Bitcoin Core  25.99.0
P2P Digital Currency
ctime_tests.c
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2020 Gregory Maxwell *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #include <stdio.h>
8 
9 #include "../include/secp256k1.h"
10 #include "assumptions.h"
11 #include "checkmem.h"
12 
13 #if !SECP256K1_CHECKMEM_ENABLED
14 # error "This tool cannot be compiled without memory-checking interface (valgrind or msan)"
15 #endif
16 
17 #ifdef ENABLE_MODULE_ECDH
18 # include "../include/secp256k1_ecdh.h"
19 #endif
20 
21 #ifdef ENABLE_MODULE_RECOVERY
22 # include "../include/secp256k1_recovery.h"
23 #endif
24 
25 #ifdef ENABLE_MODULE_EXTRAKEYS
26 # include "../include/secp256k1_extrakeys.h"
27 #endif
28 
29 #ifdef ENABLE_MODULE_SCHNORRSIG
30 #include "../include/secp256k1_schnorrsig.h"
31 #endif
32 
33 static void run_tests(secp256k1_context *ctx, unsigned char *key);
34 
35 int main(void) {
36  secp256k1_context* ctx;
37  unsigned char key[32];
38  int ret, i;
39 
40  if (!SECP256K1_CHECKMEM_RUNNING()) {
41  fprintf(stderr, "This test can only usefully be run inside valgrind because it was not compiled under msan.\n");
42  fprintf(stderr, "Usage: libtool --mode=execute valgrind ./ctime_tests\n");
43  return 1;
44  }
45  ctx = secp256k1_context_create(SECP256K1_CONTEXT_DECLASSIFY);
49  for (i = 0; i < 32; i++) {
50  key[i] = i + 65;
51  }
52 
53  run_tests(ctx, key);
54 
55  /* Test context randomisation. Do this last because it leaves the context
56  * tainted. */
57  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
58  ret = secp256k1_context_randomize(ctx, key);
59  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
60  CHECK(ret);
61 
62  secp256k1_context_destroy(ctx);
63  return 0;
64 }
65 
66 static void run_tests(secp256k1_context *ctx, unsigned char *key) {
67  secp256k1_ecdsa_signature signature;
68  secp256k1_pubkey pubkey;
69  size_t siglen = 74;
70  size_t outputlen = 33;
71  int i;
72  int ret;
73  unsigned char msg[32];
74  unsigned char sig[74];
75  unsigned char spubkey[33];
76 #ifdef ENABLE_MODULE_RECOVERY
77  secp256k1_ecdsa_recoverable_signature recoverable_signature;
78  int recid;
79 #endif
80 #ifdef ENABLE_MODULE_EXTRAKEYS
81  secp256k1_keypair keypair;
82 #endif
83 
84  for (i = 0; i < 32; i++) {
85  msg[i] = i + 1;
86  }
87 
88  /* Test keygen. */
89  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
90  ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
91  SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(secp256k1_pubkey));
92  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
93  CHECK(ret);
94  CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
95 
96  /* Test signing. */
97  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
98  ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
99  SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(secp256k1_ecdsa_signature));
100  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
101  CHECK(ret);
102  CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature));
103 
104 #ifdef ENABLE_MODULE_ECDH
105  /* Test ECDH. */
106  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
107  ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
108  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
109  CHECK(ret == 1);
110 #endif
111 
112 #ifdef ENABLE_MODULE_RECOVERY
113  /* Test signing a recoverable signature. */
114  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
115  ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
116  SECP256K1_CHECKMEM_DEFINE(&recoverable_signature, sizeof(recoverable_signature));
117  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
118  CHECK(ret);
119  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
120  CHECK(recid >= 0 && recid <= 3);
121 #endif
122 
123  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
124  ret = secp256k1_ec_seckey_verify(ctx, key);
125  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
126  CHECK(ret == 1);
127 
128  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
129  ret = secp256k1_ec_seckey_negate(ctx, key);
130  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
131  CHECK(ret == 1);
132 
133  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
134  SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
135  ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
136  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
137  CHECK(ret == 1);
138 
139  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
140  SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
141  ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
142  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
143  CHECK(ret == 1);
144 
145  /* Test keypair_create and keypair_xonly_tweak_add. */
146 #ifdef ENABLE_MODULE_EXTRAKEYS
147  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
148  ret = secp256k1_keypair_create(ctx, &keypair, key);
149  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
150  CHECK(ret == 1);
151 
152  /* The tweak is not treated as a secret in keypair_tweak_add */
153  SECP256K1_CHECKMEM_DEFINE(msg, 32);
154  ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
155  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
156  CHECK(ret == 1);
157 
158  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
159  SECP256K1_CHECKMEM_UNDEFINE(&keypair, sizeof(keypair));
160  ret = secp256k1_keypair_sec(ctx, key, &keypair);
161  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
162  CHECK(ret == 1);
163 #endif
164 
165 #ifdef ENABLE_MODULE_SCHNORRSIG
166  SECP256K1_CHECKMEM_UNDEFINE(key, 32);
167  ret = secp256k1_keypair_create(ctx, &keypair, key);
168  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
169  CHECK(ret == 1);
170  ret = secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL);
171  SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
172  CHECK(ret == 1);
173 #endif
174 }
ret
int ret
Definition: bitcoin-cli.cpp:1264
SECP256K1_CHECKMEM_UNDEFINE
#define SECP256K1_CHECKMEM_UNDEFINE(p, len)
Definition: checkmem.h:76
SECP256K1_CHECKMEM_DEFINE
#define SECP256K1_CHECKMEM_DEFINE(p, len)
Definition: checkmem.h:77
SECP256K1_CHECKMEM_RUNNING
#define SECP256K1_CHECKMEM_RUNNING()
Definition: checkmem.h:79
run_tests
static void run_tests(secp256k1_context *ctx, unsigned char *key)
Definition: ctime_tests.c:66
main
int main(void)
Definition: ctime_tests.c:35
CHECK
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35
tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:53
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:186
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:703
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:750
SECP256K1_CONTEXT_DECLASSIFY
#define SECP256K1_CONTEXT_DECLASSIFY
Definition: secp256k1.h:217
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:613
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:290
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:572
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:558
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:595
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:140
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:220
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:400
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:659
secp256k1_ecdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:29
secp256k1_keypair_sec
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the secret key from a keypair.
Definition: main_impl.h:213
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a secret key.
Definition: main_impl.h:195
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:254
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorrsig_sign32
SECP256K1_API int secp256k1_schnorrsig_sign32(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:195
secp256k1_context_struct
Definition: secp256k1.c:60
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
Generated on Fri Jun 2 2023 02:43:48 for Bitcoin Core by doxygen 1.9.1