highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-03-26 17:52:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Squashed 'src/secp256k1/' changes from 06bff6dec8..4af241b320

Browse Source 
4af241b320 Merge bitcoin-core/secp256k1#1535: build: Replace hardcoded "auto" value with default one
f473c959f0 Merge bitcoin-core/secp256k1#1543: cmake: Do not modify build types when integrating by downstream project
d403eea484 Merge bitcoin-core/secp256k1#1546: cmake: Rename `SECP256K1_LATE_CFLAGS` and switch to Bitcoin Core's approach
d7ae25ce6f Merge bitcoin-core/secp256k1#1550: fix: typos in secp256k1.c
0e2fadb20c fix: typos in secp256k1.c
69b2192ad4 Merge bitcoin-core/secp256k1#1545: cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
5dd637f3cf Merge bitcoin-core/secp256k1#1548: README: mention ellswift module
7454a53736 README: mention ellswift module
4706be2cd0 cmake: Reimplement `SECP256K1_APPEND_CFLAGS` using Bitcoin Core approach
c2764dbb99 cmake: Rename `SECP256K1_LATE_CFLAGS` to `SECP256K1_APPEND_CFLAGS`
f87a3589f4 cmake: Do not set `CTEST_TEST_TARGET_ALIAS`
158f9e5eae cmake: Do not modify build types when integrating by downstream project
35c0fdc86b Merge bitcoin-core/secp256k1#1529: cmake: Fix cache issue when integrating by downstream project
4392f0f717 Merge bitcoin-core/secp256k1#1533: tests: refactor: tidy up util functions (#1491)
bedffd53d8 Merge bitcoin-core/secp256k1#1488: ci: Add native macOS arm64 job
4b8d5eeacf Merge bitcoin-core/secp256k1#1532: cmake: Disable eager MSan in ctime_tests
f55703ba49 autotools: Delete unneeded compiler test
396e885886 autotools: Align MSan checking code with CMake's implementation
abde59f52d cmake: Report more compiler details in summary
7abf979a43 cmake: Disable `ctime_tests` if build with `-fsanitize=memory`
4d9645bee0 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_GEN_KB` option
a06805ee74 cmake: Remove "AUTO" value of `SECP256K1_ECMULT_WINDOW_SIZE` option
1791f6fce4 Merge bitcoin-core/secp256k1#1517: autotools: Disable eager MSan in ctime_tests
26b94ee92a autotools: Remove "auto" value of `--with-ecmult-gen-kb` option
122dbaeb37 autotools: Remove "auto" value of `--with-ecmult-window` option
e73f6f8fd9 tests: refactor: drop `secp256k1_` prefix from testrand.h functions
0ee7453a99 tests: refactor: add `testutil_` prefix to testutil.h functions
0c6bc76dcd tests: refactor: move `random_` helpers from tests.c to testutil.h
0fef8479be tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude`
59db007f0f tests: refactor: rename `random_group_element_...` -> `random_ge_...`
ebfb82ee2f ci: Add job with -fsanitize-memory-param-retval
e1bef0961c configure: Move "experimental" warning to bottom
55e5d975db autotools: Disable eager MSan in ctime_tests
ec4c002faa cmake: Simplify `PROJECT_IS_TOP_LEVEL` emulation
cae9a7ad14 cmake: Do not set emulated PROJECT_IS_TOP_LEVEL as cache variable
218f0cc93b ci: Add native macOS arm64 job

git-subtree-dir: src/secp256k1
git-subtree-split: 4af241b32099067464e015fa66daac5096206dea
This commit is contained in:
fanquake 2024-06-25 15:01:00 +01:00
parent ca3d945dc6
commit 1408944d2e
20 changed files with 596 additions and 494 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.cirrus.yml
View File

@ -10,8 +10,8 @@ env:
MAKEFLAGS: -j4
BUILD: check
### secp256k1 config
ECMULTWINDOW: auto
ECMULTGENKB: auto
ECMULTWINDOW: 15
ECMULTGENKB: 22
ASM: no
WIDEMUL: auto
WITH_VALGRIND: yes

74
.github/workflows/ci.yml vendored
View File

@ -21,8 +21,8 @@ env:
MAKEFLAGS: '-j4'
BUILD: 'check'
### secp256k1 config
ECMULTWINDOW: 'auto'
ECMULTGENKB: 'auto'
ECMULTWINDOW: 15
ECMULTGENKB: 22
ASM: 'no'
WIDEMUL: 'auto'
WITH_VALGRIND: 'yes'
@ -485,18 +485,24 @@ jobs:
matrix:
configuration:
- env_vars:
CTIMETESTS: 'yes'
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -g'
- env_vars:
ECMULTGENKB: 2
ECMULTWINDOW: 2
CTIMETESTS: 'yes'
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -g -O3'
- env_vars:
# -fsanitize-memory-param-retval is clang's default, but our build system disables it
# when ctime_tests when enabled.
CFLAGS: '-fsanitize=memory -fsanitize-recover=memory -fsanitize-memory-param-retval -g'
CTIMETESTS: 'no'
env:
ECDH: 'yes'
RECOVERY: 'yes'
SCHNORRSIG: 'yes'
ELLSWIFT: 'yes'
CTIMETESTS: 'yes'
CC: 'clang'
SECP256K1_TEST_ITERS: 32
ASM: 'no'
@ -585,10 +591,10 @@ jobs:
run: env
if: ${{ always() }}
macos-native:
name: "x86_64: macOS Monterey"
x86_64-macos-native:
name: "x86_64: macOS Monterey, Valgrind"
# See: https://github.com/actions/runner-images#available-images.
runs-on: macos-12 # Use M1 once available https://github.com/github/roadmap/issues/528
runs-on: macos-12
env:
CC: 'clang'
@ -644,6 +650,62 @@ jobs:
run: env
if: ${{ always() }}
arm64-macos-native:
name: "ARM64: macOS Sonoma"
# See: https://github.com/actions/runner-images#available-images.
runs-on: macos-14
env:
CC: 'clang'
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_INSTALL_CLEANUP: 1
WITH_VALGRIND: 'no'
CTIMETESTS: 'no'
strategy:
fail-fast: false
matrix:
env_vars:
- { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128_struct', ECMULTGENPRECISION: 2, ECMULTWINDOW: 4 }
- { WIDEMUL: 'int128', ECDH: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' }
- { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' }
- BUILD: 'distcheck'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Homebrew packages
run: |
brew install automake libtool gcc
ln -s $(brew --prefix gcc)/bin/gcc-?? /usr/local/bin/gcc
- name: CI script
env: ${{ matrix.env_vars }}
run: ./ci/ci.sh
- run: cat tests.log || true
if: ${{ always() }}
- run: cat noverify_tests.log || true
if: ${{ always() }}
- run: cat exhaustive_tests.log || true
if: ${{ always() }}
- run: cat ctime_tests.log || true
if: ${{ always() }}
- run: cat bench.log || true
if: ${{ always() }}
- run: cat config.log || true
if: ${{ always() }}
- run: cat test_env.log || true
if: ${{ always() }}
- name: CI env
run: env
if: ${{ always() }}
win64-native:
name: ${{ matrix.configuration.job_name }}
# See: https://github.com/actions/runner-images#available-images.

