urbit/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon
Jōshin 4cef7dc38b
bounds-check against sk=1
+sign:schnorr crashes on `=(0 sk)`, so the bounds checking code is not
exercised for sk=0. It also crashes on `(gte sk n.domain.c)`, which is
redundant with the size check on sk, so we remove that.
2022-02-03 13:21:21 -06:00

353 lines
12 KiB
Plaintext

:: tests for secp256k1 elliptic curve cryptography
::
/+ *test
=/ ecc secp256k1:secp:crypto
|%
:: from libsecp256k1 src/modules/recovery/tests_impl.h
:: there are more tests there, ports would be welcome
++ test-ecdsa-recovery-end-to-end
=/ util
=/ eny=@ 'ecdsa recovery test "entropy"'
=/ rnd ~(. og eny)
=/ dom t.ecc
|%
++ random-scalar-order
=* core .
=^ z rnd (rads:rnd (dec n.dom))
[`@`.+(z) core]
--
:: generate a random key and message
%+ category "random"
%- zing
=| [i=@ out=(list tang)]
|- ^+ out
?: =(i 64) out
=^ message util random-scalar-order:util
=^ privkey util random-scalar-order:util
=/ pubkey (priv-to-pub.ecc privkey)
=/ msghash (shax (shax message))
=/ sig (ecdsa-raw-sign.ecc msghash privkey)
=/ reckey (ecdsa-raw-recover.ecc msghash sig)
%= $
i .+(i)
out :_ out
%+ expect-eq
!> pubkey
!> reckey
==
::
++ test-ecdsa-recovery-edge-cases
=< %+ category "edge cases"
(zing ~[t1 t2 t3 t4 t5])
=/ msg32=@ '...egassem terces yrev a si sihT'
=/ r=@ux 0x67cb.285f.9cd1.94e8.
40d6.2939.7af5.5696.
62fd.e446.4999.5963.
179a.7dd1.7bd2.3532
=/ s=@ux 0x4b1b.7df3.4ce1.f68e.
694f.f6f1.1ac7.51dd.
7dd7.3e38.7ee4.fc86.
6e1b.e8ec.c7dd.9557
=/ r %+ turn (gulf 0 3)
|= v=@
(mule |.((ecdsa-raw-recover.ecc msg32 v r s)))
=/ t1 %+ expect-eq
!> %.n
!> -.&1.r
=/ t3 %+ expect-eq
!> %.n
!> -.&3.r
=/ t4 %+ expect-eq
!> %.n
!> -.&4.r
=/ t2 %+ expect-eq
!> :+ %.y
0x8687.4a6b.24a7.5462.
7116.560e.7ae1.5cd6.
9eb3.3e73.b4d8.c810.
33b2.7c2f.a9cf.5d1c
0xe13f.19fa.8dea.0d1a.
e3e8.4c91.146c.3386.
8f87.730e.31bb.486e.
b370.05d1.40cc.7a55
!> &2.r
:: (4,4) should recover with all 4 recids
:_ .
^= t5
%- expect-eq :_
!> %+ turn (gulf 0 3)
|= v=@
(mule |.((ecdsa-raw-recover.ecc msg32 v 4 4)))
!>
:~ :+ %.y
0x8a3d.70c0.4104.68e4.
5739.39af.01b9.9ea7.
b206.4910.6d55.acf9.
f558.eba2.8ed5.9a2e
0x77eb.58dd.36ed.385b.
3dcf.e7d3.62c8.16f3.
7d3b.ef3e.4a34.94b8.
6fcc.8357.5184.9329
:+ %.y
0x3e99.0254.a50d.6599.
26c9.28ef.8b54.181e.
e67e.27ff.bf63.eb69.
294b.9ab6.d27b.a225
0xa898.847e.931e.9b10.
2c0f.9b0f.9597.07ba.
f9b8.5e93.6425.fc72.
e80c.a868.e535.dfb4
:+ %.y
0x7e15.24fa.06ba.fd6e.
b9c0.2f27.9e13.1314.
be93.0570.0fc6.9e80.
d54d.29ab.3606.3f23
0x3f86.a967.33e7.723d.
fdde.4e03.382d.8c45.
3493.fa88.9050.5ba5.
cfc4.0a8b.226b.1b00
:+ %.y
0xb337.c9b7.4ca9.9ea9.
63c6.560d.2558.cdf0.
9c73.0120.8409.649a.
8a6d.1fb1.0e1c.b946
0x11df.5391.ee11.6de0.
a722.bc0f.be5f.6575.
3d07.03a9.9925.0581.
f7de.cd5e.f0f4.f809
==
++ test-schnorr
=> |%
+$ case-sec
$: sec=@
pub=@
aux=@
mes=@
sig=@
==
+$ case-pub
$: pub=@
mes=@
sig=@
res=?
==
--
=< %+ category "bip-0340 vectors"
(zing :(weld t1 t2 t3))
=/ cases-sec=(list case-sec)
:~
:* 0x3
0xf930.8a01.9258.c310.4934.4f85.f89d.5229.
b531.c845.836f.99b0.8601.f113.bce0.36f9
0
0
0xe907.831f.8084.8d10.69a5.371b.4024.1036.
4bdf.1c5f.8307.b008.4c55.f1ce.2dca.8215.
25f6.6a4a.85ea.8b71.e482.a74f.382d.2ce5.
ebee.e8fd.b217.2f47.7df4.900d.3105.36c0
==
:* 0xb7e1.5162.8aed.2a6a.bf71.5880.9cf4.f3c7.
62e7.160f.38b4.da56.a784.d904.5190.cfef
0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
1
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6896.bd60.eeae.296d.b48a.229f.f71d.fe07.
1bde.413e.6d43.f917.dc8d.cf8c.78de.3341.
