Bitcoin Core  22.99.0
P2P Digital Currency
key_tests.cpp
Go to the documentation of this file.
1 // Copyright (c) 2012-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <key.h>
6 
7 #include <key_io.h>
8 #include <streams.h>
10 #include <uint256.h>
11 #include <util/strencodings.h>
12 #include <util/string.h>
13 #include <util/system.h>
14 
15 #include <string>
16 #include <vector>
17 
18 #include <boost/test/unit_test.hpp>
19 
20 static const std::string strSecret1 = "5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj";
21 static const std::string strSecret2 = "5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3";
22 static const std::string strSecret1C = "Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw";
23 static const std::string strSecret2C = "L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g";
24 static const std::string addr1 = "1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ";
25 static const std::string addr2 = "1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ";
26 static const std::string addr1C = "1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs";
27 static const std::string addr2C = "1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs";
28 
29 static const std::string strAddressBad = "1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF";
30 
31 
33 
35 {
37  BOOST_CHECK(key1.IsValid() && !key1.IsCompressed());
39  BOOST_CHECK(key2.IsValid() && !key2.IsCompressed());
40  CKey key1C = DecodeSecret(strSecret1C);
41  BOOST_CHECK(key1C.IsValid() && key1C.IsCompressed());
42  CKey key2C = DecodeSecret(strSecret2C);
43  BOOST_CHECK(key2C.IsValid() && key2C.IsCompressed());
44  CKey bad_key = DecodeSecret(strAddressBad);
45  BOOST_CHECK(!bad_key.IsValid());
46 
47  CPubKey pubkey1 = key1. GetPubKey();
48  CPubKey pubkey2 = key2. GetPubKey();
49  CPubKey pubkey1C = key1C.GetPubKey();
50  CPubKey pubkey2C = key2C.GetPubKey();
51 
52  BOOST_CHECK(key1.VerifyPubKey(pubkey1));
53  BOOST_CHECK(!key1.VerifyPubKey(pubkey1C));
54  BOOST_CHECK(!key1.VerifyPubKey(pubkey2));
55  BOOST_CHECK(!key1.VerifyPubKey(pubkey2C));
56 
57  BOOST_CHECK(!key1C.VerifyPubKey(pubkey1));
58  BOOST_CHECK(key1C.VerifyPubKey(pubkey1C));
59  BOOST_CHECK(!key1C.VerifyPubKey(pubkey2));
60  BOOST_CHECK(!key1C.VerifyPubKey(pubkey2C));
61 
62  BOOST_CHECK(!key2.VerifyPubKey(pubkey1));
63  BOOST_CHECK(!key2.VerifyPubKey(pubkey1C));
64  BOOST_CHECK(key2.VerifyPubKey(pubkey2));
65  BOOST_CHECK(!key2.VerifyPubKey(pubkey2C));
66 
67  BOOST_CHECK(!key2C.VerifyPubKey(pubkey1));
68  BOOST_CHECK(!key2C.VerifyPubKey(pubkey1C));
69  BOOST_CHECK(!key2C.VerifyPubKey(pubkey2));
70  BOOST_CHECK(key2C.VerifyPubKey(pubkey2C));
71 
76 
77  for (int n=0; n<16; n++)
78  {
79  std::string strMsg = strprintf("Very secret message %i: 11", n);
80  uint256 hashMsg = Hash(strMsg);
81 
82  // normal signatures
83 
84  std::vector<unsigned char> sign1, sign2, sign1C, sign2C;
85 
86  BOOST_CHECK(key1.Sign (hashMsg, sign1));
87  BOOST_CHECK(key2.Sign (hashMsg, sign2));
88  BOOST_CHECK(key1C.Sign(hashMsg, sign1C));
89  BOOST_CHECK(key2C.Sign(hashMsg, sign2C));
90 
91  BOOST_CHECK( pubkey1.Verify(hashMsg, sign1));
92  BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2));
93  BOOST_CHECK( pubkey1.Verify(hashMsg, sign1C));
94  BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2C));
95 
96  BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1));
97  BOOST_CHECK( pubkey2.Verify(hashMsg, sign2));
98  BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1C));
99  BOOST_CHECK( pubkey2.Verify(hashMsg, sign2C));
100 
101  BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1));
102  BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2));
103  BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1C));
