Bitcoin ABC 0.32.6
P2P Digital Currency
tests_impl.h
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2018-2020 Andrew Poelstra, Jonas Nick *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#ifndef SECP256K1_MODULE_SCHNORRSIG_TESTS_H
8#define SECP256K1_MODULE_SCHNORRSIG_TESTS_H
9
10#include "secp256k1_schnorrsig.h"
11
12/* Checks that a bit flip in the n_flip-th argument (that has n_bytes many
13 * bytes) changes the hash function
14 */
15void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes, size_t msglen, size_t algolen) {
16 unsigned char nonces[2][32];
17 CHECK(nonce_function_bip340(nonces[0], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
18 secp256k1_testrand_flip(args[n_flip], n_bytes);
19 CHECK(nonce_function_bip340(nonces[1], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1);
20 CHECK(secp256k1_memcmp_var(nonces[0], nonces[1], 32) != 0);
21}
22
23/* Tests for the equality of two sha256 structs. This function only produces a
24 * correct result if an integer multiple of 64 many bytes have been written
25 * into the hash functions. */
26void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2) {
27 /* Is buffer fully consumed? */
28 CHECK((sha1->bytes & 0x3F) == 0);
29
30 CHECK(sha1->bytes == sha2->bytes);
31 CHECK(secp256k1_memcmp_var(sha1->s, sha2->s, sizeof(sha1->s)) == 0);
32}
33
34void run_nonce_function_bip340_tests(void) {
35 unsigned char tag[13] = "BIP0340/nonce";
36 unsigned char aux_tag[11] = "BIP0340/aux";
37 unsigned char algo[13] = "BIP0340/nonce";
38 size_t algolen = sizeof(algo);
39 secp256k1_sha256 sha;
40 secp256k1_sha256 sha_optimized;
41 unsigned char nonce[32], nonce_z[32];
42 unsigned char msg[32];
43 size_t msglen = sizeof(msg);
44 unsigned char key[32];
45 unsigned char pk[32];
46 unsigned char aux_rand[32];
47 unsigned char *args[5];
48 int i;
49
50 /* Check that hash initialized by
51 * secp256k1_nonce_function_bip340_sha256_tagged has the expected
52 * state. */
53 secp256k1_sha256_initialize_tagged(&sha, tag, sizeof(tag));
54 secp256k1_nonce_function_bip340_sha256_tagged(&sha_optimized);
55 test_sha256_eq(&sha, &sha_optimized);
56
57 /* Check that hash initialized by
58 * secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected
59 * state. */
60 secp256k1_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag));
61 secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);
62 test_sha256_eq(&sha, &sha_optimized);
63
64 secp256k1_testrand256(msg);
65 secp256k1_testrand256(key);
66 secp256k1_testrand256(pk);
67 secp256k1_testrand256(aux_rand);
68
69 /* Check that a bitflip in an argument results in different nonces. */
70 args[0] = msg;
71 args[1] = key;
72 args[2] = pk;
73 args[3] = algo;
74 args[4] = aux_rand;
75 for (i = 0; i < count; i++) {
76 nonce_function_bip340_bitflip(args, 0, 32, msglen, algolen);
77 nonce_function_bip340_bitflip(args, 1, 32, msglen, algolen);
78 nonce_function_bip340_bitflip(args, 2, 32, msglen, algolen);
79 /* Flip algo special case "BIP0340/nonce" */
80 nonce_function_bip340_bitflip(args, 3, algolen, msglen, algolen);
81 /* Flip algo again */
82 nonce_function_bip340_bitflip(args, 3, algolen, msglen, algolen);
83 nonce_function_bip340_bitflip(args, 4, 32, msglen, algolen);
84 }
85
86 /* NULL algo is disallowed */
87 CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, NULL, 0, NULL) == 0);
88 CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
89 /* Other algo is fine */
90 secp256k1_rfc6979_hmac_sha256_generate(&secp256k1_test_rng, algo, algolen);
91 CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
92
93 for (i = 0; i < count; i++) {
94 unsigned char nonce2[32];
95 uint32_t offset = secp256k1_testrand_int(msglen - 1);
96 size_t msglen_tmp = (msglen + offset) % msglen;
97 size_t algolen_tmp;
98
99 /* Different msglen gives different nonce */
100 CHECK(nonce_function_bip340(nonce2, msg, msglen_tmp, key, pk, algo, algolen, NULL) == 1);
101 CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
102
103 /* Different algolen gives different nonce */
104 offset = secp256k1_testrand_int(algolen - 1);
105 algolen_tmp = (algolen + offset) % algolen;
106 CHECK(nonce_function_bip340(nonce2, msg, msglen, key, pk, algo, algolen_tmp, NULL) == 1);
107 CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0);
108 }
109
110 /* NULL aux_rand argument is allowed, and identical to passing all zero aux_rand. */
111 memset(aux_rand, 0, 32);
112 CHECK(nonce_function_bip340(nonce_z, msg, msglen, key, pk, algo, algolen, &aux_rand) == 1);
113 CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1);
114 CHECK(secp256k1_memcmp_var(nonce_z, nonce, 32) == 0);
115}
116
117void test_schnorrsig_api(void) {
118 unsigned char sk1[32];
119 unsigned char sk2[32];
120 unsigned char sk3[32];
121 unsigned char msg[32];
122 secp256k1_keypair keypairs[3];
123 secp256k1_keypair invalid_keypair = {{ 0 }};
124 secp256k1_xonly_pubkey pk[3];
125 secp256k1_xonly_pubkey zero_pk;
126 unsigned char sig[64];
127 secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
128 secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL};
129
131 secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
132 secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
133 secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
134 secp256k1_context *both = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
