ecdsa-s2c: block in module

Co-authored-by: Marko Bencun <mbencun+pgp@gmail.com>
Co-authored-by: Jonas Nick <jonasd.nick@gmail.com>
This commit is contained in:
Andrew Poelstra
2020-12-05 23:18:54 +00:00
parent 826bd04b43
commit 8e46cac5b3
10 changed files with 204 additions and 4 deletions

View File

@@ -0,0 +1,3 @@
include_HEADERS += include/secp256k1_ecdsa_s2c.h
noinst_HEADERS += src/modules/ecdsa_s2c/main_impl.h
noinst_HEADERS += src/modules/ecdsa_s2c/tests_impl.h

View File

@@ -0,0 +1,28 @@
/**********************************************************************
* Copyright (c) 2019-2020 Marko Bencun, Jonas Nick *
* Distributed under the MIT software license, see the accompanying *
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef SECP256K1_MODULE_ECDSA_S2C_MAIN_H
#define SECP256K1_MODULE_ECDSA_S2C_MAIN_H
#include "include/secp256k1.h"
#include "include/secp256k1_ecdsa_s2c.h"
int secp256k1_ecdsa_s2c_opening_parse(const secp256k1_context* ctx, secp256k1_ecdsa_s2c_opening* opening, const unsigned char* input33) {
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(opening != NULL);
ARG_CHECK(input33 != NULL);
return secp256k1_ec_pubkey_parse(ctx, (secp256k1_pubkey*) opening, input33, 33);
}
int secp256k1_ecdsa_s2c_opening_serialize(const secp256k1_context* ctx, unsigned char* output33, const secp256k1_ecdsa_s2c_opening* opening) {
size_t out_len = 33;
VERIFY_CHECK(ctx != NULL);
ARG_CHECK(output33 != NULL);
ARG_CHECK(opening != NULL);
return secp256k1_ec_pubkey_serialize(ctx, output33, &out_len, (const secp256k1_pubkey*) opening, SECP256K1_EC_COMPRESSED);
}
#endif /* SECP256K1_ECDSA_S2C_MAIN_H */

View File

@@ -0,0 +1,76 @@
/**********************************************************************
* Copyright (c) 2019-2020 Marko Bencun, Jonas Nick *
* Distributed under the MIT software license, see the accompanying *
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/
#ifndef SECP256K1_MODULE_ECDSA_S2C_TESTS_H
#define SECP256K1_MODULE_ECDSA_S2C_TESTS_H
#include "include/secp256k1_ecdsa_s2c.h"
void run_s2c_opening_test(void) {
int i = 0;
unsigned char output[33];
secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
unsigned char input[33] = {
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02
};
secp256k1_ecdsa_s2c_opening opening;
int32_t ecount = 0;
secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
/* First parsing, then serializing works */
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 1);
CHECK(secp256k1_ecdsa_s2c_opening_serialize(none, output, &opening) == 1);
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 1);
CHECK(ecount == 0);
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, NULL, input) == 0);
CHECK(ecount == 1);
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, NULL) == 0);
CHECK(ecount == 2);
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 1);
CHECK(secp256k1_ecdsa_s2c_opening_serialize(none, NULL, &opening) == 0);
CHECK(ecount == 3);
CHECK(secp256k1_ecdsa_s2c_opening_serialize(none, output, NULL) == 0);
CHECK(ecount == 4);
/* Invalid pubkey makes parsing fail */
input[0] = 0; /* bad oddness bit */
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 0);
input[0] = 2;
input[31] = 1; /* point not on the curve */
CHECK(secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 0);
CHECK(ecount == 4); /* neither of the above are API errors */
/* Try parsing and serializing a bunch of openings */
for (i = 0; i < count; i++) {
/* This is expected to fail in about 50% of iterations because the
* points' x-coordinates are uniformly random */
if (secp256k1_ecdsa_s2c_opening_parse(none, &opening, input) == 1) {
CHECK(secp256k1_ecdsa_s2c_opening_serialize(none, output, &opening) == 1);
CHECK(memcmp(output, input, sizeof(output)) == 0);
}
secp256k1_testrand256(&input[1]);
/* Set pubkey oddness tag to first bit of input[1] */
input[0] = (input[1] & 1) + 2;
i++;
}
secp256k1_context_destroy(none);
}
static void run_ecdsa_s2c_tests(void) {
run_s2c_opening_test();
}
#endif /* SECP256K1_MODULE_ECDSA_S2C_TESTS_H */

View File

@@ -786,6 +786,10 @@ int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *
# include "modules/schnorrsig/main_impl.h"
#endif
#ifdef ENABLE_MODULE_ECDSA_S2C
# include "modules/ecdsa_s2c/main_impl.h"
#endif
#ifdef ENABLE_MODULE_MUSIG
# include "modules/musig/main_impl.h"
#endif

View File

@@ -5697,6 +5697,10 @@ void run_ecdsa_openssl(void) {
# include "modules/schnorrsig/tests_impl.h"
#endif
#ifdef ENABLE_MODULE_ECDSA_S2C
# include "modules/ecdsa_s2c/tests_impl.h"
#endif
void run_secp256k1_memczero_test(void) {
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
unsigned char buf2[sizeof(buf1)];
@@ -5998,6 +6002,11 @@ int main(int argc, char **argv) {
run_schnorrsig_tests();
#endif
#ifdef ENABLE_MODULE_ECDSA_S2C
/* ECDSA sign to contract */
run_ecdsa_s2c_tests();
#endif
/* util tests */
run_secp256k1_memczero_test();