Browse Source

Use secp256k1_rand_int and secp256k1_rand_bits more

Update the unit tests to make use of the new RNG functions.
master
Pieter Wuille 7 years ago
parent
commit
fa57f1bdf1
  1. 2
      src/modules/recovery/tests_impl.h
  2. 18
      src/modules/schnorr/tests_impl.h
  3. 67
      src/tests.c

2
src/modules/recovery/tests_impl.h

@ -56,7 +56,7 @@ void test_ecdsa_recovery_end_to_end(void) { @@ -56,7 +56,7 @@ void test_ecdsa_recovery_end_to_end(void) {
CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
/* Serialize/destroy/parse signature and verify again. */
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
sig[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255);
sig[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255);
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0);

18
src/modules/schnorr/tests_impl.h

@ -33,7 +33,7 @@ void test_schnorr_end_to_end(void) { @@ -33,7 +33,7 @@ void test_schnorr_end_to_end(void) {
CHECK(secp256k1_schnorr_recover(ctx, &recpubkey, schnorr_signature, message) == 1);
CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
/* Destroy signature and verify again. */
schnorr_signature[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255);
schnorr_signature[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255);
CHECK(secp256k1_schnorr_verify(ctx, schnorr_signature, message, &pubkey) == 0);
CHECK(secp256k1_schnorr_recover(ctx, &recpubkey, schnorr_signature, message) != 1 ||
memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
@ -73,8 +73,8 @@ void test_schnorr_sign_verify(void) { @@ -73,8 +73,8 @@ void test_schnorr_sign_verify(void) {
CHECK(secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64[k], &pubkey[k], &test_schnorr_hash, msg32));
for (i = 0; i < 4; i++) {
int pos = secp256k1_rand32() % 64;
int mod = 1 + (secp256k1_rand32() % 255);
int pos = secp256k1_rand_bits(6);
int mod = 1 + secp256k1_rand_int(255);
sig64[k][pos] ^= mod;
CHECK(secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64[k], &pubkey[k], &test_schnorr_hash, msg32) == 0);
sig64[k][pos] ^= mod;
@ -97,9 +97,9 @@ void test_schnorr_threshold(void) { @@ -97,9 +97,9 @@ void test_schnorr_threshold(void) {
int damage;
int ret = 0;
damage = (secp256k1_rand32() % 2) ? (1 + (secp256k1_rand32() % 4)) : 0;
damage = secp256k1_rand_bits(1) ? (1 + secp256k1_rand_int(4)) : 0;
secp256k1_rand256_test(msg);
n = 2 + (secp256k1_rand32() % 4);
n = 2 + secp256k1_rand_int(4);
for (i = 0; i < n; i++) {
do {
secp256k1_rand256_test(sec[i]);
@ -109,9 +109,9 @@ void test_schnorr_threshold(void) { @@ -109,9 +109,9 @@ void test_schnorr_threshold(void) {
pubs[i] = &pub[i];
}
if (damage == 1) {
nonce[secp256k1_rand32() % n][secp256k1_rand32() % 32] ^= 1 + (secp256k1_rand32() % 255);
nonce[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
} else if (damage == 2) {
sec[secp256k1_rand32() % n][secp256k1_rand32() % 32] ^= 1 + (secp256k1_rand32() % 255);
sec[secp256k1_rand_int(n)][secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
}
for (i = 0; i < n; i++) {
secp256k1_pubkey allpubnonce;
@ -128,14 +128,14 @@ void test_schnorr_threshold(void) { @@ -128,14 +128,14 @@ void test_schnorr_threshold(void) {
sigs[i] = sig[i];
}
if (damage == 3) {
sig[secp256k1_rand32() % n][secp256k1_rand32() % 64] ^= 1 + (secp256k1_rand32() % 255);
sig[secp256k1_rand_int(n)][secp256k1_rand_bits(6)] ^= 1 + secp256k1_rand_int(255);
}
ret |= (secp256k1_ec_pubkey_combine(ctx, &allpub, pubs, n) != 1) * 2;
if ((ret & 1) == 0) {
ret |= (secp256k1_schnorr_partial_combine(ctx, allsig, sigs, n) != 1) * 4;
}
if (damage == 4) {
allsig[secp256k1_rand32() % 32] ^= 1 + (secp256k1_rand32() % 255);
allsig[secp256k1_rand_int(32)] ^= 1 + secp256k1_rand_int(255);
}
if ((ret & 7) == 0) {
ret |= (secp256k1_schnorr_verify(ctx, allsig, msg, &allpub) != 1) * 8;

