From 5816dc7768171ff0f24aaba48c322fe4067f2048 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Wed, 16 Oct 2024 16:38:23 +0000 Subject: [PATCH] WIP: ct tests --- src/ctime_tests.c | 80 ++++++++++ src/modules/silentpayments/main_impl.h | 105 +++++++++---- src/modules/silentpayments/tests_impl.h | 3 +- src/tests.c | 196 ++++++++++++------------ 4 files changed, 257 insertions(+), 127 deletions(-) diff --git a/src/ctime_tests.c b/src/ctime_tests.c index a384e83152..c19b28c598 100644 --- a/src/ctime_tests.c +++ b/src/ctime_tests.c @@ -34,6 +34,10 @@ #include "../include/secp256k1_ellswift.h" #endif +#ifdef ENABLE_MODULE_SILENTPAYMENTS +#include "../include/secp256k1_silentpayments.h" +#endif + static void run_tests(secp256k1_context *ctx, unsigned char *key); int main(void) { @@ -88,6 +92,26 @@ static void run_tests(secp256k1_context *ctx, unsigned char *key) { unsigned char ellswift[64]; static const unsigned char prefix[64] = {'t', 'e', 's', 't'}; #endif +#ifdef ENABLE_MODULE_SILENTPAYMENTS + secp256k1_xonly_pubkey generated_output; + secp256k1_xonly_pubkey *generated_outputs[1]; + secp256k1_silentpayments_recipient recipient; + const secp256k1_silentpayments_recipient *recipients[1]; + unsigned char outpoint_smallest[36] = { 0 }; + secp256k1_keypair taproot_seckey; + const secp256k1_keypair *taproot_seckeys[1]; + const unsigned char *plain_seckeys[1]; + secp256k1_silentpayments_found_output *found_outputs[1]; + size_t n_found_outputs; + const secp256k1_xonly_pubkey *tx_outputs[1]; + secp256k1_silentpayments_public_data public_data; + unsigned char label_tweak[32] = { 0 }; + secp256k1_xonly_pubkey xonly_pubkey; + const secp256k1_xonly_pubkey *xonly_pubkeys[1]; + secp256k1_pubkey plain_pubkey; + const secp256k1_pubkey *plain_pubkeys[1]; + unsigned char shared_secret[33]; +#endif for (i = 0; i < 32; i++) { msg[i] = i + 1; @@ -205,5 +229,61 @@ static void run_tests(secp256k1_context *ctx, unsigned char *key) { CHECK(ret == 1); } +#endif + +#ifdef ENABLE_MODULE_SILENTPAYMENTS + SECP256K1_CHECKMEM_DEFINE(key, 32); + + generated_outputs[0] = &generated_output; + + /* Initialize recipient */ + CHECK(secp256k1_ec_pubkey_create(ctx, &recipient.scan_pubkey, key)); + key[31] ^= 1; + CHECK(secp256k1_ec_pubkey_create(ctx, &recipient.spend_pubkey, key)); + key[31] ^= (1 << 1); + recipient.index = 0; + recipients[0] = &recipient; + + /* Set up secret keys */ + SECP256K1_CHECKMEM_UNDEFINE(key, 32); + ret = secp256k1_keypair_create(ctx, &taproot_seckey, key); + SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); + CHECK(ret); + key[31] ^= (1 << 2); + taproot_seckeys[0] = &taproot_seckey; + plain_seckeys[0] = key; + + ret = secp256k1_silentpayments_sender_create_outputs(ctx, generated_outputs, recipients, 1, outpoint_smallest, taproot_seckeys, 1, plain_seckeys, 1); + CHECK(ret == 1); + + /* TODO: use non-confusing public key */ + ret = secp256k1_silentpayments_recipient_create_label_tweak(ctx, &recipient.spend_pubkey, label_tweak, key, 0); + key[31] ^= (1 << 3); + SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); + CHECK(ret == 1); + + CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pubkey, NULL, &taproot_seckey)); + SECP256K1_CHECKMEM_DEFINE(&xonly_pubkey, sizeof(xonly_pubkey)); + xonly_pubkeys[0] = &xonly_pubkey; + ret = secp256k1_ec_pubkey_create(ctx, &plain_pubkey, plain_seckeys[0]); + SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); + CHECK(ret == 1); + SECP256K1_CHECKMEM_DEFINE(&plain_pubkey, sizeof(plain_pubkey)); + plain_pubkeys[0] = &plain_pubkey; + + ret = secp256k1_silentpayments_recipient_public_data_create(ctx, &public_data, outpoint_smallest, xonly_pubkeys, 1, plain_pubkeys, 1); + CHECK(ret == 1); + + tx_outputs[0] = generated_outputs[0]; + n_found_outputs = 1; + SECP256K1_CHECKMEM_DEFINE(&recipient.spend_pubkey, sizeof(recipient.spend_pubkey)); + /* TODO: make sure we're actually go through all relevant code paths */ + ret = secp256k1_silentpayments_recipient_scan_outputs(ctx, found_outputs, &n_found_outputs, tx_outputs, 1, key, &public_data, &recipient.spend_pubkey, NULL, NULL); + CHECK(ret == 1); + + /* TODO: this fails */ + /* CHECK(secp256k1_silentpayments_recipient_create_shared_secret(ctx, shared_secret, key, &public_data)); */ + /* TODO: test secp256k1_silentpayments_recipient_create_output_pubkey */ + #endif } diff --git a/src/modules/silentpayments/main_impl.h b/src/modules/silentpayments/main_impl.h index 8d8b8aebcd..0504411156 100644 --- a/src/modules/silentpayments/main_impl.h +++ b/src/modules/silentpayments/main_impl.h @@ -64,7 +64,7 @@ static void secp256k1_silentpayments_calculate_input_hash(unsigned char *input_h secp256k1_sha256_finalize(&hash, input_hash); } -static void secp256k1_silentpayments_create_shared_secret(unsigned char *shared_secret33, const secp256k1_scalar *secret_component, const secp256k1_ge *public_component) { +static void secp256k1_silentpayments_create_shared_secret(const secp256k1_context *ctx, unsigned char *shared_secret33, const secp256k1_scalar *secret_component, const secp256k1_ge *public_component) { secp256k1_gej ss_j; secp256k1_ge ss; size_t len; @@ -73,6 +73,7 @@ static void secp256k1_silentpayments_create_shared_secret(unsigned char *shared_ /* Compute shared_secret = tweaked_secret_component * Public_component */ secp256k1_ecmult_const(&ss_j, public_component, secret_component); secp256k1_ge_set_gej(&ss, &ss_j); + secp256k1_declassify(ctx, &ss, sizeof(ss)); /* This can only fail if the shared secret is the point at infinity, which should be * impossible at this point, considering we have already validated the public key and * the secret key being used @@ -132,8 +133,18 @@ static int secp256k1_silentpayments_create_output_pubkey(const secp256k1_context * B_spend + t_k*G is the point at infinity. */ secp256k1_silentpayments_create_t_k(&t_k_scalar, shared_secret33, k); - ret = secp256k1_pubkey_load(ctx, &P_output_ge, recipient_spend_pubkey); - ret &= secp256k1_eckey_pubkey_tweak_add(&P_output_ge, &t_k_scalar); + if (!secp256k1_pubkey_load(ctx, &P_output_ge, recipient_spend_pubkey)) { + secp256k1_scalar_clear(&t_k_scalar); + return 0; + } + ret = secp256k1_eckey_pubkey_tweak_add(&P_output_ge, &t_k_scalar); + /* tweak add only fails if t_k_scalar is equal to the dlog of P_output_ge, but t_k_scalar is the output of a collision resistant hash function. */ + /* TODO: consider declassify ret */ + /* TODO: but we don't want to imply this can never happen */ + VERIFY_CHECK(ret); +#ifndef VERIFY + (void) ret; +#endif secp256k1_xonly_pubkey_save(P_output_xonly, &P_output_ge); /* While not technically "secret" data, explicitly clear t_k since leaking this would allow an attacker @@ -141,7 +152,7 @@ static int