bitcoinjs-lib/test/ecdsa.js

var assert = require('assert')
var crypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var message = require('../src/message')
var networks = require('../src/networks')

var sec = require('../src/sec')
var ecparams = sec("secp256k1")

var BigInteger = require('bigi')

var fixtures = require('./fixtures/ecdsa.json')

describe('ecdsa', function() {
  describe('deterministicGenerateK', function() {
    fixtures.valid.forEach(function(f) {
      it('determines k for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var h1 = crypto.sha256(f.message)

        var k = ecdsa.deterministicGenerateK(ecparams, h1, d)
        assert.equal(k.toHex(), f.k)
      })
    })
  })

  describe('recoverPubKey', function() {
    it('succesfully recovers a public key', function() {
      var d = BigInteger.ONE
      var signature = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')

      var Q = ecparams.getG().multiply(d)
      var hash = message.magicHash('1111', networks.bitcoin)
      var e = BigInteger.fromBuffer(hash)
      var parsed = ecdsa.parseSigCompact(signature)

      var Qprime = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)
      assert(Q.equals(Qprime))
    })
  })

  describe('sign', function() {
    fixtures.valid.forEach(function(f) {
      it('produces a deterministic signature for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var hash = crypto.sha256(f.message)
        var signature = ecdsa.sign(ecparams, hash, d)

        assert.equal(signature.r.toString(), f.signature.r)
        assert.equal(signature.s.toString(), f.signature.s)
      })
    })

    it('should sign with low S value', function() {
      var hash = crypto.sha256('Vires in numeris')
      var sig = ecdsa.sign(ecparams, hash, BigInteger.ONE)

      // See BIP62 for more information
      var N_OVER_TWO = ecparams.getN().shiftRight(1)
      assert(sig.s.compareTo(N_OVER_TWO) <= 0)
    })
  })

  describe('verifyRaw', function() {
    fixtures.valid.forEach(function(f) {
      it('verifies a valid signature for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var Q = ecparams.getG().multiply(d)

        var signature = {
          r: new BigInteger(f.signature.r),
          s: new BigInteger(f.signature.s)
        }
        var e = BigInteger.fromBuffer(crypto.sha256(f.message))

        assert(ecdsa.verifyRaw(ecparams, e, signature, Q))
      })
    })

    fixtures.invalid.verifyRaw.forEach(function(f) {
      it('fails to verify with ' + f.description, function() {
        var d = BigInteger.fromHex(f.d)
        var e = BigInteger.fromHex(f.e)
        var signature = {
          r: new BigInteger(f.signature.r),
          s: new BigInteger(f.signature.s)
        }
        var Q = ecparams.getG().multiply(d)

        assert.equal(ecdsa.verifyRaw(ecparams, e, signature, Q), false)
      })
    })
  })

  describe('serializeSig', function() {
    it('encodes a DER signature', function() {
      fixtures.valid.forEach(function(f) {
        var signature = {
          r: new BigInteger(f.signature.r),
          s: new BigInteger(f.signature.s)
        }

        var signature = new Buffer(ecdsa.serializeSig(signature))
        assert.equal(signature.toString('hex'), f.DER)
      })
    })
  })

  describe('parseSig', function() {
    it('decodes the correct signature', function() {
      fixtures.valid.forEach(function(f) {
        var buffer = new Buffer(f.DER, 'hex')
        var signature = ecdsa.parseSig(buffer)

        assert.equal(signature.r.toString(), f.signature.r)
        assert.equal(signature.s.toString(), f.signature.s)
      })
    })

    fixtures.invalid.DER.forEach(function(f) {
      it('throws on ' + f.hex, function() {
        var buffer = new Buffer(f.hex, 'hex')

        assert.throws(function() {
          ecdsa.parseSig(buffer)
        }, new RegExp(f.exception))
      })
    })
  })

  describe('serializeSigCompact', function() {
    fixtures.valid.forEach(function(f) {
      it('encodes ' + f.compact.hex + ' correctly', function() {
        var signature = {
          r: new BigInteger(f.signature.r),
          s: new BigInteger(f.signature.s)
        }
        var i = f.compact.i
        var compressed = f.compact.compressed

