Adding random tests against a naive implementation

.gitignore

@@ -48,3 +48,4 @@ build-aux/compile
 build-aux/test-driver
 src/stamp-h1
 libsecp256k1.pc
+ecc-secp256k1

Makefile.am

@@ -161,8 +161,9 @@ gen_%.o: src/gen_%.c
 $(gen_context_BIN): $(gen_context_OBJECTS)
 	$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) $^ -o $@
 
+ECC_SECP=libecc_secp256k1.a
 $(libsecp256k1_la_OBJECTS): src/ecmult_static_context.h
-$(tests_OBJECTS): src/ecmult_static_context.h
+$(tests_OBJECTS): src/ecmult_static_context.h $(ECC_SECP)
 $(bench_internal_OBJECTS): src/ecmult_static_context.h
 $(bench_ecmult_OBJECTS): src/ecmult_static_context.h
 
@@ -181,3 +182,12 @@ endif
 if ENABLE_MODULE_RECOVERY
 include src/modules/recovery/Makefile.am.include
 endif
+
+
+if ENABLE_RUST_NAIVETESTS
+$(ECC_SECP):
+	git clone https://github.com/elichai/ecc-secp256k1.git -b v0.1.0 2> /dev/null | true
+	cd ecc-secp256k1 && cargo build --release --features=ffi
+	cp ./ecc-secp256k1/target/release/libecc_secp256k1.a  .
+	cp ./ecc-secp256k1/ecc_secp256k1.h  ./src/
+endif

configure.ac

@@ -104,6 +104,11 @@ AC_ARG_ENABLE(openssl_tests,
     [enable_openssl_tests=$enableval],
     [enable_openssl_tests=auto])
 
+AC_ARG_ENABLE(rust_naivetests,
+    AS_HELP_STRING([--enable-rust-naivetests],[enable tests against naive rust implementation [default=auto]]),
+    [enable_rust_naivetests=$enableval],
+    [enable_rust_naivetests=auto])
+
 AC_ARG_ENABLE(experimental,
     AS_HELP_STRING([--enable-experimental],[allow experimental configure options [default=no]]),
     [use_experimental=$enableval],
@@ -442,10 +447,17 @@ if test x"$use_tests" = x"yes"; then
       AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available])
     fi
   fi
+  if test x"$enable_rust_naivetests" != x"no"; then
+    AC_DEFINE(ENABLE_RUST_NAIVETESTS, 1, [Define this symbol if you want to build the rust tests])
+    SECP_TEST_LIBS="$SECP_TEST_LIBS -ldl -lpthread -lm -lecc_secp256k1 -L."
+  fi
 else
   if test x"$enable_openssl_tests" = x"yes"; then
     AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled])
   fi
+    if test x"$enable_rust_naivetests" = x"yes"; then
+    AC_MSG_ERROR([Rust naiveTests requested but tests are not enabled])
+  fi
 fi
 
 if test x"$use_jni" != x"no"; then
@@ -534,6 +546,7 @@ AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"ye
 AM_CONDITIONAL([USE_JNI], [test x"$use_jni" = x"yes"])
 AM_CONDITIONAL([USE_EXTERNAL_ASM], [test x"$use_external_asm" = x"yes"])
 AM_CONDITIONAL([USE_ASM_ARM], [test x"$set_asm" = x"arm"])
+AM_CONDITIONAL([ENABLE_RUST_NAIVETESTS], [test x"$enable_rust_naivetests" != x"no"])
 
 dnl make sure nothing new is exported so that we don't break the cache
 PKGCONFIG_PATH_TEMP="$PKG_CONFIG_PATH"