135 int ecount;
136
137 secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount);
138 secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount);
139 secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount);
140 secp256k1_context_set_error_callback(both, counting_illegal_callback_fn, &ecount);
141 secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
142 secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount);
143 secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount);
144 secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount);
145
146 secp256k1_testrand256(sk1);
147 secp256k1_testrand256(sk2);
148 secp256k1_testrand256(sk3);
149 secp256k1_testrand256(msg);
150 CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1);
151 CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1);
152 CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1);
153 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[0], NULL, &keypairs[0]) == 1);
154 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[1], NULL, &keypairs[1]) == 1);
155 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk[2], NULL, &keypairs[2]) == 1);
156 memset(&zero_pk, 0, sizeof(zero_pk));
157
159 ecount = 0;
160 CHECK(secp256k1_schnorrsig_sign(none, sig, msg, &keypairs[0], NULL) == 0);
161 CHECK(ecount == 1);
162 CHECK(secp256k1_schnorrsig_sign(vrfy, sig, msg, &keypairs[0], NULL) == 0);
163 CHECK(ecount == 2);
164 CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL) == 1);
165 CHECK(ecount == 2);
166 CHECK(secp256k1_schnorrsig_sign(sign, NULL, msg, &keypairs[0], NULL) == 0);
167 CHECK(ecount == 3);
168 CHECK(secp256k1_schnorrsig_sign(sign, sig, NULL, &keypairs[0], NULL) == 0);
169 CHECK(ecount == 4);
170 CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, NULL, NULL) == 0);
171 CHECK(ecount == 5);
172 CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, &invalid_keypair, NULL) == 0);
173 CHECK(ecount == 6);
174
175 ecount = 0;
176 CHECK(secp256k1_schnorrsig_sign_custom(none, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
177 CHECK(ecount == 1);
178 CHECK(secp256k1_schnorrsig_sign_custom(vrfy, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
179 CHECK(ecount == 2);
180 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1);
181 CHECK(ecount == 2);
182 CHECK(secp256k1_schnorrsig_sign_custom(sign, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
183 CHECK(ecount == 3);
184 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0);
185 CHECK(ecount == 4);
186 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, NULL, 0, &keypairs[0], &extraparams) == 1);
187 CHECK(ecount == 4);
188 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), NULL, &extraparams) == 0);
189 CHECK(ecount == 5);
190 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0);
191 CHECK(ecount == 6);
192 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1);
193 CHECK(ecount == 6);
194 CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0);
195 CHECK(ecount == 7);
196
197 ecount = 0;
198 CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL) == 1);
199 CHECK(secp256k1_schnorrsig_verify(none, sig, msg, sizeof(msg), &pk[0]) == 1);
200 CHECK(ecount == 0);
201 CHECK(secp256k1_schnorrsig_verify(sign, sig, msg, sizeof(msg), &pk[0]) == 1);
202 CHECK(ecount == 0);
203 CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), &pk[0]) == 1);
204 CHECK(ecount == 0);
205 CHECK(secp256k1_schnorrsig_verify(vrfy, NULL, msg, sizeof(msg), &pk[0]) == 0);
206 CHECK(ecount == 1);
207 CHECK(secp256k1_schnorrsig_verify(vrfy, sig, NULL, sizeof(msg), &pk[0]) == 0);
208 CHECK(ecount == 2);
209 CHECK(secp256k1_schnorrsig_verify(vrfy, sig, NULL, 0, &pk[0]) == 0);
210 CHECK(ecount == 2);
211 CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), NULL) == 0);
212 CHECK(ecount == 3);
213 CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), &zero_pk) == 0);
214 CHECK(ecount == 4);
215
216 secp256k1_context_destroy(none);
217 secp256k1_context_destroy(sign);
218 secp256k1_context_destroy(vrfy);
219 secp256k1_context_destroy(both);
220}
221
222/* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the
223 * expected state. */
224void test_schnorrsig_sha256_tagged(void) {
225 unsigned char tag[17] = "BIP0340/challenge";
226 secp256k1_sha256 sha;
227 secp256k1_sha256 sha_optimized;
228
229 secp256k1_sha256_initialize_tagged(&sha, (unsigned char *) tag, sizeof(tag));
230 secp256k1_schnorrsig_sha256_tagged(&sha_optimized);
231 test_sha256_eq(&sha, &sha_optimized);
232}
233
234/* Helper function for schnorrsig_bip_vectors
235 * Signs the message and checks that it's the same as expected_sig. */
236void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const unsigned char *pk_serialized, const unsigned char *aux_rand, const unsigned char *msg32, const unsigned char *expected_sig) {
237 unsigned char sig[64];
238 secp256k1_keypair keypair;
239 secp256k1_xonly_pubkey pk, pk_expected;
240
241 CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
242 CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg32, &keypair, aux_rand));
243 CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0);
244
245 CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk_expected, pk_serialized));
246 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));
