Add key generation and serialization

author: Clawd <ai@clawd.bot> 2026-02-19 21:08:14 -0800
committer: Clawd <ai@clawd.bot> 2026-02-19 21:08:14 -0800
commit: e5fa7c1a85e9dd44ee92cb5da1797c82a0268fdb (patch)
tree: fbe9d6c45112bb2ac068aed0d695797e0d4e24b8
parent: 3a9decc7abdb5fdc10c025747c2b2b8b10210ffd (diff)
2 files changed, 377 insertions, 0 deletions
diff --git a/keys.go b/keys.go
new file mode 100644
index 0000000..10da93f
--- /dev/null
+++ b/keys.go
@@ -0,0 +1,156 @@
+package secp256k1
+import (
+        "crypto/rand"
+        "fmt"
+        "math/big"
+)
+// PrivateKey is a scalar (1 to N-1) used for signing
+type PrivateKey struct {
+        D *big.Int // the secret scalar
+}
+// PublicKey is a point on the curve (D * G)
+type PublicKey struct {
+        Point *Point
+}
+// GeneratePrivateKey creates a random private key
+func GeneratePrivateKey() (*PrivateKey, error) {
+        // Generate random bytes
+        bytes := make([]byte, 32)
+        _, err := rand.Read(bytes)
+        if err != nil {
+                return nil, fmt.Errorf("failed to generate random bytes: %w", err)
+        }
+        // Convert to big.Int and reduce mod N
+        d := new(big.Int).SetBytes(bytes)
+        d.Mod(d, N)
+        // Ensure it's not zero (extremely unlikely but must check)
+        if d.Sign() == 0 {
+                d.SetInt64(1)
+        }
+        return &PrivateKey{D: d}, nil
+}
+// NewPrivateKeyFromBytes creates a private key from 32 bytes
+func NewPrivateKeyFromBytes(b []byte) (*PrivateKey, error) {
+        if len(b) != 32 {
+                return nil, fmt.Errorf("private key must be 32 bytes, got %d", len(b))
+        }
+        d := new(big.Int).SetBytes(b)
+        // Validate: must be in range [1, N-1]
+        if d.Sign() == 0 {
+                return nil, fmt.Errorf("private key cannot be zero")
+        }
+        if d.Cmp(N) >= 0 {
+                return nil, fmt.Errorf("private key must be less than curve order N")
+        }
+        return &PrivateKey{D: d}, nil
+}
+// NewPrivateKeyFromHex creates a private key from a hex string
+func NewPrivateKeyFromHex(hex string) (*PrivateKey, error) {
+        d, ok := new(big.Int).SetString(hex, 16)
+        if !ok {
+                return nil, fmt.Errorf("invalid hex string")
+        }
+        // Validate range
+        if d.Sign() == 0 {
+                return nil, fmt.Errorf("private key cannot be zero")
+        }
+        if d.Cmp(N) >= 0 {
+                return nil, fmt.Errorf("private key must be less than curve order N")
+        }
+        return &PrivateKey{D: d}, nil
+}
+// PublicKey derives the public key from the private key
+// PublicKey = D * G
+func (priv *PrivateKey) PublicKey() *PublicKey {
+        point := G.ScalarMul(priv.D)
+        return &PublicKey{Point: point}
+}
+// Bytes returns the private key as 32 bytes (big-endian, zero-padded)
+func (priv *PrivateKey) Bytes() []byte {
+        b := priv.D.Bytes()
+        // Pad to 32 bytes
+        if len(b) < 32 {
+                padded := make([]byte, 32)
+                copy(padded[32-len(b):], b)
+                return padded
+        }
+        return b
+}
+// Hex returns the private key as a 64-character hex string
+func (priv *PrivateKey) Hex() string {
+        return fmt.Sprintf("%064x", priv.D)
