bitcoinjs-lib/test/ecdsa.js

/* global describe, it */

var assert = require('assert')
var bcrypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var hoodwink = require('hoodwink')

var BigInteger = require('bigi')

var curve = ecdsa.__curve

var fixtures = require('./fixtures/ecdsa.json')

describe('ecdsa', function () {
  function fromRaw (signature) {
    return {
      r: new BigInteger(signature.r, 16),
      s: new BigInteger(signature.s, 16)
    }
  }

  function toRaw (signature) {
    return {
      r: signature.r.toHex(),
      s: signature.s.toHex()
    }
  }

  describe('deterministicGenerateK', function () {
    function checkSig () {
      return true
    }

    fixtures.valid.ecdsa.forEach(function (f) {
      it('for "' + f.message + '"', function () {
        var x = BigInteger.fromHex(f.d).toBuffer(32)
        var h1 = bcrypto.sha256(f.message)

        var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
        assert.strictEqual(k.toHex(), f.k)
      })
    })

    it('loops until an appropriate k value is found', hoodwink(function () {
      this.mock(BigInteger, 'fromBuffer', function f (b) {
        assert.strictEqual(b.length, 32)
        if (f.calls === 0) return BigInteger.ZERO // < 1
        if (f.calls === 1) return curve.n // > n - 1
        if (f.calls === 2) return new BigInteger('42') // valid
      }, 3)

      var x = new BigInteger('1').toBuffer(32)
      var h1 = Buffer.alloc(32)
      var k = ecdsa.deterministicGenerateK(h1, x, checkSig)

      assert.strictEqual(k.toString(), '42')
    }))

    it('loops until a suitable signature is found', hoodwink(function () {
      var checkSigStub = this.stub(function f () {
        if (f.calls === 0) return false // bad signature
        if (f.calls === 1) return true // good signature
      }, 2)

      var x = BigInteger.ONE.toBuffer(32)
      var h1 = Buffer.alloc(32)
      var k = ecdsa.deterministicGenerateK(h1, x, checkSigStub)

      assert.strictEqual(k.toHex(), 'a9b1a1a84a4c2f96b6158ed7a81404c50cb74373c22e8d9e02d0411d719acae2')
    }))

    fixtures.valid.rfc6979.forEach(function (f) {
      it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {
        var x = BigInteger.fromHex(f.d).toBuffer(32)
        var h1 = bcrypto.sha256(f.message)

        var results = []
        ecdsa.deterministicGenerateK(h1, x, function (k) {
          results.push(k)

          return results.length === 16
        })

        assert.strictEqual(results[0].toHex(), f.k0)
        assert.strictEqual(results[1].toHex(), f.k1)
        assert.strictEqual(results[15].toHex(), f.k15)
      })
    })
  })

  describe('sign', function () {
    fixtures.valid.ecdsa.forEach(function (f) {
      it('produces a deterministic signature for "' + f.message + '"', function () {
        var d = BigInteger.fromHex(f.d)
        var hash = bcrypto.sha256(f.message)
        var signature = ecdsa.sign(hash, d)

        assert.deepEqual(toRaw(signature), f.signature)
      })
    })

    it('should sign with low S value', function () {
      var hash = bcrypto.sha256('Vires in numeris')
      var sig = ecdsa.sign(hash, BigInteger.ONE)

      // See BIP62 for more information
      var N_OVER_TWO = curve.n.shiftRight(1)
      assert(sig.s.compareTo(N_OVER_TWO) <= 0)
    })
  })

  describe('verify', function () {
    fixtures.valid.ecdsa.forEach(function (f) {
      it('verifies a valid signature for "' + f.message + '"', function () {
        var d = BigInteger.fromHex(f.d)
        var H = bcrypto.sha256(f.message)
        var signature = fromRaw(f.signature)
        var Q = curve.G.multiply(d)

        assert(ecdsa.verify(H, signature, Q))
      })
    })

    fixtures.invalid.verify.forEach(function (f) {
      it('fails to verify with ' + f.description, function () {
        var H = bcrypto.sha256(f.message)
        var d = BigInteger.fromHex(f.d)
        var signature = fromRaw(f.signature)
        var Q = curve.G.multiply(d)

        assert.strictEqual(ecdsa.verify(H, signature, Q), false)
      })
    })
  })
})
use standardjs formatting 2015-02-23 10:36:57 +11:00			`/* global describe, it */`

