Skip to content

Commit b073fb7

Browse files
jonasnickjonasnick
committed
schnorrsig: add tests for sign_custom and varlen msg verification
1 parent 662a093 commit b073fb7

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

src/modules/schnorrsig/tests_impl.h

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,8 @@ void test_schnorrsig_api(void) {
123123
secp256k1_xonly_pubkey pk[3];
124124
secp256k1_xonly_pubkey zero_pk;
125125
unsigned char sig[64];
126+
secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
127+
secp256k1_schnorrsig_extraparams invalid_extraparams = { 0 };
126128

127129
/** setup **/
128130
secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
@@ -169,6 +171,28 @@ void test_schnorrsig_api(void) {
169171
CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, &invalid_keypair, NULL) == 0);
170172
CHECK(ecount == 6);
171173

174+
ecount = 0;
175+
CHECK(secp256k1_schnorrsig_sign_custom(none, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
176+
CHECK(ecount == 1);
177+
CHECK(secp256k1_schnorrsig_sign_custom(vrfy, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
178+
CHECK(ecount == 2);
179+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1);
180+
CHECK(ecount == 2);
181+
CHECK(secp256k1_schnorrsig_sign_custom(sign, NULL, msg, sizeof(msg), &keypairs[0], &extraparams) == 0);
182+
CHECK(ecount == 3);
183+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, NULL, sizeof(msg), &keypairs[0], &extraparams) == 0);
184+
CHECK(ecount == 4);
185+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, NULL, 0, &keypairs[0], &extraparams) == 1);
186+
CHECK(ecount == 4);
187+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), NULL, &extraparams) == 0);
188+
CHECK(ecount == 5);
189+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &invalid_keypair, &extraparams) == 0);
190+
CHECK(ecount == 6);
191+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1);
192+
CHECK(ecount == 6);
193+
CHECK(secp256k1_schnorrsig_sign_custom(sign, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams) == 0);
194+
CHECK(ecount == 7);
195+
172196
ecount = 0;
173197
CHECK(secp256k1_schnorrsig_sign(sign, sig, msg, &keypairs[0], NULL) == 1);
174198
CHECK(secp256k1_schnorrsig_verify(none, sig, msg, sizeof(msg), &pk[0]) == 0);
@@ -181,6 +205,8 @@ void test_schnorrsig_api(void) {
181205
CHECK(ecount == 3);
182206
CHECK(secp256k1_schnorrsig_verify(vrfy, sig, NULL, sizeof(msg), &pk[0]) == 0);
183207
CHECK(ecount == 4);
208+
CHECK(secp256k1_schnorrsig_verify(vrfy, sig, NULL, 0, &pk[0]) == 0);
209+
CHECK(ecount == 4);
184210
CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), NULL) == 0);
185211
CHECK(ecount == 5);
186212
CHECK(secp256k1_schnorrsig_verify(vrfy, sig, msg, sizeof(msg), &zero_pk) == 0);
@@ -696,10 +722,13 @@ void test_schnorrsig_sign(void) {
696722
secp256k1_keypair keypair;
697723
const unsigned char msg[32] = "this is a msg for a schnorrsig..";
698724
unsigned char sig[64];
725+
unsigned char sig2[64];
699726
unsigned char zeros64[64] = { 0 };
700727
secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT;
728+
unsigned char aux_rand[32];
701729

702730
secp256k1_testrand256(sk);
731+
secp256k1_testrand256(aux_rand);
703732
CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
704733
CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));
705734
CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL) == 1);
@@ -720,6 +749,14 @@ void test_schnorrsig_sign(void) {
720749
extraparams.noncefp = nonce_function_overflowing;
721750
CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1);
722751
CHECK(secp256k1_schnorrsig_verify(ctx, sig, msg, sizeof(msg), &pk));
752+
753+
/* When using the default nonce function, schnorrsig_sign_custom produces
754+
* the same result as schnorrsig_sign with aux_rand = extraparams.ndata */
755+
extraparams.noncefp = NULL;
756+
extraparams.ndata = aux_rand;
757+
CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig, msg, sizeof(msg), &keypair, &extraparams) == 1);
758+
CHECK(secp256k1_schnorrsig_sign(ctx, sig2, msg, &keypair, extraparams.ndata) == 1);
759+
CHECK(memcmp(sig, sig2, sizeof(sig)) == 0);
723760
}
724761

725762
#define N_SIGS 3
@@ -782,6 +819,24 @@ void test_schnorrsig_sign_verify(void) {
782819
secp256k1_scalar_negate(&s, &s);
783820
secp256k1_scalar_get_b32(&sig[0][32], &s);
784821
CHECK(!secp256k1_schnorrsig_verify(ctx, sig[0], msg[0], sizeof(msg[0]), &pk));
822+
823+
/* The empty message can be signed & verified */
824+
CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], NULL, 0, &keypair, NULL) == 1);
825+
CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], NULL, 0, &pk) == 1);
826+
827+
{
828+
/* Test varying message lengths */
829+
unsigned char msg_large[32 * 8];
830+
uint32_t msglen = secp256k1_testrand_int(sizeof(msg_large));
831+
for (i = 0; i < sizeof(msg_large); i += 32) {
832+
secp256k1_testrand256(&msg_large[i]);
833+
}
834+
CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig[0], msg_large, msglen, &keypair, NULL) == 1);
835+
CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 1);
836+
/* Verification for a random wrong message length fails */
837+
msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large);
838+
CHECK(secp256k1_schnorrsig_verify(ctx, sig[0], msg_large, msglen, &pk) == 0);
839+
}
785840
}
786841
#undef N_SIGS
787842

0 commit comments

Comments
 (0)