frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge bitcoin-core/secp256k1#1390: tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID

Browse Source 
70303643cf42d18acbf1c020480c6bb23072dbd9 tests: add CHECK_ERROR_VOID and use it in scratch tests (Jonas Nick)
f8d7ea68dfb1a3cad1fbec2242e9affdf803fbbe tests: Replace counting_illegal_callbacks with CHECK_ILLEGAL_VOID (Jonas Nick)
a1d52e3e125bb46dac2cf6daa699e9f15167e8d4 tests: remove unnecessary test in run_ec_pubkey_parse_test (Jonas Nick)
875b0ada2526be92100034c4c7de045203de7e3f tests: remove unnecessary set_illegal_callback (Jonas Nick)

Pull request description:

  Fixes #1167

ACKs for top commit:
  siv2r:
    reACK 7030364 (tests pass locally)
  real-or-random:
    reACK 70303643cf42d18acbf1c020480c6bb23072dbd9

Tree-SHA512: 0ca1f1c92a1c3a93b412433e53e882be56f3c7c55d4cbf12683ab7d9b8a916231b6508270099bfed0bfaa9d0af19cb8fdf0fe3274112ab48d33a0bd2356f2fa7
This commit is contained in:
Tim Ruffing 2023-09-04 18:58:43 +02:00
commit 49be5be9e8
No known key found for this signature in database
GPG Key ID: 8C461CCD293F6011
5 changed files with 180 additions and 501 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/modules/ecdh/tests_impl.h
View File

@ -25,32 +25,19 @@ static int ecdh_hash_function_custom(unsigned char *output, const unsigned char
}
static void test_ecdh_api(void) {
/* Setup context that just counts errors */
secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
secp256k1_pubkey point;
unsigned char res[32];
unsigned char s_one[32] = { 0 };
int32_t ecount = 0;
s_one[31] = 1;
secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount);
CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1);
CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_one) == 1);
/* Check all NULLs are detected */
CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one, NULL, NULL) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdh(tctx, res, NULL, s_one, NULL, NULL) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdh(tctx, res, &point, NULL, NULL, NULL) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_ecdh(tctx, res, &point, s_one, NULL, NULL) == 1);
CHECK(ecount == 3);
/* Cleanup */
secp256k1_context_destroy(tctx);
CHECK(secp256k1_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1);
CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, NULL, &point, s_one, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, res, NULL, s_one, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, res, &point, NULL, NULL, NULL));
CHECK(secp256k1_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1);
}
static void test_ecdh_generator_basepoint(void) {

167
src/modules/extrakeys/tests_impl.h
View File

@ -9,11 +9,6 @@
#include "../../../include/secp256k1_extrakeys.h"
static void set_counting_callbacks(secp256k1_context *ctx0, int *ecount) {
secp256k1_context_set_error_callback(ctx0, counting_illegal_callback_fn, ecount);
secp256k1_context_set_illegal_callback(ctx0, counting_illegal_callback_fn, ecount);
}
static void test_xonly_pubkey(void) {
secp256k1_pubkey pk;
secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp;
@ -28,10 +23,6 @@ static void test_xonly_pubkey(void) {
int pk_parity;
int i;
int ecount;
set_counting_callbacks(CTX, &ecount);
secp256k1_testrand256(sk);
memset(ones32, 0xFF, 32);
secp256k1_testrand256(xy_sk);
@ -39,16 +30,12 @@ static void test_xonly_pubkey(void) {
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1);
/* Test xonly_pubkey_from_pubkey */
ecount = 0;
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk));
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL));
memset(&pk, 0, sizeof(pk));
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk));
/* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */
memset(sk, 0, sizeof(sk));
@ -72,28 +59,21 @@ static void test_xonly_pubkey(void) {
CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1);
/* Test xonly_pubkey_serialize and xonly_pubkey_parse */
ecount = 0;
CHECK(secp256k1_xonly_pubkey_serialize(CTX, NULL, &xonly_pk) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, NULL) == 0);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, NULL, &xonly_pk));
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, buf32, NULL));
CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0);
CHECK(ecount == 2);
{
/* A pubkey filled with 0s will fail to serialize due to pubkey_load
* special casing. */
secp256k1_xonly_pubkey pk_tmp;
memset(&pk_tmp, 0, sizeof(pk_tmp));
CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &pk_tmp) == 0);
/* pubkey_load calls illegal callback */
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, buf32, &pk_tmp));
}
/* pubkey_load called illegal callback */
CHECK(ecount == 3);
CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1);
ecount = 0;
CHECK(secp256k1_xonly_pubkey_parse(CTX, NULL, buf32) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_parse(CTX, NULL, buf32));
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, NULL));
/* Serialization and parse roundtrip */
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1);
@ -125,7 +105,6 @@ static void test_xonly_pubkey(void) {
CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 1);
}
}
CHECK(ecount == 2);
}
static void test_xonly_pubkey_comparison(void) {
@ -139,29 +118,26 @@ static void test_xonly_pubkey_comparison(void) {
};
secp256k1_xonly_pubkey pk1;
secp256k1_xonly_pubkey pk2;
int ecount = 0;
set_counting_callbacks(CTX, &ecount);
CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk1, pk1_ser) == 1);
CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk2, pk2_ser) == 1);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0);
CHECK(ecount == 1);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0);
CHECK(ecount == 2);
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0));
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0));
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk2) == 0);
CHECK(ecount == 2);
memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0);
CHECK(ecount == 3);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0);
CHECK(ecount == 5);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0);
CHECK(ecount == 6);
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0));
{
int32_t ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount);
CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0);
CHECK(ecount == 2);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0));
}
static void test_xonly_pubkey_tweak(void) {
@ -175,30 +151,20 @@ static void test_xonly_pubkey_tweak(void) {
unsigned char tweak[32];
int i;
int ecount;
set_counting_callbacks(CTX, &ecount);
memset(overflows, 0xff, sizeof(overflows));
secp256k1_testrand256(tweak);
secp256k1_testrand256(sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
ecount = 0;
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak));
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak));
/* NULL internal_xonly_pk zeroes the output_pk */
CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL));
/* NULL tweak zeroes the output_pk */
CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
@ -225,9 +191,7 @@ static void test_xonly_pubkey_tweak(void) {
/* Invalid pk with a valid tweak */
memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk));
secp256k1_testrand256(tweak);
ecount = 0;
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak));
CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
}
@ -244,34 +208,23 @@ static void test_xonly_pubkey_tweak_check(void) {
int pk_parity;
unsigned char tweak[32];
int ecount;
set_counting_callbacks(CTX, &ecount);
memset(overflows, 0xff, sizeof(overflows));
secp256k1_testrand256(tweak);
secp256k1_testrand256(sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
ecount = 0;
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1);
CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &output_xonly_pk) == 1);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak));
/* invalid pk_parity value */
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, 2, &internal_xonly_pk, tweak) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak));
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL));
memset(tweak, 1, sizeof(tweak));
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, NULL, &internal_pk) == 1);
@ -290,7 +243,6 @@ static void test_xonly_pubkey_tweak_check(void) {
CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0);
CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0);
CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
CHECK(ecount == 3);
}
/* Starts with an initial pubkey and recursively creates N_PUBKEYS - 1
@ -335,33 +287,22 @@ static void test_keypair(void) {
secp256k1_pubkey pk, pk_tmp;
secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp;
int pk_parity, pk_parity_tmp;
int ecount;
set_counting_callbacks(CTX, &ecount);
set_counting_callbacks(STATIC_CTX, &ecount);
CHECK(sizeof(zeros96) == sizeof(keypair));
memset(overflows, 0xFF, sizeof(overflows));
/* Test keypair_create */
ecount = 0;
secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
CHECK(ecount == 0);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
CHECK(ecount == 0);
CHECK(secp256k1_keypair_create(CTX, NULL, sk) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_keypair_create(CTX, &keypair, NULL) == 0);
CHECK_ILLEGAL(CTX, secp256k1_keypair_create(CTX, NULL, sk));
CHECK_ILLEGAL(CTX, secp256k1_keypair_create(CTX, &keypair, NULL));
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_keypair_create(STATIC_CTX, &keypair, sk) == 0);
CHECK_ILLEGAL(STATIC_CTX, secp256k1_keypair_create(STATIC_CTX, &keypair, sk));
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
CHECK(ecount == 3);
/* Invalid secret key */
CHECK(secp256k1_keypair_create(CTX, &keypair, zeros96) == 0);
@ -370,14 +311,11 @@ static void test_keypair(void) {
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
/* Test keypair_pub */
ecount = 0;
secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1);
CHECK(secp256k1_keypair_pub(CTX, NULL, &keypair) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_keypair_pub(CTX, &pk, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, NULL, &keypair));
CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, &pk, NULL));
CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0);
/* Using an invalid keypair is fine for keypair_pub */
@ -392,23 +330,19 @@ static void test_keypair(void) {
CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0);
/** Test keypair_xonly_pub **/
ecount = 0;
secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair));
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, NULL, &keypair) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL));
CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0);
/* Using an invalid keypair will set the xonly_pk to 0 (first reset
* xonly_pk). */
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1);
memset(&keypair, 0, sizeof(keypair));
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 0);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair));
CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0);
CHECK(ecount == 3);
/** keypair holds the same xonly pubkey as pubkey_create **/
CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1);
@ -419,14 +353,11 @@ static void test_keypair(void) {
CHECK(pk_parity == pk_parity_tmp);
/* Test keypair_seckey */
ecount = 0;
secp256k1_testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1);
CHECK(secp256k1_keypair_sec(CTX, NULL, &keypair) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_keypair_sec(CTX, sk_tmp, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, NULL, &keypair));
CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, sk_tmp, NULL));
CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
/* keypair returns the same seckey it got */
@ -439,9 +370,6 @@ static void test_keypair(void) {
memset(&keypair, 0, sizeof(keypair));
CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1);
CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0);
secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL);
secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL);
}
static void test_keypair_add(void) {
@ -451,9 +379,6 @@ static void test_keypair_add(void) {
unsigned char zeros96[96] = { 0 };
unsigned char tweak[32];
int i;
int ecount = 0;
set_counting_callbacks(CTX, &ecount);
CHECK(sizeof(zeros96) == sizeof(keypair));
secp256k1_testrand256(sk);
@ -462,14 +387,10 @@ static void test_keypair_add(void) {
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, NULL, tweak) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, NULL, tweak));
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, NULL));
/* This does not set the keypair to zeroes */
CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0);
@ -503,20 +424,16 @@ static void test_keypair_add(void) {
/* Invalid keypair with a valid tweak */
memset(&keypair, 0, sizeof(keypair));
secp256k1_testrand256(tweak);
ecount = 0;
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak));
CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0);
/* Only seckey part of keypair invalid */
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
memset(&keypair, 0, 32);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak));
/* Only pubkey part of keypair invalid */
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
memset(&keypair.data[32], 0, 64);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak));
/* Check that the keypair_tweak_add implementation is correct */
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);

69
src/modules/recovery/tests_impl.h
View File

@ -36,7 +36,6 @@ static void test_ecdsa_recovery_api(void) {
secp256k1_ecdsa_recoverable_signature recsig;
unsigned char privkey[32] = { 1 };
unsigned char message[32] = { 2 };
int32_t ecount = 0;
int recid = 0;
unsigned char sig[74];
unsigned char zero_privkey[32] = { 0 };
@ -45,86 +44,52 @@ static void test_ecdsa_recovery_api(void) {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount);
/* Construct and verify corresponding public key. */
CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1);
CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1);
/* Check bad contexts and NULLs for signing */
ecount = 0;
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL) == 0);
CHECK(ecount == 4);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL));
CHECK_ILLEGAL(STATIC_CTX, secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL));
/* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */
secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL);
CHECK(ecount == 4);
/* These will all fail, but not in ARG_CHECK way */
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0);
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0);
/* This one will succeed. */
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
CHECK(ecount == 4);
/* Check signing with a goofy nonce function */
/* Check bad contexts and NULLs for recovery */
ecount = 0;
CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ecdsa_recover(CTX, NULL, &recsig, message) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, NULL, &recsig, message));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL));
/* Check NULLs for conversion */
CHECK(secp256k1_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1);
ecount = 0;
CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL));
CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1);
/* Check NULLs for de/serialization */
CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1);
ecount = 0;
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL));
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &recsig) == 1);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid) == 0);
CHECK(ecount == 4);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid) == 0);
CHECK(ecount == 5);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1) == 0);
CHECK(ecount == 6);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5) == 0);
CHECK(ecount == 7);
/* overflow in signature will fail but not affect ecount */
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5));
/* overflow in signature will not result in calling illegal_callback */
memcpy(sig, over_privkey, 32);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, recid) == 0);
CHECK(ecount == 7);
/* cleanup */
secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL);
secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL);
}
static void test_ecdsa_recovery_end_to_end(void) {

65
src/modules/schnorrsig/tests_impl.h
View File

@ -116,14 +116,6 @@ static void test_schnorrsig_api(void) {
secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL};
/** setup **/
int ecount = 0;
secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount);
