2014-03-28 18:24:23 +01:00
|
|
|
var assert = require('assert')
|
2014-05-13 09:55:53 +02:00
|
|
|
var crypto = require('../src/crypto')
|
|
|
|
var ecdsa = require('../src/ecdsa')
|
2014-05-16 07:39:17 +02:00
|
|
|
var message = require('../src/message')
|
|
|
|
var networks = require('../src/networks')
|
2014-05-13 08:35:07 +02:00
|
|
|
|
2014-05-13 09:55:53 +02:00
|
|
|
var sec = require('../src/sec')
|
2014-04-17 06:33:35 +02:00
|
|
|
var ecparams = sec("secp256k1")
|
2014-04-16 20:10:05 +02:00
|
|
|
|
2014-05-03 04:04:54 +02:00
|
|
|
var BigInteger = require('bigi')
|
2014-05-13 09:55:53 +02:00
|
|
|
var ECKey = require('../src/eckey')
|
|
|
|
var ECPubKey = require('../src/ecpubkey')
|
2014-03-28 18:24:23 +01:00
|
|
|
|
2014-04-23 23:45:28 +02:00
|
|
|
var fixtures = require('./fixtures/ecdsa.js')
|
|
|
|
|
2014-03-28 18:24:23 +01:00
|
|
|
describe('ecdsa', function() {
|
2014-04-22 22:18:38 +02:00
|
|
|
describe('deterministicGenerateK', function() {
|
2014-04-23 23:45:28 +02:00
|
|
|
it('matches the test vectors', function() {
|
2014-05-16 15:11:04 +02:00
|
|
|
fixtures.valid.forEach(function(f) {
|
2014-05-16 05:46:06 +02:00
|
|
|
var priv = BigInteger.fromHex(f.D)
|
2014-04-23 23:45:28 +02:00
|
|
|
var h1 = crypto.sha256(f.message)
|
|
|
|
|
|
|
|
var k = ecdsa.deterministicGenerateK(h1, priv)
|
2014-05-16 15:11:04 +02:00
|
|
|
assert.equal(k.toHex(), f.k)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
2014-04-22 22:18:38 +02:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2014-03-28 18:24:23 +01:00
|
|
|
describe('recoverPubKey', function() {
|
|
|
|
it('succesfully recovers a public key', function() {
|
2014-04-16 20:13:51 +02:00
|
|
|
var signature = new Buffer('H0PG6+PUo96UPTJ/DVj8aBU5it+Nuli4YdsLuTMvfJxoHH9Jb7jYTQXCCOX2jrTChD5S1ic3vCrUQHdmB5/sEQY=', 'base64')
|
2014-05-16 07:39:17 +02:00
|
|
|
|
2014-03-28 18:24:23 +01:00
|
|
|
var obj = ecdsa.parseSigCompact(signature)
|
2014-05-16 07:39:17 +02:00
|
|
|
var hash = message.magicHash('1111', networks.bitcoin)
|
2014-05-10 14:30:29 +02:00
|
|
|
var e = BigInteger.fromBuffer(hash)
|
2014-05-16 07:39:17 +02:00
|
|
|
|
2014-05-10 14:30:29 +02:00
|
|
|
var pubKey = new ECPubKey(ecdsa.recoverPubKey(e, obj.r, obj.s, obj.i))
|
2014-03-28 18:24:23 +01:00
|
|
|
|
2014-04-21 18:11:25 +02:00
|
|
|
assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c')
|
2014-03-28 18:24:23 +01:00
|
|
|
})
|
|
|
|
})
|
2014-04-16 20:10:05 +02:00
|
|
|
|
2014-04-23 23:45:28 +02:00
|
|
|
describe('sign', function() {
|
|
|
|
it('matches the test vectors', function() {
|
2014-05-16 15:11:04 +02:00
|
|
|
fixtures.valid.forEach(function(f) {
|
2014-05-16 05:46:06 +02:00
|
|
|
var D = BigInteger.fromHex(f.D)
|
|
|
|
var priv = new ECKey(D)
|
2014-04-23 23:45:28 +02:00
|
|
|
var hash = crypto.sha256(f.message)
|
|
|
|
var sig = ecdsa.parseSig(priv.sign(hash))
|
2014-04-16 20:10:05 +02:00
|
|
|
|
2014-05-16 15:11:04 +02:00
|
|
|
assert.equal(sig.r.toString(), f.signature.r)
|
|
|
|
assert.equal(sig.s.toString(), f.signature.s)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
2014-04-16 20:10:05 +02:00
|
|
|
})
|
2014-04-17 06:33:35 +02:00
|
|
|
|
|
|
|
it('should sign with low S value', function() {
|
2014-05-16 05:46:06 +02:00
|
|
|
var priv = ECKey.makeRandom()
|
2014-04-23 23:45:28 +02:00
|
|
|
var hash = crypto.sha256('Vires in numeris')
|
|
|
|
var signature = priv.sign(hash)
|
|
|
|
var psig = ecdsa.parseSig(signature)
|
|
|
|
|
|
|
|
