2015-07-07 00:54:22 +00:00
|
|
|
// Copyright 2014 The go-ethereum Authors
|
2015-07-22 16:48:40 +00:00
|
|
|
// This file is part of the go-ethereum library.
|
2015-07-07 00:54:22 +00:00
|
|
|
//
|
2015-07-23 16:35:11 +00:00
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
2015-07-07 00:54:22 +00:00
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
2015-07-22 16:48:40 +00:00
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
2015-07-07 00:54:22 +00:00
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2015-07-22 16:48:40 +00:00
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2015-07-07 00:54:22 +00:00
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
2015-07-22 16:48:40 +00:00
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
2015-07-07 00:54:22 +00:00
|
|
|
|
2014-10-31 11:37:43 +00:00
|
|
|
package crypto
|
2014-09-07 08:07:51 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2015-09-21 13:48:15 +00:00
|
|
|
"crypto/ecdsa"
|
2014-10-29 17:35:33 +00:00
|
|
|
"encoding/hex"
|
2015-09-21 13:48:15 +00:00
|
|
|
"io/ioutil"
|
|
|
|
"math/big"
|
|
|
|
"os"
|
2018-06-12 13:26:08 +00:00
|
|
|
"reflect"
|
2014-09-07 08:07:51 +00:00
|
|
|
"testing"
|
2015-01-19 10:22:56 +00:00
|
|
|
|
2015-03-16 10:27:38 +00:00
|
|
|
"github.com/ethereum/go-ethereum/common"
|
2018-06-12 13:26:08 +00:00
|
|
|
"github.com/ethereum/go-ethereum/common/hexutil"
|
2014-09-07 08:07:51 +00:00
|
|
|
)
|
|
|
|
|
2015-09-21 13:48:15 +00:00
|
|
|
var testAddrHex = "970e8128ab834e8eac17ab8e3812f010678cf791"
|
|
|
|
var testPrivHex = "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"
|
|
|
|
|
2014-10-29 17:35:33 +00:00
|
|
|
// These tests are sanity checks.
|
|
|
|
// They should ensure that we don't e.g. use Sha3-224 instead of Sha3-256
|
|
|
|
// and that the sha3 library uses keccak-f permutation.
|
2017-06-01 07:24:40 +00:00
|
|
|
func TestKeccak256Hash(t *testing.T) {
|
2015-03-17 00:32:35 +00:00
|
|
|
msg := []byte("abc")
|
|
|
|
exp, _ := hex.DecodeString("4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45")
|
2016-02-21 18:40:27 +00:00
|
|
|
checkhash(t, "Sha3-256-array", func(in []byte) []byte { h := Keccak256Hash(in); return h[:] }, msg, exp)
|
2015-03-17 00:32:35 +00:00
|
|
|
}
|
|
|
|
|
2017-12-11 21:49:09 +00:00
|
|
|
func TestToECDSAErrors(t *testing.T) {
|
|
|
|
if _, err := HexToECDSA("0000000000000000000000000000000000000000000000000000000000000000"); err == nil {
|
|
|
|
t.Fatal("HexToECDSA should've returned error")
|
|
|
|
}
|
|
|
|
if _, err := HexToECDSA("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); err == nil {
|
|
|
|
t.Fatal("HexToECDSA should've returned error")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-12 09:19:27 +00:00
|
|
|
func BenchmarkSha3(b *testing.B) {
|
|
|
|
a := []byte("hello world")
|
2017-12-06 15:07:08 +00:00
|
|
|
for i := 0; i < b.N; i++ {
|
2016-02-21 18:40:27 +00:00
|
|
|
Keccak256(a)
|
2015-01-12 09:19:27 +00:00
|
|
|
}
|
|
|
|
}
|
2015-01-19 10:22:56 +00:00
|
|
|
|
2018-06-12 13:26:08 +00:00
|
|
|
func TestUnmarshalPubkey(t *testing.T) {
|
|
|
|
key, err := UnmarshalPubkey(nil)
|
|
|
|
if err != errInvalidPubkey || key != nil {
|
|
|
|
t.Fatalf("expected error, got %v, %v", err, key)
|
|
|
|
}
|
|
|
|
key, err = UnmarshalPubkey([]byte{1, 2, 3})
|
|
|
|
if err != errInvalidPubkey || key != nil {
|
|
|
|
t.Fatalf("expected error, got %v, %v", err, key)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
enc, _ = hex.DecodeString("04760c4460e5336ac9bbd87952a3c7ec4363fc0a97bd31c86430806e287b437fd1b01abc6e1db640cf3106b520344af1d58b00b57823db3e1407cbc433e1b6d04d")
|
|
|
|
dec = &ecdsa.PublicKey{
|
|
|
|
Curve: S256(),
|
|
|
|
X: hexutil.MustDecodeBig("0x760c4460e5336ac9bbd87952a3c7ec4363fc0a97bd31c86430806e287b437fd1"),
|
|
|
|
