Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
tests_impl.h
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2020 Jonas Nick *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#ifndef SECP256K1_MODULE_EXTRAKEYS_TESTS_H
8#define SECP256K1_MODULE_EXTRAKEYS_TESTS_H
9
10#include "../../../include/secp256k1_extrakeys.h"
11
12static secp256k1_context* api_test_context(int flags, int *ecount) {
13 secp256k1_context *ctx0 = secp256k1_context_create(flags);
14 secp256k1_context_set_error_callback(ctx0, counting_illegal_callback_fn, ecount);
15 secp256k1_context_set_illegal_callback(ctx0, counting_illegal_callback_fn, ecount);
16 return ctx0;
17}
18
19void test_xonly_pubkey(void) {
20 secp256k1_pubkey pk;
21 secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp;
22 secp256k1_ge pk1;
23 secp256k1_ge pk2;
24 secp256k1_fe y;
25 unsigned char sk[32];
26 unsigned char xy_sk[32];
27 unsigned char buf32[32];
28 unsigned char ones32[32];
29 unsigned char zeros64[64] = { 0 };
30 int pk_parity;
31 int i;
32
33 int ecount;
34 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
35 secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
36 secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
37
38 secp256k1_testrand256(sk);
39 memset(ones32, 0xFF, 32);
40 secp256k1_testrand256(xy_sk);
41 CHECK(secp256k1_ec_pubkey_create(sign, &pk, sk) == 1);
42 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1);
43
44 /* Test xonly_pubkey_from_pubkey */
45 ecount = 0;
46 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1);
47 CHECK(secp256k1_xonly_pubkey_from_pubkey(sign, &xonly_pk, &pk_parity, &pk) == 1);
48 CHECK(secp256k1_xonly_pubkey_from_pubkey(verify, &xonly_pk, &pk_parity, &pk) == 1);
49 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, NULL, &pk_parity, &pk) == 0);
50 CHECK(ecount == 1);
51 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1);
52 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, NULL) == 0);
53 CHECK(ecount == 2);
54 memset(&pk, 0, sizeof(pk));
55 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 0);
56 CHECK(ecount == 3);
57
58 /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */
59 memset(sk, 0, sizeof(sk));
60 sk[0] = 1;
61 CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1);
62 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1);
63 CHECK(secp256k1_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0);
64 CHECK(pk_parity == 0);
65
66 /* Choose a secret key such that pubkey and xonly_pubkey are each others
67 * negation. */
68 sk[0] = 2;
69 CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1);
70 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1);
71 CHECK(secp256k1_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0);
72 CHECK(pk_parity == 1);
73 secp256k1_pubkey_load(ctx, &pk1, &pk);
74 secp256k1_pubkey_load(ctx, &pk2, (secp256k1_pubkey *) &xonly_pk);
75 CHECK(secp256k1_fe_equal(&pk1.x, &pk2.x) == 1);
76 secp256k1_fe_negate(&y, &pk2.y, 1);
77 CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1);
78
79 /* Test xonly_pubkey_serialize and xonly_pubkey_parse */
80 ecount = 0;
81 CHECK(secp256k1_xonly_pubkey_serialize(none, NULL, &xonly_pk) == 0);
82 CHECK(ecount == 1);
83 CHECK(secp256k1_xonly_pubkey_serialize(none, buf32, NULL) == 0);
84 CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0);
85 CHECK(ecount == 2);
86 {
87 /* A pubkey filled with 0s will fail to serialize due to pubkey_load
88 * special casing. */
89 secp256k1_xonly_pubkey pk_tmp;
90 memset(&pk_tmp, 0, sizeof(pk_tmp));
91 CHECK(secp256k1_xonly_pubkey_serialize(none, buf32, &pk_tmp) == 0);
92 }
93 /* pubkey_load called illegal callback */
94 CHECK(ecount == 3);
95
96 CHECK(secp256k1_xonly_pubkey_serialize(none, buf32, &xonly_pk) == 1);
97 ecount = 0;
98 CHECK(secp256k1_xonly_pubkey_parse(none, NULL, buf32) == 0);
99 CHECK(ecount == 1);
100 CHECK(secp256k1_xonly_pubkey_parse(none, &xonly_pk, NULL) == 0);
101 CHECK(ecount == 2);
102
103 /* Serialization and parse roundtrip */
104 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, NULL, &pk) == 1);
105 CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1);
