bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-05-12 12:03:29 +00:00
Code Issues Releases Wiki Activity

Fix point_from_bytes accepting out-of-range pubkeys and add test vector

Browse Source
This commit is contained in:
Jonas Nick 2019-11-04 12:53:37 +00:00 committed by Pieter Wuille
parent 9b5ba158c1
commit c8281deec6
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bip-schnorr/reference.py
View File

@ -53,6 +53,8 @@ def bytes_from_point(P):
def point_from_bytes(b): def point_from_bytes(b):
x = int_from_bytes(b) x = int_from_bytes(b)
if x >= p:
return None
y_sq = (pow(x, 3, p) + 7) % p y_sq = (pow(x, 3, p) + 7) % p
y = pow(y_sq, (p + 1) // 4, p) y = pow(y_sq, (p + 1) // 4, p)
if pow(y, 2, p) != y_sq: if pow(y, 2, p) != y_sq:

26
bip-schnorr/test-vectors.py
View File

@ -69,12 +69,14 @@ def vector4():
default_seckey = bytes_from_int(0xB7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF) default_seckey = bytes_from_int(0xB7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF)
default_msg = bytes_from_int(0x243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89) default_msg = bytes_from_int(0x243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89)
# Public key is not on the curve
def vector5(): def vector5():
# This creates a dummy signature that doesn't have anything to do with the
# public key.
seckey = default_seckey seckey = default_seckey
msg = default_msg msg = default_msg
sig = schnorr_sign(msg, seckey) sig = schnorr_sign(msg, seckey)
# Public key is not on the curve
pubkey = bytes_from_int(0xEEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34) pubkey = bytes_from_int(0xEEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34)
assert(point_from_bytes(pubkey) is None) assert(point_from_bytes(pubkey) is None)
@ -185,6 +187,27 @@ def vector13():
return (None, pubkey_gen(seckey), msg, sig, "FALSE", "sig[32:64] is equal to curve order") return (None, pubkey_gen(seckey), msg, sig, "FALSE", "sig[32:64] is equal to curve order")
# Test out of range pubkey
# It's cryptographically impossible to create a test vector that fails if run
# in an implementation which accepts out of range pubkeys because we can't find
# a secret key for such a public key and therefore can not create a signature.
# This test vector just increases test coverage.
def vector14():
# This creates a dummy signature that doesn't have anything to do with the
# public key.
seckey = default_seckey
msg = default_msg
sig = schnorr_sign(msg, seckey)
pubkey_int = p + 1
pubkey = bytes_from_int(pubkey_int)
assert(point_from_bytes(pubkey) is None)
# If an implementation would reduce a given public key modulo p then the
# pubkey would be valid
assert(point_from_bytes(bytes_from_int(pubkey_int % p)) is not None)
return (None, pubkey, msg, sig, "FALSE", "public key is not a valid X coordinate because it exceeds the field size")
vectors = [ vectors = [
vector0(), vector0(),
vector1(), vector1(),
@ -200,6 +223,7 @@ vectors = [
vector11(), vector11(),
vector12(), vector12(),
vector13(), vector13(),
vector14()
] ]
# Converts the byte strings of a test vector into hex strings # Converts the byte strings of a test vector into hex strings