From dd08f037995e5a31b0589c26138eaf45944037ab Mon Sep 17 00:00:00 2001
From: Pieter Wuille <sipa@ulyssis.org>
Date: Sun, 5 May 2013 16:55:05 +0200
Subject: [PATCH] OpenSSL/EC tests

---
 Makefile    |  4 +--
 configure   | 31 ++++++++++++++++++
 src/tests.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++----
 3 files changed, 119 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 30a0aa3..f7d1ab3 100644
--- a/Makefile
+++ b/Makefile
@@ -27,11 +27,11 @@ bench: $(FILES) src/bench.c $(OBJS)
 	$(CC) -fPIC -std=c99 $(CFLAGS) $(CFLAGS_EXTRA) -DNDEBUG -O2 src/bench.c $(OBJS) $(LDFLAGS_EXTRA) -o bench
 
 tests: $(FILES) src/tests.c $(OBJS)
-	$(CC) -std=c99 $(CFLAGS) $(CFLAGS_EXTRA) -DVERIFY -fstack-protector-all -O2 -ggdb3 src/tests.c $(OBJS) $(LDFLAGS_EXTRA) -o tests
+	$(CC) -std=c99 $(CFLAGS) $(CFLAGS_EXTRA) $(CFLAGS_TEST_EXTRA) -DVERIFY -fstack-protector-all -O2 -ggdb3 src/tests.c $(OBJS) $(LDFLAGS_EXTRA) $(LDFLAGS_TEST_EXTRA) -o tests
 
 coverage: $(FILES) src/tests.c $(OBJS)
 	rm -rf tests.gcno tests.gcda tests_cov
-	$(CC) -std=c99 $(CFLAGS) $(CFLAGS_EXTRA) -DVERIFY --coverage -O0 -g src/tests.c $(OBJS) $(LDFLAGS_EXTRA) -o tests_cov
+	$(CC) -std=c99 $(CFLAGS) $(CFLAGS_EXTRA) $(CFLAGS_TEST_EXTRA) -DVERIFY --coverage -O0 -g src/tests.c $(OBJS) $(LDFLAGS_EXTRA) $(LDFLAGS_TEST_EXTRA) -o tests_cov
 	rm -rf lcov
 	mkdir -p lcov
 	cd lcov; lcov --directory ../ --zerocounters
diff --git a/configure b/configure
index 0bfd8e6..19ff4c1 100755
--- a/configure
+++ b/configure
@@ -49,6 +49,26 @@ if [ "$?" = 0 ]; then
     HAVE_OPENSSL=1
 fi
 
+# test openssl/EC
+HAVE_OPENSSL_EC=0
+if [ "$HAVE_OPENSSL" = "1" ]; then
+$CC $CFLAGS -std=c99 -x c - -o /dev/null -lcrypto <<EOF
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/obj_mac.h>
+int main() {
+    EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1);
+    ECDSA_sign(0, NULL, 0, NULL, NULL, eckey);
+    ECDSA_verify(0, NULL, 0, NULL, 0, eckey);
+    EC_KEY_free(eckey);
+    return 0;
+}
+EOF
+if [ "$?" = 0 ]; then
+    HAVE_OPENSSL_EC=1
+fi
+fi
+
 # test gmp
 HAVE_GMP=0
 $CC $CFLAGS -std=c99 -x c - -o /dev/null -lgmp 2>/dev/null <<EOF
@@ -127,10 +147,21 @@ if [ "$LINK_GMP" = "1" ]; then
 fi
 if [ "$LINK_OPENSSL" = "1" ]; then
     LDFLAGS_EXTRA="-lcrypto"
+else
+    if [ "$HAVE_OPENSSL_EC" = "1" ]; then
+        LDFLAGS_TEST_EXTRA="-lcrypto"
+    fi
+fi
+
+CFLAGS_TEST_EXTRA=""
+if [ "$HAVE_OPENSSL_EC" = "1" ]; then
+    CFLAGS_TEST_EXTRA="-DENABLE_OPENSSL_TESTS"
 fi
 
 echo "CC=$CC" > config.mk
 echo "YASM=$YASM" >>config.mk
 echo "CFLAGS_EXTRA=$CFLAGS_EXTRA" >> config.mk
+echo "CFLAGS_TEST_EXTRA=$CFLAGS_TEST_EXTRA" >> config.mk
 echo "LDFLAGS_EXTRA=$LDFLAGS_EXTRA" >> config.mk
+echo "LDFLAGS_TEST_EXTRA=$LDFLAGS_TEST_EXTRA" >> config.mk
 echo "USE_ASM=$USE_ASM" >>config.mk
diff --git a/src/tests.c b/src/tests.c
index 0de1be5..8ce338b 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -7,6 +7,13 @@
 #include "impl/ecdsa.h"
 #include "impl/util.h"
 
+#ifdef ENABLE_OPENSSL_TESTS
+#include "openssl/bn.h"
+#include "openssl/ec.h"
+#include "openssl/ecdsa.h"
+#include "openssl/obj_mac.h"
+#endif
+
 static int count = 100;
 
 /***** NUM TESTS *****/
@@ -330,28 +337,33 @@ void run_wnaf() {
     secp256k1_num_free(&n);
 }
 
