1
var assert = require('assert');
2
var elliptic = require('../');
3
var hash = require('hash.js');
4

5
describe('ECDSA', function() {
6
  function test(name) {
7
    it('should work with ' + name + ' curve', function() {
8
      var curve = elliptic.curves[name];
9
      assert(curve);
10

11
      var ecdsa = new elliptic.ec(curve);
12
      var keys = ecdsa.genKeyPair({
13
        entropy: [
14
          1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
15
          21, 22, 23, 24, 25
16
        ]
17
      });
18
      var msg = 'deadbeef';
19

20
      // Get keys out of pair
21
      assert(keys.getPublic().x && keys.getPublic().y);
22
      assert(keys.getPrivate().length > 0);
23
      assert.equal(keys.getPrivate('hex').length, 64);
24
      assert(keys.getPublic('hex').length > 0);
25
      assert(keys.getPrivate('hex').length > 0);
26
      assert(keys.validate().result);
27

28
      // Sign and verify
29
      var signature = ecdsa.sign(msg, keys);
30
      assert(ecdsa.verify(msg, signature, keys), 'Normal verify');
31

32
      // Sign and verify on key
33
      var signature = keys.sign(msg);
34
      assert(keys.verify(msg, signature), 'On-key verify');
35

36
      // Load private key from hex
37
      var keys = ecdsa.keyFromPrivate(keys.getPrivate('hex'), 'hex');
38
      var signature = ecdsa.sign(msg, keys);
39
      assert(ecdsa.verify(msg, signature, keys), 'hex-private verify');
40

41
      // Load public key from compact hex
42
      var keys = ecdsa.keyFromPublic(keys.getPublic(true, 'hex'), 'hex');
43

44
      // Load public key from hex
45
      var keys = ecdsa.keyFromPublic(keys.getPublic('hex'), 'hex');
46

47
      // DER encoding
48
      var dsign = signature.toDER('hex');
49
      assert(ecdsa.verify(msg, dsign, keys), 'hex-DER encoded verify');
50
      var dsign = signature.toDER();
51
      assert(ecdsa.verify(msg, dsign, keys), 'DER encoded verify');
52

53
      // Wrong public key
54
      var keys = ecdsa.genKeyPair();
55
      assert(!ecdsa.verify(msg, signature, keys), 'Wrong key verify');
56

57
      // Invalid private key
58
      var keys = ecdsa.keyFromPrivate(keys.getPrivate('hex') +
59
                                      keys.getPrivate('hex'));
60
      assert(!ecdsa.verify(msg, signature, keys), 'Wrong key verify');
61
    });
62
  }
63
  test('secp256k1');
64
  test('ed25519');
65

66
  describe('RFC6979 vector', function() {
67
    function test(opt) {
68
      opt.cases.forEach(function(c) {
69
        var ecdsa = elliptic.ec({
70
          curve: opt.curve,
71
          hash: c.hash
72
        });
73
        var descr = 'should not fail on "' + opt.name + '" ' +
74
                    'and hash ' + c.hash.name + ' on "' + c.message + '"';
75
        it(descr, function() {
76
          var dgst = c.hash().update(c.message).digest();
77
          var sign = ecdsa.sign(dgst, opt.key);
78
          assert.equal(sign.r.toString(16), c.r);
79
          assert.equal(sign.s.toString(16), c.s);
80
          assert.ok(ecdsa.keyFromPublic(opt.pub).validate().result,
81
                    'Invalid public key');
82
          assert.ok(ecdsa.verify(dgst, sign, opt.pub),
83
                    'Invalid signature');
84
        });
85
      });
86
    }
87

88
    test({
89
      name: 'ECDSA, 192 Bits (Prime Field)',
90
      curve: elliptic.curves.p192,
91
      key: '6fab034934e4c0fc9ae67f5b5659a9d7d1fefd187ee09fd4',
92
      pub: {
93
        x: 'ac2c77f529f91689fea0ea5efec7f210d8eea0b9e047ed56',
94
        y: '3bc723e57670bd4887ebc732c523063d0a7c957bc97c1c43'
95
      },
96
      cases: [
97
        {
98
          message: 'sample',
99
          hash: hash.sha224,
100
          r: 'a1f00dad97aeec91c95585f36200c65f3c01812aa60378f5',
101
          s: 'e07ec1304c7c6c9debbe980b9692668f81d4de7922a0f97a'
102
        },
103
        {
104
          message: 'sample',
105
          hash: hash.sha256,
106
          r: '4b0b8ce98a92866a2820e20aa6b75b56382e0f9bfd5ecb55',
107
          s: 'ccdb006926ea9565cbadc840829d8c384e06de1f1e381b85'
108
        },
109
        {
110
          message: 'test',
111
          hash: hash.sha224,
112
          r: '6945a1c1d1b2206b8145548f633bb61cef04891baf26ed34',
113
          s: 'b7fb7fdfc339c0b9bd61a9f5a8eaf9be58fc5cba2cb15293'
114
        },
115
        {
116
          message: 'test',
117
          hash: hash.sha256,
118
          r: '3a718bd8b4926c3b52ee6bbe67ef79b18cb6eb62b1ad97ae',
119
          s: '5662e6848a4a19b1f1ae2f72acd4b8bbe50f1eac65d9124f'
120
        }
121
      ],
122
    });
123