247 CHECK(secp256k1_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0);
248 CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk));
249}
250
251/* Helper function for schnorrsig_bip_vectors
252 * Checks that both verify and verify_batch (TODO) return the same value as expected. */
253void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected) {
254 secp256k1_xonly_pubkey pk;
255
256 CHECK(secp256k1_xonly_pubkey_parse(ctx, &pk, pk_serialized));
257 CHECK(expected == secp256k1_schnorrsig_verify(ctx, sig, msg32, 32, &pk));
258}
259
260/* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See
261 * https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv. */
262void test_schnorrsig_bip_vectors(void) {
263 {
264 /* Test vector 0 */
265 const unsigned char sk[32] = {
266 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
267 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
268 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
270 };
271 const unsigned char pk[32] = {
272 0xF9, 0x30, 0x8A, 0x01, 0x92, 0x58, 0xC3, 0x10,
273 0x49, 0x34, 0x4F, 0x85, 0xF8, 0x9D, 0x52, 0x29,
274 0xB5, 0x31, 0xC8, 0x45, 0x83, 0x6F, 0x99, 0xB0,
275 0x86, 0x01, 0xF1, 0x13, 0xBC, 0xE0, 0x36, 0xF9
276 };
277 unsigned char aux_rand[32] = {
278 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
279 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
280 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
281 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
282 };
283 const unsigned char msg[32] = {
284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
285 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
286 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
287 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
288 };
289 const unsigned char sig[64] = {
290 0xE9, 0x07, 0x83, 0x1F, 0x80, 0x84, 0x8D, 0x10,
291 0x69, 0xA5, 0x37, 0x1B, 0x40, 0x24, 0x10, 0x36,
292 0x4B, 0xDF, 0x1C, 0x5F, 0x83, 0x07, 0xB0, 0x08,
293 0x4C, 0x55, 0xF1, 0xCE, 0x2D, 0xCA, 0x82, 0x15,
294 0x25, 0xF6, 0x6A, 0x4A, 0x85, 0xEA, 0x8B, 0x71,
295 0xE4, 0x82, 0xA7, 0x4F, 0x38, 0x2D, 0x2C, 0xE5,
296 0xEB, 0xEE, 0xE8, 0xFD, 0xB2, 0x17, 0x2F, 0x47,
297 0x7D, 0xF4, 0x90, 0x0D, 0x31, 0x05, 0x36, 0xC0
298 };
299 test_schnorrsig_bip_vectors_check_signing(sk, pk, aux_rand, msg, sig);
300 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 1);
301 }
302 {
303 /* Test vector 1 */
304 const unsigned char sk[32] = {
305 0xB7, 0xE1, 0x51, 0x62, 0x8A, 0xED, 0x2A, 0x6A,
306 0xBF, 0x71, 0x58, 0x80, 0x9C, 0xF4, 0xF3, 0xC7,
307 0x62, 0xE7, 0x16, 0x0F, 0x38, 0xB4, 0xDA, 0x56,
308 0xA7, 0x84, 0xD9, 0x04, 0x51, 0x90, 0xCF, 0xEF
309 };
310 const unsigned char pk[32] = {
311 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
312 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
313 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
314 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
315 };
316 unsigned char aux_rand[32] = {
317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
319 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
321 };
322 const unsigned char msg[32] = {
323 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
324 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
325 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
326 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
327 };
328 const unsigned char sig[64] = {
329 0x68, 0x96, 0xBD, 0x60, 0xEE, 0xAE, 0x29, 0x6D,
330 0xB4, 0x8A, 0x22, 0x9F, 0xF7, 0x1D, 0xFE, 0x07,
331 0x1B, 0xDE, 0x41, 0x3E, 0x6D, 0x43, 0xF9, 0x17,
332 0xDC, 0x8D, 0xCF, 0x8C, 0x78, 0xDE, 0x33, 0x41,
333 0x89, 0x06, 0xD1, 0x1A, 0xC9, 0x76, 0xAB, 0xCC,
334 0xB2, 0x0B, 0x09, 0x12, 0x92, 0xBF, 0xF4, 0xEA,
335 0x89, 0x7E, 0xFC, 0xB6, 0x39, 0xEA, 0x87, 0x1C,
336 0xFA, 0x95, 0xF6, 0xDE, 0x33, 0x9E, 0x4B, 0x0A
337 };
338 test_schnorrsig_bip_vectors_check_signing(sk, pk, aux_rand, msg, sig);
339 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 1);
340 }
341 {
342 /* Test vector 2 */
343 const unsigned char sk[32] = {
344 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
345 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
346 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
347 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x14, 0xE5, 0xC9
348 };
349 const unsigned char pk[32] = {
350 0xDD, 0x30, 0x8A, 0xFE, 0xC5, 0x77, 0x7E, 0x13,
351 0x12, 0x1F, 0xA7, 0x2B, 0x9C, 0xC1, 0xB7, 0xCC,
352 0x01, 0x39, 0x71, 0x53, 0x09, 0xB0, 0x86, 0xC9,
353 0x60, 0xE1, 0x8F, 0xD9, 0x69, 0x77, 0x4E, 0xB8
354 };
355 unsigned char aux_rand[32] = {
356 0xC8, 0x7A, 0xA5, 0x38, 0x24, 0xB4, 0xD7, 0xAE,
357 0x2E, 0xB0, 0x35, 0xA2, 0xB5, 0xBB, 0xBC, 0xCC,
358 0x08, 0x0E, 0x76, 0xCD, 0xC6, 0xD1, 0x69, 0x2C,
359 0x4B, 0x0B, 0x62, 0xD7, 0x98, 0xE6, 0xD9, 0x06
360 };
361 const unsigned char msg[32] = {
362 0x7E, 0x2D, 0x58, 0xD8, 0xB3, 0xBC, 0xDF, 0x1A,
363 0xBA, 0xDE, 0xC7, 0x82, 0x90, 0x54, 0xF9, 0x0D,
364 0xDA, 0x98, 0x05, 0xAA, 0xB5, 0x6C, 0x77, 0x33,
365 0x30, 0x24, 0xB9, 0xD0, 0xA5, 0x08, 0xB7, 0x5C
366 };
367 const unsigned char sig[64] = {
368 0x58, 0x31, 0xAA, 0xEE, 0xD7, 0xB4, 0x4B, 0xB7,
369 0x4E, 0x5E, 0xAB, 0x94, 0xBA, 0x9D, 0x42, 0x94,
370 0xC4, 0x9B, 0xCF, 0x2A, 0x60, 0x72, 0x8D, 0x8B,
371 0x4C, 0x20, 0x0F, 0x50, 0xDD, 0x31, 0x3C, 0x1B,
372 0xAB, 0x74, 0x58, 0x79, 0xA5, 0xAD, 0x95, 0x4A,
