bitcoinjs-lib/test/ecdsa.js

/* global describe, it */

var assert = require('assert')
var bcrypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var hoodwink = require('hoodwink')

var BigInteger = require('bigi')
var ECSignature = require('../src/ecsignature')

var curve = ecdsa.__curve

var fixtures = require('./fixtures/ecdsa.json')

describe('ecdsa', function () {
  describe('deterministicGenerateK', function () {
    function checkSig () {
      return true
    }

    fixtures.valid.ecdsa.forEach(function (f) {
      it('for "' + f.message + '"', function () {
        var x = BigInteger.fromHex(f.d).toBuffer(32)
        var h1 = bcrypto.sha256(f.message)

        var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
        assert.strictEqual(k.toHex(), f.k)
      })
    })

    it('loops until an appropriate k value is found', hoodwink(function () {
      this.mock(BigInteger, 'fromBuffer', function f (b) {
        assert.strictEqual(b.length, 32)
        if (f.calls === 0) return BigInteger.ZERO // < 1
        if (f.calls === 1) return curve.n // > n - 1
        if (f.calls === 2) return new BigInteger('42') // valid
      }, 3)

      var x = new BigInteger('1').toBuffer(32)
      var h1 = Buffer.alloc(32)
      var k = ecdsa.deterministicGenerateK(h1, x, checkSig)

      assert.strictEqual(k.toString(), '42')
    }))

    it('loops until a suitable signature is found', hoodwink(function () {
      var checkSigStub = this.stub(function f () {
        if (f.calls === 0) return false // bad signature
        if (f.calls === 1) return true // good signature
      }, 2)

      var x = BigInteger.ONE.toBuffer(32)
      var h1 = Buffer.alloc(32)
      var k = ecdsa.deterministicGenerateK(h1, x, checkSigStub)

      assert.strictEqual(k.toHex(), 'a9b1a1a84a4c2f96b6158ed7a81404c50cb74373c22e8d9e02d0411d719acae2')
    }))

    fixtures.valid.rfc6979.forEach(function (f) {
      it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {
        var x = BigInteger.fromHex(f.d).toBuffer(32)
        var h1 = bcrypto.sha256(f.message)

        var results = []
        ecdsa.deterministicGenerateK(h1, x, function (k) {
          results.push(k)

          return results.length === 16
        })

        assert.strictEqual(results[0].toHex(), f.k0)
        assert.strictEqual(results[1].toHex(), f.k1)
        assert.strictEqual(results[15].toHex(), f.k15)
      })
    })
  })

  describe('sign', function () {
    fixtures.valid.ecdsa.forEach(function (f) {
      it('produces a deterministic signature for "' + f.message + '"', function () {
        var d = BigInteger.fromHex(f.d)
        var hash = bcrypto.sha256(f.message)
        var signature = ecdsa.sign(hash, d).toDER()

        assert.strictEqual(signature.toString('hex'), f.signature)
      })
    })

    it('should sign with low S value', function () {
      var hash = bcrypto.sha256('Vires in numeris')
      var sig = ecdsa.sign(hash, BigInteger.ONE)

      // See BIP62 for more information
      var N_OVER_TWO = curve.n.shiftRight(1)
      assert(sig.s.compareTo(N_OVER_TWO) <= 0)
    })
  })

  describe('verify', function () {
    fixtures.valid.ecdsa.forEach(function (f) {
      it('verifies a valid signature for "' + f.message + '"', function () {
        var d = BigInteger.fromHex(f.d)
        var H = bcrypto.sha256(f.message)
        var signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))
        var Q = curve.G.multiply(d)

        assert(ecdsa.verify(H, signature, Q))
      })
    })

    fixtures.invalid.verify.forEach(function (f) {
      it('fails to verify with ' + f.description, function () {
        var H = bcrypto.sha256(f.message)
        var d = BigInteger.fromHex(f.d)

        var signature
        if (f.signature) {
          signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))
        } else if (f.signatureRaw) {
          signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
        }

        var Q = curve.G.multiply(d)

        assert.strictEqual(ecdsa.verify(H, signature, Q), false)
      })
    })
  })
})
use standardjs formatting 2015-02-23 00:36:57 +01:00			`/* global describe, it */`

Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`var assert = require('assert')`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var bcrypto = require('../src/crypto')`
tests: use filepaths directly After a long IRC discussion, it was decided that the use of direct filepaths instead of the module is a more pure form of testing , although it may provide less overall coverage than the mixed integration style imports used previously. This will need to be remedied by further integration testing in /test/integration. 2014-05-13 09:55:53 +02:00			`var ecdsa = require('../src/ecdsa')`
add hoodwink dependency 2018-03-20 04:49:10 +01:00			`var hoodwink = require('hoodwink')`
tests: forces consistent import syntax 2014-05-13 08:35:07 +02:00
upgrade bigi & remove monkey patching 2014-05-03 04:04:54 +02:00			`var BigInteger = require('bigi')`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var ECSignature = require('../src/ecsignature')`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var curve = ecdsa.__curve`
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00
tests: use JSON fixtures exclusively 2014-05-18 11:47:39 +02:00			`var fixtures = require('./fixtures/ecdsa.json')`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
use standardjs formatting 2015-02-23 00:36:57 +01:00			`describe('ecdsa', function () {`
			`describe('deterministicGenerateK', function () {`
			`function checkSig () {`
			`return true`
			`}`
ecdsa: fixes edge case presented in #336 2015-01-04 02:46:37 +01:00
use standardjs formatting 2015-02-23 00:36:57 +01:00			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('for "' + f.message + '"', function () {`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var x = BigInteger.fromHex(f.d).toBuffer(32)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var h1 = bcrypto.sha256(f.message)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSig)`
tests: use strictEqual always 2015-05-07 03:29:20 +02:00			`assert.strictEqual(k.toHex(), f.k)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`})`
ecdsa: adds test for detGenK loop 2014-06-25 18:42:51 +02:00
add hoodwink dependency 2018-03-20 04:49:10 +01:00			`it('loops until an appropriate k value is found', hoodwink(function () {`
rm sinon, sinon-test 2018-03-20 03:19:39 +01:00			`this.mock(BigInteger, 'fromBuffer', function f (b) {`
			`assert.strictEqual(b.length, 32)`
			`if (f.calls === 0) return BigInteger.ZERO // < 1`
			`if (f.calls === 1) return curve.n // > n - 1`
			`if (f.calls === 2) return new BigInteger('42') // valid`
			`}, 3)`
ecdsa: adds test for detGenK loop 2014-06-25 18:42:51 +02:00
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var x = new BigInteger('1').toBuffer(32)`
tests: use safe-buffers throughout 2017-04-19 09:39:16 +02:00			`var h1 = Buffer.alloc(32)`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSig)`
ecdsa: adds test for detGenK loop 2014-06-25 18:42:51 +02:00
tests: use strictEqual always 2015-05-07 03:29:20 +02:00			`assert.strictEqual(k.toString(), '42')`
ecdsa: adds test for detGenK loop 2014-06-25 18:42:51 +02:00			`}))`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 01:15:07 +01:00
add hoodwink dependency 2018-03-20 04:49:10 +01:00			`it('loops until a suitable signature is found', hoodwink(function () {`
rm sinon, sinon-test 2018-03-20 03:19:39 +01:00			`var checkSigStub = this.stub(function f () {`
			`if (f.calls === 0) return false // bad signature`
			`if (f.calls === 1) return true // good signature`
			`}, 2)`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 01:15:07 +01:00
rm sinon, sinon-test 2018-03-20 03:19:39 +01:00			`var x = BigInteger.ONE.toBuffer(32)`
tests: use safe-buffers throughout 2017-04-19 09:39:16 +02:00			`var h1 = Buffer.alloc(32)`
rm sinon, sinon-test 2018-03-20 03:19:39 +01:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSigStub)`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 01:15:07 +01:00
rm sinon, sinon-test 2018-03-20 03:19:39 +01:00			`assert.strictEqual(k.toHex(), 'a9b1a1a84a4c2f96b6158ed7a81404c50cb74373c22e8d9e02d0411d719acae2')`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 01:15:07 +01:00			`}))`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 02:31:28 +01:00
use standardjs formatting 2015-02-23 00:36:57 +01:00			`fixtures.valid.rfc6979.forEach(function (f) {`
			`it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var x = BigInteger.fromHex(f.d).toBuffer(32)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var h1 = bcrypto.sha256(f.message)`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 02:31:28 +01:00
tests: ecdsa test cleanup 2015-01-05 02:42:09 +01:00			`var results = []`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`ecdsa.deterministicGenerateK(h1, x, function (k) {`
tests: ecdsa test cleanup 2015-01-05 02:42:09 +01:00			`results.push(k)`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 02:31:28 +01:00
tests: ecdsa test cleanup 2015-01-05 02:42:09 +01:00			`return results.length === 16`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 02:31:28 +01:00			`})`
tests: ecdsa test cleanup 2015-01-05 02:42:09 +01:00
tests: use strictEqual always 2015-05-07 03:29:20 +02:00			`assert.strictEqual(results[0].toHex(), f.k0)`
			`assert.strictEqual(results[1].toHex(), f.k1)`
			`assert.strictEqual(results[15].toHex(), f.k15)`
tests: ecdsa test cleanup 2015-01-05 02:42:09 +01:00			`})`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 02:31:28 +01:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`})`

