ecdh_2tests__exhaustive__impl_8h_source.html

/***********************************************************************

 * Distributed under the MIT software license, see the accompanying    *

 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*

 ***********************************************************************/


#ifndef SECP256K1_MODULE_ECDH_TESTS_EXHAUSTIVE_H

#define SECP256K1_MODULE_ECDH_TESTS_EXHAUSTIVE_H


#include "../../../include/secp256k1_ecdh.h"

#include "main_impl.h"


static void test_exhaustive_ecdh(const secp256k1_context *ctx, const secp256k1_ge *group) {

    int i, j;

    unsigned char seckeys[EXHAUSTIVE_TEST_ORDER - 1][32];

    secp256k1_pubkey pubkeys[EXHAUSTIVE_TEST_ORDER - 1];


    /* Construct key pairs (32-byte secret key, public key object) for the entire group. */

    for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {

        secp256k1_scalar scalar;

        secp256k1_scalar_set_int(&scalar, i);

        secp256k1_scalar_get_b32(seckeys[i - 1], &scalar);

        CHECK(secp256k1_ec_pubkey_create(ctx, &pubkeys[i - 1], seckeys[i - 1]));

    }


    /* Loop over key combinations. */

    for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) {

        for (j = 1; j < EXHAUSTIVE_TEST_ORDER; j++) {

            unsigned char ecdh_result_ij[32];

            unsigned char ecdh_result_ji[32];


            /* Calculate ECDH(i*G, j) and ECDH(j*G, i) using API function and verify that the results match. */

            CHECK(secp256k1_ecdh(ctx, ecdh_result_ij, &pubkeys[i - 1], seckeys[j - 1], NULL, NULL));

            CHECK(secp256k1_ecdh(ctx, ecdh_result_ji, &pubkeys[j - 1], seckeys[i - 1], NULL, NULL));

            CHECK(secp256k1_memcmp_var(ecdh_result_ij, ecdh_result_ji, 32) == 0);


            /* Recalculate the expected ECDH result manually by invoking the default ECDH hash

             * function on the precomputed group element (group[i * j]) coordinates, and verify

             * that it matches the previously calculated public API results. */

            {

                secp256k1_ge ecdh_ge_expected = group[(i * j) % EXHAUSTIVE_TEST_ORDER];

                unsigned char ecdh_result_expected[32];

                unsigned char x[32];

                unsigned char y[32];


                secp256k1_fe_normalize_var(&ecdh_ge_expected.x);

                secp256k1_fe_normalize_var(&ecdh_ge_expected.y);

                secp256k1_fe_get_b32(x, &ecdh_ge_expected.x);

                secp256k1_fe_get_b32(y, &ecdh_ge_expected.y);

                CHECK(secp256k1_ecdh_hash_function_default(ecdh_result_expected, x, y, NULL));

                CHECK(secp256k1_memcmp_var(ecdh_result_ij, ecdh_result_expected, 32) == 0);

            }

        }

    }

}


#endif

test_exhaustive_ecdh
static void test_exhaustive_ecdh(const secp256k1_context *ctx, const secp256k1_ge *group)
Definition: tests_exhaustive_impl.h:12

secp256k1_fe_normalize_var
#define secp256k1_fe_normalize_var
Definition: field.h:80

secp256k1_fe_get_b32
#define secp256k1_fe_get_b32
Definition: field.h:89

CHECK
#define CHECK(cond)
Unconditional failure on condition failure.
Definition: util.h:35

tests_wycheproof_generate_ecdsa.group
group
Definition: tests_wycheproof_generate_ecdsa.py:32

secp256k1_scalar_set_int
static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v)
Set a scalar to an unsigned integer.

secp256k1_scalar_get_b32
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.

main_impl.h

secp256k1_memcmp_var
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:282

secp256k1_ec_pubkey_create
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
Definition: secp256k1.c:636

secp256k1_ecdh
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
Definition: main_impl.h:34

secp256k1_ecdh_hash_function_default
SECP256K1_API const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default
A default ECDH hash function (currently equal to secp256k1_ecdh_hash_function_sha256).
Definition: secp256k1_ecdh.h:34

secp256k1_context_struct
Definition: secp256k1.c:61

secp256k1_ge
A group element in affine coordinates on the secp256k1 curve, or occasionally on an isomorphic curve ...
Definition: group.h:16

secp256k1_ge::x
secp256k1_fe x
Definition: group.h:17

secp256k1_ge::y
secp256k1_fe y
Definition: group.h:18

secp256k1_pubkey
Opaque data structure that holds a parsed and valid public key.
Definition: secp256k1.h:62

secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13

EXHAUSTIVE_TEST_ORDER
#define EXHAUSTIVE_TEST_ORDER
Definition: tests_exhaustive.c:13