; i < 256; i++) {
int j; int j;
msg[0] = i; msg[0] = i;
CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1);
CHECK(!is_empty_signature(&sig2)); CHECK(!is_empty_signature(&sig2));
secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2);
for (j = 0; j < i; j++) { for (j = 0; j < i; j++) {
Show All 30 Lines for (t = 0; t < 2; t++) {
CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1); CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1);
VG_CHECK(nonce,32); VG_CHECK(nonce,32);
CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1); CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1);
VG_CHECK(nonce2,32); VG_CHECK(nonce2,32);
CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1); CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1);
VG_CHECK(nonce3,32); VG_CHECK(nonce3,32);
CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1);
VG_CHECK(nonce4,32); VG_CHECK(nonce4,32);
CHECK(memcmp(nonce, nonce2, 32) != 0); CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
CHECK(memcmp(nonce, nonce3, 32) != 0); CHECK(secp256k1_memcmp_var(nonce, nonce3, 32) != 0);
CHECK(memcmp(nonce, nonce4, 32) != 0); CHECK(secp256k1_memcmp_var(nonce, nonce4, 32) != 0);
CHECK(memcmp(nonce2, nonce3, 32) != 0); CHECK(secp256k1_memcmp_var(nonce2, nonce3, 32) != 0);
CHECK(memcmp(nonce2, nonce4, 32) != 0); CHECK(secp256k1_memcmp_var(nonce2, nonce4, 32) != 0);
CHECK(memcmp(nonce3, nonce4, 32) != 0); CHECK(secp256k1_memcmp_var(nonce3, nonce4, 32) != 0);
} }
/* Privkey export where pubkey is the point at infinity. */ /* Privkey export where pubkey is the point at infinity. */
{ {
unsigned char privkey[300]; unsigned char privkey[300];
unsigned char seckey[32] = { unsigned char seckey[32] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
▲ Show 20 LinesShow All 94 Lines▼ Show 20 Lines
void run_memczero_test(void) { void run_memczero_test(void) {
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
unsigned char buf2[sizeof(buf1)]; unsigned char buf2[sizeof(buf1)];
/* memczero(..., ..., 0) is a noop. */ /* memczero(..., ..., 0) is a noop. */
memcpy(buf2, buf1, sizeof(buf1)); memcpy(buf2, buf1, sizeof(buf1));
memczero(buf1, sizeof(buf1), 0); memczero(buf1, sizeof(buf1), 0);
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
/* memczero(..., ..., 1) zeros the buffer. */ /* memczero(..., ..., 1) zeros the buffer. */
memset(buf2, 0, sizeof(buf2)); memset(buf2, 0, sizeof(buf2));
memczero(buf1, sizeof(buf1) , 1); memczero(buf1, sizeof(buf1) , 1);
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0); CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0);
} }
void int_cmov_test(void) { void int_cmov_test(void) {
int r = INT_MAX; int r = INT_MAX;
int a = 0; int a = 0;
secp256k1_int_cmov(&r, &a, 0); secp256k1_int_cmov(&r, &a, 0);
CHECK(r == INT_MAX); CHECK(r == INT_MAX);
Show All 22 Linesvoid fe_cmov_test(void) {
static const secp256k1_fe max = SECP256K1_FE_CONST( static const secp256k1_fe max = SECP256K1_FE_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
); );
secp256k1_fe r = max; secp256k1_fe r = max;
secp256k1_fe a = zero; secp256k1_fe a = zero;
secp256k1_fe_cmov(&r, &a, 0); secp256k1_fe_cmov(&r, &a, 0);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
r = zero; a = max; r = zero; a = max;
secp256k1_fe_cmov(&r, &a, 1); secp256k1_fe_cmov(&r, &a, 1);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
a = zero; a = zero;
secp256k1_fe_cmov(&r, &a, 1); secp256k1_fe_cmov(&r, &a, 1);
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0);
a = one; a = one;
secp256k1_fe_cmov(&r, &a, 1); secp256k1_fe_cmov(&r, &a, 1);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
r = one; a = zero; r = one; a = zero;
secp256k1_fe_cmov(&r, &a, 0); secp256k1_fe_cmov(&r, &a, 0);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
} }
void fe_storage_cmov_test(void) { void fe_storage_cmov_test(void) {
static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0);
