diff --git a/.cirrus.yml b/.cirrus.yml index bd9623b9..9da76173 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,6 +1,7 @@ env: ### compiler options HOST: + WRAPPER_CMD: # Specific warnings can be disabled with -Wno-error=foo. # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. WERROR_CFLAGS: -Werror -pedantic-errors @@ -41,6 +42,8 @@ cat_logs_snippet: &CAT_LOGS always: cat_tests_log_script: - cat tests.log || true + cat_noverify_tests_log_script: + - cat noverify_tests.log || true cat_exhaustive_tests_log_script: - cat exhaustive_tests.log || true cat_valgrind_ctime_test_log_script: diff --git a/.gitignore b/.gitignore index f40c2c14..9503ba45 100644 --- a/.gitignore +++ b/.gitignore @@ -47,8 +47,6 @@ coverage.*.html *.gcno *.gcov -src/libsecp256k1-config.h -src/libsecp256k1-config.h.in build-aux/ar-lib build-aux/config.guess build-aux/config.sub @@ -63,7 +61,6 @@ build-aux/m4/ltversion.m4 build-aux/missing build-aux/compile build-aux/test-driver -src/stamp-h1 libsecp256k1.pc contrib/gh-pr-create.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 76d50875..e3cbfddb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,29 +3,40 @@ Instead, it is the changelog of the upstream library [libsecp256k1](https://gith # Changelog -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ## [0.2.0] - 2022-12-12 -### Added +#### Added + - Added usage examples for common use cases in a new `examples/` directory. - Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`. + - Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms. -### Changed - - Enabled modules schnorrsig, extrakeys and ECDH by default in `./configure`. +#### Changed + - Enabled modules `schnorrsig`, `extrakeys` and `ecdh` by default in `./configure`. + - The `secp256k1_nonce_function_rfc6979` nonce function, used by default by `secp256k1_ecdsa_sign`, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API. -### Deprecated +#### Deprecated - Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead. - Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`. + - Module `schnorrsig`: renamed `secp256k1_schnorrsig_sign` to `secp256k1_schnorrsig_sign32`. -### ABI Compatibility +#### ABI Compatibility Since this is the first release, we do not compare application binary interfaces. -However, there are unreleased versions of libsecp256k1 that are *not* ABI compatible with this version. +However, there are earlier unreleased versions of libsecp256k1 that are *not* ABI compatible with this version. ## [0.1.0] - 2013-03-05 to 2021-12-25 This version was in fact never released. The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6). Therefore, this version number does not uniquely identify a set of source files. + +[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.2.0...HEAD +[0.2.0]: https://github.com/bitcoin-core/secp256k1/compare/423b6d19d373f1224fd671a982584d7e7900bc93..v0.2.0 +[0.1.0]: https://github.com/bitcoin-core/secp256k1/commit/423b6d19d373f1224fd671a982584d7e7900bc93 diff --git a/Makefile.am b/Makefile.am index b02cd526..8f97db74 100644 --- a/Makefile.am +++ b/Makefile.am @@ -75,7 +75,7 @@ noinst_HEADERS += examples/random.h PRECOMPUTED_LIB = libsecp256k1_precomputed.la noinst_LTLIBRARIES = $(PRECOMPUTED_LIB) libsecp256k1_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c -libsecp256k1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES) +libsecp256k1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) if USE_EXTERNAL_ASM COMMON_LIB = libsecp256k1_common.la @@ -94,7 +94,7 @@ endif endif libsecp256k1_la_SOURCES = src/secp256k1.c -libsecp256k1_la_CPPFLAGS = $(SECP_INCLUDES) +libsecp256k1_la_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE) @@ -107,37 +107,43 @@ if USE_BENCHMARK noinst_PROGRAMS += bench bench_internal bench_ecmult bench_SOURCES = src/bench.c bench_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) +bench_CPPFLAGS = $(SECP_CONFIG_DEFINES) bench_internal_SOURCES = src/bench_internal.c bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) -bench_internal_CPPFLAGS = $(SECP_INCLUDES) +bench_internal_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) bench_ecmult_SOURCES = src/bench_ecmult.c bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) -bench_ecmult_CPPFLAGS = $(SECP_INCLUDES) +bench_ecmult_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) endif TESTS = if USE_TESTS -noinst_PROGRAMS += tests -tests_SOURCES = src/tests.c -tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) +TESTS += noverify_tests +noinst_PROGRAMS += noverify_tests +noverify_tests_SOURCES = src/tests.c +noverify_tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) $(SECP_CONFIG_DEFINES) +noverify_tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) +noverify_tests_LDFLAGS = -static if VALGRIND_ENABLED -tests_CPPFLAGS += -DVALGRIND +noverify_tests_CPPFLAGS += -DVALGRIND noinst_PROGRAMS += valgrind_ctime_test valgrind_ctime_test_SOURCES = src/valgrind_ctime_test.c valgrind_ctime_test_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) endif if !ENABLE_COVERAGE -tests_CPPFLAGS += -DVERIFY -endif -tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) -tests_LDFLAGS = -static TESTS += tests +noinst_PROGRAMS += tests +tests_SOURCES = $(noverify_tests_SOURCES) +tests_CPPFLAGS = $(noverify_tests_CPPFLAGS) -DVERIFY +tests_LDADD = $(noverify_tests_LDADD) +tests_LDFLAGS = $(noverify_tests_LDFLAGS) +endif endif if USE_EXHAUSTIVE_TESTS noinst_PROGRAMS += exhaustive_tests exhaustive_tests_SOURCES = src/tests_exhaustive.c -exhaustive_tests_CPPFLAGS = $(SECP_INCLUDES) +exhaustive_tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) if !ENABLE_COVERAGE exhaustive_tests_CPPFLAGS += -DVERIFY endif @@ -197,11 +203,11 @@ EXTRA_PROGRAMS = precompute_ecmult precompute_ecmult_gen CLEANFILES = $(EXTRA_PROGRAMS) precompute_ecmult_SOURCES = src/precompute_ecmult.c -precompute_ecmult_CPPFLAGS = $(SECP_INCLUDES) +precompute_ecmult_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) precompute_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) precompute_ecmult_gen_SOURCES = src/precompute_ecmult_gen.c -precompute_ecmult_gen_CPPFLAGS = $(SECP_INCLUDES) +precompute_ecmult_gen_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) precompute_ecmult_gen_LDADD = $(SECP_LIBS) $(COMMON_LIB) # See Automake manual, Section "Errors with distclean". diff --git a/build-aux/m4/bitcoin_secp.m4 b/build-aux/m4/bitcoin_secp.m4 index 98be915b..624f5e95 100644 --- a/build-aux/m4/bitcoin_secp.m4 +++ b/build-aux/m4/bitcoin_secp.m4 @@ -20,7 +20,7 @@ if test x"$has_valgrind" != x"yes"; then #if defined(NVALGRIND) # error "Valgrind does not support this platform." #endif - ]])], [has_valgrind=yes; AC_DEFINE(HAVE_VALGRIND,1,[Define this symbol if valgrind is installed, and it supports the host platform])]) + ]])], [has_valgrind=yes]) fi AC_MSG_RESULT($has_valgrind) ]) diff --git a/ci/cirrus.sh b/ci/cirrus.sh index 413fb140..7da586e8 100755 --- a/ci/cirrus.sh +++ b/ci/cirrus.sh @@ -1,7 +1,6 @@ #!/bin/sh -set -e -set -x +set -eux export LC_ALL=C @@ -11,15 +10,21 @@ print_environment() { set +x # There are many ways to print variable names and their content. This one # does not rely on bash. - for i in WERROR_CFLAGS MAKEFLAGS BUILD \ + for var in WERROR_CFLAGS MAKEFLAGS BUILD \ ECMULTWINDOW ECMULTGENPRECISION ASM WIDEMUL WITH_VALGRIND EXTRAFLAGS \ EXPERIMENTAL ECDH RECOVERY SCHNORRSIG \ ECDSA_S2C GENERATOR RANGEPROOF WHITELIST MUSIG ECDSAADAPTOR BPPP \ SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETEST\ EXAMPLES \ - WRAPPER_CMD CC AR NM HOST + HOST WRAPPER_CMD \ + CC CFLAGS CPPFLAGS AR NM do - eval 'printf "%s %s " "$i=\"${'"$i"'}\""' + eval "isset=\${$var+x}" + if [ -n "$isset" ]; then + eval "val=\${$var}" + # shellcheck disable=SC2154 + printf '%s="%s" ' "$var" "$val" + fi done echo "$0" set -x @@ -37,7 +42,7 @@ esac env >> test_env.log -if [ -n "$CC" ]; then +if [ -n "${CC+x}" ]; then # The MSVC compiler "cl" doesn't understand "-v" $CC -v || true fi diff --git a/configure.ac b/configure.ac index 542a7f45..03a047f1 100644 --- a/configure.ac +++ b/configure.ac @@ -273,7 +273,7 @@ fi AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"]) if test x"$enable_coverage" = x"yes"; then - AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOVERAGE=1" SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS" LDFLAGS="--coverage $LDFLAGS" else @@ -285,13 +285,13 @@ fi AC_MSG_CHECKING([for __builtin_popcount]) AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])], - [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ], + [ AC_MSG_RESULT([yes]); SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DHAVE_BUILTIN_POPCOUNT=1"], [ AC_MSG_RESULT([no]) ]) AC_MSG_CHECKING([for __builtin_clzll]) AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])], - [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if __builtin_clzll is available]) ], + [ AC_MSG_RESULT([yes]); SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DHAVE_BUILTIN_CLZLL=1"], [ AC_MSG_RESULT([no]) ]) @@ -327,7 +327,7 @@ enable_external_asm=no case $set_asm in x86_64) - AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_ASM_X86_64=1" ;; arm) enable_external_asm=yes @@ -340,20 +340,20 @@ no) esac if test x"$enable_external_asm" = x"yes"; then - AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_ASM=1" fi # Select wide multiplication implementation case $set_widemul in int128_struct) - AC_DEFINE(USE_FORCE_WIDEMUL_INT128_STRUCT, 1, [Define this symbol to force the use of the structure for simulating (unsigned) int128 based wide multiplication]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128_STRUCT=1" ;; int128) - AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128=1" ;; int64) - AC_DEFINE(USE_FORCE_WIDEMUL_INT64, 1, [Define this symbol to force the use of the (u)int64_t based wide multiplication implementation]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT64=1" ;; auto) ;; @@ -380,7 +380,7 @@ case $set_ecmult_window in # not in range AC_MSG_ERROR($error_window_size) fi - AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DECMULT_WINDOW_SIZE=$set_ecmult_window" ;; esac @@ -393,7 +393,7 @@ fi case $set_ecmult_gen_precision in 2|4|8) - AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DECMULT_GEN_PREC_BITS=$set_ecmult_gen_precision" ;; *) AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) @@ -418,65 +418,65 @@ SECP_CFLAGS="$SECP_CFLAGS $WERROR_CFLAGS" # tested first. if test x"$enable_module_ecdh" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1" fi if test x"$enable_module_musig" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_MUSIG, 1, [Define this symbol to enable the MuSig module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_MUSIG=1" enable_module_schnorrsig=yes fi if test x"$enable_module_recovery" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RECOVERY=1" fi if test x"$enable_module_whitelist" = x"yes"; then + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_WHITELIST=1" enable_module_rangeproof=yes - AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module]) fi if test x"$enable_module_surjectionproof" = x"yes"; then + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SURJECTIONPROOF=1" enable_module_rangeproof=yes - AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module]) fi if test x"$enable_module_rangeproof" = x"yes"; then + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RANGEPROOF=1" enable_module_generator=yes - AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module]) fi if test x"$enable_module_bppp" = x"yes"; then + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_BPPP=1" enable_module_generator=yes - AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module]) fi if test x"$enable_module_generator" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_GENERATOR=1" fi if test x"$enable_module_schnorrsig" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SCHNORRSIG=1" enable_module_extrakeys=yes fi if test x"$enable_module_extrakeys" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_EXTRAKEYS=1" fi if test x"$enable_module_ecdsa_s2c" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_ECDSA_S2C, 1, [Define this symbol to enable the ECDSA sign-to-contract module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDSA_S2C=1" fi if test x"$enable_external_default_callbacks" = x"yes"; then - AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1" fi if test x"$use_reduced_surjection_proof_size" = x"yes"; then - AC_DEFINE(USE_REDUCED_SURJECTION_PROOF_SIZE, 1, [Define this symbol to reduce SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS to 16, disabling parsing and verification]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_REDUCED_SURJECTION_PROOF_SIZE=1" fi if test x"$enable_module_ecdsa_adaptor" = x"yes"; then - AC_DEFINE(ENABLE_MODULE_ECDSA_ADAPTOR, 1, [Define this symbol to enable the ECDSA adaptor module]) + SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDSA_ADAPTOR=1" fi ### @@ -526,13 +526,13 @@ fi ### Generate output ### -AC_CONFIG_HEADERS([src/libsecp256k1-config.h]) AC_CONFIG_FILES([Makefile libsecp256k1.pc]) AC_SUBST(SECP_INCLUDES) AC_SUBST(SECP_LIBS) AC_SUBST(SECP_TEST_LIBS) AC_SUBST(SECP_TEST_INCLUDES) AC_SUBST(SECP_CFLAGS) +AC_SUBST(SECP_CONFIG_DEFINES) AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"]) AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"]) diff --git a/doc/release-process.md b/doc/release-process.md index 91e36169..b522f896 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -23,7 +23,7 @@ This process also assumes that there will be no minor releases for old major rel git tag -s v$MAJOR.$MINOR.$PATCH -m "libsecp256k1 $MAJOR.$MINOR.$PATCH" $RELEASE_COMMIT git push git@github.com:bitcoin-core/secp256k1.git v$MAJOR.$MINOR.$PATCH ``` -3. Open a PR to the master branch with a commit (using message `"release: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that sets `_PKG_VERSION_IS_RELEASE` to `false` and `_PKG_VERSION_PATCH` to `$PATCH + 1` and increases `_LIB_VERSION_REVISION`. If other maintainers are not present to approve the PR, it can be merged without ACKs. +3. Open a PR to the master branch with a commit (using message `"release cleanup: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that sets `_PKG_VERSION_IS_RELEASE` to `false` and `_PKG_VERSION_PATCH` to `$PATCH + 1` and increases `_LIB_VERSION_REVISION`. If other maintainers are not present to approve the PR, it can be merged without ACKs. 4. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md). ## Maintenance release diff --git a/include/secp256k1.h b/include/secp256k1.h index 826ab758..3d169ecc 100644 --- a/include/secp256k1.h +++ b/include/secp256k1.h @@ -849,7 +849,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( * kind of elliptic curve point multiplication and thus does not benefit from * enhanced protection against side-channel leakage currently. * - * It is safe call this function on a copy of secp256k1_context_static in writable + * It is safe to call this function on a copy of secp256k1_context_static in writable * memory (e.g., obtained via secp256k1_context_clone). In that case, this * function is guaranteed to return 1, but the call will have no effect because * the static context (or a copy thereof) is not meant to be randomized. diff --git a/src/field.h b/src/field.h index ab661750..55678279 100644 --- a/src/field.h +++ b/src/field.h @@ -18,10 +18,6 @@ * imply normality. */ -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include "util.h" #if defined(SECP256K1_WIDEMUL_INT128) diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index dc0467db..f476e919 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_FIELD_REPR_IMPL_H #define SECP256K1_FIELD_REPR_IMPL_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include "util.h" #include "field.h" #include "modinv64_impl.h" diff --git a/src/field_impl.h b/src/field_impl.h index f1bdffd3..c6bc2283 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_FIELD_IMPL_H #define SECP256K1_FIELD_IMPL_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include "util.h" #if defined(SECP256K1_WIDEMUL_INT128) diff --git a/src/int128.h b/src/int128.h index 84d969a2..8c1c061a 100644 --- a/src/int128.h +++ b/src/int128.h @@ -66,7 +66,12 @@ static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, */ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int b); -/* Return the low 64-bits of a 128-bit value interpreted as an signed 64-bit value. */ +/* Return the input value modulo 2^64. */ +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a); + +/* Return the value as a signed 64-bit value. + * Requires the input to be between INT64_MIN and INT64_MAX. + */ static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a); /* Write a signed 64-bit value to r. */ diff --git a/src/int128_native_impl.h b/src/int128_native_impl.h index e4b7f410..30c26f2d 100644 --- a/src/int128_native_impl.h +++ b/src/int128_native_impl.h @@ -67,7 +67,12 @@ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned *r >>= n; } +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { + return (uint64_t)*a; +} + static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { + VERIFY_CHECK(INT64_MIN <= *a && *a <= INT64_MAX); return *a; } diff --git a/src/int128_struct_impl.h b/src/int128_struct_impl.h index b5f8fb7b..298a7bb1 100644 --- a/src/int128_struct_impl.h +++ b/src/int128_struct_impl.h @@ -170,8 +170,14 @@ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned } } +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { + return a->lo; +} + static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { - return (int64_t)a->lo; + /* Verify that a represents a 64 bit signed value by checking that the high bits are a sign extension of the low bits. */ + VERIFY_CHECK(a->hi == -(a->lo >> 63)); + return (int64_t)secp256k1_i128_to_u64(a); } static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a) { diff --git a/src/modinv32.h b/src/modinv32.h index 0efdda9a..d1e6e23c 100644 --- a/src/modinv32.h +++ b/src/modinv32.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_MODINV32_H #define SECP256K1_MODINV32_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include "util.h" /* A signed 30-bit limb representation of integers. diff --git a/src/modinv64.h b/src/modinv64.h index da506dfa..1d69f14f 100644 --- a/src/modinv64.h +++ b/src/modinv64.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_MODINV64_H #define SECP256K1_MODINV64_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include "util.h" #ifndef SECP256K1_WIDEMUL_INT128 diff --git a/src/modinv64_impl.h b/src/modinv64_impl.h index f17e0502..a8ce9e69 100644 --- a/src/modinv64_impl.h +++ b/src/modinv64_impl.h @@ -39,13 +39,13 @@ static const secp256k1_modinv64_signed62 SECP256K1_SIGNED62_ONE = {{1}}; /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^62). */ static void secp256k1_modinv64_mul_62(secp256k1_modinv64_signed62 *r, const secp256k1_modinv64_signed62 *a, int alen, int64_t factor) { - const int64_t M62 = (int64_t)(UINT64_MAX >> 2); + const uint64_t M62 = UINT64_MAX >> 2; secp256k1_int128 c, d; int i; secp256k1_i128_from_i64(&c, 0); for (i = 0; i < 4; ++i) { if (i < alen) secp256k1_i128_accum_mul(&c, a->v[i], factor); - r->v[i] = secp256k1_i128_to_i64(&c) & M62; secp256k1_i128_rshift(&c, 62); + r->v[i] = secp256k1_i128_to_u64(&c) & M62; secp256k1_i128_rshift(&c, 62); } if (4 < alen) secp256k1_i128_accum_mul(&c, a->v[4], factor); secp256k1_i128_from_i64(&d, secp256k1_i128_to_i64(&c)); @@ -317,7 +317,7 @@ static int64_t secp256k1_modinv64_divsteps_62_var(int64_t eta, uint64_t f0, uint * This implements the update_de function from the explanation. */ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp256k1_modinv64_signed62 *e, const secp256k1_modinv64_trans2x2 *t, const secp256k1_modinv64_modinfo* modinfo) { - const int64_t M62 = (int64_t)(UINT64_MAX >> 2); + const uint64_t M62 = UINT64_MAX >> 2; const int64_t d0 = d->v[0], d1 = d->v[1], d2 = d->v[2], d3 = d->v[3], d4 = d->v[4]; const int64_t e0 = e->v[0], e1 = e->v[1], e2 = e->v[2], e3 = e->v[3], e4 = e->v[4]; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; @@ -330,8 +330,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0); /* e < modulus */ VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) >= 0); /* |u|+|v| doesn't overflow */ VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) >= 0); /* |q|+|r| doesn't overflow */ - VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) <= M62 + 1); /* |u|+|v| <= 2^62 */ - VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) <= M62 + 1); /* |q|+|r| <= 2^62 */ + VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) <= (int64_t)1 << 62); /* |u|+|v| <= 2^62 */ + VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) <= (int64_t)1 << 62); /* |q|+|r| <= 2^62 */ #endif /* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */ sd = d4 >> 63; @@ -344,14 +344,14 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp secp256k1_i128_mul(&ce, q, d0); secp256k1_i128_accum_mul(&ce, r, e0); /* Correct md,me so that t*[d,e]+modulus*[md,me] has 62 zero bottom bits. */ - md -= (modinfo->modulus_inv62 * (uint64_t)secp256k1_i128_to_i64(&cd) + md) & M62; - me -= (modinfo->modulus_inv62 * (uint64_t)secp256k1_i128_to_i64(&ce) + me) & M62; + md -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&cd) + md) & M62; + me -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&ce) + me) & M62; /* Update the beginning of computation for t*[d,e]+modulus*[md,me] now md,me are known. */ secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[0], md); secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[0], me); /* Verify that the low 62 bits of the computation are indeed zero, and then throw them away. */ - VERIFY_CHECK((secp256k1_i128_to_i64(&cd) & M62) == 0); secp256k1_i128_rshift(&cd, 62); - VERIFY_CHECK((secp256k1_i128_to_i64(&ce) & M62) == 0); secp256k1_i128_rshift(&ce, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cd) & M62) == 0); secp256k1_i128_rshift(&cd, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&ce) & M62) == 0); secp256k1_i128_rshift(&ce, 62); /* Compute limb 1 of t*[d,e]+modulus*[md,me], and store it as output limb 0 (= down shift). */ secp256k1_i128_accum_mul(&cd, u, d1); secp256k1_i128_accum_mul(&cd, v, e1); @@ -361,8 +361,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[1], md); secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[1], me); } - d->v[0] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); - e->v[0] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); + d->v[0] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[0] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 2 of t*[d,e]+modulus*[md,me], and store it as output limb 1. */ secp256k1_i128_accum_mul(&cd, u, d2); secp256k1_i128_accum_mul(&cd, v, e2); @@ -372,8 +372,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[2], md); secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[2], me); } - d->v[1] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); - e->v[1] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); + d->v[1] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[1] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 3 of t*[d,e]+modulus*[md,me], and store it as output limb 2. */ secp256k1_i128_accum_mul(&cd, u, d3); secp256k1_i128_accum_mul(&cd, v, e3); @@ -383,8 +383,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[3], md); secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[3], me); } - d->v[2] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); - e->v[2] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); + d->v[2] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[2] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 4 of t*[d,e]+modulus*[md,me], and store it as output limb 3. */ secp256k1_i128_accum_mul(&cd, u, d4); secp256k1_i128_accum_mul(&cd, v, e4); @@ -392,8 +392,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp secp256k1_i128_accum_mul(&ce, r, e4); secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[4], md); secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[4], me); - d->v[3] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); - e->v[3] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); + d->v[3] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[3] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* What remains is limb 5 of t*[d,e]+modulus*[md,me]; store it as output limb 4. */ d->v[4] = secp256k1_i128_to_i64(&cd); e->v[4] = secp256k1_i128_to_i64(&ce); @@ -410,7 +410,7 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp * This implements the update_fg function from the explanation. */ static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { - const int64_t M62 = (int64_t)(UINT64_MAX >> 2); + const uint64_t M62 = UINT64_MAX >> 2; const int64_t f0 = f->v[0], f1 = f->v[1], f2 = f->v[2], f3 = f->v[3], f4 = f->v[4]; const int64_t g0 = g->v[0], g1 = g->v[1], g2 = g->v[2], g3 = g->v[3], g4 = g->v[4]; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; @@ -421,36 +421,36 @@ static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp secp256k1_i128_mul(&cg, q, f0); secp256k1_i128_accum_mul(&cg, r, g0); /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ - VERIFY_CHECK((secp256k1_i128_to_i64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); - VERIFY_CHECK((secp256k1_i128_to_i64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); /* Compute limb 1 of t*[f,g], and store it as output limb 0 (= down shift). */ secp256k1_i128_accum_mul(&cf, u, f1); secp256k1_i128_accum_mul(&cf, v, g1); secp256k1_i128_accum_mul(&cg, q, f1); secp256k1_i128_accum_mul(&cg, r, g1); - f->v[0] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); - g->v[0] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); + f->v[0] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[0] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 2 of t*[f,g], and store it as output limb 1. */ secp256k1_i128_accum_mul(&cf, u, f2); secp256k1_i128_accum_mul(&cf, v, g2); secp256k1_i128_accum_mul(&cg, q, f2); secp256k1_i128_accum_mul(&cg, r, g2); - f->v[1] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); - g->v[1] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); + f->v[1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 3 of t*[f,g], and store it as output limb 2. */ secp256k1_i128_accum_mul(&cf, u, f3); secp256k1_i128_accum_mul(&cf, v, g3); secp256k1_i128_accum_mul(&cg, q, f3); secp256k1_i128_accum_mul(&cg, r, g3); - f->v[2] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); - g->v[2] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); + f->v[2] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[2] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 4 of t*[f,g], and store it as output limb 3. */ secp256k1_i128_accum_mul(&cf, u, f4); secp256k1_i128_accum_mul(&cf, v, g4); secp256k1_i128_accum_mul(&cg, q, f4); secp256k1_i128_accum_mul(&cg, r, g4); - f->v[3] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); - g->v[3] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); + f->v[3] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[3] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* What remains is limb 5 of t*[f,g]; store it as output limb 4. */ f->v[4] = secp256k1_i128_to_i64(&cf); g->v[4] = secp256k1_i128_to_i64(&cg); @@ -463,7 +463,7 @@ static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp * This implements the update_fg function from the explanation. */ static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { - const int64_t M62 = (int64_t)(UINT64_MAX >> 2); + const uint64_t M62 = UINT64_MAX >> 2; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; int64_t fi, gi; secp256k1_int128 cf, cg; @@ -477,8 +477,8 @@ static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_sign secp256k1_i128_mul(&cg, q, fi); secp256k1_i128_accum_mul(&cg, r, gi); /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ - VERIFY_CHECK((secp256k1_i128_to_i64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); - VERIFY_CHECK((secp256k1_i128_to_i64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); /* Now iteratively compute limb i=1..len of t*[f,g], and store them in output limb i-1 (shifting * down by 62 bits). */ for (i = 1; i < len; ++i) { @@ -488,8 +488,8 @@ static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_sign secp256k1_i128_accum_mul(&cf, v, gi); secp256k1_i128_accum_mul(&cg, q, fi); secp256k1_i128_accum_mul(&cg, r, gi); - f->v[i - 1] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); - g->v[i - 1] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); + f->v[i - 1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[i - 1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); } /* What remains is limb (len) of t*[f,g]; store it as output limb (len-1). */ f->v[len - 1] = secp256k1_i128_to_i64(&cf); diff --git a/src/modules/bppp/tests_impl.h b/src/modules/bppp/tests_impl.h index 2ccf6422..fab59e37 100644 --- a/src/modules/bppp/tests_impl.h +++ b/src/modules/bppp/tests_impl.h @@ -25,51 +25,51 @@ static void test_bppp_generators_api(void) { int32_t ecount = 0; /* The BP generator API requires no precomp */ - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); /* Create */ - gens = secp256k1_bppp_generators_create(ctx, 10); + gens = secp256k1_bppp_generators_create(CTX, 10); CHECK(gens != NULL && ecount == 0); gens_orig = gens; /* Preserve for round-trip test */ /* Serialize */ ecount = 0; - CHECK(!secp256k1_bppp_generators_serialize(ctx, NULL, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(CTX, NULL, gens_ser, &len)); CHECK(ecount == 1); - CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, NULL, &len)); + CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, NULL, &len)); CHECK(ecount == 2); - CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, NULL)); + CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, NULL)); CHECK(ecount == 3); len = 0; - CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); CHECK(ecount == 4); len = sizeof(gens_ser) - 1; - CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); CHECK(ecount == 5); len = sizeof(gens_ser); { /* Output buffer can be greater than minimum needed */ unsigned char gens_ser_tmp[331]; size_t len_tmp = sizeof(gens_ser_tmp); - CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser_tmp, &len_tmp)); + CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser_tmp, &len_tmp)); CHECK(len_tmp == sizeof(gens_ser_tmp) - 1); CHECK(ecount == 5); } /* Parse */ - CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); ecount = 0; - gens = secp256k1_bppp_generators_parse(ctx, NULL, sizeof(gens_ser)); + gens = secp256k1_bppp_generators_parse(CTX, NULL, sizeof(gens_ser)); CHECK(gens == NULL && ecount == 1); /* Not a multiple of 33 */ - gens = secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser) - 1); + gens = secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser) - 1); CHECK(gens == NULL && ecount == 1); - gens = secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser)); + gens = secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser)); CHECK(gens != NULL && ecount == 1); /* Not valid generators */ memset(gens_ser, 1, sizeof(gens_ser)); - CHECK(secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser)) == NULL); + CHECK(secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser)) == NULL); CHECK(ecount == 1); /* Check that round-trip succeeded */ @@ -80,14 +80,17 @@ static void test_bppp_generators_api(void) { /* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */ ecount = 0; - secp256k1_bppp_generators_destroy(ctx, NULL); - secp256k1_bppp_generators_destroy(ctx, gens); - secp256k1_bppp_generators_destroy(ctx, gens_orig); + secp256k1_bppp_generators_destroy(CTX, NULL); + secp256k1_bppp_generators_destroy(CTX, gens); + secp256k1_bppp_generators_destroy(CTX, gens_orig); CHECK(ecount == 0); + + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } static void test_bppp_generators_fixed(void) { - secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, 3); + secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(CTX, 3); unsigned char gens_ser[330]; const unsigned char fixed_first_3[99] = { 0x0b, @@ -109,14 +112,14 @@ static void test_bppp_generators_fixed(void) { size_t len; len = 99; - CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); len = sizeof(gens_ser); - CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); + CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); - secp256k1_bppp_generators_destroy(ctx, gens); + secp256k1_bppp_generators_destroy(CTX, gens); } static void test_bppp_tagged_hash(void) { @@ -224,19 +227,19 @@ void test_serialize_two_points(void) { secp256k1_ge X, R; int i; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { random_group_element_test(&X); random_group_element_test(&R); test_serialize_two_points_roundtrip(&X, &R); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { random_group_element_test(&X); secp256k1_ge_set_infinity(&R); test_serialize_two_points_roundtrip(&X, &R); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_ge_set_infinity(&X); random_group_element_test(&R); test_serialize_two_points_roundtrip(&X, &R); @@ -258,7 +261,7 @@ void test_serialize_two_points(void) { CHECK(!secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 0)); } /* Check that sign bit is 0 for point at infinity */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_ge X_tmp, R_tmp; unsigned char buf[65]; int expect; @@ -333,10 +336,10 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch, const secp256k1_ge *gens_vec, size_t g_len, size_t h_len) { - *ns = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, g_len * sizeof(secp256k1_scalar)); - *ls = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); - *cs = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); - *gs = (secp256k1_ge*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, (g_len + h_len) * sizeof(secp256k1_ge)); + *ns = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, g_len * sizeof(secp256k1_scalar)); + *ls = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); + *cs = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); + *gs = (secp256k1_ge*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, (g_len + h_len) * sizeof(secp256k1_ge)); CHECK(ns != NULL && ls != NULL && cs != NULL && gs != NULL); memcpy(*ns, n_vec, g_len * sizeof(secp256k1_scalar)); memcpy(*ls, l_vec, h_len * sizeof(secp256k1_scalar)); @@ -366,10 +369,10 @@ static int secp256k1_bppp_rangeproof_norm_product_prove_const( size_t g_len = n_vec_len, h_len = l_vec_len; int res; - scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); + scratch_checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, g_vec, g_len, h_len); res = secp256k1_bppp_rangeproof_norm_product_prove( - ctx, + CTX, scratch, proof, proof_len, @@ -384,7 +387,7 @@ static int secp256k1_bppp_rangeproof_norm_product_prove_const( cs, c_vec_len ); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, scratch_checkpoint); return res; } @@ -434,7 +437,7 @@ static int secp256k1_norm_arg_verify( secp256k1_norm_arg_commit_initial_data(&transcript, rho, gens_vec, g_len, c_vec, c_vec_len, &comm); res = secp256k1_bppp_rangeproof_norm_product_verify( - ctx, + CTX, scratch, proof, proof_len, @@ -454,11 +457,11 @@ void norm_arg_verify_zero_len(void) { secp256k1_scalar n_vec[64], l_vec[64], c_vec[64]; secp256k1_scalar rho, mu; secp256k1_ge commit; - secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*10); /* shouldn't need much */ + secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*10); /* shouldn't need much */ unsigned char proof[1000]; unsigned int n_vec_len = 1; unsigned int c_vec_len = 1; - secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len); + secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(CTX, n_vec_len + c_vec_len); size_t plen = sizeof(proof); random_scalar_order(&rho); @@ -467,14 +470,14 @@ void norm_arg_verify_zero_len(void) { random_scalar_order(&n_vec[0]); random_scalar_order(&c_vec[0]); random_scalar_order(&l_vec[0]); - CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); + CHECK(secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); CHECK(secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit)); CHECK(secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, 0, &commit)); - secp256k1_bppp_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(CTX, gs); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } void norm_arg_test(unsigned int n, unsigned int m) { @@ -483,8 +486,8 @@ void norm_arg_test(unsigned int n, unsigned int m) { secp256k1_ge commit; size_t i, plen; int res; - secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n + m); - secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ + secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(CTX, n + m); + secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ unsigned char proof[1000]; plen = 1000; random_scalar_order(&rho); @@ -499,7 +502,7 @@ void norm_arg_test(unsigned int n, unsigned int m) { random_scalar_order(&c_vec[i]); } - res = secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &mu); + res = secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &mu); CHECK(res == 1); res = secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n, l_vec, m, c_vec, m, &commit); CHECK(res == 1); @@ -515,8 +518,8 @@ void norm_arg_test(unsigned int n, unsigned int m) { res = secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n, c_vec, m, &commit); CHECK(res == 0); - secp256k1_scratch_space_destroy(ctx, scratch); - secp256k1_bppp_generators_destroy(ctx, gs); + secp256k1_scratch_space_destroy(CTX, scratch); + secp256k1_bppp_generators_destroy(CTX, gs); } /* Parses generators from points compressed as pubkeys */ @@ -524,19 +527,16 @@ secp256k1_bppp_generators* bppp_generators_parse_regular(const unsigned char* da size_t n = data_len / 33; secp256k1_bppp_generators* ret; - VERIFY_CHECK(ctx != NULL); - ARG_CHECK(data != NULL); - if (data_len % 33 != 0) { return NULL; } - ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); + ret = (secp256k1_bppp_generators *)checked_malloc(&CTX->error_callback, sizeof(*ret)); if (ret == NULL) { return NULL; } ret->n = n; - ret->gens = (secp256k1_ge*)checked_malloc(&ctx->error_callback, n * sizeof(*ret->gens)); + ret->gens = (secp256k1_ge*)checked_malloc(&CTX->error_callback, n * sizeof(*ret->gens)); if (ret->gens == NULL) { free(ret); return NULL; @@ -572,16 +572,16 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch CHECK(!overflow); } CHECK(secp256k1_ge_parse_ext(&commit, commit33)); - ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit); + ret = secp256k1_bppp_rangeproof_norm_product_verify(CTX, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit); - secp256k1_bppp_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(CTX, gs); return ret; } #define IDX_TO_TEST(i) (norm_arg_verify_vectors_helper(scratch, verify_vector_gens, verify_vector_##i##_proof, sizeof(verify_vector_##i##_proof), verify_vector_##i##_r32, verify_vector_##i##_n_vec_len, verify_vector_##i##_c_vec32, verify_vector_##i##_c_vec, sizeof(verify_vector_##i##_c_vec)/sizeof(secp256k1_scalar), verify_vector_##i##_commit33) == verify_vector_##i##_result) void norm_arg_verify_vectors(void) { - secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ + secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ size_t alloc = scratch->alloc_size; CHECK(IDX_TO_TEST(0)); @@ -599,7 +599,7 @@ void norm_arg_verify_vectors(void) { CHECK(IDX_TO_TEST(12)); CHECK(alloc == scratch->alloc_size); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } #undef IDX_TO_TEST @@ -632,16 +632,16 @@ void norm_arg_prove_vectors_helper(secp256k1_scratch *scratch, const unsigned ch CHECK(secp256k1_bppp_rangeproof_norm_product_prove_const(scratch, myproof, &myplen, &transcript, &rho, gs->gens, gs->n, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len) == result); if (!result) { - secp256k1_bppp_generators_destroy(ctx, gs); + secp256k1_bppp_generators_destroy(CTX, gs); return; } CHECK(plen == myplen); CHECK(secp256k1_memcmp_var(proof, myproof, plen) == 0); - CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); + CHECK(secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); secp256k1_sha256_initialize(&transcript); - CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); - secp256k1_bppp_generators_destroy(ctx, gs); + CHECK(secp256k1_bppp_rangeproof_norm_product_verify(CTX, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); + secp256k1_bppp_generators_destroy(CTX, gs); } @@ -652,7 +652,7 @@ void norm_arg_prove_vectors_helper(secp256k1_scratch *scratch, const unsigned ch prove_vector_##i##_result)) void norm_arg_prove_vectors(void) { - secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ + secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ size_t alloc = scratch->alloc_size; IDX_TO_TEST(0); @@ -662,7 +662,7 @@ void norm_arg_prove_vectors(void) { IDX_TO_TEST(4); CHECK(alloc == scratch->alloc_size); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } #undef IDX_TO_TEST diff --git a/src/modules/ecdh/tests_impl.h b/src/modules/ecdh/tests_impl.h index ce644d57..deacc131 100644 --- a/src/modules/ecdh/tests_impl.h +++ b/src/modules/ecdh/tests_impl.h @@ -60,7 +60,7 @@ void test_ecdh_generator_basepoint(void) { s_one[31] = 1; /* Check against pubkey creation when the basepoint is the generator */ - for (i = 0; i < 2 * count; ++i) { + for (i = 0; i < 2 * COUNT; ++i) { secp256k1_sha256 sha; unsigned char s_b32[32]; unsigned char output_ecdh[65]; @@ -72,20 +72,20 @@ void test_ecdh_generator_basepoint(void) { random_scalar_order(&s); secp256k1_scalar_get_b32(s_b32, &s); - CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point[0], s_one) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point[1], s_b32) == 1); /* compute using ECDH function with custom hash function */ - CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); /* compute "explicitly" */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); /* compare */ CHECK(secp256k1_memcmp_var(output_ecdh, point_ser, 65) == 0); /* compute using ECDH function with default hash function */ - CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); /* compute "explicitly" */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); secp256k1_sha256_initialize(&sha); secp256k1_sha256_write(&sha, point_ser, point_ser_len); secp256k1_sha256_finalize(&sha, output_ser); @@ -110,17 +110,17 @@ void test_bad_scalar(void) { /* Create random point */ random_scalar_order(&rand); secp256k1_scalar_get_b32(s_rand, &rand); - CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_rand) == 1); /* Try to multiply it by bad values */ - CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); + CHECK(secp256k1_ecdh(CTX, output, &point, s_zero, NULL, NULL) == 0); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 0); /* ...and a good one */ s_overflow[31] -= 1; - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 1); /* Hash function failure results in ecdh failure */ - CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); } /** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */ @@ -136,21 +136,21 @@ void test_result_basepoint(void) { unsigned char s_one[32] = { 0 }; s_one[31] = 1; - CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_one) == 1); - CHECK(secp256k1_ecdh(ctx, out_base, &point, s_one, NULL, NULL) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_one) == 1); + CHECK(secp256k1_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1); - for (i = 0; i < 2 * count; i++) { + for (i = 0; i < 2 * COUNT; i++) { random_scalar_order(&rand); secp256k1_scalar_get_b32(s, &rand); secp256k1_scalar_inverse(&rand, &rand); secp256k1_scalar_get_b32(s_inv, &rand); - CHECK(secp256k1_ec_pubkey_create(ctx, &point, s) == 1); - CHECK(secp256k1_ecdh(ctx, out, &point, s_inv, NULL, NULL) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s) == 1); + CHECK(secp256k1_ecdh(CTX, out, &point, s_inv, NULL, NULL) == 1); CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0); - CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_inv) == 1); - CHECK(secp256k1_ecdh(ctx, out_inv, &point, s, NULL, NULL) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_inv) == 1); + CHECK(secp256k1_ecdh(CTX, out_inv, &point, s, NULL, NULL) == 1); CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0); } } diff --git a/src/modules/ecdsa_adaptor/tests_impl.h b/src/modules/ecdsa_adaptor/tests_impl.h index c85fe4e8..b0fd7552 100644 --- a/src/modules/ecdsa_adaptor/tests_impl.h +++ b/src/modules/ecdsa_adaptor/tests_impl.h @@ -14,7 +14,7 @@ void rand_point(secp256k1_ge *point) { secp256k1_gej pointj; rand_scalar(&x); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pointj, &x); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pointj, &x); secp256k1_ge_set_gej(point, &pointj); } @@ -41,8 +41,8 @@ void dleq_tests(void) { rand_point(&gen2); rand_scalar(&sk); - secp256k1_dleq_pair(&ctx->ecmult_gen_ctx, &p1, &p2, &sk, &gen2); - CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p1, &p2, NULL, NULL) == 1); + secp256k1_dleq_pair(&CTX->ecmult_gen_ctx, &p1, &p2, &sk, &gen2); + CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p1, &p2, NULL, NULL) == 1); CHECK(secp256k1_dleq_verify(&s, &e, &p1, &gen2, &p2) == 1); { @@ -61,9 +61,9 @@ void dleq_tests(void) { { secp256k1_ge p_inf; secp256k1_ge_set_infinity(&p_inf); - CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &p_inf, &p1, &p2, NULL, NULL) == 0); - CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p_inf, &p2, NULL, NULL) == 0); - CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p1, &p_inf, NULL, NULL) == 0); + CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &p_inf, &p1, &p2, NULL, NULL) == 0); + CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p_inf, &p2, NULL, NULL) == 0); + CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p1, &p_inf, NULL, NULL) == 0); } /* Nonce tests */ @@ -85,7 +85,7 @@ void dleq_tests(void) { args[2] = p1_33; args[3] = p2_33; args[4] = aux_rand; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { dleq_nonce_bitflip(args, 0, sizeof(sk32)); dleq_nonce_bitflip(args, 1, sizeof(gen2_33)); dleq_nonce_bitflip(args, 2, sizeof(p1_33)); @@ -117,7 +117,7 @@ void test_ecdsa_adaptor_spec_vectors_check_verify(const unsigned char *adaptor_s CHECK(secp256k1_eckey_pubkey_parse(&pubkey_ge, pubkey33, 33) == 1); secp256k1_pubkey_save(&pubkey, &pubkey_ge); - CHECK(expected == secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig162, &pubkey, msg32, &encryption_key)); + CHECK(expected == secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig162, &pubkey, msg32, &encryption_key)); } /* Helper function for test_ecdsa_adaptor_spec_vectors @@ -126,8 +126,8 @@ void test_ecdsa_adaptor_spec_vectors_check_decrypt(const unsigned char *adaptor_ unsigned char signature[64]; secp256k1_ecdsa_signature s; - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &s, decryption_key32, adaptor_sig162) == 1); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &s) == 1); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &s, decryption_key32, adaptor_sig162) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, &s) == 1); CHECK(expected == !(secp256k1_memcmp_var(signature, signature64, 64))); } @@ -143,8 +143,8 @@ void test_ecdsa_adaptor_spec_vectors_check_recover(const unsigned char *adaptor_ CHECK(secp256k1_eckey_pubkey_parse(&encryption_key_ge, encryption_key33, 33) == 1); secp256k1_pubkey_save(&encryption_key, &encryption_key_ge); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature64) == 1); - CHECK(expected == secp256k1_ecdsa_adaptor_recover(ctx, deckey32, &sig, adaptor_sig162, &encryption_key)); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature64) == 1); + CHECK(expected == secp256k1_ecdsa_adaptor_recover(CTX, deckey32, &sig, adaptor_sig162, &encryption_key)); if (decryption_key32 != NULL) { CHECK(expected == !(secp256k1_memcmp_var(deckey32, decryption_key32, 32))); } @@ -777,7 +777,7 @@ void run_nonce_function_ecdsa_adaptor_tests(void) { args[2] = pk; args[3] = algo; args[4] = aux_rand; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { nonce_function_ecdsa_adaptor_bitflip(args, 0, sizeof(msg), algolen); nonce_function_ecdsa_adaptor_bitflip(args, 1, sizeof(key), algolen); nonce_function_ecdsa_adaptor_bitflip(args, 2, sizeof(pk), algolen); @@ -800,7 +800,7 @@ void run_nonce_function_ecdsa_adaptor_tests(void) { CHECK(nonce_function_ecdsa_adaptor(nonce, msg, key, pk, dleq_algo, sizeof(dleq_algo), NULL) == 1); /* Different algolen gives different nonce */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { unsigned char nonce2[32]; uint32_t offset = secp256k1_testrand_int(algolen - 1); size_t algolen_tmp = (algolen + offset) % algolen; @@ -824,83 +824,85 @@ void test_ecdsa_adaptor_api(void) { unsigned char deckey[32]; /** setup **/ - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); int ecount; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); secp256k1_testrand256(sk); secp256k1_testrand256(msg); secp256k1_testrand256(deckey); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, sk) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &enckey, deckey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, sk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &enckey, deckey) == 1); memset(&zero_pk, 0, sizeof(zero_pk)); /** main test body **/ ecount = 0; - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, msg, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, msg, NULL, NULL) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_adaptor_encrypt(sttc, asig, sk, &enckey, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(STATIC_CTX, asig, sk, &enckey, msg, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, NULL, sk, &enckey, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, NULL, sk, &enckey, msg, NULL, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, NULL, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, NULL, NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, NULL, &enckey, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, NULL, &enckey, msg, NULL, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, NULL, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, NULL, msg, NULL, NULL) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &zero_pk, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &zero_pk, msg, NULL, NULL) == 0); CHECK(ecount == 6); ecount = 0; - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, msg, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, &enckey) == 1); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, msg, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, &enckey) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, NULL, &pubkey, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, NULL, &pubkey, msg, &enckey) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, NULL, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, NULL, &enckey) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, NULL, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, NULL, msg, &enckey) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &zero_pk, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &zero_pk, msg, &enckey) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, &zero_pk) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, &zero_pk) == 0); CHECK(ecount == 6); ecount = 0; - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, NULL, deckey, asig) == 0); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, NULL, deckey, asig) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, NULL, asig) == 0); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, NULL, asig) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, NULL) == 0); CHECK(ecount == 3); ecount = 0; - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, &enckey) == 1); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, &enckey) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_adaptor_recover(sttc, deckey, &sig, asig, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(STATIC_CTX, deckey, &sig, asig, &enckey) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, NULL, &sig, asig, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, NULL, &sig, asig, &enckey) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, NULL, asig, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, NULL, asig, &enckey) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, NULL, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, NULL, &enckey) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, NULL) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, &zero_pk) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, &zero_pk) == 0); CHECK(ecount == 6); - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } void adaptor_tests(void) { @@ -919,24 +921,24 @@ void adaptor_tests(void) { secp256k1_testrand256(msg); secp256k1_testrand256(deckey); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, seckey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &enckey, deckey) == 1); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, NULL, NULL) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, seckey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &enckey, deckey) == 1); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, NULL, NULL) == 1); { /* Test overflowing seckey */ memset(big, 0xFF, 32); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, big, &enckey, msg, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, big, &enckey, msg, NULL, NULL) == 0); CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); /* Test different nonce functions */ memset(adaptor_sig, 1, sizeof(adaptor_sig)); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_failing, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_failing, NULL) == 0); CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); memset(&adaptor_sig, 1, sizeof(adaptor_sig)); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_0, NULL) == 0); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_0, NULL) == 0); CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_overflowing, NULL) == 1); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_overflowing, NULL) == 1); CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) != 0); } { @@ -1008,14 +1010,14 @@ void adaptor_tests(void) { } /* Test adaptor_sig_verify */ - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg, &enckey) == 1); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &enckey, msg, &enckey) == 0); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg, &pubkey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg, &enckey) == 1); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &enckey, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg, &pubkey) == 0); { /* Test failed adaptor sig deserialization */ unsigned char adaptor_sig_tmp[162]; memset(&adaptor_sig_tmp, 0xFF, 162); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); } { /* Test that any flipped bit in the adaptor signature will make @@ -1023,13 +1025,13 @@ void adaptor_tests(void) { unsigned char adaptor_sig_tmp[162]; memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); rand_flip_bit(&adaptor_sig_tmp[1], sizeof(adaptor_sig_tmp) - 1); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); } { unsigned char msg_tmp[32]; memcpy(msg_tmp, msg, sizeof(msg_tmp)); rand_flip_bit(msg_tmp, sizeof(msg_tmp)); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg_tmp, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg_tmp, &enckey) == 0); } { /* Verification must check that the derived R' is not equal to the point at @@ -1068,24 +1070,24 @@ void adaptor_tests(void) { /* X := G */ seckey_tmp[31] = 1; - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_tmp, seckey_tmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_tmp, seckey_tmp) == 1); /* sp := sigr */ memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); memcpy(&adaptor_sig_tmp[66], &adaptor_sig_tmp[1], 32); - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey_tmp, msg_tmp, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey_tmp, msg_tmp, &enckey) == 0); } /* Test decryption */ - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, adaptor_sig) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, adaptor_sig) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1); { /* Test overflowing decryption key */ secp256k1_ecdsa_signature s; memset(big, 0xFF, 32); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &s, big, adaptor_sig) == 0); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &s, big, adaptor_sig) == 0); CHECK(secp256k1_memcmp_var(&s.data[0], zeros64, sizeof(&s.data[0])) == 0); } { @@ -1093,13 +1095,13 @@ void adaptor_tests(void) { unsigned char decryption_key_tmp[32]; unsigned char adaptor_sig_tmp[162]; - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, decryption_key_tmp, &sig, adaptor_sig, &enckey) == 1); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, decryption_key_tmp, &sig, adaptor_sig, &enckey) == 1); CHECK(secp256k1_memcmp_var(deckey, decryption_key_tmp, sizeof(deckey)) == 0); /* Test failed sp deserialization */ memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); memset(&adaptor_sig_tmp[66], 0xFF, 32); - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, decryption_key_tmp, &sig, adaptor_sig_tmp, &enckey) == 0); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, decryption_key_tmp, &sig, adaptor_sig_tmp, &enckey) == 0); } } @@ -1123,13 +1125,13 @@ void multi_hop_lock_tests(void) { secp256k1_testrand256(seckey_a); secp256k1_testrand256(seckey_b); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_a, seckey_a)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_b, seckey_b)); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_a, seckey_a)); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_b, seckey_b)); /* Carol setup */ /* Proof of payment */ secp256k1_testrand256(pop); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_pop, pop)); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_pop, pop)); /* Alice setup */ secp256k1_testrand256(tx_ab); @@ -1137,39 +1139,39 @@ void multi_hop_lock_tests(void) { rand_scalar(&t2); secp256k1_scalar_add(&tp, &t1, &t2); /* Left lock */ - secp256k1_pubkey_load(ctx, &l_ge, &pubkey_pop); + secp256k1_pubkey_load(CTX, &l_ge, &pubkey_pop); CHECK(secp256k1_eckey_pubkey_tweak_add(&l_ge, &t1)); secp256k1_pubkey_save(&l, &l_ge); /* Right lock */ - secp256k1_pubkey_load(ctx, &r_ge, &pubkey_pop); + secp256k1_pubkey_load(CTX, &r_ge, &pubkey_pop); CHECK(secp256k1_eckey_pubkey_tweak_add(&r_ge, &tp)); secp256k1_pubkey_save(&r, &r_ge); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig_ab, seckey_a, &l, tx_ab, NULL, NULL)); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig_ab, seckey_a, &l, tx_ab, NULL, NULL)); /* Bob setup */ - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig_ab, &pubkey_a, tx_ab, &l)); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig_ab, &pubkey_a, tx_ab, &l)); secp256k1_testrand256(tx_bc); - CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig_bc, seckey_b, &r, tx_bc, NULL, NULL)); + CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig_bc, seckey_b, &r, tx_bc, NULL, NULL)); /* Carol decrypt */ - CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig_bc, &pubkey_b, tx_bc, &r)); + CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig_bc, &pubkey_b, tx_bc, &r)); secp256k1_scalar_set_b32(&deckey, pop, NULL); secp256k1_scalar_add(&deckey, &deckey, &tp); secp256k1_scalar_get_b32(buf, &deckey); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig_bc, buf, asig_bc)); - CHECK(secp256k1_ecdsa_verify(ctx, &sig_bc, tx_bc, &pubkey_b)); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig_bc, buf, asig_bc)); + CHECK(secp256k1_ecdsa_verify(CTX, &sig_bc, tx_bc, &pubkey_b)); /* Bob recover and decrypt */ - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, buf, &sig_bc, asig_bc, &r)); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, buf, &sig_bc, asig_bc, &r)); secp256k1_scalar_set_b32(&deckey, buf, NULL); secp256k1_scalar_negate(&t2, &t2); secp256k1_scalar_add(&deckey, &deckey, &t2); secp256k1_scalar_get_b32(buf, &deckey); - CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig_ab, buf, asig_ab)); - CHECK(secp256k1_ecdsa_verify(ctx, &sig_ab, tx_ab, &pubkey_a)); + CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig_ab, buf, asig_ab)); + CHECK(secp256k1_ecdsa_verify(CTX, &sig_ab, tx_ab, &pubkey_a)); /* Alice recover and derive proof of payment */ - CHECK(secp256k1_ecdsa_adaptor_recover(ctx, buf, &sig_ab, asig_ab, &l)); + CHECK(secp256k1_ecdsa_adaptor_recover(CTX, buf, &sig_ab, asig_ab, &l)); secp256k1_scalar_set_b32(&deckey, buf, NULL); secp256k1_scalar_negate(&t1, &t1); secp256k1_scalar_add(&deckey, &deckey, &t1); @@ -1183,13 +1185,13 @@ void run_ecdsa_adaptor_tests(void) { test_ecdsa_adaptor_api(); test_ecdsa_adaptor_spec_vectors(); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { dleq_tests(); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { adaptor_tests(); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { multi_hop_lock_tests(); } } diff --git a/src/modules/ecdsa_s2c/tests_impl.h b/src/modules/ecdsa_s2c/tests_impl.h index 357f89ae..b499d1a6 100644 --- a/src/modules/ecdsa_s2c/tests_impl.h +++ b/src/modules/ecdsa_s2c/tests_impl.h @@ -43,39 +43,39 @@ void run_s2c_opening_test(void) { secp256k1_ecdsa_s2c_opening opening; int32_t ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); /* First parsing, then serializing works */ - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, &opening) == 1); - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, &opening) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, NULL, input) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, NULL, input) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, NULL) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, NULL, &opening) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, NULL, &opening) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, NULL) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, NULL) == 0); CHECK(ecount == 4); /* Invalid pubkey makes parsing fail */ input[0] = 0; /* bad oddness bit */ - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 0); input[0] = 2; input[31] = 1; /* point not on the curve */ - CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 0); + CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 0); CHECK(ecount == 4); /* neither of the above are API errors */ /* Try parsing and serializing a bunch of openings */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { /* This is expected to fail in about 50% of iterations because the * points' x-coordinates are uniformly random */ - if (secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1) { - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, &opening) == 1); + if (secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1) { + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, &opening) == 1); CHECK(secp256k1_memcmp_var(output, input, sizeof(output)) == 0); } secp256k1_testrand256(&input[1]); @@ -83,11 +83,10 @@ void run_s2c_opening_test(void) { input[0] = (input[1] & 1) + 2; } + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } static void test_ecdsa_s2c_api(void) { - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); - secp256k1_ecdsa_s2c_opening s2c_opening; secp256k1_ecdsa_signature sig; const unsigned char msg[32] = "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"; @@ -98,96 +97,97 @@ static void test_ecdsa_s2c_api(void) { secp256k1_pubkey pk; int32_t ecount; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sec)); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sec)); ecount = 0; - CHECK(secp256k1_ecdsa_s2c_sign(ctx, NULL, &s2c_opening, msg, sec, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, NULL, &s2c_opening, msg, sec, s2c_data) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, NULL, msg, sec, s2c_data) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, NULL, msg, sec, s2c_data) == 1); CHECK(ecount == 1); /* NULL opening is not an API error */ - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, NULL, sec, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, NULL, sec, s2c_data) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, NULL, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, NULL, s2c_data) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, sec, NULL) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, sec, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, sec, s2c_data) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, sec, s2c_data) == 1); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_s2c_sign(sttc, &sig, &s2c_opening, msg, sec, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(STATIC_CTX, &sig, &s2c_opening, msg, sec, s2c_data) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pk) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pk) == 1); ecount = 0; - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, NULL, s2c_data, &s2c_opening) == 0); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, NULL, s2c_data, &s2c_opening) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, NULL, &s2c_opening) == 0); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, NULL, &s2c_opening) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, NULL) == 0); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, &s2c_opening) == 1); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, sec, &s2c_opening) == 0); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, sec, &s2c_opening) == 0); CHECK(ecount == 3); /* wrong data is not an API error */ /* Signing with NULL s2c_opening gives the same result */ - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, NULL, msg, sec, s2c_data) == 1); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, NULL, msg, sec, s2c_data) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, &s2c_opening) == 1); /* anti-exfil */ ecount = 0; - CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, NULL, hostrand) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, NULL, hostrand) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, hostrand_commitment, NULL) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, hostrand_commitment, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, hostrand_commitment, hostrand) == 1); + CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, hostrand_commitment, hostrand) == 1); CHECK(ecount == 2); ecount = 0; - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, NULL, msg, sec, hostrand_commitment) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, NULL, msg, sec, hostrand_commitment) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, NULL, sec, hostrand_commitment) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, NULL, sec, hostrand_commitment) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, NULL, hostrand_commitment) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, NULL, hostrand_commitment) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, sec, NULL) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, sec, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, sec, hostrand_commitment) == 1); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, sec, hostrand_commitment) == 1); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(sttc, &s2c_opening, msg, sec, hostrand_commitment) == 0); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(STATIC_CTX, &s2c_opening, msg, sec, hostrand_commitment) == 0); CHECK(ecount == 5); ecount = 0; - CHECK(secp256k1_anti_exfil_sign(ctx, NULL, msg, sec, hostrand) == 0); + CHECK(secp256k1_anti_exfil_sign(CTX, NULL, msg, sec, hostrand) == 0); CHECK(ecount == 1); - CHECK(secp256k1_anti_exfil_sign(ctx, &sig, NULL, sec, hostrand) == 0); + CHECK(secp256k1_anti_exfil_sign(CTX, &sig, NULL, sec, hostrand) == 0); CHECK(ecount == 2); - CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, NULL, hostrand) == 0); + CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, NULL, hostrand) == 0); CHECK(ecount == 3); - CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, sec, NULL) == 0); + CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, sec, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, sec, hostrand) == 1); + CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, sec, hostrand) == 1); CHECK(ecount == 4); - CHECK(secp256k1_anti_exfil_sign(sttc, &sig, msg, sec, hostrand) == 0); + CHECK(secp256k1_anti_exfil_sign(STATIC_CTX, &sig, msg, sec, hostrand) == 0); CHECK(ecount == 5); ecount = 0; - CHECK(secp256k1_anti_exfil_host_verify(ctx, NULL, msg, &pk, hostrand, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, NULL, msg, &pk, hostrand, &s2c_opening) == 0); CHECK(ecount == 1); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, NULL, &pk, hostrand, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, NULL, &pk, hostrand, &s2c_opening) == 0); CHECK(ecount == 2); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, NULL, hostrand, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, NULL, hostrand, &s2c_opening) == 0); CHECK(ecount == 3); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, NULL, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, NULL, &s2c_opening) == 0); CHECK(ecount == 4); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, hostrand, NULL) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, hostrand, NULL) == 0); CHECK(ecount == 5); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, hostrand, &s2c_opening) == 1); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, hostrand, &s2c_opening) == 1); CHECK(ecount == 5); - secp256k1_context_destroy(sttc); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } /* When using sign-to-contract commitments, the nonce function is fixed, so we can use fixtures to test. */ @@ -229,10 +229,10 @@ static void test_ecdsa_s2c_fixed_vectors(void) { unsigned char opening_ser[33]; const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; secp256k1_ecdsa_signature signature; - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, test->s2c_data) == 1); - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, opening_ser, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, test->s2c_data) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, opening_ser, &s2c_opening) == 1); CHECK(secp256k1_memcmp_var(test->expected_s2c_opening, opening_ser, sizeof(opening_ser)) == 0); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, test->s2c_data, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, test->s2c_data, &s2c_opening) == 1); } } @@ -251,7 +251,7 @@ static void test_ecdsa_s2c_sign_verify(void) { secp256k1_scalar key; random_scalar_order_test(&key); secp256k1_scalar_get_b32(privkey, &key); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); secp256k1_testrand256_test(message); secp256k1_testrand256_test(noncedata); @@ -262,28 +262,28 @@ static void test_ecdsa_s2c_sign_verify(void) { { /* invalid privkeys */ unsigned char zero_privkey[32] = {0}; unsigned char overflow_privkey[32] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"; - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, NULL, message, zero_privkey, s2c_data) == 0); - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, NULL, message, overflow_privkey, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, NULL, message, zero_privkey, s2c_data) == 0); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, NULL, message, overflow_privkey, s2c_data) == 0); } /* Check that the sign-to-contract signature is valid, with s2c_data. Also check the commitment. */ { - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, s2c_data) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature, message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, s2c_data, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, s2c_data) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature, message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, s2c_data, &s2c_opening) == 1); } /* Check that an invalid commitment does not verify */ { unsigned char sigbytes[64]; size_t i; - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, s2c_data) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature, message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, s2c_data) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature, message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, sigbytes, &signature) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, sigbytes, &signature) == 1); for(i = 0; i < 32; i++) { /* change one byte */ sigbytes[i] = (((int)sigbytes[i]) + 1) % 256; - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, s2c_data, &s2c_opening) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, s2c_data, &s2c_opening) == 0); /* revert */ sigbytes[i] = (((int)sigbytes[i]) + 255) % 256; } @@ -305,8 +305,8 @@ static void test_ecdsa_anti_exfil_signer_commit(void) { secp256k1_ecdsa_s2c_opening s2c_opening; unsigned char buf[33]; const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, message, privkey, test->s2c_data) == 1); - CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, buf, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, message, privkey, test->s2c_data) == 1); + CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, buf, &s2c_opening) == 1); CHECK(secp256k1_memcmp_var(test->expected_s2c_exfil_opening, buf, sizeof(buf)) == 0); } } @@ -326,53 +326,53 @@ static void test_ecdsa_anti_exfil(void) { secp256k1_scalar key; random_scalar_order_test(&key); secp256k1_scalar_get_b32(signer_privkey, &key); - CHECK(secp256k1_ec_pubkey_create(ctx, &signer_pubkey, signer_privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &signer_pubkey, signer_privkey) == 1); secp256k1_testrand256_test(host_msg); secp256k1_testrand256_test(host_nonce_contribution); } /* Protocol step 1. */ - CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, host_commitment, host_nonce_contribution) == 1); + CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, host_commitment, host_nonce_contribution) == 1); /* Protocol step 2. */ - CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, host_msg, signer_privkey, host_commitment) == 1); + CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, host_msg, signer_privkey, host_commitment) == 1); /* Protocol step 3: host_nonce_contribution send to signer to be used in step 4. */ /* Protocol step 4. */ - CHECK(secp256k1_anti_exfil_sign(ctx, &signature, host_msg, signer_privkey, host_nonce_contribution) == 1); + CHECK(secp256k1_anti_exfil_sign(CTX, &signature, host_msg, signer_privkey, host_nonce_contribution) == 1); /* Protocol step 5. */ - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); /* Protocol step 5 (explicitly) */ - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, host_nonce_contribution, &s2c_opening) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature, host_msg, &signer_pubkey) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, host_nonce_contribution, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature, host_msg, &signer_pubkey) == 1); { /* host_verify: commitment does not match */ unsigned char sigbytes[64]; size_t i; - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, sigbytes, &signature) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, sigbytes, &signature) == 1); for(i = 0; i < 32; i++) { /* change one byte */ sigbytes[i] += 1; - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); - CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, host_nonce_contribution, &s2c_opening) == 0); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); + CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, host_nonce_contribution, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); /* revert */ sigbytes[i] -= 1; } - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); } { /* host_verify: message does not match */ unsigned char bad_msg[32]; secp256k1_testrand256_test(bad_msg); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, bad_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, bad_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); } { /* s2c_sign: host provided data that didn't match commitment */ secp256k1_ecdsa_s2c_opening orig_opening = s2c_opening; unsigned char bad_nonce_contribution[32] = { 1, 2, 3, 4 }; - CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, host_msg, signer_privkey, bad_nonce_contribution) == 1); + CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, host_msg, signer_privkey, bad_nonce_contribution) == 1); /* good signature but the opening (original public nonce does not match the original */ - CHECK(secp256k1_ecdsa_verify(ctx, &signature, host_msg, &signer_pubkey) == 1); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); - CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, bad_nonce_contribution, &s2c_opening) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature, host_msg, &signer_pubkey) == 1); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); + CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, bad_nonce_contribution, &s2c_opening) == 1); CHECK(secp256k1_memcmp_var(&s2c_opening, &orig_opening, sizeof(s2c_opening)) != 0); } } diff --git a/src/modules/extrakeys/tests_impl.h b/src/modules/extrakeys/tests_impl.h index ac92a8b6..047dc3d2 100644 --- a/src/modules/extrakeys/tests_impl.h +++ b/src/modules/extrakeys/tests_impl.h @@ -30,52 +30,52 @@ void test_xonly_pubkey(void) { int ecount; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); secp256k1_testrand256(sk); memset(ones32, 0xFF, 32); secp256k1_testrand256(xy_sk); - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); /* Test xonly_pubkey_from_pubkey */ ecount = 0; - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, NULL, &pk_parity, &pk) == 0); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk) == 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, NULL) == 0); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL) == 0); CHECK(ecount == 2); memset(&pk, 0, sizeof(pk)); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 0); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 0); CHECK(ecount == 3); /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */ memset(sk, 0, sizeof(sk)); sk[0] = 1; - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); CHECK(secp256k1_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); CHECK(pk_parity == 0); /* Choose a secret key such that pubkey and xonly_pubkey are each others * negation. */ sk[0] = 2; - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); CHECK(secp256k1_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); CHECK(pk_parity == 1); - secp256k1_pubkey_load(ctx, &pk1, &pk); - secp256k1_pubkey_load(ctx, &pk2, (secp256k1_pubkey *) &xonly_pk); + secp256k1_pubkey_load(CTX, &pk1, &pk); + secp256k1_pubkey_load(CTX, &pk2, (secp256k1_pubkey *) &xonly_pk); CHECK(secp256k1_fe_equal(&pk1.x, &pk2.x) == 1); secp256k1_fe_negate(&y, &pk2.y, 1); CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1); /* Test xonly_pubkey_serialize and xonly_pubkey_parse */ ecount = 0; - CHECK(secp256k1_xonly_pubkey_serialize(ctx, NULL, &xonly_pk) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, NULL, &xonly_pk) == 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, NULL) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, NULL) == 0); CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0); CHECK(ecount == 2); { @@ -83,46 +83,46 @@ void test_xonly_pubkey(void) { * special casing. */ secp256k1_xonly_pubkey pk_tmp; memset(&pk_tmp, 0, sizeof(pk_tmp)); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &pk_tmp) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &pk_tmp) == 0); } /* pubkey_load called illegal callback */ CHECK(ecount == 3); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); ecount = 0; - CHECK(secp256k1_xonly_pubkey_parse(ctx, NULL, buf32) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, NULL, buf32) == 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, NULL) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, NULL) == 0); CHECK(ecount == 2); /* Serialization and parse roundtrip */ - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk) == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk_tmp, buf32) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk_tmp, buf32) == 1); CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); /* Test parsing invalid field elements */ memset(&xonly_pk, 1, sizeof(xonly_pk)); /* Overflowing field element */ - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, ones32) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, ones32) == 0); CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); memset(&xonly_pk, 1, sizeof(xonly_pk)); /* There's no point with x-coordinate 0 on secp256k1 */ - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, zeros64) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, zeros64) == 0); CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); /* If a random 32-byte string can not be parsed with ec_pubkey_parse * (because interpreted as X coordinate it does not correspond to a point on * the curve) then xonly_pubkey_parse should fail as well. */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { unsigned char rand33[33]; secp256k1_testrand256(&rand33[1]); rand33[0] = SECP256K1_TAG_PUBKEY_EVEN; - if (!secp256k1_ec_pubkey_parse(ctx, &pk, rand33, 33)) { + if (!secp256k1_ec_pubkey_parse(CTX, &pk, rand33, 33)) { memset(&xonly_pk, 1, sizeof(xonly_pk)); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 0); CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); } else { - CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 1); } } CHECK(ecount == 2); @@ -141,26 +141,26 @@ void test_xonly_pubkey_comparison(void) { secp256k1_xonly_pubkey pk2; int ecount = 0; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk1, pk1_ser) == 1); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk2, pk2_ser) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk1, pk1_ser) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk2, pk2_ser) == 1); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, NULL, &pk2) < 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, NULL) > 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0); CHECK(ecount == 2); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk2) < 0); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk1) > 0); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk1) == 0); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk2) == 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk2) == 0); CHECK(ecount == 2); memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk2) < 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); CHECK(ecount == 3); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk1) == 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); CHECK(ecount == 5); - CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk1) > 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); CHECK(ecount == 6); } @@ -177,48 +177,48 @@ void test_xonly_pubkey_tweak(void) { int ecount; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); memset(overflows, 0xff, sizeof(overflows)); secp256k1_testrand256(tweak); secp256k1_testrand256(sk); - CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); ecount = 0; - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, NULL, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, NULL, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak) == 0); CHECK(ecount == 2); /* NULL internal_xonly_pk zeroes the output_pk */ CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, NULL) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL) == 0); CHECK(ecount == 3); /* NULL tweak zeroes the output_pk */ CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* Invalid tweak zeroes the output_pk */ - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* A zero tweak is fine */ - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, zeros64) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, zeros64) == 1); /* Fails if the resulting key was infinity */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_scalar scalar_tweak; /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); secp256k1_scalar_get_b32(tweak, &scalar_tweak); - CHECK((secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, sk) == 0) - || (secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 0)); + CHECK((secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, sk) == 0) + || (secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0)); CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } @@ -226,7 +226,7 @@ void test_xonly_pubkey_tweak(void) { memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk)); secp256k1_testrand256(tweak); ecount = 0; - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } @@ -246,49 +246,49 @@ void test_xonly_pubkey_tweak_check(void) { int ecount; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); memset(overflows, 0xff, sizeof(overflows)); secp256k1_testrand256(tweak); secp256k1_testrand256(sk); - CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); ecount = 0; - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &output_xonly_pk) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &output_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); /* invalid pk_parity value */ - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, 2, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, 2, &internal_xonly_pk, tweak) == 0); CHECK(ecount == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, NULL, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak) == 0); CHECK(ecount == 2); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); CHECK(ecount == 3); memset(tweak, 1, sizeof(tweak)); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, NULL, &internal_pk) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk32, &output_xonly_pk) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, NULL, &internal_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk32, &output_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); /* Wrong pk_parity */ - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); /* Wrong public key */ - CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &internal_xonly_pk) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &internal_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); /* Overflowing tweak not allowed */ - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); CHECK(ecount == 3); } @@ -305,23 +305,23 @@ void test_xonly_pubkey_tweak_recursive(void) { int i; secp256k1_testrand256(sk); - CHECK(secp256k1_ec_pubkey_create(ctx, &pk[0], sk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk[0], sk) == 1); /* Add tweaks */ for (i = 0; i < N_PUBKEYS - 1; i++) { secp256k1_xonly_pubkey xonly_pk; memset(tweak[i], i + 1, sizeof(tweak[i])); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i]) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &pk[i + 1], &xonly_pk, tweak[i]) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i]) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &pk[i + 1], &xonly_pk, tweak[i]) == 1); } /* Verify tweaks */ for (i = N_PUBKEYS - 1; i > 0; i--) { secp256k1_xonly_pubkey xonly_pk; int pk_parity; - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk[i]) == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk_serialized, &xonly_pk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i - 1]) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk[i]) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk_serialized, &xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i - 1]) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); } } #undef N_PUBKEYS @@ -336,10 +336,9 @@ void test_keypair(void) { secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp; int pk_parity, pk_parity_tmp; int ecount; - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); - set_counting_callbacks(ctx, &ecount); - set_counting_callbacks(sttc, &ecount); + set_counting_callbacks(CTX, &ecount); + set_counting_callbacks(STATIC_CTX, &ecount); CHECK(sizeof(zeros96) == sizeof(keypair)); memset(overflows, 0xFF, sizeof(overflows)); @@ -347,100 +346,102 @@ void test_keypair(void) { /* Test keypair_create */ ecount = 0; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); CHECK(ecount == 0); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); CHECK(ecount == 0); - CHECK(secp256k1_keypair_create(ctx, NULL, sk) == 0); + CHECK(secp256k1_keypair_create(CTX, NULL, sk) == 0); CHECK(ecount == 1); - CHECK(secp256k1_keypair_create(ctx, &keypair, NULL) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, NULL) == 0); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); CHECK(ecount == 2); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); CHECK(ecount == 2); - CHECK(secp256k1_keypair_create(sttc, &keypair, sk) == 0); + CHECK(secp256k1_keypair_create(STATIC_CTX, &keypair, sk) == 0); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); CHECK(ecount == 3); /* Invalid secret key */ - CHECK(secp256k1_keypair_create(ctx, &keypair, zeros96) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, zeros96) == 0); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); - CHECK(secp256k1_keypair_create(ctx, &keypair, overflows) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, overflows) == 0); CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); /* Test keypair_pub */ ecount = 0; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair) == 1); - CHECK(secp256k1_keypair_pub(ctx, NULL, &keypair) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); + CHECK(secp256k1_keypair_pub(CTX, NULL, &keypair) == 0); CHECK(ecount == 1); - CHECK(secp256k1_keypair_pub(ctx, &pk, NULL) == 0); + CHECK(secp256k1_keypair_pub(CTX, &pk, NULL) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* Using an invalid keypair is fine for keypair_pub */ memset(&keypair, 0, sizeof(keypair)); - CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair) == 1); + CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* keypair holds the same pubkey as pubkey_create */ - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_pub(ctx, &pk_tmp, &keypair) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_pub(CTX, &pk_tmp, &keypair) == 1); CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); /** Test keypair_xonly_pub **/ ecount = 0; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, NULL, &pk_parity, &keypair) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair) == 0); CHECK(ecount == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, NULL, &keypair) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, NULL) == 0); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, NULL, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); /* Using an invalid keypair will set the xonly_pk to 0 (first reset * xonly_pk). */ - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); memset(&keypair, 0, sizeof(keypair)); - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 0); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 0); CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); CHECK(ecount == 3); /** keypair holds the same xonly pubkey as pubkey_create **/ - CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); CHECK(pk_parity == pk_parity_tmp); /* Test keypair_seckey */ ecount = 0; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); - CHECK(secp256k1_keypair_sec(ctx, NULL, &keypair) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); + CHECK(secp256k1_keypair_sec(CTX, NULL, &keypair) == 0); CHECK(ecount == 1); - CHECK(secp256k1_keypair_sec(ctx, sk_tmp, NULL) == 0); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, NULL) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); /* keypair returns the same seckey it got */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0); /* Using an invalid keypair is fine for keypair_seckey */ memset(&keypair, 0, sizeof(keypair)); - CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); - secp256k1_context_destroy(sttc); + + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } void test_keypair_add(void) { @@ -452,49 +453,49 @@ void test_keypair_add(void) { int i; int ecount = 0; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); CHECK(sizeof(zeros96) == sizeof(keypair)); secp256k1_testrand256(sk); secp256k1_testrand256(tweak); memset(overflows, 0xFF, 32); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); CHECK(ecount == 0); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, NULL, tweak) == 0); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, NULL, tweak) == 0); CHECK(ecount == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, NULL) == 0); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, NULL) == 0); CHECK(ecount == 2); /* This does not set the keypair to zeroes */ CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); /* Invalid tweak zeroes the keypair */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, overflows) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, overflows) == 0); CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* A zero tweak is fine */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, zeros96) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, zeros96) == 1); /* Fails if the resulting keypair was (sk=0, pk=infinity) */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_scalar scalar_tweak; secp256k1_keypair keypair_tmp; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memcpy(&keypair_tmp, &keypair, sizeof(keypair)); /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); secp256k1_scalar_get_b32(tweak, &scalar_tweak); - CHECK((secp256k1_keypair_xonly_tweak_add(ctx, &keypair, sk) == 0) - || (secp256k1_keypair_xonly_tweak_add(ctx, &keypair_tmp, tweak) == 0)); + CHECK((secp256k1_keypair_xonly_tweak_add(CTX, &keypair, sk) == 0) + || (secp256k1_keypair_xonly_tweak_add(CTX, &keypair_tmp, tweak) == 0)); CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 || secp256k1_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); } @@ -503,23 +504,23 @@ void test_keypair_add(void) { memset(&keypair, 0, sizeof(keypair)); secp256k1_testrand256(tweak); ecount = 0; - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); CHECK(ecount == 1); CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* Only seckey part of keypair invalid */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memset(&keypair, 0, 32); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); CHECK(ecount == 2); /* Only pubkey part of keypair invalid */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memset(&keypair.data[32], 0, 64); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); CHECK(ecount == 3); /* Check that the keypair_tweak_add implementation is correct */ - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - for (i = 0; i < count; i++) { + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + for (i = 0; i < COUNT; i++) { secp256k1_xonly_pubkey internal_pk; secp256k1_xonly_pubkey output_pk; secp256k1_pubkey output_pk_xy; @@ -529,22 +530,22 @@ void test_keypair_add(void) { int pk_parity; secp256k1_testrand256(tweak); - CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); /* Check that it passes xonly_pubkey_tweak_add_check */ - CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk32, &output_pk) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk32, pk_parity, &internal_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk32, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk32, pk_parity, &internal_pk, tweak) == 1); /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */ - CHECK(secp256k1_keypair_pub(ctx, &output_pk_xy, &keypair) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk_expected, &internal_pk, tweak) == 1); + CHECK(secp256k1_keypair_pub(CTX, &output_pk_xy, &keypair) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk_expected, &internal_pk, tweak) == 1); CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); /* Check that the secret key in the keypair is tweaked correctly */ - CHECK(secp256k1_keypair_sec(ctx, sk32, &keypair) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &output_pk_expected, sk32) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk32, &keypair) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &output_pk_expected, sk32) == 1); CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); } } @@ -577,7 +578,7 @@ void test_hsort(void) { /* Test hsort with length n array and random elements in * [-interval/2, interval/2] */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { int n = secp256k1_testrand_int(NUM); int interval = secp256k1_testrand_int(64); for (j = 0; j < n; j++) { @@ -604,26 +605,26 @@ void test_pubkey_comparison(void) { secp256k1_pubkey pk2; int ecount = 0; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); - CHECK(secp256k1_pubkey_cmp(ctx, NULL, &pk2) < 0); + CHECK(secp256k1_pubkey_cmp(CTX, NULL, &pk2) < 0); CHECK(ecount == 1); - CHECK(secp256k1_pubkey_cmp(ctx, &pk1, NULL) > 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk1, NULL) > 0); CHECK(ecount == 2); - CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk2) < 0); - CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk1) > 0); - CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk1) == 0); - CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk2) == 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk1) == 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk2) == 0); CHECK(ecount == 2); memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ - CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk2) < 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk2) < 0); CHECK(ecount == 3); - CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk1) == 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk1) == 0); CHECK(ecount == 5); - CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk1) > 0); + CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk1) > 0); CHECK(ecount == 6); } @@ -635,7 +636,7 @@ void test_sort_helper(secp256k1_pubkey *pk, size_t *pk_order, size_t n_pk) { for (i = 0; i < n_pk; i++) { pk_test[i] = &pk[pk_order[i]]; } - secp256k1_pubkey_sort(ctx, pk_test, n_pk); + secp256k1_pubkey_sort(CTX, pk_test, n_pk); for (i = 0; i < n_pk; i++) { CHECK(secp256k1_memcmp_var(pk_test[i], &pk[i], sizeof(*pk_test[i])) == 0); } @@ -656,8 +657,8 @@ void rand_pk(secp256k1_pubkey *pk) { unsigned char seckey[32]; secp256k1_keypair keypair; secp256k1_testrand256(seckey); - CHECK(secp256k1_keypair_create(ctx, &keypair, seckey) == 1); - CHECK(secp256k1_keypair_pub(ctx, pk, &keypair) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, seckey) == 1); + CHECK(secp256k1_keypair_pub(CTX, pk, &keypair) == 1); } void test_sort_api(void) { @@ -665,7 +666,7 @@ void test_sort_api(void) { secp256k1_pubkey pks[2]; const secp256k1_pubkey *pks_ptr[2]; - set_counting_callbacks(ctx, &ecount); + set_counting_callbacks(CTX, &ecount); pks_ptr[0] = &pks[0]; pks_ptr[1] = &pks[1]; @@ -673,16 +674,16 @@ void test_sort_api(void) { rand_pk(&pks[0]); rand_pk(&pks[1]); - CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); - CHECK(secp256k1_pubkey_sort(ctx, NULL, 2) == 0); + CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); + CHECK(secp256k1_pubkey_sort(CTX, NULL, 2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 0) == 1); + CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 0) == 1); /* Test illegal public keys */ memset(&pks[0], 0, sizeof(pks[0])); - CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); + CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); CHECK(ecount == 2); memset(&pks[1], 0, sizeof(pks[1])); - CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); + CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); CHECK(ecount > 2); } @@ -700,7 +701,7 @@ void test_sort(void) { size_t pk_order[5] = { 0, 1, 2, 3, 4 }; for (i = 0; i < 5; i++) { - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); } permute(pk_order, 1); @@ -709,25 +710,25 @@ void test_sort(void) { test_sort_helper(pk, pk_order, 2); permute(pk_order, 3); test_sort_helper(pk, pk_order, 3); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { permute(pk_order, 4); test_sort_helper(pk, pk_order, 4); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { permute(pk_order, 5); test_sort_helper(pk, pk_order, 5); } /* Check that sorting also works for random pubkeys */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { int j; const secp256k1_pubkey *pk_ptr[5]; for (j = 0; j < 5; j++) { rand_pk(&pk[j]); pk_ptr[j] = &pk[j]; } - secp256k1_pubkey_sort(ctx, pk_ptr, 5); + secp256k1_pubkey_sort(CTX, pk_ptr, 5); for (j = 1; j < 5; j++) { - CHECK(secp256k1_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], ctx) <= 0); + CHECK(secp256k1_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], CTX) <= 0); } } } @@ -768,10 +769,10 @@ void test_sort_vectors(void) { sorted[5] = &pubkeys[2]; for (i = 0; i < N_PUBKEYS; i++) { - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); pks_ptr[i] = &pubkeys[i]; } - CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, N_PUBKEYS) == 1); + CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, N_PUBKEYS) == 1); for (i = 0; i < N_PUBKEYS; i++) { CHECK(secp256k1_memcmp_var(pks_ptr[i], sorted[i], sizeof(secp256k1_pubkey)) == 0); } diff --git a/src/modules/generator/tests_impl.h b/src/modules/generator/tests_impl.h index 9786a83b..14af9039 100644 --- a/src/modules/generator/tests_impl.h +++ b/src/modules/generator/tests_impl.h @@ -21,51 +21,53 @@ void test_generator_api(void) { unsigned char key[32]; unsigned char blind[32]; unsigned char sergen[33]; - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); secp256k1_generator gen; int32_t ecount = 0; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); secp256k1_testrand256(key); secp256k1_testrand256(blind); - CHECK(secp256k1_generator_generate(ctx, &gen, key) == 1); + CHECK(secp256k1_generator_generate(CTX, &gen, key) == 1); CHECK(ecount == 0); - CHECK(secp256k1_generator_generate(ctx, NULL, key) == 0); + CHECK(secp256k1_generator_generate(CTX, NULL, key) == 0); CHECK(ecount == 1); - CHECK(secp256k1_generator_generate(ctx, &gen, NULL) == 0); + CHECK(secp256k1_generator_generate(CTX, &gen, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_generator_generate_blinded(ctx, &gen, key, blind) == 1); + CHECK(secp256k1_generator_generate_blinded(CTX, &gen, key, blind) == 1); CHECK(ecount == 2); - CHECK(secp256k1_generator_generate_blinded(sttc, &gen, key, blind) == 0); + CHECK(secp256k1_generator_generate_blinded(STATIC_CTX, &gen, key, blind) == 0); CHECK(ecount == 3); - CHECK(secp256k1_generator_generate_blinded(ctx, NULL, key, blind) == 0); + CHECK(secp256k1_generator_generate_blinded(CTX, NULL, key, blind) == 0); CHECK(ecount == 4); - CHECK(secp256k1_generator_generate_blinded(ctx, &gen, NULL, blind) == 0); + CHECK(secp256k1_generator_generate_blinded(CTX, &gen, NULL, blind) == 0); CHECK(ecount == 5); - CHECK(secp256k1_generator_generate_blinded(ctx, &gen, key, NULL) == 0); + CHECK(secp256k1_generator_generate_blinded(CTX, &gen, key, NULL) == 0); CHECK(ecount == 6); - CHECK(secp256k1_generator_serialize(ctx, sergen, &gen) == 1); + CHECK(secp256k1_generator_serialize(CTX, sergen, &gen) == 1); CHECK(ecount == 6); - CHECK(secp256k1_generator_serialize(ctx, NULL, &gen) == 0); + CHECK(secp256k1_generator_serialize(CTX, NULL, &gen) == 0); CHECK(ecount == 7); - CHECK(secp256k1_generator_serialize(ctx, sergen, NULL) == 0); + CHECK(secp256k1_generator_serialize(CTX, sergen, NULL) == 0); CHECK(ecount == 8); - CHECK(secp256k1_generator_serialize(ctx, sergen, &gen) == 1); - CHECK(secp256k1_generator_parse(ctx, &gen, sergen) == 1); + CHECK(secp256k1_generator_serialize(CTX, sergen, &gen) == 1); + CHECK(secp256k1_generator_parse(CTX, &gen, sergen) == 1); CHECK(ecount == 8); - CHECK(secp256k1_generator_parse(ctx, NULL, sergen) == 0); + CHECK(secp256k1_generator_parse(CTX, NULL, sergen) == 0); CHECK(ecount == 9); - CHECK(secp256k1_generator_parse(ctx, &gen, NULL) == 0); + CHECK(secp256k1_generator_parse(CTX, &gen, NULL) == 0); CHECK(ecount == 10); - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } void test_shallue_van_de_woestijne(void) { @@ -171,11 +173,11 @@ void test_generator_generate(void) { for (i = 1; i <= 32; i++) { memset(v, 0, 31); v[31] = i; - CHECK(secp256k1_generator_generate_blinded(ctx, &gen, v, s)); + CHECK(secp256k1_generator_generate_blinded(CTX, &gen, v, s)); secp256k1_generator_load(&ge, &gen); secp256k1_ge_to_storage(&ges, &ge); CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); - CHECK(secp256k1_generator_generate(ctx, &gen, v)); + CHECK(secp256k1_generator_generate(CTX, &gen, v)); secp256k1_generator_load(&ge, &gen); secp256k1_ge_to_storage(&ges, &ge); CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); @@ -185,9 +187,9 @@ void test_generator_generate(void) { * valid scalar. Check that an invalid blinder causes the call to fail * but not crash. */ memset(v, 0xff, 32); - CHECK(secp256k1_generator_generate(ctx, &gen, v)); + CHECK(secp256k1_generator_generate(CTX, &gen, v)); memset(s, 0xff, 32); - CHECK(!secp256k1_generator_generate_blinded(ctx, &gen, v, s)); + CHECK(!secp256k1_generator_generate_blinded(CTX, &gen, v, s)); } void test_generator_fixed_vector(void) { @@ -199,18 +201,17 @@ void test_generator_fixed_vector(void) { unsigned char result[33]; secp256k1_generator parse; - CHECK(secp256k1_generator_parse(ctx, &parse, two_g)); - CHECK(secp256k1_generator_serialize(ctx, result, &parse)); + CHECK(secp256k1_generator_parse(CTX, &parse, two_g)); + CHECK(secp256k1_generator_serialize(CTX, result, &parse)); CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); result[0] = 0x0a; - CHECK(secp256k1_generator_parse(ctx, &parse, result)); + CHECK(secp256k1_generator_parse(CTX, &parse, result)); result[0] = 0x08; - CHECK(!secp256k1_generator_parse(ctx, &parse, result)); + CHECK(!secp256k1_generator_parse(CTX, &parse, result)); } static void test_pedersen_api(void) { - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); secp256k1_pedersen_commitment commit; const secp256k1_pedersen_commitment *commit_ptr = &commit; unsigned char blind[32]; @@ -220,60 +221,63 @@ static void test_pedersen_api(void) { uint64_t val = secp256k1_testrand32(); int32_t ecount = 0; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); secp256k1_testrand256(blind); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h) != 0); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h) != 0); CHECK(ecount == 0); - CHECK(secp256k1_pedersen_commit(sttc, &commit, blind, val, secp256k1_generator_h) == 0); + CHECK(secp256k1_pedersen_commit(STATIC_CTX, &commit, blind, val, secp256k1_generator_h) == 0); CHECK(ecount == 1); - CHECK(secp256k1_pedersen_commit(ctx, NULL, blind, val, secp256k1_generator_h) == 0); + CHECK(secp256k1_pedersen_commit(CTX, NULL, blind, val, secp256k1_generator_h) == 0); CHECK(ecount == 2); - CHECK(secp256k1_pedersen_commit(ctx, &commit, NULL, val, secp256k1_generator_h) == 0); + CHECK(secp256k1_pedersen_commit(CTX, &commit, NULL, val, secp256k1_generator_h) == 0); CHECK(ecount == 3); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, NULL) == 0); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 1, 1) != 0); + CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 1, 1) != 0); CHECK(ecount == 4); - CHECK(secp256k1_pedersen_blind_sum(ctx, NULL, &blind_ptr, 1, 1) == 0); + CHECK(secp256k1_pedersen_blind_sum(CTX, NULL, &blind_ptr, 1, 1) == 0); CHECK(ecount == 5); - CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, NULL, 1, 1) == 0); + CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, NULL, 1, 1) == 0); CHECK(ecount == 6); - CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 0, 1) == 0); + CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 0, 1) == 0); CHECK(ecount == 7); - CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 0, 0) != 0); + CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 0, 0) != 0); CHECK(ecount == 7); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h) != 0); - CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, &commit_ptr, 1) != 0); - CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 0, &commit_ptr, 1) == 0); - CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, NULL, 0) == 0); - CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 0, NULL, 0) != 0); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h) != 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, &commit_ptr, 1) != 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 0, &commit_ptr, 1) == 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, NULL, 0) == 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 0, NULL, 0) != 0); CHECK(ecount == 7); - CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 1, &commit_ptr, 1) == 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 1, &commit_ptr, 1) == 0); CHECK(ecount == 8); - CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, NULL, 1) == 0); + CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, NULL, 1) == 0); CHECK(ecount == 9); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 1, 0) != 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 1, 0) != 0); CHECK(ecount == 9); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 1, 1) == 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 1, 1) == 0); CHECK(ecount == 10); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 0, 0) == 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 0, 0) == 0); CHECK(ecount == 11); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, NULL, &blind_ptr, &blind_out_ptr, 1, 0) == 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, NULL, &blind_ptr, &blind_out_ptr, 1, 0) == 0); CHECK(ecount == 12); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, NULL, &blind_out_ptr, 1, 0) == 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, NULL, &blind_out_ptr, 1, 0) == 0); CHECK(ecount == 13); - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, NULL, 1, 0) == 0); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, NULL, 1, 0) == 0); CHECK(ecount == 14); - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } static void test_pedersen(void) { @@ -310,14 +314,14 @@ static void test_pedersen(void) { random_scalar_order(&s); secp256k1_scalar_get_b32(&blinds[i * 32], &s); } - CHECK(secp256k1_pedersen_blind_sum(ctx, &blinds[(total - 1) * 32], bptr, total - 1, inputs)); + CHECK(secp256k1_pedersen_blind_sum(CTX, &blinds[(total - 1) * 32], bptr, total - 1, inputs)); for (i = 0; i < total; i++) { - CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); } - CHECK(secp256k1_pedersen_verify_tally(ctx, cptr, inputs, &cptr[inputs], outputs)); - CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[inputs], outputs, cptr, inputs)); + CHECK(secp256k1_pedersen_verify_tally(CTX, cptr, inputs, &cptr[inputs], outputs)); + CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[inputs], outputs, cptr, inputs)); if (inputs > 0 && values[0] > 0) { - CHECK(!secp256k1_pedersen_verify_tally(ctx, cptr, inputs - 1, &cptr[inputs], outputs)); + CHECK(!secp256k1_pedersen_verify_tally(CTX, cptr, inputs - 1, &cptr[inputs], outputs)); } random_scalar_order(&s); for (i = 0; i < 4; i++) { @@ -327,10 +331,10 @@ static void test_pedersen(void) { values[1] = 0; values[2] = 1; for (i = 0; i < 3; i++) { - CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); } - CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[0], 1, &cptr[0], 1)); - CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[1], 1)); + CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[0], 1, &cptr[0], 1)); + CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[1], 1, &cptr[1], 1)); } void test_pedersen_commitment_fixed_vector(void) { @@ -342,14 +346,14 @@ void test_pedersen_commitment_fixed_vector(void) { unsigned char result[33]; secp256k1_pedersen_commitment parse; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, two_g)); - CHECK(secp256k1_pedersen_commitment_serialize(ctx, result, &parse)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &parse, two_g)); + CHECK(secp256k1_pedersen_commitment_serialize(CTX, result, &parse)); CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); result[0] = 0x08; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, result)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &parse, result)); result[0] = 0x0c; - CHECK(!secp256k1_pedersen_commitment_parse(ctx, &parse, result)); + CHECK(!secp256k1_pedersen_commitment_parse(CTX, &parse, result)); } @@ -362,7 +366,7 @@ void run_generator_tests(void) { test_generator_generate(); test_pedersen_api(); test_pedersen_commitment_fixed_vector(); - for (i = 0; i < count / 2 + 1; i++) { + for (i = 0; i < COUNT / 2 + 1; i++) { test_pedersen(); } } diff --git a/src/modules/musig/tests_impl.h b/src/modules/musig/tests_impl.h index bbeecbb6..1feb171c 100644 --- a/src/modules/musig/tests_impl.h +++ b/src/modules/musig/tests_impl.h @@ -28,8 +28,8 @@ static int create_keypair_and_pk(secp256k1_keypair *keypair, secp256k1_pubkey *pk, const unsigned char *sk) { int ret; secp256k1_keypair keypair_tmp; - ret = secp256k1_keypair_create(ctx, &keypair_tmp, sk); - ret &= secp256k1_keypair_pub(ctx, pk, &keypair_tmp); + ret = secp256k1_keypair_create(CTX, &keypair_tmp, sk); + ret &= secp256k1_keypair_pub(CTX, pk, &keypair_tmp); if (keypair != NULL) { *keypair = keypair_tmp; } @@ -66,20 +66,20 @@ void musig_simple_test(secp256k1_scratch_space *scratch) { partial_sig_ptr[i] = &partial_sig[i]; CHECK(create_keypair_and_pk(&keypair[i], &pk[i], sk[i])); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[i], &pubnonce[i], session_id[i], sk[i], &pk[i], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[i], &pubnonce[i], session_id[i], sk[i], &pk[i], NULL, NULL, NULL) == 1); } - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache, NULL) == 1); for (i = 0; i < 2; i++) { - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[i], &secnonce[i], &keypair[i], &keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[i], &pubnonce[i], &pk[i], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[i], &secnonce[i], &keypair[i], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[i], &pubnonce[i], &pk[i], &keyagg_cache, &session) == 1); } - CHECK(secp256k1_musig_partial_sig_agg(ctx, final_sig, &session, partial_sig_ptr, 2) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig, msg, sizeof(msg), &agg_pk) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), &agg_pk) == 1); } void pubnonce_summing_to_inf(secp256k1_musig_pubnonce *pubnonce) { @@ -98,7 +98,7 @@ void pubnonce_summing_to_inf(secp256k1_musig_pubnonce *pubnonce) { secp256k1_ge_neg(&ge[1], &ge[1]); } - secp256k1_musig_sum_nonces(ctx, summed_nonces, pubnonce_ptr, 2); + secp256k1_musig_sum_nonces(CTX, summed_nonces, pubnonce_ptr, 2); CHECK(secp256k1_gej_is_infinity(&summed_nonces[0])); CHECK(secp256k1_gej_is_infinity(&summed_nonces[1])); } @@ -160,13 +160,12 @@ void musig_api_tests(secp256k1_scratch_space *scratch) { int i; /** setup **/ - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); int ecount; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); memset(max64, 0xff, sizeof(max64)); memset(&invalid_keypair, 0, sizeof(invalid_keypair)); @@ -185,7 +184,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) { secp256k1_testrand256(sec_adaptor); secp256k1_testrand256(msg); secp256k1_testrand256(tweak); - CHECK(secp256k1_ec_pubkey_create(ctx, &adaptor, sec_adaptor) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &adaptor, sec_adaptor) == 1); for (i = 0; i < 2; i++) { pk_ptr[i] = &pk[i]; invalid_pk_ptr2[i] = &invalid_pk; @@ -208,39 +207,39 @@ void musig_api_tests(secp256k1_scratch_space *scratch) { /** Key aggregation **/ ecount = 0; - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); /* pubkey_agg does not require a scratch space */ - CHECK(secp256k1_musig_pubkey_agg(ctx, NULL, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, NULL, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); /* A small scratch space works too, but will result in using an ineffecient algorithm */ - scratch_small = secp256k1_scratch_space_create(ctx, 1); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch_small, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); - secp256k1_scratch_space_destroy(ctx, scratch_small); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, NULL, &keyagg_cache, pk_ptr, 2) == 1); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, NULL, pk_ptr, 2) == 1); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, NULL, 2) == 0); + scratch_small = secp256k1_scratch_space_create(CTX, 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch_small, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + secp256k1_scratch_space_destroy(CTX, scratch_small); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, NULL, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, NULL, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, NULL, 2) == 0); CHECK(ecount == 1); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, invalid_pk_ptr2, 2) == 0); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, invalid_pk_ptr2, 2) == 0); CHECK(ecount == 2); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, invalid_pk_ptr3, 3) == 0); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, invalid_pk_ptr3, 3) == 0); CHECK(ecount == 3); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, pk_ptr, 0) == 0); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, pk_ptr, 0) == 0); CHECK(ecount == 4); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, NULL, 0) == 0); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, NULL, 0) == 0); CHECK(ecount == 5); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); /* pubkey_get */ ecount = 0; - CHECK(secp256k1_musig_pubkey_get(ctx, &full_agg_pk, &keyagg_cache) == 1); - CHECK(secp256k1_musig_pubkey_get(ctx, NULL, &keyagg_cache) == 0); + CHECK(secp256k1_musig_pubkey_get(CTX, &full_agg_pk, &keyagg_cache) == 1); + CHECK(secp256k1_musig_pubkey_get(CTX, NULL, &keyagg_cache) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_pubkey_get(ctx, &full_agg_pk, NULL) == 0); + CHECK(secp256k1_musig_pubkey_get(CTX, &full_agg_pk, NULL) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(&full_agg_pk, zeros132, sizeof(full_agg_pk)) == 0); @@ -253,27 +252,27 @@ void musig_api_tests(secp256k1_scratch_space *scratch) { secp256k1_pubkey tmp_output_pk; secp256k1_musig_keyagg_cache tmp_keyagg_cache = keyagg_cache; ecount = 0; - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, &tmp_keyagg_cache, tweak) == 1); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &tmp_keyagg_cache, tweak) == 1); /* Reset keyagg_cache */ tmp_keyagg_cache = keyagg_cache; - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, &tmp_keyagg_cache, tweak) == 1); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &tmp_keyagg_cache, tweak) == 