rewrote tests; removed trick for generating valid 64-byte ecdsa

OK, thanks for the in depth ideas on how to organize this.

Possibly the whole business about generating valid 64 byte ECDSA sigs can be taken out...

Note that when the old tests were applied, 7 of them failed due to the change in specification to ban 64+1-byte ECDSA sigs in CHECKMULTISIG. They were updated accordingly.

rebase; add comments; use new lcg.h test module

rm comment

rebased

changed name; misc comments from amaury

changed to return 32bit; expand attribution & explanation; more tests

updated to use D2480

ok!

ensure flags=00000...000 is done at start; rewrap LCG as class & separate test

rebased on top of D2477 and D2475 ; finished changes to sigencoding; added sigencoding_tests.

OK looks good, I added a couple of comments showing how this will have to integrate with the schnorr flag

In D2477#56464, @Mengerian wrote:

@markblundeberg Have a look at D2478. Does it make more sense with that one added after?

I split the refactor into two, this one to pave the way for banning 64-byte ECDSA signatures, and D2478 to make it easy to add Schnorr.

My idea is to add the code to restrict 64-byte signature inside CheckRawECDSASignatureEncoding, and add the code allowing 64-byte signatures (with no DER checks) in CheckRawSignatureEncoding

Maybe it would be less confusing if I combine the diffs into one.

(CheckTransactionECDSASignatureEncoding could also be called CheckTransactionSignatureEncodingButNo65ByteSignaturesAllowedIfSchnorrEnabled, at least that is the function that CHECKMULTISIG must call per specification.)

Does this hit enough flag combinations? See comments in the code..

Beautifully simple way to do an exception, which is reflected in the shortness of the Diff.

Note: this python code reproduces the first Schnorr deterministic signature

#!/usr/bin/env python3
# Reproduce Bitcoin ABC's deterministic Schnorr signature near end of key_tests.cpp

rebase

• remove pubkey generation from SignSchnorr()
• switch from data() to begin() in key_tests

add tests using VALID 64-byte ECDSA signatures

restrict usage of msigflags to the signature-checking loop

add a buttload of tests

Went over this in fine detail all over again. Still good. 👍

In D2348#55935, @deadalnix wrote:

OK so I was an idiot and begin is the way to go with std::copy. Most of the code use memcpy so I was confused. Either way it's fine as std::copy knows about pointers.

In D2455#55930, @deadalnix wrote:

This needs WAY more tests.

This is a full implementation of the required changes in the main code, but with tests missing.

rebased

In D2430#55534, @jasonbcox wrote:

Regarding the warning: https://github.com/bitcoin/bitcoin/issues/10030 Looks like Core didn't care about the issue much either.

In D2430#55413, @Fabien wrote:

@markblundeberg Did you activate the undefined sanitizer (ubsan) ? This would explain your warning, this is a tool limitation.

I am now getting a warning when compiling script_tests.cpp, I guess because that script builder is too long:

oops, forgot to include a commit

being replaced ...

rebased

reordered hashing: fixed size args first, then pubkey, then signature

rename test flagsets; remove unnamed flags from TEST_VARIANT_FLAGS

In D2419#55021, @Mengerian wrote:

Shouldn't we go straight to 0.19.0?

@Fabien @Mengerian you need to have coin control settings enabled to see the radio, and it becomes selectable once you select some coins to spend --

Great idea, code changes look good.

remove comment from code per earlier discussion

rebased on new sigcache testing code (D2409) and added testset

@jasonbcox if you think these comments are a bad idea I can abandon this diff, no worries. I don't want to refactor the code in any way though ... even though it's apparently trivial, this is too scary for me given the history of this particular function. :-D

@deadalnix If you have any more changes to request please commandeer the revision and go right ahead and make the changes you have in mind. I would like to be working on building actual tests for Schnorr security rather than this.

add more descriptive name and move around initialization in test

I'm curious, how efficient are abstractions like this in terms of compilation optimization? Should this end up creating the same assembly for VerifySignature(). ?

refactored per @deadalnix comment (adjusted to work)

renamed things; added a few more tests