def test_ecssa(self):
prv = 0x1
pub = ec.pointMultiply(prv, ec.G)
msg = 'Satoshi Nakamoto'
ssasig = ecssa_sign(msg, prv)
self.assertTrue(ecssa_verify(msg, ssasig, pub))
# malleability
malleated_sig = (ssasig[0], ec.order - ssasig[1])
self.assertFalse(ecssa_verify(msg, malleated_sig, pub))
self.assertEqual(ecssa_pubkey_recovery(msg, ssasig), pub)
def ecssa_commit_sign(c: bytes,
ec: EC,
hf,
m: bytes,
prvkey: int,
k: Optional[int] = None) -> Tuple[ECSS, Receipt]:
ch = hf(c).digest()
if k is None:
k = rfc6979(ec, hf, m, prvkey)
# commit
R, new_k = _tweak(ch, ec, hf, k)
# sign
sig = ecssa_sign(ec, hf, m, prvkey, new_k)
# commit receipt
receipt = sig[0], R
return sig, receipt
def test_ecssa_3(self):
prv = 0xC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C7
pub = ec.pointMultiply(prv, ec.G)
msg = bytes.fromhex("5E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C")
expected_sig = (0x00DA9B08172A9B6F0466A2DEFD817F2D7AB437E0D253CB5395A963866B3574BE,
0x00880371D01766935B92D2AB4CD5C8A2A5837EC57FED7660773A05F0DE142380)
eph_prv = int.from_bytes(sha256(prv.to_bytes(32, byteorder="big") + msg).digest(), byteorder="big")
sig = ecssa_sign(msg, prv, eph_prv)
self.assertTrue(ecssa_verify(msg, sig, pub))
# malleability
self.assertFalse(ecssa_verify(msg, (sig[0], ec.n - sig[1]), pub))
self.assertEqual(sig, expected_sig)
e = sha256(sig[0].to_bytes(32, byteorder="big") +
bytes_from_Point(ec, pub, True) +
msg).digest()
self.assertEqual(ecssa_pubkey_recovery(e, sig), pub)
def test_ecssa_2(self):
prv = 0xB7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF
pub = ec.pointMultiply(prv, ec.G)
msg = bytes.fromhex("243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89")
expected_sig = (0x2A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D,
0x1E51A22CCEC35599B8F266912281F8365FFC2D035A230434A1A64DC59F7013FD)
eph_prv = int.from_bytes(sha256(prv.to_bytes(32, byteorder="big") + msg).digest(), byteorder="big")
sig = ecssa_sign(msg, prv, eph_prv)
self.assertTrue(ecssa_verify(msg, sig, pub))
# malleability
self.assertFalse(ecssa_verify(msg, (sig[0], ec.n - sig[1]), pub))
self.assertEqual(sig, expected_sig)
e = sha256(sig[0].to_bytes(32, byteorder="big") +
bytes_from_Point(ec, pub, True) +
msg).digest()
self.assertEqual(ecssa_pubkey_recovery(e, sig), pub)
def test_ecssa_1(self):
prv = 0x1
pub = ec.pointMultiply(prv, ec.G)
msg = b'\x00' * 32
expected_sig = (0x787A848E71043D280C50470E8E1532B2DD5D20EE912A45DBDD2BD1DFBF187EF6,
0x7031A98831859DC34DFFEEDDA86831842CCD0079E1F92AF177F7F22CC1DCED05)
eph_prv = int.from_bytes(sha256(prv.to_bytes(32, byteorder="big") + msg).digest(), byteorder="big")
sig = ecssa_sign(msg, prv, eph_prv)
self.assertTrue(ecssa_verify(msg, sig, pub))
# malleability
self.assertFalse(ecssa_verify(msg, (sig[0], ec.n - sig[1]), pub))
self.assertEqual(sig, expected_sig)
e = sha256(sig[0].to_bytes(32, byteorder="big") +
bytes_from_Point(ec, pub, True) +
msg).digest()
self.assertEqual(ecssa_pubkey_recovery(e, sig), pub)