From 329e3388e1908ee98dbfac40f22445ff50e26907 Mon Sep 17 00:00:00 2001 From: Sebastian Falbesoner Date: Thu, 21 Dec 2023 18:16:21 +0100 Subject: [PATCH] test: add simple BIP-352 test with mixed plain/taproot inputs --- src/modules/silentpayments/tests_impl.h | 106 ++++++++++++++++++++++++ src/tests.c | 8 ++ 2 files changed, 114 insertions(+) create mode 100644 src/modules/silentpayments/tests_impl.h diff --git a/src/modules/silentpayments/tests_impl.h b/src/modules/silentpayments/tests_impl.h new file mode 100644 index 0000000000..0ec1968ac4 --- /dev/null +++ b/src/modules/silentpayments/tests_impl.h @@ -0,0 +1,106 @@ +/*********************************************************************** + * Distributed under the MIT software license, see the accompanying * + * file COPYING or https://www.opensource.org/licenses/mit-license.php.* + ***********************************************************************/ + +#ifndef SECP256K1_MODULE_SILENTPAYMENTS_TESTS_H +#define SECP256K1_MODULE_SILENTPAYMENTS_TESTS_H + +#include "../../../include/secp256k1_silentpayments.h" + +void run_silentpayments_tests(void) { + /* BIP-352 test vector + * "Single recipient: taproot input with odd y-value and non-taproot input" */ + unsigned char outpoint_lowest[36] = { + 0x16,0x9e,0x1e,0x83,0xe9,0x30,0x85,0x33,0x91,0xbc,0x6f,0x35,0xf6,0x05,0xc6,0x75, + 0x4c,0xfe,0xad,0x57,0xcf,0x83,0x87,0x63,0x9d,0x3b,0x40,0x96,0xc5,0x4f,0x18,0xf4, + 0x00,0x00,0x00,0x00 + }; + unsigned char input_privkeys_plain[32] = { + 0x8d,0x47,0x51,0xf6,0xe8,0xa3,0x58,0x68,0x80,0xfb,0x66,0xc1,0x9a,0xe2,0x77,0x96, + 0x9b,0xd5,0xaa,0x06,0xf6,0x1c,0x4e,0xe2,0xf1,0xe2,0x48,0x6e,0xfd,0xf6,0x66,0xd3 + }; + unsigned char input_privkeys_taproot[32] = { + 0x1d,0x37,0x78,0x7c,0x2b,0x71,0x16,0xee,0x98,0x3e,0x9f,0x9c,0x13,0x26,0x9d,0xf2, + 0x90,0x91,0xb3,0x91,0xc0,0x4d,0xb9,0x42,0x39,0xe0,0xd2,0xbc,0x21,0x82,0xc3,0xbf + }; + unsigned char input_pubkeys_plain[33] = {0x03, + 0xe0,0xec,0x4f,0x64,0xb3,0xfa,0x2e,0x46,0x3c,0xcf,0xcf,0x4e,0x85,0x6e,0x37,0xd5, + 0xe1,0xe2,0x02,0x75,0xbc,0x89,0xec,0x1d,0xef,0x9e,0xb0,0x98,0xef,0xf1,0xf8,0x5d + }; + unsigned char input_pubkeys_xonly[32] = { + 0x8c,0x8d,0x23,0xd4,0x76,0x4f,0xef,0xfc,0xd5,0xe7,0x2e,0x38,0x08,0x02,0x54,0x0f, + 0xa0,0xf8,0x8e,0x3d,0x62,0xad,0x5e,0x0b,0x47,0x95,0x5f,0x74,0xd7,0xb2,0x83,0xc4 + }; + unsigned char receiver_scan_privkey[32] = { + 0x0f,0x69,0x4e,0x06,0x80,0x28,0xa7,0x17,0xf8,0xaf,0x6b,0x94,0x11,0xf9,0xa1,0x33, + 0xdd,0x35,0x65,0x25,0x87,0x14,0xcc,0x22,0x65,0x94,0xb3,0x4d,0xb9,0x0c,0x1f,0x2c + }; + unsigned char receiver_scan_pubkey[33] = {0x02, + 0x20,0xbc,0xfa,0xc5,0xb9,0x9e,0x04,0xad,0x1a,0x06,0xdd,0xfb,0x01,0x6e,0xe1,0x35, + 0x82,0x60,0x9d,0x60,0xb6,0x29,0x1e,0x98,0xd0,0x1a,0x9b,0xc9,0xa1,0x6c,0x96,0xd4 + }; + unsigned char receiver_spend_privkey[32] = { + 0x9d,0x6a,0xd8,0x55,0xce,0x34,0x17,0xef,0x84,0xe8,0x36,0x89,0x2e,0x5a,0x56,0x39, + 0x2b,0xfb,0xa0,0x5f,0xa5,0xd9,0x7c,0xce,0xa3,0x0e,0x26,0x6f,0x54,0x0e,0x08,0xb3 + }; + unsigned char receiver_spend_pubkey[33] = {0x02, + 0x5c,0xc9,0x85,0x6d,0x6f,0x83,0x75,0x35,0x0e,0x12,0x39,0x78,0xda,0xac,0x20,0x0c, + 0x26,0x0c,0xb5,0xb5,0xae,0x83,0x10,0x6c,0xab,0x90,0x48,0x4d,0xcd,0x8f,0xcf,0x36 + }; + unsigned char output_expected[32] = { + 0x35,0x93,0x58,0xf5,0x9e,0xe9,0xe9,0xee,0xc3,0xf0,0x0b,0xdf,0x48,0x82,0x57,0x0f, + 0xd5,0xc1,0x82,0xe4,0x51,0xaa,0x26,0x50,0xb7,0x88,0x54,0x4a,0xff,0x01,0x2a,0x3a + }; + unsigned char privkey_tweak_expected[32] = { + 0xa2,0xf9,0xdd,0x05,0xd1,0xd3,0x98,0x34,0x7c,0x88,0x5d,0x9c,0x61,0xa6,0x4d,0x18, + 