2015-02-23 00:36:57 +01:00
|
|
|
/* global describe, it */
|
|
|
|
|
2014-03-28 18:24:23 +01:00
|
|
|
var assert = require('assert')
|
2015-08-20 05:37:19 +02:00
|
|
|
var bcrypto = require('../src/crypto')
|
2014-05-13 09:55:53 +02:00
|
|
|
var ecdsa = require('../src/ecdsa')
|
2014-06-25 18:42:51 +02:00
|
|
|
var sinon = require('sinon')
|
2018-02-19 22:25:56 +01:00
|
|
|
var sinonTest = require('sinon-test')
|
|
|
|
var setupTest = sinonTest(sinon)
|
2014-05-13 08:35:07 +02:00
|
|
|
|
2014-05-03 04:04:54 +02:00
|
|
|
var BigInteger = require('bigi')
|
2014-06-15 08:44:52 +02:00
|
|
|
var ECSignature = require('../src/ecsignature')
|
2014-03-28 18:24:23 +01:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
var curve = ecdsa.__curve
|
2014-06-07 08:24:27 +02:00
|
|
|
|
2014-05-18 11:47:39 +02:00
|
|
|
var fixtures = require('./fixtures/ecdsa.json')
|
2014-04-23 23:45:28 +02:00
|
|
|
|
2015-02-23 00:36:57 +01:00
|
|
|
describe('ecdsa', function () {
|
|
|
|
describe('deterministicGenerateK', function () {
|
|
|
|
function checkSig () {
|
|
|
|
return true
|
|
|
|
}
|
2015-01-04 02:46:37 +01:00
|
|
|
|
2015-02-23 00:36:57 +01:00
|
|
|
fixtures.valid.ecdsa.forEach(function (f) {
|
|
|
|
it('for "' + f.message + '"', function () {
|
2015-08-25 12:43:32 +02:00
|
|
|
var x = BigInteger.fromHex(f.d).toBuffer(32)
|
2015-08-20 05:37:19 +02:00
|
|
|
var h1 = bcrypto.sha256(f.message)
|
2014-04-23 23:45:28 +02:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
|
2015-05-07 03:29:20 +02:00
|
|
|
assert.strictEqual(k.toHex(), f.k)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
2014-04-22 22:18:38 +02:00
|
|
|
})
|
2014-06-25 18:42:51 +02:00
|
|
|
|
2018-02-19 22:25:56 +01:00
|
|
|
it('loops until an appropriate k value is found', setupTest(function () {
|
2014-06-25 18:42:51 +02:00
|
|
|
this.mock(BigInteger).expects('fromBuffer')
|
|
|
|
.exactly(3)
|
2015-01-05 01:15:07 +01:00
|
|
|
.onCall(0).returns(new BigInteger('0')) // < 1
|
|
|
|
.onCall(1).returns(curve.n) // > n-1
|
|
|
|
.onCall(2).returns(new BigInteger('42')) // valid
|
2014-06-25 18:42:51 +02:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
var x = new BigInteger('1').toBuffer(32)
|
2017-04-19 09:39:16 +02:00
|
|
|
var h1 = Buffer.alloc(32)
|
2015-08-25 12:43:32 +02:00
|
|
|
var k = ecdsa.deterministicGenerateK(h1, x, checkSig)
|
2014-06-25 18:42:51 +02:00
|
|
|
|
2015-05-07 03:29:20 +02:00
|
|
|
assert.strictEqual(k.toString(), '42')
|
2014-06-25 18:42:51 +02:00
|
|
|
}))
|
2015-01-05 01:15:07 +01:00
|
|
|
|
2018-02-19 22:25:56 +01:00
|
|
|
it('loops until a suitable signature is found', setupTest(function () {
|
2015-01-05 01:15:07 +01:00
|
|
|
this.mock(BigInteger).expects('fromBuffer')
|
|
|
|
.exactly(4)
|
|
|
|
.onCall(0).returns(new BigInteger('0')) // < 1
|
|
|
|
.onCall(1).returns(curve.n) // > n-1
|
|
|
|
.onCall(2).returns(new BigInteger('42')) // valid, but 'bad' signature
|
|
|
|
.onCall(3).returns(new BigInteger('53')) // valid, good signature
|
|
|
|
|
2017-01-06 03:47:41 +01:00
|
|
|
var mockCheckSig = this.mock()
|
|
|
|
mockCheckSig.exactly(2)
|
|
|
|
mockCheckSig.onCall(0).returns(false) // bad signature
|
|
|
|
mockCheckSig.onCall(1).returns(true) // good signature
|
2015-01-05 01:15:07 +01:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
var x = new BigInteger('1').toBuffer(32)
|
2017-04-19 09:39:16 +02:00
|
|
|
var h1 = Buffer.alloc(32)
|
2017-01-06 03:47:41 +01:00
|
|
|
var k = ecdsa.deterministicGenerateK(h1, x, mockCheckSig)
|
2015-01-05 01:15:07 +01:00
|
|
|
|
2015-05-07 03:29:20 +02:00
|
|
|
assert.strictEqual(k.toString(), '53')
|
2015-01-05 01:15:07 +01:00
|
|
|
}))
|
2015-01-05 02:31:28 +01:00
|
|
|
|
2015-02-23 00:36:57 +01:00
|
|
|
fixtures.valid.rfc6979.forEach(function (f) {
|
|
|
|
it('produces the expected k values for ' + f.message + " if k wasn't suitable", function () {
