diff --git a/src/pubkey.h b/src/pubkey.h index 30bc66301..0488b4688 100644 --- a/src/pubkey.h +++ b/src/pubkey.h @@ -1,233 +1,236 @@ // Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2016 The Bitcoin Core developers // Copyright (c) 2017 The Zcash developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #ifndef BITCOIN_PUBKEY_H #define BITCOIN_PUBKEY_H #include #include #include #include #include #include const unsigned int BIP32_EXTKEY_SIZE = 74; /** A reference to a CKey: the Hash160 of its serialized public key */ class CKeyID : public uint160 { public: CKeyID() : uint160() {} explicit CKeyID(const uint160 &in) : uint160(in) {} }; using ChainCode = uint256; /** An encapsulated public key. */ class CPubKey { public: /** * secp256k1: */ static constexpr unsigned int SIZE = 65; static constexpr unsigned int COMPRESSED_SIZE = 33; static constexpr unsigned int SCHNORR_SIZE = 64; static constexpr unsigned int SIGNATURE_SIZE = 72; static constexpr unsigned int COMPACT_SIGNATURE_SIZE = 65; /** * see www.keylength.com * script supports up to 75 for single byte push */ static_assert(SIZE >= COMPRESSED_SIZE, "COMPRESSED_SIZE is larger than SIZE"); private: /** * Just store the serialized data. * Its length can very cheaply be computed from the first byte. */ uint8_t vch[SIZE]; //! Compute the length of a pubkey with a given first byte. static unsigned int GetLen(uint8_t chHeader) { if (chHeader == 2 || chHeader == 3) { return COMPRESSED_SIZE; } if (chHeader == 4 || chHeader == 6 || chHeader == 7) { return SIZE; } return 0; } //! Set this key data to be invalid void Invalidate() { vch[0] = 0xFF; } public: bool static ValidSize(const std::vector &vch) { return vch.size() > 0 && GetLen(vch[0]) == vch.size(); } //! Construct an invalid public key. CPubKey() { Invalidate(); } //! Initialize a public key using begin/end iterators to byte data. template void Set(const T pbegin, const T pend) { int len = pend == pbegin ? 0 : GetLen(pbegin[0]); if (len && len == (pend - pbegin)) { memcpy(vch, (uint8_t *)&pbegin[0], len); } else { Invalidate(); } } //! Construct a public key using begin/end iterators to byte data. template CPubKey(const T pbegin, const T pend) { Set(pbegin, pend); } //! Construct a public key from a byte vector. explicit CPubKey(const std::vector &_vch) { Set(_vch.begin(), _vch.end()); } //! Simple read-only vector-like interface to the pubkey data. unsigned int size() const { return GetLen(vch[0]); } const uint8_t *data() const { return vch; } const uint8_t *begin() const { return vch; } const uint8_t *end() const { return vch + size(); } const uint8_t &operator[](unsigned int pos) const { return vch[pos]; } //! Comparator implementation. friend bool operator==(const CPubKey &a, const CPubKey &b) { return a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) == 0; } friend bool operator!=(const CPubKey &a, const CPubKey &b) { return !