106 CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk_tmp, buf32) == 1);
107 CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0);
108
109 /* Test parsing invalid field elements */
110 memset(&xonly_pk, 1, sizeof(xonly_pk));
111 /* Overflowing field element */
112 CHECK(secp256k1_xonly_pubkey_parse(none, &xonly_pk, ones32) == 0);
113 CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0);
114 memset(&xonly_pk, 1, sizeof(xonly_pk));
115 /* There's no point with x-coordinate 0 on secp256k1 */
116 CHECK(secp256k1_xonly_pubkey_parse(none, &xonly_pk, zeros64) == 0);
117 CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0);
118 /* If a random 32-byte string can not be parsed with ec_pubkey_parse
119 * (because interpreted as X coordinate it does not correspond to a point on
120 * the curve) then xonly_pubkey_parse should fail as well. */
121 for (i = 0; i < count; i++) {
122 unsigned char rand33[33];
123 secp256k1_testrand256(&rand33[1]);
124 rand33[0] = SECP256K1_TAG_PUBKEY_EVEN;
125 if (!secp256k1_ec_pubkey_parse(ctx, &pk, rand33, 33)) {
126 memset(&xonly_pk, 1, sizeof(xonly_pk));
127 CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 0);
128 CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0);
129 } else {
130 CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 1);
131 }
132 }
133 CHECK(ecount == 2);
134
135 secp256k1_context_destroy(none);
136 secp256k1_context_destroy(sign);
137 secp256k1_context_destroy(verify);
138}
139
140void test_xonly_pubkey_comparison(void) {
141 unsigned char pk1_ser[32] = {
142 0x58, 0x84, 0xb3, 0xa2, 0x4b, 0x97, 0x37, 0x88, 0x92, 0x38, 0xa6, 0x26, 0x62, 0x52, 0x35, 0x11,
143 0xd0, 0x9a, 0xa1, 0x1b, 0x80, 0x0b, 0x5e, 0x93, 0x80, 0x26, 0x11, 0xef, 0x67, 0x4b, 0xd9, 0x23
144 };
145 const unsigned char pk2_ser[32] = {
146 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d,
147 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c
148 };
149 secp256k1_xonly_pubkey pk1;
150 secp256k1_xonly_pubkey pk2;
151 int ecount = 0;
152 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
153
154 CHECK(secp256k1_xonly_pubkey_parse(none, &pk1, pk1_ser) == 1);
155 CHECK(secp256k1_xonly_pubkey_parse(none, &pk2, pk2_ser) == 1);
156
157 CHECK(secp256k1_xonly_pubkey_cmp(none, NULL, &pk2) < 0);
158 CHECK(ecount == 1);
159 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk1, NULL) > 0);
160 CHECK(ecount == 2);
161 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk1, &pk2) < 0);
162 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk2, &pk1) > 0);
163 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk1, &pk1) == 0);
164 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk2, &pk2) == 0);
165 CHECK(ecount == 2);
166 memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */
167 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk1, &pk2) < 0);
168 CHECK(ecount == 3);
169 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk1, &pk1) == 0);
170 CHECK(ecount == 5);
171 CHECK(secp256k1_xonly_pubkey_cmp(none, &pk2, &pk1) > 0);
172 CHECK(ecount == 6);
173
174 secp256k1_context_destroy(none);
175}
176
177void test_xonly_pubkey_tweak(void) {
178 unsigned char zeros64[64] = { 0 };
179 unsigned char overflows[32];
180 unsigned char sk[32];
181 secp256k1_pubkey internal_pk;
182 secp256k1_xonly_pubkey internal_xonly_pk;
183 secp256k1_pubkey output_pk;
184 int pk_parity;
185 unsigned char tweak[32];
186 int i;
187
188 int ecount;
189 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
190 secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
191 secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
192
193 memset(overflows, 0xff, sizeof(overflows));
194 secp256k1_testrand256(tweak);
195 secp256k1_testrand256(sk);
196 CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1);
197 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
198
199 ecount = 0;
200 CHECK(secp256k1_xonly_pubkey_tweak_add(none, &output_pk, &internal_xonly_pk, tweak) == 1);
201 CHECK(ecount == 0);
202 CHECK(secp256k1_xonly_pubkey_tweak_add(sign, &output_pk, &internal_xonly_pk, tweak) == 1);
203 CHECK(ecount == 0);
