Skip to content

Commit 3a8b47b

Browse files
committed
Merge #894: ctime_test: move context randomization test to the end
7d3497c ctime_test: move context randomization test to the end (Jonas Nick) Pull request description: ACKs for top commit: real-or-random: ACK 7d3497c diff looks good Tree-SHA512: aef006c43df4cab254ee7de79cdd34c4e2f7a463f29d1da6d285006b32bb4e18d0b914a305f371b8b5f5a20594c37ee464eb1e59d1978db9b06bf6b642e651d8
2 parents 24d1656 + 7d3497c commit 3a8b47b

File tree

1 file changed

+36
-26
lines changed

1 file changed

+36
-26
lines changed

src/valgrind_ctime_test.c

+36-26
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
***********************************************************************/
66

77
#include <valgrind/memcheck.h>
8+
#include <stdio.h>
9+
810
#include "include/secp256k1.h"
911
#include "assumptions.h"
1012
#include "util.h"
@@ -25,16 +27,49 @@
2527
#include "include/secp256k1_schnorrsig.h"
2628
#endif
2729

30+
void run_tests(secp256k1_context *ctx, unsigned char *key);
31+
2832
int main(void) {
2933
secp256k1_context* ctx;
34+
unsigned char key[32];
35+
int ret, i;
36+
37+
if (!RUNNING_ON_VALGRIND) {
38+
fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
39+
fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
40+
return 1;
41+
}
42+
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN
43+
| SECP256K1_CONTEXT_VERIFY
44+
| SECP256K1_CONTEXT_DECLASSIFY);
45+
/** In theory, testing with a single secret input should be sufficient:
46+
* If control flow depended on secrets the tool would generate an error.
47+
*/
48+
for (i = 0; i < 32; i++) {
49+
key[i] = i + 65;
50+
}
51+
52+
run_tests(ctx, key);
53+
54+
/* Test context randomisation. Do this last because it leaves the context
55+
* tainted. */
56+
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
57+
ret = secp256k1_context_randomize(ctx, key);
58+
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
59+
CHECK(ret);
60+
61+
secp256k1_context_destroy(ctx);
62+
return 0;
63+
}
64+
65+
void run_tests(secp256k1_context *ctx, unsigned char *key) {
3066
secp256k1_ecdsa_signature signature;
3167
secp256k1_pubkey pubkey;
3268
size_t siglen = 74;
3369
size_t outputlen = 33;
3470
int i;
3571
int ret;
3672
unsigned char msg[32];
37-
unsigned char key[32];
3873
unsigned char sig[74];
3974
unsigned char spubkey[33];
4075
#ifdef ENABLE_MODULE_RECOVERY
@@ -45,26 +80,10 @@ int main(void) {
4580
secp256k1_keypair keypair;
4681
#endif
4782

48-
if (!RUNNING_ON_VALGRIND) {
49-
fprintf(stderr, "This test can only usefully be run inside valgrind.\n");
50-
fprintf(stderr, "Usage: libtool --mode=execute valgrind ./valgrind_ctime_test\n");
51-
exit(1);
52-
}
53-
54-
/** In theory, testing with a single secret input should be sufficient:
55-
* If control flow depended on secrets the tool would generate an error.
56-
*/
57-
for (i = 0; i < 32; i++) {
58-
key[i] = i + 65;
59-
}
6083
for (i = 0; i < 32; i++) {
6184
msg[i] = i + 1;
6285
}
6386

64-
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN
65-
| SECP256K1_CONTEXT_VERIFY
66-
| SECP256K1_CONTEXT_DECLASSIFY);
67-
6887
/* Test keygen. */
6988
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
7089
ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key);
@@ -122,12 +141,6 @@ int main(void) {
122141
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
123142
CHECK(ret == 1);
124143

125-
/* Test context randomisation. Do this last because it leaves the context tainted. */
126-
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
127-
ret = secp256k1_context_randomize(ctx, key);
128-
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
129-
CHECK(ret);
130-
131144
/* Test keypair_create and keypair_xonly_tweak_add. */
132145
#ifdef ENABLE_MODULE_EXTRAKEYS
133146
VALGRIND_MAKE_MEM_UNDEFINED(key, 32);
@@ -157,7 +170,4 @@ int main(void) {
157170
VALGRIND_MAKE_MEM_DEFINED(&ret, sizeof(ret));
158171
CHECK(ret == 1);
159172
#endif
160-
161-
secp256k1_context_destroy(ctx);
162-
return 0;
163173
}

0 commit comments

Comments
 (0)