tendermint/crypto/secp256k1/secp256k1_test.go

package secp256k1_test

import (
	"encoding/hex"
	"math/big"
	"testing"

	"github.com/btcsuite/btcutil/base58"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/tendermint/tendermint/crypto"
	"github.com/tendermint/tendermint/crypto/secp256k1"

	underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"
)

type keyData struct {
	priv string
	pub  string
	addr string
}

var secpDataTable = []keyData{
	{
		priv: "a96e62ed3955e65be32703f12d87b6b5cf26039ecfa948dc5107a495418e5330",
		pub:  "02950e1cdfcb133d6024109fd489f734eeb4502418e538c28481f22bce276f248c",
		addr: "1CKZ9Nx4zgds8tU7nJHotKSDr4a9bYJCa3",
	},
}

func TestPubKeySecp256k1Address(t *testing.T) {
	for _, d := range secpDataTable {
		privB, _ := hex.DecodeString(d.priv)
		pubB, _ := hex.DecodeString(d.pub)
		addrBbz, _, _ := base58.CheckDecode(d.addr)
		addrB := crypto.Address(addrBbz)

		var priv secp256k1.PrivKeySecp256k1
		copy(priv[:], privB)

		pubKey := priv.PubKey()
		pubT, _ := pubKey.(secp256k1.PubKeySecp256k1)
		pub := pubT[:]
		addr := pubKey.Address()

		assert.Equal(t, pub, pubB, "Expected pub keys to match")
		assert.Equal(t, addr, addrB, "Expected addresses to match")
	}
}

func TestSignAndValidateSecp256k1(t *testing.T) {
	privKey := secp256k1.GenPrivKey()
	pubKey := privKey.PubKey()

	msg := crypto.CRandBytes(128)
	sig, err := privKey.Sign(msg)
	require.Nil(t, err)

	assert.True(t, pubKey.VerifyBytes(msg, sig))

	// Mutate the signature, just one bit.
	sig[3] ^= byte(0x01)

	assert.False(t, pubKey.VerifyBytes(msg, sig))
}

// This test is intended to justify the removal of calls to the underlying library
// in creating the privkey.
func TestSecp256k1LoadPrivkeyAndSerializeIsIdentity(t *testing.T) {
	numberOfTests := 256
	for i := 0; i < numberOfTests; i++ {
		// Seed the test case with some random bytes
		privKeyBytes := [32]byte{}
		copy(privKeyBytes[:], crypto.CRandBytes(32))

		// This function creates a private and public key in the underlying libraries format.
		// The private key is basically calling new(big.Int).SetBytes(pk), which removes leading zero bytes
		priv, _ := underlyingSecp256k1.PrivKeyFromBytes(underlyingSecp256k1.S256(), privKeyBytes[:])
		// this takes the bytes returned by `(big int).Bytes()`, and if the length is less than 32 bytes,
		// pads the bytes from the left with zero bytes. Therefore these two functions composed
		// result in the identity function on privKeyBytes, hence the following equality check
		// always returning true.
		serializedBytes := priv.Serialize()
		require.Equal(t, privKeyBytes[:], serializedBytes)
	}
}

func TestGenPrivKeySecp256k1(t *testing.T) {
	// curve oder N
	N := underlyingSecp256k1.S256().N
	tests := []struct {
		name   string
		secret []byte
	}{
		{"empty secret", []byte{}},
		{"some long secret", []byte("We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.")},
		{"another seed used in cosmos tests #1", []byte{0}},
		{"another seed used in cosmos tests #2", []byte("mySecret")},
		{"another seed used in cosmos tests #3", []byte("")},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			gotPrivKey := secp256k1.GenPrivKeySecp256k1(tt.secret)
			require.NotNil(t, gotPrivKey)
			// interpret as a big.Int and make sure it is a valid field element:
			fe := new(big.Int).SetBytes(gotPrivKey[:])
			require.True(t, fe.Cmp(N) < 0)
			require.True(t, fe.Sign() > 0)
		})
	}
}
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`package secp256k1_test`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00
			`import (`
			`"encoding/hex"`
Fixes tendermint/tendermint#3439 * make sure we create valid private keys: - genPrivKey samples and rejects invalid fieldelems (like libsecp256k1) - GenPrivKeySecp256k1 uses `(sha(secret) mod (n − 1)) + 1` - fix typo, rename test file: s/secpk256k1/secp256k1/ * Update crypto/secp256k1/secp256k1.go 2019-04-01 19:45:57 -04:00			`"math/big"`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00			`"testing"`

