// Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . package crypto import ( "bytes" "crypto/ecdsa" "encoding/hex" "os" "reflect" "testing" "github.com/holiman/uint256" "github.com/ledgerwatch/erigon/common" "github.com/ledgerwatch/erigon/common/hexutil" "github.com/ledgerwatch/erigon/common/u256" ) var testAddrHex = "970e8128ab834e8eac17ab8e3812f010678cf791" var testPrivHex = "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032" // These tests are sanity checks. // They should ensure that we don't e.g. use Sha3-224 instead of Sha3-256 // and that the sha3 library uses keccak-f permutation. func TestKeccak256Hash(t *testing.T) { msg := []byte("abc") exp, _ := hex.DecodeString("4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45") checkhash(t, "Sha3-256-array", func(in []byte) []byte { h := Keccak256Hash(in); return h[:] }, msg, exp) } func TestKeccak256Hasher(t *testing.T) { msg := []byte("abc") exp, _ := hex.DecodeString("4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45") hasher := NewKeccakState() checkhash(t, "Sha3-256-array", func(in []byte) []byte { h := HashData(hasher, in); return h[:] }, msg, exp) } func TestToECDSAErrors(t *testing.T) { if _, err := HexToECDSA("0000000000000000000000000000000000000000000000000000000000000000"); err == nil { t.Fatal("HexToECDSA should've returned error") } if _, err := HexToECDSA("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"); err == nil { t.Fatal("HexToECDSA should've returned error") } } func BenchmarkSha3(b *testing.B) { a := []byte("hello world") for i := 0; i < b.N; i++ { Keccak256(a) } } func TestUnmarshalPubkey(t *testing.T) { key, err := UnmarshalPubkey(nil) if err != errInvalidPubkey || key != nil { t.Fatalf("expected error, got %v, %v", err, key) } key, err = UnmarshalPubkey([]byte{1, 2, 3}) if err != errInvalidPubkey || key != nil { t.Fatalf("expected error, got %v, %v", err, key) } var ( enc, _ = hex.DecodeString("760c4460e5336ac9bbd87952a3c7ec4363fc0a97bd31c86430806e287b437fd1b01abc6e1db640cf3106b520344af1d58b00b57823db3e1407cbc433e1b6d04d") dec = &ecdsa.PublicKey{ Curve: S256(), X: hexutil.MustDecodeBig("0x760c4460e5336ac9bbd87952a3c7ec4363fc0a97bd31c86430806e287b437fd1"), Y: hexutil.MustDecodeBig("0xb01abc6e1db640cf3106b520344af1d58b00b57823db3e1407cbc433e1b6d04d"), } ) key, err = UnmarshalPubkey(enc) if err != nil { t.Fatalf("expected no error, got %v", err) } if !reflect.DeepEqual(key, dec) { t.Fatal("wrong result") } } func TestSign(t *testing.T) { key, _ := HexToECDSA(testPrivHex) addr := common.HexToAddress(testAddrHex) msg := Keccak256([]byte("foo")) sig, err := Sign(msg, key) if err != nil { t.Errorf("Sign error: %s", err) } recoveredPub, err := Ecrecover(msg, sig) if err != nil { t.Errorf("ECRecover error: %s", err) } pubKey, _ := UnmarshalPubkeyStd(recoveredPub) recoveredAddr := PubkeyToAddress(*pubKey) if addr != recoveredAddr { t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr) } // should be equal to SigToPub recoveredPub2, err := SigToPub(msg, sig) if err != nil { t.Errorf("ECRecover error: %s", err) } recoveredAddr2 := PubkeyToAddress(*recoveredPub2) if addr != recoveredAddr2 { t.Errorf("Address mismatch: want: %x have: %x", addr, recoveredAddr2) } } func TestInvalidSign(t *testing.T) { if _, err := Sign(make([]byte, 1), nil); err == nil { t.Errorf("expected sign with hash 1 byte to error") } if _, err := Sign(make([]byte, 33), nil); err == nil { t.Errorf("expected sign with hash 33 byte to error") } } func TestNewContractAddress(t *testing.T) { key, _ := HexToECDSA(testPrivHex) addr := common.HexToAddress(testAddrHex) genAddr := PubkeyToAddress(key.PublicKey) // sanity check before using addr to create contract address checkAddr(t, genAddr, addr) caddr0 := CreateAddress(addr, 0) caddr1 := CreateAddress(addr, 1) caddr2 := CreateAddress(addr, 2) checkAddr(t, common.HexToAddress("333c3310824b7c685133f2bedb2ca4b8b4df633d"), caddr0) checkAddr(t, common.HexToAddress("8bda78331c916a08481428e4b07c96d3e916d165"), caddr1) checkAddr(t, common.HexToAddress("c9ddedf451bc62ce88bf9292afb13df35b670699"), caddr2) } func TestLoadECDSA(t *testing.T) { tests := []struct { input