67
src/tests.c

@ -50,7 +50,7 @@ void random_field_element_test(secp256k1_fe *fe) { @@ -50,7 +50,7 @@ void random_field_element_test(secp256k1_fe *fe) {
void random_field_element_magnitude(secp256k1_fe *fe) {
secp256k1_fe zero;
int n = secp256k1_rand32() % 9;
int n = secp256k1_rand_int(9);
secp256k1_fe_normalize(fe);
if (n == 0) {
return;
@ -66,7 +66,7 @@ void random_group_element_test(secp256k1_ge *ge) { @@ -66,7 +66,7 @@ void random_group_element_test(secp256k1_ge *ge) {
secp256k1_fe fe;
do {
random_field_element_test(&fe);
if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand32() & 1)) {
if (secp256k1_ge_set_xo_var(ge, &fe, secp256k1_rand_bits(1))) {
secp256k1_fe_normalize(&ge->y);
break;
}
@ -189,7 +189,7 @@ void run_sha256_tests(void) { @@ -189,7 +189,7 @@ void run_sha256_tests(void) {
secp256k1_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0);
if (strlen(inputs[i]) > 0) {
int split = secp256k1_rand32() % strlen(inputs[i]);
int split = secp256k1_rand_int(strlen(inputs[i]));
secp256k1_sha256_initialize(&hasher);
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split);
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
@ -233,7 +233,7 @@ void run_hmac_sha256_tests(void) { @@ -233,7 +233,7 @@ void run_hmac_sha256_tests(void) {
secp256k1_hmac_sha256_finalize(&hasher, out);
CHECK(memcmp(out, outputs[i], 32) == 0);
if (strlen(inputs[i]) > 0) {
int split = secp256k1_rand32() % strlen(inputs[i]);
int split = secp256k1_rand_int(strlen(inputs[i]));
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i]));
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split);
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
@ -360,7 +360,7 @@ void run_rand_int(void) { @@ -360,7 +360,7 @@ void run_rand_int(void) {
#ifndef USE_NUM_NONE
void random_num_negate(secp256k1_num *num) {
if (secp256k1_rand32() & 1) {
if (secp256k1_rand_bits(1)) {
secp256k1_num_negate(num);
}
}
@ -401,13 +401,12 @@ void test_num_add_sub(void) { @@ -401,13 +401,12 @@ void test_num_add_sub(void) {
secp256k1_num n1;
secp256k1_num n2;
secp256k1_num n1p2, n2p1, n1m2, n2m1;
int r = secp256k1_rand32();
random_num_order_test(&n1); /* n1 = R1 */
if (r & 1) {
if (secp256k1_rand_bits(1)) {
random_num_negate(&n1);
}
random_num_order_test(&n2); /* n2 = R2 */
if (r & 2) {
if (secp256k1_rand_bits(1)) {
random_num_negate(&n2);
}
secp256k1_num_add(&n1p2, &n1, &n2); /* n1p2 = R1 + R2 */
@ -492,7 +491,7 @@ void scalar_test(void) { @@ -492,7 +491,7 @@ void scalar_test(void) {
while (i < 256) {
secp256k1_scalar t;
int j;
int now = (secp256k1_rand32() % 15) + 1;
int now = secp256k1_rand_int(15) + 1;
if (now + i > 256) {
now = 256 - i;
}
@ -569,7 +568,7 @@ void scalar_test(void) { @@ -569,7 +568,7 @@ void scalar_test(void) {
secp256k1_num rnum;
secp256k1_num rnum2;
unsigned char cone[1] = {0x01};
unsigned int shift = 256 + (secp256k1_rand32() % 257);
unsigned int shift = 256 + secp256k1_rand_int(257);
secp256k1_scalar_mul_shift_var(&r, &s1, &s2, shift);
secp256k1_num_mul(&rnum, &s1num, &s2num);
