def test_signature(self):
ec = secp256k1
hf = sha256
q = 0x1
Q = mult(ec, q, ec.G)
msg = 'Satoshi Nakamoto'.encode()
sig = dsa.sign(ec, hf, msg, q)
# https://bitcointalk.org/index.php?topic=285142.40
# Deterministic Usage of DSA and ECDSA (RFC 6979)
exp_sig = (
0x934b1ea10a4b3c1757e2b0c017d0b6143ce3c9a7e6a4a49860d7a6ab210ee3d8,
0x2442ce9d2b916064108014783e923ec36b49743e2ffa1c4496f01a512aafd9e5)
r, s = sig
self.assertEqual(sig[0], exp_sig[0])
self.assertIn(sig[1], (exp_sig[1], ec.n - exp_sig[1]))
self.assertTrue(dsa.verify(ec, hf, msg, Q, sig))
self.assertTrue(dsa._verify(ec, hf, msg, Q, sig))
# malleability
malleated_sig = (r, ec.n - s)
self.assertTrue(dsa.verify(ec, hf, msg, Q, malleated_sig))
self.assertTrue(dsa._verify(ec, hf, msg, Q, malleated_sig))
keys = dsa.pubkey_recovery(ec, hf, msg, sig)
self.assertTrue(len(keys) == 2)
self.assertIn(Q, keys)
fmsg = 'Craig Wright'.encode()
self.assertFalse(dsa.verify(ec, hf, fmsg, Q, sig))
self.assertFalse(dsa._verify(ec, hf, fmsg, Q, sig))
fdsasig = (sig[0], sig[1], sig[1])
self.assertFalse(dsa.verify(ec, hf, msg, Q, fdsasig))
self.assertRaises(TypeError, dsa._verify, ec, hf, msg, Q, fdsasig)
fq = 0x4
fQ = mult(ec, fq, ec.G)
self.assertFalse(dsa.verify(ec, hf, msg, fQ, sig))
self.assertFalse(dsa._verify(ec, hf, msg, fQ, sig))
# r not in [1, n-1]
invalid_dassig = 0, sig[1]
self.assertFalse(dsa.verify(ec, hf, msg, Q, invalid_dassig))
# s not in [1, n-1]
invalid_dassig = sig[0], 0
self.assertFalse(dsa.verify(ec, hf, msg, Q, invalid_dassig))
# pubkey = Inf
self.assertRaises(ValueError, dsa._verify, ec, hf, msg, (1, 0), sig)
#dsa._verify(ec, hf, msg, (1, 0), sig)
# private key not in [1, n-1]
self.assertRaises(ValueError, dsa.sign, ec, hf, msg, 0)
#dsa.sign(ec, hf, msg, 0)
# ephemeral key not in [1, n-1]
self.assertRaises(ValueError, dsa.sign, ec, hf, msg, 1, 0)
def test_pubkey_recovery(self):
ec = secp112r2
hf = sha256
q = 0x1
Q = mult(ec, q, ec.G)
msg = 'Satoshi Nakamoto'.encode()
sig = dsa.sign(ec, hf, msg, q)
self.assertTrue(dsa.verify(ec, hf, msg, Q, sig))
self.assertTrue(dsa._verify(ec, hf, msg, Q, sig))
keys = dsa.pubkey_recovery(ec, hf, msg, sig)
self.assertIn(Q, keys)
for Q in keys:
self.assertTrue(dsa.verify(ec, hf, msg, Q, sig))
self.assertTrue(dsa._verify(ec, hf, msg, Q, sig))
def test_pubkey_recovery(self):
ec = secp112r2
q = 0x10
Q = mult(q, ec.G, ec)
msg = b'Satoshi Nakamoto'
sig = dsa.sign(msg, q, None, ec)
self.assertTrue(dsa.verify(msg, Q, sig, ec))
self.assertTrue(dsa._verify(msg, Q, sig, ec))
keys = dsa.pubkey_recovery(msg, sig, ec)
self.assertEqual(len(keys), 4)
self.assertIn(Q, keys)
for Q in keys:
self.assertTrue(dsa.verify(msg, Q, sig, ec))
self.assertTrue(dsa._verify(msg, Q, sig, ec))