string err string }{ // good {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}, {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n"}, {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n\r"}, {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\r\n"}, {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n\n"}, {input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n\r"}, // bad { input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde", err: "key file too short, want 64 hex characters", }, { input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde\n", err: "key file too short, want 64 hex characters", }, { input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdeX", err: "invalid hex character 'X' in private key", }, { input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdefX", err: "invalid character 'X' at end of key file", }, { input: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\n\n\n", err: "key file too long, want 64 hex characters", }, } for _, test := range tests { f, err := os.CreateTemp("", "loadecdsa_test.*.txt") if err != nil { t.Fatal(err) } filename := f.Name() f.WriteString(test.input) f.Close() _, err = LoadECDSA(filename) switch { case err != nil && test.err == "": t.Fatalf("unexpected error for input %q:\n %v", test.input, err) case err != nil && err.Error() != test.err: t.Fatalf("wrong error for input %q:\n %v", test.input, err) case err == nil && test.err != "": t.Fatalf("LoadECDSA did not return error for input %q", test.input) } } } func TestSaveECDSA(t *testing.T) { f, err := os.CreateTemp("", "saveecdsa_test.*.txt") if err != nil { t.Fatal(err) } file := f.Name() f.Close() defer os.Remove(file) key, _ := HexToECDSA(testPrivHex) if e := SaveECDSA(file, key); e != nil { t.Fatal(e) } loaded, err := LoadECDSA(file) if err != nil { t.Fatal(err) } if !reflect.DeepEqual(key, loaded) { t.Fatal("loaded key not equal to saved key") } } func TestValidateSignatureValues(t *testing.T) { check := func(expected bool, v byte, r, s *uint256.Int) { if ValidateSignatureValues(v, r, s, false) != expected { t.Errorf("mismatch for v: %d r: %d s: %d want: %v", v, r, s, expected) } } minusOne := uint256.NewInt(0).SetAllOne() one := u256.Num1 zero := u256.Num0 secp256k1nMinus1 := new(uint256.Int).Sub(secp256k1N, u256.Num1) // correct v,r,s check(true, 0, one, one) check(true, 1, one, one) // incorrect v, correct r,s, check(false, 2, one, one) check(false, 3, one, one) // incorrect v, combinations of incorrect/correct r,s at lower limit check(false, 2, zero, zero) check(false, 2, zero, one) check(false, 2, one, zero) check(false, 2, one, one) // correct v for any combination of incorrect r,s check(false, 0, zero, zero) check(false, 0, zero, one) check(false, 0, one, zero) check(false, 1, zero, zero) check(false, 1, zero, one) check(false, 1, one, zero) // correct sig with max r,s check(true, 0, secp256k1nMinus1, secp256k1nMinus1) // correct v, combinations of incorrect r,s at upper limit check(false, 0, secp256k1N, secp256k1nMinus1) check(false, 0, secp256k1nMinus1, secp256k1N) check(false, 0, secp256k1N, secp256k1N) // current callers ensures r,s cannot be negative, but let's test for that too // as crypto package could be used stand-alone check(false, 0, minusOne, one) check(false, 0, one, minusOne) } func checkhash(t *testing.T, name string, f func([]byte) []byte, msg, exp []byte) { sum := f(msg) if !bytes.Equal(exp, sum) { t.Fatalf("hash %s mismatch: want: %x have: %x", name, exp, sum) } } func checkAddr(t *testing.T, addr0, addr1 common.Address) { if addr0 != addr1 { t.Fatalf("address mismatch: want: %x have: %x", addr0, addr1) } } // test to help Python team with integration of libsecp256k1 // skip but keep it after they are done func TestPythonIntegration(t *testing.T) { kh := "289c2857d4598e37fb9647507e47a309d6133539bf21a8b9cb6df88fd5232032" k0, _ := HexToECDSA(kh) msg0 := Keccak256([]byte("foo")) sig0, _ := Sign(msg0, k0) msg1 := common.FromHex("00000000000000000000000000000000") sig1, _ := Sign(msg0, k0) t.Logf("msg: %x, privkey: %s sig: %x\n", msg0, kh, sig0) t.Logf("msg: %x, privkey: %s sig: %x\n", msg1, kh, sig1) }