Squashed 'src/secp256k1/' changes from 21ffe4b22a9..bdf39000b9c

bdf39000b9c Merge bitcoin-core/secp256k1#1223: release: prepare for 0.3.0 b40adf23604 release: prepare for 0.3.0 90b513aadad Merge bitcoin-core/secp256k1#1229: cmake: Rename project to "libsecp256k1" 8be82d43628 cmake: Rename project to "libsecp256k1" ef4f8bd0259 Merge bitcoin-core/secp256k1#1227: readme: Use correct build type in CMake/Windows build instructions 756b61d451d readme: Use correct build type in CMake/Windows build instructions 3295aa149bd Merge bitcoin-core/secp256k1#1225: changelog: Add entry for CMake 92098d84cf7 changelog: Add entry for CMake df323b5c146 Merge bitcoin-core/secp256k1#1113: build: Add CMake-based build system e1eb33724c2 ci: Add "x86_64: Windows (VS 2022)" task 10602b0030e cmake: Export config files 5468d709644 build: Add CMake-based build system 6048e6c03e4 Merge bitcoin-core/secp256k1#1222: Remove redundant checks. eb8749fcd0f Merge bitcoin-core/secp256k1#1221: Update Changelog 5d8f53e3129 Remove redudent checks. 9d1b458d5fb Merge bitcoin-core/secp256k1#1217: Add secp256k1_fe_add_int function d232112fa7e Update Changelog 8962fc95bb0 Merge bitcoin-core/secp256k1#1218: Update overflow check 2ef1c9b3870 Update overflow check 57573187826 Merge bitcoin-core/secp256k1#1212: Prevent dead-store elimination when clearing secrets in examples b081f7e4cbf Add secp256k1_fe_add_int function 5660c137552 prevent optimization in algorithms 09b1d466db7 Merge bitcoin-core/secp256k1#979: Native jacobi symbol algorithm ce3cfc78a60 doc: Describe Jacobi calculation in safegcd_implementation.md 6be01036c8a Add secp256k1_fe_is_square_var function 1de2a01c2b2 Native jacobi symbol algorithm 04c6c1b1816 Make secp256k1_modinv64_det_check_pow2 support abs val 5fffb2c7af5 Make secp256k1_i128_check_pow2 support -(2^n) cbd25559343 Merge bitcoin-core/secp256k1#1209: build: Add SECP256K1_API_VAR to fix importing variables from DLLs 1b21aa51752 Merge bitcoin-core/secp256k1#1078: group: Save a normalize_to_zero in gej_add_ge e4330341bd6 ci: Shutdown wineserver whenever CI script exits 9a5a611a21f build: Suppress stupid MSVC linker warning 739c53b19a2 examples: Extend sig examples by call that uses static context 914276e4d27 build: Add SECP256K1_API_VAR to fix importing variables from DLLs 1cca7c1744b Merge bitcoin-core/secp256k1#1206: build: Add -Wreserved-identifier supported by clang 8c7e0fc1de0 build: Add -Wreserved-identifier supported by clang 8ebe5c52050 Merge bitcoin-core/secp256k1#1201: ci: Do not set git's `user.{email,name}` config options 5596ec5c2cf Merge bitcoin-core/secp256k1#1203: Do not link `bench` and `ctime_tests` to `COMMON_LIB` ef39721ccce Do not link `bench` and `ctime_tests` to `COMMON_LIB` 9b60e3148d8 ci: Do not set git's `user.{email,name}` config options e1817a6f54f Merge bitcoin-core/secp256k1#1199: ci: Minor improvements inspired by Bitcoin Core 1bff2005885 Merge bitcoin-core/secp256k1#1200: Drop no longer used Autoheader macros 9b7d18669dc Drop no longer used Autoheader macros c2415866c7a ci: Don't fetch git history 0ecf3188515 ci: Use remote pull/merge ref instead of local git merge 2b77240b3ba Merge bitcoin-core/secp256k1#1172: benchmarks: fix bench_scalar_split eb6bebaee39 scalar: restrict split_lambda args, improve doc and VERIFY_CHECKs 7f49aa7f2dc ci: add test job with -DVERIFY 620ba3d74be benchmarks: fix bench_scalar_split 5fbff5d348f Merge bitcoin-core/secp256k1#1170: contexts: Forbid destroying, cloning and randomizing the static context 233822d849d Merge bitcoin-core/secp256k1#1195: ctime_tests: improve output when CHECKMEM_RUNNING is not defined