298 lines
13 KiB
C++
298 lines
13 KiB
C++
/*
|
|
* This file is part of the Flowee project
|
|
* Copyright (C) 2012-2016 The Bitcoin Core developers
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <encodings_legacy.h>
|
|
#include <hash.h>
|
|
#include "test/test_bitcoin.h"
|
|
#include <utilstrencodings.h>
|
|
|
|
#include <boost/test/unit_test.hpp>
|
|
|
|
static const std::string strSecret1 ("5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj");
|
|
static const std::string strSecret2 ("5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3");
|
|
static const std::string strSecret1C ("Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw");
|
|
static const std::string strSecret2C ("L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g");
|
|
static const CBitcoinAddress addr1 ("1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ");
|
|
static const CBitcoinAddress addr2 ("1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ");
|
|
static const CBitcoinAddress addr1C("1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs");
|
|
static const CBitcoinAddress addr2C("1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs");
|
|
|
|
|
|
static const std::string strAddressBad("1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF");
|
|
|
|
|
|
#ifdef KEY_TESTS_DUMPINFO
|
|
void dumpKeyInfo(uint256 privkey)
|
|
{
|
|
CKey key;
|
|
key.resize(32);
|
|
memcpy(&secret[0], &privkey, 32);
|
|
std::vector<unsigned char> sec;
|
|
sec.resize(32);
|
|
memcpy(&sec[0], &secret[0], 32);
|
|
printf(" * secret (hex): %s\n", HexStr(sec).c_str());
|
|
|
|
for (int nCompressed=0; nCompressed<2; nCompressed++)
|
|
{
|
|
bool fCompressed = nCompressed == 1;
|
|
printf(" * %s:\n", fCompressed ? "compressed" : "uncompressed");
|
|
CBitcoinSecret bsecret;
|
|
bsecret.SetSecret(secret, fCompressed);
|
|
printf(" * secret (base58): %s\n", bsecret.ToString().c_str());
|
|
CKey key;
|
|
key.SetSecret(secret, fCompressed);
|
|
std::vector<unsigned char> vchPubKey = key.GetPubKey();
|
|
printf(" * pubkey (hex): %s\n", HexStr(vchPubKey).c_str());
|
|
printf(" * address (base58): %s\n", CBitcoinAddress(vchPubKey).ToString().c_str());
|
|
}
|
|
}
|
|
#endif
|
|
|
|
// get r value produced by ECDSA signing algorithm
|
|
// (assumes ECDSA r is encoded in the canonical manner)
|
|
static std::vector<uint8_t> get_r_ECDSA(std::vector<uint8_t> sigECDSA) {
|
|
std::vector<uint8_t> ret(32, 0);
|
|
|
|
assert(sigECDSA[2] == 2);
|
|
int rlen = sigECDSA[3];
|
|
assert(rlen <= 33);
|
|
assert(sigECDSA[4 + rlen] == 2);
|
|
if (rlen == 33) {
|
|
assert(sigECDSA[4] == 0);
|
|
std::copy(sigECDSA.begin() + 5, sigECDSA.begin() + 37, ret.begin());
|
|
} else {
|
|
std::copy(sigECDSA.begin() + 4, sigECDSA.begin() + (4 + rlen), ret.begin() + (32 - rlen));
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
BOOST_FIXTURE_TEST_SUITE(key_tests, BasicTestingSetup)
|
|
|
|
BOOST_AUTO_TEST_CASE(internal_test) {
|
|
// test get_r_ECDSA (defined above) to make sure it's working properly
|
|
BOOST_CHECK(get_r_ECDSA(ParseHex(
|
|
"3045022100c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
|
|
"24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
|
|
"c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
|
|
ParseHex("c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
|
|