+}
+// Bytes returns the public key in uncompressed format (65 bytes: 0x04 || x || y)
+func (pub *PublicKey) Bytes() []byte {
+        if pub.Point.IsInfinity() {
+                return []byte{0x00} // shouldn't happen with valid keys
+        }
+        result := make([]byte, 65)
+        result[0] = 0x04 // uncompressed prefix
+        xBytes := pub.Point.x.value.Bytes()
+        yBytes := pub.Point.y.value.Bytes()
+        // Copy x (padded to 32 bytes)
+        copy(result[1+(32-len(xBytes)):33], xBytes)
+        // Copy y (padded to 32 bytes)
+        copy(result[33+(32-len(yBytes)):65], yBytes)
+        return result
+}
+// BytesCompressed returns the public key in compressed format (33 bytes: prefix || x)
+// Prefix is 0x02 if y is even, 0x03 if y is odd
+func (pub *PublicKey) BytesCompressed() []byte {
+        if pub.Point.IsInfinity() {
+                return []byte{0x00}
+        }
+        result := make([]byte, 33)
+        // Prefix based on y parity
+        if pub.Point.y.value.Bit(0) == 0 {
+                result[0] = 0x02 // y is even
+        } else {
+                result[0] = 0x03 // y is odd
+        }
+        xBytes := pub.Point.x.value.Bytes()
+        copy(result[1+(32-len(xBytes)):33], xBytes)
+        return result
+}
+// Hex returns the public key as uncompressed hex (130 characters)
+func (pub *PublicKey) Hex() string {
+        return fmt.Sprintf("%x", pub.Bytes())
+}
+// HexCompressed returns the public key as compressed hex (66 characters)
+func (pub *PublicKey) HexCompressed() string {
+        return fmt.Sprintf("%x", pub.BytesCompressed())
+}
+// Equal checks if two public keys are the same
+func (pub *PublicKey) Equal(other *PublicKey) bool {
+        return pub.Point.Equal(other.Point)
+}
diff --git a/keys_test.go b/keys_test.go
new file mode 100644
index 0000000..e17ac98
--- /dev/null
+++ b/keys_test.go
@@ -0,0 +1,221 @@
+package secp256k1
+import (
+        "bytes"
+        "math/big"
+        "testing"
+)
+func TestGeneratePrivateKey(t *testing.T) {
+        priv, err := GeneratePrivateKey()
+        if err != nil {
+                t.Fatalf("failed to generate key: %v", err)
+        }
+        // Should be in valid range [1, N-1]
+        if priv.D.Sign() <= 0 {
+                t.Error("private key should be positive")
+        }
+        if priv.D.Cmp(N) >= 0 {
+                t.Error("private key should be less than N")
+        }
+}
+func TestGeneratePrivateKeyUnique(t *testing.T) {
+        // Generate two keys, they should be different
+        priv1, _ := GeneratePrivateKey()
+        priv2, _ := GeneratePrivateKey()
+        if priv1.D.Cmp(priv2.D) == 0 {
+                t.Error("two generated keys should not be identical")
+        }
+}
+func TestPrivateKeyFromBytes(t *testing.T) {
+        // 32 bytes of 0x01
+        b := make([]byte, 32)
+        b[31] = 0x01 // value = 1
+        priv, err := NewPrivateKeyFromBytes(b)
+        if err != nil {
+                t.Fatalf("failed to create key: %v", err)
+        }
+        if priv.D.Cmp(big.NewInt(1)) != 0 {
+                t.Errorf("expected D=1, got %s", priv.D.String())
+        }
+}
+func TestPrivateKeyFromBytesInvalidLength(t *testing.T) {
+        b := make([]byte, 31) // wrong length
+        _, err := NewPrivateKeyFromBytes(b)
