doxygen/html/schnorr_2tests__impl_8h_source.html

 /**********************************************************************
  * Copyright (c) 2014-2015 Pieter Wuille                              *
  * Distributed under the MIT software license, see the accompanying   *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  **********************************************************************/

 #ifndef SECP256K1_MODULE_SCHNORR_TESTS
 #define SECP256K1_MODULE_SCHNORR_TESTS

 #include "include/secp256k1_schnorr.h"

 void test_schnorr_end_to_end(void) {
     unsigned char privkey[32];
     unsigned char message[32];
     unsigned char schnorr_signature[64];
     secp256k1_pubkey pubkey, recpubkey;

     /* Generate a random key and message. */
     {
         secp256k1_scalar key;
         random_scalar_order_test(&key);
         secp256k1_scalar_get_b32(privkey, &key);
         secp256k1_rand256_test(message);
     }

     /* Construct and verify corresponding public key. */
     CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
     CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);

     /* Schnorr sign. */
     CHECK(secp256k1_schnorr_sign(ctx, schnorr_signature, message, privkey, NULL, NULL) == 1);
     CHECK(secp256k1_schnorr_verify(ctx, schnorr_signature, message, &pubkey) == 1);
     CHECK(secp256k1_schnorr_recover(ctx, &recpubkey, schnorr_signature, message) == 1);
     CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
     /* Destroy signature and verify again. */
     schnorr_signature[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255);
     CHECK(secp256k1_schnorr_verify(ctx, schnorr_signature, message, &pubkey) == 0);
     CHECK(secp256k1_schnorr_recover(ctx, &recpubkey, schnorr_signature, message) != 1 ||
           memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
 }

 void test_schnorr_hash(unsigned char *h32, const unsigned char *r32, const unsigned char *msg32) {
     int i;
     for (i = 0; i < 32; i++) {
         h32[i] = r32[i] ^ msg32[i];
     }
 }

 void test_schnorr_sign_verify(void) {
     unsigned char msg32[32];
     unsigned char sig64[3][64];
     secp256k1_gej pubkeyj[3];
     secp256k1_ge pubkey[3];
     secp256k1_scalar nonce[3], key[3];
     int i = 0;
     int k;

     secp256k1_rand256_test(msg32);

     for (k = 0; k < 3; k++) {
         random_scalar_order_test(&key[k]);

         do {
             random_scalar_order_test(&nonce[k]);
             if (secp256k1_schnorr_sig_sign(&ctx->ecmult_gen_ctx, sig64[k], &key[k], &nonce[k], NULL, &test_schnorr_hash, msg32)) {
                 break;
             }
         } while(1);

         secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubkeyj[k], &key[k]);
         secp256k1_ge_set_gej_var(&pubkey[k], &pubkeyj[k]);
         CHECK(secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64[k], &pubkey[k], &test_schnorr_hash, msg32));

         for (i = 0; i < 4; i++) {
             int pos = secp256k1_rand_bits(6);
             int mod = 1 + secp256k1_rand_int(255);
             sig64[k][pos] ^= mod;
             CHECK(secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64[k], &pubkey[k], &test_schnorr_hash, msg32) == 0);
             sig64[k][pos] ^= mod;
         }
     }
 }

 void test_schnorr_threshold(void) {
     unsigned char msg[32];
     unsigned char sec[5][32];
     secp256k1_pubkey pub[5];
     unsigned char nonce[5][32];
     secp256k1_pubkey pubnonce[5];
     unsigned char sig[5][64];
     const unsigned char* sigs[5];
     unsigned char allsig[64];
     const secp256k1_pubkey* pubs[5];
     secp256k1_pubkey allpub;
     int n, i;
     int damage;
     int ret = 0;

     damage = secp256k1_rand_bits(1) ? (1 + secp256k1_rand_int(4)) : 0;
     secp256k1_rand256_test(msg);
     n = 2 + secp256k1_rand_int(4);
     for (i = 0; i < n; i++) {
         do {
             secp256k1_rand256_test(sec[i]);
         } while (!secp256k1_ec_seckey_verify(ctx, sec[i]));
         CHECK(secp256k1_ec_pubkey_create(ctx, &pub[i], sec[i]));
         CHECK(secp256k1_schnorr_generate_nonce_pair(ctx, &pubnonce[i], nonce[i], msg, sec[i], NULL, NULL));
         pubs[i] = &pub[i];
     }
     if (damage == 1) {
         nonce[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
     } else if (damage == 2) {
         sec[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
     }
     for (i = 0; i < n; i++) {
         secp256k1_pubkey allpubnonce;
         const secp256k1_pubkey *pubnonces[4];
         int j;
         for (j = 0; j < i; j++) {
             pubnonces[j] = &pubnonce[j];
         }
         for (j = i + 1; j < n; j++) {
             pubnonces[j - 1] = &pubnonce[j];
         }
         CHECK(secp256k1_ec_pubkey_combine(ctx, &allpubnonce, pubnonces, n - 1));
         ret |= (secp256k1_schnorr_partial_sign(ctx, sig[i], msg, sec[i], &allpubnonce, nonce[i]) != 1) * 1;
         sigs[i] = sig[i];
     }
     if (damage == 3) {
         sig[secp256k1_rand_int(n)][secp256k1_rand_bits(6)] ^= 1 + secp256k1_rand_int(255);
     }
     ret |= (secp256k1_ec_pubkey_combine(ctx, &allpub, pubs, n) != 1) * 2;
     if ((ret & 1) == 0) {
         ret |= (secp256k1_schnorr_partial_combine(ctx, allsig, sigs, n) != 1) * 4;
     }
     if (damage == 4) {
         allsig[secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
     }
     if ((ret & 7) == 0) {
         ret |= (secp256k1_schnorr_verify(ctx, allsig, msg, &allpub) != 1) * 8;
     }
     CHECK((ret == 0) == (damage == 0));
 }