"24c22e00b7bc7944a1f78"));
|
|
BOOST_CHECK(get_r_ECDSA(ParseHex(
|
|
"3045022046ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
|
|
"24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40"
|
|
"c82e56a6cc37f9b50463111c9f9229b8f3b3")) ==
|
|
ParseHex("46ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8"
|
|
"24c22e00b7bc7944a1f78"));
|
|
BOOST_CHECK(get_r_ECDSA(
|
|
ParseHex("3045021f4b5f8acfccc114da39dd5ad0b1ef4d39df6a721e824c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40c82e56a6cc37f9b50463111c9f9229b8f3b3"))
|
|
== ParseHex("004b5f8acfccc114da39dd5ad0b1ef4d39df6a721e824c22e00b7bc7944a1f78"));
|
|
BOOST_CHECK(get_r_ECDSA(
|
|
ParseHex("3045021e5f8acfccc114da39dd5ad0b1ef4d39df6a721e824c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40c82e56a6cc37f9b50463111c9f9229b8f3b3"))
|
|
== ParseHex("00005f8acfccc114da39dd5ad0b1ef4d39df6a721e824c22e00b7bc7944a1f78"));
|
|
}
|
|
|
|
|
|
BOOST_AUTO_TEST_CASE(key_test1)
|
|
{
|
|
CBitcoinSecret bsecret1, bsecret2, bsecret1C, bsecret2C, baddress1;
|
|
BOOST_CHECK( bsecret1.SetString (strSecret1));
|
|
BOOST_CHECK( bsecret2.SetString (strSecret2));
|
|
BOOST_CHECK( bsecret1C.SetString(strSecret1C));
|
|
BOOST_CHECK( bsecret2C.SetString(strSecret2C));
|
|
BOOST_CHECK(!baddress1.SetString(strAddressBad));
|
|
|
|
PrivateKey key1 = bsecret1.GetKey();
|
|
BOOST_CHECK(key1.isCompressed() == false);
|
|
PrivateKey key2 = bsecret2.GetKey();
|
|
BOOST_CHECK(key2.isCompressed() == false);
|
|
PrivateKey key1C = bsecret1C.GetKey();
|
|
BOOST_CHECK(key1C.isCompressed() == true);
|
|
PrivateKey key2C = bsecret2C.GetKey();
|
|
BOOST_CHECK(key2C.isCompressed() == true);
|
|
|
|
PublicKey pubkey1 = key1. getPubKey();
|
|
PublicKey pubkey2 = key2. getPubKey();
|
|
PublicKey pubkey1C = key1C.getPubKey();
|
|
PublicKey pubkey2C = key2C.getPubKey();
|
|
|
|
BOOST_CHECK(key1.verifyPubKey(pubkey1));
|
|
BOOST_CHECK(!key1.verifyPubKey(pubkey1C));
|
|
BOOST_CHECK(!key1.verifyPubKey(pubkey2));
|
|
BOOST_CHECK(!key1.verifyPubKey(pubkey2C));
|
|
|
|
BOOST_CHECK(!key1C.verifyPubKey(pubkey1));
|
|
BOOST_CHECK(key1C.verifyPubKey(pubkey1C));
|
|
BOOST_CHECK(!key1C.verifyPubKey(pubkey2));
|
|
BOOST_CHECK(!key1C.verifyPubKey(pubkey2C));
|
|
|
|
BOOST_CHECK(!key2.verifyPubKey(pubkey1));
|
|
BOOST_CHECK(!key2.verifyPubKey(pubkey1C));
|
|
BOOST_CHECK(key2.verifyPubKey(pubkey2));
|
|
BOOST_CHECK(!key2.verifyPubKey(pubkey2C));
|
|
|
|
BOOST_CHECK(!key2C.verifyPubKey(pubkey1));
|
|
BOOST_CHECK(!key2C.verifyPubKey(pubkey1C));
|
|
BOOST_CHECK(!key2C.verifyPubKey(pubkey2));
|
|
BOOST_CHECK(key2C.verifyPubKey(pubkey2C));
|
|
|
|
BOOST_CHECK(addr1.Get() == CTxDestination(pubkey1.getKeyId()));
|
|
BOOST_CHECK(addr2.Get() == CTxDestination(pubkey2.getKeyId()));
|
|
BOOST_CHECK(addr1C.Get() == CTxDestination(pubkey1C.getKeyId()));
|
|
BOOST_CHECK(addr2C.Get() == CTxDestination(pubkey2C.getKeyId()));
|
|
|
|
for (int n=0; n<16; n++) {
|
|
std::string strMsg = strprintf("Very secret message %i: 11", n);
|
|
uint256 hashMsg = Hash(strMsg.begin(), strMsg.end());
|
|
|
|
// normal ECDSA signatures
|
|
|
|
std::vector<unsigned char> sign1, sign2, sign1C, sign2C;
|
|
|
|
BOOST_CHECK(key1.signECDSA (hashMsg, sign1));
|
|
BOOST_CHECK(key2.signECDSA (hashMsg, sign2));
|
|
BOOST_CHECK(key1C.signECDSA(hashMsg, sign1C));
|
|
