bitcoin-core · real-or-random · Sep 27, 2020 · Sep 26, 2020
diff --git a/src/modules/extrakeys/tests_impl.h b/src/modules/extrakeys/tests_impl.h
@@ -35,9 +35,9 @@ void test_xonly_pubkey(void) {
     secp256k1_context *sign = api_test_context(SECP256K1_CONTEXT_SIGN, &ecount);
     secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
 
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     memset(ones32, 0xFF, 32);
-    secp256k1_rand256(xy_sk);
+    secp256k1_testrand256(xy_sk);
     CHECK(secp256k1_ec_pubkey_create(sign, &pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &xonly_pk, &pk_parity, &pk) == 1);
 
@@ -120,7 +120,7 @@ void test_xonly_pubkey(void) {
      * the curve) then xonly_pubkey_parse should fail as well. */
     for (i = 0; i < count; i++) {
         unsigned char rand33[33];
-        secp256k1_rand256(&rand33[1]);
+        secp256k1_testrand256(&rand33[1]);
         rand33[0] = SECP256K1_TAG_PUBKEY_EVEN;
         if (!secp256k1_ec_pubkey_parse(ctx, &pk, rand33, 33)) {
             memset(&xonly_pk, 1, sizeof(xonly_pk));
@@ -154,8 +154,8 @@ void test_xonly_pubkey_tweak(void) {
     secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
 
     memset(overflows, 0xff, sizeof(overflows));
-    secp256k1_rand256(tweak);
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(tweak);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
 
@@ -198,7 +198,7 @@ void test_xonly_pubkey_tweak(void) {
 
     /* Invalid pk with a valid tweak */
     memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk));
-    secp256k1_rand256(tweak);
+    secp256k1_testrand256(tweak);
     ecount = 0;
     CHECK(secp256k1_xonly_pubkey_tweak_add(verify, &output_pk, &internal_xonly_pk, tweak) == 0);
     CHECK(ecount == 1);
@@ -228,8 +228,8 @@ void test_xonly_pubkey_tweak_check(void) {
     secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
 
     memset(overflows, 0xff, sizeof(overflows));
-    secp256k1_rand256(tweak);
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(tweak);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(ctx, &internal_pk, sk) == 1);
     CHECK(secp256k1_xonly_pubkey_from_pubkey(none, &internal_xonly_pk, &pk_parity, &internal_pk) == 1);
 
@@ -287,7 +287,7 @@ void test_xonly_pubkey_tweak_recursive(void) {
     unsigned char tweak[N_PUBKEYS - 1][32];
     int i;
 
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_ec_pubkey_create(ctx, &pk[0], sk) == 1);
     /* Add tweaks */
     for (i = 0; i < N_PUBKEYS - 1; i++) {
@@ -327,7 +327,7 @@ void test_keypair(void) {
 
     /* Test keypair_create */
     ecount = 0;
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(none, &keypair, sk) == 0);
     CHECK(memcmp(zeros96, &keypair, sizeof(keypair)) == 0);
     CHECK(ecount == 1);
@@ -349,7 +349,7 @@ void test_keypair(void) {
 
     /* Test keypair_pub */
     ecount = 0;
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_pub(none, &pk, &keypair) == 1);
     CHECK(secp256k1_keypair_pub(none, NULL, &keypair) == 0);
@@ -371,7 +371,7 @@ void test_keypair(void) {
 
     /** Test keypair_xonly_pub **/
     ecount = 0;
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_xonly_pub(none, &xonly_pk, &pk_parity, &keypair) == 1);
     CHECK(secp256k1_keypair_xonly_pub(none, NULL, &pk_parity, &keypair) == 0);
@@ -414,8 +414,8 @@ void test_keypair_add(void) {
     secp256k1_context *verify = api_test_context(SECP256K1_CONTEXT_VERIFY, &ecount);
 
     CHECK(sizeof(zeros96) == sizeof(keypair));
-    secp256k1_rand256(sk);
-    secp256k1_rand256(tweak);
+    secp256k1_testrand256(sk);
+    secp256k1_testrand256(tweak);
     memset(overflows, 0xFF, 32);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
 
@@ -444,7 +444,7 @@ void test_keypair_add(void) {
     for (i = 0; i < count; i++) {
         secp256k1_scalar scalar_tweak;
         secp256k1_keypair keypair_tmp;
-        secp256k1_rand256(sk);
+        secp256k1_testrand256(sk);
         CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
         memcpy(&keypair_tmp, &keypair, sizeof(keypair));
         /* Because sk may be negated before adding, we need to try with tweak =
@@ -460,7 +460,7 @@ void test_keypair_add(void) {
 
     /* Invalid keypair with a valid tweak */
     memset(&keypair, 0, sizeof(keypair));
-    secp256k1_rand256(tweak);
+    secp256k1_testrand256(tweak);
     ecount = 0;
     CHECK(secp256k1_keypair_xonly_tweak_add(verify, &keypair, tweak) == 0);
     CHECK(ecount == 1);
@@ -486,7 +486,7 @@ void test_keypair_add(void) {
         unsigned char pk32[32];
         int pk_parity;
 
