go-ethereum/crypto/secp256k1/secp256_test.go

// Copyright 2015 The go-ethereum Authors
// This file is part of the go-ethereum library.
//
// The go-ethereum library is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The go-ethereum library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.

package secp256k1

import (
	"bytes"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"encoding/hex"
	"testing"

	"github.com/ethereum/go-ethereum/common/math"
	"github.com/ethereum/go-ethereum/crypto/randentropy"
)

const TestCount = 1000

func generateKeyPair() (pubkey, privkey []byte) {
	key, err := ecdsa.GenerateKey(S256(), rand.Reader)
	if err != nil {
		panic(err)
	}
	pubkey = elliptic.Marshal(S256(), key.X, key.Y)
	return pubkey, math.PaddedBigBytes(key.D, 32)
}

func randSig() []byte {
	sig := randentropy.GetEntropyCSPRNG(65)
	sig[32] &= 0x70
	sig[64] %= 4
	return sig
}

// tests for malleability
// highest bit of signature ECDSA s value must be 0, in the 33th byte
func compactSigCheck(t *testing.T, sig []byte) {
	var b int = int(sig[32])
	if b < 0 {
		t.Errorf("highest bit is negative: %d", b)
	}
	if ((b >> 7) == 1) != ((b & 0x80) == 0x80) {
		t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7)
	}
	if (b & 0x80) == 0x80 {
		t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80)
	}
}

func TestSignatureValidity(t *testing.T) {
	pubkey, seckey := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)
	sig, err := Sign(msg, seckey)
	if err != nil {
		t.Errorf("signature error: %s", err)
	}
	compactSigCheck(t, sig)
	if len(pubkey) != 65 {
		t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey))
	}
	if len(seckey) != 32 {
		t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey))
	}
	if len(sig) != 65 {
		t.Errorf("sig length mismatch: want: 65 have: %d", len(sig))
	}
	recid := int(sig[64])
	if recid > 4 || recid < 0 {
		t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64]))
	}
}

func TestInvalidRecoveryID(t *testing.T) {
	_, seckey := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)
	sig, _ := Sign(msg, seckey)
	sig[64] = 99
	_, err := RecoverPubkey(msg, sig)
	if err != ErrInvalidRecoveryID {
		t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID)
	}
}

func TestSignAndRecover(t *testing.T) {
	pubkey1, seckey := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)
	sig, err := Sign(msg, seckey)
	if err != nil {
		t.Errorf("signature error: %s", err)
	}
	pubkey2, err := RecoverPubkey(msg, sig)
	if err != nil {
		t.Errorf("recover error: %s", err)
	}
	if !bytes.Equal(pubkey1, pubkey2) {
		t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
	}
}

func TestSignDeterministic(t *testing.T) {
	_, seckey := generateKeyPair()
	msg := make([]byte, 32)
	copy(msg, "hi there")

	sig1, err := Sign(msg, seckey)
	if err != nil {
		t.Fatal(err)
	}
	sig2, err := Sign(msg, seckey)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(sig1, sig2) {
		t.Fatal("signatures not equal")
	}
}

func TestRandomMessagesWithSameKey(t *testing.T) {
	pubkey, seckey := generateKeyPair()
	keys := func() ([]byte, []byte) {
		return pubkey, seckey
	}
	signAndRecoverWithRandomMessages(t, keys)
}

func TestRandomMessagesWithRandomKeys(t *testing.T) {
	keys := func() ([]byte, []byte) {
		pubkey, seckey := generateKeyPair()
		return pubkey, seckey
	}
	signAndRecoverWithRandomMessages(t, keys)
}

func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) {
	for i := 0; i < TestCount; i++ {
		pubkey1, seckey := keys()
		msg := randentropy.GetEntropyCSPRNG(32)
		sig, err := Sign(msg, seckey)
		if err != nil {
			t.Fatalf("signature error: %s", err)
		}
		if sig == nil {
			t.Fatal("signature is nil")
		}
		compactSigCheck(t, sig)