+        if err == nil {
+                t.Error("should reject non-32-byte input")
+        }
+}
+func TestPrivateKeyFromBytesZero(t *testing.T) {
+        b := make([]byte, 32) // all zeros
+        _, err := NewPrivateKeyFromBytes(b)
+        if err == nil {
+                t.Error("should reject zero private key")
+        }
+}
+func TestPrivateKeyFromHex(t *testing.T) {
+        hex := "0000000000000000000000000000000000000000000000000000000000000001"
+        priv, err := NewPrivateKeyFromHex(hex)
+        if err != nil {
+                t.Fatalf("failed to create key: %v", err)
+        }
+        if priv.D.Cmp(big.NewInt(1)) != 0 {
+                t.Errorf("expected D=1, got %s", priv.D.String())
+        }
+}
+func TestPrivateKeyFromHexInvalid(t *testing.T) {
+        _, err := NewPrivateKeyFromHex("not-hex")
+        if err == nil {
+                t.Error("should reject invalid hex")
+        }
+}
+func TestPublicKeyDerivation(t *testing.T) {
+        // Private key = 1, public key should be G
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        pub := priv.PublicKey()
+        if !pub.Point.Equal(G) {
+                t.Error("1 * G should equal G")
+        }
+}
+func TestPublicKeyDerivation2(t *testing.T) {
+        // Private key = 2, public key should be 2G
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000002")
+        pub := priv.PublicKey()
+        expected := G.Double()
+        if !pub.Point.Equal(expected) {
+                t.Error("2 * G should equal 2G")
+        }
+}
+func TestPublicKeyOnCurve(t *testing.T) {
+        priv, _ := GeneratePrivateKey()
+        pub := priv.PublicKey()
+        if !pub.Point.IsOnCurve() {
+                t.Error("derived public key should be on curve")
+        }
+}
+func TestPrivateKeyBytes(t *testing.T) {
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        b := priv.Bytes()
+        if len(b) != 32 {
+                t.Errorf("expected 32 bytes, got %d", len(b))
+        }
+        if b[31] != 0x01 {
+                t.Errorf("expected last byte to be 0x01, got 0x%02x", b[31])
+        }
+}
+func TestPrivateKeyRoundTrip(t *testing.T) {
+        priv1, _ := GeneratePrivateKey()
+        b := priv1.Bytes()
+        priv2, _ := NewPrivateKeyFromBytes(b)
+        if priv1.D.Cmp(priv2.D) != 0 {
+                t.Error("private key should survive bytes round-trip")
+        }
+}
+func TestPublicKeyBytesUncompressed(t *testing.T) {
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        pub := priv.PublicKey()
+        b := pub.Bytes()
+        if len(b) != 65 {
+                t.Errorf("uncompressed pubkey should be 65 bytes, got %d", len(b))
+        }
+        if b[0] != 0x04 {
+                t.Errorf("uncompressed prefix should be 0x04, got 0x%02x", b[0])
+        }
+}
+func TestPublicKeyBytesCompressed(t *testing.T) {
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        pub := priv.PublicKey()
+        b := pub.BytesCompressed()
+        if len(b) != 33 {
+                t.Errorf("compressed pubkey should be 33 bytes, got %d", len(b))
+        }
+        // G has odd y, so prefix should be 0x03
+        if b[0] != 0x02 && b[0] != 0x03 {
+                t.Errorf("compressed prefix should be 0x02 or 0x03, got 0x%02x", b[0])
+        }