(a == b); } friend bool operator<(const CPubKey &a, const CPubKey &b) { return a.vch[0] < b.vch[0] || (a.vch[0] == b.vch[0] && memcmp(a.vch, b.vch, a.size()) < 0); } //! Implement serialization, as if this was a byte vector. template void Serialize(Stream &s) const { unsigned int len = size(); ::WriteCompactSize(s, len); s.write((char *)vch, len); } template void Unserialize(Stream &s) { unsigned int len = ::ReadCompactSize(s); if (len <= SIZE) { s.read((char *)vch, len); + if (len != size()) { + Invalidate(); + } } else { // invalid pubkey, skip available data char dummy; while (len--) { s.read(&dummy, 1); } Invalidate(); } } //! Get the KeyID of this public key (hash of its serialization) CKeyID GetID() const { return CKeyID(Hash160(MakeSpan(vch).first(size()))); } //! Get the 256-bit hash of this public key. uint256 GetHash() const { return Hash(MakeSpan(vch).first(size())); } /* * Check syntactic correctness. * * Note that this is consensus critical as CheckSig() calls it! */ bool IsValid() const { return size() > 0; } //! fully validate whether this is a valid public key (more expensive than //! IsValid()) bool IsFullyValid() const; //! Check whether this is a compressed public key. bool IsCompressed() const { return size() == COMPRESSED_SIZE; } /** * Verify a DER-serialized ECDSA signature (~72 bytes). * If this public key is not fully valid, the return value will be false. */ bool VerifyECDSA(const uint256 &hash, const std::vector &vchSig) const; /** * Verify a Schnorr signature (=64 bytes). * If this public key is not fully valid, the return value will be false. */ bool VerifySchnorr(const uint256 &hash, const std::array &sig) const; bool VerifySchnorr(const uint256 &hash, const std::vector &vchSig) const; /** * Check whether a DER-serialized ECDSA signature is normalized (lower-S). */ static bool CheckLowS(const boost::sliced_range> &vchSig); static bool CheckLowS(const std::vector &vchSig) { return CheckLowS(vchSig | boost::adaptors::sliced(0, vchSig.size())); } //! Recover a public key from a compact ECDSA signature. bool RecoverCompact(const uint256 &hash, const std::vector &vchSig); //! Turn this public key into an uncompressed public key. bool Decompress(); //! Derive BIP32 child pubkey. bool Derive(CPubKey &pubkeyChild, ChainCode &ccChild, unsigned int nChild, const ChainCode &cc) const; }; struct CExtPubKey { uint8_t nDepth; uint8_t vchFingerprint[4]; unsigned int nChild; ChainCode chaincode; CPubKey pubkey; friend bool operator==(const CExtPubKey &a, const CExtPubKey &b) { return a.nDepth == b.nDepth && memcmp(&a.vchFingerprint[0], &b.vchFingerprint[0], sizeof(vchFingerprint)) == 0 && a.nChild == b.nChild && a.chaincode == b.chaincode && a.pubkey == b.pubkey; } friend bool operator!=(const CExtPubKey &a, const CExtPubKey &b) { return !