diff options
author | Jeffrey Wilcke <jeffrey@ethereum.org> | 2015-10-16 01:46:57 +0800 |
---|---|---|
committer | Jeffrey Wilcke <jeffrey@ethereum.org> | 2015-10-16 01:46:57 +0800 |
commit | f466243417f60531998e8b500f2bb043af5b3d2a (patch) | |
tree | 9f8387b65d2a9d54a94ed26bc6a57ecfde3489f6 /crypto/secp256k1/secp256_test.go | |
parent | cefe5c80b1cdcab606a169c0be65d9d2ba9bc941 (diff) | |
parent | f32fa075f14d2b3a1213098274e0ba88c7761283 (diff) | |
download | dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar.gz dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar.bz2 dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar.lz dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar.xz dexon-f466243417f60531998e8b500f2bb043af5b3d2a.tar.zst dexon-f466243417f60531998e8b500f2bb043af5b3d2a.zip |
Merge pull request #1853 from Gustav-Simonsson/libsecp256k1_update
Update libsecp256k1, Go wrapper and tests
Diffstat (limited to 'crypto/secp256k1/secp256_test.go')
-rw-r--r-- | crypto/secp256k1/secp256_test.go | 299 |
1 files changed, 138 insertions, 161 deletions
diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go index deeec98d5..45c448f3c 100644 --- a/crypto/secp256k1/secp256_test.go +++ b/crypto/secp256k1/secp256_test.go @@ -18,169 +18,130 @@ package secp256k1 import ( "bytes" - "fmt" - "log" + "encoding/hex" "testing" "github.com/ethereum/go-ethereum/crypto/randentropy" ) -const TESTS = 10000 // how many tests -const SigSize = 65 //64+1 +const TestCount = 10000 -func Test_Secp256_00(t *testing.T) { - - var nonce []byte = randentropy.GetEntropyCSPRNG(32) //going to get bitcoins stolen! - - if len(nonce) != 32 { - t.Fatal() - } - -} - -//tests for Malleability -//highest bit of S must be 0; 32nd byte -func CompactSigTest(sig []byte) { - - var b int = int(sig[32]) - if b < 0 { - log.Panic() - } - if ((b >> 7) == 1) != ((b & 0x80) == 0x80) { - log.Panic("b= %v b2= %v \n", b, b>>7) - } - if (b & 0x80) == 0x80 { - log.Panic("b= %v b2= %v \n", b, b&0x80) - } -} - -//test pubkey/private generation -func Test_Secp256_01(t *testing.T) { - pubkey, seckey := GenerateKeyPair() +func TestPrivkeyGenerate(t *testing.T) { + _, seckey := GenerateKeyPair() if err := VerifySeckeyValidity(seckey); err != nil { - t.Fatal() - } - if err := VerifyPubkeyValidity(pubkey); err != nil { - t.Fatal() + t.Errorf("seckey not valid: %s", err) } } -//test size of messages -func Test_Secp256_02s(t *testing.T) { +func TestSignatureValidity(t *testing.T) { pubkey, seckey := GenerateKeyPair() msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey) - CompactSigTest(sig) - if sig == nil { - t.Fatal("Signature nil") + sig, err := Sign(msg, seckey) + if err != nil { + t.Errorf("signature error: %s", err) } + compactSigCheck(t, sig) if len(pubkey) != 65 { - t.Fail() + t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey)) } if len(seckey) != 32 { - t.Fail() + t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey)) } - if len(sig) != 64+1 { - t.Fail() + if len(sig) != 65 { + t.Errorf("sig length mismatch: want: 65 have: %d", len(sig)) + } + recid := int(sig[64]) + if recid > 4 || recid < 0 { + t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64])) } - if int(sig[64]) > 4 { - t.Fail() - } //should be 0 to 4 } -//test signing message -func Test_Secp256_02(t *testing.T) { +func TestSignAndRecover(t *testing.T) { pubkey1, seckey := GenerateKeyPair() msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey) - if sig == nil { - t.Fatal("Signature nil") + sig, err := Sign(msg, seckey) + if err != nil { + t.Errorf("signature error: %s", err) } - - pubkey2, _ := RecoverPubkey(msg, sig) - if