104  BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2C));
105 
106  BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1));
107  BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2));
108  BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1C));
109  BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2C));
110 
111  // compact signatures (with key recovery)
112 
113  std::vector<unsigned char> csign1, csign2, csign1C, csign2C;
114 
115  BOOST_CHECK(key1.SignCompact (hashMsg, csign1));
116  BOOST_CHECK(key2.SignCompact (hashMsg, csign2));
117  BOOST_CHECK(key1C.SignCompact(hashMsg, csign1C));
118  BOOST_CHECK(key2C.SignCompact(hashMsg, csign2C));
119 
120  CPubKey rkey1, rkey2, rkey1C, rkey2C;
121 
122  BOOST_CHECK(rkey1.RecoverCompact (hashMsg, csign1));
123  BOOST_CHECK(rkey2.RecoverCompact (hashMsg, csign2));
124  BOOST_CHECK(rkey1C.RecoverCompact(hashMsg, csign1C));
125  BOOST_CHECK(rkey2C.RecoverCompact(hashMsg, csign2C));
126 
127  BOOST_CHECK(rkey1 == pubkey1);
128  BOOST_CHECK(rkey2 == pubkey2);
129  BOOST_CHECK(rkey1C == pubkey1C);
130  BOOST_CHECK(rkey2C == pubkey2C);
131  }
132 
133  // test deterministic signing
134 
135  std::vector<unsigned char> detsig, detsigc;
136  std::string strMsg = "Very deterministic message";
137  uint256 hashMsg = Hash(strMsg);
138  BOOST_CHECK(key1.Sign(hashMsg, detsig));
139  BOOST_CHECK(key1C.Sign(hashMsg, detsigc));
140  BOOST_CHECK(detsig == detsigc);
141  BOOST_CHECK(detsig == ParseHex("304402205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d022014ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
142  BOOST_CHECK(key2.Sign(hashMsg, detsig));
143  BOOST_CHECK(key2C.Sign(hashMsg, detsigc));
144  BOOST_CHECK(detsig == detsigc);
145  BOOST_CHECK(detsig == ParseHex("3044022052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd5022061d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
146  BOOST_CHECK(key1.SignCompact(hashMsg, detsig));
147  BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc));
148  BOOST_CHECK(detsig == ParseHex("1c5dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
149  BOOST_CHECK(detsigc == ParseHex("205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
150  BOOST_CHECK(key2.SignCompact(hashMsg, detsig));
151  BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc));
152  BOOST_CHECK(detsig == ParseHex("1c52d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
153  BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
154 }
155 
156 BOOST_AUTO_TEST_CASE(key_signature_tests)
157 {
158  // When entropy is specified, we should see at least one high R signature within 20 signatures
160  std::string msg = "A message to be signed";
161  uint256 msg_hash = Hash(msg);
162  std::vector<unsigned char> sig;
163  bool found = false;
164 
165  for (int i = 1; i <=20; ++i) {
166  sig.clear();
167  BOOST_CHECK(key.Sign(msg_hash, sig, false, i));
168  found = sig[3] == 0x21 && sig[4] == 0x00;
169  if (found) {
170  break;
171  }
172  }
173  BOOST_CHECK(found);
174 
175  // When entropy is not specified, we should always see low R signatures that are less than or equal to 70 bytes in 256 tries
176  // The low R signatures should always have the value of their "length of R" byte less than or equal to 32
177  // We should see at least one signature that is less than 70 bytes.
178  bool found_small = false;
179  bool found_big = false;
180  bool bad_sign = false;
181  for (int i = 0; i < 256; ++i) {
182  sig.clear();
183  std::string msg = "A message to be signed" + ToString(i);
184  msg_hash = Hash(msg);
185  if (!key.Sign(msg_hash, sig)) {
186  bad_sign = true;
187  break;
188  }
189  // sig.size() > 70 implies sig[3] > 32, because S is always low.
