aboutsummaryrefslogtreecommitdiff
path: root/src/test/key_tests.cpp
AgeCommit message (Collapse)Author
2018-08-13Merge #13666: Always create signatures with Low R valuesWladimir J. van der Laan
e306be742932d4ea5aca0ea4768e54b2fc3dc6a0 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow) 48b1473c898129a99212e2db36c61cf93625ea17 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow) 18dfea0dd082af18dfb02981b7ee1cd44d514388 Always create 70 byte signatures with low R values (Andrew Chow) Pull request description: When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes. Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R. Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average. DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures. Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-09Always create 70 byte signatures with low R valuesAndrew Chow
When extra entropy is not specified by the caller, CKey::Sign will now always create a signature that has a low R value and is at most 70 bytes. The resulting signature on the stack will be 71 bytes when the sighash byte is included. Using low R signatures means that the resulting DER encoded signature will never need to have additional padding to account for high R values.
2018-07-27Update copyright headers to 2018DrahtBot
2018-02-19Split key_io (address/key encodings) off from base58Pieter Wuille
2018-02-19Replace CBitcoinSecret with {Encode,Decode}SecretPieter Wuille
2018-01-03Increment MIT Licence copyright header year on files modified in 2017Akira Takizawa
2017-11-16scripted-diff: Replace #include "" with #include <> (ryanofsky)MeshCollider
-BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT-
2017-09-06Introduce wrappers around CBitcoinAddressPieter Wuille
This patch removes the need for the intermediary Base58 type CBitcoinAddress, by providing {Encode,Decode,IsValid}Destination function that directly operate on the conversion between strings and CTxDestination.
2017-03-17Remove unused codepracticalswift
2017-01-02Refactoring: Removed using namespace <xxx> from bench/ and test/ source files.Karl-Johan Alm
2015-12-13Bump copyright headers to 2015MarcoFalke
2015-03-12tests: add a BasicTestingSetup and apply to all testsWladimir J. van der Laan
Make sure that chainparams and logging is properly initialized. Doing this for every test may be overkill, but this initialization is so simple that that does not matter. This should fix the travis issues.
2014-12-16Remove references to X11 licenceMichael Ford
2014-12-01Merge pull request #5227Wladimir J. van der Laan
4cdaa95 Resize after succesful result (Pieter Wuille) 9d8604f Header define style cleanups (Pieter Wuille) a53fd41 Deterministic signing (Pieter Wuille) 3060e36 Add the RFC6979 PRNG (Pieter Wuille) a8f5087 Add HMAC-SHA256 (Pieter Wuille) 36fa4a7 Split up crypto/sha2 (Pieter Wuille)
2014-11-23Add sanity check after key generationPieter Wuille
Add a sanity check to prevent cosmic rays from flipping a bit in the generated public key, or bugs in the elliptic curve code. This is simply done by signing a (randomized) message, and verifying the result.
2014-11-20Deterministic signingPieter Wuille
2014-10-13Typo in testLuke
2014-09-08Move CScript class and dependencies to script/scriptjtimon
2014-09-08Rename script.h/.cpp to scriptutils.h/.cpp (plus remove duplicated includes)jtimon
2014-03-18Add licenses for tests and test dataWladimir J. van der Laan
- Add license headers to source files (years based on commit dates) in `src/test` as well as `qa` - Add `README.md` to `src/test/data` specifying MIT license Fixes #3848
2013-11-10Cleanup code using forward declarations.Brandon Dahler
Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-05-30CSecret/CKey -> CKey/CPubKey split/refactorPieter Wuille
2012-05-24Refactor: split CKeyID/CScriptID/CTxDestination from CBitcoinAddressPieter Wuille
This introduces internal types: * CKeyID: reference (hash160) of a key * CScriptID: reference (hash160) of a script * CTxDestination: a boost::variant of the former two CBitcoinAddress is retrofitted to be a Base58 encoding of a CTxDestination. This allows all internal code to only use the internal types, and only have RPC and GUI depend on the base58 code. Furthermore, the header dependencies are a lot saner now. base58.h is at the top (right below rpc and gui) instead of at the bottom. For the rest: wallet -> script -> keystore -> key. Only keystore still requires a forward declaration of CScript. Solving that would require splitting script into two layers.
2012-04-12CBitcoinSecret::SetString() now calls IsValid() to make sure it was passed ↵Chris Moore
something with the correct version.
2012-01-09Unit tests for EC key routinesPieter Wuille
This tests: * creation of keys from base58-encoded strings * extracting public keys and addresses * compressed public keys * compact signatures and key recovery