def test_msgsign_p2pkh_2() -> None:
msg = "test message"
# sigs are taken from (Electrum and) Bitcoin Core
wif = "Ky1XfDK2v6wHPazA6ECaD8UctEoShXdchgABjpU9GWGZDxVRDBMJ"
# compressed
address = "1DAag8qiPLHh6hMFVu9qJQm9ro1HtwuyK5"
exp_sig = "IFqUo4/sxBEFkfK8mZeeN56V13BqOc0D90oPBChF3gTqMXtNSCTN79UxC33kZ8Mi0cHy4zYCnQfCxTyLpMVXKeA="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif, address)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
sig = bms.sign(msg.encode(), wif)
assert bms.verify(msg.encode(), address, sig)
assert bms.encode(*sig) == exp_sig.encode()
wif = "5JDopdKaxz5bXVYXcAnfno6oeSL8dpipxtU1AhfKe3Z58X48srn"
# uncompressed
address = "19f7adDYqhHSJm2v7igFWZAqxXHj1vUa3T"
exp_sig = "HFqUo4/sxBEFkfK8mZeeN56V13BqOc0D90oPBChF3gTqMXtNSCTN79UxC33kZ8Mi0cHy4zYCnQfCxTyLpMVXKeA="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif, address)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
sig = bms.sign(msg.encode(), wif)
assert bms.verify(msg.encode(), address, sig)
assert bms.encode(*sig) == exp_sig.encode()
def test_vector_python_bitcoinlib() -> None:
"""Test python-bitcoinlib test vectors
https://github.com/petertodd/python-bitcoinlib/blob/master/bitcoin/tests/test_data/bms.json
"""
fname = "bms.json"
filename = path.join(path.dirname(__file__), "test_data", fname)
with open(filename, "r") as file_:
test_vectors = json.load(file_)
for vector in test_vectors[:5]:
msg = vector["address"]
tuplesig = bms.sign(msg, vector["wif"])
assert bms.verify(msg, vector["address"], tuplesig)
b64sig = bms.encode(*tuplesig)
assert bms.verify(msg, vector["address"], b64sig)
assert bms.verify(msg, vector["address"], vector["signature"])
# python-bitcoinlib has a signature different from the
# one generated by Core/Electrum/btclib (which are identical)
assert b64sig.decode("ascii") != vector["signature"]
# python-bitcoinlib does not use RFC6979 deterministic nonce
# as proved by different r compared to Core/Electrum/btclib
rf, r, s = tuplesig
_, r_0, _ = bms.decode(vector["signature"])
assert r != r_0
# while Core/Electrum/btclib use "low-s" canonical signature
assert s < ec.n - s
# this is not true for python-bitcoinlib
# assert s0 < ec.n - s0
# self.assertGreater(s0, ec.n - s0)
# just in case you wonder, here's the malleated signature
rf += 1 if rf == 31 else -1
tuplesig_malleated = rf, r, ec.n - s
assert bms.verify(msg, vector["address"], tuplesig_malleated)
b64sig_malleated = bms.encode(*tuplesig_malleated)
assert bms.verify(msg, vector["address"], b64sig_malleated)
# of course,
# it is not equal to the python-bitcoinlib one (different r)
assert b64sig_malleated.decode("ascii") != vector["signature"]
def test_sign_strippable_message() -> None:
wif = "Ky1XfDK2v6wHPazA6ECaD8UctEoShXdchgABjpU9GWGZDxVRDBMJ"
address = "1DAag8qiPLHh6hMFVu9qJQm9ro1HtwuyK5"
msg = ""
exp_sig = "IFh0InGTy8lLCs03yoUIpJU6MUbi0La/4abhVxyKcCsoUiF3RM7lg51rCqyoOZ8Yt43h8LZrmj7nwwO3HIfesiw="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