 void test_schnorr_recovery(void) {
     unsigned char msg32[32];
     unsigned char sig64[64];
     secp256k1_ge Q;

     secp256k1_rand256_test(msg32);
     secp256k1_rand256_test(sig64);
     secp256k1_rand256_test(sig64 + 32);
     if (secp256k1_schnorr_sig_recover(&ctx->ecmult_ctx, sig64, &Q, &test_schnorr_hash, msg32) == 1) {
         CHECK(secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &Q, &test_schnorr_hash, msg32) == 1);
     }
 }

 void run_schnorr_tests(void) {
     int i;
     for (i = 0; i < 32*count; i++) {
         test_schnorr_end_to_end();
     }
     for (i = 0; i < 32 * count; i++) {
          test_schnorr_sign_verify();
     }
     for (i = 0; i < 16 * count; i++) {
          test_schnorr_recovery();
     }
     for (i = 0; i < 10 * count; i++) {
          test_schnorr_threshold();
     }
 }

 #endif
secp256k1_ecmult_gen
static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *a)

secp256k1_schnorr_sign
SECP256K1_API int secp256k1_schnorr_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void *ndata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Definition: main_impl.h:23

secp256k1_ge_set_gej_var
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Definition: group_impl.h:65

secp256k1_schnorr_partial_combine
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_combine(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *const *sig64sin, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition: main_impl.h:157

secp256k1_rand_int
static uint32_t secp256k1_rand_int(uint32_t range)

secp256k1_gej
Definition: group.h:24

test_schnorr_hash
void test_schnorr_hash(unsigned char *h32, const unsigned char *r32, const unsigned char *msg32)
Definition: tests_impl.h:43

secp256k1_schnorr_recover
SECP256K1_API int secp256k1_schnorr_recover(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *sig64, const unsigned char *msg32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Definition: main_impl.h:73

secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition: secp256k1.c:409

fix-copyright-headers.n
int n
Definition: fix-copyright-headers.py:46

secp256k1_ec_seckey_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify(const secp256k1_context *ctx, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2)
Definition: secp256k1.c:395

secp256k1_context_struct::ecmult_gen_ctx
secp256k1_ecmult_gen_context ecmult_gen_ctx
Definition: secp256k1.c:55

ctx
static secp256k1_context * ctx
Definition: tests.c:42

secp256k1_schnorr_generate_nonce_pair
SECP256K1_API int secp256k1_schnorr_generate_nonce_pair(const secp256k1_context *ctx, secp256k1_pubkey *pubnonce, unsigned char *privnonce32, const unsigned char *msg32, const unsigned char *sec32, secp256k1_nonce_function noncefp, const void *noncedata) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition: main_impl.h:91

secp256k1_context_struct::ecmult_ctx
secp256k1_ecmult_context ecmult_ctx
Definition: secp256k1.c:54

secp256k1_ge
Definition: group.h:14

secp256k1_schnorr_verify
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_verify(const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg32, const secp256k1_pubkey *pubkey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Definition: main_impl.h:61

CHECK
#define CHECK(cond)
Definition: util.h:52

secp256k1_scalar
Definition: scalar_4x64.h:13

test_schnorr_end_to_end
void test_schnorr_end_to_end(void)
Definition: tests_impl.h:12

zmq_sub.msg
msg
Definition: zmq_sub.py:22

secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)

test_schnorr_recovery
void test_schnorr_recovery(void)
Definition: tests_impl.h:146

secp256k1_schnorr_sig_sign
static int secp256k1_schnorr_sig_sign(const secp256k1_ecmult_gen_context *ctx, unsigned char *sig64, const secp256k1_scalar *key, const secp256k1_scalar *nonce, const secp256k1_ge *pubnonce, secp256k1_schnorr_msghash hash, const unsigned char *msg32)

run_schnorr_tests
void run_schnorr_tests(void)
Definition: tests_impl.h:159

random_scalar_order_test
void random_scalar_order_test(secp256k1_scalar *num)
Definition: tests.c:110

secp256k1_schnorr.h

secp256k1_rand_bits
static uint32_t secp256k1_rand_bits(int bits)

test_schnorr_threshold
void test_schnorr_threshold(void)
Definition: tests_impl.h:85

secp256k1_schnorr_partial_sign
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorr_partial_sign(const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, const unsigned char *sec32, const secp256k1_pubkey *pubnonce_others, const unsigned char *secnonce32) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6)
Definition: main_impl.h:133

count
static int count
Definition: tests.c:41

secp256k1_ec_pubkey_combine
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine(const secp256k1_context *ctx, secp256k1_pubkey *out, const secp256k1_pubkey *const *ins, size_t n) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Definition: secp256k1.c:534

secp256k1_schnorr_sig_verify
static int secp256k1_schnorr_sig_verify(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, const secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32)

secp256k1_schnorr_sig_recover
static int secp256k1_schnorr_sig_recover(const secp256k1_ecmult_context *ctx, const unsigned char *sig64, secp256k1_ge *pubkey, secp256k1_schnorr_msghash hash, const unsigned char *msg32)

test_schnorr_sign_verify
void test_schnorr_sign_verify(void)
Definition: tests_impl.h:50

extract_strings_qt.key
key
Definition: extract_strings_qt.py:73

secp256k1_pubkey
Definition: secp256k1.h:56

secp256k1_rand256_test
static void secp256k1_rand256_test(unsigned char *b32)