/
multi_ed25519_test.rs
562 lines (486 loc) · 21.7 KB
/
multi_ed25519_test.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
// Copyright © Aptos Foundation
// SPDX-License-Identifier: Apache-2.0
use crate::{
ed25519::{Ed25519PrivateKey, Ed25519PublicKey, ED25519_PUBLIC_KEY_LENGTH},
multi_ed25519::{MultiEd25519PrivateKey, MultiEd25519PublicKey, MultiEd25519Signature},
test_utils::{TestAptosCrypto, TEST_SEED},
traits::*,
CryptoMaterialError::{ValidationError, WrongLengthError},
};
use core::convert::TryFrom;
use once_cell::sync::Lazy;
use rand::{rngs::StdRng, SeedableRng};
static MESSAGE: Lazy<TestAptosCrypto> = Lazy::new(|| TestAptosCrypto("Test Message".to_string()));
fn message() -> &'static TestAptosCrypto {
&MESSAGE
}
// Helper function to generate N ed25519 private keys.
fn generate_keys(n: usize) -> Vec<Ed25519PrivateKey> {
let mut rng = StdRng::from_seed(TEST_SEED);
(0..n)
.map(|_| Ed25519PrivateKey::generate(&mut rng))
.collect()
}
// Reused assertions in our tests.
fn test_successful_public_key_serialization(original_keys: &[Ed25519PublicKey], threshold: u8) {
let num_pks = original_keys.len();
let public_key: MultiEd25519PublicKey =
MultiEd25519PublicKey::new(original_keys.to_vec(), threshold).unwrap();
assert_eq!(public_key.threshold(), &threshold);
assert_eq!(public_key.public_keys().len(), num_pks);
assert_eq!(public_key.public_keys(), &original_keys.to_vec());
let serialized = public_key.to_bytes();
assert_eq!(serialized.len(), num_pks * ED25519_PUBLIC_KEY_LENGTH + 1);
let reserialized = MultiEd25519PublicKey::try_from(&serialized[..]);
assert!(reserialized.is_ok());
assert_eq!(public_key, reserialized.unwrap());
}
fn test_failed_public_key_serialization(
result: std::result::Result<MultiEd25519PublicKey, CryptoMaterialError>,
expected_error: CryptoMaterialError,
) {
assert!(result.is_err());
assert_eq!(result.err().unwrap(), expected_error);
}
fn test_successful_signature_serialization(private_keys: &[Ed25519PrivateKey], threshold: u8) {
let multi_private_key = MultiEd25519PrivateKey::new(private_keys.to_vec(), threshold).unwrap();
let multi_public_key = MultiEd25519PublicKey::from(&multi_private_key);
let multi_signature = multi_private_key.sign(message()).unwrap();
// Serialize then Deserialize.
let multi_signature_serialized =
MultiEd25519Signature::try_from(&multi_signature.to_bytes()[..]);
assert!(multi_signature_serialized.is_ok());
let multi_signature_serialized_unwrapped = multi_signature_serialized.unwrap();
assert_eq!(multi_signature, multi_signature_serialized_unwrapped);
// Ensure that the signature verifies.
assert!(multi_signature.verify(message(), &multi_public_key).is_ok());
}
// Test multi-sig Ed25519 public key serialization.
#[test]
fn test_multi_ed25519_public_key_serialization() {
let pub_keys_1: Vec<_> = generate_keys(1).iter().map(|x| x.public_key()).collect();
let pub_keys_10: Vec<_> = generate_keys(10).iter().map(|x| x.public_key()).collect();
let pub_keys_32: Vec<_> = generate_keys(32).iter().map(|x| x.public_key()).collect();
let pub_keys_33: Vec<_> = generate_keys(33).iter().map(|x| x.public_key()).collect();
// Test 1-of-1
test_successful_public_key_serialization(&pub_keys_1, 1);
// Test 1-of-10
test_successful_public_key_serialization(&pub_keys_10, 1);
// Test 7-of-10
test_successful_public_key_serialization(&pub_keys_10, 7);
// Test 10-of-10
test_successful_public_key_serialization(&pub_keys_10, 10);
// Test 2-of-32
test_successful_public_key_serialization(&pub_keys_32, 2);
// Test 32-of-32
test_successful_public_key_serialization(&pub_keys_32, 32);
// Test 11-of-10 (should fail).
