Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

ecdsa.cpp 4.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
  1. #include <iostream>
  2. #include <tuple>
  3. #include <vector>
  4. #include "shared.hpp"
  5. /////////// bitcoinjs-lib/ecdsa test fixtures
  6. // https://github.com/bitcoinjs/bitcoinjs-lib/blob/6b3c41a06c6e38ec79dc2f3389fa2362559b4a46/test/fixtures/ecdsa.json
  7. const auto BJS_KEYS = std::vector<std::string>({
  8. "0000000000000000000000000000000000000000000000000000000000000001",
  9. "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
  10. "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
  11. "0000000000000000000000000000000000000000000000000000000000000001",
  12. "69ec59eaa1f4f2e36b639716b7c30ca86d9a5375c7b38d8918bd9c0ebc80ba64",
  13. "00000000000000000000000000007246174ab1e92e9149c6e446fe194d072637",
  14. "000000000000000000000000000000000000000000056916d0f9b31dc9b637f3",
  15. });
  16. const auto BJS_MESSAGES = std::vector<std::string>({
  17. "Everything should be made as simple as possible, but not simpler.",
  18. "Equations are more important to me, because politics is for the present, but an equation is something for eternity.",
  19. "Not only is the Universe stranger than we think, it is stranger than we can think.",
  20. "How wonderful that we have met with a paradox. Now we have some hope of making progress.",
  21. "Computer science is no more about computers than astronomy is about telescopes.",
  22. "...if you aren't, at any given time, scandalized by code you wrote five or even three years ago, you're not learning anywhere near enough",
  23. "The question of whether computers can think is like the question of whether submarines can swim.",
  24. });
  25. struct S { uint8_t_32 d; uint8_t_32 m; uint8_t_64 e; std::string desc; };
  26. auto generateSigns () {
  27. bool ok = true;
  28. std::vector<S> s;
  29. size_t i = 0;
  30. for (const auto& message : BJS_MESSAGES) {
  31. const auto d = scalarFromHex(BJS_KEYS[i++]);
  32. const auto hash = sha256(message);
  33. const auto sig = _eccSign(d, hash, ok);
  34. s.push_back({ d, hash, sig, message });
  35. }
  36. for (const auto& message : BJS_MESSAGES) {
  37. const auto d = randomPrivate();
  38. const auto hash = sha256(message);
  39. const auto sig = _eccSign(d, hash, ok);
  40. s.push_back({ d, hash, sig, message });
  41. }
  42. s.push_back({ ONE, ZERO, _eccSign(ONE, ZERO, ok), "Strange hash" });
  43. s.push_back({ ONE, UINT256_MAX, _eccSign(ONE, UINT256_MAX, ok), "Strange hash" });
  44. s.push_back({ GROUP_ORDER_LESS_1, ZERO, _eccSign(GROUP_ORDER_LESS_1, ZERO, ok), "Stange hash" });
  45. s.push_back({ GROUP_ORDER_LESS_1, UINT256_MAX, _eccSign(GROUP_ORDER_LESS_1, UINT256_MAX, ok), "Strange hash" });
  46. // fuzz
  47. for (int i = 0; i < 2000; i++) {
  48. const auto rkey = randomPrivate();
  49. const auto hash = randomScalar();
  50. auto sig = _eccSign(rkey, hash, ok);
  51. const auto Q = _pointFromScalar<uint8_t_33>(rkey, ok);
  52. assert(ok);
  53. auto verified = ok;
  54. assert(_eccVerify(Q, hash, sig) == verified);
  55. s.push_back({ rkey, hash, sig, "" });
  56. }
  57. return s;
  58. }
  59. struct BS { uint8_t_32 d; uint8_t_32 m; std::string except; std::string desc = ""; };
  60. auto generateBadSigns () {
  61. std::vector<BS> bs;
  62. for (auto x : BAD_PRIVATES) bs.push_back({ x.a, ONE, THROW_BAD_PRIVATE, x.desc });
  63. return bs;
  64. }
  65. struct BV { uint8_t_vec Q; uint8_t_32 m; uint8_t_64 s; std::string except; std::string desc = ""; };
  66. auto generateBadVerify () {
  67. bool ok = true;
  68. const auto G_ONE = _pointFromUInt32<uint8_t_33>(1, ok);
  69. assert(ok);
  70. const auto BAD_POINTS = generateBadPoints<uint8_t_65>();
  71. const auto BAD_POINTS_C = generateBadPoints<uint8_t_33>();
  72. std::vector<BV> bv;
  73. for (auto x : BAD_POINTS) bv.push_back({ x.a, THREE, _signatureFromRS(ONE, ONE), THROW_BAD_POINT, x.desc });
  74. for (auto x : BAD_POINTS_C) bv.push_back({ x.a, THREE, _signatureFromRS(ONE, ONE), THROW_BAD_POINT, x.desc });
  75. for (auto x : BAD_SIGNATURES_VERIFY) bv.push_back({ G_ONE, THREE, x.a, "", x.desc }); // never verify, but dont throw
  76. for (auto x : BAD_SIGNATURES) bv.push_back({ G_ONE, THREE, x.a, THROW_BAD_SIGNATURE, x.desc });
  77. return bv;
  78. }
  79. template <typename T>
  80. void dumpJSON (std::ostream& o, const T& t) {
  81. o << jsonifyO({
  82. jsonp("valid", jsonifyA(std::get<0>(t), [&](auto x) {
  83. return jsonifyO({
  84. x.desc.empty() ? "" : jsonp("description", jsonify(x.desc)),
  85. jsonp("d", jsonify(x.d)),
  86. jsonp("m", jsonify(x.m)),
  87. jsonp("signature", jsonify(x.e))
  88. });
  89. })),
  90. jsonp("invalid", jsonifyO({
  91. jsonp("sign", jsonifyA(std::get<1>(t), [&](auto x) {
  92. return jsonifyO({
  93. x.desc.empty() ? "" : jsonp("description", jsonify(x.desc)),
  94. jsonp("exception", jsonify(x.except)),
  95. jsonp("d", jsonify(x.d)),
  96. jsonp("m", jsonify(x.m))
  97. });
  98. })),
  99. jsonp("verify", jsonifyA(std::get<2>(t), [&](auto x) {
  100. return jsonifyO({
  101. x.desc.empty() ? "" : jsonp("description", jsonify(x.desc)),
  102. x.except.empty() ? "" : jsonp("exception", jsonify(x.except)),
  103. jsonp("Q", jsonify(x.Q)),
  104. jsonp("m", jsonify(x.m)),
  105. jsonp("signature", jsonify(x.s))
  106. });
  107. }))
  108. }))
  109. });
  110. }
  111. int main () {
  112. _ec_init();
  113. const auto s = generateSigns();
  114. const auto bs = generateBadSigns();
  115. const auto bv = generateBadVerify();
  116. dumpJSON(std::cout, std::make_tuple(s, bs, bv));
  117. return 0;
  118. }