test: add simple BIP-352 test with mixed plain/taproot inputs

theStack · theStack · commit c9882bc6698d · 2023-12-23T16:52:40.000+01:00
diff --git a/src/modules/silentpayments/tests_impl.h b/src/modules/silentpayments/tests_impl.h
@@ -0,0 +1,105 @@
+/***********************************************************************
+ * Distributed under the MIT software license, see the accompanying    *
+ * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
+ ***********************************************************************/
+
+#ifndef SECP256K1_MODULE_SILENTPAYMENTS_TESTS_H
+#define SECP256K1_MODULE_SILENTPAYMENTS_TESTS_H
+
+#include "../../../include/secp256k1_silentpayments.h"
+
+void run_silentpayments_tests(void) {
+    /* BIP-352 test vector
+     * "Single recipient: taproot input with odd y-value and non-taproot input" */
+    unsigned char outpoints_hash[32] = {
+        0x21,0x0f,0xef,0x5d,0x62,0x4d,0xb1,0x7c,0x96,0x5c,0x75,0x97,0xe2,0xc6,0xc9,0xf6,
+        0x0e,0xf4,0x40,0xc8,0x31,0xd1,0x49,0xc4,0x35,0x67,0xc5,0x01,0x58,0x55,0x7f,0x12
+    };
+    unsigned char input_privkeys_plain[32] = {
+        0x8d,0x47,0x51,0xf6,0xe8,0xa3,0x58,0x68,0x80,0xfb,0x66,0xc1,0x9a,0xe2,0x77,0x96,
+        0x9b,0xd5,0xaa,0x06,0xf6,0x1c,0x4e,0xe2,0xf1,0xe2,0x48,0x6e,0xfd,0xf6,0x66,0xd3
+    };
+    unsigned char input_privkeys_taproot[32] = {
+        0x03,0x78,0xe9,0x56,0x85,0xb7,0x45,0x65,0xfa,0x56,0x75,0x1b,0x84,0xa3,0x2d,0xfd,
+        0x18,0x54,0x5d,0x10,0xd6,0x91,0x64,0x1b,0x83,0x72,0xe3,0x21,0x64,0xfa,0xd6,0x6a
+    };
+    unsigned char input_pubkeys_plain[33] = {0x03,
+        0xe0,0xec,0x4f,0x64,0xb3,0xfa,0x2e,0x46,0x3c,0xcf,0xcf,0x4e,0x85,0x6e,0x37,0xd5,
+        0xe1,0xe2,0x02,0x75,0xbc,0x89,0xec,0x1d,0xef,0x9e,0xb0,0x98,0xef,0xf1,0xf8,0x5d
+    };
+    unsigned char input_pubkeys_xonly[32] = {
+        0x78,0x2e,0xeb,0x91,0x34,0x31,0xca,0x6e,0x9b,0x8c,0x2f,0xd8,0x0a,0x5f,0x72,0xed,
+        0x20,0x24,0xef,0x72,0xa3,0xc6,0xfb,0x10,0x26,0x3c,0x37,0x99,0x37,0x32,0x33,0x38
+    };
+    unsigned char receiver_scan_privkey[32] = {
+        0x0f,0x69,0x4e,0x06,0x80,0x28,0xa7,0x17,0xf8,0xaf,0x6b,0x94,0x11,0xf9,0xa1,0x33,
+        0xdd,0x35,0x65,0x25,0x87,0x14,0xcc,0x22,0x65,0x94,0xb3,0x4d,0xb9,0x0c,0x1f,0x2c
+    };
+    unsigned char receiver_scan_pubkey[33] = {0x02,
+        0x20,0xbc,0xfa,0xc5,0xb9,0x9e,0x04,0xad,0x1a,0x06,0xdd,0xfb,0x01,0x6e,0xe1,0x35,
+        0x82,0x60,0x9d,0x60,0xb6,0x29,0x1e,0x98,0xd0,0x1a,0x9b,0xc9,0xa1,0x6c,0x96,0xd4
+    };
+    unsigned char receiver_spend_privkey[32] = {
+        0x9d,0x6a,0xd8,0x55,0xce,0x34,0x17,0xef,0x84,0xe8,0x36,0x89,0x2e,0x5a,0x56,0x39,
+        0x2b,0xfb,0xa0,0x5f,0xa5,0xd9,0x7c,0xce,0xa3,0x0e,0x26,0x6f,0x54,0x0e,0x08,0xb3
+    };
+    unsigned char receiver_spend_pubkey[33] = {0x02,
+        0x5c,0xc9,0x85,0x6d,0x6f,0x83,0x75,0x35,0x0e,0x12,0x39,0x78,0xda,0xac,0x20,0x0c,
+        0x26,0x0c,0xb5,0xb5,0xae,0x83,0x10,0x6c,0xab,0x90,0x48,0x4d,0xcd,0x8f,0xcf,0x36
+    };
+    unsigned char output_expected[32] = {
+        0x75,0xf5,0x01,0xf3,0x19,0xdb,0x54,0x9a,0xaa,0x61,0x37,0x17,0xbd,0x7a,0xf4,0x4d,
+        0xa5,0x66,0xd4,0xd8,0x59,0xb6,0x7f,0xe4,0x36,0x94,0x65,0x64,0xfa,0xfc,0x47,0xa3
+    };
+    unsigned char privkey_tweak_expected[32] = {
+        0x61,0x9a,0x5a,0x59,0xa1,0x6d,0x4a,0x8e,0x85,0x7e,0xf4,0x8e,0x63,0xef,0x7c,0x81,
+        0x95,0xc8,0x58,0x19,0x1d,0x4e,0x82,0x62,0x05,0xe8,0x43,0x8a,0xb7,0x0d,0x05,0x9e
+    };
+
+    unsigned char shared_secret_sender[33];