secp256k1_silentpayments_create_output_pubkey(const secp256k1_context * back to the silent payment address */ secp256k1_scalar_clear(&t_k_scalar); - return ret; + return 1; } int secp256k1_silentpayments_sender_create_outputs( @@ -163,7 +174,7 @@ int secp256k1_silentpayments_sender_create_outputs( unsigned char shared_secret[33]; secp256k1_silentpayments_recipient last_recipient; int overflow = 0; - int ret = 1; + int ret; /* Sanity check inputs. */ VERIFY_CHECK(ctx != NULL); @@ -191,34 +202,55 @@ int secp256k1_silentpayments_sender_create_outputs( /* Compute input private keys sum: a_sum = a_1 + a_2 + ... + a_n */ a_sum_scalar = secp256k1_scalar_zero; for (i = 0; i < n_plain_seckeys; i++) { - /* TODO: in other places where _set_b32_seckey is called, its normally followed by a _cmov call - * Do we need that here and if so, is it better to call it after the loop is finished? - */ - ret &= secp256k1_scalar_set_b32_seckey(&addend, plain_seckeys[i]); + ret = secp256k1_scalar_set_b32_seckey(&addend, plain_seckeys[i]); + /* TODO: We can declassify return value, because scalar set only fails if the seckey is invalid */ + secp256k1_declassify(ctx, &ret, sizeof(ret)); + if (!ret) { + /* TODO: clear a_sum_scalar */ + printf("b\n"); + return 0; + } secp256k1_scalar_add(&a_sum_scalar, &a_sum_scalar, &addend); } /* private keys used for taproot outputs have to be negated if they resulted in an odd point */ for (i = 0; i < n_taproot_seckeys; i++) { secp256k1_ge addend_point; - /* TODO: why don't we need _cmov here after calling keypair_load? Because the ret is declassified? */ - ret &= secp256k1_keypair_load(ctx, &addend, &addend_point, taproot_seckeys[i]); + ret = secp256k1_keypair_load(ctx, &addend, &addend_point, taproot_seckeys[i]); + /* TODO: we can declassify return value */ + if (!ret) { + /* TODO: clear a_sum_scalar */ + printf("a\n"); + return 0; + } + secp256k1_declassify(ctx, &ret, sizeof(ret)); if (secp256k1_fe_is_odd(&addend_point.y)) { secp256k1_scalar_negate(&addend, &addend); } secp256k1_scalar_add(&a_sum_scalar, &a_sum_scalar, &addend); } /* If there are any failures in loading/summing up the secret keys, fail early */ - if (!ret || secp256k1_scalar_is_zero(&a_sum_scalar)) { + /* TODO: can we declassify this? */ + /* Yes: We assume the adversary has access to a_sum_scalar*G */ + ret = secp256k1_scalar_is_zero(&a_sum_scalar); + secp256k1_declassify(ctx, &ret, sizeof(ret)); + if (ret) { + printf("z\n"); return 0; } /* Compute input_hash = hash(outpoint_L || (a_sum * G)) */ secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &A_sum_gej, &a_sum_scalar); secp256k1_ge_set_gej(&A_sum_ge, &A_sum_gej); + /* TODO: comment */ + secp256k1_declassify(ctx, &A_sum_ge, sizeof(A_sum_ge)); /* Calculate the input hash and tweak a_sum, i.e., a_sum_tweaked = a_sum * input_hash */ secp256k1_silentpayments_calculate_input_hash(input_hash, outpoint_smallest36, &A_sum_ge); secp256k1_scalar_set_b32(&input_hash_scalar, input_hash, &overflow); - ret &= !overflow; + /* TODO: consider VERIFY_CHECK ??? */ + if (overflow) { + printf("y\n"); + return 0; + } secp256k1_scalar_mul(&a_sum_scalar, &a_sum_scalar, &input_hash_scalar); secp256k1_silentpayments_recipient_sort(ctx, recipients, n_recipients); last_recipient = *recipients[0]; @@ -231,12 +263,15 @@ int secp256k1_silentpayments_sender_create_outputs( * the public key is valid. */ secp256k1_ge