nim-secp256k1/tests/test_secp256k1.nim

import ../secp256k1, unittest

{.used.}

const
  msg0 = SkMessage([
    0'u8, 0, 0, 0, 0, 0, 0, 0,
    0'u8, 0, 0, 0, 0, 0, 0, 0,
    0'u8, 0, 0, 0, 0, 0, 0, 0,
    0'u8, 0, 0, 0, 0, 0, 0, 0,
  ])
  msg1 = SkMessage([
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
  ])
  msg2 = array[40, byte]([
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
    1'u8, 0, 0, 0, 0, 0, 0, 0,
  ])

proc workingRng(data: var openArray[byte]): bool =
  data[0] += 1
  true

proc brokenRng(data: var openArray[byte]): bool = false

suite "secp256k1":
  test "Key ops":
    let
      sk = SkSecretKey.random(workingRng).expect("should get a key")
      pk = sk.toPublicKey()

    check:
      SkSecretKey.fromRaw(sk.toRaw())[].toHex() == sk.toHex()
      SkSecretKey.fromHex(sk.toHex())[].toHex() == sk.toHex()
      SkPublicKey.fromRaw(pk.toRaw())[].toHex() == pk.toHex()
      SkPublicKey.fromRaw(pk.toRawCompressed())[].toHex() == pk.toHex()
      SkPublicKey.fromHex(pk.toHex())[].toHex() == pk.toHex()
      SkSecretKey.random(brokenRng).isErr

  test "Keypairs":
    check:
      SkKeyPair.random(workingRng).isOk()

  test "Signatures":
    let
      sk = SkSecretKey.random(workingRng)[]
      pk = sk.toPublicKey()
      otherPk = SkSecretKey.random(workingRng)[].toPublicKey()
      sig = sign(sk, msg0)
      sig2 = signRecoverable(sk, msg0)
      sig3 = signSchnorr(sk, msg0)
      sig4 = signSchnorr(sk, msg2)

    check:
      verify(sig, msg0, pk)
      not verify(sig, msg0, otherPk)
      not verify(sig, msg1, pk)
      recover(sig2, msg0)[] == pk
      recover(sig2, msg1)[] != pk
      SkSignature.fromDer(sig.toDer())[].toHex() == sig.toHex()
      verify(sig3, msg0, pk)
      verify(sig4, msg2, pk)

  test "Message":
    check:
      SkMessage.fromBytes([]).isErr()
      SkMessage.fromBytes([0'u8]).isErr()
      SkMessage.fromBytes(array[32, byte](msg0)).isOk()
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00			`import ../secp256k1, unittest`

			`{.used.}`

			`const`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`msg0 = SkMessage([`
			`0'u8, 0, 0, 0, 0, 0, 0, 0,`
			`0'u8, 0, 0, 0, 0, 0, 0, 0,`
			`0'u8, 0, 0, 0, 0, 0, 0, 0,`
			`0'u8, 0, 0, 0, 0, 0, 0, 0,`
			`])`
			`msg1 = SkMessage([`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`])`
Rework patch. Implement Schnorr signing and undo breaking changes. 2023-04-04 03:42:03 +00:00			`msg2 = array[40, byte]([`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`1'u8, 0, 0, 0, 0, 0, 0, 0,`
			`])`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`proc workingRng(data: var openArray[byte]): bool =`
			`data[0] += 1`
			`true`

			`proc brokenRng(data: var openArray[byte]): bool = false`

add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00			`suite "secp256k1":`
			`test "Key ops":`
			`let`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`sk = SkSecretKey.random(workingRng).expect("should get a key")`
use requiredInit (#22) * use requiredInit Use requiredInit on keys - this simplifies error handling by providing more compile-time guarantees through type. Loophole: `clear` will leave an invalid key type in memory, not guaranteed by type - it requires an explicit action to produce, so it's somewhat better than the current situation where by default, keys are invalid, but it's not watertight. something like a `sink` would be needed which would have to guarantee that `clear` is the last use of the instance. * close requiresinit loophole * remove clear for public stuff * fix side effects `secp256k1_context_no_precomp` is constant actually * document nosideeffect * document nosideeffect * document fix 2020-06-22 14:08:21 +00:00			`pk = sk.toPublicKey()`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00
			`check:`
			`SkSecretKey.fromRaw(sk.toRaw())[].toHex() == sk.toHex()`
			`SkSecretKey.fromHex(sk.toHex())[].toHex() == sk.toHex()`
			`SkPublicKey.fromRaw(pk.toRaw())[].toHex() == pk.toHex()`
			`SkPublicKey.fromRaw(pk.toRawCompressed())[].toHex() == pk.toHex()`
			`SkPublicKey.fromHex(pk.toHex())[].toHex() == pk.toHex()`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`SkSecretKey.random(brokenRng).isErr`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00
Re-order 2023-04-04 02:43:37 +00:00			`test "Keypairs":`
			`check:`
			`SkKeyPair.random(workingRng).isOk()`