		// TODO: why do we flip around the recovery id?
		sig[len(sig)-1] %= 4

		pubkey2, err := RecoverPubkey(msg, sig)
		if err != nil {
			t.Fatalf("recover error: %s", err)
		}
		if pubkey2 == nil {
			t.Error("pubkey is nil")
		}
		if !bytes.Equal(pubkey1, pubkey2) {
			t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
		}
	}
}

func TestRecoveryOfRandomSignature(t *testing.T) {
	pubkey1, _ := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)

	for i := 0; i < TestCount; i++ {
		// recovery can sometimes work, but if so should always give wrong pubkey
		pubkey2, _ := RecoverPubkey(msg, randSig())
		if bytes.Equal(pubkey1, pubkey2) {
			t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)
		}
	}
}

func TestRandomMessagesAgainstValidSig(t *testing.T) {
	pubkey1, seckey := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)
	sig, _ := Sign(msg, seckey)

	for i := 0; i < TestCount; i++ {
		msg = randentropy.GetEntropyCSPRNG(32)
		pubkey2, _ := RecoverPubkey(msg, sig)
		// recovery can sometimes work, but if so should always give wrong pubkey
		if bytes.Equal(pubkey1, pubkey2) {
			t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)
		}
	}
}

// Useful when the underlying libsecp256k1 API changes to quickly
// check only recover function without use of signature function
func TestRecoverSanity(t *testing.T) {
	msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008")
	sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301")
	pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652")
	pubkey2, err := RecoverPubkey(msg, sig)
	if err != nil {
		t.Fatalf("recover error: %s", err)
	}
	if !bytes.Equal(pubkey1, pubkey2) {
		t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)
	}
}

func BenchmarkSign(b *testing.B) {
	_, seckey := generateKeyPair()
	msg := randentropy.GetEntropyCSPRNG(32)
	b.ResetTimer()

	for i := 0; i < b.N; i++ {
		Sign(msg, seckey)
	}
}

func BenchmarkRecover(b *testing.B) {
	msg := randentropy.GetEntropyCSPRNG(32)
	_, seckey := generateKeyPair()
	sig, _ := Sign(msg, seckey)
	b.ResetTimer()

	for i := 0; i < b.N; i++ {
		RecoverPubkey(msg, sig)
	}
}
all: update license information 2015-07-07 02:54:22 +02:00			`// Copyright 2015 The go-ethereum Authors`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// This file is part of the go-ethereum library.`
all: update license information 2015-07-07 02:54:22 +02:00			`//`
all: fix license headers one more time I forgot to update one instance of "go-ethereum" in commit 3f047be5a. 2015-07-23 18:35:11 +02:00			`// The go-ethereum library is free software: you can redistribute it and/or modify`
all: update license information 2015-07-07 02:54:22 +02:00			`// it under the terms of the GNU Lesser General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// The go-ethereum library is distributed in the hope that it will be useful,`
all: update license information 2015-07-07 02:54:22 +02:00			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
all: update license information 2015-07-07 02:54:22 +02:00			`// GNU Lesser General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Lesser General Public License`
all: update license headers to distiguish GPL/LGPL All code outside of cmd/ is licensed as LGPL. The headers now reflect this by calling the whole work "the go-ethereum library". 2015-07-22 18:48:40 +02:00			`// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.`
all: update license information 2015-07-07 02:54:22 +02:00
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`package secp256k1`

