Bitcoin ABC  0.22.12
P2P Digital Currency
tests_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2013-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef SECP256K1_MODULE_RECOVERY_TESTS_H
8 #define SECP256K1_MODULE_RECOVERY_TESTS_H
9 
10 static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) {
11  (void) msg32;
12  (void) key32;
13  (void) algo16;
14  (void) data;
15 
16  /* On the first run, return 0 to force a second run */
17  if (counter == 0) {
18  memset(nonce32, 0, 32);
19  return 1;
20  }
21  /* On the second run, return an overflow to force a third run */
22  if (counter == 1) {
23  memset(nonce32, 0xff, 32);
24  return 1;
25  }
26  /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
27  memset(nonce32, 1, 32);
28  return secp256k1_testrand_bits(1);
29 }
30 
32  /* Setup contexts that just count errors */
37  secp256k1_pubkey pubkey;
38  secp256k1_pubkey recpubkey;
39  secp256k1_ecdsa_signature normal_sig;
41  unsigned char privkey[32] = { 1 };
42  unsigned char message[32] = { 2 };
43  int32_t ecount = 0;
44  int recid = 0;
45  unsigned char sig[74];
46  unsigned char zero_privkey[32] = { 0 };
47  unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
48  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
49  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
50  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
51 
60 
61  /* Construct and verify corresponding public key. */
62  CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
63  CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
64 
65  /* Check bad contexts and NULLs for signing */
66  ecount = 0;
67  CHECK(secp256k1_ecdsa_sign_recoverable(none, &recsig, message, privkey, NULL, NULL) == 0);
68  CHECK(ecount == 1);
69  CHECK(secp256k1_ecdsa_sign_recoverable(sign, &recsig, message, privkey, NULL, NULL) == 1);
70  CHECK(ecount == 1);
71  CHECK(secp256k1_ecdsa_sign_recoverable(vrfy, &recsig, message, privkey, NULL, NULL) == 0);
72  CHECK(ecount == 2);
73  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1);
74  CHECK(ecount == 2);
75  CHECK(secp256k1_ecdsa_sign_recoverable(both, NULL, message, privkey, NULL, NULL) == 0);
76  CHECK(ecount == 3);
77  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, NULL, privkey, NULL, NULL) == 0);
78  CHECK(ecount == 4);
79  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, NULL, NULL, NULL) == 0);
80  CHECK(ecount == 5);
81  /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */
82  secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, recovery_test_nonce_function, NULL);
83  CHECK(ecount == 5);
84  /* These will all fail, but not in ARG_CHECK way */
85  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, zero_privkey, NULL, NULL) == 0);
86  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, over_privkey, NULL, NULL) == 0);
87  /* This one will succeed. */
88  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1);
89  CHECK(ecount == 5);
90 
91  /* Check signing with a goofy nonce function */
92 
93  /* Check bad contexts and NULLs for recovery */
94  ecount = 0;
95  CHECK(secp256k1_ecdsa_recover(none, &recpubkey, &recsig, message) == 0);
96  CHECK(ecount == 1);
97  CHECK(secp256k1_ecdsa_recover(sign, &recpubkey, &recsig, message) == 0);
98  CHECK(ecount == 2);
99  CHECK(secp256k1_ecdsa_recover(vrfy, &recpubkey, &recsig, message) == 1);
100  CHECK(ecount == 2);
101  CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, message) == 1);
102  CHECK(ecount == 2);
103  CHECK(secp256k1_ecdsa_recover(both, NULL, &recsig, message) == 0);
104  CHECK(ecount == 3);
105  CHECK(secp256k1_ecdsa_recover(both, &recpubkey, NULL, message) == 0);
106  CHECK(ecount == 4);
107  CHECK(secp256k1_ecdsa_recover(both, &recpubkey, &recsig, NULL) == 0);
108  CHECK(ecount == 5);
109 
110  /* Check NULLs for conversion */
111  CHECK(secp256k1_ecdsa_sign(both, &normal_sig, message, privkey, NULL, NULL) == 1);
112  ecount = 0;
113  CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, NULL, &recsig) == 0);
114  CHECK(ecount == 1);