373 0x72, 0xC4, 0x5A, 0x91, 0xC3, 0xA5, 0x1D, 0x3C,
374 0x7A, 0xDE, 0xA9, 0x8D, 0x82, 0xF8, 0x48, 0x1E,
375 0x0E, 0x1E, 0x03, 0x67, 0x4A, 0x6F, 0x3F, 0xB7
376 };
377 test_schnorrsig_bip_vectors_check_signing(sk, pk, aux_rand, msg, sig);
378 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 1);
379 }
380 {
381 /* Test vector 3 */
382 const unsigned char sk[32] = {
383 0x0B, 0x43, 0x2B, 0x26, 0x77, 0x93, 0x73, 0x81,
384 0xAE, 0xF0, 0x5B, 0xB0, 0x2A, 0x66, 0xEC, 0xD0,
385 0x12, 0x77, 0x30, 0x62, 0xCF, 0x3F, 0xA2, 0x54,
386 0x9E, 0x44, 0xF5, 0x8E, 0xD2, 0x40, 0x17, 0x10
387 };
388 const unsigned char pk[32] = {
389 0x25, 0xD1, 0xDF, 0xF9, 0x51, 0x05, 0xF5, 0x25,
390 0x3C, 0x40, 0x22, 0xF6, 0x28, 0xA9, 0x96, 0xAD,
391 0x3A, 0x0D, 0x95, 0xFB, 0xF2, 0x1D, 0x46, 0x8A,
392 0x1B, 0x33, 0xF8, 0xC1, 0x60, 0xD8, 0xF5, 0x17
393 };
394 unsigned char aux_rand[32] = {
395 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
396 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
397 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
398 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
399 };
400 const unsigned char msg[32] = {
401 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
402 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
403 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
404 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
405 };
406 const unsigned char sig[64] = {
407 0x7E, 0xB0, 0x50, 0x97, 0x57, 0xE2, 0x46, 0xF1,
408 0x94, 0x49, 0x88, 0x56, 0x51, 0x61, 0x1C, 0xB9,
409 0x65, 0xEC, 0xC1, 0xA1, 0x87, 0xDD, 0x51, 0xB6,
410 0x4F, 0xDA, 0x1E, 0xDC, 0x96, 0x37, 0xD5, 0xEC,
411 0x97, 0x58, 0x2B, 0x9C, 0xB1, 0x3D, 0xB3, 0x93,
412 0x37, 0x05, 0xB3, 0x2B, 0xA9, 0x82, 0xAF, 0x5A,
413 0xF2, 0x5F, 0xD7, 0x88, 0x81, 0xEB, 0xB3, 0x27,
414 0x71, 0xFC, 0x59, 0x22, 0xEF, 0xC6, 0x6E, 0xA3
415 };
416 test_schnorrsig_bip_vectors_check_signing(sk, pk, aux_rand, msg, sig);
417 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 1);
418 }
419 {
420 /* Test vector 4 */
421 const unsigned char pk[32] = {
422 0xD6, 0x9C, 0x35, 0x09, 0xBB, 0x99, 0xE4, 0x12,
423 0xE6, 0x8B, 0x0F, 0xE8, 0x54, 0x4E, 0x72, 0x83,
424 0x7D, 0xFA, 0x30, 0x74, 0x6D, 0x8B, 0xE2, 0xAA,
425 0x65, 0x97, 0x5F, 0x29, 0xD2, 0x2D, 0xC7, 0xB9
426 };
427 const unsigned char msg[32] = {
428 0x4D, 0xF3, 0xC3, 0xF6, 0x8F, 0xCC, 0x83, 0xB2,
429 0x7E, 0x9D, 0x42, 0xC9, 0x04, 0x31, 0xA7, 0x24,
430 0x99, 0xF1, 0x78, 0x75, 0xC8, 0x1A, 0x59, 0x9B,
431 0x56, 0x6C, 0x98, 0x89, 0xB9, 0x69, 0x67, 0x03
432 };
433 const unsigned char sig[64] = {
434 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435 0x00, 0x00, 0x00, 0x3B, 0x78, 0xCE, 0x56, 0x3F,
436 0x89, 0xA0, 0xED, 0x94, 0x14, 0xF5, 0xAA, 0x28,
437 0xAD, 0x0D, 0x96, 0xD6, 0x79, 0x5F, 0x9C, 0x63,
438 0x76, 0xAF, 0xB1, 0x54, 0x8A, 0xF6, 0x03, 0xB3,
439 0xEB, 0x45, 0xC9, 0xF8, 0x20, 0x7D, 0xEE, 0x10,
440 0x60, 0xCB, 0x71, 0xC0, 0x4E, 0x80, 0xF5, 0x93,
441 0x06, 0x0B, 0x07, 0xD2, 0x83, 0x08, 0xD7, 0xF4
442 };
443 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 1);
444 }
445 {
446 /* Test vector 5 */
447 const unsigned char pk[32] = {
448 0xEE, 0xFD, 0xEA, 0x4C, 0xDB, 0x67, 0x77, 0x50,
449 0xA4, 0x20, 0xFE, 0xE8, 0x07, 0xEA, 0xCF, 0x21,
450 0xEB, 0x98, 0x98, 0xAE, 0x79, 0xB9, 0x76, 0x87,
451 0x66, 0xE4, 0xFA, 0xA0, 0x4A, 0x2D, 0x4A, 0x34
452 };
453 secp256k1_xonly_pubkey pk_parsed;
454 /* No need to check the signature of the test vector as parsing the pubkey already fails */
455 CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk));
456 }
457 {
458 /* Test vector 6 */
459 const unsigned char pk[32] = {
460 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
461 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
462 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
463 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
464 };
465 const unsigned char msg[32] = {
466 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
467 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
468 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
469 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
470 };
471 const unsigned char sig[64] = {
472 0xFF, 0xF9, 0x7B, 0xD5, 0x75, 0x5E, 0xEE, 0xA4,
473 0x20, 0x45, 0x3A, 0x14, 0x35, 0x52, 0x35, 0xD3,
474 0x82, 0xF6, 0x47, 0x2F, 0x85, 0x68, 0xA1, 0x8B,
475 0x2F, 0x05, 0x7A, 0x14, 0x60, 0x29, 0x75, 0x56,
476 0x3C, 0xC2, 0x79, 0x44, 0x64, 0x0A, 0xC6, 0x07,
477 0xCD, 0x10, 0x7A, 0xE1, 0x09, 0x23, 0xD9, 0xEF,
478 0x7A, 0x73, 0xC6, 0x43, 0xE1, 0x66, 0xBE, 0x5E,
479 0xBE, 0xAF, 0xA3, 0x4B, 0x1A, 0xC5, 0x53, 0xE2
480 };
481 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
482 }
483 {
484 /* Test vector 7 */
485 const unsigned char pk[32] = {
486 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
487 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
488 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
489 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
490 };
491 const unsigned char msg[32] = {
492 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
493 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
494 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
495 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
496 };
497 const unsigned char sig[64] = {
498 0x1F, 0xA6, 0x2E, 0x33, 0x1E, 0xDB, 0xC2, 0x1C,
499 0x39, 0x47, 0x92, 0xD2, 0xAB, 0x11, 0x00, 0xA7,