			`"github.com/btcsuite/btcutil/base58"`
			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00
			`"github.com/tendermint/tendermint/crypto"`
			`"github.com/tendermint/tendermint/crypto/secp256k1"`
crypto/secp256k1: Add godocs, remove indirection in privkeys (#2017) * crypto/secp256k1: Add godocs, remove indirection in privkeys The following was previously done for creating secp256k1 private keys: First obtain privkey bytes. Then create a private key in the underlying library, with scalar exponent equal to privKeyBytes. (The method called was secp256k1.PrivKeyFromBytes, https://github.com/btcsuite/btcd/blob/fb90c334dffc6c91843d8d36ac31e7f7eb6c7594/btcec/privkey.go#L21) Then the private key was serialized using the underlying library, which just returns back the bytes that comprised the scalar exponent, but padded to be exactly 32 bytes. https://github.com/btcsuite/btcd/blob/fb90c334dffc6c91843d8d36ac31e7f7eb6c7594/btcec/privkey.go#L70 Thus the entire indirection of calling the underlying library can be avoided by just ensuring that we pass in a 32 byte value. A test case has even be written to show this more clearly in review. * crypto/secp256k1: Address PR comments Squash this commit * crypto: Remove note about re-registering amino paths when unnecessary. This commit should be squashed. 2018-07-20 21:52:04 -07:00
Use ethereum's secp256k1 lib (#3234) * switch from fork (tendermint/btcd) to orig package (btcsuite/btcd); also - remove obsolete check in test `size != -1` is always true - WIP as the serialization still needs to be wrapped * WIP: wrap signature & privkey, pubkey needs to be wrapped as well * wrap pubkey too * use "github.com/ethereum/go-ethereum/crypto/secp256k1" if cgo is available, else use "github.com/btcsuite/btcd/btcec" and take care of lower-S when verifying Annoyingly, had to disable pruning when importing github.com/ethereum/go-ethereum/ :-/ * update comment * update comment * emulate signature_nocgo.go for additional benchmarks: https://github.com/ethereum/go-ethereum/blob/592bf6a59cac9697f0491b24e5093cb759d7e44c/crypto/signature_nocgo.go#L60-L76 * use our format (r \|\| s) in lower-s form when in the non-cgo case * remove comment about using the C library directly * vendor github.com/btcsuite/btcd too * Add test for the !cgo case * update changelog pending Closes #3162 #3163 Refs #1958, #2091, tendermint/btcd#1 2019-02-04 09:24:54 +01:00			`underlyingSecp256k1 "github.com/btcsuite/btcd/btcec"`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00			`)`

			`type keyData struct {`
			`priv string`
			`pub string`
			`addr string`
			`}`

			`var secpDataTable = []keyData{`
			`{`
			`priv: "a96e62ed3955e65be32703f12d87b6b5cf26039ecfa948dc5107a495418e5330",`
			`pub: "02950e1cdfcb133d6024109fd489f734eeb4502418e538c28481f22bce276f248c",`
			`addr: "1CKZ9Nx4zgds8tU7nJHotKSDr4a9bYJCa3",`
			`},`
			`}`

			`func TestPubKeySecp256k1Address(t *testing.T) {`
			`for _, d := range secpDataTable {`
			`privB, _ := hex.DecodeString(d.priv)`
			`pubB, _ := hex.DecodeString(d.pub)`
			`addrBbz, _, _ := base58.CheckDecode(d.addr)`
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`addrB := crypto.Address(addrBbz)`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`var priv secp256k1.PrivKeySecp256k1`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00			`copy(priv[:], privB)`

			`pubKey := priv.PubKey()`
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`pubT, _ := pubKey.(secp256k1.PubKeySecp256k1)`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00			`pub := pubT[:]`
			`addr := pubKey.Address()`

			`assert.Equal(t, pub, pubB, "Expected pub keys to match")`
			`assert.Equal(t, addr, addrB, "Expected addresses to match")`
			`}`
			`}`

crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`func TestSignAndValidateSecp256k1(t *testing.T) {`
crypto: Remove Ed25519 and Secp256k1 suffix on GenPrivKey 2018-07-20 10:44:21 -07:00			`privKey := secp256k1.GenPrivKey()`
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00			`pubKey := privKey.PubKey()`