+void random_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_num_t *key, const secp256k1_num_t *msg, int *recid) {
+    secp256k1_num_t nonce;
+    secp256k1_num_init(&nonce);
+    do {
+        random_num_order_test(&nonce);
+    } while(!secp256k1_ecdsa_sig_sign(sig, key, msg, &nonce, recid));
+    secp256k1_num_free(&nonce);
+}
+
 void test_ecdsa_sign_verify() {
     const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
-    secp256k1_num_t msg, key, nonce;
+    secp256k1_num_t msg, key;
     secp256k1_num_init(&msg);
     random_num_order_test(&msg);
     secp256k1_num_init(&key);
     random_num_order_test(&key);
-    secp256k1_num_init(&nonce);
     secp256k1_gej_t pubj; secp256k1_ecmult_gen(&pubj, &key);
     secp256k1_ge_t pub; secp256k1_ge_set_gej(&pub, &pubj);
     secp256k1_ecdsa_sig_t sig;
     secp256k1_ecdsa_sig_init(&sig);
-    do {
-        random_num_order_test(&nonce);
-    } while(!secp256k1_ecdsa_sig_sign(&sig, &key, &msg, &nonce, NULL));
+    random_sign(&sig, &key, &msg, NULL);
     assert(secp256k1_ecdsa_sig_verify(&sig, &pub, &msg));
     secp256k1_num_inc(&msg);
     assert(!secp256k1_ecdsa_sig_verify(&sig, &pub, &msg));
     secp256k1_ecdsa_sig_free(&sig);
     secp256k1_num_free(&msg);
     secp256k1_num_free(&key);
-    secp256k1_num_free(&nonce);
 }
 
 void run_ecdsa_sign_verify() {
@@ -360,10 +372,75 @@ void run_ecdsa_sign_verify() {
     }
 }
 
+#ifdef ENABLE_OPENSSL_TESTS
+EC_KEY *get_openssl_key(const secp256k1_num_t *key) {
+    EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_secp256k1);
+    BN_CTX *ctx = BN_CTX_new();
+    BN_CTX_start(ctx);
+    BIGNUM *priv_key = BN_CTX_get(ctx);
+    unsigned char keyb[32];
+    secp256k1_num_get_bin(keyb, 32, key);
+    BN_bin2bn(keyb, 32, priv_key);
+    const EC_GROUP *group = EC_KEY_get0_group(ec_key);
+    EC_POINT *pub_key = EC_POINT_new(group);
+    EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx);
+    EC_KEY_set_private_key(ec_key, priv_key);
+    EC_KEY_set_public_key(ec_key, pub_key);
+    EC_POINT_free(pub_key);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ec_key;
+}
+
+void test_ecdsa_openssl() {
+    const secp256k1_ge_consts_t *c = secp256k1_ge_consts;
+    secp256k1_num_t key, msg;
+    secp256k1_num_init(&msg);
+    unsigned char message[32];
+    secp256k1_rand256_test(message);
+    secp256k1_num_set_bin(&msg, message, 32);
+    secp256k1_num_init(&key);
+    random_num_order_test(&key);
+    secp256k1_gej_t qj;
+    secp256k1_ecmult_gen(&qj, &key);
+    secp256k1_ge_t q;
+    secp256k1_ge_set_gej(&q, &qj);
+    EC_KEY *ec_key = get_openssl_key(&key);
+    assert(ec_key);
+    unsigned char signature[80];
+    int sigsize = 80;
+    assert(ECDSA_sign(0, message, sizeof(message), signature, &sigsize, ec_key));
+    secp256k1_ecdsa_sig_t sig;
+    secp256k1_ecdsa_sig_init(&sig);
+    assert(secp256k1_ecdsa_sig_parse(&sig, signature, sigsize));
+    assert(secp256k1_ecdsa_sig_verify(&sig, &q, &msg));
+    secp256k1_num_inc(&sig.r);
+    assert(!secp256k1_ecdsa_sig_verify(&sig, &q, &msg));
+
+    random_sign(&sig, &key, &msg, NULL);
+    sigsize = 80;
+    assert(secp256k1_ecdsa_sig_serialize(signature, &sigsize, &sig));
+    assert(ECDSA_verify(0, message, sizeof(message), signature, sigsize, ec_key) == 1);
+
+    secp256k1_ecdsa_sig_free(&sig);
+    EC_KEY_free(ec_key);
+    secp256k1_num_free(&key);
+    secp256k1_num_free(&msg);
+}
+
+void run_ecdsa_openssl() {
+    for (int i=0; i<10*count; i++) {
+        test_ecdsa_openssl();
+    }
+}
+#endif
+
 int main(int argc, char **argv) {
     if (argc > 1)
         count = strtol(argv[1], NULL, 0)*47;
 
+    printf("test count = %i\n", count);
+
     // initialize
     secp256k1_fe_start();
     secp256k1_ge_start();
@@ -379,6 +456,9 @@ int main(int argc, char **argv) {
 
     // ecdsa tests
     run_ecdsa_sign_verify();
+#ifdef ENABLE_OPENSSL_TESTS
+    run_ecdsa_openssl();
+#endif
 
     // shutdown
     secp256k1_ecmult_stop();