Y: hexutil.MustDecodeBig("0xb01abc6e1db640cf3106b520344af1d58b00b57823db3e1407cbc433e1b6d04d"),
|
|
|
|
}
|
|
|
|
)
|
|
|
|
key, err = UnmarshalPubkey(enc)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("expected no error, got %v", err)
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(key, dec) {
|
|
|
|
t.Fatal("wrong result")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-01-05 10:35:23 +00:00
|
|
|
func TestSign(t *testing.T) {
|
2015-09-21 13:48:15 +00:00
|
|
|
key, _ := HexToECDSA(testPrivHex)
|
|
|
|
addr := common.HexToAddress(testAddrHex)
|
|
|
|
|
2016-02-21 18:40:27 +00:00
|
|
|
msg := Keccak256([]byte("foo"))
|
2017-01-05 10:35:23 +00:00
|
|
|
sig, err := Sign(msg, key)
|
2015-09-21 13:48:15 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Sign error: %s", err)
|
|
|
|
}
|
|
|
|
recoveredPub, err := Ecrecover(msg, sig)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("ECRecover error: %s", err)
|
|
|
|
}
|
2018-06-12 13:26:08 +00:00
|
|
|
pubKey, _ := UnmarshalPubkey(recoveredPub)
|
2016-10-28 19:25:49 +00:00
|
|
|
recoveredAddr := PubkeyToAddress(*pubKey)
|
2015-09-21 13:48:15 +00:00
|
|
|
if addr != recoveredAddr {
|
|
|
|
t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr)
|
|
|
|
}
|
|
|
|
|
|
|
|
// should be equal to SigToPub
|
|
|
|
recoveredPub2, err := SigToPub(msg, sig)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("ECRecover error: %s", err)
|
|
|
|
}
|
|
|
|
recoveredAddr2 := PubkeyToAddress(*recoveredPub2)
|
|
|
|
if addr != recoveredAddr2 {
|
|
|
|
t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr2)
|
|
|
|
}
|
2016-10-28 19:25:49 +00:00
|
|
|
}
|
2015-01-19 10:22:56 +00:00
|
|
|
|
2017-01-05 10:35:23 +00:00
|
|
|
func TestInvalidSign(t *testing.T) {
|
|
|
|
if _, err := Sign(make([]byte, 1), nil); err == nil {
|
2015-01-22 17:12:05 +00:00
|
|
|
t.Errorf("expected sign with hash 1 byte to error")
|
|
|
|
}
|
2017-01-05 10:35:23 +00:00
|
|
|
if _, err := Sign(make([]byte, 33), nil); err == nil {
|
2015-01-22 17:12:05 +00:00
|
|
|
t.Errorf("expected sign with hash 33 byte to error")
|
|
|
|
}
|
|
|
|
}
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
func TestNewContractAddress(t *testing.T) {
|
|
|
|
key, _ := HexToECDSA(testPrivHex)
|
|
|
|
addr := common.HexToAddress(testAddrHex)
|
|
|
|
genAddr := PubkeyToAddress(key.PublicKey)
|
|
|
|
// sanity check before using addr to create contract address
|
|
|
|
checkAddr(t, genAddr, addr)
|
|
|
|
|
|
|
|
caddr0 := CreateAddress(addr, 0)
|
|
|
|
caddr1 := CreateAddress(addr, 1)
|
|
|
|
caddr2 := CreateAddress(addr, 2)
|
|
|
|
checkAddr(t, common.HexToAddress("333c3310824b7c685133f2bedb2ca4b8b4df633d"), caddr0)
|
|
|
|
checkAddr(t, common.HexToAddress("8bda78331c916a08481428e4b07c96d3e916d165"), caddr1)
|
|
|
|
checkAddr(t, common.HexToAddress("c9ddedf451bc62ce88bf9292afb13df35b670699"), caddr2)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadECDSAFile(t *testing.T) {
|
|
|
|
keyBytes := common.FromHex(testPrivHex)
|
|
|
|
fileName0 := "test_key0"
|
|
|
|
fileName1 := "test_key1"
|
|
|
|
checkKey := func(k *ecdsa.PrivateKey) {
|
|
|
|
checkAddr(t, PubkeyToAddress(k.PublicKey), common.HexToAddress(testAddrHex))
|
|
|
|
loadedKeyBytes := FromECDSA(k)
|
|
|
|
if !bytes.Equal(loadedKeyBytes, keyBytes) {
|
|
|
|
t.Fatalf("private key mismatch: want: %x have: %x", keyBytes, loadedKeyBytes)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ioutil.WriteFile(fileName0, []byte(testPrivHex), 0600)
|
|
|
|
defer os.Remove(fileName0)
|
|
|
|
|
|
|
|
key0, err := LoadECDSA(fileName0)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
checkKey(key0)
|
|
|
|
|
|
|
|
// again, this time with SaveECDSA instead of manual save:
|
|
|
|
err = SaveECDSA(fileName1, key0)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer os.Remove(fileName1)
