ecdsa: add more extensive tests for recoverPubKey

11 years ago · 1a41ea8801
2 changed files with 33 additions and 11 deletions
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@ -236,10 +236,6 @@ function recoverPubKey(curve, e, signature, i) {
  var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
  curve.validate(Q)

-  if (!verifyRaw(curve, e, signature, Q)) {
-    throw new Error("Pubkey recovery unsuccessful")
-  }
-
  return Q
 }

--- a/test/ecdsa.js
+++ b/test/ecdsa.js
@ -25,17 +25,43 @@ describe('ecdsa', function() {
  })

  describe('recoverPubKey', function() {
-    it('succesfully recovers a public key', function() {
-      var d = BigInteger.ONE
-      var signature = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
+    fixtures.valid.forEach(function(f) {
+      it('recovers the pubKey for ' + f.d, function() {
+        var d = BigInteger.fromHex(f.d)
+        var Q = curve.params.G.multiply(d)
+        var signature = {
+          r: new BigInteger(f.signature.r),
+          s: new BigInteger(f.signature.s)
+        }
+        var h1 = crypto.sha256(f.message)
+        var e = BigInteger.fromBuffer(h1)
+        var Qprime = ecdsa.recoverPubKey(curve, e, signature, f.compact.i)
+
+        assert(Qprime.equals(Q))
+      })
+    })

-      var Q = curve.params.G.multiply(d)
+    describe('with i ∈ {0,1,2,3}', function() {
      var hash = message.magicHash('1111', networks.bitcoin)
      var e = BigInteger.fromBuffer(hash)
-      var parsed = ecdsa.parseSigCompact(signature)

-      var Qprime = ecdsa.recoverPubKey(curve, e, parsed.signature, parsed.i)
-      assert(Q.equals(Qprime))
+      var signature = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
+      var parsed = ecdsa.parseSigCompact(signature)
+      var points = [
+        '03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
+        '0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
+        '03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
+        '027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
+      ]
+
+      points.forEach(function(expectedHex, i) {
+        it('recovers an expected point for i of ' + i, function() {
+          var Qprime = ecdsa.recoverPubKey(curve, e, parsed.signature, i)
+          var QprimeHex = Qprime.getEncoded().toString('hex')
+
+          assert.equal(QprimeHex, expectedHex)
+        })
+      })
    })

    fixtures.invalid.recoverPubKey.forEach(function(f) {