Branch data Line data Source code
# 1 : : // Copyright (c) 2012-2021 The Bitcoin Core developers
# 2 : : // Distributed under the MIT software license, see the accompanying
# 3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
# 4 : :
# 5 : : #include <key.h>
# 6 : :
# 7 : : #include <key_io.h>
# 8 : : #include <streams.h>
# 9 : : #include <test/util/setup_common.h>
# 10 : : #include <uint256.h>
# 11 : : #include <util/strencodings.h>
# 12 : : #include <util/string.h>
# 13 : : #include <util/system.h>
# 14 : :
# 15 : : #include <string>
# 16 : : #include <vector>
# 17 : :
# 18 : : #include <boost/test/unit_test.hpp>
# 19 : :
# 20 : : static const std::string strSecret1 = "5HxWvvfubhXpYYpS3tJkw6fq9jE9j18THftkZjHHfmFiWtmAbrj";
# 21 : : static const std::string strSecret2 = "5KC4ejrDjv152FGwP386VD1i2NYc5KkfSMyv1nGy1VGDxGHqVY3";
# 22 : : static const std::string strSecret1C = "Kwr371tjA9u2rFSMZjTNun2PXXP3WPZu2afRHTcta6KxEUdm1vEw";
# 23 : : static const std::string strSecret2C = "L3Hq7a8FEQwJkW1M2GNKDW28546Vp5miewcCzSqUD9kCAXrJdS3g";
# 24 : : static const std::string addr1 = "1QFqqMUD55ZV3PJEJZtaKCsQmjLT6JkjvJ";
# 25 : : static const std::string addr2 = "1F5y5E5FMc5YzdJtB9hLaUe43GDxEKXENJ";
# 26 : : static const std::string addr1C = "1NoJrossxPBKfCHuJXT4HadJrXRE9Fxiqs";
# 27 : : static const std::string addr2C = "1CRj2HyM1CXWzHAXLQtiGLyggNT9WQqsDs";
# 28 : :
# 29 : : static const std::string strAddressBad = "1HV9Lc3sNHZxwj4Zk6fB38tEmBryq2cBiF";
# 30 : :
# 31 : :
# 32 : : BOOST_FIXTURE_TEST_SUITE(key_tests, BasicTestingSetup)
# 33 : :
# 34 : : BOOST_AUTO_TEST_CASE(key_test1)
# 35 : 2 : {
# 36 : 2 : CKey key1 = DecodeSecret(strSecret1);
# 37 : 2 : BOOST_CHECK(key1.IsValid() && !key1.IsCompressed());
# 38 : 2 : CKey key2 = DecodeSecret(strSecret2);
# 39 : 2 : BOOST_CHECK(key2.IsValid() && !key2.IsCompressed());
# 40 : 2 : CKey key1C = DecodeSecret(strSecret1C);
# 41 : 2 : BOOST_CHECK(key1C.IsValid() && key1C.IsCompressed());
# 42 : 2 : CKey key2C = DecodeSecret(strSecret2C);
# 43 : 2 : BOOST_CHECK(key2C.IsValid() && key2C.IsCompressed());
# 44 : 2 : CKey bad_key = DecodeSecret(strAddressBad);
# 45 : 2 : BOOST_CHECK(!bad_key.IsValid());
# 46 : :
# 47 : 2 : CPubKey pubkey1 = key1. GetPubKey();
# 48 : 2 : CPubKey pubkey2 = key2. GetPubKey();
# 49 : 2 : CPubKey pubkey1C = key1C.GetPubKey();
# 50 : 2 : CPubKey pubkey2C = key2C.GetPubKey();
# 51 : :
# 52 : 2 : BOOST_CHECK(key1.VerifyPubKey(pubkey1));
# 53 : 2 : BOOST_CHECK(!key1.VerifyPubKey(pubkey1C));
# 54 : 2 : BOOST_CHECK(!key1.VerifyPubKey(pubkey2));
# 55 : 2 : BOOST_CHECK(!key1.VerifyPubKey(pubkey2C));
# 56 : :
# 57 : 2 : BOOST_CHECK(!key1C.VerifyPubKey(pubkey1));
# 58 : 2 : BOOST_CHECK(key1C.VerifyPubKey(pubkey1C));
# 59 : 2 : BOOST_CHECK(!key1C.VerifyPubKey(pubkey2));
# 60 : 2 : BOOST_CHECK(!key1C.VerifyPubKey(pubkey2C));
# 61 : :
# 62 : 2 : BOOST_CHECK(!key2.VerifyPubKey(pubkey1));