8906.d11a.c976.abcc.b20b.0912.92bf.f4ea.
897e.fcb6.39ea.871c.fa95.f6de.339e.4b0a
==
:* 0xc90f.daa2.2168.c234.c4c6.628b.80dc.1cd1.
2902.4e08.8a67.cc74.020b.bea6.3b14.e5c9
0xdd30.8afe.c577.7e13.121f.a72b.9cc1.b7cc.
0139.7153.09b0.86c9.60e1.8fd9.6977.4eb8
0xc87a.a538.24b4.d7ae.2eb0.35a2.b5bb.bccc.
080e.76cd.c6d1.692c.4b0b.62d7.98e6.d906
0x7e2d.58d8.b3bc.df1a.bade.c782.9054.f90d.
da98.05aa.b56c.7733.3024.b9d0.a508.b75c
0x5831.aaee.d7b4.4bb7.4e5e.ab94.ba9d.4294.
c49b.cf2a.6072.8d8b.4c20.0f50.dd31.3c1b.
ab74.5879.a5ad.954a.72c4.5a91.c3a5.1d3c.
7ade.a98d.82f8.481e.0e1e.0367.4a6f.3fb7
==
:* 0xb43.2b26.7793.7381.aef0.5bb0.2a66.ecd0.
1277.3062.cf3f.a254.9e44.f58e.d240.1710
0x25d1.dff9.5105.f525.3c40.22f6.28a9.96ad.
3a0d.95fb.f21d.468a.1b33.f8c1.60d8.f517
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
0x7eb0.5097.57e2.46f1.9449.8856.5161.1cb9.
65ec.c1a1.87dd.51b6.4fda.1edc.9637.d5ec.
9758.2b9c.b13d.b393.3705.b32b.a982.af5a.
f25f.d788.81eb.b327.71fc.5922.efc6.6ea3
==
==
=/ t1
%+ turn cases-sec
|= case-sec
^- tang
%+ expect-eq
!> sig
!> (sign:schnorr:ecc sec mes aux)
=/ t2
%+ turn cases-sec
|= case-sec
^- tang
%- expect
!> (verify:schnorr:ecc pub mes sig)
=/ cases-pub=(list case-pub)
:~
:* 0xd69c.3509.bb99.e412.e68b.0fe8.544e.7283.
7dfa.3074.6d8b.e2aa.6597.5f29.d22d.c7b9
0x4df3.c3f6.8fcc.83b2.7e9d.42c9.0431.a724.
99f1.7875.c81a.599b.566c.9889.b969.6703
0x3b.78ce.563f.89a0.ed94.14f5.aa28.ad0d.
96d6.795f.9c63.76af.b154.8af6.03b3.eb45.
c9f8.207d.ee10.60cb.71c0.4e80.f593.060b.
07d2.8308.d7f4
%.y
==
:* 0xeefd.ea4c.db67.7750.a420.fee8.07ea.cf21.
eb98.98ae.79b9.7687.66e4.faa0.4a2d.4a34
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0xfff9.7bd5.755e.eea4.2045.3a14.3552.35d3.
82f6.472f.8568.a18b.2f05.7a14.6029.7556.
3cc2.7944.640a.c607.cd10.7ae1.0923.d9ef.
7a73.c643.e166.be5e.beaf.a34b.1ac5.53e2
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x1fa6.2e33.1edb.c21c.3947.92d2.ab11.00a7.
b432.b013.df3f.6ff4.f99f.cb33.e0e1.515f.
2889.0b3e.db6e.7189.b630.448b.515c.e4f8.
622a.954c.fe54.5735.aaea.5134.fccd.b2bd
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
9617.64b3.aa9b.2ffc.b6ef.947b.6887.a226.
e8d7.c93e.00c5.ed0c.1834.ff0d.0c2e.6da6
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x123d.da83.28af.9c23.a94c.1fee.cfd1.23ba.
4fb7.3476.f0d5.94dc.b65c.6425.bd18.6051
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x1.7615.fbaf.5ae2.8864.013c.0997.42de.
adb4.dba8.7f11.ac67.54f9.3780.d5a1.837c.
f197
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x4a29.8dac.ae57.395a.15d0.795d.dbfd.1dcb.
564d.a82b.0f26.9bc7.0a74.f822.0429.ba1d.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc2f.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
:* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be.
58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.fffe.
baae.dce6.af48.a03b.bfd2.5e8c.d036.4141
%.n
==
:* 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc30
0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344.
a409.3822.299f.31d0.082e.fa98.ec4e.6c89
0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f.
74c1.9760.89b2.d996.3da2.e554.3e17.7769.
69e8.9b4c.5564.d003.4910.6b84.9778.5dd7.
d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b
%.n
==
==
:_ .
^= t3
%+ turn cases-pub
|= case-pub
^- tang
%+ expect-eq
!> res
!> (verify:schnorr:ecc pub mes sig)
++ test-schnorr-bounds
=> |% +$ case [sec=@ pub=@ aux=@ mes=@ sig=@] --
=< %+ category "bounds"
(zing (weld t1 t2))
=/ too-big
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
=/ big-sig
0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.
ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff
=/ cases-big-sec=(list case)
:~ [too-big 0 0 0 0]
[1 0 too-big 0 0]
[1 0 0 too-big 0]
==
=/ cases-big-pub=(list case)
:~ [0 too-big 0 0 0]
[0 0 0 too-big 0]
[0 0 0 0 big-sig]
==
=/ t1
%+ turn cases-big-sec
|= case
%- expect-fail
|. (sign:schnorr:ecc sec mes aux)
:_ .
^= t2
%+ turn cases-big-pub
|= case
%- expect-fail
|. (verify:schnorr:ecc pub mes sig)
--