1); tmp_keyagg_cache = keyagg_cache; - CHECK((*tweak_func[i])(ctx, NULL, &tmp_keyagg_cache, tweak) == 1); + CHECK((*tweak_func[i])(CTX, NULL, &tmp_keyagg_cache, tweak) == 1); tmp_keyagg_cache = keyagg_cache; - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, NULL, tweak) == 0); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, NULL, tweak) == 0); CHECK(ecount == 1); CHECK(memcmp_and_randomize(tmp_output_pk.data, zeros132, sizeof(tmp_output_pk.data)) == 0); tmp_keyagg_cache = keyagg_cache; - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, &tmp_keyagg_cache, NULL) == 0); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &tmp_keyagg_cache, NULL) == 0); CHECK(ecount == 2); CHECK(memcmp_and_randomize(tmp_output_pk.data, zeros132, sizeof(tmp_output_pk.data)) == 0); tmp_keyagg_cache = keyagg_cache; - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, &tmp_keyagg_cache, max64) == 0); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &tmp_keyagg_cache, max64) == 0); CHECK(ecount == 2); CHECK(memcmp_and_randomize(tmp_output_pk.data, zeros132, sizeof(tmp_output_pk.data)) == 0); tmp_keyagg_cache = keyagg_cache; /* Uninitialized keyagg_cache */ - CHECK((*tweak_func[i])(ctx, &tmp_output_pk, &invalid_keyagg_cache, tweak) == 0); + CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &invalid_keyagg_cache, tweak) == 0); CHECK(ecount == 3); CHECK(memcmp_and_randomize(tmp_output_pk.data, zeros132, sizeof(tmp_output_pk.data)) == 0); } @@ -281,320 +280,322 @@ void musig_api_tests(secp256k1_scratch_space *scratch) { /** Session creation **/ ecount = 0; - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); CHECK(ecount == 0); - CHECK(secp256k1_musig_nonce_gen(sttc, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(STATIC_CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, NULL, &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, NULL, &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], NULL, session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], NULL, session_id[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], NULL, sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], NULL, sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(ecount == 4); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); /* no seckey and session_id is 0 */ - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], zeros132, NULL, &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], zeros132, NULL, &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(ecount == 4); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); /* session_id 0 is fine when a seckey is provided */ - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], zeros132, sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], NULL, &pk[0], msg, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], zeros132, sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], NULL, &pk[0], msg, &keyagg_cache, max64) == 1); CHECK(ecount == 4); /* invalid seckey */ - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], max64, &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], max64, &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], NULL, msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], NULL, msg, &keyagg_cache, max64) == 0); CHECK(ecount == 5); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &invalid_pk, msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &invalid_pk, msg, &keyagg_cache, max64) == 0); CHECK(ecount == 6); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], NULL, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], NULL, &keyagg_cache, max64) == 1); CHECK(ecount == 6); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, NULL, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, NULL, max64) == 1); CHECK(ecount == 6); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &invalid_keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &invalid_keyagg_cache, max64) == 0); CHECK(ecount == 7); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk[0], &pk[0], msg, &keyagg_cache, NULL) == 1); CHECK(ecount == 7); /* Every in-argument except session_id and pubkey can be NULL */ - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], NULL, &pk[0], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[1], &pubnonce[1], session_id[1], sk[1], &pk[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], NULL, &pk[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_id[1], sk[1], &pk[1], NULL, NULL, NULL) == 1); /** Serialize and parse public nonces **/ ecount = 0; - CHECK(secp256k1_musig_pubnonce_serialize(ctx, NULL, &pubnonce[0]) == 0); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, NULL, &pubnonce[0]) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_pubnonce_serialize(ctx, pubnonce_ser, NULL) == 0); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, NULL) == 0); CHECK(ecount == 2); CHECK(memcmp_and_randomize(pubnonce_ser, zeros132, sizeof(pubnonce_ser)) == 0); - CHECK(secp256k1_musig_pubnonce_serialize(ctx, pubnonce_ser, &invalid_pubnonce) == 0); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &invalid_pubnonce) == 0); CHECK(ecount == 3); CHECK(memcmp_and_randomize(pubnonce_ser, zeros132, sizeof(pubnonce_ser)) == 0); - CHECK(secp256k1_musig_pubnonce_serialize(ctx, pubnonce_ser, &pubnonce[0]) == 1); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); ecount = 0; - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[0], pubnonce_ser) == 1); - CHECK(secp256k1_musig_pubnonce_parse(ctx, NULL, pubnonce_ser) == 0); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, NULL, pubnonce_ser) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[0], NULL) == 0); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[0], zeros132) == 0); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], zeros132) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[0], pubnonce_ser) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); { /* Check that serialize and parse results in the same value */ secp256k1_musig_pubnonce tmp; - CHECK(secp256k1_musig_pubnonce_serialize(ctx, pubnonce_ser, &pubnonce[0]) == 1); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &tmp, pubnonce_ser) == 1); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &tmp, pubnonce_ser) == 1); CHECK(secp256k1_memcmp_var(&tmp, &pubnonce[0], sizeof(tmp)) == 0); } /** Receive nonces and aggregate **/ ecount = 0; - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK(secp256k1_musig_nonce_agg(ctx, NULL, pubnonce_ptr, 2) == 0); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, NULL, pubnonce_ptr, 2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, NULL, 2) == 0); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, NULL, 2) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 0) == 0); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 0) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, invalid_pubnonce_ptr, 1) == 0); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, invalid_pubnonce_ptr, 1) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, inf_pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, inf_pubnonce_ptr, 2) == 1); { /* Check that the aggnonce encodes two points at infinity */ secp256k1_ge aggnonce_pt[2]; - secp256k1_musig_aggnonce_load(ctx, aggnonce_pt, &aggnonce); + secp256k1_musig_aggnonce_load(CTX, aggnonce_pt, &aggnonce); for (i = 0; i < 2; i++) { secp256k1_ge_is_infinity(&aggnonce_pt[i]); } } CHECK(ecount == 4); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); /** Serialize and parse aggregate nonces **/ ecount = 0; - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce_ser, &aggnonce) == 1); - CHECK(secp256k1_musig_aggnonce_serialize(ctx, NULL, &aggnonce) == 0); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, NULL, &aggnonce) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce_ser, NULL) == 0); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, NULL) == 0); CHECK(ecount == 2); CHECK(memcmp_and_randomize(aggnonce_ser, zeros132, sizeof(aggnonce_ser)) == 0); - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce_ser, (secp256k1_musig_aggnonce*) &invalid_pubnonce) == 0); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, (secp256k1_musig_aggnonce*) &invalid_pubnonce) == 0); CHECK(ecount == 3); CHECK(memcmp_and_randomize(aggnonce_ser, zeros132, sizeof(aggnonce_ser)) == 0); - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce_ser, &aggnonce) == 1); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); ecount = 0; - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, aggnonce_ser) == 1); - CHECK(secp256k1_musig_aggnonce_parse(ctx, NULL, aggnonce_ser) == 0); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, NULL, aggnonce_ser) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, NULL) == 0); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, zeros132) == 1); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, aggnonce_ser) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, zeros132) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); { /* Check that serialize and parse results in the same value */ secp256k1_musig_aggnonce tmp; - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce_ser, &aggnonce) == 1); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &tmp, aggnonce_ser) == 1); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &tmp, aggnonce_ser) == 1); CHECK(secp256k1_memcmp_var(&tmp, &aggnonce, sizeof(tmp)) == 0); } /** Process nonces **/ ecount = 0; - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &keyagg_cache, &adaptor) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, NULL, &aggnonce, msg, &keyagg_cache, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache, &adaptor) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, NULL, &aggnonce, msg, &keyagg_cache, &adaptor) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session, NULL, msg, &keyagg_cache, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, NULL, msg, &keyagg_cache, &adaptor) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_nonce_process(ctx, &session, (secp256k1_musig_aggnonce*) &invalid_pubnonce, msg, &keyagg_cache, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, (secp256k1_musig_aggnonce*) &invalid_pubnonce, msg, &keyagg_cache, &adaptor) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, NULL, &keyagg_cache, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, NULL, &keyagg_cache, &adaptor) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, NULL, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, NULL, &adaptor) == 0); CHECK(ecount == 5); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &invalid_keyagg_cache, &adaptor) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &invalid_keyagg_cache, &adaptor) == 0); CHECK(ecount == 6); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache, NULL) == 1); CHECK(ecount == 6); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &keyagg_cache, (secp256k1_pubkey *)&invalid_pk) == 0); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache, (secp256k1_pubkey *)&invalid_pk) == 0); CHECK(ecount == 7); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &keyagg_cache, &adaptor) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache, &adaptor) == 1); ecount = 0; memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 1); /* The secnonce is set to 0 and subsequent signing attempts fail */ CHECK(secp256k1_memcmp_var(&secnonce_tmp, zeros132, sizeof(secnonce_tmp)) == 0); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 0); CHECK(ecount == 1); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, NULL, &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, NULL, &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 0); CHECK(ecount == 2); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], NULL, &keypair[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], NULL, &keypair[0], &keyagg_cache, &session) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &invalid_secnonce, &keypair[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &invalid_secnonce, &keypair[0], &keyagg_cache, &session) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, NULL, &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, NULL, &keyagg_cache, &session) == 0); CHECK(ecount == 5); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &invalid_keypair, &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &invalid_keypair, &keyagg_cache, &session) == 0); CHECK(ecount == 6); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); { unsigned char sk_tmp[32]; secp256k1_keypair keypair_tmp; secp256k1_testrand256(sk_tmp); - CHECK(secp256k1_keypair_create(ctx, &keypair_tmp, sk_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair_tmp, &keyagg_cache, &session) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair_tmp, sk_tmp)); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair_tmp, &keyagg_cache, &session) == 0); CHECK(ecount == 7); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); } - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], NULL, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], NULL, &session) == 0); CHECK(ecount == 8); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], &invalid_keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &invalid_keyagg_cache, &session) == 0); CHECK(ecount == 9); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, NULL) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, NULL) == 0); CHECK(ecount == 10); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &invalid_session) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &invalid_session) == 0); CHECK(ecount == 11); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce[0], &keypair[0], &keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[1], &secnonce[1], &keypair[1], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], &keyagg_cache, &session) == 1); ecount = 0; - CHECK(secp256k1_musig_partial_sig_serialize(ctx, buf, &partial_sig[0]) == 1); - CHECK(secp256k1_musig_partial_sig_serialize(ctx, NULL, &partial_sig[0]) == 0); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, NULL, &partial_sig[0]) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_partial_sig_serialize(ctx, buf, NULL) == 0); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, buf, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_partial_sig_parse(ctx, &partial_sig[0], buf) == 1); - CHECK(secp256k1_musig_partial_sig_parse(ctx, NULL, buf) == 0); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[0], buf) == 1); + CHECK(secp256k1_musig_partial_sig_parse(CTX, NULL, buf) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_partial_sig_parse(ctx, &partial_sig[0], max64) == 0); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[0], max64) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_partial_sig_parse(ctx, &partial_sig[0], NULL) == 0); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[0], NULL) == 0); CHECK(ecount == 4); { /* Check that serialize and parse results in the same value */ secp256k1_musig_partial_sig tmp; - CHECK(secp256k1_musig_partial_sig_serialize(ctx, buf, &partial_sig[0]) == 1); - CHECK(secp256k1_musig_partial_sig_parse(ctx, &tmp, buf) == 1); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &tmp, buf) == 1); CHECK(secp256k1_memcmp_var(&tmp, &partial_sig[0], sizeof(tmp)) == 0); } /** Partial signature verification */ ecount = 0; - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[1], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); - CHECK(secp256k1_musig_partial_sig_verify(ctx, NULL, &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, NULL, &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &invalid_partial_sig, &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &invalid_partial_sig, &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], NULL, &pk[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], NULL, &pk[0], &keyagg_cache, &session) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &invalid_pubnonce, &pk[0], &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &invalid_pubnonce, &pk[0], &keyagg_cache, &session) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], NULL, &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], NULL, &keyagg_cache, &session) == 0); CHECK(ecount == 5); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &invalid_pk, &keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &invalid_pk, &keyagg_cache, &session) == 0); CHECK(ecount == 6); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], NULL, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], NULL, &session) == 0); CHECK(ecount == 7); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], &invalid_keyagg_cache, &session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &invalid_keyagg_cache, &session) == 0); CHECK(ecount == 8); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, NULL) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, NULL) == 0); CHECK(ecount == 9); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &invalid_session) == 0); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &invalid_session) == 0); CHECK(ecount == 10); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[1], &pubnonce[1], &pk[1], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], &keyagg_cache, &session) == 1); /** Signature aggregation and verification */ ecount = 0; - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, partial_sig_ptr, 2) == 1); - CHECK(secp256k1_musig_partial_sig_agg(ctx, NULL, &session, partial_sig_ptr, 2) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, NULL, &session, partial_sig_ptr, 2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, NULL, partial_sig_ptr, 2) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, NULL, partial_sig_ptr, 2) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &invalid_session, partial_sig_ptr, 2) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &invalid_session, partial_sig_ptr, 2) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, NULL, 2) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, NULL, 2) == 0); CHECK(ecount == 4); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, invalid_partial_sig_ptr, 2) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, invalid_partial_sig_ptr, 2) == 0); CHECK(ecount == 5); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, partial_sig_ptr, 0) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 0) == 0); CHECK(ecount == 6); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, partial_sig_ptr, 1) == 1); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 1) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); /** Adaptor signature verification */ ecount = 0; - CHECK(secp256k1_musig_nonce_parity(ctx, &nonce_parity, &session) == 1); - CHECK(secp256k1_musig_nonce_parity(ctx, NULL, &session) == 0); + CHECK(secp256k1_musig_nonce_parity(CTX, &nonce_parity, &session) == 1); + CHECK(secp256k1_musig_nonce_parity(CTX, NULL, &session) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_nonce_parity(ctx, &nonce_parity, NULL) == 0); + CHECK(secp256k1_musig_nonce_parity(CTX, &nonce_parity, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_nonce_parity(ctx, &nonce_parity, &invalid_session) == 0); + CHECK(secp256k1_musig_nonce_parity(CTX, &nonce_parity, &invalid_session) == 0); CHECK(ecount == 3); ecount = 0; - CHECK(secp256k1_musig_adapt(ctx, final_sig, pre_sig, sec_adaptor, nonce_parity) == 1); - CHECK(secp256k1_musig_adapt(ctx, NULL, pre_sig, sec_adaptor, 0) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, pre_sig, sec_adaptor, nonce_parity) == 1); + CHECK(secp256k1_musig_adapt(CTX, NULL, pre_sig, sec_adaptor, 0) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_adapt(ctx, final_sig, NULL, sec_adaptor, 0) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, NULL, sec_adaptor, 0) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_adapt(ctx, final_sig, max64, sec_adaptor, 0) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, max64, sec_adaptor, 0) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_adapt(ctx, final_sig, pre_sig, NULL, 0) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, pre_sig, NULL, 0) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_adapt(ctx, final_sig, pre_sig, max64, 0) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, pre_sig, max64, 0) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_adapt(ctx, final_sig, pre_sig, sec_adaptor, 2) == 0); + CHECK(secp256k1_musig_adapt(CTX, final_sig, pre_sig, sec_adaptor, 2) == 0); CHECK(ecount == 4); /* sig and pre_sig argument point to the same location */ memcpy(final_sig, pre_sig, sizeof(final_sig)); - CHECK(secp256k1_musig_adapt(ctx, final_sig, final_sig, sec_adaptor, nonce_parity) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig, msg, sizeof(msg), &agg_pk) == 1); + CHECK(secp256k1_musig_adapt(CTX, final_sig, final_sig, sec_adaptor, nonce_parity) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), &agg_pk) == 1); - CHECK(secp256k1_musig_adapt(ctx, final_sig, pre_sig, sec_adaptor, nonce_parity) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig, msg, sizeof(msg), &agg_pk) == 1); + CHECK(secp256k1_musig_adapt(CTX, final_sig, pre_sig, sec_adaptor, nonce_parity) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), &agg_pk) == 1); /** Secret adaptor can be extracted from signature */ ecount = 0; - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, final_sig, pre_sig, nonce_parity) == 1); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, final_sig, pre_sig, nonce_parity) == 1); CHECK(secp256k1_memcmp_var(sec_adaptor, sec_adaptor1, 32) == 0); /* wrong nonce parity */ - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, final_sig, pre_sig, !nonce_parity) == 1); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, final_sig, pre_sig, !nonce_parity) == 1); CHECK(secp256k1_memcmp_var(sec_adaptor, sec_adaptor1, 32) != 0); - CHECK(secp256k1_musig_extract_adaptor(ctx, NULL, final_sig, pre_sig, 0) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, NULL, final_sig, pre_sig, 0) == 0); CHECK(ecount == 1); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, NULL, pre_sig, 0) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, NULL, pre_sig, 0) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, max64, pre_sig, 0) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, max64, pre_sig, 0) == 0); CHECK(ecount == 2); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, final_sig, NULL, 0) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, final_sig, NULL, 0) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, final_sig, max64, 0) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, final_sig, max64, 0) == 0); CHECK(ecount == 3); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor1, final_sig, pre_sig, 2) == 0); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor1, final_sig, pre_sig, 2) == 0); CHECK(ecount == 4); - /** cleanup **/ - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } void musig_nonce_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { @@ -632,7 +633,7 @@ void musig_nonce_test(void) { args[3] = pk; args[4] = agg_pk; args[5] = extra_input; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { musig_nonce_bitflip(args, 0, sizeof(session_id)); musig_nonce_bitflip(args, 1, sizeof(msg)); musig_nonce_bitflip(args, 2, sizeof(sk)); @@ -722,49 +723,49 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) { CHECK(create_keypair_and_pk(&keypair_b[i], &pk_b[i], sk_b[i]) == 1); } secp256k1_testrand256(sec_adaptor); - CHECK(secp256k1_ec_pubkey_create(ctx, &pub_adaptor, sec_adaptor) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pub_adaptor, sec_adaptor) == 1); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk_a, &keyagg_cache_a, pk_a_ptr, 2) == 1); - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &agg_pk_b, &keyagg_cache_b, pk_b_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk_a, &keyagg_cache_a, pk_a_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &agg_pk_b, &keyagg_cache_b, pk_b_ptr, 2) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce_a[0], &pubnonce_a[0], seed_a[0], sk_a[0], &pk_a[0], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce_a[1], &pubnonce_a[1], seed_a[1], sk_a[1], &pk_a[1], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce_b[0], &pubnonce_b[0], seed_b[0], sk_b[0], &pk_b[0], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce_b[1], &pubnonce_b[1], seed_b[1], sk_b[1], &pk_b[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce_a[0], &pubnonce_a[0], seed_a[0], sk_a[0], &pk_a[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce_a[1], &pubnonce_a[1], seed_a[1], sk_a[1], &pk_a[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce_b[0], &pubnonce_b[0], seed_b[0], sk_b[0], &pk_b[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce_b[1], &pubnonce_b[1], seed_b[1], sk_b[1], &pk_b[1], NULL, NULL, NULL) == 1); /* Step 2: Exchange nonces */ - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce_a, pubnonce_ptr_a, 2) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session_a, &aggnonce_a, msg32_a, &keyagg_cache_a, &pub_adaptor) == 1); - CHECK(secp256k1_musig_nonce_parity(ctx, &nonce_parity_a, &session_a) == 1); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce_b, pubnonce_ptr_b, 2) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session_b, &aggnonce_b, msg32_b, &keyagg_cache_b, &pub_adaptor) == 1); - CHECK(secp256k1_musig_nonce_parity(ctx, &nonce_parity_b, &session_b) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce_a, pubnonce_ptr_a, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session_a, &aggnonce_a, msg32_a, &keyagg_cache_a, &pub_adaptor) == 1); + CHECK(secp256k1_musig_nonce_parity(CTX, &nonce_parity_a, &session_a) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce_b, pubnonce_ptr_b, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session_b, &aggnonce_b, msg32_b, &keyagg_cache_b, &pub_adaptor) == 1); + CHECK(secp256k1_musig_nonce_parity(CTX, &nonce_parity_b, &session_b) == 1); /* Step 3: Signer 0 produces partial signatures for both chains. */ - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig_a[0], &secnonce_a[0], &keypair_a[0], &keyagg_cache_a, &session_a) == 1); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig_b[0], &secnonce_b[0], &keypair_b[0], &keyagg_cache_b, &session_b) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig_a[0], &secnonce_a[0], &keypair_a[0], &keyagg_cache_a, &session_a) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig_b[0], &secnonce_b[0], &keypair_b[0], &keyagg_cache_b, &session_b) == 1); /* Step 4: Signer 1 receives partial signatures, verifies them and creates a * partial signature to send B-coins to signer 0. */ - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig_a[0], &pubnonce_a[0], &pk_a[0], &keyagg_cache_a, &session_a) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig_b[0], &pubnonce_b[0], &pk_b[0], &keyagg_cache_b, &session_b) == 1); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig_b[1], &secnonce_b[1], &keypair_b[1], &keyagg_cache_b, &session_b) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig_a[0], &pubnonce_a[0], &pk_a[0], &keyagg_cache_a, &session_a) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig_b[0], &pubnonce_b[0], &pk_b[0], &keyagg_cache_b, &session_b) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig_b[1], &secnonce_b[1], &keypair_b[1], &keyagg_cache_b, &session_b) == 1); /* Step 5: Signer 0 aggregates its own partial signature with the partial * signature from signer 1 and adapts it. This results in a complete * signature which is broadcasted by signer 0 to take B-coins. */ - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig_b, &session_b, partial_sig_b_ptr, 2) == 1); - CHECK(secp256k1_musig_adapt(ctx, final_sig_b, pre_sig_b, sec_adaptor, nonce_parity_b) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig_b, msg32_b, sizeof(msg32_b), &agg_pk_b) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig_b, &session_b, partial_sig_b_ptr, 2) == 1); + CHECK(secp256k1_musig_adapt(CTX, final_sig_b, pre_sig_b, sec_adaptor, nonce_parity_b) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig_b, msg32_b, sizeof(msg32_b), &agg_pk_b) == 1); /* Step 6: Signer 1 signs, extracts adaptor from the published signature, * and adapts the signature to take A-coins. */ - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig_a[1], &secnonce_a[1], &keypair_a[1], &keyagg_cache_a, &session_a) == 1); - CHECK(secp256k1_musig_partial_sig_agg(ctx, pre_sig_a, &session_a, partial_sig_a_ptr, 2) == 1); - CHECK(secp256k1_musig_extract_adaptor(ctx, sec_adaptor_extracted, final_sig_b, pre_sig_b, nonce_parity_b) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig_a[1], &secnonce_a[1], &keypair_a[1], &keyagg_cache_a, &session_a) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig_a, &session_a, partial_sig_a_ptr, 2) == 1); + CHECK(secp256k1_musig_extract_adaptor(CTX, sec_adaptor_extracted, final_sig_b, pre_sig_b, nonce_parity_b) == 1); CHECK(secp256k1_memcmp_var(sec_adaptor_extracted, sec_adaptor, sizeof(sec_adaptor)) == 0); /* in real life we couldn't check this, of course */ - CHECK(secp256k1_musig_adapt(ctx, final_sig_a, pre_sig_a, sec_adaptor_extracted, nonce_parity_a) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig_a, msg32_a, sizeof(msg32_a), &agg_pk_a) == 1); + CHECK(secp256k1_musig_adapt(CTX, final_sig_a, pre_sig_a, sec_adaptor_extracted, nonce_parity_a) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig_a, msg32_a, sizeof(msg32_a), &agg_pk_a) == 1); } void sha256_tag_test_internal(secp256k1_sha256 *sha_tagged, unsigned char *tag, size_t taglen) { @@ -838,20 +839,20 @@ void musig_tweak_test_helper(const secp256k1_xonly_pubkey* agg_pk, const unsigne CHECK(create_keypair_and_pk(&keypair[1], &pk[1], sk1) == 1); secp256k1_testrand256(msg); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[0], &pubnonce[0], session_id[0], sk0, &pk[0], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce[1], &pubnonce[1], session_id[1], sk1, &pk[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_id[0], sk0, &pk[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_id[1], sk1, &pk[1], NULL, NULL, NULL) == 1); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, keyagg_cache, NULL) == 1); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[0], &secnonce[0], &keypair[0], keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig[1], &secnonce[1], &keypair[1], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[0], &pubnonce[0], &pk[0], keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig[1], &pubnonce[1], &pk[1], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], keyagg_cache, &session) == 1); - CHECK(secp256k1_musig_partial_sig_agg(ctx, final_sig, &session, partial_sig_ptr, 2) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig, msg, sizeof(msg), agg_pk) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), agg_pk) == 1); } /* Create aggregate public key P[0], tweak multiple times (using xonly and @@ -873,9 +874,9 @@ void musig_tweak_test(secp256k1_scratch_space *scratch) { CHECK(create_keypair_and_pk(NULL, &pk[i], sk[i]) == 1); } /* Compute P0 = keyagg(pk0, pk1) and test signing for it */ - CHECK(secp256k1_musig_pubkey_agg(ctx, scratch, &P_xonly[0], &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, scratch, &P_xonly[0], &keyagg_cache, pk_ptr, 2) == 1); musig_tweak_test_helper(&P_xonly[0], sk[0], sk[1], &keyagg_cache); - CHECK(secp256k1_musig_pubkey_get(ctx, &P[0], &keyagg_cache)); + CHECK(secp256k1_musig_pubkey_get(CTX, &P[0], &keyagg_cache)); /* Compute Pi = f(Pj) + tweaki*G where where j = i-1 and try signing for * that key. If xonly is set to true, the function f is normalizes the input @@ -888,20 +889,20 @@ void musig_tweak_test(secp256k1_scratch_space *scratch) { secp256k1_testrand256(tweak); if (xonly) { - CHECK(secp256k1_musig_pubkey_xonly_tweak_add(ctx, &P[i], &keyagg_cache, tweak) == 1); + CHECK(secp256k1_musig_pubkey_xonly_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); } else { - CHECK(secp256k1_musig_pubkey_ec_tweak_add(ctx, &P[i], &keyagg_cache, tweak) == 1); + CHECK(secp256k1_musig_pubkey_ec_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); } - CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &P_xonly[i], &P_parity, &P[i])); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &P_xonly[i], &P_parity, &P[i])); /* Check that musig_pubkey_tweak_add produces same result as * xonly_pubkey_tweak_add or ec_pubkey_tweak_add. */ if (xonly) { unsigned char P_serialized[32]; - CHECK(secp256k1_xonly_pubkey_serialize(ctx, P_serialized, &P_xonly[i])); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, P_serialized, P_parity, &P_xonly[i-1], tweak) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, P_serialized, &P_xonly[i])); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, P_serialized, P_parity, &P_xonly[i-1], tweak) == 1); } else { secp256k1_pubkey tmp_key = P[i-1]; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &tmp_key, tweak)); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &tmp_key, tweak)); CHECK(secp256k1_memcmp_var(&tmp_key, &P[i], sizeof(tmp_key)) == 0); } /* Test signing for P[i] */ @@ -926,42 +927,42 @@ int musig_vectors_keyagg_and_tweak(enum MUSIG_ERROR *error, secp256k1_xonly_pubkey agg_pk_xonly; for (i = 0; i < (int)key_indices_len; i++) { - if (!secp256k1_ec_pubkey_parse(ctx, &pubkeys[i], pubkeys33[key_indices[i]], 33)) { + if (!secp256k1_ec_pubkey_parse(CTX, &pubkeys[i], pubkeys33[key_indices[i]], 33)) { *error = MUSIG_PUBKEY; return 0; } pk_ptr[i] = &pubkeys[i]; } - if (!secp256k1_musig_pubkey_agg(ctx, NULL, NULL, keyagg_cache, pk_ptr, key_indices_len)) { + if (!secp256k1_musig_pubkey_agg(CTX, NULL, NULL, keyagg_cache, pk_ptr, key_indices_len)) { *error = MUSIG_OTHER; return 0; } for (i = 0; i < (int)tweak_indices_len; i++) { if (is_xonly[i]) { - if (!secp256k1_musig_pubkey_xonly_tweak_add(ctx, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { + if (!secp256k1_musig_pubkey_xonly_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { *error = MUSIG_TWEAK; return 0; } } else { - if (!secp256k1_musig_pubkey_ec_tweak_add(ctx, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { + if (!secp256k1_musig_pubkey_ec_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { *error = MUSIG_TWEAK; return 0; } } } - if (!secp256k1_musig_pubkey_get(ctx, &agg_pk, keyagg_cache)) { + if (!secp256k1_musig_pubkey_get(CTX, &agg_pk, keyagg_cache)) { *error = MUSIG_OTHER; return 0; } - if (!secp256k1_xonly_pubkey_from_pubkey(ctx, &agg_pk_xonly, NULL, &agg_pk)) { + if (!secp256k1_xonly_pubkey_from_pubkey(CTX, &agg_pk_xonly, NULL, &agg_pk)) { *error = MUSIG_OTHER; return 0; } if (agg_pk_ser != NULL) { - if (!secp256k1_xonly_pubkey_serialize(ctx, agg_pk_ser, &agg_pk_xonly)) { + if (!secp256k1_xonly_pubkey_serialize(CTX, agg_pk_ser, &agg_pk_xonly)) { *error = MUSIG_OTHER; return 0; } @@ -1018,8 +1019,8 @@ void musig_test_vectors_noncegen(void) { secp256k1_keyagg_cache_internal cache_i; secp256k1_xonly_pubkey aggpk; memset(&cache_i, 0, sizeof(cache_i)); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &aggpk, c->aggpk)); - CHECK(secp256k1_xonly_pubkey_load(ctx, &cache_i.pk, &aggpk)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &aggpk, c->aggpk)); + CHECK(secp256k1_xonly_pubkey_load(CTX, &cache_i.pk, &aggpk)); secp256k1_keyagg_cache_save(&keyagg_cache, &cache_i); keyagg_cache_ptr = &keyagg_cache; } @@ -1030,12 +1031,12 @@ void musig_test_vectors_noncegen(void) { extra_in = c->extra_in; } - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk, c->pk, sizeof(c->pk))); - CHECK(secp256k1_musig_nonce_gen(ctx, &secnonce, &pubnonce, c->rand_, sk, &pk, msg, keyagg_cache_ptr, extra_in) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk, c->pk, sizeof(c->pk))); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce, &pubnonce, c->rand_, sk, &pk, msg, keyagg_cache_ptr, extra_in) == 1); CHECK(secp256k1_memcmp_var(&secnonce.data[4], c->expected_secnonce, 2*32) == 0); CHECK(secp256k1_memcmp_var(&secnonce.data[4+2*32], &pk, sizeof(pk)) == 0); - CHECK(secp256k1_musig_pubnonce_serialize(ctx, pubnonce66, &pubnonce) == 1); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce66, &pubnonce) == 1); CHECK(sizeof(c->expected_pubnonce) == sizeof(pubnonce66)); CHECK(secp256k1_memcmp_var(pubnonce66, c->expected_pubnonce, sizeof(pubnonce66)) == 0); } @@ -1055,11 +1056,11 @@ void musig_test_vectors_nonceagg(void) { unsigned char aggnonce66[66]; for (j = 0; j < 2; j++) { - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]]) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]]) == 1); pubnonce_ptr[j] = &pubnonce[j]; } - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 2)); - CHECK(secp256k1_musig_aggnonce_serialize(ctx, aggnonce66, &aggnonce)); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2)); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce66, &aggnonce)); CHECK(secp256k1_memcmp_var(aggnonce66, c->expected, 33) == 0); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { @@ -1067,7 +1068,7 @@ void musig_test_vectors_nonceagg(void) { secp256k1_musig_pubnonce pubnonce[2]; for (j = 0; j < 2; j++) { int expected = c->invalid_nonce_idx != j; - CHECK(expected == secp256k1_musig_pubnonce_parse(ctx, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]])); + CHECK(expected == secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]])); } } } @@ -1078,7 +1079,7 @@ void musig_test_set_secnonce(secp256k1_musig_secnonce *secnonce, const unsigned secp256k1_scalar_set_b32(&k[0], &secnonce64[0], NULL); secp256k1_scalar_set_b32(&k[1], &secnonce64[32], NULL); - CHECK(secp256k1_pubkey_load(ctx, &pk, pubkey)); + CHECK(secp256k1_pubkey_load(CTX, &pk, pubkey)); secp256k1_musig_secnonce_save(secnonce, k, &pk); } @@ -1099,20 +1100,20 @@ void musig_test_vectors_signverify(void) { secp256k1_keypair keypair; unsigned char partial_sig32[32]; - CHECK(secp256k1_keypair_create(ctx, &keypair, vector->sk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, vector->aggnonces[c->aggnonce_index])); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); musig_test_set_secnonce(&secnonce, vector->secnonces[0], &pubkey); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - CHECK(secp256k1_musig_partial_sig_serialize(ctx, partial_sig32, &partial_sig)); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); CHECK(secp256k1_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce, vector->pubnonces[0])); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[0])); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->sign_error_case)/sizeof(vector->sign_error_case[0]); i++) { const struct musig_sign_error_case *c = &vector->sign_error_case[i]; @@ -1139,13 +1140,13 @@ void musig_test_vectors_signverify(void) { } expected = c->error != MUSIG_AGGNONCE; - CHECK(expected == secp256k1_musig_aggnonce_parse(ctx, &aggnonce, vector->aggnonces[c->aggnonce_index])); + CHECK(expected == secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); if (!expected) { continue; } - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); musig_test_set_secnonce(&secnonce, vector->secnonces[c->secnonce_index], &pubkey); { /* In the last test vector we sign with an invalid secnonce, which @@ -1177,23 +1178,23 @@ void musig_test_vectors_signverify(void) { CHECK(NUM_PUBNONCES <= c->nonce_indices_len); for (j = 0; j < c->nonce_indices_len; j++) { - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce[j], vector->pubnonces[c->nonce_indices[j]])); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pubnonces[c->nonce_indices[j]])); pubnonce_ptr[j] = &pubnonce[j]; } CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); - CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, c->nonce_indices_len) == 1); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, c->nonce_indices_len) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache, NULL)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, vector->pubkeys[c->signer_index], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[c->signer_index], sizeof(vector->pubkeys[0]))); expected = c->error != MUSIG_SIG; - CHECK(expected == secp256k1_musig_partial_sig_parse(ctx, &partial_sig, c->sig)); + CHECK(expected == secp256k1_musig_partial_sig_parse(CTX, &partial_sig, c->sig)); if (!expected) { continue; } expected = c->error != MUSIG_SIG_VERIFY; - CHECK(expected == secp256k1_musig_partial_sig_verify(ctx, &partial_sig, pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(expected == secp256k1_musig_partial_sig_verify(CTX, &partial_sig, pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->verify_error_case)/sizeof(vector->verify_error_case[0]); i++) { const struct musig_verify_fail_error_case *c = &vector->verify_error_case[i]; @@ -1209,7 +1210,7 @@ void musig_test_vectors_signverify(void) { continue; } expected = c->error != MUSIG_PUBNONCE; - CHECK(expected == secp256k1_musig_pubnonce_parse(ctx, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); + CHECK(expected == secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); } } @@ -1220,8 +1221,8 @@ void musig_test_vectors_tweak(void) { secp256k1_musig_aggnonce aggnonce; secp256k1_musig_secnonce secnonce; - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, vector->aggnonce)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonce)); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); for (i = 0; i < sizeof(vector->valid_case)/sizeof(vector->valid_case[0]); i++) { const struct musig_tweak_case *c = &vector->valid_case[i]; @@ -1235,17 +1236,17 @@ void musig_test_vectors_tweak(void) { musig_test_set_secnonce(&secnonce, vector->secnonce, &pubkey); - CHECK(secp256k1_keypair_create(ctx, &keypair, vector->sk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, vector->msg, &keyagg_cache, NULL)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache, NULL)); - CHECK(secp256k1_musig_partial_sign(ctx, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - CHECK(secp256k1_musig_partial_sig_serialize(ctx, partial_sig32, &partial_sig)); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); CHECK(secp256k1_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); - CHECK(secp256k1_musig_pubnonce_parse(ctx, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); - CHECK(secp256k1_musig_partial_sig_verify(ctx, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_tweak_case *c = &vector->error_case[i]; @@ -1273,39 +1274,39 @@ void musig_test_vectors_sigagg(void) { const secp256k1_musig_partial_sig *partial_sig_ptr[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, agg_pk32, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); - CHECK(secp256k1_musig_aggnonce_parse(ctx, &aggnonce, c->aggnonce)); - CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, vector->msg, &keyagg_cache, NULL)); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, c->aggnonce)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache, NULL)); for (j = 0; j < c->psig_indices_len; j++) { - CHECK(secp256k1_musig_partial_sig_parse(ctx, &partial_sig[j], vector->psigs[c->psig_indices[j]])); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); partial_sig_ptr[j] = &partial_sig[j]; } - CHECK(secp256k1_musig_partial_sig_agg(ctx, final_sig, &session, partial_sig_ptr, c->psig_indices_len) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, c->psig_indices_len) == 1); CHECK(secp256k1_memcmp_var(final_sig, c->expected, sizeof(final_sig)) == 0); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &agg_pk, agg_pk32)); - CHECK(secp256k1_schnorrsig_verify(ctx, final_sig, vector->msg, sizeof(vector->msg), &agg_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &agg_pk, agg_pk32)); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, vector->msg, sizeof(vector->msg), &agg_pk) == 1); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_sig_agg_case *c = &vector->error_case[i]; secp256k1_musig_partial_sig partial_sig[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; for (j = 0; j < c->psig_indices_len; j++) { int expected = c->invalid_sig_idx != (int)j; - CHECK(expected == secp256k1_musig_partial_sig_parse(ctx, &partial_sig[j], vector->psigs[c->psig_indices[j]])); + CHECK(expected == secp256k1_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); } } } void run_musig_tests(void) { int i; - secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(ctx, 1024 * 1024); + secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(CTX, 1024 * 1024); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { musig_simple_test(scratch); } musig_api_tests(scratch); musig_nonce_test(); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { /* Run multiple times to ensure that pk and nonce have different y * parities */ scriptless_atomic_swap(scratch); @@ -1319,7 +1320,7 @@ void run_musig_tests(void) { musig_test_vectors_tweak(); musig_test_vectors_sigagg(); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } #endif diff --git a/src/modules/rangeproof/tests_impl.h b/src/modules/rangeproof/tests_impl.h index 62147540..2905d0b1 100644 --- a/src/modules/rangeproof/tests_impl.h +++ b/src/modules/rangeproof/tests_impl.h @@ -16,7 +16,7 @@ #include "../../../include/secp256k1_rangeproof.h" -static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ecount) { +static void test_rangeproof_api(const int32_t *ecount) { unsigned char proof[5134]; unsigned char blind[32]; secp256k1_pedersen_commitment commit; @@ -30,83 +30,83 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec size_t ext_commit_len = sizeof(ext_commit); secp256k1_testrand256(blind); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); CHECK(*ecount == 0); - CHECK(secp256k1_rangeproof_sign(sttc, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(STATIC_CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 1); - CHECK(secp256k1_rangeproof_sign(ctx, NULL, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, NULL, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 2); - CHECK(secp256k1_rangeproof_sign(ctx, proof, NULL, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, NULL, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 3); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, NULL, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, NULL, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 4); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, NULL, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, NULL, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 5); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, NULL, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, NULL, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 6); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, vmin - 1, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, vmin - 1, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 6); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 7); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); CHECK(*ecount == 7); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 8); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, secp256k1_generator_h) != 0); CHECK(*ecount == 8); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, NULL) == 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, NULL) == 0); CHECK(*ecount == 9); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); { int exp; int mantissa; uint64_t min_value; uint64_t max_value; - CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, proof, len) != 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, proof, len) != 0); CHECK(exp == 0); CHECK(((uint64_t) 1 << mantissa) > val - vmin); CHECK(((uint64_t) 1 << (mantissa - 1)) <= val - vmin); CHECK(min_value == vmin); CHECK(max_value >= val); - CHECK(secp256k1_rangeproof_info(ctx, NULL, &mantissa, &min_value, &max_value, proof, len) == 0); + CHECK(secp256k1_rangeproof_info(CTX, NULL, &mantissa, &min_value, &max_value, proof, len) == 0); CHECK(*ecount == 10); - CHECK(secp256k1_rangeproof_info(ctx, &exp, NULL, &min_value, &max_value, proof, len) == 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, NULL, &min_value, &max_value, proof, len) == 0); CHECK(*ecount == 11); - CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, NULL, &max_value, proof, len) == 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, NULL, &max_value, proof, len) == 0); CHECK(*ecount == 12); - CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, NULL, proof, len) == 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, NULL, proof, len) == 0); CHECK(*ecount == 13); - CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, NULL, len) == 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, NULL, len) == 0); CHECK(*ecount == 14); - CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, proof, 0) == 0); + CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, proof, 0) == 0); CHECK(*ecount == 14); } { uint64_t min_value; uint64_t max_value; - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); CHECK(*ecount == 14); - CHECK(secp256k1_rangeproof_verify(ctx, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 15); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 16); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 17); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 18); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 18); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 19); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); CHECK(*ecount == 19); - CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); + CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); CHECK(*ecount == 20); } { @@ -117,9 +117,9 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec uint64_t max_value; size_t message_len = sizeof(message_out); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); CHECK(*ecount == 20); - CHECK(secp256k1_rangeproof_rewind(sttc, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(STATIC_CTX, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 21); CHECK(min_value == vmin); @@ -128,56 +128,58 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec CHECK(message_len == sizeof(message_out)); CHECK(secp256k1_memcmp_var(message, message_out, sizeof(message_out)) == 0); - CHECK(secp256k1_rangeproof_rewind(ctx, NULL, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_rewind(CTX, NULL, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); CHECK(*ecount == 21); /* blindout may be NULL */ - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, NULL, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, NULL, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); CHECK(*ecount == 21); /* valueout may be NULL */ - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 22); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); CHECK(*ecount == 22); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, NULL, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, NULL, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 23); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 24); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 25); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 26); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 27); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 27); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); CHECK(*ecount == 28); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); CHECK(*ecount == 28); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); CHECK(*ecount == 29); } /* This constant is hardcoded in these tests and elsewhere, so we * consider it to be part of the API and test it here. */ - CHECK(secp256k1_rangeproof_max_size(ctx, 0, 64) == 5134); - CHECK(secp256k1_rangeproof_max_size(ctx, UINT64_MAX, 0) == 5134); + CHECK(secp256k1_rangeproof_max_size(CTX, 0, 64) == 5134); + CHECK(secp256k1_rangeproof_max_size(CTX, UINT64_MAX, 0) == 5134); } static void test_api(void) { - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); int32_t ecount; int i; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { ecount = 0; - test_rangeproof_api(sttc, &ecount); + test_rangeproof_api(&ecount); } - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } static void test_borromean(void) { @@ -219,7 +221,7 @@ static void test_borromean(void) { s[i] = one; } if (j == secidx[i]) { - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubs[c + j], &sec[i]); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubs[c + j], &sec[i]); } else { random_group_element_test(&ge); random_group_element_jacobian_test(&pubs[c + j],&ge); @@ -227,7 +229,7 @@ static void test_borromean(void) { } c += rsizes[i]; } - CHECK(secp256k1_borromean_sign(&ctx->ecmult_gen_ctx, e0, s, pubs, k, sec, rsizes, secidx, nrings, m, 32)); + CHECK(secp256k1_borromean_sign(&CTX->ecmult_gen_ctx, e0, s, pubs, k, sec, rsizes, secidx, nrings, m, 32)); CHECK(secp256k1_borromean_verify(NULL, e0, s, pubs, rsizes, nrings, m, 32)); i = secp256k1_testrand32() % c; secp256k1_scalar_negate(&s[i],&s[i]); @@ -275,7 +277,7 @@ static void test_rangeproof(void) { secp256k1_testrand256(blind); for (i = 0; i < 11; i++) { v = testvs[i]; - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); for (vmin = 0; vmin < (i<9 && i > 0 ? 2 : 1); vmin++) { const unsigned char *input_message = NULL; size_t input_message_len = 0; @@ -291,11 +293,11 @@ static void test_rangeproof(void) { input_message_len = sizeof(message_long); } len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, v, input_message, input_message_len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, v, input_message, input_message_len, NULL, 0, secp256k1_generator_h)); CHECK(len <= 5134); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); mlen = 4096; - CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); if (input_message != NULL) { CHECK(secp256k1_memcmp_var(message, input_message, input_message_len) == 0); } @@ -308,10 +310,10 @@ static void test_rangeproof(void) { CHECK(minv <= v); CHECK(maxv >= v); len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, NULL, 0, secp256k1_generator_h)); CHECK(len <= 73); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); - CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); + CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); CHECK(vout == v); CHECK(minv == v); @@ -319,12 +321,12 @@ static void test_rangeproof(void) { /* Check with a committed message */ len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, message_short, sizeof(message_short), secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, message_short, sizeof(message_short), secp256k1_generator_h)); CHECK(len <= 73); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); - CHECK(!secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); - CHECK(!secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_long, sizeof(message_long), secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); + CHECK(!secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_long, sizeof(message_long), secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); CHECK(vout == v); CHECK(minv == v); @@ -333,41 +335,41 @@ static void test_rangeproof(void) { } secp256k1_testrand256(blind); v = INT64_MAX - 1; - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); for (i = 0; i < 19; i++) { len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 0, &commit, blind, commit.data, i, 0, v, NULL, 0, NULL, 0, secp256k1_generator_h)); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); - CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 0, &commit, blind, commit.data, i, 0, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); + CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); CHECK(len <= 5134); CHECK(minv <= v); CHECK(maxv >= v); /* Make sure it fails when validating with a committed message */ - CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); } secp256k1_testrand256(blind); { /*Malleability test.*/ v = secp256k1_testrandi64(0, 255); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 0, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 0, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); CHECK(len <= 5134); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 3)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 3)); /* Test if trailing bytes are rejected. */ proof[len] = v; - CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len + 1, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len + 1, NULL, 0, secp256k1_generator_h)); for (i = 0; i < len*8; i++) { proof[i >> 3] ^= 1 << (i & 7); - CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); proof[i >> 3] ^= 1 << (i & 7); } - CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); CHECK(minv <= v); CHECK(maxv >= v); } memcpy(&commit2, &commit, sizeof(commit)); - for (i = 0; i < (size_t) count; i++) { + for (i = 0; i < (size_t) COUNT; i++) { int exp; int min_bits; v = secp256k1_testrandi64(0, UINT64_MAX >> (secp256k1_testrand32()&63)); @@ -376,7 +378,7 @@ static void test_rangeproof(void) { vmin = secp256k1_testrandi64(0, v); } secp256k1_testrand256(blind); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); len = 5134; exp = (int)secp256k1_testrandi64(0,18)-(int)secp256k1_testrandi64(0,18); if (exp < 0) { @@ -386,11 +388,11 @@ static void test_rangeproof(void) { if (min_bits < 0) { min_bits = -min_bits; } - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, exp, min_bits, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, exp, min_bits, v, NULL, 0, NULL, 0, secp256k1_generator_h)); CHECK(len <= 5134); - CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, min_bits)); + CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, min_bits)); mlen = 4096; - CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); for (j = 0; j < mlen; j++) { CHECK(message[j] == 0); } @@ -399,7 +401,7 @@ static void test_rangeproof(void) { CHECK(minv <= v); CHECK(maxv >= v); - CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); memcpy(&commit2, &commit, sizeof(commit)); } for (j = 0; j < 3; j++) { @@ -408,10 +410,10 @@ static void test_rangeproof(void) { } for (k = 0; k < 128; k += 3) { len = k; - CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); } len = secp256k1_testrandi64(0, 3072); - CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); } } @@ -423,26 +425,26 @@ static void test_rangeproof_null_blinder(void) { secp256k1_pedersen_commitment commit; size_t len; - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); /* Try a 32-bit proof; should work */ len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 1, &commit, blind, commit.data, 0, 32, v, NULL, 0, NULL, 0, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 1, &commit, blind, commit.data, 0, 32, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); CHECK(minv == 1); CHECK(maxv == 1ULL << 32); /* Try a 3-bit proof; should work */ len = 5134; - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v - 1, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v - 1, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); CHECK(minv == 1110); CHECK(maxv == 1117); /* But a 2-bits will not because then it does not have any subcommitments (which rerandomize * the blinding factors that get passed into the borromean logic ... passing 0s will fail) */ len = 5134; - CHECK(!secp256k1_rangeproof_sign(ctx, proof, &len, v - 1, &commit, blind, commit.data, 0, 2, v, NULL, 0, NULL, 0, secp256k1_generator_h)); + CHECK(!secp256k1_rangeproof_sign(CTX, proof, &len, v - 1, &commit, blind, commit.data, 0, 2, v, NULL, 0, NULL, 0, secp256k1_generator_h)); /* Rewinding with 3-bits works */ { @@ -457,8 +459,8 @@ static void test_rangeproof_null_blinder(void) { secp256k1_testrand256(&msg[32]); secp256k1_testrand256(&msg[64]); secp256k1_testrand256(&msg[96]); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, 0, 3, v, msg, sizeof(msg), NULL, 0, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, msg_out, &msg_len, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h) != 0); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, 0, 3, v, msg, sizeof(msg), NULL, 0, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, msg_out, &msg_len, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h) != 0); CHECK(secp256k1_memcmp_var(blind, blind_out, sizeof(blind)) == 0); CHECK(secp256k1_memcmp_var(msg, msg_out, sizeof(msg)) == 0); CHECK(value_out == v); @@ -484,10 +486,10 @@ static void test_single_value_proof(uint64_t val) { secp256k1_testrand256(blind); secp256k1_testrand256(nonce); - CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h)); + CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h)); CHECK(secp256k1_rangeproof_sign( - ctx, + CTX, proof, &plen, val, /* min_val */ &commit, blind, nonce, @@ -501,7 +503,7 @@ static void test_single_value_proof(uint64_t val) { plen = sizeof(proof); CHECK(secp256k1_rangeproof_sign( - ctx, + CTX, proof, &plen, val, /* min_val */ &commit, blind, nonce, @@ -512,7 +514,7 @@ static void test_single_value_proof(uint64_t val) { NULL, 0, secp256k1_generator_h ) == 1); - CHECK(plen <= secp256k1_rangeproof_max_size(ctx, val, 0)); + CHECK(plen <= secp256k1_rangeproof_max_size(CTX, val, 0)); /* Different proof sizes are unfortunate but is caused by `min_value` of * zero being special-cased and encoded more efficiently. */ @@ -523,7 +525,7 @@ static void test_single_value_proof(uint64_t val) { } CHECK(secp256k1_rangeproof_verify( - ctx, + CTX, &min_val_out, &max_val_out, &commit, proof, plen, @@ -536,7 +538,7 @@ static void test_single_value_proof(uint64_t val) { memset(message_out, 0, sizeof(message_out)); m_len_out = sizeof(message_out); CHECK(secp256k1_rangeproof_rewind( - ctx, + CTX, blind_out, &val_out, message_out, &m_len_out, nonce, @@ -585,7 +587,7 @@ static void test_multiple_generators(void) { random_scalar_order(&s); secp256k1_scalar_get_b32(pedersen_blind[i], &s); - CHECK(secp256k1_generator_generate_blinded(ctx, &generator[i], generator_seed, generator_blind[i])); + CHECK(secp256k1_generator_generate_blinded(CTX, &generator[i], generator_seed, generator_blind[i])); commit_ptr[i] = &commit[i]; } @@ -603,13 +605,13 @@ static void test_multiple_generators(void) { value[i] = total_value; /* Correct for blinding factors and do the commitments */ - CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, value, (const unsigned char * const *) generator_blind, pedersen_blind, n_generators, n_inputs)); + CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, value, (const unsigned char * const *) generator_blind, pedersen_blind, n_generators, n_inputs)); for (i = 0; i < n_generators; i++) { - CHECK(secp256k1_pedersen_commit(ctx, &commit[i], pedersen_blind[i], value[i], &generator[i])); + CHECK(secp256k1_pedersen_commit(CTX, &commit[i], pedersen_blind[i], value[i], &generator[i])); } /* Verify */ - CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr[0], n_inputs, &commit_ptr[n_inputs], n_outputs)); + CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr[0], n_inputs, &commit_ptr[n_inputs], n_outputs)); /* Cleanup */ for (i = 0; i < n_generators; i++) { @@ -683,9 +685,9 @@ void test_rangeproof_fixed_vectors(void) { 0x77, 0x47, 0xa4, 0xd3, 0x53, 0x17, 0xc6, 0x44, 0x30, 0x73, 0x84, 0xeb, 0x1f, 0xbe, 0xa1, 0xfb }; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_1)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_1)); CHECK(secp256k1_rangeproof_verify( - ctx, + CTX, &min_value, &max_value, &pc, vector_1, sizeof(vector_1), @@ -696,7 +698,7 @@ void test_rangeproof_fixed_vectors(void) { CHECK(max_value == 25586); CHECK(secp256k1_rangeproof_rewind( - ctx, + CTX, blind, &value, message, &m_len, pc.data, @@ -754,9 +756,9 @@ void test_rangeproof_fixed_vectors(void) { }; static const unsigned char message_2[] = "When I see my own likeness in the depths of someone else's consciousness, I always experience a moment of panic."; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_2)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_2)); CHECK(secp256k1_rangeproof_verify( - ctx, + CTX, &min_value, &max_value, &pc, vector_2, sizeof(vector_2), @@ -767,7 +769,7 @@ void test_rangeproof_fixed_vectors(void) { CHECK(max_value == 15); CHECK(secp256k1_rangeproof_rewind( - ctx, + CTX, blind, &value, message, &m_len, pc.data, @@ -812,9 +814,9 @@ void test_rangeproof_fixed_vectors(void) { 0xc0, 0x6b, 0x9b, 0x4c, 0x02, 0xa6, 0xc8, 0xf6, 0xc0, 0x34, 0xea, 0x35, 0x57, 0xf4, 0xe1, 0x37 }; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_3)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_3)); CHECK(secp256k1_rangeproof_verify( - ctx, + CTX, &min_value, &max_value, &pc, vector_3, sizeof(vector_3), @@ -825,7 +827,7 @@ void test_rangeproof_fixed_vectors(void) { CHECK(max_value == UINT64_MAX); CHECK(secp256k1_rangeproof_rewind( - ctx, + CTX, blind, &value, message, &m_len, nonce_3, @@ -866,7 +868,7 @@ static void print_vector(int i, unsigned char *proof, size_t p_len, secp256k1_pe printf("unsigned char vector_%d[] = {\n", i); print_vector_helper(proof, p_len); - CHECK(secp256k1_pedersen_commitment_serialize(ctx, commit_output, commit)); + CHECK(secp256k1_pedersen_commitment_serialize(CTX, commit_output, commit)); printf("unsigned char commit_%d[] = {\n", i); print_vector_helper(commit_output, sizeof(commit_output)); } @@ -887,9 +889,9 @@ void test_rangeproof_fixed_vectors_reproducible_helper(unsigned char *vector, si secp256k1_pedersen_commitment pc; unsigned char blind_r[32]; - CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit)); + CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit)); CHECK(secp256k1_rangeproof_verify( - ctx, + CTX, min_value_r, max_value_r, &pc, vector, vector_len, @@ -899,7 +901,7 @@ void test_rangeproof_fixed_vectors_reproducible_helper(unsigned char *vector, si *m_len_r = SECP256K1_RANGEPROOF_MAX_MESSAGE_LEN; CHECK(secp256k1_rangeproof_rewind( - ctx, + CTX, blind_r, value_r, message_r, m_len_r, vector_nonce, @@ -1261,9 +1263,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { 0xef, }; - CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); - CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); + CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); + CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); CHECK(p_len == sizeof(proof)); /* Uncomment the next line to print the test vector */ /* print_vector(0, proof, p_len, &pc); */ @@ -1315,9 +1317,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { 0x66, 0x16, 0x2e, 0x44, 0xc8, 0x65, 0x8e, 0xe6, 0x3a, 0x1a, 0x57, 0x2c, 0xb9, 0x6c, 0x07, 0x85, 0xf0, }; - CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); - CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); + CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); + CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); CHECK(p_len == sizeof(proof)); /* Uncomment the next line to print the test vector */ /* print_vector(1, proof, p_len, &pc); */ @@ -1361,9 +1363,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { 0x70, }; - CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); - CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); - CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); + CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); + CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); + CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); CHECK(p_len == sizeof(proof)); /* Uncomment the next line to print the test vector */ /* print_vector(2, proof, p_len, &pc); */ @@ -1390,7 +1392,7 @@ void run_rangeproof_tests(void) { test_rangeproof_fixed_vectors(); test_rangeproof_fixed_vectors_reproducible(); - for (i = 0; i < count / 2 + 1; i++) { + for (i = 0; i < COUNT / 2 + 1; i++) { test_borromean(); } test_rangeproof(); diff --git a/src/modules/recovery/tests_impl.h b/src/modules/recovery/tests_impl.h index 0ff9294e..b8f1220b 100644 --- a/src/modules/recovery/tests_impl.h +++ b/src/modules/recovery/tests_impl.h @@ -30,7 +30,6 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c void test_ecdsa_recovery_api(void) { /* Setup contexts that just count errors */ - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); secp256k1_pubkey pubkey; secp256k1_pubkey recpubkey; secp256k1_ecdsa_signature normal_sig; @@ -46,85 +45,86 @@ void test_ecdsa_recovery_api(void) { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Check bad contexts and NULLs for signing */ ecount = 0; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, NULL, message, privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, NULL, privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, NULL, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_sign_recoverable(sttc, &recsig, message, privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL) == 0); CHECK(ecount == 4); /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ - secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, recovery_test_nonce_function, NULL); + secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL); CHECK(ecount == 4); /* These will all fail, but not in ARG_CHECK way */ - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, zero_privkey, NULL, NULL) == 0); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, over_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0); /* This one will succeed. */ - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); CHECK(ecount == 4); /* Check signing with a goofy nonce function */ /* Check bad contexts and NULLs for recovery */ ecount = 0; - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, message) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_recover(ctx, NULL, &recsig, message) == 0); + CHECK(secp256k1_ecdsa_recover(CTX, NULL, &recsig, message) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, NULL, message) == 0); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, NULL) == 0); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL) == 0); CHECK(ecount == 3); /* Check NULLs for conversion */ - CHECK(secp256k1_ecdsa_sign(ctx, &normal_sig, message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1); ecount = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, NULL, &recsig) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &normal_sig, NULL) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &normal_sig, &recsig) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1); /* Check NULLs for de/serialization */ - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); ecount = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, NULL, &recid, &recsig) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, NULL, &recsig) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, NULL) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recsig) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &recsig) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, NULL, sig, recid) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, NULL, recid) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, -1) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1) == 0); CHECK(ecount == 6); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, 5) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5) == 0); CHECK(ecount == 7); /* overflow in signature will fail but not affect ecount */ memcpy(sig, over_privkey, 32); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, recid) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, recid) == 0); CHECK(ecount == 7); /* cleanup */ - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } void test_ecdsa_recovery_end_to_end(void) { @@ -148,40 +148,40 @@ void test_ecdsa_recovery_end_to_end(void) { } /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Serialize/parse compact and verify/recover. */ extra[0] = 0; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); memset(&rsignature[4], 0, sizeof(rsignature[4])); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); /* Parse compact (with recovery id) and recover. */ - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); /* Serialize/destroy/parse signature and verify again. */ - CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); - CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0); /* Recover again */ - CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 0 || secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); } @@ -222,14 +222,14 @@ void test_ecdsa_recovery_edge_cases(void) { secp256k1_ecdsa_signature sig; int recid; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); - CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 0)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 1)); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 2)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 3)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); for (recid = 0; recid < 4; recid++) { int i; @@ -274,40 +274,40 @@ void test_ecdsa_recovery_edge_cases(void) { 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 }; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 1); for (recid2 = 0; recid2 < 4; recid2++) { secp256k1_pubkey pubkey2b; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid2) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkey2b, &rsig, msg32) == 1); /* Verifying with (order + r,4) should always fail. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderlong, sizeof(sigbderlong)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); } /* DER parsing tests. */ /* Zero length r/s. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); /* Leading zeros. */ - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); sigbderalt3[4] = 1; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); sigbderalt4[7] = 1; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); /* Damage signature. */ sigbder[7]++; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); sigbder[7]--; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, 6) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder) - 1) == 0); for(i = 0; i < 8; i++) { int c; unsigned char orig = sigbder[i]; @@ -317,7 +317,7 @@ void test_ecdsa_recovery_edge_cases(void) { continue; } sigbder[i] = c; - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); } sigbder[i] = orig; } @@ -338,33 +338,33 @@ void test_ecdsa_recovery_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, }; secp256k1_pubkey pubkeyc; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyc, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 1); sigcder[4] = 0; sigc64[31] = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); sigcder[4] = 1; sigcder[7] = 0; sigc64[31] = 1; sigc64[63] = 0; - CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); - CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); } } void run_recovery_tests(void) { int i; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { test_ecdsa_recovery_api(); } - for (i = 0; i < 64*count; i++) { + for (i = 0; i < 64*COUNT; i++) { test_ecdsa_recovery_end_to_end(); } test_ecdsa_recovery_edge_cases(); diff --git a/src/modules/schnorrsig/tests_impl.h b/src/modules/schnorrsig/tests_impl.h index 06cc097c..eee341e5 100644 --- a/src/modules/schnorrsig/tests_impl.h +++ b/src/modules/schnorrsig/tests_impl.h @@ -72,7 +72,7 @@ void run_nonce_function_bip340_tests(void) { args[2] = pk; args[3] = algo; args[4] = aux_rand; - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { nonce_function_bip340_bitflip(args, 0, 32, msglen, algolen); nonce_function_bip340_bitflip(args, 1, 32, msglen, algolen); nonce_function_bip340_bitflip(args, 2, 32, msglen, algolen); @@ -90,7 +90,7 @@ void run_nonce_function_bip340_tests(void) { secp256k1_testrand_bytes_test(algo, algolen); CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { unsigned char nonce2[32]; uint32_t offset = secp256k1_testrand_int(msglen - 1); size_t msglen_tmp = (msglen + offset) % msglen; @@ -128,77 +128,77 @@ void test_schnorrsig_api(void) { secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL}; /** setup **/ - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); - int ecount; + int ecount = 0; - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); secp256k1_testrand256(sk1); secp256k1_testrand256(sk2); secp256k1_testrand256(sk3); secp256k1_testrand256(msg); - CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1); - CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1); - CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[0], sk1) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[1], sk2) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[2], sk3) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[0], NULL, &keypairs[0]) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[1], NULL, &keypairs[1]) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[2], NULL, &keypairs[2]) == 1); memset(&zero_pk, 0, sizeof(zero_pk)); /** main test body **/ ecount = 0; - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypairs[0], NULL) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); CHECK(ecount == 0); - CHECK(secp256k1_schnorrsig_sign32(ctx, NULL, msg, &keypairs[0], NULL) == 0); + CHECK(secp256k1_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL) == 0); CHECK(ecount == 1); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, NULL, &keypairs[0], NULL) == 0); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL) == 0); CHECK(ecount == 2); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, NULL, NULL) == 0); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, NULL, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &invalid_keypair, NULL) == 0); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL) == 0); CHECK(ecount == 4); - CHECK(secp256k1_schnorrsig_sign32(sttc, sig, msg, &keypairs[0], NULL) == 0); + CHECK(secp256k1_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL) == 0); CHECK(ecount == 5); ecount = 0; - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); CHECK(ecount == 0); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); CHECK(ecount == 1); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0); CHECK(ecount == 2); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, NULL, 0, &keypairs[0], &extraparams) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, 0, &keypairs[0], &extraparams) == 1); CHECK(ecount == 2); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), NULL, &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams) == 0); CHECK(ecount == 3); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0); CHECK(ecount == 4); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); CHECK(ecount == 4); - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0); CHECK(ecount == 5); - CHECK(secp256k1_schnorrsig_sign_custom(sttc, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); CHECK(ecount == 6); ecount = 0; - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypairs[0], NULL) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk[0]) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk[0]) == 1); CHECK(ecount == 0); - CHECK(secp256k1_schnorrsig_verify(ctx, NULL, msg, sizeof(msg), &pk[0]) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0]) == 0); CHECK(ecount == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, NULL, sizeof(msg), &pk[0]) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0]) == 0); CHECK(ecount == 2); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, NULL, 0, &pk[0]) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, 0, &pk[0]) == 0); CHECK(ecount == 2); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), NULL) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &zero_pk) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk) == 0); CHECK(ecount == 4); - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } /* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the @@ -220,14 +220,14 @@ void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const un secp256k1_keypair keypair; secp256k1_xonly_pubkey pk, pk_expected; - CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg32, &keypair, aux_rand)); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg32, &keypair, aux_rand)); CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0); - CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk_expected, pk_serialized)); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk_expected, pk_serialized)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); CHECK(secp256k1_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg32, 32, &pk)); } /* Helper function for schnorrsig_bip_vectors @@ -235,8 +235,8 @@ void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const un void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected) { secp256k1_xonly_pubkey pk; - CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk, pk_serialized)); - CHECK(expected == secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk, pk_serialized)); + CHECK(expected == secp256k1_schnorrsig_verify(CTX, sig, msg32, 32, &pk)); } /* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See @@ -434,7 +434,7 @@ void test_schnorrsig_bip_vectors(void) { }; secp256k1_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); + CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); } { /* Test vector 6 */ @@ -654,7 +654,7 @@ void test_schnorrsig_bip_vectors(void) { }; secp256k1_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); + CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); } } @@ -712,36 +712,36 @@ void test_schnorrsig_sign(void) { secp256k1_testrand256(sk); secp256k1_testrand256(aux_rand); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); /* Check that deprecated alias gives the same result */ - CHECK(secp256k1_schnorrsig_sign(ctx, sig2, msg, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_sign(CTX, sig2, msg, &keypair, NULL) == 1); CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); /* Test different nonce functions */ - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); memset(sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_failing; - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); memset(&sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_0; - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); memset(&sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_overflowing; - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); /* When using the default nonce function, schnorrsig_sign_custom produces * the same result as schnorrsig_sign with aux_rand = extraparams.ndata */ extraparams.noncefp = NULL; extraparams.ndata = aux_rand; - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig2, msg, &keypair, extraparams.ndata) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig2, msg, &keypair, extraparams.ndata) == 1); CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); } @@ -759,13 +759,13 @@ void test_schnorrsig_sign_verify(void) { secp256k1_scalar s; secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); for (i = 0; i < N_SIGS; i++) { secp256k1_testrand256(msg[i]); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[i], msg[i], &keypair, NULL)); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], sizeof(msg[i]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk)); } { @@ -775,40 +775,40 @@ void test_schnorrsig_sign_verify(void) { size_t byte_idx = secp256k1_testrand_bits(5); unsigned char xorbyte = secp256k1_testrand_int(254)+1; sig[sig_idx][byte_idx] ^= xorbyte; - CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); sig[sig_idx][byte_idx] ^= xorbyte; byte_idx = secp256k1_testrand_bits(5); sig[sig_idx][32+byte_idx] ^= xorbyte; - CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); sig[sig_idx][32+byte_idx] ^= xorbyte; byte_idx = secp256k1_testrand_bits(5); msg[sig_idx][byte_idx] ^= xorbyte; - CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); msg[sig_idx][byte_idx] ^= xorbyte; /* Check that above bitflips have been reversed correctly */ - CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); } /* Test overflowing s */ - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); memset(&sig[0][32], 0xFF, 32); - CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); /* Test negative s */ - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); secp256k1_scalar_set_b32(&s, &sig[0][32], NULL); secp256k1_scalar_negate(&s, &s); secp256k1_scalar_get_b32(&sig[0][32], &s); - CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); /* The empty message can be signed & verified */ - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], NULL, 0, &keypair, NULL) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], NULL, 0, &pk) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], NULL, 0, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], NULL, 0, &pk) == 1); { /* Test varying message lengths */ @@ -817,11 +817,11 @@ void test_schnorrsig_sign_verify(void) { for (i = 0; i < sizeof(msg_large); i += 32) { secp256k1_testrand256(&msg_large[i]); } - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], msg_large, msglen, &keypair, NULL) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1); /* Verification for a random wrong message length fails */ msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large); - CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 0); } } #undef N_SIGS @@ -840,26 +840,26 @@ void test_schnorrsig_taproot(void) { /* Create output key */ secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); /* In actual taproot the tweak would be hash of internal_pk */ - CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); - CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); - CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); - CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, tweak, &internal_pk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1); /* Key spend */ secp256k1_testrand256(msg); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); /* Verify key spend */ - CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); - CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &output_pk) == 1); /* Script spend */ - CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, internal_pk_bytes, &internal_pk) == 1); /* Verify script spend */ - CHECK(secp256k1_xonly_pubkey_parse(ctx, &internal_pk, internal_pk_bytes) == 1); - CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &internal_pk, internal_pk_bytes) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); } void run_schnorrsig_tests(void) { @@ -869,7 +869,7 @@ void run_schnorrsig_tests(void) { test_schnorrsig_api(); test_schnorrsig_sha256_tagged(); test_schnorrsig_bip_vectors(); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { test_schnorrsig_sign(); test_schnorrsig_sign_verify(); } diff --git a/src/modules/surjection/tests_impl.h b/src/modules/surjection/tests_impl.h index 5a10643e..6c58aa34 100644 --- a/src/modules/surjection/tests_impl.h +++ b/src/modules/surjection/tests_impl.h @@ -15,7 +15,6 @@ static void test_surjectionproof_api(void) { unsigned char seed[32]; - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); secp256k1_fixed_asset_tag fixed_input_tags[10]; secp256k1_fixed_asset_tag fixed_output_tag; secp256k1_generator ephemeral_input_tags[10]; @@ -32,54 +31,54 @@ static void test_surjectionproof_api(void) { size_t i; secp256k1_testrand256(seed); - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); for (i = 0; i < n_inputs; i++) { secp256k1_testrand256(input_blinding_key[i]); secp256k1_testrand256(fixed_input_tags[i].data); - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); } secp256k1_testrand256(output_blinding_key); memcpy(&fixed_output_tag, &fixed_input_tags[0], sizeof(fixed_input_tags[0])); - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_output_tag, fixed_output_tag.data, output_blinding_key)); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_output_tag, fixed_output_tag.data, output_blinding_key)); /* check allocate_initialized */ - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 0); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); CHECK(proof_on_heap != 0); secp256k1_surjectionproof_destroy(proof_on_heap); CHECK(ecount == 0); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 1); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 2); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 3); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 4); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); CHECK(proof_on_heap != 0); secp256k1_surjectionproof_destroy(proof_on_heap); CHECK(ecount == 4); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 5); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 6); - CHECK((secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); + CHECK((secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 6); - CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); + CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); CHECK(proof_on_heap == 0); CHECK(ecount == 7); @@ -88,114 +87,117 @@ static void test_surjectionproof_api(void) { ecount = 0; /* check initialize */ - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 0); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); CHECK(ecount == 0); - CHECK(secp256k1_surjectionproof_initialize(ctx, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 1); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 2); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 3); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 4); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); CHECK(ecount == 4); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); CHECK(ecount == 5); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); CHECK(ecount == 6); - CHECK((secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); + CHECK((secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); CHECK(ecount == 6); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); CHECK(ecount == 7); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); /* check generate */ - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); CHECK(ecount == 7); - CHECK(secp256k1_surjectionproof_generate(sttc, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(STATIC_CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 8); - CHECK(secp256k1_surjectionproof_generate(ctx, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 9); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, NULL, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, NULL, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 10); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 10); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 10); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, 0, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, 0, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 10); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, NULL, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, NULL, 0, input_blinding_key[0], output_blinding_key) == 0); CHECK(ecount == 11); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 1, input_blinding_key[0], output_blinding_key) != 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 1, input_blinding_key[0], output_blinding_key) != 0); CHECK(ecount == 11); /* the above line "succeeds" but generates an invalid proof as the input_index is wrong. it is fairly expensive to detect this. should we? */ - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, n_inputs + 1, input_blinding_key[0], output_blinding_key) != 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, n_inputs + 1, input_blinding_key[0], output_blinding_key) != 0); CHECK(ecount == 11); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, NULL, output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, NULL, output_blinding_key) == 0); CHECK(ecount == 12); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], NULL) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], NULL) == 0); CHECK(ecount == 13); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); /* check verify */ - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 1); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 1); CHECK(ecount == 13); - CHECK(secp256k1_surjectionproof_verify(ctx, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 0); + CHECK(secp256k1_surjectionproof_verify(CTX, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 0); CHECK(ecount == 14); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, NULL, n_inputs, &ephemeral_output_tag) == 0); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, NULL, n_inputs, &ephemeral_output_tag) == 0); CHECK(ecount == 15); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag) == 0); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag) == 0); CHECK(ecount == 15); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag) == 0); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag) == 0); CHECK(ecount == 15); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, NULL) == 0); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, NULL) == 0); CHECK(ecount == 16); /* Test how surjectionproof_generate fails when the proof was not created * with surjectionproof_initialize */ ecount = 0; - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); { secp256k1_surjectionproof tmp_proof = proof; tmp_proof.n_inputs = 0; - CHECK(secp256k1_surjectionproof_generate(ctx, &tmp_proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); + CHECK(secp256k1_surjectionproof_generate(CTX, &tmp_proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); } CHECK(ecount == 1); - CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); + CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); /* Check serialize */ ecount = 0; serialized_len = sizeof(serialized_proof); - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) != 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) != 0); CHECK(ecount == 0); serialized_len = sizeof(serialized_proof); - CHECK(secp256k1_surjectionproof_serialize(ctx, NULL, &serialized_len, &proof) == 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, NULL, &serialized_len, &proof) == 0); CHECK(ecount == 1); serialized_len = sizeof(serialized_proof); - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, NULL, &proof) == 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, NULL, &proof) == 0); CHECK(ecount == 2); serialized_len = sizeof(serialized_proof); - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, NULL) == 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, NULL) == 0); CHECK(ecount == 3); serialized_len = sizeof(serialized_proof); - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) != 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) != 0); /* Check parse */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, serialized_len) != 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, serialized_len) != 0); CHECK(ecount == 3); - CHECK(secp256k1_surjectionproof_parse(ctx, NULL, serialized_proof, serialized_len) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, NULL, serialized_proof, serialized_len) == 0); CHECK(ecount == 4); - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, NULL, serialized_len) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, NULL, serialized_len) == 0); CHECK(ecount == 5); - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, 0) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, 0) == 0); CHECK(ecount == 5); - secp256k1_context_destroy(sttc); + secp256k1_context_set_error_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); } static void test_input_selection(size_t n_inputs) { @@ -216,50 +218,50 @@ static void test_input_selection(size_t n_inputs) { } /* cannot match output when told to use zero keys */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], try_count, seed); CHECK(result == 0); - CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 0); - CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 34 + (n_inputs + 7) / 8); + CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 0); + CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 34 + (n_inputs + 7) / 8); if (n_inputs > 0) { /* succeed in 100*n_inputs tries (probability of failure e^-100) */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 1, &fixed_input_tags[0], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 1, &fixed_input_tags[0], try_count, seed); CHECK(result > 0); CHECK(result < n_inputs * 10); - CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 1); - CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 66 + (n_inputs + 7) / 8); + CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 1); + CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 66 + (n_inputs + 7) / 8); CHECK(input_index == 0); } if (n_inputs >= 3) { /* succeed in 10*n_inputs tries (probability of failure e^-10) */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[1], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[1], try_count, seed); CHECK(result > 0); - CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 3); - CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 130 + (n_inputs + 7) / 8); + CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 3); + CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 130 + (n_inputs + 7) / 8); CHECK(input_index == 1); /* fail, key not found */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[n_inputs], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[n_inputs], try_count, seed); CHECK(result == 0); /* succeed on first try when told to use all keys */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], try_count, seed); CHECK(result == 1); - CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 2 + 32 * (n_inputs + 1) + (n_inputs + 7) / 8); + CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 2 + 32 * (n_inputs + 1) + (n_inputs + 7) / 8); CHECK(input_index == 0); /* succeed in less than 64 tries when told to use half keys. (probability of failure 2^-64) */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs / 2, &fixed_input_tags[0], 64, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs / 2, &fixed_input_tags[0], 64, seed); CHECK(result > 0); CHECK(result < 64); - CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == n_inputs / 2); - CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); - CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 2 + 32 * (n_inputs / 2 + 1) + (n_inputs + 7) / 8); + CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == n_inputs / 2); + CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); + CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 2 + 32 * (n_inputs / 2 + 1) + (n_inputs + 7) / 8); CHECK(input_index == 0); } } @@ -278,7 +280,7 @@ static void test_input_selection_distribution_helper(const secp256k1_fixed_asset } for(j = 0; j < 10000; j++) { secp256k1_testrand256(seed); - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_input_tags, n_input_tags_to_use, &fixed_input_tags[0], 64, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_input_tags, n_input_tags_to_use, &fixed_input_tags[0], 64, seed); CHECK(result > 0); for (i = 0; i < n_input_tags; i++) { @@ -396,11 +398,11 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { } else { memcpy(&fixed_input_tags[i], &fixed_input_tags[key_index], sizeof(fixed_input_tags[i])); } - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); } /* test */ - result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_used, &fixed_input_tags[key_index], try_count, seed); + result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_used, &fixed_input_tags[key_index], try_count, seed); if (n_used == 0) { CHECK(result == 0); return; @@ -408,32 +410,32 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { CHECK(result > 0); CHECK(input_index == key_index); - result = secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); + result = secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); CHECK(result == 1); - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof)); - CHECK(serialized_len == secp256k1_surjectionproof_serialized_size(ctx, &proof)); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof)); + CHECK(serialized_len == secp256k1_surjectionproof_serialized_size(CTX, &proof)); CHECK(serialized_len == SECP256K1_SURJECTIONPROOF_SERIALIZATION_BYTES(n_inputs, n_used)); /* trailing garbage */ memcpy(&serialized_proof_trailing, &serialized_proof, serialized_len); serialized_proof_trailing[serialized_len] = seed[0]; - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof_trailing, serialized_len + 1) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof_trailing, serialized_len + 1) == 0); - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, serialized_len)); - result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, serialized_len)); + result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); CHECK(result == 1); /* various fail cases */ if (n_inputs > 1) { - result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); + result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); CHECK(result == 0); /* number of entries in ephemeral_input_tags array is less than proof.n_inputs */ n_inputs -= 1; - result = secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); + result = secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); CHECK(result == 0); - result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); + result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); CHECK(result == 0); n_inputs += 1; } @@ -441,7 +443,7 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { for (i = 0; i < n_inputs; i++) { /* flip bit */ proof.used_inputs[i / 8] ^= (1 << (i % 8)); - result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); + result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); CHECK(result == 0); /* reset the bit */ proof.used_inputs[i / 8] ^= (1 << (i % 8)); @@ -477,8 +479,8 @@ static void test_no_used_inputs_verify(void) { /* blind fixed output tags with random blinding key */ secp256k1_testrand256(blinding_key); - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[0], fixed_input_tag.data, blinding_key)); - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_output_tag, fixed_output_tag.data, blinding_key)); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[0], fixed_input_tag.data, blinding_key)); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_output_tag, fixed_output_tag.data, blinding_key)); /* create "borromean signature" which is just a hash of metadata (pubkeys, etc) in this case */ secp256k1_generator_load(&output, &ephemeral_output_tag); @@ -487,7 +489,7 @@ static void test_no_used_inputs_verify(void) { secp256k1_sha256_write(&sha256_e0, proof.data, 32); secp256k1_sha256_finalize(&sha256_e0, proof.data); - result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_ephemeral_input_tags, &ephemeral_output_tag); + result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_ephemeral_input_tags, &ephemeral_output_tag); CHECK(result == 0); } @@ -499,7 +501,7 @@ void test_bad_serialize(void) { proof.n_inputs = 0; serialized_len = 2 + 31; /* e0 is one byte too short */ - CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) == 0); + CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) == 0); } void test_bad_parse(void) { @@ -509,11 +511,11 @@ void test_bad_parse(void) { unsigned char serialized_proof2[33] = { 0 }; /* Missing total input count */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof0, sizeof(serialized_proof0)) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof0, sizeof(serialized_proof0)) == 0); /* Missing bitmap */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof1, sizeof(serialized_proof1)) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof1, sizeof(serialized_proof1)) == 0); /* Missing e0 value */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof2, sizeof(serialized_proof2)) == 0); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof2, sizeof(serialized_proof2)) == 0); } void test_input_eq_output(void) { @@ -528,17 +530,17 @@ void test_input_eq_output(void) { secp256k1_testrand256(blinding_key); secp256k1_testrand256(entropy); - CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, &fixed_tag, 1, 1, &fixed_tag, 100, entropy) == 1); + CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, &fixed_tag, 1, 1, &fixed_tag, 100, entropy) == 1); CHECK(input_index == 0); /* Generation should fail */ - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_tag, fixed_tag.data, blinding_key)); - CHECK(!secp256k1_surjectionproof_generate(ctx, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_tag, fixed_tag.data, blinding_key)); + CHECK(!secp256k1_surjectionproof_generate(CTX, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); /* ...even when the blinding key is zero */ memset(blinding_key, 0, 32); - CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_tag, fixed_tag.data, blinding_key)); - CHECK(!secp256k1_surjectionproof_generate(ctx, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); + CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_tag, fixed_tag.data, blinding_key)); + CHECK(!secp256k1_surjectionproof_generate(CTX, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); } void test_fixed_vectors(void) { @@ -638,53 +640,53 @@ void test_fixed_vectors(void) { secp256k1_generator output_tag; secp256k1_surjectionproof proof; - CHECK(secp256k1_generator_parse(ctx, &input_tags[0], tag0_ser)); - CHECK(secp256k1_generator_parse(ctx, &input_tags[1], tag1_ser)); - CHECK(secp256k1_generator_parse(ctx, &input_tags[2], tag2_ser)); - CHECK(secp256k1_generator_parse(ctx, &input_tags[3], tag3_ser)); - CHECK(secp256k1_generator_parse(ctx, &input_tags[4], tag4_ser)); - CHECK(secp256k1_generator_parse(ctx, &output_tag, output_tag_ser)); + CHECK(secp256k1_generator_parse(CTX, &input_tags[0], tag0_ser)); + CHECK(secp256k1_generator_parse(CTX, &input_tags[1], tag1_ser)); + CHECK(secp256k1_generator_parse(CTX, &input_tags[2], tag2_ser)); + CHECK(secp256k1_generator_parse(CTX, &input_tags[3], tag3_ser)); + CHECK(secp256k1_generator_parse(CTX, &input_tags[4], tag4_ser)); + CHECK(secp256k1_generator_parse(CTX, &output_tag, output_tag_ser)); /* check 1-of-1 */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total1_used1, total1_used1_len)); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 1, &output_tag)); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total1_used1, total1_used1_len)); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 1, &output_tag)); /* check 1-of-2 */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total2_used1, total2_used1_len)); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 2, &output_tag)); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total2_used1, total2_used1_len)); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 2, &output_tag)); /* check 2-of-3 */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total3_used2, total3_used2_len)); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 3, &output_tag)); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total3_used2, total3_used2_len)); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 3, &output_tag)); /* check 3-of-5 */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total5_used3, total5_used3_len)); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 5, &output_tag)); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total5_used3, total5_used3_len)); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 5, &output_tag)); /* check 5-of-5 */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total5_used5, total5_used5_len)); - CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 5, &output_tag)); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total5_used5, total5_used5_len)); + CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 5, &output_tag)); /* check invalid length fails */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, total5_used5, total5_used3_len)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, total5_used5, total5_used3_len)); /* check invalid keys fail */ - CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total1_used1, total1_used1_len)); - CHECK(!secp256k1_surjectionproof_verify(ctx, &proof, &input_tags[1], 1, &output_tag)); - CHECK(!secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 1, &input_tags[0])); + CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total1_used1, total1_used1_len)); + CHECK(!secp256k1_surjectionproof_verify(CTX, &proof, &input_tags[1], 1, &output_tag)); + CHECK(!secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 1, &input_tags[0])); /* Try setting 6 bits on the total5-used-5; check that parsing fails */ memcpy(bad, total5_used5, total5_used5_len); bad[2] = 0x3f; /* 0x1f -> 0x3f */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len)); /* Correct for the length */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len + 32)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len + 32)); /* Alternately just turn off one of the "legit" bits */ bad[2] = 0x37; /* 0x1f -> 0x37 */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len)); /* Similarly try setting 4 bits on the total5-used-3, with one bit out of range */ memcpy(bad, total5_used3, total5_used3_len); bad[2] = 0x35; /* 0x15 -> 0x35 */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len)); - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len + 32)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len + 32)); bad[2] = 0x34; /* 0x15 -> 0x34 */ - CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len)); + CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len)); } void run_surjection_tests(void) { diff --git a/src/modules/whitelist/tests_impl.h b/src/modules/whitelist/tests_impl.h index 19c1d6e0..29562351 100644 --- a/src/modules/whitelist/tests_impl.h +++ b/src/modules/whitelist/tests_impl.h @@ -15,21 +15,21 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons secp256k1_whitelist_signature sig; secp256k1_whitelist_signature sig1; - CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i)); - CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); + CHECK(secp256k1_whitelist_sign(CTX, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i)); + CHECK(secp256k1_whitelist_verify(CTX, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); /* Check that exchanging keys causes a failure */ - CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); + CHECK(secp256k1_whitelist_verify(CTX, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); /* Serialization round trip */ - CHECK(secp256k1_whitelist_signature_serialize(ctx, serialized, &slen, &sig) == 1); + CHECK(secp256k1_whitelist_signature_serialize(CTX, serialized, &slen, &sig) == 1); CHECK(slen == 33 + 32 * n_keys); - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen) == 1); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen) == 1); /* (Check various bad-length conditions) */ - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen + 32) == 0); - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen + 1) == 0); - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen - 1) == 0); - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, 0) == 0); - CHECK(secp256k1_whitelist_verify(ctx, &sig1, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); - CHECK(secp256k1_whitelist_verify(ctx, &sig1, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen + 32) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen + 1) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen - 1) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, 0) == 0); + CHECK(secp256k1_whitelist_verify(CTX, &sig1, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); + CHECK(secp256k1_whitelist_verify(CTX, &sig1, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); /* Test n_keys */ CHECK(secp256k1_whitelist_signature_n_keys(&sig) == n_keys); @@ -37,7 +37,7 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons /* Test bad number of keys in signature */ sig.n_keys = n_keys + 1; - CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); + CHECK(secp256k1_whitelist_verify(CTX, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); sig.n_keys = n_keys; } @@ -56,8 +56,8 @@ void test_whitelist_end_to_end(const size_t n_keys, int test_all_keys) { /* Start with subkey */ random_scalar_order_test(&ssub); secp256k1_scalar_get_b32(csub, &ssub); - CHECK(secp256k1_ec_seckey_verify(ctx, csub) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &sub_pubkey, csub) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, csub) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &sub_pubkey, csub) == 1); /* Then offline and online whitelist keys */ for (i = 0; i < n_keys; i++) { secp256k1_scalar son, soff; @@ -68,18 +68,18 @@ void test_whitelist_end_to_end(const size_t n_keys, int test_all_keys) { /* Create two keys */ random_scalar_order_test(&son); secp256k1_scalar_get_b32(online_seckey[i], &son); - CHECK(secp256k1_ec_seckey_verify(ctx, online_seckey[i]) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &online_pubkeys[i], online_seckey[i]) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, online_seckey[i]) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &online_pubkeys[i], online_seckey[i]) == 1); random_scalar_order_test(&soff); secp256k1_scalar_get_b32(summed_seckey[i], &soff); - CHECK(secp256k1_ec_seckey_verify(ctx, summed_seckey[i]) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &offline_pubkeys[i], summed_seckey[i]) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, summed_seckey[i]) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &offline_pubkeys[i], summed_seckey[i]) == 1); /* Make summed_seckey correspond to the sum of offline_pubkey and sub_pubkey */ secp256k1_scalar_add(&soff, &soff, &ssub); secp256k1_scalar_get_b32(summed_seckey[i], &soff); - CHECK(secp256k1_ec_seckey_verify(ctx, summed_seckey[i]) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, summed_seckey[i]) == 1); } /* Sign/verify with each one */ @@ -124,11 +124,11 @@ void test_whitelist_bad_parse(void) { }; /* Empty input */ - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized0, 0) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized0, 0) == 0); /* Misses one byte of e0 */ - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized1, sizeof(serialized1)) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized1, sizeof(serialized1)) == 0); /* Enough bytes for e0, but there is no s value */ - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized2, sizeof(serialized2)) == 0); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized2, sizeof(serialized2)) == 0); } void test_whitelist_bad_serialize(void) { @@ -142,17 +142,17 @@ void test_whitelist_bad_serialize(void) { size_t serialized_len; secp256k1_whitelist_signature sig; - CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized, sizeof(serialized)) == 1); + CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized, sizeof(serialized)) == 1); serialized_len = sizeof(serialized) - 1; /* Output buffer is one byte too short */ - CHECK(secp256k1_whitelist_signature_serialize(ctx, serialized, &serialized_len, &sig) == 0); + CHECK(secp256k1_whitelist_signature_serialize(CTX, serialized, &serialized_len, &sig) == 0); } void run_whitelist_tests(void) { int i; test_whitelist_bad_parse(); test_whitelist_bad_serialize(); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { test_whitelist_end_to_end(1, 1); test_whitelist_end_to_end(10, 1); test_whitelist_end_to_end(50, 1); diff --git a/src/precompute_ecmult.c b/src/precompute_ecmult.c index 2aa37b8f..10aba5b9 100644 --- a/src/precompute_ecmult.c +++ b/src/precompute_ecmult.c @@ -7,12 +7,6 @@ #include #include -/* Autotools creates libsecp256k1-config.h, of which ECMULT_WINDOW_SIZE is needed. - ifndef guard so downstream users can define their own if they do not use autotools. */ -#if !defined(ECMULT_WINDOW_SIZE) -#include "libsecp256k1-config.h" -#endif - #include "../include/secp256k1.h" #include "assumptions.h" @@ -74,9 +68,6 @@ int main(void) { fprintf(fp, "/* This file contains an array secp256k1_pre_g with odd multiples of the base point G and\n"); fprintf(fp, " * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G.\n"); fprintf(fp, " */\n"); - fprintf(fp, "#if defined HAVE_CONFIG_H\n"); - fprintf(fp, "# include \"libsecp256k1-config.h\"\n"); - fprintf(fp, "#endif\n"); fprintf(fp, "#include \"../include/secp256k1.h\"\n"); fprintf(fp, "#include \"group.h\"\n"); fprintf(fp, "#include \"ecmult.h\"\n"); diff --git a/src/precompute_ecmult_gen.c b/src/precompute_ecmult_gen.c index a4ec8e0d..bfe212fd 100644 --- a/src/precompute_ecmult_gen.c +++ b/src/precompute_ecmult_gen.c @@ -33,9 +33,6 @@ int main(int argc, char **argv) { fprintf(fp, "/* This file was automatically generated by precompute_ecmult_gen. */\n"); fprintf(fp, "/* See ecmult_gen_impl.h for details about the contents of this file. */\n"); - fprintf(fp, "#if defined HAVE_CONFIG_H\n"); - fprintf(fp, "# include \"libsecp256k1-config.h\"\n"); - fprintf(fp, "#endif\n"); fprintf(fp, "#include \"../include/secp256k1.h\"\n"); fprintf(fp, "#include \"group.h\"\n"); fprintf(fp, "#include \"ecmult_gen.h\"\n"); diff --git a/src/precomputed_ecmult.c b/src/precomputed_ecmult.c index 3e67f37b..fbc634ef 100644 --- a/src/precomputed_ecmult.c +++ b/src/precomputed_ecmult.c @@ -2,9 +2,6 @@ /* This file contains an array secp256k1_pre_g with odd multiples of the base point G and * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G. */ -#if defined HAVE_CONFIG_H -# include "libsecp256k1-config.h" -#endif #include "../include/secp256k1.h" #include "group.h" #include "ecmult.h" diff --git a/src/precomputed_ecmult_gen.c b/src/precomputed_ecmult_gen.c index d67291fc..e9d62a1c 100644 --- a/src/precomputed_ecmult_gen.c +++ b/src/precomputed_ecmult_gen.c @@ -1,8 +1,5 @@ /* This file was automatically generated by precompute_ecmult_gen. */ /* See ecmult_gen_impl.h for details about the contents of this file. */ -#if defined HAVE_CONFIG_H -# include "libsecp256k1-config.h" -#endif #include "../include/secp256k1.h" #include "group.h" #include "ecmult_gen.h" diff --git a/src/scalar.h b/src/scalar.h index 227913cb..663a9d5e 100644 --- a/src/scalar.h +++ b/src/scalar.h @@ -9,10 +9,6 @@ #include "util.h" -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #if defined(EXHAUSTIVE_TEST_ORDER) #include "scalar_low.h" #elif defined(SECP256K1_WIDEMUL_INT128) diff --git a/src/scalar_impl.h b/src/scalar_impl.h index 1b690e39..3a57f565 100644 --- a/src/scalar_impl.h +++ b/src/scalar_impl.h @@ -14,10 +14,6 @@ #include "scalar.h" #include "util.h" -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #if defined(EXHAUSTIVE_TEST_ORDER) #include "scalar_low_impl.h" #elif defined(SECP256K1_WIDEMUL_INT128) diff --git a/src/secp256k1.c b/src/secp256k1.c index ae7fa64a..2928ea9e 100644 --- a/src/secp256k1.c +++ b/src/secp256k1.c @@ -72,9 +72,10 @@ static void secp256k1_ecdsa_s2c_opening_save(secp256k1_ecdsa_s2c_opening* openin } \ } while(0) -#define ARG_CHECK_NO_RETURN(cond) do { \ +#define ARG_CHECK_VOID(cond) do { \ if (EXPECT(!