500 0xB4, 0x32, 0xB0, 0x13, 0xDF, 0x3F, 0x6F, 0xF4,
501 0xF9, 0x9F, 0xCB, 0x33, 0xE0, 0xE1, 0x51, 0x5F,
502 0x28, 0x89, 0x0B, 0x3E, 0xDB, 0x6E, 0x71, 0x89,
503 0xB6, 0x30, 0x44, 0x8B, 0x51, 0x5C, 0xE4, 0xF8,
504 0x62, 0x2A, 0x95, 0x4C, 0xFE, 0x54, 0x57, 0x35,
505 0xAA, 0xEA, 0x51, 0x34, 0xFC, 0xCD, 0xB2, 0xBD
506 };
507 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
508 }
509 {
510 /* Test vector 8 */
511 const unsigned char pk[32] = {
512 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
513 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
514 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
515 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
516 };
517 const unsigned char msg[32] = {
518 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
519 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
520 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
521 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
522 };
523 const unsigned char sig[64] = {
524 0x6C, 0xFF, 0x5C, 0x3B, 0xA8, 0x6C, 0x69, 0xEA,
525 0x4B, 0x73, 0x76, 0xF3, 0x1A, 0x9B, 0xCB, 0x4F,
526 0x74, 0xC1, 0x97, 0x60, 0x89, 0xB2, 0xD9, 0x96,
527 0x3D, 0xA2, 0xE5, 0x54, 0x3E, 0x17, 0x77, 0x69,
528 0x96, 0x17, 0x64, 0xB3, 0xAA, 0x9B, 0x2F, 0xFC,
529 0xB6, 0xEF, 0x94, 0x7B, 0x68, 0x87, 0xA2, 0x26,
530 0xE8, 0xD7, 0xC9, 0x3E, 0x00, 0xC5, 0xED, 0x0C,
531 0x18, 0x34, 0xFF, 0x0D, 0x0C, 0x2E, 0x6D, 0xA6
532 };
533 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
534 }
535 {
536 /* Test vector 9 */
537 const unsigned char pk[32] = {
538 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
539 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
540 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
541 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
542 };
543 const unsigned char msg[32] = {
544 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
545 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
546 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
547 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
548 };
549 const unsigned char sig[64] = {
550 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
551 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
552 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
553 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
554 0x12, 0x3D, 0xDA, 0x83, 0x28, 0xAF, 0x9C, 0x23,
555 0xA9, 0x4C, 0x1F, 0xEE, 0xCF, 0xD1, 0x23, 0xBA,
556 0x4F, 0xB7, 0x34, 0x76, 0xF0, 0xD5, 0x94, 0xDC,
557 0xB6, 0x5C, 0x64, 0x25, 0xBD, 0x18, 0x60, 0x51
558 };
559 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
560 }
561 {
562 /* Test vector 10 */
563 const unsigned char pk[32] = {
564 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
565 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
566 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
567 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
568 };
569 const unsigned char msg[32] = {
570 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
571 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
572 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
573 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
574 };
575 const unsigned char sig[64] = {
576 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
577 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
578 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
579 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
580 0x76, 0x15, 0xFB, 0xAF, 0x5A, 0xE2, 0x88, 0x64,
581 0x01, 0x3C, 0x09, 0x97, 0x42, 0xDE, 0xAD, 0xB4,
582 0xDB, 0xA8, 0x7F, 0x11, 0xAC, 0x67, 0x54, 0xF9,
583 0x37, 0x80, 0xD5, 0xA1, 0x83, 0x7C, 0xF1, 0x97
584 };
585 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
586 }
587 {
588 /* Test vector 11 */
589 const unsigned char pk[32] = {
590 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
591 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
592 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
593 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
594 };
595 const unsigned char msg[32] = {
596 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
597 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
598 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
599 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
600 };
601 const unsigned char sig[64] = {
602 0x4A, 0x29, 0x8D, 0xAC, 0xAE, 0x57, 0x39, 0x5A,
603 0x15, 0xD0, 0x79, 0x5D, 0xDB, 0xFD, 0x1D, 0xCB,
604 0x56, 0x4D, 0xA8, 0x2B, 0x0F, 0x26, 0x9B, 0xC7,
605 0x0A, 0x74, 0xF8, 0x22, 0x04, 0x29, 0xBA, 0x1D,
606 0x69, 0xE8, 0x9B, 0x4C, 0x55, 0x64, 0xD0, 0x03,
607 0x49, 0x10, 0x6B, 0x84, 0x97, 0x78, 0x5D, 0xD7,
608 0xD1, 0xD7, 0x13, 0xA8, 0xAE, 0x82, 0xB3, 0x2F,
609 0xA7, 0x9D, 0x5F, 0x7F, 0xC4, 0x07, 0xD3, 0x9B
610 };
611 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
612 }
613 {
614 /* Test vector 12 */
615 const unsigned char pk[32] = {
616 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
617 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
618 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
619 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
620 };
621 const unsigned char msg[32] = {
622 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
623 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