let multi_key_11of10 = MultiEd25519PublicKey::new(pub_keys_10.clone(), 11);
test_failed_public_key_serialization(multi_key_11of10, ValidationError);
// Test 0-of-10 (should fail).
let multi_key_0of10 = MultiEd25519PublicKey::new(pub_keys_10, 0);
test_failed_public_key_serialization(multi_key_0of10, ValidationError);
// Test 1-of-33 (should fail).
let multi_key_1of33 = MultiEd25519PublicKey::new(pub_keys_33, 1);
test_failed_public_key_serialization(multi_key_1of33, WrongLengthError);
// Test try_from empty bytes (should fail).
let multi_key_empty_bytes = MultiEd25519PublicKey::try_from(&[] as &[u8]);
test_failed_public_key_serialization(multi_key_empty_bytes, WrongLengthError);
// Test try_from 1 byte (should fail).
let multi_key_1_byte = MultiEd25519PublicKey::try_from(&[0u8][..]);
test_failed_public_key_serialization(multi_key_1_byte, WrongLengthError);
// Test try_from 31 bytes (should fail).
let multi_key_31_bytes =
MultiEd25519PublicKey::try_from(&[0u8; ED25519_PUBLIC_KEY_LENGTH - 1][..]);
test_failed_public_key_serialization(multi_key_31_bytes, WrongLengthError);
// Test try_from 32 bytes (should fail) because we always need ED25519_PUBLIC_KEY_LENGTH * N + 1
// bytes (thus 32N + 1).
let multi_key_32_bytes = MultiEd25519PublicKey::try_from(&[0u8; ED25519_PUBLIC_KEY_LENGTH][..]);
test_failed_public_key_serialization(multi_key_32_bytes, WrongLengthError);
// Test try_from 34 bytes (should fail).
let multi_key_34_bytes =
MultiEd25519PublicKey::try_from(&[0u8; ED25519_PUBLIC_KEY_LENGTH + 2][..]);
test_failed_public_key_serialization(multi_key_34_bytes, WrongLengthError);
// Test try_from 33 all zero bytes (size is fine, but it should fail due to
// validation issues).
let multi_key_33_zero_bytes =
MultiEd25519PublicKey::try_from(&[0u8; ED25519_PUBLIC_KEY_LENGTH + 1][..]);
test_failed_public_key_serialization(multi_key_33_zero_bytes, ValidationError);
let priv_keys_10 = generate_keys(10);
let pub_keys_10: Vec<_> = priv_keys_10.iter().map(|x| x.public_key()).collect();
let multi_private_key_7of10 = MultiEd25519PrivateKey::new(priv_keys_10, 7).unwrap();
let multi_public_key_7of10 = MultiEd25519PublicKey::new(pub_keys_10, 7).unwrap();
// Check that MultiEd25519PublicKey::from MultiEd25519PrivateKey works as expected.
let multi_public_key_7of10_from_multi_private_key =
MultiEd25519PublicKey::from(&multi_private_key_7of10);
assert_eq!(
multi_public_key_7of10_from_multi_private_key,
multi_public_key_7of10
);
// Check that MultiEd25519PublicKey::from Ed25519PublicKey works as expected.
let multi_public_key_from_ed25519 = MultiEd25519PublicKey::from(
multi_public_key_7of10_from_multi_private_key.public_keys()[0].clone(),
);
assert_eq!(multi_public_key_from_ed25519.public_keys().len(), 1);
assert_eq!(
&multi_public_key_from_ed25519.public_keys()[0],
&multi_public_key_7of10_from_multi_private_key.public_keys()[0]
);
assert_eq!(multi_public_key_from_ed25519.threshold(), &1u8);
}
// Test against known small subgroup public key.
#[ignore]
#[test]
fn test_publickey_smallorder() {
// A small group point with threshold 1 (last byte).
// See EIGHT_TORSION in ed25519_test.rs for more about small group points.
let torsion_point_with_threshold_1: [u8; 33] = [
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 1,
];
let torsion_key = MultiEd25519PublicKey::try_from(&torsion_point_with_threshold_1[..]);
assert!(torsion_key.is_err());
assert_eq!(
torsion_key.err().unwrap(),
CryptoMaterialError::SmallSubgroupError
);
}
// Test multi-sig Ed25519 signature serialization.
