Bitcoin Core  27.99.0
P2P Digital Currency
key_tests.cpp
Go to the documentation of this file.
1 // Copyright (c) 2012-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <key.h>
6 
7 #include <common/system.h>
8 #include <key_io.h>
9 #include <streams.h>
10 #include <test/util/random.h>
11 #include <test/util/setup_common.h>
12 #include <uint256.h>
13 #include <util/strencodings.h>
14 #include <util/string.h>
15 
16 #include <string>
17 #include <vector>
18 
19 #include <boost/test/unit_test.hpp>
20 
21 static const std::string strSecret1 = "5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj";
22 static const std::string strSecret2 = "5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3";
23 static const std::string strSecret1C = "Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw";
24 static const std::string strSecret2C = "L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g";
25 static const std::string addr1 = "1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ";
26 static const std::string addr2 = "1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ";
27 static const std::string addr1C = "1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs";
28 static const std::string addr2C = "1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs";
29 
30 static const std::string strAddressBad = "1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF";
31 
32 
33 BOOST_FIXTURE_TEST_SUITE(key_tests, BasicTestingSetup)
34 
35 BOOST_AUTO_TEST_CASE(key_test1)
36 {
37  CKey key1 = DecodeSecret(strSecret1);
38  BOOST_CHECK(key1.IsValid() && !key1.IsCompressed());
39  CKey key2 = DecodeSecret(strSecret2);
40  BOOST_CHECK(key2.IsValid() && !key2.IsCompressed());
41  CKey key1C = DecodeSecret(strSecret1C);
42  BOOST_CHECK(key1C.IsValid() && key1C.IsCompressed());
43  CKey key2C = DecodeSecret(strSecret2C);
44  BOOST_CHECK(key2C.IsValid() && key2C.IsCompressed());
45  CKey bad_key = DecodeSecret(strAddressBad);
46  BOOST_CHECK(!bad_key.IsValid());
47 
48  CPubKey pubkey1 = key1. GetPubKey();
49  CPubKey pubkey2 = key2. GetPubKey();
50  CPubKey pubkey1C = key1C.GetPubKey();
51  CPubKey pubkey2C = key2C.GetPubKey();
52 
53  BOOST_CHECK(key1.VerifyPubKey(pubkey1));
54  BOOST_CHECK(!key1.VerifyPubKey(pubkey1C));
55  BOOST_CHECK(!key1.VerifyPubKey(pubkey2));
56  BOOST_CHECK(!key1.VerifyPubKey(pubkey2C));
57 
58  BOOST_CHECK(!key1C.VerifyPubKey(pubkey1));
59  BOOST_CHECK(key1C.VerifyPubKey(pubkey1C));
60  BOOST_CHECK(!key1C.VerifyPubKey(pubkey2));
61  BOOST_CHECK(!key1C.VerifyPubKey(pubkey2C));
62 
63  BOOST_CHECK(!key2.VerifyPubKey(pubkey1));
64  BOOST_CHECK(!key2.VerifyPubKey(pubkey1C));
65  BOOST_CHECK(key2.VerifyPubKey(pubkey2));
66  BOOST_CHECK(!key2.VerifyPubKey(pubkey2C));
67 
68  BOOST_CHECK(!key2C.VerifyPubKey(pubkey1));
69  BOOST_CHECK(!key2C.VerifyPubKey(pubkey1C));
70  BOOST_CHECK(!key2C.VerifyPubKey(pubkey2));
71  BOOST_CHECK(key2C.VerifyPubKey(pubkey2C));
72 
73  BOOST_CHECK(DecodeDestination(addr1) == CTxDestination(PKHash(pubkey1)));
74  BOOST_CHECK(DecodeDestination(addr2) == CTxDestination(PKHash(pubkey2)));
75  BOOST_CHECK(DecodeDestination(addr1C) == CTxDestination(PKHash(pubkey1C)));
76  BOOST_CHECK(DecodeDestination(addr2C) == CTxDestination(PKHash(pubkey2C)));
77 
78  for (int n=0; n<16; n++)
79  {
80  std::string strMsg = strprintf("Very secret message %i: 11", n);
81  uint256 hashMsg = Hash(strMsg);
82 
83  // normal signatures
84 
85  std::vector<unsigned char> sign1, sign2, sign1C, sign2C;
86 
87  BOOST_CHECK(key1.Sign (hashMsg, sign1));
88  BOOST_CHECK(key2.Sign (hashMsg, sign2));
89  BOOST_CHECK(key1C.Sign(hashMsg, sign1C));
90  BOOST_CHECK(key2C.Sign(hashMsg, sign2C));
91 
92  BOOST_CHECK( pubkey1.Verify(hashMsg, sign1));
93  BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2));
94  BOOST_CHECK( pubkey1.Verify(hashMsg, sign1C));
