tests: Add Wycheproof ECDH vectors #1492
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * The file `ecdh_secp256k1_test.json` in this directory | ||
| comes from Google's project Wycheproof with git commit | ||
| `d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d`, see | ||
| https://github.com/google/wycheproof/blob/d9f6ec7d8bd8c96da05368999094e4a75ba5cb3d/testvectors_v1/ecdh_secp256k1_test.json |
There was a problem hiding this comment.
Wycheproof ownership was recently moved to C2SP (https://github.com/C2SP/wycheproof community maintenance), so this should be updated to the new URL.) See @FiloSottile's talk https://archive.org/details/oscw-2024-fillippo-valsorda-cryptographic-test-vectors for background.)
You could update the other URLs in a separate commit, and update the ECDSA vectors, see C2SP/wycheproof#91 (if you're willing to care of this in this PR).
There was a problem hiding this comment.
Sure thing, we will open a concurrent PR to update this. I think it will be cleaner.
There was a problem hiding this comment.
If you're still interested, then I think a proper version of the abandoned (?) #1638 could be included in this PR. It should be trivial.
|
|
||
| def should_skip(test_vector_flags): | ||
| # skip these vectors because they are for ASN.1 encoding issues and other curves | ||
| flags_to_skip = {"InvalidAsn", "InvalidCurveAttack", "InvalidEncoding", "WrongCurve", "UnnamedCurve"} |
There was a problem hiding this comment.
I'm not sure about all of these.
- "InvalidAsn': ✔️
- "InvalidCurveAttack". the json says "The point of the public key is not on the curve." -- shouldn't we have these? (How is this different from "InvalidPublic"? I assume the keys in case of "InvalidCurveAttack" are on some other curve.)
- What is "InvalidEncoding"?
- "WrongCurve": I really don't understand the JSON here. For example, test case 492 says: "public key has invalid point of order 2 on secp256r1. The point of the public key is a valid on secp256k1. ", but then says "invalid"?! Do you know what they have in mind?
- "UnnamendCurve": Have you tried these? If we reject correctly, let's just include them? Again, I can't follow the JSON entirely. :/ For example, test case 511 has "public key of order 3" with "WeakPublicKey", "InvalidPublic", "UnnamedCurve". How can it be invalid and at the same time have an order? How can the order be 3 on our curve? (Shouldn't it have InvalidCurveAttack then? ...)
There was a problem hiding this comment.
- "InvalidCurveAttack". the json says "The point of the public key is not on the curve." -- shouldn't we have these? (How is this different from "InvalidPublic"? I assume the keys in case of "InvalidCurveAttack" are on some other curve.
You’re right – we should have these. We changed it so that we’re no longer skipping InvalidCurveAttack test vectors.
What is "InvalidEncoding"?
We are now including this test case.
- "WrongCurve": I really don't understand the JSON here. For example, test case 492 says: "public key has invalid point of order 2 on secp256r1. The point of the public key is a valid on secp256k1. ", but then says "invalid"?! Do you know what they have in mind?
All these 20 cases of WrongCurve have a public key whose ASN.1 representation carries an OID for a different curve (not secp256k1). None of the libsecp256k1 code parses this ASN.1 structure so we are not including these in the test cases.
In that specific case (tcId 492) they encode public key bytes that in secp256r1 coincide with a point of order 2 but in secp256k1 is a valid point (is in the (prime) group). We are just skipping this since this confusion is at an abstraction level higher than libsecp256k1. Again, none of the libsecp256k1 code parses this ASN.1 where the confusion (may) happen.
"UnnamendCurve": Have you tried these? If we reject correctly, let's just include them?
These are now included.
test case 511 has "public key of order 3" with "WeakPublicKey", "InvalidPublic", "UnnamedCurve". How can it be invalid and at the same time have an order?
I guess their definition of invalid here is “does not lie in the proper subgroup”. This is consistent with the SEC (see §3.2.2.1 step 4 of https://www.secg.org/sec1-v2.pdf - ensures that the order or the point is large).
