Do signature recovery/verification with 4 possible recid case

sipa · sipa · commit 6e0528785d4a · 2014-11-29T10:57:50.000+01:00
diff --git a/src/tests.c b/src/tests.c
@@ -939,16 +939,17 @@ void run_ecdsa_end_to_end(void) {
     }
 }
 
-void test_ecdsa_infinity(void) {
+/* Tests several edge cases. */
+void test_ecdsa_edge_cases(void) {
     const unsigned char msg32[32] = {
         'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
         'a', ' ', 'v', 'e', 'r', 'y', ' ', 's',
         'e', 'c', 'r', 'e', 't', ' ', 'm', 'e',
         's', 's', 'a', 'g', 'e', '.', '.', '.'
     };
     const unsigned char sig64[64] = {
-        // Generated by signing the above message with nonce 'This is the nonce we will use...'
-        // and secret key 0 (which is not valid), resulting in recid 0.
+        /* Generated by signing the above message with nonce 'This is the nonce we will use...'
+         * and secret key 0 (which is not valid), resulting in recid 0. */
         0x67, 0xCB, 0x28, 0x5F, 0x9C, 0xD1, 0x94, 0xE8,
         0x40, 0xD6, 0x29, 0x39, 0x7A, 0xF5, 0x56, 0x96,
         0x62, 0xFD, 0xE4, 0x46, 0x49, 0x99, 0x59, 0x63,
@@ -964,10 +965,32 @@ void test_ecdsa_infinity(void) {
     CHECK(secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 1));
     CHECK(!secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 2));
     CHECK(!secp256k1_ecdsa_recover_compact(msg32, 32, sig64, pubkey, &pubkeylen, 0, 3));
+
+    /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */
+    const unsigned char sigb64[64] = {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
+    };
+    unsigned char pubkeyb[33];
+    int pubkeyblen = 33;
+    for (int recid = 0; recid < 4; recid++) {
+        unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
+        CHECK(secp256k1_ecdsa_recover_compact(msg32, 32, sigb64, pubkeyb, &pubkeyblen, 1, recid));
+        CHECK(secp256k1_ecdsa_verify(msg32, 32, sigbder, sizeof(sigbder), pubkeyb, pubkeyblen) == 1);
+        /* Damage signature. */
+        sigbder[7]++;
+        CHECK(secp256k1_ecdsa_verify(msg32, 32, sigbder, sizeof(sigbder), pubkeyb, pubkeyblen) == 0);
+    }
 }
 
-void run_ecdsa_infinity(void) {
-    test_ecdsa_infinity();
+void run_ecdsa_edge_cases(void) {
+    test_ecdsa_edge_cases();
 }
 
 #ifdef ENABLE_OPENSSL_TESTS
@@ -1071,7 +1094,7 @@ int main(int argc, char **argv) {
     /* ecdsa tests */
     run_ecdsa_sign_verify();
     run_ecdsa_end_to_end();
-    run_ecdsa_infinity();
+    run_ecdsa_edge_cases();
 #ifdef ENABLE_OPENSSL_TESTS
     run_ecdsa_openssl();
 #endif