124
    test({
125
      name: 'ECDSA, 224 Bits (Prime Field)',
126
      curve: elliptic.curves.p224,
127
      key: 'f220266e1105bfe3083e03ec7a3a654651f45e37167e88600bf257c1',
128
      pub: {
129
        x: '00cf08da5ad719e42707fa431292dea11244d64fc51610d94b130d6c',
130
        y: 'eeab6f3debe455e3dbf85416f7030cbd94f34f2d6f232c69f3c1385a'
131
      },
132
      cases: [
133
        {
134
          message: 'sample',
135
          hash: hash.sha224,
136
          r: '1cdfe6662dde1e4a1ec4cdedf6a1f5a2fb7fbd9145c12113e6abfd3e',
137
          s: 'a6694fd7718a21053f225d3f46197ca699d45006c06f871808f43ebc'
138
        },
139
        {
140
          message: 'sample',
141
          hash: hash.sha256,
142
          r: '61aa3da010e8e8406c656bc477a7a7189895e7e840cdfe8ff42307ba',
143
          s: 'bc814050dab5d23770879494f9e0a680dc1af7161991bde692b10101'
144
        },
145
        {
146
          message: 'test',
147
          hash: hash.sha224,
148
          r: 'c441ce8e261ded634e4cf84910e4c5d1d22c5cf3b732bb204dbef019',
149
          s: '902f42847a63bdc5f6046ada114953120f99442d76510150f372a3f4'
150
        },
151
        {
152
          message: 'test',
153
          hash: hash.sha256,
154
          r: 'ad04dde87b84747a243a631ea47a1ba6d1faa059149ad2440de6fba6',
155
          s: '178d49b1ae90e3d8b629be3db5683915f4e8c99fdf6e666cf37adcfd'
156
        }
157
      ],
158
    });
159

160
    test({
161
      name: 'ECDSA, 256 Bits (Prime Field)',
162
      curve: elliptic.curves.p256,
163
      key: 'c9afa9d845ba75166b5c215767b1d6934e50c3db36e89b127b8a622b120f6721',
164
      pub: {
165
        x: '60fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6',
166
        y: '7903fe1008b8bc99a41ae9e95628bc64f2f1b20c2d7e9f5177a3c294d4462299'
167
      },
168
      cases: [
169
        {
170
          message: 'sample',
171
          hash: hash.sha224,
172
          r: '53b2fff5d1752b2c689df257c04c40a587fababb3f6fc2702f1343af7ca9aa3f',
173
          s: 'b9afb64fdc03dc1a131c7d2386d11e349f070aa432a4acc918bea988bf75c74c'
174
        },
175
        {
176
          message: 'sample',
177
          hash: hash.sha256,
178
          r: 'efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716',
179
          s: 'f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8'
180
        },
181
        {
182
          message: 'test',
183
          hash: hash.sha224,
184
          r: 'c37edb6f0ae79d47c3c27e962fa269bb4f441770357e114ee511f662ec34a692',
185
          s: 'c820053a05791e521fcaad6042d40aea1d6b1a540138558f47d0719800e18f2d'
186
        },
187
        {
188
          message: 'test',
189
          hash: hash.sha256,
190
          r: 'f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d38367',
191
          s: '19f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083'
192
        }
193
      ],
194
    });
195
  });
196

197
  it('should deterministically generate private key', function() {
198
    var curve = elliptic.curves.secp256k1;
199
    assert(curve);
200

201
    var ecdsa = new elliptic.ec(curve);
202
    var keys = ecdsa.genKeyPair({
203
      pers: 'my.pers.string',
204
      entropy: hash.sha256().update('hello world').digest()
205
    });
206
    assert.equal(
207
      keys.getPrivate('hex'),
208
      '6160edb2b218b7f1394b9ca8eb65a72831032a1f2f3dc2d99291c2f7950ed887');
209
  });
210
});
211

212