Bitcoin ABC 0.30.7
P2P Digital Currency
valgrind_ctime_test.c
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2020 Gregory Maxwell *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#include <valgrind/memcheck.h>
8#include <stdio.h>
9
10#include "include/secp256k1.h"
11#include "assumptions.h"
12#include "util.h"
13
14#ifdef ENABLE_MODULE_ECDH
16#endif
17
18#ifdef ENABLE_MODULE_RECOVERY
20#endif
21
22#ifdef ENABLE_MODULE_SCHNORR
24#endif
25
26#ifdef ENABLE_MODULE_EXTRAKEYS
28#endif
29
30#ifdef ENABLE_MODULE_SCHNORRSIG
32#endif
33
34void run_tests(secp256k1_context *ctx, unsigned char *key);
35
36int main(void) {
38 unsigned char key[32];
39 int ret, i;
40
41 if (!RUNNING_ON_VALGRIND) {
42 fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
43 fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
44 return 1;
45 }
52 for (i = 0; i < 32; i++) {
53 key[i] = i + 65;
54 }
55
56 run_tests(ctx, key);
57
58 /* Test context randomisation. Do this last because it leaves the context
59 * tainted. */
60 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
62 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
63 CHECK(ret);
64
66 return 0;
67}
68
69void run_tests(secp256k1_context *ctx, unsigned char *key) {
71 secp256k1_pubkey pubkey;
72 size_t siglen = 74;
73 size_t outputlen = 33;
74 int i;
75 int ret;
76 unsigned char msg[32];
77 unsigned char sig[74];
78 unsigned char spubkey[33];
79#ifdef ENABLE_MODULE_RECOVERY
80 secp256k1_ecdsa_recoverable_signature recoverable_signature;
81 int recid;
82#endif
83#ifdef ENABLE_MODULE_EXTRAKEYS
84 secp256k1_keypair keypair;
85#endif
86
87 for (i = 0; i < 32; i++) {
88 msg[i] = i + 1;
89 }
90
91 /* Test keygen. */
92 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
93 ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
94 VALGRIND_MAKE_MEM_DEFINED(&pubkey, sizeof(secp256k1_pubkey));
95 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
96 CHECK(ret);
97 CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
98
99 /* Test signing. */
100 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
101 ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL);
102 VALGRIND_MAKE_MEM_DEFINED(&signature, sizeof(secp256k1_ecdsa_signature));
103 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
104 CHECK(ret);
106
107#ifdef ENABLE_MODULE_ECDH
108 /* Test ECDH. */
109 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
110 ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL);
111 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
112 CHECK(ret == 1);
113#endif
114
115#ifdef ENABLE_MODULE_RECOVERY
116 /* Test signing a recoverable signature. */
117 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
118 ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL);
119 VALGRIND_MAKE_MEM_DEFINED(&recoverable_signature, sizeof(recoverable_signature));
120 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
121 CHECK(ret);
122 CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature));
123 CHECK(recid >= 0 && recid <= 3);
124#endif
125
126#if ENABLE_MODULE_SCHNORR
127 /* Test schnorr signing. */
128 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
129 ret = secp256k1_schnorr_sign(ctx, sig, msg, key, NULL, NULL);
130 VALGRIND_MAKE_MEM_DEFINED(&sig, sizeof(64));
131 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
132 CHECK(ret);
133#endif
134
135 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
137 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
138 CHECK(ret == 1);
139
140 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
142 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
143 CHECK(ret == 1);
144
145 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
146 VALGRIND_MAKE_MEM_UNDEFINED(msg, 32);
147 ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg);
148 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
149 CHECK(ret == 1);
150
151 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
152 VALGRIND_MAKE_MEM_UNDEFINED(msg, 32);
153 ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg);
154 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
155 CHECK(ret == 1);
156
157 /* Test keypair_create and keypair_xonly_tweak_add. */
158#ifdef ENABLE_MODULE_EXTRAKEYS
159 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
160 ret = secp256k1_keypair_create(ctx, &keypair, key);
161 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
162 CHECK(ret == 1);
163
164 /* The tweak is not treated as a secret in keypair_tweak_add */
165 VALGRIND_MAKE_MEM_DEFINED(msg, 32);
166 ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg);
167 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
168 CHECK(ret == 1);
169
170 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
171 VALGRIND_MAKE_MEM_UNDEFINED(&keypair, sizeof(keypair));
172 ret = secp256k1_keypair_sec(ctx, key, &keypair);
173 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
174 CHECK(ret == 1);
175#endif
176
177#ifdef ENABLE_MODULE_SCHNORRSIG
178 VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
179 ret = secp256k1_keypair_create(ctx, &keypair, key);
180 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
181 CHECK(ret == 1);
182 ret = secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL);
183 VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
184 CHECK(ret == 1);
185#endif
186}
secp256k1_context * ctx
SchnorrSig sig
Definition: processor.cpp:498
#define CHECK(cond)
Definition: util.h:53
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by multiplying it by a tweak.
Definition: secp256k1.c:708
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:174
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize(secp256k1_context *ctx, const unsigned char *seed32) SECP256K1_ARG_NONNULL(1)
Updates the context randomization to protect against side-channel leakage.
Definition: secp256k1.c:756
#define SECP256K1_CONTEXT_DECLASSIFY
Definition: secp256k1.h:175
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate(const secp256k1_context *ctx, unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Negates a secret key in place.
Definition: secp256k1.c:617
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
Definition: secp256k1.c:296
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Verify an ECDSA secret key.
Definition: secp256k1.c:576
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:152
SECP256K1_API int secp256k1_ecdsa_sign(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create an ECDSA signature.
Definition: secp256k1.c:561
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:599
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
Definition: secp256k1.h:179
SECP256K1_API int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in DER format.
Definition: secp256k1.c:406
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:173
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add(const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a secret key by adding tweak to it.
Definition: secp256k1.c:663
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:196
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:29
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_sec(const secp256k1_context *ctx, unsigned char *seckey, const secp256k1_keypair *keypair) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Get the secret key from a keypair.
Definition: main_impl.h:215
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the keypair for a secret key.
Definition: main_impl.h:197
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add(const secp256k1_context *ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Tweak a keypair by adding tweak32 to the secret key and updating the public key accordingly.
Definition: main_impl.h:256
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context *ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature *sig) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize an ECDSA signature in compact format (64 bytes + recovery id).
Definition: main_impl.h:60
SECP256K1_API int secp256k1_ecdsa_sign_recoverable(const secp256k1_context *ctx, secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a recoverable ECDSA signature.
Definition: main_impl.h:123
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a signature using a custom EC-Schnorr-SHA256 construction.
Definition: main_impl.h:33
SECP256K1_API int secp256k1_schnorrsig_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, unsigned char *aux_rand32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Create a Schnorr signature.
Definition: main_impl.h:188
Opaque data structured that holds a parsed ECDSA signature, supporting pubkey recovery.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:83
Opaque data structure that holds a keypair consisting of a secret and a public key.
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:70
int main(void)
void run_tests(secp256k1_context *ctx, unsigned char *key)