99
CMakeLists.txt
View File

@ -18,15 +18,14 @@ project(libsecp256k1
)
if(CMAKE_VERSION VERSION_LESS 3.21)
get_directory_property(parent_directory PARENT_DIRECTORY)
if(parent_directory)
set(PROJECT_IS_TOP_LEVEL OFF CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
set(${PROJECT_NAME}_IS_TOP_LEVEL OFF CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
# Emulates CMake 3.21+ behavior.
if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
set(PROJECT_IS_TOP_LEVEL ON)
set(${PROJECT_NAME}_IS_TOP_LEVEL ON)
else()
set(PROJECT_IS_TOP_LEVEL ON CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
set(${PROJECT_NAME}_IS_TOP_LEVEL ON CACHE INTERNAL "Emulates CMake 3.21+ behavior.")
set(PROJECT_IS_TOP_LEVEL OFF)
set(${PROJECT_NAME}_IS_TOP_LEVEL OFF)
endif()
unset(parent_directory)
endif()
# The library version is based on libtool versioning of the ABI. The set of
@ -92,21 +91,15 @@ if(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS)
add_compile_definitions(USE_EXTERNAL_DEFAULT_CALLBACKS=1)
endif()
set(SECP256K1_ECMULT_WINDOW_SIZE "AUTO" CACHE STRING "Window size for ecmult precomputation for verification, specified as integer in range [2..24]. \"AUTO\" is a reasonable setting for desktop machines (currently 15). [default=AUTO]")
set_property(CACHE SECP256K1_ECMULT_WINDOW_SIZE PROPERTY STRINGS "AUTO" 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24)
set(SECP256K1_ECMULT_WINDOW_SIZE 15 CACHE STRING "Window size for ecmult precomputation for verification, specified as integer in range [2..24]. The default value is a reasonable setting for desktop machines (currently 15). [default=15]")
set_property(CACHE SECP256K1_ECMULT_WINDOW_SIZE PROPERTY STRINGS 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24)
include(CheckStringOptionValue)
check_string_option_value(SECP256K1_ECMULT_WINDOW_SIZE)
if(SECP256K1_ECMULT_WINDOW_SIZE STREQUAL "AUTO")
set(SECP256K1_ECMULT_WINDOW_SIZE 15)
endif()
add_compile_definitions(ECMULT_WINDOW_SIZE=${SECP256K1_ECMULT_WINDOW_SIZE})
set(SECP256K1_ECMULT_GEN_KB "AUTO" CACHE STRING "The size of the precomputed table for signing in multiples of 1024 bytes (on typical platforms). Larger values result in possibly better signing or key generation performance at the cost of a larger table. Valid choices are 2, 22, 86. \"AUTO\" is a reasonable setting for desktop machines (currently 22). [default=AUTO]")
set_property(CACHE SECP256K1_ECMULT_GEN_KB PROPERTY STRINGS "AUTO" 2 22 86)
set(SECP256K1_ECMULT_GEN_KB 22 CACHE STRING "The size of the precomputed table for signing in multiples of 1024 bytes (on typical platforms). Larger values result in possibly better signing or key generation performance at the cost of a larger table. Valid choices are 2, 22, 86. The default value is a reasonable setting for desktop machines (currently 22). [default=22]")
set_property(CACHE SECP256K1_ECMULT_GEN_KB PROPERTY STRINGS 2 22 86)
check_string_option_value(SECP256K1_ECMULT_GEN_KB)
if(SECP256K1_ECMULT_GEN_KB STREQUAL "AUTO")
set(SECP256K1_ECMULT_GEN_KB 22)
endif()
if(SECP256K1_ECMULT_GEN_KB EQUAL 2)
add_compile_definitions(COMB_BLOCKS=2)
add_compile_definitions(COMB_TEETH=5)
@ -214,23 +207,25 @@ mark_as_advanced(
CMAKE_SHARED_LINKER_FLAGS_COVERAGE
)
get_property(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
set(default_build_type "RelWithDebInfo")
if(is_multi_config)
set(CMAKE_CONFIGURATION_TYPES "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage" CACHE STRING
"Supported configuration types."
FORCE
)
else()
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
STRINGS "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage"
)
if(NOT CMAKE_BUILD_TYPE)
message(STATUS "Setting build type to \"${default_build_type}\" as none was specified")
set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING
"Choose the type of build."
if(PROJECT_IS_TOP_LEVEL)
get_property(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
set(default_build_type "RelWithDebInfo")
if(is_multi_config)
set(CMAKE_CONFIGURATION_TYPES "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage" CACHE STRING
"Supported configuration types."
FORCE
)
else()
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
STRINGS "${default_build_type}" "Release" "Debug" "MinSizeRel" "Coverage"
)
if(NOT CMAKE_BUILD_TYPE)
message(STATUS "Setting build type to \"${default_build_type}\" as none was specified")
set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING
"Choose the type of build."
FORCE
)
endif()
endif()
endif()
@ -263,10 +258,17 @@ endif()
set(CMAKE_C_VISIBILITY_PRESET hidden)
# Ask CTest to create a "check" target (e.g., make check) as alias for the "test" target.
# CTEST_TEST_TARGET_ALIAS is not documented but supposed to be user-facing.
# See: https://gitlab.kitware.com/cmake/cmake/-/commit/816c9d1aa1f2b42d40c81a991b68c96eb12b6d2
set(CTEST_TEST_TARGET_ALIAS check)
set(print_msan_notice)
if(SECP256K1_BUILD_CTIME_TESTS)
include(CheckMemorySanitizer)
check_memory_sanitizer(msan_enabled)
if(msan_enabled)
try_append_c_flags(-fno-sanitize-memory-param-retval)
set(print_msan_notice YES)
endif()
unset(msan_enabled)
endif()
include(CTest)
# We do not use CTest's BUILD_TESTING because a single toggle for all tests is too coarse for our needs.
mark_as_advanced(BUILD_TESTING)
@ -274,14 +276,16 @@ if(SECP256K1_BUILD_BENCHMARK OR SECP256K1_BUILD_TESTS OR SECP256K1_BUILD_EXHAUST
enable_testing()
endif()
set(SECP256K1_LATE_CFLAGS "" CACHE STRING "Compiler flags that are added to the command line after all other flags added by the build system.")
include(AllTargetsCompileOptions)
set(SECP256K1_APPEND_CFLAGS "" CACHE STRING "Compiler flags that are appended to the command line after all other flags added by the build system. This variable is intended for debugging and special builds.")
if(SECP256K1_APPEND_CFLAGS)
# Appending to this low-level rule variable is the only way to
# guarantee that the flags appear at the end of the command line.
string(APPEND CMAKE_C_COMPILE_OBJECT " ${SECP256K1_APPEND_CFLAGS}")
endif()
add_subdirectory(src)
all_targets_compile_options(src "${SECP256K1_LATE_CFLAGS}")
if(SECP256K1_BUILD_EXAMPLES)
add_subdirectory(examples)
all_targets_compile_options(examples "${SECP256K1_LATE_CFLAGS}")
endif()
message("\n")
@ -332,7 +336,7 @@ message("Valgrind .............................. ${SECP256K1_VALGRIND}")
get_directory_property(definitions COMPILE_DEFINITIONS)
string(REPLACE ";" " " definitions "${definitions}")
message("Preprocessor defined macros ........... ${definitions}")
message("C compiler ............................ ${CMAKE_C_COMPILER}")
message("C compiler ............................ ${CMAKE_C_COMPILER_ID} ${CMAKE_C_COMPILER_VERSION}, ${CMAKE_C_COMPILER}")
message("CFLAGS ................................ ${CMAKE_C_FLAGS}")
get_directory_property(compile_options COMPILE_OPTIONS)
string(REPLACE ";" " " compile_options "${compile_options}")
@ -355,10 +359,17 @@ else()
message(" - LDFLAGS for executables ............ ${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
message(" - LDFLAGS for shared libraries ....... ${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
endif()
if(SECP256K1_LATE_CFLAGS)
message("SECP256K1_LATE_CFLAGS ................. ${SECP256K1_LATE_CFLAGS}")
if(SECP256K1_APPEND_CFLAGS)
message("SECP256K1_APPEND_CFLAGS ............... ${SECP256K1_APPEND_CFLAGS}")
endif()
message("")
if(print_msan_notice)
message(
"Note:\n"
" MemorySanitizer detected, tried to add -fno-sanitize-memory-param-retval to compile options\n"
" to avoid false positives in ctime_tests. Pass -DSECP256K1_BUILD_CTIME_TESTS=OFF to avoid this.\n"
)
endif()
message("\n")
if(SECP256K1_EXPERIMENTAL)
message(
" ******\n"

