7#ifndef SECP256K1_MODULE_ECDH_TESTS_H
8#define SECP256K1_MODULE_ECDH_TESTS_H
10#include "../../unit_test.h"
11#include "../../testutil.h"
16 memcpy(output, x, 32);
32 memcpy(output + 1, x, 32);
33 memcpy(output + 33, y, 32);
39 unsigned char res[32];
40 unsigned char s_one[32] = { 0 };
54 unsigned char s_one[32] = { 0 };
60 for (i = 0; i < 2 *
COUNT; ++i) {
62 unsigned char s_b32[32];
63 unsigned char output_ecdh[65];
64 unsigned char output_ser[32];
65 unsigned char point_ser[65];
66 size_t point_ser_len =
sizeof(point_ser);
98 unsigned char out_default[65], out_custom[65];
99 const unsigned char sk[32] = {1};
105 CHECK(!sha256_ecdh_called);
113 CHECK(sha256_ecdh_called);
119 unsigned char s_zero[32] = { 0 };
120 unsigned char s_overflow[32] = { 0 };
121 unsigned char s_rand[32] = { 0 };
122 unsigned char output[32];
148 unsigned char s_inv[32];
149 unsigned char out[32];
150 unsigned char out_inv[32];
151 unsigned char out_base[32];
154 unsigned char s_one[32] = { 0 };
159 for (i = 0; i < 2 *
COUNT; i++) {
176#include "../../wycheproof/ecdh_secp256k1_test.h"
181 const unsigned char *
pk;
182 const unsigned char *
sk;
183 const unsigned char *expected_shared_secret;
184 unsigned char output_ecdh[65] = { 0 };
188 memset(&point, 0,
sizeof(point));
static void test_ecdh_api(void)
static const struct tf_test_entry tests_ecdh[]
static void test_bad_scalar(void)
static int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data)
static void test_result_basepoint(void)
Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s.
static void test_ecdh_ctx_sha256(void)
static void test_ecdh_generator_basepoint(void)
static int ecdh_hash_function_custom(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data)
static void test_ecdh_wycheproof(void)
static int ecdh_hash_function_test_xpassthru(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data)
static const unsigned char wycheproof_ecdh_public_keys[]
#define SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS
static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS]
static const unsigned char wycheproof_ecdh_private_keys[]
static const unsigned char wycheproof_ecdh_shared_secrets[]
#define CHECK(cond)
Unconditional failure on condition failure.
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar *a)
Convert a scalar to a byte array.
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order).
static void secp256k1_sha256_finalize(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, unsigned char *out32)
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
static void secp256k1_sha256_write(const secp256k1_hash_ctx *hash_ctx, secp256k1_sha256 *hash, const unsigned char *data, size_t size)
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
static SECP256K1_INLINE const secp256k1_hash_ctx * secp256k1_get_hash_context(const secp256k1_context *ctx)
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1)
Destroy a secp256k1 context object (created in dynamically allocated memory).
SECP256K1_API int secp256k1_ec_pubkey_serialize(const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey *pubkey, unsigned int flags) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Serialize a pubkey object into a serialized byte sequence.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a variable-length public key into the pubkey object.
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Compute the public key for a secret key.
#define SECP256K1_EC_COMPRESSED
Flag to pass to secp256k1_ec_pubkey_serialize.
SECP256K1_API secp256k1_context * secp256k1_context_clone(const secp256k1_context *ctx) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT
Copy a secp256k1 context object (into dynamically allocated memory).
#define SECP256K1_EC_UNCOMPRESSED
SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh(const secp256k1_context *ctx, unsigned char *output, const secp256k1_pubkey *pubkey, const unsigned char *seckey, secp256k1_ecdh_hash_function hashfp, void *data) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4)
Compute an EC Diffie-Hellman secret in constant time.
secp256k1_hash_ctx hash_ctx
secp256k1_sha256_compression_function fn_sha256_compression
Opaque data structure that holds a parsed and valid public key.
A scalar modulo the group order of the secp256k1 curve.
#define CHECK_ILLEGAL(ctx, expr)
static secp256k1_context * CTX
static const unsigned char secp256k1_group_order_bytes[32]
static void testutil_random_scalar_order(secp256k1_scalar *num)
#define DEFINE_SHA256_TRANSFORM_PROBE(name)