tests: Use dedicated function to generate signers in tests

Signed-off-by: Evgenii Baidakov <evgenii@nspcc.io>
2023-04-25 13:11:42 +04:00 · 2023-04-25 13:11:42 +04:00 · 36b1e8442c
commit 36b1e8442c
parent 25c0fd9b8e
29 changed files with 221 additions and 239 deletions
--- a/bearer/bearer_test.go
+++ b/bearer/bearer_test.go
@ -5,14 +5,13 @@ import (
 	"math/rand"
 	"testing"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/acl"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	bearertest "github.com/nspcc-dev/neofs-sdk-go/bearer/test"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
@ -38,7 +37,7 @@ func isEqualEACLTables(t1, t2 eacl.Table) bool {
 func TestToken_SetEACLTable(t *testing.T) {
 	var val bearer.Token
 	var m acl.BearerToken
-	filled := bearertest.Token()
+	filled := bearertest.Token(t)

 	val.WriteToV2(&m)
 	require.Zero(t, m.GetBody())
@ -58,7 +57,7 @@ func TestToken_SetEACLTable(t *testing.T) {

 	// set value

-	eaclTable := *eacltest.Table()
+	eaclTable := *eacltest.Table(t)

 	val.SetEACLTable(eaclTable)
 	require.True(t, isEqualEACLTables(eaclTable, val.EACLTable()))
@ -84,7 +83,7 @@ func TestToken_SetEACLTable(t *testing.T) {
 func TestToken_ForUser(t *testing.T) {
 	var val bearer.Token
 	var m acl.BearerToken
-	filled := bearertest.Token()
+	filled := bearertest.Token(t)

 	val.WriteToV2(&m)
 	require.Zero(t, m.GetBody())
@ -107,7 +106,7 @@ func TestToken_ForUser(t *testing.T) {
 	require.Zero(t, m.GetBody())

 	// set value
-	usr := *usertest.ID()
+	usr := *usertest.ID(t)

 	var usrV2 refs.OwnerID
 	usr.WriteToV2(&usrV2)
@ -138,7 +137,7 @@ func TestToken_ForUser(t *testing.T) {
 func testLifetimeClaim(t *testing.T, setter func(*bearer.Token, uint64), getter func(*acl.BearerToken) uint64) {
 	var val bearer.Token
 	var m acl.BearerToken
-	filled := bearertest.Token()
+	filled := bearertest.Token(t)

 	val.WriteToV2(&m)
 	require.Zero(t, m.GetBody())
@ -230,7 +229,7 @@ func TestToken_AssertContainer(t *testing.T) {

 	require.True(t, val.AssertContainer(cnr))

-	eaclTable := *eacltest.Table()
+	eaclTable := *eacltest.Table(t)

 	eaclTable.SetCID(cidtest.ID())
 	val.SetEACLTable(eaclTable)
@ -243,11 +242,11 @@ func TestToken_AssertContainer(t *testing.T) {

 func TestToken_AssertUser(t *testing.T) {
 	var val bearer.Token
-	usr := *usertest.ID()
+	usr := *usertest.ID(t)

 	require.True(t, val.AssertUser(usr))

-	val.ForUser(*usertest.ID())
+	val.ForUser(*usertest.ID(t))
 	require.False(t, val.AssertUser(usr))

 	val.ForUser(usr)
@ -259,11 +258,9 @@ func TestToken_Sign(t *testing.T) {

 	require.False(t, val.VerifySignature())

-	k, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	signer := neofsecdsa.Signer(k.PrivateKey)
+	signer := test.RandomSigner(t)

-	val = bearertest.Token()
+	val = bearertest.Token(t)

 	require.NoError(t, val.Sign(signer))

@ -275,7 +272,7 @@ func TestToken_Sign(t *testing.T) {
 	require.NotZero(t, m.GetSignature().GetKey())
 	require.NotZero(t, m.GetSignature().GetSign())

-	val2 := bearertest.Token()
+	val2 := bearertest.Token(t)

 	require.NoError(t, val2.Unmarshal(val.Marshal()))
 	require.True(t, val2.VerifySignature())
@ -283,7 +280,7 @@ func TestToken_Sign(t *testing.T) {
 	jd, err := val.MarshalJSON()
 	require.NoError(t, err)

-	val2 = bearertest.Token()
+	val2 = bearertest.Token(t)
 	require.NoError(t, val2.UnmarshalJSON(jd))
 	require.True(t, val2.VerifySignature())
 }
@ -299,7 +296,7 @@ func TestToken_ReadFromV2(t *testing.T) {

 	require.Error(t, val.ReadFromV2(m))

-	eaclTable := eacltest.Table().ToV2()
+	eaclTable := eacltest.Table(t).ToV2()
 	body.SetEACL(eaclTable)

 	require.Error(t, val.ReadFromV2(m))
@ -328,7 +325,7 @@ func TestToken_ReadFromV2(t *testing.T) {
 	val.WriteToV2(&m2)
 	require.Equal(t, m, m2)

-	usr, usr2 := *usertest.ID(), *usertest.ID()
+	usr, usr2 := *usertest.ID(t), *usertest.ID(t)

 	require.True(t, val.AssertUser(usr))
 	require.True(t, val.AssertUser(usr2))
@ -346,10 +343,7 @@ func TestToken_ReadFromV2(t *testing.T) {
 	require.True(t, val.AssertUser(usr))
 	require.False(t, val.AssertUser(usr2))

-	k, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-
-	signer := neofsecdsa.Signer(k.PrivateKey)
+	signer := test.RandomSigner(t)

 	var s neofscrypto.Signature

@ -363,9 +357,7 @@ func TestToken_ReadFromV2(t *testing.T) {
 }

 func TestResolveIssuer(t *testing.T) {
-	k, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	signer := neofsecdsa.Signer(k.PrivateKey)
+	signer := test.RandomSigner(t)

 	var val bearer.Token

--- a/bearer/test/generate.go
+++ b/bearer/test/generate.go
@ -1,6 +1,8 @@
 package bearertest

 import (
+	"testing"
+
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	eacltest "github.com/nspcc-dev/neofs-sdk-go/eacl/test"
 	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
@ -9,12 +11,12 @@ import (
 // Token returns random bearer.Token.
 //
 // Resulting token is unsigned.
-func Token() (t bearer.Token) {
-	t.SetExp(3)
-	t.SetNbf(2)
-	t.SetIat(1)
-	t.ForUser(*usertest.ID())
-	t.SetEACLTable(*eacltest.Table())
+func Token(t testing.TB) (tok bearer.Token) {
+	tok.SetExp(3)
+	tok.SetNbf(2)
+	tok.SetIat(1)
+	tok.ForUser(*usertest.ID(t))
+	tok.SetEACLTable(*eacltest.Table(t))

