Bitcoin Core  26.99.0
P2P Digital Currency
tests_impl.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2013-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_RECOVERY_TESTS_H
8 #define SECP256K1_MODULE_RECOVERY_TESTS_H
9 
10 static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
11  (void) msg32;
12  (void) key32;
13  (void) algo16;
14  (void) data;
15 
16  /* On the first run, return 0 to force a second run */
17  if (counter == 0) {
18  memset(nonce32, 0, 32);
19  return 1;
20  }
21  /* On the second run, return an overflow to force a third run */
22  if (counter == 1) {
23  memset(nonce32, 0xff, 32);
24  return 1;
25  }
26  /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
27  memset(nonce32, 1, 32);
28  return secp256k1_testrand_bits(1);
29 }
30 
31 static void test_ecdsa_recovery_api(void) {
32  /* Setup contexts that just count errors */
33  secp256k1_pubkey pubkey;
34  secp256k1_pubkey recpubkey;
35  secp256k1_ecdsa_signature normal_sig;
37  unsigned char privkey[32] = { 1 };
38  unsigned char message[32] = { 2 };
39  int recid = 0;
40  unsigned char sig[74];
41  unsigned char zero_privkey[32] = { 0 };
42  unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
43  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
44  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
45  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
46 
47  /* Construct and verify corresponding public key. */
48  CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1);
49  CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1);
50 
51  /* Check bad contexts and NULLs for signing */
52  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
53  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL));
54  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL));
55  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL));
56  CHECK_ILLEGAL(STATIC_CTX, secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL));
57  /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */
58  secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL);
59  /* These will all fail, but not in ARG_CHECK way */
60  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0);
61  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0);
62  /* This one will succeed. */
63  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
64 
65  /* Check signing with a goofy nonce function */
66 
67  /* Check bad contexts and NULLs for recovery */
68  CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1);
69  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, NULL, &recsig, message));
70  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message));
71  CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL));
72 
73  /* Check NULLs for conversion */
74  CHECK(secp256k1_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1);
77  CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1);
78 
79  /* Check NULLs for de/serialization */
80  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
85 
90  /* overflow in signature will not result in calling illegal_callback */
91  memcpy(sig, over_privkey, 32);
93 }
94 
95 static void test_ecdsa_recovery_end_to_end(void) {
96  unsigned char extra[32] = {0x00};
97  unsigned char privkey[32];
98  unsigned char message[32];
99  secp256k1_ecdsa_signature signature[5];
101  unsigned char sig[74];
102  secp256k1_pubkey pubkey;
103  secp256k1_pubkey recpubkey;
104  int recid = 0;
105 
106  /* Generate a random key and message. */
107  {
108  secp256k1_scalar msg, key;
111  secp256k1_scalar_get_b32(privkey, &key);
112  secp256k1_scalar_get_b32(message, &msg);
113  }
114 
115  /* Construct and verify corresponding public key. */
116  CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1);
117  CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1);
118 
119  /* Serialize/parse compact and verify/recover. */
120  extra[0] = 0;
121  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[0], message, privkey, NULL, NULL) == 1);
122  CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1);
123  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[4], message, privkey, NULL, NULL) == 1);
124  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[1], message, privkey, NULL, extra) == 1);
125  extra[31] = 1;
126  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[2], message, privkey, NULL, extra) == 1);
127  extra[31] = 0;
128  extra[0] = 1;
129  CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[3], message, privkey, NULL, extra) == 1);
130  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1);
131  CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1);
132  CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0);
133  CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1);
134  memset(&rsignature[4], 0, sizeof(rsignature[4]));
135  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1);
136  CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1);
137  CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1);
138  /* Parse compact (with recovery id) and recover. */
139  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1);
140  CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 1);
141  CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
142  /* Serialize/destroy/parse signature and verify again. */
143  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1);
145  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1);
146  CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1);
147  CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0);
148  /* Recover again */
149  CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 0 ||
150  secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
151 }
152 
153 /* Tests several edge cases. */
155  const unsigned char msg32[32] = {
156  'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
157  'a', ' ', 'v', 'e', 'r', 'y', ' ', 's',
158  'e', 'c', 'r', 'e', 't', ' ', 'm', 'e',
159  's', 's', 'a', 'g', 'e', '.', '.', '.'
160  };
161  const unsigned char sig64[64] = {
162  /* Generated by signing the above message with nonce 'This is the nonce we will use...'