115  CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, NULL) == 0);
116  CHECK(ecount == 2);
117  CHECK(secp256k1_ecdsa_recoverable_signature_convert(both, &normal_sig, &recsig) == 1);
118 
119  /* Check NULLs for de/serialization */
120  CHECK(secp256k1_ecdsa_sign_recoverable(both, &recsig, message, privkey, NULL, NULL) == 1);
121  ecount = 0;
122  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, NULL, &recid, &recsig) == 0);
123  CHECK(ecount == 1);
124  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, NULL, &recsig) == 0);
125  CHECK(ecount == 2);
126  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, NULL) == 0);
127  CHECK(ecount == 3);
128  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(both, sig, &recid, &recsig) == 1);
129 
130  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, NULL, sig, recid) == 0);
131  CHECK(ecount == 4);
132  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, NULL, recid) == 0);
133  CHECK(ecount == 5);
134  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, -1) == 0);
135  CHECK(ecount == 6);
136  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, 5) == 0);
137  CHECK(ecount == 7);
138  /* overflow in signature will fail but not affect ecount */
139  memcpy(sig, over_privkey, 32);
140  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(both, &recsig, sig, recid) == 0);
141  CHECK(ecount == 7);
142 
143  /* cleanup */
148 }
149 
151  unsigned char extra[32] = {0x00};
152  unsigned char privkey[32];
153  unsigned char message[32];
154  secp256k1_ecdsa_signature signature[5];
156  unsigned char sig[74];
157  secp256k1_pubkey pubkey;
158  secp256k1_pubkey recpubkey;
159  int recid = 0;
160 
161  /* Generate a random key and message. */
162  {
163  secp256k1_scalar msg, key;
166  secp256k1_scalar_get_b32(privkey, &key);
167  secp256k1_scalar_get_b32(message, &msg);
168  }
169 
170  /* Construct and verify corresponding public key. */
171  CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
172  CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
173 
174  /* Serialize/parse compact and verify/recover. */
175  extra[0] = 0;
176  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1);
177  CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1);
178  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1);
179  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1);
180  extra[31] = 1;
181  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1);
182  extra[31] = 0;
183  extra[0] = 1;
184  CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1);
185  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
186  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
187  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
188  memset(&rsignature[4], 0, sizeof(rsignature[4]));
189  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
190  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
191  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
192  /* Parse compact (with recovery id) and recover. */
193  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
194  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1);
195  CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
196  /* Serialize/destroy/parse signature and verify again. */
197  CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
199  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
200  CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
201  CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0);
202  /* Recover again */
203  CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 ||
204  secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
205 }
206 
207 /* Tests several edge cases. */
209  const unsigned char msg32[32] = {
210  'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
211  'a', ' ', 'v', 'e', 'r', 'y', ' ', 's',
212  'e', 'c', 'r', 'e', 't', ' ', 'm', 'e',
213  's', 's', 'a', 'g', 'e', '.', '.', '.'
214  };
215  const unsigned char sig64[64] = {
216  /* Generated by signing the above message with nonce 'This is the nonce we will use...'
