Merge pull request #2000 from CosmWasm/add-wycheproof

Add secp256k1_verify/secp256k1_recover_pubkey tests from Project Wycheproof
CosmWasm · Feb 5, 2024 · a1ff166 · a1ff166
2 parents b794e5a + 0e9624a
commit a1ff166
Show file tree

Hide file tree

Showing 9 changed files with 27,398 additions and 11 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/packages/crypto/Cargo.toml b/packages/crypto/Cargo.toml
@@ -29,6 +29,7 @@ criterion = "0.5.1"
 serde = { version = "1.0.103", default-features = false, features = ["derive", "alloc"] }
 serde_json = "1.0.40"
 sha2 = "0.10"
+sha3 = "0.10"
 hex = "0.4"
 hex-literal = "0.3.1"
 english-numbers = "0.3"

diff --git a/packages/crypto/src/secp256k1.rs b/packages/crypto/src/secp256k1.rs
@@ -380,17 +380,14 @@ mod tests {
             assert_eq!(hash.as_slice(), message_hash.as_slice());
 
             // Since the recovery param is missing in the test vectors, we try both 0 and 1
-            let try0 = secp256k1_recover_pubkey(&message_hash, &signature, 0);
-            let try1 = secp256k1_recover_pubkey(&message_hash, &signature, 1);
-            match (try0, try1) {
-                (Ok(recovered0), Ok(recovered1)) => {
-                    // Got two different pubkeys. Without the recovery param, we don't know which one is the right one.
-                    assert!(recovered0 == public_key || recovered1 == public_key)
-                },
-                (Ok(recovered), Err(_)) => assert_eq!(recovered, public_key),
-                (Err(_), Ok(recovered)) => assert_eq!(recovered, public_key),
-                (Err(_), Err(_)) => panic!("secp256k1_recover_pubkey failed (test case {i} in {COSMOS_SECP256K1_TESTS_JSON})"),
-            }
+            let recovered0 = secp256k1_recover_pubkey(&message_hash, &signature, 0).unwrap();
+            let recovered1 = secp256k1_recover_pubkey(&message_hash, &signature, 1).unwrap();
+            // Got two different pubkeys. Without the recovery param, we don't know which one is the right one.
+            assert_ne!(recovered0, recovered1);
+            assert!(
+                recovered0 == public_key || recovered1 == public_key,
+                "Did not find correct pubkey (test case {i} in {COSMOS_SECP256K1_TESTS_JSON})"
+            );
         }
     }
 

diff --git a/packages/crypto/testdata/wycheproof/README.md b/packages/crypto/testdata/wycheproof/README.md
@@ -0,0 +1,21 @@
+# Wycheproof test data
+
+This folder contains test vectors from
+[Project Wycheproof](https://github.com/google/wycheproof) to increase the test
+coverage of signature verification implementations.
+
+This test data is used by integration tests in `test/wycheproof_*.rs`.
+
+## Update
+
+To ensure integrity of the files and update them to the latest version, run this
+from the repo root:
+
+```sh
+(cd packages/crypto/testdata/wycheproof \
+  && curl -sSL https://github.com/google/wycheproof/raw/master/testvectors_v1/ecdsa_secp256k1_sha256_test.json > ecdsa_secp256k1_sha256_test.json \
+  && curl -sSL https://github.com/google/wycheproof/raw/master/testvectors_v1/ecdsa_secp256k1_sha512_test.json > ecdsa_secp256k1_sha512_test.json \
+  && curl -sSL https://github.com/google/wycheproof/raw/master/testvectors_v1/ecdsa_secp256k1_sha3_256_test.json > ecdsa_secp256k1_sha3_256_test.json \
+  && curl -sSL https://github.com/google/wycheproof/raw/master/testvectors_v1/ecdsa_secp256k1_sha3_512_test.json > ecdsa_secp256k1_sha3_512_test.json \
+  )
+```