(cond), 0)) { \ secp256k1_callback_call(&ctx->illegal_callback, #cond); \ + return; \ } \ } while(0) @@ -96,6 +97,15 @@ static const secp256k1_context secp256k1_context_static_ = { const secp256k1_context *secp256k1_context_static = &secp256k1_context_static_; const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_static_; +/* Helper function that determines if a context is proper, i.e., is not the static context or a copy thereof. + * + * This is intended for "context" functions such as secp256k1_context_clone. Function which need specific + * features of a context should still check for these features directly. For example, a function that needs + * ecmult_gen should directly check for the existence of the ecmult_gen context. */ +static int secp256k1_context_is_proper(const secp256k1_context* ctx) { + return secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx); +} + void secp256k1_selftest(void) { if (!secp256k1_selftest_passes()) { secp256k1_callback_call(&default_error_callback, "self test failed"); @@ -178,7 +188,7 @@ secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { } void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); + ARG_CHECK_VOID(ctx != secp256k1_context_static); if (ctx != NULL) { secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); } @@ -192,7 +202,10 @@ void secp256k1_context_destroy(secp256k1_context* ctx) { } void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); + /* We compare pointers instead of checking secp256k1_context_is_proper() here + because setting callbacks is allowed on *copies* of the static context: + it's harmless and makes testing easier. */ + ARG_CHECK_VOID(ctx != secp256k1_context_static); if (fun == NULL) { fun = secp256k1_default_illegal_callback_fn; } @@ -201,7 +214,10 @@ void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)( } void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); + /* We compare pointers instead of checking secp256k1_context_is_proper() here + because setting callbacks is allowed on *copies* of the static context: + it's harmless and makes testing easier. */ + ARG_CHECK_VOID(ctx != secp256k1_context_static); if (fun == NULL) { fun = secp256k1_default_error_callback_fn; } diff --git a/src/testrand.h b/src/testrand.h index 4b195016..64421833 100644 --- a/src/testrand.h +++ b/src/testrand.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_TESTRAND_H #define SECP256K1_TESTRAND_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - /* A non-cryptographic RNG used only for test infrastructure. */ /** Seed the pseudorandom number generator for testing. */ diff --git a/src/tests.c b/src/tests.c index 1f13165e..c257c1f1 100644 --- a/src/tests.c +++ b/src/tests.c @@ -4,10 +4,6 @@ * file COPYING or https://www.opensource.org/licenses/mit-license.php.* ***********************************************************************/ -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include #include #include @@ -29,10 +25,11 @@ #include "int128_impl.h" #endif -#define CONDITIONAL_TEST(cnt, nam) if (count < (cnt)) { printf("Skipping %s (iteration count too low)\n", nam); } else +#define CONDITIONAL_TEST(cnt, nam) if (COUNT < (cnt)) { printf("Skipping %s (iteration count too low)\n", nam); } else -static int count = 64; -static secp256k1_context *ctx = NULL; +static int COUNT = 64; +static secp256k1_context *CTX = NULL; +static secp256k1_context *STATIC_CTX = NULL; static void counting_illegal_callback_fn(const char* str, void* data) { /* Dummy callback function that just counts. */ @@ -202,75 +199,121 @@ int context_eq(const secp256k1_context *a, const secp256k1_context *b) { return a->declassify == b->declassify && ecmult_gen_context_eq(&a->ecmult_gen_ctx, &b->ecmult_gen_ctx) && a->illegal_callback.fn == b->illegal_callback.fn - && a->illegal_callback.data == b->illegal_callback. -data + && a->illegal_callback.data == b->illegal_callback.data && a->error_callback.fn == b->error_callback.fn && a->error_callback.data == b->error_callback.data; } -void test_deprecated_flags(void) { +void run_deprecated_context_flags_test(void) { + /* Check that a context created with any of the flags in the flags array is + * identical to the NONE context. */ unsigned int flags[] = { SECP256K1_CONTEXT_SIGN, SECP256K1_CONTEXT_VERIFY, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY }; + secp256k1_context *none_ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); int i; - /* Check that a context created with any of the flags in the flags array is - * identical to the NONE context. */ for (i = 0; i < (int)(sizeof(flags)/sizeof(flags[0])); i++) { secp256k1_context *tmp_ctx; CHECK(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE) == secp256k1_context_preallocated_size(flags[i])); tmp_ctx = secp256k1_context_create(flags[i]); - CHECK(context_eq(ctx, tmp_ctx)); + CHECK(context_eq(none_ctx, tmp_ctx)); secp256k1_context_destroy(tmp_ctx); } + secp256k1_context_destroy(none_ctx); } -void run_context_tests(int use_prealloc) { +void run_ec_illegal_argument_tests(void) { + int ecount = 0; + int ecount2 = 10; secp256k1_pubkey pubkey; secp256k1_pubkey zero_pubkey; secp256k1_ecdsa_signature sig; unsigned char ctmp[32]; - int32_t ecount; - int32_t ecount2; - secp256k1_context *sttc; - void *ctx_prealloc = NULL; - void *sttc_prealloc = NULL; + + /* Setup */ + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount2); + memset(ctmp, 1, 32); + memset(&zero_pubkey, 0, sizeof(zero_pubkey)); + + /* Verify context-type checking illegal-argument errors. */ + CHECK(secp256k1_ec_pubkey_create(STATIC_CTX, &pubkey, ctmp) == 0); + CHECK(ecount == 1); + VG_UNDEF(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); + VG_CHECK(&pubkey, sizeof(pubkey)); + CHECK(secp256k1_ecdsa_sign(STATIC_CTX, &sig, ctmp, ctmp, NULL, NULL) == 0); + CHECK(ecount == 2); + VG_UNDEF(&sig, sizeof(sig)); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, ctmp, ctmp, NULL, NULL) == 1); + VG_CHECK(&sig, sizeof(sig)); + CHECK(ecount2 == 10); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, ctmp, &pubkey) == 1); + CHECK(ecount2 == 10); + CHECK(secp256k1_ecdsa_verify(STATIC_CTX, &sig, ctmp, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp) == 1); + CHECK(ecount2 == 10); + CHECK(secp256k1_ec_pubkey_tweak_add(STATIC_CTX, &pubkey, ctmp) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp) == 1); + CHECK(ecount2 == 10); + CHECK(secp256k1_ec_pubkey_negate(STATIC_CTX, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey) == 1); + CHECK(ecount == 2); + CHECK(secp256k1_ec_pubkey_negate(STATIC_CTX, &zero_pubkey) == 0); + CHECK(ecount == 3); + CHECK(secp256k1_ec_pubkey_negate(CTX, NULL) == 0); + CHECK(ecount2 == 11); + CHECK(secp256k1_ec_pubkey_tweak_mul(STATIC_CTX, &pubkey, ctmp) == 1); + CHECK(ecount == 3); + + /* Clean up */ + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); +} + +void run_static_context_tests(void) { + int32_t dummy = 0; + + /* Check that deprecated secp256k1_context_no_precomp is an alias to secp256k1_context_static. */ + CHECK(secp256k1_context_no_precomp == secp256k1_context_static); + + /* check if sizes for cloning are consistent */ + CHECK(secp256k1_context_preallocated_clone_size(STATIC_CTX) >= sizeof(secp256k1_context)); + + /* Verify that setting and resetting illegal callback works */ + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &dummy); + CHECK(STATIC_CTX->illegal_callback.fn == counting_illegal_callback_fn); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); + CHECK(STATIC_CTX->illegal_callback.fn == secp256k1_default_illegal_callback_fn); +} + +void run_proper_context_tests(int use_prealloc) { + int32_t dummy = 0; + secp256k1_context *my_ctx; + void *my_ctx_prealloc = NULL; secp256k1_gej pubj; secp256k1_ge pub; secp256k1_scalar msg, key, nonce; secp256k1_scalar sigr, sigs; - - /* Check that deprecated secp256k1_context_no_precomp is an alias to secp256k1_context_static. */ - CHECK(secp256k1_context_no_precomp == secp256k1_context_static); - if (use_prealloc) { - ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - CHECK(ctx_prealloc != NULL); - ctx = secp256k1_context_preallocated_create(ctx_prealloc, SECP256K1_CONTEXT_NONE); - sttc_prealloc = malloc(secp256k1_context_preallocated_clone_size(secp256k1_context_static)); - CHECK(sttc_prealloc != NULL); - sttc = secp256k1_context_preallocated_clone(secp256k1_context_static, sttc_prealloc); + my_ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + CHECK(my_ctx_prealloc != NULL); + my_ctx = secp256k1_context_preallocated_create(my_ctx_prealloc, SECP256K1_CONTEXT_NONE); } else { - sttc = secp256k1_context_clone(secp256k1_context_static); - ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + my_ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); } - test_deprecated_flags(); - - memset(&zero_pubkey, 0, sizeof(zero_pubkey)); - - ecount = 0; - ecount2 = 10; - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount2); /* set error callback (to a function that still aborts in case malloc() fails in secp256k1_context_clone() below) */ - secp256k1_context_set_error_callback(ctx, secp256k1_default_illegal_callback_fn, NULL); - CHECK(ctx->error_callback.fn != sttc->error_callback.fn); - CHECK(ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); + secp256k1_context_set_error_callback(my_ctx, secp256k1_default_illegal_callback_fn, NULL); + CHECK(my_ctx->error_callback.fn != secp256k1_default_error_callback_fn); + CHECK(my_ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); /* check if sizes for cloning are consistent */ - CHECK(secp256k1_context_preallocated_clone_size(ctx) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); - CHECK(secp256k1_context_preallocated_clone_size(sttc) >= sizeof(secp256k1_context)); + CHECK(secp256k1_context_preallocated_clone_size(my_ctx) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); /*** clone and destroy all of them to make sure cloning was complete ***/ { @@ -278,97 +321,56 @@ void run_context_tests(int use_prealloc) { if (use_prealloc) { /* clone into a non-preallocated context and then again into a new preallocated one. */ - ctx_tmp = ctx; ctx = secp256k1_context_clone(ctx); secp256k1_context_preallocated_destroy(ctx_tmp); - free(ctx_prealloc); ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(ctx_prealloc != NULL); - ctx_tmp = ctx; ctx = secp256k1_context_preallocated_clone(ctx, ctx_prealloc); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = my_ctx; my_ctx = secp256k1_context_clone(my_ctx); secp256k1_context_preallocated_destroy(ctx_tmp); + free(my_ctx_prealloc); my_ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(my_ctx_prealloc != NULL); + ctx_tmp = my_ctx; my_ctx = secp256k1_context_preallocated_clone(my_ctx, my_ctx_prealloc); secp256k1_context_destroy(ctx_tmp); } else { /* clone into a preallocated context and then again into a new non-preallocated one. */ void *prealloc_tmp; prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); - ctx_tmp = ctx; ctx = secp256k1_context_preallocated_clone(ctx, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); - ctx_tmp = ctx; ctx = secp256k1_context_clone(ctx); secp256k1_context_preallocated_destroy(ctx_tmp); + ctx_tmp = my_ctx; my_ctx = secp256k1_context_preallocated_clone(my_ctx, prealloc_tmp); secp256k1_context_destroy(ctx_tmp); + ctx_tmp = my_ctx; my_ctx = secp256k1_context_clone(my_ctx); secp256k1_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); } } /* Verify that the error callback makes it across the clone. */ - CHECK(ctx->error_callback.fn != sttc->error_callback.fn); - CHECK(ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); + CHECK(my_ctx->error_callback.fn != secp256k1_default_error_callback_fn); + CHECK(my_ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); /* And that it resets back to default. */ - secp256k1_context_set_error_callback(ctx, NULL, NULL); - CHECK(ctx->error_callback.fn == sttc->error_callback.fn); + secp256k1_context_set_error_callback(my_ctx, NULL, NULL); + CHECK(my_ctx->error_callback.fn == secp256k1_default_error_callback_fn); + + /* Verify that setting and resetting illegal callback works */ + secp256k1_context_set_illegal_callback(my_ctx, counting_illegal_callback_fn, &dummy); + CHECK(my_ctx->illegal_callback.fn == counting_illegal_callback_fn); + secp256k1_context_set_illegal_callback(my_ctx, NULL, NULL); + CHECK(my_ctx->illegal_callback.fn == secp256k1_default_illegal_callback_fn); /*** attempt to use them ***/ random_scalar_order_test(&msg); random_scalar_order_test(&key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); + secp256k1_ecmult_gen(&my_ctx->ecmult_gen_ctx, &pubj, &key); secp256k1_ge_set_gej(&pub, &pubj); - /* Verify context-type checking illegal-argument errors. */ - memset(ctmp, 1, 32); - CHECK(secp256k1_ec_pubkey_create(sttc, &pubkey, ctmp) == 0); - CHECK(ecount == 1); - VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); - VG_CHECK(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ecdsa_sign(sttc, &sig, ctmp, ctmp, NULL, NULL) == 0); - CHECK(ecount == 2); - VG_UNDEF(&sig, sizeof(sig)); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, ctmp, ctmp, NULL, NULL) == 1); - VG_CHECK(&sig, sizeof(sig)); - CHECK(ecount2 == 10); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, ctmp, &pubkey) == 1); - CHECK(ecount2 == 10); - CHECK(secp256k1_ecdsa_verify(sttc, &sig, ctmp, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp) == 1); - CHECK(ecount2 == 10); - CHECK(secp256k1_ec_pubkey_tweak_add(sttc, &pubkey, ctmp) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp) == 1); - CHECK(ecount2 == 10); - CHECK(secp256k1_ec_pubkey_negate(sttc, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey) == 1); - CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_negate(ctx, NULL) == 0); - CHECK(ecount2 == 11); - CHECK(secp256k1_ec_pubkey_negate(sttc, &zero_pubkey) == 0); - CHECK(ecount == 3); - CHECK(secp256k1_ec_pubkey_tweak_mul(sttc, &pubkey, ctmp) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(sttc, ctmp) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(sttc, NULL) == 1); - CHECK(ecount == 3); - CHECK(secp256k1_context_randomize(ctx, ctmp) == 1); - CHECK(ecount2 == 11); - CHECK(secp256k1_context_randomize(ctx, NULL) == 1); - CHECK(ecount2 == 11); - secp256k1_context_set_illegal_callback(sttc, NULL, NULL); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); - /* obtain a working nonce */ do { random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + } while(!secp256k1_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try signing */ - CHECK(secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try verifying */ CHECK(secp256k1_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); /* cleanup */ if (use_prealloc) { - secp256k1_context_preallocated_destroy(ctx); - secp256k1_context_preallocated_destroy(sttc); - free(ctx_prealloc); - free(sttc_prealloc); + secp256k1_context_preallocated_destroy(my_ctx); + free(my_ctx_prealloc); } else { - secp256k1_context_destroy(ctx); - secp256k1_context_destroy(sttc); + secp256k1_context_destroy(my_ctx); } /* Defined as no-op. */ secp256k1_context_destroy(NULL); @@ -384,79 +386,79 @@ void run_scratch_tests(void) { secp256k1_scratch_space *scratch; secp256k1_scratch_space local_scratch; - ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); /* Test public API */ - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); - - scratch = secp256k1_scratch_space_create(ctx, 1000); + scratch = secp256k1_scratch_space_create(CTX, 1000); CHECK(scratch != NULL); CHECK(ecount == 0); /* Test internal API */ - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 0) == 1000); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); CHECK(scratch->alloc_size == 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating 500 bytes succeeds */ - checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 500) != NULL); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating another 501 bytes fails */ - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 501) == NULL); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 501) == NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* ...but it succeeds once we apply the checkpoint to undo it */ - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); CHECK(scratch->alloc_size == 0); - CHECK(secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 0) == 1000); - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); CHECK(scratch->alloc_size != 0); /* try to apply a bad checkpoint */ - checkpoint_2 = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + checkpoint_2 = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); CHECK(ecount == 0); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */ CHECK(ecount == 1); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */ CHECK(ecount == 2); /* try to use badly initialized scratch space */ - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); memset(&local_scratch, 0, sizeof(local_scratch)); scratch = &local_scratch; - CHECK(!secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, 0)); + CHECK(!secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0)); CHECK(ecount == 3); - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 500) == NULL); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) == NULL); CHECK(ecount == 4); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); CHECK(ecount == 5); /* Test that large integers do not wrap around in a bad way */ - scratch = secp256k1_scratch_space_create(ctx, 1000); + scratch = secp256k1_scratch_space_create(CTX, 1000); /* Try max allocation with a large number of objects. Only makes sense if * ALIGNMENT is greater than 1 because otherwise the objects take no extra * space. */ - CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&ctx->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); + CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); /* Try allocating SIZE_MAX to test wrap around which only happens if * ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch * space is too small. */ - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, SIZE_MAX) == NULL); - secp256k1_scratch_space_destroy(ctx, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, SIZE_MAX) == NULL); + secp256k1_scratch_space_destroy(CTX, scratch); /* cleanup */ - secp256k1_scratch_space_destroy(ctx, NULL); /* no-op */ - secp256k1_context_destroy(ctx); + secp256k1_scratch_space_destroy(CTX, NULL); /* no-op */ + + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_error_callback(CTX, NULL, NULL); } @@ -737,21 +739,21 @@ void run_tagged_sha256_tests(void) { 0xE2, 0x76, 0x55, 0x9A, 0x3B, 0xDE, 0x55, 0xB3 }; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); /* API test */ - CHECK(secp256k1_tagged_sha256(ctx, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1); - CHECK(secp256k1_tagged_sha256(ctx, NULL, tag, sizeof(tag), msg, sizeof(msg)) == 0); + CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1); + CHECK(secp256k1_tagged_sha256(CTX, NULL, tag, sizeof(tag), msg, sizeof(msg)) == 0); CHECK(ecount == 1); - CHECK(secp256k1_tagged_sha256(ctx, hash32, NULL, 0, msg, sizeof(msg)) == 0); + CHECK(secp256k1_tagged_sha256(CTX, hash32, NULL, 0, msg, sizeof(msg)) == 0); CHECK(ecount == 2); - CHECK(secp256k1_tagged_sha256(ctx, hash32, tag, sizeof(tag), NULL, 0) == 0); + CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), NULL, 0) == 0); CHECK(ecount == 3); /* Static test vector */ memcpy(tag, "tag", 3); memcpy(msg, "msg", 3); - CHECK(secp256k1_tagged_sha256(ctx, hash32, tag, 3, msg, 3) == 1); + CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, 3, msg, 3) == 1); CHECK(secp256k1_memcmp_var(hash32, hash_expected, sizeof(hash32)) == 0); } @@ -1707,7 +1709,7 @@ void run_modinv_tests(void) { #endif } - for (i = 0; i < 100 * count; ++i) { + for (i = 0; i < 100 * COUNT; ++i) { /* 256-bit numbers in 16-uint16_t's notation */ static const uint16_t ZERO[16] = {0}; uint16_t xd[16]; /* the number (in range [0,2^256)) to be inverted */ @@ -1732,7 +1734,7 @@ void run_modinv_tests(void) { #endif /* In a few cases, also test with input=0 */ - if (i < count) { + if (i < COUNT) { test_modinv32_uint16(id, ZERO, md); #ifdef SECP256K1_WIDEMUL_INT128 test_modinv64_uint16(id, ZERO, md); @@ -1832,7 +1834,7 @@ void load256i128(uint16_t* out, const secp256k1_int128* v) { uint64_t lo; int64_t hi; secp256k1_int128 c = *v; - lo = secp256k1_i128_to_i64(&c); + lo = secp256k1_i128_to_u64(&c); secp256k1_i128_rshift(&c, 64); hi = secp256k1_i128_to_i64(&c); load256two64(out, hi, lo, 1); @@ -1949,12 +1951,14 @@ void run_int128_test_case(void) { secp256k1_i128_rshift(&swz, uc % 127); load256i128(rswz, &swz); CHECK(secp256k1_memcmp_var(rswr, rswz, 16) == 0); - /* test secp256k1_i128_to_i64 */ - CHECK((uint64_t)secp256k1_i128_to_i64(&swa) == v[0]); + /* test secp256k1_i128_to_u64 */ + CHECK(secp256k1_i128_to_u64(&swa) == v[0]); /* test secp256k1_i128_from_i64 */ secp256k1_i128_from_i64(&swz, sb); load256i128(rswz, &swz); CHECK(secp256k1_memcmp_var(rsb, rswz, 16) == 0); + /* test secp256k1_i128_to_i64 */ + CHECK(secp256k1_i128_to_i64(&swz) == sb); /* test secp256k1_i128_eq_var */ { int expect = (uc & 1); @@ -2014,27 +2018,27 @@ void run_int128_tests(void) { /* Compute INT128_MAX = 2^127 - 1 with secp256k1_i128_accum_mul */ secp256k1_i128_mul(&res, INT64_MAX, INT64_MAX); secp256k1_i128_accum_mul(&res, INT64_MAX, INT64_MAX); - CHECK(secp256k1_i128_to_i64(&res) == 2); + CHECK(secp256k1_i128_to_u64(&res) == 2); secp256k1_i128_accum_mul(&res, 4, 9223372036854775807); secp256k1_i128_accum_mul(&res, 1, 1); - CHECK((uint64_t)secp256k1_i128_to_i64(&res) == UINT64_MAX); + CHECK(secp256k1_i128_to_u64(&res) == UINT64_MAX); secp256k1_i128_rshift(&res, 64); CHECK(secp256k1_i128_to_i64(&res) == INT64_MAX); /* Compute INT128_MIN = - 2^127 with secp256k1_i128_accum_mul */ secp256k1_i128_mul(&res, INT64_MAX, INT64_MIN); - CHECK(secp256k1_i128_to_i64(&res) == INT64_MIN); + CHECK(secp256k1_i128_to_u64(&res) == (uint64_t)INT64_MIN); secp256k1_i128_accum_mul(&res, INT64_MAX, INT64_MIN); - CHECK(secp256k1_i128_to_i64(&res) == 0); + CHECK(secp256k1_i128_to_u64(&res) == 0); secp256k1_i128_accum_mul(&res, 2, INT64_MIN); - CHECK(secp256k1_i128_to_i64(&res) == 0); + CHECK(secp256k1_i128_to_u64(&res) == 0); secp256k1_i128_rshift(&res, 64); CHECK(secp256k1_i128_to_i64(&res) == INT64_MIN); } { /* Randomized tests. */ int i; - for (i = 0; i < 256 * count; ++i) run_int128_test_case(); + for (i = 0; i < 256 * COUNT; ++i) run_int128_test_case(); } } #endif @@ -2341,10 +2345,10 @@ void scalar_chacha_tests(void) { void run_scalar_tests(void) { int i; - for (i = 0; i < 128 * count; i++) { + for (i = 0; i < 128 * COUNT; i++) { scalar_test(); } - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { run_scalar_set_b32_seckey_tests(); } @@ -3102,7 +3106,7 @@ void run_field_misc(void) { secp256k1_fe q; secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); int i, j; - for (i = 0; i < 1000 * count; i++) { + for (i = 0; i < 1000 * COUNT; i++) { secp256k1_fe_storage xs, ys, zs; if (i & 1) { random_fe(&x); @@ -3232,7 +3236,7 @@ void test_fe_mul(const secp256k1_fe* a, const secp256k1_fe* b, int use_sqr) void run_fe_mul(void) { int i; - for (i = 0; i < 100 * count; ++i) { + for (i = 0; i < 100 * COUNT; ++i) { secp256k1_fe a, b, c, d; random_fe(&a); random_field_element_magnitude(&a); @@ -3303,7 +3307,7 @@ void run_sqrt(void) { for (i = 0; i < 10; i++) { int j; random_fe_non_square(&ns); - for (j = 0; j < count; j++) { + for (j = 0; j < COUNT; j++) { random_fe(&x); secp256k1_fe_sqr(&s, &x); test_sqrt(&s, &x); @@ -3615,7 +3619,7 @@ void run_inverse_tests(void) } /* test 128*count random inputs; half with testrand256_test, half with testrand256 */ for (testrand = 0; testrand <= 1; ++testrand) { - for (i = 0; i < 64 * count; ++i) { + for (i = 0; i < 64 * COUNT; ++i) { (testrand ? secp256k1_testrand256_test : secp256k1_testrand256)(b32); secp256k1_scalar_set_b32(&x_scalar, b32, NULL); secp256k1_fe_set_b32(&x_fe, b32); @@ -3686,8 +3690,8 @@ void test_ge(void) { * negation, and then those two again but with randomized Z coordinate. * - The same is then done for lambda*p1 and lambda^2*p1. */ - secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); - secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); + secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); + secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); secp256k1_fe zf; secp256k1_fe zfi2, zfi3; @@ -3810,7 +3814,7 @@ void test_ge(void) { /* Test adding all points together in random order equals infinity. */ { secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; - secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); + secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); for (i = 0; i < 4 * runs + 1; i++) { gej_shuffled[i] = gej[i]; } @@ -3831,7 +3835,7 @@ void test_ge(void) { /* Test batch gej -> ge conversion without known z ratios. */ { - secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&ctx->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); + secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); secp256k1_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); for (i = 0; i < 4 * runs + 1; i++) { secp256k1_fe s; @@ -3978,7 +3982,7 @@ void test_add_neg_y_diff_x(void) { void run_ge(void) { int i; - for (i = 0; i < count * 32; i++) { + for (i = 0; i < COUNT * 32; i++) { test_ge(); } test_add_neg_y_diff_x(); @@ -3998,7 +4002,7 @@ void run_gej(void) { secp256k1_gej a, b; /* Tests for secp256k1_gej_cmov */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_gej_set_infinity(&a); secp256k1_gej_set_infinity(&b); test_gej_cmov(&a, &b); @@ -4016,7 +4020,7 @@ void run_gej(void) { } /* Tests for secp256k1_gej_eq_var */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { secp256k1_fe fe; random_gej_test(&a); random_gej_test(&b); @@ -4045,21 +4049,21 @@ void test_ec_combine(void) { secp256k1_scalar s; random_scalar_order_test(&s); secp256k1_scalar_add(&sum, &sum, &s); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &s); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &s); secp256k1_ge_set_gej(&Q, &Qj); secp256k1_pubkey_save(&data[i - 1], &Q); d[i - 1] = &data[i - 1]; - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &Qj, &sum); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &sum); secp256k1_ge_set_gej(&Q, &Qj); secp256k1_pubkey_save(&sd, &Q); - CHECK(secp256k1_ec_pubkey_combine(ctx, &sd2, d, i) == 1); + CHECK(secp256k1_ec_pubkey_combine(CTX, &sd2, d, i) == 1); CHECK(secp256k1_memcmp_var(&sd, &sd2, sizeof(sd)) == 0); } } void run_ec_combine(void) { int i; - for (i = 0; i < count * 8; i++) { + for (i = 0; i < COUNT * 8; i++) { test_ec_combine(); } } @@ -4074,7 +4078,7 @@ void test_ec_commit(void) { /* Create random keypair and data */ random_scalar_order_test(&seckey_s); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubkeyj, &seckey_s); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubkeyj, &seckey_s); secp256k1_ge_set_gej(&pubkey, &pubkeyj); secp256k1_testrand256_test(data); @@ -4085,7 +4089,7 @@ void test_ec_commit(void) { CHECK(secp256k1_ec_commit_verify(&commitment, &pubkey, &sha, data, 32) == 1); secp256k1_sha256_initialize(&sha); CHECK(secp256k1_ec_commit_seckey(&seckey_s, &pubkey, &sha, data, 32) == 1); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubkeyj, &seckey_s); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubkeyj, &seckey_s); ge_equals_gej(&commitment, &pubkeyj); /* Check that verification fails with different data */ @@ -4116,7 +4120,7 @@ void test_ec_commit_api(void) { /* Create random keypair */ random_scalar_order_test(&seckey_s); secp256k1_scalar_get_b32(seckey, &seckey_s); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubkeyj, &seckey_s); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubkeyj, &seckey_s); secp256k1_ge_set_gej(&pubkey, &pubkeyj); secp256k1_sha256_initialize(&sha); @@ -4135,7 +4139,7 @@ void test_ec_commit_api(void) { void run_ec_commit(void) { int i; - for (i = 0; i < count * 8; i++) { + for (i = 0; i < COUNT * 8; i++) { test_ec_commit(); } test_ec_commit_api(); @@ -4207,7 +4211,7 @@ void test_group_decompress(const secp256k1_fe* x) { void run_group_decompress(void) { int i; - for (i = 0; i < count * 4; i++) { + for (i = 0; i < COUNT * 4; i++) { secp256k1_fe fe; random_fe_test(&fe); test_group_decompress(&fe); @@ -4320,7 +4324,7 @@ void run_ecmult_chain(void) { /* the point being computed */ x = a; - for (i = 0; i < 200*count; i++) { + for (i = 0; i < 200*COUNT; i++) { /* in each iteration, compute X = xn*X + gn*G; */ secp256k1_ecmult(&x, &x, &xn, &gn); /* also compute ae and ge: the actual accumulated factors for A and G */ @@ -4433,9 +4437,9 @@ void test_ecmult_target(const secp256k1_scalar* target, int mode) { /* EC multiplications */ if (mode == 0) { - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &p1j, &n1); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &p2j, &n2); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &ptj, target); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &p1j, &n1); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &p2j, &n2); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &ptj, target); } else if (mode == 1) { secp256k1_ecmult(&p1j, &pj, &n1, &zero); secp256k1_ecmult(&p2j, &pj, &n2, &zero); @@ -4455,7 +4459,7 @@ void test_ecmult_target(const secp256k1_scalar* target, int mode) { void run_ecmult_near_split_bound(void) { int i; unsigned j; - for (i = 0; i < 4*count; ++i) { + for (i = 0; i < 4*COUNT; ++i) { for (j = 0; j < sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); ++j) { test_ecmult_target(&scalars_near_split_bounds[j], 0); test_ecmult_target(&scalars_near_split_bounds[j], 1); @@ -4622,10 +4626,10 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e secp256k1_scalar_set_int(&szero, 0); /* No points to multiply */ - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, NULL, ecmult_multi_callback, &data, 0)); /* Check 1- and 2-point multiplies against ecmult */ - for (ncount = 0; ncount < count; ncount++) { + for (ncount = 0; ncount < COUNT; ncount++) { secp256k1_ge ptg; secp256k1_gej ptgj; random_scalar_order(&sc[0]); @@ -4638,30 +4642,30 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e /* only G scalar */ secp256k1_ecmult(&r2, &ptgj, &szero, &sc[0]); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); CHECK(secp256k1_gej_eq_var(&r, &r2)); /* 1-point */ secp256k1_ecmult(&r2, &ptgj, &sc[0], &szero); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 1)); CHECK(secp256k1_gej_eq_var(&r, &r2)); /* Try to multiply 1 point, but callback returns false */ - CHECK(!ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); + CHECK(!ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_false_callback, &data, 1)); /* 2-point */ secp256k1_ecmult(&r2, &ptgj, &sc[0], &sc[1]); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 2)); CHECK(secp256k1_gej_eq_var(&r, &r2)); /* 2-point with G scalar */ secp256k1_ecmult(&r2, &ptgj, &sc[0], &sc[1]); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); CHECK(secp256k1_gej_eq_var(&r, &r2)); } /* Check infinite outputs of various forms */ - for (ncount = 0; ncount < count; ncount++) { + for (ncount = 0; ncount < COUNT; ncount++) { secp256k1_ge ptg; size_t i, j; size_t sizes[] = { 2, 10, 32 }; @@ -4671,7 +4675,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e random_scalar_order(&sc[i]); secp256k1_ge_set_infinity(&pt[i]); } - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); CHECK(secp256k1_gej_is_infinity(&r)); } @@ -4681,7 +4685,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e pt[i] = ptg; secp256k1_scalar_set_int(&sc[i], 0); } - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); CHECK(secp256k1_gej_is_infinity(&r)); } @@ -4694,7 +4698,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e pt[2 * i + 1] = ptg; } - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); CHECK(secp256k1_gej_is_infinity(&r)); random_scalar_order(&sc[0]); @@ -4707,7 +4711,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e secp256k1_ge_neg(&pt[2*i+1], &pt[2*i]); } - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, sizes[j])); CHECK(secp256k1_gej_is_infinity(&r)); } @@ -4722,12 +4726,12 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e secp256k1_scalar_negate(&sc[i], &sc[i]); } - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 32)); CHECK(secp256k1_gej_is_infinity(&r)); } /* Check random points, constant scalar */ - for (ncount = 0; ncount < count; ncount++) { + for (ncount = 0; ncount < COUNT; ncount++) { size_t i; secp256k1_gej_set_infinity(&r); @@ -4741,12 +4745,12 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e } secp256k1_ecmult(&r2, &r, &sc[0], &szero); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); CHECK(secp256k1_gej_eq_var(&r, &r2)); } /* Check random scalars, constant point */ - for (ncount = 0; ncount < count; ncount++) { + for (ncount = 0; ncount < COUNT; ncount++) { size_t i; secp256k1_ge ptg; secp256k1_gej p0j; @@ -4762,7 +4766,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e secp256k1_gej_set_ge(&p0j, &pt[0]); secp256k1_ecmult(&r2, &p0j, &rs, &szero); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); CHECK(secp256k1_gej_eq_var(&r, &r2)); } @@ -4773,13 +4777,13 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e } secp256k1_scalar_clear(&sc[0]); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 20)); secp256k1_scalar_clear(&sc[1]); secp256k1_scalar_clear(&sc[2]); secp256k1_scalar_clear(&sc[3]); secp256k1_scalar_clear(&sc[4]); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 6)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &szero, ecmult_multi_callback, &data, 5)); CHECK(secp256k1_gej_is_infinity(&r)); /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ @@ -4824,7 +4828,7 @@ void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func e secp256k1_scalar_add(&tmp1, &tmp1, &tmp2); secp256k1_ecmult(&expected, &ptgj, &tmp1, &szero); - CHECK(ecmult_multi(&ctx->error_callback, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &actual, &szero, ecmult_multi_callback, &data, 2)); CHECK(secp256k1_gej_eq_var(&actual, &expected)); } } @@ -4900,7 +4904,7 @@ int test_ecmult_multi_random(secp256k1_scratch *scratch) { secp256k1_scalar_mul(&scalars[filled], &sc_tmp, &g_scalar); secp256k1_scalar_inverse_var(&sc_tmp, &sc_tmp); secp256k1_scalar_negate(&sc_tmp, &sc_tmp); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &gejs[filled], &sc_tmp); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &gejs[filled], &sc_tmp); ++filled; ++mults; } @@ -4992,7 +4996,7 @@ int test_ecmult_multi_random(secp256k1_scratch *scratch) { /* Invoke ecmult_multi code. */ data.sc = scalars; data.pt = ges; - CHECK(ecmult_multi(&ctx->error_callback, scratch, &computed, g_scalar_ptr, ecmult_multi_callback, &data, filled)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &computed, g_scalar_ptr, ecmult_multi_callback, &data, filled)); mults += num_nonzero + g_nonzero; /* Compare with expected result. */ CHECK(secp256k1_gej_eq_var(&computed, &expected)); @@ -5014,9 +5018,9 @@ void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { secp256k1_scalar_set_int(&szero, 0); /* Try to multiply 1 point, but scratch space is empty.