-	return t
+	return tok
 }
--- a/client/client_test.go
+++ b/client/client_test.go
@ -2,14 +2,10 @@ package client

 import (
 	"context"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
 	"testing"

 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
 	"github.com/stretchr/testify/require"
 )

@ -17,15 +13,10 @@ import (
 File contains common functionality used for client package testing.
 */

-var key, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-var signer neofscrypto.Signer
-
 var statusErr apistatus.ServerInternal

 func init() {
 	statusErr.SetMessage("test status error")
-
-	signer = neofsecdsa.SignerRFC6979(*key)
 }

 func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status }) {
@ -33,7 +24,7 @@ func assertStatusErr(tb testing.TB, res interface{ Status() apistatus.Status })
 	require.Equal(tb, statusErr.Message(), res.Status().(*apistatus.ServerInternal).Message())
 }

-func newClient(server neoFSAPIServer) *Client {
+func newClient(signer neofscrypto.Signer, server neoFSAPIServer) *Client {
 	var prm PrmInit
 	prm.SetDefaultSigner(signer)

--- a/client/netmap_test.go
+++ b/client/netmap_test.go
@ -9,6 +9,8 @@ import (
 	v2netmap "github.com/nspcc-dev/neofs-api-go/v2/netmap"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/netmap"
 	"github.com/stretchr/testify/require"
 )
@ -22,6 +24,8 @@ type serverNetMap struct {

 	setNetMap bool
 	netMap    v2netmap.NetMap
+
+	signer neofscrypto.Signer
 }

 func (x *serverNetMap) netMapSnapshot(ctx context.Context, req v2netmap.SnapshotRequest) (*v2netmap.SnapshotResponse, error) {
@ -51,7 +55,7 @@ func (x *serverNetMap) netMapSnapshot(ctx context.Context, req v2netmap.Snapshot
 	resp.SetMetaHeader(&meta)

 	if x.signResponse {
-		err = signServiceMessage(signer, &resp)
+		err = signServiceMessage(x.signer, &resp)
 		if err != nil {
 			panic(fmt.Sprintf("sign response: %v", err))
 		}
@ -65,7 +69,12 @@ func TestClient_NetMapSnapshot(t *testing.T) {
 	var prm PrmNetMapSnapshot
 	var res *ResNetMapSnapshot
 	var srv serverNetMap
-	c := newClient(&srv)
+
+	signer := test.RandomSignerRFC6979(t)
+
+	srv.signer = signer
+
+	c := newClient(signer, &srv)
 	ctx := context.Background()

 	// missing context
--- a/client/object_search_test.go
+++ b/client/object_search_test.go
@ -6,11 +6,10 @@ import (
 	"io"
 	"testing"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	v2object "github.com/nspcc-dev/neofs-api-go/v2/object"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
 	"github.com/stretchr/testify/require"
@ -110,10 +109,7 @@ func TestObjectIterate(t *testing.T) {
 }

 func testListReaderResponse(t *testing.T) (neofscrypto.Signer, *ObjectListReader) {
-	p, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-
-	return neofsecdsa.Signer(p.PrivateKey), &ObjectListReader{
+	return test.RandomSigner(t), &ObjectListReader{
 		cancelCtxStream: func() {},
 		client:          &Client{},
 		tail:            nil,
--- a/client/sign_test.go
+++ b/client/sign_test.go
@ -7,6 +7,8 @@ import (
 	"github.com/nspcc-dev/neofs-api-go/v2/accounting"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	"github.com/nspcc-dev/neofs-api-go/v2/session"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 )
@ -25,7 +27,7 @@ func testOwner(t *testing.T, owner *refs.OwnerID, req any) {
 	require.NoError(t, verifyServiceMessage(req))
 }

-func testRequestSign(t *testing.T, meta *session.RequestMetaHeader, req request) {
+func testRequestSign(t *testing.T, signer neofscrypto.Signer, meta *session.RequestMetaHeader, req request) {
 	require.Error(t, verifyServiceMessage(req))

 	// sign request
@ -61,7 +63,7 @@ func testRequestMeta(t *testing.T, meta *session.RequestMetaHeader, req serviceR
 	require.Error(t, verifyServiceMessage(req))
 }

-func testResponseSign(t *testing.T, meta *session.ResponseMetaHeader, resp testResponse) {
+func testResponseSign(t *testing.T, signer neofscrypto.Signer, meta *session.ResponseMetaHeader, resp testResponse) {
 	require.Error(t, verifyServiceMessage(resp))

 	// sign request
@ -98,11 +100,15 @@ func testResponseMeta(t *testing.T, meta *session.ResponseMetaHeader, req servic
 }

 func TestEmptyMessage(t *testing.T) {
+	signer := test.RandomSignerRFC6979(t)
+
 	require.NoError(t, verifyServiceMessage(nil))
 	require.NoError(t, signServiceMessage(signer, nil))
 }

 func TestBalanceRequest(t *testing.T) {
+	signer := test.RandomSignerRFC6979(t)
+
 	var id user.ID
 	require.NoError(t, user.IDFromSigner(&id, signer))

@ -121,13 +127,15 @@ func TestBalanceRequest(t *testing.T) {

 	// add level to meta header matryoshka
 	meta = &session.RequestMetaHeader{}
-	testRequestSign(t, meta, req)
+	testRequestSign(t, signer, meta, req)

 	testOwner(t, &ownerID, req)
 	testRequestMeta(t, meta, req)
 }

 func TestBalanceResponse(t *testing.T) {
+	signer := test.RandomSignerRFC6979(t)
+
 	dec := new(accounting.Decimal)
 	dec.SetValue(100)

@ -143,7 +151,7 @@ func TestBalanceResponse(t *testing.T) {

 	// add level to meta header matryoshka
 	meta = new(session.ResponseMetaHeader)
-	testResponseSign(t, meta, resp)
+	testResponseSign(t, signer, meta, resp)

 	// corrupt body
 	dec.SetValue(dec.GetValue() + 1)
@ -158,6 +166,8 @@ func TestBalanceResponse(t *testing.T) {
 }

 func TestCreateRequest(t *testing.T) {
+	signer := test.RandomSignerRFC6979(t)
+
 	var id user.ID
 	require.NoError(t, user.IDFromSigner(&id, signer))