			`import (`
			`"bytes"`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`"encoding/hex"`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`"testing"`
Added invalid sec key test 2015-02-16 13:19:57 +01:00
all: unify big.Int zero checks, use common/math in more places (#3716) * common/math: optimize PaddedBigBytes, use it more name old time/op new time/op delta PaddedBigBytes-8 71.1ns ± 5% 46.1ns ± 1% -35.15% (p=0.000 n=20+19) name old alloc/op new alloc/op delta PaddedBigBytes-8 48.0B ± 0% 32.0B ± 0% -33.33% (p=0.000 n=20+20) * all: unify big.Int zero checks Various checks were in use. This commit replaces them all with Int.Sign, which is cheaper and less code. eg templates: func before(x big.Int) bool { return x.BitLen() == 0 } func after(x big.Int) bool { return x.Sign() == 0 } func before(x big.Int) bool { return x.BitLen() > 0 } func after(x big.Int) bool { return x.Sign() != 0 } func before(x big.Int) int { return x.Cmp(common.Big0) } func after(x big.Int) int { return x.Sign() } * common/math, crypto/secp256k1: make ReadBits public in package math 2017-02-28 15:09:11 +01:00			`"github.com/ethereum/go-ethereum/common/math"`
Added invalid sec key test 2015-02-16 13:19:57 +01:00			`"github.com/ethereum/go-ethereum/crypto/randentropy"`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`)`

crypto, crypto/ecies, crypto/secp256k1: libsecp256k1 scalar mult thanks to Felix Lange (fjl) for help with design & impl 2015-09-29 19:37:44 +02:00			`const TestCount = 1000`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`func generateKeyPair() (pubkey, privkey []byte) {`
			`key, err := ecdsa.GenerateKey(S256(), rand.Reader)`
			`if err != nil {`
			`panic(err)`
			`}`
			`pubkey = elliptic.Marshal(S256(), key.X, key.Y)`
all: unify big.Int zero checks, use common/math in more places (#3716) * common/math: optimize PaddedBigBytes, use it more name old time/op new time/op delta PaddedBigBytes-8 71.1ns ± 5% 46.1ns ± 1% -35.15% (p=0.000 n=20+19) name old alloc/op new alloc/op delta PaddedBigBytes-8 48.0B ± 0% 32.0B ± 0% -33.33% (p=0.000 n=20+20) * all: unify big.Int zero checks Various checks were in use. This commit replaces them all with Int.Sign, which is cheaper and less code. eg templates: func before(x big.Int) bool { return x.BitLen() == 0 } func after(x big.Int) bool { return x.Sign() == 0 } func before(x big.Int) bool { return x.BitLen() > 0 } func after(x big.Int) bool { return x.Sign() != 0 } func before(x big.Int) int { return x.Cmp(common.Big0) } func after(x big.Int) int { return x.Sign() } * common/math, crypto/secp256k1: make ReadBits public in package math 2017-02-28 15:09:11 +01:00			`return pubkey, math.PaddedBigBytes(key.D, 32)`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`}`

			`func randSig() []byte {`
			`sig := randentropy.GetEntropyCSPRNG(65)`
			`sig[32] &= 0x70`
			`sig[64] %= 4`
			`return sig`
			`}`

			`// tests for malleability`
			`// highest bit of signature ECDSA s value must be 0, in the 33th byte`
			`func compactSigCheck(t *testing.T, sig []byte) {`
			`var b int = int(sig[32])`
			`if b < 0 {`
			`t.Errorf("highest bit is negative: %d", b)`
			`}`
			`if ((b >> 7) == 1) != ((b & 0x80) == 0x80) {`
			`t.Errorf("highest bit: %d bit >> 7: %d", b, b>>7)`
			`}`
			`if (b & 0x80) == 0x80 {`
			`t.Errorf("highest bit: %d bit & 0x80: %d", b, b&0x80)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestSignatureValidity(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey, seckey := generateKeyPair()`
Remove the awesome, ever misunderstood entropy mixing 2015-04-02 17:02:56 +02:00			`msg := randentropy.GetEntropyCSPRNG(32)`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`sig, err := Sign(msg, seckey)`
			`if err != nil {`
			`t.Errorf("signature error: %s", err)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`compactSigCheck(t, sig)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`if len(pubkey) != 65 {`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`t.Errorf("pubkey length mismatch: want: 65 have: %d", len(pubkey))`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`if len(seckey) != 32 {`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`t.Errorf("seckey length mismatch: want: 32 have: %d", len(seckey))`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`if len(sig) != 65 {`
			`t.Errorf("sig length mismatch: want: 65 have: %d", len(sig))`
			`}`
			`recid := int(sig[64])`
			`if recid > 4 \|\| recid < 0 {`
			`t.Errorf("sig recid mismatch: want: within 0 to 4 have: %d", int(sig[64]))`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`

