lbrycrd/src/test/canonical_tests.cpp

//
// Unit tests for canonical signatures

#include "json/json_spirit_writer_template.h"
#include <boost/test/unit_test.hpp>
#include <openssl/ecdsa.h>

#include "key.h"
#include "script.h"
#include "util.h"

using namespace std;
using namespace json_spirit;


// In script_tests.cpp
extern Array read_json(const std::string& filename);

BOOST_AUTO_TEST_SUITE(canonical_tests)

// OpenSSL-based test for canonical signature (without test for hashtype byte)
bool static IsCanonicalSignature_OpenSSL_inner(const std::vector<unsigned char>& vchSig)
{
    if (vchSig.size() == 0)
        return false;
    const unsigned char *input = &vchSig[0];
    ECDSA_SIG *psig = NULL;
    d2i_ECDSA_SIG(&psig, &input, vchSig.size());
    if (psig == NULL)
        return false;
    unsigned char buf[256];
    unsigned char *pbuf = buf;
    unsigned int nLen = i2d_ECDSA_SIG(psig, NULL);
    if (nLen != vchSig.size()) {
        ECDSA_SIG_free(psig);
        return false;
    }
    nLen = i2d_ECDSA_SIG(psig, &pbuf);
    ECDSA_SIG_free(psig);
    return (memcmp(&vchSig[0], &buf[0], nLen) == 0);
}

// OpenSSL-based test for canonical signature
bool static IsCanonicalSignature_OpenSSL(const std::vector<unsigned char> &vchSignature) {
    if (vchSignature.size() < 1)
        return false;
    if (vchSignature.size() > 127)
        return false;
    if (vchSignature[vchSignature.size() - 1] & 0x7C)
        return false;

    std::vector<unsigned char> vchSig(vchSignature);
    vchSig.pop_back();
    if (!IsCanonicalSignature_OpenSSL_inner(vchSig))
        return false;
    return true;
}

BOOST_AUTO_TEST_CASE(script_canon)
{
    Array tests = read_json("sig_canonical.json");

    BOOST_FOREACH(Value &tv, tests) {
        string test = tv.get_str();
        if (IsHex(test)) {
            std::vector<unsigned char> sig = ParseHex(test);
            BOOST_CHECK_MESSAGE(IsCanonicalSignature(sig, SCRIPT_VERIFY_STRICTENC), test);
            BOOST_CHECK_MESSAGE(IsCanonicalSignature_OpenSSL(sig), test);
        }
    }
}

BOOST_AUTO_TEST_CASE(script_noncanon)
{
    Array tests = read_json("sig_noncanonical.json");

    BOOST_FOREACH(Value &tv, tests) {
        string test = tv.get_str();
        if (IsHex(test)) {
            std::vector<unsigned char> sig = ParseHex(test);
            BOOST_CHECK_MESSAGE(!IsCanonicalSignature(sig, SCRIPT_VERIFY_STRICTENC), test);
            BOOST_CHECK_MESSAGE(!IsCanonicalSignature_OpenSSL(sig), test);
        }
    }
}

BOOST_AUTO_TEST_SUITE_END()
Check for canonical public keys and signatures Only enabled inside tests for now. 2012-08-22 22:33:21 +02:00			`//`
			`// Unit tests for canonical signatures`

			`#include "json/json_spirit_writer_template.h"`
			`#include <boost/test/unit_test.hpp>`
			`#include <openssl/ecdsa.h>`

			`#include "key.h"`
			`#include "script.h"`
			`#include "util.h"`

			`using namespace std;`
			`using namespace json_spirit;`


			`// In script_tests.cpp`
			`extern Array read_json(const std::string& filename);`