@ -177,7 +187,7 @@ func TestCreateRequest(t *testing.T) {

 	// add level to meta header matryoshka
 	meta = &session.RequestMetaHeader{}
-	testRequestSign(t, meta, req)
+	testRequestSign(t, signer, meta, req)

 	testOwner(t, &ownerID, req)

@ -194,6 +204,8 @@ func TestCreateRequest(t *testing.T) {
 }

 func TestCreateResponse(t *testing.T) {
+	signer := test.RandomSignerRFC6979(t)
+
 	id := make([]byte, 8)
 	_, err := rand.Read(id)
 	require.NoError(t, err)
@ -215,7 +227,7 @@ func TestCreateResponse(t *testing.T) {

 	// add level to meta header matryoshka
 	meta = &session.ResponseMetaHeader{}
-	testResponseSign(t, meta, req)
+	testResponseSign(t, signer, meta, req)

 	// corrupt body
 	body.SetID([]byte{1})
--- a/container/container_test.go
+++ b/container/container_test.go
@ -7,7 +7,6 @@ import (
 	"time"

 	"github.com/google/uuid"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	v2container "github.com/nspcc-dev/neofs-api-go/v2/container"
 	v2netmap "github.com/nspcc-dev/neofs-api-go/v2/netmap"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
@ -16,7 +15,7 @@ import (
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	containertest "github.com/nspcc-dev/neofs-sdk-go/container/test"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	netmaptest "github.com/nspcc-dev/neofs-sdk-go/netmap/test"
 	subnetid "github.com/nspcc-dev/neofs-sdk-go/subnet/id"
 	subnetidtest "github.com/nspcc-dev/neofs-sdk-go/subnet/id/test"
@ -26,7 +25,7 @@ import (
 )

 func TestPlacementPolicyEncoding(t *testing.T) {
-	v := containertest.Container()
+	v := containertest.Container(t)

 	t.Run("binary", func(t *testing.T) {
 		var v2 container.Container
@ -47,7 +46,7 @@ func TestPlacementPolicyEncoding(t *testing.T) {
 }

 func TestContainer_Init(t *testing.T) {
-	val := containertest.Container()
+	val := containertest.Container(t)

 	val.Init()

@ -79,9 +78,9 @@ func TestContainer_Owner(t *testing.T) {

 	require.Zero(t, val.Owner())

-	val = containertest.Container()
+	val = containertest.Container(t)

-	owner := *usertest.ID()
+	owner := *usertest.ID(t)

 	val.SetOwner(owner)

@ -104,7 +103,7 @@ func TestContainer_BasicACL(t *testing.T) {

 	require.Zero(t, val.BasicACL())

-	val = containertest.Container()
+	val = containertest.Container(t)

 	basicACL := containertest.BasicACL()
 	val.SetBasicACL(basicACL)
@ -125,7 +124,7 @@ func TestContainer_PlacementPolicy(t *testing.T) {

 	require.Zero(t, val.PlacementPolicy())

-	val = containertest.Container()
+	val = containertest.Container(t)

 	pp := netmaptest.PlacementPolicy()
 	val.SetPlacementPolicy(pp)
@ -156,7 +155,7 @@ func TestContainer_Attribute(t *testing.T) {
 	const attrKey1, attrKey2 = "key1", "key2"
 	const attrVal1, attrVal2 = "val1", "val2"

-	val := containertest.Container()
+	val := containertest.Container(t)

 	val.SetAttribute(attrKey1, attrVal1)
 	val.SetAttribute(attrKey2, attrVal2)
@ -195,7 +194,7 @@ func TestSetName(t *testing.T) {
 		container.SetName(&val, "")
 	})

-	val = containertest.Container()
+	val = containertest.Container(t)

 	const name = "some name"

@ -217,7 +216,7 @@ func TestSetCreationTime(t *testing.T) {

 	require.Zero(t, container.CreatedAt(val).Unix())

-	val = containertest.Container()
+	val = containertest.Container(t)

 	creat := time.Now()

@ -239,7 +238,7 @@ func TestSetSubnet(t *testing.T) {

 	require.True(t, subnetid.IsZero(container.Subnet(val)))

-	val = containertest.Container()
+	val = containertest.Container(t)

 	sub := subnetidtest.ID()

@ -261,7 +260,7 @@ func TestDisableHomomorphicHashing(t *testing.T) {

 	require.False(t, container.IsHomomorphicHashingDisabled(val))

-	val = containertest.Container()
+	val = containertest.Container(t)

 	container.DisableHomomorphicHashing(&val)

@ -281,7 +280,7 @@ func TestWriteDomain(t *testing.T) {

 	require.Zero(t, container.ReadDomain(val).Name())

-	val = containertest.Container()
+	val = containertest.Container(t)

 	const name = "domain name"

@ -313,7 +312,7 @@ func TestWriteDomain(t *testing.T) {
 }

 func TestCalculateID(t *testing.T) {
-	val := containertest.Container()
+	val := containertest.Container(t)

 	require.False(t, container.AssertID(cidtest.ID(), val))

@ -333,14 +332,11 @@ func TestCalculateID(t *testing.T) {
 }

 func TestCalculateSignature(t *testing.T) {
-	key, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-
-	val := containertest.Container()
+	val := containertest.Container(t)

 	var sig neofscrypto.Signature

-	require.NoError(t, container.CalculateSignature(&sig, val, neofsecdsa.SignerRFC6979(key.PrivateKey)))
+	require.NoError(t, container.CalculateSignature(&sig, val, test.RandomSignerRFC6979(t)))

 	var msg refs.Signature
 	sig.WriteToV2(&msg)
--- a/container/network_test.go
+++ b/container/network_test.go
@ -10,7 +10,7 @@ import (
 )

 func TestContainer_NetworkConfig(t *testing.T) {
-	c := containertest.Container()
+	c := containertest.Container(t)
 	nc := netmaptest.NetworkInfo()

 	t.Run("default", func(t *testing.T) {
--- a/container/test/generate.go
+++ b/container/test/generate.go
@ -2,6 +2,7 @@ package containertest

 import (
 	"math/rand"
+	"testing"

 	"github.com/nspcc-dev/neofs-sdk-go/container"
 	"github.com/nspcc-dev/neofs-sdk-go/container/acl"
@ -11,8 +12,8 @@ import (
 )

