mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-10 20:03:34 -03:00
Merge pull request #319
67f7da4Extensive interface and operations tests for secp256k1_ec_pubkey_parse. (Gregory Maxwell)ee2cb40Add ARG_CHECKs to secp256k1_ec_pubkey_parse/secp256k1_ec_pubkey_serialize (Gregory Maxwell)
This commit is contained in:
Pieter Wuille
commit
c98df263ed
2 changed files with 415 additions and 3 deletions
|
|
@ -146,8 +146,11 @@ int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pu
|
|||
secp256k1_ge Q;
|
||||
|
||||
(void)ctx;
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(pubkey != NULL);
|
||||
memset(pubkey, 0, sizeof(*pubkey));
|
||||
ARG_CHECK(input != NULL);
|
||||
if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) {
|
||||
memset(pubkey, 0, sizeof(*pubkey));
|
||||
return 0;
|
||||
}
|
||||
secp256k1_pubkey_save(pubkey, &Q);
|
||||
|
|
@ -159,6 +162,10 @@ int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *o
|
|||
secp256k1_ge Q;
|
||||
|
||||
(void)ctx;
|
||||
VERIFY_CHECK(ctx != NULL);
|
||||
ARG_CHECK(output != NULL);
|
||||
ARG_CHECK(outputlen != NULL);
|
||||
ARG_CHECK(pubkey != NULL);
|
||||
return (secp256k1_pubkey_load(ctx, &Q, pubkey) &&
|
||||
secp256k1_eckey_pubkey_serialize(&Q, output, outputlen, flags));
|
||||
}
|
||||
|
|
|
|||
409
src/tests.c
409
src/tests.c
|
|
@ -13,8 +13,8 @@
|
|||
|
||||
#include <time.h>
|
||||
|
||||
#include "include/secp256k1.h"
|
||||
#include "secp256k1.c"
|
||||
#include "include/secp256k1.h"
|
||||
#include "testrand_impl.h"
|
||||
|
||||
#ifdef ENABLE_OPENSSL_TESTS
|
||||
|
|
@ -24,6 +24,17 @@
|
|||
#include "openssl/obj_mac.h"
|
||||
#endif
|
||||
|
||||
#if !defined(VG_CHECK)
|
||||
# if defined(VALGRIND)
|
||||
# include <valgrind/memcheck.h>
|
||||
# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y))
|
||||
# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y))
|
||||
# else
|
||||
# define VG_UNDEF(x,y)
|
||||
# define VG_CHECK(x,y)
|
||||
# endif
|
||||
#endif
|
||||
|
||||
static int count = 64;
|
||||
static secp256k1_context *ctx = NULL;
|
||||
|
||||
|
|
@ -1752,6 +1763,398 @@ void run_endomorphism_tests(void) {
|
|||
}
|
||||
#endif
|
||||
|
||||
static void counting_illegal_callback_fn(const char* str, void* data) {
|
||||
/* Dummy callback function that just counts. */
|
||||
int32_t *p;
|
||||
(void)str;
|
||||
p = data;
|
||||
(*p)++;
|
||||
}
|
||||
|
||||
static void uncounting_illegal_callback_fn(const char* str, void* data) {
|
||||
/* Dummy callback function that just counts (backwards). */
|
||||
int32_t *p;
|
||||
(void)str;
|
||||
p = data;
|
||||
(*p)--;
|
||||
}
|
||||
|
||||
void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) {
|
||||
unsigned char pubkeyc[65];
|
||||
secp256k1_pubkey pubkey;
|
||||
secp256k1_ge ge;
|
||||
size_t pubkeyclen;
|
||||
int32_t ecount;
|
||||
ecount = 0;
|
||||
secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
|
||||
for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
|
||||
/* Smaller sizes are tested exhaustively elsewhere. */
|
||||
int32_t i;
|
||||
memcpy(&pubkeyc[1], input, 64);
|
||||
VG_UNDEF(&pubkeyc[pubkeyclen], 65 - pubkeyclen);
|
||||
for (i = 0; i < 256; i++) {
|
||||
/* Try all type bytes. */
|
||||
int xpass;
|
||||
int ypass;
|
||||
int ysign;
|
||||
