github.com/linapex/ethereum-go-chinese@v0.0.0-20190316121929-f8b7a73c3fa1/crypto/secp256k1/secp256_test.go (about)

     1  
     2  //<developer>
     3  //    <name>linapex 曹一峰</name>
     4  //    <email>linapex@163.com</email>
     5  //    <wx>superexc</wx>
     6  //    <qqgroup>128148617</qqgroup>
     7  //    <url>https://jsq.ink</url>
     8  //    <role>pku engineer</role>
     9  //    <date>2019-03-16 19:16:36</date>
    10  //</624450085492625408>
    11  
    12  //版权所有2015 Jeffrey Wilcke、Felix Lange、Gustav Simonsson。版权所有。
    13  //此源代码的使用受BSD样式许可证的控制,该许可证可在
    14  //许可证文件。
    15  
    16  package secp256k1
    17  
    18  import (
    19  	"bytes"
    20  	"crypto/ecdsa"
    21  	"crypto/elliptic"
    22  	"crypto/rand"
    23  	"encoding/hex"
    24  	"io"
    25  	"testing"
    26  )
    27  
    28  const TestCount = 1000
    29  
    30  func generateKeyPair() (pubkey, privkey []byte) {
    31  	key, err := ecdsa.GenerateKey(S256(), rand.Reader)
    32  	if err != nil {
    33  		panic(err)
    34  	}
    35  	pubkey = elliptic.Marshal(S256(), key.X, key.Y)
    36  
    37  	privkey = make([]byte, 32)
    38  	blob := key.D.Bytes()
    39  	copy(privkey[32-len(blob):], blob)
    40  
    41  	return pubkey, privkey
    42  }
    43  
    44  func csprngEntropy(n int) []byte {
    45  	buf := make([]byte, n)
    46  	if _, err := io.ReadFull(rand.Reader, buf); err != nil {
    47  		panic("reading from crypto/rand failed: " + err.Error())
    48  	}
    49  	return buf
    50  }
    51  
    52  func randSig() []byte {
    53  	sig := csprngEntropy(65)
    54  	sig[32] &= 0x70
    55  	sig[64] %= 4
    56  	return sig
    57  }
    58  
    59  //延展性试验
    60  //签名ecdsa s值的最高位必须是0,在第33个字节中
    61  func compactSigCheck(t *testing.T, sig []byte) {
    62  	var b = int(sig[32])
    63  	if b < 0 {
    64  		t.Errorf("highest bit is negative: %d", b)
    65  	}
    66  	if ((b >> 7) == 1) != ((b & 0x80) == 0x80) {
    67  		t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7)
    68  	}
    69  	if (b & 0x80) == 0x80 {
    70  		t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80)
    71  	}
    72  }
    73  
    74  func TestSignatureValidity(t *testing.T) {
    75  	pubkey, seckey := generateKeyPair()
    76  	msg := csprngEntropy(32)
    77  	sig, err := Sign(msg, seckey)
    78  	if err != nil {
    79  		t.Errorf("signature error: %s", err)
    80  	}
    81  	compactSigCheck(t, sig)
    82  	if len(pubkey) != 65 {
    83  		t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey))
    84  	}
    85  	if len(seckey) != 32 {
    86  		t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey))
    87  	}
    88  	if len(sig) != 65 {
    89  		t.Errorf("sig length mismatch: want: 65 have: %d", len(sig))
    90  	}
    91  	recid := int(sig[64])
    92  	if recid > 4 || recid < 0 {
    93  		t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64]))
    94  	}
    95  }
    96  
    97  func TestInvalidRecoveryID(t *testing.T) {
    98  	_, seckey := generateKeyPair()
    99  	msg := csprngEntropy(32)
   100  	sig, _ := Sign(msg, seckey)
   101  	sig[64] = 99
   102  	_, err := RecoverPubkey(msg, sig)
   103  	if err != ErrInvalidRecoveryID {
   104  		t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID)
   105  	}
   106  }
   107  
   108  func TestSignAndRecover(t *testing.T) {
   109  	pubkey1, seckey := generateKeyPair()
   110  	msg := csprngEntropy(32)
   111  	sig, err := Sign(msg, seckey)
   112  	if err != nil {
   113  		t.Errorf("signature error: %s", err)
   114  	}
   115  	pubkey2, err := RecoverPubkey(msg, sig)
   116  	if err != nil {
   117  		t.Errorf("recover error: %s", err)
   118  	}
   119  	if !bytes.Equal(pubkey1, pubkey2) {
   120  		t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
   121  	}
   122  }
   123  
   124  func TestSignDeterministic(t *testing.T) {