secp256k1_testrand256(sk1);
secp256k1_testrand256(sk2);
secp256k1_testrand256(sk3);
@ -137,57 +129,30 @@ static void test_schnorrsig_api(void) {
memset(&zero_pk, 0, sizeof(zero_pk));
/** main test body **/
ecount = 0;
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, NULL, NULL) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL) == 0);
CHECK(ecount == 4);
CHECK(secp256k1_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL) == 0);
CHECK(ecount == 5);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, msg, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL));
CHECK_ILLEGAL(STATIC_CTX, secp256k1_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL));
ecount = 0;
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams));
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, 0, &keypairs[0], &extraparams) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0);
CHECK(ecount == 4);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams));
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1);
CHECK(ecount == 4);
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0);
CHECK(ecount == 5);
CHECK(secp256k1_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
CHECK(ecount == 6);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams));
CHECK_ILLEGAL(STATIC_CTX, secp256k1_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams));
ecount = 0;
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1);
CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk[0]) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0]) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0]) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0]));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0]));
CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, 0, &pk[0]) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk) == 0);
CHECK(ecount == 4);
secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL);
secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL);
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL));
CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk));
}
/* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the

355
src/tests.c
View File

@ -52,26 +52,32 @@ static int all_bytes_equal(const void* s, unsigned char value, size_t n) {
return 1;
}
/* TODO Use CHECK_ILLEGAL(_VOID) everywhere and get rid of the uncounting callback */
/* CHECK that expr_or_stmt calls the illegal callback of ctx exactly once
*
* For checking functions that use ARG_CHECK_VOID */
#define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt) do { \
int32_t _calls_to_illegal_callback = 0; \
secp256k1_callback _saved_illegal_cb = ctx->illegal_callback; \
secp256k1_context_set_illegal_callback(ctx, \
counting_illegal_callback_fn, &_calls_to_illegal_callback); \
#define CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, callback, callback_setter) do { \
int32_t _calls_to_callback = 0; \
secp256k1_callback _saved_callback = ctx->callback; \
callback_setter(ctx, counting_callback_fn, &_calls_to_callback); \
{ expr_or_stmt; } \
ctx->illegal_callback = _saved_illegal_cb; \
CHECK(_calls_to_illegal_callback == 1); \
ctx->callback = _saved_callback; \
CHECK(_calls_to_callback == 1); \
} while(0);
/* CHECK that expr calls the illegal callback of ctx exactly once and that expr == 0
/* CHECK that expr_or_stmt calls the error or illegal callback of ctx exactly once
*
* For checking functions that use ARG_CHECK */
#define CHECK_ILLEGAL(ctx, expr) CHECK_ILLEGAL_VOID(ctx, CHECK((expr) == 0))
* Useful for checking functions that return void (e.g., API functions that use ARG_CHECK_VOID) */
#define CHECK_ERROR_VOID(ctx, expr_or_stmt) \
CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, error_callback, secp256k1_context_set_error_callback)
#define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt) \
CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, illegal_callback, secp256k1_context_set_illegal_callback)
static void counting_illegal_callback_fn(const char* str, void* data) {
/* CHECK that
* - expr calls the illegal callback of ctx exactly once and,
* - expr == 0 (or equivalently, expr == NULL)
*
* Useful for checking functions that return an integer or a pointer. */
#define CHECK_ILLEGAL(ctx, expr) CHECK_ILLEGAL_VOID(ctx, CHECK((expr) == 0))
#define CHECK_ERROR(ctx, expr) CHECK_ERROR_VOID(ctx, CHECK((expr) == 0))
static void counting_callback_fn(const char* str, void* data) {
/* Dummy callback function that just counts. */
int32_t *p;
(void)str;
@ -273,55 +279,34 @@ static void run_deprecated_context_flags_test(void) {
}
static void run_ec_illegal_argument_tests(void) {
int ecount = 0;
int ecount2 = 10;
secp256k1_pubkey pubkey;
secp256k1_pubkey zero_pubkey;
secp256k1_ecdsa_signature sig;
unsigned char ctmp[32];
/* Setup */
secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount2);
memset(ctmp, 1, 32);
memset(&zero_pubkey, 0, sizeof(zero_pubkey));
/* Verify context-type checking illegal-argument errors. */
CHECK(secp256k1_ec_pubkey_create(STATIC_CTX, &pubkey, ctmp) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(STATIC_CTX, secp256k1_ec_pubkey_create(STATIC_CTX, &pubkey, ctmp));
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ecdsa_sign(STATIC_CTX, &sig, ctmp, ctmp, NULL, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(STATIC_CTX, secp256k1_ecdsa_sign(STATIC_CTX, &sig, ctmp, ctmp, NULL, NULL));
SECP256K1_CHECKMEM_UNDEFINE(&sig, sizeof(sig));
CHECK(secp256k1_ecdsa_sign(CTX, &sig, ctmp, ctmp, NULL, NULL) == 1);
SECP256K1_CHECKMEM_CHECK(&sig, sizeof(sig));
CHECK(ecount2 == 10);
