test: Wycheproof vectors

[dcposch]

• script downloads Wycheproof tests
• generates clean P256 verification vectors
• forge test reads that file, parses JSON
• tests P256Verifier

Left to do

• [x] ~Make them pass. Currently only the first one passes~ all but 4 pass; vectors validated against SubtleCrypto, verifier fix left for future PR
• [x] Pull in other files, not just ecdsa_secp256r1_sha256_test.json
• [x] Handle acceptable in addition to valid/invalid result

[socket-security[bot]]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
ts-node	10.9.1	filesystem, environment	+17	42.6 MB	cspotcode
typescript	5.2.2	filesystem	+0	40.6 MB	typescript-bot
@tsconfig/node20	20.1.2	None	+0	2.5 kB	typescript-deploys
cross-fetch	4.0.0	network	+0	88.1 kB	lquixada
@lapo/asn1js	1.2.4	None	+0	251 kB	lapo

[dcposch]

Loading 291 distinct (x,y,r,s,hash) from Wycheproof

Wycheproof doesn't just test P256, it also tests a bunch of cases that aren't relevant to us, including:

• Inputs that don't fit into a uint256
• Bad ASN encoding
• Message hashes larger than bytes32

Ignoring those + deduplicating on the actual inputs to the precompile, we get 291 distinct vectors.

[nalinbhardwaj]

the two bugs discovered by the first batch of wycheproof are also described here: [1]: https://aaltodoc.aalto.fi/bitstream/handle/123456789/116317/master_Lomeli_Ramos_Angel_2022.pdf?sequence=1&isAllowed=y section 5.4.2

The fix was to be more defensive about points at infinity for both cases.

[dcposch]

291 vectors, 4 errors remaining