Merge pull request #246 from jonasnick/temp-merge-1187
Upstream PRs 1174, 1154, 1178, 1177, 1171, 1158, 1183, 1185, 1186, 1188, 1187
This commit is contained in:
		
						commit
						7aa9887128
					
				| @ -1,6 +1,7 @@ | |||||||
| env: | env: | ||||||
|   ### compiler options |   ### compiler options | ||||||
|   HOST: |   HOST: | ||||||
|  |   WRAPPER_CMD: | ||||||
|   # Specific warnings can be disabled with -Wno-error=foo. |   # Specific warnings can be disabled with -Wno-error=foo. | ||||||
|   # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. |   # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. | ||||||
|   WERROR_CFLAGS: -Werror -pedantic-errors |   WERROR_CFLAGS: -Werror -pedantic-errors | ||||||
| @ -41,6 +42,8 @@ cat_logs_snippet: &CAT_LOGS | |||||||
|   always: |   always: | ||||||
|     cat_tests_log_script: |     cat_tests_log_script: | ||||||
|       - cat tests.log || true |       - cat tests.log || true | ||||||
|  |     cat_noverify_tests_log_script: | ||||||
|  |       - cat noverify_tests.log || true | ||||||
|     cat_exhaustive_tests_log_script: |     cat_exhaustive_tests_log_script: | ||||||
|       - cat exhaustive_tests.log || true |       - cat exhaustive_tests.log || true | ||||||
|     cat_valgrind_ctime_test_log_script: |     cat_valgrind_ctime_test_log_script: | ||||||
|  | |||||||
							
								
								
									
										3
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -47,8 +47,6 @@ coverage.*.html | |||||||
| *.gcno | *.gcno | ||||||
| *.gcov | *.gcov | ||||||
| 
 | 
 | ||||||
| src/libsecp256k1-config.h |  | ||||||
| src/libsecp256k1-config.h.in |  | ||||||
| build-aux/ar-lib | build-aux/ar-lib | ||||||
| build-aux/config.guess | build-aux/config.guess | ||||||
| build-aux/config.sub | build-aux/config.sub | ||||||
| @ -63,7 +61,6 @@ build-aux/m4/ltversion.m4 | |||||||
| build-aux/missing | build-aux/missing | ||||||
| build-aux/compile | build-aux/compile | ||||||
| build-aux/test-driver | build-aux/test-driver | ||||||
| src/stamp-h1 |  | ||||||
| libsecp256k1.pc | libsecp256k1.pc | ||||||
| contrib/gh-pr-create.sh | contrib/gh-pr-create.sh | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										25
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										25
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @ -3,29 +3,40 @@ Instead, it is the changelog of the upstream library [libsecp256k1](https://gith | |||||||
| 
 | 
 | ||||||
| # Changelog | # Changelog | ||||||
| 
 | 
 | ||||||
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). | All notable changes to this project will be documented in this file. | ||||||
|  | 
 | ||||||
|  | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | ||||||
|  | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||||||
| 
 | 
 | ||||||
| ## [Unreleased] | ## [Unreleased] | ||||||
| 
 | 
 | ||||||
| ## [0.2.0] - 2022-12-12 | ## [0.2.0] - 2022-12-12 | ||||||
| 
 | 
 | ||||||
| ### Added | #### Added | ||||||
|  |  - Added usage examples for common use cases in a new `examples/` directory. | ||||||
|  - Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`. |  - Added `secp256k1_selftest`, to be used in conjunction with `secp256k1_context_static`. | ||||||
|  |  - Added support for 128-bit wide multiplication on MSVC for x86_64 and arm64, giving roughly a 20% speedup on those platforms. | ||||||
| 
 | 
 | ||||||
| ### Changed | #### Changed | ||||||
|  - Enabled modules schnorrsig, extrakeys and ECDH by default in `./configure`. |  - Enabled modules `schnorrsig`, `extrakeys` and `ecdh` by default in `./configure`. | ||||||
|  |  - The `secp256k1_nonce_function_rfc6979` nonce function, used by default by `secp256k1_ecdsa_sign`, now reduces the message hash modulo the group order to match the specification. This only affects improper use of ECDSA signing API. | ||||||
| 
 | 
 | ||||||
| ### Deprecated | #### Deprecated | ||||||
|  - Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead. |  - Deprecated context flags `SECP256K1_CONTEXT_VERIFY` and `SECP256K1_CONTEXT_SIGN`. Use `SECP256K1_CONTEXT_NONE` instead. | ||||||
|  - Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`. |  - Renamed `secp256k1_context_no_precomp` to `secp256k1_context_static`. | ||||||
|  |  - Module `schnorrsig`: renamed `secp256k1_schnorrsig_sign` to `secp256k1_schnorrsig_sign32`. | ||||||
| 
 | 
 | ||||||
| ### ABI Compatibility | #### ABI Compatibility | ||||||
| 
 | 
 | ||||||
| Since this is the first release, we do not compare application binary interfaces. | Since this is the first release, we do not compare application binary interfaces. | ||||||
| However, there are unreleased versions of libsecp256k1 that are *not* ABI compatible with this version. | However, there are earlier unreleased versions of libsecp256k1 that are *not* ABI compatible with this version. | ||||||
| 
 | 
 | ||||||
| ## [0.1.0] - 2013-03-05 to 2021-12-25 | ## [0.1.0] - 2013-03-05 to 2021-12-25 | ||||||
| 
 | 
 | ||||||
| This version was in fact never released. | This version was in fact never released. | ||||||
| The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6). | The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6). | ||||||
| Therefore, this version number does not uniquely identify a set of source files. | Therefore, this version number does not uniquely identify a set of source files. | ||||||
|  | 
 | ||||||
|  | [unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.2.0...HEAD | ||||||
|  | [0.2.0]: https://github.com/bitcoin-core/secp256k1/compare/423b6d19d373f1224fd671a982584d7e7900bc93..v0.2.0 | ||||||
|  | [0.1.0]: https://github.com/bitcoin-core/secp256k1/commit/423b6d19d373f1224fd671a982584d7e7900bc93 | ||||||
|  | |||||||
							
								
								
									
										36
									
								
								Makefile.am
									
									
									
									
									
								
							
							
						
						
									
										36
									
								
								Makefile.am
									
									
									
									
									
								
							| @ -75,7 +75,7 @@ noinst_HEADERS += examples/random.h | |||||||
| PRECOMPUTED_LIB = libsecp256k1_precomputed.la | PRECOMPUTED_LIB = libsecp256k1_precomputed.la | ||||||
| noinst_LTLIBRARIES = $(PRECOMPUTED_LIB) | noinst_LTLIBRARIES = $(PRECOMPUTED_LIB) | ||||||
| libsecp256k1_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c | libsecp256k1_precomputed_la_SOURCES =  src/precomputed_ecmult.c src/precomputed_ecmult_gen.c | ||||||
| libsecp256k1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES) | libsecp256k1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| 
 | 
 | ||||||
| if USE_EXTERNAL_ASM | if USE_EXTERNAL_ASM | ||||||
| COMMON_LIB = libsecp256k1_common.la | COMMON_LIB = libsecp256k1_common.la | ||||||
| @ -94,7 +94,7 @@ endif | |||||||
| endif | endif | ||||||
| 
 | 
 | ||||||
| libsecp256k1_la_SOURCES = src/secp256k1.c | libsecp256k1_la_SOURCES = src/secp256k1.c | ||||||
| libsecp256k1_la_CPPFLAGS = $(SECP_INCLUDES) | libsecp256k1_la_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | ||||||
| libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE) | libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE) | ||||||
| 
 | 
 | ||||||
| @ -107,37 +107,43 @@ if USE_BENCHMARK | |||||||
| noinst_PROGRAMS += bench bench_internal bench_ecmult | noinst_PROGRAMS += bench bench_internal bench_ecmult | ||||||
| bench_SOURCES = src/bench.c | bench_SOURCES = src/bench.c | ||||||
| bench_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) | bench_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) | ||||||
|  | bench_CPPFLAGS = $(SECP_CONFIG_DEFINES) | ||||||
| bench_internal_SOURCES = src/bench_internal.c | bench_internal_SOURCES = src/bench_internal.c | ||||||
| bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | ||||||
| bench_internal_CPPFLAGS = $(SECP_INCLUDES) | bench_internal_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| bench_ecmult_SOURCES = src/bench_ecmult.c | bench_ecmult_SOURCES = src/bench_ecmult.c | ||||||
| bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | ||||||
| bench_ecmult_CPPFLAGS = $(SECP_INCLUDES) | bench_ecmult_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| endif | endif | ||||||
| 
 | 
 | ||||||
| TESTS = | TESTS = | ||||||
| if USE_TESTS | if USE_TESTS | ||||||
| noinst_PROGRAMS += tests | TESTS += noverify_tests | ||||||
| tests_SOURCES = src/tests.c | noinst_PROGRAMS += noverify_tests | ||||||
| tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) | noverify_tests_SOURCES = src/tests.c | ||||||
|  | noverify_tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
|  | noverify_tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) | ||||||
|  | noverify_tests_LDFLAGS = -static | ||||||
| if VALGRIND_ENABLED | if VALGRIND_ENABLED | ||||||
| tests_CPPFLAGS += -DVALGRIND | noverify_tests_CPPFLAGS += -DVALGRIND | ||||||
| noinst_PROGRAMS += valgrind_ctime_test | noinst_PROGRAMS += valgrind_ctime_test | ||||||
| valgrind_ctime_test_SOURCES = src/valgrind_ctime_test.c | valgrind_ctime_test_SOURCES = src/valgrind_ctime_test.c | ||||||
| valgrind_ctime_test_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) | valgrind_ctime_test_LDADD = libsecp256k1.la $(SECP_LIBS) $(COMMON_LIB) | ||||||
| endif | endif | ||||||
| if !ENABLE_COVERAGE | if !ENABLE_COVERAGE | ||||||
| tests_CPPFLAGS += -DVERIFY |  | ||||||
| endif |  | ||||||
| tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB) |  | ||||||
| tests_LDFLAGS = -static |  | ||||||
| TESTS += tests | TESTS += tests | ||||||
|  | noinst_PROGRAMS += tests | ||||||
|  | tests_SOURCES  = $(noverify_tests_SOURCES) | ||||||
|  | tests_CPPFLAGS = $(noverify_tests_CPPFLAGS) -DVERIFY | ||||||
|  | tests_LDADD    = $(noverify_tests_LDADD) | ||||||
|  | tests_LDFLAGS  = $(noverify_tests_LDFLAGS) | ||||||
|  | endif | ||||||
| endif | endif | ||||||
| 
 | 
 | ||||||
| if USE_EXHAUSTIVE_TESTS | if USE_EXHAUSTIVE_TESTS | ||||||
| noinst_PROGRAMS += exhaustive_tests | noinst_PROGRAMS += exhaustive_tests | ||||||
| exhaustive_tests_SOURCES = src/tests_exhaustive.c | exhaustive_tests_SOURCES = src/tests_exhaustive.c | ||||||
| exhaustive_tests_CPPFLAGS = $(SECP_INCLUDES) | exhaustive_tests_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| if !ENABLE_COVERAGE | if !ENABLE_COVERAGE | ||||||
| exhaustive_tests_CPPFLAGS += -DVERIFY | exhaustive_tests_CPPFLAGS += -DVERIFY | ||||||
| endif | endif | ||||||
| @ -197,11 +203,11 @@ EXTRA_PROGRAMS = precompute_ecmult precompute_ecmult_gen | |||||||
| CLEANFILES = $(EXTRA_PROGRAMS) | CLEANFILES = $(EXTRA_PROGRAMS) | ||||||
| 
 | 
 | ||||||
| precompute_ecmult_SOURCES = src/precompute_ecmult.c | precompute_ecmult_SOURCES = src/precompute_ecmult.c | ||||||
| precompute_ecmult_CPPFLAGS = $(SECP_INCLUDES) | precompute_ecmult_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| precompute_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) | precompute_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) | ||||||
| 
 | 
 | ||||||
| precompute_ecmult_gen_SOURCES = src/precompute_ecmult_gen.c | precompute_ecmult_gen_SOURCES = src/precompute_ecmult_gen.c | ||||||
| precompute_ecmult_gen_CPPFLAGS = $(SECP_INCLUDES) | precompute_ecmult_gen_CPPFLAGS = $(SECP_INCLUDES) $(SECP_CONFIG_DEFINES) | ||||||
| precompute_ecmult_gen_LDADD = $(SECP_LIBS) $(COMMON_LIB) | precompute_ecmult_gen_LDADD = $(SECP_LIBS) $(COMMON_LIB) | ||||||
| 
 | 
 | ||||||
| # See Automake manual, Section "Errors with distclean".
 | # See Automake manual, Section "Errors with distclean".
 | ||||||
|  | |||||||
| @ -20,7 +20,7 @@ if test x"$has_valgrind" != x"yes"; then | |||||||
|     #if defined(NVALGRIND) |     #if defined(NVALGRIND) | ||||||
|     #  error "Valgrind does not support this platform." |     #  error "Valgrind does not support this platform." | ||||||
|     #endif |     #endif | ||||||
|   ]])], [has_valgrind=yes; AC_DEFINE(HAVE_VALGRIND,1,[Define this symbol if valgrind is installed, and it supports the host platform])]) |   ]])], [has_valgrind=yes]) | ||||||
| fi | fi | ||||||
| AC_MSG_RESULT($has_valgrind) | AC_MSG_RESULT($has_valgrind) | ||||||
| ]) | ]) | ||||||
|  | |||||||
							
								
								
									
										17
									
								
								ci/cirrus.sh
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								ci/cirrus.sh
									
									
									
									
									
								
							| @ -1,7 +1,6 @@ | |||||||
| #!/bin/sh | #!/bin/sh | ||||||
| 
 | 
 | ||||||
| set -e | set -eux | ||||||
| set -x |  | ||||||
| 
 | 
 | ||||||
| export LC_ALL=C | export LC_ALL=C | ||||||
| 
 | 
 | ||||||
| @ -11,15 +10,21 @@ print_environment() { | |||||||
|     set +x |     set +x | ||||||
|     # There are many ways to print variable names and their content. This one |     # There are many ways to print variable names and their content. This one | ||||||
|     # does not rely on bash. |     # does not rely on bash. | ||||||
|     for i in WERROR_CFLAGS MAKEFLAGS BUILD \ |     for var in WERROR_CFLAGS MAKEFLAGS BUILD \ | ||||||
|             ECMULTWINDOW ECMULTGENPRECISION ASM WIDEMUL WITH_VALGRIND EXTRAFLAGS \ |             ECMULTWINDOW ECMULTGENPRECISION ASM WIDEMUL WITH_VALGRIND EXTRAFLAGS \ | ||||||
|             EXPERIMENTAL ECDH RECOVERY SCHNORRSIG \ |             EXPERIMENTAL ECDH RECOVERY SCHNORRSIG \ | ||||||
|             ECDSA_S2C GENERATOR RANGEPROOF WHITELIST MUSIG ECDSAADAPTOR BPPP \ |             ECDSA_S2C GENERATOR RANGEPROOF WHITELIST MUSIG ECDSAADAPTOR BPPP \ | ||||||
|             SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETEST\ |             SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETEST\ | ||||||
|             EXAMPLES \ |             EXAMPLES \ | ||||||
|             WRAPPER_CMD CC AR NM HOST |             HOST WRAPPER_CMD \ | ||||||
|  |             CC CFLAGS CPPFLAGS AR NM | ||||||
|     do |     do | ||||||
|         eval 'printf "%s %s " "$i=\"${'"$i"'}\""' |         eval "isset=\${$var+x}" | ||||||
|  |         if [ -n "$isset" ]; then | ||||||
|  |             eval "val=\${$var}" | ||||||
|  |             # shellcheck disable=SC2154 | ||||||
|  |             printf '%s="%s" ' "$var" "$val" | ||||||
|  |         fi | ||||||
|     done |     done | ||||||
|     echo "$0" |     echo "$0" | ||||||
|     set -x |     set -x | ||||||
| @ -37,7 +42,7 @@ esac | |||||||
| 
 | 
 | ||||||
| env >> test_env.log | env >> test_env.log | ||||||
| 
 | 
 | ||||||
| if [ -n "$CC" ]; then | if [ -n "${CC+x}" ]; then | ||||||
|     # The MSVC compiler "cl" doesn't understand "-v" |     # The MSVC compiler "cl" doesn't understand "-v" | ||||||
|     $CC -v || true |     $CC -v || true | ||||||
| fi | fi | ||||||
|  | |||||||
							
								
								
									
										50
									
								
								configure.ac
									
									
									
									
									
								
							
							
						
						
									
										50
									
								
								configure.ac
									
									
									
									
									
