diff options
| author | Andrew Chow <achow101-github@achow101.com> | 2018-07-14 16:03:28 -0700 |
|---|---|---|
| committer | Andrew Chow <achow101-github@achow101.com> | 2018-08-09 18:39:56 -0700 |
| commit | 18dfea0dd082af18dfb02981b7ee1cd44d514388 (patch) | |
| tree | ed176dc1ae965ff650a12c4b81f4da91c35d783e /src/test | |
| parent | 9d86aad287f07e20066138b9f909758ad7a2e098 (diff) | |
| download | bitcoin-18dfea0dd082af18dfb02981b7ee1cd44d514388.tar.xz | |
Always create 70 byte signatures with low R values
When extra entropy is not specified by the caller, CKey::Sign will
now always create a signature that has a low R value and is at most
70 bytes. The resulting signature on the stack will be 71 bytes when
the sighash byte is included.
Using low R signatures means that the resulting DER encoded signature
will never need to have additional padding to account for high R
values.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/key_tests.cpp | 36 | ||||
| -rw-r--r-- | src/test/script_tests.cpp | 2 |
2 files changed, 37 insertions, 1 deletions
diff --git a/src/test/key_tests.cpp b/src/test/key_tests.cpp index 64c57f0705..acd213dac2 100644 --- a/src/test/key_tests.cpp +++ b/src/test/key_tests.cpp @@ -152,4 +152,40 @@ BOOST_AUTO_TEST_CASE(key_test1) BOOST_CHECK(detsigc == ParseHex("2052d8a32079c11e79db95af63bb9600c5b04f21a9ca33dc129c2bfa8ac9dc1cd561d8ae5e0f6c1a16bde3719c64c2fd70e404b6428ab9a69566962e8771b5944d")); } +BOOST_AUTO_TEST_CASE(key_signature_tests) +{ + // When entropy is specified, we should see at least one high R signature within 20 signatures + CKey key = DecodeSecret(strSecret1); + std::string msg = "A message to be signed"; + uint256 msg_hash = Hash(msg.begin(), msg.end()); + std::vector<unsigned char> sig; + bool found = false; + + for (int i = 1; i <=20; ++i) { + sig.clear(); + key.Sign(msg_hash, sig, false, i); + found = sig[3] == 0x21 && sig[4] == 0x00; + if (found) { + break; + } + } + BOOST_CHECK(found); + + // When entropy is not specified, we should always see low R signatures that are less than 70 bytes in 256 tries + // We should see at least one signature that is less than 70 bytes. + found = true; + bool found_small = false; + for (int i = 0; i < 256; ++i) { + sig.clear(); + std::string msg = "A message to be signed" + std::to_string(i); + msg_hash = Hash(msg.begin(), msg.end()); + key.Sign(msg_hash, sig); + found = sig[3] == 0x20; + BOOST_CHECK(sig.size() <= 70); + found_small |= sig.size() < 70; + } + BOOST_CHECK(found); + BOOST_CHECK(found_small); +} + BOOST_AUTO_TEST_SUITE_END() diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp index 510910e149..63a9892821 100644 --- a/src/test/script_tests.cpp +++ b/src/test/script_tests.cpp @@ -369,7 +369,7 @@ public: std::vector<unsigned char> vchSig, r, s; uint32_t iter = 0; do { - key.Sign(hash, vchSig, iter++); + key.Sign(hash, vchSig, false, iter++); if ((lenS == 33) != (vchSig[5 + vchSig[3]] == 33)) { NegateSignatureS(vchSig); } |