Merge #1533: tests: refactor: tidy up util functions (#1491)

e73f6f8 tests: refactor: drop `secp256k1_` prefix from testrand.h functions (Sebastian Falbesoner)
0ee7453 tests: refactor: add `testutil_` prefix to testutil.h functions (Sebastian Falbesoner)
0c6bc76 tests: refactor: move `random_` helpers from tests.c to testutil.h (Sebastian Falbesoner)
0fef847 tests: refactor: rename `random_field_element_magnitude` -> `random_fe_magnitude` (Sebastian Falbesoner)
59db007 tests: refactor: rename `random_group_element_...` -> `random_ge_...` (Sebastian Falbesoner)

Pull request description:

  This PR is an attempt at tidying up test util functions, as suggested in #1491. The following changes are done:
  * rename `_group_element...` functions to `_ge...`
  * rename `_field_element...` functions to `_fe...`
  * move `random_` helpers from tests.c to testutil.h (the alternative would be testrand.h, but to my understanding, this one is meant to contain the actual RNG implementation rather than helpers using it; happy to move the helpers there if that is preferred though)
  * prefix testutil.h functions with `testutil_`
  * prefix testrand.h functions with `testrand_` (this is currently done in a sloppy way by simply dropping the `secp256k1_` prefix, so some functions don't have the full prefix, like e.g. `testrand256`; naming suggestions welcome)

ACKs for top commit:
  sipa:
    utACK e73f6f8
  real-or-random:
    utACK e73f6f8

Tree-SHA512: c87a35a9f7f23d4bbb87a1ff0d40dd5fbd7d976719ca1027cad187ac44aa2db3ae887ac620639d2287c260e701a5963830b52048692d3e6b38b5eb6cdf17b854

Author: real-or-random

src/modules/ecdh/tests_impl.h

@@ -56,7 +56,7 @@ static void test_ecdh_generator_basepoint(void) {
         size_t point_ser_len = sizeof(point_ser);
         secp256k1_scalar s;
 
-        random_scalar_order(&s);
+        testutil_random_scalar_order(&s);
         secp256k1_scalar_get_b32(s_b32, &s);
 
         CHECK(secp256k1_ec_pubkey_create(CTX, &point[0], s_one) == 1);
@@ -95,7 +95,7 @@ static void test_bad_scalar(void) {
     secp256k1_pubkey point;
 
     /* Create random point */
-    random_scalar_order(&rand);
+    testutil_random_scalar_order(&rand);
     secp256k1_scalar_get_b32(s_rand, &rand);
     CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_rand) == 1);
 
@@ -127,7 +127,7 @@ static void test_result_basepoint(void) {
     CHECK(secp256k1_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1);
 
     for (i = 0; i < 2 * COUNT; i++) {
-        random_scalar_order(&rand);
+        testutil_random_scalar_order(&rand);
         secp256k1_scalar_get_b32(s, &rand);
         secp256k1_scalar_inverse(&rand, &rand);
         secp256k1_scalar_get_b32(s_inv, &rand);