								
							| @ -273,7 +273,7 @@ fi | |||||||
| AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"]) | AM_CONDITIONAL([VALGRIND_ENABLED],[test "$enable_valgrind" = "yes"]) | ||||||
| 
 | 
 | ||||||
| if test x"$enable_coverage" = x"yes"; then | if test x"$enable_coverage" = x"yes"; then | ||||||
|     AC_DEFINE(COVERAGE, 1, [Define this symbol to compile out all VERIFY code]) |     SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOVERAGE=1" | ||||||
|     SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS" |     SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS" | ||||||
|     LDFLAGS="--coverage $LDFLAGS" |     LDFLAGS="--coverage $LDFLAGS" | ||||||
| else | else | ||||||
| @ -285,13 +285,13 @@ fi | |||||||
| 
 | 
 | ||||||
| AC_MSG_CHECKING([for __builtin_popcount]) | AC_MSG_CHECKING([for __builtin_popcount]) | ||||||
| AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])], | AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() {__builtin_popcount(0);}]])], | ||||||
|     [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_POPCOUNT,1,[Define this symbol if __builtin_popcount is available]) ], |     [ AC_MSG_RESULT([yes]); SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DHAVE_BUILTIN_POPCOUNT=1"], | ||||||
|     [ AC_MSG_RESULT([no]) |     [ AC_MSG_RESULT([no]) | ||||||
|     ]) |     ]) | ||||||
| 
 | 
 | ||||||
| AC_MSG_CHECKING([for  __builtin_clzll]) | AC_MSG_CHECKING([for  __builtin_clzll]) | ||||||
| AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])], | AC_LINK_IFELSE([AC_LANG_SOURCE([[void myfunc() { __builtin_clzll(1);}]])], | ||||||
|     [ AC_MSG_RESULT([yes]);AC_DEFINE(HAVE_BUILTIN_CLZLL,1,[Define this symbol if  __builtin_clzll is available]) ], |     [ AC_MSG_RESULT([yes]); SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DHAVE_BUILTIN_CLZLL=1"], | ||||||
|     [ AC_MSG_RESULT([no]) |     [ AC_MSG_RESULT([no]) | ||||||
|     ]) |     ]) | ||||||
| 
 | 
 | ||||||
| @ -327,7 +327,7 @@ enable_external_asm=no | |||||||
| 
 | 
 | ||||||
| case $set_asm in | case $set_asm in | ||||||
| x86_64) | x86_64) | ||||||
|   AC_DEFINE(USE_ASM_X86_64, 1, [Define this symbol to enable x86_64 assembly optimizations]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_ASM_X86_64=1" | ||||||
|   ;; |   ;; | ||||||
| arm) | arm) | ||||||
|   enable_external_asm=yes |   enable_external_asm=yes | ||||||
| @ -340,20 +340,20 @@ no) | |||||||
| esac | esac | ||||||
| 
 | 
 | ||||||
| if test x"$enable_external_asm" = x"yes"; then | if test x"$enable_external_asm" = x"yes"; then | ||||||
|   AC_DEFINE(USE_EXTERNAL_ASM, 1, [Define this symbol if an external (non-inline) assembly implementation is used]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_ASM=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # Select wide multiplication implementation | # Select wide multiplication implementation | ||||||
| case $set_widemul in | case $set_widemul in | ||||||
| int128_struct) | int128_struct) | ||||||
|   AC_DEFINE(USE_FORCE_WIDEMUL_INT128_STRUCT, 1, [Define this symbol to force the use of the structure for simulating (unsigned) int128 based wide multiplication]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128_STRUCT=1" | ||||||
|   ;; |   ;; | ||||||
| int128) | int128) | ||||||
|   AC_DEFINE(USE_FORCE_WIDEMUL_INT128, 1, [Define this symbol to force the use of the (unsigned) __int128 based wide multiplication implementation]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT128=1" | ||||||
|   ;; |   ;; | ||||||
| int64) | int64) | ||||||
|   AC_DEFINE(USE_FORCE_WIDEMUL_INT64, 1, [Define this symbol to force the use of the (u)int64_t based wide multiplication implementation]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_FORCE_WIDEMUL_INT64=1" | ||||||
|   ;; |   ;; | ||||||
| auto) | auto) | ||||||
|   ;; |   ;; | ||||||
| @ -380,7 +380,7 @@ case $set_ecmult_window in | |||||||
|     # not in range |     # not in range | ||||||
|     AC_MSG_ERROR($error_window_size) |     AC_MSG_ERROR($error_window_size) | ||||||
|   fi |   fi | ||||||
|   AC_DEFINE_UNQUOTED(ECMULT_WINDOW_SIZE, $set_ecmult_window, [Set window size for ecmult precomputation]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DECMULT_WINDOW_SIZE=$set_ecmult_window" | ||||||
|   ;; |   ;; | ||||||
| esac | esac | ||||||
| 
 | 
 | ||||||
| @ -393,7 +393,7 @@ fi | |||||||
| 
 | 
 | ||||||
| case $set_ecmult_gen_precision in | case $set_ecmult_gen_precision in | ||||||
| 2|4|8) | 2|4|8) | ||||||
|   AC_DEFINE_UNQUOTED(ECMULT_GEN_PREC_BITS, $set_ecmult_gen_precision, [Set ecmult gen precision bits]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DECMULT_GEN_PREC_BITS=$set_ecmult_gen_precision" | ||||||
|   ;; |   ;; | ||||||
| *) | *) | ||||||
|   AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) |   AC_MSG_ERROR(['ecmult gen precision not 2, 4, 8 or "auto"']) | ||||||
| @ -418,65 +418,65 @@ SECP_CFLAGS="$SECP_CFLAGS $WERROR_CFLAGS" | |||||||
| # tested first. | # tested first. | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_ecdh" = x"yes"; then | if test x"$enable_module_ecdh" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_ECDH, 1, [Define this symbol to enable the ECDH module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDH=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_musig" = x"yes"; then | if test x"$enable_module_musig" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_MUSIG, 1, [Define this symbol to enable the MuSig module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_MUSIG=1" | ||||||
|   enable_module_schnorrsig=yes |   enable_module_schnorrsig=yes | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_recovery" = x"yes"; then | if test x"$enable_module_recovery" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_RECOVERY, 1, [Define this symbol to enable the ECDSA pubkey recovery module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RECOVERY=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_whitelist" = x"yes"; then | if test x"$enable_module_whitelist" = x"yes"; then | ||||||
|  |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_WHITELIST=1" | ||||||
|   enable_module_rangeproof=yes |   enable_module_rangeproof=yes | ||||||
|   AC_DEFINE(ENABLE_MODULE_WHITELIST, 1, [Define this symbol to enable the key whitelisting module]) |  | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_surjectionproof" = x"yes"; then | if test x"$enable_module_surjectionproof" = x"yes"; then | ||||||
|  |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SURJECTIONPROOF=1" | ||||||
|   enable_module_rangeproof=yes |   enable_module_rangeproof=yes | ||||||
|   AC_DEFINE(ENABLE_MODULE_SURJECTIONPROOF, 1, [Define this symbol to enable the surjection proof module]) |  | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_rangeproof" = x"yes"; then | if test x"$enable_module_rangeproof" = x"yes"; then | ||||||
|  |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_RANGEPROOF=1" | ||||||
|   enable_module_generator=yes |   enable_module_generator=yes | ||||||
|   AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module]) |  | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_bppp" = x"yes"; then | if test x"$enable_module_bppp" = x"yes"; then | ||||||
|  |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_BPPP=1" | ||||||
|   enable_module_generator=yes |   enable_module_generator=yes | ||||||
|   AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module]) |  | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_generator" = x"yes"; then | if test x"$enable_module_generator" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_GENERATOR, 1, [Define this symbol to enable the NUMS generator module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_GENERATOR=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_schnorrsig" = x"yes"; then | if test x"$enable_module_schnorrsig" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_SCHNORRSIG, 1, [Define this symbol to enable the schnorrsig module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_SCHNORRSIG=1" | ||||||
|   enable_module_extrakeys=yes |   enable_module_extrakeys=yes | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_extrakeys" = x"yes"; then | if test x"$enable_module_extrakeys" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_EXTRAKEYS, 1, [Define this symbol to enable the extrakeys module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_EXTRAKEYS=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_ecdsa_s2c" = x"yes"; then | if test x"$enable_module_ecdsa_s2c" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_ECDSA_S2C, 1, [Define this symbol to enable the ECDSA sign-to-contract module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDSA_S2C=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_external_default_callbacks" = x"yes"; then | if test x"$enable_external_default_callbacks" = x"yes"; then | ||||||
|   AC_DEFINE(USE_EXTERNAL_DEFAULT_CALLBACKS, 1, [Define this symbol if an external implementation of the default callbacks is used]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_EXTERNAL_DEFAULT_CALLBACKS=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$use_reduced_surjection_proof_size" = x"yes"; then | if test x"$use_reduced_surjection_proof_size" = x"yes"; then | ||||||
|   AC_DEFINE(USE_REDUCED_SURJECTION_PROOF_SIZE, 1, [Define this symbol to reduce SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS to 16, disabling parsing and verification]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DUSE_REDUCED_SURJECTION_PROOF_SIZE=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| if test x"$enable_module_ecdsa_adaptor" = x"yes"; then | if test x"$enable_module_ecdsa_adaptor" = x"yes"; then | ||||||
|   AC_DEFINE(ENABLE_MODULE_ECDSA_ADAPTOR, 1, [Define this symbol to enable the ECDSA adaptor module]) |   SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DENABLE_MODULE_ECDSA_ADAPTOR=1" | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| ### | ### | ||||||
| @ -526,13 +526,13 @@ fi | |||||||
| ### Generate output | ### Generate output | ||||||
| ### | ### | ||||||
| 
 | 
 | ||||||
| AC_CONFIG_HEADERS([src/libsecp256k1-config.h]) |  | ||||||
| AC_CONFIG_FILES([Makefile libsecp256k1.pc]) | AC_CONFIG_FILES([Makefile libsecp256k1.pc]) | ||||||
| AC_SUBST(SECP_INCLUDES) | AC_SUBST(SECP_INCLUDES) | ||||||
| AC_SUBST(SECP_LIBS) | AC_SUBST(SECP_LIBS) | ||||||
| AC_SUBST(SECP_TEST_LIBS) | AC_SUBST(SECP_TEST_LIBS) | ||||||
| AC_SUBST(SECP_TEST_INCLUDES) | AC_SUBST(SECP_TEST_INCLUDES) | ||||||
| AC_SUBST(SECP_CFLAGS) | AC_SUBST(SECP_CFLAGS) | ||||||
|  | AC_SUBST(SECP_CONFIG_DEFINES) | ||||||
| AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) | AM_CONDITIONAL([ENABLE_COVERAGE], [test x"$enable_coverage" = x"yes"]) | ||||||
| AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"]) | AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"]) | ||||||
| AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"]) | AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"]) | ||||||
|  | |||||||
| @ -23,7 +23,7 @@ This process also assumes that there will be no minor releases for old major rel | |||||||
|    git tag -s v$MAJOR.$MINOR.$PATCH -m "libsecp256k1 $MAJOR.$MINOR.$PATCH" $RELEASE_COMMIT |    git tag -s v$MAJOR.$MINOR.$PATCH -m "libsecp256k1 $MAJOR.$MINOR.$PATCH" $RELEASE_COMMIT | ||||||
|    git push git@github.com:bitcoin-core/secp256k1.git v$MAJOR.$MINOR.$PATCH |    git push git@github.com:bitcoin-core/secp256k1.git v$MAJOR.$MINOR.$PATCH | ||||||
|    ``` |    ``` | ||||||
| 3. Open a PR to the master branch with a commit (using message `"release: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that sets `_PKG_VERSION_IS_RELEASE` to `false` and `_PKG_VERSION_PATCH` to `$PATCH + 1` and increases `_LIB_VERSION_REVISION`. If other maintainers are not present to approve the PR, it can be merged without ACKs. | 3. Open a PR to the master branch with a commit (using message `"release cleanup: bump version after $MAJOR.$MINOR.$PATCH"`, for example) that sets `_PKG_VERSION_IS_RELEASE` to `false` and `_PKG_VERSION_PATCH` to `$PATCH + 1` and increases `_LIB_VERSION_REVISION`. If other maintainers are not present to approve the PR, it can be merged without ACKs. | ||||||
| 4. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md). | 4. Create a new GitHub release with a link to the corresponding entry in [CHANGELOG.md](../CHANGELOG.md). | ||||||
| 
 | 
 | ||||||
| ## Maintenance release | ## Maintenance release | ||||||
|  | |||||||
| @ -849,7 +849,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( | |||||||
|  * kind of elliptic curve point multiplication and thus does not benefit from |  * kind of elliptic curve point multiplication and thus does not benefit from | ||||||
|  * enhanced protection against side-channel leakage currently. |  * enhanced protection against side-channel leakage currently. | ||||||
|  * |  * | ||||||
|  * It is safe call this function on a copy of secp256k1_context_static in writable |  * It is safe to call this function on a copy of secp256k1_context_static in writable | ||||||
|  * memory (e.g., obtained via secp256k1_context_clone). In that case, this |  * memory (e.g., obtained via secp256k1_context_clone). In that case, this | ||||||
|  * function is guaranteed to return 1, but the call will have no effect because |  * function is guaranteed to return 1, but the call will have no effect because | ||||||
|  * the static context (or a copy thereof) is not meant to be randomized. |  * the static context (or a copy thereof) is not meant to be randomized. | ||||||
|  | |||||||
| @ -18,10 +18,6 @@ | |||||||
|  *    imply normality. |  *    imply normality. | ||||||
|  */ |  */ | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| #if defined(SECP256K1_WIDEMUL_INT128) | #if defined(SECP256K1_WIDEMUL_INT128) | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_FIELD_REPR_IMPL_H | #ifndef SECP256K1_FIELD_REPR_IMPL_H | ||||||
| #define SECP256K1_FIELD_REPR_IMPL_H | #define SECP256K1_FIELD_REPR_IMPL_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "util.h" | #include "util.h" | ||||||
| #include "field.h" | #include "field.h" | ||||||
| #include "modinv64_impl.h" | #include "modinv64_impl.h" | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_FIELD_IMPL_H | #ifndef SECP256K1_FIELD_IMPL_H | ||||||
| #define SECP256K1_FIELD_IMPL_H | #define SECP256K1_FIELD_IMPL_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| #if defined(SECP256K1_WIDEMUL_INT128) | #if defined(SECP256K1_WIDEMUL_INT128) | ||||||
|  | |||||||
| @ -66,7 +66,12 @@ static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, | |||||||
|  */ |  */ | ||||||
| static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int b); | static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int b); | ||||||
| 
 | 
 | ||||||
| /* Return the low 64-bits of a 128-bit value interpreted as an signed 64-bit value. */ | /* Return the input value modulo 2^64. */ | ||||||
|  | static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a); | ||||||
|  | 
 | ||||||
|  | /* Return the value as a signed 64-bit value.
 | ||||||
|  |  * Requires the input to be between INT64_MIN and INT64_MAX. | ||||||
|  |  */ | ||||||
| static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a); | static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a); | ||||||
| 
 | 
 | ||||||
| /* Write a signed 64-bit value to r. */ | /* Write a signed 64-bit value to r. */ | ||||||
|  | |||||||
| @ -67,7 +67,12 @@ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned | |||||||
|    *r >>= n; |    *r >>= n; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { | ||||||
|  |    return (uint64_t)*a; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { | static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { | ||||||
|  |    VERIFY_CHECK(INT64_MIN <= *a && *a <= INT64_MAX); | ||||||
|    return *a; |    return *a; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -170,8 +170,14 @@ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned | |||||||
|    } |    } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { | ||||||
|  |    return a->lo; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { | static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { | ||||||
|    return (int64_t)a->lo; |    /* Verify that a represents a 64 bit signed value by checking that the high bits are a sign extension of the low bits. */ | ||||||
|  |    VERIFY_CHECK(a->hi == -(a->lo >> 63)); | ||||||
|  |    return (int64_t)secp256k1_i128_to_u64(a); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a) { | static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a) { | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_MODINV32_H | #ifndef SECP256K1_MODINV32_H | ||||||
| #define SECP256K1_MODINV32_H | #define SECP256K1_MODINV32_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| /* A signed 30-bit limb representation of integers.
 | /* A signed 30-bit limb representation of integers.
 | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_MODINV64_H | #ifndef SECP256K1_MODINV64_H | ||||||
| #define SECP256K1_MODINV64_H | #define SECP256K1_MODINV64_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| #ifndef SECP256K1_WIDEMUL_INT128 | #ifndef SECP256K1_WIDEMUL_INT128 | ||||||
|  | |||||||
| @ -39,13 +39,13 @@ static const secp256k1_modinv64_signed62 SECP256K1_SIGNED62_ONE = {{1}}; | |||||||
| 
 | 
 | ||||||
| /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^62). */ | /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^62). */ | ||||||
| static void secp256k1_modinv64_mul_62(secp256k1_modinv64_signed62 *r, const secp256k1_modinv64_signed62 *a, int alen, int64_t factor) { | static void secp256k1_modinv64_mul_62(secp256k1_modinv64_signed62 *r, const secp256k1_modinv64_signed62 *a, int alen, int64_t factor) { | ||||||
|     const int64_t M62 = (int64_t)(UINT64_MAX >> 2); |     const uint64_t M62 = UINT64_MAX >> 2; | ||||||
|     secp256k1_int128 c, d; |     secp256k1_int128 c, d; | ||||||
|     int i; |     int i; | ||||||
|     secp256k1_i128_from_i64(&c, 0); |     secp256k1_i128_from_i64(&c, 0); | ||||||
|     for (i = 0; i < 4; ++i) { |     for (i = 0; i < 4; ++i) { | ||||||
|         if (i < alen) secp256k1_i128_accum_mul(&c, a->v[i], factor); |         if (i < alen) secp256k1_i128_accum_mul(&c, a->v[i], factor); | ||||||
|         r->v[i] = secp256k1_i128_to_i64(&c) & M62; secp256k1_i128_rshift(&c, 62); |         r->v[i] = secp256k1_i128_to_u64(&c) & M62; secp256k1_i128_rshift(&c, 62); | ||||||
|     } |     } | ||||||
|     if (4 < alen) secp256k1_i128_accum_mul(&c, a->v[4], factor); |     if (4 < alen) secp256k1_i128_accum_mul(&c, a->v[4], factor); | ||||||
|     secp256k1_i128_from_i64(&d, secp256k1_i128_to_i64(&c)); |     secp256k1_i128_from_i64(&d, secp256k1_i128_to_i64(&c)); | ||||||
| @ -317,7 +317,7 @@ static int64_t secp256k1_modinv64_divsteps_62_var(int64_t eta, uint64_t f0, uint | |||||||
|  * This implements the update_de function from the explanation. |  * This implements the update_de function from the explanation. | ||||||
|  */ |  */ | ||||||
| static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp256k1_modinv64_signed62 *e, const secp256k1_modinv64_trans2x2 *t, const secp256k1_modinv64_modinfo* modinfo) { | static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp256k1_modinv64_signed62 *e, const secp256k1_modinv64_trans2x2 *t, const secp256k1_modinv64_modinfo* modinfo) { | ||||||
|     const int64_t M62 = (int64_t)(UINT64_MAX >> 2); |     const uint64_t M62 = UINT64_MAX >> 2; | ||||||
|     const int64_t d0 = d->v[0], d1 = d->v[1], d2 = d->v[2], d3 = d->v[3], d4 = d->v[4]; |     const int64_t d0 = d->v[0], d1 = d->v[1], d2 = d->v[2], d3 = d->v[3], d4 = d->v[4]; | ||||||
|     const int64_t e0 = e->v[0], e1 = e->v[1], e2 = e->v[2], e3 = e->v[3], e4 = e->v[4]; |     const int64_t e0 = e->v[0], e1 = e->v[1], e2 = e->v[2], e3 = e->v[3], e4 = e->v[4]; | ||||||
|     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; |     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; | ||||||
| @ -330,8 +330,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|     VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0);  /* e <    modulus */ |     VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0);  /* e <    modulus */ | ||||||
|     VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) >= 0); /* |u|+|v| doesn't overflow */ |     VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) >= 0); /* |u|+|v| doesn't overflow */ | ||||||
|     VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) >= 0); /* |q|+|r| doesn't overflow */ |     VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) >= 0); /* |q|+|r| doesn't overflow */ | ||||||
|     VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) <= M62 + 1); /* |u|+|v| <= 2^62 */ |     VERIFY_CHECK((secp256k1_modinv64_abs(u) + secp256k1_modinv64_abs(v)) <= (int64_t)1 << 62); /* |u|+|v| <= 2^62 */ | ||||||
|     VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) <= M62 + 1); /* |q|+|r| <= 2^62 */ |     VERIFY_CHECK((secp256k1_modinv64_abs(q) + secp256k1_modinv64_abs(r)) <= (int64_t)1 << 62); /* |q|+|r| <= 2^62 */ | ||||||
| #endif | #endif | ||||||
|     /* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */ |     /* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */ | ||||||
|     sd = d4 >> 63; |     sd = d4 >> 63; | ||||||
| @ -344,14 +344,14 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|     secp256k1_i128_mul(&ce, q, d0); |     secp256k1_i128_mul(&ce, q, d0); | ||||||
|     secp256k1_i128_accum_mul(&ce, r, e0); |     secp256k1_i128_accum_mul(&ce, r, e0); | ||||||
|     /* Correct md,me so that t*[d,e]+modulus*[md,me] has 62 zero bottom bits. */ |     /* Correct md,me so that t*[d,e]+modulus*[md,me] has 62 zero bottom bits. */ | ||||||
|     md -= (modinfo->modulus_inv62 * (uint64_t)secp256k1_i128_to_i64(&cd) + md) & M62; |     md -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&cd) + md) & M62; | ||||||
|     me -= (modinfo->modulus_inv62 * (uint64_t)secp256k1_i128_to_i64(&ce) + me) & M62; |     me -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&ce) + me) & M62; | ||||||
|     /* Update the beginning of computation for t*[d,e]+modulus*[md,me] now md,me are known. */ |     /* Update the beginning of computation for t*[d,e]+modulus*[md,me] now md,me are known. */ | ||||||
|     secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[0], md); |     secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[0], md); | ||||||
|     secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[0], me); |     secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[0], me); | ||||||
|     /* Verify that the low 62 bits of the computation are indeed zero, and then throw them away. */ |     /* Verify that the low 62 bits of the computation are indeed zero, and then throw them away. */ | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&cd) & M62) == 0); secp256k1_i128_rshift(&cd, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&cd) & M62) == 0); secp256k1_i128_rshift(&cd, 62); | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&ce) & M62) == 0); secp256k1_i128_rshift(&ce, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&ce) & M62) == 0); secp256k1_i128_rshift(&ce, 62); | ||||||
|     /* Compute limb 1 of t*[d,e]+modulus*[md,me], and store it as output limb 0 (= down shift). */ |     /* Compute limb 1 of t*[d,e]+modulus*[md,me], and store it as output limb 0 (= down shift). */ | ||||||
|     secp256k1_i128_accum_mul(&cd, u, d1); |     secp256k1_i128_accum_mul(&cd, u, d1); | ||||||
|     secp256k1_i128_accum_mul(&cd, v, e1); |     secp256k1_i128_accum_mul(&cd, v, e1); | ||||||
| @ -361,8 +361,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[1], md); |         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[1], md); | ||||||
|         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[1], me); |         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[1], me); | ||||||
|     } |     } | ||||||
|     d->v[0] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); |     d->v[0] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); | ||||||
|     e->v[0] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); |     e->v[0] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); | ||||||
|     /* Compute limb 2 of t*[d,e]+modulus*[md,me], and store it as output limb 1. */ |     /* Compute limb 2 of t*[d,e]+modulus*[md,me], and store it as output limb 1. */ | ||||||
|     secp256k1_i128_accum_mul(&cd, u, d2); |     secp256k1_i128_accum_mul(&cd, u, d2); | ||||||
|     secp256k1_i128_accum_mul(&cd, v, e2); |     secp256k1_i128_accum_mul(&cd, v, e2); | ||||||
| @ -372,8 +372,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[2], md); |         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[2], md); | ||||||
|         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[2], me); |         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[2], me); | ||||||
|     } |     } | ||||||
|     d->v[1] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); |     d->v[1] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); | ||||||
|     e->v[1] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); |     e->v[1] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); | ||||||
|     /* Compute limb 3 of t*[d,e]+modulus*[md,me], and store it as output limb 2. */ |     /* Compute limb 3 of t*[d,e]+modulus*[md,me], and store it as output limb 2. */ | ||||||
|     secp256k1_i128_accum_mul(&cd, u, d3); |     secp256k1_i128_accum_mul(&cd, u, d3); | ||||||
|     secp256k1_i128_accum_mul(&cd, v, e3); |     secp256k1_i128_accum_mul(&cd, v, e3); | ||||||
| @ -383,8 +383,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[3], md); |         secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[3], md); | ||||||
|         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[3], me); |         secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[3], me); | ||||||
|     } |     } | ||||||
|     d->v[2] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); |     d->v[2] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); | ||||||
|     e->v[2] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); |     e->v[2] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); | ||||||
|     /* Compute limb 4 of t*[d,e]+modulus*[md,me], and store it as output limb 3. */ |     /* Compute limb 4 of t*[d,e]+modulus*[md,me], and store it as output limb 3. */ | ||||||
|     secp256k1_i128_accum_mul(&cd, u, d4); |     secp256k1_i128_accum_mul(&cd, u, d4); | ||||||
|     secp256k1_i128_accum_mul(&cd, v, e4); |     secp256k1_i128_accum_mul(&cd, v, e4); | ||||||
| @ -392,8 +392,8 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|     secp256k1_i128_accum_mul(&ce, r, e4); |     secp256k1_i128_accum_mul(&ce, r, e4); | ||||||
|     secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[4], md); |     secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[4], md); | ||||||
|     secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[4], me); |     secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[4], me); | ||||||
|     d->v[3] = secp256k1_i128_to_i64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); |     d->v[3] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); | ||||||
|     e->v[3] = secp256k1_i128_to_i64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); |     e->v[3] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); | ||||||
|     /* What remains is limb 5 of t*[d,e]+modulus*[md,me]; store it as output limb 4. */ |     /* What remains is limb 5 of t*[d,e]+modulus*[md,me]; store it as output limb 4. */ | ||||||
|     d->v[4] = secp256k1_i128_to_i64(&cd); |     d->v[4] = secp256k1_i128_to_i64(&cd); | ||||||
|     e->v[4] = secp256k1_i128_to_i64(&ce); |     e->v[4] = secp256k1_i128_to_i64(&ce); | ||||||
| @ -410,7 +410,7 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp | |||||||
|  * This implements the update_fg function from the explanation. |  * This implements the update_fg function from the explanation. | ||||||
|  */ |  */ | ||||||
| static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { | static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { | ||||||
|     const int64_t M62 = (int64_t)(UINT64_MAX >> 2); |     const uint64_t M62 = UINT64_MAX >> 2; | ||||||
|     const int64_t f0 = f->v[0], f1 = f->v[1], f2 = f->v[2], f3 = f->v[3], f4 = f->v[4]; |     const int64_t f0 = f->v[0], f1 = f->v[1], f2 = f->v[2], f3 = f->v[3], f4 = f->v[4]; | ||||||
|     const int64_t g0 = g->v[0], g1 = g->v[1], g2 = g->v[2], g3 = g->v[3], g4 = g->v[4]; |     const int64_t g0 = g->v[0], g1 = g->v[1], g2 = g->v[2], g3 = g->v[3], g4 = g->v[4]; | ||||||
|     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; |     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; | ||||||
| @ -421,36 +421,36 @@ static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp | |||||||
|     secp256k1_i128_mul(&cg, q, f0); |     secp256k1_i128_mul(&cg, q, f0); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, g0); |     secp256k1_i128_accum_mul(&cg, r, g0); | ||||||
|     /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ |     /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* Compute limb 1 of t*[f,g], and store it as output limb 0 (= down shift). */ |     /* Compute limb 1 of t*[f,g], and store it as output limb 0 (= down shift). */ | ||||||
|     secp256k1_i128_accum_mul(&cf, u, f1); |     secp256k1_i128_accum_mul(&cf, u, f1); | ||||||
|     secp256k1_i128_accum_mul(&cf, v, g1); |     secp256k1_i128_accum_mul(&cf, v, g1); | ||||||
|     secp256k1_i128_accum_mul(&cg, q, f1); |     secp256k1_i128_accum_mul(&cg, q, f1); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, g1); |     secp256k1_i128_accum_mul(&cg, r, g1); | ||||||
|     f->v[0] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); |     f->v[0] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); | ||||||
|     g->v[0] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); |     g->v[0] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* Compute limb 2 of t*[f,g], and store it as output limb 1. */ |     /* Compute limb 2 of t*[f,g], and store it as output limb 1. */ | ||||||
|     secp256k1_i128_accum_mul(&cf, u, f2); |     secp256k1_i128_accum_mul(&cf, u, f2); | ||||||
|     secp256k1_i128_accum_mul(&cf, v, g2); |     secp256k1_i128_accum_mul(&cf, v, g2); | ||||||
|     secp256k1_i128_accum_mul(&cg, q, f2); |     secp256k1_i128_accum_mul(&cg, q, f2); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, g2); |     secp256k1_i128_accum_mul(&cg, r, g2); | ||||||
|     f->v[1] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); |     f->v[1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); | ||||||
|     g->v[1] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); |     g->v[1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* Compute limb 3 of t*[f,g], and store it as output limb 2. */ |     /* Compute limb 3 of t*[f,g], and store it as output limb 2. */ | ||||||
|     secp256k1_i128_accum_mul(&cf, u, f3); |     secp256k1_i128_accum_mul(&cf, u, f3); | ||||||
|     secp256k1_i128_accum_mul(&cf, v, g3); |     secp256k1_i128_accum_mul(&cf, v, g3); | ||||||
|     secp256k1_i128_accum_mul(&cg, q, f3); |     secp256k1_i128_accum_mul(&cg, q, f3); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, g3); |     secp256k1_i128_accum_mul(&cg, r, g3); | ||||||
|     f->v[2] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); |     f->v[2] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); | ||||||
|     g->v[2] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); |     g->v[2] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* Compute limb 4 of t*[f,g], and store it as output limb 3. */ |     /* Compute limb 4 of t*[f,g], and store it as output limb 3. */ | ||||||
|     secp256k1_i128_accum_mul(&cf, u, f4); |     secp256k1_i128_accum_mul(&cf, u, f4); | ||||||
|     secp256k1_i128_accum_mul(&cf, v, g4); |     secp256k1_i128_accum_mul(&cf, v, g4); | ||||||
|     secp256k1_i128_accum_mul(&cg, q, f4); |     secp256k1_i128_accum_mul(&cg, q, f4); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, g4); |     secp256k1_i128_accum_mul(&cg, r, g4); | ||||||
|     f->v[3] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); |     f->v[3] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); | ||||||
|     g->v[3] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); |     g->v[3] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* What remains is limb 5 of t*[f,g]; store it as output limb 4. */ |     /* What remains is limb 5 of t*[f,g]; store it as output limb 4. */ | ||||||
|     f->v[4] = secp256k1_i128_to_i64(&cf); |     f->v[4] = secp256k1_i128_to_i64(&cf); | ||||||
|     g->v[4] = secp256k1_i128_to_i64(&cg); |     g->v[4] = secp256k1_i128_to_i64(&cg); | ||||||
| @ -463,7 +463,7 @@ static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp | |||||||
|  * This implements the update_fg function from the explanation. |  * This implements the update_fg function from the explanation. | ||||||
|  */ |  */ | ||||||
| static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { | static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { | ||||||
|     const int64_t M62 = (int64_t)(UINT64_MAX >> 2); |     const uint64_t M62 = UINT64_MAX >> 2; | ||||||
|     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; |     const int64_t u = t->u, v = t->v, q = t->q, r = t->r; | ||||||
|     int64_t fi, gi; |     int64_t fi, gi; | ||||||
|     secp256k1_int128 cf, cg; |     secp256k1_int128 cf, cg; | ||||||
| @ -477,8 +477,8 @@ static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_sign | |||||||
|     secp256k1_i128_mul(&cg, q, fi); |     secp256k1_i128_mul(&cg, q, fi); | ||||||
|     secp256k1_i128_accum_mul(&cg, r, gi); |     secp256k1_i128_accum_mul(&cg, r, gi); | ||||||
|     /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ |     /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); | ||||||
|     VERIFY_CHECK((secp256k1_i128_to_i64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); |     VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); | ||||||
|     /* Now iteratively compute limb i=1..len of t*[f,g], and store them in output limb i-1 (shifting
 |     /* Now iteratively compute limb i=1..len of t*[f,g], and store them in output limb i-1 (shifting
 | ||||||
|      * down by 62 bits). */ |      * down by 62 bits). */ | ||||||
|     for (i = 1; i < len; ++i) { |     for (i = 1; i < len; ++i) { | ||||||
| @ -488,8 +488,8 @@ static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_sign | |||||||
|         secp256k1_i128_accum_mul(&cf, v, gi); |         secp256k1_i128_accum_mul(&cf, v, gi); | ||||||
|         secp256k1_i128_accum_mul(&cg, q, fi); |         secp256k1_i128_accum_mul(&cg, q, fi); | ||||||
|         secp256k1_i128_accum_mul(&cg, r, gi); |         secp256k1_i128_accum_mul(&cg, r, gi); | ||||||
|         f->v[i - 1] = secp256k1_i128_to_i64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); |         f->v[i - 1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); | ||||||
|         g->v[i - 1] = secp256k1_i128_to_i64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); |         g->v[i - 1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); | ||||||
|     } |     } | ||||||
|     /* What remains is limb (len) of t*[f,g]; store it as output limb (len-1). */ |     /* What remains is limb (len) of t*[f,g]; store it as output limb (len-1). */ | ||||||
|     f->v[len - 1] = secp256k1_i128_to_i64(&cf); |     f->v[len - 1] = secp256k1_i128_to_i64(&cf); | ||||||
|  | |||||||
| @ -25,51 +25,51 @@ static void test_bppp_generators_api(void) { | |||||||
|     int32_t ecount = 0; |     int32_t ecount = 0; | ||||||
| 
 | 
 | ||||||
|     /* The BP generator API requires no precomp */ |     /* The BP generator API requires no precomp */ | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     /* Create */ |     /* Create */ | ||||||
|     gens = secp256k1_bppp_generators_create(ctx, 10); |     gens = secp256k1_bppp_generators_create(CTX, 10); | ||||||
|     CHECK(gens != NULL && ecount == 0); |     CHECK(gens != NULL && ecount == 0); | ||||||
|     gens_orig = gens; /* Preserve for round-trip test */ |     gens_orig = gens; /* Preserve for round-trip test */ | ||||||
| 
 | 
 | ||||||
|     /* Serialize */ |     /* Serialize */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(!secp256k1_bppp_generators_serialize(ctx, NULL, gens_ser, &len)); |     CHECK(!secp256k1_bppp_generators_serialize(CTX, NULL, gens_ser, &len)); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, NULL, &len)); |     CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, NULL, &len)); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, NULL)); |     CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, NULL)); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     len = 0; |     len = 0; | ||||||
|     CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); |     CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     len = sizeof(gens_ser) - 1; |     len = sizeof(gens_ser) - 1; | ||||||
|     CHECK(!secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); |     CHECK(!secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     len = sizeof(gens_ser); |     len = sizeof(gens_ser); | ||||||
|     { |     { | ||||||
|         /* Output buffer can be greater than minimum needed */ |         /* Output buffer can be greater than minimum needed */ | ||||||
|         unsigned char gens_ser_tmp[331]; |         unsigned char gens_ser_tmp[331]; | ||||||
|         size_t len_tmp = sizeof(gens_ser_tmp); |         size_t len_tmp = sizeof(gens_ser_tmp); | ||||||
|         CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser_tmp, &len_tmp)); |         CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser_tmp, &len_tmp)); | ||||||
|         CHECK(len_tmp == sizeof(gens_ser_tmp) - 1); |         CHECK(len_tmp == sizeof(gens_ser_tmp) - 1); | ||||||
|         CHECK(ecount == 5); |         CHECK(ecount == 5); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Parse */ |     /* Parse */ | ||||||
|     CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); |     CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     gens = secp256k1_bppp_generators_parse(ctx, NULL, sizeof(gens_ser)); |     gens = secp256k1_bppp_generators_parse(CTX, NULL, sizeof(gens_ser)); | ||||||
|     CHECK(gens == NULL && ecount == 1); |     CHECK(gens == NULL && ecount == 1); | ||||||
|     /* Not a multiple of 33 */ |     /* Not a multiple of 33 */ | ||||||
|     gens = secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser) - 1); |     gens = secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser) - 1); | ||||||
|     CHECK(gens == NULL && ecount == 1); |     CHECK(gens == NULL && ecount == 1); | ||||||
|     gens = secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser)); |     gens = secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser)); | ||||||
|     CHECK(gens != NULL && ecount == 1); |     CHECK(gens != NULL && ecount == 1); | ||||||
|     /* Not valid generators */ |     /* Not valid generators */ | ||||||
|     memset(gens_ser, 1, sizeof(gens_ser)); |     memset(gens_ser, 1, sizeof(gens_ser)); | ||||||
|     CHECK(secp256k1_bppp_generators_parse(ctx, gens_ser, sizeof(gens_ser)) == NULL); |     CHECK(secp256k1_bppp_generators_parse(CTX, gens_ser, sizeof(gens_ser)) == NULL); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
| 
 | 
 | ||||||
|     /* Check that round-trip succeeded */ |     /* Check that round-trip succeeded */ | ||||||
| @ -80,14 +80,17 @@ static void test_bppp_generators_api(void) { | |||||||
| 
 | 
 | ||||||
|     /* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */ |     /* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     secp256k1_bppp_generators_destroy(ctx, NULL); |     secp256k1_bppp_generators_destroy(CTX, NULL); | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gens); |     secp256k1_bppp_generators_destroy(CTX, gens); | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gens_orig); |     secp256k1_bppp_generators_destroy(CTX, gens_orig); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|  | 
 | ||||||
|  |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_bppp_generators_fixed(void) { | static void test_bppp_generators_fixed(void) { | ||||||
|     secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, 3); |     secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(CTX, 3); | ||||||
|     unsigned char gens_ser[330]; |     unsigned char gens_ser[330]; | ||||||
|     const unsigned char fixed_first_3[99] = { |     const unsigned char fixed_first_3[99] = { | ||||||
|         0x0b, |         0x0b, | ||||||
| @ -109,14 +112,14 @@ static void test_bppp_generators_fixed(void) { | |||||||
|     size_t len; |     size_t len; | ||||||
| 
 | 
 | ||||||
|     len = 99; |     len = 99; | ||||||
|     CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); |     CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); | ||||||
|     CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); |     CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); | ||||||
| 
 | 
 | ||||||
|     len = sizeof(gens_ser); |     len = sizeof(gens_ser); | ||||||
|     CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len)); |     CHECK(secp256k1_bppp_generators_serialize(CTX, gens, gens_ser, &len)); | ||||||
|     CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); |     CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0); | ||||||
| 
 | 
 | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gens); |     secp256k1_bppp_generators_destroy(CTX, gens); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_bppp_tagged_hash(void) { | static void test_bppp_tagged_hash(void) { | ||||||
| @ -224,19 +227,19 @@ void test_serialize_two_points(void) { | |||||||
|     secp256k1_ge X, R; |     secp256k1_ge X, R; | ||||||
|     int i; |     int i; | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         random_group_element_test(&X); |         random_group_element_test(&X); | ||||||
|         random_group_element_test(&R); |         random_group_element_test(&R); | ||||||
|         test_serialize_two_points_roundtrip(&X, &R); |         test_serialize_two_points_roundtrip(&X, &R); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         random_group_element_test(&X); |         random_group_element_test(&X); | ||||||
|         secp256k1_ge_set_infinity(&R); |         secp256k1_ge_set_infinity(&R); | ||||||
|         test_serialize_two_points_roundtrip(&X, &R); |         test_serialize_two_points_roundtrip(&X, &R); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         secp256k1_ge_set_infinity(&X); |         secp256k1_ge_set_infinity(&X); | ||||||
|         random_group_element_test(&R); |         random_group_element_test(&R); | ||||||
|         test_serialize_two_points_roundtrip(&X, &R); |         test_serialize_two_points_roundtrip(&X, &R); | ||||||
| @ -258,7 +261,7 @@ void test_serialize_two_points(void) { | |||||||
|         CHECK(!secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 0)); |         CHECK(!secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 0)); | ||||||
|     } |     } | ||||||
|     /* Check that sign bit is 0 for point at infinity */ |     /* Check that sign bit is 0 for point at infinity */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         secp256k1_ge X_tmp, R_tmp; |         secp256k1_ge X_tmp, R_tmp; | ||||||
|         unsigned char buf[65]; |         unsigned char buf[65]; | ||||||
|         int expect; |         int expect; | ||||||
| @ -333,10 +336,10 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch, | |||||||
|                                       const secp256k1_ge *gens_vec, |                                       const secp256k1_ge *gens_vec, | ||||||
|                                       size_t g_len, |                                       size_t g_len, | ||||||
|                                       size_t h_len) { |                                       size_t h_len) { | ||||||
|     *ns = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, g_len * sizeof(secp256k1_scalar)); |     *ns = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, g_len * sizeof(secp256k1_scalar)); | ||||||
|     *ls = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); |     *ls = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); | ||||||
|     *cs = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); |     *cs = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, h_len * sizeof(secp256k1_scalar)); | ||||||
|     *gs = (secp256k1_ge*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, (g_len + h_len) * sizeof(secp256k1_ge)); |     *gs = (secp256k1_ge*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, (g_len + h_len) * sizeof(secp256k1_ge)); | ||||||
|     CHECK(ns != NULL && ls != NULL && cs != NULL && gs != NULL); |     CHECK(ns != NULL && ls != NULL && cs != NULL && gs != NULL); | ||||||
|     memcpy(*ns, n_vec, g_len * sizeof(secp256k1_scalar)); |     memcpy(*ns, n_vec, g_len * sizeof(secp256k1_scalar)); | ||||||
|     memcpy(*ls, l_vec, h_len * sizeof(secp256k1_scalar)); |     memcpy(*ls, l_vec, h_len * sizeof(secp256k1_scalar)); | ||||||
| @ -366,10 +369,10 @@ static int secp256k1_bppp_rangeproof_norm_product_prove_const( | |||||||
|     size_t g_len = n_vec_len, h_len = l_vec_len; |     size_t g_len = n_vec_len, h_len = l_vec_len; | ||||||
|     int res; |     int res; | ||||||
| 
 | 
 | ||||||
|     scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); |     scratch_checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); | ||||||
|     copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, g_vec, g_len, h_len); |     copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, g_vec, g_len, h_len); | ||||||
|     res = secp256k1_bppp_rangeproof_norm_product_prove( |     res = secp256k1_bppp_rangeproof_norm_product_prove( | ||||||
|         ctx, |         CTX, | ||||||
|         scratch, |         scratch, | ||||||
|         proof, |         proof, | ||||||
|         proof_len, |         proof_len, | ||||||
| @ -384,7 +387,7 @@ static int secp256k1_bppp_rangeproof_norm_product_prove_const( | |||||||
|         cs, |         cs, | ||||||
|         c_vec_len |         c_vec_len | ||||||
|     ); |     ); | ||||||
|     secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint); |     secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, scratch_checkpoint); | ||||||
|     return res; |     return res; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -434,7 +437,7 @@ static int secp256k1_norm_arg_verify( | |||||||
|     secp256k1_norm_arg_commit_initial_data(&transcript, rho, gens_vec, g_len, c_vec, c_vec_len, &comm); |     secp256k1_norm_arg_commit_initial_data(&transcript, rho, gens_vec, g_len, c_vec, c_vec_len, &comm); | ||||||
| 
 | 
 | ||||||
|     res = secp256k1_bppp_rangeproof_norm_product_verify( |     res = secp256k1_bppp_rangeproof_norm_product_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         scratch, |         scratch, | ||||||
|         proof, |         proof, | ||||||
|         proof_len, |         proof_len, | ||||||
| @ -454,11 +457,11 @@ void norm_arg_verify_zero_len(void) { | |||||||
|     secp256k1_scalar n_vec[64], l_vec[64], c_vec[64]; |     secp256k1_scalar n_vec[64], l_vec[64], c_vec[64]; | ||||||
|     secp256k1_scalar rho, mu; |     secp256k1_scalar rho, mu; | ||||||
|     secp256k1_ge commit; |     secp256k1_ge commit; | ||||||
