cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

support for verifying ec signatures w/secp256k1 or cryptopp.

Browse Source
This commit is contained in:
subtly 2014-10-27 05:15:44 +01:00
parent d710736000
commit 9fa0defcc3
1 changed files with 90 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
crypto.cpp
View File

@ -97,69 +97,79 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1)
Secret secret(sha3(sbytes)); // 5fe7f977e71dba2ea1a68e21057beebb9be2ac30c6410aa38d4f3fbe41dcffd2 Secret secret(sha3(sbytes)); // 5fe7f977e71dba2ea1a68e21057beebb9be2ac30c6410aa38d4f3fbe41dcffd2
KeyPair key(secret); KeyPair key(secret);
bytes m(fromHex("0x02")); bytes m(fromHex("0x01"));
h256 hm(sha3(m)); // f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2 int tests = 5;
Integer hInt("f2ee15ea639b73fa3db9b34a245bdfa015c260c598b211bf05a1ecc4b3e3b4f2H"); // 32b msg hash while (m[0]++ && tests--)
h256 k(hm ^ key.sec()); {
Integer kInt(k.asBytes().data(), 32); h256 hm(sha3(m));
Integer hInt(hm.asBytes().data(), 32);
// raw sign w/cryptopp (doesn't pass through cryptopp hash filter) h256 k(hm ^ key.sec());
ECDSA<ECP, SHA3_256>::Signer signer; Integer kInt(k.asBytes().data(), 32);
pp::initializeSigner(key.sec(), signer);
Integer r, s; // raw sign w/cryptopp (doesn't pass through cryptopp hash filter)
signer.RawSign(kInt, hInt, r, s); ECDSA<ECP, SHA3_256>::Signer signer;
cout << "cryptopp-raw r, s: " << endl << r << endl << s << endl; pp::initializeSigner(key.sec(), signer);
Integer r, s;
signer.RawSign(kInt, hInt, r, s);
// verify cryptopp raw-signature w/cryptopp // verify cryptopp raw-signature w/cryptopp
ECDSA<ECP, SHA3_256>::Verifier verifier; ECDSA<ECP, SHA3_256>::Verifier verifier;
pp::initializeVerifier(key.pub(), verifier); pp::initializeVerifier(key.pub(), verifier);
Signature sigppraw; Signature sigppraw;
r.Encode(sigppraw.data(), 32); r.Encode(sigppraw.data(), 32);
s.Encode(sigppraw.data()+32, 32); s.Encode(sigppraw.data()+32, 32);
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppraw.data(), 64)); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppraw.data(), 64));
BOOST_REQUIRE(dev::recover(sigppraw, hm) == key.pub()); BOOST_REQUIRE(crypto::verify(key.pub(), sigppraw, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), sigppraw, hm));
// sign with sec256lib, verify with cryptopp BOOST_CHECK(dev::recover(sigppraw, hm) == key.pub());
Signature seclibsig(dev::sign(key.sec(), hm));
r.Decode(seclibsig.data(), 32); // sign with sec256lib, verify with cryptopp
s.Decode(seclibsig.data()+32, 32); Signature seclibsig(dev::sign(key.sec(), hm));
cout << "sec256lib r, s: " << endl << r << endl << s << endl; BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), seclibsig.data(), 64));
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), seclibsig.data(), 64)); BOOST_REQUIRE(crypto::verify(key.pub(), seclibsig, bytesConstRef(&m)));
BOOST_REQUIRE(dev::recover(seclibsig, hm) == key.pub()); BOOST_REQUIRE(dev::verify(key.pub(), seclibsig, hm));
BOOST_CHECK(dev::recover(seclibsig, hm) == key.pub());
// sign with cryptopp (w/hash filter?), verify with cryptopp // sign with cryptopp (w/hash filter?), verify with cryptopp