ad7433b1409 Merge bitcoin-core/secp256k1#1196: Drop no longer used variables from the build system e39d954f118 tests: Add CHECK_ILLEGAL(_VOID) macros and use in static ctx tests 2cd4e3c0a97 Drop no longer used `SECP_{LIBS,INCLUDE}` variables 613626f94c7 Drop no longer used `SECP_TEST_{LIBS,INCLUDE}` variables 61841fc9ee5 contexts: Forbid randomizing secp256k1_context_static 4b6df5e33e1 contexts: Forbid cloning/destroying secp256k1_context_static b1579cf5fb4 Merge bitcoin-core/secp256k1#1194: Ensure safety of ctz_debruijn implementation. 8f51229e034 ctime_tests: improve output when CHECKMEM_RUNNING is not defined d6ff738d5bb Ensure safety of ctz_debruijn implementation. a01a7d86dc2 Merge bitcoin-core/secp256k1#1192: Switch to exhaustive groups with small B coefficient a7a7bfaf3dc Merge bitcoin-core/secp256k1#1190: Make all non-API functions (except main) static f29a3270923 Merge bitcoin-core/secp256k1#1169: Add support for msan instead of valgrind (for memcheck and ctime test) ff8edf89e2e Merge bitcoin-core/secp256k1#1193: Add `noverify_tests` to `.gitignore` ce60785b265 Introduce SECP256K1_B macro for curve b coefficient 4934aa79958 Switch to exhaustive groups with small B coefficient d4a6b58df74 Add `noverify_tests` to `.gitignore` 88e80722d2a Merge bitcoin-core/secp256k1#1160: Makefile: add `-I$(top_srcdir)/{include,src}` to `CPPFLAGS` for precomputed 0f088ec1126 Rename CTIMETEST -> CTIMETESTS 74b026f05d5 Add runtime checking for DECLASSIFY flag 5e2e6fcfc0e Run ctime test in Linux MSan CI job 18974061a3f Make ctime tests building configurable 5048be17e93 Rename valgrind_ctime_test -> ctime_tests 6eed6c18ded Update error messages to suggest msan as well 8e11f89a685 Add support for msan integration to checkmem.h 8dc64079eb1 Add compile-time error to valgrind_ctime_test 0db05a770eb Abstract interactions with valgrind behind new checkmem.h 4f1a54e41d8 Move valgrind CPPFLAGS into SECP_CONFIG_DEFINES cc3b8a4f404 Merge bitcoin-core/secp256k1#1187: refactor: Rename global variables in tests 9a93f48f502 refactor: Rename STTC to STATIC_CTX in tests 3385a2648d7 refactor: Rename global variables to uppercase in tests e03ef865593 Make all non-API functions (except main) static cbe41ac138b Merge bitcoin-core/secp256k1#1188: tests: Add noverify_tests which is like tests but without VERIFY 203760023c6 tests: Add noverify_tests which is like tests but without VERIFY e862c4af0c5 Makefile: add -I$(top_srcdir)/src to CPPFLAGS for precomputed 0eb3000417f Merge bitcoin-core/secp256k1#1186: tests: Tidy context tests 39e8f0e3d7b refactor: Separate run_context_tests into static vs proper contexts a4a09379b1a tests: Clean up and improve run_context_tests() further fc90bb56956 refactor: Tidy up main() f32a36f620e tests: Don't use global context for context tests ce4f936c4fa tests: Tidy run_context_tests() by extracting functions 18e0db30cb4 tests: Don't recreate global context in scratch space test b19806122e9 tests: Use global copy of secp256k1_context_static instead of clone 2a39ac162e0 Merge bitcoin-core/secp256k1#1185: Drop `SECP_CONFIG_DEFINES` from examples 2f9ca284e2a Drop `SECP_CONFIG_DEFINES` from examples 31ed5386e84 Merge bitcoin-core/secp256k1#1183: Bugfix: pass SECP_CONFIG_DEFINES to bench compilation c0a555b2ae3 Bugfix: pass SECP_CONFIG_DEFINES to bench compilation 01b819a8c7d Merge bitcoin-core/secp256k1#1158: Add a secp256k1_i128_to_u64 function. eacad90f699 Merge bitcoin-core/secp256k1#1171: Change ARG_CHECK_NO_RETURN to ARG_CHECK_VOID which returns (void) 3f57b9f7749 Merge bitcoin-core/secp256k1#1177: Some improvements to the changelog c30b889f17e