190  // But check both conditions anyway, just in case this implication is broken for some reason
191  if (sig[3] > 32 || sig.size() > 70) {
192  found_big = true;
193  break;
194  }
195  found_small |= sig.size() < 70;
196  }
197  BOOST_CHECK(!bad_sign);
198  BOOST_CHECK(!found_big);
199  BOOST_CHECK(found_small);
200 }
201 
202 BOOST_AUTO_TEST_CASE(key_key_negation)
203 {
204  // create a dummy hash for signature comparison
205  unsigned char rnd[8];
206  std::string str = "Bitcoin key verification\n";
207  GetRandBytes(rnd, sizeof(rnd));
208  uint256 hash;
209  CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
210 
211  // import the static test key
213 
214  // create a signature
215  std::vector<unsigned char> vch_sig;
216  std::vector<unsigned char> vch_sig_cmp;
217  key.Sign(hash, vch_sig);
218 
219  // negate the key twice
220  BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
221  key.Negate();
222  // after the first negation, the signature must be different
223  key.Sign(hash, vch_sig_cmp);
224  BOOST_CHECK(vch_sig_cmp != vch_sig);
225  BOOST_CHECK(key.GetPubKey().data()[0] == 0x02);
226  key.Negate();
227  // after the second negation, we should have the original key and thus the
228  // same signature
229  key.Sign(hash, vch_sig_cmp);
230  BOOST_CHECK(vch_sig_cmp == vch_sig);
231  BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
232 }
233 
234 static CPubKey UnserializePubkey(const std::vector<uint8_t>& data)
235 {
237  stream << data;
238  CPubKey pubkey;
239  stream >> pubkey;
240  return pubkey;
241 }
242 
243 static unsigned int GetLen(unsigned char chHeader)
244 {
245  if (chHeader == 2 || chHeader == 3)
247  if (chHeader == 4 || chHeader == 6 || chHeader == 7)
248  return CPubKey::SIZE;
249  return 0;
250 }
251 
252 static void CmpSerializationPubkey(const CPubKey& pubkey)
253 {
255  stream << pubkey;
256  CPubKey pubkey2;
257  stream >> pubkey2;
258  BOOST_CHECK(pubkey == pubkey2);
259 }
260 
261 BOOST_AUTO_TEST_CASE(pubkey_unserialize)
262 {
263  for (uint8_t i = 2; i <= 7; ++i) {
264  CPubKey key = UnserializePubkey({0x02});
265  BOOST_CHECK(!key.IsValid());
267  key = UnserializePubkey(std::vector<uint8_t>(GetLen(i), i));
269  if (i == 5) {
270  BOOST_CHECK(!key.IsValid());
271  } else {
272  BOOST_CHECK(key.IsValid());
273  }
274  }
275 }
276 
277 BOOST_AUTO_TEST_CASE(bip340_test_vectors)
278 {
279  static const std::vector<std::pair<std::array<std::string, 3>, bool>> VECTORS = {
280  {{"F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}, true},
281  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}, true},
282  {{"DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}, true},
283  {{"25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}, true},
284  {{"D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9", "4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703", "00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4"}, true},
285  {{"EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
286  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2"}, false},
287  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD"}, false},
288  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6"}, false},
289  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051"}, false},
290  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197"}, false},
291  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
292  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
293  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"}, false},
294  {{"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false}
295  };
296 
297  for (const auto& test : VECTORS) {
298  auto pubkey = ParseHex(test.first[0]);
299  auto msg = ParseHex(test.first[1]);
300  auto sig = ParseHex(test.first[2]);
301  BOOST_CHECK_EQUAL(XOnlyPubKey(pubkey).VerifySchnorr(uint256(msg), sig), test.second);
302  }
303 
304  static const std::vector<std::array<std::string, 5>> SIGN_VECTORS = {
305  {{"0000000000000000000000000000000000000000000000000000000000000003", "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}},
306  {{"B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF", "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "0000000000000000000000000000000000000000000000000000000000000001", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}},
307  {{"C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9", "DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}},
308  {{"0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710", "25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}},
309  };
310 
311  for (const auto& [sec_hex, pub_hex, aux_hex, msg_hex, sig_hex] : SIGN_VECTORS) {
312  auto sec = ParseHex(sec_hex);
313  auto pub = ParseHex(pub_hex);
314  uint256 aux256(ParseHex(aux_hex));
315  uint256 msg256(ParseHex(msg_hex));
316  auto sig = ParseHex(sig_hex);
317  unsigned char sig64[64];
318 
319  // Run the untweaked test vectors above, comparing with exact expected signature.
320  CKey key;
321  key.Set(sec.begin(), sec.end(), true);
322  XOnlyPubKey pubkey(key.GetPubKey());
323  BOOST_CHECK(std::equal(pubkey.begin(), pubkey.end(), pub.begin(), pub.end()));
324  bool ok = key.SignSchnorr(msg256, sig64, nullptr, &aux256);
325  BOOST_CHECK(ok);
326  BOOST_CHECK(std::vector<unsigned char>(sig64, sig64 + 64) == sig);
327  // Verify those signatures for good measure.
328  BOOST_CHECK(pubkey.VerifySchnorr(msg256, sig64));
329 
330  // Do 10 iterations where we sign with a random Merkle root to tweak,
331  // and compare against the resulting tweaked keys, with random aux.
332  // In iteration i=0 we tweak with empty Merkle tree.
