ecdh: Add test computing shared_secret=basepoint with random inputs

real-or-random · real-or-random · commit c881dd49bdb8 · 2022-02-11T16:39:04.000+01:00
diff --git a/src/modules/ecdh/tests_impl.h b/src/modules/ecdh/tests_impl.h
@@ -123,10 +123,43 @@ void test_bad_scalar(void) {
     CHECK(secp256k1_ecdh(ctx, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0);
 }
 
+/** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */
+void test_result_basepoint(void) {
+    secp256k1_pubkey point;
+    secp256k1_scalar rand;
+    unsigned char s[32];
+    unsigned char s_inv[32];
+    unsigned char out[32];
+    unsigned char out_inv[32];
+    unsigned char out_base[32];
+    int i;
+
+    unsigned char s_one[32] = { 0 };
+    s_one[31] = 1;
+    CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_one) == 1);
+    CHECK(secp256k1_ecdh(ctx, out_base, &point, s_one, NULL, NULL) == 1);
+
+    for (i = 0; i < 2 * count; i++) {
+        random_scalar_order(&rand);
+        secp256k1_scalar_get_b32(s, &rand);
+        secp256k1_scalar_inverse(&rand, &rand);
+        secp256k1_scalar_get_b32(s_inv, &rand);
+
+        CHECK(secp256k1_ec_pubkey_create(ctx, &point, s) == 1);
+        CHECK(secp256k1_ecdh(ctx, out, &point, s_inv, NULL, NULL) == 1);
+        CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0);
+
+        CHECK(secp256k1_ec_pubkey_create(ctx, &point, s_inv) == 1);
+        CHECK(secp256k1_ecdh(ctx, out_inv, &point, s, NULL, NULL) == 1);
+        CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0);
+    }
+}
+
 void run_ecdh_tests(void) {
     test_ecdh_api();
     test_ecdh_generator_basepoint();
     test_bad_scalar();
+    test_result_basepoint();
 }
 
 #endif /* SECP256K1_MODULE_ECDH_TESTS_H */