 // Container returns random container.Container.
-func Container() (x container.Container) {
-	owner := usertest.ID()
+func Container(t *testing.T) (x container.Container) {
+	owner := usertest.ID(t)

 	x.Init()
 	x.SetAttribute("some attribute", "value")
--- a/crypto/test/tests.go
+++ b/crypto/test/tests.go
@ -0,0 +1,33 @@
+/*
+Package tests provides special help functions for testing NeoFS API and its environment.
+
+All functions accepting `t *testing.T` that emphasize there are only for tests purposes.
+*/
+package test
+
+import (
+	"testing"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/stretchr/testify/require"
+)
+
+// RandomSigner return neofscrypto.Signer ONLY for TESTs purposes.
+// It may be used like helper to get new neofscrypto.Signer if you need it in yours tests.
+func RandomSigner(tb testing.TB) neofscrypto.Signer {
+	p, err := keys.NewPrivateKey()
+	require.NoError(tb, err)
+
+	return neofsecdsa.Signer(p.PrivateKey)
+}
+
+// RandomSignerRFC6979 return neofscrypto.Signer ONLY for TESTs purposes.
+// It may be used like helper to get new neofscrypto.Signer if you need it in yours tests.
+func RandomSignerRFC6979(tb testing.TB) neofscrypto.Signer {
+	p, err := keys.NewPrivateKey()
+	require.NoError(tb, err)
+
+	return neofsecdsa.SignerRFC6979(p.PrivateKey)
+}
--- a/eacl/record_test.go
+++ b/eacl/record_test.go
@ -154,7 +154,7 @@ func TestReservedRecords(t *testing.T) {
 		v       = versiontest.Version()
 		oid     = oidtest.ID()
 		cid     = cidtest.ID()
-		ownerid = usertest.ID()
+		ownerid = usertest.ID(t)
 		h       = checksumtest.Checksum()
 		typ     = new(object.Type)
 	)
--- a/eacl/table_test.go
+++ b/eacl/table_test.go
@ -66,7 +66,7 @@ func TestTable_AddRecord(t *testing.T) {
 }

 func TestTableEncoding(t *testing.T) {
-	tab := eacltest.Table()
+	tab := eacltest.Table(t)

 	t.Run("binary", func(t *testing.T) {
 		data, err := tab.Marshal()
--- a/eacl/test/generate.go
+++ b/eacl/test/generate.go
@ -1,6 +1,8 @@
 package eacltest

 import (
+	"testing"
+
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
@ -21,24 +23,24 @@ func Target() *eacl.Target {
 }

 // Record returns random eacl.Record.
-func Record() *eacl.Record {
+func Record(tb testing.TB) *eacl.Record {
 	x := eacl.NewRecord()

 	x.SetAction(eacl.ActionAllow)
 	x.SetOperation(eacl.OperationRangeHash)
 	x.SetTargets(*Target(), *Target())
 	x.AddObjectContainerIDFilter(eacl.MatchStringEqual, cidtest.ID())
-	x.AddObjectOwnerIDFilter(eacl.MatchStringNotEqual, usertest.ID())
+	x.AddObjectOwnerIDFilter(eacl.MatchStringNotEqual, usertest.ID(tb))

 	return x
 }

-func Table() *eacl.Table {
+func Table(tb testing.TB) *eacl.Table {
 	x := eacl.NewTable()

 	x.SetCID(cidtest.ID())
-	x.AddRecord(Record())
-	x.AddRecord(Record())
+	x.AddRecord(Record(tb))
+	x.AddRecord(Record(tb))
 	x.SetVersion(versiontest.Version())

 	return x
--- a/object/fmt_test.go
+++ b/object/fmt_test.go
@ -4,8 +4,7 @@ import (
 	"crypto/rand"
 	"testing"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/stretchr/testify/require"
 )

@ -18,9 +17,7 @@ func TestVerificationFields(t *testing.T) {
 	obj.SetPayload(payload)
 	obj.SetPayloadSize(uint64(len(payload)))

-	p, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	require.NoError(t, SetVerificationFields(neofsecdsa.Signer(p.PrivateKey), obj))
+	require.NoError(t, SetVerificationFields(test.RandomSigner(t), obj))

 	require.NoError(t, CheckVerificationFields(obj))

--- a/object/object_test.go
+++ b/object/object_test.go
@ -12,7 +12,7 @@ import (
 func TestInitCreation(t *testing.T) {
 	var o object.Object
 	cnr := cidtest.ID()
-	own := *usertest.ID()
+	own := *usertest.ID(t)

 	object.InitCreation(&o, object.RequiredFields{
 		Container: cnr,
--- a/object/test/generate.go
+++ b/object/test/generate.go
@ -1,6 +1,8 @@
 package objecttest

 import (
+	"testing"
+
 	"github.com/google/uuid"
 	checksumtest "github.com/nspcc-dev/neofs-sdk-go/checksum/test"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
@ -41,14 +43,14 @@ func SplitID() *object.SplitID {
 	return x
 }

-func generate(withParent bool) *object.Object {
+func generate(t *testing.T, withParent bool) *object.Object {
 	x := object.New()
 	ver := version.Current()

 	x.SetID(oidtest.ID())
 	x.SetSessionToken(sessiontest.Object())
 	x.SetPayload([]byte{1, 2, 3})
-	x.SetOwnerID(usertest.ID())
+	x.SetOwnerID(usertest.ID(t))
 	x.SetContainerID(cidtest.ID())
 	x.SetType(object.TypeTombstone)
 	x.SetVersion(&ver)
@ -63,7 +65,7 @@ func generate(withParent bool) *object.Object {
 	x.SetPayloadHomomorphicHash(checksumtest.Checksum())

 	if withParent {
-		x.SetParent(generate(false))
+		x.SetParent(generate(t, false))
 	}

 	return x
@ -71,13 +73,13 @@ func generate(withParent bool) *object.Object {

 // Raw returns random object.Object.
 // Deprecated: (v1.0.0) use Object instead.
-func Raw() *object.Object {
-	return Object()
+func Raw(t *testing.T) *object.Object {
+	return Object(t)
 }

 // Object returns random object.Object.
-func Object() *object.Object {
-	return generate(true)
+func Object(t *testing.T) *object.Object {
+	return generate(t, true)
 }

 // Tombstone returns random object.Tombstone.
--- a/pool/cache_test.go
+++ b/pool/cache_test.go
@ -3,8 +3,7 @@ package pool
 import (
 	"testing"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
 	"github.com/stretchr/testify/require"
@ -14,9 +13,6 @@ func TestSessionCache_GetUnmodifiedToken(t *testing.T) {
 	const key = "Foo"
 	target := *sessiontest.Object()