# 63 : 2 : BOOST_CHECK(!key2.VerifyPubKey(pubkey1C));
# 64 : 2 : BOOST_CHECK(key2.VerifyPubKey(pubkey2));
# 65 : 2 : BOOST_CHECK(!key2.VerifyPubKey(pubkey2C));
# 66 : :
# 67 : 2 : BOOST_CHECK(!key2C.VerifyPubKey(pubkey1));
# 68 : 2 : BOOST_CHECK(!key2C.VerifyPubKey(pubkey1C));
# 69 : 2 : BOOST_CHECK(!key2C.VerifyPubKey(pubkey2));
# 70 : 2 : BOOST_CHECK(key2C.VerifyPubKey(pubkey2C));
# 71 : :
# 72 : 2 : BOOST_CHECK(DecodeDestination(addr1) == CTxDestination(PKHash(pubkey1)));
# 73 : 2 : BOOST_CHECK(DecodeDestination(addr2) == CTxDestination(PKHash(pubkey2)));
# 74 : 2 : BOOST_CHECK(DecodeDestination(addr1C) == CTxDestination(PKHash(pubkey1C)));
# 75 : 2 : BOOST_CHECK(DecodeDestination(addr2C) == CTxDestination(PKHash(pubkey2C)));
# 76 : :
# 77 [ + + ]: 34 : for (int n=0; n<16; n++)
# 78 : 32 : {
# 79 : 32 : std::string strMsg = strprintf("Very secret message %i: 11", n);
# 80 : 32 : uint256 hashMsg = Hash(strMsg);
# 81 : :
# 82 : : // normal signatures
# 83 : :
# 84 : 32 : std::vector<unsigned char> sign1, sign2, sign1C, sign2C;
# 85 : :
# 86 : 32 : BOOST_CHECK(key1.Sign (hashMsg, sign1));
# 87 : 32 : BOOST_CHECK(key2.Sign (hashMsg, sign2));
# 88 : 32 : BOOST_CHECK(key1C.Sign(hashMsg, sign1C));
# 89 : 32 : BOOST_CHECK(key2C.Sign(hashMsg, sign2C));
# 90 : :
# 91 : 32 : BOOST_CHECK( pubkey1.Verify(hashMsg, sign1));
# 92 : 32 : BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2));
# 93 : 32 : BOOST_CHECK( pubkey1.Verify(hashMsg, sign1C));
# 94 : 32 : BOOST_CHECK(!pubkey1.Verify(hashMsg, sign2C));
# 95 : :
# 96 : 32 : BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1));
# 97 : 32 : BOOST_CHECK( pubkey2.Verify(hashMsg, sign2));
# 98 : 32 : BOOST_CHECK(!pubkey2.Verify(hashMsg, sign1C));
# 99 : 32 : BOOST_CHECK( pubkey2.Verify(hashMsg, sign2C));
# 100 : :
# 101 : 32 : BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1));
# 102 : 32 : BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2));
# 103 : 32 : BOOST_CHECK( pubkey1C.Verify(hashMsg, sign1C));
# 104 : 32 : BOOST_CHECK(!pubkey1C.Verify(hashMsg, sign2C));
# 105 : :
# 106 : 32 : BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1));
# 107 : 32 : BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2));
# 108 : 32 : BOOST_CHECK(!pubkey2C.Verify(hashMsg, sign1C));
# 109 : 32 : BOOST_CHECK( pubkey2C.Verify(hashMsg, sign2C));
# 110 : :
# 111 : : // compact signatures (with key recovery)
# 112 : :
# 113 : 32 : std::vector<unsigned char> csign1, csign2, csign1C, csign2C;
# 114 : :
# 115 : 32 : BOOST_CHECK(key1.SignCompact (hashMsg, csign1));
# 116 : 32 : BOOST_CHECK(key2.SignCompact (hashMsg, csign2));
# 117 : 32 : BOOST_CHECK(key1C.SignCompact(hashMsg, csign1C));
# 118 : 32 : BOOST_CHECK(key2C.SignCompact(hashMsg, csign2C));
# 119 : :
# 120 : 32 : CPubKey rkey1, rkey2, rkey1C, rkey2C;
# 121 : :
# 122 : 32 : BOOST_CHECK(rkey1.RecoverCompact (hashMsg, csign1));
# 123 : 32 : BOOST_CHECK(rkey2.RecoverCompact (hashMsg, csign2));
# 124 : 32 : BOOST_CHECK(rkey1C.RecoverCompact(hashMsg, csign1C));
# 125 : 32 : BOOST_CHECK(rkey2C.RecoverCompact(hashMsg, csign2C));
# 126 : :
# 127 : 32 : BOOST_CHECK(rkey1 == pubkey1);
# 128 : 32 : BOOST_CHECK(rkey2 == pubkey2);
# 129 : 32 : BOOST_CHECK(rkey1C == pubkey1C);
# 130 : 32 : BOOST_CHECK(rkey2C == pubkey2C);
# 131 : 32 : }
# 132 : :
# 133 : : // test deterministic signing
# 134 : :
# 135 : 2 : std::vector<unsigned char> detsig, detsigc;
# 136 : 2 : std::string strMsg = "Very deterministic message";
# 137 : 2 : uint256 hashMsg = Hash(strMsg);
# 138 : 2 : BOOST_CHECK(key1.Sign(hashMsg, detsig));
# 139 : 2 : BOOST_CHECK(key1C.Sign(hashMsg, detsigc));
# 140 : 2 : BOOST_CHECK(detsig == detsigc);
# 141 : 2 : BOOST_CHECK(detsig == ParseHex("304402205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d022014ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
# 142 : 2 : BOOST_CHECK(key2.Sign(hashMsg, detsig));
# 143 : 2 : BOOST_CHECK(key2C.Sign(hashMsg, detsigc));
# 144 : 2 : BOOST_CHECK(detsig == detsigc);
# 145 : 2 : BOOST_CHECK(detsig == ParseHex("3044022052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd5022061d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
# 146 : 2 : BOOST_CHECK(key1.SignCompact(hashMsg, detsig));
# 147 : 2 : BOOST_CHECK(key1C.SignCompact(hashMsg, detsigc));
# 148 : 2 : BOOST_CHECK(detsig == ParseHex("1c5dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
# 149 : 2 : BOOST_CHECK(detsigc == ParseHex("205dbbddda71772d95ce91cd2d14b592cfbc1dd0aabd6a394b6c2d377bbe59d31d14ddda21494a4e221f0824f0b8b924c43fa43c0ad57dccdaa11f81a6bd4582f6"));
# 150 : 2 : BOOST_CHECK(key2.SignCompact(hashMsg, detsig));
# 151 : 2 : BOOST_CHECK(key2C.SignCompact(hashMsg, detsigc));
# 152 : 2 : BOOST_CHECK(detsig == ParseHex("1c52d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
# 153 : 2 : BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d"));
# 154 : 2 : }
# 155 : :
# 156 : : BOOST_AUTO_TEST_CASE(key_signature_tests)
# 157 : 2 : {
# 158 : : // When entropy is specified, we should see at least one high R signature within 20 signatures
# 159 : 2 : CKey key = DecodeSecret(strSecret1);
# 160 : 2 : std::string msg = "A message to be signed";
# 161 : 2 : uint256 msg_hash = Hash(msg);
# 162 : 2 : std::vector<unsigned char> sig;
# 163 : 2 : bool found = false;
# 164 : :
# 165 [ + - ]: 2 : for (int i = 1; i <=20; ++i) {
# 166 : 2 : sig.clear();
# 167 : 2 : BOOST_CHECK(key.Sign(msg_hash, sig, false, i));
# 168 [ + - ][ + - ]: 2 : found = sig[3] == 0x21 && sig[4] == 0x00;
# 169 [ + - ]: 2 : if (found) {
# 170 : 2 : break;
# 171 : 2 : }
# 172 : 2 : }
# 173 : 2 : BOOST_CHECK(found);
# 174 : :
# 175 : : // When entropy is not specified, we should always see low R signatures that are less than or equal to 70 bytes in 256 tries