bytes sigppb(signer.MaxSignatureLength()); bytes sigppb(signer.MaxSignatureLength());
size_t ssz = signer.SignMessage(pp::PRNG, m.data(), m.size(), sigppb.data()); size_t ssz = signer.SignMessage(pp::PRNG, m.data(), m.size(), sigppb.data());
r.Decode(sigppb.data(), 32); Signature sigpp;
s.Decode(sigppb.data()+32, 32); memcpy(sigpp.data(), sigppb.data(), 64);
cout << "cryptopp-signmsg r, s: " << endl << r << endl << s << endl; BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppb.data(), ssz));
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), sigppb.data(), ssz)); BOOST_REQUIRE(crypto::verify(key.pub(), sigpp, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), sigpp, hm));
BOOST_CHECK(dev::recover(sigpp, hm) == key.pub());
// this has a 25% of failing // sign with cryptopp and stringsource hash filter
Signature sigpp; string sigstr;
r.Encode(sigpp.data(), 32); StringSource ssrc(asString(m), true, new SignerFilter(pp::PRNG, signer, new StringSink(sigstr)));
s.Encode(sigpp.data()+32, 32); FixedHash<sizeof(Signature)> retsig((byte const*)sigstr.data(), Signature::ConstructFromPointer);
BOOST_WARN(dev::recover(sigpp, hm) == key.pub()); BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), retsig.data(), 64));
BOOST_REQUIRE(crypto::verify(key.pub(), retsig, bytesConstRef(&m)));
BOOST_REQUIRE(dev::verify(key.pub(), retsig, hm));
BOOST_CHECK(dev::recover(retsig, hm) == key.pub());
/// verification w/sec256lib
// requires public key and sig in standard format
byte encpub[65] = {0x04};
memcpy(&encpub[1], key.pub().data(), 64);
byte dersig[72];
// verify sec256lib sig w/sec256lib
size_t cssz = DSAConvertSignatureFormat(dersig, 72, DSA_DER, seclibsig.data(), 64, DSA_P1363);
BOOST_CHECK(cssz <= 72);
BOOST_REQUIRE(1 == secp256k1_ecdsa_verify(hm.data(), sizeof(hm), dersig, cssz, encpub, 65));
// verify cryptopp-raw sig w/sec256lib
cssz = DSAConvertSignatureFormat(dersig, 72, DSA_DER, sigppraw.data(), 64, DSA_P1363);
BOOST_CHECK(cssz <= 72);
BOOST_REQUIRE(1 == secp256k1_ecdsa_verify(hm.data(), sizeof(hm), dersig, cssz, encpub, 65));
// sign with stringsource // verify cryptopp sig w/sec256lib
string sigstr; cssz = DSAConvertSignatureFormat(dersig, 72, DSA_DER, sigppb.data(), 64, DSA_P1363);
StringSource ssrc(asString(m), true, new SignerFilter(pp::PRNG, signer, new StringSink(sigstr))); BOOST_CHECK(cssz <= 72);
FixedHash<sizeof(Signature)> retsig((byte const*)sigstr.data(), Signature::ConstructFromPointer); BOOST_REQUIRE(1 == secp256k1_ecdsa_verify(hm.data(), sizeof(hm), dersig, cssz, encpub, 65));
BOOST_REQUIRE(verifier.VerifyMessage(m.data(), m.size(), retsig.data(), 64)); }
// need to serialize signature for secp256k1lib to verify compact sig, then
// test if secp256k1lib can verify cryptopp sigs
// byte dersig[70];
// DSAConvertSignatureFormat(dersig, 70, DSA_DER, sig.data(), 64, DSA_P1363);
//
// byte encpub[65] = {0x04};
// memcpy(&encpub[1], key.pub().data(), 64);
// int r = secp256k1_ecdsa_verify(msg.data(), msg.size(), dersig, 70, encpub, 65);
// assert(r);
} }
BOOST_AUTO_TEST_CASE(cryptopp_public_export_import) BOOST_AUTO_TEST_CASE(cryptopp_public_export_import)