        var signature = ecdsa.serializeSigCompact(signature, i, compressed)
        assert.equal(signature.toString('hex'), f.compact.hex)
      })
    })
  })

  describe('parseSigCompact', function() {
    fixtures.valid.forEach(function(f) {
      it('decodes ' + f.compact.hex + ' correctly', function() {
        var buffer = new Buffer(f.compact.hex, 'hex')
        var parsed = ecdsa.parseSigCompact(buffer)

        assert.equal(parsed.signature.r.toString(), f.signature.r)
        assert.equal(parsed.signature.s.toString(), f.signature.s)
        assert.equal(parsed.i, f.compact.i)
        assert.equal(parsed.compressed, f.compact.compressed)
      })
    })

    fixtures.invalid.compact.forEach(function(f) {
      it('throws on ' + f.hex, function() {
        var buffer = new Buffer(f.hex, 'hex')

        assert.throws(function() {
          ecdsa.parseSigCompact(buffer)
        }, new RegExp(f.exception))
      })
    })
  })
})
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`var assert = require('assert')`
tests: use filepaths directly After a long IRC discussion, it was decided that the use of direct filepaths instead of the module is a more pure form of testing , although it may provide less overall coverage than the mixed integration style imports used previously. This will need to be remedied by further integration testing in /test/integration. 2014-05-13 09:55:53 +02:00			`var crypto = require('../src/crypto')`
			`var ecdsa = require('../src/ecdsa')`
message: support alternate networks 2014-05-16 07:39:17 +02:00			`var message = require('../src/message')`
			`var networks = require('../src/networks')`
tests: forces consistent import syntax 2014-05-13 08:35:07 +02:00
tests: use filepaths directly After a long IRC discussion, it was decided that the use of direct filepaths instead of the module is a more pure form of testing , although it may provide less overall coverage than the mixed integration style imports used previously. This will need to be remedied by further integration testing in /test/integration. 2014-05-13 09:55:53 +02:00			`var sec = require('../src/sec')`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00			`var ecparams = sec("secp256k1")`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
upgrade bigi & remove monkey patching 2014-05-03 04:04:54 +02:00			`var BigInteger = require('bigi')`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00
tests: use JSON fixtures exclusively 2014-05-18 11:47:39 +02:00			`var fixtures = require('./fixtures/ecdsa.json')`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`describe('ecdsa', function() {`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`describe('deterministicGenerateK', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('determines k for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var h1 = crypto.sha256(f.message)`

all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var k = ecdsa.deterministicGenerateK(ecparams, h1, d)`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`assert.equal(k.toHex(), f.k)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`})`
			`})`

Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`describe('recoverPubKey', function() {`
			`it('succesfully recovers a public key', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.ONE`
ecdsa: remove ECKey dependency in tests 2014-05-17 06:39:31 +02:00			`var signature = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')`
message: support alternate networks 2014-05-16 07:39:17 +02:00
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var Q = ecparams.getG().multiply(d)`
message: support alternate networks 2014-05-16 07:39:17 +02:00			`var hash = message.magicHash('1111', networks.bitcoin)`
ecdsa: consistent parameter ordering 2014-05-10 14:30:29 +02:00			`var e = BigInteger.fromBuffer(hash)`
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var parsed = ecdsa.parseSigCompact(signature)`
message: support alternate networks 2014-05-16 07:39:17 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var Qprime = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)`
ecdsa: remove ECKey dependency in tests 2014-05-17 06:39:31 +02:00			`assert(Q.equals(Qprime))`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`
			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`describe('sign', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('produces a deterministic signature for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var hash = crypto.sha256(f.message)`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var signature = ecdsa.sign(ecparams, hash, d)`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`assert.equal(signature.r.toString(), f.signature.r)`
			`assert.equal(signature.s.toString(), f.signature.s)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
			`it('should sign with low S value', function() {`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var hash = crypto.sha256('Vires in numeris')`
ecdsa: remove implicit ecparams 2014-05-17 07:06:52 +02:00			`var sig = ecdsa.sign(ecparams, hash, BigInteger.ONE)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
			`// See BIP62 for more information`
ecdsa: opt for shiftRight, pow and square In the given situations, these offer better readability, or in the case of shiftRight, a substantial performance increase. 2014-05-17 04:05:05 +02:00			`var N_OVER_TWO = ecparams.getN().shiftRight(1)`
ecdsa: use (r, s) values directly 2014-05-10 14:38:05 +02:00			`assert(sig.s.compareTo(N_OVER_TWO) <= 0)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
			`})`