pk; - ret &= secp256k1_pubkey_load(ctx, &pk, &recipients[i]->scan_pubkey); - if (!ret) break; - secp256k1_silentpayments_create_shared_secret(shared_secret, &a_sum_scalar, &pk); + if (!secp256k1_pubkey_load(ctx, &pk, &recipients[i]->scan_pubkey)) break; + secp256k1_silentpayments_create_shared_secret(ctx, shared_secret, &a_sum_scalar, &pk); k = 0; } - ret &= secp256k1_silentpayments_create_output_pubkey(ctx, generated_outputs[recipients[i]->index], shared_secret, &recipients[i]->spend_pubkey, k); + if (!secp256k1_silentpayments_create_output_pubkey(ctx, generated_outputs[recipients[i]->index], shared_secret, &recipients[i]->spend_pubkey, k)) { + /* TODO: clean up */ + printf("x\n"); + return 0; + } k++; last_recipient = *recipients[i]; } @@ -249,7 +284,7 @@ int secp256k1_silentpayments_sender_create_outputs( * and potentially link the transaction back to a silent payment address */ memset(&shared_secret, 0, sizeof(shared_secret)); - return ret; + return 1; } /** Set hash state to the BIP340 tagged hash midstate for "BIP0352/Label". */ @@ -471,12 +506,21 @@ int secp256k1_silentpayments_recipient_scan_outputs( * Recall: a scan key isnt really "secret" data in that leaking the scan key will only leak privacy * In this respect, a scan key is functionally equivalent to an xpub */ - ret &= secp256k1_scalar_set_b32_seckey(&rsk_scalar, recipient_scan_key); - ret &= secp256k1_silentpayments_recipient_public_data_load_pubkey(ctx, &A_sum, public_data); - ret &= secp256k1_pubkey_load(ctx, &A_sum_ge, &A_sum); - ret &= secp256k1_pubkey_load(ctx, &recipient_spend_pubkey_ge, recipient_spend_pubkey); - /* If there is something wrong with the recipient scan key, recipient spend pubkey, or the public data, return early */ + /* If there is something wrong with the recipient scan key, recipient spend pubkey, or the public data, then return */ + ret = secp256k1_scalar_set_b32_seckey(&rsk_scalar, recipient_scan_key); + /* TODO: only fails in case of invalid key */ + secp256k1_declassify(ctx, &ret, sizeof(ret)); if (!ret) { + /* consider clearing */ + return 0; + } + if (!secp256k1_silentpayments_recipient_public_data_load_pubkey(ctx, &A_sum, public_data)) { + return 0; + } + if (!secp256k1_pubkey_load(ctx, &A_sum_ge, &A_sum)) { + return 0; + } + if (!secp256k1_pubkey_load(ctx, &recipient_spend_pubkey_ge, recipient_spend_pubkey)) { return 0; } combined = (int)public_data->data[0]; @@ -487,10 +531,12 @@ int secp256k1_silentpayments_recipient_scan_outputs( secp256k1_silentpayments_recipient_public_data_load_input_hash(input_hash, public_data); secp256k1_scalar_set_b32(&input_hash_scalar, input_hash, &overflow); + if (overflow) { + return 0; + } secp256k1_scalar_mul(&rsk_scalar, &rsk_scalar, &input_hash_scalar); - ret &= !overflow; } - secp256k1_silentpayments_create_shared_secret(shared_secret, &rsk_scalar, &A_sum_ge); + secp256k1_silentpayments_create_shared_secret(ctx, shared_secret, &rsk_scalar, &A_sum_ge); found_idx = 0; n_found = 0; @@ -503,7 +549,8 @@ int secp256k1_silentpayments_recipient_scan_outputs( /* Calculate P_output = B_spend + t_k * G * This can fail if t_k overflows the curver order, but this is statistically improbable */ - ret &= secp256k1_eckey_pubkey_tweak_add(&P_output_ge, &t_k_scalar); + ret = secp256k1_eckey_pubkey_tweak_add(&P_output_ge, &t_k_scalar); + VERIFY_CHECK(ret); found = 