secp256k1/ecdsa: Add sign and verify tests.#2908
Merged
davecgh merged 4 commits intodecred:masterfrom Apr 2, 2022
Merged
Conversation
davecgh
added
the
test coverage
JoeGruffins
approved these changes
Mar 30, 2022
rstaudt2
approved these changes
Mar 31, 2022
This refactors the primary logic for the regular ECDSA signing code to a separate function that accepts an arbitrary nonce. The primary motivation is to facilitate upcoming unit tests which aim to fully test both the positive and negative paths, however, it is also beneficial in that it provides more flexibility for potentially using other nonce generation mechanisms in the future should it be necessary.
Although the ECDSA code has been extensively tested through usage and
external fuzz testing, there are not currently any unit tests for the
non-compact signing and verification path.
This resolves that by adding signing and verification tests for both the
positive and negative paths. The following is a high-level overview of
the changes:
- Create new known good test data that is easily reproducible and has
been independently verified with the Sage computer algebra system
- The test data includes the original messages so the resulting hashes
are independently verifiable and have a known source
- The test data includes variations of signing the same data with
different keys and nonces, both deterministically generated via
RFC6979 and random, and signing different data with the same keys
- Add tests to ensure the aforementioned test data that was
independently verified produces the expected results
- Add tests which are specifically designed to exercise conditions that
lead to invalid signatures
- Add tests to help ensure the signature verification code fails to
verify edge conditions as expected by crafting signatures that are
specifically designed to hit them
This adds a test to sign and verify random data in addition to the existing tests the deal with known good data and edge conditions. Specifically, the test: - Generates random keys and messages with each run from a new random seed and log that seed in the event of failure - Signs the rand message with the random key and ensures the produced signature verifies correctly - Ensures mutating a random bit in each good signature results in that mutated signature failing to verify the original message - Ensures mutating a random bit in each message hash that was originally signed results in the original good signature failing to verify the new mutated message
davecgh
force-pushed
the
secp256k1_ecdsa_add_sign_and_verify_tests
branch
from
c49e886 to
d9ba0b9
Compare
dnldd
approved these changes
Mar 31, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Although the ECDSA code has been extensively tested through usage and external fuzz testing, there are not currently any unit tests for the non-compact signing and verification path.
This resolves that by adding signing and verification tests for both the positive and negative paths.
The following is a high-level overview of the changes: