From e6e55b2af0a5641da132c13b728e6db3ab8d71c0 Mon Sep 17 00:00:00 2001 From: Dave Collins Date: Wed, 19 Oct 2016 00:48:05 -0500 Subject: [PATCH] secp256k1: Consolidate tests into the main package. Putting the test code in the same package makes it easier for forks since they don't have to change the import paths as much and it also gets rid of the need for internal_test.go to bridge. --- dcrec/secp256k1/bench_test.go | 8 +- dcrec/secp256k1/btcec_test.go | 130 ++++++++++++++++-------------- dcrec/secp256k1/ciphering_test.go | 43 +++++----- dcrec/secp256k1/field_test.go | 86 ++++++++++---------- dcrec/secp256k1/internal_test.go | 83 ------------------- dcrec/secp256k1/privkey_test.go | 13 ++- dcrec/secp256k1/pubkey_test.go | 39 +++++---- dcrec/secp256k1/signature_test.go | 46 +++++------ 8 files changed, 181 insertions(+), 267 deletions(-) delete mode 100644 dcrec/secp256k1/internal_test.go diff --git a/dcrec/secp256k1/bench_test.go b/dcrec/secp256k1/bench_test.go index 1ddb60af31..fe71d5faa4 100644 --- a/dcrec/secp256k1/bench_test.go +++ b/dcrec/secp256k1/bench_test.go @@ -1,5 +1,5 @@ -// Copyright 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers +// Copyright 2013-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. @@ -21,7 +21,7 @@ func BenchmarkAddJacobian(b *testing.B) { curve := S256() b.StartTimer() for i := 0; i < b.N; i++ { - curve.TstAddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3) + curve.AddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3) } } @@ -40,7 +40,7 @@ func BenchmarkAddJacobianNotZOne(b *testing.B) { curve := S256() b.StartTimer() for i := 0; i < b.N; i++ { - curve.TstAddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3) + curve.AddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3) } } diff --git a/dcrec/secp256k1/btcec_test.go b/dcrec/secp256k1/btcec_test.go index d71ae56ad5..74ea84787b 100644 --- a/dcrec/secp256k1/btcec_test.go +++ b/dcrec/secp256k1/btcec_test.go @@ -1,11 +1,11 @@ // Copyright 2011 The Go Authors. All rights reserved. -// Copyright (c) 2015-2016 The Decred developers +// Copyright (c) 2015-2017 The Decred developers // Copyright 2011 ThePiachu. All rights reserved. -// Copyright 2013-2014 The btcsuite developers +// Copyright 2013-2016 The btcsuite developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "crypto/rand" @@ -14,10 +14,25 @@ import ( "fmt" "math/big" "testing" - - "github.com/decred/dcrd/dcrec/secp256k1" ) +// isJacobianOnS256Curve returns boolean if the point (x,y,z) is on the +// secp256k1 curve. +func isJacobianOnS256Curve(x, y, z *FieldVal) bool { + // Elliptic curve equation for secp256k1 is: y^2 = x^3 + 7 + // In Jacobian coordinates, Y = y/z^3 and X = x/z^2 + // Thus: + // (y/z^3)^2 = (x/z^2)^3 + 7 + // y^2/z^6 = x^3/z^6 + 7 + // y^2 = x^3 + 7*z^6 + var y2, z2, x3, result FieldVal + y2.SquareVal(y).Normalize() + z2.SquareVal(z) + x3.SquareVal(x).Mul(x) + result.SquareVal(&z2).Mul(&z2).MulInt(7).Add(&x3).Normalize() + return y2.Equals(&result) +} + // TestAddJacobian tests addition of points projected in Jacobian coordinates. func TestAddJacobian(t *testing.T) { tests := []struct { @@ -212,37 +227,37 @@ func TestAddJacobian(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { // Convert hex to field values. - x1 := secp256k1.NewFieldVal().SetHex(test.x1) - y1 := secp256k1.NewFieldVal().SetHex(test.y1) - z1 := secp256k1.NewFieldVal().SetHex(test.z1) - x2 := secp256k1.NewFieldVal().SetHex(test.x2) - y2 := secp256k1.NewFieldVal().SetHex(test.y2) - z2 := secp256k1.NewFieldVal().SetHex(test.z2) - x3 := secp256k1.NewFieldVal().SetHex(test.x3) - y3 := secp256k1.NewFieldVal().SetHex(test.y3) - z3 := secp256k1.NewFieldVal().SetHex(test.z3) + x1 := new(FieldVal).SetHex(test.x1) + y1 := new(FieldVal).SetHex(test.y1) + z1 := new(FieldVal).SetHex(test.z1) + x2 := new(FieldVal).SetHex(test.x2) + y2 := new(FieldVal).SetHex(test.y2) + z2 := new(FieldVal).SetHex(test.z2) + x3 := new(FieldVal).SetHex(test.x3) + y3 := new(FieldVal).SetHex(test.y3) + z3 := new(FieldVal).SetHex(test.z3) // Ensure the test data is using points that are actually on // the curve (or the point at infinity). - if !z1.IsZero() && !secp256k1.S256().TstIsJacobianOnCurve(x1, y1, z1) { + if !z1.IsZero() && !isJacobianOnS256Curve(x1, y1, z1) { t.Errorf("#%d first point is