bitcoinjs-lib/test/ecdsa.js

187 lines
6.2 KiB
JavaScript
Raw Normal View History

2015-02-23 00:36:57 +01:00
/* global describe, it */
2014-03-28 18:24:23 +01:00
var assert = require('assert')
var bcrypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
2014-05-16 07:39:17 +02:00
var message = require('../src/message')
var networks = require('../src/networks')
2014-06-25 18:42:51 +02:00
var sinon = require('sinon')
2014-05-13 08:35:07 +02:00
2014-05-03 04:04:54 +02:00
var BigInteger = require('bigi')
var ECSignature = require('../src/ecsignature')
2014-03-28 18:24:23 +01:00
2015-08-25 12:43:32 +02:00
var curve = ecdsa.__curve
2014-06-07 08:24:27 +02:00
2014-05-18 11:47:39 +02:00
var fixtures = require('./fixtures/ecdsa.json')
2015-02-23 00:36:57 +01:00
describe('ecdsa', function () {
describe('deterministicGenerateK', function () {
function checkSig () {
return true
}
2015-02-23 00:36:57 +01:00
fixtures.valid.ecdsa.forEach(function (f) {
it('for "' + f.message + '"', function () {
2015-08-25 12:43:32 +02:00
var x = BigInteger.fromHex(f.d).toBuffer(32)
var h1 = bcrypto.sha256(f.message)
2015-08-25 12:43:32 +02:00
var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
2015-05-07 03:29:20 +02:00
assert.strictEqual(k.toHex(), f.k)
})
})
2014-06-25 18:42:51 +02:00
2015-02-23 00:36:57 +01:00
it('loops until an appropriate k value is found', sinon.test(function () {
2014-06-25 18:42:51 +02:00
this.mock(BigInteger).expects('fromBuffer')
.exactly(3)
.onCall(0).returns(new BigInteger('0')) // < 1
.onCall(1).returns(curve.n) // > n-1
.onCall(2).returns(new BigInteger('42')) // valid
2014-06-25 18:42:51 +02:00
2015-08-25 12:43:32 +02:00
var x = new BigInteger('1').toBuffer(32)
2014-06-25 18:42:51 +02:00
var h1 = new Buffer(32)
2015-08-25 12:43:32 +02:00
var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
2014-06-25 18:42:51 +02:00
2015-05-07 03:29:20 +02:00
assert.strictEqual(k.toString(), '42')
2014-06-25 18:42:51 +02:00
}))
2015-02-23 00:36:57 +01:00
it('loops until a suitable signature is found', sinon.test(function () {
this.mock(BigInteger).expects('fromBuffer')
.exactly(4)
.onCall(0).returns(new BigInteger('0')) // < 1
.onCall(1).returns(curve.n) // > n-1
.onCall(2).returns(new BigInteger('42')) // valid, but 'bad' signature
.onCall(3).returns(new BigInteger('53')) // valid, good signature
var checkSig = this.mock()
checkSig.exactly(2)
checkSig.onCall(0).returns(false) // bad signature
checkSig.onCall(1).returns(true) // good signature
2015-08-25 12:43:32 +02:00
var x = new BigInteger('1').toBuffer(32)
var h1 = new Buffer(32)
2015-08-25 12:43:32 +02:00
var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
2015-05-07 03:29:20 +02:00
assert.strictEqual(k.toString(), '53')
}))
2015-02-23 00:36:57 +01:00
fixtures.valid.rfc6979.forEach(function (f) {
it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {
2015-08-25 12:43:32 +02:00
var x = BigInteger.fromHex(f.d).toBuffer(32)
var h1 = bcrypto.sha256(f.message)
2015-01-05 02:42:09 +01:00
var results = []
2015-08-25 12:43:32 +02:00
ecdsa.deterministicGenerateK(h1, x, function (k) {
2015-01-05 02:42:09 +01:00
results.push(k)
2015-01-05 02:42:09 +01:00
return results.length === 16
})
2015-01-05 02:42:09 +01:00
2015-05-07 03:29:20 +02:00
assert.strictEqual(results[0].toHex(), f.k0)
assert.strictEqual(results[1].toHex(), f.k1)
assert.strictEqual(results[15].toHex(), f.k15)
2015-01-05 02:42:09 +01:00
})
})
})
2015-02-23 00:36:57 +01:00
describe('recoverPubKey', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('recovers the pubKey for ' + f.d, function () {
var d = BigInteger.fromHex(f.d)