#[test]
fn test_multi_ed25519_signature_serialization() {
let priv_keys_3 = generate_keys(3);
// Test 1 of 3
test_successful_signature_serialization(&priv_keys_3, 1);
// Test 2 of 3
test_successful_signature_serialization(&priv_keys_3, 2);
// Test 3 of 3
test_successful_signature_serialization(&priv_keys_3, 3);
let priv_keys_32 = generate_keys(32);
// Test 1 of 32
test_successful_signature_serialization(&priv_keys_32, 1);
// Test 32 of 32
test_successful_signature_serialization(&priv_keys_32, 32);
// Construct from single Ed25519Signature.
let single_signature = priv_keys_3[0].sign(message()).unwrap();
let multi_signature = MultiEd25519Signature::from(single_signature.clone());
assert_eq!(1, multi_signature.signatures().len());
assert_eq!(multi_signature.signatures()[0], single_signature);
assert_eq!(multi_signature.bitmap(), &[0b1000_0000u8, 0u8, 0u8, 0u8]);
let multi_priv_key_1of3 = MultiEd25519PrivateKey::new(priv_keys_3.to_vec(), 1).unwrap();
let multi_pub_key_1of3 = MultiEd25519PublicKey::from(&multi_priv_key_1of3);
assert!(multi_signature
.verify(message(), &multi_pub_key_1of3)
.is_ok());
// We can construct signatures from 32 single signatures.
let sigs_32 = vec![single_signature.clone(); 32];
let indices = 0..32;
let sig32_tuple = sigs_32.into_iter().zip(indices).collect();
let multi_sig32 = MultiEd25519Signature::new(sig32_tuple);
assert!(multi_sig32.is_ok());
let multi_sig32_unwrapped = multi_sig32.unwrap();
assert_eq!(multi_sig32_unwrapped.bitmap(), &[
0b1111_1111,
0b1111_1111,
0b1111_1111,
0b1111_1111
]);
let pub_key_32 = vec![priv_keys_3[0].public_key(); 32];
let multi_pub_key_32 = MultiEd25519PublicKey::new(pub_key_32, 32).unwrap();
assert!(multi_sig32_unwrapped
.verify(message(), &multi_pub_key_32)
.is_ok());
// Fail to construct a MultiEd25519Signature object from 33 or more single signatures.
let sigs_33 = vec![single_signature.clone(); 33];
let indices = 0..33;
let sig33_tuple = sigs_33.into_iter().zip(indices).collect();
let multi_sig33 = MultiEd25519Signature::new(sig33_tuple);
assert!(multi_sig33.is_err());
assert_eq!(
multi_sig33.err().unwrap(),
CryptoMaterialError::ValidationError
);
// Fail to construct a MultiEd25519Signature object if there are duplicated indexes.
let sigs_3 = vec![single_signature; 3];
let indices_with_duplicate = vec![0u8, 1u8, 1u8];
let sig3_tuple = sigs_3
.clone()
.into_iter()
.zip(indices_with_duplicate)
.collect();
let multi_sig3 = MultiEd25519Signature::new(sig3_tuple);
assert!(multi_sig3.is_err());
assert_eq!(
multi_sig3.err().unwrap(),
CryptoMaterialError::BitVecError("Duplicate signature index".to_string())
);
// Fail to construct a MultiEd25519Signature object if an index is out of range.
let indices_with_out_of_range = vec![0u8, 33u8, 1u8];
let sig3_tuple = sigs_3.into_iter().zip(indices_with_out_of_range).collect();
let multi_sig3 = MultiEd25519Signature::new(sig3_tuple);
assert!(multi_sig3.is_err());
assert_eq!(
multi_sig3.err().unwrap(),
CryptoMaterialError::BitVecError("Signature index is out of range".to_string())
);
}
// Test multi-sig Ed25519 signature verification.