static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1);
static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST( static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
); );
secp256k1_fe_storage r = max; secp256k1_fe_storage r = max;
secp256k1_fe_storage a = zero; secp256k1_fe_storage a = zero;
secp256k1_fe_storage_cmov(&r, &a, 0); secp256k1_fe_storage_cmov(&r, &a, 0);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
r = zero; a = max; r = zero; a = max;
secp256k1_fe_storage_cmov(&r, &a, 1); secp256k1_fe_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
a = zero; a = zero;
secp256k1_fe_storage_cmov(&r, &a, 1); secp256k1_fe_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0);
a = one; a = one;
secp256k1_fe_storage_cmov(&r, &a, 1); secp256k1_fe_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
r = one; a = zero; r = one; a = zero;
secp256k1_fe_storage_cmov(&r, &a, 0); secp256k1_fe_storage_cmov(&r, &a, 0);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
} }
void scalar_cmov_test(void) { void scalar_cmov_test(void) {
static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); static const secp256k1_scalar one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1);
static const secp256k1_scalar max = SECP256K1_SCALAR_CONST( static const secp256k1_scalar max = SECP256K1_SCALAR_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
); );
secp256k1_scalar r = max; secp256k1_scalar r = max;
secp256k1_scalar a = zero; secp256k1_scalar a = zero;
secp256k1_scalar_cmov(&r, &a, 0); secp256k1_scalar_cmov(&r, &a, 0);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
r = zero; a = max; r = zero; a = max;
secp256k1_scalar_cmov(&r, &a, 1); secp256k1_scalar_cmov(&r, &a, 1);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
a = zero; a = zero;
secp256k1_scalar_cmov(&r, &a, 1); secp256k1_scalar_cmov(&r, &a, 1);
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0);
a = one; a = one;
secp256k1_scalar_cmov(&r, &a, 1); secp256k1_scalar_cmov(&r, &a, 1);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
r = one; a = zero; r = one; a = zero;
secp256k1_scalar_cmov(&r, &a, 0); secp256k1_scalar_cmov(&r, &a, 0);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
} }
void ge_storage_cmov_test(void) { void ge_storage_cmov_test(void) {
static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1);
static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST( static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST(
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL,
0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL
); );
secp256k1_ge_storage r = max; secp256k1_ge_storage r = max;
secp256k1_ge_storage a = zero; secp256k1_ge_storage a = zero;
secp256k1_ge_storage_cmov(&r, &a, 0); secp256k1_ge_storage_cmov(&r, &a, 0);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
r = zero; a = max; r = zero; a = max;
secp256k1_ge_storage_cmov(&r, &a, 1); secp256k1_ge_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &max, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0);
a = zero; a = zero;
secp256k1_ge_storage_cmov(&r, &a, 1); secp256k1_ge_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &zero, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0);
a = one; a = one;
secp256k1_ge_storage_cmov(&r, &a, 1); secp256k1_ge_storage_cmov(&r, &a, 1);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
r = one; a = zero; r = one; a = zero;
secp256k1_ge_storage_cmov(&r, &a, 0); secp256k1_ge_storage_cmov(&r, &a, 0);
CHECK(memcmp(&r, &one, sizeof(r)) == 0); CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0);
} }
void run_cmov_tests(void) { void run_cmov_tests(void) {
int_cmov_test(); int_cmov_test();
fe_cmov_test(); fe_cmov_test();
fe_storage_cmov_test(); fe_storage_cmov_test();
scalar_cmov_test(); scalar_cmov_test();
ge_storage_cmov_test(); ge_storage_cmov_test();
▲ Show 20 LinesShow All 133 LinesShow Last 20 Lines