<?php
require_once __DIR__ . "/../vendor/autoload.php";
use BN\BN;
class ECDSATest extends \PHPUnit\Framework\TestCase {
function ECDSACurveNames() {
return [
['secp256k1']
, ['ed25519']
, ['p256']
, ['p384']
, ['p521']
];
}
static $entropy = [
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
21, 22, 23, 24, 25
];
static $msg = 'deadbeef';
protected $curve;
protected $ecdsa;
protected $keys;
public function prepare($name) {
$this->curve = \Elliptic\Curves::getCurve($name);
$this->assertNotNull($this->curve);
$this->ecdsa = new \Elliptic\EC($this->curve);
$this->keys = $this->ecdsa->genKeyPair([ "entropy" => self::$entropy ]);
return [$this->curve, $this->ecdsa, $this->keys];
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_generate_proper_key_pair($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$keylen = 64;
if ($name == 'p384') {
$keylen = 96;
} else if ($name == 'p521') {
$keylen = 132;
}
// Get keys out of pair
$this->assertTrue( $keys->getPublic()->x && $keys->getPublic()->y );
$this->assertTrue( $keys->getPrivate()->byteLength() > 0);
$this->assertEquals( strlen($keys->getPrivate('hex')), $keylen);
$this->assertTrue( strlen($keys->getPublic('hex')) > 0);
$this->assertTrue( strlen($keys->getPrivate('hex')) > 0);
$this->assertTrue( $keys->validate()["result"], 'key validate' );
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_sign_and_verify($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $ecdsa->sign(self::$msg, $keys);
$this->assertTrue($ecdsa->verify(self::$msg, $signature, $keys), 'Normal verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_sign_and_verify_using_keys_methods($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $keys->sign(self::$msg);
$this->assertTrue($keys->verify(self::$msg, $signature), 'On-key verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_load_private_key_from_the_hex_value($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$copy = $ecdsa->keyFromPrivate($keys->getPrivate('hex'), 'hex');
$signature = $ecdsa->sign(self::$msg, $copy);
$this->assertTrue($ecdsa->verify(self::$msg, $signature, $copy), 'hex-private verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_have_signature_s_leq_keys_ec_nh($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
// key.sign(msg, options)
$sign = $keys->sign('deadbeef', [ "canonical" => true ]);
$this->assertTrue($sign->s->cmp($keys->ec->nh) <= 0);
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_support_options_k($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$sign = $keys->sign(self::$msg, [
"k" => function($iter) {
$this->assertTrue($iter >= 0);
return new BN(1358);
}
]);
$this->assertTrue($ecdsa->verify(self::$msg, $sign, $keys), 'custom-k verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_have_another_signature_with_pers($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$sign1 = $keys->sign(self::$msg);
$sign2 = $keys->sign(self::$msg, [ "pers" => '1234', "persEnc" => 'hex' ]);
$this->assertNotEquals($sign1->r->toString('hex') . $sign1->s->toString('hex'),
$sign2->r->toString('hex') . $sign2->s->toString('hex'));
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_load_public_key_from_compact_hex_value($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$pub = $keys->getPublic(true, 'hex');
$copy = $ecdsa->keyFromPublic($pub, 'hex');
$this->assertEquals($copy->getPublic(true, 'hex'), $pub);
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_load_public_key_from_hex_value($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$pub = $keys->getPublic('hex');
$copy = $ecdsa->keyFromPublic($pub, 'hex');
$this->assertEquals($copy->getPublic('hex'), $pub);
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_support_hex_DER_encoding_of_signatures($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $ecdsa->sign(self::$msg, $keys);
$dsign = $signature->toDER('hex');
$this->assertTrue($ecdsa->verify(self::$msg, $dsign, $keys), 'hex-DER encoded verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_support_DER_encoding_of_signatures($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $ecdsa->sign(self::$msg, $keys);
$dsign = $signature->toDER();
$this->assertTrue($ecdsa->verify(self::$msg, $dsign, $keys), 'DER encoded verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_not_verify_signature_with_wrong_public_key($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $ecdsa->sign(self::$msg, $keys);
$wrong = $ecdsa->genKeyPair();
$this->assertNotTrue($ecdsa->verify(self::$msg, $signature, $wrong), 'Wrong key verify');
}
/**
* @dataProvider ECDSACurveNames
*/
public function test_should_not_verify_signature_with_wrong_private_key($name) {
list($curve, $ecdsa, $keys) = $this->prepare($name);
$signature = $ecdsa->sign(self::$msg, $keys);
$wrong = $ecdsa->keyFromPrivate($keys->getPrivate('hex') .
$keys->getPrivate('hex'), 'hex');
$this->assertNotTrue($ecdsa->verify(self::$msg, $signature, $wrong), 'Wrong key verify');
}
// TODO: Implement RFC6979 vectors test
function MaxwellsTrickVector() {
$p256 = \Elliptic\Curves::getCurve("p256");
$p384 = \Elliptic\Curves::getCurve("p384");
$msg = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855';
return [
[[
"curve" => $p256,
"pub" => '041548fc88953e06cd34d4b300804c5322cb48c24aaaa4d0' .
'7a541b0f0ccfeedeb0ae4991b90519ea405588bdf699f5e6' .