1
README.md
View File

@ -20,6 +20,7 @@ Features:
* Optional module for public key recovery.
* Optional module for ECDH key exchange.
* Optional module for Schnorr signatures according to [BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki).
* Optional module for ElligatorSwift key exchange according to [BIP-324](https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki).
Implementation details
----------------------

16
build-aux/m4/bitcoin_secp.m4
View File

@ -45,6 +45,22 @@ fi
AC_MSG_RESULT($has_valgrind)
])
AC_DEFUN([SECP_MSAN_CHECK], [
AC_MSG_CHECKING(whether MemorySanitizer is enabled)
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
/* MemorySanitizer is enabled. */
# elif
# error "MemorySanitizer is disabled."
# endif
#else
# error "__has_feature is not defined."
#endif
]])], [msan_enabled=yes], [msan_enabled=no])
AC_MSG_RESULT([$msan_enabled])
])
dnl SECP_TRY_APPEND_CFLAGS(flags, VAR)
dnl Append flags to VAR if CC accepts them.
AC_DEFUN([SECP_TRY_APPEND_CFLAGS], [

12
cmake/AllTargetsCompileOptions.cmake
View File

@ -1,12 +0,0 @@
# Add compile options to all targets added in the subdirectory.
function(all_targets_compile_options dir options)
get_directory_property(targets DIRECTORY ${dir} BUILDSYSTEM_TARGETS)
separate_arguments(options)
set(compiled_target_types STATIC_LIBRARY SHARED_LIBRARY OBJECT_LIBRARY EXECUTABLE)
foreach(target ${targets})
get_target_property(type ${target} TYPE)
if(type IN_LIST compiled_target_types)
target_compile_options(${target} PRIVATE ${options})
endif()
endforeach()
endfunction()

18
cmake/CheckMemorySanitizer.cmake Normal file
View File

@ -0,0 +1,18 @@
include_guard(GLOBAL)
include(CheckCSourceCompiles)
function(check_memory_sanitizer output)
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY)
check_c_source_compiles("
#if defined(__has_feature)
# if __has_feature(memory_sanitizer)
/* MemorySanitizer is enabled. */
# elif
# error \"MemorySanitizer is disabled.\"
# endif
#else
# error \"__has_feature is not defined.\"
#endif
" HAVE_MSAN)
set(${output} ${HAVE_MSAN} PARENT_SCOPE)
endfunction()

65
configure.ac
View File

@ -203,22 +203,22 @@ AC_ARG_WITH([test-override-wide-multiply], [] ,[set_widemul=$withval], [set_wide
AC_ARG_WITH([asm], [AS_HELP_STRING([--with-asm=x86_64|arm32|no|auto],
[assembly to use (experimental: arm32) [default=auto]])],[req_asm=$withval], [req_asm=auto])
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto],
AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE],
[window size for ecmult precomputation for verification, specified as integer in range [2..24].]
[Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
[The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.]
[A window size larger than 15 will require you delete the prebuilt precomputed_ecmult.c file so that it can be rebuilt.]
[For very large window sizes, use "make -j 1" to reduce memory use during compilation.]
["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]]
[The default value is a reasonable setting for desktop machines (currently 15). [default=15]]
)],
[req_ecmult_window=$withval], [req_ecmult_window=auto])
[set_ecmult_window=$withval], [set_ecmult_window=15])
AC_ARG_WITH([ecmult-gen-kb], [AS_HELP_STRING([--with-ecmult-gen-kb=2|22|86|auto],
AC_ARG_WITH([ecmult-gen-kb], [AS_HELP_STRING([--with-ecmult-gen-kb=2|22|86],
[The size of the precomputed table for signing in multiples of 1024 bytes (on typical platforms).]
[Larger values result in possibly better signing/keygeneration performance at the cost of a larger table.]
["auto" is a reasonable setting for desktop machines (currently 22). [default=auto]]
[The default value is a reasonable setting for desktop machines (currently 22). [default=22]]
)],
[req_ecmult_gen_kb=$withval], [req_ecmult_gen_kb=auto])
[set_ecmult_gen_kb=$withval], [set_ecmult_gen_kb=22])
AC_ARG_WITH([valgrind], [AS_HELP_STRING([--with-valgrind=yes|no|auto],
[Build with extra checks for running inside Valgrind [default=auto]]
@ -247,6 +247,20 @@ if test x"$enable_ctime_tests" = x"auto"; then
enable_ctime_tests=$enable_valgrind
fi
print_msan_notice=no
if test x"$enable_ctime_tests" = x"yes"; then
SECP_MSAN_CHECK
# MSan on Clang >=16 reports unitialized memory in function parameters and return values, even if
# the uninitalized variable is never actually "used". This is called "eager" checking, and it's
# sounds like good idea for normal use of MSan. However, it yields many false positives in the
# ctime_tests because many return values depend on secret (i.e., "uninitialized") values, and
# we're only interested in detecting branches (which count as "uses") on secret data.
if test x"$msan_enabled" = x"yes"; then
SECP_TRY_APPEND_CFLAGS([-fno-sanitize-memory-param-retval], SECP_CFLAGS)
print_msan_notice=yes
fi
fi
if test x"$enable_coverage" = x"yes"; then
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOVERAGE=1"
SECP_CFLAGS="-O0 --coverage $SECP_CFLAGS"
@ -335,14 +349,7 @@ auto)
;;
esac
# Set ecmult window size
if test x"$req_ecmult_window" = x"auto"; then
set_ecmult_window=15
else
set_ecmult_window=$req_ecmult_window
fi
error_window_size=['window size for ecmult precomputation not an integer in range [2..24] or "auto"']
error_window_size=['window size for ecmult precomputation not an integer in range [2..24]']
case $set_ecmult_window in
''|*[[!0-9]]*)
# no valid integer
@ -357,13 +364,6 @@ case $set_ecmult_window in
;;
esac
# Set ecmult gen kb
if test x"$req_ecmult_gen_kb" = x"auto"; then
set_ecmult_gen_kb=22
else
set_ecmult_gen_kb=$req_ecmult_gen_kb
fi
case $set_ecmult_gen_kb in
2)
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOMB_BLOCKS=2 -DCOMB_TEETH=5"
@ -375,7 +375,7 @@ case $set_ecmult_gen_kb in
SECP_CONFIG_DEFINES="$SECP_CONFIG_DEFINES -DCOMB_BLOCKS=43 -DCOMB_TEETH=6"
;;
*)
AC_MSG_ERROR(['ecmult gen table size not 2, 22, 86 or "auto"'])
AC_MSG_ERROR(['ecmult gen table size not 2, 22 or 86'])
;;
esac
@ -426,12 +426,7 @@ fi
### Check for --enable-experimental if necessary
###
if test x"$enable_experimental" = x"yes"; then
AC_MSG_NOTICE([******])
AC_MSG_NOTICE([WARNING: experimental build])
AC_MSG_NOTICE([Experimental features do not have stable APIs or properties, and may not be safe for production use.])
AC_MSG_NOTICE([******])
else
if test x"$enable_experimental" = x"no"; then
if test x"$set_asm" = x"arm32"; then
AC_MSG_ERROR([ARM32 assembly is experimental. Use --enable-experimental to allow.])
fi
@ -492,3 +487,17 @@ echo " CPPFLAGS = $CPPFLAGS"
echo " SECP_CFLAGS = $SECP_CFLAGS"
echo " CFLAGS = $CFLAGS"
echo " LDFLAGS = $LDFLAGS"
if test x"$print_msan_notice" = x"yes"; then
echo
echo "Note:"
echo " MemorySanitizer detected, tried to add -fno-sanitize-memory-param-retval to SECP_CFLAGS"
echo " to avoid false positives in ctime_tests. Pass --disable-ctime-tests to avoid this."
fi
if test x"$enable_experimental" = x"yes"; then
echo
echo "WARNING: Experimental build"
echo " Experimental features do not have stable APIs or properties, and may not be safe for"
echo " production use."
fi

