示例#1
0
// Use our actual hashing algorithm here.
func TestSignaturesAndRecovery(t *testing.T) {
	curve := secp256k1.S256()
	r := rand.New(rand.NewSource(54321))

	numSigs := 128
	sigList := randSigList(curve, numSigs)

	for _, tv := range sigList {
		pubkey := tv.pubkey
		sig := tv.sig

		// Make sure we can verify the original signature.
		_, err := schnorrVerify(curve, sig.Serialize(), pubkey, tv.msg,
			chainhash.HashFuncB)
		assert.NoError(t, err)

		ok := Verify(curve, pubkey, tv.msg, sig.R, sig.S)
		assert.Equal(t, true, ok)

		// See if we can recover the public keys OK.
		var pkRecover *secp256k1.PublicKey
		pkRecover, _, err = schnorrRecover(curve, sig.Serialize(), tv.msg,
			chainhash.HashFuncB)
		assert.NoError(t, err)
		if err == nil {
			assert.Equal(t, pubkey.Serialize(), pkRecover.Serialize())
		}

		// Screw up the signature at some random bits and make sure
		// that breaks it.
		numBadBits := r.Intn(2)
		sigBad := sig.Serialize()
		// (numBadBits*2)+1 --> always odd so at least one bit is different
		for i := 0; i < (numBadBits*2)+1; i++ {
			pos := r.Intn(63)
			bitPos := r.Intn(7)
			sigBad[pos] ^= 1 << uint8(bitPos)
		}
		_, err = schnorrVerify(curve, sigBad, pubkey, tv.msg,
			chainhash.HashFuncB)
		assert.Error(t, err)

		// Make sure it breaks pubkey recovery too.
		valid := false
		pkRecover, valid, err = schnorrRecover(curve, sigBad, tv.msg,
			testSchnorrHash)
		if valid {
			assert.NotEqual(t, pubkey.Serialize(), pkRecover.Serialize())
		} else {
			assert.Error(t, err)
		}
	}
}
示例#2
0
func TestSchnorrSigning(t *testing.T) {
	tRand := rand.New(rand.NewSource(54321))
	curve := secp256k1.S256()
	tvs := GetSigningTestVectors()
	for _, tv := range tvs {
		_, pubkey := secp256k1.PrivKeyFromBytes(curve, tv.priv)

		sig, err :=
			schnorrSign(curve, tv.msg, tv.priv, tv.nonce, nil, nil,
				testSchnorrHash)

		assert.NoError(t, err)
		assert.Equal(t, sig.Serialize(), tv.sig)

		// Make sure they verify too while we're at it.
		_, err = schnorrVerify(curve, sig.Serialize(), pubkey, tv.msg,
			testSchnorrHash)
		assert.NoError(t, err)

		// See if we can recover the public keys OK.
		var pkRecover *secp256k1.PublicKey
		pkRecover, _, err = schnorrRecover(curve, sig.Serialize(), tv.msg,
			testSchnorrHash)
		assert.NoError(t, err)
		if err == nil {
			assert.Equal(t, pubkey.Serialize(), pkRecover.Serialize())
		}

		// Screw up the signature at a random bit and make sure that breaks it.
		sigBad := sig.Serialize()
		pos := tRand.Intn(63)
		bitPos := tRand.Intn(7)
		sigBad[pos] ^= 1 << uint8(bitPos)
		_, err = schnorrVerify(curve, sigBad, pubkey, tv.msg,
			testSchnorrHash)
		assert.Error(t, err)

		// Make sure it breaks pubkey recovery too.
		valid := false
		pkRecover, valid, err = schnorrRecover(curve, sigBad, tv.msg,
			testSchnorrHash)
		if valid {
			assert.NotEqual(t, pubkey.Serialize(), pkRecover.Serialize())
		} else {
			assert.Error(t, err)
		}
	}
}