|     secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*10); /* shouldn't need much */ |     secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*10); /* shouldn't need much */ | ||||||
|     unsigned char proof[1000]; |     unsigned char proof[1000]; | ||||||
|     unsigned int n_vec_len = 1; |     unsigned int n_vec_len = 1; | ||||||
|     unsigned int c_vec_len = 1; |     unsigned int c_vec_len = 1; | ||||||
|     secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len); |     secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(CTX, n_vec_len + c_vec_len); | ||||||
|     size_t plen = sizeof(proof); |     size_t plen = sizeof(proof); | ||||||
| 
 | 
 | ||||||
|     random_scalar_order(&rho); |     random_scalar_order(&rho); | ||||||
| @ -467,14 +470,14 @@ void norm_arg_verify_zero_len(void) { | |||||||
|     random_scalar_order(&n_vec[0]); |     random_scalar_order(&n_vec[0]); | ||||||
|     random_scalar_order(&c_vec[0]); |     random_scalar_order(&c_vec[0]); | ||||||
|     random_scalar_order(&l_vec[0]); |     random_scalar_order(&l_vec[0]); | ||||||
|     CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); |     CHECK(secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); | ||||||
|     CHECK(secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit)); |     CHECK(secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit)); | ||||||
|     CHECK(secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); |     CHECK(secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); | ||||||
|     CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, 0, &commit)); |     CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, 0, &commit)); | ||||||
| 
 | 
 | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gs); |     secp256k1_bppp_generators_destroy(CTX, gs); | ||||||
| 
 | 
 | ||||||
|     secp256k1_scratch_space_destroy(ctx, scratch); |     secp256k1_scratch_space_destroy(CTX, scratch); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void norm_arg_test(unsigned int n, unsigned int m) { | void norm_arg_test(unsigned int n, unsigned int m) { | ||||||
| @ -483,8 +486,8 @@ void norm_arg_test(unsigned int n, unsigned int m) { | |||||||
|     secp256k1_ge commit; |     secp256k1_ge commit; | ||||||
|     size_t i, plen; |     size_t i, plen; | ||||||
|     int res; |     int res; | ||||||
|     secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n + m); |     secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(CTX, n + m); | ||||||
|     secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ |     secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ | ||||||
|     unsigned char proof[1000]; |     unsigned char proof[1000]; | ||||||
|     plen = 1000; |     plen = 1000; | ||||||
|     random_scalar_order(&rho); |     random_scalar_order(&rho); | ||||||
| @ -499,7 +502,7 @@ void norm_arg_test(unsigned int n, unsigned int m) { | |||||||
|         random_scalar_order(&c_vec[i]); |         random_scalar_order(&c_vec[i]); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     res = secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &mu); |     res = secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &mu); | ||||||
|     CHECK(res == 1); |     CHECK(res == 1); | ||||||
|     res = secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n, l_vec, m, c_vec, m, &commit); |     res = secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n, l_vec, m, c_vec, m, &commit); | ||||||
|     CHECK(res == 1); |     CHECK(res == 1); | ||||||
| @ -515,8 +518,8 @@ void norm_arg_test(unsigned int n, unsigned int m) { | |||||||
|     res = secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n, c_vec, m, &commit); |     res = secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n, c_vec, m, &commit); | ||||||
|     CHECK(res == 0); |     CHECK(res == 0); | ||||||
| 
 | 
 | ||||||
|     secp256k1_scratch_space_destroy(ctx, scratch); |     secp256k1_scratch_space_destroy(CTX, scratch); | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gs); |     secp256k1_bppp_generators_destroy(CTX, gs); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Parses generators from points compressed as pubkeys */ | /* Parses generators from points compressed as pubkeys */ | ||||||
| @ -524,19 +527,16 @@ secp256k1_bppp_generators* bppp_generators_parse_regular(const unsigned char* da | |||||||
|     size_t n = data_len / 33; |     size_t n = data_len / 33; | ||||||
|     secp256k1_bppp_generators* ret; |     secp256k1_bppp_generators* ret; | ||||||
| 
 | 
 | ||||||
|     VERIFY_CHECK(ctx != NULL); |  | ||||||
|     ARG_CHECK(data != NULL); |  | ||||||
| 
 |  | ||||||
|     if (data_len % 33 != 0) { |     if (data_len % 33 != 0) { | ||||||
|         return NULL; |         return NULL; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret)); |     ret = (secp256k1_bppp_generators *)checked_malloc(&CTX->error_callback, sizeof(*ret)); | ||||||
|     if (ret == NULL) { |     if (ret == NULL) { | ||||||
|         return NULL; |         return NULL; | ||||||
|     } |     } | ||||||
|     ret->n = n; |     ret->n = n; | ||||||
|     ret->gens = (secp256k1_ge*)checked_malloc(&ctx->error_callback, n * sizeof(*ret->gens)); |     ret->gens = (secp256k1_ge*)checked_malloc(&CTX->error_callback, n * sizeof(*ret->gens)); | ||||||
|     if (ret->gens == NULL) { |     if (ret->gens == NULL) { | ||||||
|         free(ret); |         free(ret); | ||||||
|         return NULL; |         return NULL; | ||||||
| @ -572,16 +572,16 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch | |||||||
|         CHECK(!overflow); |         CHECK(!overflow); | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_ge_parse_ext(&commit, commit33)); |     CHECK(secp256k1_ge_parse_ext(&commit, commit33)); | ||||||
|     ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit); |     ret = secp256k1_bppp_rangeproof_norm_product_verify(CTX, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit); | ||||||
| 
 | 
 | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gs); |     secp256k1_bppp_generators_destroy(CTX, gs); | ||||||
|     return ret; |     return ret; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #define IDX_TO_TEST(i) (norm_arg_verify_vectors_helper(scratch, verify_vector_gens, verify_vector_##i##_proof, sizeof(verify_vector_##i##_proof), verify_vector_##i##_r32, verify_vector_##i##_n_vec_len, verify_vector_##i##_c_vec32, verify_vector_##i##_c_vec, sizeof(verify_vector_##i##_c_vec)/sizeof(secp256k1_scalar), verify_vector_##i##_commit33) == verify_vector_##i##_result) | #define IDX_TO_TEST(i) (norm_arg_verify_vectors_helper(scratch, verify_vector_gens, verify_vector_##i##_proof, sizeof(verify_vector_##i##_proof), verify_vector_##i##_r32, verify_vector_##i##_n_vec_len, verify_vector_##i##_c_vec32, verify_vector_##i##_c_vec, sizeof(verify_vector_##i##_c_vec)/sizeof(secp256k1_scalar), verify_vector_##i##_commit33) == verify_vector_##i##_result) | ||||||
| 
 | 
 | ||||||
| void norm_arg_verify_vectors(void) { | void norm_arg_verify_vectors(void) { | ||||||
|     secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ |     secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ | ||||||
|     size_t alloc = scratch->alloc_size; |     size_t alloc = scratch->alloc_size; | ||||||
| 
 | 
 | ||||||
|     CHECK(IDX_TO_TEST(0)); |     CHECK(IDX_TO_TEST(0)); | ||||||
| @ -599,7 +599,7 @@ void norm_arg_verify_vectors(void) { | |||||||
|     CHECK(IDX_TO_TEST(12)); |     CHECK(IDX_TO_TEST(12)); | ||||||
| 
 | 
 | ||||||
|     CHECK(alloc == scratch->alloc_size); |     CHECK(alloc == scratch->alloc_size); | ||||||
|     secp256k1_scratch_space_destroy(ctx, scratch); |     secp256k1_scratch_space_destroy(CTX, scratch); | ||||||
| } | } | ||||||
| #undef IDX_TO_TEST | #undef IDX_TO_TEST | ||||||
| 
 | 
 | ||||||
| @ -632,16 +632,16 @@ void norm_arg_prove_vectors_helper(secp256k1_scratch *scratch, const unsigned ch | |||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_bppp_rangeproof_norm_product_prove_const(scratch, myproof, &myplen, &transcript, &rho, gs->gens, gs->n, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len) == result); |     CHECK(secp256k1_bppp_rangeproof_norm_product_prove_const(scratch, myproof, &myplen, &transcript, &rho, gs->gens, gs->n, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len) == result); | ||||||
|     if (!result) { |     if (!result) { | ||||||
|         secp256k1_bppp_generators_destroy(ctx, gs); |         secp256k1_bppp_generators_destroy(CTX, gs); | ||||||
|         return; |         return; | ||||||
|     } |     } | ||||||
|     CHECK(plen == myplen); |     CHECK(plen == myplen); | ||||||
|     CHECK(secp256k1_memcmp_var(proof, myproof, plen) == 0); |     CHECK(secp256k1_memcmp_var(proof, myproof, plen) == 0); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); |     CHECK(secp256k1_bppp_commit(CTX, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu)); | ||||||
|     secp256k1_sha256_initialize(&transcript); |     secp256k1_sha256_initialize(&transcript); | ||||||
|     CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); |     CHECK(secp256k1_bppp_rangeproof_norm_product_verify(CTX, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit)); | ||||||
|     secp256k1_bppp_generators_destroy(ctx, gs); |     secp256k1_bppp_generators_destroy(CTX, gs); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -652,7 +652,7 @@ void norm_arg_prove_vectors_helper(secp256k1_scratch *scratch, const unsigned ch | |||||||
|     prove_vector_##i##_result)) |     prove_vector_##i##_result)) | ||||||
| 
 | 
 | ||||||
| void norm_arg_prove_vectors(void) { | void norm_arg_prove_vectors(void) { | ||||||
|     secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */ |     secp256k1_scratch *scratch = secp256k1_scratch_space_create(CTX, 1000*1000); /* shouldn't need much */ | ||||||
|     size_t alloc = scratch->alloc_size; |     size_t alloc = scratch->alloc_size; | ||||||
| 
 | 
 | ||||||
|     IDX_TO_TEST(0); |     IDX_TO_TEST(0); | ||||||
| @ -662,7 +662,7 @@ void norm_arg_prove_vectors(void) { | |||||||
|     IDX_TO_TEST(4); |     IDX_TO_TEST(4); | ||||||
| 
 | 
 | ||||||
|     CHECK(alloc == scratch->alloc_size); |     CHECK(alloc == scratch->alloc_size); | ||||||
|     secp256k1_scratch_space_destroy(ctx, scratch); |     secp256k1_scratch_space_destroy(CTX, scratch); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| #undef IDX_TO_TEST | #undef IDX_TO_TEST | ||||||
|  | |||||||
| @ -60,7 +60,7 @@ void test_ecdh_generator_basepoint(void) { | |||||||
| 
 | 
 | ||||||
|     s_one[31] = 1; |     s_one[31] = 1; | ||||||
|     /* Check against pubkey creation when the basepoint is the generator */ |     /* Check against pubkey creation when the basepoint is the generator */ | ||||||
|     for (i = 0; i < 2 * count; ++i) { |     for (i = 0; i < 2 * COUNT; ++i) { | ||||||
|         secp256k1_sha256 sha; |         secp256k1_sha256 sha; | ||||||
|         unsigned char s_b32[32]; |         unsigned char s_b32[32]; | ||||||
|         unsigned char output_ecdh[65]; |         unsigned char output_ecdh[65]; | ||||||
| @ -72,20 +72,20 @@ void test_ecdh_generator_basepoint(void) { | |||||||
|         random_scalar_order(&s); |         random_scalar_order(&s); | ||||||
|         secp256k1_scalar_get_b32(s_b32, &s); |         secp256k1_scalar_get_b32(s_b32, &s); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &point[0], s_one) == 1); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &point[1], s_b32) == 1); | ||||||
| 
 | 
 | ||||||
|         /* compute using ECDH function with custom hash function */ |         /* compute using ECDH function with custom hash function */ | ||||||
|         CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); |         CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); | ||||||
|         /* compute "explicitly" */ |         /* compute "explicitly" */ | ||||||
|         CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); |         CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); | ||||||
|         /* compare */ |         /* compare */ | ||||||
|         CHECK(secp256k1_memcmp_var(output_ecdh, point_ser, 65) == 0); |         CHECK(secp256k1_memcmp_var(output_ecdh, point_ser, 65) == 0); | ||||||
| 
 | 
 | ||||||
|         /* compute using ECDH function with default hash function */ |         /* compute using ECDH function with default hash function */ | ||||||
|         CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); |         CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); | ||||||
|         /* compute "explicitly" */ |         /* compute "explicitly" */ | ||||||
|         CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); |         CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); | ||||||
|         secp256k1_sha256_initialize(&sha); |         secp256k1_sha256_initialize(&sha); | ||||||
|         secp256k1_sha256_write(&sha, point_ser, point_ser_len); |         secp256k1_sha256_write(&sha, point_ser, point_ser_len); | ||||||
|         secp256k1_sha256_finalize(&sha, output_ser); |         secp256k1_sha256_finalize(&sha, output_ser); | ||||||
| @ -110,17 +110,17 @@ void test_bad_scalar(void) { | |||||||
|     /* Create random point */ |     /* Create random point */ | ||||||
|     random_scalar_order(&rand); |     random_scalar_order(&rand); | ||||||
|     secp256k1_scalar_get_b32(s_rand, &rand); |     secp256k1_scalar_get_b32(s_rand, &rand); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_rand) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Try to multiply it by bad values */ |     /* Try to multiply it by bad values */ | ||||||
|     CHECK(secp256k1_ecdh(ctx, output, &point, s_zero, NULL, NULL) == 0); |     CHECK(secp256k1_ecdh(CTX, output, &point, s_zero, NULL, NULL) == 0); | ||||||
|     CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 0); |     CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 0); | ||||||
|     /* ...and a good one */ |     /* ...and a good one */ | ||||||
|     s_overflow[31] -= 1; |     s_overflow[31] -= 1; | ||||||
|     CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, NULL, NULL) == 1); |     CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Hash function failure results in ecdh failure */ |     /* Hash function failure results in ecdh failure */ | ||||||
|     CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); |     CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */ | /** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */ | ||||||
| @ -136,21 +136,21 @@ void test_result_basepoint(void) { | |||||||
| 
 | 
 | ||||||
|     unsigned char s_one[32] = { 0 }; |     unsigned char s_one[32] = { 0 }; | ||||||
|     s_one[31] = 1; |     s_one[31] = 1; | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_one) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_one) == 1); | ||||||
|     CHECK(secp256k1_ecdh(ctx, out_base, &point, s_one, NULL, NULL) == 1); |     CHECK(secp256k1_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1); | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < 2 * count; i++) { |     for (i = 0; i < 2 * COUNT; i++) { | ||||||
|         random_scalar_order(&rand); |         random_scalar_order(&rand); | ||||||
|         secp256k1_scalar_get_b32(s, &rand); |         secp256k1_scalar_get_b32(s, &rand); | ||||||
|         secp256k1_scalar_inverse(&rand, &rand); |         secp256k1_scalar_inverse(&rand, &rand); | ||||||
|         secp256k1_scalar_get_b32(s_inv, &rand); |         secp256k1_scalar_get_b32(s_inv, &rand); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &point, s) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &point, s) == 1); | ||||||
|         CHECK(secp256k1_ecdh(ctx, out, &point, s_inv, NULL, NULL) == 1); |         CHECK(secp256k1_ecdh(CTX, out, &point, s_inv, NULL, NULL) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0); |         CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_inv) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_inv) == 1); | ||||||
|         CHECK(secp256k1_ecdh(ctx, out_inv, &point, s, NULL, NULL) == 1); |         CHECK(secp256k1_ecdh(CTX, out_inv, &point, s, NULL, NULL) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0); |         CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -14,7 +14,7 @@ void rand_point(secp256k1_ge *point) { | |||||||
|     secp256k1_gej pointj; |     secp256k1_gej pointj; | ||||||
|     rand_scalar(&x); |     rand_scalar(&x); | ||||||
| 
 | 
 | ||||||
|     secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pointj, &x); |     secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pointj, &x); | ||||||
|     secp256k1_ge_set_gej(point, &pointj); |     secp256k1_ge_set_gej(point, &pointj); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -41,8 +41,8 @@ void dleq_tests(void) { | |||||||
| 
 | 
 | ||||||
|     rand_point(&gen2); |     rand_point(&gen2); | ||||||
|     rand_scalar(&sk); |     rand_scalar(&sk); | ||||||
|     secp256k1_dleq_pair(&ctx->ecmult_gen_ctx, &p1, &p2, &sk, &gen2); |     secp256k1_dleq_pair(&CTX->ecmult_gen_ctx, &p1, &p2, &sk, &gen2); | ||||||
|     CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p1, &p2, NULL, NULL) == 1); |     CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p1, &p2, NULL, NULL) == 1); | ||||||
|     CHECK(secp256k1_dleq_verify(&s, &e, &p1, &gen2, &p2) == 1); |     CHECK(secp256k1_dleq_verify(&s, &e, &p1, &gen2, &p2) == 1); | ||||||
| 
 | 
 | ||||||
|     { |     { | ||||||
| @ -61,9 +61,9 @@ void dleq_tests(void) { | |||||||
|     { |     { | ||||||
|         secp256k1_ge p_inf; |         secp256k1_ge p_inf; | ||||||
|         secp256k1_ge_set_infinity(&p_inf); |         secp256k1_ge_set_infinity(&p_inf); | ||||||
|         CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &p_inf, &p1, &p2, NULL, NULL) == 0); |         CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &p_inf, &p1, &p2, NULL, NULL) == 0); | ||||||
|         CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p_inf, &p2, NULL, NULL) == 0); |         CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p_inf, &p2, NULL, NULL) == 0); | ||||||
|         CHECK(secp256k1_dleq_prove(ctx, &s, &e, &sk, &gen2, &p1, &p_inf, NULL, NULL) == 0); |         CHECK(secp256k1_dleq_prove(CTX, &s, &e, &sk, &gen2, &p1, &p_inf, NULL, NULL) == 0); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Nonce tests */ |     /* Nonce tests */ | ||||||
| @ -85,7 +85,7 @@ void dleq_tests(void) { | |||||||
|     args[2] = p1_33; |     args[2] = p1_33; | ||||||
|     args[3] = p2_33; |     args[3] = p2_33; | ||||||
|     args[4] = aux_rand; |     args[4] = aux_rand; | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         dleq_nonce_bitflip(args, 0, sizeof(sk32)); |         dleq_nonce_bitflip(args, 0, sizeof(sk32)); | ||||||
|         dleq_nonce_bitflip(args, 1, sizeof(gen2_33)); |         dleq_nonce_bitflip(args, 1, sizeof(gen2_33)); | ||||||
|         dleq_nonce_bitflip(args, 2, sizeof(p1_33)); |         dleq_nonce_bitflip(args, 2, sizeof(p1_33)); | ||||||
| @ -117,7 +117,7 @@ void test_ecdsa_adaptor_spec_vectors_check_verify(const unsigned char *adaptor_s | |||||||
|     CHECK(secp256k1_eckey_pubkey_parse(&pubkey_ge, pubkey33, 33) == 1); |     CHECK(secp256k1_eckey_pubkey_parse(&pubkey_ge, pubkey33, 33) == 1); | ||||||
|     secp256k1_pubkey_save(&pubkey, &pubkey_ge); |     secp256k1_pubkey_save(&pubkey, &pubkey_ge); | ||||||
| 
 | 
 | ||||||
|     CHECK(expected == secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig162, &pubkey, msg32, &encryption_key)); |     CHECK(expected == secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig162, &pubkey, msg32, &encryption_key)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Helper function for test_ecdsa_adaptor_spec_vectors
 | /* Helper function for test_ecdsa_adaptor_spec_vectors
 | ||||||
| @ -126,8 +126,8 @@ void test_ecdsa_adaptor_spec_vectors_check_decrypt(const unsigned char *adaptor_ | |||||||
|     unsigned char signature[64]; |     unsigned char signature[64]; | ||||||
|     secp256k1_ecdsa_signature s; |     secp256k1_ecdsa_signature s; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &s, decryption_key32, adaptor_sig162) == 1); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &s, decryption_key32, adaptor_sig162) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, signature, &s) == 1); |     CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, &s) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(expected == !(secp256k1_memcmp_var(signature, signature64, 64))); |     CHECK(expected == !(secp256k1_memcmp_var(signature, signature64, 64))); | ||||||
| } | } | ||||||
| @ -143,8 +143,8 @@ void test_ecdsa_adaptor_spec_vectors_check_recover(const unsigned char *adaptor_ | |||||||
|     CHECK(secp256k1_eckey_pubkey_parse(&encryption_key_ge, encryption_key33, 33) == 1); |     CHECK(secp256k1_eckey_pubkey_parse(&encryption_key_ge, encryption_key33, 33) == 1); | ||||||
|     secp256k1_pubkey_save(&encryption_key, &encryption_key_ge); |     secp256k1_pubkey_save(&encryption_key, &encryption_key_ge); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, signature64) == 1); |     CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature64) == 1); | ||||||
|     CHECK(expected == secp256k1_ecdsa_adaptor_recover(ctx, deckey32, &sig, adaptor_sig162, &encryption_key)); |     CHECK(expected == secp256k1_ecdsa_adaptor_recover(CTX, deckey32, &sig, adaptor_sig162, &encryption_key)); | ||||||
|     if (decryption_key32 != NULL) { |     if (decryption_key32 != NULL) { | ||||||
|         CHECK(expected == !(secp256k1_memcmp_var(deckey32, decryption_key32, 32))); |         CHECK(expected == !(secp256k1_memcmp_var(deckey32, decryption_key32, 32))); | ||||||
|     } |     } | ||||||
| @ -777,7 +777,7 @@ void run_nonce_function_ecdsa_adaptor_tests(void) { | |||||||
|     args[2] = pk; |     args[2] = pk; | ||||||
|     args[3] = algo; |     args[3] = algo; | ||||||
|     args[4] = aux_rand; |     args[4] = aux_rand; | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         nonce_function_ecdsa_adaptor_bitflip(args, 0, sizeof(msg), algolen); |         nonce_function_ecdsa_adaptor_bitflip(args, 0, sizeof(msg), algolen); | ||||||
|         nonce_function_ecdsa_adaptor_bitflip(args, 1, sizeof(key), algolen); |         nonce_function_ecdsa_adaptor_bitflip(args, 1, sizeof(key), algolen); | ||||||
|         nonce_function_ecdsa_adaptor_bitflip(args, 2, sizeof(pk), algolen); |         nonce_function_ecdsa_adaptor_bitflip(args, 2, sizeof(pk), algolen); | ||||||
| @ -800,7 +800,7 @@ void run_nonce_function_ecdsa_adaptor_tests(void) { | |||||||
|     CHECK(nonce_function_ecdsa_adaptor(nonce, msg, key, pk, dleq_algo, sizeof(dleq_algo), NULL) == 1); |     CHECK(nonce_function_ecdsa_adaptor(nonce, msg, key, pk, dleq_algo, sizeof(dleq_algo), NULL) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Different algolen gives different nonce */ |     /* Different algolen gives different nonce */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         unsigned char nonce2[32]; |         unsigned char nonce2[32]; | ||||||
|         uint32_t offset = secp256k1_testrand_int(algolen - 1); |         uint32_t offset = secp256k1_testrand_int(algolen - 1); | ||||||
|         size_t algolen_tmp = (algolen + offset) % algolen; |         size_t algolen_tmp = (algolen + offset) % algolen; | ||||||
| @ -824,83 +824,85 @@ void test_ecdsa_adaptor_api(void) { | |||||||
|     unsigned char deckey[32]; |     unsigned char deckey[32]; | ||||||
| 
 | 
 | ||||||
|     /** setup **/ |     /** setup **/ | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     int ecount; |     int ecount; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     secp256k1_testrand256(msg); |     secp256k1_testrand256(msg); | ||||||
|     secp256k1_testrand256(deckey); |     secp256k1_testrand256(deckey); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, sk) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &enckey, deckey) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &enckey, deckey) == 1); | ||||||
|     memset(&zero_pk, 0, sizeof(zero_pk)); |     memset(&zero_pk, 0, sizeof(zero_pk)); | ||||||
| 
 | 
 | ||||||
|     /** main test body **/ |     /** main test body **/ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, msg, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, msg, NULL, NULL) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(sttc, asig, sk, &enckey, msg, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(STATIC_CTX, asig, sk, &enckey, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, NULL, sk, &enckey, msg, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, NULL, sk, &enckey, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, NULL, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, NULL, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, NULL, &enckey, msg, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, NULL, &enckey, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, NULL, msg, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, NULL, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &zero_pk, msg, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &zero_pk, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig, sk, &enckey, msg, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig, sk, &enckey, msg, NULL, NULL) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, &enckey) == 1); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, &enckey) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, NULL, &pubkey, msg, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, NULL, &pubkey, msg, &enckey) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, NULL, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, NULL, &enckey) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, NULL, msg, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, NULL, msg, &enckey) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &zero_pk, msg, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &zero_pk, msg, &enckey) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig, &pubkey, msg, &zero_pk) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig, &pubkey, msg, &zero_pk) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, NULL, deckey, asig) == 0); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, NULL, deckey, asig) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, NULL, asig) == 0); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, NULL, asig) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, asig) == 1); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, asig) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, &enckey) == 1); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, &enckey) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(sttc, deckey, &sig, asig, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(STATIC_CTX, deckey, &sig, asig, &enckey) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, NULL, &sig, asig, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, NULL, &sig, asig, &enckey) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, NULL, asig, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, NULL, asig, &enckey) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, NULL, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, NULL, &enckey) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, NULL) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, NULL) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, deckey, &sig, asig, &zero_pk) == 0); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, deckey, &sig, asig, &zero_pk) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void adaptor_tests(void) { | void adaptor_tests(void) { | ||||||
| @ -919,24 +921,24 @@ void adaptor_tests(void) { | |||||||
|     secp256k1_testrand256(msg); |     secp256k1_testrand256(msg); | ||||||
|     secp256k1_testrand256(deckey); |     secp256k1_testrand256(deckey); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, seckey) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, seckey) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &enckey, deckey) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &enckey, deckey) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, NULL, NULL) == 1); | ||||||
| 
 | 
 | ||||||
|     { |     { | ||||||
|         /* Test overflowing seckey */ |         /* Test overflowing seckey */ | ||||||
|         memset(big, 0xFF, 32); |         memset(big, 0xFF, 32); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, big, &enckey, msg, NULL, NULL) == 0); |         CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, big, &enckey, msg, NULL, NULL) == 0); | ||||||
|         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); |         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); | ||||||
| 
 | 
 | ||||||
|         /* Test different nonce functions */ |         /* Test different nonce functions */ | ||||||
|         memset(adaptor_sig, 1, sizeof(adaptor_sig)); |         memset(adaptor_sig, 1, sizeof(adaptor_sig)); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_failing, NULL) == 0); |         CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_failing, NULL) == 0); | ||||||
|         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); |         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); | ||||||
|         memset(&adaptor_sig, 1, sizeof(adaptor_sig)); |         memset(&adaptor_sig, 1, sizeof(adaptor_sig)); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_0, NULL) == 0); |         CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_0, NULL) == 0); | ||||||
|         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); |         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_overflowing, NULL) == 1); |         CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, adaptor_sig, seckey, &enckey, msg, ecdsa_adaptor_nonce_function_overflowing, NULL) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) != 0); |         CHECK(secp256k1_memcmp_var(adaptor_sig, zeros162, sizeof(adaptor_sig)) != 0); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
| @ -1008,14 +1010,14 @@ void adaptor_tests(void) { | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Test adaptor_sig_verify */ |     /* Test adaptor_sig_verify */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg, &enckey) == 1); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg, &enckey) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &enckey, msg, &enckey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &enckey, msg, &enckey) == 0); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg, &pubkey) == 0); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg, &pubkey) == 0); | ||||||
|     { |     { | ||||||
|         /* Test failed adaptor sig deserialization */ |         /* Test failed adaptor sig deserialization */ | ||||||
|         unsigned char adaptor_sig_tmp[162]; |         unsigned char adaptor_sig_tmp[162]; | ||||||
|         memset(&adaptor_sig_tmp, 0xFF, 162); |         memset(&adaptor_sig_tmp, 0xFF, 162); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); |         CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
|         /* Test that any flipped bit in the adaptor signature will make
 |         /* Test that any flipped bit in the adaptor signature will make
 | ||||||
| @ -1023,13 +1025,13 @@ void adaptor_tests(void) { | |||||||
|         unsigned char adaptor_sig_tmp[162]; |         unsigned char adaptor_sig_tmp[162]; | ||||||
|         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); |         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); | ||||||
|         rand_flip_bit(&adaptor_sig_tmp[1], sizeof(adaptor_sig_tmp) - 1); |         rand_flip_bit(&adaptor_sig_tmp[1], sizeof(adaptor_sig_tmp) - 1); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); |         CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey, msg, &enckey) == 0); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
|         unsigned char msg_tmp[32]; |         unsigned char msg_tmp[32]; | ||||||
|         memcpy(msg_tmp, msg, sizeof(msg_tmp)); |         memcpy(msg_tmp, msg, sizeof(msg_tmp)); | ||||||
|         rand_flip_bit(msg_tmp, sizeof(msg_tmp)); |         rand_flip_bit(msg_tmp, sizeof(msg_tmp)); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig, &pubkey, msg_tmp, &enckey) == 0); |         CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig, &pubkey, msg_tmp, &enckey) == 0); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
|         /* Verification must check that the derived R' is not equal to the point at
 |         /* Verification must check that the derived R' is not equal to the point at
 | ||||||
| @ -1068,24 +1070,24 @@ void adaptor_tests(void) { | |||||||
| 
 | 
 | ||||||
|         /* X := G */ |         /* X := G */ | ||||||
|         seckey_tmp[31] = 1; |         seckey_tmp[31] = 1; | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_tmp, seckey_tmp) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_tmp, seckey_tmp) == 1); | ||||||
| 
 | 
 | ||||||
|         /* sp := sigr */ |         /* sp := sigr */ | ||||||
|         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); |         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); | ||||||
|         memcpy(&adaptor_sig_tmp[66], &adaptor_sig_tmp[1], 32); |         memcpy(&adaptor_sig_tmp[66], &adaptor_sig_tmp[1], 32); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_verify(ctx, adaptor_sig_tmp, &pubkey_tmp, msg_tmp, &enckey) == 0); |         CHECK(secp256k1_ecdsa_adaptor_verify(CTX, adaptor_sig_tmp, &pubkey_tmp, msg_tmp, &enckey) == 0); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Test decryption */ |     /* Test decryption */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig, deckey, adaptor_sig) == 1); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig, deckey, adaptor_sig) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pubkey) == 1); |     CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1); | ||||||
| 
 | 
 | ||||||
|     { |     { | ||||||
|         /* Test overflowing decryption key */ |         /* Test overflowing decryption key */ | ||||||
|         secp256k1_ecdsa_signature s; |         secp256k1_ecdsa_signature s; | ||||||
|         memset(big, 0xFF, 32); |         memset(big, 0xFF, 32); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &s, big, adaptor_sig) == 0); |         CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &s, big, adaptor_sig) == 0); | ||||||
|         CHECK(secp256k1_memcmp_var(&s.data[0], zeros64, sizeof(&s.data[0])) == 0); |         CHECK(secp256k1_memcmp_var(&s.data[0], zeros64, sizeof(&s.data[0])) == 0); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
| @ -1093,13 +1095,13 @@ void adaptor_tests(void) { | |||||||
|         unsigned char decryption_key_tmp[32]; |         unsigned char decryption_key_tmp[32]; | ||||||
|         unsigned char adaptor_sig_tmp[162]; |         unsigned char adaptor_sig_tmp[162]; | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_recover(ctx, decryption_key_tmp, &sig, adaptor_sig, &enckey) == 1); |         CHECK(secp256k1_ecdsa_adaptor_recover(CTX, decryption_key_tmp, &sig, adaptor_sig, &enckey) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(deckey, decryption_key_tmp, sizeof(deckey)) == 0); |         CHECK(secp256k1_memcmp_var(deckey, decryption_key_tmp, sizeof(deckey)) == 0); | ||||||
| 
 | 
 | ||||||
|         /* Test failed sp deserialization */ |         /* Test failed sp deserialization */ | ||||||
|         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); |         memcpy(adaptor_sig_tmp, adaptor_sig, sizeof(adaptor_sig_tmp)); | ||||||
|         memset(&adaptor_sig_tmp[66], 0xFF, 32); |         memset(&adaptor_sig_tmp[66], 0xFF, 32); | ||||||
|         CHECK(secp256k1_ecdsa_adaptor_recover(ctx, decryption_key_tmp, &sig, adaptor_sig_tmp, &enckey) == 0); |         CHECK(secp256k1_ecdsa_adaptor_recover(CTX, decryption_key_tmp, &sig, adaptor_sig_tmp, &enckey) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -1123,13 +1125,13 @@ void multi_hop_lock_tests(void) { | |||||||
|     secp256k1_testrand256(seckey_a); |     secp256k1_testrand256(seckey_a); | ||||||
|     secp256k1_testrand256(seckey_b); |     secp256k1_testrand256(seckey_b); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_a, seckey_a)); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_a, seckey_a)); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_b, seckey_b)); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_b, seckey_b)); | ||||||
| 
 | 
 | ||||||
|     /* Carol setup */ |     /* Carol setup */ | ||||||
|     /* Proof of payment */ |     /* Proof of payment */ | ||||||
|     secp256k1_testrand256(pop); |     secp256k1_testrand256(pop); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey_pop, pop)); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey_pop, pop)); | ||||||
| 
 | 
 | ||||||
|     /* Alice setup */ |     /* Alice setup */ | ||||||
|     secp256k1_testrand256(tx_ab); |     secp256k1_testrand256(tx_ab); | ||||||
| @ -1137,39 +1139,39 @@ void multi_hop_lock_tests(void) { | |||||||
|     rand_scalar(&t2); |     rand_scalar(&t2); | ||||||
|     secp256k1_scalar_add(&tp, &t1, &t2); |     secp256k1_scalar_add(&tp, &t1, &t2); | ||||||
|     /* Left lock */ |     /* Left lock */ | ||||||
|     secp256k1_pubkey_load(ctx, &l_ge, &pubkey_pop); |     secp256k1_pubkey_load(CTX, &l_ge, &pubkey_pop); | ||||||
|     CHECK(secp256k1_eckey_pubkey_tweak_add(&l_ge, &t1)); |     CHECK(secp256k1_eckey_pubkey_tweak_add(&l_ge, &t1)); | ||||||
|     secp256k1_pubkey_save(&l, &l_ge); |     secp256k1_pubkey_save(&l, &l_ge); | ||||||
|     /* Right lock */ |     /* Right lock */ | ||||||
|     secp256k1_pubkey_load(ctx, &r_ge, &pubkey_pop); |     secp256k1_pubkey_load(CTX, &r_ge, &pubkey_pop); | ||||||
|     CHECK(secp256k1_eckey_pubkey_tweak_add(&r_ge, &tp)); |     CHECK(secp256k1_eckey_pubkey_tweak_add(&r_ge, &tp)); | ||||||
|     secp256k1_pubkey_save(&r, &r_ge); |     secp256k1_pubkey_save(&r, &r_ge); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig_ab, seckey_a, &l, tx_ab, NULL, NULL)); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig_ab, seckey_a, &l, tx_ab, NULL, NULL)); | ||||||
| 
 | 
 | ||||||
|     /* Bob setup */ |     /* Bob setup */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig_ab, &pubkey_a, tx_ab, &l)); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig_ab, &pubkey_a, tx_ab, &l)); | ||||||
|     secp256k1_testrand256(tx_bc); |     secp256k1_testrand256(tx_bc); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_encrypt(ctx, asig_bc, seckey_b, &r, tx_bc, NULL, NULL)); |     CHECK(secp256k1_ecdsa_adaptor_encrypt(CTX, asig_bc, seckey_b, &r, tx_bc, NULL, NULL)); | ||||||
| 
 | 
 | ||||||
|     /* Carol decrypt */ |     /* Carol decrypt */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_verify(ctx, asig_bc, &pubkey_b, tx_bc, &r)); |     CHECK(secp256k1_ecdsa_adaptor_verify(CTX, asig_bc, &pubkey_b, tx_bc, &r)); | ||||||
|     secp256k1_scalar_set_b32(&deckey, pop, NULL); |     secp256k1_scalar_set_b32(&deckey, pop, NULL); | ||||||
|     secp256k1_scalar_add(&deckey, &deckey, &tp); |     secp256k1_scalar_add(&deckey, &deckey, &tp); | ||||||
|     secp256k1_scalar_get_b32(buf, &deckey); |     secp256k1_scalar_get_b32(buf, &deckey); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig_bc, buf, asig_bc)); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig_bc, buf, asig_bc)); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &sig_bc, tx_bc, &pubkey_b)); |     CHECK(secp256k1_ecdsa_verify(CTX, &sig_bc, tx_bc, &pubkey_b)); | ||||||
| 
 | 
 | ||||||
|     /* Bob recover and decrypt */ |     /* Bob recover and decrypt */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, buf, &sig_bc, asig_bc, &r)); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, buf, &sig_bc, asig_bc, &r)); | ||||||
|     secp256k1_scalar_set_b32(&deckey, buf, NULL); |     secp256k1_scalar_set_b32(&deckey, buf, NULL); | ||||||
|     secp256k1_scalar_negate(&t2, &t2); |     secp256k1_scalar_negate(&t2, &t2); | ||||||
|     secp256k1_scalar_add(&deckey, &deckey, &t2); |     secp256k1_scalar_add(&deckey, &deckey, &t2); | ||||||
|     secp256k1_scalar_get_b32(buf, &deckey); |     secp256k1_scalar_get_b32(buf, &deckey); | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_decrypt(ctx, &sig_ab, buf, asig_ab)); |     CHECK(secp256k1_ecdsa_adaptor_decrypt(CTX, &sig_ab, buf, asig_ab)); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &sig_ab, tx_ab, &pubkey_a)); |     CHECK(secp256k1_ecdsa_verify(CTX, &sig_ab, tx_ab, &pubkey_a)); | ||||||
| 
 | 
 | ||||||
|     /* Alice recover and derive proof of payment */ |     /* Alice recover and derive proof of payment */ | ||||||
|     CHECK(secp256k1_ecdsa_adaptor_recover(ctx, buf, &sig_ab, asig_ab, &l)); |     CHECK(secp256k1_ecdsa_adaptor_recover(CTX, buf, &sig_ab, asig_ab, &l)); | ||||||
|     secp256k1_scalar_set_b32(&deckey, buf, NULL); |     secp256k1_scalar_set_b32(&deckey, buf, NULL); | ||||||
|     secp256k1_scalar_negate(&t1, &t1); |     secp256k1_scalar_negate(&t1, &t1); | ||||||
|     secp256k1_scalar_add(&deckey, &deckey, &t1); |     secp256k1_scalar_add(&deckey, &deckey, &t1); | ||||||
| @ -1183,13 +1185,13 @@ void run_ecdsa_adaptor_tests(void) { | |||||||
| 
 | 
 | ||||||
|     test_ecdsa_adaptor_api(); |     test_ecdsa_adaptor_api(); | ||||||
|     test_ecdsa_adaptor_spec_vectors(); |     test_ecdsa_adaptor_spec_vectors(); | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         dleq_tests(); |         dleq_tests(); | ||||||
|     } |     } | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         adaptor_tests(); |         adaptor_tests(); | ||||||
|     } |     } | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         multi_hop_lock_tests(); |         multi_hop_lock_tests(); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -43,39 +43,39 @@ void run_s2c_opening_test(void) { | |||||||
|     secp256k1_ecdsa_s2c_opening opening; |     secp256k1_ecdsa_s2c_opening opening; | ||||||
|     int32_t ecount = 0; |     int32_t ecount = 0; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     /* First parsing, then serializing works */ |     /* First parsing, then serializing works */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, &opening) == 1); |     CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, &opening) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, NULL, input) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, NULL, input) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, NULL) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, NULL, &opening) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, NULL, &opening) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, NULL) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, NULL) == 0); | ||||||
| 
 | 
 | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     /* Invalid pubkey makes parsing fail */ |     /* Invalid pubkey makes parsing fail */ | ||||||
|     input[0] = 0;  /* bad oddness bit */ |     input[0] = 0;  /* bad oddness bit */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 0); | ||||||
|     input[0] = 2; |     input[0] = 2; | ||||||
|     input[31] = 1; /* point not on the curve */ |     input[31] = 1; /* point not on the curve */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 0); |     CHECK(secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 0); | ||||||
|     CHECK(ecount == 4); /* neither of the above are API errors */ |     CHECK(ecount == 4); /* neither of the above are API errors */ | ||||||
| 
 | 
 | ||||||
|     /* Try parsing and serializing a bunch of openings */ |     /* Try parsing and serializing a bunch of openings */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         /* This is expected to fail in about 50% of iterations because the
 |         /* This is expected to fail in about 50% of iterations because the
 | ||||||
|          * points' x-coordinates are uniformly random */ |          * points' x-coordinates are uniformly random */ | ||||||
|         if (secp256k1_ecdsa_s2c_opening_parse(ctx, &opening, input) == 1) { |         if (secp256k1_ecdsa_s2c_opening_parse(CTX, &opening, input) == 1) { | ||||||
|             CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, output, &opening) == 1); |             CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, output, &opening) == 1); | ||||||
|             CHECK(secp256k1_memcmp_var(output, input, sizeof(output)) == 0); |             CHECK(secp256k1_memcmp_var(output, input, sizeof(output)) == 0); | ||||||
|         } |         } | ||||||
|         secp256k1_testrand256(&input[1]); |         secp256k1_testrand256(&input[1]); | ||||||
| @ -83,11 +83,10 @@ void run_s2c_opening_test(void) { | |||||||
|         input[0] = (input[1] & 1) + 2; |         input[0] = (input[1] & 1) + 2; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_ecdsa_s2c_api(void) { | static void test_ecdsa_s2c_api(void) { | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
| 
 |  | ||||||
|     secp256k1_ecdsa_s2c_opening s2c_opening; |     secp256k1_ecdsa_s2c_opening s2c_opening; | ||||||
|     secp256k1_ecdsa_signature sig; |     secp256k1_ecdsa_signature sig; | ||||||
|     const unsigned char msg[32] = "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"; |     const unsigned char msg[32] = "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"; | ||||||
| @ -98,96 +97,97 @@ static void test_ecdsa_s2c_api(void) { | |||||||
|     secp256k1_pubkey pk; |     secp256k1_pubkey pk; | ||||||
| 
 | 
 | ||||||
|     int32_t ecount; |     int32_t ecount; | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sec)); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sec)); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, NULL, &s2c_opening, msg, sec, s2c_data) == 0); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, NULL, &s2c_opening, msg, sec, s2c_data) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, NULL, msg, sec, s2c_data) == 1); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, NULL, msg, sec, s2c_data) == 1); | ||||||
|     CHECK(ecount == 1); /* NULL opening is not an API error */ |     CHECK(ecount == 1); /* NULL opening is not an API error */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, NULL, sec, s2c_data) == 0); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, NULL, sec, s2c_data) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, NULL, s2c_data) == 0); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, NULL, s2c_data) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, sec, NULL) == 0); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, sec, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, &s2c_opening, msg, sec, s2c_data) == 1); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, &s2c_opening, msg, sec, s2c_data) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(sttc, &sig, &s2c_opening, msg, sec, s2c_data) == 0); |     CHECK(secp256k1_ecdsa_s2c_sign(STATIC_CTX, &sig, &s2c_opening, msg, sec, s2c_data) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg, &pk) == 1); |     CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pk) == 1); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, NULL, s2c_data, &s2c_opening) == 0); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, NULL, s2c_data, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, NULL, &s2c_opening) == 0); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, NULL, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, NULL) == 0); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, &s2c_opening) == 1); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, &s2c_opening) == 1); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, sec, &s2c_opening) == 0); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, sec, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 3); /* wrong data is not an API error */ |     CHECK(ecount == 3); /* wrong data is not an API error */ | ||||||