Adds recoverPubKey simple test 2014-03-29 04:24:23 +11:00			`var assert = require('assert')`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var bcrypto = require('../src/crypto')`
tests: use filepaths directly After a long IRC discussion, it was decided that the use of direct filepaths instead of the module is a more pure form of testing , although it may provide less overall coverage than the mixed integration style imports used previously. This will need to be remedied by further integration testing in /test/integration. 2014-05-13 17:55:53 +10:00			`var ecdsa = require('../src/ecdsa')`
add hoodwink dependency 2018-03-20 14:49:10 +11:00			`var hoodwink = require('hoodwink')`
tests: forces consistent import syntax 2014-05-13 16:35:07 +10:00
upgrade bigi & remove monkey patching 2014-05-03 10:04:54 +08:00			`var BigInteger = require('bigi')`
Adds recoverPubKey simple test 2014-03-29 04:24:23 +11:00
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var curve = ecdsa.__curve`
use ecurve instead of custom ec 2014-06-07 16:24:27 +10:00
tests: use JSON fixtures exclusively 2014-05-18 19:47:39 +10:00			`var fixtures = require('./fixtures/ecdsa.json')`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00
use standardjs formatting 2015-02-23 10:36:57 +11:00			`describe('ecdsa', function () {`
rm ECSignature, add script.signature instead 2016-10-13 23:45:08 +11:00			`function fromRaw (signature) {`
			`return {`
			`r: new BigInteger(signature.r, 16),`
			`s: new BigInteger(signature.s, 16)`
			`}`
			`}`

			`function toRaw (signature) {`
			`return {`
			`r: signature.r.toHex(),`
			`s: signature.s.toHex()`
			`}`
			`}`

use standardjs formatting 2015-02-23 10:36:57 +11:00			`describe('deterministicGenerateK', function () {`
			`function checkSig () {`
			`return true`
			`}`
ecdsa: fixes edge case presented in #336 2015-01-04 12:46:37 +11:00
use standardjs formatting 2015-02-23 10:36:57 +11:00			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('for "' + f.message + '"', function () {`
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var x = BigInteger.fromHex(f.d).toBuffer(32)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var h1 = bcrypto.sha256(f.message)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSig)`
tests: use strictEqual always 2015-05-07 11:29:20 +10:00			`assert.strictEqual(k.toHex(), f.k)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-23 06:18:38 +10:00			`})`
ecdsa: adds test for detGenK loop 2014-06-26 02:42:51 +10:00
add hoodwink dependency 2018-03-20 14:49:10 +11:00			`it('loops until an appropriate k value is found', hoodwink(function () {`
rm sinon, sinon-test 2018-03-20 13:19:39 +11:00			`this.mock(BigInteger, 'fromBuffer', function f (b) {`
			`assert.strictEqual(b.length, 32)`
			`if (f.calls === 0) return BigInteger.ZERO // < 1`
			`if (f.calls === 1) return curve.n // > n - 1`
			`if (f.calls === 2) return new BigInteger('42') // valid`
			`}, 3)`
ecdsa: adds test for detGenK loop 2014-06-26 02:42:51 +10:00
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var x = new BigInteger('1').toBuffer(32)`
tests: use safe-buffers throughout 2017-04-19 17:39:16 +10:00			`var h1 = Buffer.alloc(32)`
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSig)`
ecdsa: adds test for detGenK loop 2014-06-26 02:42:51 +10:00
tests: use strictEqual always 2015-05-07 11:29:20 +10:00			`assert.strictEqual(k.toString(), '42')`
ecdsa: adds test for detGenK loop 2014-06-26 02:42:51 +10:00			`}))`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 11:15:07 +11:00
add hoodwink dependency 2018-03-20 14:49:10 +11:00			`it('loops until a suitable signature is found', hoodwink(function () {`
rm sinon, sinon-test 2018-03-20 13:19:39 +11:00			`var checkSigStub = this.stub(function f () {`
			`if (f.calls === 0) return false // bad signature`
			`if (f.calls === 1) return true // good signature`
			`}, 2)`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 11:15:07 +11:00
rm sinon, sinon-test 2018-03-20 13:19:39 +11:00			`var x = BigInteger.ONE.toBuffer(32)`
tests: use safe-buffers throughout 2017-04-19 17:39:16 +10:00			`var h1 = Buffer.alloc(32)`
rm sinon, sinon-test 2018-03-20 13:19:39 +11:00			`var k = ecdsa.deterministicGenerateK(h1, x, checkSigStub)`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 11:15:07 +11:00
rm sinon, sinon-test 2018-03-20 13:19:39 +11:00			`assert.strictEqual(k.toHex(), 'a9b1a1a84a4c2f96b6158ed7a81404c50cb74373c22e8d9e02d0411d719acae2')`
tests: adds ecdsa test enforcing valid signature callback 2015-01-05 11:15:07 +11:00			`}))`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 12:31:28 +11:00
use standardjs formatting 2015-02-23 10:36:57 +11:00			`fixtures.valid.rfc6979.forEach(function (f) {`
			`it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {`
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var x = BigInteger.fromHex(f.d).toBuffer(32)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var h1 = bcrypto.sha256(f.message)`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 12:31:28 +11:00
tests: ecdsa test cleanup 2015-01-05 12:42:09 +11:00			`var results = []`
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`ecdsa.deterministicGenerateK(h1, x, function (k) {`
tests: ecdsa test cleanup 2015-01-05 12:42:09 +11:00			`results.push(k)`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 12:31:28 +11:00
tests: ecdsa test cleanup 2015-01-05 12:42:09 +11:00			`return results.length === 16`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 12:31:28 +11:00			`})`
tests: ecdsa test cleanup 2015-01-05 12:42:09 +11:00
tests: use strictEqual always 2015-05-07 11:29:20 +10:00			`assert.strictEqual(results[0].toHex(), f.k0)`
			`assert.strictEqual(results[1].toHex(), f.k1)`
			`assert.strictEqual(results[15].toHex(), f.k15)`
tests: ecdsa test cleanup 2015-01-05 12:42:09 +11:00			`})`
tests: add bip32JPs RFC6979 test vectors and tests 2015-01-05 12:31:28 +11:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-23 06:18:38 +10:00			`})`