We are now skipping tcID 496, 497, 502, 503, 504, 505, 507. All these public keys have a custom ASN.1 encoding that explicitly encodes some curve parameters (including the order). Again, libsecp256k1 never parses these so we don’t care about these. In the tests we skip them.
For example, tcId 496 has the following public key:
openssl asn1parse -in 496.bin -i -inform DR -dump
0:d=0 hl=4 l= 307 cons: SEQUENCE
4:d=1 hl=3 l= 236 cons: SEQUENCE
7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
16:d=2 hl=3 l= 224 cons: SEQUENCE
19:d=3 hl=2 l= 1 prim: INTEGER :01
22:d=3 hl=2 l= 44 cons: SEQUENCE
24:d=4 hl=2 l= 7 prim: OBJECT :prime-field
33:d=4 hl=2 l= 33 prim: INTEGER :FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
68:d=3 hl=2 l= 68 cons: SEQUENCE
70:d=4 hl=2 l= 32 prim: OCTET STRING
0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
104:d=4 hl=2 l= 32 prim: OCTET STRING
0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 07 ................
138:d=3 hl=2 l= 65 prim: OCTET STRING
0000 - 04 79 be 66 7e f9 dc bb-ac 55 a0 62 95 ce 87 0b .y.f~....U.b....
0010 - 07 02 9b fc db 2d ce 28-d9 59 f2 81 5b 16 f8 17 .....-.(.Y..[...
0020 - 98 48 3a da 77 26 a3 c4-65 5d a4 fb fc 0e 11 08 .H:.w&..e]......
0030 - a8 fd 17 b4 48 a6 85 54-19 9c 47 d0 8f fb 10 d4 ....H..T..G.....
0040 - b8 .
205:d=3 hl=2 l= 33 prim: INTEGER :-FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
240:d=3 hl=2 l= 1 prim: INTEGER :01
243:d=1 hl=2 l= 66 prim: BIT STRING
0000 - 00 04 49 c2 48 ed c6 59-e1 84 82 b7 10 57 48 a4 ..I.H..Y.....WH.
0010 - b9 5d 3a 46 95 2a 5b a7-2d a0 d7 02 dc 97 a6 4e .]:F.*[.-......N
0020 - 99 79 9d 8c ff 7a 5c 4b-92 5e 43 60 ec e2 5c cf .y...z\K.^C`..\.
0030 - 30 7d 7a 9a 70 63 28 6b-bd 16 ef 64 c6 5f 54 67 0}z.pc(k...d._Tg
0040 - 57 e2
For reference this is the ASN.1 encoding:
xxd 496.bin
00000000: 3082 0133 3081 ec06 072a 8648 ce3d 0201 0..30....*.H.=..
00000010: 3081 e002 0101 302c 0607 2a86 48ce 3d01 0.....0,..*.H.=.
00000020: 0102 2100 ffff ffff ffff ffff ffff ffff ..!.............
00000030: ffff ffff ffff ffff ffff ffff ffff fffe ................
00000040: ffff fc2f 3044 0420 0000 0000 0000 0000 .../0D. ........
00000050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000060: 0000 0000 0000 0000 0420 0000 0000 0000 ......... ......
00000070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000080: 0000 0000 0000 0000 0007 0441 0479 be66 ...........A.y.f
00000090: 7ef9 dcbb ac55 a062 95ce 870b 0702 9bfc ~....U.b........
000000a0: db2d ce28 d959 f281 5b16 f817 9848 3ada .-.(.Y..[....H:.
000000b0: 7726 a3c4 655d a4fb fc0e 1108 a8fd 17b4 w&..e]..........
000000c0: 48a6 8554 199c 47d0 8ffb 10d4 b802 21ff H..T..G.......!.
000000d0: 0000 0000 0000 0000 0000 0000 0000 0001 ................
000000e0: 4551 2319 50b7 5fc4 402d a173 2fc9 bebf EQ#.P._.@-.s/...
000000f0: 0201 0103 4200 0449 c248 edc6 59e1 8482 ....B..I.H..Y...
00000100: b710 5748 a4b9 5d3a 4695 2a5b a72d a0d7 ..WH..]:F.*[.-..