+}
+func TestPublicKeyHex(t *testing.T) {
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        pub := priv.PublicKey()
+        hex := pub.Hex()
+        if len(hex) != 130 { // 65 bytes * 2
+                t.Errorf("uncompressed hex should be 130 chars, got %d", len(hex))
+        }
+        hexComp := pub.HexCompressed()
+        if len(hexComp) != 66 { // 33 bytes * 2
+                t.Errorf("compressed hex should be 66 chars, got %d", len(hexComp))
+        }
+}
+func TestPublicKeyEqual(t *testing.T) {
+        priv1, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        priv2, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        priv3, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000002")
+        pub1 := priv1.PublicKey()
+        pub2 := priv2.PublicKey()
+        pub3 := priv3.PublicKey()
+        if !pub1.Equal(pub2) {
+                t.Error("same private key should produce equal public keys")
+        }
+        if pub1.Equal(pub3) {
+                t.Error("different private keys should produce different public keys")
+        }
+}
+// Known test vector from Bitcoin wiki
+func TestKnownKeyVector(t *testing.T) {
+        // Private key = 1
+        priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
+        pub := priv.PublicKey()
+        // Public key should be G
+        expectedX := Gx
+        expectedY := Gy
+        if pub.Point.x.value.Cmp(expectedX) != 0 {
+                t.Error("public key x doesn't match G.x")
+        }
+        if pub.Point.y.value.Cmp(expectedY) != 0 {
+                t.Error("public key y doesn't match G.y")
+        }
+        // Check compressed format starts with correct x
+        compressed := pub.BytesCompressed()
+        xFromCompressed := compressed[1:33]
+        expectedXBytes := make([]byte, 32)
+        copy(expectedXBytes[32-len(expectedX.Bytes()):], expectedX.Bytes())
+        if !bytes.Equal(xFromCompressed, expectedXBytes) {
+                t.Error("compressed pubkey x doesn't match")
+        }
+}
author	Clawd <ai@clawd.bot>	2026-02-19 21:08:14 -0800
committer	Clawd <ai@clawd.bot>	2026-02-19 21:08:14 -0800
commit	e5fa7c1a85e9dd44ee92cb5da1797c82a0268fdb (patch)
tree	fbe9d6c45112bb2ac068aed0d695797e0d4e24b8
parent	3a9decc7abdb5fdc10c025747c2b2b8b10210ffd (diff)

diff --git a/keys.go b/keys.go new file mode 100644 index 0000000..10da93f --- /dev/null +++ b/keys.go
@@ -0,0 +1,156 @@
	1	package secp256k1
	2
	3	import (
	4	"crypto/rand"
	5	"fmt"
	6	"math/big"
	7	)
	8
	9	// PrivateKey is a scalar (1 to N-1) used for signing
	10	type PrivateKey struct {
	11	D *big.Int // the secret scalar
	12	}
	13
	14	// PublicKey is a point on the curve (D * G)
	15	type PublicKey struct {
	16	Point *Point
	17	}
	18
	19	// GeneratePrivateKey creates a random private key
	20	func GeneratePrivateKey() (*PrivateKey, error) {
	21	// Generate random bytes
	22	bytes := make([]byte, 32)
	23	_, err := rand.Read(bytes)
	24	if err != nil {
	25	return nil, fmt.Errorf("failed to generate random bytes: %w", err)
	26	}
	27
	28	// Convert to big.Int and reduce mod N
	29	d := new(big.Int).SetBytes(bytes)
	30	d.Mod(d, N)
	31
	32	// Ensure it's not zero (extremely unlikely but must check)
	33	if d.Sign() == 0 {
	34	d.SetInt64(1)
	35	}
	36
	37	return &PrivateKey{D: d}, nil