add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00			`test "Signatures":`
			`let`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`sk = SkSecretKey.random(workingRng)[]`
use requiredInit (#22) * use requiredInit Use requiredInit on keys - this simplifies error handling by providing more compile-time guarantees through type. Loophole: `clear` will leave an invalid key type in memory, not guaranteed by type - it requires an explicit action to produce, so it's somewhat better than the current situation where by default, keys are invalid, but it's not watertight. something like a `sink` would be needed which would have to guarantee that `clear` is the last use of the instance. * close requiresinit loophole * remove clear for public stuff * fix side effects `secp256k1_context_no_precomp` is constant actually * document nosideeffect * document nosideeffect * document fix 2020-06-22 14:08:21 +00:00			`pk = sk.toPublicKey()`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`otherPk = SkSecretKey.random(workingRng)[].toPublicKey()`
use requiredInit (#22) * use requiredInit Use requiredInit on keys - this simplifies error handling by providing more compile-time guarantees through type. Loophole: `clear` will leave an invalid key type in memory, not guaranteed by type - it requires an explicit action to produce, so it's somewhat better than the current situation where by default, keys are invalid, but it's not watertight. something like a `sink` would be needed which would have to guarantee that `clear` is the last use of the instance. * close requiresinit loophole * remove clear for public stuff * fix side effects `secp256k1_context_no_precomp` is constant actually * document nosideeffect * document nosideeffect * document fix 2020-06-22 14:08:21 +00:00			`sig = sign(sk, msg0)`
			`sig2 = signRecoverable(sk, msg0)`
Rework patch. Implement Schnorr signing and undo breaking changes. 2023-04-04 03:42:03 +00:00			`sig3 = signSchnorr(sk, msg0)`
			`sig4 = signSchnorr(sk, msg2)`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00
			`check:`
			`verify(sig, msg0, pk)`
use requiredInit (#22) * use requiredInit Use requiredInit on keys - this simplifies error handling by providing more compile-time guarantees through type. Loophole: `clear` will leave an invalid key type in memory, not guaranteed by type - it requires an explicit action to produce, so it's somewhat better than the current situation where by default, keys are invalid, but it's not watertight. something like a `sink` would be needed which would have to guarantee that `clear` is the last use of the instance. * close requiresinit loophole * remove clear for public stuff * fix side effects `secp256k1_context_no_precomp` is constant actually * document nosideeffect * document nosideeffect * document fix 2020-06-22 14:08:21 +00:00			`not verify(sig, msg0, otherPk)`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00			`not verify(sig, msg1, pk)`
			`recover(sig2, msg0)[] == pk`
			`recover(sig2, msg1)[] != pk`
			`SkSignature.fromDer(sig.toDer())[].toHex() == sig.toHex()`
Rework patch. Implement Schnorr signing and undo breaking changes. 2023-04-04 03:42:03 +00:00			`verify(sig3, msg0, pk)`
			`verify(sig4, msg2, pk)`
add convenience api (#21) fixes #19 2020-04-17 05:43:30 +00:00
			`test "Message":`
			`check:`
			`SkMessage.fromBytes([]).isErr()`
			`SkMessage.fromBytes([0'u8]).isErr()`
use external rng instead of nimcrypto (#23) * use external rng instead of nimcrypto allows passing in different RNG's to generate keys * pass in array of random data to random keygen function * back to a proc * docs * gcsafe rng callback needed * introduce foolproofrng that can't fail * silence compiler warning * hint at random not being good enough in defect 2020-07-06 13:07:29 +00:00			`SkMessage.fromBytes(array[32, byte](msg0)).isOk()`