6
src/modules/ecdh/tests_impl.h
View File

@ -56,7 +56,7 @@ static void test_ecdh_generator_basepoint(void) {
size_t point_ser_len = sizeof(point_ser);
secp256k1_scalar s;
random_scalar_order(&s);
testutil_random_scalar_order(&s);
secp256k1_scalar_get_b32(s_b32, &s);
CHECK(secp256k1_ec_pubkey_create(CTX, &point[0], s_one) == 1);
@ -95,7 +95,7 @@ static void test_bad_scalar(void) {
secp256k1_pubkey point;
/* Create random point */
random_scalar_order(&rand);
testutil_random_scalar_order(&rand);
secp256k1_scalar_get_b32(s_rand, &rand);
CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_rand) == 1);
@ -127,7 +127,7 @@ static void test_result_basepoint(void) {
CHECK(secp256k1_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1);
for (i = 0; i < 2 * COUNT; i++) {
random_scalar_order(&rand);
testutil_random_scalar_order(&rand);
secp256k1_scalar_get_b32(s, &rand);
secp256k1_scalar_inverse(&rand, &rand);
secp256k1_scalar_get_b32(s_inv, &rand);

38
src/modules/ellswift/tests_impl.h
View File

@ -229,9 +229,9 @@ void run_ellswift_tests(void) {
secp256k1_ge g, g2;
secp256k1_pubkey pubkey, pubkey2;
/* Generate random public key and random randomizer. */
random_group_element_test(&g);
testutil_random_ge_test(&g);
secp256k1_pubkey_save(&pubkey, &g);
secp256k1_testrand256(rnd32);
testrand256(rnd32);
/* Convert the public key to ElligatorSwift and back. */
secp256k1_ellswift_encode(CTX, ell64, &pubkey, rnd32);
secp256k1_ellswift_decode(CTX, &pubkey2, ell64);
@ -249,8 +249,8 @@ void run_ellswift_tests(void) {
unsigned char ell64[64];
int ret;
/* Generate random secret key and random randomizer. */
if (i & 1) secp256k1_testrand256_test(auxrnd32);
random_scalar_order_test(&sec);
if (i & 1) testrand256_test(auxrnd32);
testutil_random_scalar_order_test(&sec);
secp256k1_scalar_get_b32(sec32, &sec);
/* Construct ElligatorSwift-encoded public keys for that key. */
ret = secp256k1_ellswift_create(CTX, ell64, sec32, (i & 1) ? auxrnd32 : NULL);
@ -271,11 +271,11 @@ void run_ellswift_tests(void) {
secp256k1_pubkey pub;
int ret;
/* Generate random secret key. */
random_scalar_order_test(&sec);
testutil_random_scalar_order_test(&sec);
secp256k1_scalar_get_b32(sec32, &sec);
/* Generate random ElligatorSwift encoding for the remote key and decode it. */
secp256k1_testrand256_test(ell64);
secp256k1_testrand256_test(ell64 + 32);
testrand256_test(ell64);
testrand256_test(ell64 + 32);
secp256k1_ellswift_decode(CTX, &pub, ell64);
secp256k1_pubkey_load(CTX, &dec, &pub);
secp256k1_gej_set_ge(&decj, &dec);
@ -313,18 +313,18 @@ void run_ellswift_tests(void) {
data = NULL;
} else {
hash_function = secp256k1_ellswift_xdh_hash_function_prefix;
secp256k1_testrand256_test(prefix64);
secp256k1_testrand256_test(prefix64 + 32);
testrand256_test(prefix64);
testrand256_test(prefix64 + 32);
data = prefix64;
}
/* Generate random secret keys and random randomizers. */
secp256k1_testrand256_test(auxrnd32a);
secp256k1_testrand256_test(auxrnd32b);
random_scalar_order_test(&seca);
testrand256_test(auxrnd32a);
testrand256_test(auxrnd32b);
testutil_random_scalar_order_test(&seca);
/* Draw secb uniformly at random to make sure that the secret keys
* differ */
random_scalar_order(&secb);
testutil_random_scalar_order(&secb);
secp256k1_scalar_get_b32(sec32a, &seca);
secp256k1_scalar_get_b32(sec32b, &secb);
@ -349,13 +349,13 @@ void run_ellswift_tests(void) {
/* Verify that the shared secret doesn't match if other side's public key is incorrect. */
/* For A (using a bad public key for B): */
memcpy(ell64b_bad, ell64b, sizeof(ell64a_bad));
secp256k1_testrand_flip(ell64b_bad, sizeof(ell64b_bad));
testrand_flip(ell64b_bad, sizeof(ell64b_bad));
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data);
CHECK(ret); /* Mismatching encodings don't get detected by secp256k1_ellswift_xdh. */
CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
/* For B (using a bad public key for A): */
memcpy(ell64a_bad, ell64a, sizeof(ell64a_bad));
secp256k1_testrand_flip(ell64a_bad, sizeof(ell64a_bad));
testrand_flip(ell64a_bad, sizeof(ell64a_bad));
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data);
CHECK(ret);
CHECK(secp256k1_memcmp_var(share32_bad, share32b, 32) != 0);
@ -363,12 +363,12 @@ void run_ellswift_tests(void) {
/* Verify that the shared secret doesn't match if the private key is incorrect. */
/* For A: */
memcpy(sec32a_bad, sec32a, sizeof(sec32a_bad));
secp256k1_testrand_flip(sec32a_bad, sizeof(sec32a_bad));
testrand_flip(sec32a_bad, sizeof(sec32a_bad));
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a_bad, 0, hash_function, data);
CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
/* For B: */
memcpy(sec32b_bad, sec32b, sizeof(sec32b_bad));
secp256k1_testrand_flip(sec32b_bad, sizeof(sec32b_bad));
testrand_flip(sec32b_bad, sizeof(sec32b_bad));
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b_bad, 1, hash_function, data);
CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32b, 32) != 0);
@ -376,7 +376,7 @@ void run_ellswift_tests(void) {
/* Verify that the shared secret doesn't match when a different encoding of the same public key is used. */
/* For A (changing B's public key): */
memcpy(auxrnd32b_bad, auxrnd32b, sizeof(auxrnd32b_bad));
secp256k1_testrand_flip(auxrnd32b_bad, sizeof(auxrnd32b_bad));
testrand_flip(auxrnd32b_bad, sizeof(auxrnd32b_bad));
ret = secp256k1_ellswift_create(CTX, ell64b_bad, sec32b, auxrnd32b_bad);
CHECK(ret);
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data);
@ -384,7 +384,7 @@ void run_ellswift_tests(void) {
CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
/* For B (changing A's public key): */
memcpy(auxrnd32a_bad, auxrnd32a, sizeof(auxrnd32a_bad));
secp256k1_testrand_flip(auxrnd32a_bad, sizeof(auxrnd32a_bad));
testrand_flip(auxrnd32a_bad, sizeof(auxrnd32a_bad));
ret = secp256k1_ellswift_create(CTX, ell64a_bad, sec32a, auxrnd32a_bad);
CHECK(ret);
ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data);