	38	}
	39
	40	// NewPrivateKeyFromBytes creates a private key from 32 bytes
	41	func NewPrivateKeyFromBytes(b []byte) (*PrivateKey, error) {
	42	if len(b) != 32 {
	43	return nil, fmt.Errorf("private key must be 32 bytes, got %d", len(b))
	44	}
	45
	46	d := new(big.Int).SetBytes(b)
	47
	48	// Validate: must be in range [1, N-1]
	49	if d.Sign() == 0 {
	50	return nil, fmt.Errorf("private key cannot be zero")
	51	}
	52	if d.Cmp(N) >= 0 {
	53	return nil, fmt.Errorf("private key must be less than curve order N")
	54	}
	55
	56	return &PrivateKey{D: d}, nil
	57	}
	58
	59	// NewPrivateKeyFromHex creates a private key from a hex string
	60	func NewPrivateKeyFromHex(hex string) (*PrivateKey, error) {
	61	d, ok := new(big.Int).SetString(hex, 16)
	62	if !ok {
	63	return nil, fmt.Errorf("invalid hex string")
	64	}
	65
	66	// Validate range
	67	if d.Sign() == 0 {
	68	return nil, fmt.Errorf("private key cannot be zero")
	69	}
	70	if d.Cmp(N) >= 0 {
	71	return nil, fmt.Errorf("private key must be less than curve order N")
	72	}
	73
	74	return &PrivateKey{D: d}, nil
	75	}
	76
	77	// PublicKey derives the public key from the private key
	78	// PublicKey = D * G
	79	func (priv PrivateKey) PublicKey() PublicKey {
	80	point := G.ScalarMul(priv.D)
	81	return &PublicKey{Point: point}
	82	}
	83
	84	// Bytes returns the private key as 32 bytes (big-endian, zero-padded)
	85	func (priv *PrivateKey) Bytes() []byte {
	86	b := priv.D.Bytes()
	87	// Pad to 32 bytes
	88	if len(b) < 32 {
	89	padded := make([]byte, 32)
	90	copy(padded[32-len(b):], b)
	91	return padded
	92	}
	93	return b
	94	}
	95
	96	// Hex returns the private key as a 64-character hex string
	97	func (priv *PrivateKey) Hex() string {
	98	return fmt.Sprintf("%064x", priv.D)
	99	}
	100
	101	// Bytes returns the public key in uncompressed format (65 bytes: 0x04 \|\| x \|\| y)
	102	func (pub *PublicKey) Bytes() []byte {
	103	if pub.Point.IsInfinity() {
	104	return []byte{0x00} // shouldn't happen with valid keys
	105	}
	106
	107	result := make([]byte, 65)
	108	result[0] = 0x04 // uncompressed prefix
	109
	110	xBytes := pub.Point.x.value.Bytes()
	111	yBytes := pub.Point.y.value.Bytes()
	112
	113	// Copy x (padded to 32 bytes)
	114	copy(result[1+(32-len(xBytes)):33], xBytes)
	115	// Copy y (padded to 32 bytes)
	116	copy(result[33+(32-len(yBytes)):65], yBytes)
	117
	118	return result
	119	}
	120
	121	// BytesCompressed returns the public key in compressed format (33 bytes: prefix \|\| x)
	122	// Prefix is 0x02 if y is even, 0x03 if y is odd
	123	func (pub *PublicKey) BytesCompressed() []byte {
	124	if pub.Point.IsInfinity() {
	125	return []byte{0x00}
	126	}
	127
	128	result := make([]byte, 33)
	129
	130	// Prefix based on y parity
	131	if pub.Point.y.value.Bit(0) == 0 {
	132	result[0] = 0x02 // y is even
	133	} else {
	134	result[0] = 0x03 // y is odd
	135	}
	136
	137	xBytes := pub.Point.x.value.Bytes()
	138	copy(result[1+(32-len(xBytes)):33], xBytes)
	139
	140	return result
	141	}
	142
	143	// Hex returns the public key as uncompressed hex (130 characters)
	144	func (pub *PublicKey) Hex() string {
	145	return fmt.Sprintf("%x", pub.Bytes())
	146	}
	147
	148	// HexCompressed returns the public key as compressed hex (66 characters)
	149	func (pub *PublicKey) HexCompressed() string {
	150	return fmt.Sprintf("%x", pub.BytesCompressed())