@ -172,10 +182,10 @@ BOOST_AUTO_TEST_CASE(cryptopp_public_export_import)
Public p; Public p;
pp::exportPublicKey(e.GetKey(), p); pp::exportPublicKey(e.GetKey(), p);
Address addr = right160(dev::sha3(p.ref())); Address addr = right160(dev::sha3(p.ref()));
assert(toAddress(s) == addr); BOOST_REQUIRE(toAddress(s) == addr);
KeyPair l(s); KeyPair l(s);
assert(l.address() == addr); BOOST_REQUIRE(l.address() == addr);
} }
BOOST_AUTO_TEST_CASE(ecies_eckeypair) BOOST_AUTO_TEST_CASE(ecies_eckeypair)
@ -187,10 +197,10 @@ BOOST_AUTO_TEST_CASE(ecies_eckeypair)
bytes b = asBytes(message); bytes b = asBytes(message);
encrypt(k.pub(), b); encrypt(k.pub(), b);
assert(b != asBytes(original)); BOOST_REQUIRE(b != asBytes(original));
decrypt(k.sec(), b); decrypt(k.sec(), b);
assert(b == asBytes(original)); BOOST_REQUIRE(b == asBytes(original));
} }
BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac)
@ -244,16 +254,16 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecies_message)
StringSource ss6 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocalFromFuture) ) ); StringSource ss6 (cipherFuture, true, new PK_DecryptorFilter(pp::PRNG, localDecryptor, new StringSink(plainLocalFromFuture) ) );
assert(plainLocal == message); BOOST_REQUIRE(plainLocal == message);
assert(plainFuture == plainLocal); BOOST_REQUIRE(plainFuture == plainLocal);
assert(plainFutureFromLocal == plainLocal); BOOST_REQUIRE(plainFutureFromLocal == plainLocal);
assert(plainLocalFromFuture == plainLocal); BOOST_REQUIRE(plainLocalFromFuture == plainLocal);
} }
BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
{ {
const int aesKeyLen = 16; const int aesKeyLen = 16;
assert(sizeof(char) == sizeof(byte)); BOOST_REQUIRE(sizeof(char) == sizeof(byte));
// generate test key // generate test key
AutoSeededRandomPool rng; AutoSeededRandomPool rng;
@ -276,7 +286,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
CTR_Mode<AES>::Encryption e; CTR_Mode<AES>::Encryption e;
e.SetKeyWithIV(key, key.size(), ctr); e.SetKeyWithIV(key, key.size(), ctr);
e.ProcessData(out, in, text.size()); e.ProcessData(out, in, text.size());
assert(text != original); BOOST_REQUIRE(text != original);
cipherCopy = text; cipherCopy = text;
} }
catch(CryptoPP::Exception& e) catch(CryptoPP::Exception& e)
@ -289,7 +299,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
CTR_Mode< AES >::Decryption d; CTR_Mode< AES >::Decryption d;
d.SetKeyWithIV(key, key.size(), ctr); d.SetKeyWithIV(key, key.size(), ctr);
d.ProcessData(out, in, text.size()); d.ProcessData(out, in, text.size());
assert(text == original); BOOST_REQUIRE(text == original);
} }
catch(CryptoPP::Exception& e) catch(CryptoPP::Exception& e)
{ {
@ -300,7 +310,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
// reencrypt ciphertext... // reencrypt ciphertext...
try try
{ {
assert(cipherCopy != text); BOOST_REQUIRE(cipherCopy != text);
in = (unsigned char*)&cipherCopy[0]; in = (unsigned char*)&cipherCopy[0];
out = (unsigned char*)&cipherCopy[0]; out = (unsigned char*)&cipherCopy[0];
@ -309,7 +319,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
e.ProcessData(out, in, text.size()); e.ProcessData(out, in, text.size());
// yep, ctr mode. // yep, ctr mode.
