go-ethereum/crypto/crypto_test.go

// Copyright 2014 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

package crypto

import (
	"bytes"
	"crypto/ecdsa"
	"encoding/hex"
	"fmt"
	"io/ioutil"
	"math/big"
	"os"
	"testing"
	"time"

	"github.com/ethereum/go-ethereum/common"
)

var testAddrHex = "970e8128ab834e8eac17ab8e3812f010678cf791"
var testPrivHex = "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"

// These tests are sanity checks.
// They should ensure that we don't e.g. use Sha3-224 instead of Sha3-256
// and that the sha3 library uses keccak-f permutation.
func TestSha3Hash(t *testing.T) {
	msg := []byte("abc")
	exp, _ := hex.DecodeString("4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45")
	checkhash(t, "Sha3-256-array", func(in []byte) []byte { h := Keccak256Hash(in); return h[:] }, msg, exp)
}

func BenchmarkSha3(b *testing.B) {
	a := []byte("hello world")
	amount := 1000000
	start := time.Now()
	for i := 0; i < amount; i++ {
		Keccak256(a)
	}

	fmt.Println(amount, ":", time.Since(start))
}

func TestSign(t *testing.T) {
	key, _ := HexToECDSA(testPrivHex)
	addr := common.HexToAddress(testAddrHex)

	msg := Keccak256([]byte("foo"))
	sig, err := Sign(msg, key)
	if err != nil {
		t.Errorf("Sign error: %s", err)
	}
	recoveredPub, err := Ecrecover(msg, sig)
	if err != nil {
		t.Errorf("ECRecover error: %s", err)
	}
	pubKey := ToECDSAPub(recoveredPub)
	recoveredAddr := PubkeyToAddress(*pubKey)
	if addr != recoveredAddr {
		t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr)
	}

	// should be equal to SigToPub
	recoveredPub2, err := SigToPub(msg, sig)
	if err != nil {
		t.Errorf("ECRecover error: %s", err)
	}
	recoveredAddr2 := PubkeyToAddress(*recoveredPub2)
	if addr != recoveredAddr2 {
		t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr2)
	}
}

func TestInvalidSign(t *testing.T) {
	if _, err := Sign(make([]byte, 1), nil); err == nil {
		t.Errorf("expected sign with hash 1 byte to error")
	}
	if _, err := Sign(make([]byte, 33), nil); err == nil {
		t.Errorf("expected sign with hash 33 byte to error")
	}
}

func TestNewContractAddress(t *testing.T) {
	key, _ := HexToECDSA(testPrivHex)
	addr := common.HexToAddress(testAddrHex)
	genAddr := PubkeyToAddress(key.PublicKey)
	// sanity check before using addr to create contract address
	checkAddr(t, genAddr, addr)

	caddr0 := CreateAddress(addr, 0)
	caddr1 := CreateAddress(addr, 1)
	caddr2 := CreateAddress(addr, 2)
	checkAddr(t, common.HexToAddress("333c3310824b7c685133f2bedb2ca4b8b4df633d"), caddr0)
	checkAddr(t, common.HexToAddress("8bda78331c916a08481428e4b07c96d3e916d165"), caddr1)
	checkAddr(t, common.HexToAddress("c9ddedf451bc62ce88bf9292afb13df35b670699"), caddr2)
}

func TestLoadECDSAFile(t *testing.T) {
	keyBytes := common.FromHex(testPrivHex)
	fileName0 := "test_key0"
	fileName1 := "test_key1"
	checkKey := func(k *ecdsa.PrivateKey) {
		checkAddr(t, PubkeyToAddress(k.PublicKey), common.HexToAddress(testAddrHex))
		loadedKeyBytes := FromECDSA(k)
		if !bytes.Equal(loadedKeyBytes, keyBytes) {
			t.Fatalf("private key mismatch: want: %x have: %x", keyBytes, loadedKeyBytes)
		}
	}

	ioutil.WriteFile(fileName0, []byte(testPrivHex), 0600)
	defer os.Remove(fileName0)

	key0, err := LoadECDSA(fileName0)
	if err != nil {
		t.Fatal(err)
	}
	checkKey(key0)