	151	}
	152
	153	// Equal checks if two public keys are the same
	154	func (pub PublicKey) Equal(other PublicKey) bool {
	155	return pub.Point.Equal(other.Point)
	156	}


diff --git a/keys_test.go b/keys_test.go new file mode 100644 index 0000000..e17ac98 --- /dev/null +++ b/keys_test.go
@@ -0,0 +1,221 @@
	1	package secp256k1
	2
	3	import (
	4	"bytes"
	5	"math/big"
	6	"testing"
	7	)
	8
	9	func TestGeneratePrivateKey(t *testing.T) {
	10	priv, err := GeneratePrivateKey()
	11	if err != nil {
	12	t.Fatalf("failed to generate key: %v", err)
	13	}
	14
	15	// Should be in valid range [1, N-1]
	16	if priv.D.Sign() <= 0 {
	17	t.Error("private key should be positive")
	18	}
	19	if priv.D.Cmp(N) >= 0 {
	20	t.Error("private key should be less than N")
	21	}
	22	}
	23
	24	func TestGeneratePrivateKeyUnique(t *testing.T) {
	25	// Generate two keys, they should be different
	26	priv1, _ := GeneratePrivateKey()
	27	priv2, _ := GeneratePrivateKey()
	28
	29	if priv1.D.Cmp(priv2.D) == 0 {
	30	t.Error("two generated keys should not be identical")
	31	}
	32	}
	33
	34	func TestPrivateKeyFromBytes(t *testing.T) {
	35	// 32 bytes of 0x01
	36	b := make([]byte, 32)
	37	b[31] = 0x01 // value = 1
	38
	39	priv, err := NewPrivateKeyFromBytes(b)
	40	if err != nil {
	41	t.Fatalf("failed to create key: %v", err)
	42	}
	43
	44	if priv.D.Cmp(big.NewInt(1)) != 0 {
	45	t.Errorf("expected D=1, got %s", priv.D.String())
	46	}
	47	}
	48
	49	func TestPrivateKeyFromBytesInvalidLength(t *testing.T) {
	50	b := make([]byte, 31) // wrong length
	51	_, err := NewPrivateKeyFromBytes(b)
	52	if err == nil {
	53	t.Error("should reject non-32-byte input")
	54	}
	55	}
	56
	57	func TestPrivateKeyFromBytesZero(t *testing.T) {
	58	b := make([]byte, 32) // all zeros
	59	_, err := NewPrivateKeyFromBytes(b)
	60	if err == nil {
	61	t.Error("should reject zero private key")
	62	}
	63	}
	64
	65	func TestPrivateKeyFromHex(t *testing.T) {
	66	hex := "0000000000000000000000000000000000000000000000000000000000000001"
	67	priv, err := NewPrivateKeyFromHex(hex)
	68	if err != nil {
	69	t.Fatalf("failed to create key: %v", err)
	70	}
	71
	72	if priv.D.Cmp(big.NewInt(1)) != 0 {
	73	t.Errorf("expected D=1, got %s", priv.D.String())
	74	}
	75	}
	76
	77	func TestPrivateKeyFromHexInvalid(t *testing.T) {
	78	_, err := NewPrivateKeyFromHex("not-hex")
	79	if err == nil {
	80	t.Error("should reject invalid hex")
	81	}
	82	}
	83
	84	func TestPublicKeyDerivation(t *testing.T) {
	85	// Private key = 1, public key should be G
	86	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	87	pub := priv.PublicKey()
	88
	89	if !pub.Point.Equal(G) {
	90	t.Error("1 * G should equal G")
	91	}
	92	}
	93
	94	func TestPublicKeyDerivation2(t *testing.T) {
	95	// Private key = 2, public key should be 2G
	96	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000002")
	97	pub := priv.PublicKey()
	98
	99	expected := G.Double()
	100	if !pub.Point.Equal(expected) {
	101	t.Error("2 * G should equal 2G")
	102	}
	103	}
	104
	105	func TestPublicKeyOnCurve(t *testing.T) {
	106	priv, _ := GeneratePrivateKey()
	107	pub := priv.PublicKey()
	108
	109	if !pub.Point.IsOnCurve() {
	110	t.Error("derived public key should be on curve")
	111	}
	112	}
	113
	114	func TestPrivateKeyBytes(t *testing.T) {