assert(cipherCopy == original); BOOST_REQUIRE(cipherCopy == original);
} }
catch(CryptoPP::Exception& e) catch(CryptoPP::Exception& e)
{ {
@ -321,7 +331,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr)
BOOST_AUTO_TEST_CASE(cryptopp_aes128_cbc) BOOST_AUTO_TEST_CASE(cryptopp_aes128_cbc)
{ {
const int aesKeyLen = 16; const int aesKeyLen = 16;
assert(sizeof(char) == sizeof(byte)); BOOST_REQUIRE(sizeof(char) == sizeof(byte));
AutoSeededRandomPool rng; AutoSeededRandomPool rng;
SecByteBlock key(0x00, aesKeyLen); SecByteBlock key(0x00, aesKeyLen);
@ -336,11 +346,11 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_cbc)
CryptoPP::CBC_Mode<Rijndael>::Encryption cbcEncryption(key, key.size(), iv); CryptoPP::CBC_Mode<Rijndael>::Encryption cbcEncryption(key, key.size(), iv);
cbcEncryption.ProcessData((byte*)&string128[0], (byte*)&string128[0], string128.size()); cbcEncryption.ProcessData((byte*)&string128[0], (byte*)&string128[0], string128.size());
assert(string128 != plainOriginal); BOOST_REQUIRE(string128 != plainOriginal);
CBC_Mode<Rijndael>::Decryption cbcDecryption(key, key.size(), iv); CBC_Mode<Rijndael>::Decryption cbcDecryption(key, key.size(), iv);
cbcDecryption.ProcessData((byte*)&string128[0], (byte*)&string128[0], string128.size()); cbcDecryption.ProcessData((byte*)&string128[0], (byte*)&string128[0], string128.size());
assert(plainOriginal == string128); BOOST_REQUIRE(plainOriginal == string128);
// plaintext whose size isn't divisible by block size must use stream filter for padding // plaintext whose size isn't divisible by block size must use stream filter for padding
@ -350,10 +360,10 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_cbc)
string cipher; string cipher;
StreamTransformationFilter* aesStream = new StreamTransformationFilter(cbcEncryption, new StringSink(cipher)); StreamTransformationFilter* aesStream = new StreamTransformationFilter(cbcEncryption, new StringSink(cipher));
StringSource source(string192, true, aesStream); StringSource source(string192, true, aesStream);
assert(cipher.size() == 32); BOOST_REQUIRE(cipher.size() == 32);
cbcDecryption.ProcessData((byte*)&cipher[0], (byte*)&string192[0], cipher.size()); cbcDecryption.ProcessData((byte*)&cipher[0], (byte*)&string192[0], cipher.size());
assert(string192 == plainOriginal); BOOST_REQUIRE(string192 == plainOriginal);
} }
BOOST_AUTO_TEST_CASE(eth_keypairs) BOOST_AUTO_TEST_CASE(eth_keypairs)
@ -390,8 +400,8 @@ int cryptoTest()
secp256k1_start(); secp256k1_start();
KeyPair p(Secret(fromHex("3ecb44df2159c26e0f995712d4f39b6f6e499b40749b1cf1246c37f9516cb6a4"))); KeyPair p(Secret(fromHex("3ecb44df2159c26e0f995712d4f39b6f6e499b40749b1cf1246c37f9516cb6a4")));
assert(p.pub() == Public(fromHex("97466f2b32bc3bb76d4741ae51cd1d8578b48d3f1e68da206d47321aec267ce78549b514e4453d74ef11b0cd5e4e4c364effddac8b51bcfc8de80682f952896f"))); BOOST_REQUIRE(p.pub() == Public(fromHex("97466f2b32bc3bb76d4741ae51cd1d8578b48d3f1e68da206d47321aec267ce78549b514e4453d74ef11b0cd5e4e4c364effddac8b51bcfc8de80682f952896f")));
assert(p.address() == Address(fromHex("8a40bfaa73256b60764c1bf40675a99083efb075"))); BOOST_REQUIRE(p.address() == Address(fromHex("8a40bfaa73256b60764c1bf40675a99083efb075")));
{ {
eth::Transaction t; eth::Transaction t;
t.nonce = 0; t.nonce = 0;
@ -406,7 +416,7 @@ int cryptoTest()
cnote << RLP(rlp); cnote << RLP(rlp);
cnote << toHex(rlp); cnote << toHex(rlp);
cnote << t.sha3(true); cnote << t.sha3(true);
assert(t.sender() == p.address()); BOOST_REQUIRE(t.sender() == p.address());
} }