| 
 | 
 | ||||||
|     /* Signing with NULL s2c_opening gives the same result */ |     /* Signing with NULL s2c_opening gives the same result */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_sign(ctx, &sig, NULL, msg, sec, s2c_data) == 1); |     CHECK(secp256k1_ecdsa_s2c_sign(CTX, &sig, NULL, msg, sec, s2c_data) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &sig, s2c_data, &s2c_opening) == 1); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &sig, s2c_data, &s2c_opening) == 1); | ||||||
| 
 | 
 | ||||||
|     /* anti-exfil */ |     /* anti-exfil */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, NULL, hostrand) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, NULL, hostrand) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, hostrand_commitment, NULL) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, hostrand_commitment, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, hostrand_commitment, hostrand) == 1); |     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, hostrand_commitment, hostrand) == 1); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, NULL, msg, sec, hostrand_commitment) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, NULL, msg, sec, hostrand_commitment) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, NULL, sec, hostrand_commitment) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, NULL, sec, hostrand_commitment) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, NULL, hostrand_commitment) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, NULL, hostrand_commitment) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, sec, NULL) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, sec, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, msg, sec, hostrand_commitment) == 1); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, msg, sec, hostrand_commitment) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(sttc, &s2c_opening, msg, sec, hostrand_commitment) == 0); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(STATIC_CTX, &s2c_opening, msg, sec, hostrand_commitment) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, NULL, msg, sec, hostrand) == 0); |     CHECK(secp256k1_anti_exfil_sign(CTX, NULL, msg, sec, hostrand) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, &sig, NULL, sec, hostrand) == 0); |     CHECK(secp256k1_anti_exfil_sign(CTX, &sig, NULL, sec, hostrand) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, NULL, hostrand) == 0); |     CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, NULL, hostrand) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, sec, NULL) == 0); |     CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, sec, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, &sig, msg, sec, hostrand) == 1); |     CHECK(secp256k1_anti_exfil_sign(CTX, &sig, msg, sec, hostrand) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_anti_exfil_sign(sttc, &sig, msg, sec, hostrand) == 0); |     CHECK(secp256k1_anti_exfil_sign(STATIC_CTX, &sig, msg, sec, hostrand) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, NULL, msg, &pk, hostrand, &s2c_opening) == 0); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, NULL, msg, &pk, hostrand, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, NULL, &pk, hostrand, &s2c_opening) == 0); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, NULL, &pk, hostrand, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, NULL, hostrand, &s2c_opening) == 0); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, NULL, hostrand, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, NULL, &s2c_opening) == 0); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, NULL, &s2c_opening) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, hostrand, NULL) == 0); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, hostrand, NULL) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &sig, msg, &pk, hostrand, &s2c_opening) == 1); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &sig, msg, &pk, hostrand, &s2c_opening) == 1); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* When using sign-to-contract commitments, the nonce function is fixed, so we can use fixtures to test. */ | /* When using sign-to-contract commitments, the nonce function is fixed, so we can use fixtures to test. */ | ||||||
| @ -229,10 +229,10 @@ static void test_ecdsa_s2c_fixed_vectors(void) { | |||||||
|         unsigned char opening_ser[33]; |         unsigned char opening_ser[33]; | ||||||
|         const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; |         const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; | ||||||
|         secp256k1_ecdsa_signature signature; |         secp256k1_ecdsa_signature signature; | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, test->s2c_data) == 1); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, test->s2c_data) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, opening_ser, &s2c_opening) == 1); |         CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, opening_ser, &s2c_opening) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(test->expected_s2c_opening, opening_ser, sizeof(opening_ser)) == 0); |         CHECK(secp256k1_memcmp_var(test->expected_s2c_opening, opening_ser, sizeof(opening_ser)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, test->s2c_data, &s2c_opening) == 1); |         CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, test->s2c_data, &s2c_opening) == 1); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -251,7 +251,7 @@ static void test_ecdsa_s2c_sign_verify(void) { | |||||||
|         secp256k1_scalar key; |         secp256k1_scalar key; | ||||||
|         random_scalar_order_test(&key); |         random_scalar_order_test(&key); | ||||||
|         secp256k1_scalar_get_b32(privkey, &key); |         secp256k1_scalar_get_b32(privkey, &key); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); | ||||||
| 
 | 
 | ||||||
|         secp256k1_testrand256_test(message); |         secp256k1_testrand256_test(message); | ||||||
|         secp256k1_testrand256_test(noncedata); |         secp256k1_testrand256_test(noncedata); | ||||||
| @ -262,28 +262,28 @@ static void test_ecdsa_s2c_sign_verify(void) { | |||||||
|     { /* invalid privkeys */ |     { /* invalid privkeys */ | ||||||
|         unsigned char zero_privkey[32] = {0}; |         unsigned char zero_privkey[32] = {0}; | ||||||
|         unsigned char overflow_privkey[32] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"; |         unsigned char overflow_privkey[32] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"; | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, NULL, message, zero_privkey, s2c_data) == 0); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, NULL, message, zero_privkey, s2c_data) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, NULL, message, overflow_privkey, s2c_data) == 0); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, NULL, message, overflow_privkey, s2c_data) == 0); | ||||||
|     } |     } | ||||||
|     /* Check that the sign-to-contract signature is valid, with s2c_data. Also check the commitment. */ |     /* Check that the sign-to-contract signature is valid, with s2c_data. Also check the commitment. */ | ||||||
|     { |     { | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, s2c_data) == 1); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, s2c_data) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &signature, message, &pubkey) == 1); |         CHECK(secp256k1_ecdsa_verify(CTX, &signature, message, &pubkey) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, s2c_data, &s2c_opening) == 1); |         CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, s2c_data, &s2c_opening) == 1); | ||||||
|     } |     } | ||||||
|     /* Check that an invalid commitment does not verify */ |     /* Check that an invalid commitment does not verify */ | ||||||
|     { |     { | ||||||
|         unsigned char sigbytes[64]; |         unsigned char sigbytes[64]; | ||||||
|         size_t i; |         size_t i; | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, message, privkey, s2c_data) == 1); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, message, privkey, s2c_data) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &signature, message, &pubkey) == 1); |         CHECK(secp256k1_ecdsa_verify(CTX, &signature, message, &pubkey) == 1); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, sigbytes, &signature) == 1); |         CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, sigbytes, &signature) == 1); | ||||||
|         for(i = 0; i < 32; i++) { |         for(i = 0; i < 32; i++) { | ||||||
|             /* change one byte */ |             /* change one byte */ | ||||||
|             sigbytes[i] = (((int)sigbytes[i]) + 1) % 256; |             sigbytes[i] = (((int)sigbytes[i]) + 1) % 256; | ||||||
|             CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); |             CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); | ||||||
|             CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, s2c_data, &s2c_opening) == 0); |             CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, s2c_data, &s2c_opening) == 0); | ||||||
|             /* revert */ |             /* revert */ | ||||||
|             sigbytes[i] = (((int)sigbytes[i]) + 255) % 256; |             sigbytes[i] = (((int)sigbytes[i]) + 255) % 256; | ||||||
|         } |         } | ||||||
| @ -305,8 +305,8 @@ static void test_ecdsa_anti_exfil_signer_commit(void) { | |||||||
|         secp256k1_ecdsa_s2c_opening s2c_opening; |         secp256k1_ecdsa_s2c_opening s2c_opening; | ||||||
|         unsigned char buf[33]; |         unsigned char buf[33]; | ||||||
|         const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; |         const ecdsa_s2c_test *test = &ecdsa_s2c_tests[i]; | ||||||
|         CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, message, privkey, test->s2c_data) == 1); |         CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, message, privkey, test->s2c_data) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_s2c_opening_serialize(ctx, buf, &s2c_opening) == 1); |         CHECK(secp256k1_ecdsa_s2c_opening_serialize(CTX, buf, &s2c_opening) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(test->expected_s2c_exfil_opening, buf, sizeof(buf)) == 0); |         CHECK(secp256k1_memcmp_var(test->expected_s2c_exfil_opening, buf, sizeof(buf)) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| @ -326,53 +326,53 @@ static void test_ecdsa_anti_exfil(void) { | |||||||
|         secp256k1_scalar key; |         secp256k1_scalar key; | ||||||
|         random_scalar_order_test(&key); |         random_scalar_order_test(&key); | ||||||
|         secp256k1_scalar_get_b32(signer_privkey, &key); |         secp256k1_scalar_get_b32(signer_privkey, &key); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &signer_pubkey, signer_privkey) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &signer_pubkey, signer_privkey) == 1); | ||||||
|         secp256k1_testrand256_test(host_msg); |         secp256k1_testrand256_test(host_msg); | ||||||
|         secp256k1_testrand256_test(host_nonce_contribution); |         secp256k1_testrand256_test(host_nonce_contribution); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Protocol step 1. */ |     /* Protocol step 1. */ | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(ctx, host_commitment, host_nonce_contribution) == 1); |     CHECK(secp256k1_ecdsa_anti_exfil_host_commit(CTX, host_commitment, host_nonce_contribution) == 1); | ||||||
|     /* Protocol step 2. */ |     /* Protocol step 2. */ | ||||||
|     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(ctx, &s2c_opening, host_msg, signer_privkey, host_commitment) == 1); |     CHECK(secp256k1_ecdsa_anti_exfil_signer_commit(CTX, &s2c_opening, host_msg, signer_privkey, host_commitment) == 1); | ||||||
|     /* Protocol step 3: host_nonce_contribution send to signer to be used in step 4. */ |     /* Protocol step 3: host_nonce_contribution send to signer to be used in step 4. */ | ||||||
|     /* Protocol step 4. */ |     /* Protocol step 4. */ | ||||||
|     CHECK(secp256k1_anti_exfil_sign(ctx, &signature, host_msg, signer_privkey, host_nonce_contribution) == 1); |     CHECK(secp256k1_anti_exfil_sign(CTX, &signature, host_msg, signer_privkey, host_nonce_contribution) == 1); | ||||||
|     /* Protocol step 5. */ |     /* Protocol step 5. */ | ||||||
|     CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); |     CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); | ||||||
|     /* Protocol step 5 (explicitly) */ |     /* Protocol step 5 (explicitly) */ | ||||||
|     CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, host_nonce_contribution, &s2c_opening) == 1); |     CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, host_nonce_contribution, &s2c_opening) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &signature, host_msg, &signer_pubkey) == 1); |     CHECK(secp256k1_ecdsa_verify(CTX, &signature, host_msg, &signer_pubkey) == 1); | ||||||
| 
 | 
 | ||||||
|     { /* host_verify: commitment does not match */ |     { /* host_verify: commitment does not match */ | ||||||
|         unsigned char sigbytes[64]; |         unsigned char sigbytes[64]; | ||||||
|         size_t i; |         size_t i; | ||||||
|         CHECK(secp256k1_ecdsa_signature_serialize_compact(ctx, sigbytes, &signature) == 1); |         CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, sigbytes, &signature) == 1); | ||||||
|         for(i = 0; i < 32; i++) { |         for(i = 0; i < 32; i++) { | ||||||
|             /* change one byte */ |             /* change one byte */ | ||||||
|             sigbytes[i] += 1; |             sigbytes[i] += 1; | ||||||
|             CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); |             CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); | ||||||
|             CHECK(secp256k1_ecdsa_s2c_verify_commit(ctx, &signature, host_nonce_contribution, &s2c_opening) == 0); |             CHECK(secp256k1_ecdsa_s2c_verify_commit(CTX, &signature, host_nonce_contribution, &s2c_opening) == 0); | ||||||
|             CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); |             CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); | ||||||
|             /* revert */ |             /* revert */ | ||||||
|             sigbytes[i] -= 1; |             sigbytes[i] -= 1; | ||||||
|         } |         } | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &signature, sigbytes) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &signature, sigbytes) == 1); | ||||||
|     } |     } | ||||||
|     { /* host_verify: message does not match */ |     { /* host_verify: message does not match */ | ||||||
|         unsigned char bad_msg[32]; |         unsigned char bad_msg[32]; | ||||||
|         secp256k1_testrand256_test(bad_msg); |         secp256k1_testrand256_test(bad_msg); | ||||||
|         CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); |         CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 1); | ||||||
|         CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, bad_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); |         CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, bad_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); | ||||||
|     } |     } | ||||||
|     { /* s2c_sign: host provided data that didn't match commitment */ |     { /* s2c_sign: host provided data that didn't match commitment */ | ||||||
|         secp256k1_ecdsa_s2c_opening orig_opening = s2c_opening; |         secp256k1_ecdsa_s2c_opening orig_opening = s2c_opening; | ||||||
|         unsigned char bad_nonce_contribution[32] = { 1, 2, 3, 4 }; |         unsigned char bad_nonce_contribution[32] = { 1, 2, 3, 4 }; | ||||||
|         CHECK(secp256k1_ecdsa_s2c_sign(ctx, &signature, &s2c_opening, host_msg, signer_privkey, bad_nonce_contribution) == 1); |         CHECK(secp256k1_ecdsa_s2c_sign(CTX, &signature, &s2c_opening, host_msg, signer_privkey, bad_nonce_contribution) == 1); | ||||||
|         /* good signature but the opening (original public nonce does not match the original */ |         /* good signature but the opening (original public nonce does not match the original */ | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &signature, host_msg, &signer_pubkey) == 1); |         CHECK(secp256k1_ecdsa_verify(CTX, &signature, host_msg, &signer_pubkey) == 1); | ||||||
|         CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); |         CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, host_nonce_contribution, &s2c_opening) == 0); | ||||||
|         CHECK(secp256k1_anti_exfil_host_verify(ctx, &signature, host_msg, &signer_pubkey, bad_nonce_contribution, &s2c_opening) == 1); |         CHECK(secp256k1_anti_exfil_host_verify(CTX, &signature, host_msg, &signer_pubkey, bad_nonce_contribution, &s2c_opening) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(&s2c_opening, &orig_opening, sizeof(s2c_opening)) != 0); |         CHECK(secp256k1_memcmp_var(&s2c_opening, &orig_opening, sizeof(s2c_opening)) != 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
| @ -30,52 +30,52 @@ void test_xonly_pubkey(void) { | |||||||
| 
 | 
 | ||||||
|     int ecount; |     int ecount; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     memset(ones32, 0xFF, 32); |     memset(ones32, 0xFF, 32); | ||||||
|     secp256k1_testrand256(xy_sk); |     secp256k1_testrand256(xy_sk); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Test xonly_pubkey_from_pubkey */ |     /* Test xonly_pubkey_from_pubkey */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, NULL, &pk_parity, &pk) == 0); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, NULL) == 0); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     memset(&pk, 0, sizeof(pk)); |     memset(&pk, 0, sizeof(pk)); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 0); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */ |     /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */ | ||||||
|     memset(sk, 0, sizeof(sk)); |     memset(sk, 0, sizeof(sk)); | ||||||
|     sk[0] = 1; |     sk[0] = 1; | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); | ||||||
|     CHECK(pk_parity == 0); |     CHECK(pk_parity == 0); | ||||||
| 
 | 
 | ||||||
|     /* Choose a secret key such that pubkey and xonly_pubkey are each others
 |     /* Choose a secret key such that pubkey and xonly_pubkey are each others
 | ||||||
|      * negation. */ |      * negation. */ | ||||||
|     sk[0] = 2; |     sk[0] = 2; | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); |     CHECK(secp256k1_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); | ||||||
|     CHECK(pk_parity == 1); |     CHECK(pk_parity == 1); | ||||||
|     secp256k1_pubkey_load(ctx, &pk1, &pk); |     secp256k1_pubkey_load(CTX, &pk1, &pk); | ||||||
|     secp256k1_pubkey_load(ctx, &pk2, (secp256k1_pubkey *) &xonly_pk); |     secp256k1_pubkey_load(CTX, &pk2, (secp256k1_pubkey *) &xonly_pk); | ||||||
|     CHECK(secp256k1_fe_equal(&pk1.x, &pk2.x) == 1); |     CHECK(secp256k1_fe_equal(&pk1.x, &pk2.x) == 1); | ||||||
|     secp256k1_fe_negate(&y, &pk2.y, 1); |     secp256k1_fe_negate(&y, &pk2.y, 1); | ||||||
|     CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1); |     CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Test xonly_pubkey_serialize and xonly_pubkey_parse */ |     /* Test xonly_pubkey_serialize and xonly_pubkey_parse */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, NULL, &xonly_pk) == 0); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, NULL, &xonly_pk) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, NULL) == 0); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, NULL) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0); |     CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     { |     { | ||||||
| @ -83,46 +83,46 @@ void test_xonly_pubkey(void) { | |||||||
|          * special casing. */ |          * special casing. */ | ||||||
|         secp256k1_xonly_pubkey pk_tmp; |         secp256k1_xonly_pubkey pk_tmp; | ||||||
|         memset(&pk_tmp, 0, sizeof(pk_tmp)); |         memset(&pk_tmp, 0, sizeof(pk_tmp)); | ||||||
|         CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &pk_tmp) == 0); |         CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &pk_tmp) == 0); | ||||||
|     } |     } | ||||||
|     /* pubkey_load called illegal callback */ |     /* pubkey_load called illegal callback */ | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, NULL, buf32) == 0); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, NULL, buf32) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, NULL) == 0); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
| 
 | 
 | ||||||
|     /* Serialization and parse roundtrip */ |     /* Serialization and parse roundtrip */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &xonly_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk_tmp, buf32) == 1); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk_tmp, buf32) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Test parsing invalid field elements */ |     /* Test parsing invalid field elements */ | ||||||
|     memset(&xonly_pk, 1, sizeof(xonly_pk)); |     memset(&xonly_pk, 1, sizeof(xonly_pk)); | ||||||
|     /* Overflowing field element */ |     /* Overflowing field element */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, ones32) == 0); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, ones32) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); | ||||||
|     memset(&xonly_pk, 1, sizeof(xonly_pk)); |     memset(&xonly_pk, 1, sizeof(xonly_pk)); | ||||||
|     /* There's no point with x-coordinate 0 on secp256k1 */ |     /* There's no point with x-coordinate 0 on secp256k1 */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, zeros64) == 0); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, zeros64) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); | ||||||
|     /* If a random 32-byte string can not be parsed with ec_pubkey_parse
 |     /* If a random 32-byte string can not be parsed with ec_pubkey_parse
 | ||||||
|      * (because interpreted as X coordinate it does not correspond to a point on |      * (because interpreted as X coordinate it does not correspond to a point on | ||||||
|      * the curve) then xonly_pubkey_parse should fail as well. */ |      * the curve) then xonly_pubkey_parse should fail as well. */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         unsigned char rand33[33]; |         unsigned char rand33[33]; | ||||||
|         secp256k1_testrand256(&rand33[1]); |         secp256k1_testrand256(&rand33[1]); | ||||||
|         rand33[0] = SECP256K1_TAG_PUBKEY_EVEN; |         rand33[0] = SECP256K1_TAG_PUBKEY_EVEN; | ||||||
|         if (!secp256k1_ec_pubkey_parse(ctx, &pk, rand33, 33)) { |         if (!secp256k1_ec_pubkey_parse(CTX, &pk, rand33, 33)) { | ||||||
|             memset(&xonly_pk, 1, sizeof(xonly_pk)); |             memset(&xonly_pk, 1, sizeof(xonly_pk)); | ||||||
|             CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 0); |             CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 0); | ||||||
|             CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); |             CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); | ||||||
|         } else { |         } else { | ||||||
|             CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pk, &rand33[1]) == 1); |             CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 1); | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
| @ -141,26 +141,26 @@ void test_xonly_pubkey_comparison(void) { | |||||||
|     secp256k1_xonly_pubkey pk2; |     secp256k1_xonly_pubkey pk2; | ||||||
|     int ecount = 0; |     int ecount = 0; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk1, pk1_ser) == 1); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk1, pk1_ser) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk2, pk2_ser) == 1); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk2, pk2_ser) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, NULL, &pk2) < 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, NULL) > 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk2) < 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk1) > 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk1) == 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk2) == 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk2) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ |     memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk2) < 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk1, &pk1) == 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_xonly_pubkey_cmp(ctx, &pk2, &pk1) > 0); |     CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -177,48 +177,48 @@ void test_xonly_pubkey_tweak(void) { | |||||||
| 
 | 
 | ||||||
|     int ecount; |     int ecount; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     memset(overflows, 0xff, sizeof(overflows)); |     memset(overflows, 0xff, sizeof(overflows)); | ||||||
|     secp256k1_testrand256(tweak); |     secp256k1_testrand256(tweak); | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, NULL, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, NULL, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     /* NULL internal_xonly_pk zeroes the output_pk */ |     /* NULL internal_xonly_pk zeroes the output_pk */ | ||||||
|     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, NULL) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     /* NULL tweak zeroes the output_pk */ |     /* NULL tweak zeroes the output_pk */ | ||||||
|     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Invalid tweak zeroes the output_pk */ |     /* Invalid tweak zeroes the output_pk */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk))  == 0); |     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk))  == 0); | ||||||
| 
 | 
 | ||||||
|     /* A zero tweak is fine */ |     /* A zero tweak is fine */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, zeros64) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, zeros64) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Fails if the resulting key was infinity */ |     /* Fails if the resulting key was infinity */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         secp256k1_scalar scalar_tweak; |         secp256k1_scalar scalar_tweak; | ||||||
|         /* Because sk may be negated before adding, we need to try with tweak =
 |         /* Because sk may be negated before adding, we need to try with tweak =
 | ||||||
|          * sk as well as tweak = -sk. */ |          * sk as well as tweak = -sk. */ | ||||||
|         secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); |         secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); | ||||||
|         secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); |         secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); | ||||||
|         secp256k1_scalar_get_b32(tweak, &scalar_tweak); |         secp256k1_scalar_get_b32(tweak, &scalar_tweak); | ||||||
|         CHECK((secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, sk) == 0) |         CHECK((secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, sk) == 0) | ||||||
|               || (secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 0)); |               || (secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0)); | ||||||
|         CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); |         CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
| @ -226,7 +226,7 @@ void test_xonly_pubkey_tweak(void) { | |||||||
|     memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk)); |     memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk)); | ||||||
|     secp256k1_testrand256(tweak); |     secp256k1_testrand256(tweak); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk))  == 0); |     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk))  == 0); | ||||||
| } | } | ||||||
| @ -246,49 +246,49 @@ void test_xonly_pubkey_tweak_check(void) { | |||||||
| 
 | 
 | ||||||
|     int ecount; |     int ecount; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     memset(overflows, 0xff, sizeof(overflows)); |     memset(overflows, 0xff, sizeof(overflows)); | ||||||
|     secp256k1_testrand256(tweak); |     secp256k1_testrand256(tweak); | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &output_xonly_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &output_xonly_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     /* invalid pk_parity value */ |     /* invalid pk_parity value */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, 2, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, 2, &internal_xonly_pk, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, NULL, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     memset(tweak, 1, sizeof(tweak)); |     memset(tweak, 1, sizeof(tweak)); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &internal_xonly_pk, NULL, &internal_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, NULL, &internal_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &output_xonly_pk, &pk_parity, &output_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk32, &output_xonly_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk32, &output_xonly_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Wrong pk_parity */ |     /* Wrong pk_parity */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); | ||||||
|     /* Wrong public key */ |     /* Wrong public key */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf32, &internal_xonly_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &internal_xonly_pk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Overflowing tweak not allowed */ |     /* Overflowing tweak not allowed */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk, &internal_xonly_pk, overflows) == 0); |     CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); |     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| } | } | ||||||
| @ -305,23 +305,23 @@ void test_xonly_pubkey_tweak_recursive(void) { | |||||||
|     int i; |     int i; | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk[0], sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk[0], sk) == 1); | ||||||
|     /* Add tweaks */ |     /* Add tweaks */ | ||||||
|     for (i = 0; i < N_PUBKEYS - 1; i++) { |     for (i = 0; i < N_PUBKEYS - 1; i++) { | ||||||
|         secp256k1_xonly_pubkey xonly_pk; |         secp256k1_xonly_pubkey xonly_pk; | ||||||
|         memset(tweak[i], i + 1, sizeof(tweak[i])); |         memset(tweak[i], i + 1, sizeof(tweak[i])); | ||||||
|         CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i]) == 1); |         CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i]) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &pk[i + 1], &xonly_pk, tweak[i]) == 1); |         CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &pk[i + 1], &xonly_pk, tweak[i]) == 1); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Verify tweaks */ |     /* Verify tweaks */ | ||||||
|     for (i = N_PUBKEYS - 1; i > 0; i--) { |     for (i = N_PUBKEYS - 1; i > 0; i--) { | ||||||
|         secp256k1_xonly_pubkey xonly_pk; |         secp256k1_xonly_pubkey xonly_pk; | ||||||
|         int pk_parity; |         int pk_parity; | ||||||
|         CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk[i]) == 1); |         CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk[i]) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk_serialized, &xonly_pk) == 1); |         CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk_serialized, &xonly_pk) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, NULL, &pk[i - 1]) == 1); |         CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i - 1]) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); |         CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| #undef N_PUBKEYS | #undef N_PUBKEYS | ||||||
| @ -336,10 +336,9 @@ void test_keypair(void) { | |||||||
|     secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp; |     secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp; | ||||||
|     int pk_parity, pk_parity_tmp; |     int pk_parity, pk_parity_tmp; | ||||||
|     int ecount; |     int ecount; | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
|     set_counting_callbacks(sttc, &ecount); |     set_counting_callbacks(STATIC_CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     CHECK(sizeof(zeros96) == sizeof(keypair)); |     CHECK(sizeof(zeros96) == sizeof(keypair)); | ||||||
|     memset(overflows, 0xFF, sizeof(overflows)); |     memset(overflows, 0xFF, sizeof(overflows)); | ||||||
| @ -347,100 +346,102 @@ void test_keypair(void) { | |||||||
|     /* Test keypair_create */ |     /* Test keypair_create */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, NULL, sk) == 0); |     CHECK(secp256k1_keypair_create(CTX, NULL, sk) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, NULL) == 0); |     CHECK(secp256k1_keypair_create(CTX, &keypair, NULL) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_keypair_create(sttc, &keypair, sk) == 0); |     CHECK(secp256k1_keypair_create(STATIC_CTX, &keypair, sk) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     /* Invalid secret key */ |     /* Invalid secret key */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, zeros96) == 0); |     CHECK(secp256k1_keypair_create(CTX, &keypair, zeros96) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, overflows) == 0); |     CHECK(secp256k1_keypair_create(CTX, &keypair, overflows) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Test keypair_pub */ |     /* Test keypair_pub */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair) == 1); |     CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, NULL, &keypair) == 0); |     CHECK(secp256k1_keypair_pub(CTX, NULL, &keypair) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, &pk, NULL) == 0); |     CHECK(secp256k1_keypair_pub(CTX, &pk, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Using an invalid keypair is fine for keypair_pub */ |     /* Using an invalid keypair is fine for keypair_pub */ | ||||||
|     memset(&keypair, 0, sizeof(keypair)); |     memset(&keypair, 0, sizeof(keypair)); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair) == 1); |     CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* keypair holds the same pubkey as pubkey_create */ |     /* keypair holds the same pubkey as pubkey_create */ | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, &pk_tmp, &keypair) == 1); |     CHECK(secp256k1_keypair_pub(CTX, &pk_tmp, &keypair) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); | ||||||
| 
 | 
 | ||||||
|     /** Test keypair_xonly_pub **/ |     /** Test keypair_xonly_pub **/ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, NULL, &pk_parity, &keypair) == 0); |     CHECK(secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, NULL, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, NULL, &keypair) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, NULL) == 0); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); | ||||||
|     /* Using an invalid keypair will set the xonly_pk to 0 (first reset
 |     /* Using an invalid keypair will set the xonly_pk to 0 (first reset
 | ||||||
|      * xonly_pk). */ |      * xonly_pk). */ | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); | ||||||
|     memset(&keypair, 0, sizeof(keypair)); |     memset(&keypair, 0, sizeof(keypair)); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk, &pk_parity, &keypair) == 0); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     /** keypair holds the same xonly pubkey as pubkey_create **/ |     /** keypair holds the same xonly pubkey as pubkey_create **/ | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pk, sk) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pk, &pk_parity, &pk) == 1); |     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); | ||||||
|     CHECK(pk_parity == pk_parity_tmp); |     CHECK(pk_parity == pk_parity_tmp); | ||||||
| 
 | 
 | ||||||
|     /* Test keypair_seckey */ |     /* Test keypair_seckey */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); |     CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); | ||||||
|     CHECK(secp256k1_keypair_sec(ctx, NULL, &keypair) == 0); |     CHECK(secp256k1_keypair_sec(CTX, NULL, &keypair) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_keypair_sec(ctx, sk_tmp, NULL) == 0); |     CHECK(secp256k1_keypair_sec(CTX, sk_tmp, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* keypair returns the same seckey it got */ |     /* keypair returns the same seckey it got */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); |     CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0); |     CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0); | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|     /* Using an invalid keypair is fine for keypair_seckey */ |     /* Using an invalid keypair is fine for keypair_seckey */ | ||||||
|     memset(&keypair, 0, sizeof(keypair)); |     memset(&keypair, 0, sizeof(keypair)); | ||||||
|     CHECK(secp256k1_keypair_sec(ctx, sk_tmp, &keypair) == 1); |     CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); |     CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); | ||||||
|     secp256k1_context_destroy(sttc); | 
 | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_keypair_add(void) { | void test_keypair_add(void) { | ||||||
| @ -452,49 +453,49 @@ void test_keypair_add(void) { | |||||||
|     int i; |     int i; | ||||||
|     int ecount = 0; |     int ecount = 0; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     CHECK(sizeof(zeros96) == sizeof(keypair)); |     CHECK(sizeof(zeros96) == sizeof(keypair)); | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     secp256k1_testrand256(tweak); |     secp256k1_testrand256(tweak); | ||||||
|     memset(overflows, 0xFF, 32); |     memset(overflows, 0xFF, 32); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, NULL, tweak) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, NULL, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, NULL) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     /* This does not set the keypair to zeroes */ |     /* This does not set the keypair to zeroes */ | ||||||
|     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); |     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); | ||||||
| 
 | 
 | ||||||
|     /* Invalid tweak zeroes the keypair */ |     /* Invalid tweak zeroes the keypair */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, overflows) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, overflows) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair))  == 0); |     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair))  == 0); | ||||||
| 
 | 
 | ||||||
|     /* A zero tweak is fine */ |     /* A zero tweak is fine */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, zeros96) == 1); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, zeros96) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Fails if the resulting keypair was (sk=0, pk=infinity) */ |     /* Fails if the resulting keypair was (sk=0, pk=infinity) */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         secp256k1_scalar scalar_tweak; |         secp256k1_scalar scalar_tweak; | ||||||
|         secp256k1_keypair keypair_tmp; |         secp256k1_keypair keypair_tmp; | ||||||
|         secp256k1_testrand256(sk); |         secp256k1_testrand256(sk); | ||||||
|         CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |         CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|         memcpy(&keypair_tmp, &keypair, sizeof(keypair)); |         memcpy(&keypair_tmp, &keypair, sizeof(keypair)); | ||||||
|         /* Because sk may be negated before adding, we need to try with tweak =
 |         /* Because sk may be negated before adding, we need to try with tweak =
 | ||||||
|          * sk as well as tweak = -sk. */ |          * sk as well as tweak = -sk. */ | ||||||
|         secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); |         secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); | ||||||
|         secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); |         secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); | ||||||
|         secp256k1_scalar_get_b32(tweak, &scalar_tweak); |         secp256k1_scalar_get_b32(tweak, &scalar_tweak); | ||||||
|         CHECK((secp256k1_keypair_xonly_tweak_add(ctx, &keypair, sk) == 0) |         CHECK((secp256k1_keypair_xonly_tweak_add(CTX, &keypair, sk) == 0) | ||||||
|               || (secp256k1_keypair_xonly_tweak_add(ctx, &keypair_tmp, tweak) == 0)); |               || (secp256k1_keypair_xonly_tweak_add(CTX, &keypair_tmp, tweak) == 0)); | ||||||
|         CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 |         CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 | ||||||
|               || secp256k1_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); |               || secp256k1_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); | ||||||
|     } |     } | ||||||
| @ -503,23 +504,23 @@ void test_keypair_add(void) { | |||||||
|     memset(&keypair, 0, sizeof(keypair)); |     memset(&keypair, 0, sizeof(keypair)); | ||||||
|     secp256k1_testrand256(tweak); |     secp256k1_testrand256(tweak); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair))  == 0); |     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair))  == 0); | ||||||
|     /* Only seckey part of keypair invalid */ |     /* Only seckey part of keypair invalid */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     memset(&keypair, 0, 32); |     memset(&keypair, 0, 32); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     /* Only pubkey part of keypair invalid */ |     /* Only pubkey part of keypair invalid */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     memset(&keypair.data[32], 0, 64); |     memset(&keypair.data[32], 0, 64); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 0); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     /* Check that the keypair_tweak_add implementation is correct */ |     /* Check that the keypair_tweak_add implementation is correct */ | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         secp256k1_xonly_pubkey internal_pk; |         secp256k1_xonly_pubkey internal_pk; | ||||||
|         secp256k1_xonly_pubkey output_pk; |         secp256k1_xonly_pubkey output_pk; | ||||||
|         secp256k1_pubkey output_pk_xy; |         secp256k1_pubkey output_pk_xy; | ||||||
| @ -529,22 +530,22 @@ void test_keypair_add(void) { | |||||||
|         int pk_parity; |         int pk_parity; | ||||||
| 
 | 
 | ||||||
|         secp256k1_testrand256(tweak); |         secp256k1_testrand256(tweak); | ||||||
|         CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); |         CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); | ||||||
|         CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); |         CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); | ||||||
|         CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); |         CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); | ||||||
| 
 | 
 | ||||||
|         /* Check that it passes xonly_pubkey_tweak_add_check */ |         /* Check that it passes xonly_pubkey_tweak_add_check */ | ||||||
|         CHECK(secp256k1_xonly_pubkey_serialize(ctx, pk32, &output_pk) == 1); |         CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk32, &output_pk) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, pk32, pk_parity, &internal_pk, tweak) == 1); |         CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk32, pk_parity, &internal_pk, tweak) == 1); | ||||||
| 
 | 
 | ||||||
|         /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */ |         /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */ | ||||||
|         CHECK(secp256k1_keypair_pub(ctx, &output_pk_xy, &keypair) == 1); |         CHECK(secp256k1_keypair_pub(CTX, &output_pk_xy, &keypair) == 1); | ||||||
|         CHECK(secp256k1_xonly_pubkey_tweak_add(ctx, &output_pk_expected, &internal_pk, tweak) == 1); |         CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk_expected, &internal_pk, tweak) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); |         CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); | ||||||
| 
 | 
 | ||||||
|         /* Check that the secret key in the keypair is tweaked correctly */ |         /* Check that the secret key in the keypair is tweaked correctly */ | ||||||
|         CHECK(secp256k1_keypair_sec(ctx, sk32, &keypair) == 1); |         CHECK(secp256k1_keypair_sec(CTX, sk32, &keypair) == 1); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &output_pk_expected, sk32) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &output_pk_expected, sk32) == 1); | ||||||
|         CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); |         CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| @ -577,7 +578,7 @@ void test_hsort(void) { | |||||||
| 
 | 
 | ||||||
|     /* Test hsort with length n array and random elements in
 |     /* Test hsort with length n array and random elements in
 | ||||||
|      * [-interval/2, interval/2] */ |      * [-interval/2, interval/2] */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         int n = secp256k1_testrand_int(NUM); |         int n = secp256k1_testrand_int(NUM); | ||||||
|         int interval = secp256k1_testrand_int(64); |         int interval = secp256k1_testrand_int(64); | ||||||
|         for (j = 0; j < n; j++) { |         for (j = 0; j < n; j++) { | ||||||
| @ -604,26 +605,26 @@ void test_pubkey_comparison(void) { | |||||||
|     secp256k1_pubkey pk2; |     secp256k1_pubkey pk2; | ||||||
|     int ecount = 0; |     int ecount = 0; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ec_pubkey_parse(ctx, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); |     CHECK(secp256k1_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_parse(ctx, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); |     CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, NULL, &pk2) < 0); |     CHECK(secp256k1_pubkey_cmp(CTX, NULL, &pk2) < 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk1, NULL) > 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk1, NULL) > 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk2) < 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk2) < 0); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk1) > 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk1) > 0); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk1) == 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk1) == 0); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk2) == 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk2) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ |     memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk2) < 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk2) < 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk1, &pk1) == 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk1, &pk1) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_pubkey_cmp(ctx, &pk2, &pk1) > 0); |     CHECK(secp256k1_pubkey_cmp(CTX, &pk2, &pk1) > 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