36
src/modules/extrakeys/tests_impl.h
View File

@ -23,9 +23,9 @@ static void test_xonly_pubkey(void) {
int pk_parity;
int i;
secp256k1_testrand256(sk);
testrand256(sk);
memset(ones32, 0xFF, 32);
secp256k1_testrand256(xy_sk);
testrand256(xy_sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1);
@ -95,7 +95,7 @@ static void test_xonly_pubkey(void) {
* the curve) then xonly_pubkey_parse should fail as well. */
for (i = 0; i < COUNT; i++) {
unsigned char rand33[33];
secp256k1_testrand256(&rand33[1]);
testrand256(&rand33[1]);
rand33[0] = SECP256K1_TAG_PUBKEY_EVEN;
if (!secp256k1_ec_pubkey_parse(CTX, &pk, rand33, 33)) {
memset(&xonly_pk, 1, sizeof(xonly_pk));
@ -152,8 +152,8 @@ static void test_xonly_pubkey_tweak(void) {
int i;
memset(overflows, 0xff, sizeof(overflows));
secp256k1_testrand256(tweak);
secp256k1_testrand256(sk);
testrand256(tweak);
testrand256(sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
@ -190,7 +190,7 @@ static void test_xonly_pubkey_tweak(void) {
/* Invalid pk with a valid tweak */
memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk));
secp256k1_testrand256(tweak);
testrand256(tweak);
CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak));
CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0);
}
@ -209,8 +209,8 @@ static void test_xonly_pubkey_tweak_check(void) {
unsigned char tweak[32];
memset(overflows, 0xff, sizeof(overflows));
secp256k1_testrand256(tweak);
secp256k1_testrand256(sk);
testrand256(tweak);
testrand256(sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
@ -256,7 +256,7 @@ static void test_xonly_pubkey_tweak_recursive(void) {
unsigned char tweak[N_PUBKEYS - 1][32];
int i;
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_ec_pubkey_create(CTX, &pk[0], sk) == 1);
/* Add tweaks */
for (i = 0; i < N_PUBKEYS - 1; i++) {
@ -292,7 +292,7 @@ static void test_keypair(void) {
memset(overflows, 0xFF, sizeof(overflows));
/* Test keypair_create */
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
@ -311,7 +311,7 @@ static void test_keypair(void) {
CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
/* Test keypair_pub */
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1);
CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, NULL, &keypair));
@ -330,7 +330,7 @@ static void test_keypair(void) {
CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0);
/** Test keypair_xonly_pub **/
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair));
@ -353,7 +353,7 @@ static void test_keypair(void) {
CHECK(pk_parity == pk_parity_tmp);
/* Test keypair_seckey */
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1);
CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, NULL, &keypair));
@ -381,8 +381,8 @@ static void test_keypair_add(void) {
int i;
CHECK(sizeof(zeros96) == sizeof(keypair));
secp256k1_testrand256(sk);
secp256k1_testrand256(tweak);
testrand256(sk);
testrand256(tweak);
memset(overflows, 0xFF, 32);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
@ -407,7 +407,7 @@ static void test_keypair_add(void) {
for (i = 0; i < COUNT; i++) {
secp256k1_scalar scalar_tweak;
secp256k1_keypair keypair_tmp;
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
memcpy(&keypair_tmp, &keypair, sizeof(keypair));
/* Because sk may be negated before adding, we need to try with tweak =
@ -423,7 +423,7 @@ static void test_keypair_add(void) {
/* Invalid keypair with a valid tweak */
memset(&keypair, 0, sizeof(keypair));
secp256k1_testrand256(tweak);
testrand256(tweak);
CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak));
CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0);
/* Only seckey part of keypair invalid */
@ -446,7 +446,7 @@ static void test_keypair_add(void) {
unsigned char sk32[32];
int pk_parity;
secp256k1_testrand256(tweak);
testrand256(tweak);
CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1);
CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1);

