Bitcoin ABC  0.24.10
P2P Digital Currency
valgrind_ctime_test.c
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2020 Gregory Maxwell *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #include <valgrind/memcheck.h>
8 #include <stdio.h>
9 
10 #include "include/secp256k1.h"
11 #include "assumptions.h"
12 #include "util.h"
13 
14 #ifdef ENABLE_MODULE_ECDH
15 # include "include/secp256k1_ecdh.h"
16 #endif
17 
18 #ifdef ENABLE_MODULE_RECOVERY
20 #endif
21 
22 #ifdef ENABLE_MODULE_SCHNORR
24 #endif
25 
26 #ifdef ENABLE_MODULE_EXTRAKEYS
28 #endif
29 
30 #ifdef ENABLE_MODULE_SCHNORRSIG
32 #endif
33 
34 void run_tests(secp256k1_context *ctx, unsigned char *key);
35 
36 int main(void) {
38  unsigned char key[32];
39  int ret, i;
40 
41  if (!RUNNING_ON_VALGRIND) {
42  fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
43  fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
44  return 1;
45  }
52  for (i = 0; i < 32; i++) {
53  key[i] = i + 65;
54  }
55 
56  run_tests(ctx, key);
57 
58  /* Test context randomisation. Do this last because it leaves the context
59  * tainted. */
60  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
61  ret = secp256k1_context_randomize(ctx, key);
62  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
63  CHECK(ret);
64 
66  return 0;
67 }
68 
69 void run_tests(secp256k1_context *ctx, unsigned char *key) {
70  secp256k1_ecdsa_signature signature;
71  secp256k1_pubkey pubkey;
72  size_t siglen = 74;
73  size_t outputlen = 33;
74  int i;
75  int ret;
76  unsigned char msg[32];
77  unsigned char sig[74];
78  unsigned char spubkey[33];
79 #ifdef ENABLE_MODULE_RECOVERY
80  secp256k1_ecdsa_recoverable_signature recoverable_signature;
81  int recid;
82 #endif
83 #ifdef ENABLE_MODULE_EXTRAKEYS
84  secp256k1_keypair keypair;
85 #endif
86 
87  for (i = 0; i < 32; i++) {
88  msg[i] = i + 1;
89  }
90 
91  /* Test keygen. */
92  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
93  ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
94  VALGRIND_MAKE_MEM_DEFINED(&pubkey, sizeof(secp256k1_pubkey));
95  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
96  CHECK(ret);
97  CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
98 
99  /* Test signing. */
100  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
101  ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
102  VALGRIND_MAKE_MEM_DEFINED(&signature, sizeof(secp256k1_ecdsa_signature));
103  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
104  CHECK(ret);
105  CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature));
106 
107 #ifdef ENABLE_MODULE_ECDH
108  /* Test ECDH. */
109  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
110  ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
111  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
112  CHECK(ret == 1);
113 #endif
114 
115 #ifdef ENABLE_MODULE_RECOVERY
116  /* Test signing a recoverable signature. */
117  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
118  ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
119  VALGRIND_MAKE_MEM_DEFINED(&recoverable_signature, sizeof(recoverable_signature));
120  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
121  CHECK(ret);
122  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
123  CHECK(recid >= 0 && recid <= 3);
124 #endif
125 
126 #if ENABLE_MODULE_SCHNORR
127  /* Test schnorr signing. */
128  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
129  ret = secp256k1_schnorr_sign(ctx, sig, msg, key, NULL, NULL);
130  VALGRIND_MAKE_MEM_DEFINED(&sig, sizeof(64));
131  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
132  CHECK(ret);
133 #endif
134 
135  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
136  ret = secp256k1_ec_seckey_verify(ctx, key);
137  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
138  CHECK(ret == 1);
139 
140  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
141  ret = secp256k1_ec_seckey_negate(ctx, key);
142  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
143  CHECK(ret == 1);
144 
145  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
146  VALGRIND_MAKE_MEM_UNDEFINED(msg, 32);
147  ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
148  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
149  CHECK(ret == 1);
150 
151  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
152  VALGRIND_MAKE_MEM_UNDEFINED(msg, 32);
153  ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
154  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
155  CHECK(ret == 1);
156 
157  /* Test keypair_create and keypair_xonly_tweak_add. */
158 #ifdef ENABLE_MODULE_EXTRAKEYS
159  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
160  ret = secp256k1_keypair_create(ctx, &keypair, key);
161  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
162  CHECK(ret == 1);
163 
164  /* The tweak is not treated as a secret in keypair_tweak_add */
165  VALGRIND_MAKE_MEM_DEFINED(msg, 32);
166  ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
167  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
168  CHECK(ret == 1);
169 
170  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
171  VALGRIND_MAKE_MEM_UNDEFINED(&keypair, sizeof(keypair));
172  ret = secp256k1_keypair_sec(ctx, key, &keypair);
173  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
174  CHECK(ret == 1);
175 #endif
176 
177 #ifdef ENABLE_MODULE_SCHNORRSIG
178  VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
179  ret = secp256k1_keypair_create(ctx, &keypair, key);
180  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
181  CHECK(ret == 1);
182  ret = secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL);
183  VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
184  CHECK(ret == 1);
185 #endif
186 }
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
SECP256K1_CONTEXT_VERIFY
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:170
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:380
secp256k1_context_struct
Definition: secp256k1.c:69
secp256k1_ecdh.h
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:591
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_recovery.h
secp256k1_keypair_sec
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the secret key from a keypair.
Definition: main_impl.h:189
util.h
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:196
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:152
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_schnorrsig.h
sig
SchnorrSig sig
Definition: processor.cpp:322
SECP256K1_CONTEXT_DECLASSIFY
#define SECP256K1_CONTEXT_DECLASSIFY
Definition: secp256k1.h:172
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:296
secp256k1.h
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a secret key.
Definition: main_impl.h:171
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:176
assumptions.h
run_tests
void run_tests(secp256k1_context *ctx, unsigned char *key)
Definition: valgrind_ctime_test.c:69
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:535
main
int main(void)
Definition: valgrind_ctime_test.c:36
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:550
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:637
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:573
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:230
secp256k1_schnorr.h
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:682
secp256k1_ecdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:29
secp256k1_extrakeys.h
CHECK
#define CHECK(cond)
Definition: util.h:53
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
secp256k1_schnorrsig_sign
SECP256K1_API int secp256k1_schnorrsig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, secp256k1_nonce_function_hardened noncefp, void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:127
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:730