00000110: 02dc 97a6 4e99 799d 8cff 7a5c 4b92 5e43 ....N.y...z\K.^C
00000120: 60ec e25c cf30 7d7a 9a70 6328 6bbd 16ef `..\.0}z.pc(k...
00000130: 64c6 5f54 6757 e2 d._TgW.
Here the order of the curve is encoded as explicit parameter (which is the “wrong” order): -115792089237316195423570985008687907852837564279074904382605163141518161494337 or -FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141.
All other skipped cases are analogous.
There was a problem hiding this comment.
Nice, thanks a lot for going through all of this!
|
Thanks @real-or-random for the review. We're going to have a look and come back here soon to take care of this PR :-) |
4ccf267 to
3cba981
Compare
|
@real-or-random it took a bit longer than expected but here we are. We addressed the main points of the review in 3cba981, PTAL whenever you've a chance. Thanks! |
|
friendly ping to review this whenever you've a chance @real-or-random. Thanks! |
|
@real-or-random this is ready for review, wondering if we could have some eyes. Thank you so much in advance! |
|
|
||
| def should_skip(test_vector_flags): | ||
| # skip these vectors because they are for ASN.1 encoding issues and other curves | ||
| flags_to_skip = {"InvalidAsn", "InvalidCurveAttack", "InvalidEncoding", "WrongCurve", "UnnamedCurve"} |
There was a problem hiding this comment.
Nice, thanks a lot for going through all of this!
|
@real-or-random thanks for the review! We've addressed all changes (all minor). Can you please take a quick look whenever you've a chance? Thanks |
Great!
I don't have the time this week, but next week should work. :) |
real-or-random
approved these changes
Apr 22, 2025
There was a problem hiding this comment.
ACK fe5f1e3 I've also tested that changing a vector in the json files makes the test fail
@RandomLattice Could you squash this?
fe5f1e3 to
fba627b
Compare
|
@real-or-random : Thanks for the review. Squashed into a single commit. |
|
@sipa : would you please take a look at this? Thanks in advance. |
sipa
reviewed
May 1, 2025
src/modules/ecdh/tests_impl.h
Outdated
| expected_shared_secret = &wycheproof_ecdh_shared_secrets[testvectors[t].shared_offset]; | ||
|
|
||
| CHECK(actual == expected_result); | ||
| if (expected_result == 0) { |
There was a problem hiding this comment.
This branch can never trigger, I think? Because if expected_result == 0, then due to CHECK(parsed_ok == expected_result); above, parsed_ok == 0, and continue would have been hit?
There was a problem hiding this comment.
Correct, thanks for spotting that. Going to remove this if block.
jonasnick
reviewed
May 8, 2025
There was a problem hiding this comment.
Concept ACK
Hey @RandomLattice, thanks for your contribution. This looks very good. Can you squash the last commit? And since you're touching the commit again can you simplify the following code in test_ecdh_wycheproof
actual = secp256k1_ecdh(CTX, output_ecdh, &point, sk, ecdh_hash_function_test_xpassthru, NULL);
expected_shared_secret = &wycheproof_ecdh_shared_secrets[testvectors[t].shared_offset];
CHECK(actual == expected_result);to
CHECK(secp256k1_ecdh(CTX, output_ecdh, &point, sk, ecdh_hash_function_test_xpassthru, NULL) == 1);
expected_shared_secret = &wycheproof_ecdh_shared_secrets[testvectors[t].shared_offset];and remove the declaration of actual? Thanks.