(a == b); } void Encode(uint8_t code[BIP32_EXTKEY_SIZE]) const; void Decode(const uint8_t code[BIP32_EXTKEY_SIZE]); bool Derive(CExtPubKey &out, unsigned int nChild) const; CExtPubKey() = default; }; /** * Users of this module must hold an ECCVerifyHandle. The constructor and * destructor of these are not allowed to run in parallel, though. */ class ECCVerifyHandle { static int refcount; public: ECCVerifyHandle(); ~ECCVerifyHandle(); }; #endif // BITCOIN_PUBKEY_H diff --git a/src/test/key_tests.cpp b/src/test/key_tests.cpp index a741df71a..7332d87a1 100644 --- a/src/test/key_tests.cpp +++ b/src/test/key_tests.cpp @@ -1,407 +1,449 @@ // Copyright (c) 2012-2019 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include #include // For Params() #include +#include #include #include #include #include #include #include #include #include static const std::string strSecret1 = "5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj"; static const std::string strSecret2 = "5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3"; static const std::string strSecret1C = "Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw"; static const std::string strTestSecret1C = "cND2ZvtabDbJ1gucx9GWH6XT9kgTAqfb6cotPt5Q5CyxVDhid2EN"; static const std::string strSecret2C = "L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g"; static const std::string addr1 = "1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ"; static const std::string addr2 = "1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ"; static const std::string addr1C = "1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs"; static const std::string addr2C = "1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs"; static const std::string strAddressBad = "1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF"; // get r value produced by ECDSA signing algorithm // (assumes ECDSA r is encoded in the canonical manner) static std::vector get_r_ECDSA(std::vector sigECDSA) { std::vector ret(32, 0); assert(sigECDSA[2] == 2); int rlen = sigECDSA[3]; assert(rlen <= 33); assert(sigECDSA[4 + rlen] == 2); if (rlen == 33) { assert(sigECDSA[4] == 0); std::copy(sigECDSA.begin() + 5, sigECDSA.begin() + 37, ret.begin()); } else { std::copy(sigECDSA.begin() + 4, sigECDSA.begin() + (4 + rlen), ret.begin() + (32 - rlen)); } return ret; } BOOST_FIXTURE_TEST_SUITE(key_tests, BasicTestingSetup) BOOST_AUTO_TEST_CASE(internal_test) { // test get_r_ECDSA (defined above) to make sure it's working properly BOOST_CHECK(get_r_ECDSA(ParseHex( "3045022100c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40" "c82e56a6cc37f9b50463111c9f9229b8f3b3")) == ParseHex("c6ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f78")); BOOST_CHECK(get_r_ECDSA(ParseHex( "3045022046ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40" "c82e56a6cc37f9b50463111c9f9229b8f3b3")) == ParseHex("46ab5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f78")); BOOST_CHECK(get_r_ECDSA(ParseHex( "3045021f4b5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40" "c82e56a6cc37f9b50463111c9f9229b8f3b3")) == ParseHex("004b5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f78")); BOOST_CHECK(get_r_ECDSA(ParseHex( "3045021e5f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f7802206ff23df3802e241ee234a8b66c40" "c82e56a6cc37f9b50463111c9f9229b8f3b3")) == ParseHex("00005f8acfccc114da39dd5ad0b1ef4d39df6a721e8" "24c22e00b7bc7944a1f78")); } BOOST_AUTO_TEST_CASE(encode_decode_secret_test) { const