mleku/libsecp256k1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files

Browse Source 
d73ed99479 tests: update wycheproof files (RandomLattice)

Pull request description:

ACKs for top commit:
  sipa:
    utACK d73ed99479
  jonasnick:
    ACK d73ed99479

Tree-SHA512: b772549d26ab8cf28416772a8fa4e53272bea7fabf4e33e85b943bbc9a568257b559db23045a29c209b017b1f758c6772aeefa79df85bc744df4c4fadacaeb5e
This commit is contained in:
Jonas Nick
2025-05-14 06:50:42 +00:00
parent 4187a46649 d73ed99479
commit bb597b3d39
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -115,7 +115,7 @@ We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to
- Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14. - Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14.
#### Added #### Added
- Added tests against [Project Wycheproof's](https://github.com/google/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases. - Added tests against [Project Wycheproof's](https://github.com/C2SP/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases.
#### Changed #### Changed
- Increased minimum required CMake version to 3.13. CMake builds remain experimental. - Increased minimum required CMake version to 3.13. CMake builds remain experimental.

12
src/wycheproof/WYCHEPROOF_COPYING
View File

@@ -1,12 +1,12 @@
* The file `ecdsa_secp256k1_sha256_bitcoin_test.json` in this directory * The file `ecdsa_secp256k1_sha256_bitcoin_test.json` in this directory
comes from Google's project Wycheproof with git commit comes from project Wycheproof with git commit
`b063b4aedae951c69df014cd25fa6d69ae9e8cb9`, see `df4e933efef449fc88af0c06e028d425d84a9495`, see
https://github.com/google/wycheproof/blob/b063b4aedae951c69df014cd25fa6d69ae9e8cb9/testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json https://github.com/C2SP/wycheproof/blob/df4e933efef449fc88af0c06e028d425d84a9495/testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json
* The file `ecdh_secp256k1_test.json` in this directory * The file `ecdh_secp256k1_test.json` in this directory
comes from Google's project Wycheproof with git commit comes from project Wycheproof with git commit
`d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d`, see `df4e933efef449fc88af0c06e028d425d84a9495`, see
https://github.com/google/wycheproof/blob/d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d/testvectors_v1/ecdh_secp256k1_test.json https://github.com/C2SP/wycheproof/blob/df4e933efef449fc88af0c06e028d425d84a9495/testvectors_v1/ecdh_secp256k1_test.json
* The file `ecdsa_secp256k1_sha256_bitcoin_test.h` is generated from * The file `ecdsa_secp256k1_sha256_bitcoin_test.h` is generated from
`ecdsa_secp256k1_sha256_bitcoin_test.json` using the script `ecdsa_secp256k1_sha256_bitcoin_test.json` using the script

5
src/wycheproof/ecdh_secp256k1_test.json
View File

@@ -1,7 +1,6 @@
{ {
"algorithm" : "ECDH", "algorithm" : "ECDH",
"schema" : "ecdh_test_schema.json", "schema" : "ecdh_test_schema.json",
"generatorVersion" : "0.9rc5",
"numberOfTests" : 752, "numberOfTests" : 752,
"header" : [ "header" : [
"Test vectors of type EcdhTest are intended for", "Test vectors of type EcdhTest are intended for",
@@ -124,6 +123,10 @@
"testGroups" : [ "testGroups" : [
{ {
"type" : "EcdhTest", "type" : "EcdhTest",
"source" : {
"name" : "google-wycheproof",
"version" : "0.9rc5"
},
"curve" : "secp256k1", "curve" : "secp256k1",
"encoding" : "asn", "encoding" : "asn",
"tests" : [ "tests" : [

4
src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json
View File

@@ -10,7 +10,7 @@
"notes" : { "notes" : {
"ArithmeticError" : { "ArithmeticError" : {
"bugType" : "EDGE_CASE", "bugType" : "EDGE_CASE",
"description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurences.", "description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurrences.",
"cves" : [ "cves" : [
"CVE-2017-18146" "CVE-2017-18146"
] ]
@@ -95,7 +95,7 @@
}, },
"SignatureMalleabilityBitcoin" : { "SignatureMalleabilityBitcoin" : {
"bugType" : "SIGNATURE_MALLEABILITY", "bugType" : "SIGNATURE_MALLEABILITY",
"description" : "\"BitCoins\"-curves are curves where signature malleability can be a serious issue. An implementation should only accept a signature s where s < n/2. If an implementation is not meant for uses cases that require signature malleability then this implemenation should be tested with another set of test vectors.", "description" : "\"BitCoins\"-curves are curves where signature malleability can be a serious issue. An implementation should only accept a signature s where s < n/2. If an implementation is not meant for uses cases that require signature malleability then this implementation should be tested with another set of test vectors.",
"effect" : "In bitcoin exchanges, it may be used to make a double deposits or double withdrawals", "effect" : "In bitcoin exchanges, it may be used to make a double deposits or double withdrawals",
"links" : [ "links" : [
"https://en.bitcoin.it/wiki/Transaction_malleability", "https://en.bitcoin.it/wiki/Transaction_malleability",