0xa2,0x64,0xde,0x6d,0x49,0xce,0xa4,0x32,0x6b,0xaf,0xc2,0x79,0x1d,0x62,0x7f,0xa7 + }; + + unsigned char shared_secret_sender[33]; + unsigned char shared_secret_receiver[33]; + secp256k1_pubkey public_tweak_data; + unsigned char private_tweak_data[32]; + secp256k1_xonly_pubkey output_expected_xonly_obj; + secp256k1_xonly_pubkey output_calculated_xonly_obj; + unsigned char output_calculated[32]; + unsigned char privkey_calculated[32]; + unsigned char privkey_expected[32]; + + /* convert raw key material into secp256k1 objects where necessary */ + secp256k1_pubkey input_pubkey_plain_obj, receiver_scan_pubkey_obj, receiver_spend_pubkey_obj; + secp256k1_xonly_pubkey input_pubkey_xonly_obj; + CHECK(secp256k1_ec_pubkey_parse(CTX, &input_pubkey_plain_obj, input_pubkeys_plain, 33)); + CHECK(secp256k1_ec_pubkey_parse(CTX, &receiver_scan_pubkey_obj, receiver_scan_pubkey, 33)); + CHECK(secp256k1_ec_pubkey_parse(CTX, &receiver_spend_pubkey_obj, receiver_spend_pubkey, 33)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &input_pubkey_xonly_obj, input_pubkeys_xonly)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_expected_xonly_obj, output_expected)); + + /* create shared secret from sender and receiver perspective, and check that they match */ + CHECK(secp256k1_silentpayments_create_private_tweak_data(CTX, private_tweak_data, + input_privkeys_plain, 1, input_privkeys_taproot, 1, outpoint_lowest)); + CHECK(secp256k1_silentpayments_send_create_shared_secret(CTX, shared_secret_sender, + private_tweak_data, &receiver_scan_pubkey_obj)); + + CHECK(secp256k1_silentpayments_create_public_tweak_data(CTX, &public_tweak_data, + &input_pubkey_plain_obj, 1, &input_pubkey_xonly_obj, 1, outpoint_lowest)); + CHECK(secp256k1_silentpayments_receive_create_shared_secret(CTX, shared_secret_receiver, + &public_tweak_data, receiver_scan_privkey)); + + CHECK(secp256k1_memcmp_var(shared_secret_sender, shared_secret_receiver, 33) == 0); + + /* check that calculated silent payments output matches */ + CHECK(secp256k1_silentpayments_create_output_pubkey(CTX, &output_calculated_xonly_obj, + shared_secret_sender, &receiver_spend_pubkey_obj, 0, NULL)); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_calculated, &output_calculated_xonly_obj)); + CHECK(secp256k1_memcmp_var(output_calculated, output_expected, 32) == 0); + + /* check that calculated silent payment output spending private key matches */ + memcpy(privkey_expected, receiver_spend_privkey, 32); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, privkey_expected, privkey_tweak_expected)); + CHECK(secp256k1_silentpayments_create_output_seckey(CTX, privkey_calculated, + shared_secret_receiver, receiver_spend_privkey, 0, NULL)); + CHECK(secp256k1_memcmp_var(privkey_calculated, privkey_expected, 32) == 0); +} + +#endif diff --git a/src/tests.c b/src/tests.c index e653aeea58..bb74513857 100644 --- a/src/tests.c +++ b/src/tests.c @@ -7285,6 +7285,10 @@ static void run_ecdsa_wycheproof(void) { # include "modules/ellswift/tests_impl.h" #endif +#ifdef ENABLE_MODULE_SILENTPAYMENTS +# include "modules/silentpayments/tests_impl.h" +#endif + static void run_secp256k1_memczero_test(void) { unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; unsigned char buf2[sizeof(buf1)]; @@ -7633,6 +7637,10 @@ int main(int argc, char **argv) { run_ellswift_tests(); #endif +#ifdef ENABLE_MODULE_SILENTPAYMENTS + run_silentpayments_tests(); +#endif + /* util tests */ run_secp256k1_memczero_test(); run_secp256k1_byteorder_tests();