			`describe('verifyRaw', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('verifies a valid signature for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
			`var Q = ecparams.getG().multiply(d)`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var signature = {`
			`r: new BigInteger(f.signature.r),`
			`s: new BigInteger(f.signature.s)`
			`}`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var e = BigInteger.fromBuffer(crypto.sha256(f.message))`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`assert(ecdsa.verifyRaw(ecparams, e, signature, Q))`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00			`})`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
			`fixtures.invalid.verifyRaw.forEach(function(f) {`
			`it('fails to verify with ' + f.description, function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00			`var e = BigInteger.fromHex(f.e)`
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var signature = {`
			`r: new BigInteger(f.signature.r),`
			`s: new BigInteger(f.signature.s)`
			`}`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var Q = ecparams.getG().multiply(d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`assert.equal(ecdsa.verifyRaw(ecparams, e, signature, Q), false)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00			`})`
			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00
			`describe('serializeSig', function() {`
			`it('encodes a DER signature', function() {`
			`fixtures.valid.forEach(function(f) {`
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var signature = {`
			`r: new BigInteger(f.signature.r),`
			`s: new BigInteger(f.signature.s)`
			`}`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var signature = new Buffer(ecdsa.serializeSig(signature))`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`assert.equal(signature.toString('hex'), f.DER)`
			`})`
			`})`
			`})`

			`describe('parseSig', function() {`
			`it('decodes the correct signature', function() {`
			`fixtures.valid.forEach(function(f) {`
			`var buffer = new Buffer(f.DER, 'hex')`
			`var signature = ecdsa.parseSig(buffer)`

			`assert.equal(signature.r.toString(), f.signature.r)`
			`assert.equal(signature.s.toString(), f.signature.s)`
			`})`
			`})`

			`fixtures.invalid.DER.forEach(function(f) {`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`it('throws on ' + f.hex, function() {`
			`var buffer = new Buffer(f.hex, 'hex')`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00
			`assert.throws(function() {`
			`ecdsa.parseSig(buffer)`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`}, new RegExp(f.exception))`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`})`
			`})`
			`})`

			`describe('serializeSigCompact', function() {`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('encodes ' + f.compact.hex + ' correctly', function() {`
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var signature = {`
			`r: new BigInteger(f.signature.r),`
			`s: new BigInteger(f.signature.s)`
			`}`
			`var i = f.compact.i`
			`var compressed = f.compact.compressed`

			`var signature = ecdsa.serializeSigCompact(signature, i, compressed)`
			`assert.equal(signature.toString('hex'), f.compact.hex)`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`})`
			`})`
			`})`

			`describe('parseSigCompact', function() {`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('decodes ' + f.compact.hex + ' correctly', function() {`
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`var buffer = new Buffer(f.compact.hex, 'hex')`
			`var parsed = ecdsa.parseSigCompact(buffer)`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`assert.equal(parsed.signature.r.toString(), f.signature.r)`
			`assert.equal(parsed.signature.s.toString(), f.signature.s)`
			`assert.equal(parsed.i, f.compact.i)`
			`assert.equal(parsed.compressed, f.compact.compressed)`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`})`
			`})`

			`fixtures.invalid.compact.forEach(function(f) {`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`it('throws on ' + f.hex, function() {`
			`var buffer = new Buffer(f.hex, 'hex')`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00
			`assert.throws(function() {`
			`ecdsa.parseSigCompact(buffer)`
ecdsa: fix missing exceptions 2014-05-29 07:42:12 +02:00			`}, new RegExp(f.exception))`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`})`
			`})`
			`})`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`