# Bitcoin Core exp_sig (Electrum does strip leading/trailing spaces)
msg = " "
exp_sig = "IEveV6CMmOk5lFP+oDbw8cir/OkhJn4S767wt+YwhzHnEYcFOb/uC6rrVmTtG3M43mzfObA0Nn1n9CRcv5IGyak="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
# Bitcoin Core exp_sig (Electrum does strip leading/trailing spaces)
msg = " "
exp_sig = "H/QjF1V4fVI8IHX8ko0SIypmb0yxfaZLF0o56Cif9z8CX24n4petTxolH59pYVMvbTKQkGKpznSiPiQVn83eJF0="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
msg = "test"
exp_sig = "IJUtN/2LZjh1Vx8Ekj9opnIKA6ohKhWB95PLT/3EFgLnOu9hTuYX4+tJJ60ZyddFMd6dgAYx15oP+jLw2NzgNUo="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
# Bitcoin Core exp_sig (Electrum does strip leading/trailing spaces)
msg = " test "
exp_sig = "IA59z13/HBhvMMJtNwT6K7vJByE40lQUdqEMYhX2tnZSD+IGQIoBGE+1IYGCHCyqHvTvyGeqJTUx5ywb4StuX0s="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
# Bitcoin Core exp_sig (Electrum does strip leading/trailing spaces)
msg = "test "
exp_sig = "IPp9l2w0LVYB4FYKBahs+k1/Oa08j+NTuzriDpPWnWQmfU0+UsJNLIPI8Q/gekrWPv6sDeYsFSG9VybUKDPGMuo="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
# Bitcoin Core exp_sig (Electrum does strip leading/trailing spaces)
msg = " test"
exp_sig = "H1nGwD/kcMSmsYU6qihV2l2+Pa+7SPP9zyViZ59VER+QL9cJsIAtu1CuxfYDAVt3kgr4t3a/Es3PV82M6z0eQAo="
assert bms.verify(msg, address, exp_sig)
sig = bms.sign(msg, wif)
assert bms.verify(msg, address, sig)
assert bms.encode(*sig) == exp_sig.encode()
def test_msgsign_p2pkh() -> None:
msg = "test message"
# sigs are taken from (Electrum and) Bitcoin Core
q = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
# uncompressed
wif1u = wif_from_prvkey(q, "mainnet", False)
assert wif1u == b"5KMWWy2d3Mjc8LojNoj8Lcz9B1aWu8bRofUgGwQk959Dw5h2iyw"
add1u = base58address.p2pkh(wif1u)
assert add1u == b"1HUBHMij46Hae75JPdWjeZ5Q7KaL7EFRSD"
sig1u = bms.sign(msg, wif1u)
assert bms.verify(msg, add1u, sig1u)
assert sig1u[0] == 27
exp_sig1u = "G/iew/NhHV9V9MdUEn/LFOftaTy1ivGPKPKyMlr8OSokNC755fAxpSThNRivwTNsyY9vPUDTRYBPc2cmGd5d4y4="
assert bms.encode(*sig1u) == exp_sig1u.encode()
# compressed
wif1c = wif_from_prvkey(q, "mainnet", True)
assert wif1c == b"L41XHGJA5QX43QRG3FEwPbqD5BYvy6WxUxqAMM9oQdHJ5FcRHcGk"
add1c = base58address.p2pkh(wif1c)
assert add1c == b"14dD6ygPi5WXdwwBTt1FBZK3aD8uDem1FY"
sig1c = bms.sign(msg, wif1c)
assert bms.verify(msg, add1c, sig1c)
assert sig1c[0] == 31
exp_sig1c = "H/iew/NhHV9V9MdUEn/LFOftaTy1ivGPKPKyMlr8OSokNC755fAxpSThNRivwTNsyY9vPUDTRYBPc2cmGd5d4y4="
assert bms.encode(*sig1c) == exp_sig1c.encode()
assert not bms.verify(msg, add1c, sig1u)
assert not bms.verify(msg, add1u, sig1c)
rf, r, s = sig1c
sig1c_malleated_rf = bms.encode(rf + 1, r, s)
assert not bms.verify(msg, add1c, sig1c_malleated_rf)
sig1c_malleated_s = bms.encode(rf, r, ec.n - s)
assert not bms.verify(msg, add1c, sig1c_malleated_s)
sig1c_malleated_rf_s = bms.encode(rf + 1, r, ec.n - s)
assert bms.verify(msg, add1c, sig1c_malleated_rf_s)
def test_segwit() -> None:
msg = "test"
wif = "L4xAvhKR35zFcamyHME2ZHfhw5DEyeJvEMovQHQ7DttPTM8NLWCK"
