github.com/SmartMeshFoundation/Spectrum@v0.0.0-20220621030607-452a266fee1e/crypto/secp256k1/secp256_test.go (about) 1 // Copyright 2015 The Spectrum Authors 2 // This file is part of the Spectrum library. 3 // 4 // The Spectrum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The Spectrum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the Spectrum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package secp256k1 18 19 import ( 20 "bytes" 21 "crypto/ecdsa" 22 "crypto/elliptic" 23 "crypto/rand" 24 "encoding/hex" 25 "testing" 26 27 "github.com/SmartMeshFoundation/Spectrum/common/math" 28 "github.com/SmartMeshFoundation/Spectrum/crypto/randentropy" 29 ) 30 31 const TestCount = 1000 32 33 func generateKeyPair() (pubkey, privkey []byte) { 34 key, err := ecdsa.GenerateKey(S256(), rand.Reader) 35 if err != nil { 36 panic(err) 37 } 38 pubkey = elliptic.Marshal(S256(), key.X, key.Y) 39 return pubkey, math.PaddedBigBytes(key.D, 32) 40 } 41 42 func randSig() []byte { 43 sig := randentropy.GetEntropyCSPRNG(65) 44 sig[32] &= 0x70 45 sig[64] %= 4 46 return sig 47 } 48 49 // tests for malleability 50 // highest bit of signature ECDSA s value must be 0, in the 33th byte 51 func compactSigCheck(t *testing.T, sig []byte) { 52 var b int = int(sig[32]) 53 if b < 0 { 54 t.Errorf("highest bit is negative: %d", b) 55 } 56 if ((b >> 7) == 1) != ((b & 0x80) == 0x80) { 57 t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7) 58 } 59 if (b & 0x80) == 0x80 { 60 t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80) 61 } 62 } 63 64 func TestSignatureValidity(t *testing.T) { 65 pubkey, seckey := generateKeyPair() 66 msg := randentropy.GetEntropyCSPRNG(32) 67 sig, err := Sign(msg, seckey) 68 if err != nil { 69 t.Errorf("signature error: %s", err) 70 } 71 compactSigCheck(t, sig) 72 if len(pubkey) != 65 { 73 t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey)) 74 } 75 if len(seckey) != 32 { 76 t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey)) 77 } 78 if len(sig) != 65 { 79 t.Errorf("sig length mismatch: want: 65 have: %d", len(sig)) 80 } 81 recid := int(sig[64]) 82 if recid > 4 || recid < 0 { 83 t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64])) 84 } 85 } 86 87 func TestInvalidRecoveryID(t *testing.T) { 88 _, seckey := generateKeyPair() 89 msg := randentropy.GetEntropyCSPRNG(32) 90 sig, _ := Sign(msg, seckey) 91 sig[64] = 99 92 _, err := RecoverPubkey(msg, sig) 93 if err != ErrInvalidRecoveryID { 94 t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID) 95 } 96 } 97 98 func TestSignAndRecover(t *testing.T) { 99 pubkey1, seckey := generateKeyPair() 100 msg := randentropy.GetEntropyCSPRNG(32) 101 sig, err := Sign(msg, seckey) 102 if err != nil { 103 t.Errorf("signature error: %s", err) 104 } 105 pubkey2, err := RecoverPubkey(msg, sig) 106 if err != nil { 107 t.Errorf("recover error: %s", err) 108 } 109 if !bytes.Equal(pubkey1, pubkey2) { 110 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 111 } 112 } 113 114 func TestSignDeterministic(t *testing.T) { 115 _, seckey := generateKeyPair() 116 msg := make([]byte, 32) 117 copy(msg, "hi there") 118 119 sig1, err := Sign(msg, seckey) 120 if err != nil { 121 t.Fatal(err) 122 } 123 sig2, err := Sign(msg, seckey) 124 if err != nil { 125 t.Fatal(err) 126 } 127 if !bytes.Equal(sig1, sig2) { 128 t.Fatal("signatures not equal") 129 } 130 } 131 132 func TestRandomMessagesWithSameKey(t *testing.T) { 133 pubkey, seckey := generateKeyPair() 134 keys := func() ([]byte, []byte) { 135 return pubkey, seckey 136 } 137 signAndRecoverWithRandomMessages(t, keys) 138 } 139 140 func TestRandomMessagesWithRandomKeys(t *testing.T) { 141 keys := func() ([]byte, []byte) { 142 pubkey, seckey := generateKeyPair() 143 return pubkey, seckey 144 } 145 signAndRecoverWithRandomMessages(t, keys) 146 } 147 148 func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) { 149 for i := 0; i < TestCount; i++ { 150 pubkey1, seckey := keys() 151 msg := randentropy.GetEntropyCSPRNG(32) 152 sig, err := Sign(msg, seckey) 153 if err != nil { 154 t.Fatalf("signature error: %s", err) 155 } 156 if sig == nil { 157 t.Fatal("signature is nil") 158 } 159 compactSigCheck(t, sig) 160 161 // TODO: why do we flip around the recovery id? 162 sig[len(sig)-1] %= 4 163 164 pubkey2, err := RecoverPubkey(msg, sig) 165 if err != nil { 166 t.Fatalf("recover error: %s", err) 167 } 168 if pubkey2 == nil { 169 t.Error("pubkey is nil") 170 } 171 if !bytes.Equal(pubkey1, pubkey2) { 172 t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 173 } 174 } 175 } 176 177 func TestRecoveryOfRandomSignature(t *testing.T) { 178 pubkey1, _ := generateKeyPair() 179 msg := randentropy.GetEntropyCSPRNG(32) 180 181 for i := 0; i < TestCount; i++ { 182 // recovery can sometimes work, but if so should always give wrong pubkey 183 pubkey2, _ := RecoverPubkey(msg, randSig()) 184 if bytes.Equal(pubkey1, pubkey2) { 185 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 186 } 187 } 188 } 189 190 func TestRandomMessagesAgainstValidSig(t *testing.T) { 191 pubkey1, seckey := generateKeyPair() 192 msg := randentropy.GetEntropyCSPRNG(32) 193 sig, _ := Sign(msg, seckey) 194 195 for i := 0; i < TestCount; i++ { 196 msg = randentropy.GetEntropyCSPRNG(32) 197 pubkey2, _ := RecoverPubkey(msg, sig) 198 // recovery can sometimes work, but if so should always give wrong pubkey 199 if bytes.Equal(pubkey1, pubkey2) { 200 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 201 } 202 } 203 } 204 205 // Useful when the underlying libsecp256k1 API changes to quickly 206 // check only recover function without use of signature function 207 func TestRecoverSanity(t *testing.T) { 208 msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008") 209 sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301") 210 pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652") 211 pubkey2, err := RecoverPubkey(msg, sig) 212 if err != nil { 213 t.Fatalf("recover error: %s", err) 214 } 215 if !bytes.Equal(pubkey1, pubkey2) { 216 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 217 } 218 } 219 220 func BenchmarkSign(b *testing.B) { 221 _, seckey := generateKeyPair() 222 msg := randentropy.GetEntropyCSPRNG(32) 223 b.ResetTimer() 224 225 for i := 0; i < b.N; i++ { 226 Sign(msg, seckey) 227 } 228 } 229 230 func BenchmarkRecover(b *testing.B) { 231 msg := randentropy.GetEntropyCSPRNG(32) 232 _, seckey := generateKeyPair() 233 sig, _ := Sign(msg, seckey) 234 b.ResetTimer() 235 236 for i := 0; i < b.N; i++ { 237 RecoverPubkey(msg, sig) 238 } 239 }