| @ -635,7 +636,7 @@ void test_sort_helper(secp256k1_pubkey *pk, size_t *pk_order, size_t n_pk) { | |||||||
|     for (i = 0; i < n_pk; i++) { |     for (i = 0; i < n_pk; i++) { | ||||||
|         pk_test[i] = &pk[pk_order[i]]; |         pk_test[i] = &pk[pk_order[i]]; | ||||||
|     } |     } | ||||||
|     secp256k1_pubkey_sort(ctx, pk_test, n_pk); |     secp256k1_pubkey_sort(CTX, pk_test, n_pk); | ||||||
|     for (i = 0; i < n_pk; i++) { |     for (i = 0; i < n_pk; i++) { | ||||||
|         CHECK(secp256k1_memcmp_var(pk_test[i], &pk[i], sizeof(*pk_test[i])) == 0); |         CHECK(secp256k1_memcmp_var(pk_test[i], &pk[i], sizeof(*pk_test[i])) == 0); | ||||||
|     } |     } | ||||||
| @ -656,8 +657,8 @@ void rand_pk(secp256k1_pubkey *pk) { | |||||||
|     unsigned char seckey[32]; |     unsigned char seckey[32]; | ||||||
|     secp256k1_keypair keypair; |     secp256k1_keypair keypair; | ||||||
|     secp256k1_testrand256(seckey); |     secp256k1_testrand256(seckey); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, seckey) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, seckey) == 1); | ||||||
|     CHECK(secp256k1_keypair_pub(ctx, pk, &keypair) == 1); |     CHECK(secp256k1_keypair_pub(CTX, pk, &keypair) == 1); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_sort_api(void) { | void test_sort_api(void) { | ||||||
| @ -665,7 +666,7 @@ void test_sort_api(void) { | |||||||
|     secp256k1_pubkey pks[2]; |     secp256k1_pubkey pks[2]; | ||||||
|     const secp256k1_pubkey *pks_ptr[2]; |     const secp256k1_pubkey *pks_ptr[2]; | ||||||
| 
 | 
 | ||||||
|     set_counting_callbacks(ctx, &ecount); |     set_counting_callbacks(CTX, &ecount); | ||||||
| 
 | 
 | ||||||
|     pks_ptr[0] = &pks[0]; |     pks_ptr[0] = &pks[0]; | ||||||
|     pks_ptr[1] = &pks[1]; |     pks_ptr[1] = &pks[1]; | ||||||
| @ -673,16 +674,16 @@ void test_sort_api(void) { | |||||||
|     rand_pk(&pks[0]); |     rand_pk(&pks[0]); | ||||||
|     rand_pk(&pks[1]); |     rand_pk(&pks[1]); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); |     CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, NULL, 2) == 0); |     CHECK(secp256k1_pubkey_sort(CTX, NULL, 2) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 0) == 1); |     CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 0) == 1); | ||||||
|     /* Test illegal public keys */ |     /* Test illegal public keys */ | ||||||
|     memset(&pks[0], 0, sizeof(pks[0])); |     memset(&pks[0], 0, sizeof(pks[0])); | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); |     CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     memset(&pks[1], 0, sizeof(pks[1])); |     memset(&pks[1], 0, sizeof(pks[1])); | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, 2) == 1); |     CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, 2) == 1); | ||||||
|     CHECK(ecount > 2); |     CHECK(ecount > 2); | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
| @ -700,7 +701,7 @@ void test_sort(void) { | |||||||
|     size_t pk_order[5] = { 0, 1, 2, 3, 4 }; |     size_t pk_order[5] = { 0, 1, 2, 3, 4 }; | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < 5; i++) { |     for (i = 0; i < 5; i++) { | ||||||
|         CHECK(secp256k1_ec_pubkey_parse(ctx, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); |         CHECK(secp256k1_ec_pubkey_parse(CTX, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     permute(pk_order, 1); |     permute(pk_order, 1); | ||||||
| @ -709,25 +710,25 @@ void test_sort(void) { | |||||||
|     test_sort_helper(pk, pk_order, 2); |     test_sort_helper(pk, pk_order, 2); | ||||||
|     permute(pk_order, 3); |     permute(pk_order, 3); | ||||||
|     test_sort_helper(pk, pk_order, 3); |     test_sort_helper(pk, pk_order, 3); | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         permute(pk_order, 4); |         permute(pk_order, 4); | ||||||
|         test_sort_helper(pk, pk_order, 4); |         test_sort_helper(pk, pk_order, 4); | ||||||
|     } |     } | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         permute(pk_order, 5); |         permute(pk_order, 5); | ||||||
|         test_sort_helper(pk, pk_order, 5); |         test_sort_helper(pk, pk_order, 5); | ||||||
|     } |     } | ||||||
|     /* Check that sorting also works for random pubkeys */ |     /* Check that sorting also works for random pubkeys */ | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         int j; |         int j; | ||||||
|         const secp256k1_pubkey *pk_ptr[5]; |         const secp256k1_pubkey *pk_ptr[5]; | ||||||
|         for (j = 0; j < 5; j++) { |         for (j = 0; j < 5; j++) { | ||||||
|             rand_pk(&pk[j]); |             rand_pk(&pk[j]); | ||||||
|             pk_ptr[j] = &pk[j]; |             pk_ptr[j] = &pk[j]; | ||||||
|         } |         } | ||||||
|         secp256k1_pubkey_sort(ctx, pk_ptr, 5); |         secp256k1_pubkey_sort(CTX, pk_ptr, 5); | ||||||
|         for (j = 1; j < 5; j++) { |         for (j = 1; j < 5; j++) { | ||||||
|             CHECK(secp256k1_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], ctx) <= 0); |             CHECK(secp256k1_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], CTX) <= 0); | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
| } | } | ||||||
| @ -768,10 +769,10 @@ void test_sort_vectors(void) { | |||||||
|     sorted[5] = &pubkeys[2]; |     sorted[5] = &pubkeys[2]; | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < N_PUBKEYS; i++) { |     for (i = 0; i < N_PUBKEYS; i++) { | ||||||
|         CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); |         CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); | ||||||
|         pks_ptr[i] = &pubkeys[i]; |         pks_ptr[i] = &pubkeys[i]; | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_pubkey_sort(ctx, pks_ptr, N_PUBKEYS) == 1); |     CHECK(secp256k1_pubkey_sort(CTX, pks_ptr, N_PUBKEYS) == 1); | ||||||
|     for (i = 0; i < N_PUBKEYS; i++) { |     for (i = 0; i < N_PUBKEYS; i++) { | ||||||
|         CHECK(secp256k1_memcmp_var(pks_ptr[i], sorted[i], sizeof(secp256k1_pubkey)) == 0); |         CHECK(secp256k1_memcmp_var(pks_ptr[i], sorted[i], sizeof(secp256k1_pubkey)) == 0); | ||||||
|     } |     } | ||||||
|  | |||||||
| @ -21,51 +21,53 @@ void test_generator_api(void) { | |||||||
|     unsigned char key[32]; |     unsigned char key[32]; | ||||||
|     unsigned char blind[32]; |     unsigned char blind[32]; | ||||||
|     unsigned char sergen[33]; |     unsigned char sergen[33]; | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     secp256k1_generator gen; |     secp256k1_generator gen; | ||||||
|     int32_t ecount = 0; |     int32_t ecount = 0; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_testrand256(key); |     secp256k1_testrand256(key); | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_generate(ctx, &gen, key) == 1); |     CHECK(secp256k1_generator_generate(CTX, &gen, key) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_generator_generate(ctx, NULL, key) == 0); |     CHECK(secp256k1_generator_generate(CTX, NULL, key) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_generator_generate(ctx, &gen, NULL) == 0); |     CHECK(secp256k1_generator_generate(CTX, &gen, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &gen, key, blind) == 1); |     CHECK(secp256k1_generator_generate_blinded(CTX, &gen, key, blind) == 1); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(sttc, &gen, key, blind) == 0); |     CHECK(secp256k1_generator_generate_blinded(STATIC_CTX, &gen, key, blind) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, NULL, key, blind) == 0); |     CHECK(secp256k1_generator_generate_blinded(CTX, NULL, key, blind) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &gen, NULL, blind) == 0); |     CHECK(secp256k1_generator_generate_blinded(CTX, &gen, NULL, blind) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &gen, key, NULL) == 0); |     CHECK(secp256k1_generator_generate_blinded(CTX, &gen, key, NULL) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_serialize(ctx, sergen, &gen) == 1); |     CHECK(secp256k1_generator_serialize(CTX, sergen, &gen) == 1); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK(secp256k1_generator_serialize(ctx, NULL, &gen) == 0); |     CHECK(secp256k1_generator_serialize(CTX, NULL, &gen) == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
|     CHECK(secp256k1_generator_serialize(ctx, sergen, NULL) == 0); |     CHECK(secp256k1_generator_serialize(CTX, sergen, NULL) == 0); | ||||||
|     CHECK(ecount == 8); |     CHECK(ecount == 8); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_serialize(ctx, sergen, &gen) == 1); |     CHECK(secp256k1_generator_serialize(CTX, sergen, &gen) == 1); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &gen, sergen) == 1); |     CHECK(secp256k1_generator_parse(CTX, &gen, sergen) == 1); | ||||||
|     CHECK(ecount == 8); |     CHECK(ecount == 8); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, NULL, sergen) == 0); |     CHECK(secp256k1_generator_parse(CTX, NULL, sergen) == 0); | ||||||
|     CHECK(ecount == 9); |     CHECK(ecount == 9); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &gen, NULL) == 0); |     CHECK(secp256k1_generator_parse(CTX, &gen, NULL) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_shallue_van_de_woestijne(void) { | void test_shallue_van_de_woestijne(void) { | ||||||
| @ -171,11 +173,11 @@ void test_generator_generate(void) { | |||||||
|     for (i = 1; i <= 32; i++) { |     for (i = 1; i <= 32; i++) { | ||||||
|         memset(v, 0, 31); |         memset(v, 0, 31); | ||||||
|         v[31] = i; |         v[31] = i; | ||||||
|         CHECK(secp256k1_generator_generate_blinded(ctx, &gen, v, s)); |         CHECK(secp256k1_generator_generate_blinded(CTX, &gen, v, s)); | ||||||
|         secp256k1_generator_load(&ge, &gen); |         secp256k1_generator_load(&ge, &gen); | ||||||
|         secp256k1_ge_to_storage(&ges, &ge); |         secp256k1_ge_to_storage(&ges, &ge); | ||||||
|         CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); |         CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); | ||||||
|         CHECK(secp256k1_generator_generate(ctx, &gen, v)); |         CHECK(secp256k1_generator_generate(CTX, &gen, v)); | ||||||
|         secp256k1_generator_load(&ge, &gen); |         secp256k1_generator_load(&ge, &gen); | ||||||
|         secp256k1_ge_to_storage(&ges, &ge); |         secp256k1_ge_to_storage(&ges, &ge); | ||||||
|         CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); |         CHECK(secp256k1_memcmp_var(&ges, &results[i - 1], sizeof(secp256k1_ge_storage)) == 0); | ||||||
| @ -185,9 +187,9 @@ void test_generator_generate(void) { | |||||||
|      * valid scalar. Check that an invalid blinder causes the call to fail |      * valid scalar. Check that an invalid blinder causes the call to fail | ||||||
|      * but not crash. */ |      * but not crash. */ | ||||||
|     memset(v, 0xff, 32); |     memset(v, 0xff, 32); | ||||||
|     CHECK(secp256k1_generator_generate(ctx, &gen, v)); |     CHECK(secp256k1_generator_generate(CTX, &gen, v)); | ||||||
|     memset(s, 0xff, 32); |     memset(s, 0xff, 32); | ||||||
|     CHECK(!secp256k1_generator_generate_blinded(ctx, &gen, v, s)); |     CHECK(!secp256k1_generator_generate_blinded(CTX, &gen, v, s)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_generator_fixed_vector(void) { | void test_generator_fixed_vector(void) { | ||||||
| @ -199,18 +201,17 @@ void test_generator_fixed_vector(void) { | |||||||
|     unsigned char result[33]; |     unsigned char result[33]; | ||||||
|     secp256k1_generator parse; |     secp256k1_generator parse; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &parse, two_g)); |     CHECK(secp256k1_generator_parse(CTX, &parse, two_g)); | ||||||
|     CHECK(secp256k1_generator_serialize(ctx, result, &parse)); |     CHECK(secp256k1_generator_serialize(CTX, result, &parse)); | ||||||
|     CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); |     CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); | ||||||
| 
 | 
 | ||||||
|     result[0] = 0x0a; |     result[0] = 0x0a; | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &parse, result)); |     CHECK(secp256k1_generator_parse(CTX, &parse, result)); | ||||||
|     result[0] = 0x08; |     result[0] = 0x08; | ||||||
|     CHECK(!secp256k1_generator_parse(ctx, &parse, result)); |     CHECK(!secp256k1_generator_parse(CTX, &parse, result)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_pedersen_api(void) { | static void test_pedersen_api(void) { | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     secp256k1_pedersen_commitment commit; |     secp256k1_pedersen_commitment commit; | ||||||
|     const secp256k1_pedersen_commitment *commit_ptr = &commit; |     const secp256k1_pedersen_commitment *commit_ptr = &commit; | ||||||
|     unsigned char blind[32]; |     unsigned char blind[32]; | ||||||
| @ -220,60 +221,63 @@ static void test_pedersen_api(void) { | |||||||
|     uint64_t val = secp256k1_testrand32(); |     uint64_t val = secp256k1_testrand32(); | ||||||
|     int32_t ecount = 0; |     int32_t ecount = 0; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h) != 0); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h) != 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_pedersen_commit(sttc, &commit, blind, val, secp256k1_generator_h) == 0); |     CHECK(secp256k1_pedersen_commit(STATIC_CTX, &commit, blind, val, secp256k1_generator_h) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, NULL, blind, val, secp256k1_generator_h) == 0); |     CHECK(secp256k1_pedersen_commit(CTX, NULL, blind, val, secp256k1_generator_h) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, NULL, val, secp256k1_generator_h) == 0); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, NULL, val, secp256k1_generator_h) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, NULL) == 0); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 1, 1) != 0); |     CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 1, 1) != 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, NULL, &blind_ptr, 1, 1) == 0); |     CHECK(secp256k1_pedersen_blind_sum(CTX, NULL, &blind_ptr, 1, 1) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, NULL, 1, 1) == 0); |     CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, NULL, 1, 1) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 0, 1) == 0); |     CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 0, 1) == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, blind_out, &blind_ptr, 0, 0) != 0); |     CHECK(secp256k1_pedersen_blind_sum(CTX, blind_out, &blind_ptr, 0, 0) != 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h) != 0); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h) != 0); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, &commit_ptr, 1) != 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, &commit_ptr, 1) != 0); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 0, &commit_ptr, 1) == 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 0, &commit_ptr, 1) == 0); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, NULL, 0) == 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, NULL, 0) == 0); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 0, NULL, 0) != 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 0, NULL, 0) != 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, NULL, 1, &commit_ptr, 1) == 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, NULL, 1, &commit_ptr, 1) == 0); | ||||||
|     CHECK(ecount == 8); |     CHECK(ecount == 8); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr, 1, NULL, 1) == 0); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr, 1, NULL, 1) == 0); | ||||||
|     CHECK(ecount == 9); |     CHECK(ecount == 9); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 1, 0) != 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 1, 0) != 0); | ||||||
|     CHECK(ecount == 9); |     CHECK(ecount == 9); | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 1, 1) == 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 1, 1) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, &blind_out_ptr, 0, 0) == 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, &blind_out_ptr, 0, 0) == 0); | ||||||
|     CHECK(ecount == 11); |     CHECK(ecount == 11); | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, NULL, &blind_ptr, &blind_out_ptr, 1, 0) == 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, NULL, &blind_ptr, &blind_out_ptr, 1, 0) == 0); | ||||||
|     CHECK(ecount == 12); |     CHECK(ecount == 12); | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, NULL, &blind_out_ptr, 1, 0) == 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, NULL, &blind_out_ptr, 1, 0) == 0); | ||||||
|     CHECK(ecount == 13); |     CHECK(ecount == 13); | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, &val, &blind_ptr, NULL, 1, 0) == 0); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, &val, &blind_ptr, NULL, 1, 0) == 0); | ||||||
|     CHECK(ecount == 14); |     CHECK(ecount == 14); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_pedersen(void) { | static void test_pedersen(void) { | ||||||
| @ -310,14 +314,14 @@ static void test_pedersen(void) { | |||||||
|         random_scalar_order(&s); |         random_scalar_order(&s); | ||||||
|         secp256k1_scalar_get_b32(&blinds[i * 32], &s); |         secp256k1_scalar_get_b32(&blinds[i * 32], &s); | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_pedersen_blind_sum(ctx, &blinds[(total - 1) * 32], bptr, total - 1, inputs)); |     CHECK(secp256k1_pedersen_blind_sum(CTX, &blinds[(total - 1) * 32], bptr, total - 1, inputs)); | ||||||
|     for (i = 0; i < total; i++) { |     for (i = 0; i < total; i++) { | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, cptr, inputs, &cptr[inputs], outputs)); |     CHECK(secp256k1_pedersen_verify_tally(CTX, cptr, inputs, &cptr[inputs], outputs)); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[inputs], outputs, cptr, inputs)); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[inputs], outputs, cptr, inputs)); | ||||||
|     if (inputs > 0 && values[0] > 0) { |     if (inputs > 0 && values[0] > 0) { | ||||||
|         CHECK(!secp256k1_pedersen_verify_tally(ctx, cptr, inputs - 1, &cptr[inputs], outputs)); |         CHECK(!secp256k1_pedersen_verify_tally(CTX, cptr, inputs - 1, &cptr[inputs], outputs)); | ||||||
|     } |     } | ||||||
|     random_scalar_order(&s); |     random_scalar_order(&s); | ||||||
|     for (i = 0; i < 4; i++) { |     for (i = 0; i < 4; i++) { | ||||||
| @ -327,10 +331,10 @@ static void test_pedersen(void) { | |||||||
|     values[1] = 0; |     values[1] = 0; | ||||||
|     values[2] = 1; |     values[2] = 1; | ||||||
|     for (i = 0; i < 3; i++) { |     for (i = 0; i < 3; i++) { | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h)); | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[0], 1, &cptr[0], 1)); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[0], 1, &cptr[0], 1)); | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[1], 1)); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &cptr[1], 1, &cptr[1], 1)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_pedersen_commitment_fixed_vector(void) { | void test_pedersen_commitment_fixed_vector(void) { | ||||||
| @ -342,14 +346,14 @@ void test_pedersen_commitment_fixed_vector(void) { | |||||||
|     unsigned char result[33]; |     unsigned char result[33]; | ||||||
|     secp256k1_pedersen_commitment parse; |     secp256k1_pedersen_commitment parse; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, two_g)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &parse, two_g)); | ||||||
|     CHECK(secp256k1_pedersen_commitment_serialize(ctx, result, &parse)); |     CHECK(secp256k1_pedersen_commitment_serialize(CTX, result, &parse)); | ||||||
|     CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); |     CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0); | ||||||
| 
 | 
 | ||||||
|     result[0] = 0x08; |     result[0] = 0x08; | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, result)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &parse, result)); | ||||||
|     result[0] = 0x0c; |     result[0] = 0x0c; | ||||||
|     CHECK(!secp256k1_pedersen_commitment_parse(ctx, &parse, result)); |     CHECK(!secp256k1_pedersen_commitment_parse(CTX, &parse, result)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -362,7 +366,7 @@ void run_generator_tests(void) { | |||||||
|     test_generator_generate(); |     test_generator_generate(); | ||||||
|     test_pedersen_api(); |     test_pedersen_api(); | ||||||
|     test_pedersen_commitment_fixed_vector(); |     test_pedersen_commitment_fixed_vector(); | ||||||
|     for (i = 0; i < count / 2 + 1; i++) { |     for (i = 0; i < COUNT / 2 + 1; i++) { | ||||||
|         test_pedersen(); |         test_pedersen(); | ||||||
|     } |     } | ||||||
| } | } | ||||||
|  | |||||||
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -16,7 +16,7 @@ | |||||||
| 
 | 
 | ||||||
| #include "../../../include/secp256k1_rangeproof.h" | #include "../../../include/secp256k1_rangeproof.h" | ||||||
| 
 | 
 | ||||||
| static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ecount) { | static void test_rangeproof_api(const int32_t *ecount) { | ||||||
|     unsigned char proof[5134]; |     unsigned char proof[5134]; | ||||||
|     unsigned char blind[32]; |     unsigned char blind[32]; | ||||||
|     secp256k1_pedersen_commitment commit; |     secp256k1_pedersen_commitment commit; | ||||||
| @ -30,83 +30,83 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec | |||||||
|     size_t ext_commit_len = sizeof(ext_commit); |     size_t ext_commit_len = sizeof(ext_commit); | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h)); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h)); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); | ||||||
|     CHECK(*ecount == 0); |     CHECK(*ecount == 0); | ||||||
|     CHECK(secp256k1_rangeproof_sign(sttc, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(STATIC_CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 1); |     CHECK(*ecount == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, NULL, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, NULL, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 2); |     CHECK(*ecount == 2); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, NULL, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, NULL, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 3); |     CHECK(*ecount == 3); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, NULL, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, NULL, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 4); |     CHECK(*ecount == 4); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, NULL, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, NULL, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 5); |     CHECK(*ecount == 5); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, NULL, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, NULL, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 6); |     CHECK(*ecount == 6); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, vmin - 1, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, vmin - 1, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 6); |     CHECK(*ecount == 6); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 7); |     CHECK(*ecount == 7); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); | ||||||
|     CHECK(*ecount == 7); |     CHECK(*ecount == 7); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, ext_commit_len, secp256k1_generator_h) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|     CHECK(*ecount == 8); |     CHECK(*ecount == 8); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, secp256k1_generator_h) != 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, secp256k1_generator_h) != 0); | ||||||
|     CHECK(*ecount == 8); |     CHECK(*ecount == 8); | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, NULL) == 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, NULL, 0, NULL, 0, NULL) == 0); | ||||||
|     CHECK(*ecount == 9); |     CHECK(*ecount == 9); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, val, message, mlen, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); | ||||||
|     { |     { | ||||||
|         int exp; |         int exp; | ||||||
|         int mantissa; |         int mantissa; | ||||||
|         uint64_t min_value; |         uint64_t min_value; | ||||||
|         uint64_t max_value; |         uint64_t max_value; | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, proof, len) != 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, proof, len) != 0); | ||||||
|         CHECK(exp == 0); |         CHECK(exp == 0); | ||||||
|         CHECK(((uint64_t) 1 << mantissa) > val - vmin); |         CHECK(((uint64_t) 1 << mantissa) > val - vmin); | ||||||
|         CHECK(((uint64_t) 1 << (mantissa - 1)) <= val - vmin); |         CHECK(((uint64_t) 1 << (mantissa - 1)) <= val - vmin); | ||||||
|         CHECK(min_value == vmin); |         CHECK(min_value == vmin); | ||||||
|         CHECK(max_value >= val); |         CHECK(max_value >= val); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, NULL, &mantissa, &min_value, &max_value, proof, len) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, NULL, &mantissa, &min_value, &max_value, proof, len) == 0); | ||||||
|         CHECK(*ecount == 10); |         CHECK(*ecount == 10); | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, NULL, &min_value, &max_value, proof, len) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, NULL, &min_value, &max_value, proof, len) == 0); | ||||||
|         CHECK(*ecount == 11); |         CHECK(*ecount == 11); | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, NULL, &max_value, proof, len) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, NULL, &max_value, proof, len) == 0); | ||||||
|         CHECK(*ecount == 12); |         CHECK(*ecount == 12); | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, NULL, proof, len) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, NULL, proof, len) == 0); | ||||||
|         CHECK(*ecount == 13); |         CHECK(*ecount == 13); | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, NULL, len) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, NULL, len) == 0); | ||||||
|         CHECK(*ecount == 14); |         CHECK(*ecount == 14); | ||||||
|         CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, proof, 0) == 0); |         CHECK(secp256k1_rangeproof_info(CTX, &exp, &mantissa, &min_value, &max_value, proof, 0) == 0); | ||||||
|         CHECK(*ecount == 14); |         CHECK(*ecount == 14); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
|         uint64_t min_value; |         uint64_t min_value; | ||||||
|         uint64_t max_value; |         uint64_t max_value; | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); | ||||||
|         CHECK(*ecount == 14); |         CHECK(*ecount == 14); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 15); |         CHECK(*ecount == 15); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 16); |         CHECK(*ecount == 16); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 17); |         CHECK(*ecount == 17); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 18); |         CHECK(*ecount == 18); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 18); |         CHECK(*ecount == 18); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 19); |         CHECK(*ecount == 19); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 19); |         CHECK(*ecount == 19); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); |         CHECK(secp256k1_rangeproof_verify(CTX, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); | ||||||
|         CHECK(*ecount == 20); |         CHECK(*ecount == 20); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
| @ -117,9 +117,9 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec | |||||||
|         uint64_t max_value; |         uint64_t max_value; | ||||||
|         size_t message_len = sizeof(message_out); |         size_t message_len = sizeof(message_out); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 1); | ||||||
|         CHECK(*ecount == 20); |         CHECK(*ecount == 20); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(sttc, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(STATIC_CTX, blind_out, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 21); |         CHECK(*ecount == 21); | ||||||
| 
 | 
 | ||||||
|         CHECK(min_value == vmin); |         CHECK(min_value == vmin); | ||||||
| @ -128,56 +128,58 @@ static void test_rangeproof_api(const secp256k1_context *sttc, const int32_t *ec | |||||||
|         CHECK(message_len == sizeof(message_out)); |         CHECK(message_len == sizeof(message_out)); | ||||||
|         CHECK(secp256k1_memcmp_var(message, message_out, sizeof(message_out)) == 0); |         CHECK(secp256k1_memcmp_var(message, message_out, sizeof(message_out)) == 0); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, NULL, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, NULL, &value_out, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); | ||||||
|         CHECK(*ecount == 21);  /* blindout may be NULL */ |         CHECK(*ecount == 21);  /* blindout may be NULL */ | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, NULL, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, NULL, message_out, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); | ||||||
|         CHECK(*ecount == 21);  /* valueout may be NULL */ |         CHECK(*ecount == 21);  /* valueout may be NULL */ | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, &message_len, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 22); |         CHECK(*ecount == 22); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) != 0); | ||||||
|         CHECK(*ecount == 22); |         CHECK(*ecount == 22); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, NULL, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, NULL, &min_value, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 23); |         CHECK(*ecount == 23); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, NULL, &max_value, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 24); |         CHECK(*ecount == 24); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, NULL, &commit, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 25); |         CHECK(*ecount == 25); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, NULL, proof, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 26); |         CHECK(*ecount == 26); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, NULL, len, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 27); |         CHECK(*ecount == 27); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, 0, ext_commit, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 27); |         CHECK(*ecount == 27); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, ext_commit_len, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 28); |         CHECK(*ecount == 28); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, secp256k1_generator_h) == 0); | ||||||
|         CHECK(*ecount == 28); |         CHECK(*ecount == 28); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, NULL, 0, commit.data, &min_value, &max_value, &commit, proof, len, NULL, 0, NULL) == 0); | ||||||
|         CHECK(*ecount == 29); |         CHECK(*ecount == 29); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* This constant is hardcoded in these tests and elsewhere, so we
 |     /* This constant is hardcoded in these tests and elsewhere, so we
 | ||||||
|      * consider it to be part of the API and test it here. */ |      * consider it to be part of the API and test it here. */ | ||||||
|     CHECK(secp256k1_rangeproof_max_size(ctx, 0, 64) == 5134); |     CHECK(secp256k1_rangeproof_max_size(CTX, 0, 64) == 5134); | ||||||
|     CHECK(secp256k1_rangeproof_max_size(ctx, UINT64_MAX, 0) == 5134); |     CHECK(secp256k1_rangeproof_max_size(CTX, UINT64_MAX, 0) == 5134); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_api(void) { | static void test_api(void) { | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     int32_t ecount; |     int32_t ecount; | ||||||
|     int i; |     int i; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         ecount = 0; |         ecount = 0; | ||||||
|         test_rangeproof_api(sttc, &ecount); |         test_rangeproof_api(&ecount); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_borromean(void) { | static void test_borromean(void) { | ||||||
| @ -219,7 +221,7 @@ static void test_borromean(void) { | |||||||
|                 s[i] = one; |                 s[i] = one; | ||||||
|             } |             } | ||||||
|             if (j == secidx[i]) { |             if (j == secidx[i]) { | ||||||
|                 secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubs[c + j], &sec[i]); |                 secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubs[c + j], &sec[i]); | ||||||
|             } else { |             } else { | ||||||
|                 random_group_element_test(&ge); |                 random_group_element_test(&ge); | ||||||
|                 random_group_element_jacobian_test(&pubs[c + j],&ge); |                 random_group_element_jacobian_test(&pubs[c + j],&ge); | ||||||
| @ -227,7 +229,7 @@ static void test_borromean(void) { | |||||||
|         } |         } | ||||||
|         c += rsizes[i]; |         c += rsizes[i]; | ||||||
|     } |     } | ||||||
|     CHECK(secp256k1_borromean_sign(&ctx->ecmult_gen_ctx, e0, s, pubs, k, sec, rsizes, secidx, nrings, m, 32)); |     CHECK(secp256k1_borromean_sign(&CTX->ecmult_gen_ctx, e0, s, pubs, k, sec, rsizes, secidx, nrings, m, 32)); | ||||||
|     CHECK(secp256k1_borromean_verify(NULL, e0, s, pubs, rsizes, nrings, m, 32)); |     CHECK(secp256k1_borromean_verify(NULL, e0, s, pubs, rsizes, nrings, m, 32)); | ||||||
|     i = secp256k1_testrand32() % c; |     i = secp256k1_testrand32() % c; | ||||||
|     secp256k1_scalar_negate(&s[i],&s[i]); |     secp256k1_scalar_negate(&s[i],&s[i]); | ||||||
| @ -275,7 +277,7 @@ static void test_rangeproof(void) { | |||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     for (i = 0; i < 11; i++) { |     for (i = 0; i < 11; i++) { | ||||||
|         v = testvs[i]; |         v = testvs[i]; | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); | ||||||
|         for (vmin = 0; vmin < (i<9 && i > 0 ? 2 : 1); vmin++) { |         for (vmin = 0; vmin < (i<9 && i > 0 ? 2 : 1); vmin++) { | ||||||
|             const unsigned char *input_message = NULL; |             const unsigned char *input_message = NULL; | ||||||
|             size_t input_message_len = 0; |             size_t input_message_len = 0; | ||||||
| @ -291,11 +293,11 @@ static void test_rangeproof(void) { | |||||||
|                 input_message_len = sizeof(message_long); |                 input_message_len = sizeof(message_long); | ||||||
|             } |             } | ||||||
|             len = 5134; |             len = 5134; | ||||||
|             CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, 0, 0, v, input_message, input_message_len, NULL, 0, secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, 0, 0, v, input_message, input_message_len, NULL, 0, secp256k1_generator_h)); | ||||||
|             CHECK(len <= 5134); |             CHECK(len <= 5134); | ||||||
|             CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); |             CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); | ||||||
|             mlen = 4096; |             mlen = 4096; | ||||||
|             CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|             if (input_message != NULL) { |             if (input_message != NULL) { | ||||||
|                 CHECK(secp256k1_memcmp_var(message, input_message, input_message_len) == 0); |                 CHECK(secp256k1_memcmp_var(message, input_message, input_message_len) == 0); | ||||||
|             } |             } | ||||||
| @ -308,10 +310,10 @@ static void test_rangeproof(void) { | |||||||
|             CHECK(minv <= v); |             CHECK(minv <= v); | ||||||
|             CHECK(maxv >= v); |             CHECK(maxv >= v); | ||||||
|             len = 5134; |             len = 5134; | ||||||
|             CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|             CHECK(len <= 73); |             CHECK(len <= 73); | ||||||
|             CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); |             CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); | ||||||
|             CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|             CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); |             CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); | ||||||
|             CHECK(vout == v); |             CHECK(vout == v); | ||||||
|             CHECK(minv == v); |             CHECK(minv == v); | ||||||
| @ -319,12 +321,12 @@ static void test_rangeproof(void) { | |||||||
| 
 | 
 | ||||||
|             /* Check with a committed message */ |             /* Check with a committed message */ | ||||||
|             len = 5134; |             len = 5134; | ||||||
|             CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, message_short, sizeof(message_short), secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, -1, 64, v, NULL, 0, message_short, sizeof(message_short), secp256k1_generator_h)); | ||||||
|             CHECK(len <= 73); |             CHECK(len <= 73); | ||||||
|             CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); |             CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); | ||||||
|             CHECK(!secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |             CHECK(!secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|             CHECK(!secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_long, sizeof(message_long), secp256k1_generator_h)); |             CHECK(!secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_long, sizeof(message_long), secp256k1_generator_h)); | ||||||
|             CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); |             CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); | ||||||
|             CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); |             CHECK(secp256k1_memcmp_var(blindout, blind, 32) == 0); | ||||||
|             CHECK(vout == v); |             CHECK(vout == v); | ||||||
|             CHECK(minv == v); |             CHECK(minv == v); | ||||||
| @ -333,41 +335,41 @@ static void test_rangeproof(void) { | |||||||
|     } |     } | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     v = INT64_MAX - 1; |     v = INT64_MAX - 1; | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); | ||||||
|     for (i = 0; i < 19; i++) { |     for (i = 0; i < 19; i++) { | ||||||
|         len = 5134; |         len = 5134; | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 0, &commit, blind, commit.data, i, 0, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 0, &commit, blind, commit.data, i, 0, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 0)); |         CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 0)); | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(len <= 5134); |         CHECK(len <= 5134); | ||||||
|         CHECK(minv <= v); |         CHECK(minv <= v); | ||||||
|         CHECK(maxv >= v); |         CHECK(maxv >= v); | ||||||
|         /* Make sure it fails when validating with a committed message */ |         /* Make sure it fails when validating with a committed message */ | ||||||
|         CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); |         CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, message_short, sizeof(message_short), secp256k1_generator_h)); | ||||||
|     } |     } | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     { |     { | ||||||
|         /*Malleability test.*/ |         /*Malleability test.*/ | ||||||
|         v = secp256k1_testrandi64(0, 255); |         v = secp256k1_testrandi64(0, 255); | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); | ||||||
|         len = 5134; |         len = 5134; | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 0, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 0, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(len <= 5134); |         CHECK(len <= 5134); | ||||||
|         CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, 3)); |         CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, 3)); | ||||||
|         /* Test if trailing bytes are rejected. */ |         /* Test if trailing bytes are rejected. */ | ||||||
|         proof[len] = v; |         proof[len] = v; | ||||||
|         CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len + 1, NULL, 0, secp256k1_generator_h)); |         CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len + 1, NULL, 0, secp256k1_generator_h)); | ||||||
|         for (i = 0; i < len*8; i++) { |         for (i = 0; i < len*8; i++) { | ||||||
|             proof[i >> 3] ^= 1 << (i & 7); |             proof[i >> 3] ^= 1 << (i & 7); | ||||||
|             CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |             CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|             proof[i >> 3] ^= 1 << (i & 7); |             proof[i >> 3] ^= 1 << (i & 7); | ||||||
|         } |         } | ||||||
|         CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(minv <= v); |         CHECK(minv <= v); | ||||||
|         CHECK(maxv >= v); |         CHECK(maxv >= v); | ||||||
|     } |     } | ||||||
|     memcpy(&commit2, &commit, sizeof(commit)); |     memcpy(&commit2, &commit, sizeof(commit)); | ||||||
|     for (i = 0; i < (size_t) count; i++) { |     for (i = 0; i < (size_t) COUNT; i++) { | ||||||
|         int exp; |         int exp; | ||||||
|         int min_bits; |         int min_bits; | ||||||
|         v = secp256k1_testrandi64(0, UINT64_MAX >> (secp256k1_testrand32()&63)); |         v = secp256k1_testrandi64(0, UINT64_MAX >> (secp256k1_testrand32()&63)); | ||||||
| @ -376,7 +378,7 @@ static void test_rangeproof(void) { | |||||||
|             vmin = secp256k1_testrandi64(0, v); |             vmin = secp256k1_testrandi64(0, v); | ||||||
|         } |         } | ||||||
|         secp256k1_testrand256(blind); |         secp256k1_testrand256(blind); | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); | ||||||
|         len = 5134; |         len = 5134; | ||||||
|         exp = (int)secp256k1_testrandi64(0,18)-(int)secp256k1_testrandi64(0,18); |         exp = (int)secp256k1_testrandi64(0,18)-(int)secp256k1_testrandi64(0,18); | ||||||
|         if (exp < 0) { |         if (exp < 0) { | ||||||
| @ -386,11 +388,11 @@ static void test_rangeproof(void) { | |||||||
|         if (min_bits < 0) { |         if (min_bits < 0) { | ||||||
|             min_bits = -min_bits; |             min_bits = -min_bits; | ||||||
|         } |         } | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, vmin, &commit, blind, commit.data, exp, min_bits, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, vmin, &commit, blind, commit.data, exp, min_bits, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(len <= 5134); |         CHECK(len <= 5134); | ||||||
|         CHECK(len <= secp256k1_rangeproof_max_size(ctx, v, min_bits)); |         CHECK(len <= secp256k1_rangeproof_max_size(CTX, v, min_bits)); | ||||||
|         mlen = 4096; |         mlen = 4096; | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, message, &mlen, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|         for (j = 0; j < mlen; j++) { |         for (j = 0; j < mlen; j++) { | ||||||
|             CHECK(message[j] == 0); |             CHECK(message[j] == 0); | ||||||
|         } |         } | ||||||
| @ -399,7 +401,7 @@ static void test_rangeproof(void) { | |||||||
| 
 | 
 | ||||||
|         CHECK(minv <= v); |         CHECK(minv <= v); | ||||||
|         CHECK(maxv >= v); |         CHECK(maxv >= v); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_rewind(CTX, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|         memcpy(&commit2, &commit, sizeof(commit)); |         memcpy(&commit2, &commit, sizeof(commit)); | ||||||
|     } |     } | ||||||
|     for (j = 0; j < 3; j++) { |     for (j = 0; j < 3; j++) { | ||||||
| @ -408,10 +410,10 @@ static void test_rangeproof(void) { | |||||||
|         } |         } | ||||||
|         for (k = 0; k < 128; k += 3) { |         for (k = 0; k < 128; k += 3) { | ||||||
|             len = k; |             len = k; | ||||||
|             CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); |             CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|         } |         } | ||||||
|         len = secp256k1_testrandi64(0, 3072); |         len = secp256k1_testrandi64(0, 3072); | ||||||
|         CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); |         CHECK(!secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -423,26 +425,26 @@ static void test_rangeproof_null_blinder(void) { | |||||||
|     secp256k1_pedersen_commitment commit; |     secp256k1_pedersen_commitment commit; | ||||||
|     size_t len; |     size_t len; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, v, secp256k1_generator_h)); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, v, secp256k1_generator_h)); | ||||||
| 
 | 
 | ||||||
|     /* Try a 32-bit proof; should work */ |     /* Try a 32-bit proof; should work */ | ||||||
|     len = 5134; |     len = 5134; | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, 1, &commit, blind, commit.data, 0, 32, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, 1, &commit, blind, commit.data, 0, 32, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|     CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |     CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|     CHECK(minv == 1); |     CHECK(minv == 1); | ||||||
|     CHECK(maxv == 1ULL << 32); |     CHECK(maxv == 1ULL << 32); | ||||||
| 
 | 
 | ||||||
|     /* Try a 3-bit proof; should work */ |     /* Try a 3-bit proof; should work */ | ||||||
|     len = 5134; |     len = 5134; | ||||||
|     CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v - 1, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |     CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v - 1, &commit, blind, commit.data, 0, 3, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
|     CHECK(secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); |     CHECK(secp256k1_rangeproof_verify(CTX, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h)); | ||||||
|     CHECK(minv == 1110); |     CHECK(minv == 1110); | ||||||
|     CHECK(maxv == 1117); |     CHECK(maxv == 1117); | ||||||
| 
 | 
 | ||||||
|     /* But a 2-bits will not because then it does not have any subcommitments (which rerandomize
 |     /* But a 2-bits will not because then it does not have any subcommitments (which rerandomize
 | ||||||
|      * the blinding factors that get passed into the borromean logic ... passing 0s will fail) */ |      * the blinding factors that get passed into the borromean logic ... passing 0s will fail) */ | ||||||
|     len = 5134; |     len = 5134; | ||||||
|     CHECK(!secp256k1_rangeproof_sign(ctx, proof, &len, v - 1, &commit, blind, commit.data, 0, 2, v, NULL, 0, NULL, 0, secp256k1_generator_h)); |     CHECK(!secp256k1_rangeproof_sign(CTX, proof, &len, v - 1, &commit, blind, commit.data, 0, 2, v, NULL, 0, NULL, 0, secp256k1_generator_h)); | ||||||