204 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1);
205 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, NULL, &internal_xonly_pk, tweak) == 0);
206 CHECK(ecount == 1);
207 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, NULL, tweak) == 0);
208 CHECK(ecount == 2);
209 /* NULL internal_xonly_pk zeroes the output_pk */
210 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
211 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, NULL) == 0);
212 CHECK(ecount == 3);
213 /* NULL tweak zeroes the output_pk */
214 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
215
216 /* Invalid tweak zeroes the output_pk */
217 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, overflows) == 0);
218 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
219
220 /* A zero tweak is fine */
221 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, zeros64) == 1);
222
223 /* Fails if the resulting key was infinity */
224 for (i = 0; i < count; i++) {
225 secp256k1_scalar scalar_tweak;
226 /* Because sk may be negated before adding, we need to try with tweak =
227 * sk as well as tweak = -sk. */
228 secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL);
229 secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak);
230 secp256k1_scalar_get_b32(tweak, &scalar_tweak);
231 CHECK((secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, sk) == 0)
232 || (secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0));
233 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
234 }
235
236 /* Invalid pk with a valid tweak */
237 memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk));
238 secp256k1_testrand256(tweak);
239 ecount = 0;
240 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0);
241 CHECK(ecount == 1);
242 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
243
244 secp256k1_context_destroy(none);
245 secp256k1_context_destroy(sign);
246 secp256k1_context_destroy(verify);
247}
248
249void test_xonly_pubkey_tweak_check(void) {
250 unsigned char zeros64[64] = { 0 };
251 unsigned char overflows[32];
252 unsigned char sk[32];
253 secp256k1_pubkey internal_pk;
254 secp256k1_xonly_pubkey internal_xonly_pk;
255 secp256k1_pubkey output_pk;
256 secp256k1_xonly_pubkey output_xonly_pk;
257 unsigned char output_pk32[32];
258 unsigned char buf32[32];
259 int pk_parity;
260 unsigned char tweak[32];
261
262 int ecount;
263 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
264 secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
265 secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
266
267 memset(overflows, 0xff, sizeof(overflows));
268 secp256k1_testrand256(tweak);
269 secp256k1_testrand256(sk);
270 CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1);
271 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
272
273 ecount = 0;
274 CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 1);
275 CHECK(secp256k1_xonly_pubkey_from_pubkey(verify, &output_xonly_pk, &pk_parity, &output_pk) == 1);
276 CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &output_xonly_pk) == 1);
277 CHECK(secp256k1_xonly_pubkey_tweak_add_check(none, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
278 CHECK(ecount == 0);
279 CHECK(secp256k1_xonly_pubkey_tweak_add_check(sign, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
280 CHECK(ecount == 0);
281 CHECK(secp256k1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
282 CHECK(secp256k1_xonly_pubkey_tweak_add_check(verify, NULL, pk_parity, &internal_xonly_pk, tweak) == 0);
283 CHECK(ecount == 1);
284 /* invalid pk_parity value */
285 CHECK(secp256k1_xonly_pubkey_tweak_add_check(verify, buf32, 2, &internal_xonly_pk, tweak) == 0);
286 CHECK(ecount == 1);
287 CHECK(secp256k1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, NULL, tweak) == 0);
288 CHECK(ecount == 2);
289 CHECK(secp256k1_xonly_pubkey_tweak_add_check(verify, buf32, pk_parity, &internal_xonly_pk, NULL) == 0);
290 CHECK(ecount == 3);
291
292 memset(tweak, 1, sizeof(tweak));
293 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, NULL, &internal_pk) == 1);
294 CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1);