secp256k1_num_shift(&rnum, shift - 1);
@ -587,7 +586,7 @@ void scalar_test(void) { @@ -587,7 +586,7 @@ void scalar_test(void) {
random_scalar_order_test(&r);
for (i = 0; i < 100; ++i) {
int low;
int shift = 1 + (secp256k1_rand32() % 15);
int shift = 1 + secp256k1_rand_int(15);
int expected = r.d[0] % (1 << shift);
low = secp256k1_scalar_shr_int(&r, shift);
CHECK(expected == low);
@ -631,7 +630,7 @@ void scalar_test(void) { @@ -631,7 +630,7 @@ void scalar_test(void) {
secp256k1_scalar b;
int i;
/* Test add_bit. */
int bit = secp256k1_rand32() % 256;
int bit = secp256k1_rand_bits(8);
secp256k1_scalar_set_int(&b, 1);
CHECK(secp256k1_scalar_is_one(&b));
for (i = 0; i < bit; i++) {
@ -946,7 +945,7 @@ void run_field_inv_all_var(void) { @@ -946,7 +945,7 @@ void run_field_inv_all_var(void) {
secp256k1_fe_inv_all_var(0, xi, x);
for (i = 0; i < count; i++) {
size_t j;
size_t len = (secp256k1_rand32() & 15) + 1;
size_t len = secp256k1_rand_int(15) + 1;
for (j = 0; j < len; j++) {
random_fe_non_zero(&x[j]);
}
@ -1235,7 +1234,7 @@ void test_ge(void) { @@ -1235,7 +1234,7 @@ void test_ge(void) {
gej_shuffled[i] = gej[i];
}
for (i = 0; i < 4 * runs + 1; i++) {
int swap = i + secp256k1_rand32() % (4 * runs + 1 - i);
int swap = i + secp256k1_rand_int(4 * runs + 1 - i);
if (swap != i) {
secp256k1_gej t = gej_shuffled[i];
gej_shuffled[i] = gej_shuffled[swap];
@ -2246,7 +2245,7 @@ void test_ecdsa_sign_verify(void) { @@ -2246,7 +2245,7 @@ void test_ecdsa_sign_verify(void) {
random_scalar_order_test(&key);
secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pubj, &key);
secp256k1_ge_set_gej(&pub, &pubj);
getrec = secp256k1_rand32()&1;
getrec = secp256k1_rand_bits(1);
random_sign(&sigr, &sigs, &key, &msg, getrec?&recid:NULL);
if (getrec) {
CHECK(recid >= 0 && recid < 4);
@ -2344,17 +2343,17 @@ void test_ecdsa_end_to_end(void) { @@ -2344,17 +2343,17 @@ void test_ecdsa_end_to_end(void) {
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
/* Verify exporting and importing public key. */
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand32() % 2) == 1);
CHECK(secp256k1_ec_pubkey_serialize(ctx, pubkeyc, &pubkeyclen, &pubkey, secp256k1_rand_bits(1)) == 1);
memset(&pubkey, 0, sizeof(pubkey));
CHECK(secp256k1_ec_pubkey_parse(ctx, &pubkey, pubkeyc, pubkeyclen) == 1);
/* Verify private key import and export. */
CHECK(secp256k1_ec_privkey_export(ctx, seckey, &seckeylen, privkey, (secp256k1_rand32() % 2) == 1) ? SECP256K1_EC_COMPRESSED : 0);
CHECK(secp256k1_ec_privkey_export(ctx, seckey, &seckeylen, privkey, secp256k1_rand_bits(1) == 1) ? SECP256K1_EC_COMPRESSED : 0);
CHECK(secp256k1_ec_privkey_import(ctx, privkey2, seckey, seckeylen) == 1);
CHECK(memcmp(privkey, privkey2, 32) == 0);
/* Optionally tweak the keys using addition. */
if (secp256k1_rand32() % 3 == 0) {
if (secp256k1_rand_int(3) == 0) {
int ret1;
int ret2;
unsigned char rnd[32];
@ -2371,7 +2370,7 @@ void test_ecdsa_end_to_end(void) { @@ -2371,7 +2370,7 @@ void test_ecdsa_end_to_end(void) {
}
