Skip to content

Exhaustive recovery #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Dec 28, 2016
Merged

Exhaustive recovery #428

merged 7 commits into from
Dec 28, 2016

Conversation

@apoelstra
Copy link
Contributor

@apoelstra apoelstra commented Nov 28, 2016

Builds on #426. Bumps branch coverage for modules/recovery/main_impl.h to 100%.

@apoelstra
ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_…
25e3cfb 
…sign

Whenever ecdsa_sig_sign is called, in the case that r == 0 or r overflows,
we want to retry with a different nonce rather than fail signing entirely.
Because of this, we always check the nonce conditions before calling
sig_sign, so these checks should always pass (and in particular, they
are inaccessible through the API and appear as uncovered code in test
coverage).
@apoelstra
ecdh: test NULL-checking of arguments
6f8ae2f 
Boosts the ECDH module to 100% coverage
@apoelstra
recovery: add tests to cover API misusage
b595163
@apoelstra
configure: add --enable-coverage to set options for coverage analysis
a724d72
@apoelstra
group_impl.h: remove unused secp256k1_ge_set_infinity function
03ff8c2 
Also remove `secp256k1_fe_verify` from field_*_.impl.h when VERIFY is not defined
@apoelstra
exhaustive tests: remove erroneous comment from ecdsa_sig_sign
678b0e5 
Mathematically, we always overflow when using the exhaustive tests (because our
scalar order is 13 and our field order is on the order of 2^256), but the
`overflow` variable returned when parsing a b32 as a scalar is always set
to 0, to prevent infinite (or practically infinite) loops searching for
non-overflowing scalars.
gmaxwell
gmaxwell reviewed Dec 16, 2016
View reviewed changes
src/tests_exhaustive.c
* overlap between the sets, so there are no valid signatures). */

/* Verify by converting to a standard signature and calling verify */
secp256k1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid);
Copy link
Contributor

@gmaxwell gmaxwell Dec 16, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

recid is used without initialization here.

@apoelstra
Copy link
Contributor Author

apoelstra commented Dec 16, 2016

Fixed uninitialized recid and also destroyed ctx so that valgrind would run clean on exhaustive tests.

@gmaxwell
Copy link
Contributor

gmaxwell commented Dec 16, 2016

ACK.

@sipa sipa merged commit 2cee5fd into bitcoin-core:master Dec 28, 2016
sipa added a commit that referenced this pull request Dec 28, 2016
@sipa
Merge #428: Exhaustive recovery
9d560f9 
2cee5fd exhaustive tests: add recovery module (Andrew Poelstra)
678b0e5 exhaustive tests: remove erroneous comment from ecdsa_sig_sign (Andrew Poelstra)
03ff8c2 group_impl.h: remove unused `secp256k1_ge_set_infinity` function (Andrew Poelstra)
a724d72 configure: add --enable-coverage to set options for coverage analysis (Andrew Poelstra)
b595163 recovery: add tests to cover API misusage (Andrew Poelstra)
6f8ae2f ecdh: test NULL-checking of arguments (Andrew Poelstra)
25e3cfb ecdsa_impl: replace scalar if-checks with VERIFY_CHECKs in ecdsa_sig_sign (Andrew Poelstra)
@sipa
Copy link
Contributor

sipa commented Dec 28, 2016

ACK

@apoelstra apoelstra deleted the exhaustive-recovery branch June 19, 2017 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gmaxwell gmaxwell gmaxwell left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@apoelstra @gmaxwell @sipa