b58_p2pkh = base58address.p2pkh(wif)
b58_p2wpkh = bech32address.p2wpkh(wif)
b58_p2wpkh_p2sh = base58address.p2wpkh_p2sh(wif)
# p2pkh base58 address (Core, Electrum, BIP137)
exp_sig = "IBFyn+h9m3pWYbB4fBFKlRzBD4eJKojgCIZSNdhLKKHPSV2/WkeV7R7IOI0dpo3uGAEpCz9eepXLrA5kF35MXuU="
assert bms.verify(msg, b58_p2pkh, exp_sig)
sig = bms.sign(msg, wif) # no address: p2pkh assumed
assert bms.verify(msg, b58_p2pkh, sig)
assert bms.encode(*sig) == exp_sig.encode()
# p2wpkh-p2sh base58 address (Electrum)
assert bms.verify(msg, b58_p2wpkh_p2sh, sig)
# p2wpkh bech32 address (Electrum)
assert bms.verify(msg, b58_p2wpkh, sig)
# p2wpkh-p2sh base58 address (BIP137)
# different first letter in sig because of different rf
exp_sig = "JBFyn+h9m3pWYbB4fBFKlRzBD4eJKojgCIZSNdhLKKHPSV2/WkeV7R7IOI0dpo3uGAEpCz9eepXLrA5kF35MXuU="
assert bms.verify(msg, b58_p2wpkh_p2sh, exp_sig)
sig = bms.sign(msg, wif, b58_p2wpkh_p2sh)
assert bms.verify(msg, b58_p2wpkh_p2sh, sig)
assert bms.encode(*sig) == exp_sig.encode()
# p2wpkh bech32 address (BIP137)
# different first letter in sig because of different rf
exp_sig = "KBFyn+h9m3pWYbB4fBFKlRzBD4eJKojgCIZSNdhLKKHPSV2/WkeV7R7IOI0dpo3uGAEpCz9eepXLrA5kF35MXuU="
assert bms.verify(msg, b58_p2wpkh, exp_sig)
sig = bms.sign(msg, wif, b58_p2wpkh)
assert bms.verify(msg, b58_p2wpkh, sig)
assert bms.encode(*sig) == exp_sig.encode()
def test_signature() -> None:
msg = "test message"
wif, addr = bms.gen_keys()
sig = bms.sign(msg, wif)
assert bms.verify(msg, addr, sig)
assert sig == bms.decode(sig)
# sig taken from (Electrum and) Bitcoin Core
wif, addr = bms.gen_keys(
"5KMWWy2d3Mjc8LojNoj8Lcz9B1aWu8bRofUgGwQk959Dw5h2iyw")
sig = bms.sign(msg, wif)
assert bms.verify(msg, addr, sig)
exp_sig = "G/iew/NhHV9V9MdUEn/LFOftaTy1ivGPKPKyMlr8OSokNC755fAxpSThNRivwTNsyY9vPUDTRYBPc2cmGd5d4y4="
assert bms.encode(*sig) == exp_sig.encode()
# not encoded base64 signature string
bms.assert_as_valid(msg, addr, exp_sig)
# encoded base64 signature string
bms.assert_as_valid(msg, addr, exp_sig.encode())
print("2. Addresses")
address1 = p2pkh(pubkey)
print(" p2pkh:", address1.decode())
address2 = p2wpkh_p2sh(pubkey)
print("p2wpkh_p2sh:", address2.decode())
address3 = p2wpkh(pubkey)
print(" p2wpkh:", address3.decode())
print("\n3. Sign message with no address (or with compressed p2pkh address):")
sig1 = sign(msg, wif)
print(f"rf1: {sig1[0]}")
print(f" r1: {hex(sig1[1]).upper()}")
print(f" s1: {hex(sig1[2]).upper()}")
bsmsig1 = encode(*sig1)
print("4. Serialized signature:")
print(bsmsig1.decode())
print("5. Verify signature")
print("Bitcoin Core p2pkh :", verify(msg, address1, sig1))
print("Electrum p2wpkh_p2sh:", verify(msg, address2, sig1))
print("Electrum p2wpkh :", verify(msg, address3, sig1))
print("\n3. Sign message with p2wpkh_p2sh address (BIP137):")
sig2 = sign(msg, wif, address2)
print(f"rf2: {sig2[0]}")
print(f" r2: {hex(sig2[1]).upper()}")
print(f" s2: {hex(sig2[2]).upper()}")
bsmsig2 = encode(*sig2)
def test_exceptions() -> None:
msg = "test"