			`BOOST_AUTO_TEST_SUITE(canonical_tests)`

			`// OpenSSL-based test for canonical signature (without test for hashtype byte)`
			`bool static IsCanonicalSignature_OpenSSL_inner(const std::vector<unsigned char>& vchSig)`
			`{`
			`if (vchSig.size() == 0)`
			`return false;`
			`const unsigned char *input = &vchSig[0];`
			`ECDSA_SIG *psig = NULL;`
			`d2i_ECDSA_SIG(&psig, &input, vchSig.size());`
			`if (psig == NULL)`
			`return false;`
			`unsigned char buf[256];`
			`unsigned char *pbuf = buf;`
			`unsigned int nLen = i2d_ECDSA_SIG(psig, NULL);`
			`if (nLen != vchSig.size()) {`
			`ECDSA_SIG_free(psig);`
			`return false;`
			`}`
			`nLen = i2d_ECDSA_SIG(psig, &pbuf);`
			`ECDSA_SIG_free(psig);`
			`return (memcmp(&vchSig[0], &buf[0], nLen) == 0);`
			`}`

			`// OpenSSL-based test for canonical signature`
			`bool static IsCanonicalSignature_OpenSSL(const std::vector<unsigned char> &vchSignature) {`
			`if (vchSignature.size() < 1)`
			`return false;`
			`if (vchSignature.size() > 127)`
			`return false;`
			`if (vchSignature[vchSignature.size() - 1] & 0x7C)`
			`return false;`

			`std::vector<unsigned char> vchSig(vchSignature);`
			`vchSig.pop_back();`
			`if (!IsCanonicalSignature_OpenSSL_inner(vchSig))`
			`return false;`
			`return true;`
			`}`

			`BOOST_AUTO_TEST_CASE(script_canon)`
			`{`
			`Array tests = read_json("sig_canonical.json");`

			`BOOST_FOREACH(Value &tv, tests) {`
			`string test = tv.get_str();`
			`if (IsHex(test)) {`
			`std::vector<unsigned char> sig = ParseHex(test);`
Only create signatures with even S, and verification mode to check. To fix a minor malleability found by Sergio Lerner (reported here: https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898) The problem is that if (R,S) is a valid ECDSA signature for a given message and public key, (R,-S) is also valid. Modulo N (the order of the secp256k1 curve), this means that both (R,S) and (R,N-S) are valid. Given that N is odd, S and N-S have a different lowest bit. We solve the problem by forcing signatures to have an even S value, excluding one of the alternatives. This commit just changes the signing code to always produce even S values, and adds a verification mode to check it. This code is not enabled anywhere yet. Existing tests in key_tests.cpp verify that the produced signatures are still valid. 2012-12-26 21:10:49 +01:00			`BOOST_CHECK_MESSAGE(IsCanonicalSignature(sig, SCRIPT_VERIFY_STRICTENC), test);`
Check for canonical public keys and signatures Only enabled inside tests for now. 2012-08-22 22:33:21 +02:00			`BOOST_CHECK_MESSAGE(IsCanonicalSignature_OpenSSL(sig), test);`
			`}`
			`}`
			`}`

			`BOOST_AUTO_TEST_CASE(script_noncanon)`
			`{`
			`Array tests = read_json("sig_noncanonical.json");`

			`BOOST_FOREACH(Value &tv, tests) {`
			`string test = tv.get_str();`
			`if (IsHex(test)) {`
			`std::vector<unsigned char> sig = ParseHex(test);`
Only create signatures with even S, and verification mode to check. To fix a minor malleability found by Sergio Lerner (reported here: https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898) The problem is that if (R,S) is a valid ECDSA signature for a given message and public key, (R,-S) is also valid. Modulo N (the order of the secp256k1 curve), this means that both (R,S) and (R,N-S) are valid. Given that N is odd, S and N-S have a different lowest bit. We solve the problem by forcing signatures to have an even S value, excluding one of the alternatives. This commit just changes the signing code to always produce even S values, and adds a verification mode to check it. This code is not enabled anywhere yet. Existing tests in key_tests.cpp verify that the produced signatures are still valid. 2012-12-26 21:10:49 +01:00			`BOOST_CHECK_MESSAGE(!IsCanonicalSignature(sig, SCRIPT_VERIFY_STRICTENC), test);`
Check for canonical public keys and signatures Only enabled inside tests for now. 2012-08-22 22:33:21 +02:00			`BOOST_CHECK_MESSAGE(!IsCanonicalSignature_OpenSSL(sig), test);`
			`}`
			`}`
			`}`

			`BOOST_AUTO_TEST_SUITE_END()`