github.com/sberex/go-sberex@v1.8.2-0.20181113200658-ed96ac38f7d7/crypto/secp256k1/secp256_test.go (about) 1 // This file is part of the go-sberex library. The go-sberex library is 2 // free software: you can redistribute it and/or modify it under the terms 3 // of the GNU Lesser General Public License as published by the Free 4 // Software Foundation, either version 3 of the License, or (at your option) 5 // any later version. 6 // 7 // The go-sberex library is distributed in the hope that it will be useful, 8 // but WITHOUT ANY WARRANTY; without even the implied warranty of 9 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser 10 // General Public License <http://www.gnu.org/licenses/> for more details. 11 12 package secp256k1 13 14 import ( 15 "bytes" 16 "crypto/ecdsa" 17 "crypto/elliptic" 18 "crypto/rand" 19 "encoding/hex" 20 "testing" 21 22 "github.com/Sberex/go-sberex/common/math" 23 "github.com/Sberex/go-sberex/crypto/randentropy" 24 ) 25 26 const TestCount = 1000 27 28 func generateKeyPair() (pubkey, privkey []byte) { 29 key, err := ecdsa.GenerateKey(S256(), rand.Reader) 30 if err != nil { 31 panic(err) 32 } 33 pubkey = elliptic.Marshal(S256(), key.X, key.Y) 34 return pubkey, math.PaddedBigBytes(key.D, 32) 35 } 36 37 func randSig() []byte { 38 sig := randentropy.GetEntropyCSPRNG(65) 39 sig[32] &= 0x70 40 sig[64] %= 4 41 return sig 42 } 43 44 // tests for malleability 45 // highest bit of signature ECDSA s value must be 0, in the 33th byte 46 func compactSigCheck(t *testing.T, sig []byte) { 47 var b int = int(sig[32]) 48 if b < 0 { 49 t.Errorf("highest bit is negative: %d", b) 50 } 51 if ((b >> 7) == 1) != ((b & 0x80) == 0x80) { 52 t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7) 53 } 54 if (b & 0x80) == 0x80 { 55 t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80) 56 } 57 } 58 59 func TestSignatureValidity(t *testing.T) { 60 pubkey, seckey := generateKeyPair() 61 msg := randentropy.GetEntropyCSPRNG(32) 62 sig, err := Sign(msg, seckey) 63 if err != nil { 64 t.Errorf("signature error: %s", err) 65 } 66 compactSigCheck(t, sig) 67 if len(pubkey) != 65 { 68 t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey)) 69 } 70 if len(seckey) != 32 { 71 t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey)) 72 } 73 if len(sig) != 65 { 74 t.Errorf("sig length mismatch: want: 65 have: %d", len(sig)) 75 } 76 recid := int(sig[64]) 77 if recid > 4 || recid < 0 { 78 t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64])) 79 } 80 } 81 82 func TestInvalidRecoveryID(t *testing.T) { 83 _, seckey := generateKeyPair() 84 msg := randentropy.GetEntropyCSPRNG(32) 85 sig, _ := Sign(msg, seckey) 86 sig[64] = 99 87 _, err := RecoverPubkey(msg, sig) 88 if err != ErrInvalidRecoveryID { 89 t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID) 90 } 91 } 92 93 func TestSignAndRecover(t *testing.T) { 94 pubkey1, seckey := generateKeyPair() 95 msg := randentropy.GetEntropyCSPRNG(32) 96 sig, err := Sign(msg, seckey) 97 if err != nil { 98 t.Errorf("signature error: %s", err) 99 } 100 pubkey2, err := RecoverPubkey(msg, sig) 101 if err != nil { 102 t.Errorf("recover error: %s", err) 103 } 104 if !bytes.Equal(pubkey1, pubkey2) { 105 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 106 } 107 } 108 109 func TestSignDeterministic(t *testing.T) { 110 _, seckey := generateKeyPair() 111 msg := make([]byte, 32) 112 copy(msg, "hi there") 113 