bitcoinjs-lib/test/ecdsa.js

var assert = require('assert')
var crypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var message = require('../src/message')
var networks = require('../src/networks')

var BigInteger = require('bigi')
var ECSignature = require('../src/ecsignature')

var ecurve = require('ecurve')
var curve = ecurve.getCurveByName('secp256k1')

var fixtures = require('./fixtures/ecdsa.json')

describe('ecdsa', function() {
  describe('deterministicGenerateK', function() {
    fixtures.valid.forEach(function(f) {
      it('determines k for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var h1 = crypto.sha256(f.message)

        var k = ecdsa.deterministicGenerateK(curve, h1, d)
        assert.equal(k.toHex(), f.k)
      })
    })
  })

  describe('recoverPubKey', function() {
    fixtures.valid.forEach(function(f) {
      it('recovers the pubKey for ' + f.d, function() {
        var d = BigInteger.fromHex(f.d)
        var Q = curve.params.G.multiply(d)
        var signature = {
          r: new BigInteger(f.signature.r),
          s: new BigInteger(f.signature.s)
        }
        var h1 = crypto.sha256(f.message)
        var e = BigInteger.fromBuffer(h1)
        var Qprime = ecdsa.recoverPubKey(curve, e, signature, f.i)

        assert(Qprime.equals(Q))
      })
    })

    describe('with i ∈ {0,1,2,3}', function() {
      var hash = message.magicHash('1111', networks.bitcoin)
      var e = BigInteger.fromBuffer(hash)

      var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
      var signature = ECSignature.fromCompact(signatureBuffer).signature
      var points = [
        '03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
        '0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
        '03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
        '027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
      ]

      points.forEach(function(expectedHex, i) {
        it('recovers an expected point for i of ' + i, function() {
          var Qprime = ecdsa.recoverPubKey(curve, e, signature, i)
          var QprimeHex = Qprime.getEncoded().toString('hex')

          assert.equal(QprimeHex, expectedHex)
        })
      })
    })

    fixtures.invalid.recoverPubKey.forEach(function(f) {
      it('throws on ' + f.description, function() {
        var e = BigInteger.fromHex(f.e)
        var signature = new ECSignature(new BigInteger(f.signature.r), new BigInteger(f.signature.s))

        assert.throws(function() {
          ecdsa.recoverPubKey(curve, e, signature, f.i)
        }, new RegExp(f.exception))
      })
    })
  })

  describe('sign', function() {
    fixtures.valid.forEach(function(f) {
      it('produces a deterministic signature for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var hash = crypto.sha256(f.message)
        var signature = ecdsa.sign(curve, hash, d)

        assert.equal(signature.r.toString(), f.signature.r)
        assert.equal(signature.s.toString(), f.signature.s)
      })
    })

    it('should sign with low S value', function() {
      var hash = crypto.sha256('Vires in numeris')
      var sig = ecdsa.sign(curve, hash, BigInteger.ONE)

      // See BIP62 for more information
      var N_OVER_TWO = curve.params.n.shiftRight(1)
      assert(sig.s.compareTo(N_OVER_TWO) <= 0)
    })
  })

  describe('verifyRaw', function() {
    fixtures.valid.forEach(function(f) {
      it('verifies a valid signature for \"' + f.message + '\"', function() {
        var d = BigInteger.fromHex(f.d)
        var e = BigInteger.fromBuffer(crypto.sha256(f.message))
        var signature = new ECSignature(
          new BigInteger(f.signature.r),
          new BigInteger(f.signature.s)
        )
        var Q = curve.params.G.multiply(d)

        assert(ecdsa.verifyRaw(curve, e, signature, Q))
      })
    })

    fixtures.invalid.verifyRaw.forEach(function(f) {
      it('fails to verify with ' + f.description, function() {
        var d = BigInteger.fromHex(f.d)
        var e = BigInteger.fromHex(f.e)
        var signature = new ECSignature(
          new BigInteger(f.signature.r),
          new BigInteger(f.signature.s)
        )
        var Q = curve.params.G.multiply(d)

        assert.equal(ecdsa.verifyRaw(curve, e, signature, Q), false)
      })
    })
  })
})
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`var assert = require('assert')`
tests: use filepaths directly After a long IRC discussion, it was decided that the use of direct filepaths instead of the module is a more pure form of testing , although it may provide less overall coverage than the mixed integration style imports used previously. This will need to be remedied by further integration testing in /test/integration. 2014-05-13 09:55:53 +02:00			`var crypto = require('../src/crypto')`
			`var ecdsa = require('../src/ecdsa')`
message: support alternate networks 2014-05-16 07:39:17 +02:00			`var message = require('../src/message')`
			`var networks = require('../src/networks')`
tests: forces consistent import syntax 2014-05-13 08:35:07 +02:00
upgrade bigi & remove monkey patching 2014-05-03 04:04:54 +02:00			`var BigInteger = require('bigi')`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var ECSignature = require('../src/ecsignature')`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var ecurve = require('ecurve')`
			`var curve = ecurve.getCurveByName('secp256k1')`

tests: use JSON fixtures exclusively 2014-05-18 11:47:39 +02:00			`var fixtures = require('./fixtures/ecdsa.json')`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`describe('ecdsa', function() {`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`describe('deterministicGenerateK', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('determines k for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var h1 = crypto.sha256(f.message)`

use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var k = ecdsa.deterministicGenerateK(curve, h1, d)`
ecdsa: add serializeSigCompact and tests This also adds tests for all other ECDSA serialize/parsing functions. The k, r, s and D values were sourced from test vectors on https://bitcointalk.org/index.php?topic=285142.40 . The compact signatures (aka, i values) were generated from bitcoinjslib, but they are straight forward anyway. 2014-05-16 15:11:04 +02:00			`assert.equal(k.toHex(), f.k)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Enforces Array input for deterministicGenerateK 2014-04-22 22:18:38 +02:00			`})`
			`})`

Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`describe('recoverPubKey', function() {`
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('recovers the pubKey for ' + f.d, function() {`
			`var d = BigInteger.fromHex(f.d)`
			`var Q = curve.params.G.multiply(d)`
			`var signature = {`
			`r: new BigInteger(f.signature.r),`
			`s: new BigInteger(f.signature.s)`
			`}`
			`var h1 = crypto.sha256(f.message)`
			`var e = BigInteger.fromBuffer(h1)`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var Qprime = ecdsa.recoverPubKey(curve, e, signature, f.i)`
message: support alternate networks 2014-05-16 07:39:17 +02:00
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00			`assert(Qprime.equals(Q))`
			`})`
			`})`

			`describe('with i ∈ {0,1,2,3}', function() {`
message: support alternate networks 2014-05-16 07:39:17 +02:00			`var hash = message.magicHash('1111', networks.bitcoin)`
ecdsa: consistent parameter ordering 2014-05-10 14:30:29 +02:00			`var e = BigInteger.fromBuffer(hash)`
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')`
			`var signature = ECSignature.fromCompact(signatureBuffer).signature`
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00			`var points = [`
			`'03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',`
			`'0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',`
			`'03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',`
			`'027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'`
			`]`

			`points.forEach(function(expectedHex, i) {`
			`it('recovers an expected point for i of ' + i, function() {`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var Qprime = ecdsa.recoverPubKey(curve, e, signature, i)`
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00			`var QprimeHex = Qprime.getEncoded().toString('hex')`
message: support alternate networks 2014-05-16 07:39:17 +02:00
ecdsa: add more extensive tests for recoverPubKey 2014-06-14 13:06:30 +02:00			`assert.equal(QprimeHex, expectedHex)`
			`})`
			`})`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`
ecdsa: add invalid test fixtures for recoverPubKey 2014-06-14 03:45:01 +02:00
			`fixtures.invalid.recoverPubKey.forEach(function(f) {`
			`it('throws on ' + f.description, function() {`
			`var e = BigInteger.fromHex(f.e)`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var signature = new ECSignature(new BigInteger(f.signature.r), new BigInteger(f.signature.s))`
ecdsa: add invalid test fixtures for recoverPubKey 2014-06-14 03:45:01 +02:00
			`assert.throws(function() {`
			`ecdsa.recoverPubKey(curve, e, signature, f.i)`
			`}, new RegExp(f.exception))`
			`})`
			`})`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`describe('sign', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('produces a deterministic signature for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var hash = crypto.sha256(f.message)`
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var signature = ecdsa.sign(curve, hash, d)`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00
ecdsa: always use signature object 2014-05-24 08:25:38 +02:00			`assert.equal(signature.r.toString(), f.signature.r)`
			`assert.equal(signature.s.toString(), f.signature.s)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
			`it('should sign with low S value', function() {`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var hash = crypto.sha256('Vires in numeris')`
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var sig = ecdsa.sign(curve, hash, BigInteger.ONE)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00
			`// See BIP62 for more information`
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var N_OVER_TWO = curve.params.n.shiftRight(1)`
ecdsa: use (r, s) values directly 2014-05-10 14:38:05 +02:00			`assert(sig.s.compareTo(N_OVER_TWO) <= 0)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
			`})`

			`describe('verifyRaw', function() {`
tests: always use for, it testing style 2014-06-07 11:46:06 +02:00			`fixtures.valid.forEach(function(f) {`
			`it('verifies a valid signature for \"' + f.message + '\"', function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`var e = BigInteger.fromBuffer(crypto.sha256(f.message))`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var signature = new ECSignature(`
			`new BigInteger(f.signature.r),`
			`new BigInteger(f.signature.s)`
			`)`
			`var Q = curve.params.G.multiply(d)`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`assert(ecdsa.verifyRaw(curve, e, signature, Q))`
Adds RFC6979 test vectors and fixes ecdsa.sign/detGenK 2014-04-23 23:45:28 +02:00			`})`
Moves 'low S value' test from eckey.js to ecdsa.js 2014-04-17 06:33:35 +02:00			`})`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
			`fixtures.invalid.verifyRaw.forEach(function(f) {`
			`it('fails to verify with ' + f.description, function() {`
all: rename D to d as per SEC convention 2014-06-07 10:24:16 +02:00			`var d = BigInteger.fromHex(f.d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00			`var e = BigInteger.fromHex(f.e)`
ecdsa: moved all signature encoding to ECSignature 2014-06-15 08:44:52 +02:00			`var signature = new ECSignature(`
			`new BigInteger(f.signature.r),`
			`new BigInteger(f.signature.s)`
			`)`
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`var Q = curve.params.G.multiply(d)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00
use ecurve instead of custom ec 2014-06-07 08:24:27 +02:00			`assert.equal(ecdsa.verifyRaw(curve, e, signature, Q), false)`
ecdsa: add invalid tests for verifyRaw 2014-05-24 05:40:20 +02:00			`})`
			`})`
Moves test/misc.js tests to appropriate location 2014-04-16 20:10:05 +02:00			`})`
Adds recoverPubKey simple test 2014-03-28 18:24:23 +01:00			`})`