mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-06-14 02:41:34 +02:00
c31fcaaad3
4187a46649 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11ae tests: Add Wycheproof ECDH vectors 13906b7154 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb03276 gitignore: Add Python cache files 70f149b9a1 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51fb6 bench: add ellswift to bench help output d84bb83e26 Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c1b Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d3f configure: Show exhaustive tests in summary e56716a3bc Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc58f ci: Fix exiting from ci.sh on error 1b6e081538 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b034 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa918 tests: remove unused uncounting_illegal_callback_fn a7a5117144 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65dc Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763a5 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d92 ci: Run `tools/symbol-check.py` 41d32ab2de test: Add `tools/symbol-check.py` 88548058b3 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c615 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc24 gha: Print all *.log files, in a separate action 4ba1ba2af9 Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054a1 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a83 musig: Fix clearing of pubnonces 3186082387 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39dafb Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60bec Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac57705 Make static context const 1b1fc09341 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480fbb Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d389629a CONTRIBUTING: mention that `EXIT_` codes should be used c855581728 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fcea examples: use `EXIT_...` constants for `main` return values 2e3bf13653 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf84 README: add instructions for verifying GPG signatures 00774d0723 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb85 schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73dd9 ci: Add new "Windows (clang-cl)" job 84c0bd1f72 cmake: Adjust diagnostic flags for clang-cl f79f46c703 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558c4 doc: Improve cmake instructions in README 1823594761 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b33 Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450eb Fix some misspellings ec329c2501 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f594 release cleanup: bump version after 0.6.0 64228a648f musig: Use _ge_set_all_gej for own public nonces 300aab1c05 tests: Improve _ge_set_all_gej(_var) tests 365f274ce3 group: Simplify secp256k1_ge_set_all_gej d3082ddead group: Add constant-time secp256k1_ge_set_all_gej git-subtree-dir: src/secp256k1 git-subtree-split: 4187a4664914dc6f6fb6a619c6b85c854fc33033
167 lines
5.8 KiB
Python
Executable File
167 lines
5.8 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
# Copyright (c) 2024 Random "Randy" Lattice and Sean Andersen
|
|
# Distributed under the MIT software license, see the accompanying
|
|
# file COPYING or https://www.opensource.org/licenses/mit-license.php.
|
|
'''
|
|
Generate a C file with ECDH testvectors from the Wycheproof project.
|
|
'''
|
|
|
|
import json
|
|
import sys
|
|
|
|
from binascii import hexlify, unhexlify
|
|
from wycheproof_utils import to_c_array
|
|
|
|
def should_skip_flags(test_vector_flags):
|
|
# skip these vectors because they are for ASN.1 encoding issues and other curves.
|
|
# for more details, see https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546
|
|
flags_to_skip = {"InvalidAsn", "WrongCurve"}
|
|
return any(flag in test_vector_flags for flag in flags_to_skip)
|
|
|
|
def should_skip_tcid(test_vector_tcid):
|
|
# We skip some test case IDs that have a public key whose custom ASN.1 representation explicitly
|
|
# encodes some curve parameters that are invalid. libsecp256k1 never parses this part so we do
|
|
# not care testing those. See https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546
|
|
tcids_to_skip = [496, 497, 502, 503, 504, 505, 507]
|
|
return test_vector_tcid in tcids_to_skip
|
|
|
|
# Rudimentary ASN.1 DER public key parser.
|
|
# This should not be used for anything other than parsing Wycheproof test vectors.
|
|
def parse_der_pk(s):
|
|
tag = s[0]
|
|
L = int(s[1])
|
|
offset = 0
|
|
if L & 0x80:
|
|
if L == 0x81:
|
|
L = int(s[2])
|
|
offset = 1
|
|
elif L == 0x82:
|
|
L = 256 * int(s[2]) + int(s[3])
|
|
offset = 2
|
|
else:
|
|
raise ValueError("invalid L")
|
|
value = s[(offset + 2):(L + 2 + offset)]
|
|
rest = s[(L + 2 + offset):]
|
|
|
|
if len(rest) > 0 or tag == 0x06: # OBJECT IDENTIFIER
|
|
return parse_der_pk(rest)
|
|
if tag == 0x03: # BIT STRING
|
|
return value
|
|
if tag == 0x30: # SEQUENCE
|
|
return parse_der_pk(value)
|
|
raise ValueError("unknown tag")
|
|
|
|
def parse_public_key(pk):
|
|
der_pub_key = parse_der_pk(unhexlify(pk)) # Convert back to str and strip off the `0x`
|
|
return hexlify(der_pub_key).decode()[2:]
|
|
|
|
def normalize_private_key(sk):
|
|
# Ensure the private key is at most 64 characters long, retaining the last 64 if longer.
|
|
# In the wycheproof test vectors, some private keys have leading zeroes
|
|
normalized = sk[-64:].zfill(64)
|
|
if len(normalized) != 64:
|
|
raise ValueError("private key must be exactly 64 characters long.")
|
|
return normalized
|
|
|
|
def normalize_expected_result(er):
|
|
result_mapping = {"invalid": 0, "valid": 1, "acceptable": 1}
|
|
return result_mapping[er]
|
|
|
|
filename_input = sys.argv[1]
|
|
|
|
with open(filename_input) as f:
|
|
doc = json.load(f)
|
|
|
|
num_vectors = 0
|
|
offset_sk_running, offset_pk_running, offset_shared = 0, 0, 0
|
|
test_vectors_out = ""
|
|
private_keys = ""
|
|
shared_secrets = ""
|
|
public_keys = ""
|
|
cache_sks = {}
|
|
cache_public_keys = {}
|
|
|
|
for group in doc['testGroups']:
|
|
assert group["type"] == "EcdhTest"
|
|
assert group["curve"] == "secp256k1"
|
|
for test_vector in group['tests']:
|
|
if should_skip_flags(test_vector['flags']) or should_skip_tcid(test_vector['tcId']):
|
|
continue
|
|
|
|
public_key = parse_public_key(test_vector['public'])
|
|
private_key = normalize_private_key(test_vector['private'])
|
|
expected_result = normalize_expected_result(test_vector['result'])
|
|
|
|
# // 2 to convert hex to byte length
|
|
shared_size = len(test_vector['shared']) // 2
|
|
sk_size = len(private_key) // 2
|
|
pk_size = len(public_key) // 2
|
|
|
|
new_sk = False
|
|
sk = to_c_array(private_key)
|
|
sk_offset = offset_sk_running
|
|
|
|
# check for repeated sk
|
|
if sk not in cache_sks:
|
|
if num_vectors != 0 and sk_size != 0:
|
|
private_keys += ",\n "
|
|
cache_sks[sk] = offset_sk_running
|
|
private_keys += sk
|
|
new_sk = True
|
|
else:
|
|
sk_offset = cache_sks[sk]
|
|
|
|
new_pk = False
|
|
pk = to_c_array(public_key) if public_key != '0x' else ''
|
|
|
|
pk_offset = offset_pk_running
|
|
# check for repeated pk
|
|
if pk not in cache_public_keys:
|
|
if num_vectors != 0 and len(pk) != 0:
|
|
public_keys += ",\n "
|
|
cache_public_keys[pk] = offset_pk_running
|
|
public_keys += pk
|
|
new_pk = True
|
|
else:
|
|
pk_offset = cache_public_keys[pk]
|
|
|
|
|
|
shared_secrets += ",\n " if num_vectors and shared_size else ""
|
|
shared_secrets += to_c_array(test_vector['shared'])
|
|
wycheproof_tcid = test_vector['tcId']
|
|
|
|
test_vectors_out += " /" + "* tcId: " + str(test_vector['tcId']) + ". " + test_vector['comment'] + " *" + "/\n"
|
|
test_vectors_out += f" {{{pk_offset}, {pk_size}, {sk_offset}, {sk_size}, {offset_shared}, {shared_size}, {expected_result}, {wycheproof_tcid} }},\n"
|
|
if new_sk:
|
|
offset_sk_running += sk_size
|
|
if new_pk:
|
|
offset_pk_running += pk_size
|
|
offset_shared += shared_size
|
|
num_vectors += 1
|
|
|
|
struct_definition = """
|
|
typedef struct {
|
|
size_t pk_offset;
|
|
size_t pk_len;
|
|
size_t sk_offset;
|
|
size_t sk_len;
|
|
size_t shared_offset;
|
|
size_t shared_len;
|
|
int expected_result;
|
|
int wycheproof_tcid;
|
|
} wycheproof_ecdh_testvector;
|
|
"""
|
|
|
|
print("/* Note: this file was autogenerated using tests_wycheproof_ecdh.py. Do not edit. */")
|
|
print(f"#define SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS ({num_vectors})")
|
|
|
|
print(struct_definition)
|
|
|
|
print("static const unsigned char wycheproof_ecdh_private_keys[] = { " + private_keys + "};\n")
|
|
print("static const unsigned char wycheproof_ecdh_public_keys[] = { " + public_keys + "};\n")
|
|
print("static const unsigned char wycheproof_ecdh_shared_secrets[] = { " + shared_secrets + "};\n")
|
|
|
|
print("static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS] = {")
|
|
print(test_vectors_out)
|
|
print("};")
|