CHECK(secp256k1_ecdsa_verify(CTX, &sig, ctmp, &pubkey) == 1);
CHECK(ecount2 == 10);
CHECK(secp256k1_ecdsa_verify(STATIC_CTX, &sig, ctmp, &pubkey) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp) == 1);
CHECK(ecount2 == 10);
CHECK(secp256k1_ec_pubkey_tweak_add(STATIC_CTX, &pubkey, ctmp) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp) == 1);
CHECK(ecount2 == 10);
CHECK(secp256k1_ec_pubkey_negate(STATIC_CTX, &pubkey) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey) == 1);
CHECK(ecount == 2);
CHECK(secp256k1_ec_pubkey_negate(STATIC_CTX, &zero_pubkey) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_ec_pubkey_negate(CTX, NULL) == 0);
CHECK(ecount2 == 11);
CHECK_ILLEGAL(STATIC_CTX, secp256k1_ec_pubkey_negate(STATIC_CTX, &zero_pubkey));
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_negate(CTX, NULL));
CHECK(secp256k1_ec_pubkey_tweak_mul(STATIC_CTX, &pubkey, ctmp) == 1);
CHECK(ecount == 3);
/* Clean up */
secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
static void run_static_context_tests(int use_prealloc) {
@ -356,8 +341,8 @@ static void run_static_context_tests(int use_prealloc) {
{
/* Verify that setting and resetting illegal callback works */
int32_t dummy = 0;
secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &dummy);
CHECK(STATIC_CTX->illegal_callback.fn == counting_illegal_callback_fn);
secp256k1_context_set_illegal_callback(STATIC_CTX, counting_callback_fn, &dummy);
CHECK(STATIC_CTX->illegal_callback.fn == counting_callback_fn);
CHECK(STATIC_CTX->illegal_callback.data == &dummy);
secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL);
CHECK(STATIC_CTX->illegal_callback.fn == secp256k1_default_illegal_callback_fn);
@ -448,8 +433,8 @@ static void run_proper_context_tests(int use_prealloc) {
CHECK(context_eq(my_ctx, my_ctx_fresh));
/* Verify that setting and resetting illegal callback works */
secp256k1_context_set_illegal_callback(my_ctx, counting_illegal_callback_fn, &dummy);
CHECK(my_ctx->illegal_callback.fn == counting_illegal_callback_fn);
secp256k1_context_set_illegal_callback(my_ctx, counting_callback_fn, &dummy);
CHECK(my_ctx->illegal_callback.fn == counting_callback_fn);
CHECK(my_ctx->illegal_callback.data == &dummy);
secp256k1_context_set_illegal_callback(my_ctx, NULL, NULL);
CHECK(my_ctx->illegal_callback.fn == secp256k1_default_illegal_callback_fn);
@ -490,19 +475,14 @@ static void run_proper_context_tests(int use_prealloc) {
static void run_scratch_tests(void) {
const size_t adj_alloc = ((500 + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT;
int32_t ecount = 0;
size_t checkpoint;
size_t checkpoint_2;
secp256k1_scratch_space *scratch;
secp256k1_scratch_space local_scratch;
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount);
/* Test public API */
scratch = secp256k1_scratch_space_create(CTX, 1000);
CHECK(scratch != NULL);
CHECK(ecount == 0);
/* Test internal API */
CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000);
@ -535,22 +515,16 @@ static void run_scratch_tests(void) {
/* try to apply a bad checkpoint */
checkpoint_2 = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch);
secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint);
CHECK(ecount == 0);
secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint_2); /* checkpoint_2 is after checkpoint */
CHECK(ecount == 1);
secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, (size_t) -1); /* this is just wildly invalid */
CHECK(ecount == 2);
CHECK_ERROR_VOID(CTX, secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint_2)); /* checkpoint_2 is after checkpoint */
CHECK_ERROR_VOID(CTX, secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, (size_t) -1)); /* this is just wildly invalid */
/* try to use badly initialized scratch space */
secp256k1_scratch_space_destroy(CTX, scratch);
memset(&local_scratch, 0, sizeof(local_scratch));
scratch = &local_scratch;
CHECK(!secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0));
CHECK(ecount == 3);
CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) == NULL);
CHECK(ecount == 4);
secp256k1_scratch_space_destroy(CTX, scratch);
CHECK(ecount == 5);
CHECK_ERROR(CTX, secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0));
CHECK_ERROR(CTX, secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500));
CHECK_ERROR_VOID(CTX, secp256k1_scratch_space_destroy(CTX, scratch));
/* Test that large integers do not wrap around in a bad way */
scratch = secp256k1_scratch_space_create(CTX, 1000);
@ -566,9 +540,6 @@ static void run_scratch_tests(void) {
/* cleanup */
secp256k1_scratch_space_destroy(CTX, NULL); /* no-op */
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
secp256k1_context_set_error_callback(CTX, NULL, NULL);
}
static void run_ctz_tests(void) {
@ -848,7 +819,6 @@ static void run_rfc6979_hmac_sha256_tests(void) {
}
static void run_tagged_sha256_tests(void) {
int ecount = 0;
unsigned char tag[32] = { 0 };
unsigned char msg[32] = { 0 };
unsigned char hash32[32];
@ -859,16 +829,11 @@ static void run_tagged_sha256_tests(void) {
0xE2, 0x76, 0x55, 0x9A, 0x3B, 0xDE, 0x55, 0xB3
};
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
/* API test */
CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1);
CHECK(secp256k1_tagged_sha256(CTX, NULL, tag, sizeof(tag), msg, sizeof(msg)) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_tagged_sha256(CTX, hash32, NULL, 0, msg, sizeof(msg)) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), NULL, 0) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, NULL, tag, sizeof(tag), msg, sizeof(msg)));
CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, hash32, NULL, 0, msg, sizeof(msg)));
CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), NULL, 0));
/* Static test vector */
memcpy(tag, "tag", 3);
@ -5729,9 +5694,7 @@ static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, in
secp256k1_pubkey pubkey;
secp256k1_ge ge;
size_t pubkeyclen;
int32_t ecount;
ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) {
/* Smaller sizes are tested exhaustively elsewhere. */
int32_t i;
@ -5756,7 +5719,6 @@ static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, in
size_t outl;
memset(&pubkey, 0, sizeof(pubkey));
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
ecount = 0;
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
outl = 65;
@ -5782,21 +5744,16 @@ static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, in
CHECK(pubkeyo[0] == 4);
CHECK(secp256k1_memcmp_var(&pubkeyo[1], input, 64) == 0);
}
CHECK(ecount == 0);
} else {
/* These cases must fail to parse. */
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
}
}
}
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
static void run_ec_pubkey_parse_test(void) {
@ -5979,142 +5936,99 @@ static void run_ec_pubkey_parse_test(void) {
0xB8, 0x00
};
unsigned char sout[65];
unsigned char shortkey[2];
unsigned char shortkey[2] = { 0 };
secp256k1_ge ge;
secp256k1_pubkey pubkey;
size_t len;
int32_t i;
int32_t ecount;
int32_t ecount2;
ecount = 0;
/* Nothing should be reading this far into pubkeyc. */
SECP256K1_CHECKMEM_UNDEFINE(&pubkeyc[65], 1);
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
/* Zero length claimed, fail, zeroize, no illegal arg error. */
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(shortkey, 2);
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 0) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
/* Length one claimed, fail, zeroize, no illegal arg error. */
for (i = 0; i < 256 ; i++) {
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
shortkey[0] = i;
SECP256K1_CHECKMEM_UNDEFINE(&shortkey[1], 1);
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 1) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
}
/* Length two claimed, fail, zeroize, no illegal arg error. */
for (i = 0; i < 65536 ; i++) {
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
shortkey[0] = i & 255;
shortkey[1] = i >> 8;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 2) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
}
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
/* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 33) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
/* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */
CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, pubkeyc, 65) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, NULL, pubkeyc, 65));
/* NULL input string. Illegal arg and zeroize output. */
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, NULL, 65) == 0);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, &pubkey, NULL, 65));
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 1);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
/* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 64) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
/* 66 bytes claimed, fail, zeroize output, no illegal arg error. */
memset(&pubkey, 0xfe, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 66) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey));
/* Valid parse. */
memset(&pubkey, 0, sizeof(pubkey));
ecount = 0;
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 65) == 1);
CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_static, &pubkey, pubkeyc, 65) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey));
CHECK(ecount == 0);
SECP256K1_CHECKMEM_UNDEFINE(&ge, sizeof(ge));
CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 1);
SECP256K1_CHECKMEM_CHECK(&ge.x, sizeof(ge.x));
SECP256K1_CHECKMEM_CHECK(&ge.y, sizeof(ge.y));
SECP256K1_CHECKMEM_CHECK(&ge.infinity, sizeof(ge.infinity));
ge_equals_ge(&secp256k1_ge_const_g, &ge);
CHECK(ecount == 0);
/* secp256k1_ec_pubkey_serialize illegal args. */
ecount = 0;
len = 65;
CHECK(secp256k1_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED));
CHECK(len == 0);
CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED));
len = 65;
SECP256K1_CHECKMEM_UNDEFINE(sout, 65);
CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED) == 0);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED));
SECP256K1_CHECKMEM_CHECK(sout, 65);
CHECK(ecount == 3);
CHECK(len == 0);
len = 65;
CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, ~0) == 0);
CHECK(ecount == 4);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, ~0));
CHECK(len == 0);
len = 65;
SECP256K1_CHECKMEM_UNDEFINE(sout, 65);
CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1);
SECP256K1_CHECKMEM_CHECK(sout, 65);
CHECK(ecount == 4);
CHECK(len == 65);
/* Multiple illegal args. Should still set arg error only once. */
ecount = 0;
ecount2 = 11;
CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65) == 0);
CHECK(ecount == 1);
/* Does the illegal arg callback actually change the behavior? */
secp256k1_context_set_illegal_callback(CTX, uncounting_illegal_callback_fn, &ecount2);
CHECK(secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65) == 0);
CHECK(ecount == 1);
CHECK(ecount2 == 10);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65));
/* Try a bunch of prefabbed points with all possible encodings. */
for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) {
ec_pubkey_parse_pointtest(valid[i], 1, 1);
@ -6143,7 +6057,6 @@ static void run_eckey_edge_case_test(void) {
secp256k1_pubkey pubkey_negone;