295 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1);
296 CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk32, &output_xonly_pk) == 1);
297 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1);
298
299 /* Wrong pk_parity */
300 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0);
301 /* Wrong public key */
302 CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &internal_xonly_pk) == 1);
303 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 0);
304
305 /* Overflowing tweak not allowed */
306 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0);
307 CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0);
308 CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
309 CHECK(ecount == 3);
310
311 secp256k1_context_destroy(none);
312 secp256k1_context_destroy(sign);
313 secp256k1_context_destroy(verify);
314}
315
316/* Starts with an initial pubkey and recursively creates N_PUBKEYS - 1
317 * additional pubkeys by calling tweak_add. Then verifies every tweak starting
318 * from the last pubkey. */
319#define N_PUBKEYS 32
320void test_xonly_pubkey_tweak_recursive(void) {
321 unsigned char sk[32];
322 secp256k1_pubkey pk[N_PUBKEYS];
323 unsigned char pk_serialized[32];
324 unsigned char tweak[N_PUBKEYS - 1][32];
325 int i;
326
327 secp256k1_testrand256(sk);
328 CHECK(secp256k1_ec_pubkey_create(ctx, &pk[0], sk) == 1);
329 /* Add tweaks */
330 for (i = 0; i < N_PUBKEYS - 1; i++) {
331 secp256k1_xonly_pubkey xonly_pk;
332 memset(tweak[i], i + 1, sizeof(tweak[i]));
333 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i]) == 1);
334 CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &pk[i + 1], &xonly_pk, tweak[i]) == 1);
335 }
336
337 /* Verify tweaks */
338 for (i = N_PUBKEYS - 1; i > 0; i--) {
339 secp256k1_xonly_pubkey xonly_pk;
340 int pk_parity;
341 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk[i]) == 1);
342 CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk_serialized, &xonly_pk) == 1);
343 CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i - 1]) == 1);
344 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1);
345 }
346}
347#undef N_PUBKEYS
348
349void test_keypair(void) {
350 unsigned char sk[32];
351 unsigned char sk_tmp[32];
352 unsigned char zeros96[96] = { 0 };
353 unsigned char overflows[32];
354 secp256k1_keypair keypair;
355 secp256k1_pubkey pk, pk_tmp;
356 secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp;
357 int pk_parity, pk_parity_tmp;
358 int ecount;
359 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
360 secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
361 secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
362 secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_no_precomp);
363 secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount);
364 secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount);
365
366 CHECK(sizeof(zeros96) == sizeof(keypair));
367 memset(overflows, 0xFF, sizeof(overflows));
368
369 /* Test keypair_create */
370 ecount = 0;
371 secp256k1_testrand256(sk);
372 CHECK(secp256k1_keypair_create(none, &keypair, sk) == 1);
373 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
374 CHECK(ecount == 0);
375 CHECK(secp256k1_keypair_create(verify, &keypair, sk) == 1);
376 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
377 CHECK(ecount == 0);
378 CHECK(secp256k1_keypair_create(sign, NULL, sk) == 0);
379 CHECK(ecount == 1);
380 CHECK(secp256k1_keypair_create(sign, &keypair, NULL) == 0);
381 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
382 CHECK(ecount == 2);
383 CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1);
384 CHECK(ecount == 2);
385 CHECK(secp256k1_keypair_create(sttc, &keypair, sk) == 0);
386 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
387 CHECK(ecount == 3);
388
389 /* Invalid secret key */
390 CHECK(secp256k1_keypair_create(sign, &keypair, zeros96) == 0);
391 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
392 CHECK(secp256k1_keypair_create(sign, &keypair, overflows) == 0);
393 CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
394
395 /* Test keypair_pub */
396 ecount = 0;
397 secp256k1_testrand256(sk);