| 
 | 
 | ||||||
|     /* Rewinding with 3-bits works */ |     /* Rewinding with 3-bits works */ | ||||||
|     { |     { | ||||||
| @ -457,8 +459,8 @@ static void test_rangeproof_null_blinder(void) { | |||||||
|         secp256k1_testrand256(&msg[32]); |         secp256k1_testrand256(&msg[32]); | ||||||
|         secp256k1_testrand256(&msg[64]); |         secp256k1_testrand256(&msg[64]); | ||||||
|         secp256k1_testrand256(&msg[96]); |         secp256k1_testrand256(&msg[96]); | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &len, v, &commit, blind, commit.data, 0, 3, v, msg, sizeof(msg), NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &len, v, &commit, blind, commit.data, 0, 3, v, msg, sizeof(msg), NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(secp256k1_rangeproof_rewind(ctx, blind_out, &value_out, msg_out, &msg_len, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h) != 0); |         CHECK(secp256k1_rangeproof_rewind(CTX, blind_out, &value_out, msg_out, &msg_len, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h) != 0); | ||||||
|         CHECK(secp256k1_memcmp_var(blind, blind_out, sizeof(blind)) == 0); |         CHECK(secp256k1_memcmp_var(blind, blind_out, sizeof(blind)) == 0); | ||||||
|         CHECK(secp256k1_memcmp_var(msg, msg_out, sizeof(msg)) == 0); |         CHECK(secp256k1_memcmp_var(msg, msg_out, sizeof(msg)) == 0); | ||||||
|         CHECK(value_out == v); |         CHECK(value_out == v); | ||||||
| @ -484,10 +486,10 @@ static void test_single_value_proof(uint64_t val) { | |||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(blind); |     secp256k1_testrand256(blind); | ||||||
|     secp256k1_testrand256(nonce); |     secp256k1_testrand256(nonce); | ||||||
|     CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h)); |     CHECK(secp256k1_pedersen_commit(CTX, &commit, blind, val, secp256k1_generator_h)); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_sign( |     CHECK(secp256k1_rangeproof_sign( | ||||||
|         ctx, |         CTX, | ||||||
|         proof, &plen, |         proof, &plen, | ||||||
|         val, /* min_val */ |         val, /* min_val */ | ||||||
|         &commit, blind, nonce, |         &commit, blind, nonce, | ||||||
| @ -501,7 +503,7 @@ static void test_single_value_proof(uint64_t val) { | |||||||
| 
 | 
 | ||||||
|     plen = sizeof(proof); |     plen = sizeof(proof); | ||||||
|     CHECK(secp256k1_rangeproof_sign( |     CHECK(secp256k1_rangeproof_sign( | ||||||
|         ctx, |         CTX, | ||||||
|         proof, &plen, |         proof, &plen, | ||||||
|         val, /* min_val */ |         val, /* min_val */ | ||||||
|         &commit, blind, nonce, |         &commit, blind, nonce, | ||||||
| @ -512,7 +514,7 @@ static void test_single_value_proof(uint64_t val) { | |||||||
|         NULL, 0, |         NULL, 0, | ||||||
|         secp256k1_generator_h |         secp256k1_generator_h | ||||||
|     ) == 1); |     ) == 1); | ||||||
|     CHECK(plen <= secp256k1_rangeproof_max_size(ctx, val, 0)); |     CHECK(plen <= secp256k1_rangeproof_max_size(CTX, val, 0)); | ||||||
| 
 | 
 | ||||||
|     /* Different proof sizes are unfortunate but is caused by `min_value` of
 |     /* Different proof sizes are unfortunate but is caused by `min_value` of
 | ||||||
|      * zero being special-cased and encoded more efficiently. */ |      * zero being special-cased and encoded more efficiently. */ | ||||||
| @ -523,7 +525,7 @@ static void test_single_value_proof(uint64_t val) { | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_verify( |     CHECK(secp256k1_rangeproof_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         &min_val_out, &max_val_out, |         &min_val_out, &max_val_out, | ||||||
|         &commit, |         &commit, | ||||||
|         proof, plen, |         proof, plen, | ||||||
| @ -536,7 +538,7 @@ static void test_single_value_proof(uint64_t val) { | |||||||
|     memset(message_out, 0, sizeof(message_out)); |     memset(message_out, 0, sizeof(message_out)); | ||||||
|     m_len_out = sizeof(message_out); |     m_len_out = sizeof(message_out); | ||||||
|     CHECK(secp256k1_rangeproof_rewind( |     CHECK(secp256k1_rangeproof_rewind( | ||||||
|         ctx, |         CTX, | ||||||
|         blind_out, &val_out, |         blind_out, &val_out, | ||||||
|         message_out, &m_len_out, |         message_out, &m_len_out, | ||||||
|         nonce, |         nonce, | ||||||
| @ -585,7 +587,7 @@ static void test_multiple_generators(void) { | |||||||
|         random_scalar_order(&s); |         random_scalar_order(&s); | ||||||
|         secp256k1_scalar_get_b32(pedersen_blind[i], &s); |         secp256k1_scalar_get_b32(pedersen_blind[i], &s); | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_generator_generate_blinded(ctx, &generator[i], generator_seed, generator_blind[i])); |         CHECK(secp256k1_generator_generate_blinded(CTX, &generator[i], generator_seed, generator_blind[i])); | ||||||
| 
 | 
 | ||||||
|         commit_ptr[i] = &commit[i]; |         commit_ptr[i] = &commit[i]; | ||||||
|     } |     } | ||||||
| @ -603,13 +605,13 @@ static void test_multiple_generators(void) { | |||||||
|     value[i] = total_value; |     value[i] = total_value; | ||||||
| 
 | 
 | ||||||
|     /* Correct for blinding factors and do the commitments */ |     /* Correct for blinding factors and do the commitments */ | ||||||
|     CHECK(secp256k1_pedersen_blind_generator_blind_sum(ctx, value, (const unsigned char * const *) generator_blind, pedersen_blind, n_generators, n_inputs)); |     CHECK(secp256k1_pedersen_blind_generator_blind_sum(CTX, value, (const unsigned char * const *) generator_blind, pedersen_blind, n_generators, n_inputs)); | ||||||
|     for (i = 0; i < n_generators; i++) { |     for (i = 0; i < n_generators; i++) { | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &commit[i], pedersen_blind[i], value[i], &generator[i])); |         CHECK(secp256k1_pedersen_commit(CTX, &commit[i], pedersen_blind[i], value[i], &generator[i])); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Verify */ |     /* Verify */ | ||||||
|     CHECK(secp256k1_pedersen_verify_tally(ctx, &commit_ptr[0], n_inputs, &commit_ptr[n_inputs], n_outputs)); |     CHECK(secp256k1_pedersen_verify_tally(CTX, &commit_ptr[0], n_inputs, &commit_ptr[n_inputs], n_outputs)); | ||||||
| 
 | 
 | ||||||
|     /* Cleanup */ |     /* Cleanup */ | ||||||
|     for (i = 0; i < n_generators; i++) { |     for (i = 0; i < n_generators; i++) { | ||||||
| @ -683,9 +685,9 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|         0x77, 0x47, 0xa4, 0xd3, 0x53, 0x17, 0xc6, 0x44, 0x30, 0x73, 0x84, 0xeb, 0x1f, 0xbe, 0xa1, 0xfb |         0x77, 0x47, 0xa4, 0xd3, 0x53, 0x17, 0xc6, 0x44, 0x30, 0x73, 0x84, 0xeb, 0x1f, 0xbe, 0xa1, 0xfb | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_1)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_1)); | ||||||
|     CHECK(secp256k1_rangeproof_verify( |     CHECK(secp256k1_rangeproof_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         &min_value, &max_value, |         &min_value, &max_value, | ||||||
|         &pc, |         &pc, | ||||||
|         vector_1, sizeof(vector_1), |         vector_1, sizeof(vector_1), | ||||||
| @ -696,7 +698,7 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|     CHECK(max_value == 25586); |     CHECK(max_value == 25586); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_rewind( |     CHECK(secp256k1_rangeproof_rewind( | ||||||
|         ctx, |         CTX, | ||||||
|         blind, &value, |         blind, &value, | ||||||
|         message, &m_len, |         message, &m_len, | ||||||
|         pc.data, |         pc.data, | ||||||
| @ -754,9 +756,9 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|     }; |     }; | ||||||
|     static const unsigned char message_2[] = "When I see my own likeness in the depths of someone else's consciousness,  I always experience a moment of panic."; |     static const unsigned char message_2[] = "When I see my own likeness in the depths of someone else's consciousness,  I always experience a moment of panic."; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_2)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_2)); | ||||||
|     CHECK(secp256k1_rangeproof_verify( |     CHECK(secp256k1_rangeproof_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         &min_value, &max_value, |         &min_value, &max_value, | ||||||
|         &pc, |         &pc, | ||||||
|         vector_2, sizeof(vector_2), |         vector_2, sizeof(vector_2), | ||||||
| @ -767,7 +769,7 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|     CHECK(max_value == 15); |     CHECK(max_value == 15); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_rewind( |     CHECK(secp256k1_rangeproof_rewind( | ||||||
|         ctx, |         CTX, | ||||||
|         blind, &value, |         blind, &value, | ||||||
|         message, &m_len, |         message, &m_len, | ||||||
|         pc.data, |         pc.data, | ||||||
| @ -812,9 +814,9 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|         0xc0, 0x6b, 0x9b, 0x4c, 0x02, 0xa6, 0xc8, 0xf6, 0xc0, 0x34, 0xea, 0x35, 0x57, 0xf4, 0xe1, 0x37 |         0xc0, 0x6b, 0x9b, 0x4c, 0x02, 0xa6, 0xc8, 0xf6, 0xc0, 0x34, 0xea, 0x35, 0x57, 0xf4, 0xe1, 0x37 | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_3)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit_3)); | ||||||
|     CHECK(secp256k1_rangeproof_verify( |     CHECK(secp256k1_rangeproof_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         &min_value, &max_value, |         &min_value, &max_value, | ||||||
|         &pc, |         &pc, | ||||||
|         vector_3, sizeof(vector_3), |         vector_3, sizeof(vector_3), | ||||||
| @ -825,7 +827,7 @@ void test_rangeproof_fixed_vectors(void) { | |||||||
|     CHECK(max_value == UINT64_MAX); |     CHECK(max_value == UINT64_MAX); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_rangeproof_rewind( |     CHECK(secp256k1_rangeproof_rewind( | ||||||
|         ctx, |         CTX, | ||||||
|         blind, &value, |         blind, &value, | ||||||
|         message, &m_len, |         message, &m_len, | ||||||
|         nonce_3, |         nonce_3, | ||||||
| @ -866,7 +868,7 @@ static void print_vector(int i, unsigned char *proof, size_t p_len, secp256k1_pe | |||||||
|     printf("unsigned char vector_%d[] = {\n", i); |     printf("unsigned char vector_%d[] = {\n", i); | ||||||
|     print_vector_helper(proof, p_len); |     print_vector_helper(proof, p_len); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_serialize(ctx, commit_output, commit)); |     CHECK(secp256k1_pedersen_commitment_serialize(CTX, commit_output, commit)); | ||||||
|     printf("unsigned char commit_%d[] = {\n", i); |     printf("unsigned char commit_%d[] = {\n", i); | ||||||
|     print_vector_helper(commit_output, sizeof(commit_output)); |     print_vector_helper(commit_output, sizeof(commit_output)); | ||||||
| } | } | ||||||
| @ -887,9 +889,9 @@ void test_rangeproof_fixed_vectors_reproducible_helper(unsigned char *vector, si | |||||||
|     secp256k1_pedersen_commitment pc; |     secp256k1_pedersen_commitment pc; | ||||||
|     unsigned char blind_r[32]; |     unsigned char blind_r[32]; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit)); |     CHECK(secp256k1_pedersen_commitment_parse(CTX, &pc, commit)); | ||||||
|     CHECK(secp256k1_rangeproof_verify( |     CHECK(secp256k1_rangeproof_verify( | ||||||
|         ctx, |         CTX, | ||||||
|         min_value_r, max_value_r, |         min_value_r, max_value_r, | ||||||
|         &pc, |         &pc, | ||||||
|         vector, vector_len, |         vector, vector_len, | ||||||
| @ -899,7 +901,7 @@ void test_rangeproof_fixed_vectors_reproducible_helper(unsigned char *vector, si | |||||||
| 
 | 
 | ||||||
|     *m_len_r = SECP256K1_RANGEPROOF_MAX_MESSAGE_LEN; |     *m_len_r = SECP256K1_RANGEPROOF_MAX_MESSAGE_LEN; | ||||||
|     CHECK(secp256k1_rangeproof_rewind( |     CHECK(secp256k1_rangeproof_rewind( | ||||||
|         ctx, |         CTX, | ||||||
|         blind_r, value_r, |         blind_r, value_r, | ||||||
|         message_r, m_len_r, |         message_r, m_len_r, | ||||||
|         vector_nonce, |         vector_nonce, | ||||||
| @ -1261,9 +1263,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { | |||||||
|             0xef, |             0xef, | ||||||
|         }; |         }; | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); |         CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); | ||||||
|         CHECK(p_len == sizeof(proof)); |         CHECK(p_len == sizeof(proof)); | ||||||
|         /* Uncomment the next line to print the test vector */ |         /* Uncomment the next line to print the test vector */ | ||||||
|         /* print_vector(0, proof, p_len, &pc); */ |         /* print_vector(0, proof, p_len, &pc); */ | ||||||
| @ -1315,9 +1317,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { | |||||||
|             0x66, 0x16, 0x2e, 0x44, 0xc8, 0x65, 0x8e, 0xe6, 0x3a, 0x1a, 0x57, 0x2c, 0xb9, 0x6c, 0x07, 0x85, |             0x66, 0x16, 0x2e, 0x44, 0xc8, 0x65, 0x8e, 0xe6, 0x3a, 0x1a, 0x57, 0x2c, 0xb9, 0x6c, 0x07, 0x85, | ||||||
|             0xf0, |             0xf0, | ||||||
|         }; |         }; | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); |         CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); | ||||||
|         CHECK(p_len == sizeof(proof)); |         CHECK(p_len == sizeof(proof)); | ||||||
|         /* Uncomment the next line to print the test vector */ |         /* Uncomment the next line to print the test vector */ | ||||||
|         /* print_vector(1, proof, p_len, &pc); */ |         /* print_vector(1, proof, p_len, &pc); */ | ||||||
| @ -1361,9 +1363,9 @@ void test_rangeproof_fixed_vectors_reproducible(void) { | |||||||
|             0x70, |             0x70, | ||||||
|         }; |         }; | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_pedersen_commit(ctx, &pc, vector_blind, value, secp256k1_generator_h)); |         CHECK(secp256k1_pedersen_commit(CTX, &pc, vector_blind, value, secp256k1_generator_h)); | ||||||
|         CHECK(secp256k1_rangeproof_sign(ctx, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); |         CHECK(secp256k1_rangeproof_sign(CTX, proof, &p_len, min_value, &pc, vector_blind, vector_nonce, exp, min_bits, value, message, m_len, NULL, 0, secp256k1_generator_h)); | ||||||
|         CHECK(p_len <= secp256k1_rangeproof_max_size(ctx, value, min_bits)); |         CHECK(p_len <= secp256k1_rangeproof_max_size(CTX, value, min_bits)); | ||||||
|         CHECK(p_len == sizeof(proof)); |         CHECK(p_len == sizeof(proof)); | ||||||
|         /* Uncomment the next line to print the test vector */ |         /* Uncomment the next line to print the test vector */ | ||||||
|         /* print_vector(2, proof, p_len, &pc); */ |         /* print_vector(2, proof, p_len, &pc); */ | ||||||
| @ -1390,7 +1392,7 @@ void run_rangeproof_tests(void) { | |||||||
| 
 | 
 | ||||||
|     test_rangeproof_fixed_vectors(); |     test_rangeproof_fixed_vectors(); | ||||||
|     test_rangeproof_fixed_vectors_reproducible(); |     test_rangeproof_fixed_vectors_reproducible(); | ||||||
|     for (i = 0; i < count / 2 + 1; i++) { |     for (i = 0; i < COUNT / 2 + 1; i++) { | ||||||
|         test_borromean(); |         test_borromean(); | ||||||
|     } |     } | ||||||
|     test_rangeproof(); |     test_rangeproof(); | ||||||
|  | |||||||
| @ -30,7 +30,6 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c | |||||||
| 
 | 
 | ||||||
| void test_ecdsa_recovery_api(void) { | void test_ecdsa_recovery_api(void) { | ||||||
|     /* Setup contexts that just count errors */ |     /* Setup contexts that just count errors */ | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     secp256k1_pubkey pubkey; |     secp256k1_pubkey pubkey; | ||||||
|     secp256k1_pubkey recpubkey; |     secp256k1_pubkey recpubkey; | ||||||
|     secp256k1_ecdsa_signature normal_sig; |     secp256k1_ecdsa_signature normal_sig; | ||||||
| @ -46,85 +45,86 @@ void test_ecdsa_recovery_api(void) { | |||||||
|                                        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |                                        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | ||||||
|                                        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; |                                        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     /* Construct and verify corresponding public key. */ |     /* Construct and verify corresponding public key. */ | ||||||
|     CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); |     CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Check bad contexts and NULLs for signing */ |     /* Check bad contexts and NULLs for signing */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, NULL, message, privkey, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, NULL, privkey, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, NULL, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(sttc, &recsig, message, privkey, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ |     /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ | ||||||
|     secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, recovery_test_nonce_function, NULL); |     secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     /* These will all fail, but not in ARG_CHECK way */ |     /* These will all fail, but not in ARG_CHECK way */ | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, zero_privkey, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, over_privkey, NULL, NULL) == 0); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0); | ||||||
|     /* This one will succeed. */ |     /* This one will succeed. */ | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
| 
 | 
 | ||||||
|     /* Check signing with a goofy nonce function */ |     /* Check signing with a goofy nonce function */ | ||||||
| 
 | 
 | ||||||
|     /* Check bad contexts and NULLs for recovery */ |     /* Check bad contexts and NULLs for recovery */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, message) == 1); |     CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, NULL, &recsig, message) == 0); |     CHECK(secp256k1_ecdsa_recover(CTX, NULL, &recsig, message) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, NULL, message) == 0); |     CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &recsig, NULL) == 0); |     CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     /* Check NULLs for conversion */ |     /* Check NULLs for conversion */ | ||||||
|     CHECK(secp256k1_ecdsa_sign(ctx, &normal_sig, message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, NULL, &recsig) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &normal_sig, NULL) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &normal_sig, &recsig) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Check NULLs for de/serialization */ |     /* Check NULLs for de/serialization */ | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &recsig, message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, NULL, &recid, &recsig) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, NULL, &recsig) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, NULL) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recsig) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &recsig) == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, NULL, sig, recid) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, NULL, recid) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, -1) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, 5) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5) == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
|     /* overflow in signature will fail but not affect ecount */ |     /* overflow in signature will fail but not affect ecount */ | ||||||
|     memcpy(sig, over_privkey, 32); |     memcpy(sig, over_privkey, 32); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &recsig, sig, recid) == 0); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, recid) == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
| 
 | 
 | ||||||
|     /* cleanup */ |     /* cleanup */ | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_ecdsa_recovery_end_to_end(void) { | void test_ecdsa_recovery_end_to_end(void) { | ||||||
| @ -148,40 +148,40 @@ void test_ecdsa_recovery_end_to_end(void) { | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Construct and verify corresponding public key. */ |     /* Construct and verify corresponding public key. */ | ||||||
|     CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1); |     CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Serialize/parse compact and verify/recover. */ |     /* Serialize/parse compact and verify/recover. */ | ||||||
|     extra[0] = 0; |     extra[0] = 0; | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[0], message, privkey, NULL, NULL) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_sign(ctx, &signature[0], message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[4], message, privkey, NULL, NULL) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[1], message, privkey, NULL, extra) == 1); | ||||||
|     extra[31] = 1; |     extra[31] = 1; | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[2], message, privkey, NULL, extra) == 1); | ||||||
|     extra[31] = 0; |     extra[31] = 0; | ||||||
|     extra[0] = 1; |     extra[0] = 1; | ||||||
|     CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1); |     CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[3], message, privkey, NULL, extra) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0); |     CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); |     CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); | ||||||
|     memset(&rsignature[4], 0, sizeof(rsignature[4])); |     memset(&rsignature[4], 0, sizeof(rsignature[4])); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1); |     CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); | ||||||
|     /* Parse compact (with recovery id) and recover. */ |     /* Parse compact (with recovery id) and recover. */ | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1); |     CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); |     CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); | ||||||
|     /* Serialize/destroy/parse signature and verify again. */ |     /* Serialize/destroy/parse signature and verify again. */ | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); | ||||||
|     sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255); |     sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1); |     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); | ||||||
|     CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0); |     CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0); | ||||||
|     /* Recover again */ |     /* Recover again */ | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 || |     CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 0 || | ||||||
|           secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); |           secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -222,14 +222,14 @@ void test_ecdsa_recovery_edge_cases(void) { | |||||||
|     secp256k1_ecdsa_signature sig; |     secp256k1_ecdsa_signature sig; | ||||||
|     int recid; |     int recid; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0)); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 0)); | ||||||
|     CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); |     CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1)); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 1)); | ||||||
|     CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); |     CHECK(secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2)); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 2)); | ||||||
|     CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); |     CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); | ||||||
|     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3)); |     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 3)); | ||||||
|     CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32)); |     CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); | ||||||
| 
 | 
 | ||||||
|     for (recid = 0; recid < 4; recid++) { |     for (recid = 0; recid < 4; recid++) { | ||||||
|         int i; |         int i; | ||||||
| @ -274,40 +274,40 @@ void test_ecdsa_recovery_edge_cases(void) { | |||||||
|             0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, |             0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, | ||||||
|             0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 |             0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 | ||||||
|         }; |         }; | ||||||
|         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1); |         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1); |         CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 1); | ||||||
|         for (recid2 = 0; recid2 < 4; recid2++) { |         for (recid2 = 0; recid2 < 4; recid2++) { | ||||||
|             secp256k1_pubkey pubkey2b; |             secp256k1_pubkey pubkey2b; | ||||||
|             CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1); |             CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid2) == 1); | ||||||
|             CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1); |             CHECK(secp256k1_ecdsa_recover(CTX, &pubkey2b, &rsig, msg32) == 1); | ||||||
|             /* Verifying with (order + r,4) should always fail. */ |             /* Verifying with (order + r,4) should always fail. */ | ||||||
|             CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 1); |             CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderlong, sizeof(sigbderlong)) == 1); | ||||||
|             CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); |             CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); | ||||||
|         } |         } | ||||||
|         /* DER parsing tests. */ |         /* DER parsing tests. */ | ||||||
|         /* Zero length r/s. */ |         /* Zero length r/s. */ | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); | ||||||
|         /* Leading zeros. */ |         /* Leading zeros. */ | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); | ||||||
|         sigbderalt3[4] = 1; |         sigbderalt3[4] = 1; | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); | ||||||
|         sigbderalt4[7] = 1; |         sigbderalt4[7] = 1; | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); | ||||||
|         /* Damage signature. */ |         /* Damage signature. */ | ||||||
|         sigbder[7]++; |         sigbder[7]++; | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); | ||||||
|         sigbder[7]--; |         sigbder[7]--; | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, 6) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder) - 1) == 0); | ||||||
|         for(i = 0; i < 8; i++) { |         for(i = 0; i < 8; i++) { | ||||||
|             int c; |             int c; | ||||||
|             unsigned char orig = sigbder[i]; |             unsigned char orig = sigbder[i]; | ||||||
| @ -317,7 +317,7 @@ void test_ecdsa_recovery_edge_cases(void) { | |||||||
|                     continue; |                     continue; | ||||||
|                 } |                 } | ||||||
|                 sigbder[i] = c; |                 sigbder[i] = c; | ||||||
|                 CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0); |                 CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); | ||||||
|             } |             } | ||||||
|             sigbder[i] = orig; |             sigbder[i] = orig; | ||||||
|         } |         } | ||||||
| @ -338,33 +338,33 @@ void test_ecdsa_recovery_edge_cases(void) { | |||||||
|             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, |             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, | ||||||
|         }; |         }; | ||||||
|         secp256k1_pubkey pubkeyc; |         secp256k1_pubkey pubkeyc; | ||||||
|         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); |         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1); |         CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyc, &rsig, msg32) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 1); | ||||||
|         sigcder[4] = 0; |         sigcder[4] = 0; | ||||||
|         sigc64[31] = 0; |         sigc64[31] = 0; | ||||||
|         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); |         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); |         CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); | ||||||
|         sigcder[4] = 1; |         sigcder[4] = 1; | ||||||
|         sigcder[7] = 0; |         sigcder[7] = 0; | ||||||
|         sigc64[31] = 1; |         sigc64[31] = 1; | ||||||
|         sigc64[63] = 0; |         sigc64[63] = 0; | ||||||
|         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1); |         CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0); |         CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); | ||||||
|         CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1); |         CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); | ||||||
|         CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0); |         CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void run_recovery_tests(void) { | void run_recovery_tests(void) { | ||||||
|     int i; |     int i; | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         test_ecdsa_recovery_api(); |         test_ecdsa_recovery_api(); | ||||||
|     } |     } | ||||||
|     for (i = 0; i < 64*count; i++) { |     for (i = 0; i < 64*COUNT; i++) { | ||||||
|         test_ecdsa_recovery_end_to_end(); |         test_ecdsa_recovery_end_to_end(); | ||||||
|     } |     } | ||||||
|     test_ecdsa_recovery_edge_cases(); |     test_ecdsa_recovery_edge_cases(); | ||||||
|  | |||||||
| @ -72,7 +72,7 @@ void run_nonce_function_bip340_tests(void) { | |||||||
|     args[2] = pk; |     args[2] = pk; | ||||||
|     args[3] = algo; |     args[3] = algo; | ||||||
|     args[4] = aux_rand; |     args[4] = aux_rand; | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         nonce_function_bip340_bitflip(args, 0, 32, msglen, algolen); |         nonce_function_bip340_bitflip(args, 0, 32, msglen, algolen); | ||||||
|         nonce_function_bip340_bitflip(args, 1, 32, msglen, algolen); |         nonce_function_bip340_bitflip(args, 1, 32, msglen, algolen); | ||||||
|         nonce_function_bip340_bitflip(args, 2, 32, msglen, algolen); |         nonce_function_bip340_bitflip(args, 2, 32, msglen, algolen); | ||||||
| @ -90,7 +90,7 @@ void run_nonce_function_bip340_tests(void) { | |||||||
|     secp256k1_testrand_bytes_test(algo, algolen); |     secp256k1_testrand_bytes_test(algo, algolen); | ||||||
|     CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1); |     CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1); | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         unsigned char nonce2[32]; |         unsigned char nonce2[32]; | ||||||
|         uint32_t offset = secp256k1_testrand_int(msglen - 1); |         uint32_t offset = secp256k1_testrand_int(msglen - 1); | ||||||
|         size_t msglen_tmp = (msglen + offset) % msglen; |         size_t msglen_tmp = (msglen + offset) % msglen; | ||||||
| @ -128,77 +128,77 @@ void test_schnorrsig_api(void) { | |||||||
|     secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL}; |     secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL}; | ||||||
| 
 | 
 | ||||||
|     /** setup **/ |     /** setup **/ | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |     int ecount = 0; | ||||||
|     int ecount; |  | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk1); |     secp256k1_testrand256(sk1); | ||||||
|     secp256k1_testrand256(sk2); |     secp256k1_testrand256(sk2); | ||||||
|     secp256k1_testrand256(sk3); |     secp256k1_testrand256(sk3); | ||||||
|     secp256k1_testrand256(msg); |     secp256k1_testrand256(msg); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypairs[0], sk1) == 1); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypairs[1], sk2) == 1); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypairs[2], sk3) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[0], NULL, &keypairs[0]) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[1], NULL, &keypairs[1]) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[2], NULL, &keypairs[2]) == 1); | ||||||
|     memset(&zero_pk, 0, sizeof(zero_pk)); |     memset(&zero_pk, 0, sizeof(zero_pk)); | ||||||
| 
 | 
 | ||||||
|     /** main test body **/ |     /** main test body **/ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypairs[0], NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, NULL, msg, &keypairs[0], NULL) == 0); |     CHECK(secp256k1_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, NULL, &keypairs[0], NULL) == 0); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, NULL, NULL) == 0); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, NULL, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &invalid_keypair, NULL) == 0); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(sttc, sig, msg, &keypairs[0], NULL) == 0); |     CHECK(secp256k1_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, NULL, 0, &keypairs[0], &extraparams) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, 0, &keypairs[0], &extraparams) == 1); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), NULL, &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(sttc, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
| 
 | 
 | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypairs[0], NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk[0]) == 1); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk[0]) == 1); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, NULL, msg, sizeof(msg), &pk[0]) == 0); |     CHECK(secp256k1_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0]) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, NULL, sizeof(msg), &pk[0]) == 0); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0]) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, NULL, 0, &pk[0]) == 0); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, 0, &pk[0]) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), NULL) == 0); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &zero_pk) == 0); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the
 | /* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the
 | ||||||
| @ -220,14 +220,14 @@ void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const un | |||||||
|     secp256k1_keypair keypair; |     secp256k1_keypair keypair; | ||||||
|     secp256k1_xonly_pubkey pk, pk_expected; |     secp256k1_xonly_pubkey pk, pk_expected; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg32, &keypair, aux_rand)); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg32, &keypair, aux_rand)); | ||||||
|     CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0); |     CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk_expected, pk_serialized)); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk_expected, pk_serialized)); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); | ||||||
|     CHECK(secp256k1_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); |     CHECK(secp256k1_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg32, 32, &pk)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Helper function for schnorrsig_bip_vectors
 | /* Helper function for schnorrsig_bip_vectors
 | ||||||
| @ -235,8 +235,8 @@ void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const un | |||||||
| void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected) { | void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected) { | ||||||
|     secp256k1_xonly_pubkey pk; |     secp256k1_xonly_pubkey pk; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk, pk_serialized)); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk, pk_serialized)); | ||||||
|     CHECK(expected == secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk)); |     CHECK(expected == secp256k1_schnorrsig_verify(CTX, sig, msg32, 32, &pk)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See
 | /* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See
 | ||||||
| @ -434,7 +434,7 @@ void test_schnorrsig_bip_vectors(void) { | |||||||
|         }; |         }; | ||||||
|         secp256k1_xonly_pubkey pk_parsed; |         secp256k1_xonly_pubkey pk_parsed; | ||||||
|         /* No need to check the signature of the test vector as parsing the pubkey already fails */ |         /* No need to check the signature of the test vector as parsing the pubkey already fails */ | ||||||
|         CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); |         CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); | ||||||
|     } |     } | ||||||
|     { |     { | ||||||
|         /* Test vector 6 */ |         /* Test vector 6 */ | ||||||
| @ -654,7 +654,7 @@ void test_schnorrsig_bip_vectors(void) { | |||||||
|         }; |         }; | ||||||
|         secp256k1_xonly_pubkey pk_parsed; |         secp256k1_xonly_pubkey pk_parsed; | ||||||
|         /* No need to check the signature of the test vector as parsing the pubkey already fails */ |         /* No need to check the signature of the test vector as parsing the pubkey already fails */ | ||||||
|         CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk)); |         CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -712,36 +712,36 @@ void test_schnorrsig_sign(void) { | |||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     secp256k1_testrand256(aux_rand); |     secp256k1_testrand256(aux_rand); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); | ||||||
|     /* Check that deprecated alias gives the same result */ |     /* Check that deprecated alias gives the same result */ | ||||||
|     CHECK(secp256k1_schnorrsig_sign(ctx, sig2, msg, &keypair, NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign(CTX, sig2, msg, &keypair, NULL) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); |     CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); | ||||||
| 
 | 
 | ||||||
|     /* Test different nonce functions */ |     /* Test different nonce functions */ | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); | ||||||
|     memset(sig, 1, sizeof(sig)); |     memset(sig, 1, sizeof(sig)); | ||||||
|     extraparams.noncefp = nonce_function_failing; |     extraparams.noncefp = nonce_function_failing; | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); |     CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); | ||||||
|     memset(&sig, 1, sizeof(sig)); |     memset(&sig, 1, sizeof(sig)); | ||||||
|     extraparams.noncefp = nonce_function_0; |     extraparams.noncefp = nonce_function_0; | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); | ||||||
|     CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); |     CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); | ||||||
|     memset(&sig, 1, sizeof(sig)); |     memset(&sig, 1, sizeof(sig)); | ||||||
|     extraparams.noncefp = nonce_function_overflowing; |     extraparams.noncefp = nonce_function_overflowing; | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); | ||||||
| 
 | 
 | ||||||
|     /* When using the default nonce function, schnorrsig_sign_custom produces
 |     /* When using the default nonce function, schnorrsig_sign_custom produces
 | ||||||
|      * the same result as schnorrsig_sign with aux_rand = extraparams.ndata */ |      * the same result as schnorrsig_sign with aux_rand = extraparams.ndata */ | ||||||
|     extraparams.noncefp = NULL; |     extraparams.noncefp = NULL; | ||||||
|     extraparams.ndata = aux_rand; |     extraparams.ndata = aux_rand; | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig2, msg, &keypair, extraparams.ndata) == 1); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig2, msg, &keypair, extraparams.ndata) == 1); | ||||||
|     CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); |     CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -759,13 +759,13 @@ void test_schnorrsig_sign_verify(void) { | |||||||
|     secp256k1_scalar s; |     secp256k1_scalar s; | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < N_SIGS; i++) { |     for (i = 0; i < N_SIGS; i++) { | ||||||
|         secp256k1_testrand256(msg[i]); |         secp256k1_testrand256(msg[i]); | ||||||
|         CHECK(secp256k1_schnorrsig_sign32(ctx, sig[i], msg[i], &keypair, NULL)); |         CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL)); | ||||||
|         CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], sizeof(msg[i]), &pk)); |         CHECK(secp256k1_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk)); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     { |     { | ||||||
| @ -775,40 +775,40 @@ void test_schnorrsig_sign_verify(void) { | |||||||
|         size_t byte_idx = secp256k1_testrand_bits(5); |         size_t byte_idx = secp256k1_testrand_bits(5); | ||||||
|         unsigned char xorbyte = secp256k1_testrand_int(254)+1; |         unsigned char xorbyte = secp256k1_testrand_int(254)+1; | ||||||
|         sig[sig_idx][byte_idx] ^= xorbyte; |         sig[sig_idx][byte_idx] ^= xorbyte; | ||||||
|         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); |         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); | ||||||
|         sig[sig_idx][byte_idx] ^= xorbyte; |         sig[sig_idx][byte_idx] ^= xorbyte; | ||||||
| 
 | 
 | ||||||
|         byte_idx = secp256k1_testrand_bits(5); |         byte_idx = secp256k1_testrand_bits(5); | ||||||
|         sig[sig_idx][32+byte_idx] ^= xorbyte; |         sig[sig_idx][32+byte_idx] ^= xorbyte; | ||||||
|         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); |         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); | ||||||
|         sig[sig_idx][32+byte_idx] ^= xorbyte; |         sig[sig_idx][32+byte_idx] ^= xorbyte; | ||||||
| 
 | 
 | ||||||
|         byte_idx = secp256k1_testrand_bits(5); |         byte_idx = secp256k1_testrand_bits(5); | ||||||
|         msg[sig_idx][byte_idx] ^= xorbyte; |         msg[sig_idx][byte_idx] ^= xorbyte; | ||||||
|         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); |         CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); | ||||||
|         msg[sig_idx][byte_idx] ^= xorbyte; |         msg[sig_idx][byte_idx] ^= xorbyte; | ||||||
| 
 | 
 | ||||||
|         /* Check that above bitflips have been reversed correctly */ |         /* Check that above bitflips have been reversed correctly */ | ||||||
|         CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); |         CHECK(secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Test overflowing s */ |     /* Test overflowing s */ | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); | ||||||
|     memset(&sig[0][32], 0xFF, 32); |     memset(&sig[0][32], 0xFF, 32); | ||||||
|     CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); |     CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); | ||||||
| 
 | 
 | ||||||
|     /* Test negative s */ |     /* Test negative s */ | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); | ||||||
|     secp256k1_scalar_set_b32(&s, &sig[0][32], NULL); |     secp256k1_scalar_set_b32(&s, &sig[0][32], NULL); | ||||||
|     secp256k1_scalar_negate(&s, &s); |     secp256k1_scalar_negate(&s, &s); | ||||||
|     secp256k1_scalar_get_b32(&sig[0][32], &s); |     secp256k1_scalar_get_b32(&sig[0][32], &s); | ||||||
|     CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk)); |     CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); | ||||||
| 
 | 
 | ||||||
|     /* The empty message can be signed & verified */ |     /* The empty message can be signed & verified */ | ||||||
|     CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], NULL, 0, &keypair, NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], NULL, 0, &keypair, NULL) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], NULL, 0, &pk) == 1); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], NULL, 0, &pk) == 1); | ||||||
| 
 | 
 | ||||||
|     { |     { | ||||||
|         /* Test varying message lengths */ |         /* Test varying message lengths */ | ||||||
| @ -817,11 +817,11 @@ void test_schnorrsig_sign_verify(void) { | |||||||
|         for (i = 0; i < sizeof(msg_large); i += 32) { |         for (i = 0; i < sizeof(msg_large); i += 32) { | ||||||
|             secp256k1_testrand256(&msg_large[i]); |             secp256k1_testrand256(&msg_large[i]); | ||||||
|         } |         } | ||||||
|         CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], msg_large, msglen, &keypair, NULL) == 1); |         CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1); | ||||||
|         CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 1); |         CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1); | ||||||
|         /* Verification for a random wrong message length fails */ |         /* Verification for a random wrong message length fails */ | ||||||
|         msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large); |         msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large); | ||||||
|         CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 0); |         CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| #undef N_SIGS | #undef N_SIGS | ||||||
| @ -840,26 +840,26 @@ void test_schnorrsig_taproot(void) { | |||||||
| 
 | 
 | ||||||
|     /* Create output key */ |     /* Create output key */ | ||||||
|     secp256k1_testrand256(sk); |     secp256k1_testrand256(sk); | ||||||
|     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1); |     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); | ||||||
|     /* In actual taproot the tweak would be hash of internal_pk */ |     /* In actual taproot the tweak would be hash of internal_pk */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, tweak, &internal_pk) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1); |     CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); | ||||||
|     CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1); |     CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Key spend */ |     /* Key spend */ | ||||||
|     secp256k1_testrand256(msg); |     secp256k1_testrand256(msg); | ||||||
|     CHECK(secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL) == 1); |     CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); | ||||||
|     /* Verify key spend */ |     /* Verify key spend */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1); | ||||||
|     CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &output_pk) == 1); |     CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &output_pk) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Script spend */ |     /* Script spend */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1); |     CHECK(secp256k1_xonly_pubkey_serialize(CTX, internal_pk_bytes, &internal_pk) == 1); | ||||||
|     /* Verify script spend */ |     /* Verify script spend */ | ||||||
|     CHECK(secp256k1_xonly_pubkey_parse(ctx, &internal_pk, internal_pk_bytes) == 1); |     CHECK(secp256k1_xonly_pubkey_parse(CTX, &internal_pk, internal_pk_bytes) == 1); | ||||||
