test: remove a ton of rand feature-gating

Sometihng like half the tests in this crate are gated on "rand", most of
which are for dumb reasons (we are generating random keys from the
thread rng). By adding a non-feature=rand "random key generator" we can
enable these tests even without the rand feature.

We typically also have a gate on "std", which is needed to get the
thread rng, but in some cases this is the *only* reason to have a std
gate. So by eliminating the rand requirement we can make tests work in
nostd. We do this by implementing a parallel LCG which is obviously not
cryptographic but is fine for testing.

In the LLM-generated tests in musig2.rs we have some rand feature gates
for literally no reason at all :/. My bad.

In addition to dramatically increasing nostd test coverage, the new
"generate random keys" function also gives us an opportunity to use the
new global context API including rerandomization.

Author: apoelstra

src/ecdh.rs

@@ -192,11 +192,9 @@ mod tests {
     use crate::Secp256k1;
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
     fn ecdh() {
-        let s = Secp256k1::signing_only();
-        let (sk1, pk1) = s.generate_keypair(&mut rand::rng());
-        let (sk2, pk2) = s.generate_keypair(&mut rand::rng());
+        let (sk1, pk1) = crate::test_random_keypair();
+        let (sk2, pk2) = crate::test_random_keypair();
 
         let sec1 = SharedSecret::new(&pk2, &sk1);
         let sec2 = SharedSecret::new(&pk1, &sk2);

src/ecdsa/recovery.rs

@@ -250,17 +250,17 @@ mod tests {
     use crate::{Error, Message, Secp256k1, SecretKey};
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn capabilities() {
         let sign = Secp256k1::signing_only();
         let vrfy = Secp256k1::verification_only();
         let full = Secp256k1::new();
 
-        let msg = crate::random_32_bytes(&mut rand::rng());
+        let msg = crate::test_random_32_bytes();
         let msg = Message::from_digest(msg);
 
         // Try key generation
-        let (sk, pk) = full.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
 
         // Try signing
         assert_eq!(sign.sign_ecdsa_recoverable(msg, &sk), full.sign_ecdsa_recoverable(msg, &sk));
@@ -282,11 +282,10 @@ mod tests {
 
     #[test]
     #[cfg(not(secp256k1_fuzz))]  // fixed sig vectors can't work with fuzz-sigs
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     #[rustfmt::skip]
     fn sign() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
+        let s = Secp256k1::new();
 
         let sk = SecretKey::from_byte_array(ONE).unwrap();
         let msg = Message::from_digest(ONE);
@@ -307,11 +306,10 @@ mod tests {
 
     #[test]
     #[cfg(not(secp256k1_fuzz))]  // fixed sig vectors can't work with fuzz-sigs
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     #[rustfmt::skip]
     fn sign_with_noncedata() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
+        let s = Secp256k1::new();
 
         let sk = SecretKey::from_byte_array(ONE).unwrap();
         let msg = Message::from_digest(ONE);
@@ -332,68 +330,57 @@ mod tests {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn sign_and_verify_fail() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
-
-        let msg = crate::random_32_bytes(&mut rand::rng());
-        let msg = Message::from_digest(msg);
+        let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let msg = Message::from_digest(crate::test_random_32_bytes());
+        let (sk, pk) = crate::test_random_keypair();
 
         let sigr = s.sign_ecdsa_recoverable(msg, &sk);
         let sig = sigr.to_standard();
 
-        let msg = crate::random_32_bytes(&mut rand::rng());
-        let msg = Message::from_digest(msg);
+        let msg = Message::from_digest(crate::test_random_32_bytes());
         assert_eq!(s.verify_ecdsa(&sig, msg, &pk), Err(Error::IncorrectSignature));
 
         let recovered_key = s.recover_ecdsa(msg, &sigr).unwrap();
         assert!(recovered_key != pk);
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn sign_with_recovery() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
-
-        let msg = crate::random_32_bytes(&mut rand::rng());
-        let msg = Message::from_digest(msg);
+        let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let msg = Message::from_digest(crate::test_random_32_bytes());
+        let (sk, pk) = crate::test_random_keypair();
 
         let sig = s.sign_ecdsa_recoverable(msg, &sk);
 
         assert_eq!(s.recover_ecdsa(msg, &sig), Ok(pk));
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn sign_with_recovery_and_noncedata() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
-
-        let msg = crate::random_32_bytes(&mut rand::rng());
-        let msg = Message::from_digest(msg);
+        let s = Secp256k1::new();
 
-        let noncedata = [42u8; 32];
+        let msg = Message::from_digest(crate::test_random_32_bytes());
+        let noncedata = crate::test_random_32_bytes();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
 
         let sig = s.sign_ecdsa_recoverable_with_noncedata(msg, &sk, &noncedata);
 
         assert_eq!(s.recover_ecdsa(msg, &sig), Ok(pk));
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn bad_recovery() {
-        let mut s = Secp256k1::new();
-        s.randomize(&mut rand::rng());
+        let s = Secp256k1::new();
 
-        let msg = Message::from_digest([0x55; 32]);
+        let msg = Message::from_digest(crate::test_random_32_bytes());
 
         // Zero is not a valid sig
         let sig = RecoverableSignature::from_compact(&[0; 64], RecoveryId::Zero).unwrap();
@@ -454,22 +441,21 @@ mod tests {
 }
 
 #[cfg(bench)]
-#[cfg(all(feature = "rand", feature = "std"))] // Currently only a single bench that requires "rand" + "std".
+#[cfg(feature = "std")] // Currently only a single bench that requires "rand" + "std".
 mod benches {
     use test::{black_box, Bencher};
 
-    use super::{Message, Secp256k1};
+    use crate::{Message, Secp256k1, SecretKey};
 
     #[bench]
     pub fn bench_recover(bh: &mut Bencher) {
         let s = Secp256k1::new();
-        let msg = crate::random_32_bytes(&mut rand::rng());
-        let msg = Message::from_digest(msg);
-        let (sk, _) = s.generate_keypair(&mut rand::thread_rng());
-        let sig = s.sign_ecdsa_recoverable(&msg, &sk);
+        let msg = Message::from_digest(crate::test_random_32_bytes());
+        let sk = SecretKey::test_random();
+        let sig = s.sign_ecdsa_recoverable(msg, &sk);
 
         bh.iter(|| {
-            let res = s.recover_ecdsa(&msg, &sig).unwrap();
+            let res = s.recover_ecdsa(msg, &sig).unwrap();
             black_box(res);
         });
     }

src/key.rs

@@ -367,6 +367,22 @@ impl SecretKey {
         let kp = self.keypair(secp);
         XOnlyPublicKey::from_keypair(&kp)
     }
+
+    /// Constructor for unit testing.
+    #[cfg(test)]
+    #[cfg(all(feature = "rand", feature = "std"))]
+    pub fn test_random() -> Self { Self::new(&mut rand::rng()) }
+
+    /// Constructor for unit testing.
+    #[cfg(test)]
+    #[cfg(not(all(feature = "rand", feature = "std")))]
+    pub fn test_random() -> Self {
+        loop {
+            if let Ok(ret) = Self::from_byte_array(crate::test_random_32_bytes()) {
+                return ret;
+            }
+        }
+    }
 }
 
 #[cfg(feature = "serde")]
@@ -1036,6 +1052,16 @@ impl Keypair {
     /// [`zeroize`](https://docs.rs/zeroize) crate.
     #[inline]
     pub fn non_secure_erase(&mut self) { self.0.non_secure_erase(); }
+
+    /// Constructor for unit testing.
+    #[cfg(test)]
+    pub fn test_random() -> Self {
+        let sk = SecretKey::test_random();
+        crate::with_global_context(
+            |secp: &Secp256k1<crate::AllPreallocated>| Self::from_secret_key(secp, &sk),
+            Some(&sk.secret_bytes()),
+        )
+    }
 }
 
 impl fmt::Debug for Keypair {
@@ -1733,11 +1759,8 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
     fn keypair_slice_round_trip() {
-        let s = Secp256k1::new();
-
-        let (sk1, pk1) = s.generate_keypair(&mut rand::rng());
+        let (sk1, pk1) = crate::test_random_keypair();
         assert_eq!(SecretKey::from_byte_array(sk1.secret_bytes()), Ok(sk1));
         assert_eq!(PublicKey::from_slice(&pk1.serialize()[..]), Ok(pk1));
         assert_eq!(PublicKey::from_slice(&pk1.serialize_uncompressed()[..]), Ok(pk1));
@@ -2010,15 +2033,15 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn tweak_add_arbitrary_data() {
         let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
         assert_eq!(PublicKey::from_secret_key(&s, &sk), pk); // Sanity check.
 
         // TODO: This would be better tested with a _lot_ of different tweaks.
-        let tweak = Scalar::random();
+        let tweak = Scalar::test_random();
 
         let tweaked_sk = sk.add_tweak(&tweak).unwrap();
         assert_ne!(sk, tweaked_sk); // Make sure we did something.
@@ -2029,11 +2052,11 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn tweak_add_zero() {
         let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
 
         let tweak = Scalar::ZERO;
 
@@ -2044,40 +2067,38 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn tweak_mul_arbitrary_data() {
         let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
         assert_eq!(PublicKey::from_secret_key(&s, &sk), pk); // Sanity check.
 
-        // TODO: This would be better tested with a _lot_ of different tweaks.
-        let tweak = Scalar::random();
-
-        let tweaked_sk = sk.mul_tweak(&tweak).unwrap();
-        assert_ne!(sk, tweaked_sk); // Make sure we did something.
-        let tweaked_pk = pk.mul_tweak(&s, &tweak).unwrap();
-        assert_ne!(pk, tweaked_pk);
+        for _ in 0..10 {
+            let tweak = Scalar::test_random();
 
-        assert_eq!(PublicKey::from_secret_key(&s, &tweaked_sk), tweaked_pk);
+            let tweaked_sk = sk.mul_tweak(&tweak).unwrap();
+            assert_ne!(sk, tweaked_sk); // Make sure we did something.
+            let tweaked_pk = pk.mul_tweak(&s, &tweak).unwrap();
+            assert_ne!(pk, tweaked_pk);
+            assert_eq!(PublicKey::from_secret_key(&s, &tweaked_sk), tweaked_pk);
+        }
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
     fn tweak_mul_zero() {
-        let s = Secp256k1::new();
-        let (sk, _) = s.generate_keypair(&mut rand::rng());
+        let (sk, _) = crate::test_random_keypair();
 
         let tweak = Scalar::ZERO;
         assert!(sk.mul_tweak(&tweak).is_err())
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn test_negation() {
         let s = Secp256k1::new();
 
-        let (sk, pk) = s.generate_keypair(&mut rand::rng());
+        let (sk, pk) = crate::test_random_keypair();
 
         assert_eq!(PublicKey::from_secret_key(&s, &sk), pk); // Sanity check.
 
@@ -2095,7 +2116,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn pubkey_hash() {
         use std::collections::hash_map::DefaultHasher;
         use std::collections::HashSet;
@@ -2107,11 +2128,10 @@ mod test {
             s.finish()
         }
 
-        let s = Secp256k1::new();
         let mut set = HashSet::new();
         const COUNT: usize = 1024;
         for _ in 0..COUNT {
-            let (_, pk) = s.generate_keypair(&mut rand::rng());
+            let (_, pk) = crate::test_random_keypair();
             let hash = hash(&pk);
             assert!(!set.contains(&hash));
             set.insert(hash);
@@ -2178,12 +2198,12 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn create_pubkey_combine() {
         let s = Secp256k1::new();
 
-        let (sk1, pk1) = s.generate_keypair(&mut rand::rng());
-        let (sk2, pk2) = s.generate_keypair(&mut rand::rng());
+        let (sk1, pk1) = crate::test_random_keypair();
+        let (sk2, pk2) = crate::test_random_keypair();
 
         let sum1 = pk1.combine(&pk2);
         assert!(sum1.is_ok());
@@ -2288,15 +2308,14 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
+    #[cfg(feature = "std")]
     fn test_tweak_add_then_tweak_add_check() {
         let s = Secp256k1::new();
 
-        // TODO: 10 times is arbitrary, we should test this a _lot_ of times.
         for _ in 0..10 {
-            let tweak = Scalar::random();
+            let tweak = Scalar::test_random();
 
-            let kp = Keypair::new(&s, &mut rand::rng());
+            let kp = Keypair::test_random();
             let (xonly, _) = XOnlyPublicKey::from_keypair(&kp);
 
             let tweaked_kp = kp.add_xonly_tweak(&s, &tweak).expect("keypair tweak add failed");
@@ -2548,10 +2567,8 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "rand", feature = "std"))]
     fn test_keypair_from_str() {
-        let ctx = crate::Secp256k1::new();
-        let keypair = Keypair::new(&ctx, &mut rand::rng());
+        let keypair = Keypair::test_random();
         let mut buf = [0_u8; constants::SECRET_KEY_SIZE * 2]; // Holds hex digits.
         let s = to_hex(&keypair.secret_key().secret_bytes(), &mut buf).unwrap();
         let parsed_key = Keypair::from_str(s).unwrap();