-	pk, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-
 	check := func(t *testing.T, tok session.Object, extra string) {
 		require.False(t, tok.VerifySignature(), extra)
 	}
@ -29,7 +25,7 @@ func TestSessionCache_GetUnmodifiedToken(t *testing.T) {
 	require.True(t, ok)
 	check(t, value, "before sign")

-	err = value.Sign(neofsecdsa.Signer(pk.PrivateKey))
+	err = value.Sign(test.RandomSigner(t))
 	require.NoError(t, err)

 	value, ok = cache.Get(key)
--- a/pool/pool_test.go
+++ b/pool/pool_test.go
@ -7,11 +7,10 @@ import (
 	"testing"
 	"time"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	oid "github.com/nspcc-dev/neofs-sdk-go/object/id"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
@ -22,13 +21,13 @@ import (

 func TestBuildPoolClientFailed(t *testing.T) {
 	mockClientBuilder := func(addr string) client {
-		mockCli := newMockClient(addr, newSigner(t))
+		mockCli := newMockClient(addr, test.RandomSigner(t))
 		mockCli.errOnDial()
 		return mockCli
 	}

 	opts := InitParameters{
-		signer:     newSigner(t),
+		signer:     test.RandomSigner(t),
 		nodeParams: []NodeParam{{1, "peer0", 1}},
 	}
 	opts.setClientBuilder(mockClientBuilder)
@ -41,13 +40,13 @@ func TestBuildPoolClientFailed(t *testing.T) {

 func TestBuildPoolCreateSessionFailed(t *testing.T) {
 	clientMockBuilder := func(addr string) client {
-		mockCli := newMockClient(addr, newSigner(t))
+		mockCli := newMockClient(addr, test.RandomSigner(t))
 		mockCli.errOnCreateSession()
 		return mockCli
 	}

 	opts := InitParameters{
-		signer:     newSigner(t),
+		signer:     test.RandomSigner(t),
 		nodeParams: []NodeParam{{1, "peer0", 1}},
 	}
 	opts.setClientBuilder(clientMockBuilder)
@ -58,12 +57,6 @@ func TestBuildPoolCreateSessionFailed(t *testing.T) {
 	require.Error(t, err)
 }

-func newSigner(t *testing.T) neofsecdsa.Signer {
-	p, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-	return neofsecdsa.Signer(p.PrivateKey)
-}
-
 func TestBuildPoolOneNodeFailed(t *testing.T) {
 	nodes := []NodeParam{
 		{1, "peer0", 1},
@ -72,7 +65,7 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {

 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)

 		if addr == nodes[0].address {
@ -87,7 +80,7 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {
 	log, err := zap.NewProduction()
 	require.NoError(t, err)
 	opts := InitParameters{
-		signer:                  newSigner(t),
+		signer:                  test.RandomSigner(t),
 		clientRebalanceInterval: 1000 * time.Millisecond,
 		logger:                  log,
 		nodeParams:              nodes,
@ -115,20 +108,20 @@ func TestBuildPoolOneNodeFailed(t *testing.T) {

 func TestBuildPoolZeroNodes(t *testing.T) {
 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 	}
 	_, err := NewPool(opts)
 	require.Error(t, err)
 }

 func TestOneNode(t *testing.T) {
-	key1 := newSigner(t)
+	key1 := test.RandomSigner(t)
 	mockClientBuilder := func(addr string) client {
 		return newMockClient(addr, key1)
 	}

 	opts := InitParameters{
-		signer:     newSigner(t),
+		signer:     test.RandomSigner(t),
 		nodeParams: []NodeParam{{1, "peer0", 1}},
 	}
 	opts.setClientBuilder(mockClientBuilder)
@ -142,20 +135,19 @@ func TestOneNode(t *testing.T) {
 	cp, err := pool.connection()
 	require.NoError(t, err)
 	st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
-	expectedAuthKey := neofsecdsa.PublicKey(key1.PublicKey)
-	require.True(t, st.AssertAuthKey(&expectedAuthKey))
+	require.True(t, st.AssertAuthKey(key1.Public()))
 }

 func TestTwoNodes(t *testing.T) {
 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)
 		return newMockClient(addr, key)
 	}

 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 		nodeParams: []NodeParam{
 			{1, "peer0", 1},
 			{1, "peer1", 1},
@ -193,7 +185,7 @@ func TestOneOfTwoFailed(t *testing.T) {

 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)

 		if addr == nodes[0].address {
@ -207,7 +199,7 @@ func TestOneOfTwoFailed(t *testing.T) {
 	}

 	opts := InitParameters{
-		signer:                  newSigner(t),
+		signer:                  test.RandomSigner(t),
 		nodeParams:              nodes,
 		clientRebalanceInterval: 200 * time.Millisecond,
 	}
@ -234,7 +226,7 @@ func TestOneOfTwoFailed(t *testing.T) {
 func TestTwoFailed(t *testing.T) {
 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)
 		mockCli := newMockClient(addr, key)
 		mockCli.errOnEndpointInfo()
@ -242,7 +234,7 @@ func TestTwoFailed(t *testing.T) {
 	}

 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 		nodeParams: []NodeParam{
 			{1, "peer0", 1},
 			{1, "peer1", 1},
@ -266,8 +258,7 @@ func TestTwoFailed(t *testing.T) {
 }

 func TestSessionCache(t *testing.T) {
-	key := newSigner(t)
-	expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey)
+	key := test.RandomSigner(t)

 	mockClientBuilder := func(addr string) client {
 		mockCli := newMockClient(addr, key)
@ -276,7 +267,7 @@ func TestSessionCache(t *testing.T) {
 	}

 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 		nodeParams: []NodeParam{
 			{1, "peer0", 1},
 		},
@ -297,7 +288,7 @@ func TestSessionCache(t *testing.T) {
 	cp, err := pool.connection()
 	require.NoError(t, err)
 	st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
-	require.True(t, st.AssertAuthKey(&expectedAuthKey))
+	require.True(t, st.AssertAuthKey(key.Public()))

 	var prm PrmObjectGet
 	prm.SetAddress(oid.Address{})
@ -322,7 +313,7 @@ func TestSessionCache(t *testing.T) {
 	cp, err = pool.connection()
 	require.NoError(t, err)
 	st, _ = pool.cache.Get(formCacheKey(cp.address(), pool.signer))
-	require.True(t, st.AssertAuthKey(&expectedAuthKey))
+	require.True(t, st.AssertAuthKey(key.Public()))
 }

 func TestPriority(t *testing.T) {
@ -333,7 +324,7 @@ func TestPriority(t *testing.T) {