-        secp256k1_rand256(tweak);
+        secp256k1_testrand256(tweak);
         CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);
         CHECK(secp256k1_keypair_xonly_tweak_add(ctx, &keypair, tweak) == 1);
         CHECK(secp256k1_keypair_xonly_pub(ctx, &output_pk, &pk_parity, &keypair) == 1);

diff --git a/src/modules/recovery/tests_impl.h b/src/modules/recovery/tests_impl.h
@@ -25,7 +25,7 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c
     }
     /* On the next run, return a valid nonce, but flip a coin as to whether or not to fail signing. */
     memset(nonce32, 1, 32);
-    return secp256k1_rand_bits(1);
+    return secp256k1_testrand_bits(1);
 }
 
 void test_ecdsa_recovery_api(void) {
@@ -196,7 +196,7 @@ void test_ecdsa_recovery_end_to_end(void) {
     CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
     /* Serialize/destroy/parse signature and verify again. */
     CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
-    sig[secp256k1_rand_bits(6)] += 1 + secp256k1_rand_int(255);
+    sig[secp256k1_testrand_bits(6)] += 1 + secp256k1_testrand_int(255);
     CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
     CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
     CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0);

diff --git a/src/modules/schnorrsig/tests_exhaustive_impl.h b/src/modules/schnorrsig/tests_exhaustive_impl.h
@@ -100,7 +100,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
                 unsigned char msg32[32];
-                secp256k1_rand256(msg32);
+                secp256k1_testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, sig64, msg32, pk32);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {
@@ -116,7 +116,7 @@ static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, cons
                             expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER &&
                                            (s_s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER);
                         } else {
-                            secp256k1_rand256(sig64 + 32);
+                            secp256k1_testrand256(sig64 + 32);
                             expect_valid = 0;
                         }
                         valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, &pubkeys[d - 1]);
@@ -153,7 +153,7 @@ static void test_exhaustive_schnorrsig_sign(const secp256k1_context *ctx, unsign
             /* Generate random messages until all challenges have been tried. */
             while (e_count_done < EXHAUSTIVE_TEST_ORDER) {
                 secp256k1_scalar e;
-                secp256k1_rand256(msg32);
+                secp256k1_testrand256(msg32);
                 secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, xonly_pubkey_bytes[d - 1]);
                 /* Only do work if we hit a challenge we haven't tried before. */
                 if (!e_done[e]) {

diff --git a/src/modules/schnorrsig/tests_impl.h b/src/modules/schnorrsig/tests_impl.h
@@ -15,7 +15,7 @@
 void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) {
     unsigned char nonces[2][32];
     CHECK(nonce_function_bip340(nonces[0], args[0], args[1], args[2], args[3], args[4]) == 1);
-    secp256k1_rand_flip(args[n_flip], n_bytes);
+    secp256k1_testrand_flip(args[n_flip], n_bytes);
     CHECK(nonce_function_bip340(nonces[1], args[0], args[1], args[2], args[3], args[4]) == 1);
     CHECK(memcmp(nonces[0], nonces[1], 32) != 0);
 }
@@ -59,10 +59,10 @@ void run_nonce_function_bip340_tests(void) {
     secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized);
     test_sha256_eq(&sha, &sha_optimized);
 
-    secp256k1_rand256(msg);
-    secp256k1_rand256(key);
-    secp256k1_rand256(pk);
-    secp256k1_rand256(aux_rand);
+    secp256k1_testrand256(msg);
+    secp256k1_testrand256(key);
+    secp256k1_testrand256(pk);
+    secp256k1_testrand256(aux_rand);
 
     /* Check that a bitflip in an argument results in different nonces. */
     args[0] = msg;
@@ -124,10 +124,10 @@ void test_schnorrsig_api(void) {
     secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount);
     secp256k1_context_set_illegal_callback(both, counting_illegal_callback_fn, &ecount);
 
-    secp256k1_rand256(sk1);
-    secp256k1_rand256(sk2);
-    secp256k1_rand256(sk3);
-    secp256k1_rand256(msg);
+    secp256k1_testrand256(sk1);
+    secp256k1_testrand256(sk2);
+    secp256k1_testrand256(sk3);
+    secp256k1_testrand256(msg);
     CHECK(secp256k1_keypair_create(ctx, &keypairs[0], sk1) == 1);
     CHECK(secp256k1_keypair_create(ctx, &keypairs[1], sk2) == 1);
     CHECK(secp256k1_keypair_create(ctx, &keypairs[2], sk3) == 1);
@@ -675,7 +675,7 @@ void test_schnorrsig_sign(void) {
     unsigned char sig[64];
     unsigned char zeros64[64] = { 0 };
 
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
     CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);
 
@@ -703,32 +703,32 @@ void test_schnorrsig_sign_verify(void) {
     secp256k1_xonly_pubkey pk;
     secp256k1_scalar s;
 