/* Optionally tweak the keys using multiplication. */
if (secp256k1_rand32() % 3 == 0) {
if (secp256k1_rand_int(3) == 0) {
int ret1;
int ret2;
unsigned char rnd[32];
@ -2417,7 +2416,7 @@ void test_ecdsa_end_to_end(void) { @@ -2417,7 +2416,7 @@ void test_ecdsa_end_to_end(void) {
/* Serialize/destroy/parse DER and verify again. */
siglen = 74;
CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature[0]) == 1);
sig[secp256k1_rand32() % siglen] += 1 + (secp256k1_rand32() % 255);
sig[secp256k1_rand_int(siglen)] += 1 + secp256k1_rand_int(255);
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &signature[0], sig, siglen) == 0 ||
secp256k1_ecdsa_verify(ctx, &signature[0], message, &pubkey) == 0);
}
@ -2427,23 +2426,18 @@ void test_random_pubkeys(void) { @@ -2427,23 +2426,18 @@ void test_random_pubkeys(void) {
secp256k1_ge elem2;
unsigned char in[65];
/* Generate some randomly sized pubkeys. */
uint32_t r = secp256k1_rand32();
size_t len = (r & 3) == 0 ? 65 : 33;
r>>=2;
if ((r & 3) == 0) {
len = (r & 252) >> 3;
size_t len = secp256k1_rand_bits(2) == 0 ? 65 : 33;
if (secp256k1_rand_bits(2) == 0) {
len = secp256k1_rand_bits(6);
}
r>>=8;
if (len == 65) {
in[0] = (r & 2) ? 4 : ((r & 1)? 6 : 7);
in[0] = secp256k1_rand_bits(1) ? 4 : (secp256k1_rand_bits(1) ? 6 : 7);
} else {
in[0] = (r & 1) ? 2 : 3;
in[0] = secp256k1_rand_bits(1) ? 2 : 3;
}
r>>=2;
if ((r & 7) == 0) {
in[0] = (r & 2040) >> 3;
if (secp256k1_rand_bits(3) == 0) {
in[0] = secp256k1_rand_bits(8);
}
r>>=11;
if (len > 1) {
secp256k1_rand256(&in[1]);
}
@ -2470,7 +2464,7 @@ void test_random_pubkeys(void) { @@ -2470,7 +2464,7 @@ void test_random_pubkeys(void) {
CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size));
ge_equals_ge(&elem,&elem2);
/* Check that the X9.62 hybrid type is checked. */
in[0] = (r & 1) ? 6 : 7;
in[0] = secp256k1_rand_bits(1) ? 6 : 7;
res = secp256k1_eckey_pubkey_parse(&elem2, in, size);
if (firstb == 2 || firstb == 3) {
if (in[0] == firstb + 4) {
@ -2647,7 +2641,7 @@ EC_KEY *get_openssl_key(const secp256k1_scalar *key) { @@ -2647,7 +2641,7 @@ EC_KEY *get_openssl_key(const secp256k1_scalar *key) {
unsigned char privkey[300];
size_t privkeylen;
const unsigned char* pbegin = privkey;
int compr = secp256k1_rand32() & 1;
int compr = secp256k1_rand_bits(1);
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1);
CHECK(secp256k1_eckey_privkey_serialize(&ctx->ecmult_gen_ctx, privkey, &privkeylen, key, compr ? SECP256K1_EC_COMPRESSED : 0));
CHECK(d2i_ECPrivateKey(&ec_key, &pbegin, privkeylen));
@ -2753,10 +2747,9 @@ int main(int argc, char **argv) { @@ -2753,10 +2747,9 @@ int main(int argc, char **argv) {
/* initialize */
run_context_tests();
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
if (secp256k1_rand32() & 1) {
if (secp256k1_rand_bits(1)) {
secp256k1_rand256(run32);
CHECK(secp256k1_context_randomize(ctx, (secp256k1_rand32() & 1) ? run32 : NULL));
CHECK(secp256k1_context_randomize(ctx, secp256k1_rand_bits(1) ? run32 : NULL));
}
run_rand_bits();

Loading…
Cancel
Save