 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)

 		if addr == nodes[0].address {
@ -346,7 +337,7 @@ func TestPriority(t *testing.T) {
 	}

 	opts := InitParameters{
-		signer:                  newSigner(t),
+		signer:                  test.RandomSigner(t),
 		nodeParams:              nodes,
 		clientRebalanceInterval: 1500 * time.Millisecond,
 	}
@ -383,15 +374,14 @@ func TestPriority(t *testing.T) {
 }

 func TestSessionCacheWithKey(t *testing.T) {
-	key := newSigner(t)
-	expectedAuthKey := neofsecdsa.PublicKey(key.PublicKey)
+	key := test.RandomSigner(t)

 	mockClientBuilder := func(addr string) client {
 		return newMockClient(addr, key)
 	}

 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 		nodeParams: []NodeParam{
 			{1, "peer0", 1},
 		},
@ -411,27 +401,27 @@ func TestSessionCacheWithKey(t *testing.T) {
 	cp, err := pool.connection()
 	require.NoError(t, err)
 	st, _ := pool.cache.Get(formCacheKey(cp.address(), pool.signer))
-	require.True(t, st.AssertAuthKey(&expectedAuthKey))
+	require.True(t, st.AssertAuthKey(key.Public()))

 	var prm PrmObjectDelete
 	prm.SetAddress(oid.Address{})
-	anonKey := newSigner(t)
+	anonKey := test.RandomSigner(t)
 	prm.UseSigner(anonKey)

 	err = pool.DeleteObject(ctx, prm)
 	require.NoError(t, err)
 	st, _ = pool.cache.Get(formCacheKey(cp.address(), anonKey))
-	require.True(t, st.AssertAuthKey(&expectedAuthKey))
+	require.True(t, st.AssertAuthKey(key.Public()))
 }

 func TestSessionTokenOwner(t *testing.T) {
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		return newMockClient(addr, key)
 	}

 	opts := InitParameters{
-		signer: newSigner(t),
+		signer: test.RandomSigner(t),
 		nodeParams: []NodeParam{
 			{1, "peer0", 1},
 		},
@ -447,7 +437,7 @@ func TestSessionTokenOwner(t *testing.T) {
 	require.NoError(t, err)
 	t.Cleanup(p.Close)

-	anonKey := newSigner(t)
+	anonKey := test.RandomSigner(t)
 	var anonOwner user.ID
 	require.NoError(t, user.IDFromSigner(&anonOwner, anonKey))

@ -472,7 +462,7 @@ func TestSessionTokenOwner(t *testing.T) {
 }

 func TestWaitPresence(t *testing.T) {
-	mockCli := newMockClient("", newSigner(t))
+	mockCli := newMockClient("", test.RandomSigner(t))

 	t.Run("context canceled", func(t *testing.T) {
 		ctx, cancel := context.WithCancel(context.Background())
@ -622,7 +612,7 @@ func TestSwitchAfterErrorThreshold(t *testing.T) {

 	var clientKeys []neofscrypto.Signer
 	mockClientBuilder := func(addr string) client {
-		key := newSigner(t)
+		key := test.RandomSigner(t)
 		clientKeys = append(clientKeys, key)

 		if addr == nodes[0].address {
@ -636,7 +626,7 @@ func TestSwitchAfterErrorThreshold(t *testing.T) {
 	}

 	opts := InitParameters{
-		signer:                  newSigner(t),
+		signer:                  test.RandomSigner(t),
 		nodeParams:              nodes,
 		clientRebalanceInterval: 30 * time.Second,
 	}
--- a/pool/sampler_test.go
+++ b/pool/sampler_test.go
@ -5,6 +5,7 @@ import (
 	"math/rand"
 	"testing"

+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/stretchr/testify/require"
 )

@ -50,10 +51,10 @@ func TestHealthyReweight(t *testing.T) {
 	cache, err := newCache()
 	require.NoError(t, err)

-	client1 := newMockClient(names[0], newSigner(t))
+	client1 := newMockClient(names[0], test.RandomSigner(t))
 	client1.errOnDial()

-	client2 := newMockClient(names[1], newSigner(t))
+	client2 := newMockClient(names[1], test.RandomSigner(t))

 	inner := &innerPool{
 		sampler: newSampler(weights, rand.NewSource(0)),
@ -62,7 +63,7 @@ func TestHealthyReweight(t *testing.T) {
 	p := &Pool{
 		innerPools:      []*innerPool{inner},
 		cache:           cache,
-		signer:          newSigner(t),
+		signer:          test.RandomSigner(t),
 		rebalanceParams: rebalanceParameters{nodesParams: []*nodesParam{{weights: weights}}},
 	}

@ -81,7 +82,7 @@ func TestHealthyReweight(t *testing.T) {

 	// enabled first node again
 	inner.lock.Lock()
-	inner.clients[0] = newMockClient(names[0], newSigner(t))
+	inner.clients[0] = newMockClient(names[0], test.RandomSigner(t))
 	inner.lock.Unlock()

 	p.updateInnerNodesHealth(context.TODO(), 0, buffer)
@ -104,8 +105,8 @@ func TestHealthyNoReweight(t *testing.T) {
 	inner := &innerPool{
 		sampler: sampl,
 		clients: []client{
-			newMockClient(names[0], newSigner(t)),
-			newMockClient(names[1], newSigner(t)),
+			newMockClient(names[0], test.RandomSigner(t)),
+			newMockClient(names[1], test.RandomSigner(t)),
 		},
 	}
 	p := &Pool{
--- a/reputation/test/generate.go
+++ b/reputation/test/generate.go
@ -1,10 +1,10 @@
 package reputationtest

 import (
-	"fmt"
+	"testing"

 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/reputation"
 )

@ -41,17 +41,11 @@ func GlobalTrust() (v reputation.GlobalTrust) {
 	return
 }

-func SignedGlobalTrust() reputation.GlobalTrust {
+func SignedGlobalTrust(t *testing.T) reputation.GlobalTrust {
 	gt := GlobalTrust()