Adds a test for the ECDH module using the Wycheproof vectors. We use a python script to convert the JSON-formatted vectors into C code, in the same spirit as bitcoin-core#1245 Co-authored-by: Sean Andersen <6730974+andozw@users.noreply.github.com>
c25b85c to
e266ba1
Compare
|
@jonasnick: Thanks for the review. I simplified the code that way and squashed everything into a single commit. |
jonasnick
approved these changes
May 12, 2025
hebasto
added a commit
to hebasto/bitcoin
that referenced
this pull request
May 13, 2025
4187a46649 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11ae tests: Add Wycheproof ECDH vectors 13906b7154 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb03276 gitignore: Add Python cache files 70f149b9a1 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51fb6 bench: add ellswift to bench help output d84bb83e26 Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c1b Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d3f configure: Show exhaustive tests in summary e56716a3bc Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc58f ci: Fix exiting from ci.sh on error 1b6e081538 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b034 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa918 tests: remove unused uncounting_illegal_callback_fn a7a5117144 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65dc Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763a5 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d92 ci: Run `tools/symbol-check.py` 41d32ab2de test: Add `tools/symbol-check.py` 88548058b3 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c615 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc24 gha: Print all *.log files, in a separate action 4ba1ba2af9 Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054a1 Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a83 musig: Fix clearing of pubnonces 3186082387 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39dafb Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60bec Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac57705 Make static context const 1b1fc09341 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480fbb Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d389629a CONTRIBUTING: mention that `EXIT_` codes should be used c855581728 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fcea examples: use `EXIT_...` constants for `main` return values 2e3bf13653 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf84 README: add instructions for verifying GPG signatures 00774d0723 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb85 schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73dd9 ci: Add new "Windows (clang-cl)" job 84c0bd1f72 cmake: Adjust diagnostic flags for clang-cl f79f46c703 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558c4 doc: Improve cmake instructions in README 1823594761 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 8deef00b33 Merge bitcoin-core/secp256k1#1634: Fix some misspellings 39705450eb Fix some misspellings ec329c2501 Merge bitcoin-core/secp256k1#1633: release cleanup: bump version after 0.6.0 c97059f594 release cleanup: bump version after 0.6.0 64228a648f musig: Use _ge_set_all_gej for own public nonces 300aab1c05 tests: Improve _ge_set_all_gej(_var) tests 365f274ce3 group: Simplify secp256k1_ge_set_all_gej d3082ddead group: Add constant-time secp256k1_ge_set_all_gej git-subtree-dir: src/secp256k1 git-subtree-split: 4187a4664914dc6f6fb6a619c6b85c854fc33033
RandomLattice
added a commit
to RandomLattice/secp256k1
that referenced
this pull request
May 13, 2025
…2SP/wycheproof). This PR updates all references to the new URL and bumps to the latest version of the vector files. This commit does not change the content of processed .h testvector files. To test: ``` make clean-testvectors testvectors ``` See: bitcoin-core#1492 (comment) Co-authored-by: Sean Andersen <6730974+andozw@users.noreply.github.com>
RandomLattice
added a commit
to RandomLattice/secp256k1
that referenced
this pull request
May 13, 2025
Wycheproof ownership was recently moved to C2SP (https://github.com/C2SP/wycheproof). This PR updates all references to the new URL and bumps to the latest version of the vector files. This commit does not change the content of processed .h testvector files. To test: ``` make clean-testvectors testvectors ``` See: bitcoin-core#1492 (comment) Co-authored-by: Sean Andersen <6730974+andozw@users.noreply.github.com>
