search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Squashed 'src/secp256k1/' changes from 8225239..84973d3
[bitcoinplatinum.git] / src / modules / ecdh / tests_impl.h
blob85a5d0a9a69e10d585c2bc2ad4df03f14cf0def6
1 /**********************************************************************
2 * Copyright (c) 2015 Andrew Poelstra *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 **********************************************************************/
6
7 #ifndef _SECP256K1_MODULE_ECDH_TESTS_
8 #define _SECP256K1_MODULE_ECDH_TESTS_
9
10 void test_ecdh_api(void) {
11 /* Setup context that just counts errors */
12 secp256k1_context *tctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
13 secp256k1_pubkey point;
14 unsigned char res[32];
15 unsigned char s_one[32] = { 0 };
16 int32_t ecount = 0;
17 s_one[31] = 1;
18
19 secp256k1_context_set_error_callback(tctx, counting_illegal_callback_fn, &ecount);
20 secp256k1_context_set_illegal_callback(tctx, counting_illegal_callback_fn, &ecount);
21 CHECK(secp256k1_ec_pubkey_create(tctx, &point, s_one) == 1);
22
23 /* Check all NULLs are detected */
24 CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
25 CHECK(ecount == 0);
26 CHECK(secp256k1_ecdh(tctx, NULL, &point, s_one) == 0);
27 CHECK(ecount == 1);
28 CHECK(secp256k1_ecdh(tctx, res, NULL, s_one) == 0);
29 CHECK(ecount == 2);
30 CHECK(secp256k1_ecdh(tctx, res, &point, NULL) == 0);
31 CHECK(ecount == 3);
32 CHECK(secp256k1_ecdh(tctx, res, &point, s_one) == 1);
33 CHECK(ecount == 3);
34
35 /* Cleanup */
36 secp256k1_context_destroy(tctx);
37 }
38
39 void test_ecdh_generator_basepoint(void) {
40 unsigned char s_one[32] = { 0 };
41 secp256k1_pubkey point[2];
42 int i;
43
44 s_one[31] = 1;
45 /* Check against pubkey creation when the basepoint is the generator */
46 for (i = 0; i < 100; ++i) {
47 secp256k1_sha256_t sha;
48 unsigned char s_b32[32];
49 unsigned char output_ecdh[32];
50 unsigned char output_ser[32];
51 unsigned char point_ser[33];
52 size_t point_ser_len = sizeof(point_ser);
53 secp256k1_scalar s;
54
55 random_scalar_order(&s);
56 secp256k1_scalar_get_b32(s_b32, &s);
57
58 /* compute using ECDH function */
59 CHECK(secp256k1_ec_pubkey_create(ctx, &point[0], s_one) == 1);
60 CHECK(secp256k1_ecdh(ctx, output_ecdh, &point[0], s_b32) == 1);
61 /* compute "explicitly" */
62 CHECK(secp256k1_ec_pubkey_create(ctx, &point[1], s_b32) == 1);
63 CHECK(secp256k1_ec_pubkey_serialize(ctx, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1);
64 CHECK(point_ser_len == sizeof(point_ser));
65 secp256k1_sha256_initialize(&sha);
66 secp256k1_sha256_write(&sha, point_ser, point_ser_len);
67 secp256k1_sha256_finalize(&sha, output_ser);
68 /* compare */
69 CHECK(memcmp(output_ecdh, output_ser, sizeof(output_ser)) == 0);
70 }
71 }
72
73 void test_bad_scalar(void) {
74 unsigned char s_zero[32] = { 0 };
75 unsigned char s_overflow[32] = {
76 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
77 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
78 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
79 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41
80 };
81 unsigned char s_rand[32] = { 0 };
82 unsigned char output[32];
83 secp256k1_scalar rand;
84 secp256k1_pubkey point;
85
86 /* Create random point */
87 random_scalar_order(&rand);
88 secp256k1_scalar_get_b32(s_rand, &rand);
89 CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_rand) == 1);
90
91 /* Try to multiply it by bad values */
92 CHECK(secp256k1_ecdh(ctx, output, &point, s_zero) == 0);
93 CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 0);
94 /* ...and a good one */
95 s_overflow[31] -= 1;
96 CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow) == 1);
97 }
98
99 void run_ecdh_tests(void) {
100 test_ecdh_api();
101 test_ecdh_generator_basepoint();
102 test_bad_scalar();
103 }
104
105 #endif