163  * and secret key 0 (which is not valid), resulting in recid 1. */
164  0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8,
165  0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96,
166  0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63,
167  0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32,
168  0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E,
169  0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD,
170  0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86,
171  0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57
172  };
173  secp256k1_pubkey pubkey;
174  /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */
175  const unsigned char sigb64[64] = {
176  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
178  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
180  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
181  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
182  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
183  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
184  };
185  secp256k1_pubkey pubkeyb;
188  int recid;
189 
191  CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32));
193  CHECK(secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32));
195  CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32));
197  CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32));
198 
199  for (recid = 0; recid < 4; recid++) {
200  int i;
201  int recid2;
202  /* (4,4) encoded in DER. */
203  unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
204  unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01};
205  unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00};
206  unsigned char sigbderalt1[39] = {
207  0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00,
208  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
209  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211  0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
212  };
213  unsigned char sigbderalt2[39] = {
214  0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00,
215  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
218  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
219  };
220  unsigned char sigbderalt3[40] = {
221  0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00,
222  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
223  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
224  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225  0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
226  };
227  unsigned char sigbderalt4[40] = {
228  0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00,
229  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
232  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
233  };
234  /* (order + r,4) encoded in DER. */
235  unsigned char sigbderlong[40] = {
236  0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF,
237  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
238  0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC,
239  0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E,
240  0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04
241  };
243  CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 1);
244  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1);
245  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 1);
246  for (recid2 = 0; recid2 < 4; recid2++) {
247  secp256k1_pubkey pubkey2b;
248  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid2) == 1);
249  CHECK(secp256k1_ecdsa_recover(CTX, &pubkey2b, &rsig, msg32) == 1);
250  /* Verifying with (order + r,4) should always fail. */
251  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderlong, sizeof(sigbderlong)) == 1);
252  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0);
253  }
254  /* DER parsing tests. */
255  /* Zero length r/s. */
256  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0);
257  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0);
258  /* Leading zeros. */
259  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0);
260  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0);
261  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0);
262  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0);
263  sigbderalt3[4] = 1;
264  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1);
265  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0);
266  sigbderalt4[7] = 1;
267  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1);
268  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0);
269  /* Damage signature. */
270  sigbder[7]++;
271  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1);
272  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0);
273  sigbder[7]--;
274  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, 6) == 0);
275  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder) - 1) == 0);
276  for(i = 0; i < 8; i++) {
277  int c;
278  unsigned char orig = sigbder[i];
279  /*Try every single-byte change.*/
280  for (c = 0; c < 256; c++) {
281  if (c == orig ) {
282  continue;
283  }
284  sigbder[i] = c;
285  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0);
286  }
287  sigbder[i] = orig;
288  }
289  }
290 
291  /* Test r/s equal to zero */
292  {
293  /* (1,1) encoded in DER. */
294  unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01};
295  unsigned char sigc64[64] = {
296  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
298  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
299  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
300  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
301  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
303  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
304  };
305  secp256k1_pubkey pubkeyc;
307  CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyc, &rsig, msg32) == 1);
308  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1);
309  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 1);
310  sigcder[4] = 0;
311  sigc64[31] = 0;
313  CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0);
314  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1);
315  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0);
316  sigcder[4] = 1;
317  sigcder[7] = 0;
318  sigc64[31] = 1;
319  sigc64[63] = 0;
321  CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0);
322  CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1);
323  CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0);
324  }
325 }
326 
327 static void run_recovery_tests(void) {
328  int i;
329  for (i = 0; i < COUNT; i++) {
331  }
332  for (i = 0; i < 64*COUNT; i++) {
334  }
336 }
337 
338 #endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35
static void test_ecdsa_recovery_edge_cases(void)
Definition: tests_impl.h:154
static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Definition: tests_impl.h:10
static void test_ecdsa_recovery_api(void)
Definition: tests_impl.h:31
static void test_ecdsa_recovery_end_to_end(void)
Definition: tests_impl.h:95
static void run_recovery_tests(void)
Definition: tests_impl.h:327
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:212
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:572
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:558
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:363
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:595
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:444
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Convert a recoverable signature into a normal signature.
Definition: main_impl.h:74
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:137
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:74
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
static SECP256K1_INLINE uint64_t secp256k1_testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
static int COUNT
Definition: tests.c:40
#define CHECK_ILLEGAL(ctx, expr)
Definition: tests.c:78
static secp256k1_context * CTX
Definition: tests.c:41
static void random_scalar_order_test(secp256k1_scalar *num)
Definition: tests.c:183
static secp256k1_context * STATIC_CTX
Definition: tests.c:42