|
2015-08-25 12:43:32 +02:00
|
|
|
var x = BigInteger.fromHex(f.d).toBuffer(32)
|
2015-08-20 05:37:19 +02:00
|
|
|
var h1 = bcrypto.sha256(f.message)
|
2015-01-05 02:31:28 +01:00
|
|
|
|
2015-01-05 02:42:09 +01:00
|
|
|
var results = []
|
2015-08-25 12:43:32 +02:00
|
|
|
ecdsa.deterministicGenerateK(h1, x, function (k) {
|
2015-01-05 02:42:09 +01:00
|
|
|
results.push(k)
|
2015-01-05 02:31:28 +01:00
|
|
|
|
2015-01-05 02:42:09 +01:00
|
|
|
return results.length === 16
|
2015-01-05 02:31:28 +01:00
|
|
|
})
|
2015-01-05 02:42:09 +01:00
|
|
|
|
2015-05-07 03:29:20 +02:00
|
|
|
assert.strictEqual(results[0].toHex(), f.k0)
|
|
|
|
assert.strictEqual(results[1].toHex(), f.k1)
|
|
|
|
assert.strictEqual(results[15].toHex(), f.k15)
|
2015-01-05 02:42:09 +01:00
|
|
|
})
|
2015-01-05 02:31:28 +01:00
|
|
|
})
|
2014-04-22 22:18:38 +02:00
|
|
|
})
|
|
|
|
|
2015-02-23 00:36:57 +01:00
|
|
|
describe('sign', function () {
|
|
|
|
fixtures.valid.ecdsa.forEach(function (f) {
|
|
|
|
it('produces a deterministic signature for "' + f.message + '"', function () {
|
2014-06-07 10:24:16 +02:00
|
|
|
var d = BigInteger.fromHex(f.d)
|
2015-08-20 05:37:19 +02:00
|
|
|
var hash = bcrypto.sha256(f.message)
|
2015-08-25 12:43:32 +02:00
|
|
|
var signature = ecdsa.sign(hash, d).toDER()
|
2014-04-16 20:10:05 +02:00
|
|
|
|
2015-06-23 07:32:15 +02:00
|
|
|
assert.strictEqual(signature.toString('hex'), f.signature)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
2014-04-16 20:10:05 +02:00
|
|
|
})
|
2014-04-17 06:33:35 +02:00
|
|
|
|
2015-02-23 00:36:57 +01:00
|
|
|
it('should sign with low S value', function () {
|
2015-08-20 05:37:19 +02:00
|
|
|
var hash = bcrypto.sha256('Vires in numeris')
|
2015-08-25 12:43:32 +02:00
|
|
|
var sig = ecdsa.sign(hash, BigInteger.ONE)
|
2014-04-23 23:45:28 +02:00
|
|
|
|
|
|
|
// See BIP62 for more information
|
2014-06-15 17:36:05 +02:00
|
|
|
var N_OVER_TWO = curve.n.shiftRight(1)
|
2014-05-10 14:38:05 +02:00
|
|
|
assert(sig.s.compareTo(N_OVER_TWO) <= 0)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2015-04-10 09:22:00 +02:00
|
|
|
describe('verify', function () {
|
2015-02-23 00:36:57 +01:00
|
|
|
fixtures.valid.ecdsa.forEach(function (f) {
|
|
|
|
it('verifies a valid signature for "' + f.message + '"', function () {
|
2014-06-07 10:24:16 +02:00
|
|
|
var d = BigInteger.fromHex(f.d)
|
2015-08-20 05:37:19 +02:00
|
|
|
var H = bcrypto.sha256(f.message)
|
2017-04-19 09:39:16 +02:00
|
|
|
var signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))
|
2014-06-15 17:36:05 +02:00
|
|
|
var Q = curve.G.multiply(d)
|
2014-04-17 06:33:35 +02:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
assert(ecdsa.verify(H, signature, Q))
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
2014-04-17 06:33:35 +02:00
|
|
|
})
|
2014-05-24 05:40:20 +02:00
|
|
|
|
2015-04-10 09:22:00 +02:00
|
|
|
fixtures.invalid.verify.forEach(function (f) {
|
2015-02-23 00:36:57 +01:00
|
|
|
it('fails to verify with ' + f.description, function () {
|
2015-08-20 05:37:19 +02:00
|
|
|
var H = bcrypto.sha256(f.message)
|
2014-06-07 10:24:16 +02:00
|
|
|
var d = BigInteger.fromHex(f.d)
|
2015-06-23 07:32:15 +02:00
|
|
|
|
|
|
|
var signature
|
|
|
|
if (f.signature) {
|
2017-04-19 09:39:16 +02:00
|
|
|
signature = ECSignature.fromDER(Buffer.from(f.signature, 'hex'))
|
2015-06-23 07:32:15 +02:00
|
|
|
} else if (f.signatureRaw) {
|
|
|
|
signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
|
|
|
|
}
|
2015-06-23 07:31:51 +02:00
|
|
|
|
2014-06-15 17:36:05 +02:00
|
|
|
var Q = curve.G.multiply(d)
|
2014-05-24 05:40:20 +02:00
|
|
|
|
2015-08-25 12:43:32 +02:00
|
|
|
assert.strictEqual(ecdsa.verify(H, signature, Q), false)
|
2014-05-24 05:40:20 +02:00
|
|
|
})
|
|
|
|
})
|
2014-04-16 20:10:05 +02:00
|
|
|
})
|
2014-03-28 18:24:23 +01:00
|
|
|
})
|