BOOST_CHECK(key2C.signECDSA(hashMsg, sign2C));
|
|
|
|
BOOST_CHECK( pubkey1.verifyECDSA(hashMsg, sign1));
|
|
BOOST_CHECK(!pubkey1.verifyECDSA(hashMsg, sign2));
|
|
BOOST_CHECK( pubkey1.verifyECDSA(hashMsg, sign1C));
|
|
BOOST_CHECK(!pubkey1.verifyECDSA(hashMsg, sign2C));
|
|
|
|
BOOST_CHECK(!pubkey2.verifyECDSA(hashMsg, sign1));
|
|
BOOST_CHECK( pubkey2.verifyECDSA(hashMsg, sign2));
|
|
BOOST_CHECK(!pubkey2.verifyECDSA(hashMsg, sign1C));
|
|
BOOST_CHECK( pubkey2.verifyECDSA(hashMsg, sign2C));
|
|
|
|
BOOST_CHECK( pubkey1C.verifyECDSA(hashMsg, sign1));
|
|
BOOST_CHECK(!pubkey1C.verifyECDSA(hashMsg, sign2));
|
|
BOOST_CHECK( pubkey1C.verifyECDSA(hashMsg, sign1C));
|
|
BOOST_CHECK(!pubkey1C.verifyECDSA(hashMsg, sign2C));
|
|
|
|
BOOST_CHECK(!pubkey2C.verifyECDSA(hashMsg, sign1));
|
|
BOOST_CHECK( pubkey2C.verifyECDSA(hashMsg, sign2));
|
|
BOOST_CHECK(!pubkey2C.verifyECDSA(hashMsg, sign1C));
|
|
BOOST_CHECK( pubkey2C.verifyECDSA(hashMsg, sign2C));
|
|
|
|
// compact signatures (with key recovery)
|
|
|
|
std::vector<unsigned char> csign1, csign2, csign1C, csign2C;
|
|
|
|
BOOST_CHECK(key1.signCompact (hashMsg, csign1));
|
|
BOOST_CHECK(key2.signCompact (hashMsg, csign2));
|
|
BOOST_CHECK(key1C.signCompact(hashMsg, csign1C));
|
|
BOOST_CHECK(key2C.signCompact(hashMsg, csign2C));
|
|
|
|
PublicKey rkey1, rkey2, rkey1C, rkey2C;
|
|
|
|
BOOST_CHECK(rkey1.recoverCompact (hashMsg, csign1));
|
|
BOOST_CHECK(rkey2.recoverCompact (hashMsg, csign2));
|
|
BOOST_CHECK(rkey1C.recoverCompact(hashMsg, csign1C));
|
|
BOOST_CHECK(rkey2C.recoverCompact(hashMsg, csign2C));
|
|
|
|
BOOST_CHECK(rkey1 == pubkey1);
|
|
BOOST_CHECK(rkey2 == pubkey2);
|
|
BOOST_CHECK(rkey1C == pubkey1C);
|
|
BOOST_CHECK(rkey2C == pubkey2C);
|
|
|
|
|
|
// Schnorr signatures
|
|
|
|
std::vector<uint8_t> ssign1, ssign2, ssign1C, ssign2C;
|
|
|
|
BOOST_CHECK(key1.signSchnorr(hashMsg, ssign1));
|
|
BOOST_CHECK(key2.signSchnorr(hashMsg, ssign2));
|
|
BOOST_CHECK(key1C.signSchnorr(hashMsg, ssign1C));
|
|
BOOST_CHECK(key2C.signSchnorr(hashMsg, ssign2C));
|
|
|
|
BOOST_CHECK(pubkey1.verifySchnorr(hashMsg, ssign1));
|
|
BOOST_CHECK(!pubkey1.verifySchnorr(hashMsg, ssign2));
|
|
BOOST_CHECK(pubkey1.verifySchnorr(hashMsg, ssign1C));
|
|
BOOST_CHECK(!pubkey1.verifySchnorr(hashMsg, ssign2C));
|
|
|
|
BOOST_CHECK(!pubkey2.verifySchnorr(hashMsg, ssign1));
|
|
BOOST_CHECK(pubkey2.verifySchnorr(hashMsg, ssign2));
|
|
BOOST_CHECK(!pubkey2.verifySchnorr(hashMsg, ssign1C));
|
|
BOOST_CHECK(pubkey2.verifySchnorr(hashMsg, ssign2C));
|
|
|
|
BOOST_CHECK(pubkey1C.verifySchnorr(hashMsg, ssign1));
|
|
BOOST_CHECK(!pubkey1C.verifySchnorr(hashMsg, ssign2));
|
|
BOOST_CHECK(pubkey1C.verifySchnorr(hashMsg, ssign1C));
|
|
BOOST_CHECK(!pubkey1C.verifySchnorr(hashMsg, ssign2C));
|
|
|
|
BOOST_CHECK(!pubkey2C.verifySchnorr(hashMsg, ssign1));
|
|
BOOST_CHECK(pubkey2C.verifySchnorr(hashMsg, ssign2));
|
|
BOOST_CHECK(!pubkey2C.verifySchnorr(hashMsg, ssign1C));
|
|
BOOST_CHECK(pubkey2C.verifySchnorr(hashMsg, ssign2C));
|
|
|
|
// check deterministicity of ECDSA & Schnorr
|
|
BOOST_CHECK(sign1 == sign1C);
|
|
BOOST_CHECK(sign2 == sign2C);
|
|
BOOST_CHECK(ssign1 == ssign1C);
|
|
BOOST_CHECK(ssign2 == ssign2C);
|
|
|
|
// Extract r value from ECDSA and Schnorr. Make sure they are
|
|
// distinct (nonce reuse would be dangerous and can leak private key).