   125  	_, seckey := generateKeyPair()
   126  	msg := make([]byte, 32)
   127  	copy(msg, "hi there")
   128  
   129  	sig1, err := Sign(msg, seckey)
   130  	if err != nil {
   131  		t.Fatal(err)
   132  	}
   133  	sig2, err := Sign(msg, seckey)
   134  	if err != nil {
   135  		t.Fatal(err)
   136  	}
   137  	if !bytes.Equal(sig1, sig2) {
   138  		t.Fatal("signatures not equal")
   139  	}
   140  }
   141  
   142  func TestRandomMessagesWithSameKey(t *testing.T) {
   143  	pubkey, seckey := generateKeyPair()
   144  	keys := func() ([]byte, []byte) {
   145  		return pubkey, seckey
   146  	}
   147  	signAndRecoverWithRandomMessages(t, keys)
   148  }
   149  
   150  func TestRandomMessagesWithRandomKeys(t *testing.T) {
   151  	keys := func() ([]byte, []byte) {
   152  		pubkey, seckey := generateKeyPair()
   153  		return pubkey, seckey
   154  	}
   155  	signAndRecoverWithRandomMessages(t, keys)
   156  }
   157  
   158  func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) {
   159  	for i := 0; i < TestCount; i++ {
   160  		pubkey1, seckey := keys()
   161  		msg := csprngEntropy(32)
   162  		sig, err := Sign(msg, seckey)
   163  		if err != nil {
   164  			t.Fatalf("signature error: %s", err)
   165  		}
   166  		if sig == nil {
   167  			t.Fatal("signature is nil")
   168  		}
   169  		compactSigCheck(t, sig)
   170  
   171  //托多:我们为什么要翻转恢复ID?
   172  		sig[len(sig)-1] %= 4
   173  
   174  		pubkey2, err := RecoverPubkey(msg, sig)
   175  		if err != nil {
   176  			t.Fatalf("recover error: %s", err)
   177  		}
   178  		if pubkey2 == nil {
   179  			t.Error("pubkey is nil")
   180  		}
   181  		if !bytes.Equal(pubkey1, pubkey2) {
   182  			t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
   183  		}
   184  	}
   185  }
   186  
   187  func TestRecoveryOfRandomSignature(t *testing.T) {
   188  	pubkey1, _ := generateKeyPair()
   189  	msg := csprngEntropy(32)
   190  
   191  	for i := 0; i < TestCount; i++ {
   192  //恢复有时可以工作,但如果是这样,则应该始终给出错误的pubkey
   193  		pubkey2, _ := RecoverPubkey(msg, randSig())
   194  		if bytes.Equal(pubkey1, pubkey2) {
   195  			t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)
   196  		}
   197  	}
   198  }
   199  
   200  func TestRandomMessagesAgainstValidSig(t *testing.T) {
   201  	pubkey1, seckey := generateKeyPair()
   202  	msg := csprngEntropy(32)
   203  	sig, _ := Sign(msg, seckey)
   204  
   205  	for i := 0; i < TestCount; i++ {
   206  		msg = csprngEntropy(32)
   207  		pubkey2, _ := RecoverPubkey(msg, sig)
   208  //恢复有时可以工作,但如果是这样,则应该始终给出错误的pubkey
   209  		if bytes.Equal(pubkey1, pubkey2) {
   210  			t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)
   211  		}
   212  	}
   213  }
   214  
   215  //Useful when the underlying libsecp256k1 API changes to quickly
   216  //只检查恢复函数而不使用签名函数
   217  func TestRecoverSanity(t *testing.T) {
   218  	msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008")
   219  	sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301")
   220  	pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652")
   221  	pubkey2, err := RecoverPubkey(msg, sig)
   222  	if err != nil {
   223  		t.Fatalf("recover error: %s", err)
   224  	}
   225  	if !bytes.Equal(pubkey1, pubkey2) {
   226  		t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
   227  	}
   228  }
   229  
   230  func BenchmarkSign(b *testing.B) {
   231  	_, seckey := generateKeyPair()
   232  	msg := csprngEntropy(32)
   233  	b.ResetTimer()
   234  
   235  	for i := 0; i < b.N; i++ {
   236  		Sign(msg, seckey)
   237  	}
   238  }
   239  
   240  func BenchmarkRecover(b *testing.B) {
   241  	msg := csprngEntropy(32)
   242  	_, seckey := generateKeyPair()
   243  	sig, _ := Sign(msg, seckey)
   244  	b.ResetTimer()
   245  
   246  	for i := 0; i < b.N; i++ {
   247  		RecoverPubkey(msg, sig)
   248  	}
   249  }
   250