|
|
|
|
|
|
|
|
key1, err := LoadECDSA(fileName1)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
checkKey(key1)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestValidateSignatureValues(t *testing.T) {
|
|
|
|
check := func(expected bool, v byte, r, s *big.Int) {
|
2015-11-27 14:40:29 +00:00
|
|
|
if ValidateSignatureValues(v, r, s, false) != expected {
|
2015-09-21 13:48:15 +00:00
|
|
|
t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
minusOne := big.NewInt(-1)
|
|
|
|
one := common.Big1
|
|
|
|
zero := common.Big0
|
2018-05-08 23:17:09 +00:00
|
|
|
secp256k1nMinus1 := new(big.Int).Sub(secp256k1N, common.Big1)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
// correct v,r,s
|
2017-01-05 10:35:23 +00:00
|
|
|
check(true, 0, one, one)
|
|
|
|
check(true, 1, one, one)
|
2015-09-21 13:48:15 +00:00
|
|
|
// incorrect v, correct r,s,
|
2017-01-05 10:35:23 +00:00
|
|
|
check(false, 2, one, one)
|
|
|
|
check(false, 3, one, one)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
// incorrect v, combinations of incorrect/correct r,s at lower limit
|
2017-01-05 10:35:23 +00:00
|
|
|
check(false, 2, zero, zero)
|
|
|
|
check(false, 2, zero, one)
|
|
|
|
check(false, 2, one, zero)
|
|
|
|
check(false, 2, one, one)
|
|
|
|
|
|
|
|
// correct v for any combination of incorrect r,s
|
2015-09-21 13:48:15 +00:00
|
|
|
check(false, 0, zero, zero)
|
|
|
|
check(false, 0, zero, one)
|
|
|
|
check(false, 0, one, zero)
|
|
|
|
|
2017-01-05 10:35:23 +00:00
|
|
|
check(false, 1, zero, zero)
|
|
|
|
check(false, 1, zero, one)
|
|
|
|
check(false, 1, one, zero)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
// correct sig with max r,s
|
2017-01-05 10:35:23 +00:00
|
|
|
check(true, 0, secp256k1nMinus1, secp256k1nMinus1)
|
2015-09-21 13:48:15 +00:00
|
|
|
// correct v, combinations of incorrect r,s at upper limit
|
2018-05-08 23:17:09 +00:00
|
|
|
check(false, 0, secp256k1N, secp256k1nMinus1)
|
|
|
|
check(false, 0, secp256k1nMinus1, secp256k1N)
|
|
|
|
check(false, 0, secp256k1N, secp256k1N)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
// current callers ensures r,s cannot be negative, but let's test for that too
|
|
|
|
// as crypto package could be used stand-alone
|
2017-01-05 10:35:23 +00:00
|
|
|
check(false, 0, minusOne, one)
|
|
|
|
check(false, 0, one, minusOne)
|
2015-09-21 13:48:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func checkhash(t *testing.T, name string, f func([]byte) []byte, msg, exp []byte) {
|
|
|
|
sum := f(msg)
|
2017-01-06 15:44:20 +00:00
|
|
|
if !bytes.Equal(exp, sum) {
|
2015-09-21 13:48:15 +00:00
|
|
|
t.Fatalf("hash %s mismatch: want: %x have: %x", name, exp, sum)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func checkAddr(t *testing.T, addr0, addr1 common.Address) {
|
|
|
|
if addr0 != addr1 {
|
|
|
|
t.Fatalf("address mismatch: want: %x have: %x", addr0, addr1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// test to help Python team with integration of libsecp256k1
|
|
|
|
// skip but keep it after they are done
|
|
|
|
func TestPythonIntegration(t *testing.T) {
|
|
|
|
kh := "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"
|
|
|
|
k0, _ := HexToECDSA(kh)
|
|
|
|
|
2016-02-21 18:40:27 +00:00
|
|
|
msg0 := Keccak256([]byte("foo"))
|
2017-02-18 08:24:12 +00:00
|
|
|
sig0, _ := Sign(msg0, k0)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
|
|
|
msg1 := common.FromHex("00000000000000000000000000000000")
|
2017-02-18 08:24:12 +00:00
|
|
|
sig1, _ := Sign(msg0, k0)
|
2015-09-21 13:48:15 +00:00
|
|
|
|
2017-02-18 08:24:12 +00:00
|
|
|
t.Logf("msg: %x, privkey: %s sig: %x\n", msg0, kh, sig0)
|
|
|
|
t.Logf("msg: %x, privkey: %s sig: %x\n", msg1, kh, sig1)
|
2015-09-21 13:48:15 +00:00
|
|
|
}
|