-	p, err := keys.NewPrivateKey()
-	if err != nil {
-		panic(fmt.Sprintf("unexpected error from key creator: %v", err))
-	}
-
-	err = gt.Sign(neofsecdsa.Signer(p.PrivateKey))
-	if err != nil {
-		panic(fmt.Sprintf("unexpected error from GlobalTrust.Sign: %v", err))
+	if err := gt.Sign(test.RandomSigner(t)); err != nil {
+		t.Fatalf("unexpected error from GlobalTrust.Sign: %v", err)
 	}

 	return gt
--- a/reputation/trust_test.go
+++ b/reputation/trust_test.go
@ -3,10 +3,9 @@ package reputation_test
 import (
 	"testing"

-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	v2reputation "github.com/nspcc-dev/neofs-api-go/v2/reputation"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/reputation"
 	reputationtest "github.com/nspcc-dev/neofs-sdk-go/reputation/test"
 	"github.com/nspcc-dev/neofs-sdk-go/version"
@ -128,7 +127,7 @@ func TestGlobalTrust_Manager(t *testing.T) {

 	require.Zero(t, val.Manager())

-	val = reputationtest.SignedGlobalTrust()
+	val = reputationtest.SignedGlobalTrust(t)

 	peer := reputationtest.PeerID()

@ -153,7 +152,7 @@ func TestGlobalTrust_Trust(t *testing.T) {

 	require.Zero(t, val.Trust())

-	val = reputationtest.SignedGlobalTrust()
+	val = reputationtest.SignedGlobalTrust(t)

 	trust := reputationtest.Trust()

@ -174,14 +173,11 @@ func TestGlobalTrust_Trust(t *testing.T) {
 }

 func TestGlobalTrust_Sign(t *testing.T) {
-	k, err := keys.NewPrivateKey()
-	require.NoError(t, err)
-
 	val := reputationtest.GlobalTrust()

 	require.False(t, val.VerifySignature())

-	require.NoError(t, val.Sign(neofsecdsa.Signer(k.PrivateKey)))
+	require.NoError(t, val.Sign(test.RandomSigner(t)))

 	var valV2 v2reputation.GlobalTrust
 	val.WriteToV2(&valV2)
@ -195,7 +191,7 @@ func TestGlobalTrust_Sign(t *testing.T) {
 }

 func TestGlobalTrustEncoding(t *testing.T) {
-	val := reputationtest.SignedGlobalTrust()
+	val := reputationtest.SignedGlobalTrust(t)

 	t.Run("binary", func(t *testing.T) {
 		data := val.Marshal()
--- a/session/container_test.go
+++ b/session/container_test.go
@ -12,6 +12,7 @@ import (
 	v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
@ -35,7 +36,7 @@ func TestContainerProtocolV2(t *testing.T) {
 	restoreID()

 	// Owner
-	usr := *usertest.ID()
+	usr := *usertest.ID(t)
 	var usrV2 refs.OwnerID
 	usr.WriteToV2(&usrV2)
 	restoreUser := func() {
@ -54,7 +55,7 @@ func TestContainerProtocolV2(t *testing.T) {
 	restoreLifetime()

 	// Session key
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)
 	authKey := signer.Public()
 	binAuthKey := make([]byte, authKey.MaxEncodedSize())
 	binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)]
@ -138,7 +139,7 @@ func TestContainerProtocolV2(t *testing.T) {
 			},
 			breakSign: func(m *v2session.Token) {
 				id := m.GetBody().GetOwnerID().GetValue()
-				copy(id, usertest.ID().WalletBytes())
+				copy(id, usertest.ID(t).WalletBytes())
 			},
 		},
 		{
@ -265,7 +266,7 @@ func TestContainer_WriteToV2(t *testing.T) {
 	})

 	// Owner/Signature
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)

 	require.NoError(t, val.Sign(signer))

@ -429,7 +430,7 @@ func TestContainer_ID(t *testing.T) {
 func TestContainer_AssertAuthKey(t *testing.T) {
 	var x session.Container

-	key := randPublicKey()
+	key := test.RandomSignerRFC6979(t).Public()

 	require.False(t, x.AssertAuthKey(key))

@ -512,7 +513,7 @@ func TestIssuedBy(t *testing.T) {
 	var (
 		token  session.Container
 		issuer user.ID
-		signer = randSigner()
+		signer = test.RandomSignerRFC6979(t)
 	)

 	require.NoError(t, user.IDFromSigner(&issuer, signer))
@ -525,7 +526,7 @@ func TestIssuedBy(t *testing.T) {

 func TestContainer_Issuer(t *testing.T) {
 	var token session.Container
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)

 	require.Zero(t, token.Issuer())

@ -541,13 +542,13 @@ func TestContainer_Issuer(t *testing.T) {
 func TestContainer_Sign(t *testing.T) {
 	val := sessiontest.Container()

-	require.NoError(t, val.Sign(randSigner()))
+	require.NoError(t, val.Sign(test.RandomSignerRFC6979(t)))

 	require.True(t, val.VerifySignature())
 }

 func TestContainer_VerifyDataSignature(t *testing.T) {
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)

 	var tok session.Container

--- a/session/object_test.go
+++ b/session/object_test.go
@ -7,13 +7,11 @@ import (
 	"testing"

 	"github.com/google/uuid"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/util/slice"
 	"github.com/nspcc-dev/neofs-api-go/v2/refs"
 	v2session "github.com/nspcc-dev/neofs-api-go/v2/session"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
-	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	oidtest "github.com/nspcc-dev/neofs-sdk-go/object/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
@ -22,19 +20,6 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func randSigner() neofscrypto.Signer {
-	k, err := keys.NewPrivateKey()
-	if err != nil {
-		panic(fmt.Sprintf("generate private key: %v", err))
-	}
-
-	return neofsecdsa.SignerRFC6979(k.PrivateKey)
-}
-
-func randPublicKey() neofscrypto.PublicKey {
-	return randSigner().Public()
-}
-
 func TestObjectProtocolV2(t *testing.T) {
 	var validV2 v2session.Token

@ -51,7 +36,7 @@ func TestObjectProtocolV2(t *testing.T) {
 	restoreID()

 	// Owner
-	usr := *usertest.ID()
+	usr := *usertest.ID(t)
 	var usrV2 refs.OwnerID
 	usr.WriteToV2(&usrV2)
 	restoreUser := func() {
@ -70,7 +55,7 @@ func TestObjectProtocolV2(t *testing.T) {
 	restoreLifetime()

