Bitcoin ABC 0.33.6
P2P Digital Currency
ctime_tests.c
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2020 Gregory Maxwell *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#include <stdio.h>
8
9#include "../include/secp256k1.h"
10#include "assumptions.h"
11#include "checkmem.h"
12
13#if !SECP256K1_CHECKMEM_ENABLED
14# error "This tool cannot be compiled without memory-checking interface (valgrind or msan)"
15#endif
16
17#ifdef ENABLE_MODULE_ECDH
18# include "../include/secp256k1_ecdh.h"
19#endif
20
21#ifdef ENABLE_MODULE_RECOVERY
22# include "../include/secp256k1_recovery.h"
23#endif
24
25#ifdef ENABLE_MODULE_SCHNORR
26# include "include/secp256k1_schnorr.h"
27#endif
28
29#ifdef ENABLE_MODULE_EXTRAKEYS
30# include "../include/secp256k1_extrakeys.h"
31#endif
32
33#ifdef ENABLE_MODULE_SCHNORRSIG
34#include "../include/secp256k1_schnorrsig.h"
35#endif
36
37#ifdef ENABLE_MODULE_ELLSWIFT
38#include "../include/secp256k1_ellswift.h"
39#endif
40
41static void run_tests(secp256k1_context *ctx, unsigned char *key);
42
43int main(void) {
44 secp256k1_context* ctx;
45 unsigned char key[32];
46 int ret, i;
47
48 if (!SECP256K1_CHECKMEM_RUNNING()) {
49 fprintf(stderr, "This test can only usefully be run inside valgrind because it was not compiled under msan.\n");
50 fprintf(stderr, "Usage: libtool --mode=execute valgrind ./ctime_tests\n");
51 return 1;
52 }
53 ctx = secp256k1_context_create(SECP256K1_CONTEXT_DECLASSIFY);
57 for (i = 0; i < 32; i++) {
58 key[i] = i + 65;
59 }
60
61 run_tests(ctx, key);
62
63 /* Test context randomisation. Do this last because it leaves the context
64 * tainted. */
65 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
66 ret = secp256k1_context_randomize(ctx, key);
67 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
68 CHECK(ret);
69
70 secp256k1_context_destroy(ctx);
71 return 0;
72}
73
74static void run_tests(secp256k1_context *ctx, unsigned char *key) {
75 secp256k1_ecdsa_signature signature;
76 secp256k1_pubkey pubkey;
77 size_t siglen = 74;
78 size_t outputlen = 33;
79 int i;
80 int ret;
81 unsigned char msg[32];
82 unsigned char sig[74];
83 unsigned char spubkey[33];
84#ifdef ENABLE_MODULE_RECOVERY
85 secp256k1_ecdsa_recoverable_signature recoverable_signature;
86 int recid;
87#endif
88#ifdef ENABLE_MODULE_EXTRAKEYS
89 secp256k1_keypair keypair;
90#endif
91#ifdef ENABLE_MODULE_ELLSWIFT
92 unsigned char ellswift[64];
93 static const unsigned char prefix[64] = {'t', 'e', 's', 't'};
94#endif
95
96 for (i = 0; i < 32; i++) {
97 msg[i] = i + 1;
98 }
99
100 /* Test keygen. */
101 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
102 ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
103 SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(secp256k1_pubkey));
104 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
105 CHECK(ret);
106 CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
107
108 /* Test signing. */
109 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
110 ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
111 SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(secp256k1_ecdsa_signature));
112 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
113 CHECK(ret);
114 CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature));
115
116#ifdef ENABLE_MODULE_ECDH
117 /* Test ECDH. */
118 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
119 ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
120 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
121 CHECK(ret == 1);
122#endif
123
124#ifdef ENABLE_MODULE_RECOVERY
125 /* Test signing a recoverable signature. */
126 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
127 ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
128 SECP256K1_CHECKMEM_DEFINE(&recoverable_signature, sizeof(recoverable_signature));
129 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
130 CHECK(ret);
131 CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
132 CHECK(recid >= 0 && recid <= 3);
133#endif
134
135#ifdef ENABLE_MODULE_SCHNORR
136 /* Test schnorr signing. */
137 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
138 ret = secp256k1_schnorr_sign(ctx, sig, msg, key, NULL, NULL);
139 SECP256K1_CHECKMEM_DEFINE(&sig, sizeof(64));
140 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
141 CHECK(ret);
142#endif
143
144 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
145 ret = secp256k1_ec_seckey_verify(ctx, key);
146 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
147 CHECK(ret == 1);
148
149 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
150 ret = secp256k1_ec_seckey_negate(ctx, key);
151 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
152 CHECK(ret == 1);
153
154 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
155 SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
156 ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
157 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
158 CHECK(ret == 1);
159
160 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
161 SECP256K1_CHECKMEM_UNDEFINE(msg, 32);
162 ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
163 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
164 CHECK(ret == 1);
165
166 /* Test keypair_create and keypair_xonly_tweak_add. */
167#ifdef ENABLE_MODULE_EXTRAKEYS
168 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
169 ret = secp256k1_keypair_create(ctx, &keypair, key);
170 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
171 CHECK(ret == 1);
172
173 /* The tweak is not treated as a secret in keypair_tweak_add */
174 SECP256K1_CHECKMEM_DEFINE(msg, 32);
175 ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
