def test_deterministic_generate_k_A_2_1(self):
"""
The example in https://tools.ietf.org/html/rfc6979#appendix-A.2.3
"""
hashes_values = (
(hashlib.sha1, 0x37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021),
(hashlib.sha224, 0x4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8),
(hashlib.sha256, 0x32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496),
(hashlib.sha384, 0x4730005C4FCB01834C063A7B6760096DBE284B8252EF4311),
(hashlib.sha512, 0xA2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1),
)
q = 0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
x = 0x6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4
for h, v in hashes_values:
v_sample = intbytes.from_bytes(h(b'sample').digest())
k = deterministic_generate_k(q, x, v_sample, h)
self.assertEqual(k, v)
hashes_values = (
(hashlib.sha1, 0xD9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25),
(hashlib.sha224, 0xF5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE),
(hashlib.sha256, 0x5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C),
(hashlib.sha384, 0x5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693),
(hashlib.sha512, 0x0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527),
)
for h, v in hashes_values:
v_sample = intbytes.from_bytes(h(b'test').digest())
k = deterministic_generate_k(q, x, v_sample, h)
self.assertEqual(k, v)
def test_deterministic_generate_k_A_2_5(self):
"""
The example in https://tools.ietf.org/html/rfc6979#appendix-A.2.5
"""
h = hashlib.sha256(b'sample').digest()
val = intbytes.from_bytes(h)
self.assertEqual(val, 0xAF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF)
generator_order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D
secret_exponent = 0xF220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1
k = deterministic_generate_k(generator_order, secret_exponent, val)
self.assertEqual(k, 0xAD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC)
def test_deterministic_generate_k_A_1(self):
"""
The example in http://tools.ietf.org/html/rfc6979#appendix-A.1
"""
h = hashlib.sha256(b'sample').digest()
val = intbytes.from_bytes(h)
self.assertEqual(val, 0xAF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF)
q = 0x4000000000000000000020108A2E0CC0D99F8A5EF
x = 0x09A4D6792295A7F730FC3F2B49CBC0F62E862272F
k = deterministic_generate_k(q, x, val)
self.assertEqual(k, 0x23AF4074C90A02B3FE61D286D5C87F425E6BDD81B)
def test_deterministic_generate_k_A_1(self):
"""
The example in http://tools.ietf.org/html/rfc6979#appendix-A.1
"""
h = hashlib.sha256(b'sample').digest()
val = intbytes.from_bytes(h)
self.assertEqual(
val,
0xAF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF)
q = 0x4000000000000000000020108A2E0CC0D99F8A5EF
x = 0x09A4D6792295A7F730FC3F2B49CBC0F62E862272F
k = deterministic_generate_k(q, x, val)
self.assertEqual(k, 0x23AF4074C90A02B3FE61D286D5C87F425E6BDD81B)
def test_deterministic_generate_k_A_2_5(self):
"""
The example in https://tools.ietf.org/html/rfc6979#appendix-A.2.5
"""
h = hashlib.sha256(b'sample').digest()
val = intbytes.from_bytes(h)
self.assertEqual(
val,
0xAF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF)
generator_order = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D
secret_exponent = 0xF220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1
k = deterministic_generate_k(generator_order, secret_exponent, val)
self.assertEqual(
k, 0xAD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC)
def test_deterministic_generate_k_A_2_1(self):
"""
The example in https://tools.ietf.org/html/rfc6979#appendix-A.2.3
"""
hashes_values = (
(hashlib.sha1, 0x37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021),
(hashlib.sha224,
0x4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8),
(hashlib.sha256,
0x32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496),
(hashlib.sha384,
0x4730005C4FCB01834C063A7B6760096DBE284B8252EF4311),
(hashlib.sha512,
0xA2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1),
)
q = 0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831
x = 0x6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4
for h, v in hashes_values:
v_sample = intbytes.from_bytes(h(b'sample').digest())
k = deterministic_generate_k(q, x, v_sample, h)
self.assertEqual(k, v)
hashes_values = (
(hashlib.sha1, 0xD9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25),
(hashlib.sha224,
0xF5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE),
(hashlib.sha256,
0x5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C),
(hashlib.sha384,
0x5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693),
(hashlib.sha512,
0x0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527),
)
for h, v in hashes_values:
v_sample = intbytes.from_bytes(h(b'test').digest())
k = deterministic_generate_k(q, x, v_sample, h)
self.assertEqual(k, v)
def test_rfc6979(self):
"""
Performs a test of the reference wallet's RFC6979 signatures against test vectors.