	// again, this time with SaveECDSA instead of manual save:
	err = SaveECDSA(fileName1, key0)
	if err != nil {
		t.Fatal(err)
	}
	defer os.Remove(fileName1)

	key1, err := LoadECDSA(fileName1)
	if err != nil {
		t.Fatal(err)
	}
	checkKey(key1)
}

func TestValidateSignatureValues(t *testing.T) {
	check := func(expected bool, v byte, r, s *big.Int) {
		if ValidateSignatureValues(v, r, s, false) != expected {
			t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected)
		}
	}
	minusOne := big.NewInt(-1)
	one := common.Big1
	zero := common.Big0
	secp256k1nMinus1 := new(big.Int).Sub(secp256k1_N, common.Big1)

	// correct v,r,s
	check(true, 0, one, one)
	check(true, 1, one, one)
	// incorrect v, correct r,s,
	check(false, 2, one, one)
	check(false, 3, one, one)

	// incorrect v, combinations of incorrect/correct r,s at lower limit
	check(false, 2, zero, zero)
	check(false, 2, zero, one)
	check(false, 2, one, zero)
	check(false, 2, one, one)

	// correct v for any combination of incorrect r,s
	check(false, 0, zero, zero)
	check(false, 0, zero, one)
	check(false, 0, one, zero)

	check(false, 1, zero, zero)
	check(false, 1, zero, one)
	check(false, 1, one, zero)

	// correct sig with max r,s
	check(true, 0, secp256k1nMinus1, secp256k1nMinus1)
	// correct v, combinations of incorrect r,s at upper limit
	check(false, 0, secp256k1_N, secp256k1nMinus1)
	check(false, 0, secp256k1nMinus1, secp256k1_N)
	check(false, 0, secp256k1_N, secp256k1_N)

	// current callers ensures r,s cannot be negative, but let's test for that too
	// as crypto package could be used stand-alone
	check(false, 0, minusOne, one)
	check(false, 0, one, minusOne)
}

func checkhash(t *testing.T, name string, f func([]byte) []byte, msg, exp []byte) {
	sum := f(msg)
	if !bytes.Equal(exp, sum) {
		t.Fatalf("hash %s mismatch: want: %x have: %x", name, exp, sum)
	}
}

func checkAddr(t *testing.T, addr0, addr1 common.Address) {
	if addr0 != addr1 {
		t.Fatalf("address mismatch: want: %x have: %x", addr0, addr1)
	}
}

// test to help Python team with integration of libsecp256k1
// skip but keep it after they are done
func TestPythonIntegration(t *testing.T) {
	kh := "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"
	k0, _ := HexToECDSA(kh)

	msg0 := Keccak256([]byte("foo"))
	sig0, _ := Sign(msg0, k0)

	msg1 := common.FromHex("00000000000000000000000000000000")
	sig1, _ := Sign(msg0, k0)

	t.Logf("msg: %x, privkey: %s sig: %x\n", msg0, kh, sig0)
	t.Logf("msg: %x, privkey: %s sig: %x\n", msg1, kh, sig1)
}
all: update license information 2015-07-07 02:54:22 +02:00			`// Copyright 2014 The go-ethereum Authors`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// This file is part of the go-ethereum library.`
all: update license information 2015-07-07 02:54:22 +02:00			`//`
all: fix license headers one more time I forgot to update one instance of "go-ethereum" in commit 3f047be5a. 2015-07-23 18:35:11 +02:00			`// The go-ethereum library is free software: you can redistribute it and/or modify`
all: update license information 2015-07-07 02:54:22 +02:00			`// it under the terms of the GNU Lesser General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// The go-ethereum library is distributed in the hope that it will be useful,`
all: update license information 2015-07-07 02:54:22 +02:00			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
all: update license information 2015-07-07 02:54:22 +02:00			`// GNU Lesser General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Lesser General Public License`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.`
all: update license information 2015-07-07 02:54:22 +02:00
ethcrypto => crypto 2014-10-31 12:37:43 +01:00			`package crypto`
Updated to latest sha3 implementation. Fixes #48 2014-09-07 10:07:51 +02:00
			`import (`
			`"bytes"`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`"crypto/ecdsa"`
ethcrypto: fix the tests The Sha3 test contained the wrong expected result. Note that the implementation hasn't changed, the test simply contained an outdated expected value that was valid for the previous implementation. 2014-10-29 18:35:33 +01:00			`"encoding/hex"`
pre-pow 2015-01-12 10:19:27 +01:00			`"fmt"`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`"io/ioutil"`
			`"math/big"`
			`"os"`
Updated to latest sha3 implementation. Fixes #48 2014-09-07 10:07:51 +02:00			`"testing"`
pre-pow 2015-01-12 10:19:27 +01:00			`"time"`
Added 0 key proof error Private key \x00\x00...\x00 returns the _exact_ same public key as \x11 \x11...\x11. Currently investigating. 2015-01-19 11:22:56 +01:00
Moved ethutil => common 2015-03-16 11:27:38 +01:00			`"github.com/ethereum/go-ethereum/common"`
Updated to latest sha3 implementation. Fixes #48 2014-09-07 10:07:51 +02:00			`)`

crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`var testAddrHex = "970e8128ab834e8eac17ab8e3812f010678cf791"`
			`var testPrivHex = "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"`

ethcrypto: fix the tests The Sha3 test contained the wrong expected result. Note that the implementation hasn't changed, the test simply contained an outdated expected value that was valid for the previous implementation. 2014-10-29 18:35:33 +01:00			`// These tests are sanity checks.`
			`// They should ensure that we don't e.g. use Sha3-224 instead of Sha3-256`
			`// and that the sha3 library uses keccak-f permutation.`
crypto: fix Sha3Hash and add a test for it 2015-03-17 01:32:35 +01:00			`func TestSha3Hash(t *testing.T) {`
			`msg := []byte("abc")`
			`exp, _ := hex.DecodeString("4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45")`
all: Rename crypto.Sha3{,Hash}() to crypto.Keccak256{,Hash}() As we aren't really using the standarized SHA-3 2016-02-21 18:40:27 +00:00			`checkhash(t, "Sha3-256-array", func(in []byte) []byte { h := Keccak256Hash(in); return h[:] }, msg, exp)`
crypto: fix Sha3Hash and add a test for it 2015-03-17 01:32:35 +01:00			`}`

pre-pow 2015-01-12 10:19:27 +01:00			`func BenchmarkSha3(b *testing.B) {`
			`a := []byte("hello world")`
			`amount := 1000000`
			`start := time.Now()`
			`for i := 0; i < amount; i++ {`
all: Rename crypto.Sha3{,Hash}() to crypto.Keccak256{,Hash}() As we aren't really using the standarized SHA-3 2016-02-21 18:40:27 +00:00			`Keccak256(a)`
pre-pow 2015-01-12 10:19:27 +01:00			`}`

			`fmt.Println(amount, ":", time.Since(start))`
			`}`
Added 0 key proof error Private key \x00\x00...\x00 returns the _exact_ same public key as \x11 \x11...\x11. Currently investigating. 2015-01-19 11:22:56 +01:00
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`func TestSign(t *testing.T) {`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`key, _ := HexToECDSA(testPrivHex)`
			`addr := common.HexToAddress(testAddrHex)`

all: Rename crypto.Sha3{,Hash}() to crypto.Keccak256{,Hash}() As we aren't really using the standarized SHA-3 2016-02-21 18:40:27 +00:00			`msg := Keccak256([]byte("foo"))`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`sig, err := Sign(msg, key)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`if err != nil {`
			`t.Errorf("Sign error: %s", err)`
			`}`
			`recoveredPub, err := Ecrecover(msg, sig)`
			`if err != nil {`
			`t.Errorf("ECRecover error: %s", err)`
			`}`
internal/ethapi: add personal_sign and fix eth_sign to hash message (#2940) This commit includes several API changes: - The behavior of eth_sign is changed. It now accepts an arbitrary message, prepends the well-known string \x19Ethereum Signed Message:\n<length of message> hashes the result using keccak256 and calculates the signature of the hash. This breaks backwards compatability! - personal_sign(hash, address [, password]) is added. It has the same semantics as eth_sign but also accepts a password. The private key used to sign the hash is temporarily unlocked in the scope of the request. - personal_recover(message, signature) is added and returns the address for the account that created a signature. 2016-10-28 21:25:49 +02:00			`pubKey := ToECDSAPub(recoveredPub)`
			`recoveredAddr := PubkeyToAddress(*pubKey)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`if addr != recoveredAddr {`
			`t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr)`
			`}`

			`// should be equal to SigToPub`
			`recoveredPub2, err := SigToPub(msg, sig)`
			`if err != nil {`
			`t.Errorf("ECRecover error: %s", err)`
			`}`
			`recoveredAddr2 := PubkeyToAddress(*recoveredPub2)`
			`if addr != recoveredAddr2 {`
			`t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr2)`
			`}`
internal/ethapi: add personal_sign and fix eth_sign to hash message (#2940) This commit includes several API changes: - The behavior of eth_sign is changed. It now accepts an arbitrary message, prepends the well-known string \x19Ethereum Signed Message:\n<length of message> hashes the result using keccak256 and calculates the signature of the hash. This breaks backwards compatability! - personal_sign(hash, address [, password]) is added. It has the same semantics as eth_sign but also accepts a password. The private key used to sign the hash is temporarily unlocked in the scope of the request. - personal_recover(message, signature) is added and returns the address for the account that created a signature. 2016-10-28 21:25:49 +02:00			`}`
Added 0 key proof error Private key \x00\x00...\x00 returns the _exact_ same public key as \x11 \x11...\x11. Currently investigating. 2015-01-19 11:22:56 +01:00
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`func TestInvalidSign(t *testing.T) {`
			`if _, err := Sign(make([]byte, 1), nil); err == nil {`
Pad private key when signing & length check for hashes in sign 2015-01-22 18:12:05 +01:00			`t.Errorf("expected sign with hash 1 byte to error")`
			`}`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`if _, err := Sign(make([]byte, 33), nil); err == nil {`
Pad private key when signing & length check for hashes in sign 2015-01-22 18:12:05 +01:00			`t.Errorf("expected sign with hash 33 byte to error")`
			`}`
			`}`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`func TestNewContractAddress(t *testing.T) {`
			`key, _ := HexToECDSA(testPrivHex)`
			`addr := common.HexToAddress(testAddrHex)`
			`genAddr := PubkeyToAddress(key.PublicKey)`
			`// sanity check before using addr to create contract address`
			`checkAddr(t, genAddr, addr)`

			`caddr0 := CreateAddress(addr, 0)`
			`caddr1 := CreateAddress(addr, 1)`
			`caddr2 := CreateAddress(addr, 2)`
			`checkAddr(t, common.HexToAddress("333c3310824b7c685133f2bedb2ca4b8b4df633d"), caddr0)`
			`checkAddr(t, common.HexToAddress("8bda78331c916a08481428e4b07c96d3e916d165"), caddr1)`
			`checkAddr(t, common.HexToAddress("c9ddedf451bc62ce88bf9292afb13df35b670699"), caddr2)`
			`}`

			`func TestLoadECDSAFile(t *testing.T) {`
			`keyBytes := common.FromHex(testPrivHex)`
			`fileName0 := "test_key0"`
			`fileName1 := "test_key1"`
			`checkKey := func(k *ecdsa.PrivateKey) {`
			`checkAddr(t, PubkeyToAddress(k.PublicKey), common.HexToAddress(testAddrHex))`
			`loadedKeyBytes := FromECDSA(k)`
			`if !bytes.Equal(loadedKeyBytes, keyBytes) {`
			`t.Fatalf("private key mismatch: want: %x have: %x", keyBytes, loadedKeyBytes)`
			`}`
			`}`

			`ioutil.WriteFile(fileName0, []byte(testPrivHex), 0600)`
			`defer os.Remove(fileName0)`

			`key0, err := LoadECDSA(fileName0)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`checkKey(key0)`

			`// again, this time with SaveECDSA instead of manual save:`
			`err = SaveECDSA(fileName1, key0)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer os.Remove(fileName1)`

			`key1, err := LoadECDSA(fileName1)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`checkKey(key1)`
			`}`

