Bitcoin Core  24.99.0
P2P Digital Currency
tests_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2013-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_RECOVERY_TESTS_H
8 #define SECP256K1_MODULE_RECOVERY_TESTS_H
9 
10 static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
11  (void) msg32;
12  (void) key32;
13  (void) algo16;
14  (void) data;
15 
16  /* On the first run, return 0 to force a second run */
17  if (counter == 0) {
18  memset(nonce32, 0, 32);
19  return 1;
20  }
21  /* On the second run, return an overflow to force a third run */
22  if (counter == 1) {
23  memset(nonce32, 0xff, 32);
24  return 1;
25  }
26  /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
27  memset(nonce32, 1, 32);
28  return secp256k1_testrand_bits(1);
29 }
30 
32  /* Setup contexts that just count errors */
34  secp256k1_pubkey pubkey;
35  secp256k1_pubkey recpubkey;
36  secp256k1_ecdsa_signature normal_sig;
38  unsigned char privkey[32] = { 1 };
39  unsigned char message[32] = { 2 };
40  int32_t ecount = 0;
41  int recid = 0;
42  unsigned char sig[74];
43  unsigned char zero_privkey[32] = { 0 };
44  unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
45  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
46  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
47  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
48 
53 
54  /* Construct and verify corresponding public key. */
55  CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
56  CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
57 
58  /* Check bad contexts and NULLs for signing */
59  ecount = 0;
60  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1);
61  CHECK(ecount == 0);
62  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, NULL, message, privkey, NULL, NULL) == 0);
63  CHECK(ecount == 1);
64  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, NULL, privkey, NULL, NULL) == 0);
65  CHECK(ecount == 2);
66  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, NULL, NULL, NULL) == 0);
67  CHECK(ecount == 3);
68  CHECK(secp256k1_ecdsa_sign_recoverable(sttc, &recsig, message, privkey, NULL, NULL) == 0);
69  CHECK(ecount == 4);
70  /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */
71  secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, recovery_test_nonce_function, NULL);
72  CHECK(ecount == 4);
73  /* These will all fail, but not in ARG_CHECK way */
74  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, zero_privkey, NULL, NULL) == 0);
75  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, over_privkey, NULL, NULL) == 0);
76  /* This one will succeed. */
77  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1);
78  CHECK(ecount == 4);
79 
80  /* Check signing with a goofy nonce function */
81 
82  /* Check bad contexts and NULLs for recovery */
83  ecount = 0;
84  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, message) == 1);
85  CHECK(ecount == 0);
86  CHECK(secp256k1_ecdsa_recover(ctx, NULL, &recsig, message) == 0);
87  CHECK(ecount == 1);
88  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, NULL, message) == 0);
89  CHECK(ecount == 2);
90  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, NULL) == 0);
91  CHECK(ecount == 3);
92 
93  /* Check NULLs for conversion */
94  CHECK(secp256k1_ecdsa_sign(ctx, &normal_sig, message, privkey, NULL, NULL) == 1);
95  ecount = 0;
97  CHECK(ecount == 1);
99  CHECK(ecount == 2);
100  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &normal_sig, &recsig) == 1);
101 
102  /* Check NULLs for de/serialization */
103  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1);
104  ecount = 0;
106  CHECK(ecount == 1);
108  CHECK(ecount == 2);
110  CHECK(ecount == 3);
112 
114  CHECK(ecount == 4);
116  CHECK(ecount == 5);
118  CHECK(ecount == 6);
120  CHECK(ecount == 7);
121  /* overflow in signature will fail but not affect ecount */
122  memcpy(sig, over_privkey, 32);
124  CHECK(ecount == 7);
125 
126  /* cleanup */
128 }
129 
131  unsigned char extra[32] = {0x00};
132  unsigned char privkey[32];
133  unsigned char message[32];
134  secp256k1_ecdsa_signature signature[5];
136  unsigned char sig[74];
137  secp256k1_pubkey pubkey;
138  secp256k1_pubkey recpubkey;
139  int recid = 0;
140 
141  /* Generate a random key and message. */
142  {
143  secp256k1_scalar msg, key;
146  secp256k1_scalar_get_b32(privkey, &key);
147  secp256k1_scalar_get_b32(message, &msg);
148  }
149 
150  /* Construct and verify corresponding public key. */
151  CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
152  CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
153 
154  /* Serialize/parse compact and verify/recover. */
155  extra[0] = 0;
156  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1);
157  CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1);
158  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1);
159  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1);
160  extra[31] = 1;
161  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1);
162  extra[31] = 0;
163  extra[0] = 1;
164  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1);
165  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
166  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
167  CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0);
168  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
169  memset(&rsignature[4], 0, sizeof(rsignature[4]));
170  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
171  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
172  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
173  /* Parse compact (with recovery id) and recover. */
174  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
175  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1);
176  CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
177  /* Serialize/destroy/parse signature and verify again. */
178  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
180  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
181  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
182  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0);
183  /* Recover again */
184  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 ||
185  secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
186 }
187 
188 /* Tests several edge cases. */
190  const unsigned char msg32[32] = {
191  'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
192  'a', ' ', 'v', 'e', 'r', 'y', ' ', 's',
193  'e', 'c', 'r', 'e', 't', ' ', 'm', 'e',
194  's', 's', 'a', 'g', 'e', '.', '.', '.'