fanquake
added a commit
to bitcoin/bitcoin
that referenced
this pull request
May 13, 2025
c31fcaa Squashed 'src/secp256k1/' changes from 0cdc758a56..4187a46649 (Hennadii Stepanov) Pull request description: This PR updates the `secp256k1` subtree to bitcoin-core/secp256k1@4ba1ba2, which includes the following changes: - bitcoin-core/secp256k1#1633 - bitcoin-core/secp256k1#1634 - bitcoin-core/secp256k1#1641 - bitcoin-core/secp256k1#1650 - bitcoin-core/secp256k1#1646 - bitcoin-core/secp256k1#1654 - bitcoin-core/secp256k1#1642 - bitcoin-core/secp256k1#1639 - bitcoin-core/secp256k1#1614 - bitcoin-core/secp256k1#1656 - bitcoin-core/secp256k1#1647 - bitcoin-core/secp256k1#1655 - bitcoin-core/secp256k1#1593 - bitcoin-core/secp256k1#1359 - bitcoin-core/secp256k1#1657 - bitcoin-core/secp256k1#1660 - bitcoin-core/secp256k1#1659 - bitcoin-core/secp256k1#1661 - bitcoin-core/secp256k1#1662 - bitcoin-core/secp256k1#1669 - bitcoin-core/secp256k1#1492 bitcoin-core/secp256k1#1647 is required for #31507. ACKs for top commit: fanquake: ACK 915c1fa Tree-SHA512: 2c409ef2cd14fb14c2ea108f65411b673da786e886aabf75015be25220d5a3983ad8d9e76db1cb95453357a07fbaf05497ef4e5bb83d92b96caf62c1cddaa616
Closed
josibake
added a commit
to josibake/bitcoin
that referenced
this pull request
May 14, 2025
c0db6509bd docs: update README
8339232b7e ci: enable silentpayments module
635745fc3a tests: add constant time tests
b1de2ee2f7 tests: add BIP-352 test vectors
aea372837f silentpayments: add benchmarks for scanning
1ec7857aed silentpayments: add examples/silentpayments.c
c9bec084eb silentpayments: receiving
28fd17d7c4 silentpayments: recipient label support
065e8b7793 silentpayments: sending
a6d8b11754 build: add skeleton for new silentpayments (BIP352) module
6274359346 bench: add ellswift to bench help output
0258186573 configure: Show exhaustive tests in summary
53b578d10b include: remove WARN_UNUSED_RESULT for functions always returning 1
f75c985604 ci: Fix exiting from ci.sh on error
947761b842 tests: remove unused uncounting_illegal_callback_fn
5d01f375c6 build: Drop no longer needed `-fvisibility=hidden` compiler option
dbf1e95d2a ci: Run `tools/symbol-check.py`
8174c88f47 test: Add `tools/symbol-check.py`
8a287f9a32 Introduce `SECP256K1_LOCAL_VAR` macro
7106544a16 Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases
1e2da62eff gha: Print all *.log files, in a separate action
REVERT: 4187a46649 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors
REVERT: e266ba11ae tests: Add Wycheproof ECDH vectors
REVERT: 13906b7154 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files
REVERT: c1bcb03276 gitignore: Add Python cache files
REVERT: 70f149b9a1 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output
REVERT: 6b3fe51fb6 bench: add ellswift to bench help output
REVERT: d84bb83e26 Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary
REVERT: 3f54ed8c1b Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1
REVERT: 20b05c9d3f configure: Show exhaustive tests in summary
REVERT: e56716a3bc Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error
REVERT: d87c3bc58f ci: Fix exiting from ci.sh on error
REVERT: 1b6e081538 include: remove WARN_UNUSED_RESULT for functions always returning 1
REVERT: 2abb35b034 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn
REVERT: 51907fa918 tests: remove unused uncounting_illegal_callback_fn
REVERT: a7a5117144 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it
REVERT: 13ed6f65dc Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API
REVERT: d1478763a5 build: Drop no longer needed `-fvisibility=hidden` compiler option
REVERT: 8ed1d83d92 ci: Run `tools/symbol-check.py`
REVERT: 41d32ab2de test: Add `tools/symbol-check.py`
REVERT: 88548058b3 Introduce `SECP256K1_LOCAL_VAR` macro
REVERT: 03bbe8c615 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action
REVERT: 59860bcc24 gha: Print all *.log files, in a separate action
REVERT: 37d2c60bec Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases
git-subtree-dir: src/secp256k1
git-subtree-split: c0db6509bd2cb0777ce0d335e2582f74364fb8ec
vmta
added a commit
to umkoin/umkoin
that referenced
this pull request
May 22, 2025