217  * and secret key 0 (which is not valid), resulting in recid 1. */
218  0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8,
219  0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96,
220  0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63,
221  0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32,
222  0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E,
223  0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD,
224  0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86,
225  0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57
226  };
227  secp256k1_pubkey pubkey;
228  /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */
229  const unsigned char sigb64[64] = {
230  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
232  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
233  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
234  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
238  };
239  secp256k1_pubkey pubkeyb;
242  int recid;
243 
245  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
247  CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
249  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
251  CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
252 
253  for (recid = 0; recid < 4; recid++) {
254  int i;
255  int recid2;
256  /* (4,4) encoded in DER. */
257  unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
258  unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01};
259  unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00};
260  unsigned char sigbderalt1[39] = {
261  0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00,
262  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
263  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
264  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
265  0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
266  };
267  unsigned char sigbderalt2[39] = {
268  0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00,
269  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
270  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
271  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
272  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
273  };
274  unsigned char sigbderalt3[40] = {
275  0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00,
276  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
277  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
278  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
279  0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
280  };
281  unsigned char sigbderalt4[40] = {
282  0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00,
283  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
284  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
285  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
286  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
287  };
288  /* (order + r,4) encoded in DER. */
289  unsigned char sigbderlong[40] = {
290  0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF,
291  0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
292  0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC,
293  0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E,
294  0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04
295  };
297  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1);
298  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
299  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
300  for (recid2 = 0; recid2 < 4; recid2++) {
301  secp256k1_pubkey pubkey2b;
302  CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1);
303  CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1);
304  /* Verifying with (order + r,4) should always fail. */
305  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1);
306  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
307  }
308  /* DER parsing tests. */
309  /* Zero length r/s. */
310  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0);
311  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0);
312  /* Leading zeros. */
313  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0);
314  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0);
315  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0);
316  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0);
317  sigbderalt3[4] = 1;
318  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1);
319  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
320  sigbderalt4[7] = 1;
321  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1);
322  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
323  /* Damage signature. */
324  sigbder[7]++;
325  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
326  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
327  sigbder[7]--;
328  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0);
329  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0);
330  for(i = 0; i < 8; i++) {
331  int c;
332  unsigned char orig = sigbder[i];
333  /*Try every single-byte change.*/
334  for (c = 0; c < 256; c++) {
335  if (c == orig ) {
336  continue;
337  }
338  sigbder[i] = c;
339  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
340  }
341  sigbder[i] = orig;
342  }
343  }
344 
345  /* Test r/s equal to zero */
346  {
347  /* (1,1) encoded in DER. */
348  unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01};
349  unsigned char sigc64[64] = {
350  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
351  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
352  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
353  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
354  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
355  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
356  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
357  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
358  };
359  secp256k1_pubkey pubkeyc;
361  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1);
362  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
363  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1);
364  sigcder[4] = 0;
365  sigc64[31] = 0;
367  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
368  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
369  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
370  sigcder[4] = 1;
371  sigcder[7] = 0;
372  sigc64[31] = 1;
373  sigc64[63] = 0;
375  CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
376  CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
377  CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
378  }
379 }
380 
381 void run_recovery_tests(void) {
382  int i;
383  for (i = 0; i < count; i++) {
385  }
386  for (i = 0; i < 64*count; i++) {
388  }
390 }
391 
392 #endif /* SECP256K1_MODULE_RECOVERY_TESTS_H */
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a compact ECDSA signature (64 bytes + recovery id).
Definition: main_impl.h:38
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call...
Definition: secp256k1.c:204
std::array< uint8_t, 64 > sig
Definition: processor.cpp:248
void test_ecdsa_recovery_end_to_end(void)
Definition: tests_impl.h:150
secp256k1_context * ctx
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
#define SECP256K1_CONTEXT_NONE
Definition: secp256k1.h:173
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const secp256k1_ecdsa_recoverable_signature *sigin) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Convert a recoverable signature into a normal signature.
Definition: main_impl.h:74
static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter)
Definition: tests_impl.h:10
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
void test_ecdsa_recovery_api(void)
Definition: tests_impl.h:31
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:197
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:574
void test_ecdsa_recovery_edge_cases(void)
Definition: tests_impl.h:208
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:551
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:536
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:80
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
static uint32_t secp256k1_testrand_bits(int bits)
Generate a pseudorandom number in the range [0..2**bits-1].
#define CHECK(cond)
Definition: util.h:53
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:213
SECP256K1_API int secp256k1_ecdsa_signature_parse_der(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a DER ECDSA signature.
Definition: secp256k1.c:344
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:170
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msg32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Recover an ECDSA public key from a signature.
Definition: main_impl.h:138
void random_scalar_order_test(secp256k1_scalar *num)
Definition: tests.c:107
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:224
static int count
Definition: tests.c:35
static void counting_illegal_callback_fn(const char *str, void *data)
Definition: tests.c:38
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:153
void run_recovery_tests(void)
Definition: tests_impl.h:381
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:67
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify(const secp256k1_context *ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Verify an ECDSA signature.
Definition: secp256k1.c:425