crypto/secp256k1: verify recovery ID before calling libsecp256k1 The C library treats the recovery ID as trusted input and crashes the process for invalid values, so it needs to be verified before calling into C. This will inhibit the crash in #1983. Also remove VerifySignature because we don't use it. 2015-11-16 17:11:26 +01:00			`func TestInvalidRecoveryID(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`_, seckey := generateKeyPair()`
crypto/secp256k1: verify recovery ID before calling libsecp256k1 The C library treats the recovery ID as trusted input and crashes the process for invalid values, so it needs to be verified before calling into C. This will inhibit the crash in #1983. Also remove VerifySignature because we don't use it. 2015-11-16 17:11:26 +01:00			`msg := randentropy.GetEntropyCSPRNG(32)`
			`sig, _ := Sign(msg, seckey)`
			`sig[64] = 99`
			`_, err := RecoverPubkey(msg, sig)`
			`if err != ErrInvalidRecoveryID {`
			`t.Fatalf("got %q, want %q", err, ErrInvalidRecoveryID)`
			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestSignAndRecover(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey1, seckey := generateKeyPair()`
Remove the awesome, ever misunderstood entropy mixing 2015-04-02 17:02:56 +02:00			`msg := randentropy.GetEntropyCSPRNG(32)`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`sig, err := Sign(msg, seckey)`
			`if err != nil {`
			`t.Errorf("signature error: %s", err)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`pubkey2, err := RecoverPubkey(msg, sig)`
			`if err != nil {`
			`t.Errorf("recover error: %s", err)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`if !bytes.Equal(pubkey1, pubkey2) {`
			`t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`

crypto/secp256k1: sign with deterministic K (rfc6979) (#3561) 2017-01-22 23:28:47 +01:00			`func TestSignDeterministic(t *testing.T) {`
			`_, seckey := generateKeyPair()`
			`msg := make([]byte, 32)`
			`copy(msg, "hi there")`