wif = "KwELaABegYxcKApCb3kJR9ymecfZZskL9BzVUkQhsqFiUKftb4tu"
address = base58address.p2pkh(wif)
exp_sig = "IHdKsFF1bUrapA8GMoQUbgI+Ad0ZXyX1c/yAZHmJn5hSNBi7J+TrI1615FG3g9JEOPGVvcfDWIFWrg2exLNtoVc="
assert bms.verify(msg, address, exp_sig)
_, r, s = bms.decode(exp_sig)
err_msg = "invalid recovery flag: "
with pytest.raises(BTClibValueError, match=err_msg):
bms.encode(26, r, s)
exp_sig = "IHdKsFF1bUrapA8GMoQUbgI+Ad0ZXyX1c/yAZHmJn5hNBi7J+TrI1615FG3g9JEOPGVvcfDWIFWrg2exLoVc="
err_msg = "wrong signature length: "
with pytest.raises(BTClibValueError, match=err_msg):
bms.assert_as_valid(msg, address, exp_sig)
assert not bms.verify(msg, address, exp_sig)
exp_sig = "GpNLHqEKSzwXV+KwwBfQthQ848mn5qSkmGDXpqshDuPYJELOnSuRYGQQgBR4PpI+w2tJdD4v+hxElvAaUSqv2eU="
err_msg = "invalid recovery flag: "
with pytest.raises(BTClibValueError, match=err_msg):
bms.assert_as_valid(msg, address, exp_sig)
assert not bms.verify(msg, address, exp_sig)
exp_sig = "QpNLHqEKSzwXV+KwwBfQthQ848mn5qSkmGDXpqshDuPYJELOnSuRYGQQgBR4PpI+w2tJdD4v+hxElvAaUSqv2eU="
with pytest.raises(BTClibValueError, match=err_msg):
bms.assert_as_valid(msg, address, exp_sig)
assert not bms.verify(msg, address, exp_sig)
# compressed wif, uncompressed address
wif = "Ky1XfDK2v6wHPazA6ECaD8UctEoShXdchgABjpU9GWGZDxVRDBMJ"
address = b"19f7adDYqhHSJm2v7igFWZAqxXHj1vUa3T"
err_msg = "mismatch between private key and address"
with pytest.raises(BTClibValueError, match=err_msg):
bms.sign(msg, wif, address)
# uncompressed wif, compressed address
wif = "5JDopdKaxz5bXVYXcAnfno6oeSL8dpipxtU1AhfKe3Z58X48srn"
address = b"1DAag8qiPLHh6hMFVu9qJQm9ro1HtwuyK5"
err_msg = "not a private or compressed public key for mainnet: "
# FIXME puzzling error message
with pytest.raises(BTClibValueError, match=err_msg):
bms.sign(msg, wif, address)
msg = "test"
wif = "L4xAvhKR35zFcamyHME2ZHfhw5DEyeJvEMovQHQ7DttPTM8NLWCK"
b58_p2pkh = base58address.p2pkh(wif)
b58_p2wpkh = bech32address.p2wpkh(wif)
b58_p2wpkh_p2sh = base58address.p2wpkh_p2sh(wif)
wif = "Ky1XfDK2v6wHPazA6ECaD8UctEoShXdchgABjpU9GWGZDxVRDBMJ"
err_msg = "mismatch between private key and address"
with pytest.raises(BTClibValueError, match=err_msg):
bms.sign(msg, wif, b58_p2pkh)
with pytest.raises(BTClibValueError, match=err_msg):
bms.sign(msg, wif, b58_p2wpkh)
with pytest.raises(BTClibValueError, match=err_msg):
bms.sign(msg, wif, b58_p2wpkh_p2sh)
# Invalid recovery flag (39) for base58 address
exp_sig = "IHdKsFF1bUrapA8GMoQUbgI+Ad0ZXyX1c/yAZHmJn5hSNBi7J+TrI1615FG3g9JEOPGVvcfDWIFWrg2exLNtoVc="
_, r, s = bms.decode(exp_sig)
sig = bms.encode(39, r, s)
err_msg = "invalid recovery flag: "
with pytest.raises(BTClibValueError, match=err_msg):
bms.assert_as_valid(msg, b58_p2pkh, sig)
# Invalid recovery flag (35) for bech32 address
exp_sig = "IBFyn+h9m3pWYbB4fBFKlRzBD4eJKojgCIZSNdhLKKHPSV2/WkeV7R7IOI0dpo3uGAEpCz9eepXLrA5kF35MXuU="
_, r, s = bms.decode(exp_sig)
sig = bms.encode(35, r, s)
err_msg = "invalid recovery flag: "
with pytest.raises(BTClibValueError, match=err_msg):
bms.assert_as_valid(msg, b58_p2wpkh, sig)