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk));
     CHECK(secp256k1_keypair_xonly_pub(ctx, &pk, NULL, &keypair));
 
     for (i = 0; i < N_SIGS; i++) {
-        secp256k1_rand256(msg[i]);
+        secp256k1_testrand256(msg[i]);
         CHECK(secp256k1_schnorrsig_sign(ctx, sig[i], msg[i], &keypair, NULL, NULL));
         CHECK(secp256k1_schnorrsig_verify(ctx, sig[i], msg[i], &pk));
     }
 
     {
         /* Flip a few bits in the signature and in the message and check that
          * verify and verify_batch (TODO) fail */
-        size_t sig_idx = secp256k1_rand_int(N_SIGS);
-        size_t byte_idx = secp256k1_rand_int(32);
-        unsigned char xorbyte = secp256k1_rand_int(254)+1;
+        size_t sig_idx = secp256k1_testrand_int(N_SIGS);
+        size_t byte_idx = secp256k1_testrand_int(32);
+        unsigned char xorbyte = secp256k1_testrand_int(254)+1;
         sig[sig_idx][byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
         sig[sig_idx][byte_idx] ^= xorbyte;
 
-        byte_idx = secp256k1_rand_int(32);
+        byte_idx = secp256k1_testrand_int(32);
         sig[sig_idx][32+byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
         sig[sig_idx][32+byte_idx] ^= xorbyte;
 
-        byte_idx = secp256k1_rand_int(32);
+        byte_idx = secp256k1_testrand_int(32);
         msg[sig_idx][byte_idx] ^= xorbyte;
         CHECK(!secp256k1_schnorrsig_verify(ctx, sig[sig_idx], msg[sig_idx], &pk));
         msg[sig_idx][byte_idx] ^= xorbyte;
@@ -766,7 +766,7 @@ void test_schnorrsig_taproot(void) {
     unsigned char sig[64];
 
     /* Create output key */
-    secp256k1_rand256(sk);
+    secp256k1_testrand256(sk);
     CHECK(secp256k1_keypair_create(ctx, &keypair, sk) == 1);
     CHECK(secp256k1_keypair_xonly_pub(ctx, &internal_pk, NULL, &keypair) == 1);
     /* In actual taproot the tweak would be hash of internal_pk */
@@ -776,7 +776,7 @@ void test_schnorrsig_taproot(void) {
     CHECK(secp256k1_xonly_pubkey_serialize(ctx, output_pk_bytes, &output_pk) == 1);
 
     /* Key spend */
-    secp256k1_rand256(msg);
+    secp256k1_testrand256(msg);
     CHECK(secp256k1_schnorrsig_sign(ctx, sig, msg, &keypair, NULL, NULL) == 1);
     /* Verify key spend */
     CHECK(secp256k1_xonly_pubkey_parse(ctx, &output_pk, output_pk_bytes) == 1);

diff --git a/src/testrand.h b/src/testrand.h
@@ -14,34 +14,34 @@
 /* A non-cryptographic RNG used only for test infrastructure. */
 
 /** Seed the pseudorandom number generator for testing. */
-SECP256K1_INLINE static void secp256k1_rand_seed(const unsigned char *seed16);
+SECP256K1_INLINE static void secp256k1_testrand_seed(const unsigned char *seed16);
 
 /** Generate a pseudorandom number in the range [0..2**32-1]. */
-static uint32_t secp256k1_rand32(void);
+static uint32_t secp256k1_testrand32(void);
 
 /** Generate a pseudorandom number in the range [0..2**bits-1]. Bits must be 1 or
  *  more. */
-static uint32_t secp256k1_rand_bits(int bits);
+static uint32_t secp256k1_testrand_bits(int bits);
 
 /** Generate a pseudorandom number in the range [0..range-1]. */
-static uint32_t secp256k1_rand_int(uint32_t range);
+static uint32_t secp256k1_testrand_int(uint32_t range);
 
 /** Generate a pseudorandom 32-byte array. */
-static void secp256k1_rand256(unsigned char *b32);
+static void secp256k1_testrand256(unsigned char *b32);
 
 /** Generate a pseudorandom 32-byte array with long sequences of zero and one bits. */
-static void secp256k1_rand256_test(unsigned char *b32);
+static void secp256k1_testrand256_test(unsigned char *b32);
 
 /** Generate pseudorandom bytes with long sequences of zero and one bits. */
-static void secp256k1_rand_bytes_test(unsigned char *bytes, size_t len);
+static void secp256k1_testrand_bytes_test(unsigned char *bytes, size_t len);
 
 /** Flip a single random bit in a byte array */
-static void secp256k1_rand_flip(unsigned char *b, size_t len);
+static void secp256k1_testrand_flip(unsigned char *b, size_t len);
 
 /** Initialize the test RNG using (hex encoded) array up to 16 bytes, or randomly if hexseed is NULL. */
-static void secp256k1_rand_init(const char* hexseed);
+static void secp256k1_testrand_init(const char* hexseed);
 
 /** Print final test information. */
-static void secp256k1_rand_finish(void);
+static void secp256k1_testrand_finish(void);
 
 #endif /* SECP256K1_TESTRAND_H */