*/ - scratch_empty = secp256k1_scratch_create(&ctx->error_callback, 0); - CHECK(!ecmult_multi(&ctx->error_callback, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch_empty); + scratch_empty = secp256k1_scratch_create(&CTX->error_callback, 0); + CHECK(!ecmult_multi(&CTX->error_callback, scratch_empty, &r, &szero, ecmult_multi_callback, &data, 1)); + secp256k1_scratch_destroy(&CTX->error_callback, scratch_empty); } void test_secp256k1_pippenger_bucket_window_inv(void) { @@ -5050,24 +5054,24 @@ void test_ecmult_multi_pippenger_max_points(void) { size_t i; size_t total_alloc; size_t checkpoint; - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size); CHECK(scratch != NULL); - checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); - n_points_supported = secp256k1_pippenger_max_points(&ctx->error_callback, scratch); + checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + n_points_supported = secp256k1_pippenger_max_points(&CTX->error_callback, scratch); if (n_points_supported == 0) { - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); continue; } bucket_window = secp256k1_pippenger_bucket_window(n_points_supported); /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ total_alloc = secp256k1_pippenger_scratch_size(n_points_supported, bucket_window); for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, 1)); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 1)); total_alloc--; } - CHECK(secp256k1_scratch_alloc(&ctx->error_callback, scratch, total_alloc)); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, total_alloc)); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); } CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); } @@ -5124,8 +5128,8 @@ void test_ecmult_multi_batching(void) { static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; secp256k1_scalar scG; secp256k1_scalar szero; - secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_scalar) * n_points); - secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&ctx->error_callback, sizeof(secp256k1_ge) * n_points); + secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_scalar) * n_points); + secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_ge) * n_points); secp256k1_gej r; secp256k1_gej r2; ecmult_multi_data data; @@ -5154,34 +5158,34 @@ void test_ecmult_multi_batching(void) { /* Test with empty scratch space. It should compute the correct result using * ecmult_mult_simple algorithm which doesn't require a scratch space. */ - scratch = secp256k1_scratch_create(&ctx->error_callback, 0); - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + scratch = secp256k1_scratch_create(&CTX->error_callback, 0); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); secp256k1_gej_add_var(&r, &r, &r2, NULL); CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); /* Test with space for 1 point in pippenger. That's not enough because * ecmult_multi selects strauss which requires more memory. It should * therefore select the simple algorithm. */ - scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + scratch = secp256k1_scratch_create(&CTX->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); secp256k1_gej_add_var(&r, &r, &r2, NULL); CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); for(i = 1; i <= n_points; i++) { if (i > ECMULT_PIPPENGER_THRESHOLD) { int bucket_window = secp256k1_pippenger_bucket_window(i); size_t scratch_size = secp256k1_pippenger_scratch_size(i, bucket_window); - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); } else { size_t scratch_size = secp256k1_strauss_scratch_size(i); - scratch = secp256k1_scratch_create(&ctx->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); } - CHECK(secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); secp256k1_gej_add_var(&r, &r, &r2, NULL); CHECK(secp256k1_gej_is_infinity(&r)); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); } free(sc); free(pt); @@ -5189,11 +5193,11 @@ void test_ecmult_multi_batching(void) { void run_ecmult_multi_tests(void) { secp256k1_scratch *scratch; - int64_t todo = (int64_t)320 * count; + int64_t todo = (int64_t)320 * COUNT; test_secp256k1_pippenger_bucket_window_inv(); test_ecmult_multi_pippenger_max_points(); - scratch = secp256k1_scratch_create(&ctx->error_callback, 819200); + scratch = secp256k1_scratch_create(&CTX->error_callback, 819200); test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); test_ecmult_multi(NULL, secp256k1_ecmult_multi_var); test_ecmult_multi(scratch, secp256k1_ecmult_pippenger_batch_single); @@ -5203,12 +5207,12 @@ void run_ecmult_multi_tests(void) { while (todo > 0) { todo -= test_ecmult_multi_random(scratch); } - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); /* Run test_ecmult_multi with space for exactly one point */ - scratch = secp256k1_scratch_create(&ctx->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + scratch = secp256k1_scratch_create(&CTX->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); - secp256k1_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); test_ecmult_multi_batch_size_helper(); test_ecmult_multi_batching(); @@ -5436,7 +5440,7 @@ void run_wnaf(void) { /* Test 0 for fixed wnaf */ test_fixed_wnaf_small(); /* Random tests */ - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { random_scalar_order(&n); test_wnaf(&n, 4+(i%10)); test_constant_wnaf_negate(&n); @@ -5467,7 +5471,7 @@ void test_ecmult_accumulate(secp256k1_sha256* acc, const secp256k1_scalar* x, se size_t size = 65; secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); secp256k1_gej_set_infinity(&infj); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &rj1, x); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &rj1, x); secp256k1_ecmult(&rj2, &gj, x, &zero); secp256k1_ecmult(&rj3, &infj, &zero, x); secp256k1_ecmult_multi_var(NULL, scratch, &rj4, x, NULL, NULL, 0); @@ -5504,7 +5508,7 @@ void test_ecmult_constants_2bit(void) { secp256k1_sha256 acc; unsigned char b32[32]; int i, j; - secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(ctx, 65536); + secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(CTX, 65536); /* Expected hash of all the computed points; created with an independent * implementation. */ @@ -5532,7 +5536,7 @@ void test_ecmult_constants_2bit(void) { secp256k1_sha256_finalize(&acc, b32); CHECK(secp256k1_memcmp_var(b32, expected32, 32) == 0); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char* expected32) { @@ -5548,7 +5552,7 @@ void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char unsigned char b32[32]; unsigned char inp[6]; size_t i; - secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(ctx, 65536); + secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(CTX, 65536); inp[0] = prefix & 0xFF; inp[1] = (prefix >> 8) & 0xFF; @@ -5575,7 +5579,7 @@ void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char secp256k1_sha256_finalize(&acc, b32); CHECK(secp256k1_memcmp_var(b32, expected32, 32) == 0); - secp256k1_scratch_space_destroy(ctx, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } void run_ecmult_constants(void) { @@ -5622,15 +5626,15 @@ void test_ecmult_gen_blind(void) { secp256k1_gej i; secp256k1_ge pge; random_scalar_order_test(&key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej, &key); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej, &key); secp256k1_testrand256(seed32); - b = ctx->ecmult_gen_ctx.blind; - i = ctx->ecmult_gen_ctx.initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); - CHECK(!secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pgej2, &key); + b = CTX->ecmult_gen_ctx.blind; + i = CTX->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, seed32); + CHECK(!secp256k1_scalar_eq(&b, &CTX->ecmult_gen_ctx.blind)); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej2, &key); CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); - CHECK(!gej_xyz_equals_gej(&i, &ctx->ecmult_gen_ctx.initial)); + CHECK(!gej_xyz_equals_gej(&i, &CTX->ecmult_gen_ctx.initial)); secp256k1_ge_set_gej(&pge, &pgej); ge_equals_gej(&pge, &pgej2); } @@ -5639,12 +5643,12 @@ void test_ecmult_gen_blind_reset(void) { /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ secp256k1_scalar b; secp256k1_gej initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); - b = ctx->ecmult_gen_ctx.blind; - initial = ctx->ecmult_gen_ctx.initial; - secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, 0); - CHECK(secp256k1_scalar_eq(&b, &ctx->ecmult_gen_ctx.blind)); - CHECK(gej_xyz_equals_gej(&initial, &ctx->ecmult_gen_ctx.initial)); + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); + b = CTX->ecmult_gen_ctx.blind; + initial = CTX->ecmult_gen_ctx.initial; + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); + CHECK(secp256k1_scalar_eq(&b, &CTX->ecmult_gen_ctx.blind)); + CHECK(gej_xyz_equals_gej(&initial, &CTX->ecmult_gen_ctx.initial)); } void run_ecmult_gen_blind(void) { @@ -5694,7 +5698,7 @@ void run_endomorphism_tests(void) { secp256k1_scalar_add(&s, &secp256k1_const_lambda, &secp256k1_scalar_one); test_scalar_split(&s); - for (i = 0; i < 100U * count; ++i) { + for (i = 0; i < 100U * COUNT; ++i) { secp256k1_scalar full; random_scalar_order_test(&full); test_scalar_split(&full); @@ -5711,7 +5715,7 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali size_t pubkeyclen; int32_t ecount; ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { /* Smaller sizes are tested exhaustively elsewhere. */ int32_t i; @@ -5737,11 +5741,11 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); ecount = 0; - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); outl = 65; VG_UNDEF(pubkeyo, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); VG_CHECK(pubkeyo, outl); CHECK(outl == 33); CHECK(secp256k1_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0); @@ -5749,14 +5753,14 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali if (ypass) { /* This test isn't always done because we decode with alternative signs, so the y won't match. */ CHECK(pubkeyo[0] == ysign); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); secp256k1_pubkey_save(&pubkey, &ge); VG_CHECK(&pubkey, sizeof(pubkey)); outl = 65; VG_UNDEF(pubkeyo, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); VG_CHECK(pubkeyo, outl); CHECK(outl == 65); CHECK(pubkeyo[0] == 4); @@ -5768,15 +5772,15 @@ void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvali memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); } } } - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } void run_ec_pubkey_parse_test(void) { @@ -5969,16 +5973,16 @@ void run_ec_pubkey_parse_test(void) { ecount = 0; /* Nothing should be reading this far into pubkeyc. */ VG_UNDEF(&pubkeyc[65], 1); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); /* Zero length claimed, fail, zeroize, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(shortkey, 2); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 0) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 0) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); /* Length one claimed, fail, zeroize, no illegal arg error. */ for (i = 0; i < 256 ; i++) { @@ -5987,10 +5991,10 @@ void run_ec_pubkey_parse_test(void) { shortkey[0] = i; VG_UNDEF(&shortkey[1], 1); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 1) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 1) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); } /* Length two claimed, fail, zeroize, no illegal arg error. */ @@ -6000,61 +6004,61 @@ void run_ec_pubkey_parse_test(void) { shortkey[0] = i & 255; shortkey[1] = i >> 8; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, shortkey, 2) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 2) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); } memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 33) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 33) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, pubkeyc, 65) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, pubkeyc, 65) == 0); CHECK(ecount == 2); /* NULL input string. Illegal arg and zeroize output. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, NULL, 65) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, NULL, 65) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 1); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 2); /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 64) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 64) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 66) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 66) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 0); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0); CHECK(ecount == 1); /* Valid parse. */ memset(&pubkey, 0, sizeof(pubkey)); ecount = 0; VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 65) == 1); CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_static, &pubkey, pubkeyc, 65) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(ecount == 0); VG_UNDEF(&ge, sizeof(ge)); - CHECK(secp256k1_pubkey_load(ctx, &ge, &pubkey) == 1); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 1); VG_CHECK(&ge.x, sizeof(ge.x)); VG_CHECK(&ge.y, sizeof(ge.y)); VG_CHECK(&ge.infinity, sizeof(ge.infinity)); @@ -6063,38 +6067,38 @@ void run_ec_pubkey_parse_test(void) { /* secp256k1_ec_pubkey_serialize illegal args. */ ecount = 0; len = 65; - CHECK(secp256k1_ec_pubkey_serialize(ctx, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); CHECK(ecount == 1); CHECK(len == 0); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0); CHECK(ecount == 2); len = 65; VG_UNDEF(sout, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0); VG_CHECK(sout, 65); CHECK(ecount == 3); CHECK(len == 0); len = 65; - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, ~0) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, ~0) == 0); CHECK(ecount == 4); CHECK(len == 0); len = 65; VG_UNDEF(sout, 65); - CHECK(secp256k1_ec_pubkey_serialize(ctx, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); VG_CHECK(sout, 65); CHECK(ecount == 4); CHECK(len == 65); /* Multiple illegal args. Should still set arg error only once. */ ecount = 0; ecount2 = 11; - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65) == 0); CHECK(ecount == 1); /* Does the illegal arg callback actually change the behavior? */ - secp256k1_context_set_illegal_callback(ctx, uncounting_illegal_callback_fn, &ecount2); - CHECK(secp256k1_ec_pubkey_parse(ctx, NULL, NULL, 65) == 0); + secp256k1_context_set_illegal_callback(CTX, uncounting_illegal_callback_fn, &ecount2); + CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65) == 0); CHECK(ecount == 1); CHECK(ecount2 == 10); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); /* Try a bunch of prefabbed points with all possible encodings. */ for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { ec_pubkey_parse_pointtest(valid[i], 1, 1); @@ -6125,65 +6129,65 @@ void run_eckey_edge_case_test(void) { size_t len; int32_t ecount; /* Group order is too large, reject. */ - CHECK(secp256k1_ec_seckey_verify(ctx, orderc) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, orderc) == 0); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, orderc) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, orderc) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* Maximum value is too large, reject. */ memset(ctmp, 255, 32); - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* Zero is too small, reject. */ memset(ctmp, 0, 32); - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* One must be accepted. */ ctmp[31] = 0x01; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); pubkey_one = pubkey; /* Group order + 1 is too large, reject. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x42; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* -1 must be accepted. */ ctmp[31] = 0x40; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); VG_UNDEF(&pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); VG_CHECK(&pubkey, sizeof(pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); pubkey_negone = pubkey; /* Tweak of zero leaves the value unchanged. */ memset(ctmp2, 0, 32); - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 1); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 1); CHECK(secp256k1_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); memcpy(&pubkey2, &pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Multiply tweak of zero zeroizes the output. */ - CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp2) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing @@ -6191,31 +6195,31 @@ void run_eckey_edge_case_test(void) { memcpy(ctmp, orderc, 32); memset(ctmp2, 0, 32); ctmp2[31] = 0x01; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp2) == 1); - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 0); - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, ctmp2) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp2) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); - CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, ctmp2) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing tweak, the seckey is zeroized. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, orderc) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, orderc) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, orderc) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, orderc) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing tweak, the pubkey is zeroized. */ - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, orderc) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, orderc) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, orderc) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, orderc) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* If the resulting key in secp256k1_ec_seckey_tweak_add and @@ -6225,78 +6229,78 @@ void run_eckey_edge_case_test(void) { ctmp[31] = 0x40; memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 0); CHECK(secp256k1_memcmp_var(zeros, ctmp2, 32) == 0); ctmp2[31] = 1; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* Tweak computation wraps and results in a key of 1. */ ctmp2[31] = 2; - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp2, ctmp) == 1); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 1); CHECK(secp256k1_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); ctmp2[31] = 2; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); ctmp2[31] = 1; - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, ctmp2) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Tweak mul * 2 = 1+1. */ - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); ctmp2[31] = 2; - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Test argument errors. */ ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); CHECK(ecount == 0); /* Zeroize pubkey on parse error. */ memset(&pubkey, 0, 32); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 0); CHECK(ecount == 1); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memset(&pubkey2, 0, 32); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey2, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0); /* Plain argument errors. */ ecount = 0; - CHECK(secp256k1_ec_seckey_verify(ctx, ctmp) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ec_seckey_verify(ctx, NULL) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, NULL) == 0); CHECK(ecount == 1); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, NULL) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, NULL) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); - CHECK(secp256k1_ec_seckey_tweak_add(ctx, NULL, ctmp2) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_seckey_tweak_add(ctx, ctmp, NULL) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, NULL) == 0); CHECK(ecount == 2); ecount = 0; memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK(secp256k1_ec_seckey_tweak_mul(ctx, NULL, ctmp2) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, NULL, ctmp2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_seckey_tweak_mul(ctx, ctmp, NULL) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, NULL) == 0); CHECK(ecount == 2); ecount = 0; - CHECK(secp256k1_ec_pubkey_create(ctx, NULL, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, NULL, ctmp) == 0); CHECK(ecount == 1); memset(&pubkey, 1, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, NULL) == 0); CHECK(ecount == 2); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* secp256k1_ec_pubkey_combine tests. */ @@ -6307,36 +6311,36 @@ void run_eckey_edge_case_test(void) { VG_UNDEF(&pubkeys[2], sizeof(secp256k1_pubkey *)); memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 0) == 0); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 0) == 0); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_combine(ctx, NULL, pubkeys, 1) == 0); + CHECK(secp256k1_ec_pubkey_combine(CTX, NULL, pubkeys, 1) == 0); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(ecount == 2); memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, NULL, 1) == 0); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, NULL, 1) == 0); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(ecount == 3); pubkeys[0] = &pubkey_negone; memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 1) == 1); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 1) == 1); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(ecount == 3); len = 33; - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); /* Result is infinity. */ pubkeys[0] = &pubkey_one; pubkeys[1] = &pubkey_negone; memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 0); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 0); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); CHECK(ecount == 3); @@ -6344,23 +6348,23 @@ void run_eckey_edge_case_test(void) { pubkeys[2] = &pubkey_one; memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 3) == 1); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 3) == 1); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(ecount == 3); len = 33; - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(secp256k1_ec_pubkey_serialize(ctx, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); /* Adds to two. */ pubkeys[1] = &pubkey_one; memset(&pubkey, 255, sizeof(secp256k1_pubkey)); VG_UNDEF(&pubkey, sizeof(secp256k1_pubkey)); - CHECK(secp256k1_ec_pubkey_combine(ctx, &pubkey, pubkeys, 2) == 1); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 1); VG_CHECK(&pubkey, sizeof(secp256k1_pubkey)); CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); CHECK(ecount == 3); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } void run_eckey_negate_test(void) { @@ -6371,20 +6375,20 @@ void run_eckey_negate_test(void) { memcpy(seckey_tmp, seckey, 32); /* Verify negation changes the key and changes it back */ - CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 1); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) != 0); - CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 1); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Check that privkey alias gives same result */ - CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 1); - CHECK(secp256k1_ec_privkey_negate(ctx, seckey_tmp) == 1); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 1); + CHECK(secp256k1_ec_privkey_negate(CTX, seckey_tmp) == 1); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Negating all 0s fails */ memset(seckey, 0, 32); memset(seckey_tmp, 0, 32); - CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 0); /* Check that seckey is not modified */ CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); @@ -6394,7 +6398,7 @@ void run_eckey_negate_test(void) { random_scalar_order_b32(seckey); memset(seckey, 0xFF, 16); memset(seckey_tmp, 0, 32); - CHECK(secp256k1_ec_seckey_negate(ctx, seckey) == 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 0); CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); } @@ -6402,7 +6406,7 @@ void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1 secp256k1_scalar nonce; do { random_scalar_order_test(&nonce); - } while(!secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); + } while(!secp256k1_ecdsa_sig_sign(&CTX->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); } void test_ecdsa_sign_verify(void) { @@ -6415,7 +6419,7 @@ void test_ecdsa_sign_verify(void) { int recid; random_scalar_order_test(&msg); random_scalar_order_test(&key); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubj, &key); secp256k1_ge_set_gej(&pub, &pubj); getrec = secp256k1_testrand_bits(1); /* The specific way in which this conditional is written sidesteps a potential bug in clang. @@ -6434,7 +6438,7 @@ void test_ecdsa_sign_verify(void) { void run_ecdsa_sign_verify(void) { int i; - for (i = 0; i < 10*count; i++) { + for (i = 0; i < 10*COUNT; i++) { test_ecdsa_sign_verify(); } } @@ -6517,24 +6521,24 @@ void test_ecdsa_end_to_end(void) { } /* Construct and verify corresponding public key. */ - CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Verify exporting and importing public key. */ - CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyc, &pubkeyclen, &pubkey, secp256k1_testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); memset(&pubkey, 0, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); /* Verify negation changes the key and changes it back */ memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); - CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); - CHECK(secp256k1_ec_pubkey_negate(ctx, &pubkey_tmp) == 1); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); /* Verify private key import and export. */ - CHECK(ec_privkey_export_der(ctx, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); - CHECK(ec_privkey_import_der(ctx, privkey2, seckey, seckeylen) == 1); + CHECK(ec_privkey_export_der(CTX, seckey, &seckeylen, privkey, secp256k1_testrand_bits(1) == 1)); + CHECK(ec_privkey_import_der(CTX, privkey2, seckey, seckeylen) == 1); CHECK(secp256k1_memcmp_var(privkey, privkey2, 32) == 0); /* Optionally tweak the keys using addition. */ @@ -6547,17 +6551,17 @@ void test_ecdsa_end_to_end(void) { secp256k1_pubkey pubkey2; secp256k1_testrand256_test(rnd); memcpy(privkey_tmp, privkey, 32); - ret1 = secp256k1_ec_seckey_tweak_add(ctx, privkey, rnd); - ret2 = secp256k1_ec_pubkey_tweak_add(ctx, &pubkey, rnd); + ret1 = secp256k1_ec_seckey_tweak_add(CTX, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, rnd); /* Check that privkey alias gives same result */ - ret3 = secp256k1_ec_privkey_tweak_add(ctx, privkey_tmp, rnd); + ret3 = secp256k1_ec_privkey_tweak_add(CTX, privkey_tmp, rnd); CHECK(ret1 == ret2); CHECK(ret2 == ret3); if (ret1 == 0) { return; } CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } @@ -6571,29 +6575,29 @@ void test_ecdsa_end_to_end(void) { secp256k1_pubkey pubkey2; secp256k1_testrand256_test(rnd); memcpy(privkey_tmp, privkey, 32); - ret1 = secp256k1_ec_seckey_tweak_mul(ctx, privkey, rnd); - ret2 = secp256k1_ec_pubkey_tweak_mul(ctx, &pubkey, rnd); + ret1 = secp256k1_ec_seckey_tweak_mul(CTX, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, rnd); /* Check that privkey alias gives same result */ - ret3 = secp256k1_ec_privkey_tweak_mul(ctx, privkey_tmp, rnd); + ret3 = secp256k1_ec_privkey_tweak_mul(CTX, privkey_tmp, rnd); CHECK(ret1 == ret2); CHECK(ret2 == ret3); if (ret1 == 0) { return; } CHECK(secp256k1_memcmp_var(privkey, privkey_tmp, 32) == 0); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey2, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } /* Sign. */ - CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[4], message, privkey, NULL, NULL) == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &signature[1], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &signature[2], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &signature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[3], message, privkey, NULL, extra) == 1); CHECK(secp256k1_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0); @@ -6602,38 +6606,38 @@ void test_ecdsa_end_to_end(void) { CHECK(secp256k1_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0); CHECK(secp256k1_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0); /* Verify. */ - CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[1], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[2], message, &pubkey) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[3], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[1], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[2], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[3], message, &pubkey) == 1); /* Test lower-S form, malleate, verify and fail, test again, malleate again */ - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[0])); - secp256k1_ecdsa_signature_load(ctx, &r, &s, &signature[0]); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[0])); + secp256k1_ecdsa_signature_load(CTX, &r, &s, &signature[0]); secp256k1_scalar_negate(&s, &s); secp256k1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 0); - CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, &signature[5], &signature[5])); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); secp256k1_scalar_negate(&s, &s); secp256k1_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(!secp256k1_ecdsa_signature_normalize(ctx, NULL, &signature[5])); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[5], message, &pubkey) == 1); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); CHECK(secp256k1_memcmp_var(&signature[5], &signature[0], 64) == 0); /* Serialize/parse DER and verify again */ - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); memset(&signature[0], 0, sizeof(signature[0])); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); /* Serialize/destroy/parse DER and verify again. */ siglen = 74; - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); sig[secp256k1_testrand_int(siglen)] += 1 + secp256k1_testrand_int(255); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 || - secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 0 || + secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 0); } void test_random_pubkeys(void) { @@ -6711,50 +6715,50 @@ void run_pubkey_comparison(void) { secp256k1_pubkey pk2; int32_t ecount = 0; - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - CHECK(secp256k1_ec_pubkey_cmp(ctx, NULL, &pk2) < 0); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_cmp(CTX, NULL, &pk2) < 0); CHECK(ecount == 1); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, NULL) > 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, NULL) > 0); CHECK(ecount == 2); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk2) < 0); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk1) > 0); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk1) == 0); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk2) == 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk1) == 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk2) == 0); CHECK(ecount == 2); { secp256k1_pubkey pk_tmp; memset(&pk_tmp, 0, sizeof(pk_tmp)); /* illegal pubkey */ - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk_tmp, &pk2) < 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk2) < 0); CHECK(ecount == 3); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk_tmp, &pk_tmp) == 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk_tmp) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk_tmp) > 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk_tmp) > 0); CHECK(ecount == 6); } - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); /* Make pk2 the same as pk1 but with 3 rather than 2. Note that in * an uncompressed encoding, these would have the opposite ordering */ pk1_ser[0] = 3; - CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk1_ser, sizeof(pk1_ser)) == 1); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk1, &pk2) < 0); - CHECK(secp256k1_ec_pubkey_cmp(ctx, &pk2, &pk1) > 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk1_ser, sizeof(pk1_ser)) == 1); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); } void run_random_pubkeys(void) { int i; - for (i = 0; i < 10*count; i++) { + for (i = 0; i < 10*COUNT; i++) { test_random_pubkeys(); } } void run_ecdsa_end_to_end(void) { int i; - for (i = 0; i < 64*count; i++) { + for (i = 0; i < 64*COUNT; i++) { test_ecdsa_end_to_end(); } } @@ -6776,23 +6780,23 @@ int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int certainly_ size_t len_der_lax = 2048; int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0; - parsed_der = secp256k1_ecdsa_signature_parse_der(ctx, &sig_der, sig, siglen); + parsed_der = secp256k1_ecdsa_signature_parse_der(CTX, &sig_der, sig, siglen); if (parsed_der) { - ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der, &sig_der)) << 0; + ret |= (!secp256k1_ecdsa_signature_serialize_compact(CTX, compact_der, &sig_der)) << 0; valid_der = (secp256k1_memcmp_var(compact_der, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der + 32, zeroes, 32) != 0); } if (valid_der) { - ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der, &len_der, &sig_der)) << 1; + ret |= (!secp256k1_ecdsa_signature_serialize_der(CTX, roundtrip_der, &len_der, &sig_der)) << 1; roundtrips_der = (len_der == siglen) && secp256k1_memcmp_var(roundtrip_der, sig, siglen) == 0; } - parsed_der_lax = ecdsa_signature_parse_der_lax(ctx, &sig_der_lax, sig, siglen); + parsed_der_lax = ecdsa_signature_parse_der_lax(CTX, &sig_der_lax, sig, siglen); if (parsed_der_lax) { - ret |= (!secp256k1_ecdsa_signature_serialize_compact(ctx, compact_der_lax, &sig_der_lax)) << 10; + ret |= (!secp256k1_ecdsa_signature_serialize_compact(CTX, compact_der_lax, &sig_der_lax)) << 10; valid_der_lax = (secp256k1_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0); } if (valid_der_lax) { - ret |= (!secp256k1_ecdsa_signature_serialize_der(ctx, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; + ret |= (!secp256k1_ecdsa_signature_serialize_der(CTX, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; roundtrips_der_lax = (len_der_lax == siglen) && secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0; } @@ -7006,7 +7010,7 @@ static void random_ber_signature(unsigned char *sig, size_t *len, int* certainly void run_ecdsa_der_parse(void) { int i,j; - for (i = 0; i < 200 * count; i++) { + for (i = 0; i < 200 * COUNT; i++) { unsigned char buffer[2048]; size_t buflen = 0; int certainly_der = 0; @@ -7050,7 +7054,7 @@ void test_ecdsa_edge_cases(void) { secp256k1_scalar_negate(&ss, &ss); secp256k1_scalar_inverse(&ss, &ss); secp256k1_scalar_set_int(&sr, 1); - secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &keyj, &sr); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &keyj, &sr); secp256k1_ge_set_gej(&key, &keyj); msg = ss; CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); @@ -7233,71 +7237,71 @@ void test_ecdsa_edge_cases(void) { 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, }; ecount = 0; - secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 0); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); + secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); msg[31] = 0xaa; - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 1); CHECK(ecount == 0); - CHECK(secp256k1_ecdsa_sign(ctx, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, NULL, msg, key, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, key) == 1); - CHECK(secp256k1_ecdsa_verify(ctx, NULL, msg, &pubkey) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, key) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, NULL, msg, &pubkey) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, NULL, &pubkey) == 0); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, NULL, &pubkey) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, NULL) == 0); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, NULL) == 0); CHECK(ecount == 6); - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1); CHECK(ecount == 6); - CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, NULL) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, NULL) == 0); CHECK(ecount == 7); /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ - CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 0); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 0); CHECK(ecount == 8); siglen = 72; - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, NULL, &siglen, &sig) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, NULL, &siglen, &sig) == 0); CHECK(ecount == 9); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, NULL, &sig) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, NULL, &sig) == 0); CHECK(ecount == 10); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, NULL) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, NULL) == 0); CHECK(ecount == 11); - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 1); CHECK(ecount == 11); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, NULL, signature, siglen) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, NULL, signature, siglen) == 0); CHECK(ecount == 12); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, NULL, siglen) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, NULL, siglen) == 0); CHECK(ecount == 13); - CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, signature, siglen) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, signature, siglen) == 1); CHECK(ecount == 13); siglen = 10; /* Too little room for a signature does not fail via ARGCHECK. */ - CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, signature, &siglen, &sig) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 0); CHECK(ecount == 13); ecount = 0; - CHECK(secp256k1_ecdsa_signature_normalize(ctx, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_signature_normalize(CTX, NULL, NULL) == 0); CHECK(ecount == 1); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, NULL, &sig) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, NULL, &sig) == 0); CHECK(ecount == 2); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, NULL) == 0); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, NULL) == 0); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &sig) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, &sig) == 1); CHECK(ecount == 3); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, NULL, signature) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, NULL, signature) == 0); CHECK(ecount == 4); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, NULL) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, NULL) == 0); CHECK(ecount == 5); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 1); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 1); CHECK(ecount == 5); memset(signature, 255, 64); - CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 0); CHECK(ecount == 5); - secp256k1_context_set_illegal_callback(ctx, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } /* Nonce function corner cases. */ @@ -7314,33 +7318,33 @@ void test_ecdsa_edge_cases(void) { msg[31] = 1; /* High key results in signature failure. */ memset(key, 0xFF, 32); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Zero key results in signature failure. */ memset(key, 0, 32); - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, NULL, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Nonce function failure results in signature failure. */ key[31] = 1; - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_fail, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_fail, extra) == 0); CHECK(is_empty_signature(&sig)); /* The retry loop successfully makes its way to the first good value. */ - CHECK(secp256k1_ecdsa_sign(ctx, &sig, msg, key, nonce_function_test_retry, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_retry, extra) == 1); CHECK(!is_empty_signature(&sig)); - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); CHECK(!is_empty_signature(&sig2)); CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function is deterministic. */ - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function changes output with different messages. */ for(i = 0; i < 256; i++) { int j; msg[0] = i; - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + secp256k1_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } @@ -7351,9 +7355,9 @@ void test_ecdsa_edge_cases(void) { for(i = 256; i < 512; i++) { int j; key[0] = i - 256; - CHECK(secp256k1_ecdsa_sign(ctx, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - secp256k1_ecdsa_signature_load(ctx, &sr[i], &ss, &sig2); + secp256k1_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } @@ -7399,9 +7403,9 @@ void test_ecdsa_edge_cases(void) { 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, }; size_t outlen = 300; - CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 0)); + CHECK(!ec_privkey_export_der(CTX, privkey, &outlen, seckey, 0)); outlen = 300; - CHECK(!ec_privkey_export_der(ctx, privkey, &outlen, seckey, 1)); + CHECK(!ec_privkey_export_der(CTX, privkey, &outlen, seckey, 1)); } } @@ -7651,42 +7655,63 @@ int main(int argc, char **argv) { /* find iteration count */ if (argc > 1) { - count = strtol(argv[1], NULL, 0); + COUNT = strtol(argv[1], NULL, 0); } else { const char* env = getenv("SECP256K1_TEST_ITERS"); if (env && strlen(env) > 0) { - count = strtol(env, NULL, 0); + COUNT = strtol(env, NULL, 0); } } - if (count <= 0) { + if (COUNT <= 0) { fputs("An iteration count of 0 or less is not allowed.\n", stderr); return EXIT_FAILURE; } - printf("test count = %i\n", count); + printf("test count = %i\n", COUNT); /* find random seed */ secp256k1_testrand_init(argc > 2 ? argv[2] : NULL); - /* initialize */ - run_selftest_tests(); - run_context_tests(0); - run_context_tests(1); - run_scratch_tests(); + /*** Setup test environment ***/ - ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + /* Create a global context available to all tests */ + CTX = secp256k1_context_create(SECP256K1_CONTEXT_NONE); /* Randomize the context only with probability 15/16 to make sure we test without context randomization from time to time. TODO Reconsider this when recalibrating the tests. */ if (secp256k1_testrand_bits(4)) { unsigned char rand32[32]; secp256k1_testrand256(rand32); - CHECK(secp256k1_context_randomize(ctx, rand32)); + CHECK(secp256k1_context_randomize(CTX, rand32)); } + /* Make a writable copy of secp256k1_context_static in order to test the effect of API functions + that write to the context. The API does not support cloning the static context, so we use + memcpy instead. The user is not supposed to copy a context but we should still ensure that + the API functions handle copies of the static context gracefully. */ + STATIC_CTX = malloc(sizeof(*secp256k1_context_static)); + CHECK(STATIC_CTX != NULL); + memcpy(STATIC_CTX, secp256k1_context_static, sizeof(secp256k1_context)); + CHECK(!secp256k1_context_is_proper(STATIC_CTX)); + /*** Run actual tests ***/ + + /* selftest tests */ + run_selftest_tests(); + + /* context tests */ + run_proper_context_tests(0); + run_proper_context_tests(1); + run_static_context_tests(); + run_deprecated_context_flags_test(); + + /* scratch tests */ + run_scratch_tests(); + + /* randomness tests */ run_rand_bits(); run_rand_int(); run_util_tests(); + /* integer arithmetic tests */ #ifdef SECP256K1_WIDEMUL_INT128 run_int128_tests(); #endif @@ -7694,6 +7719,7 @@ int main(int argc, char **argv) { run_modinv_tests(); run_inverse_tests(); + /* hash tests */ run_sha256_known_output_tests(); run_sha256_counter_tests(); run_hmac_sha256_tests(); @@ -7755,6 +7781,7 @@ int main(int argc, char **argv) { #endif /* ecdsa tests */ + run_ec_illegal_argument_tests(); run_pubkey_comparison(); run_random_pubkeys(); run_ecdsa_der_parse(); @@ -7807,10 +7834,11 @@ int main(int argc, char **argv) { run_cmov_tests(); - secp256k1_testrand_finish(); + /*** Tear down test environment ***/ + free(STATIC_CTX); + secp256k1_context_destroy(CTX); - /* shutdown */ - secp256k1_context_destroy(ctx); + secp256k1_testrand_finish(); printf("no problems found\n"); return 0; diff --git a/src/tests_exhaustive.c b/src/tests_exhaustive.c index c001dcb8..7eccd77f 100644 --- a/src/tests_exhaustive.c +++ b/src/tests_exhaustive.c @@ -4,10 +4,6 @@ * file COPYING or https://www.opensource.org/licenses/mit-license.php.* ***********************************************************************/ -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include #include #include diff --git a/src/util.h b/src/util.h index dadb3cab..9ba6b099 100644 --- a/src/util.h +++ b/src/util.h @@ -7,10 +7,6 @@ #ifndef SECP256K1_UTIL_H #define SECP256K1_UTIL_H -#if defined HAVE_CONFIG_H -#include "libsecp256k1-config.h" -#endif - #include #include #include