95  BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2C));
96 
97  BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1));
98  BOOST_CHECK( pubkey2.Verify(hashMsg, sign2));
99  BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1C));
100  BOOST_CHECK( pubkey2.Verify(hashMsg, sign2C));
101 
102  BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1));
103  BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2));
104  BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1C));
105  BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2C));
106 
107  BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1));
108  BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2));
109  BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1C));
110  BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2C));
111 
112  // compact signatures (with key recovery)
113 
114  std::vector<unsigned char> csign1, csign2, csign1C, csign2C;
115 
116  BOOST_CHECK(key1.SignCompact (hashMsg, csign1));
117  BOOST_CHECK(key2.SignCompact (hashMsg, csign2));
118  BOOST_CHECK(key1C.SignCompact(hashMsg, csign1C));
119  BOOST_CHECK(key2C.SignCompact(hashMsg, csign2C));
120 
121  CPubKey rkey1, rkey2, rkey1C, rkey2C;
122 
123  BOOST_CHECK(rkey1.RecoverCompact (hashMsg, csign1));
124  BOOST_CHECK(rkey2.RecoverCompact (hashMsg, csign2));
125  BOOST_CHECK(rkey1C.RecoverCompact(hashMsg, csign1C));
126  BOOST_CHECK(rkey2C.RecoverCompact(hashMsg, csign2C));
127 
128  BOOST_CHECK(rkey1 == pubkey1);
129  BOOST_CHECK(rkey2 == pubkey2);
130  BOOST_CHECK(rkey1C == pubkey1C);
131  BOOST_CHECK(rkey2C == pubkey2C);
132  }
133 
134  // test deterministic signing
135 
136  std::vector<unsigned char> detsig, detsigc;
137  std::string strMsg = "Very deterministic message";
138  uint256 hashMsg = Hash(strMsg);
139  BOOST_CHECK(key1.Sign(hashMsg, detsig));
140  BOOST_CHECK(key1C.Sign(hashMsg, detsigc));
141  BOOST_CHECK(detsig == detsigc);
142  BOOST_CHECK(detsig == ParseHex("304402205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d022014ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
143  BOOST_CHECK(key2.Sign(hashMsg, detsig));
144  BOOST_CHECK(key2C.Sign(hashMsg, detsigc));
145  BOOST_CHECK(detsig == detsigc);
146  BOOST_CHECK(detsig == ParseHex("3044022052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd5022061d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
147  BOOST_CHECK(key1.SignCompact(hashMsg, detsig));
148  BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc));
149  BOOST_CHECK(detsig == ParseHex("1c5dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
150  BOOST_CHECK(detsigc == ParseHex("205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
151  BOOST_CHECK(key2.SignCompact(hashMsg, detsig));
152  BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc));
153  BOOST_CHECK(detsig == ParseHex("1c52d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
154  BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
155 }
156 
157 BOOST_AUTO_TEST_CASE(key_signature_tests)
158 {
159  // When entropy is specified, we should see at least one high R signature within 20 signatures
160  CKey key = DecodeSecret(strSecret1);
161  std::string msg = "A message to be signed";
162  uint256 msg_hash = Hash(msg);
163  std::vector<unsigned char> sig;
164  bool found = false;
165 
166  for (int i = 1; i <=20; ++i) {
167  sig.clear();
168  BOOST_CHECK(key.Sign(msg_hash, sig, false, i));
169  found = sig[3] == 0x21 && sig[4] == 0x00;
170  if (found) {
171  break;
172  }
173  }
174  BOOST_CHECK(found);
175 
176  // When entropy is not specified, we should always see low R signatures that are less than or equal to 70 bytes in 256 tries
177  // The low R signatures should always have the value of their "length of R" byte less than or equal to 32
178  // We should see at least one signature that is less than 70 bytes.
