Cross tests with libecc

[BerryYoghurt]

See #1108

TODO:

• [x] Try the test test_secp256k1_sign_libecc_verify(). (I still need to figure out how to try it without the whole ci overhead)
• [x] Write a test to sign with libecc and verify with libsecp256k1
• [x] Perform a byte-by-byte comparison
• [ ] Add to ci properly

[BerryYoghurt]

Do you have some instructions on how to build this together with libecc, so that people can play around with it?

The way I build them is a bit hacky and I am actually looking for a better way. But here it is:

1. clone libecc into the secp256k1/src
2. build libecc with CFLAGS="-W -Werror -Wextra -Wall -pedantic -fno-builtin -O3 -DWITH_LIBECC_CONFIG_OVERRIDE -DWITH_CURVE_SECP256K1 -DWITH_HASH_SHA256 -DWITH_SIG_ECDSA -DWITH_SIG_DECDSA -DWITH_HMAC -DWITH_STDLIB -fPIC" make debug (I used debug to know why tests failed when they did)
3. compile the tests.c file with gcc -ggdb -Wall -Wextra -Wno-unused-function tests.c ./precomputed_*.c ./libecc/src/external_deps/rand.o -I.. -L./libecc/build -lsign -o tests -D ECMULT_GEN_PREC_BITS=4 -D ECMULT_WINDOW_SIZE=15 -DENABLE_LIBECC_TESTS -DWITH_STDLIB -DWITH_LIBECC_CONFIG_OVERRIDE -DWITH_CURVE_SECP256K1 -DWITH_HASH_SHA256 -DWITH_SIG_ECDSA -DWITH_SIG_DECDSA -DWITH_HMAC . I don't like that I have to (seemingly?) compile libecc twice. So I was thinking I could just declare the structs and functions I use in a little header file to be a part of libsecp, but I was postponing this decision till the end.
4. run ./tests 1 (to reach the libecc cross-tests quickly)

EDIT: modified to accommodate deterministic ECDSA

[BerryYoghurt]

I think the next step would be to try to produce the same signature with libsecp256k1 and libecc, and see if they match exactly. This should work out as libecc also uses deterministic ECDSA with RFC6979, so it should be the exact same algorithm. (If not, we need to see if they do something differently, and you may need to switch to their low-level function https://github.com/ANSSI-FR/libecc/blob/master/src/sig/fuzzing_ecdsa.c#L31.)

By this, do you mean comparing the signatures byte by byte?

[real-or-random]

By this, do you mean comparing the signatures byte by byte?

Yes, the serialized representations should be identical byte by byte.

[BerryYoghurt]

I am having some difficulty in including libecc cleanly.

What I thought I could do:

1. Write a header file libsig.h in src of libsecp256k1. In this header, forward declare all libecc structs and functions which will be used in tests.c. Include this file in tests.c, naturally.
2. Clone libecc in any directory, x, and build it. Then link the archive while compiling tests.c.

But the problem I'm facing right now is that most (if not all) libecc's structs are anonymous (e.g., https://github.com/ANSSI-FR/libecc/blob/master/src/curves/ec_params.h#L51), and anonymous structs cannot be forward-declared.

I think there must be a way of "plugging in" libecc's archive without compiling it twice..

Any help would be appreciated!

[real-or-random]

Hm, I'm not sure I can follow. So why would you want to forward-declare those?

So the usual way to use a C library is include its header in your source file and then later link against the compiled library. So you would

1. Create a file src/libecc-tests.c or similar (you could also use tests.c but I think a separate program will be cleaner, just make sure you #include "secp256k1.c like in tests.c to have full access to all internal functions).
2. Then include libsig.h from libecc,
3. which makes sure you can call public libecc functions in your src/libecc-tests.c
4. if you link to libecc later.

Or if item 1 adds complexity, first skip it and use the existing tests.c.

Or is the problem that you need access to internal functions or types of libecc?