Clarify that the ABI-incompatible versions are earlier 881fc33d0c1 Consistency in naming of modules 665ba77e793 Merge bitcoin-core/secp256k1#1178: Drop `src/libsecp256k1-config.h` 75d7b7f5bae Merge bitcoin-core/secp256k1#1154: ci: set -u in cirrus.sh to treat unset variables as an error 7a746882013 ci: add missing CFLAGS & CPPFLAGS variable to print_environment c2e0fdadebd ci: set -u in cirrus.sh to treat unset variables as an error 9c5a4d21bbe Do not define unused `HAVE_VALGRIND` macro ad8647f548c Drop no longer relevant files from `.gitignore` b627ba7050b Remove dependency on `src/libsecp256k1-config.h` 9ecf8149a19 Reduce font size in changelog 2dc133a67ff Add more changelog entries ac233e181a5 Add links to diffs to changelog cee8223ef6d Mention semantic versioning in changelog 9a8d65f07f1 Merge bitcoin-core/secp256k1#1174: release cleanup: bump version after 0.2.0 02ebc290f74 release cleanup: bump version after 0.2.0 b6b360efafc doc: improve message of cleanup commit a49e0940ad6 docs: Fix typo 2551cdac903 tests: Fix code formatting c635c1bfd54 Change ARG_CHECK_NO_RETURN to ARG_CHECK_VOID which returns (void) cf66f2357c6 refactor: Add helper function secp256k1_context_is_proper() d2164752053 test secp256k1_i128_to_i64 4bc429019dc Add a secp256k1_i128_to_u64 function. e089eecc1e5 group: Further simply gej_add_ge ac71020ebe0 group: Save a normalize_to_zero in gej_add_ge git-subtree-dir: src/secp256k1 git-subtree-split: bdf39000b9c6a0818e7149ccb500873d079e6e85
author: Pieter Wuille <pieter@wuille.net> 2023-03-08 17:41:24 -0500
committer: Pieter Wuille <pieter@wuille.net> 2023-03-08 17:41:24 -0500
commit: 763079a3f1b937f54e3c2d4166d296f596f7be1b (patch)
tree: 432e081cb198d40ddadf98920f70488ff214d854 /src/ctime_tests.c
parent: 9d47e7b71b2805430e8c7b43816efd225a6ccd8c (diff)
1 files changed, 174 insertions, 0 deletions
diff --git a/src/ctime_tests.c b/src/ctime_tests.c
new file mode 100644
index 0000000000..713eb427d3
--- /dev/null
+++ b/src/ctime_tests.c
@@ -0,0 +1,174 @@
+/***********************************************************************
+ * Copyright (c) 2020 Gregory Maxwell                                  *
+ * Distributed under the MIT software license, see the accompanying    *
+ * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
+ ***********************************************************************/
+
+#include <stdio.h>
+
+#include "../include/secp256k1.h"
+#include "assumptions.h"
+#include "checkmem.h"
+
+#if !SECP256K1_CHECKMEM_ENABLED
+#  error "This tool cannot be compiled without memory-checking interface (valgrind or msan)"
+#endif
+
+#ifdef ENABLE_MODULE_ECDH
+# include "../include/secp256k1_ecdh.h"
+#endif
+
+#ifdef ENABLE_MODULE_RECOVERY
+# include "../include/secp256k1_recovery.h"
+#endif
+
+#ifdef ENABLE_MODULE_EXTRAKEYS
+# include "../include/secp256k1_extrakeys.h"
+#endif
+
+#ifdef ENABLE_MODULE_SCHNORRSIG
+#include "../include/secp256k1_schnorrsig.h"
+#endif
+
+static void run_tests(secp256k1_context *ctx, unsigned char *key);
+
+int main(void) {
+    secp256k1_context* ctx;
+    unsigned char key[32];
+    int ret, i;
+
+    if (!SECP256K1_CHECKMEM_RUNNING()) {
+        fprintf(stderr, "This test can only usefully be run inside valgrind because it was not compiled under msan.\n");
+        fprintf(stderr, "Usage: libtool --mode=execute valgrind ./ctime_tests\n");
+        return 1;
+    }
+    ctx = secp256k1_context_create(SECP256K1_CONTEXT_DECLASSIFY);
+    /** In theory, testing with a single secret input should be sufficient:
+     *  If control flow depended on secrets the tool would generate an error.