src/modules/ellswift/tests_impl.h

@@ -229,9 +229,9 @@ void run_ellswift_tests(void) {
         secp256k1_ge g, g2;
         secp256k1_pubkey pubkey, pubkey2;
         /* Generate random public key and random randomizer. */
-        random_group_element_test(&g);
+        testutil_random_ge_test(&g);
         secp256k1_pubkey_save(&pubkey, &g);
-        secp256k1_testrand256(rnd32);
+        testrand256(rnd32);
         /* Convert the public key to ElligatorSwift and back. */
         secp256k1_ellswift_encode(CTX, ell64, &pubkey, rnd32);
         secp256k1_ellswift_decode(CTX, &pubkey2, ell64);
@@ -249,8 +249,8 @@ void run_ellswift_tests(void) {
         unsigned char ell64[64];
         int ret;
         /* Generate random secret key and random randomizer. */
-        if (i & 1) secp256k1_testrand256_test(auxrnd32);
-        random_scalar_order_test(&sec);
+        if (i & 1) testrand256_test(auxrnd32);
+        testutil_random_scalar_order_test(&sec);
         secp256k1_scalar_get_b32(sec32, &sec);
         /* Construct ElligatorSwift-encoded public keys for that key. */
         ret = secp256k1_ellswift_create(CTX, ell64, sec32, (i & 1) ? auxrnd32 : NULL);
@@ -271,11 +271,11 @@ void run_ellswift_tests(void) {
         secp256k1_pubkey pub;
         int ret;
         /* Generate random secret key. */
-        random_scalar_order_test(&sec);
+        testutil_random_scalar_order_test(&sec);
         secp256k1_scalar_get_b32(sec32, &sec);
         /* Generate random ElligatorSwift encoding for the remote key and decode it. */
-        secp256k1_testrand256_test(ell64);
-        secp256k1_testrand256_test(ell64 + 32);
+        testrand256_test(ell64);
+        testrand256_test(ell64 + 32);
         secp256k1_ellswift_decode(CTX, &pub, ell64);
         secp256k1_pubkey_load(CTX, &dec, &pub);
         secp256k1_gej_set_ge(&decj, &dec);
@@ -313,18 +313,18 @@ void run_ellswift_tests(void) {
             data = NULL;
         } else {
             hash_function = secp256k1_ellswift_xdh_hash_function_prefix;
-            secp256k1_testrand256_test(prefix64);
-            secp256k1_testrand256_test(prefix64 + 32);
+            testrand256_test(prefix64);
+            testrand256_test(prefix64 + 32);
             data = prefix64;
         }
 
         /* Generate random secret keys and random randomizers. */
-        secp256k1_testrand256_test(auxrnd32a);
-        secp256k1_testrand256_test(auxrnd32b);
-        random_scalar_order_test(&seca);
+        testrand256_test(auxrnd32a);
+        testrand256_test(auxrnd32b);
+        testutil_random_scalar_order_test(&seca);
         /* Draw secb uniformly at random to make sure that the secret keys
          * differ */
-        random_scalar_order(&secb);
+        testutil_random_scalar_order(&secb);
         secp256k1_scalar_get_b32(sec32a, &seca);
         secp256k1_scalar_get_b32(sec32b, &secb);
 
@@ -349,42 +349,42 @@ void run_ellswift_tests(void) {
         /* Verify that the shared secret doesn't match if other side's public key is incorrect. */
         /* For A (using a bad public key for B): */
         memcpy(ell64b_bad, ell64b, sizeof(ell64a_bad));
-        secp256k1_testrand_flip(ell64b_bad, sizeof(ell64b_bad));
+        testrand_flip(ell64b_bad, sizeof(ell64b_bad));
         ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data);
         CHECK(ret); /* Mismatching encodings don't get detected by secp256k1_ellswift_xdh. */
         CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
         /* For B (using a bad public key for A): */
         memcpy(ell64a_bad, ell64a, sizeof(ell64a_bad));
-        secp256k1_testrand_flip(ell64a_bad, sizeof(ell64a_bad));
+        testrand_flip(ell64a_bad, sizeof(ell64a_bad));
         ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data);
         CHECK(ret);
         CHECK(secp256k1_memcmp_var(share32_bad, share32b, 32) != 0);
 