398 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
399 CHECK(secp256k1_keypair_pub(none, &pk, &keypair) == 1);
400 CHECK(secp256k1_keypair_pub(none, NULL, &keypair) == 0);
401 CHECK(ecount == 1);
402 CHECK(secp256k1_keypair_pub(none, &pk, NULL) == 0);
403 CHECK(ecount == 2);
404 CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0);
405
406 /* Using an invalid keypair is fine for keypair_pub */
407 memset(&keypair, 0, sizeof(keypair));
408 CHECK(secp256k1_keypair_pub(none, &pk, &keypair) == 1);
409 CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0);
410
411 /* keypair holds the same pubkey as pubkey_create */
412 CHECK(secp256k1_ec_pubkey_create(sign, &pk, sk) == 1);
413 CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1);
414 CHECK(secp256k1_keypair_pub(none, &pk_tmp, &keypair) == 1);
415 CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0);
416
418 ecount = 0;
419 secp256k1_testrand256(sk);
420 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
421 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1);
422 CHECK(secp256k1_keypair_xonly_pub(none, NULL, &pk_parity, &keypair) == 0);
423 CHECK(ecount == 1);
424 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, NULL, &keypair) == 1);
425 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, NULL) == 0);
426 CHECK(ecount == 2);
427 CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0);
428 /* Using an invalid keypair will set the xonly_pk to 0 (first reset
429 * xonly_pk). */
430 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1);
431 memset(&keypair, 0, sizeof(keypair));
432 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 0);
433 CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0);
434 CHECK(ecount == 3);
435
437 CHECK(secp256k1_ec_pubkey_create(sign, &pk, sk) == 1);
438 CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1);
439 CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1);
440 CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1);
441 CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0);
442 CHECK(pk_parity == pk_parity_tmp);
443
444 /* Test keypair_seckey */
445 ecount = 0;
446 secp256k1_testrand256(sk);
447 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
448 CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
449 CHECK(secp256k1_keypair_sec(none, NULL, &keypair) == 0);
450 CHECK(ecount == 1);
451 CHECK(secp256k1_keypair_sec(none, sk_tmp, NULL) == 0);
452 CHECK(ecount == 2);
453 CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
454
455 /* keypair returns the same seckey it got */
456 CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1);
457 CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
458 CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0);
459
460
461 /* Using an invalid keypair is fine for keypair_seckey */
462 memset(&keypair, 0, sizeof(keypair));
463 CHECK(secp256k1_keypair_sec(none, sk_tmp, &keypair) == 1);
464 CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
465
466 secp256k1_context_destroy(none);
467 secp256k1_context_destroy(sign);
468 secp256k1_context_destroy(verify);
469 secp256k1_context_destroy(sttc);
470}
471
472void test_keypair_add(void) {
473 unsigned char sk[32];
474 secp256k1_keypair keypair;
475 unsigned char overflows[32];
476 unsigned char zeros96[96] = { 0 };
477 unsigned char tweak[32];
478 int i;
479 int ecount = 0;
480 secp256k1_context *none = api_test_context(SECP256K1_CONTEXT_NONE, &ecount);
481 secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
482 secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
483
484 CHECK(sizeof(zeros96) == sizeof(keypair));
485 secp256k1_testrand256(sk);
486 secp256k1_testrand256(tweak);
487 memset(overflows, 0xFF, 32);
488 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
489
490 CHECK(secp256k1_keypair_xonly_tweak_add(none, &keypair, tweak) == 1);
491 CHECK(ecount == 0);
492 CHECK(secp256k1_keypair_xonly_tweak_add(sign, &keypair, tweak) == 1);
493 CHECK(ecount == 0);
494 CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 1);
495 CHECK(secp256k1_keypair_xonly_tweak_add(verify, NULL, tweak) == 0);
496 CHECK(ecount == 1);
