|
|
|
@ -1287,7 +1287,7 @@ END_TEST
|
|
|
|
|
|
|
|
|
|
#define test_deterministic(KEY, MSG, K) do { \
|
|
|
|
|
sha256_Raw((uint8_t *)MSG, strlen(MSG), buf); \
|
|
|
|
|
init_k_rfc6979(fromhex(KEY), buf, &rng); \
|
|
|
|
|
init_rfc6979(fromhex(KEY), buf, &rng); \
|
|
|
|
|
generate_k_rfc6979(&k, &rng); \
|
|
|
|
|
bn_write_be(&k, buf); \
|
|
|
|
|
ck_assert_mem_eq(buf, fromhex(K), 32); \
|
|
|
|
@ -2650,6 +2650,56 @@ START_TEST(test_ed25519) {
|
|
|
|
|
}
|
|
|
|
|
END_TEST
|
|
|
|
|
|
|
|
|
|
START_TEST(test_ed25519_cosi) {
|
|
|
|
|
int MAXN=10;
|
|
|
|
|
ed25519_secret_key keys[MAXN];
|
|
|
|
|
ed25519_public_key pubkeys[MAXN];
|
|
|
|
|
ed25519_secret_key nonces[MAXN];
|
|
|
|
|
ed25519_public_key Rs[MAXN];
|
|
|
|
|
ed25519_cosi_signature sigs[MAXN];
|
|
|
|
|
unsigned char msg[32];
|
|
|
|
|
rfc6979_state rng;
|
|
|
|
|
int res;
|
|
|
|
|
|
|
|
|
|
init_rfc6979(fromhex("26c76712d89d906e6672dafa614c42e5cb1caac8c6568e4d2493087db51f0d36"),
|
|
|
|
|
fromhex("26659c1cf7321c178c07437150639ff0c5b7679c7ea195253ed9abda2e081a37"), &rng);
|
|
|
|
|
|
|
|
|
|
for (int N = 1; N < 11; N++) {
|
|
|
|
|
ed25519_public_key pk;
|
|
|
|
|
ed25519_public_key R;
|
|
|
|
|
ed25519_signature sig;
|
|
|
|
|
/* phase 0: create priv/pubkeys and combine pubkeys */
|
|
|
|
|
for (int j = 0; j < N; j++) {
|
|
|
|
|
generate_rfc6979(keys[j], &rng);
|
|
|
|
|
ed25519_publickey(keys[j], pubkeys[j]);
|
|
|
|
|
}
|
|
|
|
|
res = ed25519_cosi_combine_publickeys(pk, pubkeys, N);
|
|
|
|
|
ck_assert_int_eq(res, 0);
|
|
|
|
|
|
|
|
|
|
generate_rfc6979(msg, &rng);
|
|
|
|
|
|
|
|
|
|
/* phase 1: create nonces, commitments (R values) and combine commitments */
|
|
|
|
|
for (int j = 0; j < N; j++) {
|
|
|
|
|
generate_rfc6979(nonces[j], &rng);
|
|
|
|
|
ed25519_publickey(nonces[j], Rs[j]);
|
|
|
|
|
}
|
|
|
|
|
res = ed25519_cosi_combine_publickeys(R, Rs, N);
|
|
|
|
|
ck_assert_int_eq(res, 0);
|
|
|
|
|
|
|
|
|
|
/* phase 2: sign and combine signatures */
|
|
|
|
|
for (int j = 0; j < N; j++) {
|
|
|
|
|
ed25519_cosi_sign(msg, sizeof(msg), keys[j], nonces[j], R, pk, sigs[j]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ed25519_cosi_combine_signatures(sig, R, sigs, N);
|
|
|
|
|
|
|
|
|
|
/* check signature */
|
|
|
|
|
res = ed25519_sign_open(msg, sizeof(msg), pk, sig);
|
|
|
|
|
ck_assert_int_eq(res, 0);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
END_TEST
|
|
|
|
|
|
|
|
|
|
static void test_bip32_ecdh_init_node(HDNode *node, const char *seed_str, const char *curve_name) {
|
|
|
|
|
hdnode_from_seed((const uint8_t *)seed_str, strlen(seed_str), curve_name, node);
|
|
|
|
|
hdnode_fill_public_key(node);
|
|
|
|
@ -3040,6 +3090,10 @@ Suite *test_suite(void)
|
|
|
|
|
tcase_add_test(tc, test_ed25519);
|
|
|
|
|
suite_add_tcase(s, tc);
|
|
|
|
|
|
|
|
|
|
tc = tcase_create("ed25519_cosi");
|
|
|
|
|
tcase_add_test(tc, test_ed25519_cosi);
|
|
|
|
|
suite_add_tcase(s, tc);
|
|
|
|
|
|
|
|
|
|
tc = tcase_create("script");
|
|
|
|
|
tcase_add_test(tc, test_output_script);
|
|
|
|
|
suite_add_tcase(s, tc);
|
|
|
|
|