const secp256k1_pubkey *pubkeys[3];
size_t len;
int32_t ecount;
/* Group order is too large, reject. */
CHECK(secp256k1_ec_seckey_verify(CTX, orderc) == 0);
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey));
@ -6265,88 +6178,59 @@ static void run_eckey_edge_case_test(void) {
ctmp2[31] = 2;
CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 1);
CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0);
/* Test argument errors. */
ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
CHECK(ecount == 0);
/* Zeroize pubkey on parse error. */
memset(&pubkey, 0, 32);
CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0);
memcpy(&pubkey, &pubkey2, sizeof(pubkey));
memset(&pubkey2, 0, 32);
CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2));
CHECK(secp256k1_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0);
/* Plain argument errors. */
ecount = 0;
CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ec_seckey_verify(CTX, NULL) == 0);
CHECK(ecount == 1);
ecount = 0;
CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_verify(CTX, NULL));
memset(ctmp2, 0, 32);
ctmp2[31] = 4;
CHECK(secp256k1_ec_pubkey_tweak_add(CTX, NULL, ctmp2) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, NULL) == 0);
CHECK(ecount == 2);
ecount = 0;
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, NULL, ctmp2));
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, NULL));
memset(ctmp2, 0, 32);
ctmp2[31] = 4;
CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, NULL, ctmp2) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, NULL) == 0);
CHECK(ecount == 2);
ecount = 0;
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, NULL, ctmp2));
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, NULL));
memset(ctmp2, 0, 32);
CHECK(secp256k1_ec_seckey_tweak_add(CTX, NULL, ctmp2) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, NULL) == 0);
CHECK(ecount == 2);
ecount = 0;
CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_add(CTX, NULL, ctmp2));
CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_add(CTX, ctmp, NULL));
memset(ctmp2, 0, 32);
ctmp2[31] = 1;
CHECK(secp256k1_ec_seckey_tweak_mul(CTX, NULL, ctmp2) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, NULL) == 0);
CHECK(ecount == 2);
ecount = 0;
CHECK(secp256k1_ec_pubkey_create(CTX, NULL, ctmp) == 0);
CHECK(ecount == 1);
CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_mul(CTX, NULL, ctmp2));
CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_mul(CTX, ctmp, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, NULL, ctmp));
memset(&pubkey, 1, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, NULL) == 0);
CHECK(ecount == 2);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, &pubkey, NULL));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
/* secp256k1_ec_pubkey_combine tests. */
ecount = 0;
pubkeys[0] = &pubkey_one;
SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[0], sizeof(secp256k1_pubkey *));
SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[1], sizeof(secp256k1_pubkey *));
SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[2], sizeof(secp256k1_pubkey *));
memset(&pubkey, 255, sizeof(secp256k1_pubkey));
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 0) == 0);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 0));
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_combine(CTX, NULL, pubkeys, 1) == 0);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, NULL, pubkeys, 1));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 2);
memset(&pubkey, 255, sizeof(secp256k1_pubkey));
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, NULL, 1) == 0);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, &pubkey, NULL, 1));
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 3);
pubkeys[0] = &pubkey_negone;
memset(&pubkey, 255, sizeof(secp256k1_pubkey));
SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 1) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3);
len = 33;
CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1);
@ -6359,7 +6243,6 @@ static void run_eckey_edge_case_test(void) {
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 0);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0);
CHECK(ecount == 3);
/* Passes through infinity but comes out one. */
pubkeys[2] = &pubkey_one;
memset(&pubkey, 255, sizeof(secp256k1_pubkey));
@ -6367,7 +6250,6 @@ static void run_eckey_edge_case_test(void) {
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 3) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3);
len = 33;
CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1);
@ -6379,8 +6261,6 @@ static void run_eckey_edge_case_test(void) {
CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 1);
SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey));
CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0);
CHECK(ecount == 3);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
static void run_eckey_negate_test(void) {
@ -6729,34 +6609,30 @@ static void run_pubkey_comparison(void) {
};
secp256k1_pubkey pk1;
secp256k1_pubkey pk2;
int32_t ecount = 0;
CHECK(secp256k1_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1);
CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1);
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
CHECK(secp256k1_ec_pubkey_cmp(CTX, NULL, &pk2) < 0);
CHECK(ecount == 1);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, NULL) > 0);
CHECK(ecount == 2);
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, NULL, &pk2) < 0));
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, NULL) > 0));