8
src/modules/recovery/tests_impl.h
View File

@ -25,7 +25,7 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c
}
/* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
memset(nonce32, 1, 32);
return secp256k1_testrand_bits(1);
return testrand_bits(1);
}
static void test_ecdsa_recovery_api(void) {
@ -106,8 +106,8 @@ static void test_ecdsa_recovery_end_to_end(void) {
/* Generate a random key and message. */
{
secp256k1_scalar msg, key;
random_scalar_order_test(&msg);
random_scalar_order_test(&key);
testutil_random_scalar_order_test(&msg);
testutil_random_scalar_order_test(&key);
secp256k1_scalar_get_b32(privkey, &key);
secp256k1_scalar_get_b32(message, &msg);
}
@ -141,7 +141,7 @@ static void test_ecdsa_recovery_end_to_end(void) {
CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
/* Serialize/destroy/parse signature and verify again. */
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1);
sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255);
sig[testrand_bits(6)] += 1 + testrand_int(255);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1);
CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1);
CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0);

6
src/modules/schnorrsig/tests_exhaustive_impl.h
View File

@ -104,7 +104,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
secp256k1_scalar e;
unsigned char msg32[32];
secp256k1_testrand256(msg32);
testrand256(msg32);
secp256k1_schnorrsig_challenge(&e, sig64, msg32, sizeof(msg32), pk32);
/* Only do work if we hit a challenge we haven't tried before. */
if (!e_done[e]) {
@ -120,7 +120,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER &&
(s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER);
} else {
secp256k1_testrand256(sig64 + 32);
testrand256(sig64 + 32);
expect_valid = 0;
}
valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, sizeof(msg32), &pubkeys[d - 1]);
@ -161,7 +161,7 @@ static void test_exhaustive_schnorrsig_sign(const secp256k1_context *ctx, unsign
/* Generate random messages until all challenges have been tried. */
while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
secp256k1_scalar e;
secp256k1_testrand256(msg32);
testrand256(msg32);
secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, sizeof(msg32), xonly_pubkey_bytes[d - 1]);
/* Only do work if we hit a challenge we haven't tried before. */
if (!e_done[e]) {

50
src/modules/schnorrsig/tests_impl.h
View File

@ -15,7 +15,7 @@
static void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes, size_t msglen, size_t algolen) {
unsigned char nonces[2][32];
CHECK(nonce_function_bip340(nonces[0], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
secp256k1_testrand_flip(args[n_flip], n_bytes);
testrand_flip(args[n_flip], n_bytes);
CHECK(nonce_function_bip340(nonces[1], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
CHECK(secp256k1_memcmp_var(nonces[0], nonces[1], 32) != 0);
}
@ -50,10 +50,10 @@ static void run_nonce_function_bip340_tests(void) {
secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);
test_sha256_eq(&sha, &sha_optimized);
secp256k1_testrand256(msg);
secp256k1_testrand256(key);
secp256k1_testrand256(pk);
secp256k1_testrand256(aux_rand);
testrand256(msg);
testrand256(key);
testrand256(pk);
testrand256(aux_rand);
/* Check that a bitflip in an argument results in different nonces. */
args[0] = msg;
@ -76,12 +76,12 @@ static void run_nonce_function_bip340_tests(void) {
CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, NULL, 0, NULL) == 0);
CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
/* Other algo is fine */
secp256k1_testrand_bytes_test(algo, algolen);
testrand_bytes_test(algo, algolen);
CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
for (i = 0; i < COUNT; i++) {
unsigned char nonce2[32];
uint32_t offset = secp256k1_testrand_int(msglen - 1);
uint32_t offset = testrand_int(msglen - 1);
size_t msglen_tmp = (msglen + offset) % msglen;
size_t algolen_tmp;
@ -90,7 +90,7 @@ static void run_nonce_function_bip340_tests(void) {
CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
/* Different algolen gives different nonce */
offset = secp256k1_testrand_int(algolen - 1);
offset = testrand_int(algolen - 1);
algolen_tmp = (algolen + offset) % algolen;
CHECK(nonce_function_bip340(nonce2, msg, msglen, key, pk, algo, algolen_tmp, NULL) == 1);
CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
@ -116,10 +116,10 @@ static void test_schnorrsig_api(void) {
secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL};
secp256k1_testrand256(sk1);
secp256k1_testrand256(sk2);
secp256k1_testrand256(sk3);
secp256k1_testrand256(msg);
testrand256(sk1);
testrand256(sk2);
testrand256(sk3);
testrand256(msg);
CHECK(secp256k1_keypair_create(CTX, &keypairs[0], sk1) == 1);
CHECK(secp256k1_keypair_create(CTX, &keypairs[1], sk2) == 1);
CHECK(secp256k1_keypair_create(CTX, &keypairs[2], sk3) == 1);
@ -813,8 +813,8 @@ static void test_schnorrsig_sign(void) {
secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
unsigned char aux_rand[32];
secp256k1_testrand256(sk);
secp256k1_testrand256(aux_rand);
testrand256(sk);
testrand256(aux_rand);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk));
CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair));
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1);
@ -861,12 +861,12 @@ static void test_schnorrsig_sign_verify(void) {
secp256k1_xonly_pubkey pk;
secp256k1_scalar s;
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk));
CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair));
for (i = 0; i < N_SIGS; i++) {
secp256k1_testrand256(msg[i]);
testrand256(msg[i]);
CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL));
CHECK(secp256k1_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk));
}
@ -874,19 +874,19 @@ static void test_schnorrsig_sign_verify(void) {
{
/* Flip a few bits in the signature and in the message and check that
* verify and verify_batch (TODO) fail */
size_t sig_idx = secp256k1_testrand_int(N_SIGS);
size_t byte_idx = secp256k1_testrand_bits(5);
unsigned char xorbyte = secp256k1_testrand_int(254)+1;
size_t sig_idx = testrand_int(N_SIGS);
size_t byte_idx = testrand_bits(5);
unsigned char xorbyte = testrand_int(254)+1;
sig[sig_idx][byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
sig[sig_idx][byte_idx] ^= xorbyte;
byte_idx = secp256k1_testrand_bits(5);
byte_idx = testrand_bits(5);
sig[sig_idx][32+byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
sig[sig_idx][32+byte_idx] ^= xorbyte;
byte_idx = secp256k1_testrand_bits(5);
byte_idx = testrand_bits(5);
msg[sig_idx][byte_idx] ^= xorbyte;
CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
msg[sig_idx][byte_idx] ^= xorbyte;
@ -916,9 +916,9 @@ static void test_schnorrsig_sign_verify(void) {
{
/* Test varying message lengths */
unsigned char msg_large[32 * 8];
uint32_t msglen = secp256k1_testrand_int(sizeof(msg_large));
uint32_t msglen = testrand_int(sizeof(msg_large));
for (i = 0; i < sizeof(msg_large); i += 32) {
secp256k1_testrand256(&msg_large[i]);
testrand256(&msg_large[i]);
}
CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1);
CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1);
@ -942,7 +942,7 @@ static void test_schnorrsig_taproot(void) {
unsigned char sig[64];
/* Create output key */
secp256k1_testrand256(sk);
testrand256(sk);
CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1);
/* In actual taproot the tweak would be hash of internal_pk */
@ -952,7 +952,7 @@ static void test_schnorrsig_taproot(void) {
CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1);
/* Key spend */
secp256k1_testrand256(msg);
testrand256(msg);
CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1);
/* Verify key spend */
CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1);

