From 69df3879ea773e545c6291ea657814d2dca3f134 Mon Sep 17 00:00:00 2001 From: Fabian Jahr Date: Mon, 9 Oct 2023 20:13:24 +0200 Subject: [PATCH] SQUASH ME: Fix silent merge conflicts --- src/modules/batch/main_impl.h | 1 + src/modules/batch/tests_impl.h | 47 +++---- src/modules/extrakeys/batch_add_impl.h | 2 +- src/modules/extrakeys/batch_add_tests_impl.h | 30 ++-- src/modules/schnorrsig/batch_add_impl.h | 2 +- src/modules/schnorrsig/batch_add_tests_impl.h | 130 +++++++++--------- src/modules/schnorrsig/tests_impl.h | 14 +- src/tests.c | 27 ++-- 8 files changed, 127 insertions(+), 126 deletions(-) diff --git a/src/modules/batch/main_impl.h b/src/modules/batch/main_impl.h index 81badd5b3b..29c1737153 100644 --- a/src/modules/batch/main_impl.h +++ b/src/modules/batch/main_impl.h @@ -189,6 +189,7 @@ int secp256k1_batch_verify(const secp256k1_context *ctx, secp256k1_batch *batch) } if (batch->len > 0) { + /* TODO: check why this is reported as unused variable, probably because of the VERIFY_CHECK being optimized out */ int strauss_ret = secp256k1_ecmult_strauss_batch_internal(&ctx->error_callback, batch->data, &resj, batch->scalars, batch->points, &batch->sc_g, batch->len); int mid_res = secp256k1_gej_is_infinity(&resj); diff --git a/src/modules/batch/tests_impl.h b/src/modules/batch/tests_impl.h index a036ecacf7..f9a81ec942 100644 --- a/src/modules/batch/tests_impl.h +++ b/src/modules/batch/tests_impl.h @@ -38,6 +38,13 @@ void test_batch_sha256_tagged(void) { #define N_TWK_CHECKS 10 #define N_TERMS (N_TWK_CHECKS + 2*N_SIGS) void test_batch_api(void) { + secp256k1_batch *batch_none; + secp256k1_batch *batch_sign; + secp256k1_batch *batch_vrfy; + secp256k1_batch *batch_both; + secp256k1_batch *batch_sttc; + unsigned char aux_rand16[32]; + int ecount; #ifdef ENABLE_MODULE_EXTRAKEYS unsigned char sk[32]; @@ -62,39 +69,33 @@ void test_batch_api(void) { secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY); secp256k1_context *both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); - secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_no_precomp); - secp256k1_batch *batch_none; - secp256k1_batch *batch_sign; - secp256k1_batch *batch_vrfy; - secp256k1_batch *batch_both; - secp256k1_batch *batch_sttc; - unsigned char aux_rand16[32]; - int ecount; - - secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount); + secp256k1_context *sttc = malloc(sizeof(*secp256k1_context_no_precomp)); + memcpy(sttc, secp256k1_context_no_precomp, sizeof(secp256k1_context)); + + secp256k1_context_set_error_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(vrfy, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(both, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(sttc, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(vrfy, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(both, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sttc, counting_callback_fn, &ecount); /* 16 byte auxiliary randomness */ - secp256k1_testrand256(aux_rand16); + testrand256(aux_rand16); memset(&aux_rand16[16], 0, 16); #ifdef ENABLE_MODULE_EXTRAKEYS /* generate keypair data */ - secp256k1_testrand256(sk); + testrand256(sk); CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1); CHECK(secp256k1_keypair_xonly_pub(sign, &pk, NULL, &keypair) == 1); /* generate N_TWK_CHECKS tweak check data (tweaked_pk, tweaked_pk_parity, tweak) */ for (i = 0; i < N_TWK_CHECKS; i++) { - secp256k1_testrand256(tweak[i]); + testrand256(tweak[i]); CHECK(secp256k1_xonly_pubkey_tweak_add(vrfy, &tmp_pk, &pk, tweak[i])); CHECK(secp256k1_xonly_pubkey_from_pubkey(vrfy, &tmp_xonly_pk, &tweaked_pk_parity[i], &tmp_pk)); CHECK(secp256k1_xonly_pubkey_serialize(vrfy, tweaked_pk[i], &tmp_xonly_pk)); @@ -105,7 +106,7 @@ void test_batch_api(void) { #ifdef ENABLE_MODULE_SCHNORRSIG /* generate N_SIGS schnorr verify data (msg, sig) */ for (i = 0; i < N_SIGS; i++) { - secp256k1_testrand256(msg[i]); + testrand256(msg[i]); CHECK(secp256k1_schnorrsig_sign32(sign, sig[i], msg[i], &keypair, NULL) == 1); CHECK(secp256k1_schnorrsig_verify(vrfy, sig[i], msg[i], sizeof(msg[i]), &pk)); } diff --git a/src/modules/extrakeys/batch_add_impl.h b/src/modules/extrakeys/batch_add_impl.h index cca6d5665b..3074214585 100644 --- a/src/modules/extrakeys/batch_add_impl.h +++ b/src/modules/extrakeys/batch_add_impl.h @@ -95,7 +95,7 @@ int secp256k1_batch_add_xonlypub_tweak_check(const secp256k1_context* ctx, secp2 return 0; } - if (!secp256k1_fe_set_b32(&qx, tweaked_pubkey32)) { + if (!secp256k1_fe_set_b32_limit(&qx, tweaked_pubkey32)) { return 0; } diff --git a/src/modules/extrakeys/batch_add_tests_impl.h b/src/modules/extrakeys/batch_add_tests_impl.h index c213306d79..d18aafcc1b 100644 --- a/src/modules/extrakeys/batch_add_tests_impl.h +++ b/src/modules/extrakeys/batch_add_tests_impl.h @@ -12,7 +12,7 @@ void batch_xonlypub_tweak_randomizer_gen_bitflip(secp256k1_sha256 *sha, unsigned secp256k1_sha256 sha_cpy; sha_cpy = *sha; secp256k1_batch_xonlypub_tweak_randomizer_gen(randomizers[0], &sha_cpy, args[0], args[1], args[2], args[3]); - secp256k1_testrand_flip(args[n_flip], n_bytes); + testrand_flip(args[n_flip], n_bytes); sha_cpy = *sha; secp256k1_batch_xonlypub_tweak_randomizer_gen(randomizers[1], &sha_cpy, args[0], args[1], args[2], args[3]); CHECK(secp256k1_memcmp_var(randomizers[0], randomizers[1], 32) != 0); @@ -35,11 +35,11 @@ void run_batch_xonlypub_tweak_randomizer_gen_tests(void) { uint8_t temp_rand; /* generate i-th tweak check data */ - secp256k1_testrand256(tweaked_pk); - tweaked_pk_parity = (unsigned char) secp256k1_testrand_int(2); - secp256k1_testrand256(tweak); - secp256k1_testrand256(&internal_pk[1]); - temp_rand = secp256k1_testrand_int(2) + 2; /* randomly choose 2 or 3 */ + testrand256(tweaked_pk); + tweaked_pk_parity = (unsigned char) testrand_int(2); + testrand256(tweak); + testrand256(&internal_pk[1]); + temp_rand = testrand_int(2) + 2; /* randomly choose 2 or 3 */ internal_pk[0] = (unsigned char)temp_rand; /* check bitflip in any argument results in generates randomizers */ @@ -48,7 +48,7 @@ void run_batch_xonlypub_tweak_randomizer_gen_tests(void) { args[2] = internal_pk; args[3] = tweak; - for (j = 0; j < count; j++) { + for (j = 0; j < COUNT; j++) { batch_xonlypub_tweak_randomizer_gen_bitflip(&sha, args, 0, 32); batch_xonlypub_tweak_randomizer_gen_bitflip(&sha, args, 1, 1); batch_xonlypub_tweak_randomizer_gen_bitflip(&sha, args, 2, 33); @@ -86,21 +86,21 @@ void test_batch_add_xonlypub_tweak_api(void) { secp256k1_batch *batch2 = secp256k1_batch_create(none, 1, NULL); int ecount; - secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(vrfy, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(vrfy, counting_callback_fn, &ecount); /** generate keypair data **/ - secp256k1_testrand256(sk); + testrand256(sk); CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1); CHECK(secp256k1_keypair_xonly_pub(sign, &pk, NULL, &keypair) == 1); memset(overflows, 0xFF, sizeof(overflows)); /** generate tweak check data (tweaked_pk, tweaked_pk_parity, tweak) **/ - secp256k1_testrand256(tweak); + testrand256(tweak); CHECK(secp256k1_xonly_pubkey_tweak_add(vrfy, &tmp_pk, &pk, tweak)); CHECK(secp256k1_xonly_pubkey_from_pubkey(vrfy, &tmp_xonly_pk, &tweaked_pk_parity, &tmp_pk)); CHECK(secp256k1_xonly_pubkey_serialize(vrfy, tweaked_pk, &tmp_xonly_pk)); diff --git a/src/modules/schnorrsig/batch_add_impl.h b/src/modules/schnorrsig/batch_add_impl.h index ae6aa03fc1..d43e6a34db 100644 --- a/src/modules/schnorrsig/batch_add_impl.h +++ b/src/modules/schnorrsig/batch_add_impl.h @@ -94,7 +94,7 @@ int secp256k1_batch_add_schnorrsig(const secp256k1_context* ctx, secp256k1_batch return 0; } - if (!secp256k1_fe_set_b32(&rx, &sig64[0])) { + if (!secp256k1_fe_set_b32_limit(&rx, &sig64[0])) { return 0; } diff --git a/src/modules/schnorrsig/batch_add_tests_impl.h b/src/modules/schnorrsig/batch_add_tests_impl.h index cd146e20bb..89c3122225 100644 --- a/src/modules/schnorrsig/batch_add_tests_impl.h +++ b/src/modules/schnorrsig/batch_add_tests_impl.h @@ -12,7 +12,7 @@ void batch_schnorrsig_randomizer_gen_bitflip(secp256k1_sha256 *sha, unsigned cha secp256k1_sha256 sha_cpy; sha_cpy = *sha; secp256k1_batch_schnorrsig_randomizer_gen(randomizers[0], &sha_cpy, args[0], args[1], msglen, args[2]); - secp256k1_testrand_flip(args[n_flip], n_bytes); + testrand_flip(args[n_flip], n_bytes); sha_cpy = *sha; secp256k1_batch_schnorrsig_randomizer_gen(randomizers[1], &sha_cpy, args[0], args[1], msglen, args[2]); CHECK(secp256k1_memcmp_var(randomizers[0], randomizers[1], 32) != 0); @@ -39,11 +39,11 @@ void run_batch_schnorrsig_randomizer_gen_tests(void) { secp256k1_sha256 sha_cpy; /* generate i-th schnorrsig verify data */ - secp256k1_testrand256(msg); - secp256k1_testrand256(&sig[0]); - secp256k1_testrand256(&sig[32]); - secp256k1_testrand256(&compressed_pk[1]); - temp_rand = secp256k1_testrand_int(2) + 2; /* randomly choose 2 or 3 */ + testrand256(msg); + testrand256(&sig[0]); + testrand256(&sig[32]); + testrand256(&compressed_pk[1]); + temp_rand = testrand_int(2) + 2; /* randomly choose 2 or 3 */ compressed_pk[0] = (unsigned char)temp_rand; /* check that bitflip in an argument results in different nonces */ @@ -51,7 +51,7 @@ void run_batch_schnorrsig_randomizer_gen_tests(void) { args[1] = msg; args[2] = compressed_pk; - for (j = 0; j < count; j++) { + for (j = 0; j < COUNT; j++) { batch_schnorrsig_randomizer_gen_bitflip(&sha, args, 0, 64, msglen); batch_schnorrsig_randomizer_gen_bitflip(&sha, args, 1, 32, msglen); batch_schnorrsig_randomizer_gen_bitflip(&sha, args, 2, 33, msglen); @@ -61,9 +61,9 @@ void run_batch_schnorrsig_randomizer_gen_tests(void) { sha_cpy = sha; secp256k1_batch_schnorrsig_randomizer_gen(randomizer, &sha_cpy, sig, msg, msglen, compressed_pk); - for (j = 0; j < count; j++) { + for (j = 0; j < COUNT; j++) { unsigned char randomizer2[32]; - uint32_t offset = secp256k1_testrand_int(msglen - 1); + uint32_t offset = testrand_int(msglen - 1); size_t msglen_tmp = (msglen + offset) % msglen; sha_cpy = sha; @@ -85,16 +85,16 @@ void run_batch_schnorrsig_randomizer_gen_tests(void) { void test_schnorrsig_sign_verify_check_batch(secp256k1_batch *batch, unsigned char *sig64, unsigned char *msg, size_t msglen, secp256k1_xonly_pubkey *pk) { int ret; - CHECK(secp256k1_batch_usable(ctx, batch)); + CHECK(secp256k1_batch_usable(CTX, batch)); /* filling a random byte (in msg or sig) can cause the following: * 1. unparsable msg or sig - here, batch_add_schnorrsig fails and batch_verify passes * 2. invalid schnorr eqn - here, batch_verify fails and batch_add_schnorrsig passes */ - ret = secp256k1_batch_add_schnorrsig(ctx, batch, sig64, msg, msglen, pk); + ret = secp256k1_batch_add_schnorrsig(CTX, batch, sig64, msg, msglen, pk); if (ret == 0) { - CHECK(secp256k1_batch_verify(ctx, batch) == 1); + CHECK(secp256k1_batch_verify(CTX, batch) == 1); } else if (ret == 1) { - CHECK(secp256k1_batch_verify(ctx, batch) == 0); + CHECK(secp256k1_batch_verify(CTX, batch) == 0); } } @@ -117,95 +117,95 @@ void test_schnorrsig_sign_batch_verify(void) { /* batch[0] will be used where batch_add and batch_verify * are expected to succed */ - batch[0] = secp256k1_batch_create(ctx, 2*N_SIGS, NULL); + batch[0] = secp256k1_batch_create(CTX, 2*N_SIGS, NULL); for (i = 0; i < N_SIGS; i++) { - batch[i+1] = secp256k1_batch_create(ctx, 2*ONE_SIG, NULL); + batch[i+1] = secp256k1_batch_create(CTX, 2*ONE_SIG, NULL); } - batch_fail1 = secp256k1_batch_create(ctx, 2*ONE_SIG, NULL); - batch_fail2 = secp256k1_batch_create(ctx, 2*ONE_SIG, NULL); + batch_fail1 = secp256k1_batch_create(CTX, 2*ONE_SIG, NULL); + batch_fail2 = secp256k1_batch_create(CTX, 2*ONE_SIG, NULL); - secp256k1_testrand256(sk); - CHECK(secp256k1_keypair_create(ctx, &keypair, sk)); - CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair)); + testrand256(sk); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); for (i = 0; i < N_SIGS; i++) { - secp256k1_testrand256(msg[i]); - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[i], msg[i], &keypair, NULL)); - CHECK(secp256k1_batch_usable(ctx, batch[0])); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[i], msg[i], sizeof(msg[i]), &pk)); + testrand256(msg[i]); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL)); + CHECK(secp256k1_batch_usable(CTX, batch[0])); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[i], msg[i], sizeof(msg[i]), &pk)); } - CHECK(secp256k1_batch_verify(ctx, batch[0])); + CHECK(secp256k1_batch_verify(CTX, batch[0])); { /* Flip a few bits in the signature and in the message and check that * verify and verify_batch (TODO) fail */ - size_t sig_idx = secp256k1_testrand_int(N_SIGS); - size_t byte_idx = secp256k1_testrand_bits(5); - unsigned char xorbyte = secp256k1_testrand_int(254)+1; + size_t sig_idx = testrand_int(N_SIGS); + size_t byte_idx = testrand_bits(5); + unsigned char xorbyte = testrand_int(254)+1; sig[sig_idx][byte_idx] ^= xorbyte; test_schnorrsig_sign_verify_check_batch(batch[1], sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk); sig[sig_idx][byte_idx] ^= xorbyte; - byte_idx = secp256k1_testrand_bits(5); + byte_idx = testrand_bits(5); sig[sig_idx][32+byte_idx] ^= xorbyte; test_schnorrsig_sign_verify_check_batch(batch[2], sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk); sig[sig_idx][32+byte_idx] ^= xorbyte; - byte_idx = secp256k1_testrand_bits(5); + byte_idx = testrand_bits(5); msg[sig_idx][byte_idx] ^= xorbyte; test_schnorrsig_sign_verify_check_batch(batch[3], sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk); msg[sig_idx][byte_idx] ^= xorbyte; /* Check that above bitflips have been reversed correctly */ - CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); } /* Test overflowing s */ - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 1); memset(&sig[0][32], 0xFF, 32); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 0); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 0); /* Test negative s */ - CHECK(secp256k1_schnorrsig_sign32(ctx, sig[0], msg[0], &keypair, NULL)); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[0], msg[0], sizeof(msg[0]), &pk) == 1); secp256k1_scalar_set_b32(&s, &sig[0][32], NULL); secp256k1_scalar_negate(&s, &s); secp256k1_scalar_get_b32(&sig[0][32], &s); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch_fail1, sig[0], msg[0], sizeof(msg[0]), &pk) == 1); - CHECK(secp256k1_batch_verify(ctx, batch_fail1) == 0); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch_fail1, sig[0], msg[0], sizeof(msg[0]), &pk) == 1); + CHECK(secp256k1_batch_verify(CTX, batch_fail1) == 0); /* The empty message can be signed & verified */ - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], NULL, 0, &keypair, NULL) == 1); - CHECK(secp256k1_batch_usable(ctx, batch[0]) == 1); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[0], NULL, 0, &pk) == 1); - CHECK(secp256k1_batch_verify(ctx, batch[0]) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], NULL, 0, &keypair, NULL) == 1); + CHECK(secp256k1_batch_usable(CTX, batch[0]) == 1); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[0], NULL, 0, &pk) == 1); + CHECK(secp256k1_batch_verify(CTX, batch[0]) == 1); { /* Test varying message lengths */ unsigned char msg_large[32 * 8]; - uint32_t msglen = secp256k1_testrand_int(sizeof(msg_large)); + uint32_t msglen = testrand_int(sizeof(msg_large)); for (i = 0; i < sizeof(msg_large); i += 32) { - secp256k1_testrand256(&msg_large[i]); + testrand256(&msg_large[i]); } - CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], msg_large, msglen, &keypair, NULL) == 1); - CHECK(secp256k1_batch_usable(ctx, batch[0]) == 1); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch[0], sig[0], msg_large, msglen, &pk) == 1); - CHECK(secp256k1_batch_verify(ctx, batch[0]) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1); + CHECK(secp256k1_batch_usable(CTX, batch[0]) == 1); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch[0], sig[0], msg_large, msglen, &pk) == 1); + CHECK(secp256k1_batch_verify(CTX, batch[0]) == 1); /* batch_add fails for a random wrong message length */ msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large); - CHECK(secp256k1_batch_usable(ctx, batch_fail2) == 1); - CHECK(secp256k1_batch_add_schnorrsig(ctx, batch_fail2, sig[0], msg_large, msglen, &pk) == 1); - CHECK(secp256k1_batch_verify(ctx, batch_fail2) == 0); + CHECK(secp256k1_batch_usable(CTX, batch_fail2) == 1); + CHECK(secp256k1_batch_add_schnorrsig(CTX, batch_fail2, sig[0], msg_large, msglen, &pk) == 1); + CHECK(secp256k1_batch_verify(CTX, batch_fail2) == 0); } /* Destroy the batch objects */ for (i = 0; i < N_SIGS+1; i++) { - secp256k1_batch_destroy(ctx, batch[i]); + secp256k1_batch_destroy(CTX, batch[i]); } - secp256k1_batch_destroy(ctx, batch_fail1); - secp256k1_batch_destroy(ctx, batch_fail2); + secp256k1_batch_destroy(CTX, batch_fail1); + secp256k1_batch_destroy(CTX, batch_fail2); } #undef N_SIGS /* ONE_SIG is undefined after `test_batch_add_schnorrsig_api` */ @@ -228,21 +228,21 @@ void test_batch_add_schnorrsig_api(void) { secp256k1_batch *batch2 = secp256k1_batch_create(none, 2*ONE_SIG, NULL); int ecount; - secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount); - secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount); + secp256k1_context_set_error_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_error_callback(vrfy, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(none, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(sign, counting_callback_fn, &ecount); + secp256k1_context_set_illegal_callback(vrfy, counting_callback_fn, &ecount); /** generate keypair data **/ - secp256k1_testrand256(sk); + testrand256(sk); CHECK(secp256k1_keypair_create(sign, &keypair, sk) == 1); CHECK(secp256k1_keypair_xonly_pub(sign, &pk, NULL, &keypair) == 1); memset(&zero_pk, 0, sizeof(zero_pk)); /** generate a signature **/ - secp256k1_testrand256(msg); + testrand256(msg); CHECK(secp256k1_schnorrsig_sign32(sign, sig, msg, &keypair, NULL) == 1); CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), &pk)); @@ -288,9 +288,9 @@ void test_batch_add_schnorrsig_api(void) { CHECK(ecount == 0); ecount = 0; - secp256k1_batch_destroy(ctx, batch1); + secp256k1_batch_destroy(CTX, batch1); CHECK(ecount == 0); - secp256k1_batch_destroy(ctx, batch2); + secp256k1_batch_destroy(CTX, batch2); CHECK(ecount == 0); secp256k1_context_destroy(none); @@ -304,7 +304,7 @@ void run_batch_add_schnorrsig_tests(void) { run_batch_schnorrsig_randomizer_gen_tests(); test_batch_add_schnorrsig_api(); - for (i = 0; i < count; i++) { + for (i = 0; i < COUNT; i++) { test_schnorrsig_sign_batch_verify(); } } diff --git a/src/modules/schnorrsig/tests_impl.h b/src/modules/schnorrsig/tests_impl.h index 0e808afdb9..0ffcc67bed 100644 --- a/src/modules/schnorrsig/tests_impl.h +++ b/src/modules/schnorrsig/tests_impl.h @@ -197,7 +197,7 @@ static void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, c } /* Helper function for schnorrsig_bip_vectors - * Checks that both verify and verify_batch (TODO) return the same value as expected. */ + * Checks that schnorrsig_verify returns the same value as expected. */ static void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg, size_t msglen, const unsigned char *sig, int expected) { secp256k1_xonly_pubkey pk; @@ -212,13 +212,13 @@ void test_schnorrsig_bip_vectors_check_batch_verify(const unsigned char *pk_seri secp256k1_xonly_pubkey pk; secp256k1_batch *batch; - CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk, pk_serialized)); - batch = secp256k1_batch_create(ctx, 2, NULL); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk, pk_serialized)); + batch = secp256k1_batch_create(CTX, 2, NULL); CHECK(batch != NULL); - CHECK(secp256k1_batch_usable(ctx, batch) == 1); - CHECK(add_expected == secp256k1_batch_add_schnorrsig(ctx, batch, sig, msg32, 32, &pk)); - CHECK(verify_expected == secp256k1_batch_verify(ctx, batch)); - secp256k1_batch_destroy(ctx, batch); + CHECK(secp256k1_batch_usable(CTX, batch) == 1); + CHECK(add_expected == secp256k1_batch_add_schnorrsig(CTX, batch, sig, msg32, 32, &pk)); + CHECK(verify_expected == secp256k1_batch_verify(CTX, batch)); + secp256k1_batch_destroy(CTX, batch); } #endif diff --git a/src/tests.c b/src/tests.c index 56daad7f33..f3a1b39dc0 100644 --- a/src/tests.c +++ b/src/tests.c @@ -4880,7 +4880,7 @@ void ecmult_multi_random_generate_inp(secp256k1_gej *expected, secp256k1_scalar num_nonzero == 1 && !nonzero_result ? 1 : (int)testrand_bits(1); /* Which g_scalar pointer to pass into ecmult_multi(). */ - const secp256k1_scalar* g_scalar_ptr = (g_nonzero || testrand_bits(1)) ? &g_scalar : NULL; + secp256k1_scalar* g_scalar_ptr = (g_nonzero || testrand_bits(1)) ? g_scalar : NULL; /* How many EC multiplications were performed in this function. */ int mults = 0; /* How many randomization steps to apply to the input list. */ @@ -4893,12 +4893,12 @@ void ecmult_multi_random_generate_inp(secp256k1_gej *expected, secp256k1_scalar if (g_nonzero) { /* If g_nonzero, set g_scalar to nonzero value r. */ - testutil_random_scalar_order_test(&g_scalar); + testutil_random_scalar_order_test(g_scalar); if (!nonzero_result) { /* If expected=0 is desired, add a (a*r, -(1/a)*g) term to compensate. */ CHECK(num_nonzero > filled); testutil_random_scalar_order_test(&sc_tmp); - secp256k1_scalar_mul(&scalars[filled], &sc_tmp, &g_scalar); + secp256k1_scalar_mul(&scalars[filled], &sc_tmp, g_scalar); secp256k1_scalar_inverse_var(&sc_tmp, &sc_tmp); secp256k1_scalar_negate(&sc_tmp, &sc_tmp); secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &gejs[filled], &sc_tmp); @@ -5014,7 +5014,7 @@ int test_ecmult_multi_random(secp256k1_scratch *scratch) { * scalars[0..filled-1] and gejs[0..filled-1] are the scalars and points * which form its normal inputs. */ int filled = 0; - secp256k1_scalar g_scalar = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); + secp256k1_scalar g_scalar = secp256k1_scalar_zero; secp256k1_scalar *g_scalar_ptr = &g_scalar; secp256k1_scalar scalars[128]; secp256k1_gej gejs[128]; @@ -5028,7 +5028,7 @@ int test_ecmult_multi_random(secp256k1_scratch *scratch) { int g_nonzero, num_nonzero; /* Which multiplication function to use */ - int fn = secp256k1_testrand_int(3); + int fn = testrand_int(3); secp256k1_ecmult_multi_func ecmult_multi = fn == 0 ? secp256k1_ecmult_multi_var : fn == 1 ? secp256k1_ecmult_strauss_batch_single : secp256k1_ecmult_pippenger_batch_single; @@ -5068,19 +5068,19 @@ int test_ecmult_strauss_batch_internal_random(secp256k1_scratch *scratch) { int g_nonzero, num_nonzero; secp256k1_scalar *scratch_scalars; secp256k1_gej *scratch_points; - size_t checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch); + size_t checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); int i; /* generate inputs and their ecmult_multi output */ ecmult_multi_random_generate_inp(&expected, g_scalar_ptr, scalars, gejs, &filled, &num_nonzero, &g_nonzero, &mults); /* allocate inputs on the scratch space */ - scratch_scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, filled*sizeof(secp256k1_scalar)); - scratch_points = (secp256k1_gej*)secp256k1_scratch_alloc(&ctx->error_callback, scratch, filled*sizeof(secp256k1_gej)); + scratch_scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, filled*sizeof(secp256k1_scalar)); + scratch_points = (secp256k1_gej*)secp256k1_scratch_alloc(&CTX->error_callback, scratch, filled*sizeof(secp256k1_gej)); /* If scalar or point allocation fails, restore scratch space to previous state */ if (scratch_scalars == NULL || scratch_points == NULL) { - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); return 0; } @@ -5090,19 +5090,18 @@ int test_ecmult_strauss_batch_internal_random(secp256k1_scratch *scratch) { scratch_points[i] = gejs[i]; } - CHECK(secp256k1_ecmult_strauss_batch_internal(&ctx->error_callback, scratch, &computed, scratch_scalars, scratch_points, g_scalar_ptr, filled)); + CHECK(secp256k1_ecmult_strauss_batch_internal(&CTX->error_callback, scratch, &computed, scratch_scalars, scratch_points, g_scalar_ptr, filled)); mults += num_nonzero + g_nonzero; /* Compare with expected result. */ secp256k1_gej_neg(&computed, &computed); secp256k1_gej_add_var(&computed, &computed, &expected, NULL); CHECK(secp256k1_gej_is_infinity(&computed)); - secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, checkpoint); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); return mults; } void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { - secp256k1_scalar szero; secp256k1_scalar sc; secp256k1_ge pt; secp256k1_gej r; @@ -5288,9 +5287,9 @@ static void test_ecmult_multi_batching(void) { static void run_ecmult_multi_tests(void) { secp256k1_scratch *scratch; - int64_t todo_multi = (int64_t)320 * count; + int64_t todo_multi = (int64_t)320 * COUNT; /* todo: what should be the intial val of `todo_strauss_internal` */ - int64_t todo_strauss_internal = (int64_t)320 * count; + int64_t todo_strauss_internal = (int64_t)320 * COUNT; test_secp256k1_pippenger_bucket_window_inv(); test_ecmult_multi_pippenger_max_points();