github.com/ari-anchor/sei-tendermint@v0.0.0-20230519144642-dc826b7b56bb/crypto/secp256k1/secp256k1_internal_test.go

github.com/ari-anchor/sei-tendermint@v0.0.0-20230519144642-dc826b7b56bb/crypto/secp256k1/secp256k1_internal_test.go (about)

     1  package secp256k1
     2  
     3  import (
     4  	"bytes"
     5  	"math/big"
     6  	"testing"
     7  
     8  	"github.com/stretchr/testify/require"
     9  
    10  	secp256k1 "github.com/btcsuite/btcd/btcec/v2"
    11  )
    12  
    13  func Test_genPrivKey(t *testing.T) {
    14  
    15  	empty := make([]byte, 32)
    16  	oneB := big.NewInt(1).Bytes()
    17  	onePadded := make([]byte, 32)
    18  	copy(onePadded[32-len(oneB):32], oneB)
    19  	t.Logf("one padded: %v, len=%v", onePadded, len(onePadded))
    20  
    21  	validOne := append(empty, onePadded...)
    22  	tests := []struct {
    23  		name        string
    24  		notSoRand   []byte
    25  		shouldPanic bool
    26  	}{
    27  		{"empty bytes (panics because 1st 32 bytes are zero and 0 is not a valid field element)", empty, true},
    28  		{"curve order: N", secp256k1.S256().N.Bytes(), true},
    29  		{"valid because 0 < 1 < N", validOne, false},
    30  	}
    31  	for _, tt := range tests {
    32  		tt := tt
    33  		t.Run(tt.name, func(t *testing.T) {
    34  			if tt.shouldPanic {
    35  				require.Panics(t, func() {
    36  					genPrivKey(bytes.NewReader(tt.notSoRand))
    37  				})
    38  				return
    39  			}
    40  			got := genPrivKey(bytes.NewReader(tt.notSoRand))
    41  			fe := new(big.Int).SetBytes(got[:])
    42  			require.True(t, fe.Cmp(secp256k1.S256().N) < 0)
    43  			require.True(t, fe.Sign() > 0)
    44  		})
    45  	}
    46  }
    47  
    48  // Ensure that signature verification works, and that
    49  // non-canonical signatures fail.
    50  // Note: run with CGO_ENABLED=0 or go test -tags !cgo.
    51  func TestSignatureVerificationAndRejectUpperS(t *testing.T) {
    52  	msg := []byte("We have lingered long enough on the shores of the cosmic ocean.")
    53  	for i := 0; i < 500; i++ {
    54  		priv := GenPrivKey()
    55  		sigStr, err := priv.Sign(msg)
    56  		require.NoError(t, err)
    57  		var r secp256k1.ModNScalar
    58  		r.SetByteSlice(sigStr[:32])
    59  		var s secp256k1.ModNScalar
    60  		s.SetByteSlice(sigStr[32:64])
    61  		require.False(t, s.IsOverHalfOrder())
    62  
    63  		pub := priv.PubKey()
    64  		require.True(t, pub.VerifySignature(msg, sigStr))
    65  
    66  		// malleate:
    67  		var S256 secp256k1.ModNScalar
    68  		S256.SetByteSlice(secp256k1.S256().N.Bytes())
    69  		s.Negate().Add(&S256)
    70  		require.True(t, s.IsOverHalfOrder())
    71  
    72  		rBytes := r.Bytes()
    73  		sBytes := s.Bytes()
    74  		malSigStr := make([]byte, 64)
    75  		copy(malSigStr[32-len(rBytes):32], rBytes[:])
    76  		copy(malSigStr[64-len(sBytes):64], sBytes[:])
    77  
    78  		require.False(t, pub.VerifySignature(msg, malSigStr),
    79  			"VerifyBytes incorrect with malleated & invalid S. sig=%v, key=%v",
    80  			malSigStr,
    81  			priv,
    82  		)
    83  	}
    84  }