+     */
+    for (i = 0; i < 32; i++) {
+        key[i] = i + 65;
+    }
+
+    run_tests(ctx, key);
+
+    /* Test context randomisation. Do this last because it leaves the context
+     * tainted. */
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_context_randomize(ctx, key);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret);
+
+    secp256k1_context_destroy(ctx);
+    return 0;
+}
+
+static void run_tests(secp256k1_context *ctx, unsigned char *key) {
+    secp256k1_ecdsa_signature signature;
+    secp256k1_pubkey pubkey;
+    size_t siglen = 74;
+    size_t outputlen = 33;
+    int i;
+    int ret;
+    unsigned char msg[32];
+    unsigned char sig[74];
+    unsigned char spubkey[33];
+#ifdef ENABLE_MODULE_RECOVERY
+    secp256k1_ecdsa_recoverable_signature recoverable_signature;
+    int recid;
+#endif
+#ifdef ENABLE_MODULE_EXTRAKEYS
+    secp256k1_keypair keypair;
+#endif
+
+    for (i = 0; i < 32; i++) {
+        msg[i] = i + 1;
+    }
+
+    /* Test keygen. */
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
+    SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(secp256k1_pubkey));
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret);
+    CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
+
+    /* Test signing. */
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
+    SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(secp256k1_ecdsa_signature));
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret);
+    CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature));
+
+#ifdef ENABLE_MODULE_ECDH
+    /* Test ECDH. */
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+#endif
+
+#ifdef ENABLE_MODULE_RECOVERY
+    /* Test signing a recoverable signature. */
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
+    SECP256K1_CHECKMEM_DEFINE(&recoverable_signature, sizeof(recoverable_signature));
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret);
+    CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
+    CHECK(recid >= 0 && recid <= 3);
+#endif
+
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ec_seckey_verify(ctx, key);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_ec_seckey_negate(ctx, key);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
+    ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
+    ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    /* Test keypair_create and keypair_xonly_tweak_add. */
+#ifdef ENABLE_MODULE_EXTRAKEYS
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_keypair_create(ctx, &keypair, key);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    /* The tweak is not treated as a secret in keypair_tweak_add */
+    SECP256K1_CHECKMEM_DEFINE(msg, 32);
+    ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    SECP256K1_CHECKMEM_UNDEFINE(&keypair, sizeof(keypair));
+    ret = secp256k1_keypair_sec(ctx, key, &keypair);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+#endif
+
+#ifdef ENABLE_MODULE_SCHNORRSIG
+    SECP256K1_CHECKMEM_UNDEFINE(key, 32);
+    ret = secp256k1_keypair_create(ctx, &keypair, key);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+    ret = secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL);
+    SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
+    CHECK(ret == 1);
+#endif
+}
author	Pieter Wuille <pieter@wuille.net>	2023-03-08 17:41:24 -0500
committer	Pieter Wuille <pieter@wuille.net>	2023-03-08 17:41:24 -0500
commit	763079a3f1b937f54e3c2d4166d296f596f7be1b (patch)
tree	432e081cb198d40ddadf98920f70488ff214d854 /src/ctime_tests.c
parent	9d47e7b71b2805430e8c7b43816efd225a6ccd8c (diff)