github.com/YoungNK/go-ethereum@v1.9.7/crypto/secp256k1/secp256_test.go (about) 1 // Copyright 2015 Jeffrey Wilcke, Felix Lange, Gustav Simonsson. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be found in 3 // the LICENSE file. 4 5 package secp256k1 6 7 import ( 8 "bytes" 9 "crypto/ecdsa" 10 "crypto/elliptic" 11 "crypto/rand" 12 "encoding/hex" 13 "io" 14 "testing" 15 ) 16 17 const TestCount = 1000 18 19 func generateKeyPair() (pubkey, privkey []byte) { 20 key, err := ecdsa.GenerateKey(S256(), rand.Reader) 21 if err != nil { 22 panic(err) 23 } 24 pubkey = elliptic.Marshal(S256(), key.X, key.Y) 25 26 privkey = make([]byte, 32) 27 blob := key.D.Bytes() 28 copy(privkey[32-len(blob):], blob) 29 30 return pubkey, privkey 31 } 32 33 func csprngEntropy(n int) []byte { 34 buf := make([]byte, n) 35 if _, err := io.ReadFull(rand.Reader, buf); err != nil { 36 panic("reading from crypto/rand failed: " + err.Error()) 37 } 38 return buf 39 } 40 41 func randSig() []byte { 42 sig := csprngEntropy(65) 43 sig[32] &= 0x70 44 sig[64] %= 4 45 return sig 46 } 47 48 // tests for malleability 49 // highest bit of signature ECDSA s value must be 0, in the 33th byte 50 func compactSigCheck(t *testing.T, sig []byte) { 51 var b = int(sig[32]) 52 if b < 0 { 53 t.Errorf("highest bit is negative: %d", b) 54 } 55 if ((b >> 7) == 1) != ((b & 0x80) == 0x80) { 56 t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7) 57 } 58 if (b & 0x80) == 0x80 { 59 t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80) 60 } 61 } 62 63 func TestSignatureValidity(t *testing.T) { 64 pubkey, seckey := generateKeyPair() 65 msg := csprngEntropy(32) 66 sig, err := Sign(msg, seckey) 67 if err != nil { 68 t.Errorf("signature error: %s", err) 69 } 70 compactSigCheck(t, sig) 71 if len(pubkey) != 65 { 72 t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey)) 73 } 74 if len(seckey) != 32 { 75 t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey)) 76 } 77 if len(sig) != 65 { 78 t.Errorf("sig length mismatch: want: 65 have: %d", len(sig)) 79 } 80 recid := int(sig[64]) 81 if recid > 4 || recid < 0 { 82 t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64])) 83 } 84 } 85 86 func TestInvalidRecoveryID(t *testing.T) { 87 _, seckey := generateKeyPair() 88 msg := csprngEntropy(32) 89 sig, _ := Sign(msg, seckey) 90 sig[64] = 99 91 _, err := RecoverPubkey(msg, sig) 92 if err != ErrInvalidRecoveryID { 93 t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID) 94 } 95 } 96 97 func TestSignAndRecover(t *testing.T) { 98 pubkey1, seckey := generateKeyPair() 99 msg := csprngEntropy(32) 100 sig, err := Sign(msg, seckey) 101 if err != nil { 102 t.Errorf("signature error: %s", err) 103 } 104 pubkey2, err := RecoverPubkey(msg, sig) 105 if err != nil { 106 t.Errorf("recover error: %s", err) 107 } 108 if !bytes.Equal(pubkey1, pubkey2) { 109 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 110 } 111 } 112 113 func TestSignDeterministic(t *testing.T) { 114 _, seckey := generateKeyPair() 115 msg := make([]byte, 32) 116 copy(msg, "hi there") 117 118 sig1, err := Sign(msg, seckey) 119 if err != nil { 120 t.Fatal(err) 121 } 122 sig2, err := Sign(msg, seckey) 123 if err != nil { 124 t.Fatal(err) 125 } 126 if !bytes.Equal(sig1, sig2) { 127 t.Fatal("signatures not equal") 128 } 129 } 130 131 func TestRandomMessagesWithSameKey(t *testing.T) { 132 pubkey, seckey := generateKeyPair() 133 keys := func() ([]byte, []byte) { 134 return pubkey, seckey 135 } 136 signAndRecoverWithRandomMessages(t, keys) 137 } 138 139 func TestRandomMessagesWithRandomKeys(t *testing.T) { 140 keys := func() ([]byte, []byte) { 141 pubkey, seckey := generateKeyPair() 142 return pubkey, seckey 143 } 144 signAndRecoverWithRandomMessages(t, keys) 145 } 146 147 func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) { 148 for i := 0; i < TestCount; i++ { 149 pubkey1, seckey := keys() 150 msg := csprngEntropy(32) 151 sig, err := Sign(msg, seckey) 152 if err != nil { 153 t.Fatalf("signature error: %s", err) 154 } 155 if sig == nil { 156 t.Fatal("signature is nil") 157 } 158 compactSigCheck(t, sig) 159 160 // TODO: why do we flip around the recovery id? 161 sig[len(sig)-1] %= 4 162 163 pubkey2, err := RecoverPubkey(msg, sig) 164 if err != nil { 165 t.Fatalf("recover error: %s", err) 166 } 167 if pubkey2 == nil { 168 t.Error("pubkey is nil") 169 } 170 if !bytes.Equal(pubkey1, pubkey2) { 171 t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 172 } 173 } 174 } 175 176 func TestRecoveryOfRandomSignature(t *testing.T) { 177 pubkey1, _ := generateKeyPair() 178 msg := csprngEntropy(32) 179 180 for i := 0; i < TestCount; i++ { 181 // recovery can sometimes work, but if so should always give wrong pubkey 182 pubkey2, _ := RecoverPubkey(msg, randSig()) 183 if bytes.Equal(pubkey1, pubkey2) { 184 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 185 } 186 } 187 } 188 189 func TestRandomMessagesAgainstValidSig(t *testing.T) { 190 pubkey1, seckey := generateKeyPair() 191 msg := csprngEntropy(32) 192 sig, _ := Sign(msg, seckey) 193 194 for i := 0; i < TestCount; i++ { 195 msg = csprngEntropy(32) 196 pubkey2, _ := RecoverPubkey(msg, sig) 197 // recovery can sometimes work, but if so should always give wrong pubkey 198 if bytes.Equal(pubkey1, pubkey2) { 199 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 200 } 201 } 202 } 203 204 // Useful when the underlying libsecp256k1 API changes to quickly 205 // check only recover function without use of signature function 206 func TestRecoverSanity(t *testing.T) { 207 msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008") 208 sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301") 209 pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652") 210 pubkey2, err := RecoverPubkey(msg, sig) 211 if err != nil { 212 t.Fatalf("recover error: %s", err) 213 } 214 if !bytes.Equal(pubkey1, pubkey2) { 215 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 216 } 217 } 218 219 func BenchmarkSign(b *testing.B) { 220 _, seckey := generateKeyPair() 221 msg := csprngEntropy(32) 222 b.ResetTimer() 223 224 for i := 0; i < b.N; i++ { 225 Sign(msg, seckey) 226 } 227 } 228 229 func BenchmarkRecover(b *testing.B) { 230 msg := csprngEntropy(32) 231 _, seckey := generateKeyPair() 232 sig, _ := Sign(msg, seckey) 233 b.ResetTimer() 234 235 for i := 0; i < b.N; i++ { 236 RecoverPubkey(msg, sig) 237 } 238 }