Merge bitcoin-core/secp256k1#1026: ecdh: Add test computing shared_secret=basepoint with random inputs

jonasnick · jonasnick · commit 3ef94aa5baa9 · 2022-02-11T19:38:07.000Z
3531a43 ecdh: Make generator_basepoint test depend on global iteration count (Tim Ruffing) c881dd4 ecdh: Add test computing shared_secret=basepoint with random inputs (Tim Ruffing) Pull request description: ACKs for top commit: jonasnick: ACK 3531a43 Tree-SHA512: 5a2e47bad7ec5b3fd9033283fe00e54563b7b1655baf2b8ca39718deceddcc816bb8fcda0d07af6f1f8a785642da5dc69b7df52a1ddd445a3a98a5d5ecff6780
diff --git a/src/modules/ecdh/tests_impl.h b/src/modules/ecdh/tests_impl.h
@@ -60,7 +60,7 @@ void test_ecdh_generator_basepoint(void) {
 
     s_one[31] = 1;
     /* Check against pubkey creation when the basepoint is the generator */
-    for (i = 0; i < 100; ++i) {
+    for (i = 0; i < 2 * count; ++i) {
         secp256k1_sha256 sha;
         unsigned char s_b32[32];
         unsigned char output_ecdh[65];
@@ -123,10 +123,43 @@ void test_bad_scalar(void) {
     CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0);
 }
 
+/** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */
+void test_result_basepoint(void) {
+    secp256k1_pubkey point;
+    secp256k1_scalar rand;
+    unsigned char s[32];
+    unsigned char s_inv[32];
+    unsigned char out[32];
+    unsigned char out_inv[32];
+    unsigned char out_base[32];
+    int i;
+
+    unsigned char s_one[32] = { 0 };
+    s_one[31] = 1;
+    CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_one) == 1);
+    CHECK(secp256k1_ecdh(ctx, out_base, &point, s_one, NULL, NULL) == 1);
+
+    for (i = 0; i < 2 * count; i++) {
+        random_scalar_order(&rand);
+        secp256k1_scalar_get_b32(s, &rand);
+        secp256k1_scalar_inverse(&rand, &rand);
+        secp256k1_scalar_get_b32(s_inv, &rand);
+
+        CHECK(secp256k1_ec_pubkey_create(ctx, &point, s) == 1);
+        CHECK(secp256k1_ecdh(ctx, out, &point, s_inv, NULL, NULL) == 1);
+        CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0);
+
+        CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_inv) == 1);
+        CHECK(secp256k1_ecdh(ctx, out_inv, &point, s, NULL, NULL) == 1);
+        CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0);
+    }
+}
+
 void run_ecdh_tests(void) {
     test_ecdh_api();
     test_ecdh_generator_basepoint();
     test_bad_scalar();
+    test_result_basepoint();
 }
 
 #endif /* SECP256K1_MODULE_ECDH_TESTS_H */