9fab42525 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377f bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d3 Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed9947 tests: update wycheproof files 4187a4664 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11a tests: Add Wycheproof ECDH vectors 13906b715 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb0327 gitignore: Add Python cache files 70f149b9a Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51fb bench: add ellswift to bench help output d84bb83e2 Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c1 Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d3 configure: Show exhaustive tests in summary e56716a3b Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc58 ci: Fix exiting from ci.sh on error 1b6e08153 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b03 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa91 tests: remove unused uncounting_illegal_callback_fn a7a511714 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65d Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763a build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d9 ci: Run `tools/symbol-check.py` 41d32ab2d test: Add `tools/symbol-check.py` 88548058b Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c61 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc2 gha: Print all *.log files, in a separate action 4ba1ba2af Merge bitcoin-core/secp256k1#1647: cmake: Adjust diagnostic flags for `clang-cl` abd25054a Merge bitcoin-core/secp256k1#1656: musig: Fix clearing of pubnonces 961ec25a8 musig: Fix clearing of pubnonces 318608238 Merge bitcoin-core/secp256k1#1614: Add _ge_set_all_gej and use it in musig for own public nonces 6c2a39daf Merge bitcoin-core/secp256k1#1639: Make static context const 37d2c60be Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases 432ac5770 Make static context const 1b1fc0934 Merge bitcoin-core/secp256k1#1642: Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` c0d9480fb Merge bitcoin-core/secp256k1#1654: use `EXIT_` constants over magic numbers for indicating program execution status 13d389629 CONTRIBUTING: mention that `EXIT_` codes should be used c85558172 test, bench, precompute_ecmult: use `EXIT_...` constants for `main` return values 965393fce examples: use `EXIT_...` constants for `main` return values 2e3bf1365 Merge bitcoin-core/secp256k1#1646: README: add instructions for verifying GPG signatures b682dbcf8 README: add instructions for verifying GPG signatures 00774d072 Merge bitcoin-core/secp256k1#1650: schnorrsig: clear out masked secret key in BIP-340 nonce function a82287fb8 schnorrsig: clear out masked secret key in BIP-340 nonce function 4c50d73dd ci: Add new "Windows (clang-cl)" job 84c0bd1f7 cmake: Adjust diagnostic flags for clang-cl f79f46c70 Merge bitcoin-core/secp256k1#1641: doc: Improve cmake instructions in README 2ac9f558c doc: Improve cmake instructions in README 182359476 Verify `compressed` argument in `secp256k1_eckey_pubkey_serialize` 64228a648 musig: Use _ge_set_all_gej for own public nonces 300aab1c0 tests: Improve _ge_set_all_gej(_var) tests 365f274ce group: Simplify secp256k1_ge_set_all_gej d3082ddea group: Add constant-time secp256k1_ge_set_all_gej git-subtree-dir: src/secp256k1 git-subtree-split: 9fab4252567661574cc9f6f97a057884f8129ff2
josibake
added a commit
to josibake/bitcoin
that referenced
this pull request
Jul 10, 2025
6264c3d093 docs: update README f825d34260 ci: enable silentpayments module b821a467e2 tests: add constant time tests b5b73bcd99 tests: add BIP-352 test vectors eabeedb752 silentpayments: add benchmarks for scanning 1de8b7e854 silentpayments: add examples/silentpayments.c ed3a44b10a silentpayments: receiving 3c9362dd6a silentpayments: recipient label support 70e20b7145 silentpayments: sending cf44324b5e build: add skeleton for new silentpayments (BIP352) module ad60ef7ea7 Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs c498779096 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts 0dfe387dbe cmake: support the use of launchers in ctest -S scripts 89096c234d Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install 7106dce6fd cmake: configure libsecp256k1.pc during install 29e73f4ba5 Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD 746e36b141 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs a28c2ffa5c Merge bitcoin-core/secp256k1#1683: README: add link to musig example 2a9d374735 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16 add146e101 ci: Bump GCC snapshot major version to 16 004f57fcd8 ci: Move Valgrind build for `arm64` from Cirrus to GHA 5fafdfc30f ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA e814b79a8b ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image bcf77346b9 ci: Add `arm64` architecture