114 sig1, err := Sign(msg, seckey) 115 if err != nil { 116 t.Fatal(err) 117 } 118 sig2, err := Sign(msg, seckey) 119 if err != nil { 120 t.Fatal(err) 121 } 122 if !bytes.Equal(sig1, sig2) { 123 t.Fatal("signatures not equal") 124 } 125 } 126 127 func TestRandomMessagesWithSameKey(t *testing.T) { 128 pubkey, seckey := generateKeyPair() 129 keys := func() ([]byte, []byte) { 130 return pubkey, seckey 131 } 132 signAndRecoverWithRandomMessages(t, keys) 133 } 134 135 func TestRandomMessagesWithRandomKeys(t *testing.T) { 136 keys := func() ([]byte, []byte) { 137 pubkey, seckey := generateKeyPair() 138 return pubkey, seckey 139 } 140 signAndRecoverWithRandomMessages(t, keys) 141 } 142 143 func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) { 144 for i := 0; i < TestCount; i++ { 145 pubkey1, seckey := keys() 146 msg := randentropy.GetEntropyCSPRNG(32) 147 sig, err := Sign(msg, seckey) 148 if err != nil { 149 t.Fatalf("signature error: %s", err) 150 } 151 if sig == nil { 152 t.Fatal("signature is nil") 153 } 154 compactSigCheck(t, sig) 155 156 // TODO: why do we flip around the recovery id? 157 sig[len(sig)-1] %= 4 158 159 pubkey2, err := RecoverPubkey(msg, sig) 160 if err != nil { 161 t.Fatalf("recover error: %s", err) 162 } 163 if pubkey2 == nil { 164 t.Error("pubkey is nil") 165 } 166 if !bytes.Equal(pubkey1, pubkey2) { 167 t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 168 } 169 } 170 } 171 172 func TestRecoveryOfRandomSignature(t *testing.T) { 173 pubkey1, _ := generateKeyPair() 174 msg := randentropy.GetEntropyCSPRNG(32) 175 176 for i := 0; i < TestCount; i++ { 177 // recovery can sometimes work, but if so should always give wrong pubkey 178 pubkey2, _ := RecoverPubkey(msg, randSig()) 179 if bytes.Equal(pubkey1, pubkey2) { 180 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 181 } 182 } 183 } 184 185 func TestRandomMessagesAgainstValidSig(t *testing.T) { 186 pubkey1, seckey := generateKeyPair() 187 msg := randentropy.GetEntropyCSPRNG(32) 188 sig, _ := Sign(msg, seckey) 189 190 for i := 0; i < TestCount; i++ { 191 msg = randentropy.GetEntropyCSPRNG(32) 192 pubkey2, _ := RecoverPubkey(msg, sig) 193 // recovery can sometimes work, but if so should always give wrong pubkey 194 if bytes.Equal(pubkey1, pubkey2) { 195 t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) 196 } 197 } 198 } 199 200 // Useful when the underlying libsecp256k1 API changes to quickly 201 // check only recover function without use of signature function 202 func TestRecoverSanity(t *testing.T) { 203 msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008") 204 sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301") 205 pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652") 206 pubkey2, err := RecoverPubkey(msg, sig) 207 if err != nil { 208 t.Fatalf("recover error: %s", err) 209 } 210 if !bytes.Equal(pubkey1, pubkey2) { 211 t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) 212 } 213 } 214 215 func BenchmarkSign(b *testing.B) { 216 _, seckey := generateKeyPair() 217 msg := randentropy.GetEntropyCSPRNG(32) 218 b.ResetTimer() 219 220 for i := 0; i < b.N; i++ { 221 Sign(msg, seckey) 222 } 223 } 224 225 func BenchmarkRecover(b *testing.B) { 226 msg := randentropy.GetEntropyCSPRNG(32) 227 _, seckey := generateKeyPair() 228 sig, _ := Sign(msg, seckey) 229 b.ResetTimer() 230 231 for i := 0; i < b.N; i++ { 232 RecoverPubkey(msg, sig) 233 } 234 }