|     CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); |     CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void run_schnorrsig_tests(void) { | void run_schnorrsig_tests(void) { | ||||||
| @ -869,7 +869,7 @@ void run_schnorrsig_tests(void) { | |||||||
|     test_schnorrsig_api(); |     test_schnorrsig_api(); | ||||||
|     test_schnorrsig_sha256_tagged(); |     test_schnorrsig_sha256_tagged(); | ||||||
|     test_schnorrsig_bip_vectors(); |     test_schnorrsig_bip_vectors(); | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         test_schnorrsig_sign(); |         test_schnorrsig_sign(); | ||||||
|         test_schnorrsig_sign_verify(); |         test_schnorrsig_sign_verify(); | ||||||
|     } |     } | ||||||
|  | |||||||
| @ -15,7 +15,6 @@ | |||||||
| 
 | 
 | ||||||
| static void test_surjectionproof_api(void) { | static void test_surjectionproof_api(void) { | ||||||
|     unsigned char seed[32]; |     unsigned char seed[32]; | ||||||
|     secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_static); |  | ||||||
|     secp256k1_fixed_asset_tag fixed_input_tags[10]; |     secp256k1_fixed_asset_tag fixed_input_tags[10]; | ||||||
|     secp256k1_fixed_asset_tag fixed_output_tag; |     secp256k1_fixed_asset_tag fixed_output_tag; | ||||||
|     secp256k1_generator ephemeral_input_tags[10]; |     secp256k1_generator ephemeral_input_tags[10]; | ||||||
| @ -32,54 +31,54 @@ static void test_surjectionproof_api(void) { | |||||||
|     size_t i; |     size_t i; | ||||||
| 
 | 
 | ||||||
|     secp256k1_testrand256(seed); |     secp256k1_testrand256(seed); | ||||||
|     secp256k1_context_set_error_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_error_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(ctx, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(CTX, counting_illegal_callback_fn, &ecount); | ||||||
|     secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); |     secp256k1_context_set_illegal_callback(STATIC_CTX, counting_illegal_callback_fn, &ecount); | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|     for (i = 0; i < n_inputs; i++) { |     for (i = 0; i < n_inputs; i++) { | ||||||
|         secp256k1_testrand256(input_blinding_key[i]); |         secp256k1_testrand256(input_blinding_key[i]); | ||||||
|         secp256k1_testrand256(fixed_input_tags[i].data); |         secp256k1_testrand256(fixed_input_tags[i].data); | ||||||
|         CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); |         CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); | ||||||
|     } |     } | ||||||
|     secp256k1_testrand256(output_blinding_key); |     secp256k1_testrand256(output_blinding_key); | ||||||
|     memcpy(&fixed_output_tag, &fixed_input_tags[0], sizeof(fixed_input_tags[0])); |     memcpy(&fixed_output_tag, &fixed_input_tags[0], sizeof(fixed_input_tags[0])); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_output_tag, fixed_output_tag.data, output_blinding_key)); |     CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_output_tag, fixed_output_tag.data, output_blinding_key)); | ||||||
| 
 | 
 | ||||||
|     /* check allocate_initialized */ |     /* check allocate_initialized */ | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); | ||||||
|     CHECK(proof_on_heap != 0); |     CHECK(proof_on_heap != 0); | ||||||
|     secp256k1_surjectionproof_destroy(proof_on_heap); |     secp256k1_surjectionproof_destroy(proof_on_heap); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); | ||||||
|     CHECK(proof_on_heap != 0); |     CHECK(proof_on_heap != 0); | ||||||
|     secp256k1_surjectionproof_destroy(proof_on_heap); |     secp256k1_surjectionproof_destroy(proof_on_heap); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK((secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); |     CHECK((secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK(secp256k1_surjectionproof_allocate_initialized(ctx, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); |     CHECK(secp256k1_surjectionproof_allocate_initialized(CTX, &proof_on_heap, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); | ||||||
|     CHECK(proof_on_heap == 0); |     CHECK(proof_on_heap == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
| 
 | 
 | ||||||
| @ -88,114 +87,117 @@ static void test_surjectionproof_api(void) { | |||||||
|     ecount = 0; |     ecount = 0; | ||||||
| 
 | 
 | ||||||
|     /* check initialize */ |     /* check initialize */ | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, NULL, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, NULL, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, NULL, n_inputs, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS + 1, 3, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], 100, seed) != 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs + 1, &fixed_input_tags[0], 100, seed) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, NULL, 100, seed) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK((secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); |     CHECK((secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 0, seed) & 1) == 0); | ||||||
|     CHECK(ecount == 6); |     CHECK(ecount == 6); | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], 100, NULL) == 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[0], 100, seed) != 0); | ||||||
|     /* check generate */ |     /* check generate */ | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); | ||||||
|     CHECK(ecount == 7); |     CHECK(ecount == 7); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(sttc, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(STATIC_CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 8); |     CHECK(ecount == 8); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 9); |     CHECK(ecount == 9); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, NULL, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, NULL, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, 0, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, 0, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 10); |     CHECK(ecount == 10); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, NULL, 0, input_blinding_key[0], output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, NULL, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 11); |     CHECK(ecount == 11); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 1, input_blinding_key[0], output_blinding_key) != 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 1, input_blinding_key[0], output_blinding_key) != 0); | ||||||
|     CHECK(ecount == 11);  /* the above line "succeeds" but generates an invalid proof as the input_index is wrong. it is fairly expensive to detect this. should we? */ |     CHECK(ecount == 11);  /* the above line "succeeds" but generates an invalid proof as the input_index is wrong. it is fairly expensive to detect this. should we? */ | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, n_inputs + 1, input_blinding_key[0], output_blinding_key) != 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, n_inputs + 1, input_blinding_key[0], output_blinding_key) != 0); | ||||||
|     CHECK(ecount == 11); |     CHECK(ecount == 11); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, NULL, output_blinding_key) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, NULL, output_blinding_key) == 0); | ||||||
|     CHECK(ecount == 12); |     CHECK(ecount == 12); | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], NULL) == 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], NULL) == 0); | ||||||
|     CHECK(ecount == 13); |     CHECK(ecount == 13); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) != 0); | ||||||
|     /* check verify */ |     /* check verify */ | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 1); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 1); | ||||||
|     CHECK(ecount == 13); |     CHECK(ecount == 13); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 0); |     CHECK(secp256k1_surjectionproof_verify(CTX, NULL, ephemeral_input_tags, n_inputs, &ephemeral_output_tag) == 0); | ||||||
|     CHECK(ecount == 14); |     CHECK(ecount == 14); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, NULL, n_inputs, &ephemeral_output_tag) == 0); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, NULL, n_inputs, &ephemeral_output_tag) == 0); | ||||||
|     CHECK(ecount == 15); |     CHECK(ecount == 15); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag) == 0); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs - 1, &ephemeral_output_tag) == 0); | ||||||
|     CHECK(ecount == 15); |     CHECK(ecount == 15); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag) == 0); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs + 1, &ephemeral_output_tag) == 0); | ||||||
|     CHECK(ecount == 15); |     CHECK(ecount == 15); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, NULL) == 0); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, NULL) == 0); | ||||||
|     CHECK(ecount == 16); |     CHECK(ecount == 16); | ||||||
| 
 | 
 | ||||||
|     /* Test how surjectionproof_generate fails when the proof was not created
 |     /* Test how surjectionproof_generate fails when the proof was not created
 | ||||||
|      * with surjectionproof_initialize */ |      * with surjectionproof_initialize */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); | ||||||
|     { |     { | ||||||
|         secp256k1_surjectionproof tmp_proof = proof; |         secp256k1_surjectionproof tmp_proof = proof; | ||||||
|         tmp_proof.n_inputs = 0; |         tmp_proof.n_inputs = 0; | ||||||
|         CHECK(secp256k1_surjectionproof_generate(ctx, &tmp_proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); |         CHECK(secp256k1_surjectionproof_generate(CTX, &tmp_proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 0); | ||||||
|     } |     } | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); |     CHECK(secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_output_tag, 0, input_blinding_key[0], output_blinding_key) == 1); | ||||||
| 
 | 
 | ||||||
|     /* Check serialize */ |     /* Check serialize */ | ||||||
|     ecount = 0; |     ecount = 0; | ||||||
|     serialized_len = sizeof(serialized_proof); |     serialized_len = sizeof(serialized_proof); | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) != 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) != 0); | ||||||
|     CHECK(ecount == 0); |     CHECK(ecount == 0); | ||||||
|     serialized_len = sizeof(serialized_proof); |     serialized_len = sizeof(serialized_proof); | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, NULL, &serialized_len, &proof) == 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, NULL, &serialized_len, &proof) == 0); | ||||||
|     CHECK(ecount == 1); |     CHECK(ecount == 1); | ||||||
|     serialized_len = sizeof(serialized_proof); |     serialized_len = sizeof(serialized_proof); | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, NULL, &proof) == 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, NULL, &proof) == 0); | ||||||
|     CHECK(ecount == 2); |     CHECK(ecount == 2); | ||||||
|     serialized_len = sizeof(serialized_proof); |     serialized_len = sizeof(serialized_proof); | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, NULL) == 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, NULL) == 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
| 
 | 
 | ||||||
|     serialized_len = sizeof(serialized_proof); |     serialized_len = sizeof(serialized_proof); | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) != 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) != 0); | ||||||
|     /* Check parse */ |     /* Check parse */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, serialized_len) != 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, serialized_len) != 0); | ||||||
|     CHECK(ecount == 3); |     CHECK(ecount == 3); | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, NULL, serialized_proof, serialized_len) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, NULL, serialized_proof, serialized_len) == 0); | ||||||
|     CHECK(ecount == 4); |     CHECK(ecount == 4); | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, NULL, serialized_len) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, NULL, serialized_len) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, 0) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, 0) == 0); | ||||||
|     CHECK(ecount == 5); |     CHECK(ecount == 5); | ||||||
| 
 | 
 | ||||||
|     secp256k1_context_destroy(sttc); |     secp256k1_context_set_error_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_error_callback(STATIC_CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(CTX, NULL, NULL); | ||||||
|  |     secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| static void test_input_selection(size_t n_inputs) { | static void test_input_selection(size_t n_inputs) { | ||||||
| @ -216,50 +218,50 @@ static void test_input_selection(size_t n_inputs) { | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* cannot match output when told to use zero keys */ |     /* cannot match output when told to use zero keys */ | ||||||
|     result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], try_count, seed); |     result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 0, &fixed_input_tags[0], try_count, seed); | ||||||
|     CHECK(result == 0); |     CHECK(result == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 0); |     CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 0); | ||||||
|     CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); |     CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); | ||||||
|     CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 34 + (n_inputs + 7) / 8); |     CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 34 + (n_inputs + 7) / 8); | ||||||
|     if (n_inputs > 0) { |     if (n_inputs > 0) { | ||||||
|         /* succeed in 100*n_inputs tries (probability of failure e^-100) */ |         /* succeed in 100*n_inputs tries (probability of failure e^-100) */ | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 1, &fixed_input_tags[0], try_count, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 1, &fixed_input_tags[0], try_count, seed); | ||||||
|         CHECK(result > 0); |         CHECK(result > 0); | ||||||
|         CHECK(result < n_inputs * 10); |         CHECK(result < n_inputs * 10); | ||||||
|         CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 1); |         CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 1); | ||||||
|         CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); |         CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); | ||||||
|         CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 66 + (n_inputs + 7) / 8); |         CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 66 + (n_inputs + 7) / 8); | ||||||
|         CHECK(input_index == 0); |         CHECK(input_index == 0); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     if (n_inputs >= 3) { |     if (n_inputs >= 3) { | ||||||
|         /* succeed in 10*n_inputs tries (probability of failure e^-10) */ |         /* succeed in 10*n_inputs tries (probability of failure e^-10) */ | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[1], try_count, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[1], try_count, seed); | ||||||
|         CHECK(result > 0); |         CHECK(result > 0); | ||||||
|         CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == 3); |         CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == 3); | ||||||
|         CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); |         CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); | ||||||
|         CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 130 + (n_inputs + 7) / 8); |         CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 130 + (n_inputs + 7) / 8); | ||||||
|         CHECK(input_index == 1); |         CHECK(input_index == 1); | ||||||
| 
 | 
 | ||||||
|         /* fail, key not found */ |         /* fail, key not found */ | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[n_inputs], try_count, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, 3, &fixed_input_tags[n_inputs], try_count, seed); | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
| 
 | 
 | ||||||
|         /* succeed on first try when told to use all keys */ |         /* succeed on first try when told to use all keys */ | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], try_count, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs, &fixed_input_tags[0], try_count, seed); | ||||||
|         CHECK(result == 1); |         CHECK(result == 1); | ||||||
|         CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == n_inputs); |         CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == n_inputs); | ||||||
|         CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); |         CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); | ||||||
|         CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 2 + 32 * (n_inputs + 1) + (n_inputs + 7) / 8); |         CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 2 + 32 * (n_inputs + 1) + (n_inputs + 7) / 8); | ||||||
|         CHECK(input_index == 0); |         CHECK(input_index == 0); | ||||||
| 
 | 
 | ||||||
|         /* succeed in less than 64 tries when told to use half keys. (probability of failure 2^-64) */ |         /* succeed in less than 64 tries when told to use half keys. (probability of failure 2^-64) */ | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs / 2, &fixed_input_tags[0], 64, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_inputs / 2, &fixed_input_tags[0], 64, seed); | ||||||
|         CHECK(result > 0); |         CHECK(result > 0); | ||||||
|         CHECK(result < 64); |         CHECK(result < 64); | ||||||
|         CHECK(secp256k1_surjectionproof_n_used_inputs(ctx, &proof) == n_inputs / 2); |         CHECK(secp256k1_surjectionproof_n_used_inputs(CTX, &proof) == n_inputs / 2); | ||||||
|         CHECK(secp256k1_surjectionproof_n_total_inputs(ctx, &proof) == n_inputs); |         CHECK(secp256k1_surjectionproof_n_total_inputs(CTX, &proof) == n_inputs); | ||||||
|         CHECK(secp256k1_surjectionproof_serialized_size(ctx, &proof) == 2 + 32 * (n_inputs / 2 + 1) + (n_inputs + 7) / 8); |         CHECK(secp256k1_surjectionproof_serialized_size(CTX, &proof) == 2 + 32 * (n_inputs / 2 + 1) + (n_inputs + 7) / 8); | ||||||
|         CHECK(input_index == 0); |         CHECK(input_index == 0); | ||||||
|     } |     } | ||||||
| } | } | ||||||
| @ -278,7 +280,7 @@ static void test_input_selection_distribution_helper(const secp256k1_fixed_asset | |||||||
|     } |     } | ||||||
|     for(j = 0; j < 10000; j++) { |     for(j = 0; j < 10000; j++) { | ||||||
|         secp256k1_testrand256(seed); |         secp256k1_testrand256(seed); | ||||||
|         result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_input_tags, n_input_tags_to_use, &fixed_input_tags[0], 64, seed); |         result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_input_tags, n_input_tags_to_use, &fixed_input_tags[0], 64, seed); | ||||||
|         CHECK(result > 0); |         CHECK(result > 0); | ||||||
| 
 | 
 | ||||||
|         for (i = 0; i < n_input_tags; i++) { |         for (i = 0; i < n_input_tags; i++) { | ||||||
| @ -396,11 +398,11 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { | |||||||
|         } else { |         } else { | ||||||
|             memcpy(&fixed_input_tags[i], &fixed_input_tags[key_index], sizeof(fixed_input_tags[i])); |             memcpy(&fixed_input_tags[i], &fixed_input_tags[key_index], sizeof(fixed_input_tags[i])); | ||||||
|         } |         } | ||||||
|         CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); |         CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[i], fixed_input_tags[i].data, input_blinding_key[i])); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* test */ |     /* test */ | ||||||
|     result = secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, fixed_input_tags, n_inputs, n_used, &fixed_input_tags[key_index], try_count, seed); |     result = secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, fixed_input_tags, n_inputs, n_used, &fixed_input_tags[key_index], try_count, seed); | ||||||
|     if (n_used == 0) { |     if (n_used == 0) { | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
|         return; |         return; | ||||||
| @ -408,32 +410,32 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { | |||||||
|     CHECK(result > 0); |     CHECK(result > 0); | ||||||
|     CHECK(input_index == key_index); |     CHECK(input_index == key_index); | ||||||
| 
 | 
 | ||||||
|     result = secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); |     result = secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); | ||||||
|     CHECK(result == 1); |     CHECK(result == 1); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof)); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof)); | ||||||
|     CHECK(serialized_len == secp256k1_surjectionproof_serialized_size(ctx, &proof)); |     CHECK(serialized_len == secp256k1_surjectionproof_serialized_size(CTX, &proof)); | ||||||
|     CHECK(serialized_len == SECP256K1_SURJECTIONPROOF_SERIALIZATION_BYTES(n_inputs, n_used)); |     CHECK(serialized_len == SECP256K1_SURJECTIONPROOF_SERIALIZATION_BYTES(n_inputs, n_used)); | ||||||
| 
 | 
 | ||||||
|     /* trailing garbage */ |     /* trailing garbage */ | ||||||
|     memcpy(&serialized_proof_trailing, &serialized_proof, serialized_len); |     memcpy(&serialized_proof_trailing, &serialized_proof, serialized_len); | ||||||
|     serialized_proof_trailing[serialized_len] = seed[0]; |     serialized_proof_trailing[serialized_len] = seed[0]; | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof_trailing, serialized_len + 1) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof_trailing, serialized_len + 1) == 0); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof, serialized_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof, serialized_len)); | ||||||
|     result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); |     result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); | ||||||
|     CHECK(result == 1); |     CHECK(result == 1); | ||||||
| 
 | 
 | ||||||
|     /* various fail cases */ |     /* various fail cases */ | ||||||
|     if (n_inputs > 1) { |     if (n_inputs > 1) { | ||||||
|         result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); |         result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
| 
 | 
 | ||||||
|         /* number of entries in ephemeral_input_tags array is less than proof.n_inputs */ |         /* number of entries in ephemeral_input_tags array is less than proof.n_inputs */ | ||||||
|         n_inputs -= 1; |         n_inputs -= 1; | ||||||
|         result = secp256k1_surjectionproof_generate(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); |         result = secp256k1_surjectionproof_generate(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs], input_index, input_blinding_key[input_index], input_blinding_key[n_inputs]); | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
|         result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); |         result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs - 1]); | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
|         n_inputs += 1; |         n_inputs += 1; | ||||||
|     } |     } | ||||||
| @ -441,7 +443,7 @@ static void test_gen_verify(size_t n_inputs, size_t n_used) { | |||||||
|     for (i = 0; i < n_inputs; i++) { |     for (i = 0; i < n_inputs; i++) { | ||||||
|         /* flip bit */ |         /* flip bit */ | ||||||
|         proof.used_inputs[i / 8] ^= (1 << (i % 8)); |         proof.used_inputs[i / 8] ^= (1 << (i % 8)); | ||||||
|         result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); |         result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_inputs, &ephemeral_input_tags[n_inputs]); | ||||||
|         CHECK(result == 0); |         CHECK(result == 0); | ||||||
|         /* reset the bit */ |         /* reset the bit */ | ||||||
|         proof.used_inputs[i / 8] ^= (1 << (i % 8)); |         proof.used_inputs[i / 8] ^= (1 << (i % 8)); | ||||||
| @ -477,8 +479,8 @@ static void test_no_used_inputs_verify(void) { | |||||||
| 
 | 
 | ||||||
|     /* blind fixed output tags with random blinding key */ |     /* blind fixed output tags with random blinding key */ | ||||||
|     secp256k1_testrand256(blinding_key); |     secp256k1_testrand256(blinding_key); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_input_tags[0], fixed_input_tag.data, blinding_key)); |     CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_input_tags[0], fixed_input_tag.data, blinding_key)); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_output_tag, fixed_output_tag.data, blinding_key)); |     CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_output_tag, fixed_output_tag.data, blinding_key)); | ||||||
| 
 | 
 | ||||||
|     /* create "borromean signature" which is just a hash of metadata (pubkeys, etc) in this case */ |     /* create "borromean signature" which is just a hash of metadata (pubkeys, etc) in this case */ | ||||||
|     secp256k1_generator_load(&output, &ephemeral_output_tag); |     secp256k1_generator_load(&output, &ephemeral_output_tag); | ||||||
| @ -487,7 +489,7 @@ static void test_no_used_inputs_verify(void) { | |||||||
|     secp256k1_sha256_write(&sha256_e0, proof.data, 32); |     secp256k1_sha256_write(&sha256_e0, proof.data, 32); | ||||||
|     secp256k1_sha256_finalize(&sha256_e0, proof.data); |     secp256k1_sha256_finalize(&sha256_e0, proof.data); | ||||||
| 
 | 
 | ||||||
|     result = secp256k1_surjectionproof_verify(ctx, &proof, ephemeral_input_tags, n_ephemeral_input_tags, &ephemeral_output_tag); |     result = secp256k1_surjectionproof_verify(CTX, &proof, ephemeral_input_tags, n_ephemeral_input_tags, &ephemeral_output_tag); | ||||||
|     CHECK(result == 0); |     CHECK(result == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -499,7 +501,7 @@ void test_bad_serialize(void) { | |||||||
|     proof.n_inputs = 0; |     proof.n_inputs = 0; | ||||||
|     serialized_len = 2 + 31; |     serialized_len = 2 + 31; | ||||||
|     /* e0 is one byte too short */ |     /* e0 is one byte too short */ | ||||||
|     CHECK(secp256k1_surjectionproof_serialize(ctx, serialized_proof, &serialized_len, &proof) == 0); |     CHECK(secp256k1_surjectionproof_serialize(CTX, serialized_proof, &serialized_len, &proof) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_bad_parse(void) { | void test_bad_parse(void) { | ||||||
| @ -509,11 +511,11 @@ void test_bad_parse(void) { | |||||||
|     unsigned char serialized_proof2[33] = { 0 }; |     unsigned char serialized_proof2[33] = { 0 }; | ||||||
| 
 | 
 | ||||||
|     /* Missing total input count */ |     /* Missing total input count */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof0, sizeof(serialized_proof0)) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof0, sizeof(serialized_proof0)) == 0); | ||||||
|     /* Missing bitmap */ |     /* Missing bitmap */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof1, sizeof(serialized_proof1)) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof1, sizeof(serialized_proof1)) == 0); | ||||||
|     /* Missing e0 value */ |     /* Missing e0 value */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, serialized_proof2, sizeof(serialized_proof2)) == 0); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, serialized_proof2, sizeof(serialized_proof2)) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_input_eq_output(void) { | void test_input_eq_output(void) { | ||||||
| @ -528,17 +530,17 @@ void test_input_eq_output(void) { | |||||||
|     secp256k1_testrand256(blinding_key); |     secp256k1_testrand256(blinding_key); | ||||||
|     secp256k1_testrand256(entropy); |     secp256k1_testrand256(entropy); | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_surjectionproof_initialize(ctx, &proof, &input_index, &fixed_tag, 1, 1, &fixed_tag, 100, entropy) == 1); |     CHECK(secp256k1_surjectionproof_initialize(CTX, &proof, &input_index, &fixed_tag, 1, 1, &fixed_tag, 100, entropy) == 1); | ||||||
|     CHECK(input_index == 0); |     CHECK(input_index == 0); | ||||||
| 
 | 
 | ||||||
|     /* Generation should fail */ |     /* Generation should fail */ | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_tag, fixed_tag.data, blinding_key)); |     CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_tag, fixed_tag.data, blinding_key)); | ||||||
|     CHECK(!secp256k1_surjectionproof_generate(ctx, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); |     CHECK(!secp256k1_surjectionproof_generate(CTX, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); | ||||||
| 
 | 
 | ||||||
|     /* ...even when the blinding key is zero */ |     /* ...even when the blinding key is zero */ | ||||||
|     memset(blinding_key, 0, 32); |     memset(blinding_key, 0, 32); | ||||||
|     CHECK(secp256k1_generator_generate_blinded(ctx, &ephemeral_tag, fixed_tag.data, blinding_key)); |     CHECK(secp256k1_generator_generate_blinded(CTX, &ephemeral_tag, fixed_tag.data, blinding_key)); | ||||||
|     CHECK(!secp256k1_surjectionproof_generate(ctx, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); |     CHECK(!secp256k1_surjectionproof_generate(CTX, &proof, &ephemeral_tag, 1, &ephemeral_tag, input_index, blinding_key, blinding_key)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_fixed_vectors(void) { | void test_fixed_vectors(void) { | ||||||
| @ -638,53 +640,53 @@ void test_fixed_vectors(void) { | |||||||
|     secp256k1_generator output_tag; |     secp256k1_generator output_tag; | ||||||
|     secp256k1_surjectionproof proof; |     secp256k1_surjectionproof proof; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &input_tags[0], tag0_ser)); |     CHECK(secp256k1_generator_parse(CTX, &input_tags[0], tag0_ser)); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &input_tags[1], tag1_ser)); |     CHECK(secp256k1_generator_parse(CTX, &input_tags[1], tag1_ser)); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &input_tags[2], tag2_ser)); |     CHECK(secp256k1_generator_parse(CTX, &input_tags[2], tag2_ser)); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &input_tags[3], tag3_ser)); |     CHECK(secp256k1_generator_parse(CTX, &input_tags[3], tag3_ser)); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &input_tags[4], tag4_ser)); |     CHECK(secp256k1_generator_parse(CTX, &input_tags[4], tag4_ser)); | ||||||
|     CHECK(secp256k1_generator_parse(ctx, &output_tag, output_tag_ser)); |     CHECK(secp256k1_generator_parse(CTX, &output_tag, output_tag_ser)); | ||||||
| 
 | 
 | ||||||
|     /* check 1-of-1 */ |     /* check 1-of-1 */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total1_used1, total1_used1_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total1_used1, total1_used1_len)); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 1, &output_tag)); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 1, &output_tag)); | ||||||
|     /* check 1-of-2 */ |     /* check 1-of-2 */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total2_used1, total2_used1_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total2_used1, total2_used1_len)); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 2, &output_tag)); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 2, &output_tag)); | ||||||
|     /* check 2-of-3 */ |     /* check 2-of-3 */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total3_used2, total3_used2_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total3_used2, total3_used2_len)); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 3, &output_tag)); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 3, &output_tag)); | ||||||
|     /* check 3-of-5 */ |     /* check 3-of-5 */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total5_used3, total5_used3_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total5_used3, total5_used3_len)); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 5, &output_tag)); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 5, &output_tag)); | ||||||
|     /* check 5-of-5 */ |     /* check 5-of-5 */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total5_used5, total5_used5_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total5_used5, total5_used5_len)); | ||||||
|     CHECK(secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 5, &output_tag)); |     CHECK(secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 5, &output_tag)); | ||||||
| 
 | 
 | ||||||
|     /* check invalid length fails */ |     /* check invalid length fails */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, total5_used5, total5_used3_len)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, total5_used5, total5_used3_len)); | ||||||
|     /* check invalid keys fail */ |     /* check invalid keys fail */ | ||||||
|     CHECK(secp256k1_surjectionproof_parse(ctx, &proof, total1_used1, total1_used1_len)); |     CHECK(secp256k1_surjectionproof_parse(CTX, &proof, total1_used1, total1_used1_len)); | ||||||
|     CHECK(!secp256k1_surjectionproof_verify(ctx, &proof, &input_tags[1], 1, &output_tag)); |     CHECK(!secp256k1_surjectionproof_verify(CTX, &proof, &input_tags[1], 1, &output_tag)); | ||||||
|     CHECK(!secp256k1_surjectionproof_verify(ctx, &proof, input_tags, 1, &input_tags[0])); |     CHECK(!secp256k1_surjectionproof_verify(CTX, &proof, input_tags, 1, &input_tags[0])); | ||||||
| 
 | 
 | ||||||
|     /* Try setting 6 bits on the total5-used-5; check that parsing fails */ |     /* Try setting 6 bits on the total5-used-5; check that parsing fails */ | ||||||
|     memcpy(bad, total5_used5, total5_used5_len); |     memcpy(bad, total5_used5, total5_used5_len); | ||||||
|     bad[2] = 0x3f;  /* 0x1f -> 0x3f */ |     bad[2] = 0x3f;  /* 0x1f -> 0x3f */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len)); | ||||||
|     /* Correct for the length */ |     /* Correct for the length */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len + 32)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len + 32)); | ||||||
|     /* Alternately just turn off one of the "legit" bits */ |     /* Alternately just turn off one of the "legit" bits */ | ||||||
|     bad[2] = 0x37;  /* 0x1f -> 0x37 */ |     bad[2] = 0x37;  /* 0x1f -> 0x37 */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used5_len)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used5_len)); | ||||||
| 
 | 
 | ||||||
|     /* Similarly try setting 4 bits on the total5-used-3, with one bit out of range */ |     /* Similarly try setting 4 bits on the total5-used-3, with one bit out of range */ | ||||||
|     memcpy(bad, total5_used3, total5_used3_len); |     memcpy(bad, total5_used3, total5_used3_len); | ||||||
|     bad[2] = 0x35;  /* 0x15 -> 0x35 */ |     bad[2] = 0x35;  /* 0x15 -> 0x35 */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len)); | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len + 32)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len + 32)); | ||||||
|     bad[2] = 0x34;  /* 0x15 -> 0x34 */ |     bad[2] = 0x34;  /* 0x15 -> 0x34 */ | ||||||
|     CHECK(!secp256k1_surjectionproof_parse(ctx, &proof, bad, total5_used3_len)); |     CHECK(!secp256k1_surjectionproof_parse(CTX, &proof, bad, total5_used3_len)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void run_surjection_tests(void) { | void run_surjection_tests(void) { | ||||||
|  | |||||||
| @ -15,21 +15,21 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons | |||||||
|         secp256k1_whitelist_signature sig; |         secp256k1_whitelist_signature sig; | ||||||
|         secp256k1_whitelist_signature sig1; |         secp256k1_whitelist_signature sig1; | ||||||
| 
 | 
 | ||||||
|         CHECK(secp256k1_whitelist_sign(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i)); |         CHECK(secp256k1_whitelist_sign(CTX, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey, online_seckey, summed_seckey, signer_i)); | ||||||
|         CHECK(secp256k1_whitelist_verify(ctx, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); |         CHECK(secp256k1_whitelist_verify(CTX, &sig, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); | ||||||
|         /* Check that exchanging keys causes a failure */ |         /* Check that exchanging keys causes a failure */ | ||||||
|         CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); |         CHECK(secp256k1_whitelist_verify(CTX, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); | ||||||
|         /* Serialization round trip */ |         /* Serialization round trip */ | ||||||
|         CHECK(secp256k1_whitelist_signature_serialize(ctx, serialized, &slen, &sig) == 1); |         CHECK(secp256k1_whitelist_signature_serialize(CTX, serialized, &slen, &sig) == 1); | ||||||
|         CHECK(slen == 33 + 32 * n_keys); |         CHECK(slen == 33 + 32 * n_keys); | ||||||
|         CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen) == 1); |         CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen) == 1); | ||||||
|         /* (Check various bad-length conditions) */ |         /* (Check various bad-length conditions) */ | ||||||
|         CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen + 32) == 0); |         CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen + 32) == 0); | ||||||
|         CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen + 1) == 0); |         CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen + 1) == 0); | ||||||
|         CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, slen - 1) == 0); |         CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, slen - 1) == 0); | ||||||
|         CHECK(secp256k1_whitelist_signature_parse(ctx, &sig1, serialized, 0) == 0); |         CHECK(secp256k1_whitelist_signature_parse(CTX, &sig1, serialized, 0) == 0); | ||||||
|         CHECK(secp256k1_whitelist_verify(ctx, &sig1, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); |         CHECK(secp256k1_whitelist_verify(CTX, &sig1, online_pubkeys, offline_pubkeys, n_keys, sub_pubkey) == 1); | ||||||
|         CHECK(secp256k1_whitelist_verify(ctx, &sig1, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); |         CHECK(secp256k1_whitelist_verify(CTX, &sig1, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); | ||||||
| 
 | 
 | ||||||
|         /* Test n_keys */ |         /* Test n_keys */ | ||||||
|         CHECK(secp256k1_whitelist_signature_n_keys(&sig) == n_keys); |         CHECK(secp256k1_whitelist_signature_n_keys(&sig) == n_keys); | ||||||
| @ -37,7 +37,7 @@ void test_whitelist_end_to_end_internal(const unsigned char *summed_seckey, cons | |||||||
| 
 | 
 | ||||||
|         /* Test bad number of keys in signature */ |         /* Test bad number of keys in signature */ | ||||||
|         sig.n_keys = n_keys + 1; |         sig.n_keys = n_keys + 1; | ||||||
|         CHECK(secp256k1_whitelist_verify(ctx, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); |         CHECK(secp256k1_whitelist_verify(CTX, &sig, offline_pubkeys, online_pubkeys, n_keys, sub_pubkey) != 1); | ||||||
|         sig.n_keys = n_keys; |         sig.n_keys = n_keys; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -56,8 +56,8 @@ void test_whitelist_end_to_end(const size_t n_keys, int test_all_keys) { | |||||||
|     /* Start with subkey */ |     /* Start with subkey */ | ||||||
|     random_scalar_order_test(&ssub); |     random_scalar_order_test(&ssub); | ||||||
|     secp256k1_scalar_get_b32(csub, &ssub); |     secp256k1_scalar_get_b32(csub, &ssub); | ||||||
|     CHECK(secp256k1_ec_seckey_verify(ctx, csub) == 1); |     CHECK(secp256k1_ec_seckey_verify(CTX, csub) == 1); | ||||||
|     CHECK(secp256k1_ec_pubkey_create(ctx, &sub_pubkey, csub) == 1); |     CHECK(secp256k1_ec_pubkey_create(CTX, &sub_pubkey, csub) == 1); | ||||||
|     /* Then offline and online whitelist keys */ |     /* Then offline and online whitelist keys */ | ||||||
|     for (i = 0; i < n_keys; i++) { |     for (i = 0; i < n_keys; i++) { | ||||||
|         secp256k1_scalar son, soff; |         secp256k1_scalar son, soff; | ||||||
| @ -68,18 +68,18 @@ void test_whitelist_end_to_end(const size_t n_keys, int test_all_keys) { | |||||||
|         /* Create two keys */ |         /* Create two keys */ | ||||||
|         random_scalar_order_test(&son); |         random_scalar_order_test(&son); | ||||||
|         secp256k1_scalar_get_b32(online_seckey[i], &son); |         secp256k1_scalar_get_b32(online_seckey[i], &son); | ||||||
|         CHECK(secp256k1_ec_seckey_verify(ctx, online_seckey[i]) == 1); |         CHECK(secp256k1_ec_seckey_verify(CTX, online_seckey[i]) == 1); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &online_pubkeys[i], online_seckey[i]) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &online_pubkeys[i], online_seckey[i]) == 1); | ||||||
| 
 | 
 | ||||||
|         random_scalar_order_test(&soff); |         random_scalar_order_test(&soff); | ||||||
|         secp256k1_scalar_get_b32(summed_seckey[i], &soff); |         secp256k1_scalar_get_b32(summed_seckey[i], &soff); | ||||||
|         CHECK(secp256k1_ec_seckey_verify(ctx, summed_seckey[i]) == 1); |         CHECK(secp256k1_ec_seckey_verify(CTX, summed_seckey[i]) == 1); | ||||||
|         CHECK(secp256k1_ec_pubkey_create(ctx, &offline_pubkeys[i], summed_seckey[i]) == 1); |         CHECK(secp256k1_ec_pubkey_create(CTX, &offline_pubkeys[i], summed_seckey[i]) == 1); | ||||||
| 
 | 
 | ||||||
|         /* Make summed_seckey correspond to the sum of offline_pubkey and sub_pubkey */ |         /* Make summed_seckey correspond to the sum of offline_pubkey and sub_pubkey */ | ||||||
|         secp256k1_scalar_add(&soff, &soff, &ssub); |         secp256k1_scalar_add(&soff, &soff, &ssub); | ||||||
|         secp256k1_scalar_get_b32(summed_seckey[i], &soff); |         secp256k1_scalar_get_b32(summed_seckey[i], &soff); | ||||||
|         CHECK(secp256k1_ec_seckey_verify(ctx, summed_seckey[i]) == 1); |         CHECK(secp256k1_ec_seckey_verify(CTX, summed_seckey[i]) == 1); | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /* Sign/verify with each one */ |     /* Sign/verify with each one */ | ||||||
| @ -124,11 +124,11 @@ void test_whitelist_bad_parse(void) { | |||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     /* Empty input */ |     /* Empty input */ | ||||||
|     CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized0, 0) == 0); |     CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized0, 0) == 0); | ||||||
|     /* Misses one byte of e0 */ |     /* Misses one byte of e0 */ | ||||||
|     CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized1, sizeof(serialized1)) == 0); |     CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized1, sizeof(serialized1)) == 0); | ||||||
|     /* Enough bytes for e0, but there is no s value */ |     /* Enough bytes for e0, but there is no s value */ | ||||||
|     CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized2, sizeof(serialized2)) == 0); |     CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized2, sizeof(serialized2)) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void test_whitelist_bad_serialize(void) { | void test_whitelist_bad_serialize(void) { | ||||||
| @ -142,17 +142,17 @@ void test_whitelist_bad_serialize(void) { | |||||||
|     size_t serialized_len; |     size_t serialized_len; | ||||||
|     secp256k1_whitelist_signature sig; |     secp256k1_whitelist_signature sig; | ||||||
| 
 | 
 | ||||||
|     CHECK(secp256k1_whitelist_signature_parse(ctx, &sig, serialized, sizeof(serialized)) == 1); |     CHECK(secp256k1_whitelist_signature_parse(CTX, &sig, serialized, sizeof(serialized)) == 1); | ||||||
|     serialized_len = sizeof(serialized) - 1; |     serialized_len = sizeof(serialized) - 1; | ||||||
|     /* Output buffer is one byte too short */ |     /* Output buffer is one byte too short */ | ||||||
|     CHECK(secp256k1_whitelist_signature_serialize(ctx, serialized, &serialized_len, &sig) == 0); |     CHECK(secp256k1_whitelist_signature_serialize(CTX, serialized, &serialized_len, &sig) == 0); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void run_whitelist_tests(void) { | void run_whitelist_tests(void) { | ||||||
|     int i; |     int i; | ||||||
|     test_whitelist_bad_parse(); |     test_whitelist_bad_parse(); | ||||||
|     test_whitelist_bad_serialize(); |     test_whitelist_bad_serialize(); | ||||||
|     for (i = 0; i < count; i++) { |     for (i = 0; i < COUNT; i++) { | ||||||
|         test_whitelist_end_to_end(1, 1); |         test_whitelist_end_to_end(1, 1); | ||||||
|         test_whitelist_end_to_end(10, 1); |         test_whitelist_end_to_end(10, 1); | ||||||
|         test_whitelist_end_to_end(50, 1); |         test_whitelist_end_to_end(50, 1); | ||||||
|  | |||||||
| @ -7,12 +7,6 @@ | |||||||
| #include <inttypes.h> | #include <inttypes.h> | ||||||
| #include <stdio.h> | #include <stdio.h> | ||||||
| 
 | 
 | ||||||
| /* Autotools creates libsecp256k1-config.h, of which ECMULT_WINDOW_SIZE is needed.
 |  | ||||||
|    ifndef guard so downstream users can define their own if they do not use autotools. */ |  | ||||||
| #if !defined(ECMULT_WINDOW_SIZE) |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include "../include/secp256k1.h" | #include "../include/secp256k1.h" | ||||||
| 
 | 
 | ||||||
| #include "assumptions.h" | #include "assumptions.h" | ||||||
| @ -74,9 +68,6 @@ int main(void) { | |||||||
|     fprintf(fp, "/* This file contains an array secp256k1_pre_g with odd multiples of the base point G and\n"); |     fprintf(fp, "/* This file contains an array secp256k1_pre_g with odd multiples of the base point G and\n"); | ||||||
|     fprintf(fp, " * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G.\n"); |     fprintf(fp, " * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G.\n"); | ||||||
|     fprintf(fp, " */\n"); |     fprintf(fp, " */\n"); | ||||||
|     fprintf(fp, "#if defined HAVE_CONFIG_H\n"); |  | ||||||
|     fprintf(fp, "#    include \"libsecp256k1-config.h\"\n"); |  | ||||||
|     fprintf(fp, "#endif\n"); |  | ||||||
|     fprintf(fp, "#include \"../include/secp256k1.h\"\n"); |     fprintf(fp, "#include \"../include/secp256k1.h\"\n"); | ||||||
|     fprintf(fp, "#include \"group.h\"\n"); |     fprintf(fp, "#include \"group.h\"\n"); | ||||||
|     fprintf(fp, "#include \"ecmult.h\"\n"); |     fprintf(fp, "#include \"ecmult.h\"\n"); | ||||||
|  | |||||||
| @ -33,9 +33,6 @@ int main(int argc, char **argv) { | |||||||
| 
 | 
 | ||||||
|     fprintf(fp, "/* This file was automatically generated by precompute_ecmult_gen. */\n"); |     fprintf(fp, "/* This file was automatically generated by precompute_ecmult_gen. */\n"); | ||||||
|     fprintf(fp, "/* See ecmult_gen_impl.h for details about the contents of this file. */\n"); |     fprintf(fp, "/* See ecmult_gen_impl.h for details about the contents of this file. */\n"); | ||||||
|     fprintf(fp, "#if defined HAVE_CONFIG_H\n"); |  | ||||||
|     fprintf(fp, "#    include \"libsecp256k1-config.h\"\n"); |  | ||||||
|     fprintf(fp, "#endif\n"); |  | ||||||
|     fprintf(fp, "#include \"../include/secp256k1.h\"\n"); |     fprintf(fp, "#include \"../include/secp256k1.h\"\n"); | ||||||
|     fprintf(fp, "#include \"group.h\"\n"); |     fprintf(fp, "#include \"group.h\"\n"); | ||||||
|     fprintf(fp, "#include \"ecmult_gen.h\"\n"); |     fprintf(fp, "#include \"ecmult_gen.h\"\n"); | ||||||
|  | |||||||
							