			`func TestValidateSignatureValues(t *testing.T) {`
			`check := func(expected bool, v byte, r, s *big.Int) {`
parmas, crypto, core, core/vm: homestead consensus protocol changes * change gas cost for contract creating txs * invalidate signature with s value greater than secp256k1 N / 2 * OOG contract creation if not enough gas to store code * new difficulty adjustment algorithm * new DELEGATECALL op code 2015-11-27 15:40:29 +01:00			`if ValidateSignatureValues(v, r, s, false) != expected {`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected)`
			`}`
			`}`
			`minusOne := big.NewInt(-1)`
			`one := common.Big1`
			`zero := common.Big0`
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160 2017-02-18 09:24:12 +01:00			`secp256k1nMinus1 := new(big.Int).Sub(secp256k1_N, common.Big1)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`// correct v,r,s`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(true, 0, one, one)`
			`check(true, 1, one, one)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`// incorrect v, correct r,s,`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(false, 2, one, one)`
			`check(false, 3, one, one)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`// incorrect v, combinations of incorrect/correct r,s at lower limit`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(false, 2, zero, zero)`
			`check(false, 2, zero, one)`
			`check(false, 2, one, zero)`
			`check(false, 2, one, one)`

			`// correct v for any combination of incorrect r,s`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`check(false, 0, zero, zero)`
			`check(false, 0, zero, one)`
			`check(false, 0, one, zero)`

accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(false, 1, zero, zero)`
			`check(false, 1, zero, one)`
			`check(false, 1, one, zero)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`// correct sig with max r,s`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(true, 0, secp256k1nMinus1, secp256k1nMinus1)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`// correct v, combinations of incorrect r,s at upper limit`
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160 2017-02-18 09:24:12 +01:00			`check(false, 0, secp256k1_N, secp256k1nMinus1)`
			`check(false, 0, secp256k1nMinus1, secp256k1_N)`
			`check(false, 0, secp256k1_N, secp256k1_N)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`// current callers ensures r,s cannot be negative, but let's test for that too`
			`// as crypto package could be used stand-alone`
accounts, core, crypto, internal: use normalised V during signature handling (#3455) To address increasing complexity in code that handles signatures, this PR discards all notion of "different" signature types at the library level. Both the crypto and accounts package is reduced to only be able to produce plain canonical secp256k1 signatures. This makes the crpyto APIs much cleaner, simpler and harder to abuse. 2017-01-05 12:35:23 +02:00			`check(false, 0, minusOne, one)`
			`check(false, 0, one, minusOne)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`}`

			`func checkhash(t *testing.T, name string, f func([]byte) []byte, msg, exp []byte) {`
			`sum := f(msg)`
all: fix issues reported by honnef.co/go/simple/cmd/gosimple 2017-01-06 16:44:20 +01:00			`if !bytes.Equal(exp, sum) {`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`t.Fatalf("hash %s mismatch: want: %x have: %x", name, exp, sum)`
			`}`
			`}`

			`func checkAddr(t *testing.T, addr0, addr1 common.Address) {`
			`if addr0 != addr1 {`
			`t.Fatalf("address mismatch: want: %x have: %x", addr0, addr1)`
			`}`
			`}`

			`// test to help Python team with integration of libsecp256k1`
			`// skip but keep it after they are done`
			`func TestPythonIntegration(t *testing.T) {`
			`kh := "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032"`
			`k0, _ := HexToECDSA(kh)`

all: Rename crypto.Sha3{,Hash}() to crypto.Keccak256{,Hash}() As we aren't really using the standarized SHA-3 2016-02-21 18:40:27 +00:00			`msg0 := Keccak256([]byte("foo"))`
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160 2017-02-18 09:24:12 +01:00			`sig0, _ := Sign(msg0, k0)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
			`msg1 := common.FromHex("00000000000000000000000000000000")`
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160 2017-02-18 09:24:12 +01:00			`sig1, _ := Sign(msg0, k0)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00
crypto: add btcec fallback for sign/recover without cgo (#3680) * vendor: add github.com/btcsuite/btcd/btcec * crypto: add btcec fallback for sign/recover without cgo This commit adds a non-cgo fallback implementation of secp256k1 operations. * crypto, core/vm: remove wrappers for sha256, ripemd160 2017-02-18 09:24:12 +01:00			`t.Logf("msg: %x, privkey: %s sig: %x\n", msg0, kh, sig0)`
			`t.Logf("msg: %x, privkey: %s sig: %x\n", msg1, kh, sig1)`
crypto: correct sig validation, add more unit tests 2015-09-21 15:48:15 +02:00			`}`