#[test]
fn test_multi_ed25519_signature_verification() {
let priv_keys_10 = generate_keys(10);
let pub_keys_10: Vec<_> = priv_keys_10.iter().map(|x| x.public_key()).collect();
let multi_private_key_7of10 = MultiEd25519PrivateKey::new(priv_keys_10.clone(), 7).unwrap();
let multi_public_key_7of10 = MultiEd25519PublicKey::from(&multi_private_key_7of10);
// Verifying a 7-of-10 signature against a public key with the same threshold should pass.
let multi_signature_7of10 = multi_private_key_7of10.sign(message()).unwrap();
assert_eq!(multi_signature_7of10.bitmap(), &[
0b1111_1110,
0u8,
0u8,
0u8
]);
assert!(multi_signature_7of10
.verify(message(), &multi_public_key_7of10)
.is_ok());
// Verifying a 7-of-10 signature against a public key with bigger threshold (i.e., 8) should fail.
let multi_public_key_8of10 = MultiEd25519PublicKey::new(pub_keys_10.clone(), 8).unwrap();
assert!(multi_signature_7of10
.verify(message(), &multi_public_key_8of10)
.is_err());
// Verifying a 7-of-10 signature against a public key with smaller threshold (i.e., 6) should pass.
let multi_public_key_6of10 = MultiEd25519PublicKey::new(pub_keys_10.clone(), 6).unwrap();
assert!(multi_signature_7of10
.verify(message(), &multi_public_key_6of10)
.is_ok());
// Verifying a 7-of-10 signature against a reordered MultiEd25519PublicKey should fail.
// To deterministically simulate reshuffling, we use a reversed vector of 10 keys.
// Note that because 10 is an even number, all of they keys will change position.
let mut pub_keys_10_reversed = pub_keys_10;
pub_keys_10_reversed.reverse();
let multi_public_key_7of10_reversed =
MultiEd25519PublicKey::new(pub_keys_10_reversed, 7).unwrap();
assert!(multi_signature_7of10
.verify(message(), &multi_public_key_7of10_reversed)
.is_err());
let priv_keys_3 = generate_keys(3);
let multi_private_key_1of3 = MultiEd25519PrivateKey::new(priv_keys_3.clone(), 1).unwrap();
let multi_public_key_1of3 = MultiEd25519PublicKey::from(&multi_private_key_1of3);
// Signing with the 2nd key must succeed.
let sig_with_2nd_key = priv_keys_3[1].sign(message()).unwrap();
let multi_sig_signed_by_2nd_key = MultiEd25519Signature::new(vec![(sig_with_2nd_key, 1)]);
assert!(multi_sig_signed_by_2nd_key.is_ok());
let multi_sig_signed_by_2nd_key_unwrapped = multi_sig_signed_by_2nd_key.unwrap();
assert_eq!(multi_sig_signed_by_2nd_key_unwrapped.bitmap(), &[
0b0100_0000,
0u8,
0u8,
0u8
]);
assert!(multi_sig_signed_by_2nd_key_unwrapped
.verify(message(), &multi_public_key_1of3)
.is_ok());
// Signing with the 2nd key but using wrong index will fail.
let sig_with_2nd_key = priv_keys_3[1].sign(message()).unwrap();
let multi_sig_signed_by_2nd_key_wrong_index =
MultiEd25519Signature::new(vec![(sig_with_2nd_key.clone(), 2)]);
assert!(multi_sig_signed_by_2nd_key_wrong_index.is_ok());
let failed_multi_sig_signed_by_2nd_key_wrong_index = multi_sig_signed_by_2nd_key_wrong_index
.unwrap()
.verify(message(), &multi_public_key_1of3);
assert!(failed_multi_sig_signed_by_2nd_key_wrong_index.is_err());
// Signing with the 2nd and 3rd keys must succeed, even if we surpass the threshold.
let sig_with_3rd_key = priv_keys_3[2].sign(message()).unwrap();
let multi_sig_signed_by_2nd_and_3rd_key = MultiEd25519Signature::new(vec![
(sig_with_2nd_key.clone(), 1),
(sig_with_3rd_key.clone(), 2),
]);
assert!(multi_sig_signed_by_2nd_and_3rd_key.is_ok());
let multi_sig_signed_by_2nd_and_3rd_key_unwrapped =
multi_sig_signed_by_2nd_and_3rd_key.unwrap();
assert_eq!(multi_sig_signed_by_2nd_and_3rd_key_unwrapped.bitmap(), &[
0b0110_0000,
0u8,
0u8,
0u8
]);
assert!(multi_sig_signed_by_2nd_and_3rd_key_unwrapped
.verify(message(), &multi_public_key_1of3)
.is_ok());
// Signing with the 2nd and 3rd keys will fail if we swap indexes.