195  };
196  const unsigned char sig64[64] = {
197  /* Generated by signing the above message with nonce 'This is the nonce we will use...'
198  * and secret key 0 (which is not valid), resulting in recid 1. */
199  0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8,
200  0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96,
201  0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63,
202  0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32,
203  0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E,
204  0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD,
205  0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86,
206  0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57
207  };
208  secp256k1_pubkey pubkey;
209  /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */
210  const unsigned char sigb64[64] = {
211  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
212  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
213  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
214  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
215  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
218  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
219  };
220  secp256k1_pubkey pubkeyb;
223  int recid;
224 
226  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
228  CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
230  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
232  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
233 
234  for (recid = 0; recid < 4; recid++) {
235  int i;
236  int recid2;
237  /* (4,4) encoded in DER. */
238  unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
239  unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01};
240  unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00};
241  unsigned char sigbderalt1[39] = {
242  0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00,
243  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
244  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246  0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
247  };
248  unsigned char sigbderalt2[39] = {
249  0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00,
250  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
252  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
253  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
254  };
255  unsigned char sigbderalt3[40] = {
256  0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00,
257  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
258  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
259  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
260  0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
261  };
262  unsigned char sigbderalt4[40] = {
263  0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00,
264  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
265  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
266  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
267  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
268  };
269  /* (order + r,4) encoded in DER. */
270  unsigned char sigbderlong[40] = {
271  0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF,
272  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
273  0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC,
274  0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E,
275  0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04
276  };
278  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1);
279  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
280  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
281  for (recid2 = 0; recid2 < 4; recid2++) {
282  secp256k1_pubkey pubkey2b;
283  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1);
284  CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1);
285  /* Verifying with (order + r,4) should always fail. */
286  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1);
287  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
288  }
289  /* DER parsing tests. */
290  /* Zero length r/s. */
291  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0);
292  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0);
293  /* Leading zeros. */
294  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0);
295  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0);
296  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0);
297  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0);
298  sigbderalt3[4] = 1;
299  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1);
300  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
301  sigbderalt4[7] = 1;
302  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1);
303  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
304  /* Damage signature. */
305  sigbder[7]++;
306  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
307  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
308  sigbder[7]--;
309  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0);
310  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0);
311  for(i = 0; i < 8; i++) {
312  int c;
313  unsigned char orig = sigbder[i];
314  /*Try every single-byte change.*/
315  for (c = 0; c < 256; c++) {
316  if (c == orig ) {
317  continue;
318  }
319  sigbder[i] = c;
320  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
321  }
322  sigbder[i] = orig;
323  }
324  }
325 
326  /* Test r/s equal to zero */
327  {
328  /* (1,1) encoded in DER. */
329  unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01};
330  unsigned char sigc64[64] = {
331  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
332  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
333  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
334  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
335  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
336  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
337  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
338  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
339  };
340  secp256k1_pubkey pubkeyc;
342  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1);
343  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
344  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1);
345  sigcder[4] = 0;
346  sigc64[31] = 0;
348  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
349  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
350  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
351  sigcder[4] = 1;
352  sigcder[7] = 0;
353  sigc64[31] = 1;
354  sigc64[63] = 0;
356  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
357  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
358  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
359  }
360 }
361 
362 void run_recovery_tests(void) {
363  int i;
364  for (i = 0; i < count; i++) {
366  }
367  for (i = 0; i < 64*count; i++) {
369  }
371 }
372 
373 #endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35
void test_ecdsa_recovery_api(void)
Definition: tests_impl.h:31
void run_recovery_tests(void)
Definition: tests_impl.h:362
void test_ecdsa_recovery_end_to_end(void)
Definition: tests_impl.h:130
static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Definition: tests_impl.h:10
void test_ecdsa_recovery_edge_cases(void)
Definition: tests_impl.h:189
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:201
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:166
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:182
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:548
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:173
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:534
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:339
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:571
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
Definition: secp256k1.c:148
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:420
SECP256K1_API const secp256k1_context * secp256k1_context_static
A built-in constant secp256k1 context object with static storage duration, to be used in conjunction ...
Definition: secp256k1.c:75
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Convert a recoverable signature into a normal signature.
Definition: main_impl.h:74
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
static SECP256K1_INLINE uint64_t secp256k1_testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
static secp256k1_context * ctx
Definition: tests.c:35
void random_scalar_order_test(secp256k1_scalar *num)
Definition: tests.c:112
static void counting_illegal_callback_fn(const char *str, void *data)
Definition: tests.c:37
static int count
Definition: tests.c:34