to `docker_cache` job b77aae9226 ci: Rename Docker image tag to reflect architecture 145ae3e28d cmake: add a helper for linking into static libs 819210974b README: add link to musig example, generalize module enabling hint 95db29b144 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic 37dd422b5c cmake: Emulate Libtool's behavior on FreeBSD f24b838bed Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure 3f31ac43e0 doc: Promote "Building with CMake" to standard procedure 6f67151ee2 cmake: Use `PUBLIC_HEADER` target property c32715b2a0 cmake, move-only: Move module option processing to `src/CMakeLists.txt` 201b2b8f06 Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22 3af71987a8 cmake: Bump minimum required CMake version to 3.22 92394476e9 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join 3a4f448cb4 Assert field magnitude at control-flow join 9fab425256 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly 05445377f4 bench_ecmult: add benchmark for ecmult_const_xonly bb597b3d39 Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files d73ed99479 tests: update wycheproof files 4187a46649 Merge bitcoin-core/secp256k1#1492: tests: Add Wycheproof ECDH vectors e266ba11ae tests: Add Wycheproof ECDH vectors 13906b7154 Merge bitcoin-core/secp256k1#1669: gitignore: Add Python cache files c1bcb03276 gitignore: Add Python cache files 70f149b9a1 Merge bitcoin-core/secp256k1#1662: bench: add ellswift to bench help output 6b3fe51fb6 bench: add ellswift to bench help output d84bb83e26 Merge bitcoin-core/secp256k1#1661: configure: Show exhaustive tests in summary 3f54ed8c1b Merge bitcoin-core/secp256k1#1659: include: remove WARN_UNUSED_RESULT for functions always returning 1 20b05c9d3f configure: Show exhaustive tests in summary e56716a3bc Merge bitcoin-core/secp256k1#1660: ci: Fix exiting from ci.sh on error d87c3bc58f ci: Fix exiting from ci.sh on error 1b6e081538 include: remove WARN_UNUSED_RESULT for functions always returning 1 2abb35b034 Merge bitcoin-core/secp256k1#1657: tests: remove unused uncounting_illegal_callback_fn 51907fa918 tests: remove unused uncounting_illegal_callback_fn a7a5117144 Merge bitcoin-core/secp256k1#1359: Fix symbol visibility issues, add test for it 13ed6f65dc Merge bitcoin-core/secp256k1#1593: Remove deprecated `_ec_privkey_{negate,tweak_add,tweak_mul}` aliases from API d1478763a5 build: Drop no longer needed `-fvisibility=hidden` compiler option 8ed1d83d92 ci: Run `tools/symbol-check.py` 41d32ab2de test: Add `tools/symbol-check.py` 88548058b3 Introduce `SECP256K1_LOCAL_VAR` macro 03bbe8c615 Merge bitcoin-core/secp256k1#1655: gha: Print all *.log files, in a separate action 59860bcc24 gha: Print all *.log files, in a separate action 37d2c60bec Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases REVERT: c0db6509bd docs: update README REVERT: 8339232b7e ci: enable silentpayments module REVERT: 635745fc3a tests: add constant time tests REVERT: b1de2ee2f7 tests: add BIP-352 test vectors REVERT: aea372837f silentpayments: add benchmarks for scanning REVERT: 1ec7857aed silentpayments: add examples/silentpayments.c REVERT: c9bec084eb silentpayments: receiving REVERT: 28fd17d7c4 silentpayments: recipient label support REVERT: 065e8b7793 silentpayments: sending REVERT: a6d8b11754 build: add skeleton for new silentpayments (BIP352) module REVERT: 6274359346 bench: add ellswift to bench help output REVERT: 0258186573 configure: Show exhaustive tests in summary REVERT: 53b578d10b include: remove WARN_UNUSED_RESULT for functions always returning 1 REVERT: f75c985604 ci: Fix exiting from ci.sh on error REVERT: 947761b842 tests: remove unused uncounting_illegal_callback_fn REVERT: 5d01f375c6 build: Drop no longer needed `-fvisibility=hidden` compiler option REVERT: dbf1e95d2a ci: Run `tools/symbol-check.py` REVERT: 8174c88f47 test: Add `tools/symbol-check.py` REVERT: 8a287f9a32 Introduce `SECP256K1_LOCAL_VAR` macro REVERT: 7106544a16 Remove deprecated _ec_privkey_{negate,tweak_add,tweak_mul} aliases REVERT: 1e2da62eff gha: Print all *.log files, in a separate action git-subtree-dir: src/secp256k1 git-subtree-split: 6264c3d0939f2ab11ba8c92f3cb521f9c89c8596
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a test for the ECDH module using the Wycheproof vectors as outlined in #1106.
This commit adds 479 ECDH test vectors. All test vectors pass. The vectors cover:
We use a python script to convert the JSON-formatted vectors into C code, in the same spirit as #1245