         /* Verify that the shared secret doesn't match if the private key is incorrect. */
         /* For A: */
         memcpy(sec32a_bad, sec32a, sizeof(sec32a_bad));
-        secp256k1_testrand_flip(sec32a_bad, sizeof(sec32a_bad));
+        testrand_flip(sec32a_bad, sizeof(sec32a_bad));
         ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a_bad, 0, hash_function, data);
         CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
         /* For B: */
         memcpy(sec32b_bad, sec32b, sizeof(sec32b_bad));
-        secp256k1_testrand_flip(sec32b_bad, sizeof(sec32b_bad));
+        testrand_flip(sec32b_bad, sizeof(sec32b_bad));
         ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b_bad, 1, hash_function, data);
         CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32b, 32) != 0);
 
         if (hash_function != ellswift_xdh_hash_x32) {
             /* Verify that the shared secret doesn't match when a different encoding of the same public key is used. */
             /* For A (changing B's public key): */
             memcpy(auxrnd32b_bad, auxrnd32b, sizeof(auxrnd32b_bad));
-            secp256k1_testrand_flip(auxrnd32b_bad, sizeof(auxrnd32b_bad));
+            testrand_flip(auxrnd32b_bad, sizeof(auxrnd32b_bad));
             ret = secp256k1_ellswift_create(CTX, ell64b_bad, sec32b, auxrnd32b_bad);
             CHECK(ret);
             ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data);
             CHECK(ret);
             CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0);
             /* For B (changing A's public key): */
             memcpy(auxrnd32a_bad, auxrnd32a, sizeof(auxrnd32a_bad));
-            secp256k1_testrand_flip(auxrnd32a_bad, sizeof(auxrnd32a_bad));
+            testrand_flip(auxrnd32a_bad, sizeof(auxrnd32a_bad));
             ret = secp256k1_ellswift_create(CTX, ell64a_bad, sec32a, auxrnd32a_bad);
             CHECK(ret);
             ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data);

src/modules/extrakeys/tests_impl.h

@@ -23,9 +23,9 @@ static void test_xonly_pubkey(void) {
     int pk_parity;
     int i;
 
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     memset(ones32, 0xFF, 32);
-    secp256k1_testrand256(xy_sk);
+    testrand256(xy_sk);
     CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1);
 
@@ -95,7 +95,7 @@ static void test_xonly_pubkey(void) {
      * the curve) then xonly_pubkey_parse should fail as well. */
     for (i = 0; i < COUNT; i++) {
         unsigned char rand33[33];
-        secp256k1_testrand256(&rand33[1]);
+        testrand256(&rand33[1]);
         rand33[0] = SECP256K1_TAG_PUBKEY_EVEN;
         if (!secp256k1_ec_pubkey_parse(CTX, &pk, rand33, 33)) {
             memset(&xonly_pk, 1, sizeof(xonly_pk));
@@ -152,8 +152,8 @@ static void test_xonly_pubkey_tweak(void) {
     int i;
 
     memset(overflows, 0xff, sizeof(overflows));
-    secp256k1_testrand256(tweak);
-    secp256k1_testrand256(sk);
+    testrand256(tweak);
+    testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
 
@@ -190,7 +190,7 @@ static void test_xonly_pubkey_tweak(void) {
 
     /* Invalid pk with a valid tweak */
     memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk));
-    secp256k1_testrand256(tweak);
+    testrand256(tweak);
     CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak));
     CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk))  == 0);
 }
@@ -209,8 +209,8 @@ static void test_xonly_pubkey_tweak_check(void) {
     unsigned char tweak[32];
 
     memset(overflows, 0xff, sizeof(overflows));
-    secp256k1_testrand256(tweak);
-    secp256k1_testrand256(sk);
+    testrand256(tweak);
+    testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
 
@@ -256,7 +256,7 @@ static void test_xonly_pubkey_tweak_recursive(void) {
     unsigned char tweak[N_PUBKEYS - 1][32];
     int i;
 
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(CTX, &pk[0], sk) == 1);
     /* Add tweaks */
     for (i = 0; i < N_PUBKEYS - 1; i++) {
@@ -292,7 +292,7 @@ static void test_keypair(void) {
     memset(overflows, 0xFF, sizeof(overflows));
 
     /* Test keypair_create */
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
@@ -311,7 +311,7 @@ static void test_keypair(void) {
     CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0);
 