use standardjs formatting 2015-02-23 00:36:57 +01:00			`describe('sign', function () {`
			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('produces a deterministic signature for "' + f.message + '"', function () {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var hash = bcrypto.sha256(f.message)`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var signature = ecdsa.sign(hash, d).toDER()`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
fixtures: ECDSA signatures should be DER encoded if possible 2015-06-23 07:32:15 +02:00			`assert.strictEqual(signature.toString('hex'), f.signature)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
use standardjs formatting 2015-02-23 00:36:57 +01:00			`it('should sign with low S value', function () {`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var hash = bcrypto.sha256('Vires in numeris')`
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`var sig = ecdsa.sign(hash, BigInteger.ONE)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
			`// See BIP62 for more information`
ecurve: upgrade to 0.9.0 2014-06-15 17:36:05 +02:00			`var N_OVER_TWO = curve.n.shiftRight(1)`
ecdsa: use (r, s) values directly 2014-05-10 14:38:05 +02:00			`assert(sig.s.compareTo(N_OVER_TWO) <= 0)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
			`})`

ecdsa: remove unused verifyRaw 2015-04-10 09:22:00 +02:00			`describe('verify', function () {`
use standardjs formatting 2015-02-23 00:36:57 +01:00			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('verifies a valid signature for "' + f.message + '"', function () {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var H = bcrypto.sha256(f.message)`
tests: use safe-buffers throughout 2017-04-19 09:39:16 +02:00			`var signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))`
ecurve: upgrade to 0.9.0 2014-06-15 17:36:05 +02:00			`var Q = curve.G.multiply(d)`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`assert(ecdsa.verify(H, signature, Q))`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00			`})`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
ecdsa: remove unused verifyRaw 2015-04-10 09:22:00 +02:00			`fixtures.invalid.verify.forEach(function (f) {`
use standardjs formatting 2015-02-23 00:36:57 +01:00			`it('fails to verify with ' + f.description, function () {`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 05:37:19 +02:00			`var H = bcrypto.sha256(f.message)`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
fixtures: ECDSA signatures should be DER encoded if possible 2015-06-23 07:32:15 +02:00
			`var signature`
			`if (f.signature) {`
tests: use safe-buffers throughout 2017-04-19 09:39:16 +02:00			`signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))`
fixtures: ECDSA signatures should be DER encoded if possible 2015-06-23 07:32:15 +02:00			`} else if (f.signatureRaw) {`
			`signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))`
			`}`
fixtures: ECDSA, fixtures were mixed decimal/hex 2015-06-23 07:31:51 +02:00
ecurve: upgrade to 0.9.0 2014-06-15 17:36:05 +02:00			`var Q = curve.G.multiply(d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
ecdsa: remove curve parameter 2015-08-25 12:43:32 +02:00			`assert.strictEqual(ecdsa.verify(H, signature, Q), false)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00			`})`
			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`