			`msg := crypto.CRandBytes(128)`
			`sig, err := privKey.Sign(msg)`
			`require.Nil(t, err)`

			`assert.True(t, pubKey.VerifyBytes(msg, sig))`

			`// Mutate the signature, just one bit.`
crypto: Remove interface from crypto.Signature Signatures are now []byte, which saves on the number of bytes after amino encoding (squash this) address Ismail's comment 2018-08-01 17:02:05 -07:00			`sig[3] ^= byte(0x01)`
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956 2018-07-18 08:38:44 -07:00
			`assert.False(t, pubKey.VerifyBytes(msg, sig))`
mv go-crypto files to crypto dir 2018-06-20 15:30:44 -07:00			`}`
crypto/secp256k1: Add godocs, remove indirection in privkeys (#2017) * crypto/secp256k1: Add godocs, remove indirection in privkeys The following was previously done for creating secp256k1 private keys: First obtain privkey bytes. Then create a private key in the underlying library, with scalar exponent equal to privKeyBytes. (The method called was secp256k1.PrivKeyFromBytes, https://github.com/btcsuite/btcd/blob/fb90c334dffc6c91843d8d36ac31e7f7eb6c7594/btcec/privkey.go#L21) Then the private key was serialized using the underlying library, which just returns back the bytes that comprised the scalar exponent, but padded to be exactly 32 bytes. https://github.com/btcsuite/btcd/blob/fb90c334dffc6c91843d8d36ac31e7f7eb6c7594/btcec/privkey.go#L70 Thus the entire indirection of calling the underlying library can be avoided by just ensuring that we pass in a 32 byte value. A test case has even be written to show this more clearly in review. * crypto/secp256k1: Address PR comments Squash this commit * crypto: Remove note about re-registering amino paths when unnecessary. This commit should be squashed. 2018-07-20 21:52:04 -07:00
			`// This test is intended to justify the removal of calls to the underlying library`
			`// in creating the privkey.`
			`func TestSecp256k1LoadPrivkeyAndSerializeIsIdentity(t *testing.T) {`
			`numberOfTests := 256`
			`for i := 0; i < numberOfTests; i++ {`
			`// Seed the test case with some random bytes`
			`privKeyBytes := [32]byte{}`
			`copy(privKeyBytes[:], crypto.CRandBytes(32))`

			`// This function creates a private and public key in the underlying libraries format.`
			`// The private key is basically calling new(big.Int).SetBytes(pk), which removes leading zero bytes`
			`priv, _ := underlyingSecp256k1.PrivKeyFromBytes(underlyingSecp256k1.S256(), privKeyBytes[:])`
			// this takes the bytes returned by `(big int).Bytes()`, and if the length is less than 32 bytes,
			`// pads the bytes from the left with zero bytes. Therefore these two functions composed`
			`// result in the identity function on privKeyBytes, hence the following equality check`
			`// always returning true.`
			`serializedBytes := priv.Serialize()`
			`require.Equal(t, privKeyBytes[:], serializedBytes)`
			`}`
			`}`
Fixes tendermint/tendermint#3439 * make sure we create valid private keys: - genPrivKey samples and rejects invalid fieldelems (like libsecp256k1) - GenPrivKeySecp256k1 uses `(sha(secret) mod (n − 1)) + 1` - fix typo, rename test file: s/secpk256k1/secp256k1/ * Update crypto/secp256k1/secp256k1.go 2019-04-01 19:45:57 -04:00
			`func TestGenPrivKeySecp256k1(t *testing.T) {`
			`// curve oder N`
			`N := underlyingSecp256k1.S256().N`
			`tests := []struct {`
			`name string`
			`secret []byte`
			`}{`
			`{"empty secret", []byte{}},`
			`{"some long secret", []byte("We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.")},`
			`{"another seed used in cosmos tests #1", []byte{0}},`
			`{"another seed used in cosmos tests #2", []byte("mySecret")},`
			`{"another seed used in cosmos tests #3", []byte("")},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`gotPrivKey := secp256k1.GenPrivKeySecp256k1(tt.secret)`
			`require.NotNil(t, gotPrivKey)`
			`// interpret as a big.Int and make sure it is a valid field element:`
			`fe := new(big.Int).SetBytes(gotPrivKey[:])`
			`require.True(t, fe.Cmp(N) < 0)`
			`require.True(t, fe.Sign() > 0)`
			`})`
			`}`
			`}`