src/ecc_secp256k1.h

@@ -0,0 +1,61 @@
+/**
+ * Sign an ECDSA Signature
+ * The message should be a hashed 32 bytes.
+ * Input: msg -> pointer to 32 bytes message.
+ * privkey -> pointer to 32 bytes private key.
+ * Output: sig_out -> pointer to a 64 bytes buffer.
+ * Returns:
+ * 1 - Finished successfully.
+ * 0 - Failed.
+ */
+int ecc_secp256k1_ecdsa_sign(unsigned char *sig_out,
+                             const unsigned char *msg,
+                             const unsigned char *privkey);
+
+/**
+ * Verify a ECDSA Signature
+ * Accepts either compressed(33 btes) or uncompressed(65 bytes) public key. using the flag (1==compressed, 0==uncompressed).
+ * Input: sig -> pointer to 64 bytes signature.
+ * msg -> 32 bytes result of a hash. (***Make Sure you hash the message yourself! otherwise it's easily broken***)
+ * pubkey -> pointer to 33 or 65 bytes pubkey depending on the compressed flag.
+ * compressed -> 1 for compressed, 0 for uncompressed.
+ * Returns:
+ * 1 - The signature is valid.
+ * 0 - Signature is not valid.
+ * -1 - Some other problem.
+ */
+int ecc_secp256k1_ecdsa_verify(const unsigned char *sig,
+                               const unsigned char *msg,
+                               const unsigned char *pubkey,
+                               int compressed);
+
+/**
+ * Sign a Schnorr Signature
+ * The message should be a hashed 32 bytes.
+ * Input: msg -> pointer to 32 bytes message.
+ * privkey -> pointer to 32 bytes private key.
+ * Output: sig_out -> pointer to a 64 bytes buffer.
+ * Returns:
+ * 1 - Finished successfully.
+ * 0 - Failed.
+ */
+int ecc_secp256k1_schnorr_sign(unsigned char *sig_out,
+                               const unsigned char *msg,
+                               const unsigned char *privkey);
+
+/**
+ * Verify a Schnorr Signature
+ * Accepts either compressed(33 btes) or uncompressed(65 bytes) public key. using the flag (1==compressed, 0==uncompressed).
+ * Input: sig -> pointer to 64 bytes signature.
+ * msg -> 32 bytes result of a hash. (***Make Sure you hash the message yourself! otherwise it's easily broken***)
+ * pubkey -> pointer to 33 or 65 bytes pubkey depending on the compressed flag.
+ * compressed -> 1 for compressed, 0 for uncompressed.
+ * Returns:
+ * 1 - The signature is valid.
+ * 0 - Signature is not valid.
+ * -1 - Some other problem.
+ */
+int ecc_secp256k1_schnorr_verify(const unsigned char *sig,
+                                 const unsigned char *msg,
+                                 const unsigned char *pubkey,
+                                 int compressed);

src/tests.c

@@ -18,6 +18,7 @@
 #include "include/secp256k1.h"
 #include "include/secp256k1_preallocated.h"
 #include "testrand_impl.h"
+#include "ecc_secp256k1.h"
 
 #ifdef ENABLE_OPENSSL_TESTS
 #include "openssl/bn.h"
@@ -4134,11 +4135,48 @@ void test_ecdsa_sign_verify(void) {
     CHECK(!secp256k1_ecdsa_sig_verify(&ctx->ecmult_ctx, &sigr, &sigs, &pub, &msg));
 }
 
+void test_ecdsa_sign_verify_rust(void) {
+
+    secp256k1_scalar msg, key;
+    unsigned char raw_key[32];
+    unsigned char raw_msg[32];
+    unsigned char raw_pubkey[65];
+    unsigned char raw_sig[64];
+    size_t pubkey_len = sizeof(raw_pubkey);
+    secp256k1_pubkey pubkey;
+    secp256k1_ecdsa_signature sig;
+
+    random_scalar_order_test(&msg);
+    random_scalar_order_test(&key);
+
+    secp256k1_scalar_get_b32(raw_msg, &msg);
+    secp256k1_scalar_get_b32(raw_key, &key);
+
+    CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, raw_key) == 1);
+    secp256k1_ec_pubkey_serialize(ctx, raw_pubkey, &pubkey_len, &pubkey, SECP256K1_EC_UNCOMPRESSED);
+    /* Sign with secp256k1 */
+    CHECK(secp256k1_ecdsa_sign(ctx, &sig, raw_msg, raw_key, NULL, NULL) == 1);
+    CHECK(secp256k1_ecdsa_verify(ctx, &sig, raw_msg, &pubkey) == 1);
+    secp256k1_ecdsa_signature_serialize_compact(ctx, raw_sig, &sig);
+    /* Verify with ecc-secp256k1(rust) */
+    CHECK(ecc_secp256k1_ecdsa_verify(raw_sig, raw_msg, raw_pubkey, 0) == 1);
+    /* Sign with ecc-secp256k1(rust) */
+    CHECK(ecc_secp256k1_ecdsa_sign(raw_sig, raw_msg, raw_key) == 1);
+    /* Verify with secp256k1 */
+    CHECK(secp256k1_ecdsa_signature_parse_compact(ctx, &sig, raw_sig) == 1);
+    CHECK(secp256k1_ecdsa_verify(ctx, &sig, raw_msg, &pubkey) == 1);
+}
+
+
 void run_ecdsa_sign_verify(void) {
     int i;
     for (i = 0; i < 10*count; i++) {
         test_ecdsa_sign_verify();
     }
+
+    for (i = 0; i < 10*count; i++) {
+        test_ecdsa_sign_verify_rust();
+    } 
 }
 
 /** Dummy nonce generation function that just uses a precomputed nonce, and fails if it is not accepted. Use only for testing. */