497 CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, NULL) == 0);
498 CHECK(ecount == 2);
499 /* This does not set the keypair to zeroes */
500 CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0);
501
502 /* Invalid tweak zeroes the keypair */
503 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
504 CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, overflows) == 0);
505 CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0);
506
507 /* A zero tweak is fine */
508 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
509 CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, zeros96) == 1);
510
511 /* Fails if the resulting keypair was (sk=0, pk=infinity) */
512 for (i = 0; i < count; i++) {
513 secp256k1_scalar scalar_tweak;
514 secp256k1_keypair keypair_tmp;
515 secp256k1_testrand256(sk);
516 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
517 memcpy(&keypair_tmp, &keypair, sizeof(keypair));
518 /* Because sk may be negated before adding, we need to try with tweak =
519 * sk as well as tweak = -sk. */
520 secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL);
521 secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak);
522 secp256k1_scalar_get_b32(tweak, &scalar_tweak);
523 CHECK((secp256k1_keypair_xonly_tweak_add(ctx, &keypair, sk) == 0)
524 || (secp256k1_keypair_xonly_tweak_add(ctx, &keypair_tmp, tweak) == 0));
525 CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0
526 || secp256k1_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0);
527 }
528
529 /* Invalid keypair with a valid tweak */
530 memset(&keypair, 0, sizeof(keypair));
531 secp256k1_testrand256(tweak);
532 ecount = 0;
533 CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0);
534 CHECK(ecount == 1);
535 CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0);
536 /* Only seckey part of keypair invalid */
537 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
538 memset(&keypair, 0, 32);
539 CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0);
540 CHECK(ecount == 2);
541 /* Only pubkey part of keypair invalid */
542 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
543 memset(&keypair.data[32], 0, 64);
544 CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0);
545 CHECK(ecount == 3);
546
547 /* Check that the keypair_tweak_add implementation is correct */
548 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
549 for (i = 0; i < count; i++) {
550 secp256k1_xonly_pubkey internal_pk;
551 secp256k1_xonly_pubkey output_pk;
552 secp256k1_pubkey output_pk_xy;
553 secp256k1_pubkey output_pk_expected;
554 unsigned char pk32[32];
555 unsigned char sk32[32];
556 int pk_parity;
557
558 secp256k1_testrand256(tweak);
559 CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);
560 CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1);
561 CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1);
562
563 /* Check that it passes xonly_pubkey_tweak_add_check */
564 CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk32, &output_pk) == 1);
565 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk32, pk_parity, &internal_pk, tweak) == 1);
566
567 /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */
568 CHECK(secp256k1_keypair_pub(ctx, &output_pk_xy, &keypair) == 1);
569 CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk_expected, &internal_pk, tweak) == 1);
570 CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
571
572 /* Check that the secret key in the keypair is tweaked correctly */
573 CHECK(secp256k1_keypair_sec(none, sk32, &keypair) == 1);
574 CHECK(secp256k1_ec_pubkey_create(ctx, &output_pk_expected, sk32) == 1);
575 CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0);
576 }
577 secp256k1_context_destroy(none);
578 secp256k1_context_destroy(sign);
579 secp256k1_context_destroy(verify);
580}
581
582void run_extrakeys_tests(void) {
583 /* xonly key test cases */
584 test_xonly_pubkey();
585 test_xonly_pubkey_tweak();
586 test_xonly_pubkey_tweak_check();
587 test_xonly_pubkey_tweak_recursive();
588 test_xonly_pubkey_comparison();
589
590 /* keypair tests */
591 test_keypair();
592 test_keypair_add();