pubkeyc[0] = i;
|
||||
/* What sign does this point have? */
|
||||
ysign = (input[63] & 1) + 2;
|
||||
/* For the current type (i) do we expect parsing to work? Handled all of compressed/uncompressed/hybrid. */
|
||||
xpass = xvalid && (pubkeyclen == 33) && ((i & 254) == 2);
|
||||
/* Do we expect a parse and re-serialize as uncompressed to give a matching y? */
|
||||
ypass = xvalid && yvalid && ((i & 4) == ((pubkeyclen == 65) << 2)) &&
|
||||
((i == 4) || ((i & 251) == ysign)) && ((pubkeyclen == 33) || (pubkeyclen == 65));
|
||||
if (xpass || ypass) {
|
||||
/* These cases must parse. */
|
||||
unsigned char pubkeyo[65];
|
||||
size_t outl;
|
||||
memset(&pubkey, 0, sizeof(pubkey));
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
outl = 65;
|
||||
VG_UNDEF(pubkeyo, 65);
|
||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
|
||||
VG_CHECK(pubkeyo, outl);
|
||||
CHECK(outl == 33);
|
||||
CHECK(memcmp(&pubkeyo[1], &pubkeyc[1], 32) == 0);
|
||||
CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0]));
|
||||
if (ypass) {
|
||||
/* This test isn't always done because we decode with alternative signs, so the y won't match. */
|
||||
CHECK(pubkeyo[0] == ysign);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1);
|
||||
memset(&pubkey, 0, sizeof(pubkey));
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
secp256k1_pubkey_save(&pubkey, &ge);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
outl = 65;
|
||||
VG_UNDEF(pubkeyo, 65);
|
||||
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, 0) == 1);
|
||||
VG_CHECK(pubkeyo, outl);
|
||||
CHECK(outl == 65);
|
||||
CHECK(pubkeyo[0] == 4);
|
||||
CHECK(memcmp(&pubkeyo[1], input, 64) == 0);
|
||||
}
|
||||
CHECK(ecount == 0);
|
||||
} else {
|
||||
/* These cases must fail to parse. */
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
}
|
||||
}
|
||||
}
|
||||
secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
|
||||
}
|
||||
|
||||
void run_ec_pubkey_parse_test(void) {
|
||||
#define SECP256K1_EC_PARSE_TEST_NVALID (12)
|
||||
const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = {
|
||||
{
|
||||
/* Point with leading and trailing zeros in x and y serialization. */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42, 0x52,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x64, 0xef, 0xa1, 0x7b, 0x77, 0x61, 0xe1, 0xe4, 0x27, 0x06, 0x98, 0x9f, 0xb4, 0x83,
|
||||
0xb8, 0xd2, 0xd4, 0x9b, 0xf7, 0x8f, 0xae, 0x98, 0x03, 0xf0, 0x99, 0xb8, 0x34, 0xed, 0xeb, 0x00
|
||||
},
|
||||
{
|
||||
/* Point with x equal to a 3rd root of unity.*/
|
||||
0x7a, 0xe9, 0x6a, 0x2b, 0x65, 0x7c, 0x07, 0x10, 0x6e, 0x64, 0x47, 0x9e, 0xac, 0x34, 0x34, 0xe9,
|
||||
0x9c, 0xf0, 0x49, 0x75, 0x12, 0xf5, 0x89, 0x95, 0xc1, 0x39, 0x6c, 0x28, 0x71, 0x95, 0x01, 0xee,
|
||||
0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
|
||||
0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
|
||||
},
|
||||
{
|
||||
/* Point with largest x. (1/2) */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
|
||||
0x0e, 0x99, 0x4b, 0x14, 0xea, 0x72, 0xf8, 0xc3, 0xeb, 0x95, 0xc7, 0x1e, 0xf6, 0x92, 0x57, 0x5e,
|
||||
0x77, 0x50, 0x58, 0x33, 0x2d, 0x7e, 0x52, 0xd0, 0x99, 0x5c, 0xf8, 0x03, 0x88, 0x71, 0xb6, 0x7d,
|
||||
},
|
||||
{
|
||||
