Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secp256k1_verify/secp256k1_recover_pubkey tests from Project Wycheproof #2000

Merged
merged 11 commits into from
Feb 5, 2024
Merged

Add secp256k1_verify/secp256k1_recover_pubkey tests from Project Wycheproof #2000

merged 11 commits into from
Feb 5, 2024

Conversation

webmaster128
Copy link
Member

@webmaster128 webmaster128 commented Jan 23, 2024
edited
Loading

The goal here is to increase our test coverage of the secp256k1 verifier in preparation for the upcoming secp256r1 verifier.

More than 2k additional test, all passing without touching the implementation 🎉

Update: the first 10 commits here are just more tests. The last one then uses the gained confidence and adapt the pubkey recovers as discussed in RustCrypto/elliptic-curves#991 (comment).

Update 2: removed the fix and split it into #2014 because I don't like having it all together. This PR now purely adds tests, but for both secp256k1_verify and secp256k1_recover_pubkey.

@webmaster128 webmaster128 changed the title Add secp256k1 test vectors from Project Wycheproof Add secp256k1_verify test vectors from Project Wycheproof Jan 23, 2024
@webmaster128 webmaster128 mentioned this pull request Jan 23, 2024
Closed
13 tasks
@webmaster128 webmaster128 force-pushed the add-wycheproof branch 2 times, most recently from 59ca547 to 4290df5 Compare January 31, 2024 22:36
@webmaster128 webmaster128 changed the title Add secp256k1_verify test vectors from Project Wycheproof Add secp256k1_verify/ecp256k1_recover_pubkey tests from Project Wycheproof; bump k256 Jan 31, 2024
@webmaster128 webmaster128 mentioned this pull request Jan 31, 2024
Closed
@webmaster128 webmaster128 mentioned this pull request Feb 1, 2024
Merged
@webmaster128 webmaster128 changed the title Add secp256k1_verify/ecp256k1_recover_pubkey tests from Project Wycheproof; bump k256 Add secp256k1_verify/ecp256k1_recover_pubkey tests from Project Wycheproof Feb 1, 2024
@webmaster128 webmaster128 changed the title Add secp256k1_verify/ecp256k1_recover_pubkey tests from Project Wycheproof Add secp256k1_verify/secp256k1_recover_pubkey tests from Project Wycheproof Feb 1, 2024
chipshort
chipshort reviewed Feb 5, 2024
View reviewed changes
Copy link
Collaborator

@chipshort chipshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff!

packages/crypto/tests/wycheproof_secp256k1.rs
assert!(recovered0 == public_key || recovered1 == public_key);
}

fn from_der(data: &[u8]) -> Result<[u8; 64], String> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering, wouldn't it have been easier to use a ready-made crate like der for decoding the integers, with tag and everything?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I think the issue is that you the test vectors make additional requirements because by nature, DER is non-deterministic, allowing signature malleability (i.e. different representations of the same signature) which allows creating multiple tx hashes from a single signature. As far as I can tell, all crypto use cases implement this themselves.

I already added the DER question here: #2001, so let's postpone it. For now DER only comes in through Project Wycheproof and is not something relevant for our APIs. In the Ethereum and Cosmos world DER is not used at all. Bitcoin is getting rid of it slowly.

packages/crypto/tests/wycheproof_secp256k1.rs Outdated Show resolved Hide resolved
@webmaster128 webmaster128 merged commit a1ff166 into main Feb 5, 2024
27 checks passed
@webmaster128 webmaster128 deleted the add-wycheproof branch February 5, 2024 13:03
@mergify mergify bot mentioned this pull request Aug 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chipshort chipshort chipshort left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@webmaster128 @chipshort