	115	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	116	b := priv.Bytes()
	117
	118	if len(b) != 32 {
	119	t.Errorf("expected 32 bytes, got %d", len(b))
	120	}
	121	if b[31] != 0x01 {
	122	t.Errorf("expected last byte to be 0x01, got 0x%02x", b[31])
	123	}
	124	}
	125
	126	func TestPrivateKeyRoundTrip(t *testing.T) {
	127	priv1, _ := GeneratePrivateKey()
	128	b := priv1.Bytes()
	129	priv2, _ := NewPrivateKeyFromBytes(b)
	130
	131	if priv1.D.Cmp(priv2.D) != 0 {
	132	t.Error("private key should survive bytes round-trip")
	133	}
	134	}
	135
	136	func TestPublicKeyBytesUncompressed(t *testing.T) {
	137	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	138	pub := priv.PublicKey()
	139	b := pub.Bytes()
	140
	141	if len(b) != 65 {
	142	t.Errorf("uncompressed pubkey should be 65 bytes, got %d", len(b))
	143	}
	144	if b[0] != 0x04 {
	145	t.Errorf("uncompressed prefix should be 0x04, got 0x%02x", b[0])
	146	}
	147	}
	148
	149	func TestPublicKeyBytesCompressed(t *testing.T) {
	150	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	151	pub := priv.PublicKey()
	152	b := pub.BytesCompressed()
	153
	154	if len(b) != 33 {
	155	t.Errorf("compressed pubkey should be 33 bytes, got %d", len(b))
	156	}
	157	// G has odd y, so prefix should be 0x03
	158	if b[0] != 0x02 && b[0] != 0x03 {
	159	t.Errorf("compressed prefix should be 0x02 or 0x03, got 0x%02x", b[0])
	160	}
	161	}
	162
	163	func TestPublicKeyHex(t *testing.T) {
	164	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	165	pub := priv.PublicKey()
	166
	167	hex := pub.Hex()
	168	if len(hex) != 130 { // 65 bytes * 2
	169	t.Errorf("uncompressed hex should be 130 chars, got %d", len(hex))
	170	}
	171
	172	hexComp := pub.HexCompressed()
	173	if len(hexComp) != 66 { // 33 bytes * 2
	174	t.Errorf("compressed hex should be 66 chars, got %d", len(hexComp))
	175	}
	176	}
	177
	178	func TestPublicKeyEqual(t *testing.T) {
	179	priv1, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	180	priv2, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	181	priv3, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000002")
	182
	183	pub1 := priv1.PublicKey()
	184	pub2 := priv2.PublicKey()
	185	pub3 := priv3.PublicKey()
	186
	187	if !pub1.Equal(pub2) {
	188	t.Error("same private key should produce equal public keys")
	189	}
	190	if pub1.Equal(pub3) {
	191	t.Error("different private keys should produce different public keys")
	192	}
	193	}
	194
	195	// Known test vector from Bitcoin wiki
	196	func TestKnownKeyVector(t *testing.T) {
	197	// Private key = 1
	198	priv, _ := NewPrivateKeyFromHex("0000000000000000000000000000000000000000000000000000000000000001")
	199	pub := priv.PublicKey()
	200
	201	// Public key should be G
	202	expectedX := Gx
	203	expectedY := Gy
	204
	205	if pub.Point.x.value.Cmp(expectedX) != 0 {
	206	t.Error("public key x doesn't match G.x")
	207	}
	208	if pub.Point.y.value.Cmp(expectedY) != 0 {
	209	t.Error("public key y doesn't match G.y")
	210	}
	211
	212	// Check compressed format starts with correct x
	213	compressed := pub.BytesCompressed()
	214	xFromCompressed := compressed[1:33]
	215	expectedXBytes := make([]byte, 32)
	216	copy(expectedXBytes[32-len(expectedX.Bytes()):], expectedX.Bytes())
	217
	218	if !bytes.Equal(xFromCompressed, expectedXBytes) {
	219	t.Error("compressed pubkey x doesn't match")
	220	}
	221	}