"""
# Test vectors for RFC 6979 ECDSA (secp256k1, SHA-256).
# Thanks to the Haskoin developer for these fully formed vectors.
# (private key hex, private key WIF, message, r || r as hex, sig as DER)
test_vectors = [
( 0x0000000000000000000000000000000000000000000000000000000000000001,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU73sVHnoWn",
"Everything should be made as simple as possible, but not simpler.",
"33a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c96f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa54342262",
"3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa54342262"
),
( 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
"L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6FfU2Gppt5kFLaHLuZ9",
"Equations are more important to me, because politics is for the present, but an equation is something for eternity.",
"54c4a33c6423d689378f160a7ff8b61330444abb58fb470f96ea16d99d4a2fed07082304410efa6b2943111b6a4e0aaa7b7db55a07e9861d1fb3cb1f421044a5",
"3044022054c4a33c6423d689378f160a7ff8b61330444abb58fb470f96ea16d99d4a2fed022007082304410efa6b2943111b6a4e0aaa7b7db55a07e9861d1fb3cb1f421044a5"
),
( 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
"L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6FfU2Gppt5kFLaHLuZ9",
"Not only is the Universe stranger than we think, it is stranger than we can think.",
"ff466a9f1b7b273e2f4c3ffe032eb2e814121ed18ef84665d0f515360dab3dd06fc95f5132e5ecfdc8e5e6e616cc77151455d46ed48f5589b7db7771a332b283",
"3045022100ff466a9f1b7b273e2f4c3ffe032eb2e814121ed18ef84665d0f515360dab3dd002206fc95f5132e5ecfdc8e5e6e616cc77151455d46ed48f5589b7db7771a332b283"
),
( 0x0000000000000000000000000000000000000000000000000000000000000001,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU73sVHnoWn",
"How wonderful that we have met with a paradox. Now we have some hope of making progress.",
"c0dafec8251f1d5010289d210232220b03202cba34ec11fec58b3e93a85b91d375afdc06b7d6322a590955bf264e7aaa155847f614d80078a90292fe205064d3",
"3045022100c0dafec8251f1d5010289d210232220b03202cba34ec11fec58b3e93a85b91d3022075afdc06b7d6322a590955bf264e7aaa155847f614d80078a90292fe205064d3"
),
( 0x69ec59eaa1f4f2e36b639716b7c30ca86d9a5375c7b38d8918bd9c0ebc80ba64,
"KzmcSTRmg8Gtoq8jbBCwsrvgiTKRrewQXniAHHTf7hsten8MZmBB",
"Computer science is no more about computers than astronomy is about telescopes.",
"7186363571d65e084e7f02b0b77c3ec44fb1b257dee26274c38c928986fea45d0de0b38e06807e46bda1f1e293f4f6323e854c86d58abdd00c46c16441085df6",
"304402207186363571d65e084e7f02b0b77c3ec44fb1b257dee26274c38c928986fea45d02200de0b38e06807e46bda1f1e293f4f6323e854c86d58abdd00c46c16441085df6"
),
( 0x00000000000000000000000000007246174ab1e92e9149c6e446fe194d072637,
"KwDiBf89QgGbjEhKnhXJwe1E2mCa8asowBrSKuCaBV6EsPYEAFZ8",
"...if you aren't, at any given time, scandalized by code you wrote five or even three years ago, you're not learning anywhere near enough",
"fbfe5076a15860ba8ed00e75e9bd22e05d230f02a936b653eb55b61c99dda4870e68880ebb0050fe4312b1b1eb0899e1b82da89baa5b895f612619edf34cbd37",
"3045022100fbfe5076a15860ba8ed00e75e9bd22e05d230f02a936b653eb55b61c99dda48702200e68880ebb0050fe4312b1b1eb0899e1b82da89baa5b895f612619edf34cbd37"
),
( 0x000000000000000000000000000000000000000000056916d0f9b31dc9b637f3,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZiib5S9h4knkymNojPUVsWN",
"The question of whether computers can think is like the question of whether submarines can swim.",
"cde1302d83f8dd835d89aef803c74a119f561fbaef3eb9129e45f30de86abbf906ce643f5049ee1f27890467b77a6a8e11ec4661cc38cd8badf90115fbd03cef",
"3045022100cde1302d83f8dd835d89aef803c74a119f561fbaef3eb9129e45f30de86abbf9022006ce643f5049ee1f27890467b77a6a8e11ec4661cc38cd8badf90115fbd03cef"
)
]
for (secret_exponent, _, message, _, expected_sig) in test_vectors:
h = hashlib.sha256(message.encode('utf-8')).digest()
val = intbytes.from_bytes(h)
# This will use deterministic values of k based on 'val'
r, s = ecdsa.sign(secp256k1.generator_secp256k1, secret_exponent, val)
# Ensure that 's' is even to prevent attacks - see https://bitcointalk.org/index.php?topic=285142.msg3295518#msg3295518
if s > (secp256k1.generator_secp256k1.order() / 2):
s = secp256k1.generator_secp256k1.order() - s
sig = der.sigencode_der(r, s)
assert sig == bytes.fromhex(expected_sig), "ECDSA signature using RFC 6979 failed\nExpected: " + expected_sig + "\nActual: " + self.hexstr(sig)
def test_rfc6979(self):
"""
Performs a test of the reference wallet's RFC6979 signatures against test vectors.