4
src/secp256k1.c
View File

@ -76,7 +76,7 @@ const secp256k1_context *secp256k1_context_no_precomp = &secp256k1_context_stati
/* Helper function that determines if a context is proper, i.e., is not the static context or a copy thereof.
*
* This is intended for "context" functions such as secp256k1_context_clone. Function which need specific
* This is intended for "context" functions such as secp256k1_context_clone. Functions that need specific
* features of a context should still check for these features directly. For example, a function that needs
* ecmult_gen should directly check for the existence of the ecmult_gen context. */
static int secp256k1_context_is_proper(const secp256k1_context* ctx) {
@ -544,7 +544,7 @@ static int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_sc
break;
}
is_nonce_valid = secp256k1_scalar_set_b32_seckey(&non, nonce32);
/* The nonce is still secret here, but it being invalid is is less likely than 1:2^255. */
/* The nonce is still secret here, but it being invalid is less likely than 1:2^255. */
secp256k1_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid));
if (is_nonce_valid) {
ret = secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid);

22
src/testrand.h
View File

@ -12,37 +12,37 @@
/* A non-cryptographic RNG used only for test infrastructure. */
/** Seed the pseudorandom number generator for testing. */
SECP256K1_INLINE static void secp256k1_testrand_seed(const unsigned char *seed16);
SECP256K1_INLINE static void testrand_seed(const unsigned char *seed16);
/** Generate a pseudorandom number in the range [0..2**32-1]. */
SECP256K1_INLINE static uint32_t secp256k1_testrand32(void);
SECP256K1_INLINE static uint32_t testrand32(void);
/** Generate a pseudorandom number in the range [0..2**64-1]. */
SECP256K1_INLINE static uint64_t secp256k1_testrand64(void);
SECP256K1_INLINE static uint64_t testrand64(void);
/** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or
* more. */
SECP256K1_INLINE static uint64_t secp256k1_testrand_bits(int bits);
SECP256K1_INLINE static uint64_t testrand_bits(int bits);
/** Generate a pseudorandom number in the range [0..range-1]. */
static uint32_t secp256k1_testrand_int(uint32_t range);
static uint32_t testrand_int(uint32_t range);
/** Generate a pseudorandom 32-byte array. */
static void secp256k1_testrand256(unsigned char *b32);
static void testrand256(unsigned char *b32);
/** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
static void secp256k1_testrand256_test(unsigned char *b32);
static void testrand256_test(unsigned char *b32);
/** Generate pseudorandom bytes with long sequences of zero and one bits. */
static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len);
static void testrand_bytes_test(unsigned char *bytes, size_t len);
/** Flip a single random bit in a byte array */
static void secp256k1_testrand_flip(unsigned char *b, size_t len);
static void testrand_flip(unsigned char *b, size_t len);
/** Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL. */
static void secp256k1_testrand_init(const char* hexseed);
static void testrand_init(const char* hexseed);
/** Print final test information. */
static void secp256k1_testrand_finish(void);
static void testrand_finish(void);
#endif /* SECP256K1_TESTRAND_H */

42
src/testrand_impl.h
View File

@ -17,7 +17,7 @@
static uint64_t secp256k1_test_state[4];
SECP256K1_INLINE static void secp256k1_testrand_seed(const unsigned char *seed16) {
SECP256K1_INLINE static void testrand_seed(const unsigned char *seed16) {
static const unsigned char PREFIX[19] = "secp256k1 test init";
unsigned char out32[32];
secp256k1_sha256 hash;
@ -40,7 +40,7 @@ SECP256K1_INLINE static uint64_t rotl(const uint64_t x, int k) {
return (x << k) | (x >> (64 - k));
}
SECP256K1_INLINE static uint64_t secp256k1_testrand64(void) {
SECP256K1_INLINE static uint64_t testrand64(void) {
/* Test-only Xoshiro256++ RNG. See https://prng.di.unimi.it/ */
const uint64_t result = rotl(secp256k1_test_state[0] + secp256k1_test_state[3], 23) + secp256k1_test_state[0];
const uint64_t t = secp256k1_test_state[1] << 17;
@ -53,16 +53,16 @@ SECP256K1_INLINE static uint64_t secp256k1_testrand64(void) {
return result;
}
SECP256K1_INLINE static uint64_t secp256k1_testrand_bits(int bits) {
SECP256K1_INLINE static uint64_t testrand_bits(int bits) {
if (bits == 0) return 0;
return secp256k1_testrand64() >> (64 - bits);
return testrand64() >> (64 - bits);
}
SECP256K1_INLINE static uint32_t secp256k1_testrand32(void) {
return secp256k1_testrand64() >> 32;
SECP256K1_INLINE static uint32_t testrand32(void) {
return testrand64() >> 32;
}
static uint32_t secp256k1_testrand_int(uint32_t range) {
static uint32_t testrand_int(uint32_t range) {
uint32_t mask = 0;
uint32_t range_copy;
/* Reduce range by 1, changing its meaning to "maximum value". */
@ -76,15 +76,15 @@ static uint32_t secp256k1_testrand_int(uint32_t range) {
}
/* Generation loop. */
while (1) {
uint32_t val = secp256k1_testrand64() & mask;
uint32_t val = testrand64() & mask;
if (val <= range) return val;
}
}
static void secp256k1_testrand256(unsigned char *b32) {
static void testrand256(unsigned char *b32) {
int i;
for (i = 0; i < 4; ++i) {
uint64_t val = secp256k1_testrand64();
uint64_t val = testrand64();
b32[0] = val;
b32[1] = val >> 8;
b32[2] = val >> 16;
@ -97,14 +97,14 @@ static void secp256k1_testrand256(unsigned char *b32) {
}
}
static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len) {
static void testrand_bytes_test(unsigned char *bytes, size_t len) {
size_t bits = 0;
memset(bytes, 0, len);
while (bits < len * 8) {
int now;
uint32_t val;
now = 1 + (secp256k1_testrand_bits(6) * secp256k1_testrand_bits(5) + 16) / 31;
val = secp256k1_testrand_bits(1);
now = 1 + (testrand_bits(6) * testrand_bits(5) + 16) / 31;
val = testrand_bits(1);
while (now > 0 && bits < len * 8) {
bytes[bits / 8] |= val << (bits % 8);
now--;
@ -113,15 +113,15 @@ static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len) {
}
}
static void secp256k1_testrand256_test(unsigned char *b32) {
secp256k1_testrand_bytes_test(b32, 32);
static void testrand256_test(unsigned char *b32) {
testrand_bytes_test(b32, 32);
}
static void secp256k1_testrand_flip(unsigned char *b, size_t len) {
b[secp256k1_testrand_int(len)] ^= (1 << secp256k1_testrand_bits(3));
static void testrand_flip(unsigned char *b, size_t len) {
b[testrand_int(len)] ^= (1 << testrand_bits(3));
}
static void secp256k1_testrand_init(const char* hexseed) {
static void testrand_init(const char* hexseed) {
unsigned char seed16[16] = {0};
if (hexseed && strlen(hexseed) != 0) {
int pos = 0;
@ -155,12 +155,12 @@ static void secp256k1_testrand_init(const char* hexseed) {
}
printf("random seed = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", seed16[0], seed16[1], seed16[2], seed16[3], seed16[4], seed16[5], seed16[6], seed16[7], seed16[8], seed16[9], seed16[10], seed16[11], seed16[12], seed16[13], seed16[14], seed16[15]);
secp256k1_testrand_seed(seed16);
testrand_seed(seed16);
}
static void secp256k1_testrand_finish(void) {
static void testrand_finish(void) {
unsigned char run32[32];
secp256k1_testrand256(run32);
testrand256(run32);
printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]);
}