not on the curve -- "+ "invalid test data", i) continue } - if !z2.IsZero() && !secp256k1.S256().TstIsJacobianOnCurve(x2, y2, z2) { + if !z2.IsZero() && !isJacobianOnS256Curve(x2, y2, z2) { t.Errorf("#%d second point is not on the curve -- "+ "invalid test data", i) continue } - if !z3.IsZero() && !secp256k1.S256().TstIsJacobianOnCurve(x3, y3, z3) { + if !z3.IsZero() && !isJacobianOnS256Curve(x3, y3, z3) { t.Errorf("#%d expected point is not on the curve -- "+ "invalid test data", i) continue } // Add the two points. - rx, ry, rz := secp256k1.NewFieldVal(), secp256k1.NewFieldVal(), secp256k1.NewFieldVal() - secp256k1.S256().TstAddJacobian(x1, y1, z1, x2, y2, z2, rx, ry, rz) + rx, ry, rz := new(FieldVal), new(FieldVal), new(FieldVal) + S256().AddJacobian(x1, y1, z1, x2, y2, z2, rx, ry, rz) // Ensure result matches expected. if !rx.Equals(x3) || !ry.Equals(y3) || !rz.Equals(z3) { @@ -321,24 +336,24 @@ func TestAddAffine(t *testing.T) { // Ensure the test data is using points that are actually on // the curve (or the point at infinity). - if !(x1.Sign() == 0 && y1.Sign() == 0) && !secp256k1.S256().IsOnCurve(x1, y1) { + if !(x1.Sign() == 0 && y1.Sign() == 0) && !S256().IsOnCurve(x1, y1) { t.Errorf("#%d first point is not on the curve -- "+ "invalid test data", i) continue } - if !(x2.Sign() == 0 && y2.Sign() == 0) && !secp256k1.S256().IsOnCurve(x2, y2) { + if !(x2.Sign() == 0 && y2.Sign() == 0) && !S256().IsOnCurve(x2, y2) { t.Errorf("#%d second point is not on the curve -- "+ "invalid test data", i) continue } - if !(x3.Sign() == 0 && y3.Sign() == 0) && !secp256k1.S256().IsOnCurve(x3, y3) { + if !(x3.Sign() == 0 && y3.Sign() == 0) && !S256().IsOnCurve(x3, y3) { t.Errorf("#%d expected point is not on the curve -- "+ "invalid test data", i) continue } // Add the two points. - rx, ry := secp256k1.S256().Add(x1, y1, x2, y2) + rx, ry := S256().Add(x1, y1, x2, y2) // Ensure result matches expected. if rx.Cmp(x3) != 00 || ry.Cmp(y3) != 0 { @@ -388,29 +403,29 @@ func TestDoubleJacobian(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { // Convert hex to field values. - x1 := secp256k1.NewFieldVal().SetHex(test.x1) - y1 := secp256k1.NewFieldVal().SetHex(test.y1) - z1 := secp256k1.NewFieldVal().SetHex(test.z1) - x3 := secp256k1.NewFieldVal().SetHex(test.x3) - y3 := secp256k1.NewFieldVal().SetHex(test.y3) - z3 := secp256k1.NewFieldVal().SetHex(test.z3) + x1 := new(FieldVal).SetHex(test.x1) + y1 := new(FieldVal).SetHex(test.y1) + z1 := new(FieldVal).SetHex(test.z1) + x3 := new(FieldVal).SetHex(test.x3) + y3 := new(FieldVal).SetHex(test.y3) + z3 := new(FieldVal).SetHex(test.z3) // Ensure the test data is using points that are actually on // the curve (or the point at infinity). - if !z1.IsZero() && !secp256k1.S256().TstIsJacobianOnCurve(x1, y1, z1) { + if !z1.IsZero() && !isJacobianOnS256Curve(x1, y1, z1) { t.Errorf("#%d first point is not on the curve -- "+ "invalid test data", i) continue } - if !z3.IsZero() && !secp256k1.S256().TstIsJacobianOnCurve(x3, y3, z3) { + if !z3.IsZero() && !isJacobianOnS256Curve(x3, y3, z3) { t.Errorf("#%d expected point is not on the curve -- "+ "invalid test data", i) continue } // Double the point. - rx, ry, rz := secp256k1.NewFieldVal(), secp256k1.NewFieldVal(), secp256k1.NewFieldVal() - secp256k1.S256().TstDoubleJacobian(x1, y1, z1, rx, ry, rz) + rx, ry, rz := new(FieldVal), new(FieldVal), new(FieldVal) + S256().doubleJacobian(x1, y1, z1, rx, ry, rz) // Ensure result matches expected. if !rx.Equals(x3) || !ry.Equals(y3) || !rz.Equals(z3) { @@ -472,19 +487,19 @@ func TestDoubleAffine(t *testing.T) { // Ensure the test data is using points that are actually on // the curve (or the point at infinity). - if !(x1.Sign() == 0 && y1.Sign() == 0) && !secp256k1.S256().IsOnCurve(x1, y1) { + if !(x1.Sign() == 0 && y1.Sign() == 0) && !S256().IsOnCurve(x1, y1) { t.Errorf("#%d first point is not on the curve -- "+ "invalid test data", i) continue } - if !(x3.Sign() == 0 && y3.Sign() == 0) && !secp256k1.S256().IsOnCurve(x3, y3) { + if !