"""
# Test vectors for RFC 6979 ECDSA (secp256k1, SHA-256).
# Thanks to the Haskoin developer for these fully formed vectors.
# (private key hex, private key WIF, message, r || r as hex, sig as DER)
test_vectors = [
(0x0000000000000000000000000000000000000000000000000000000000000001,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU73sVHnoWn",
"Everything should be made as simple as possible, but not simpler.",
"33a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c96f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa54342262",
"3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa54342262"
),
(0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
"L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6FfU2Gppt5kFLaHLuZ9",
"Equations are more important to me, because politics is for the present, but an equation is something for eternity.",
"54c4a33c6423d689378f160a7ff8b61330444abb58fb470f96ea16d99d4a2fed07082304410efa6b2943111b6a4e0aaa7b7db55a07e9861d1fb3cb1f421044a5",
"3044022054c4a33c6423d689378f160a7ff8b61330444abb58fb470f96ea16d99d4a2fed022007082304410efa6b2943111b6a4e0aaa7b7db55a07e9861d1fb3cb1f421044a5"
),
(0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
"L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6FfU2Gppt5kFLaHLuZ9",
"Not only is the Universe stranger than we think, it is stranger than we can think.",
"ff466a9f1b7b273e2f4c3ffe032eb2e814121ed18ef84665d0f515360dab3dd06fc95f5132e5ecfdc8e5e6e616cc77151455d46ed48f5589b7db7771a332b283",
"3045022100ff466a9f1b7b273e2f4c3ffe032eb2e814121ed18ef84665d0f515360dab3dd002206fc95f5132e5ecfdc8e5e6e616cc77151455d46ed48f5589b7db7771a332b283"
),
(0x0000000000000000000000000000000000000000000000000000000000000001,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU73sVHnoWn",
"How wonderful that we have met with a paradox. Now we have some hope of making progress.",
"c0dafec8251f1d5010289d210232220b03202cba34ec11fec58b3e93a85b91d375afdc06b7d6322a590955bf264e7aaa155847f614d80078a90292fe205064d3",
"3045022100c0dafec8251f1d5010289d210232220b03202cba34ec11fec58b3e93a85b91d3022075afdc06b7d6322a590955bf264e7aaa155847f614d80078a90292fe205064d3"
),
(0x69ec59eaa1f4f2e36b639716b7c30ca86d9a5375c7b38d8918bd9c0ebc80ba64,
"KzmcSTRmg8Gtoq8jbBCwsrvgiTKRrewQXniAHHTf7hsten8MZmBB",
"Computer science is no more about computers than astronomy is about telescopes.",
"7186363571d65e084e7f02b0b77c3ec44fb1b257dee26274c38c928986fea45d0de0b38e06807e46bda1f1e293f4f6323e854c86d58abdd00c46c16441085df6",
"304402207186363571d65e084e7f02b0b77c3ec44fb1b257dee26274c38c928986fea45d02200de0b38e06807e46bda1f1e293f4f6323e854c86d58abdd00c46c16441085df6"
),
(0x00000000000000000000000000007246174ab1e92e9149c6e446fe194d072637,
"KwDiBf89QgGbjEhKnhXJwe1E2mCa8asowBrSKuCaBV6EsPYEAFZ8",
"...if you aren't, at any given time, scandalized by code you wrote five or even three years ago, you're not learning anywhere near enough",
"fbfe5076a15860ba8ed00e75e9bd22e05d230f02a936b653eb55b61c99dda4870e68880ebb0050fe4312b1b1eb0899e1b82da89baa5b895f612619edf34cbd37",
"3045022100fbfe5076a15860ba8ed00e75e9bd22e05d230f02a936b653eb55b61c99dda48702200e68880ebb0050fe4312b1b1eb0899e1b82da89baa5b895f612619edf34cbd37"
),
(0x000000000000000000000000000000000000000000056916d0f9b31dc9b637f3,
"KwDiBf89QgGbjEhKnhXJuH7LrciVrZiib5S9h4knkymNojPUVsWN",
"The question of whether computers can think is like the question of whether submarines can swim.",
"cde1302d83f8dd835d89aef803c74a119f561fbaef3eb9129e45f30de86abbf906ce643f5049ee1f27890467b77a6a8e11ec4661cc38cd8badf90115fbd03cef",
"3045022100cde1302d83f8dd835d89aef803c74a119f561fbaef3eb9129e45f30de86abbf9022006ce643f5049ee1f27890467b77a6a8e11ec4661cc38cd8badf90115fbd03cef"
)
]
for (secret_exponent, _, message, _, expected_sig) in test_vectors:
h = hashlib.sha256(message.encode('utf-8')).digest()
val = intbytes.from_bytes(h)
# This will use deterministic values of k based on 'val'
r, s = ecdsa.sign(secp256k1.generator_secp256k1, secret_exponent,
val)
# Ensure that 's' is even to prevent attacks - see https://bitcointalk.org/index.php?topic=285142.msg3295518#msg3295518
if s > (secp256k1.generator_secp256k1.order() / 2):
s = secp256k1.generator_secp256k1.order() - s
sig = der.sigencode_der(r, s)
assert sig == bytes.fromhex(
expected_sig
), "ECDSA signature using RFC 6979 failed\nExpected: " + expected_sig + "\nActual: " + self.hexstr(
sig)