// See BIP62 for more information
|
2014-05-17 04:05:05 +02:00
|
|
|
var N_OVER_TWO = ecparams.getN().shiftRight(1)
|
|
|
|
assert(psig.s.compareTo(N_OVER_TWO) <= 0)
|
2014-04-23 23:45:28 +02:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('verifyRaw', function() {
|
|
|
|
it('matches the test vectors', function() {
|
2014-05-16 15:11:04 +02:00
|
|
|
fixtures.valid.forEach(function(f) {
|
2014-05-16 05:46:06 +02:00
|
|
|
var D = BigInteger.fromHex(f.D)
|
|
|
|
var priv = new ECKey(D)
|
2014-04-17 06:33:35 +02:00
|
|
|
|
2014-05-16 15:11:04 +02:00
|
|
|
var r = new BigInteger(f.signature.r)
|
|
|
|
var s = new BigInteger(f.signature.s)
|
2014-04-23 23:45:28 +02:00
|
|
|
var e = BigInteger.fromBuffer(crypto.sha256(f.message))
|
2014-04-17 06:33:35 +02:00
|
|
|
|
2014-04-23 23:45:28 +02:00
|
|
|
assert(ecdsa.verifyRaw(e, r, s, priv.pub.Q))
|
|
|
|
})
|
2014-04-17 06:33:35 +02:00
|
|
|
})
|
2014-04-16 20:10:05 +02:00
|
|
|
})
|
2014-05-16 15:11:04 +02:00
|
|
|
|
|
|
|
describe('serializeSig', function() {
|
|
|
|
it('encodes a DER signature', function() {
|
|
|
|
fixtures.valid.forEach(function(f) {
|
|
|
|
var r = new BigInteger(f.signature.r)
|
|
|
|
var s = new BigInteger(f.signature.s)
|
|
|
|
|
|
|
|
var signature = new Buffer(ecdsa.serializeSig(r, s))
|
|
|
|
assert.equal(signature.toString('hex'), f.DER)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('parseSig', function() {
|
|
|
|
it('decodes the correct signature', function() {
|
|
|
|
fixtures.valid.forEach(function(f) {
|
|
|
|
var buffer = new Buffer(f.DER, 'hex')
|
|
|
|
var signature = ecdsa.parseSig(buffer)
|
|
|
|
|
|
|
|
assert.equal(signature.r.toString(), f.signature.r)
|
|
|
|
assert.equal(signature.s.toString(), f.signature.s)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
fixtures.invalid.DER.forEach(function(f) {
|
|
|
|
it('throws on ' + f.description, function() {
|
|
|
|
var buffer = new Buffer(f.hex)
|
|
|
|
|
|
|
|
assert.throws(function() {
|
|
|
|
ecdsa.parseSig(buffer)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('serializeSigCompact', function() {
|
|
|
|
it('encodes a compact signature', function() {
|
|
|
|
fixtures.valid.forEach(function(f) {
|
|
|
|
var r = new BigInteger(f.signature.r)
|
|
|
|
var s = new BigInteger(f.signature.s)
|
|
|
|
var i = f.signature.i
|
|
|
|
var compressed = f.signature.compressed
|
|
|
|
|
|
|
|
var signature = ecdsa.serializeSigCompact(r, s, i, compressed)
|
|
|
|
assert.equal(signature.toString('hex'), f.compact)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('parseSigCompact', function() {
|
|
|
|
it('decodes the correct signature', function() {
|
|
|
|
fixtures.valid.forEach(function(f) {
|
|
|
|
var buffer = new Buffer(f.compact, 'hex')
|
|
|
|
var signature = ecdsa.parseSigCompact(buffer)
|
|
|
|
|
|
|
|
assert.equal(signature.r.toString(), f.signature.r)
|
|
|
|
assert.equal(signature.s.toString(), f.signature.s)
|
2014-05-16 16:28:39 +02:00
|
|
|
assert.equal(signature.i, f.signature.i)
|
|
|
|
assert.equal(signature.compressed, f.signature.compressed)
|
2014-05-16 15:11:04 +02:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
fixtures.invalid.compact.forEach(function(f) {
|
|
|
|
it('throws on ' + f.description, function() {
|
|
|
|
var buffer = new Buffer(f.hex)
|
|
|
|
|
|
|
|
assert.throws(function() {
|
|
|
|
ecdsa.parseSigCompact(buffer)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
2014-03-28 18:24:23 +01:00
|
|
|
})
|