# 176 : : // The low R signatures should always have the value of their "length of R" byte less than or equal to 32
# 177 : : // We should see at least one signature that is less than 70 bytes.
# 178 : 2 : bool found_small = false;
# 179 : 2 : bool found_big = false;
# 180 : 2 : bool bad_sign = false;
# 181 [ + + ]: 514 : for (int i = 0; i < 256; ++i) {
# 182 : 512 : sig.clear();
# 183 : 512 : std::string msg = "A message to be signed" + ToString(i);
# 184 : 512 : msg_hash = Hash(msg);
# 185 [ - + ]: 512 : if (!key.Sign(msg_hash, sig)) {
# 186 : 0 : bad_sign = true;
# 187 : 0 : break;
# 188 : 0 : }
# 189 : : // sig.size() > 70 implies sig[3] > 32, because S is always low.
# 190 : : // But check both conditions anyway, just in case this implication is broken for some reason
# 191 [ - + ][ - + ]: 512 : if (sig[3] > 32 || sig.size() > 70) {
# 192 : 0 : found_big = true;
# 193 : 0 : break;
# 194 : 0 : }
# 195 : 512 : found_small |= sig.size() < 70;
# 196 : 512 : }
# 197 : 2 : BOOST_CHECK(!bad_sign);
# 198 : 2 : BOOST_CHECK(!found_big);
# 199 : 2 : BOOST_CHECK(found_small);
# 200 : 2 : }
# 201 : :
# 202 : : BOOST_AUTO_TEST_CASE(key_key_negation)
# 203 : 2 : {
# 204 : : // create a dummy hash for signature comparison
# 205 : 2 : unsigned char rnd[8];
# 206 : 2 : std::string str = "Bitcoin key verification\n";
# 207 : 2 : GetRandBytes(rnd, sizeof(rnd));
# 208 : 2 : uint256 hash;
# 209 : 2 : CHash256().Write(MakeUCharSpan(str)).Write(rnd).Finalize(hash);
# 210 : :
# 211 : : // import the static test key
# 212 : 2 : CKey key = DecodeSecret(strSecret1C);
# 213 : :
# 214 : : // create a signature
# 215 : 2 : std::vector<unsigned char> vch_sig;
# 216 : 2 : std::vector<unsigned char> vch_sig_cmp;
# 217 : 2 : key.Sign(hash, vch_sig);
# 218 : :
# 219 : : // negate the key twice
# 220 : 2 : BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
# 221 : 2 : key.Negate();
# 222 : : // after the first negation, the signature must be different
# 223 : 2 : key.Sign(hash, vch_sig_cmp);
# 224 : 2 : BOOST_CHECK(vch_sig_cmp != vch_sig);
# 225 : 2 : BOOST_CHECK(key.GetPubKey().data()[0] == 0x02);
# 226 : 2 : key.Negate();
# 227 : : // after the second negation, we should have the original key and thus the
# 228 : : // same signature
# 229 : 2 : key.Sign(hash, vch_sig_cmp);
# 230 : 2 : BOOST_CHECK(vch_sig_cmp == vch_sig);
# 231 : 2 : BOOST_CHECK(key.GetPubKey().data()[0] == 0x03);
# 232 : 2 : }
# 233 : :
# 234 : : static CPubKey UnserializePubkey(const std::vector<uint8_t>& data)
# 235 : 24 : {
# 236 : 24 : CDataStream stream{SER_NETWORK, INIT_PROTO_VERSION};
# 237 : 24 : stream << data;
# 238 : 24 : CPubKey pubkey;
# 239 : 24 : stream >> pubkey;
# 240 : 24 : return pubkey;
# 241 : 24 : }
# 242 : :
# 243 : : static unsigned int GetLen(unsigned char chHeader)
# 244 : 12 : {
# 245 [ + + ][ + + ]: 12 : if (chHeader == 2 || chHeader == 3)
# 246 : 4 : return CPubKey::COMPRESSED_SIZE;
# 247 [ + + ][ + + ]: 8 : if (chHeader == 4 || chHeader == 6 || chHeader == 7)
# [ + + ]
# 248 : 6 : return CPubKey::SIZE;
# 249 : 2 : return 0;
# 250 : 8 : }
# 251 : :
# 252 : : static void CmpSerializationPubkey(const CPubKey& pubkey)
# 253 : 24 : {
# 254 : 24 : CDataStream stream{SER_NETWORK, INIT_PROTO_VERSION};
# 255 : 24 : stream << pubkey;
# 256 : 24 : CPubKey pubkey2;
# 257 : 24 : stream >> pubkey2;
# 258 : 24 : BOOST_CHECK(pubkey == pubkey2);
# 259 : 24 : }
# 260 : :
# 261 : : BOOST_AUTO_TEST_CASE(pubkey_unserialize)
# 262 : 2 : {
# 263 [ + + ]: 14 : for (uint8_t i = 2; i <= 7; ++i) {
# 264 : 12 : CPubKey key = UnserializePubkey({0x02});
# 265 : 12 : BOOST_CHECK(!key.IsValid());
# 266 : 12 : CmpSerializationPubkey(key);
# 267 : 12 : key = UnserializePubkey(std::vector<uint8_t>(GetLen(i), i));
# 268 : 12 : CmpSerializationPubkey(key);
# 269 [ + + ]: 12 : if (i == 5) {
# 270 : 2 : BOOST_CHECK(!key.IsValid());
# 271 : 10 : } else {
# 272 : 10 : BOOST_CHECK(key.IsValid());
# 273 : 10 : }
# 274 : 12 : }
# 275 : 2 : }
# 276 : :
# 277 : : BOOST_AUTO_TEST_CASE(bip340_test_vectors)
# 278 : 2 : {
# 279 : 2 : static const std::vector<std::pair<std::array<std::string, 3>, bool>> VECTORS = {
# 280 : 2 : {{"F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}, true},
# 281 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}, true},
# 282 : 2 : {{"DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}, true},
# 283 : 2 : {{"25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}, true},
# 284 : 2 : {{"D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9", "4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703", "00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4"}, true},
# 285 : 2 : {{"EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
# 286 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2"}, false},
# 287 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD"}, false},
# 288 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6"}, false},
# 289 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051"}, false},
# 290 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197"}, false},
# 291 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
# 292 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false},
# 293 : 2 : {{"DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"}, false},
# 294 : 2 : {{"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B"}, false}
# 295 : 2 : };
# 296 : :
# 297 [ + + ]: 30 : for (const auto& test : VECTORS) {
# 298 : 30 : auto pubkey = ParseHex(test.first[0]);
# 299 : 30 : auto msg = ParseHex(test.first[1]);
# 300 : 30 : auto sig = ParseHex(test.first[2]);
# 301 : 30 : BOOST_CHECK_EQUAL(XOnlyPubKey(pubkey).VerifySchnorr(uint256(msg), sig), test.second);
# 302 : 30 : }
# 303 : :
# 304 : 2 : static const std::vector<std::array<std::string, 5>> SIGN_VECTORS = {
# 305 : 2 : {{"0000000000000000000000000000000000000000000000000000000000000003", "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9", "0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000", "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0"}},
# 306 : 2 : {{"B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF", "DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659", "0000000000000000000000000000000000000000000000000000000000000001", "243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89", "6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A"}},
# 307 : 2 : {{"C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9", "DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8", "C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906", "7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C", "5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7"}},
# 308 : 2 : {{"0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710", "25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3"}},
# 309 : 2 : };
# 310 : :
# 311 [ + + ]: 8 : for (const auto& [sec_hex, pub_hex, aux_hex, msg_hex, sig_hex] : SIGN_VECTORS) {
# 312 : 8 : auto sec = ParseHex(sec_hex);
# 313 : 8 : auto pub = ParseHex(pub_hex);
# 314 : 8 : uint256 aux256(ParseHex(aux_hex));
# 315 : 8 : uint256 msg256(ParseHex(msg_hex));
# 316 : 8 : auto sig = ParseHex(sig_hex);
# 317 : 8 : unsigned char sig64[64];
# 318 : :
# 319 : : // Run the untweaked test vectors above, comparing with exact expected signature.
# 320 : 8 : CKey key;
# 321 : 8 : key.Set(sec.begin(), sec.end(), true);
# 322 : 8 : XOnlyPubKey pubkey(key.GetPubKey());
# 323 : 8 : BOOST_CHECK(std::equal(pubkey.begin(), pubkey.end(), pub.begin(), pub.end()));
# 324 : 8 : bool ok = key.SignSchnorr(msg256, sig64, nullptr, aux256);
# 325 : 8 : BOOST_CHECK(ok);
# 326 : 8 : BOOST_CHECK(std::vector<unsigned char>(sig64, sig64 + 64) == sig);
# 327 : : // Verify those signatures for good measure.
# 328 : 8 : BOOST_CHECK(pubkey.VerifySchnorr(msg256, sig64));
# 329 : :
# 330 : : // Do 10 iterations where we sign with a random Merkle root to tweak,
# 331 : : // and compare against the resulting tweaked keys, with random aux.
# 332 : : // In iteration i=0 we tweak with empty Merkle tree.
# 333 [ + + ]: 88 : for (int i = 0; i < 10; ++i) {
# 334 : 80 : uint256 merkle_root;
# 335 [ + + ]: 80 : if (i) merkle_root = InsecureRand256();
# 336 [ + + ]: 80 : auto tweaked = pubkey.CreateTapTweak(i ? &merkle_root : nullptr);
# 337 : 80 : BOOST_CHECK(tweaked);
# 338 : 80 : XOnlyPubKey tweaked_key = tweaked->first;
# 339 : 80 : aux256 = InsecureRand256();
# 340 : 80 : bool ok = key.SignSchnorr(msg256, sig64, &merkle_root, aux256);
# 341 : 80 : BOOST_CHECK(ok);
# 342 : 80 : BOOST_CHECK(tweaked_key.VerifySchnorr(msg256, sig64));
# 343 : 80 : }
# 344 : 8 : }
# 345 : 2 : }
# 346 : :
# 347 : : BOOST_AUTO_TEST_SUITE_END()
|