'd0c6b2d5217a5c16e8371062737aa1dae1',
"message" => $msg,
"sig" => '3006020106020104',
"result" => true
]],
[[
"curve" => $p256,
"pub" => '04ad8f60e4ec1ebdb6a260b559cb55b1e9d2c5ddd43a41a2' .
'd11b0741ef2567d84e166737664104ebbc337af3d861d352' .
'4cfbc761c12edae974a0759750c8324f9a',
"message" => $msg,
"sig" => '3006020106020104',
"result" => true
]],
[[
"curve" => $p256,
"pub" => '0445bd879143a64af5746e2e82aa65fd2ea07bba4e355940' .
'95a981b59984dacb219d59697387ac721b1f1eccf4b11f43' .
'ddc39e8367147abab3084142ed3ea170e4',
"message" => $msg,
"sig" => '301502104319055358e8617b0c46353d039cdaae020104',
"result" => true
]],
[[
"curve" => $p256,
"pub" => '040feb5df4cc78b35ec9c180cc0de5842f75f088b4845697' .
'8ffa98e716d94883e1e6500b2a1f6c1d9d493428d7ae7d9a' .
'8a560fff30a3d14aa160be0c5e7edcd887',
"message" => $msg,
"sig" => '301502104319055358e8617b0c46353d039cdaae020104',
"result" => false
]],
[[
"curve" => $p384,
"pub" => '0425e299eea9927b39fa92417705391bf17e8110b4615e9e' .
'b5da471b57be0c30e7d89dbdc3e5da4eae029b300344d385' .
'1548b59ed8be668813905105e673319d59d32f574e180568' .
'463c6186864888f6c0b67b304441f82aab031279e48f047c31',
"message" => $msg,
"sig" => '3006020103020104',
"result" => true
]],
[[
"curve" => $p384,
"pub" => '04a328f65c22307188b4af65779c1d2ec821c6748c6bd8dc' .
'0e6a008135f048f832df501f7f3f79966b03d5bef2f187ec' .
'34d85f6a934af465656fb4eea8dd9176ab80fbb4a27a649f' .
'526a7dfe616091b78d293552bc093dfde9b31cae69d51d3afb',
"message" => $msg,
"sig" => '3006020103020104',
"result" => true
]],
[[
"curve" => $p384,
"pub" => '04242e8585eaa7a28cc6062cab4c9c5fd536f46b17be1728' .
'288a2cda5951df4941aed1d712defda023d10aca1c5ee014' .
'43e8beacd821f7efa27847418ab95ce2c514b2b6b395ee73' .
'417c83dbcad631421f360d84d64658c98a62d685b220f5aad4',
"message" => $msg,
"sig" => '301d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68e020104',
"result" => true
]],
[[
"curve" => $p384,
"pub" => '04cdf865dd743fe1c23757ec5e65fd5e4038b472ded2af26' .
'1e3d8343c595c8b69147df46379c7ca40e60e80170d34a11' .
'88dbb2b6f7d3934c23d2f78cfb0db3f3219959fad63c9b61' .
'2ef2f20d679777b84192ce86e781c14b1bbb77eacd6e0520e2',
"message" => $msg,
"sig" => '301d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68e020104',
"result" => false
]]
];
}
/**
* @dataProvider MaxwellsTrickVector
*/
public function test_should_pass_on_Maxwells_trick_vectors($vector) {
$ecdsa = new \Elliptic\EC($vector["curve"]);
$key = $ecdsa->keyFromPublic($vector["pub"], 'hex');
$msg = $vector["message"];
$sig = $vector["sig"];
$actual = $ecdsa->verify($msg, $sig, $key);
$this->assertEquals($actual, $vector["result"]);
}
public function test_should_deterministically_generate_private_key() {
$curve = \Elliptic\Curves::getCurve("secp256k1");
$this->assertNotNull($curve);
$ecdsa = new \Elliptic\EC($curve);
$keys = $ecdsa->genKeyPair(array(
"pers" => 'my.pers.string',
"entropy" => hash('sha256', 'hello world', true)
));
$this->assertEquals(
$keys->getPrivate('hex'),
'6160edb2b218b7f1394b9ca8eb65a72831032a1f2f3dc2d99291c2f7950ed887');
}
public function test_should_recover_the_public_key_from_a_signature() {
$ec = new \Elliptic\EC('secp256k1');
$key = $ec->genKeyPair();
$msg = [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ];
$signature = $key->sign($msg);
$recid = $ec->getKeyRecoveryParam($msg, $signature, $key->getPublic());
$r = $ec->recoverPubKey($msg, $signature, $recid);
$this->assertTrue($key->getPublic()->eq($r), 'the keys should match');
}
public function test_should_fail_to_recover_key_when_no_quadratic_residue_available() {
$ec = new \Elliptic\EC('secp256k1');
$message =
'f75c6b18a72fabc0f0b888c3da58e004f0af1fe14f7ca5d8c897fe164925d5e9';
$this->expectException(\Exception::class);
$ec->recoverPubKey($message, [
"r" => 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140',
"s" => '8887321be575c8095f789dd4c743dfe42c1820f9231f98a962b210e3ac2452a3'
], 0);
}
}