176 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
177 CHECK(ret == 1);
178
179 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
180 SECP256K1_CHECKMEM_UNDEFINE(&keypair, sizeof(keypair));
181 ret = secp256k1_keypair_sec(ctx, key, &keypair);
182 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
183 CHECK(ret == 1);
184#endif
185
186#ifdef ENABLE_MODULE_SCHNORRSIG
187 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
188 ret = secp256k1_keypair_create(ctx, &keypair, key);
189 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
190 CHECK(ret == 1);
191 ret = secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL);
192 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
193 CHECK(ret == 1);
194#endif
195
196#ifdef ENABLE_MODULE_ELLSWIFT
197 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
198 ret = secp256k1_ellswift_create(ctx, ellswift, key, NULL);
199 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
200 CHECK(ret == 1);
201
202 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
203 ret = secp256k1_ellswift_create(ctx, ellswift, key, ellswift);
204 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
205 CHECK(ret == 1);
206
207 for (i = 0; i < 2; i++) {
208 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
209 SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift));
210 ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_bip324, NULL);
211 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
212 CHECK(ret == 1);
213
214 SECP256K1_CHECKMEM_UNDEFINE(key, 32);
215 SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift));
216 ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_prefix, (void *)prefix);
217 SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret));
218 CHECK(ret == 1);
219 }
220
221#endif
222}
SECP256K1_CHECKMEM_UNDEFINE
#define SECP256K1_CHECKMEM_UNDEFINE(p, len)
Definition: checkmem.h:76
SECP256K1_CHECKMEM_DEFINE
#define SECP256K1_CHECKMEM_DEFINE(p, len)
Definition: checkmem.h:77
SECP256K1_CHECKMEM_RUNNING
#define SECP256K1_CHECKMEM_RUNNING()
Definition: checkmem.h:79
run_tests
static void run_tests(secp256k1_context *ctx, unsigned char *key)
Definition: ctime_tests.c:74
main
int main(void)
Definition: ctime_tests.c:43
ctx
secp256k1_context * ctx
Definition: bench_impl.h:13
tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:56
sig
SchnorrSig sig
Definition: processor.cpp:537
prefix
const char * prefix
Definition: rest.cpp:813
CHECK
#define CHECK(cond)
Definition: util.h:128
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:186
secp256k1_ec_seckey_tweak_mul
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:704
secp256k1_context_randomize
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Randomizes the context to provide enhanced protection against side-channel leakage.
Definition: secp256k1.c:751
SECP256K1_CONTEXT_DECLASSIFY
#define SECP256K1_CONTEXT_DECLASSIFY
Definition: secp256k1.h:199
secp256k1_ec_seckey_negate
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:614
secp256k1_ec_pubkey_serialize
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:290
secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:573
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:140
secp256k1_ecdsa_sign
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:558
secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:596
SECP256K1_EC_COMPRESSED
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:202
secp256k1_ecdsa_signature_serialize_der
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:400
secp256k1_ec_seckey_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:660
secp256k1_ecdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:29
secp256k1_ellswift_xdh_hash_function_prefix
SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix
An implementation of an secp256k1_ellswift_xdh_hash_function which uses SHA256(prefix64 || ell_a64 ||...
Definition: secp256k1_ellswift.h:73
secp256k1_ellswift_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute an ElligatorSwift public key for a secret key.
Definition: main_impl.h:449
secp256k1_ellswift_xdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_xdh(const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(7)
Given a private key, and ElligatorSwift public keys sent in both directions, compute a shared secret ...
Definition: main_impl.h:548
secp256k1_ellswift_xdh_hash_function_bip324
SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324
An implementation of an secp256k1_ellswift_xdh_hash_function compatible with BIP324.
Definition: secp256k1_ellswift.h:81
secp256k1_keypair_sec
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the secret key from a keypair.
Definition: main_impl.h:214
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a secret key.
Definition: main_impl.h:196
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:255
secp256k1_ecdsa_recoverable_signature_serialize_compact
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
secp256k1_ecdsa_sign_recoverable
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
secp256k1_schnorr.h
secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:32
secp256k1_schnorrsig_sign32
SECP256K1_API int secp256k1_schnorrsig_sign32(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:195
secp256k1_context_struct
Definition: secp256k1.c:60
secp256k1_ecdsa_recoverable_signature
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Definition: secp256k1_recovery.h:24
secp256k1_ecdsa_signature
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:74
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:61
Generated on Sat Jun 20 2026 17:27:43 for Bitcoin ABC by doxygen 1.9.4