			`sig1, err := Sign(msg, seckey)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`sig2, err := Sign(msg, seckey)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if !bytes.Equal(sig1, sig2) {`
			`t.Fatal("signatures not equal")`
			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestRandomMessagesWithSameKey(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey, seckey := generateKeyPair()`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`keys := func() ([]byte, []byte) {`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`return pubkey, seckey`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`signAndRecoverWithRandomMessages(t, keys)`
			`}`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestRandomMessagesWithRandomKeys(t *testing.T) {`
			`keys := func() ([]byte, []byte) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey, seckey := generateKeyPair()`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`return pubkey, seckey`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`signAndRecoverWithRandomMessages(t, keys)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func signAndRecoverWithRandomMessages(t *testing.T, keys func() ([]byte, []byte)) {`
			`for i := 0; i < TestCount; i++ {`
			`pubkey1, seckey := keys()`
Remove the awesome, ever misunderstood entropy mixing 2015-04-02 17:02:56 +02:00			`msg := randentropy.GetEntropyCSPRNG(32)`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`sig, err := Sign(msg, seckey)`
			`if err != nil {`
			`t.Fatalf("signature error: %s", err)`
			`}`
			`if sig == nil {`
			`t.Fatal("signature is nil")`
			`}`
			`compactSigCheck(t, sig)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`// TODO: why do we flip around the recovery id?`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`sig[len(sig)-1] %= 4`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00
			`pubkey2, err := RecoverPubkey(msg, sig)`
			`if err != nil {`
			`t.Fatalf("recover error: %s", err)`
			`}`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`if pubkey2 == nil {`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`t.Error("pubkey is nil")`
			`}`
			`if !bytes.Equal(pubkey1, pubkey2) {`
			`t.Fatalf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestRecoveryOfRandomSignature(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey1, _ := generateKeyPair()`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`msg := randentropy.GetEntropyCSPRNG(32)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`for i := 0; i < TestCount; i++ {`
			`// recovery can sometimes work, but if so should always give wrong pubkey`
all: fix ineffectual assignments and remove uses of crypto.Sha3 go get github.com/gordonklaus/ineffassign ineffassign . 2017-01-09 11:16:06 +01:00			`pubkey2, _ := RecoverPubkey(msg, randSig())`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`if bytes.Equal(pubkey1, pubkey2) {`
			`t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func TestRandomMessagesAgainstValidSig(t *testing.T) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`pubkey1, seckey := generateKeyPair()`
Remove the awesome, ever misunderstood entropy mixing 2015-04-02 17:02:56 +02:00			`msg := randentropy.GetEntropyCSPRNG(32)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`sig, _ := Sign(msg, seckey)`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`for i := 0; i < TestCount; i++ {`
			`msg = randentropy.GetEntropyCSPRNG(32)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`pubkey2, _ := RecoverPubkey(msg, sig)`
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`// recovery can sometimes work, but if so should always give wrong pubkey`
			`if bytes.Equal(pubkey1, pubkey2) {`
			`t.Fatalf("iteration: %d: pubkey mismatch: do NOT want %x: ", i, pubkey2)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`
			`}`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`// Useful when the underlying libsecp256k1 API changes to quickly`
			`// check only recover function without use of signature function`
			`func TestRecoverSanity(t *testing.T) {`
			`msg, _ := hex.DecodeString("ce0677bb30baa8cf067c88db9811f4333d131bf8bcf12fe7065d211dce971008")`
			`sig, _ := hex.DecodeString("90f27b8b488db00b00606796d2987f6a5f59ae62ea05effe84fef5b8b0e549984a691139ad57a3f0b906637673aa2f63d1f55cb1a69199d4009eea23ceaddc9301")`
			`pubkey1, _ := hex.DecodeString("04e32df42865e97135acfb65f3bae71bdc86f4d49150ad6a440b6f15878109880a0a2b2667f7e725ceea70c673093bf67663e0312623c8e091b13cf2c0f11ef652")`
			`pubkey2, err := RecoverPubkey(msg, sig)`
			`if err != nil {`
			`t.Fatalf("recover error: %s", err)`
			`}`
			`if !bytes.Equal(pubkey1, pubkey2) {`
			`t.Errorf("pubkey mismatch: want: %x have: %x", pubkey1, pubkey2)`
			`}`
			`}`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func BenchmarkSign(b *testing.B) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`_, seckey := generateKeyPair()`
			`msg := randentropy.GetEntropyCSPRNG(32)`
			`b.ResetTimer()`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`for i := 0; i < b.N; i++ {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`Sign(msg, seckey)`
Moved `obscuren` secp256k1-go 2015-01-22 00:35:00 +01:00			`}`
			`}`
Added invalid sec key test 2015-02-16 13:19:57 +01:00
core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`func BenchmarkRecover(b *testing.B) {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`msg := randentropy.GetEntropyCSPRNG(32)`
			`_, seckey := generateKeyPair()`
			`sig, _ := Sign(msg, seckey)`
			`b.ResetTimer()`

core/secp256k1: update libsecp256k1 Go wrapper and tests 2015-09-28 11:19:23 +02:00			`for i := 0; i < b.N; i++ {`
crypto/secp256k1: update to github.com/bitcoin-core/secp256k1 @ 9d560f9 (#3544) - Use defined constants instead of hard-coding their integer value. - Allocate secp256k1 structs on the C stack instead of converting []byte - Remove dead code 2017-01-12 21:29:11 +01:00			`RecoverPubkey(msg, sig)`
Added invalid sec key test 2015-02-16 13:19:57 +01:00			`}`
			`}`