ecc: refactor/clean-up sign/verify APIs

tests/test_bitcoin.py

@@ -163,7 +163,7 @@ class Test_bitcoin(ElectrumTestCase):
         for message in [b"Chancellor on brink of second bailout for banks", b'\xff'*512]:
             self._do_test_crypto(message)
 
-    def _do_test_crypto(self, message):
+    def _do_test_crypto(self, message: bytes):
         G = ecc.GENERATOR
         _r  = G.order()
         pvk = randrange(_r)
@@ -186,9 +186,9 @@ class Test_bitcoin(ElectrumTestCase):
         dec2 = eck.decrypt_message(enc)
         self.assertEqual(message, dec2)
 
-        signature = eck.sign_message(message, True)
-        #print signature
-        self.assertTrue(eck.verify_message_for_address(signature, message))
+        msg32 = sha256d(ecc.usermessage_magic(message))
+        sig65 = eck.ecdsa_sign_recoverable(msg32, is_compressed=True)
+        self.assertTrue(eck.ecdsa_verify_recoverable(sig65, msg32))
 
     def test_ecc_sanity(self):
         G = ecc.GENERATOR
@@ -221,7 +221,7 @@ class Test_bitcoin(ElectrumTestCase):
     def sign_message_with_wif_privkey(wif_privkey: str, msg: bytes) -> bytes:
         txin_type, privkey, compressed = deserialize_privkey(wif_privkey)
         key = ecc.ECPrivkey(privkey)
-        return key.sign_message(msg, compressed)
+        return key.ecdsa_sign_usermessage(msg, is_compressed=compressed)
 
     def test_signmessage_legacy_address(self):
         msg1 = b'Chancellor on brink of second bailout for banks'
@@ -240,11 +240,11 @@ class Test_bitcoin(ElectrumTestCase):
         self.assertEqual(sig1_b64, b'Hzsu0U/THAsPz/MSuXGBKSULz2dTfmrg1NsAhFp+wH5aKfmX4Db7ExLGa7FGn0m6Mf43KsbEOWpvUUUBTM3Uusw=')
         self.assertEqual(sig2_b64, b'HBQdYfv7kOrxmRewLJnG7sV6KlU71O04hUnE4tai97p7Pg+D+yKaWXsdGgHTrKw90caQMo/D6b//qX50ge9P9iI=')
 
-        self.assertTrue(ecc.verify_message_with_address(addr1, sig1, msg1))
-        self.assertTrue(ecc.verify_message_with_address(addr2, sig2, msg2))
+        self.assertTrue(ecc.verify_usermessage_with_address(addr1, sig1, msg1))
+        self.assertTrue(ecc.verify_usermessage_with_address(addr2, sig2, msg2))
 
-        self.assertFalse(ecc.verify_message_with_address(addr1, b'wrong', msg1))
-        self.assertFalse(ecc.verify_message_with_address(addr1, sig2, msg1))
+        self.assertFalse(ecc.verify_usermessage_with_address(addr1, b'wrong', msg1))
+        self.assertFalse(ecc.verify_usermessage_with_address(addr1, sig2, msg1))
 
     def test_signmessage_segwit_witness_v0_address(self):
         msg = b'Electrum'
@@ -252,14 +252,14 @@ class Test_bitcoin(ElectrumTestCase):
         sig1 = self.sign_message_with_wif_privkey("p2wpkh-p2sh:L1cgMEnShp73r9iCukoPE3MogLeueNYRD9JVsfT1zVHyPBR3KqBY", msg)
         addr1 = "3DYoBqQ5N6dADzyQjy9FT1Ls4amiYVaqTG"
         self.assertEqual(base64.b64encode(sig1), b'HyFaND+87TtVbRhkTfT3mPNBCQcJ32XXtNZGW8sFldJsNpOPCegEmdcCf5Thy18hdMH88GLxZLkOby/EwVUuSeA=')
-        self.assertTrue(ecc.verify_message_with_address(addr1, sig1, msg))
-        self.assertFalse(ecc.verify_message_with_address(addr1, sig1, b'heyheyhey'))
+        self.assertTrue(ecc.verify_usermessage_with_address(addr1, sig1, msg))
+        self.assertFalse(ecc.verify_usermessage_with_address(addr1, sig1, b'heyheyhey'))
         # p2wpkh
         sig2 = self.sign_message_with_wif_privkey("p2wpkh:L1cgMEnShp73r9iCukoPE3MogLeueNYRD9JVsfT1zVHyPBR3KqBY", msg)
         addr2 = "bc1qq2tmmcngng78nllq2pvrkchcdukemtj56uyue0"
         self.assertEqual(base64.b64encode(sig2), b'HyFaND+87TtVbRhkTfT3mPNBCQcJ32XXtNZGW8sFldJsNpOPCegEmdcCf5Thy18hdMH88GLxZLkOby/EwVUuSeA=')
-        self.assertTrue(ecc.verify_message_with_address(addr2, sig2, msg))
-        self.assertFalse(ecc.verify_message_with_address(addr2, sig2, b'heyheyhey'))
+        self.assertTrue(ecc.verify_usermessage_with_address(addr2, sig2, msg))
+        self.assertFalse(ecc.verify_usermessage_with_address(addr2, sig2, b'heyheyhey'))
 