/* Point with largest x. (2/2) */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2c,
|
||||
0xf1, 0x66, 0xb4, 0xeb, 0x15, 0x8d, 0x07, 0x3c, 0x14, 0x6a, 0x38, 0xe1, 0x09, 0x6d, 0xa8, 0xa1,
|
||||
0x88, 0xaf, 0xa7, 0xcc, 0xd2, 0x81, 0xad, 0x2f, 0x66, 0xa3, 0x07, 0xfb, 0x77, 0x8e, 0x45, 0xb2,
|
||||
},
|
||||
{
|
||||
/* Point with smallest x. (1/2) */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
|
||||
0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
|
||||
},
|
||||
{
|
||||
/* Point with smallest x. (2/2) */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
|
||||
0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
|
||||
},
|
||||
{
|
||||
/* Point with largest y. (1/3) */
|
||||
0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
|
||||
0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
|
||||
},
|
||||
{
|
||||
/* Point with largest y. (2/3) */
|
||||
0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
|
||||
0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
|
||||
},
|
||||
{
|
||||
/* Point with largest y. (3/3) */
|
||||
0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
|
||||
0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
|
||||
},
|
||||
{
|
||||
/* Point with smallest y. (1/3) */
|
||||
0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
|
||||
0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
},
|
||||
{
|
||||
/* Point with smallest y. (2/3) */
|
||||
0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
|
||||
0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
},
|
||||
{
|
||||
/* Point with smallest y. (3/3) */
|
||||
0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
|
||||
0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
||||
}
|
||||
};
|
||||
#define SECP256K1_EC_PARSE_TEST_NXVALID (4)
|
||||
const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = {
|
||||
{
|
||||
/* Valid if y overflow ignored (y = 1 mod p). (1/3) */
|
||||
0x1f, 0xe1, 0xe5, 0xef, 0x3f, 0xce, 0xb5, 0xc1, 0x35, 0xab, 0x77, 0x41, 0x33, 0x3c, 0xe5, 0xa6,
|
||||
0xe8, 0x0d, 0x68, 0x16, 0x76, 0x53, 0xf6, 0xb2, 0xb2, 0x4b, 0xcb, 0xcf, 0xaa, 0xaf, 0xf5, 0x07,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
|
||||
},
|
||||
{
|
||||
/* Valid if y overflow ignored (y = 1 mod p). (2/3) */
|
||||
0xcb, 0xb0, 0xde, 0xab, 0x12, 0x57, 0x54, 0xf1, 0xfd, 0xb2, 0x03, 0x8b, 0x04, 0x34, 0xed, 0x9c,
|
||||
0xb3, 0xfb, 0x53, 0xab, 0x73, 0x53, 0x91, 0x12, 0x99, 0x94, 0xa5, 0x35, 0xd9, 0x25, 0xf6, 0x73,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
|
||||
},
|
||||
{
|
||||
/* Valid if y overflow ignored (y = 1 mod p). (3/3)*/
|
||||
0x14, 0x6d, 0x3b, 0x65, 0xad, 0xd9, 0xf5, 0x4c, 0xcc, 0xa2, 0x85, 0x33, 0xc8, 0x8e, 0x2c, 0xbc,
|
||||
0x63, 0xf7, 0x44, 0x3e, 0x16, 0x58, 0x78, 0x3a, 0xb4, 0x1f, 0x8e, 0xf9, 0x7c, 0x2a, 0x10, 0xb5,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
|
||||
},
|
||||
{
|
||||
/* x on curve, y is from y^2 = x^3 + 8. */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
|
||||
}
|
||||
};
|
||||
#define SECP256K1_EC_PARSE_TEST_NINVALID (7)
|
||||
const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = {
|
||||
{
|
||||
/* x is third root of -8, y is -1 * (x^3+7); also on the curve for y^2 = x^3 + 9. */
|
||||
0x0a, 0x2d, 0x2b, 0xa9, 0x35, 0x07, 0xf1, 0xdf, 0x23, 0x37, 0x70, 0xc2, 0xa7, 0x97, 0x96, 0x2c,
|
||||
0xc6, 0x1f, 0x6d, 0x15, 0xda, 0x14, 0xec, 0xd4, 0x7d, 0x8d, 0x27, 0xae, 0x1c, 0xd5, 0xf8, 0x53,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
||||
},
|
||||
{
|
||||
/* Valid if x overflow ignored (x = 1 mod p). */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
|
||||
0x42, 0x18, 0xf2, 0x0a, 0xe6, 0xc6, 0x46, 0xb3, 0x63, 0xdb, 0x68, 0x60, 0x58, 0x22, 0xfb, 0x14,
|
||||
0x26, 0x4c, 0xa8, 0xd2, 0x58, 0x7f, 0xdd, 0x6f, 0xbc, 0x75, 0x0d, 0x58, 0x7e, 0x76, 0xa7, 0xee,
|
||||
},
|
||||
{
|
||||
/* Valid if x overflow ignored (x = 1 mod p). */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x30,
|
||||
0xbd, 0xe7, 0x0d, 0xf5, 0x19, 0x39, 0xb9, 0x4c, 0x9c, 0x24, 0x97, 0x9f, 0xa7, 0xdd, 0x04, 0xeb,
|
||||
0xd9, 0xb3, 0x57, 0x2d, 0xa7, 0x80, 0x22, 0x90, 0x43, 0x8a, 0xf2, 0xa6, 0x81, 0x89, 0x54, 0x41,
|
||||
},
|
||||
{
|
||||
/* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
|
||||
0xf4, 0x84, 0x14, 0x5c, 0xb0, 0x14, 0x9b, 0x82, 0x5d, 0xff, 0x41, 0x2f, 0xa0, 0x52, 0xa8, 0x3f,
|
||||
0xcb, 0x72, 0xdb, 0x61, 0xd5, 0x6f, 0x37, 0x70, 0xce, 0x06, 0x6b, 0x73, 0x49, 0xa2, 0xaa, 0x28,
|
||||
},
|
||||
{
|
||||
/* x is -1, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 5. */
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfc, 0x2e,
|
||||
0x0b, 0x7b, 0xeb, 0xa3, 0x4f, 0xeb, 0x64, 0x7d, 0xa2, 0x00, 0xbe, 0xd0, 0x5f, 0xad, 0x57, 0xc0,
|
||||
0x34, 0x8d, 0x24, 0x9e, 0x2a, 0x90, 0xc8, 0x8f, 0x31, 0xf9, 0x94, 0x8b, 0xb6, 0x5d, 0x52, 0x07,
|
||||
},
|
||||
{
|
||||
/* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x8f, 0x53, 0x7e, 0xef, 0xdf, 0xc1, 0x60, 0x6a, 0x07, 0x27, 0xcd, 0x69, 0xb4, 0xa7, 0x33, 0x3d,
|
||||
0x38, 0xed, 0x44, 0xe3, 0x93, 0x2a, 0x71, 0x79, 0xee, 0xcb, 0x4b, 0x6f, 0xba, 0x93, 0x60, 0xdc,
|
||||
},
|
||||
{
|
||||
/* x is zero, y is the result of the sqrt ladder; also on the curve for y^2 = x^3 - 7. */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x70, 0xac, 0x81, 0x10, 0x20, 0x3e, 0x9f, 0x95, 0xf8, 0xd8, 0x32, 0x96, 0x4b, 0x58, 0xcc, 0xc2,
|
||||
0xc7, 0x12, 0xbb, 0x1c, 0x6c, 0xd5, 0x8e, 0x86, 0x11, 0x34, 0xb4, 0x8f, 0x45, 0x6c, 0x9b, 0x53
|
||||
}
|
||||
};
|
||||
const unsigned char pubkeyc[66] = {
|
||||
/* Serialization of G. */
|
||||
0x04, 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, 0xCE, 0x87, 0x0B,
|
||||
0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17,
|
||||
0x98, 0x48, 0x3A, 0xDA, 0x77, 0x26, 0xA3, 0xC4, 0x65, 0x5D, 0xA4, 0xFB, 0xFC, 0x0E, 0x11, 0x08,
|
||||
0xA8, 0xFD, 0x17, 0xB4, 0x48, 0xA6, 0x85, 0x54, 0x19, 0x9C, 0x47, 0xD0, 0x8F, 0xFB, 0x10, 0xD4,
|
||||
0xB8, 0x00
|
||||
};
|
||||
unsigned char shortkey[2];
|
||||
secp256k1_ge ge;
|
||||
secp256k1_pubkey pubkey;
|
||||
int32_t i;
|
||||
int32_t ecount;
|
||||
int32_t ecount2;
|
||||
ecount = 0;
|
||||
/* Nothing should be reading this far into pubkeyc. */
|
||||
VG_UNDEF(&pubkeyc[65], 1);
|
||||
secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount);
|
||||
/* Zero length claimed, fail, zeroize, no illegal arg error. */
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(shortkey, 2);
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
/* Length one claimed, fail, zeroize, no illegal arg error. */
|
||||
for (i = 0; i < 256 ; i++) {