593}
594
595#endif
test_xonly_pubkey
void test_xonly_pubkey(void)
Definition tests_impl.h:19
test_keypair_add
void test_keypair_add(void)
Definition tests_impl.h:472
test_xonly_pubkey_tweak_check
void test_xonly_pubkey_tweak_check(void)
Definition tests_impl.h:249
run_extrakeys_tests
void run_extrakeys_tests(void)
Definition tests_impl.h:582
test_xonly_pubkey_tweak
void test_xonly_pubkey_tweak(void)
Definition tests_impl.h:177
test_xonly_pubkey_tweak_recursive
void test_xonly_pubkey_tweak_recursive(void)
Definition tests_impl.h:320
N_PUBKEYS
#define N_PUBKEYS
Definition tests_impl.h:319
test_xonly_pubkey_comparison
void test_xonly_pubkey_comparison(void)
Definition tests_impl.h:140
test_keypair
void test_keypair(void)
Definition tests_impl.h:349
CHECK
#define CHECK(cond)
Definition util.h:80
count
int * count
Definition gmock_stress_test.cc:177
verify
void verify(const char *msg, const T &a, const S &b)
Definition minitest.cpp:13
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Definition secp256k1.c:146
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition secp256k1.h:196
secp256k1_context_no_precomp
SECP256K1_API const secp256k1_context * secp256k1_context_no_precomp
Definition secp256k1.c:60
SECP256K1_TAG_PUBKEY_EVEN
#define SECP256K1_TAG_PUBKEY_EVEN
Definition secp256k1.h:205
secp256k1_context_set_error_callback
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Definition secp256k1.c:162
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Definition secp256k1.c:107
secp256k1_context_set_illegal_callback
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Definition secp256k1.c:153
secp256k1_ec_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition secp256k1.c:228
SECP256K1_CONTEXT_NONE
#define SECP256K1_CONTEXT_NONE
Definition secp256k1.h:198
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition secp256k1.c:551
secp256k1_context_clone
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Definition secp256k1.c:128
SECP256K1_CONTEXT_VERIFY
#define SECP256K1_CONTEXT_VERIFY
Definition secp256k1.h:195
secp256k1_extrakeys.h
secp256k1_xonly_pubkey_cmp
SECP256K1_API int secp256k1_xonly_pubkey_cmp(const secp256k1_context *ctx, const secp256k1_xonly_pubkey *pk1, const secp256k1_xonly_pubkey *pk2) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:58
secp256k1_keypair_pub
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_pub(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:223
secp256k1_keypair_sec
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:213
secp256k1_xonly_pubkey_serialize
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:43
secp256k1_xonly_pubkey_tweak_add_check
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Definition main_impl.h:134
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:195
secp256k1_xonly_pubkey_from_pubkey
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context *ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Definition main_impl.h:98
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:254
secp256k1_xonly_pubkey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context *ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Definition main_impl.h:117
secp256k1_keypair_xonly_pub
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, int *pk_parity, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Definition main_impl.h:233
secp256k1_xonly_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition main_impl.h:21
secp256k1_context_struct
Definition secp256k1.c:47
secp256k1_fe
Definition field_10x26.h:12
secp256k1_ge
Definition group.h:16
secp256k1_ge::x
secp256k1_fe x
Definition group.h:17
secp256k1_ge::y
secp256k1_fe y
Definition group.h:18
secp256k1_keypair
Definition secp256k1_extrakeys.h:33
secp256k1_keypair::data
unsigned char data[96]
Definition secp256k1_extrakeys.h:34
secp256k1_pubkey
Definition secp256k1.h:70
secp256k1_scalar
Definition scalar_4x64.h:13
secp256k1_xonly_pubkey
Definition secp256k1_extrakeys.h:22
memset
memset(pInfo->slotDescription, ' ', 64)
flags
pInfo flags
Definition yubihsm_pkcs11.c:540
memcpy
memcpy((char *) pInfo->slotDescription, s, l)