use standardjs formatting 2015-02-23 10:36:57 +11:00			`describe('sign', function () {`
			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('produces a deterministic signature for "' + f.message + '"', function () {`
all: rename D to d as per SEC convention 2014-06-07 18:24:16 +10:00			`var d = BigInteger.fromHex(f.d)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var hash = bcrypto.sha256(f.message)`
rm ECSignature, add script.signature instead 2016-10-13 23:45:08 +11:00			`var signature = ecdsa.sign(hash, d)`
Moves test/misc.js tests to appropriate location 2014-04-17 04:10:05 +10:00
rm ECSignature, add script.signature instead 2016-10-13 23:45:08 +11:00			`assert.deepEqual(toRaw(signature), f.signature)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00			`})`
Moves test/misc.js tests to appropriate location 2014-04-17 04:10:05 +10:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
use standardjs formatting 2015-02-23 10:36:57 +11:00			`it('should sign with low S value', function () {`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var hash = bcrypto.sha256('Vires in numeris')`
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`var sig = ecdsa.sign(hash, BigInteger.ONE)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00
			`// See BIP62 for more information`
ecurve: upgrade to 0.9.0 2014-06-16 01:36:05 +10:00			`var N_OVER_TWO = curve.n.shiftRight(1)`
ecdsa: use (r, s) values directly 2014-05-10 22:38:05 +10:00			`assert(sig.s.compareTo(N_OVER_TWO) <= 0)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00			`})`
			`})`

ecdsa: remove unused verifyRaw 2015-04-10 17:22:00 +10:00			`describe('verify', function () {`
use standardjs formatting 2015-02-23 10:36:57 +11:00			`fixtures.valid.ecdsa.forEach(function (f) {`
			`it('verifies a valid signature for "' + f.message + '"', function () {`
all: rename D to d as per SEC convention 2014-06-07 18:24:16 +10:00			`var d = BigInteger.fromHex(f.d)`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var H = bcrypto.sha256(f.message)`
rm ECSignature, add script.signature instead 2016-10-13 23:45:08 +11:00			`var signature = fromRaw(f.signature)`
ecurve: upgrade to 0.9.0 2014-06-16 01:36:05 +10:00			`var Q = curve.G.multiply(d)`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`assert(ecdsa.verify(H, signature, Q))`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-24 07:45:28 +10:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00			`})`
ecdsa: add invalid tests for verifyRaw 2014-05-24 13:40:20 +10:00
ecdsa: remove unused verifyRaw 2015-04-10 17:22:00 +10:00			`fixtures.invalid.verify.forEach(function (f) {`
use standardjs formatting 2015-02-23 10:36:57 +11:00			`it('fails to verify with ' + f.description, function () {`
use baddress/bcrypto/bscript for ambuigities 2015-08-20 13:37:19 +10:00			`var H = bcrypto.sha256(f.message)`
all: rename D to d as per SEC convention 2014-06-07 18:24:16 +10:00			`var d = BigInteger.fromHex(f.d)`
rm ECSignature, add script.signature instead 2016-10-13 23:45:08 +11:00			`var signature = fromRaw(f.signature)`
ecurve: upgrade to 0.9.0 2014-06-16 01:36:05 +10:00			`var Q = curve.G.multiply(d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 13:40:20 +10:00
ecdsa: remove curve parameter 2015-08-25 20:43:32 +10:00			`assert.strictEqual(ecdsa.verify(H, signature, Q), false)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 13:40:20 +10:00			`})`
			`})`
Moves test/misc.js tests to appropriate location 2014-04-17 04:10:05 +10:00			`})`
Adds recoverPubKey simple test 2014-03-29 04:24:23 +11:00			`})`