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
shortkey[0] = i;
|
||||
VG_UNDEF(&shortkey[1], 1);
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
}
|
||||
/* Length two claimed, fail, zeroize, no illegal arg error. */
|
||||
for (i = 0; i < 65536 ; i++) {
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
shortkey[0] = i & 255;
|
||||
shortkey[1] = i >> 8;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
}
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
/* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
/* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0);
|
||||
CHECK(ecount == 2);
|
||||
/* NULL input string. Illegal arg and zeroize output. */
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 1);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 2);
|
||||
/* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
/* 66 bytes claimed, fail, zeroize output, no illegal arg error. */
|
||||
memset(&pubkey, 0xfe, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0);
|
||||
CHECK(ecount == 1);
|
||||
/* Valid parse. */
|
||||
memset(&pubkey, 0, sizeof(pubkey));
|
||||
ecount = 0;
|
||||
VG_UNDEF(&pubkey, sizeof(pubkey));
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1);
|
||||
VG_CHECK(&pubkey, sizeof(pubkey));
|
||||
CHECK(ecount == 0);
|
||||
VG_UNDEF(&ge, sizeof(ge));
|
||||
CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1);
|
||||
VG_CHECK(&ge.x, sizeof(ge.x));
|
||||
VG_CHECK(&ge.y, sizeof(ge.y));
|
||||
VG_CHECK(&ge.infinity, sizeof(ge.infinity));
|
||||
ge_equals_ge(&secp256k1_ge_const_g, &ge);
|
||||
CHECK(ecount == 0);
|
||||
/* Multiple illegal args. Should still set arg error only once. */
|
||||
ecount = 0;
|
||||
ecount2 = 11;
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0);
|
||||
CHECK(ecount == 1);
|
||||
/* Does the illegal arg callback actually change the behavior? */
|
||||
secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2);
|
||||
CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0);
|
||||
CHECK(ecount == 1);
|
||||
CHECK(ecount2 == 10);
|
||||
secp256k1_context_set_illegal_callback(ctx, NULL, NULL);
|
||||
/* Try a bunch of prefabbed points with all possible encodings. */
|
||||
for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) {
|
||||
ec_pubkey_parse_pointtest(valid[i], 1, 1);
|
||||
}
|
||||
for (i = 0; i < SECP256K1_EC_PARSE_TEST_NXVALID; i++) {
|
||||
ec_pubkey_parse_pointtest(onlyxvalid[i], 1, 0);
|
||||
}
|
||||
for (i = 0; i < SECP256K1_EC_PARSE_TEST_NINVALID; i++) {
|
||||
ec_pubkey_parse_pointtest(invalid[i], 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) {
|
||||
secp256k1_scalar nonce;
|
||||
do {
|
||||
|
|
@ -2283,7 +2686,6 @@ int main(int argc, char **argv) {
|
|||
secp256k1_rand256(run32);
|
||||
CHECK(secp256k1_context_randomize(ctx, (secp256k1_rand32() & 1) ? run32 : NULL));
|
||||
}
|
||||
|
||||
run_sha256_tests();
|
||||
run_hmac_sha256_tests();
|
||||
run_rfc6979_hmac_sha256_tests();
|
||||
|
|
@ -2322,6 +2724,9 @@ int main(int argc, char **argv) {
|
|||
run_endomorphism_tests();
|
||||
#endif
|
||||
|
||||
/* EC point parser test*/
|
||||
run_ec_pubkey_parse_test();
|
||||
|
||||
#ifdef ENABLE_MODULE_ECDH
|
||||
/* ecdh tests */
|
||||
run_ecdh_tests();
|
||||
|
|
|
|||
Loading…
Reference in a new issue