 	// Session key
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)
 	authKey := signer.Public()
 	binAuthKey := make([]byte, authKey.MaxEncodedSize())
 	binAuthKey = binAuthKey[:authKey.Encode(binAuthKey)]
@ -159,7 +144,7 @@ func TestObjectProtocolV2(t *testing.T) {
 			},
 			breakSign: func(m *v2session.Token) {
 				id := m.GetBody().GetOwnerID().GetValue()
-				copy(id, usertest.ID().WalletBytes())
+				copy(id, usertest.ID(t).WalletBytes())
 			},
 		},
 		{
@ -291,7 +276,7 @@ func TestObject_WriteToV2(t *testing.T) {
 	})

 	// Owner/Signature
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)

 	require.NoError(t, val.Sign(signer))

@ -538,7 +523,7 @@ func TestObject_ID(t *testing.T) {
 func TestObject_AssertAuthKey(t *testing.T) {
 	var x session.Object

-	key := randPublicKey()
+	key := test.RandomSignerRFC6979(t).Public()

 	require.False(t, x.AssertAuthKey(key))

@ -624,7 +609,7 @@ func TestObject_AssertVerb(t *testing.T) {

 func TestObject_Issuer(t *testing.T) {
 	var token session.Object
-	signer := randSigner()
+	signer := test.RandomSignerRFC6979(t)

 	require.Zero(t, token.Issuer())

@ -640,7 +625,7 @@ func TestObject_Issuer(t *testing.T) {
 func TestObject_Sign(t *testing.T) {
 	val := sessiontest.Object()

-	require.NoError(t, val.Sign(randSigner()))
+	require.NoError(t, val.Sign(test.RandomSignerRFC6979(t)))

 	require.True(t, val.VerifySignature())
 }
--- a/session/test/session.go
+++ b/session/test/session.go
@ -6,7 +6,6 @@ import (
 	"crypto/rand"

 	"github.com/google/uuid"
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	neofscrypto "github.com/nspcc-dev/neofs-sdk-go/crypto"
 	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
@ -14,17 +13,6 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 )

-var signer neofscrypto.Signer
-
-func init() {
-	k, err := keys.NewPrivateKey()
-	if err != nil {
-		panic(err)
-	}
-
-	signer = neofsecdsa.SignerRFC6979(k.PrivateKey)
-}
-
 // Container returns random session.Container.
 //
 // Resulting token is unsigned.
@ -50,7 +38,7 @@ func Container() *session.Container {
 // ContainerSigned returns signed random session.Container.
 //
 // Panics if token could not be signed (actually unexpected).
-func ContainerSigned() *session.Container {
+func ContainerSigned(signer neofscrypto.Signer) *session.Container {
 	tok := Container()

 	err := tok.Sign(signer)
@ -87,7 +75,7 @@ func Object() *session.Object {
 // ObjectSigned returns signed random session.Object.
 //
 // Panics if token could not be signed (actually unexpected).
-func ObjectSigned() *session.Object {
+func ObjectSigned(signer neofscrypto.Signer) *session.Object {
 	tok := Object()

 	err := tok.Sign(signer)
--- a/subnet/subnet_test.go
+++ b/subnet/subnet_test.go
@ -29,7 +29,7 @@ func TestInfo_SetID(t *testing.T) {
 }

 func TestInfo_SetOwner(t *testing.T) {
-	id := *usertest.ID()
+	id := *usertest.ID(t)

 	var info Info
 	info.SetOwner(id)
@ -39,7 +39,7 @@ func TestInfo_SetOwner(t *testing.T) {
 }

 func TestInfo_Marshal(t *testing.T) {
-	info := subnettest.Info()
+	info := subnettest.Info(t)

 	var info2 Info
 	require.NoError(t, info2.Unmarshal(info.Marshal()))
--- a/subnet/test/subnet.go
+++ b/subnet/test/subnet.go
@ -1,14 +1,16 @@
 package subnettest

 import (
+	"testing"
+
 	"github.com/nspcc-dev/neofs-sdk-go/subnet"
 	subnetidtest "github.com/nspcc-dev/neofs-sdk-go/subnet/id/test"
 	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 )

 // Info generates and returns random subnet.Info.
-func Info() (x subnet.Info) {
+func Info(t *testing.T) (x subnet.Info) {
 	x.SetID(subnetidtest.ID())
-	x.SetOwner(*usertest.ID())
+	x.SetOwner(*usertest.ID(t))
 	return
 }
--- a/user/id_test.go
+++ b/user/id_test.go
@ -48,7 +48,7 @@ func TestID_SetScriptHash(t *testing.T) {
 }

 func TestV2_ID(t *testing.T) {
-	id := *usertest.ID()
+	id := *usertest.ID(t)
 	var m refs.OwnerID
 	var id2 ID

@ -91,7 +91,7 @@ func TestV2_ID(t *testing.T) {
 }

 func TestID_EncodeToString(t *testing.T) {
-	id := *usertest.ID()
+	id := *usertest.ID(t)

 	s := id.EncodeToString()

@ -110,8 +110,8 @@ func TestID_EncodeToString(t *testing.T) {
 }

 func TestID_Equal(t *testing.T) {
-	id1 := *usertest.ID()
-	id2 := *usertest.ID()
+	id1 := *usertest.ID(t)
+	id2 := *usertest.ID(t)
 	id3 := id1

 	require.True(t, id1.Equals(id1)) // self-equality
--- a/user/test/id.go
+++ b/user/test/id.go
@ -1,20 +1,16 @@
 package usertest

 import (
-	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
-	neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
+	"testing"
+
+	"github.com/nspcc-dev/neofs-sdk-go/crypto/test"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
 )

 // ID returns random user.ID.
-func ID() *user.ID {
-	key, err := keys.NewPrivateKey()
-	if err != nil {
-		panic(err)
-	}
-
+func ID(tb testing.TB) *user.ID {
 	var x user.ID
-	if err = user.IDFromSigner(&x, neofsecdsa.Signer(key.PrivateKey)); err != nil {
+	if err := user.IDFromSigner(&x, test.RandomSigner(tb)); err != nil {
 		return nil
 	}

--- a/user/util_test.go
+++ b/user/util_test.go
@ -17,7 +17,7 @@ func TestIDFromKey(t *testing.T) {

 	var id user.ID

-	user.IDFromKey(&id, rawPub)
+	require.NoError(t, user.IDFromKey(&id, rawPub))

 	require.Equal(t, "NNLi44dJNXtDNSBkofB48aTVYtb1zZrNEs", id.EncodeToString())
 }