Test secp256k1_recover_pubkey as well

CosmWasm · Feb 1, 2024 · fa92691 · fa92691
1 parent f3da7b2
commit fa92691
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/packages/crypto/tests/wycheproof_secp256k1.rs b/packages/crypto/tests/wycheproof_secp256k1.rs
@@ -1,6 +1,6 @@
 #![allow(clippy::single_match)] // Only needed for old clippy (e.g. 1.70.0)
 
-use cosmwasm_crypto::secp256k1_verify;
+use cosmwasm_crypto::{secp256k1_recover_pubkey, secp256k1_verify};
 use serde::Deserialize;
 
 // See ./testdata/wycheproof/README.md for how to get/update those files
@@ -33,6 +33,7 @@ struct Key {
 #[serde(rename_all = "camelCase")]
 struct TestCase {
     tc_id: u32,
+    comment: String,
     msg: String,
     sig: String,
     // "acceptable", "valid" or "invalid"
@@ -101,6 +102,9 @@ fn ecdsa_secp256k1_sha256() {
                     let signature = from_der(&der_signature).unwrap();
                     let valid = secp256k1_verify(&message_hash, &signature, &public_key).unwrap();
                     assert!(valid);
+                    if tc.comment != "k*G has a large x-coordinate" {
+                        test_secp256k1_recover_pubkey(&message_hash, &signature, &public_key);
+                    }
                 }
                 "invalid" => {
                     let message = hex::decode(tc.msg).unwrap();
@@ -150,6 +154,9 @@ fn ecdsa_secp256k1_sha512() {
                     let signature = from_der(&der_signature).unwrap();
                     let valid = secp256k1_verify(&message_hash, &signature, &public_key).unwrap();
                     assert!(valid);
+                    if tc.comment != "k*G has a large x-coordinate" {
+                        test_secp256k1_recover_pubkey(&message_hash, &signature, &public_key);
+                    }
                 }
                 "invalid" => {
                     let message = hex::decode(tc.msg).unwrap();
@@ -199,6 +206,9 @@ fn ecdsa_secp256k1_sha3_256() {
                     let signature = from_der(&der_signature).unwrap();
                     let valid = secp256k1_verify(&message_hash, &signature, &public_key).unwrap();
                     assert!(valid);
+                    if tc.comment != "k*G has a large x-coordinate" {
+                        test_secp256k1_recover_pubkey(&message_hash, &signature, &public_key);
+                    }
                 }
                 "invalid" => {
                     let message = hex::decode(tc.msg).unwrap();
@@ -248,6 +258,9 @@ fn ecdsa_secp256k1_sha3_512() {
                     let signature = from_der(&der_signature).unwrap();
                     let valid = secp256k1_verify(&message_hash, &signature, &public_key).unwrap();
                     assert!(valid);
+                    if tc.comment != "k*G has a large x-coordinate" {
+                        test_secp256k1_recover_pubkey(&message_hash, &signature, &public_key);
+                    }
                 }
                 "invalid" => {
                     let message = hex::decode(tc.msg).unwrap();
@@ -271,6 +284,19 @@ fn ecdsa_secp256k1_sha3_512() {
     assert_eq!(tested, number_of_tests);
 }
 
+fn test_secp256k1_recover_pubkey(message_hash: &[u8], signature: &[u8], public_key: &[u8]) {
+    // Since the recovery param is missing in the test vectors, we try both 0 and 1
+    for recovery_param in 0..=1 {
+        if let Ok(recovered) = secp256k1_recover_pubkey(message_hash, signature, recovery_param) {
+            if recovered == public_key {
+                // success, found working recovery param
+                return;
+            }
+        }
+    }
+    panic!("secp256k1_recover_pubkey failed for all recovery params");
+}
+
 fn from_der(data: &[u8]) -> Result<[u8; 64], String> {
     const DER_TAG_INTEGER: u8 = 0x02;