179  bool found_small = false;
180  bool found_big = false;
181  bool bad_sign = false;
182  for (int i = 0; i < 256; ++i) {
183  sig.clear();
184  std::string msg = "A message to be signed" + ToString(i);
185  msg_hash = Hash(msg);
186  if (!key.Sign(msg_hash, sig)) {
187  bad_sign = true;
188  break;
189  }
190  // sig.size() > 70 implies sig[3] > 32, because S is always low.
191  // But check both conditions anyway, just in case this implication is broken for some reason
192  if (sig[3] > 32 || sig.size() > 70) {
193  found_big = true;
194  break;
195  }
196  found_small |= sig.size() < 70;
197  }
198  BOOST_CHECK(!bad_sign);
199  BOOST_CHECK(!found_big);
200  BOOST_CHECK(found_small);
201 }
202 
203 BOOST_AUTO_TEST_CASE(key_key_negation)
204 {
205  // create a dummy hash for signature comparison
206  unsigned char rnd[8];
207  std::string str = "Bitcoin key verification\n";
208  GetRandBytes(rnd);
209  uint256 hash{Hash(str, rnd)};
210 
211  // import the static test key
212  CKey key = DecodeSecret(strSecret1C);
213 
214  // create a signature
215  std::vector<unsigned char> vch_sig;
216  std::vector<unsigned char> vch_sig_cmp;
217  key.Sign(hash, vch_sig);
218 
219  // negate the key twice
220  BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
221  key.Negate();
222  // after the first negation, the signature must be different
223  key.Sign(hash, vch_sig_cmp);
224  BOOST_CHECK(vch_sig_cmp != vch_sig);
225  BOOST_CHECK(key.GetPubKey().data()[0] == 0x02);
226  key.Negate();
227  // after the second negation, we should have the original key and thus the
228  // same signature
229  key.Sign(hash, vch_sig_cmp);
230  BOOST_CHECK(vch_sig_cmp == vch_sig);
231  BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
232 }
233 
234 static CPubKey UnserializePubkey(const std::vector<uint8_t>& data)
235 {
236  DataStream stream{};
237  stream << data;
238  CPubKey pubkey;
239  stream >> pubkey;
240  return pubkey;
241 }
242 
243 static unsigned int GetLen(unsigned char chHeader)
244 {
245  if (chHeader == 2 || chHeader == 3)
246  return CPubKey::COMPRESSED_SIZE;
247  if (chHeader == 4 || chHeader == 6 || chHeader == 7)
248  return CPubKey::SIZE;
249  return 0;
250 }
251 
252 static void CmpSerializationPubkey(const CPubKey& pubkey)
253 {
254  DataStream stream{};
255  stream << pubkey;
256  CPubKey pubkey2;
257  stream >> pubkey2;
258  BOOST_CHECK(pubkey == pubkey2);
259 }
260 
261 BOOST_AUTO_TEST_CASE(pubkey_unserialize)
262 {
263  for (uint8_t i = 2; i <= 7; ++i) {
264  CPubKey key = UnserializePubkey({0x02});
265  BOOST_CHECK(!key.IsValid());
266  CmpSerializationPubkey(key);
267  key = UnserializePubkey(std::vector<uint8_t>(GetLen(i), i));
268  CmpSerializationPubkey(key);
269  if (i == 5) {
270  BOOST_CHECK(!key.IsValid());
271  } else {
272  BOOST_CHECK(key.IsValid());
273  }
274  }
275 }
276 
277 BOOST_AUTO_TEST_CASE(bip340_test_vectors)
278 {
279  static const std::vector<std::pair<std::array<std::string, 3>, bool>> VECTORS = {
280  {{"F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}, true},
281  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}, true},
282  {{"DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}, true},
283  {{"25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}, true},
284  {{"D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9", "4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703", "00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4"}, true},
285  {{"EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
286  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2"}, false},
287  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD"}, false},
288  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6"}, false},
289  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051"}, false},
290  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197"}, false},
291  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
292  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
293  {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"}, false},
294  {{"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false}
295  };
296 
297  for (const auto& test : VECTORS) {
298  auto pubkey = ParseHex(test.first[0]);
299  auto msg = ParseHex(test.first[1]);
300  auto sig = ParseHex(test.first[2]);
301  BOOST_CHECK_EQUAL(XOnlyPubKey(pubkey).VerifySchnorr(uint256(msg), sig), test.second);
302  }
303 
304  static const std::vector<std::array<std::string, 5>> SIGN_VECTORS = {
305  {{"0000000000000000000000000000000000000000000000000000000000000003", "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}},
306  {{"B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF", "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "0000000000000000000000000000000000000000000000000000000000000001", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}},
307  {{"C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9", "DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}},
308  {{"0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710", "25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}},
309  };
310 
311  for (const auto& [sec_hex, pub_hex, aux_hex, msg_hex, sig_hex] : SIGN_VECTORS) {
312  auto sec = ParseHex(sec_hex);
313  auto pub = ParseHex(pub_hex);
314  uint256 aux256(ParseHex(aux_hex));
315  uint256 msg256(ParseHex(msg_hex));
316  auto sig = ParseHex(sig_hex);
317  unsigned char sig64[64];
318 
319  // Run the untweaked test vectors above, comparing with exact expected signature.
