aboutsummaryrefslogtreecommitdiff
path: root/src/tests.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tests.c')
-rw-r--r--src/tests.c182
1 files changed, 172 insertions, 10 deletions
diff --git a/src/tests.c b/src/tests.c
index a146394305..99d9468e29 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -15,8 +15,8 @@
#include <time.h>
#include "secp256k1.c"
-#include "include/secp256k1.h"
-#include "include/secp256k1_preallocated.h"
+#include "../include/secp256k1.h"
+#include "../include/secp256k1_preallocated.h"
#include "testrand_impl.h"
#include "util.h"
@@ -30,8 +30,8 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
# endif
#endif
-#include "contrib/lax_der_parsing.c"
-#include "contrib/lax_der_privatekey_parsing.c"
+#include "../contrib/lax_der_parsing.c"
+#include "../contrib/lax_der_privatekey_parsing.c"
#include "modinv32_impl.h"
#ifdef SECP256K1_WIDEMUL_INT128
@@ -564,6 +564,38 @@ void run_rfc6979_hmac_sha256_tests(void) {
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
}
+void run_tagged_sha256_tests(void) {
+ int ecount = 0;
+ secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
+ unsigned char tag[32] = { 0 };
+ unsigned char msg[32] = { 0 };
+ unsigned char hash32[32];
+ unsigned char hash_expected[32] = {
+ 0x04, 0x7A, 0x5E, 0x17, 0xB5, 0x86, 0x47, 0xC1,
+ 0x3C, 0xC6, 0xEB, 0xC0, 0xAA, 0x58, 0x3B, 0x62,
+ 0xFB, 0x16, 0x43, 0x32, 0x68, 0x77, 0x40, 0x6C,
+ 0xE2, 0x76, 0x55, 0x9A, 0x3B, 0xDE, 0x55, 0xB3
+ };
+
+ secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
+
+ /* API test */
+ CHECK(secp256k1_tagged_sha256(none, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1);
+ CHECK(secp256k1_tagged_sha256(none, NULL, tag, sizeof(tag), msg, sizeof(msg)) == 0);
+ CHECK(ecount == 1);
+ CHECK(secp256k1_tagged_sha256(none, hash32, NULL, 0, msg, sizeof(msg)) == 0);
+ CHECK(ecount == 2);
+ CHECK(secp256k1_tagged_sha256(none, hash32, tag, sizeof(tag), NULL, 0) == 0);
+ CHECK(ecount == 3);
+
+ /* Static test vector */
+ memcpy(tag, "tag", 3);
+ memcpy(msg, "msg", 3);
+ CHECK(secp256k1_tagged_sha256(none, hash32, tag, 3, msg, 3) == 1);
+ CHECK(secp256k1_memcmp_var(hash32, hash_expected, sizeof(hash32)) == 0);
+ secp256k1_context_destroy(none);
+}
+
/***** RANDOM TESTS *****/
void test_rand_bits(int rand32, int bits) {
@@ -2508,6 +2540,70 @@ void run_field_misc(void) {
}
}
+void test_fe_mul(const secp256k1_fe* a, const secp256k1_fe* b, int use_sqr)
+{
+ secp256k1_fe c, an, bn;
+ /* Variables in BE 32-byte format. */
+ unsigned char a32[32], b32[32], c32[32];
+ /* Variables in LE 16x uint16_t format. */
+ uint16_t a16[16], b16[16], c16[16];
+ /* Field modulus in LE 16x uint16_t format. */
+ static const uint16_t m16[16] = {
+ 0xfc2f, 0xffff, 0xfffe, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
+ 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
+ };
+ uint16_t t16[32];
+ int i;
+
+ /* Compute C = A * B in fe format. */
+ c = *a;
+ if (use_sqr) {
+ secp256k1_fe_sqr(&c, &c);
+ } else {
+ secp256k1_fe_mul(&c, &c, b);
+ }
+
+ /* Convert A, B, C into LE 16x uint16_t format. */
+ an = *a;
+ bn = *b;
+ secp256k1_fe_normalize_var(&c);