     /* Test keypair_pub */
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1);
     CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, NULL, &keypair));
@@ -330,7 +330,7 @@ static void test_keypair(void) {
     CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0);
 
     /** Test keypair_xonly_pub **/
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1);
     CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair));
@@ -353,7 +353,7 @@ static void test_keypair(void) {
     CHECK(pk_parity == pk_parity_tmp);
 
     /* Test keypair_seckey */
-    secp256k1_testrand256(sk);
+    testrand256(sk);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1);
     CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, NULL, &keypair));
@@ -381,8 +381,8 @@ static void test_keypair_add(void) {
     int i;
 
     CHECK(sizeof(zeros96) == sizeof(keypair));
-    secp256k1_testrand256(sk);
-    secp256k1_testrand256(tweak);
+    testrand256(sk);
+    testrand256(tweak);
     memset(overflows, 0xFF, 32);
     CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
 
@@ -407,7 +407,7 @@ static void test_keypair_add(void) {
     for (i = 0; i < COUNT; i++) {
         secp256k1_scalar scalar_tweak;
         secp256k1_keypair keypair_tmp;
-        secp256k1_testrand256(sk);
+        testrand256(sk);
         CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1);
         memcpy(&keypair_tmp, &keypair, sizeof(keypair));
         /* Because sk may be negated before adding, we need to try with tweak =
@@ -423,7 +423,7 @@ static void test_keypair_add(void) {
 
     /* Invalid keypair with a valid tweak */
     memset(&keypair, 0, sizeof(keypair));
-    secp256k1_testrand256(tweak);
+    testrand256(tweak);
     CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak));
     CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair))  == 0);
     /* Only seckey part of keypair invalid */
@@ -446,7 +446,7 @@ static void test_keypair_add(void) {
         unsigned char sk32[32];
         int pk_parity;
 
-        secp256k1_testrand256(tweak);
+        testrand256(tweak);
         CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1);
         CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1);
         CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1);

src/modules/recovery/tests_impl.h

@@ -25,7 +25,7 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c
     }
     /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
     memset(nonce32, 1, 32);
-    return secp256k1_testrand_bits(1);
+    return testrand_bits(1);
 }
 
 static void test_ecdsa_recovery_api(void) {
@@ -106,8 +106,8 @@ static void test_ecdsa_recovery_end_to_end(void) {
     /* Generate a random key and message. */
     {
         secp256k1_scalar msg, key;
-        random_scalar_order_test(&msg);
-        random_scalar_order_test(&key);
+        testutil_random_scalar_order_test(&msg);
+        testutil_random_scalar_order_test(&key);
         secp256k1_scalar_get_b32(privkey, &key);
         secp256k1_scalar_get_b32(message, &msg);
     }
@@ -141,7 +141,7 @@ static void test_ecdsa_recovery_end_to_end(void) {
     CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
     /* Serialize/destroy/parse signature and verify again. */
     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1);
-    sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255);
+    sig[testrand_bits(6)] += 1 + testrand_int(255);
     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1);
     CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1);
     CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0);

src/modules/schnorrsig/tests_exhaustive_impl.h

@@ -104,7 +104,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
                 unsigned char msg32[32];
-                secp256k1_testrand256(msg32);
+                testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, sig64, msg32, sizeof(msg32), pk32);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {
@@ -120,7 +120,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
                             expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER &&
                                            (s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER);
                         } else {
-                            secp256k1_testrand256(sig64 + 32);
+                            testrand256(sig64 + 32);
                             expect_valid = 0;
                         }
                         valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, sizeof(msg32), &pubkeys[d - 1]);
@@ -161,7 +161,7 @@ static void test_exhaustive_schnorrsig_sign(const secp256k1_context *ctx, unsign
             /* Generate random messages until all challenges have been tried. */
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
-                secp256k1_testrand256(msg32);
+                testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, sizeof(msg32), xonly_pubkey_bytes[d - 1]);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {