From 6e0528785d4afee8619923bbdfdd7c3086f1139f Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Fri, 28 Nov 2014 23:43:00 +0100 Subject: [PATCH] Do signature recovery/verification with 4 possible recid case --- src/tests.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/src/tests.c b/src/tests.c index 022bcb615e..143f91327c 100644 --- a/src/tests.c +++ b/src/tests.c @@ -939,7 +939,8 @@ void run_ecdsa_end_to_end(void) { } } -void test_ecdsa_infinity(void) { +/* Tests several edge cases. */ +void test_ecdsa_edge_cases(void) { const unsigned char msg32[32] = { 'T', 'h', 'i', 's', ' ', 'i', 's', ' ', 'a', ' ', 'v', 'e', 'r', 'y', ' ', 's', @@ -947,8 +948,8 @@ void test_ecdsa_infinity(void) { 's', 's', 'a', 'g', 'e', '.', '.', '.' }; const unsigned char sig64[64] = { - // Generated by signing the above message with nonce 'This is the nonce we will use...' - // and secret key 0 (which is not valid), resulting in recid 0. + /* Generated by signing the above message with nonce 'This is the nonce we will use...' + * and secret key 0 (which is not valid), resulting in recid 0. */ 0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8, 0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96, 0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63, @@ -964,10 +965,32 @@ void test_ecdsa_infinity(void) { CHECK(secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 1)); CHECK(!secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 2)); CHECK(!secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 3)); + + /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ + const unsigned char sigb64[64] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + }; + unsigned char pubkeyb[33]; + int pubkeyblen = 33; + for (int recid = 0; recid < 4; recid++) { + unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04}; + CHECK(secp256k1_ecdsa_recover_compact(msg32, 32, sigb64, pubkeyb, &pubkeyblen, 1, recid)); + CHECK(secp256k1_ecdsa_verify(msg32, 32, sigbder, sizeof(sigbder), pubkeyb, pubkeyblen) == 1); + /* Damage signature. */ + sigbder[7]++; + CHECK(secp256k1_ecdsa_verify(msg32, 32, sigbder, sizeof(sigbder), pubkeyb, pubkeyblen) == 0); + } } -void run_ecdsa_infinity(void) { - test_ecdsa_infinity(); +void run_ecdsa_edge_cases(void) { + test_ecdsa_edge_cases(); } #ifdef ENABLE_OPENSSL_TESTS @@ -1071,7 +1094,7 @@ int main(int argc, char **argv) { /* ecdsa tests */ run_ecdsa_sign_verify(); run_ecdsa_end_to_end(); - run_ecdsa_infinity(); + run_ecdsa_edge_cases(); #ifdef ENABLE_OPENSSL_TESTS run_ecdsa_openssl(); #endif