2015-08-27 03:42:57 +02:00
|
|
|
/**********************************************************************
|
|
|
|
|
* Copyright (c) 2013-2015 Pieter Wuille *
|
|
|
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
|
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
|
|
#ifndef _SECP256K1_MODULE_RECOVERY_TESTS_
|
|
|
|
|
#define _SECP256K1_MODULE_RECOVERY_TESTS_
|
|
|
|
|
|
|
|
|
|
void test_ecdsa_recovery_end_to_end(void) {
|
|
|
|
|
unsigned char extra[32] = {0x00};
|
|
|
|
|
unsigned char privkey[32];
|
|
|
|
|
unsigned char message[32];
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_ecdsa_signature signature[5];
|
|
|
|
|
secp256k1_ecdsa_recoverable_signature rsignature[5];
|
2015-08-27 03:42:57 +02:00
|
|
|
unsigned char sig[74];
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_pubkey pubkey;
|
|
|
|
|
secp256k1_pubkey recpubkey;
|
2015-08-27 03:42:57 +02:00
|
|
|
int recid = 0;
|
|
|
|
|
|
|
|
|
|
/* Generate a random key and message. */
|
|
|
|
|
{
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_scalar msg, key;
|
2015-08-27 03:42:57 +02:00
|
|
|
random_scalar_order_test(&msg);
|
|
|
|
|
random_scalar_order_test(&key);
|
|
|
|
|
secp256k1_scalar_get_b32(privkey, &key);
|
|
|
|
|
secp256k1_scalar_get_b32(message, &msg);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Construct and verify corresponding public key. */
|
|
|
|
|
CHECK(secp256k1_ec_seckey_verify(ctx, privkey) == 1);
|
|
|
|
|
CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey, privkey) == 1);
|
|
|
|
|
|
|
|
|
|
/* Serialize/parse compact and verify/recover. */
|
|
|
|
|
extra[0] = 0;
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[0], message, privkey, NULL, NULL) == 1);
|
|
|
|
|
CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[4], message, privkey, NULL, NULL) == 1);
|
|
|
|
|
CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[1], message, privkey, NULL, extra) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
extra[31] = 1;
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[2], message, privkey, NULL, extra) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
extra[31] = 0;
|
|
|
|
|
extra[0] = 1;
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_sign_recoverable(ctx, &rsignature[3], message, privkey, NULL, extra) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
memset(&rsignature[4], 0, sizeof(rsignature[4]));
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
/* Parse compact (with recovery id) and recover. */
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(memcmp(&pubkey, &recpubkey, sizeof(pubkey)) == 0);
|
|
|
|
|
/* Serialize/destroy/parse signature and verify again. */
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &rsignature[4]) == 1);
|
|
|
|
|
sig[secp256k1_rand32() % 64] += 1 + (secp256k1_rand32() % 255);
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsignature[4], sig, recid) == 1);
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_convert(ctx, &signature[4], &rsignature[4]) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &signature[4], message, &pubkey) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
/* Recover again */
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &recpubkey, &rsignature[4], message) == 0 ||
|
2015-08-27 03:42:57 +02:00
|
|
|
memcmp(&pubkey, &recpubkey, sizeof(pubkey)) != 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Tests several edge cases. */
|
|
|
|
|
void test_ecdsa_recovery_edge_cases(void) {
|
|
|
|
|
const unsigned char msg32[32] = {
|
|
|
|
|
'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
|
|
|
|
|
'a', ' ', 'v', 'e', 'r', 'y', ' ', 's',
|
|
|
|
|
'e', 'c', 'r', 'e', 't', ' ', 'm', 'e',
|
|
|
|
|
's', 's', 'a', 'g', 'e', '.', '.', '.'
|
|
|
|
|
};
|
|
|
|
|
const unsigned char sig64[64] = {
|
|
|
|
|
/* Generated by signing the above message with nonce 'This is the nonce we will use...'
|
|
|
|
|
* and secret key 0 (which is not valid), resulting in recid 0. */
|
|
|
|
|
0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8,
|
|
|
|
|
0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96,
|
|
|
|
|
0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63,
|
|
|
|
|
0x17, 0x9A, 0x7D, 0xD1, 0x7B, 0xD2, 0x35, 0x32,
|
|
|
|
|
0x4B, 0x1B, 0x7D, 0xF3, 0x4C, 0xE1, 0xF6, 0x8E,
|
|
|
|
|
0x69, 0x4F, 0xF6, 0xF1, 0x1A, 0xC7, 0x51, 0xDD,
|
|
|
|
|
0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86,
|
|
|
|
|
0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57
|
|
|
|
|
};
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_pubkey pubkey;
|
2015-08-27 03:42:57 +02:00
|
|
|
/* signature (r,s) = (4,4), which can be recovered with all 4 recids. */
|
|
|
|
|
const unsigned char sigb64[64] = {
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
|
|
|
|
|
};
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_pubkey pubkeyb;
|
|
|
|
|
secp256k1_ecdsa_recoverable_signature rsig;
|
|
|
|
|
secp256k1_ecdsa_signature sig;
|
2015-08-27 03:42:57 +02:00
|
|
|
int recid;
|
|
|
|
|
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 0));
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 1));
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 2));
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sig64, 3));
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(!secp256k1_ecdsa_recover(ctx, &pubkey, &rsig, msg32));
|
2015-08-27 03:42:57 +02:00
|
|
|
|
|
|
|
|
for (recid = 0; recid < 4; recid++) {
|
|
|
|
|
int i;
|
|
|
|
|
int recid2;
|
|
|
|
|
/* (4,4) encoded in DER. */
|
|
|
|
|
unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
|
|
|
|
|
unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01};
|
|
|
|
|
unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00};
|
|
|
|
|
unsigned char sigbderalt1[39] = {
|
|
|
|
|
0x30, 0x25, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
|
|
|
|
|
};
|
|
|
|
|
unsigned char sigbderalt2[39] = {
|
|
|
|
|
0x30, 0x25, 0x02, 0x01, 0x04, 0x02, 0x20, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
|
|
|
|
|
};
|
|
|
|
|
unsigned char sigbderalt3[40] = {
|
|
|
|
|
0x30, 0x26, 0x02, 0x21, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x04, 0x02, 0x01, 0x04,
|
|
|
|
|
};
|
|
|
|
|
unsigned char sigbderalt4[40] = {
|
|
|
|
|
0x30, 0x26, 0x02, 0x01, 0x04, 0x02, 0x21, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
|
|
|
|
|
};
|
|
|
|
|
/* (order + r,4) encoded in DER. */
|
|
|
|
|
unsigned char sigbderlong[40] = {
|
|
|
|
|
0x30, 0x26, 0x02, 0x21, 0x00, 0xFF, 0xFF, 0xFF,
|
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
|
|
|
|
0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC,
|
|
|
|
|
0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E,
|
|
|
|
|
0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04
|
|
|
|
|
};
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
for (recid2 = 0; recid2 < 4; recid2++) {
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_pubkey pubkey2b;
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigb64, recid2) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkey2b, &rsig, msg32) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
/* Verifying with (order + r,4) should always fail. */
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderlong, sizeof(sigbderlong)) == 0);
|
|
|
|
|
}
|
|
|
|
|
/* DER parsing tests. */
|
|
|
|
|
/* Zero length r/s. */
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0);
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0);
|
|
|
|
|
/* Leading zeros. */
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt1, sizeof(sigbderalt1)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt2, sizeof(sigbderalt2)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
sigbderalt3[4] = 1;
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0);
|
|
|
|
|
sigbderalt4[7] = 1;
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0);
|
|
|
|
|
/* Damage signature. */
|
|
|
|
|
sigbder[7]++;
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
sigbder[7]--;
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, 6) == 0);
|
|
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder) - 1) == 0);
|
|
|
|
|
for(i = 0; i < 8; i++) {
|
|
|
|
|
int c;
|
|
|
|
|
unsigned char orig = sigbder[i];
|
|
|
|
|
/*Try every single-byte change.*/
|
|
|
|
|
for (c = 0; c < 256; c++) {
|
|
|
|
|
if (c == orig ) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
sigbder[i] = c;
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyb) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
}
|
|
|
|
|
sigbder[i] = orig;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Test r/s equal to zero */
|
|
|
|
|
{
|
|
|
|
|
/* (1,1) encoded in DER. */
|
|
|
|
|
unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01};
|
|
|
|
|
unsigned char sigc64[64] = {
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
|
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
|
|
|
|
|
};
|
2015-09-21 20:57:54 +02:00
|
|
|
secp256k1_pubkey pubkeyc;
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyc, &rsig, msg32) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 1);
|
2015-08-27 03:42:57 +02:00
|
|
|
sigcder[4] = 0;
|
|
|
|
|
sigc64[31] = 0;
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
sigcder[4] = 1;
|
|
|
|
|
sigcder[7] = 0;
|
|
|
|
|
sigc64[31] = 1;
|
|
|
|
|
sigc64[63] = 0;
|
|
|
|
|
CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, &rsig, sigc64, 0) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_recover(ctx, &pubkeyb, &rsig, msg32) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
CHECK(secp256k1_ecdsa_signature_parse_der(ctx, &sig, sigcder, sizeof(sigcder)) == 1);
|
2015-08-28 01:50:47 +02:00
|
|
|
CHECK(secp256k1_ecdsa_verify(ctx, &sig, msg32, &pubkeyc) == 0);
|
2015-08-27 03:42:57 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void run_recovery_tests(void) {
|
|
|
|
|
int i;
|
|
|
|
|
for (i = 0; i < 64*count; i++) {
|
|
|
|
|
test_ecdsa_recovery_end_to_end();
|
|
|
|
|
}
|
|
|
|
|
test_ecdsa_recovery_edge_cases();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