let multi_sig_signed_by_2nd_and_3rd_key_swapped = MultiEd25519Signature::new(vec![
(sig_with_2nd_key.clone(), 2),
(sig_with_3rd_key.clone(), 1),
]);
let failed_multi_sig_signed_by_2nd_and_3rd_key_swapped =
multi_sig_signed_by_2nd_and_3rd_key_swapped
.unwrap()
.verify(message(), &multi_public_key_1of3);
assert!(failed_multi_sig_signed_by_2nd_and_3rd_key_swapped.is_err());
// Signing with the 2nd and an unrelated key. Although threshold is met, it should fail as
// we don't accept invalid signatures.
let sig_with_unrelated_key = priv_keys_10[9].sign(message()).unwrap();
let multi_sig_signed_by_2nd_and_unrelated_key = MultiEd25519Signature::new(vec![
(sig_with_2nd_key.clone(), 1),
(sig_with_unrelated_key, 2),
]);
assert!(multi_sig_signed_by_2nd_and_unrelated_key.is_ok());
let failed_verified_sig = multi_sig_signed_by_2nd_and_unrelated_key
.unwrap()
.verify(message(), &multi_public_key_1of3);
assert!(failed_verified_sig.is_err());
// Testing all combinations for 2 of 3.
let multi_private_key_2of3 = MultiEd25519PrivateKey::new(priv_keys_3.clone(), 2).unwrap();
let multi_public_key_2of3 = MultiEd25519PublicKey::from(&multi_private_key_2of3);
let sig_with_1st_key = priv_keys_3[0].sign(message()).unwrap();
// Signing with the 1st and 2nd keys must succeed.
let signed_by_1st_and_2nd_key = MultiEd25519Signature::new(vec![
(sig_with_1st_key.clone(), 0),
(sig_with_2nd_key.clone(), 1),
]);
assert!(signed_by_1st_and_2nd_key.is_ok());
let signed_by_1st_and_2nd_key_unwrapped = signed_by_1st_and_2nd_key.unwrap();
assert_eq!(signed_by_1st_and_2nd_key_unwrapped.bitmap(), &[
0b1100_0000,
0u8,
0u8,
0u8
]);
assert!(signed_by_1st_and_2nd_key_unwrapped
.verify(message(), &multi_public_key_2of3)
.is_ok());
// Signing with the 1st and 3rd keys must succeed.
let signed_by_1st_and_3rd_key = MultiEd25519Signature::new(vec![
(sig_with_1st_key.clone(), 0),
(sig_with_3rd_key.clone(), 2),
]);
assert!(signed_by_1st_and_3rd_key.is_ok());
let signed_by_1st_and_3rd_key_unwrapped = signed_by_1st_and_3rd_key.unwrap();
assert_eq!(signed_by_1st_and_3rd_key_unwrapped.bitmap(), &[
0b1010_0000,
0u8,
0u8,
0u8
]);
assert!(signed_by_1st_and_3rd_key_unwrapped
.verify(message(), &multi_public_key_2of3)
.is_ok());
// Signing with the 2nd and 3rd keys must succeed.
let signed_by_2nd_and_3rd_key = MultiEd25519Signature::new(vec![
(sig_with_2nd_key.clone(), 1),
(sig_with_3rd_key.clone(), 2),
]);
assert!(signed_by_2nd_and_3rd_key.is_ok());
let signed_by_2nd_and_3rd_key_unwrapped = signed_by_2nd_and_3rd_key.unwrap();
assert_eq!(signed_by_2nd_and_3rd_key_unwrapped.bitmap(), &[
0b0110_0000,
0u8,
0u8,
0u8
]);
assert!(signed_by_2nd_and_3rd_key_unwrapped
.verify(message(), &multi_public_key_2of3)
.is_ok());
// Signing with the 2nd and 3rd keys must succeed.
