-
Notifications
You must be signed in to change notification settings - Fork 366
/
ecdsa_secpr_test.go
111 lines (97 loc) · 2.97 KB
/
ecdsa_secpr_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package ecdsa
import (
cryptoecdsa "crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"crypto/sha512"
"math/big"
"testing"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/std/math/emulated"
"github.com/consensys/gnark/test"
"golang.org/x/crypto/cryptobyte"
"golang.org/x/crypto/cryptobyte/asn1"
)
func TestEcdsaP256PreHashed(t *testing.T) {
// generate parameters
privKey, _ := cryptoecdsa.GenerateKey(elliptic.P256(), rand.Reader)
publicKey := privKey.PublicKey
// sign
msg := []byte("testing ECDSA (pre-hashed)")
msgHash := sha256.Sum256(msg)
sigBin, _ := privKey.Sign(rand.Reader, msgHash[:], nil)
// check that the signature is correct
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sigBin)
if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
!input.Empty() ||
!inner.ReadASN1Integer(r) ||
!inner.ReadASN1Integer(s) ||
!inner.Empty() {
panic("invalid sig")
}
flag := cryptoecdsa.Verify(&publicKey, msgHash[:], r, s)
if !flag {
t.Errorf("can't verify signature")
}
circuit := EcdsaCircuit[emulated.P256Fp, emulated.P256Fr]{}
witness := EcdsaCircuit[emulated.P256Fp, emulated.P256Fr]{
Sig: Signature[emulated.P256Fr]{
R: emulated.ValueOf[emulated.P256Fr](r),
S: emulated.ValueOf[emulated.P256Fr](s),
},
Msg: emulated.ValueOf[emulated.P256Fr](msgHash[:]),
Pub: PublicKey[emulated.P256Fp, emulated.P256Fr]{
X: emulated.ValueOf[emulated.P256Fp](privKey.PublicKey.X),
Y: emulated.ValueOf[emulated.P256Fp](privKey.PublicKey.Y),
},
}
assert := test.NewAssert(t)
err := test.IsSolved(&circuit, &witness, ecc.BN254.ScalarField())
assert.NoError(err)
}
func TestEcdsaP384PreHashed(t *testing.T) {
// generate parameters
privKey, _ := cryptoecdsa.GenerateKey(elliptic.P384(), rand.Reader)
publicKey := privKey.PublicKey
// sign
msg := []byte("testing ECDSA (pre-hashed)")
msgHash := sha512.Sum384(msg)
sigBin, _ := privKey.Sign(rand.Reader, msgHash[:], nil)
// check that the signature is correct
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sigBin)
if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
!input.Empty() ||
!inner.ReadASN1Integer(r) ||
!inner.ReadASN1Integer(s) ||
!inner.Empty() {
panic("invalid sig")
}
flag := cryptoecdsa.Verify(&publicKey, msgHash[:], r, s)
if !flag {
t.Errorf("can't verify signature")
}
circuit := EcdsaCircuit[emulated.P384Fp, emulated.P384Fr]{}
witness := EcdsaCircuit[emulated.P384Fp, emulated.P384Fr]{
Sig: Signature[emulated.P384Fr]{
R: emulated.ValueOf[emulated.P384Fr](r),
S: emulated.ValueOf[emulated.P384Fr](s),
},
Msg: emulated.ValueOf[emulated.P384Fr](msgHash[:]),
Pub: PublicKey[emulated.P384Fp, emulated.P384Fr]{
X: emulated.ValueOf[emulated.P384Fp](privKey.PublicKey.X),
Y: emulated.ValueOf[emulated.P384Fp](privKey.PublicKey.Y),
},
}
assert := test.NewAssert(t)
err := test.IsSolved(&circuit, &witness, ecc.BN254.ScalarField())
assert.NoError(err)
}