tests: Add Wycheproof ECDSA vectors

Adds a test using the Wycheproof vectors as outlined in bitcoin-core#1106. The vectors are pulled from the Wycheproof repo using a python script to emit C code. The script is embedded as a comment. Co-authored-by: Sean Andersen <6730974+andozw@users.noreply.github.com>
RandomLattice · Mar 22, 2023 · a1cce06 · a1cce06
1 parent 9c8c4f4
commit a1cce06
Show file tree

Hide file tree

Showing 5 changed files with 7,410 additions and 0 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -213,6 +213,9 @@ src/precomputed_ecmult_gen.c:
 PRECOMP = src/precomputed_ecmult_gen.c src/precomputed_ecmult.c
 precomp: $(PRECOMP)
 
+src/vectors/ecdsa_secp256k1_sha256_bitcoin_test.inc: src/vectors/ecdsa_secp256k1_sha256_bitcoin_test.json
+ python3 src/vectors/tests_wycheproof_generate.py $< > $@
+
 # Ensure the prebuilt files will be build first (only if they don't exist,
 # e.g., after `make maintainer-clean`).
 BUILT_SOURCES = $(PRECOMP)

diff --git a/src/tests.c b/src/tests.c
@@ -7306,6 +7306,40 @@ static void run_ecdsa_edge_cases(void) {
  test_ecdsa_edge_cases();
 }
 
+/** Wycheproof tests
+
+The tests check for known attacks (range checks in (r,s), arithmetic errors, malleability).
+*/
+static void test_ecdsa_wycheproof(void) {
+ #include "vectors/ecdsa_secp256k1_sha256_bitcoin_test.inc"
+
+ int t;
+ for (t = 0; t < SECP256K1_TEST_ECDSA_WYCHEPROOF_NUMBER_TESTS; t++) {
+ secp256k1_ecdsa_signature signature;
+ secp256k1_sha256 hasher;
+ secp256k1_pubkey pubkey;
+ unsigned char out[32] = {0};
+ int actual_verify = 0;
+
+ memset(&pubkey, 0, sizeof(pubkey));
+ CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, testcases[t].pk, 65) == 1);
+
+ secp256k1_sha256_initialize(&hasher);
+ secp256k1_sha256_write(&hasher, (const unsigned char*)testcases[t].msg, testcases[t].msglen);
+ secp256k1_sha256_finalize(&hasher, out);
+
+ if (secp256k1_ecdsa_signature_parse_der(CTX, &signature, testcases[t].sig, testcases[t].siglen) == 1) {
+ actual_verify = secp256k1_ecdsa_verify(CTX, (const secp256k1_ecdsa_signature *)&signature, out, &pubkey);
+ }
+ CHECK(testcases[t].expected_verify == actual_verify);
+ }
+}
+
+/* Tests cases from Wycheproof test suite. */
+static void run_ecdsa_wycheproof(void) {
+ test_ecdsa_wycheproof();
+}
+
 #ifdef ENABLE_MODULE_ECDH
 # include "modules/ecdh/tests_impl.h"
 #endif
@@ -7638,6 +7672,7 @@ int main(int argc, char **argv) {
  run_ecdsa_sign_verify();
  run_ecdsa_end_to_end();
  run_ecdsa_edge_cases();
+ run_ecdsa_wycheproof();
 
 #ifdef ENABLE_MODULE_RECOVERY
  /* ECDSA pubkey recovery tests */