auto mainParams = CreateChainParams(CBaseChainParams::MAIN); const auto testParams = CreateChainParams(CBaseChainParams::TESTNET); const auto regParams = CreateChainParams(CBaseChainParams::TESTNET); { // Check the mainnet base58 key CKey mainKey = DecodeSecret(strSecret1C, *mainParams); BOOST_CHECK(mainKey.IsValid() && mainKey.IsCompressed()); CKey testKey = DecodeSecret(strSecret1C, *testParams); BOOST_CHECK(!testKey.IsValid()); CKey regKey = DecodeSecret(strSecret1C, *regParams); BOOST_CHECK(!regKey.IsValid()); } { // Check the testnet and regnet base58 key CKey mainKey = DecodeSecret(strTestSecret1C, *mainParams); BOOST_CHECK(!mainKey.IsValid()); CKey testKey = DecodeSecret(strTestSecret1C, *testParams); BOOST_CHECK(testKey.IsValid() && testKey.IsCompressed()); CKey regKey = DecodeSecret(strTestSecret1C, *regParams); BOOST_CHECK(regKey.IsValid() && regKey.IsCompressed()); } CKey mainKey = DecodeSecret(strSecret1C, *mainParams); CKey testKey = DecodeSecret(strTestSecret1C, *testParams); // Check key conversion. BOOST_CHECK_EQUAL(EncodeSecret(mainKey, *mainParams), strSecret1C); BOOST_CHECK_EQUAL(EncodeSecret(mainKey, *testParams), strTestSecret1C); BOOST_CHECK_EQUAL(EncodeSecret(mainKey, *regParams), strTestSecret1C); BOOST_CHECK_EQUAL(EncodeSecret(testKey, *mainParams), strSecret1C); BOOST_CHECK_EQUAL(EncodeSecret(testKey, *testParams), strTestSecret1C); BOOST_CHECK_EQUAL(EncodeSecret(testKey, *regParams), strTestSecret1C); } BOOST_AUTO_TEST_CASE(key_test1) { CKey key1 = DecodeSecret(strSecret1); BOOST_CHECK(key1.IsValid() && !key1.IsCompressed()); CKey key2 = DecodeSecret(strSecret2); BOOST_CHECK(key2.IsValid() && !key2.IsCompressed()); CKey key1C = DecodeSecret(strSecret1C); BOOST_CHECK(key1C.IsValid() && key1C.IsCompressed()); CKey key2C = DecodeSecret(strSecret2C); BOOST_CHECK(key2C.IsValid() && key2C.IsCompressed()); CKey bad_key = DecodeSecret(strAddressBad); BOOST_CHECK(!bad_key.IsValid()); CPubKey pubkey1 = key1.GetPubKey(); CPubKey pubkey2 = key2.GetPubKey(); CPubKey pubkey1C = key1C.GetPubKey(); CPubKey pubkey2C = key2C.GetPubKey(); BOOST_CHECK(key1.VerifyPubKey(pubkey1)); BOOST_CHECK(!key1.VerifyPubKey(pubkey1C)); BOOST_CHECK(!key1.VerifyPubKey(pubkey2)); BOOST_CHECK(!key1.VerifyPubKey(pubkey2C)); BOOST_CHECK(!key1C.VerifyPubKey(pubkey1)); BOOST_CHECK(key1C.VerifyPubKey(pubkey1C)); BOOST_CHECK(!key1C.VerifyPubKey(pubkey2)); BOOST_CHECK(!key1C.VerifyPubKey(pubkey2C)); BOOST_CHECK(!key2.VerifyPubKey(pubkey1)); BOOST_CHECK(!key2.VerifyPubKey(pubkey1C)); BOOST_CHECK(key2.VerifyPubKey(pubkey2)); BOOST_CHECK(!key2.VerifyPubKey(pubkey2C)); BOOST_CHECK(!key2C.VerifyPubKey(pubkey1)); BOOST_CHECK(!key2C.VerifyPubKey(pubkey1C)); BOOST_CHECK(!key2C.VerifyPubKey(pubkey2)); BOOST_CHECK(key2C.VerifyPubKey(pubkey2C)); const CChainParams &chainParams = Params(); BOOST_CHECK(DecodeDestination(addr1, chainParams) == CTxDestination(PKHash(pubkey1))); BOOST_CHECK(DecodeDestination(addr2, chainParams) == CTxDestination(PKHash(pubkey2))); BOOST_CHECK(DecodeDestination(addr1C, chainParams) == CTxDestination(PKHash(pubkey1C))); BOOST_CHECK(DecodeDestination(addr2C, chainParams) == CTxDestination(PKHash(pubkey2C))); for (int n = 0; n < 16; n++) { std::string strMsg = strprintf("Very secret message %i: 11", n); uint256 hashMsg = Hash(strMsg); // normal ECDSA signatures std::vector sign1, sign2, sign1C, sign2C; BOOST_CHECK(key1.SignECDSA(hashMsg, sign1)); BOOST_CHECK(key2.SignECDSA(hashMsg, sign2)); BOOST_CHECK(key1C.SignECDSA(hashMsg, sign1C)); BOOST_CHECK(key2C.SignECDSA(hashMsg, sign2C)); BOOST_CHECK(pubkey1.VerifyECDSA(hashMsg, sign1)); BOOST_CHECK(!pubkey1.VerifyECDSA(hashMsg, sign2)); BOOST_CHECK(pubkey1.VerifyECDSA(hashMsg, sign1C)); BOOST_CHECK(!pubkey1.VerifyECDSA(hashMsg, sign2C)); BOOST_CHECK(!pubkey2.VerifyECDSA(hashMsg, sign1)); BOOST_CHECK(pubkey2.VerifyECDSA(hashMsg, sign2)); BOOST_CHECK(!pubkey2.VerifyECDSA(hashMsg, sign1C)); BOOST_CHECK(pubkey2.VerifyECDSA(hashMsg, sign2C)); BOOST_CHECK(pubkey1C.VerifyECDSA(hashMsg, sign1)); BOOST_CHECK(!pubkey1C.VerifyECDSA(hashMsg, sign2)); BOOST_CHECK(pubkey1C.VerifyECDSA(hashMsg, sign1C)); BOOST_CHECK(!pubkey1C.VerifyECDSA(hashMsg, sign2C)); BOOST_CHECK(!pubkey2C.VerifyECDSA(hashMsg, sign1)); BOOST_CHECK(pubkey2C.VerifyECDSA(hashMsg, sign2)); BOOST_CHECK(!pubkey2C.VerifyECDSA(hashMsg, sign1C)); BOOST_CHECK(pubkey2C.VerifyECDSA(hashMsg, sign2C)); // compact ECDSA signatures (with key recovery) std::vector csign1, csign2, csign1C, csign2C; BOOST_CHECK(key1.SignCompact(hashMsg, csign1)); BOOST_CHECK(key2.SignCompact(hashMsg, csign2)); BOOST_CHECK(key1C.SignCompact(hashMsg, csign1C)); BOOST_CHECK(key2C.SignCompact(hashMsg, csign2C)); CPubKey rkey1, rkey2, rkey1C, rkey2C; BOOST_CHECK(rkey1.RecoverCompact(hashMsg, csign1)); BOOST_CHECK(rkey2.RecoverCompact(hashMsg, csign2)); BOOST_CHECK(rkey1C.RecoverCompact(hashMsg, csign1C)); BOOST_CHECK(rkey2C.RecoverCompact(hashMsg, csign2C)); BOOST_CHECK(rkey1 == pubkey1); BOOST_CHECK(rkey2 == pubkey2); BOOST_CHECK(rkey1C == pubkey1C); BOOST_CHECK(rkey2C == pubkey2C); // Schnorr signatures std::vector ssign1, ssign2, ssign1C, ssign2C; BOOST_CHECK(key1.SignSchnorr(hashMsg, ssign1)); BOOST_CHECK(key2.SignSchnorr(hashMsg, ssign2)); BOOST_CHECK(key1C.SignSchnorr(hashMsg, ssign1C)); BOOST_CHECK(key2C.SignSchnorr(hashMsg, ssign2C)); BOOST_CHECK(pubkey1.VerifySchnorr(hashMsg, ssign1)); BOOST_CHECK(!pubkey1.VerifySchnorr(hashMsg, ssign2)); BOOST_CHECK(pubkey1.VerifySchnorr(hashMsg, ssign1C)); BOOST_CHECK(!pubkey1.VerifySchnorr(hashMsg, ssign2C)); BOOST_CHECK(!pubkey2.VerifySchnorr(hashMsg, ssign1)); BOOST_CHECK(pubkey2.VerifySchnorr(hashMsg, ssign2)); BOOST_CHECK(!pubkey2.VerifySchnorr(hashMsg, ssign1C)); BOOST_CHECK(pubkey2.VerifySchnorr(hashMsg, ssign2C)); BOOST_CHECK(pubkey1C.VerifySchnorr(hashMsg, ssign1)); BOOST_CHECK(!pubkey1C.VerifySchnorr(hashMsg, ssign2)); BOOST_CHECK(pubkey1C.VerifySchnorr(hashMsg, ssign1C)); BOOST_CHECK(!pubkey1C.VerifySchnorr(hashMsg, ssign2C)); BOOST_CHECK(!pubkey2C.VerifySchnorr(hashMsg, ssign1)); BOOST_CHECK(pubkey2C.VerifySchnorr(hashMsg, ssign2)); BOOST_CHECK(!pubkey2C.VerifySchnorr(hashMsg, ssign1C)); BOOST_CHECK(pubkey2C.VerifySchnorr(hashMsg, ssign2C)); // check