2014-06-15 17:36:05 +02:00
var Q = curve.G.multiply(d)
var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
var h1 = bcrypto.sha256(f.message)
var e = BigInteger.fromBuffer(h1)
2015-08-25 12:43:32 +02:00
var Qprime = ecdsa.recoverPubKey(e, signature, f.i)
2014-05-16 07:39:17 +02:00
assert(Qprime.equals(Q))
})
})
2015-02-23 00:36:57 +01:00
describe('with i ∈ {0,1,2,3}', function () {
2014-05-16 07:39:17 +02:00
var hash = message.magicHash('1111', networks.bitcoin)
2014-05-10 14:30:29 +02:00
var e = BigInteger.fromBuffer(hash)
var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
var signature = ECSignature.parseCompact(signatureBuffer).signature
var points = [
'03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
'0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
'03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
'027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
]
2015-02-23 00:36:57 +01:00
points.forEach(function (expectedHex, i) {
it('recovers an expected point for i of ' + i, function () {
2015-08-25 12:43:32 +02:00
var Qprime = ecdsa.recoverPubKey(e, signature, i)
var QprimeHex = Qprime.getEncoded().toString('hex')
2014-05-16 07:39:17 +02:00
2015-05-07 03:29:20 +02:00
assert.strictEqual(QprimeHex, expectedHex)
})
})
2014-03-28 18:24:23 +01:00
})
2015-02-23 00:36:57 +01:00
fixtures.invalid.recoverPubKey.forEach(function (f) {
it('throws on ' + f.description + ' (' + f.exception + ')', function () {
var e = BigInteger.fromHex(f.e)
var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
2015-02-23 00:36:57 +01:00
assert.throws(function () {
2015-08-25 12:43:32 +02:00
ecdsa.recoverPubKey(e, signature, f.i)
}, new RegExp(f.exception))
})
})
2014-03-28 18:24:23 +01:00
})
2015-02-23 00:36:57 +01:00
describe('sign', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('produces a deterministic signature for "' + f.message + '"', function () {
var d = BigInteger.fromHex(f.d)
var hash = bcrypto.sha256(f.message)
2015-08-25 12:43:32 +02:00
var signature = ecdsa.sign(hash, d).toDER()
assert.strictEqual(signature.toString('hex'), f.signature)
})
})
2015-02-23 00:36:57 +01:00
it('should sign with low S value', function () {
var hash = bcrypto.sha256('Vires in numeris')
2015-08-25 12:43:32 +02:00
var sig = ecdsa.sign(hash, BigInteger.ONE)
// See BIP62 for more information
2014-06-15 17:36:05 +02:00
var N_OVER_TWO = curve.n.shiftRight(1)
2014-05-10 14:38:05 +02:00
assert(sig.s.compareTo(N_OVER_TWO) <= 0)
})
})
2015-04-10 09:22:00 +02:00
describe('verify', function () {
2015-02-23 00:36:57 +01:00
fixtures.valid.ecdsa.forEach(function (f) {
it('verifies a valid signature for "' + f.message + '"', function () {
var d = BigInteger.fromHex(f.d)
var H = bcrypto.sha256(f.message)
var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
2014-06-15 17:36:05 +02:00
var Q = curve.G.multiply(d)
2015-08-25 12:43:32 +02:00
assert(ecdsa.verify(H, signature, Q))
})
})
2014-05-24 05:40:20 +02:00
2015-04-10 09:22:00 +02:00
fixtures.invalid.verify.forEach(function (f) {
2015-02-23 00:36:57 +01:00
it('fails to verify with ' + f.description, function () {
var H = bcrypto.sha256(f.message)
var d = BigInteger.fromHex(f.d)
var signature
if (f.signature) {
signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
} else if (f.signatureRaw) {
signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
}
2014-06-15 17:36:05 +02:00
var Q = curve.G.multiply(d)
2014-05-24 05:40:20 +02:00
2015-08-25 12:43:32 +02:00
assert.strictEqual(ecdsa.verify(H, signature, Q), false)
2014-05-24 05:40:20 +02:00
})
})
})
2014-03-28 18:24:23 +01:00
})