|
|
std::vector<uint8_t> rE1 = get_r_ECDSA(sign1);
|
|
BOOST_CHECK(ssign1.size() == 64);
|
|
std::vector<uint8_t> rS1(ssign1.begin(), ssign1.begin() + 32);
|
|
BOOST_CHECK(rE1.size() == 32);
|
|
BOOST_CHECK(rS1.size() == 32);
|
|
BOOST_CHECK(rE1 != rS1);
|
|
|
|
std::vector<uint8_t> rE2 = get_r_ECDSA(sign2);
|
|
BOOST_CHECK(ssign2.size() == 64);
|
|
std::vector<uint8_t> rS2(ssign2.begin(), ssign2.begin() + 32);
|
|
BOOST_CHECK(rE2.size() == 32);
|
|
BOOST_CHECK(rS2.size() == 32);
|
|
BOOST_CHECK(rE2 != rS2);
|
|
}
|
|
|
|
// test deterministic signing
|
|
|
|
std::vector<unsigned char> detsig, detsigc;
|
|
std::string strMsg = "Very deterministic message";
|
|
uint256 hashMsg = Hash(strMsg.begin(), strMsg.end());
|
|
BOOST_CHECK(key1.signECDSA(hashMsg, detsig));
|
|
BOOST_CHECK(key1C.signECDSA(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == detsigc);
|
|
BOOST_CHECK(detsig == ParseHex("304402205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d022014ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
|
BOOST_CHECK(key2.signECDSA(hashMsg, detsig));
|
|
BOOST_CHECK(key2C.signECDSA(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == detsigc);
|
|
BOOST_CHECK(detsig == ParseHex("3044022052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd5022061d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
|
BOOST_CHECK(key1.signCompact(hashMsg, detsig));
|
|
BOOST_CHECK(key1C.signCompact(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == ParseHex("1c5dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
|
BOOST_CHECK(detsigc == ParseHex("205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
|
|
BOOST_CHECK(key2.signCompact(hashMsg, detsig));
|
|
BOOST_CHECK(key2C.signCompact(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == ParseHex("1c52d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
|
BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
|
|
|
|
// Schnorr
|
|
BOOST_CHECK(key1.signSchnorr(hashMsg, detsig));
|
|
BOOST_CHECK(key1C.signSchnorr(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == detsigc);
|
|
BOOST_CHECK(detsig == ParseHex("2c56731ac2f7a7e7f11518fc7722a166b02438924ca9d8b4d111347b81d0717571846de67ad3d913a8fdf9d8f3f73161a4c48ae81cb183b214765feb86e255ce"));
|
|
BOOST_CHECK(key2.signSchnorr(hashMsg, detsig));
|
|
BOOST_CHECK(key2C.signSchnorr(hashMsg, detsigc));
|
|
BOOST_CHECK(detsig == detsigc);
|
|
BOOST_CHECK(detsig == ParseHex("e7167ae0afbba6019b4c7fcfe6de79165d555e8295bd72da1b8aa1a5b54305880517cace1bcb0cb515e2eeaffd49f1e4dd49fd72826b4b1573c84da49a38405d"));
|
|
}
|
|
|
|
BOOST_AUTO_TEST_SUITE_END()
|