320  CKey key;
321  key.Set(sec.begin(), sec.end(), true);
322  XOnlyPubKey pubkey(key.GetPubKey());
323  BOOST_CHECK(std::equal(pubkey.begin(), pubkey.end(), pub.begin(), pub.end()));
324  bool ok = key.SignSchnorr(msg256, sig64, nullptr, aux256);
325  BOOST_CHECK(ok);
326  BOOST_CHECK(std::vector<unsigned char>(sig64, sig64 + 64) == sig);
327  // Verify those signatures for good measure.
328  BOOST_CHECK(pubkey.VerifySchnorr(msg256, sig64));
329 
330  // Do 10 iterations where we sign with a random Merkle root to tweak,
331  // and compare against the resulting tweaked keys, with random aux.
332  // In iteration i=0 we tweak with empty Merkle tree.
333  for (int i = 0; i < 10; ++i) {
334  uint256 merkle_root;
335  if (i) merkle_root = InsecureRand256();
336  auto tweaked = pubkey.CreateTapTweak(i ? &merkle_root : nullptr);
337  BOOST_CHECK(tweaked);
338  XOnlyPubKey tweaked_key = tweaked->first;
339  aux256 = InsecureRand256();
340  bool ok = key.SignSchnorr(msg256, sig64, &merkle_root, aux256);
341  BOOST_CHECK(ok);
342  BOOST_CHECK(tweaked_key.VerifySchnorr(msg256, sig64));
343  }
344  }
345 }
346 
347 BOOST_AUTO_TEST_CASE(key_ellswift)
348 {
349  for (const auto& secret : {strSecret1, strSecret2, strSecret1C, strSecret2C}) {
350  CKey key = DecodeSecret(secret);
351  BOOST_CHECK(key.IsValid());
352 
353  uint256 ent32 = InsecureRand256();
354  auto ellswift = key.EllSwiftCreate(AsBytes(Span{ent32}));
355 
356  CPubKey decoded_pubkey = ellswift.Decode();
357  if (!key.IsCompressed()) {
358  // The decoding constructor returns a compressed pubkey. If the
359  // original was uncompressed, we must decompress the decoded one
360  // to compare.
361  decoded_pubkey.Decompress();
362  }
363  BOOST_CHECK(key.GetPubKey() == decoded_pubkey);
364  }
365 }
366 
367 BOOST_AUTO_TEST_SUITE_END()
CTxDestination
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:131
CKey
An encapsulated private key.
Definition: key.h:33
CKey::SignSchnorr
bool SignSchnorr(const uint256 &hash, Span< unsigned char > sig, const uint256 *merkle_root, const uint256 &aux) const
Create a BIP-340 Schnorr signature, for the xonly-pubkey corresponding to *this, optionally tweaked b...
Definition: key.cpp:278
CKey::Negate
bool Negate()
Negate private key.
Definition: key.cpp:169
CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:119
CKey::Sign
bool Sign(const uint256 &hash, std::vector< unsigned char > &vchSig, bool grind=true, uint32_t test_case=0) const
Create a DER-serialized signature.
Definition: key.cpp:214
CKey::IsCompressed
bool IsCompressed() const
Check whether the public key corresponding to this private key is (to be) compressed.
Definition: key.h:122
CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:188
CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:99
CKey::VerifyPubKey
bool VerifyPubKey(const CPubKey &vchPubKey) const
Verify thoroughly whether a private key and a public key match.
Definition: key.cpp:242
CKey::EllSwiftCreate
EllSwiftPubKey EllSwiftCreate(Span< const std::byte > entropy) const
Create an ellswift-encoded public key for this key, with specified entropy.