deterministicity of ECDSA & Schnorr BOOST_CHECK(sign1 == sign1C); BOOST_CHECK(sign2 == sign2C); BOOST_CHECK(ssign1 == ssign1C); BOOST_CHECK(ssign2 == ssign2C); // Extract r value from ECDSA and Schnorr. Make sure they are // distinct (nonce reuse would be dangerous and can leak private key). std::vector rE1 = get_r_ECDSA(sign1); BOOST_CHECK(ssign1.size() == 64); std::vector rS1(ssign1.begin(), ssign1.begin() + 32); BOOST_CHECK(rE1.size() == 32); BOOST_CHECK(rS1.size() == 32); BOOST_CHECK(rE1 != rS1); std::vector rE2 = get_r_ECDSA(sign2); BOOST_CHECK(ssign2.size() == 64); std::vector rS2(ssign2.begin(), ssign2.begin() + 32); BOOST_CHECK(rE2.size() == 32); BOOST_CHECK(rS2.size() == 32); BOOST_CHECK(rE2 != rS2); } // test deterministic signing expected values std::vector detsig, detsigc; std::string strMsg = "Very deterministic message"; uint256 hashMsg = Hash(strMsg); // ECDSA BOOST_CHECK(key1.SignECDSA(hashMsg, detsig)); BOOST_CHECK(key1C.SignECDSA(hashMsg, detsigc)); BOOST_CHECK(detsig == detsigc); BOOST_CHECK(detsig == ParseHex("304402200c648ad9936cae4006f0b0d7bcbacdcdf5a14260eb550" "c31ddb1eb1a13b1b58602201b868673bb5926d1610a07cd03692d" "fdcb98ed059314f66b457a794f2c4b8e79")); BOOST_CHECK(key2.SignECDSA(hashMsg, detsig)); BOOST_CHECK(key2C.SignECDSA(hashMsg, detsigc)); BOOST_CHECK(detsig == detsigc); BOOST_CHECK(detsig == ParseHex("304402205fb8ff5dbba6110d877169812f5cd939866d9487c6b62" "5785c6876e4fb8ea69a0220711dc4ecff142f7f808905c04bbd41" "89e3d2c689c4be396ed22883c463d6ad7a")); // Compact BOOST_CHECK(key1.SignCompact(hashMsg, detsig)); BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc)); BOOST_CHECK(detsig == ParseHex("1b8c56f224d51415e6ce329144aa1e1c1563e297a005f450df015" "14f3d047681760277e79d57502df27b8feebb001a588aa3a8c2bc" "f5b2367273c15f840638cfc8")); BOOST_CHECK(detsigc == ParseHex("1f8c56f224d51415e6ce329144aa1e1c1563e297a005f450df015" "14f3d047681760277e79d57502df27b8feebb001a588aa3a8c2bc" "f5b2367273c15f840638cfc8")); BOOST_CHECK(key2.SignCompact(hashMsg, detsig)); BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc)); BOOST_CHECK(detsig == ParseHex("1c9ffc56b38fbfc0e3eb2c42dff99d2375982449f35019c1b3d56" "ca62bef187c5103e483a0ad481eaacc224fef4ee2995027300d5f" "2457f7a20c43547aeddbae6e")); BOOST_CHECK(detsigc == ParseHex("209ffc56b38fbfc0e3eb2c42dff99d2375982449f35019c1b3d56" "ca62bef187c5103e483a0ad481eaacc224fef4ee2995027300d5f" "2457f7a20c43547aeddbae6e")); // Schnorr BOOST_CHECK(key1.SignSchnorr(hashMsg, detsig)); BOOST_CHECK(key1C.SignSchnorr(hashMsg, detsigc)); BOOST_CHECK(detsig == detsigc); BOOST_CHECK(detsig == ParseHex("2c56731ac2f7a7e7f11518fc7722a166b02438924ca9d8b4d1113" "47b81d0717571846de67ad3d913a8fdf9d8f3f73161a4c48ae81c" "b183b214765feb86e255ce")); BOOST_CHECK(key2.SignSchnorr(hashMsg, detsig)); BOOST_CHECK(key2C.SignSchnorr(hashMsg, detsigc)); BOOST_CHECK(detsig == detsigc); BOOST_CHECK(detsig == ParseHex("e7167ae0afbba6019b4c7fcfe6de79165d555e8295bd72da1b8aa" "1a5b54305880517cace1bcb0cb515e2eeaffd49f1e4dd49fd7282" "6b4b1573c84da49a38405d")); } BOOST_AUTO_TEST_CASE(key_signature_tests) { // When entropy is specified, we should see at least one high R signature // within 20 signatures CKey key = DecodeSecret(strSecret1); std::string msg = "A message to be signed"; uint256 msg_hash = Hash(msg); std::vector sig; bool found = false; for (int i = 1; i <= 20; ++i) { sig.clear(); BOOST_CHECK(key.SignECDSA(msg_hash, sig, false, i)); found = sig[3] == 0x21 && sig[4] == 0x00; if (found) { break; } } BOOST_CHECK(found); // When entropy is not specified, we should always see low R signatures that // are less than 70 bytes in 256 tries We should see at least one signature // that is less than 70 bytes. found = true; bool found_small = false; for (int i = 0; i < 256; ++i) { sig.clear(); msg = "A message to be signed" + ToString(i); msg_hash = Hash(msg); BOOST_CHECK(key.SignECDSA(msg_hash, sig)); found = sig[3] == 0x20; BOOST_CHECK(sig.size() <= 70); found_small |= sig.size() < 70; } BOOST_CHECK(found); BOOST_CHECK(found_small); } BOOST_AUTO_TEST_CASE(key_key_negation) { // create a dummy hash for signature comparison uint8_t rnd[8]; std::string str = "Bitcoin key verification\n"; GetRandBytes(rnd, sizeof(rnd)); uint256 hash; CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash); // import the static test key CKey key = DecodeSecret(strSecret1C); // create a signature std::vector vch_sig; std::vector vch_sig_cmp; key.SignECDSA(hash, vch_sig); // negate the key twice BOOST_CHECK(key.GetPubKey().data()[0] == 0x03); key.Negate(); // after the first negation, the signature must be different key.SignECDSA(hash, vch_sig_cmp); BOOST_CHECK(vch_sig_cmp != vch_sig); BOOST_CHECK(key.GetPubKey().data()[0] == 0x02); key.Negate(); // after the second negation, we should have the original key and thus the // same signature key.SignECDSA(hash, vch_sig_cmp); BOOST_CHECK(vch_sig_cmp == vch_sig); BOOST_CHECK(key.GetPubKey().data()[0] == 0x03); } +static CPubKey UnserializePubkey(const std::vector &data) { + CDataStream stream{SER_NETWORK, INIT_PROTO_VERSION}; + stream << data; + CPubKey pubkey; + stream >> pubkey; + return pubkey; +} + +static unsigned int GetLen(uint8_t chHeader) { + if (chHeader == 2 || chHeader == 3) { + return CPubKey::COMPRESSED_SIZE; + } + if (chHeader == 4 || chHeader == 6 || chHeader == 7) { + return CPubKey::SIZE; + } + return 0; +} + +static void CmpSerializationPubkey(const CPubKey &pubkey) { + CDataStream stream{SER_NETWORK, INIT_PROTO_VERSION}; + stream << pubkey; + CPubKey pubkey2; + stream >> pubkey2; + BOOST_CHECK(pubkey == pubkey2); +} + +BOOST_AUTO_TEST_CASE(pubkey_unserialize) { + for (uint8_t i = 2; i <= 7; ++i) { + CPubKey key = UnserializePubkey({0x02}); + BOOST_CHECK(!key.IsValid()); + CmpSerializationPubkey(key); + key = UnserializePubkey(std::vector(GetLen(i), i)); + CmpSerializationPubkey(key); + if (i == 5) { + BOOST_CHECK(!key.IsValid()); + } else { + BOOST_CHECK(key.IsValid()); + } + } +} + BOOST_AUTO_TEST_SUITE_END()