let signed_by_all_3_keys = MultiEd25519Signature::new(vec![
(sig_with_1st_key, 0),
(sig_with_2nd_key.clone(), 1),
(sig_with_3rd_key, 2),
]);
assert!(signed_by_all_3_keys.is_ok());
let signed_by_all_3_keys_unwrapped = signed_by_all_3_keys.unwrap();
assert_eq!(signed_by_all_3_keys_unwrapped.bitmap(), &[
0b1110_0000,
0u8,
0u8,
0u8
]);
assert!(signed_by_all_3_keys_unwrapped
.verify(message(), &multi_public_key_2of3)
.is_ok());
// Signing with the 2nd only will fail.
let signed_by_2nd_key = MultiEd25519Signature::new(vec![(sig_with_2nd_key, 1)]);
assert!(signed_by_2nd_key.is_ok());
let signed_by_2nd_key_unwrapped = signed_by_2nd_key.unwrap();
assert_eq!(signed_by_2nd_key_unwrapped.bitmap(), &[
0b0100_0000,
0u8,
0u8,
0u8
]);
assert!(signed_by_2nd_key_unwrapped
.verify(message(), &multi_public_key_2of3)
.is_err());
}
#[test]
fn test_invalid_multi_ed25519_signature_bitmap() {
let priv_keys_3 = generate_keys(3);
let multi_private_key_2of3 = MultiEd25519PrivateKey::new(priv_keys_3, 2).unwrap();
let multi_public_key_2of3 = MultiEd25519PublicKey::from(&multi_private_key_2of3);
let multi_signature_2of3 = multi_private_key_2of3.sign(message()).unwrap();
assert_eq!(multi_signature_2of3.bitmap(), &[0b1100_0000, 0u8, 0u8, 0u8]);
assert!(multi_signature_2of3
.verify(message(), &multi_public_key_2of3)
.is_ok());
let multi_signature_2of3_invalid_bitmap = MultiEd25519Signature::new_with_signatures_and_bitmap(
multi_signature_2of3.signatures().to_vec(),
[0b0000_1000, 0u8, 0u8, 0u8],
);
// Fails due to bitmap is set with a bit that's invalid
assert!(multi_signature_2of3_invalid_bitmap
.verify(message(), &multi_public_key_2of3)
.is_err());
let multi_signature_1of3 = MultiEd25519Signature::new_with_signatures_and_bitmap(
multi_signature_2of3.signatures().to_vec(),
[0b1000_0000, 0u8, 0u8, 0u8],
);
// Bitmap is valid, but fails due to threshold is not met
assert!(multi_signature_1of3
.verify(message(), &multi_public_key_2of3)
.is_err());
}
/// Used for generating test cases for the MultiEd25519 Move module.
#[test]
#[ignore]
fn test_sample_multisig() {
let test_cases = [(1, 1), (1, 2), (2, 2), (2, 3), (3, 10), (15, 32)]
.iter()
.map(|(k, n)| (*k as usize, *n as usize))
.collect::<Vec<(usize, usize)>>();
let mut ks = vec![];
let mut ns = vec![];
let mut pks = vec![];
let mut sigs = vec![];
let msg = b"Hello Aptos!";
for &(k, n) in test_cases.iter() {
let private_keys = generate_keys(n);
let multi_private_key =
MultiEd25519PrivateKey::new(private_keys.to_vec(), k as u8).unwrap();
let multi_public_key = MultiEd25519PublicKey::from(&multi_private_key);
let multi_signature = multi_private_key.sign_arbitrary_message(msg);
ks.push(k);
ns.push(n);
pks.push(multi_public_key);
sigs.push(multi_signature);
}
println!("let msg = b\"Hello Aptos!\";");
print!("//let ks = vector[");
for k in ks {
print!("{k}, ")
}
println!("]; // the thresholds, implicitly encoded in the public keys");
print!("let ns = vector[");
for n in ns {
print!("{n}, ")
}
println!("];");
println!("let pks = vector[");
for pk in pks {
println!("\tx\"{}\",", hex::encode(pk.to_bytes()));
}
println!("];");
println!("let sigs = vector[");
for sig in sigs {
println!("\tx\"{}\",", hex::encode(sig.to_bytes()));
}
println!("];");
println!();
}