458
src/tests.c
View File

File diff suppressed because it is too large Load Diff

10
src/tests_exhaustive.c
View File

@ -171,7 +171,7 @@ static void test_exhaustive_ecmult(const secp256k1_ge *group, const secp256k1_ge
CHECK(secp256k1_fe_equal(&tmpf, &group[(i * j) % EXHAUSTIVE_TEST_ORDER].x));
/* Test secp256k1_ecmult_const_xonly with all curve X coordinates, with random xd. */
random_fe_non_zero(&xd);
testutil_random_fe_non_zero(&xd);
secp256k1_fe_mul(&xn, &xd, &group[i].x);
ret = secp256k1_ecmult_const_xonly(&tmpf, &xn, &xd, &ng, 0);
CHECK(ret);
@ -375,7 +375,7 @@ int main(int argc, char** argv) {
printf("test count = %i\n", count);
/* find random seed */
secp256k1_testrand_init(argc > 2 ? argv[2] : NULL);
testrand_init(argc > 2 ? argv[2] : NULL);
/* set up split processing */
if (argc > 4) {
@ -395,7 +395,7 @@ int main(int argc, char** argv) {
while (count--) {
/* Build context */
ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
secp256k1_testrand256(rand32);
testrand256(rand32);
CHECK(secp256k1_context_randomize(ctx, rand32));
/* Generate the entire group */
@ -408,7 +408,7 @@ int main(int argc, char** argv) {
/* Set a different random z-value for each Jacobian point, except z=1
is used in the last iteration. */
secp256k1_fe z;
random_fe(&z);
testutil_random_fe(&z);
secp256k1_gej_rescale(&groupj[i], &z);
}
@ -459,7 +459,7 @@ int main(int argc, char** argv) {
secp256k1_context_destroy(ctx);
}
secp256k1_testrand_finish();
testrand_finish();
printf("no problems found\n");
return 0;

121
src/testutil.h
View File

@ -7,23 +7,136 @@
#define SECP256K1_TESTUTIL_H
#include "field.h"
#include "group.h"
#include "testrand.h"
#include "util.h"
static void random_fe(secp256k1_fe *x) {
static void testutil_random_fe(secp256k1_fe *x) {
unsigned char bin[32];
do {
secp256k1_testrand256(bin);
testrand256(bin);
if (secp256k1_fe_set_b32_limit(x, bin)) {
return;
}
} while(1);
}
static void random_fe_non_zero(secp256k1_fe *nz) {
static void testutil_random_fe_non_zero(secp256k1_fe *nz) {
do {
random_fe(nz);
testutil_random_fe(nz);
} while (secp256k1_fe_is_zero(nz));
}
static void testutil_random_fe_magnitude(secp256k1_fe *fe, int m) {
secp256k1_fe zero;
int n = testrand_int(m + 1);
secp256k1_fe_normalize(fe);
if (n == 0) {
return;
}
secp256k1_fe_clear(&zero);
secp256k1_fe_negate(&zero, &zero, 0);
secp256k1_fe_mul_int_unchecked(&zero, n - 1);
secp256k1_fe_add(fe, &zero);
#ifdef VERIFY
CHECK(fe->magnitude == n);
#endif
}
static void testutil_random_fe_test(secp256k1_fe *x) {
unsigned char bin[32];
do {
testrand256_test(bin);
if (secp256k1_fe_set_b32_limit(x, bin)) {
return;
}
} while(1);
}
static void testutil_random_fe_non_zero_test(secp256k1_fe *fe) {
do {
testutil_random_fe_test(fe);
} while(secp256k1_fe_is_zero(fe));
}
static void testutil_random_ge_x_magnitude(secp256k1_ge *ge) {
testutil_random_fe_magnitude(&ge->x, SECP256K1_GE_X_MAGNITUDE_MAX);
}
static void testutil_random_ge_y_magnitude(secp256k1_ge *ge) {
testutil_random_fe_magnitude(&ge->y, SECP256K1_GE_Y_MAGNITUDE_MAX);
}
static void testutil_random_gej_x_magnitude(secp256k1_gej *gej) {
testutil_random_fe_magnitude(&gej->x, SECP256K1_GEJ_X_MAGNITUDE_MAX);
}
static void testutil_random_gej_y_magnitude(secp256k1_gej *gej) {
testutil_random_fe_magnitude(&gej->y, SECP256K1_GEJ_Y_MAGNITUDE_MAX);
}
static void testutil_random_gej_z_magnitude(secp256k1_gej *gej) {
testutil_random_fe_magnitude(&gej->z, SECP256K1_GEJ_Z_MAGNITUDE_MAX);
}
static void testutil_random_ge_test(secp256k1_ge *ge) {
secp256k1_fe fe;
do {
testutil_random_fe_test(&fe);
if (secp256k1_ge_set_xo_var(ge, &fe, testrand_bits(1))) {
secp256k1_fe_normalize(&ge->y);
break;
}
} while(1);
ge->infinity = 0;
}
static void testutil_random_ge_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) {
secp256k1_fe z2, z3;
testutil_random_fe_non_zero_test(&gej->z);
secp256k1_fe_sqr(&z2, &gej->z);
secp256k1_fe_mul(&z3, &z2, &gej->z);
secp256k1_fe_mul(&gej->x, &ge->x, &z2);
secp256k1_fe_mul(&gej->y, &ge->y, &z3);
gej->infinity = ge->infinity;
}
static void testutil_random_gej_test(secp256k1_gej *gej) {
secp256k1_ge ge;
testutil_random_ge_test(&ge);
testutil_random_ge_jacobian_test(gej, &ge);
}
static void testutil_random_scalar_order_test(secp256k1_scalar *num) {
do {
unsigned char b32[32];
int overflow = 0;
testrand256_test(b32);
secp256k1_scalar_set_b32(num, b32, &overflow);
if (overflow || secp256k1_scalar_is_zero(num)) {
continue;
}
break;
} while(1);
}
static void testutil_random_scalar_order(secp256k1_scalar *num) {
do {
unsigned char b32[32];
int overflow = 0;
testrand256(b32);
secp256k1_scalar_set_b32(num, b32, &overflow);
if (overflow || secp256k1_scalar_is_zero(num)) {
continue;
}
break;
} while(1);
}
static void testutil_random_scalar_order_b32(unsigned char *b32) {
secp256k1_scalar num;
testutil_random_scalar_order(&num);
secp256k1_scalar_get_b32(b32, &num);
}
#endif /* SECP256K1_TESTUTIL_H */