624 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
625 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
626 };
627 const unsigned char sig[64] = {
628 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
629 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
630 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
631 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
632 0x69, 0xE8, 0x9B, 0x4C, 0x55, 0x64, 0xD0, 0x03,
633 0x49, 0x10, 0x6B, 0x84, 0x97, 0x78, 0x5D, 0xD7,
634 0xD1, 0xD7, 0x13, 0xA8, 0xAE, 0x82, 0xB3, 0x2F,
635 0xA7, 0x9D, 0x5F, 0x7F, 0xC4, 0x07, 0xD3, 0x9B
636 };
637 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
638 }
639 {
640 /* Test vector 13 */
641 const unsigned char pk[32] = {
642 0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F,
643 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23, 0x41, 0xBE,
644 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8,
645 0x43, 0x24, 0x0F, 0x7B, 0x50, 0x2B, 0xA6, 0x59
646 };
647 const unsigned char msg[32] = {
648 0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3,
649 0x13, 0x19, 0x8A, 0x2E, 0x03, 0x70, 0x73, 0x44,
650 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
651 0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89
652 };
653 const unsigned char sig[64] = {
654 0x6C, 0xFF, 0x5C, 0x3B, 0xA8, 0x6C, 0x69, 0xEA,
655 0x4B, 0x73, 0x76, 0xF3, 0x1A, 0x9B, 0xCB, 0x4F,
656 0x74, 0xC1, 0x97, 0x60, 0x89, 0xB2, 0xD9, 0x96,
657 0x3D, 0xA2, 0xE5, 0x54, 0x3E, 0x17, 0x77, 0x69,
658 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
659 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
660 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
661 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
662 };
663 test_schnorrsig_bip_vectors_check_verify(pk, msg, sig, 0);
664 }
665 {
666 /* Test vector 14 */
667 const unsigned char pk[32] = {
668 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
669 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
670 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
671 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x30
672 };
673 secp256k1_xonly_pubkey pk_parsed;
674 /* No need to check the signature of the test vector as parsing the pubkey already fails */
675 CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk_parsed, pk));
676 }
677}
678
679/* Nonce function that returns constant 0 */
680static int nonce_function_failing(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) {
681 (void) msg;
682 (void) msglen;
683 (void) key32;
684 (void) xonly_pk32;
685 (void) algo;
686 (void) algolen;
687 (void) data;
688 (void) nonce32;
689 return 0;
690}
691
692/* Nonce function that sets nonce to 0 */
693static int nonce_function_0(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) {
694 (void) msg;
695 (void) msglen;
696 (void) key32;
697 (void) xonly_pk32;
698 (void) algo;
699 (void) algolen;
700 (void) data;
701
702 memset(nonce32, 0, 32);
703 return 1;
704}
705
706/* Nonce function that sets nonce to 0xFF...0xFF */
707static int nonce_function_overflowing(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) {
708 (void) msg;
709 (void) msglen;
710 (void) key32;
711 (void) xonly_pk32;
712 (void) algo;
713 (void) algolen;
714 (void) data;
715
716 memset(nonce32, 0xFF, 32);
717 return 1;
718}
719
720void test_schnorrsig_sign(void) {
721 unsigned char sk[32];
722 secp256k1_xonly_pubkey pk;
723 secp256k1_keypair keypair;
724 const unsigned char msg[32] = "this is a msg for a schnorrsig..";
725 unsigned char sig[64];
726 unsigned char sig2[64];
727 unsigned char zeros64[64] = { 0 };
728 secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
729 unsigned char aux_rand[32];
730
731 secp256k1_testrand256(sk);
732 secp256k1_testrand256(aux_rand);
733 CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
734 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));
735 CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL) == 1);
736 CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk));
737
738 /* Test different nonce functions */
739 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1);
740 CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk));
741 memset(sig, 1, sizeof(sig));
742 extraparams.noncefp = nonce_function_failing;
743 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0);
744 CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0);
745 memset(&sig, 1, sizeof(sig));
746 extraparams.noncefp = nonce_function_0;
747 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 0);
748 CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0);
749 memset(&sig, 1, sizeof(sig));
750 extraparams.noncefp = nonce_function_overflowing;
751 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1);
752 CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk));
753
754 /* When using the default nonce function, schnorrsig_sign_custom produces
755 * the same result as schnorrsig_sign with aux_rand = extraparams.ndata */
756 extraparams.noncefp = NULL;
757 extraparams.ndata = aux_rand;
758 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1);
759 CHECK(secp256k1_schnorrsig_sign(ctx, sig2, msg, &keypair, extraparams.ndata) == 1);
760 CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0);
761}
762
763#define N_SIGS 3
764/* Creates N_SIGS valid signatures and verifies them with verify and
