Skip to content

Commit

Permalink
Merge bitcoin#894: ctime_test: move context randomization test to the…
Browse files Browse the repository at this point in the history
… end

7d3497c ctime_test: move context randomization test to the end (Jonas Nick)

Pull request description:

ACKs for top commit:
  real-or-random:
    ACK 7d3497c diff looks good

Tree-SHA512: aef006c43df4cab254ee7de79cdd34c4e2f7a463f29d1da6d285006b32bb4e18d0b914a305f371b8b5f5a20594c37ee464eb1e59d1978db9b06bf6b642e651d8
  • Loading branch information
jonasnick committed Feb 22, 2021
2 parents 24d1656 + 7d3497c commit 3a8b47b
Showing 1 changed file with 36 additions and 26 deletions.
62 changes: 36 additions & 26 deletions src/valgrind_ctime_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
***********************************************************************/

#include <valgrind/memcheck.h>
#include <stdio.h>

#include "include/secp256k1.h"
#include "assumptions.h"
#include "util.h"
Expand All @@ -25,16 +27,49 @@
#include "include/secp256k1_schnorrsig.h"
#endif

void run_tests(secp256k1_context *ctx, unsigned char *key);

int main(void) {
secp256k1_context* ctx;
unsigned char key[32];
int ret, i;

if (!RUNNING_ON_VALGRIND) {
fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
return 1;
}
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN
| SECP256K1_CONTEXT_VERIFY
| SECP256K1_CONTEXT_DECLASSIFY);
/** In theory, testing with a single secret input should be sufficient:
* If control flow depended on secrets the tool would generate an error.
*/
for (i = 0; i < 32; i++) {
key[i] = i + 65;
}

run_tests(ctx, key);

/* Test context randomisation. Do this last because it leaves the context
* tainted. */
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
ret = secp256k1_context_randomize(ctx, key);
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
CHECK(ret);

secp256k1_context_destroy(ctx);
return 0;
}

void run_tests(secp256k1_context *ctx, unsigned char *key) {
secp256k1_ecdsa_signature signature;
secp256k1_pubkey pubkey;
size_t siglen = 74;
size_t outputlen = 33;
int i;
int ret;
unsigned char msg[32];
unsigned char key[32];
unsigned char sig[74];
unsigned char spubkey[33];
#ifdef ENABLE_MODULE_RECOVERY
Expand All @@ -45,26 +80,10 @@ int main(void) {
secp256k1_keypair keypair;
#endif

if (!RUNNING_ON_VALGRIND) {
fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
exit(1);
}

/** In theory, testing with a single secret input should be sufficient:
* If control flow depended on secrets the tool would generate an error.
*/
for (i = 0; i < 32; i++) {
key[i] = i + 65;
}
for (i = 0; i < 32; i++) {
msg[i] = i + 1;
}

ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN
| SECP256K1_CONTEXT_VERIFY
| SECP256K1_CONTEXT_DECLASSIFY);

/* Test keygen. */
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
Expand Down Expand Up @@ -122,12 +141,6 @@ int main(void) {
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
CHECK(ret == 1);

/* Test context randomisation. Do this last because it leaves the context tainted. */
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
ret = secp256k1_context_randomize(ctx, key);
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
CHECK(ret);

/* Test keypair_create and keypair_xonly_tweak_add. */
#ifdef ENABLE_MODULE_EXTRAKEYS
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
Expand Down Expand Up @@ -157,7 +170,4 @@ int main(void) {
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
CHECK(ret == 1);
#endif

secp256k1_context_destroy(ctx);
return 0;
}

0 comments on commit 3a8b47b

Please sign in to comment.