+    unsigned char shared_secret_receiver[33];
+    unsigned char public_tweak_data[33];
+    unsigned char private_tweak_data[32];
+    secp256k1_xonly_pubkey output_expected_xonly_obj;
+    secp256k1_xonly_pubkey output_calculated_xonly_obj;
+    unsigned char output_calculated[32];
+    unsigned char privkey_calculated[32];
+    unsigned char privkey_expected[32];
+
+    /* convert raw key material into secp256k1 objects where necessary */
+    secp256k1_pubkey input_pubkey_plain_obj, receiver_scan_pubkey_obj, receiver_spend_pubkey_obj;
+    secp256k1_xonly_pubkey input_pubkey_xonly_obj;
+    CHECK(secp256k1_ec_pubkey_parse(CTX, &input_pubkey_plain_obj, input_pubkeys_plain, 33));
+    CHECK(secp256k1_ec_pubkey_parse(CTX, &receiver_scan_pubkey_obj, receiver_scan_pubkey, 33));
+    CHECK(secp256k1_ec_pubkey_parse(CTX, &receiver_spend_pubkey_obj, receiver_spend_pubkey, 33));
+    CHECK(secp256k1_xonly_pubkey_parse(CTX, &input_pubkey_xonly_obj, input_pubkeys_xonly));
+    CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_expected_xonly_obj, output_expected));
+
+    /* create shared secret from sender and receiver perspective, and check that they match */
+    CHECK(secp256k1_silentpayments_create_private_tweak_data(CTX, private_tweak_data,
+        input_privkeys_plain, 1, input_privkeys_taproot, 1, outpoints_hash));
+    CHECK(secp256k1_silentpayments_send_create_shared_secret(CTX, shared_secret_sender,
+        private_tweak_data, &receiver_scan_pubkey_obj));
+
+    CHECK(secp256k1_silentpayments_create_public_tweak_data(CTX, public_tweak_data,
+        &input_pubkey_plain_obj, 1, &input_pubkey_xonly_obj, 1, outpoints_hash));
+    CHECK(secp256k1_silentpayments_receive_create_shared_secret(CTX, shared_secret_receiver,
+        public_tweak_data, receiver_scan_privkey));
+
+    CHECK(secp256k1_memcmp_var(shared_secret_sender, shared_secret_receiver, 33) == 0);
+
+    /* check that calculated silent payments output matches */
+    CHECK(secp256k1_silentpayments_create_output_pubkey(CTX, &output_calculated_xonly_obj,
+        shared_secret_sender, &receiver_spend_pubkey_obj, 0, NULL));
+    CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_calculated, &output_calculated_xonly_obj));
+    CHECK(secp256k1_memcmp_var(output_calculated, output_expected, 32) == 0);
+
+    /* check that calculated silent payment output spending private key matches */
+    memcpy(privkey_expected, receiver_spend_privkey, 32);
+    CHECK(secp256k1_ec_seckey_tweak_add(CTX, privkey_expected, privkey_tweak_expected));
+    CHECK(secp256k1_silentpayments_create_output_seckey(CTX, privkey_calculated,
+        shared_secret_receiver, receiver_spend_privkey, 0, NULL));
+    CHECK(secp256k1_memcmp_var(privkey_calculated, privkey_expected, 32) == 0);
+}
+
+#endif
diff --git a/src/tests.c b/src/tests.c
@@ -7287,6 +7287,10 @@ static void run_ecdsa_wycheproof(void) {
 # include "modules/ellswift/tests_impl.h"
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+# include "modules/silentpayments/tests_impl.h"
+#endif
+
 static void run_secp256k1_memczero_test(void) {
     unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
     unsigned char buf2[sizeof(buf1)];
@@ -7635,6 +7639,10 @@ int main(int argc, char **argv) {
     run_ellswift_tests();
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+    run_silentpayments_tests();
+#endif
+
     /* util tests */
     run_secp256k1_memczero_test();
     run_secp256k1_byteorder_tests();