765 * verify_batch (TODO). Then flips some bits and checks that verification now
766 * fails. */
767void test_schnorrsig_sign_verify(void) {
768 unsigned char sk[32];
769 unsigned char msg[N_SIGS][32];
770 unsigned char sig[N_SIGS][64];
771 size_t i;
772 secp256k1_keypair keypair;
773 secp256k1_xonly_pubkey pk;
774 secp256k1_scalar s;
775
776 secp256k1_testrand256(sk);
777 CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
778 CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));
779
780 for (i = 0; i < N_SIGS; i++) {
781 secp256k1_testrand256(msg[i]);
782 CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL));
783 CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], sizeof(msg[i]), &pk));
784 }
785
786 {
787 /* Flip a few bits in the signature and in the message and check that
788 * verify and verify_batch (TODO) fail */
789 size_t sig_idx = secp256k1_testrand_int(N_SIGS);
790 size_t byte_idx = secp256k1_testrand_int(32);
791 unsigned char xorbyte = secp256k1_testrand_int(254)+1;
792 sig[sig_idx][byte_idx] ^= xorbyte;
793 CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
794 sig[sig_idx][byte_idx] ^= xorbyte;
795
796 byte_idx = secp256k1_testrand_int(32);
797 sig[sig_idx][32+byte_idx] ^= xorbyte;
798 CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
799 sig[sig_idx][32+byte_idx] ^= xorbyte;
800
801 byte_idx = secp256k1_testrand_int(32);
802 msg[sig_idx][byte_idx] ^= xorbyte;
803 CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
804 msg[sig_idx][byte_idx] ^= xorbyte;
805
806 /* Check that above bitflips have been reversed correctly */
807 CHECK(secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk));
808 }
809
810 /* Test overflowing s */
811 CHECK(secp256k1_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL));
812 CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk));
813 memset(&sig[0][32], 0xFF, 32);
814 CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk));
815
816 /* Test negative s */
817 CHECK(secp256k1_schnorrsig_sign(ctx, sig[0], msg[0], &keypair, NULL));
818 CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk));
819 secp256k1_scalar_set_b32(&s, &sig[0][32], NULL);
820 secp256k1_scalar_negate(&s, &s);
821 secp256k1_scalar_get_b32(&sig[0][32], &s);
822 CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk));
823
824 /* The empty message can be signed & verified */
825 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], NULL, 0, &keypair, NULL) == 1);
826 CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], NULL, 0, &pk) == 1);
827
828 {
829 /* Test varying message lengths */
830 unsigned char msg_large[32 * 8];
831 uint32_t msglen = secp256k1_testrand_int(sizeof(msg_large));
832 for (i = 0; i < sizeof(msg_large); i += 32) {
833 secp256k1_testrand256(&msg_large[i]);
834 }
835 CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], msg_large, msglen, &keypair, NULL) == 1);
836 CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 1);
837 /* Verification for a random wrong message length fails */
838 msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large);
839 CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 0);
840 }
841}
842#undef N_SIGS
843
844void test_schnorrsig_taproot(void) {
845 unsigned char sk[32];
846 secp256k1_keypair keypair;
847 secp256k1_xonly_pubkey internal_pk;
848 unsigned char internal_pk_bytes[32];
849 secp256k1_xonly_pubkey output_pk;
850 unsigned char output_pk_bytes[32];
851 unsigned char tweak[32];
852 int pk_parity;
853 unsigned char msg[32];
854 unsigned char sig[64];
855
856 /* Create output key */
857 secp256k1_testrand256(sk);
858 CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
859 CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);
860 /* In actual taproot the tweak would be hash of internal_pk */
861 CHECK(secp256k1_xonly_pubkey_serialize(ctx, tweak, &internal_pk) == 1);
862 CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1);
863 CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1);
864 CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1);
865
866 /* Key spend */
867 secp256k1_testrand256(msg);
868 CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL) == 1);
869 /* Verify key spend */
870 CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1);
871 CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &output_pk) == 1);
872
873 /* Script spend */
874 CHECK(secp256k1_xonly_pubkey_serialize(ctx, internal_pk_bytes, &internal_pk) == 1);
875 /* Verify script spend */
876 CHECK(secp256k1_xonly_pubkey_parse(ctx, &internal_pk, internal_pk_bytes) == 1);
877 CHECK(secp256k1_xonly_pubkey_tweak_add_check(ctx, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1);
878}
879
880void run_schnorrsig_tests(void) {
881 int i;
882 run_nonce_function_bip340_tests();
883
884 test_schnorrsig_api();
885 test_schnorrsig_sha256_tagged();
886 test_schnorrsig_bip_vectors();
887 for (i = 0; i < count; i++) {
888 test_schnorrsig_sign();
889 test_schnorrsig_sign_verify();
890 }
891 test_schnorrsig_taproot();
892}
893
894#endif
ctx
secp256k1_context * ctx
Definition: bench_multiset.c:12
secp256k1_sha256_initialize_tagged
static void secp256k1_sha256_initialize_tagged(secp256k1_sha256 *hash, const unsigned char *tag, size_t taglen)
Definition: hash_impl.h:169
sha1
Internal SHA-1 implementation.
