diff options
| author | subtly <subtly@users.noreply.github.com> | 2014-10-30 02:24:23 +0800 |
|---|---|---|
| committer | subtly <subtly@users.noreply.github.com> | 2014-10-30 02:24:23 +0800 |
| commit | 88481e0f26d835c924a9093b157c8385fa8be516 (patch) | |
| tree | 6d00aa58fea3c5bbd8c2d812a6f02742d3229ad5 /crypto.cpp | |
| parent | 7f7a800fa1681272137913277b1ad672f58f3a62 (diff) | |
| download | dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar.gz dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar.bz2 dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar.lz dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar.xz dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.tar.zst dexon-solidity-88481e0f26d835c924a9093b157c8385fa8be516.zip | |
remove asserts for recid being 2, which is rare, but may occur
Diffstat (limited to 'crypto.cpp')
| -rw-r--r-- | crypto.cpp | 74 |
1 files changed, 16 insertions, 58 deletions
@@ -88,89 +88,48 @@ BOOST_AUTO_TEST_CASE(cryptopp_vs_secp256k1) BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_ecdsav) { - // cryptopp implementation of secp256k1lib sign_compact w/recid parameter for recovering public key from signature - - // cryptopp does this: - // void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const - // { - // const Integer &q = params.GetSubgroupOrder(); - // r %= q; - // Integer kInv = k.InverseMod(q); - // s = (kInv * (x*r + e)) % q; - // assert(!!r && !!s); - // } - - // secp256k1lib does this, which we want cryptopp to do: - // secp256k1_gej_t rp; - // secp256k1_ecmult_gen(&rp, nonce); - // secp256k1_ge_t r; - // secp256k1_ge_set_gej(&r, &rp); - // unsigned char b[32]; - // secp256k1_fe_normalize(&r.x); - // secp256k1_fe_normalize(&r.y); - // secp256k1_fe_get_b32(b, &r.x); - // secp256k1_num_set_bin(&sig->r, b, 32); - // if (recid) - // *recid = (secp256k1_num_cmp(&sig->r, &c->order) >= 0 ? 2 : 0) | (secp256k1_fe_is_odd(&r.y) ? 1 : 0); - // secp256k1_num_mod(&sig->r, &c->order); - // secp256k1_num_t n; - // secp256k1_num_init(&n); - // secp256k1_num_mod_mul(&n, &sig->r, seckey, &c->order); - // secp256k1_num_add(&n, &n, message); - // secp256k1_num_mod(&n, &c->order); - // secp256k1_num_mod_inverse(&sig->s, nonce, &c->order); - // secp256k1_num_mod_mul(&sig->s, &sig->s, &n, &c->order); - // secp256k1_num_free(&n); - // if (secp256k1_num_is_zero(&sig->s)) - // return 0; - // if (secp256k1_num_cmp(&sig->s, &c->half_order) > 0) { - // secp256k1_num_sub(&sig->s, &c->order, &sig->s); - // if (recid) - // *recid ^= 1; - // } - - - // secret + // cryptopp implementation of secp256k1lib sign_compact w/recid parameter and recovery of public key from signature + + // base secret Secret secret(sha3("privacy")); + // we get ec params from signer + ECDSA<ECP, SHA3_256>::Signer signer; + // e := sha3(msg) bytes e(fromHex("0x01")); e.resize(32); - int tests = 150; // Oct 29: successful @ 1500 + int tests = 15; // Oct 29: successful @ 1500 while (sha3(&e, &e), secret = sha3(secret.asBytes()), tests--) { KeyPair key(secret); + Public pkey = key.pub(); + pp::initializeSigner(secret, signer); h256 he(sha3(e)); Integer heInt(he.asBytes().data(), 32); - h256 k(he ^ key.sec()); + h256 k(he ^ secret); Integer kInt(k.asBytes().data(), 32); - // we get ec params from signer - ECDSA<ECP, SHA3_256>::Signer signer; - pp::initializeSigner(key.sec(), signer); - const DL_GroupParameters<ECP::Point> ¶ms = signer.GetKey().GetAbstractGroupParameters(); ECP::Point rp = params.ExponentiateBase(kInt); Integer const& q = params.GetGroupOrder(); Integer r = params.ConvertElementToInteger(rp); int recid = ((r >= q) ? 2 : 0) | (rp.y.IsOdd() ? 1 : 0); - BOOST_REQUIRE(!(r>=q)); // interesting, this never happens - r %= q; - + BOOST_REQUIRE(!(r >= q)); + Integer kInv = kInt.InverseMod(q); - Integer s = (kInv * (Integer(key.sec().asBytes().data(), 32)*r + heInt)) % q; + Integer s = (kInv * (Integer(secret.asBytes().data(), 32)*r + heInt)) % q; BOOST_REQUIRE(!!r && !!s); if (s > params.GetSubgroupOrder()) { - // also interesting, this never happens + // note: this rarely happens s = params.GetGroupOrder() - s; if (recid) recid ^= 1; } - BOOST_REQUIRE(recid < 2); Signature sig; r.Encode(sig.data(), 32); @@ -178,15 +137,14 @@ BOOST_AUTO_TEST_CASE(cryptopp_cryptopp_ecdsav) sig[64] = recid; Public p = dev::recover(sig, he); - Public pkey = key.pub(); BOOST_REQUIRE(p == pkey); // verify w/cryptopp - BOOST_REQUIRE(crypto::verify(key.pub(), sig, bytesConstRef(&e))); + BOOST_REQUIRE(crypto::verify(pkey, sig, bytesConstRef(&e))); // verify with secp256k1lib byte encpub[65] = {0x04}; - memcpy(&encpub[1], key.pub().data(), 64); + memcpy(&encpub[1], pkey.data(), 64); byte dersig[72]; size_t cssz = DSAConvertSignatureFormat(dersig, 72, DSA_DER, sig.data(), 64, DSA_P1363); BOOST_CHECK(cssz <= 72); |