333  for (int i = 0; i < 10; ++i) {
334  uint256 merkle_root;
335  if (i) merkle_root = InsecureRand256();
336  auto tweaked = pubkey.CreateTapTweak(i ? &merkle_root : nullptr);
337  BOOST_CHECK(tweaked);
338  XOnlyPubKey tweaked_key = tweaked->first;
339  aux256 = InsecureRand256();
340  bool ok = key.SignSchnorr(msg256, sig64, &merkle_root, &aux256);
341  BOOST_CHECK(ok);
342  BOOST_CHECK(tweaked_key.VerifySchnorr(msg256, sig64));
343  }
344  }
345 }
346 
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:95
XOnlyPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:206
strSecret2
static const std::string strSecret2
Definition: key_tests.cpp:21
ParseHex
std::vector< unsigned char > ParseHex(const char *psz)
Definition: strencodings.cpp:84
ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition: string.h:87
CHash256::Write
CHash256 & Write(Span< const unsigned char > input)
Definition: hash.h:37
key_io.h
streams.h
setup_common.h
MakeUCharSpan
constexpr auto MakeUCharSpan(V &&v) -> decltype(UCharSpanCast(MakeSpan(std::forward< V >(v))))
Like MakeSpan, but for (const) unsigned char member types only.
Definition: span.h:249
string.h
BOOST_AUTO_TEST_CASE
BOOST_AUTO_TEST_CASE(key_test1)
Definition: key_tests.cpp:34
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:38
uint256.h
InsecureRand256
static uint256 InsecureRand256()
Definition: setup_common.h:66
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:73
strAddressBad
static const std::string strAddressBad
Definition: key_tests.cpp:29
CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:112
XOnlyPubKey
Definition: pubkey.h:220
BOOST_FIXTURE_TEST_SUITE
#define BOOST_FIXTURE_TEST_SUITE(a, b)
Definition: object.cpp:14
BOOST_AUTO_TEST_SUITE_END
BOOST_AUTO_TEST_SUITE_END()
strSecret2C
static const std::string strSecret2C
Definition: key_tests.cpp:23
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root=nullptr, const uint256 *aux=nullptr) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:264
XOnlyPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:278
strencodings.h
Hash
uint256 Hash(const T &in1)
Compute the 256-bit hash of an object.
Definition: hash.h:75
addr1C
static const std::string addr1C
Definition: key_tests.cpp:26
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:157
CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:253
XOnlyPubKey::end
const unsigned char * end() const
Definition: pubkey.h:279
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:249
GetRandBytes
void GetRandBytes(unsigned char *buf, int num) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:584
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:92
CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:213
CHash256::Finalize
void Finalize(Span< unsigned char > output)
Definition: hash.h:30
BasicTestingSetup
Basic testing setup.
Definition: setup_common.h:76
DecodeSecret
CKey DecodeSecret(const std::string &str)
Definition: key_io.cpp:178
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:39
uint256
256-bit opaque blob.
Definition: uint256.h:124
DecodeDestination
CTxDestination DecodeDestination(const std::string &str, std::string &error_msg)
Definition: key_io.cpp:261
strSecret1C
static const std::string strSecret1C
Definition: key_tests.cpp:22
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:187
addr1
static const std::string addr1
Definition: key_tests.cpp:24
CPubKey::RecoverCompact
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:271
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:168
system.h
PKHash
Definition: standard.h:79
strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1164
key.h
CPubKey
An encapsulated public key.
Definition: pubkey.h:32
addr2
static const std::string addr2
Definition: key_tests.cpp:25
addr2C
static const std::string addr2C
Definition: key_tests.cpp:27
CKey
An encapsulated private key.
Definition: key.h:26
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:235
strSecret1
static const std::string strSecret1
Definition: key_tests.cpp:20
CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:204
SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:138
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:24
GetLen
static unsigned int GetLen(unsigned char chHeader)
Definition: key_tests.cpp:243
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:185
UnserializePubkey
static CPubKey UnserializePubkey(const std::vector< uint8_t > &data)
Definition: key_tests.cpp:234
GetPubKey
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:104
BOOST_CHECK
#define BOOST_CHECK(expr)
Definition: object.cpp:17
CmpSerializationPubkey
static void CmpSerializationPubkey(const CPubKey &pubkey)
Definition: key_tests.cpp:252
BOOST_CHECK_EQUAL
#define BOOST_CHECK_EQUAL(v1, v2)
Definition: object.cpp:18
XOnlyPubKey::CreateTapTweak
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:235
INIT_PROTO_VERSION
static const int INIT_PROTO_VERSION
initial proto version, to be increased after version/verack negotiation
Definition: version.h:15