								
								
									
										3
									
								
								src/precomputed_ecmult.c
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										3
									
								
								src/precomputed_ecmult.c
									
									
									
										generated
									
									
									
								
							| @ -2,9 +2,6 @@ | |||||||
| /* This file contains an array secp256k1_pre_g with odd multiples of the base point G and
 | /* This file contains an array secp256k1_pre_g with odd multiples of the base point G and
 | ||||||
|  * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G. |  * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G. | ||||||
|  */ |  */ | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #    include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| #include "../include/secp256k1.h" | #include "../include/secp256k1.h" | ||||||
| #include "group.h" | #include "group.h" | ||||||
| #include "ecmult.h" | #include "ecmult.h" | ||||||
|  | |||||||
							
								
								
									
										3
									
								
								src/precomputed_ecmult_gen.c
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										3
									
								
								src/precomputed_ecmult_gen.c
									
									
									
										generated
									
									
									
								
							| @ -1,8 +1,5 @@ | |||||||
| /* This file was automatically generated by precompute_ecmult_gen. */ | /* This file was automatically generated by precompute_ecmult_gen. */ | ||||||
| /* See ecmult_gen_impl.h for details about the contents of this file. */ | /* See ecmult_gen_impl.h for details about the contents of this file. */ | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #    include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| #include "../include/secp256k1.h" | #include "../include/secp256k1.h" | ||||||
| #include "group.h" | #include "group.h" | ||||||
| #include "ecmult_gen.h" | #include "ecmult_gen.h" | ||||||
|  | |||||||
| @ -9,10 +9,6 @@ | |||||||
| 
 | 
 | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #if defined(EXHAUSTIVE_TEST_ORDER) | #if defined(EXHAUSTIVE_TEST_ORDER) | ||||||
| #include "scalar_low.h" | #include "scalar_low.h" | ||||||
| #elif defined(SECP256K1_WIDEMUL_INT128) | #elif defined(SECP256K1_WIDEMUL_INT128) | ||||||
|  | |||||||
| @ -14,10 +14,6 @@ | |||||||
| #include "scalar.h" | #include "scalar.h" | ||||||
| #include "util.h" | #include "util.h" | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #if defined(EXHAUSTIVE_TEST_ORDER) | #if defined(EXHAUSTIVE_TEST_ORDER) | ||||||
| #include "scalar_low_impl.h" | #include "scalar_low_impl.h" | ||||||
| #elif defined(SECP256K1_WIDEMUL_INT128) | #elif defined(SECP256K1_WIDEMUL_INT128) | ||||||
|  | |||||||
| @ -72,9 +72,10 @@ static void secp256k1_ecdsa_s2c_opening_save(secp256k1_ecdsa_s2c_opening* openin | |||||||
|     } \ |     } \ | ||||||
| } while(0) | } while(0) | ||||||
| 
 | 
 | ||||||
| #define ARG_CHECK_NO_RETURN(cond) do { \ | #define ARG_CHECK_VOID(cond) do { \ | ||||||
|     if (EXPECT(!(cond), 0)) { \ |     if (EXPECT(!(cond), 0)) { \ | ||||||
|         secp256k1_callback_call(&ctx->illegal_callback, #cond); \ |         secp256k1_callback_call(&ctx->illegal_callback, #cond); \ | ||||||
|  |         return; \ | ||||||
|     } \ |     } \ | ||||||
| } while(0) | } while(0) | ||||||
| 
 | 
 | ||||||
| @ -96,6 +97,15 @@ static const secp256k1_context secp256k1_context_static_ = { | |||||||
| const secp256k1_context *secp256k1_context_static = &secp256k1_context_static_; | const secp256k1_context *secp256k1_context_static = &secp256k1_context_static_; | ||||||
| const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_static_; | const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_static_; | ||||||
| 
 | 
 | ||||||
|  | /* Helper function that determines if a context is proper, i.e., is not the static context or a copy thereof.
 | ||||||
|  |  * | ||||||
|  |  * This is intended for "context" functions such as secp256k1_context_clone. Function which need specific | ||||||
|  |  * features of a context should still check for these features directly. For example, a function that needs | ||||||
|  |  * ecmult_gen should directly check for the existence of the ecmult_gen context. */ | ||||||
|  | static int secp256k1_context_is_proper(const secp256k1_context* ctx) { | ||||||
|  |     return secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| void secp256k1_selftest(void) { | void secp256k1_selftest(void) { | ||||||
|     if (!secp256k1_selftest_passes()) { |     if (!secp256k1_selftest_passes()) { | ||||||
|         secp256k1_callback_call(&default_error_callback, "self test failed"); |         secp256k1_callback_call(&default_error_callback, "self test failed"); | ||||||
| @ -178,7 +188,7 @@ secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { | void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { | ||||||
|     ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); |     ARG_CHECK_VOID(ctx != secp256k1_context_static); | ||||||
|     if (ctx != NULL) { |     if (ctx != NULL) { | ||||||
|         secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); |         secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); | ||||||
|     } |     } | ||||||
| @ -192,7 +202,10 @@ void secp256k1_context_destroy(secp256k1_context* ctx) { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { | void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { | ||||||
|     ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); |     /* We compare pointers instead of checking secp256k1_context_is_proper() here
 | ||||||
|  |        because setting callbacks is allowed on *copies* of the static context: | ||||||
|  |        it's harmless and makes testing easier. */ | ||||||
|  |     ARG_CHECK_VOID(ctx != secp256k1_context_static); | ||||||
|     if (fun == NULL) { |     if (fun == NULL) { | ||||||
|         fun = secp256k1_default_illegal_callback_fn; |         fun = secp256k1_default_illegal_callback_fn; | ||||||
|     } |     } | ||||||
| @ -201,7 +214,10 @@ void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)( | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { | void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { | ||||||
|     ARG_CHECK_NO_RETURN(ctx != secp256k1_context_static); |     /* We compare pointers instead of checking secp256k1_context_is_proper() here
 | ||||||
|  |        because setting callbacks is allowed on *copies* of the static context: | ||||||
|  |        it's harmless and makes testing easier. */ | ||||||
|  |     ARG_CHECK_VOID(ctx != secp256k1_context_static); | ||||||
|     if (fun == NULL) { |     if (fun == NULL) { | ||||||
|         fun = secp256k1_default_error_callback_fn; |         fun = secp256k1_default_error_callback_fn; | ||||||
|     } |     } | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_TESTRAND_H | #ifndef SECP256K1_TESTRAND_H | ||||||
| #define SECP256K1_TESTRAND_H | #define SECP256K1_TESTRAND_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| /* A non-cryptographic RNG used only for test infrastructure. */ | /* A non-cryptographic RNG used only for test infrastructure. */ | ||||||
| 
 | 
 | ||||||
| /** Seed the pseudorandom number generator for testing. */ | /** Seed the pseudorandom number generator for testing. */ | ||||||
|  | |||||||
							
								
								
									
										986
									
								
								src/tests.c
									
									
									
									
									
								
							
							
						
						
									
										986
									
								
								src/tests.c
									
									
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -4,10 +4,6 @@ | |||||||
|  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
 |  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
 | ||||||
|  ***********************************************************************/ |  ***********************************************************************/ | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include <stdio.h> | #include <stdio.h> | ||||||
| #include <stdlib.h> | #include <stdlib.h> | ||||||
| #include <time.h> | #include <time.h> | ||||||
|  | |||||||
| @ -7,10 +7,6 @@ | |||||||
| #ifndef SECP256K1_UTIL_H | #ifndef SECP256K1_UTIL_H | ||||||
| #define SECP256K1_UTIL_H | #define SECP256K1_UTIL_H | ||||||
| 
 | 
 | ||||||
| #if defined HAVE_CONFIG_H |  | ||||||
| #include "libsecp256k1-config.h" |  | ||||||
| #endif |  | ||||||
| 
 |  | ||||||
| #include <stdlib.h> | #include <stdlib.h> | ||||||
| #include <stdint.h> | #include <stdint.h> | ||||||
| #include <stdio.h> | #include <stdio.h> | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user