pubkey2 == nil { - t.Fatal("Recovered pubkey invalid") + pubkey2, err := RecoverPubkey(msg, sig) + if err != nil { + t.Errorf("recover error: %s", err) } - if bytes.Equal(pubkey1, pubkey2) == false { - t.Fatal("Recovered pubkey does not match") + if !bytes.Equal(pubkey1, pubkey2) { + t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) } - - err := VerifySignature(msg, sig, pubkey1) + err = VerifySignature(msg, sig, pubkey1) if err != nil { - t.Fatal("Signature invalid") + t.Errorf("signature verification error: %s", err) } } -//test pubkey recovery -func Test_Secp256_02a(t *testing.T) { - pubkey1, seckey1 := GenerateKeyPair() - msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey1) - - if sig == nil { - t.Fatal("Signature nil") - } - err := VerifySignature(msg, sig, pubkey1) - if err != nil { - t.Fatal("Signature invalid") +func TestRandomMessagesWithSameKey(t *testing.T) { + pubkey, seckey := GenerateKeyPair() + keys := func() ([]byte, []byte) { + // Sign function zeroes the privkey so we need a new one in each call + newkey := make([]byte, len(seckey)) + copy(newkey, seckey) + return pubkey, newkey } + signAndRecoverWithRandomMessages(t, keys) +} - pubkey2, _ := RecoverPubkey(msg, sig) - if len(pubkey1) != len(pubkey2) { - t.Fatal() - } - for i, _ := range pubkey1 { - if pubkey1[i] != pubkey2[i] { - t.Fatal() - } - } - if bytes.Equal(pubkey1, pubkey2) == false { - t.Fatal() +func TestRandomMessagesWithRandomKeys(t *testing.T) { + keys := func() ([]byte, []byte) { + pubkey, seckey := GenerateKeyPair() + return pubkey, seckey } + signAndRecoverWithRandomMessages(t, keys) } -//test random messages for the same pub/private key -func Test_Secp256_03(t *testing.T) { - _, seckey := GenerateKeyPair() - for i := 0; i < TESTS; i++ { +func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) { + for i := 0; i < TestCount; i++ { + pubkey1, seckey := keys() msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey) - CompactSigTest(sig) + sig, err := Sign(msg, seckey) + if err != nil { + t.Fatalf("signature error: %s", err) + } + if sig == nil { + t.Fatal("signature is nil") + } + compactSigCheck(t, sig) + // TODO: why do we flip around the recovery id? sig[len(sig)-1] %= 4 - pubkey2, _ := RecoverPubkey(msg, sig) + + pubkey2, err := RecoverPubkey(msg, sig) + if err != nil { + t.Fatalf("recover error: %s", err) + } if pubkey2 == nil { - t.Fail() + t.Error("pubkey is nil") + } + if !bytes.Equal(pubkey1, pubkey2) { + t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) } } } -//test random messages for different pub/private keys -func Test_Secp256_04(t *testing.T) { - for i := 0; i < TESTS; i++ { - pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey) - CompactSigTest(sig) +func TestRecoveryOfRandomSignature(t *testing.T) { + pubkey1, seckey := GenerateKeyPair() + msg := randentropy.GetEntropyCSPRNG(32) + sig, err := Sign(msg, seckey) + if err != nil { + t.Errorf("signature error: %s", err) + } - if sig[len(sig)-1] >= 4 { - t.Fail() - } + for i := 0; i < TestCount; i++ { + sig = randSig() pubkey2, _ := RecoverPubkey(msg, sig) - if pubkey2 == nil { - t.Fail() - } - if bytes.Equal(pubkey1, pubkey2) == false { - t.Fail() + // recovery can sometimes work, but if so should always give wrong pubkey + if bytes.Equal(pubkey1, pubkey2) { + t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) } } } -//test random signatures against fixed messages; should fail - -//crashes: -// -SIPA look at this - func randSig() []byte { sig := randentropy.GetEntropyCSPRNG(65) sig[32] &= 0x70 @@ -188,67 +149,83 @@ func randSig() []byte { return sig } -func Test_Secp256_06a_alt0(t *testing.T) { +func TestRandomMessagesAgainstValidSig(t *testing.T) { pubkey1, seckey := GenerateKeyPair() msg := randentropy.GetEntropyCSPRNG(32) sig, _ := Sign(msg, seckey) - if sig == nil { - t.Fail() - } - if len(sig) != 65 { - t.Fail() - } - for i := 0; i < TESTS; i++ { - sig = randSig() + for i := 0; i < TestCount; i++ { + msg = randentropy.GetEntropyCSPRNG(32) pubkey2, _ := RecoverPubkey(msg, sig) - - if bytes.Equal(pubkey1, pubkey2) == true { - t.Fail() - } - - if pubkey2 != nil && VerifySignature(msg, sig, pubkey2) != nil { - t.Fail() - } - - if VerifySignature(msg, sig, pubkey1) == nil { - t.Fail() + // recovery can sometimes work, but if so should always give wrong pubkey + if bytes.Equal(pubkey1, pubkey2) { + t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2) } } } -//test random messages against valid signature: should fail - -func Test_Secp256_06b(t *testing.T) { - pubkey1, seckey := GenerateKeyPair() - msg := randentropy.GetEntropyCSPRNG(32) - sig, _ := Sign(msg, seckey) +func TestZeroPrivkey(t *testing.T) { + zeroedBytes := make([]byte, 32) + err := VerifySeckeyValidity(zeroedBytes) + if err == nil { + t.Errorf("zeroed bytes should have returned error") + } +} - fail_count := 0 - for i := 0; i < TESTS; i++ { - msg = randentropy.GetEntropyCSPRNG(32) - pubkey2, _ := RecoverPubkey(msg, sig) - if bytes.Equal(pubkey1, pubkey2) == true { - t.Fail() - } +// Useful when the underlying libsecp256k1 API changes to quickly +// check only recover function without use of signature function +func TestRecoverSanity(t *testing.T) { + msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008") + sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301") + pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652") + pubkey2, err := RecoverPubkey(msg, sig) + if err != nil { + t.Fatalf("recover error: %s", err) + } + if !bytes.Equal(pubkey1, pubkey2) { + t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2) + } +} - if pubkey2 != nil && VerifySignature(msg, sig, pubkey2) != nil { - t.Fail() - } +// tests for malleability +// highest bit of signature ECDSA s value must be 0, in the 33th byte +func compactSigCheck(t *testing.T, sig []byte) { + var b int = int(sig[32]) + if b < 0 { + t.Errorf("highest bit is negative: %d", b) + } + if ((b >> 7) == 1) != ((b & 0x80) == 0x80) { + t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7) + } + if (b & 0x80) == 0x80 { + t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80) + } +} - if VerifySignature(msg, sig, pubkey1) == nil { - t.Fail() +// godep go test -v -run=XXX -bench=BenchmarkSignRandomInputEachRound +// add -benchtime=10s to benchmark longer for more accurate average +func BenchmarkSignRandomInputEachRound(b *testing.B) { + for i := 0; i < b.N; i++ { + b.StopTimer() + _, seckey := GenerateKeyPair() + msg := randentropy.GetEntropyCSPRNG(32) + b.StartTimer() + if _, err := Sign(msg, seckey); err != nil { + b.Fatal(err) } } - if fail_count != 0 { - fmt.Printf("ERROR: Accepted signature for %v of %v random messages\n", fail_count, TESTS) - } } -func TestInvalidKey(t *testing.T) { - p1 := make([]byte, 32) - err := VerifySeckeyValidity(p1) - if err == nil { - t.Errorf("pvk %x varify sec key should have returned error", p1) +//godep go test -v -run=XXX -bench=BenchmarkRecoverRandomInputEachRound +func BenchmarkRecoverRandomInputEachRound(b *testing.B) { + for i := 0; i < b.N; i++ { + b.StopTimer() + _, seckey := GenerateKeyPair() + msg := randentropy.GetEntropyCSPRNG(32) + sig, _ := Sign(msg, seckey) + b.StartTimer() + if _, err := RecoverPubkey(msg, sig); err != nil { + b.Fatal(err) + } } } |