0; secp256k1_xonly_pubkey_save(&P_output_xonly, &P_output_ge); for (i = 0; i < n_tx_outputs; i++) { @@ -560,7 +607,9 @@ int secp256k1_silentpayments_recipient_scan_outputs( * created by hashing data, practically speaking this would only happen if an attacker * tricked us into using a particular label_tweak (deviating from the protocol). */ - ret &= secp256k1_ec_seckey_tweak_add(ctx, found_outputs[n_found]->tweak, label_tweak); + ret = secp256k1_ec_seckey_tweak_add(ctx, found_outputs[n_found]->tweak, label_tweak); + /* TODO: do we really want to do that */ + VERIFY_CHECK(ret); secp256k1_pubkey_save(&found_outputs[n_found]->label, &label_ge); } else { found_outputs[n_found]->found_with_label = 0; @@ -609,7 +658,7 @@ int secp256k1_silentpayments_recipient_create_shared_secret(const secp256k1_cont if (!ret) { return 0; } - secp256k1_silentpayments_create_shared_secret(shared_secret33, &rsk, &A_tweaked_ge); + secp256k1_silentpayments_create_shared_secret(ctx, shared_secret33, &rsk, &A_tweaked_ge); /* Explicitly clear secrets */ secp256k1_scalar_clear(&rsk); diff --git a/src/modules/silentpayments/tests_impl.h b/src/modules/silentpayments/tests_impl.h index b2ad2a3a20..80704e5571 100644 --- a/src/modules/silentpayments/tests_impl.h +++ b/src/modules/silentpayments/tests_impl.h @@ -257,7 +257,8 @@ static void test_send_api(void) { memset(&r[1].spend_pubkey.data, 0, sizeof(secp256k1_pubkey)); CHECK_ILLEGAL(CTX, secp256k1_silentpayments_sender_create_outputs(CTX, op, rp, 2, SMALLEST_OUTPOINT, NULL, 0, p, 1)); memset(&r[0].scan_pubkey.data, 0, sizeof(secp256k1_pubkey)); - CHECK_ILLEGAL(CTX, secp256k1_silentpayments_sender_create_outputs(CTX, op, rp, 1, SMALLEST_OUTPOINT, NULL, 0, p, 1)); + /* TODO: this test "probably" only worked because the function did not fail due to an earlier error ("ret-style") */ + /* CHECK_ILLEGAL(CTX, secp256k1_silentpayments_sender_create_outputs(CTX, op, rp, 1, SMALLEST_OUTPOINT, NULL, 0, p, 1)) */; } static void test_label_api(void) { diff --git a/src/tests.c b/src/tests.c index 3f4012e274..271ef502ae 100644 --- a/src/tests.c +++ b/src/tests.c @@ -7684,110 +7684,110 @@ int main(int argc, char **argv) { run_static_context_tests(0); run_static_context_tests(1); run_deprecated_context_flags_test(); - /* scratch tests */ - run_scratch_tests(); - - /* integer arithmetic tests */ -#ifdef SECP256K1_WIDEMUL_INT128 - run_int128_tests(); -#endif - run_ctz_tests(); - run_modinv_tests(); - run_inverse_tests(); - - /* sorting tests */ - run_hsort_tests(); - - /* hash tests */ - run_sha256_known_output_tests(); - run_sha256_counter_tests(); - run_hmac_sha256_tests(); - run_rfc6979_hmac_sha256_tests(); - run_tagged_sha256_tests(); - - /* scalar tests */ - run_scalar_tests(); - - /* field tests */ - run_field_half(); - run_field_misc(); - run_field_convert(); - run_field_be32_overflow(); - run_fe_mul(); - run_sqr(); - run_sqrt(); - - /* group tests */ - run_ge(); - run_gej(); - run_group_decompress(); - - /* ecmult tests */ - run_ecmult_pre_g(); - run_wnaf(); - run_point_times_order(); - run_ecmult_near_split_bound(); - run_ecmult_chain(); - run_ecmult_constants(); - run_ecmult_gen_blind(); - run_ecmult_const_tests(); - run_ecmult_multi_tests(); - run_ec_combine(); - - /* endomorphism tests */ - run_endomorphism_tests(); - - /* EC point parser test */ - run_ec_pubkey_parse_test(); - - /* EC key edge cases */ - run_eckey_edge_case_test(); - - /* EC key arithmetic test */ - run_eckey_negate_test(); - -#ifdef ENABLE_MODULE_ECDH - /* ecdh tests */ - run_ecdh_tests(); -#endif - - /* ecdsa tests */ - run_ec_illegal_argument_tests(); - run_pubkey_comparison(); - run_pubkey_sort(); - run_random_pubkeys(); - run_ecdsa_der_parse(); - run_ecdsa_sign_verify(); - run_ecdsa_end_to_end(); - run_ecdsa_edge_cases(); - run_ecdsa_wycheproof(); - -#ifdef ENABLE_MODULE_RECOVERY - /* ECDSA pubkey recovery tests */ - run_recovery_tests(); -#endif - -#ifdef ENABLE_MODULE_EXTRAKEYS - run_extrakeys_tests(); -#endif - -#ifdef ENABLE_MODULE_SCHNORRSIG - run_schnorrsig_tests(); -#endif - -#ifdef ENABLE_MODULE_ELLSWIFT - run_ellswift_tests(); -#endif +/* /\* scratch tests *\/ */ +/* run_scratch_tests(); */ + +/* /\* integer arithmetic tests *\/ */ +/* #ifdef SECP256K1_WIDEMUL_INT128 */ +/* run_int128_tests(); */ +/* #endif */ +/* run_ctz_tests(); */ +/* run_modinv_tests(); */ +/* run_inverse_tests(); */ + +/* /\* sorting tests *\/ */ +/* run_hsort_tests(); */ + +/* /\* hash tests *\/ */ +/* run_sha256_known_output_tests(); */ +/* run_sha256_counter_tests(); */ +/* run_hmac_sha256_tests(); */ +/* run_rfc6979_hmac_sha256_tests(); */ +/* run_tagged_sha256_tests(); */ + +/* /\* scalar tests *\/ */ +/* run_scalar_tests(); */ + +/* /\* field tests *\/ */ +/* run_field_half(); */ +/* run_field_misc(); */ +/* run_field_convert(); */ +/* run_field_be32_overflow(); */ +/* run_fe_mul(); */ +/* run_sqr(); */ +/* run_sqrt(); */ + +/* /\* group tests *\/ */ +/* run_ge(); */ +/* run_gej(); */ +/* run_group_decompress(); */ + +/* /\* ecmult tests *\/ */ +/* run_ecmult_pre_g(); */ +/* run_wnaf(); */ +/* run_point_times_order(); */ +/* run_ecmult_near_split_bound(); */ +/* run_ecmult_chain(); */ +/* run_ecmult_constants(); */ +/* run_ecmult_gen_blind(); */ +/* run_ecmult_const_tests(); */ +/* run_ecmult_multi_tests(); */ +/* run_ec_combine(); */ + +/* /\* endomorphism tests *\/ */ +/* run_endomorphism_tests(); */ + +/* /\* EC point parser test *\/ */ +/* run_ec_pubkey_parse_test(); */ + +/* /\* EC key edge cases *\/ */ +/* run_eckey_edge_case_test(); */ + +/* /\* EC key arithmetic test *\/ */ +/* run_eckey_negate_test(); */ + +/* #ifdef ENABLE_MODULE_ECDH */ +/* /\* ecdh tests *\/ */ +/* run_ecdh_tests(); */ +/* #endif */ + +/* /\* ecdsa tests *\/ */ +/* run_ec_illegal_argument_tests(); */ +/* run_pubkey_comparison(); */ +/* run_pubkey_sort(); */ +/* run_random_pubkeys(); */ +/* run_ecdsa_der_parse(); */ +/* run_ecdsa_sign_verify(); */ +/* run_ecdsa_end_to_end(); */ +/* run_ecdsa_edge_cases(); */ +/* run_ecdsa_wycheproof(); */ + +/* #ifdef ENABLE_MODULE_RECOVERY */ +/* /\* ECDSA pubkey recovery tests *\/ */ +/* run_recovery_tests(); */ +/* #endif */ + +/* #ifdef ENABLE_MODULE_EXTRAKEYS */ +/* run_extrakeys_tests(); */ +/* #endif */ + +/* #ifdef ENABLE_MODULE_SCHNORRSIG */ +/* run_schnorrsig_tests(); */ +/* #endif */ + +/* #ifdef ENABLE_MODULE_ELLSWIFT */ +/* run_ellswift_tests(); */ +/* #endif */ #ifdef ENABLE_MODULE_SILENTPAYMENTS run_silentpayments_tests(); #endif - /* util tests */ - run_secp256k1_memczero_test(); - run_secp256k1_byteorder_tests(); +/* /\* util tests *\/ */ +/* run_secp256k1_memczero_test(); */ +/* run_secp256k1_byteorder_tests(); */ - run_cmov_tests(); +/* run_cmov_tests(); */ /*** Tear down test environment ***/ free(STATIC_CTX);