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk1) == 0);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk2) == 0);
CHECK(ecount == 2);
{
secp256k1_pubkey pk_tmp;
memset(&pk_tmp, 0, sizeof(pk_tmp)); /* illegal pubkey */
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk2) < 0);
CHECK(ecount == 3);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk_tmp) == 0);
CHECK(ecount == 5);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk_tmp) > 0);
CHECK(ecount == 6);
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk2) < 0));
{
int32_t ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount);
CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk_tmp) == 0);
CHECK(ecount == 2);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk_tmp) > 0));
}
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
/* Make pk2 the same as pk1 but with 3 rather than 2. Note that in
* an uncompressed encoding, these would have the opposite ordering */
pk1_ser[0] = 3;
@ -7226,7 +7102,6 @@ static void test_ecdsa_edge_cases(void) {
{
secp256k1_pubkey pubkey;
size_t siglen;
int32_t ecount;
unsigned char signature[72];
static const unsigned char nonce[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -7252,72 +7127,42 @@ static void test_ecdsa_edge_cases(void) {
0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62,
0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9,
};
ecount = 0;
secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount);
CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 0);
CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 0);
msg[31] = 0xaa;
CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ecdsa_sign(CTX, NULL, msg, key, precomputed_nonce_function, nonce2) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_sign(CTX, &sig, NULL, key, precomputed_nonce_function, nonce2) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, NULL, precomputed_nonce_function, nonce2) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, NULL, msg, key, precomputed_nonce_function, nonce2));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, &sig, NULL, key, precomputed_nonce_function, nonce2));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, &sig, msg, NULL, precomputed_nonce_function, nonce2));
CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 1);
CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, key) == 1);
CHECK(secp256k1_ecdsa_verify(CTX, NULL, msg, &pubkey) == 0);
CHECK(ecount == 4);
CHECK(secp256k1_ecdsa_verify(CTX, &sig, NULL, &pubkey) == 0);
CHECK(ecount == 5);
CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, NULL) == 0);
CHECK(ecount == 6);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, NULL, msg, &pubkey));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, NULL, &pubkey));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, msg, NULL));
CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1);
CHECK(ecount == 6);
CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, NULL) == 0);
CHECK(ecount == 7);
CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, &pubkey, NULL));
/* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */
CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 0);
CHECK(ecount == 8);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey));
siglen = 72;
CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, NULL, &siglen, &sig) == 0);
CHECK(ecount == 9);
CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, NULL, &sig) == 0);
CHECK(ecount == 10);
CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, NULL) == 0);
CHECK(ecount == 11);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, NULL, &siglen, &sig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, signature, NULL, &sig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 1);
CHECK(ecount == 11);
CHECK(secp256k1_ecdsa_signature_parse_der(CTX, NULL, signature, siglen) == 0);
CHECK(ecount == 12);
CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, NULL, siglen) == 0);
CHECK(ecount == 13);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_der(CTX, NULL, signature, siglen));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_der(CTX, &sig, NULL, siglen));
CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, signature, siglen) == 1);
CHECK(ecount == 13);
siglen = 10;
/* Too little room for a signature does not fail via ARGCHECK. */
CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 0);
CHECK(ecount == 13);
ecount = 0;
CHECK(secp256k1_ecdsa_signature_normalize(CTX, NULL, NULL) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, NULL, &sig) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, NULL) == 0);
CHECK(ecount == 3);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_normalize(CTX, NULL, NULL));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_compact(CTX, NULL, &sig));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_compact(CTX, signature, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, &sig) == 1);
CHECK(ecount == 3);
CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, NULL, signature) == 0);
CHECK(ecount == 4);
CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, NULL) == 0);
CHECK(ecount == 5);
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_compact(CTX, NULL, signature));
CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_compact(CTX, &sig, NULL));
CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 1);
CHECK(ecount == 5);
memset(signature, 255, 64);
CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 0);
CHECK(ecount == 5);
secp256k1_context_set_illegal_callback(CTX, NULL, NULL);
}
/* Nonce function corner cases. */