(x3.Sign() == 0 && y3.Sign() == 0) && !S256().IsOnCurve(x3, y3) { t.Errorf("#%d expected point is not on the curve -- "+ "invalid test data", i) continue } // Double the point. - rx, ry := secp256k1.S256().Double(x1, y1) + rx, ry := S256().Double(x1, y1) // Ensure result matches expected. if rx.Cmp(x3) != 00 || ry.Cmp(y3) != 0 { @@ -496,7 +511,7 @@ func TestDoubleAffine(t *testing.T) { } func TestOnCurve(t *testing.T) { - s256 := secp256k1.S256() + s256 := S256() if !s256.IsOnCurve(s256.Params().Gx, s256.Params().Gy) { t.Errorf("FAIL S256") } @@ -538,7 +553,7 @@ var s256BaseMultTests = []baseMultTest{ //TODO: test different curves as well? func TestBaseMult(t *testing.T) { - s256 := secp256k1.S256() + s256 := S256() for i, e := range s256BaseMultTests { k, ok := new(big.Int).SetString(e.k, 16) if !ok { @@ -555,7 +570,7 @@ func TestBaseMult(t *testing.T) { } func TestBaseMultVerify(t *testing.T) { - s256 := secp256k1.S256() + s256 := S256() for bytes := 1; bytes < 40; bytes++ { for i := 0; i < 30; i++ { data := make([]byte, bytes) @@ -583,7 +598,7 @@ func TestScalarMult(t *testing.T) { // Use another random exponent on the new point. // We use BaseMult to verify by multiplying the previous exponent // and the new random exponent together (mod N) - s256 := secp256k1.S256() + s256 := S256() x, y := s256.Gx, s256.Gy exponent := big.NewInt(1) for i := 0; i < 1024; i++ { @@ -604,8 +619,8 @@ func TestScalarMult(t *testing.T) { } // Test this curve's usage with the ecdsa package. -func testKeyGeneration(t *testing.T, c *secp256k1.KoblitzCurve, tag string) { - priv, err := secp256k1.GeneratePrivateKey(c) +func testKeyGeneration(t *testing.T, c *KoblitzCurve, tag string) { + priv, err := GeneratePrivateKey(c) if err != nil { t.Errorf("%s: error: %s", tag, err) return @@ -616,13 +631,13 @@ func testKeyGeneration(t *testing.T, c *secp256k1.KoblitzCurve, tag string) { } func TestKeyGeneration(t *testing.T) { - testKeyGeneration(t, secp256k1.S256(), "S256") + testKeyGeneration(t, S256(), "S256") } -func testSignAndVerify(t *testing.T, c *secp256k1.KoblitzCurve, tag string) { - priv, _ := secp256k1.GeneratePrivateKey(c) +func testSignAndVerify(t *testing.T, c *KoblitzCurve, tag string) { + priv, _ := GeneratePrivateKey(c) pubx, puby := priv.Public() - pub := secp256k1.NewPublicKey(c, pubx, puby) + pub := NewPublicKey(c, pubx, puby) hashed := []byte("testing") sig, err := priv.Sign(hashed) @@ -642,7 +657,7 @@ func testSignAndVerify(t *testing.T, c *secp256k1.KoblitzCurve, tag string) { } func TestSignAndVerify(t *testing.T) { - testSignAndVerify(t, secp256k1.S256(), "S256") + testSignAndVerify(t, S256(), "S256") } func TestNAF(t *testing.T) { @@ -656,7 +671,7 @@ func TestNAF(t *testing.T) { t.Fatalf("failed to read random data at %d", i) break } - nafPos, nafNeg := secp256k1.NAF(data) + nafPos, nafNeg := NAF(data) want := new(big.Int).SetBytes(data) got := big.NewInt(0) // Check that the NAF representation comes up with the right number @@ -680,14 +695,6 @@ func TestNAF(t *testing.T) { } } -func fromHex(s string) *big.Int { - r, ok := new(big.Int).SetString(s, 16) - if !ok { - panic("bad hex") - } - return r -} - // These test vectors were taken from // http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsatestvectors.zip var testVectors = []struct { @@ -828,8 +835,8 @@ func TestVectors(t *testing.T) { sha := sha1.New() for i, test := range testVectors { - pub := secp256k1.PublicKey{ - Curve: secp256k1.S256(), + pub := PublicKey{ + Curve: S256(), X: fromHex(test.Qx), Y: fromHex(test.Qy), } @@ -837,10 +844,9 @@ func TestVectors(t *testing.T) { sha.Reset() sha.Write(msg) hashed := sha.Sum(nil) - sig := secp256k1.Signature{R: fromHex(test.r), S: fromHex(test.s)} - if fuck := sig.Verify(hashed, &pub); fuck != test.ok { - //t.Errorf("%d: bad result %v %v", i, pub, hashed) - t.Errorf("%d: bad result %v instead of %v", i, fuck, + sig := Signature{R: fromHex(test.r), S: fromHex(test.s)} + if verified := sig.Verify(hashed, &pub); verified != test.ok { + t.Errorf("%d: bad result %v instead of %v", i, verified, test.ok) } if testing.Short() { diff --git a/dcrec/secp256k1/ciphering_test.go b/dcrec/secp256k1/ciphering_test.go index 232e0e7fe1..7f17339eb1 100644 --- a/dcrec/secp256k1/ciphering_test.go +++ b/dcrec/secp256k1/ciphering_test.go @@ -1,38 +1,35 @@ -// Copyright (c) 2015 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers +// Copyright (c) 2015-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "bytes" "encoding/hex" "testing" - - "github.com/decred/dcrd/dcrec/secp256k1" ) func TestGenerateSharedSecret(t *testing.T) { - c := secp256k1.S256() - privKey1, err := secp256k1.GeneratePrivateKey(secp256k1.S256()) + c := S256() + privKey1, err := GeneratePrivateKey(c) if err != nil { t.Errorf("private key generation error: %s", err) return } - privKey2, err := secp256k1.GeneratePrivateKey(secp256k1.S256()) + privKey2, err := GeneratePrivateKey(c) if err != nil { t.Errorf("private key generation error: %s", err) return } pk1x, pk1y := privKey1.Public() - pk1 := secp256k1.NewPublicKey(c, pk1x, pk1y) + pk1 := NewPublicKey(c, pk1x, pk1y) pk2x, pk2y := privKey2.Public() - pk2 := secp256k1.NewPublicKey(c, pk2x, pk2y) - secret1 := secp256k1.GenerateSharedSecret(privKey1, pk2) - secret2 := secp256k1.GenerateSharedSecret(privKey2, pk1) - + pk2 := NewPublicKey(c, pk2x, pk2y) + secret1 := GenerateSharedSecret(privKey1, pk2) + secret2 := GenerateSharedSecret(privKey2, pk1) if !bytes.Equal(secret1, secret2) { t.Errorf("ECDH failed, secrets mismatch - first: %x, second: %x", secret1, secret2) @@ -41,8 +38,8 @@ func TestGenerateSharedSecret(t *testing.T) { // Test 1: Encryption and decryption func TestCipheringBasic(t *testing.T) { - c := secp256k1.S256() - privkey, err := secp256k1.GeneratePrivateKey(secp256k1.S256()) + c := S256() + privkey, err := GeneratePrivateKey(c) if err != nil { t.Fatal("failed to generate private key") } @@ -50,13 +47,13 @@ func TestCipheringBasic(t *testing.T) { in := []byte("Hey there dude. How are you doing? This is a test.") pk1x, pk1y := privkey.Public() - pk1 := secp256k1.NewPublicKey(c, pk1x, pk1y) - out, err := secp256k1.Encrypt(pk1, in) + pk1 := NewPublicKey(c, pk1x, pk1y) + out, err := Encrypt(pk1, in) if err != nil { t.Fatal("failed to encrypt:", err) } - dec, err := secp256k1.Decrypt(privkey, out) + dec, err := Decrypt(privkey, out) if err != nil { t.Fatal("failed to decrypt:", err) } @@ -70,7 +67,7 @@ func TestCipheringBasic(t *testing.T) { func TestCiphering(t *testing.T) { pb, _ := hex.DecodeString("fe38240982f313ae5afb3e904fb8215fb11af1200592b" + "fca26c96c4738e4bf8f") - privkey, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), pb) + privkey, _ := PrivKeyFromBytes(S256(), pb) in := []byte("This is just a test.") out, _ := hex.DecodeString("b0d66e5adaa5ed4e2f0ca68e17b8f2fc02ca002009e3" + @@ -79,7 +76,7 @@ func TestCiphering(t *testing.T) { "9b0ba77cf14348fcff80fee10e11981f1b4be372d93923e9178972f69937ec850ed" + "6c3f11ff572ddd5b2bedf9f9c0b327c54da02a28fcdce1f8369ffec") - dec, err := secp256k1.Decrypt(privkey, out) + dec, err := Decrypt(privkey, out) if err != nil { t.Fatal("failed to decrypt:", err) } @@ -90,7 +87,7 @@ func TestCiphering(t *testing.T) { } func TestCipheringErrors(t *testing.T) { - privkey, err := secp256k1.GeneratePrivateKey(secp256k1.S256()) + privkey, err := GeneratePrivateKey(S256()) if err != nil { t.Fatal("failed to generate private key") } @@ -163,7 +160,7 @@ func TestCipheringErrors(t *testing.T) { } for i, test := range tests1 { - _, err = secp256k1.Decrypt(privkey, test.ciphertext) + _, err = Decrypt(privkey, test.ciphertext) if err == nil { t.Errorf("Decrypt #%d did not get error", i) } @@ -177,7 +174,7 @@ func TestCipheringErrors(t *testing.T) { {bytes.Repeat([]byte{0x07}, 15)}, } for i, test := range tests2 { - _, err = secp256k1.TstRemovePKCSPadding(test.in) + _, err = removePKCSPadding(test.in) if err == nil { t.Errorf("removePKCSPadding #%d did not get error", i) } diff --git a/dcrec/secp256k1/field_test.go b/dcrec/secp256k1/field_test.go index 76c1721ed4..1b732c2f66 100644 --- a/dcrec/secp256k1/field_test.go +++ b/dcrec/secp256k1/field_test.go @@ -1,16 +1,14 @@ -// Copyright (c) 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers -// Copyright (c) 2013-2014 Dave Collins +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers +// Copyright (c) 2013-2017 Dave Collins // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "reflect" "testing" - - "github.com/decred/dcrd/dcrec/secp256k1" ) // TestSetInt ensures that setting a field value to various native integers @@ -31,11 +29,10 @@ func TestSetInt(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetInt(test.in) - result := f.TstRawInts() - if !reflect.DeepEqual(result, test.raw) { + f := new(FieldVal).SetInt(test.in) + if !reflect.DeepEqual(f.n, test.raw) { t.Errorf("fieldVal.Set #%d wrong result\ngot: %v\n"+ - "want: %v", i, result, test.raw) + "want: %v", i, f.n, test.raw) continue } } @@ -43,9 +40,9 @@ func TestSetInt(t *testing.T) { // TestZero ensures that zeroing a field value zero works as expected. func TestZero(t *testing.T) { - f := secp256k1.NewFieldVal().SetInt(2) + f := new(FieldVal).SetInt(2) f.Zero() - for idx, rawInt := range f.TstRawInts() { + for idx, rawInt := range f.n { if rawInt != 0 { t.Errorf("internal field integer at index #%d is not "+ "zero - got %d", idx, rawInt) @@ -55,22 +52,22 @@ func TestZero(t *testing.T) { // TestIsZero ensures that checking if a field IsZero works as expected. func TestIsZero(t *testing.T) { - f := secp256k1.NewFieldVal() + f := new(FieldVal) if !f.IsZero() { t.Errorf("new field value is not zero - got %v (rawints %x)", f, - f.TstRawInts()) + f.n) } f.SetInt(1) if f.IsZero() { t.Errorf("field claims it's zero when it's not - got %v "+ - "(raw rawints %x)", f, f.TstRawInts()) + "(raw rawints %x)", f, f.n) } f.Zero() if !f.IsZero() { t.Errorf("field claims it's not zero when it is - got %v "+ - "(raw rawints %x)", f, f.TstRawInts()) + "(raw rawints %x)", f, f.n) } } @@ -148,7 +145,7 @@ func TestStringer(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in) + f := new(FieldVal).SetHex(test.in) result := f.String() if result != test.expected { t.Errorf("fieldVal.String #%d wrong result\ngot: %v\n"+ @@ -243,11 +240,14 @@ func TestNormalize(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().TstSetRawInts(test.raw).Normalize() - result := f.TstRawInts() - if !reflect.DeepEqual(result, test.normalized) { + f := new(FieldVal) + for rawIntIdx := 0; rawIntIdx < len(test.raw); rawIntIdx++ { + f.n[rawIntIdx] = test.raw[rawIntIdx] + } + f.Normalize() + if !reflect.DeepEqual(f.n, test.normalized) { t.Errorf("fieldVal.Set #%d wrong normalized result\n"+ - "got: %x\nwant: %x", i, result, test.normalized) + "got: %x\nwant: %x", i, f.n, test.normalized) continue } } @@ -272,7 +272,7 @@ func TestIsOdd(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in) + f := new(FieldVal).SetHex(test.in) result := f.IsOdd() if result != test.expected { t.Errorf("fieldVal.IsOdd #%d wrong result\n"+ @@ -305,8 +305,8 @@ func TestEquals(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - f2 := secp256k1.NewFieldVal().SetHex(test.in2).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + f2 := new(FieldVal).SetHex(test.in2).Normalize() result := f.Equals(f2) if result != test.expected { t.Errorf("fieldVal.Equals #%d wrong result\n"+ @@ -353,8 +353,8 @@ func TestNegate(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Negate(1).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Negate #%d wrong result\n"+ @@ -404,8 +404,8 @@ func TestAddInt(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.AddInt(test.in2).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.AddInt #%d wrong result\n"+ @@ -455,9 +455,9 @@ func TestAdd(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - f2 := secp256k1.NewFieldVal().SetHex(test.in2).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + f2 := new(FieldVal).SetHex(test.in2).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Add(f2).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Add #%d wrong result\n"+ @@ -507,9 +507,9 @@ func TestAdd2(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - f2 := secp256k1.NewFieldVal().SetHex(test.in2).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + f2 := new(FieldVal).SetHex(test.in2).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Add2(f, f2).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Add2 #%d wrong result\n"+ @@ -572,8 +572,8 @@ func TestMulInt(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.MulInt(test.in2).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.MulInt #%d wrong result\n"+ @@ -633,9 +633,9 @@ func TestMul(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in1).Normalize() - f2 := secp256k1.NewFieldVal().SetHex(test.in2).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in1).Normalize() + f2 := new(FieldVal).SetHex(test.in2).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Mul(f2).Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Mul #%d wrong result\n"+ @@ -680,8 +680,8 @@ func TestSquare(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Square().Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Square #%d wrong result\n"+ @@ -733,8 +733,8 @@ func TestInverse(t *testing.T) { t.Logf("Running %d tests", len(tests)) for i, test := range tests { - f := secp256k1.NewFieldVal().SetHex(test.in).Normalize() - expected := secp256k1.NewFieldVal().SetHex(test.expected).Normalize() + f := new(FieldVal).SetHex(test.in).Normalize() + expected := new(FieldVal).SetHex(test.expected).Normalize() result := f.Inverse().Normalize() if !result.Equals(expected) { t.Errorf("fieldVal.Inverse #%d wrong result\n"+ diff --git a/dcrec/secp256k1/internal_test.go b/dcrec/secp256k1/internal_test.go deleted file mode 100644 index 031ecaa720..0000000000 --- a/dcrec/secp256k1/internal_test.go +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright (c) 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers -// Use of this source code is governed by an ISC -// license that can be found in the LICENSE file. - -package secp256k1 - -import ( - "math/big" -) - -const ( - TstPubkeyUncompressed = pubkeyUncompressed - TstPubkeyCompressed = pubkeyCompressed - TstPubkeyHybrid = pubkeyHybrid -) - -// TstRawInts allows the test package to get the integers from the internal -// field representation for ensuring correctness. It is only available during -// the tests. -func (f *FieldVal) TstRawInts() [10]uint32 { - return f.n -} - -// TstSetRawInts allows the test package to directly set the integers used by -// the internal field representation. It is only available during the tests. -func (f *FieldVal) TstSetRawInts(raw [10]uint32) *FieldVal { - for i := 0; i < len(raw); i++ { - f.n[i] = raw[i] - } - return f -} - -// TstFieldJacobianToBigAffine makes the internal FieldJacobianToBigAffine -// function available to the test package. -func (curve *KoblitzCurve) TstFieldJacobianToBigAffine(x, y, z *FieldVal) (*big.Int, *big.Int) { - return curve.FieldJacobianToBigAffine(x, y, z) -} - -// TstIsJacobianOnCurve returns boolean if the point (x,y,z) is on the curve. -func (curve *KoblitzCurve) TstIsJacobianOnCurve(x, y, z *FieldVal) bool { - // Elliptic curve equation for secp256k1 is: y^2 = x^3 + 7 - // In Jacobian coordinates, Y = y/z^3 and X = x/z^2 - // Thus: - // (y/z^3)^2 = (x/z^2)^3 + 7 - // y^2/z^6 = x^3/z^6 + 7 - // y^2 = x^3 + 7*z^6 - var y2, z2, x3, result FieldVal - y2.SquareVal(y).Normalize() - z2.SquareVal(z) - x3.SquareVal(x).Mul(x) - result.SquareVal(&z2).Mul(&z2).MulInt(7).Add(&x3).Normalize() - return y2.Equals(&result) -} - -// TstAddJacobian makes the internal addJacobian function available to the test -// package. -func (curve *KoblitzCurve) TstAddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3 *FieldVal) { - curve.AddJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3) -} - -// TstDoubleJacobian makes the internal doubleJacobian function available to the test -// package. -func (curve *KoblitzCurve) TstDoubleJacobian(x1, y1, z1, x3, y3, z3 *FieldVal) { - curve.doubleJacobian(x1, y1, z1, x3, y3, z3) -} - -// NewFieldVal returns a new field value set to 0. This is only available to -// the test package. -func NewFieldVal() *FieldVal { - return new(FieldVal) -} - -// TstNonceRFC6979 makes the nonceRFC6979 function available to the test package. -func TstNonceRFC6979(privkey *big.Int, hash []byte) *big.Int { - return NonceRFC6979(privkey, hash, nil, nil) -} - -// TstRemovePKCSPadding makes the internal removePKCSPadding function available -// to the test package. -func TstRemovePKCSPadding(src []byte) ([]byte, error) { - return removePKCSPadding(src) -} diff --git a/dcrec/secp256k1/privkey_test.go b/dcrec/secp256k1/privkey_test.go index 4183b1f0a0..5e8856ab70 100644 --- a/dcrec/secp256k1/privkey_test.go +++ b/dcrec/secp256k1/privkey_test.go @@ -1,15 +1,13 @@ -// Copyright (c) 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "bytes" "testing" - - "github.com/decred/dcrd/dcrec/secp256k1" ) func TestPrivKeys(t *testing.T) { @@ -29,10 +27,9 @@ func TestPrivKeys(t *testing.T) { } for _, test := range tests { - priv, pub := secp256k1.PrivKeyFromBytes(secp256k1.S256(), test.key) + priv, pub := PrivKeyFromBytes(S256(), test.key) - _, err := secp256k1.ParsePubKey( - pub.SerializeUncompressed(), secp256k1.S256()) + _, err := ParsePubKey(pub.SerializeUncompressed(), S256()) if err != nil { t.Errorf("%s privkey: %v", test.name, err) continue diff --git a/dcrec/secp256k1/pubkey_test.go b/dcrec/secp256k1/pubkey_test.go index 3f9d20e7b6..99b902ee47 100644 --- a/dcrec/secp256k1/pubkey_test.go +++ b/dcrec/secp256k1/pubkey_test.go @@ -1,16 +1,15 @@ -// Copyright (c) 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "bytes" "testing" "github.com/davecgh/go-spew/spew" - "github.com/decred/dcrd/dcrec/secp256k1" ) type pubKeyTest struct { @@ -35,7 +34,7 @@ var pubKeyTests = []pubKeyTest{ 0xb4, 0x12, 0xa3, }, isValid: true, - format: secp256k1.TstPubkeyUncompressed, + format: pubkeyUncompressed, }, { name: "uncompressed x changed", @@ -88,7 +87,7 @@ var pubKeyTests = []pubKeyTest{ 0xb4, 0x12, 0xa3, }, isValid: true, - format: secp256k1.TstPubkeyHybrid, + format: pubkeyHybrid, }, { name: "uncompressed as hybrid wrong", @@ -112,7 +111,7 @@ var pubKeyTests = []pubKeyTest{ 0xa9, 0xa1, 0xf4, 0x80, 0x9d, 0x3b, 0x4d, }, isValid: true, - format: secp256k1.TstPubkeyCompressed, + format: pubkeyCompressed, }, // from tx fdeb8e72524e8dab0da507ddbaf5f88fe4a933eb10a66bc4745bb0aa11ea393c { @@ -123,7 +122,7 @@ var pubKeyTests = []pubKeyTest{ 0x7f, 0x5b, 0x2a, 0x4b, 0x7d, 0x44, 0x8e, }, isValid: true, - format: secp256k1.TstPubkeyCompressed, + format: pubkeyCompressed, }, { name: "compressed claims uncompressed (ybit = 0)", @@ -211,14 +210,14 @@ var pubKeyTests = []pubKeyTest{ 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, }, - format: secp256k1.TstPubkeyHybrid, + format: pubkeyHybrid, isValid: true, }, } func TestPubKeys(t *testing.T) { for _, test := range pubKeyTests { - pk, err := secp256k1.ParsePubKey(test.key, secp256k1.S256()) + pk, err := ParsePubKey(test.key, S256()) if err != nil { if test.isValid { t.Errorf("%s pubkey failed when shouldn't %v", @@ -233,12 +232,12 @@ func TestPubKeys(t *testing.T) { } var pkStr []byte switch test.format { - case secp256k1.TstPubkeyUncompressed: - pkStr = (*secp256k1.PublicKey)(pk).SerializeUncompressed() - case secp256k1.TstPubkeyCompressed: - pkStr = (*secp256k1.PublicKey)(pk).SerializeCompressed() - case secp256k1.TstPubkeyHybrid: - pkStr = (*secp256k1.PublicKey)(pk).SerializeHybrid() + case pubkeyUncompressed: + pkStr = (*PublicKey)(pk).SerializeUncompressed() + case pubkeyCompressed: + pkStr = (*PublicKey)(pk).SerializeCompressed() + case pubkeyHybrid: + pkStr = (*PublicKey)(pk).SerializeHybrid() } if !bytes.Equal(test.key, pkStr) { t.Errorf("%s pubkey: serialized keys do not match.", @@ -250,25 +249,25 @@ func TestPubKeys(t *testing.T) { } func TestPublicKeyIsEqual(t *testing.T) { - pubKey1, err := secp256k1.ParsePubKey( + pubKey1, err := ParsePubKey( []byte{0x03, 0x26, 0x89, 0xc7, 0xc2, 0xda, 0xb1, 0x33, 0x09, 0xfb, 0x14, 0x3e, 0x0e, 0x8f, 0xe3, 0x96, 0x34, 0x25, 0x21, 0x88, 0x7e, 0x97, 0x66, 0x90, 0xb6, 0xb4, 0x7f, 0x5b, 0x2a, 0x4b, 0x7d, 0x44, 0x8e, }, - secp256k1.S256(), + S256(), ) if err != nil { t.Fatalf("failed to parse raw bytes for pubKey1: %v", err) } - pubKey2, err := secp256k1.ParsePubKey( + pubKey2, err := ParsePubKey( []byte{0x02, 0xce, 0x0b, 0x14, 0xfb, 0x84, 0x2b, 0x1b, 0xa5, 0x49, 0xfd, 0xd6, 0x75, 0xc9, 0x80, 0x75, 0xf1, 0x2e, 0x9c, 0x51, 0x0f, 0x8e, 0xf5, 0x2b, 0xd0, 0x21, 0xa9, 0xa1, 0xf4, 0x80, 0x9d, 0x3b, 0x4d, }, - secp256k1.S256(), + S256(), ) if err != nil { t.Fatalf("failed to parse raw bytes for pubKey2: %v", err) diff --git a/dcrec/secp256k1/signature_test.go b/dcrec/secp256k1/signature_test.go index 5a68abc5ca..cdf75251c6 100644 --- a/dcrec/secp256k1/signature_test.go +++ b/dcrec/secp256k1/signature_test.go @@ -1,9 +1,9 @@ -// Copyright (c) 2013-2014 The btcsuite developers -// Copyright (c) 2015-2016 The Decred developers +// Copyright (c) 2013-2016 The btcsuite developers +// Copyright (c) 2015-2017 The Decred developers // Use of this source code is governed by an ISC // license that can be found in the LICENSE file. -package secp256k1_test +package secp256k1 import ( "bytes" @@ -13,8 +13,6 @@ import ( "fmt" "math/big" "testing" - - "github.com/decred/dcrd/dcrec/secp256k1" ) type signatureTest struct { @@ -333,9 +331,9 @@ func TestSignatures(t *testing.T) { for _, test := range signatureTests { var err error if test.der { - _, err = secp256k1.ParseDERSignature(test.sig, secp256k1.S256()) + _, err = ParseDERSignature(test.sig, S256()) } else { - _, err = secp256k1.ParseSignature(test.sig, secp256k1.S256()) + _, err = ParseSignature(test.sig, S256()) } if err != nil { if test.isValid { @@ -357,14 +355,14 @@ func TestSignatures(t *testing.T) { func TestSignatureSerialize(t *testing.T) { tests := []struct { name string - ecsig *secp256k1.Signature + ecsig *Signature expected []byte }{ // signature from decred blockchain tx // 0437cd7f8525ceed2324359c2d0ba26006d92d85 { "valid 1 - r and s most significant bits are zero", - &secp256k1.Signature{ + &Signature{ R: fromHex("4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41"), S: fromHex("181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09"), }, @@ -384,7 +382,7 @@ func TestSignatureSerialize(t *testing.T) { // cb00f8a0573b18faa8c4f467b049f5d202bf1101d9ef2633bc611be70376a4b4 { "valid 2 - r most significant bit is one", - &secp256k1.Signature{ + &Signature{ R: fromHex("0082235e21a2300022738dabb8e1bbd9d19cfb1e7ab8c30a23b0afbb8d178abcf3"), S: fromHex("24bf68e256c534ddfaf966bf908deb944305596f7bdcc38d69acad7f9c868724"), }, @@ -404,9 +402,9 @@ func TestSignatureSerialize(t *testing.T) { // fda204502a3345e08afd6af27377c052e77f1fefeaeb31bdd45f1e1237ca5470 { "valid 3 - s most significant bit is one", - &secp256k1.Signature{ + &Signature{ R: fromHex("1cadddc2838598fee7dc35a12b340c6bde8b389f7bfd19a1252a17c4b5ed2d71"), - S: new(big.Int).Add(fromHex("00c1a251bbecb14b058a8bd77f65de87e51c47e95904f4c0e9d52eddc21c1415ac"), secp256k1.S256().N), + S: new(big.Int).Add(fromHex("00c1a251bbecb14b058a8bd77f65de87e51c47e95904f4c0e9d52eddc21c1415ac"), S256().N), }, []byte{ 0x30, 0x45, 0x02, 0x20, 0x1c, 0xad, 0xdd, 0xc2, @@ -422,7 +420,7 @@ func TestSignatureSerialize(t *testing.T) { }, { "zero signature", - &secp256k1.Signature{ + &Signature{ R: big.NewInt(0), S: big.NewInt(0), }, @@ -440,19 +438,19 @@ func TestSignatureSerialize(t *testing.T) { } } -func testSignCompact(t *testing.T, tag string, curve *secp256k1.KoblitzCurve, +func testSignCompact(t *testing.T, tag string, curve *KoblitzCurve, data []byte, isCompressed bool) { - tmp, _ := secp256k1.GeneratePrivateKey(curve) - priv := (*secp256k1.PrivateKey)(tmp) + tmp, _ := GeneratePrivateKey(curve) + priv := (*PrivateKey)(tmp) hashed := []byte("testing") - sig, err := secp256k1.SignCompact(curve, priv, hashed, isCompressed) + sig, err := SignCompact(curve, priv, hashed, isCompressed) if err != nil { t.Errorf("%s: error signing: %s", tag, err) return } - pk, wasCompressed, err := secp256k1.RecoverCompact(curve, sig, hashed) + pk, wasCompressed, err := RecoverCompact(curve, sig, hashed) if err != nil { t.Errorf("%s: error recovering: %s", tag, err) return @@ -476,7 +474,7 @@ func testSignCompact(t *testing.T, tag string, curve *secp256k1.KoblitzCurve, sig[0] += 4 } - pk, wasCompressed, err = secp256k1.RecoverCompact(curve, sig, hashed) + pk, wasCompressed, err = RecoverCompact(curve, sig, hashed) if err != nil { t.Errorf("%s: error recovering (2): %s", tag, err) return @@ -504,7 +502,7 @@ func TestSignCompact(t *testing.T) { continue } compressed := i%2 != 0 - testSignCompact(t, name, secp256k1.S256(), data, compressed) + testSignCompact(t, name, S256(), data, compressed) } } @@ -559,11 +557,11 @@ func TestRFC6979(t *testing.T) { } for i, test := range tests { - privKey, _ := secp256k1.PrivKeyFromBytes(secp256k1.S256(), decodeHex(test.key)) + privKey, _ := PrivKeyFromBytes(S256(), decodeHex(test.key)) hash := sha256.Sum256([]byte(test.msg)) // Ensure deterministically generated nonce is the expected value. - gotNonce := secp256k1.TstNonceRFC6979(privKey.D, hash[:]).Bytes() + gotNonce := NonceRFC6979(privKey.D, hash[:], nil, nil).Bytes() wantNonce := decodeHex(test.nonce) if !bytes.Equal(gotNonce, wantNonce) { t.Errorf("NonceRFC6979 #%d (%s): Nonce is incorrect: "+ @@ -591,11 +589,11 @@ func TestRFC6979(t *testing.T) { } func TestSignatureIsEqual(t *testing.T) { - sig1 := &secp256k1.Signature{ + sig1 := &Signature{ R: fromHex("0082235e21a2300022738dabb8e1bbd9d19cfb1e7ab8c30a23b0afbb8d178abcf3"), S: fromHex("24bf68e256c534ddfaf966bf908deb944305596f7bdcc38d69acad7f9c868724"), } - sig2 := &secp256k1.Signature{ + sig2 := &Signature{ R: fromHex("4e45e16932b8af514961a1d3a1a25fdf3f4f7732e9d624c6c61548ab5fb8cd41"), S: fromHex("181522ec8eca07de4860a4acdd12909d831cc56cbbac4622082221a8768d1d09"), }