1 /**********************************************************************
2 * Copyright (c) 2015 Andrew Poelstra *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5 **********************************************************************/
7 #ifndef _SECP256K1_MODULE_ECDH_TESTS_
8 #define _SECP256K1_MODULE_ECDH_TESTS_
10 void test_ecdh_api(void) {
11 /* Setup context that just counts errors */
12 secp256k1_context
*tctx
= secp256k1_context_create(SECP256K1_CONTEXT_SIGN
);
13 secp256k1_pubkey point
;
14 unsigned char res
[32];
15 unsigned char s_one
[32] = { 0 };
19 secp256k1_context_set_error_callback(tctx
, counting_illegal_callback_fn
, &ecount
);
20 secp256k1_context_set_illegal_callback(tctx
, counting_illegal_callback_fn
, &ecount
);
21 CHECK(secp256k1_ec_pubkey_create(tctx
, &point
, s_one
) == 1);
23 /* Check all NULLs are detected */
24 CHECK(secp256k1_ecdh(tctx
, res
, &point
, s_one
) == 1);
26 CHECK(secp256k1_ecdh(tctx
, NULL
, &point
, s_one
) == 0);
28 CHECK(secp256k1_ecdh(tctx
, res
, NULL
, s_one
) == 0);
30 CHECK(secp256k1_ecdh(tctx
, res
, &point
, NULL
) == 0);
32 CHECK(secp256k1_ecdh(tctx
, res
, &point
, s_one
) == 1);
36 secp256k1_context_destroy(tctx
);
39 void test_ecdh_generator_basepoint(void) {
40 unsigned char s_one
[32] = { 0 };
41 secp256k1_pubkey point
[2];
45 /* Check against pubkey creation when the basepoint is the generator */
46 for (i
= 0; i
< 100; ++i
) {
47 secp256k1_sha256_t sha
;
48 unsigned char s_b32
[32];
49 unsigned char output_ecdh
[32];
50 unsigned char output_ser
[32];
51 unsigned char point_ser
[33];
52 size_t point_ser_len
= sizeof(point_ser
);
55 random_scalar_order(&s
);
56 secp256k1_scalar_get_b32(s_b32
, &s
);
58 /* compute using ECDH function */
59 CHECK(secp256k1_ec_pubkey_create(ctx
, &point
[0], s_one
) == 1);
60 CHECK(secp256k1_ecdh(ctx
, output_ecdh
, &point
[0], s_b32
) == 1);
61 /* compute "explicitly" */
62 CHECK(secp256k1_ec_pubkey_create(ctx
, &point
[1], s_b32
) == 1);
63 CHECK(secp256k1_ec_pubkey_serialize(ctx
, point_ser
, &point_ser_len
, &point
[1], SECP256K1_EC_COMPRESSED
) == 1);
64 CHECK(point_ser_len
== sizeof(point_ser
));
65 secp256k1_sha256_initialize(&sha
);
66 secp256k1_sha256_write(&sha
, point_ser
, point_ser_len
);
67 secp256k1_sha256_finalize(&sha
, output_ser
);
69 CHECK(memcmp(output_ecdh
, output_ser
, sizeof(output_ser
)) == 0);
73 void test_bad_scalar(void) {
74 unsigned char s_zero
[32] = { 0 };
75 unsigned char s_overflow
[32] = {
76 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
77 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe,
78 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b,
79 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41
81 unsigned char s_rand
[32] = { 0 };
82 unsigned char output
[32];
83 secp256k1_scalar rand
;
84 secp256k1_pubkey point
;
86 /* Create random point */
87 random_scalar_order(&rand
);
88 secp256k1_scalar_get_b32(s_rand
, &rand
);
89 CHECK(secp256k1_ec_pubkey_create(ctx
, &point
, s_rand
) == 1);
91 /* Try to multiply it by bad values */
92 CHECK(secp256k1_ecdh(ctx
, output
, &point
, s_zero
) == 0);
93 CHECK(secp256k1_ecdh(ctx
, output
, &point
, s_overflow
) == 0);
94 /* ...and a good one */
96 CHECK(secp256k1_ecdh(ctx
, output
, &point
, s_overflow
) == 1);
99 void run_ecdh_tests(void) {
101 test_ecdh_generator_basepoint();