     def test_signmessage_segwit_witness_v0_address_test_we_also_accept_sigs_from_trezor(self):
         """Trezor and some other projects use a slightly different scheme for message-signing
@@ -272,13 +272,13 @@ class Test_bitcoin(ElectrumTestCase):
         addr2 = "bc1qannfxke2tfd4l7vhepehpvt05y83v3qsf6nfkk"
         sig1 = bytes.fromhex("23744de4516fac5c140808015664516a32fead94de89775cec7e24dbc24fe133075ac09301c4cc8e197bea4b6481661d5b8e9bf19d8b7b8a382ecdb53c2ee0750d")
         sig2 = bytes.fromhex("28b55d7600d9e9a7e2a49155ddf3cfdb8e796c207faab833010fa41fb7828889bc47cf62348a7aaa0923c0832a589fab541e8f12eb54fb711c90e2307f0f66b194")
-        self.assertTrue(ecc.verify_message_with_address(address=addr1, sig65=sig1, message=msg))
-        self.assertTrue(ecc.verify_message_with_address(address=addr2, sig65=sig2, message=msg))
+        self.assertTrue(ecc.verify_usermessage_with_address(address=addr1, sig65=sig1, message=msg))
+        self.assertTrue(ecc.verify_usermessage_with_address(address=addr2, sig65=sig2, message=msg))
         # if there is type information in the header of the sig (first byte), enforce that:
         sig1_wrongtype = bytes.fromhex("27744de4516fac5c140808015664516a32fead94de89775cec7e24dbc24fe133075ac09301c4cc8e197bea4b6481661d5b8e9bf19d8b7b8a382ecdb53c2ee0750d")
         sig2_wrongtype = bytes.fromhex("24b55d7600d9e9a7e2a49155ddf3cfdb8e796c207faab833010fa41fb7828889bc47cf62348a7aaa0923c0832a589fab541e8f12eb54fb711c90e2307f0f66b194")
-        self.assertFalse(ecc.verify_message_with_address(address=addr1, sig65=sig1_wrongtype, message=msg))
-        self.assertFalse(ecc.verify_message_with_address(address=addr2, sig65=sig2_wrongtype, message=msg))
+        self.assertFalse(ecc.verify_usermessage_with_address(address=addr1, sig65=sig1_wrongtype, message=msg))
+        self.assertFalse(ecc.verify_usermessage_with_address(address=addr2, sig65=sig2_wrongtype, message=msg))
 
     @needs_test_with_all_aes_implementations
     def test_decrypt_message(self):
@@ -303,17 +303,20 @@ class Test_bitcoin(ElectrumTestCase):
 
     def test_sign_transaction(self):
         eckey1 = ecc.ECPrivkey(bfh('7e1255fddb52db1729fc3ceb21a46f95b8d9fe94cc83425e936a6c5223bb679d'))
-        sig1 = eckey1.sign_transaction(bfh('5a548b12369a53faaa7e51b5081829474ebdd9c924b3a8230b69aa0be254cd94'))
+        sig1 = eckey1.ecdsa_sign(bfh('5a548b12369a53faaa7e51b5081829474ebdd9c924b3a8230b69aa0be254cd94'),
+                                 sigencode=ecc.ecdsa_der_sig_from_r_and_s)
         self.assertEqual('3044022066e7d6a954006cce78a223f5edece8aaedcf3607142e9677acef1cfcb91cfdde022065cb0b5401bf16959ce7b785ea7fd408be5e4cb7d8f1b1a32c78eac6f73678d9', sig1.hex())
 
         eckey2 = ecc.ECPrivkey(bfh('c7ce8c1462c311eec24dff9e2532ac6241e50ae57e7d1833af21942136972f23'))
-        sig2 = eckey2.sign_transaction(bfh('642a2e66332f507c92bda910158dfe46fc10afbf72218764899d3af99a043fac'))
+        sig2 = eckey2.ecdsa_sign(bfh('642a2e66332f507c92bda910158dfe46fc10afbf72218764899d3af99a043fac'),
+                                 sigencode=ecc.ecdsa_der_sig_from_r_and_s)
         self.assertEqual('30440220618513f4cfc87dde798ce5febae7634c23e7b9254a1eabf486be820f6a7c2c4702204fef459393a2b931f949e63ced06888f35e286e446dc46feb24b5b5f81c6ed52', sig2.hex())
 
     @disable_ecdsa_r_value_grinding
     def test_sign_transaction_without_ecdsa_r_value_grinding(self):
         eckey1 = ecc.ECPrivkey(bfh('7e1255fddb52db1729fc3ceb21a46f95b8d9fe94cc83425e936a6c5223bb679d'))
-        sig1 = eckey1.sign_transaction(bfh('5a548b12369a53faaa7e51b5081829474ebdd9c924b3a8230b69aa0be254cd94'))
+        sig1 = eckey1.ecdsa_sign(bfh('5a548b12369a53faaa7e51b5081829474ebdd9c924b3a8230b69aa0be254cd94'),
+                                 sigencode=ecc.ecdsa_der_sig_from_r_and_s)
         self.assertEqual('3045022100902a288b98392254cd23c0e9a49ac6d7920f171b8249a48e484b998f1874a2010220723d844826828f092cf400cb210c4fa0b8cd1b9d1a7f21590e78e022ff6476b9', sig1.hex())
 
     @needs_test_with_all_aes_implementations