Definition: sha1.cpp:14
sig
SchnorrSig sig
Definition: processor.cpp:523
secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
secp256k1_scalar_negate
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
nonce_function_bip340
static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: main_impl.h:52
secp256k1_nonce_function_bip340_sha256_tagged_aux
static void secp256k1_nonce_function_bip340_sha256_tagged_aux(secp256k1_sha256 *sha)
Definition: main_impl.h:32
secp256k1_nonce_function_bip340_sha256_tagged
static void secp256k1_nonce_function_bip340_sha256_tagged(secp256k1_sha256 *sha)
Definition: main_impl.h:16
secp256k1_schnorrsig_sha256_tagged
static void secp256k1_schnorrsig_sha256_tagged(secp256k1_sha256 *sha)
Definition: main_impl.h:103
test_schnorrsig_bip_vectors
void test_schnorrsig_bip_vectors(void)
Definition: tests_impl.h:262
test_schnorrsig_sign
void test_schnorrsig_sign(void)
Definition: tests_impl.h:720
nonce_function_overflowing
static int nonce_function_overflowing(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: tests_impl.h:707
run_nonce_function_bip340_tests
void run_nonce_function_bip340_tests(void)
Definition: tests_impl.h:34
test_schnorrsig_bip_vectors_check_signing
void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const unsigned char *pk_serialized, const unsigned char *aux_rand, const unsigned char *msg32, const unsigned char *expected_sig)
Definition: tests_impl.h:236
test_schnorrsig_bip_vectors_check_verify
void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg32, const unsigned char *sig, int expected)
Definition: tests_impl.h:253
test_schnorrsig_taproot
void test_schnorrsig_taproot(void)
Definition: tests_impl.h:844
nonce_function_0
static int nonce_function_0(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: tests_impl.h:693
test_sha256_eq
void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2)
Definition: tests_impl.h:26
test_schnorrsig_sign_verify
void test_schnorrsig_sign_verify(void)
Definition: tests_impl.h:767
run_schnorrsig_tests
void run_schnorrsig_tests(void)
Definition: tests_impl.h:880
nonce_function_bip340_bitflip
void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes, size_t msglen, size_t algolen)
Definition: tests_impl.h:15
N_SIGS
#define N_SIGS
Definition: tests_impl.h:763
test_schnorrsig_sha256_tagged
void test_schnorrsig_sha256_tagged(void)
Definition: tests_impl.h:224
nonce_function_failing
static int nonce_function_failing(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data)
Definition: tests_impl.h:680
test_schnorrsig_api
void test_schnorrsig_api(void)
Definition: tests_impl.h:117
secp256k1_rfc6979_hmac_sha256_generate
static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen)
secp256k1_memcmp_var
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:226
CHECK
#define CHECK(cond)
Definition: util.h:53
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:188
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:185
secp256k1_context_set_error_callback
SECP256K1_API void secp256k1_context_set_error_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an internal consistency check fails.
Definition: secp256k1.c:204
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:146
secp256k1_context_set_illegal_callback
SECP256K1_API void secp256k1_context_set_illegal_callback(secp256k1_context *ctx, void(*fun)(const char *message, void *data), const void *data) SECP256K1_ARG_NONNULL(1)
Set a callback function to be called when an illegal argument is passed to an API call.
Definition: secp256k1.c:195
SECP256K1_CONTEXT_NONE
#define SECP256K1_CONTEXT_NONE
Definition: secp256k1.h:187
SECP256K1_CONTEXT_VERIFY
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:184
secp256k1_xonly_pubkey_serialize
SECP256K1_API int secp256k1_xonly_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Serialize an xonly_pubkey object into a 32-byte sequence.
Definition: main_impl.h:43
secp256k1_xonly_pubkey_tweak_add_check
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5)
Checks that a tweaked pubkey is the result of calling secp256k1_xonly_pubkey_tweak_add with internal_...
Definition: main_impl.h:134
secp256k1_keypair_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a secret key.
Definition: main_impl.h:195
secp256k1_keypair_xonly_tweak_add
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:254
secp256k1_keypair_xonly_pub
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_pub(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, int *pk_parity, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4)
Get the x-only public key from a keypair.
Definition: main_impl.h:233
secp256k1_xonly_pubkey_parse
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse(const secp256k1_context *ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a 32-byte sequence into a xonly_pubkey object.
Definition: main_impl.h:21
secp256k1_schnorrsig.h
SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT
#define SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT
Definition: secp256k1_schnorrsig.h:89
secp256k1_schnorrsig_sign_custom
SECP256K1_API int secp256k1_schnorrsig_sign_custom(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_schnorrsig_extraparams *extraparams) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Create a Schnorr signature with a more flexible API.
Definition: main_impl.h:200
secp256k1_schnorrsig_sign
SECP256K1_API int secp256k1_schnorrsig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:195
secp256k1_schnorrsig_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5)
Verify a Schnorr signature.
Definition: main_impl.h:215
secp256k1_context_struct
Definition: secp256k1.c:75
secp256k1_keypair
Opaque data structure that holds a keypair consisting of a secret and a public key.
Definition: secp256k1_extrakeys.h:33
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
secp256k1_schnorrsig_extraparams
Data structure that contains additional arguments for schnorrsig_sign_custom.
Definition: secp256k1_schnorrsig.h:82
secp256k1_schnorrsig_extraparams::noncefp
secp256k1_nonce_function_hardened noncefp
Definition: secp256k1_schnorrsig.h:84
secp256k1_schnorrsig_extraparams::ndata
void * ndata
Definition: secp256k1_schnorrsig.h:85
secp256k1_sha256
Definition: hash.h:13
secp256k1_sha256::bytes
size_t bytes
Definition: hash.h:16
secp256k1_sha256::s
uint32_t s[8]
Definition: hash.h:14
secp256k1_xonly_pubkey
Opaque data structure that holds a parsed and valid "x-only" public key.
Definition: secp256k1_extrakeys.h:22
secp256k1_testrand_int
static uint32_t secp256k1_testrand_int(uint32_t range)
Generate a pseudorandom number in the range [0..range-1].
secp256k1_testrand_flip
static void secp256k1_testrand_flip(unsigned char *b, size_t len)
Flip a single random bit in a byte array.
secp256k1_testrand256
static void secp256k1_testrand256(unsigned char *b32)
Generate a pseudorandom 32-byte array.
secp256k1_test_rng
static secp256k1_rfc6979_hmac_sha256 secp256k1_test_rng
Definition: testrand_impl.h:17
counting_illegal_callback_fn
static void counting_illegal_callback_fn(const char *str, void *data)
Definition: tests.c:34
count
static int count
Definition: tests.c:31
Generated on Tue Jan 13 2026 20:42:10 for Bitcoin ABC by doxygen 1.9.4