Definition: key.cpp:336
CKey::SignCompact
bool SignCompact(const uint256 &hash, std::vector< unsigned char > &vchSig) const
Create a compact signature (65 bytes), which allows reconstructing the used public key.
Definition: key.cpp:255
CPubKey
An encapsulated public key.
Definition: pubkey.h:34
CPubKey::RecoverCompact
bool RecoverCompact(const uint256 &hash, const std::vector< unsigned char > &vchSig)
Recover a public key from a compact signature.
Definition: pubkey.cpp:284
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:189
CPubKey::Decompress
bool Decompress()
Turn this public key into an uncompressed public key.
Definition: pubkey.cpp:311
CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:267
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
CPubKey::data
const unsigned char * data() const
Definition: pubkey.h:113
DataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:147
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:98
XOnlyPubKey::CreateTapTweak
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak(const uint256 *merkle_root) const
Construct a Taproot tweaked output point with this point as internal key.
Definition: pubkey.cpp:249
XOnlyPubKey::begin
const unsigned char * begin() const
Definition: pubkey.h:290
XOnlyPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &msg, Span< const unsigned char > sigbytes) const
Verify a Schnorr signature against this public key.
Definition: pubkey.cpp:220
XOnlyPubKey::end
const unsigned char * end() const
Definition: pubkey.h:291
uint256
256-bit opaque blob.
Definition: uint256.h:106
BOOST_AUTO_TEST_SUITE_END
BOOST_AUTO_TEST_SUITE_END()
Hash
uint256 Hash(const T &in1)
Compute the 256-bit hash of an object.
Definition: hash.h:75
DecodeDestination
CTxDestination DecodeDestination(const std::string &str, std::string &error_msg, std::vector< int > *error_locations)
Definition: key_io.cpp:292
DecodeSecret
CKey DecodeSecret(const std::string &str)
Definition: key_io.cpp:209
key_io.h
strSecret2
static const std::string strSecret2
Definition: key_tests.cpp:22
GetLen
static unsigned int GetLen(unsigned char chHeader)
Definition: key_tests.cpp:243
addr1
static const std::string addr1
Definition: key_tests.cpp:25
strSecret2C
static const std::string strSecret2C
Definition: key_tests.cpp:24
CmpSerializationPubkey
static void CmpSerializationPubkey(const CPubKey &pubkey)
Definition: key_tests.cpp:252
addr2C
static const std::string addr2C
Definition: key_tests.cpp:28
UnserializePubkey
static CPubKey UnserializePubkey(const std::vector< uint8_t > &data)
Definition: key_tests.cpp:234
addr1C
static const std::string addr1C
Definition: key_tests.cpp:27
strSecret1
static const std::string strSecret1
Definition: key_tests.cpp:21
strSecret1C
static const std::string strSecret1C
Definition: key_tests.cpp:23
addr2
static const std::string addr2
Definition: key_tests.cpp:26
BOOST_AUTO_TEST_CASE
BOOST_AUTO_TEST_CASE(key_test1)
Definition: key_tests.cpp:35
strAddressBad
static const std::string strAddressBad
Definition: key_tests.cpp:30
tests_wycheproof_generate.msg
def msg
Definition: tests_wycheproof_generate.py:56
BOOST_CHECK_EQUAL
#define BOOST_CHECK_EQUAL(v1, v2)
Definition: object.cpp:18
BOOST_CHECK
#define BOOST_CHECK(expr)
Definition: object.cpp:17
GetRandBytes
void GetRandBytes(Span< unsigned char > bytes) noexcept
Overall design of the RNG and entropy sources.
Definition: random.cpp:638
setup_common.h
GetPubKey
static bool GetPubKey(const SigningProvider &provider, const SignatureData &sigdata, const CKeyID &address, CPubKey &pubkey)
Definition: sign.cpp:109
AsBytes
Span< const std::byte > AsBytes(Span< T > s) noexcept
Definition: span.h:266
ParseHex
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
Definition: strencodings.h:65
ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition: string.h:110
BasicTestingSetup
Basic testing setup.
Definition: setup_common.h:52
InsecureRand256
static uint256 InsecureRand256()
Definition: random.h:50
strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1162
Generated on Fri Apr 19 2024 20:02:39 for Bitcoin Core by doxygen 1.9.1