+ secp256k1_fe_normalize_var(&an);
+ secp256k1_fe_normalize_var(&bn);
+ secp256k1_fe_get_b32(a32, &an);
+ secp256k1_fe_get_b32(b32, &bn);
+ secp256k1_fe_get_b32(c32, &c);
+ for (i = 0; i < 16; ++i) {
+ a16[i] = a32[31 - 2*i] + ((uint16_t)a32[30 - 2*i] << 8);
+ b16[i] = b32[31 - 2*i] + ((uint16_t)b32[30 - 2*i] << 8);
+ c16[i] = c32[31 - 2*i] + ((uint16_t)c32[30 - 2*i] << 8);
+ }
+ /* Compute T = A * B in LE 16x uint16_t format. */
+ mulmod256(t16, a16, b16, m16);
+ /* Compare */
+ CHECK(secp256k1_memcmp_var(t16, c16, 32) == 0);
+}
+
+void run_fe_mul(void) {
+ int i;
+ for (i = 0; i < 100 * count; ++i) {
+ secp256k1_fe a, b, c, d;
+ random_fe(&a);
+ random_field_element_magnitude(&a);
+ random_fe(&b);
+ random_field_element_magnitude(&b);
+ random_fe_test(&c);
+ random_field_element_magnitude(&c);
+ random_fe_test(&d);
+ random_field_element_magnitude(&d);
+ test_fe_mul(&a, &a, 1);
+ test_fe_mul(&c, &c, 1);
+ test_fe_mul(&a, &b, 0);
+ test_fe_mul(&a, &c, 0);
+ test_fe_mul(&c, &b, 0);
+ test_fe_mul(&c, &d, 0);
+ }
+}
+
void run_sqr(void) {
secp256k1_fe x, s;
@@ -2595,7 +2691,7 @@ void test_inverse_scalar(secp256k1_scalar* out, const secp256k1_scalar* x, int v
{
secp256k1_scalar l, r, t;
- (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse_var)(&l, x); /* l = 1/x */
+ (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&l, x); /* l = 1/x */
if (out) *out = l;
if (secp256k1_scalar_is_zero(x)) {
CHECK(secp256k1_scalar_is_zero(&l));
@@ -2605,9 +2701,9 @@ void test_inverse_scalar(secp256k1_scalar* out, const secp256k1_scalar* x, int v
CHECK(secp256k1_scalar_is_one(&t)); /* x*(1/x) == 1 */
secp256k1_scalar_add(&r, x, &scalar_minus_one); /* r = x-1 */
if (secp256k1_scalar_is_zero(&r)) return;
- (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse_var)(&r, &r); /* r = 1/(x-1) */
+ (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&r, &r); /* r = 1/(x-1) */
secp256k1_scalar_add(&l, &scalar_minus_one, &l); /* l = 1/x-1 */
- (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse_var)(&l, &l); /* l = 1/(1/x-1) */
+ (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&l, &l); /* l = 1/(1/x-1) */
secp256k1_scalar_add(&l, &l, &secp256k1_scalar_one); /* l = 1/(1/x-1)+1 */
secp256k1_scalar_add(&l, &r, &l); /* l = 1/(1/x-1)+1 + 1/(x-1) */
CHECK(secp256k1_scalar_is_zero(&l)); /* l == 0 */
@@ -3101,20 +3197,34 @@ void test_ge(void) {
/* Test batch gej -> ge conversion with many infinities. */
for (i = 0; i < 4 * runs + 1; i++) {
+ int odd;
random_group_element_test(&ge[i]);
+ odd = secp256k1_fe_is_odd(&ge[i].x);
+ CHECK(odd == 0 || odd == 1);
/* randomly set half the points to infinity */
- if(secp256k1_fe_is_odd(&ge[i].x)) {
+ if (odd == i % 2) {
secp256k1_ge_set_infinity(&ge[i]);
}
secp256k1_gej_set_ge(&gej[i], &ge[i]);
}
- /* batch invert */
+ /* batch convert */
secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
/* check result */
for (i = 0; i < 4 * runs + 1; i++) {
ge_equals_gej(&ge[i], &gej[i]);
}
+ /* Test batch gej -> ge conversion with all infinities. */
+ for (i = 0; i < 4 * runs + 1; i++) {
+ secp256k1_gej_set_infinity(&gej[i]);
+ }
+ /* batch convert */
+ secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1);
+ /* check result */
+ for (i = 0; i < 4 * runs + 1; i++) {
+ CHECK(secp256k1_ge_is_infinity(&ge[i]));
+ }
+
free(ge);
free(gej);
}
@@ -5434,6 +5544,55 @@ void test_random_pubkeys(void) {
}
}
+void run_pubkey_comparison(void) {
+ unsigned char pk1_ser[33] = {
+ 0x02,
+ 0x58, 0x84, 0xb3, 0xa2, 0x4b, 0x97, 0x37, 0x88, 0x92, 0x38, 0xa6, 0x26, 0x62, 0x52, 0x35, 0x11,
+ 0xd0, 0x9a, 0xa1, 0x1b, 0x80, 0x0b, 0x5e, 0x93, 0x80, 0x26, 0x11, 0xef, 0x67, 0x4b, 0xd9, 0x23
+ };
+ const unsigned char pk2_ser[33] = {
+ 0x02,
+ 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d,
+ 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c
+ };
+ secp256k1_pubkey pk1;
+ secp256k1_pubkey pk2;
+ int32_t ecount = 0;
+
+ CHECK(secp256k1_ec_pubkey_parse(ctx, &pk1, pk1_ser, sizeof(pk1_ser)) == 1);
+ CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk2_ser, sizeof(pk2_ser)) == 1);
+
+ secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, NULL, &pk2) < 0);
+ CHECK(ecount == 1);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, NULL) > 0);
+ CHECK(ecount == 2);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk2) < 0);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk1) > 0);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk1) == 0);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk2) == 0);
+ CHECK(ecount == 2);
+ {
+ secp256k1_pubkey pk_tmp;
+ memset(&pk_tmp, 0, sizeof(pk_tmp)); /* illegal pubkey */
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk_tmp, &pk2) < 0);
+ CHECK(ecount == 3);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk_tmp, &pk_tmp) == 0);
+ CHECK(ecount == 5);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk_tmp) > 0);
+ CHECK(ecount == 6);
+ }
+
+ secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
+
+ /* Make pk2 the same as pk1 but with 3 rather than 2. Note that in
+ * an uncompressed encoding, these would have the opposite ordering */
+ pk1_ser[0] = 3;
+ CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk1_ser, sizeof(pk1_ser)) == 1);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk2) < 0);
+ CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk1) > 0);
+}
+
void run_random_pubkeys(void) {
int i;
for (i = 0; i < 10*count; i++) {
@@ -6408,7 +6567,7 @@ int main(int argc, char **argv) {
count = strtol(argv[1], NULL, 0);
} else {
const char* env = getenv("SECP256K1_TEST_ITERS");
- if (env) {
+ if (env && strlen(env) > 0) {
count = strtol(env, NULL, 0);
}
}
@@ -6442,6 +6601,7 @@ int main(int argc, char **argv) {
run_sha256_tests();
run_hmac_sha256_tests();
run_rfc6979_hmac_sha256_tests();
+ run_tagged_sha256_tests();
/* scalar tests */
run_scalar_tests();
@@ -6449,6 +6609,7 @@ int main(int argc, char **argv) {
/* field tests */
run_field_misc();
run_field_convert();
+ run_fe_mul();
run_sqr();
run_sqrt();
@@ -6485,6 +6646,7 @@ int main(int argc, char **argv) {
#endif
/* ecdsa tests */
+ run_pubkey_comparison();
run_random_pubkeys();
run_ecdsa_der_parse();
run_ecdsa_sign_verify();
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-01 01:22:41 +0000