search

mimblewimble / rust-secp256k1-zkp

ZKP fork for rust-secp256k1, adds wrappers for range proofs, pedersen commitments, etc
Creative Commons Zero v1.0 Universal
56 stars 51 forks source link

aggsig api verify_single() security enhancement #24

Closed garyyu closed 6 years ago

garyyu commented 6 years ago

Fix for https://github.com/mimblewimble/grin/issues/1356.

verify_single() security enhancement, for the case of value 0 as as public key.

And add a test case test_aggsig_fuzz. The test output:

$ cargo test --release test_aggsig_fuzz -- --nocapture

running 1 test
Performing aggsig single context with seckey, pubkey: SecretKey(37a7157bc614991e8d9b098010849bb8ad45086c2287f474a55865c56580c0d4),PublicKey(588265989752a87a4f7a35c2257fe4f779d7ddf351825271f5513311ac21c70cecb2f396882b43c2f78e00fc70ceb1654775f24ee0365a08978f12375ef81b67)
Verifying aggsig single: Signature(8b1a8df756f12d2900d34ec56ceaaa39cbd1ddeaead238d9e60be10b9053b0790000000000000000000000000000000000000000000000000000000000000000), msg: Message(cae4239ebe56a791b207302882bf6047d5fc49c277ae9a96938fa3f6e1036516), pk:PublicKey(588265989752a87a4f7a35c2257fe4f779d7ddf351825271f5513311ac21c70cecb2f396882b43c2f78e00fc70ceb1654775f24ee0365a08978f12375ef81b67)
Signature verification single (correct): false
Verifying aggsig single: Signature(000000000000000000000000000000000000000000000000000000000000000043e63e417bddbdfc91da3f27b6b7995e15335f79df94b5982c5b765b2b991c9c), msg: Message(cae4239ebe56a791b207302882bf6047d5fc49c277ae9a96938fa3f6e1036516), pk:PublicKey(588265989752a87a4f7a35c2257fe4f779d7ddf351825271f5513311ac21c70cecb2f396882b43c2f78e00fc70ceb1654775f24ee0365a08978f12375ef81b67)
Signature verification single (correct): false
Verifying aggsig single: Signature(8b1a8df756f12d2900d34ec56ceaaa39cbd1ddeaead238d9e60be10b9053b07943e63e417bddbdfc91da3f27b6b7995e15335f79df94b5982c5b765b2b991c9c), msg: Message(cae4239ebe56a791b207302882bf6047d5fc49c277ae9a96938fa3f6e1036516), pk:PublicKey(00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
Signature verification single (correct): false
Verifying aggsig single: Signature(8b1a8df756f12d2900d34ec56ceaaa39cbd1ddeaead238d9e60be10b9053b07943e63e417bddbdfc91da3f27b6b7995e15335f79df94b5982c5b765b2b991c9c), msg: Message(cae4239ebe56a791b207302882bf6047d5fc49c277ae9a96938fa3f6e1036516), pk:PublicKey(0000000000000000000000000000000000000000000000000000000000000000ecb2f396882b43c2f78e00fc70ceb1654775f24ee0365a08978f12375ef81b67)
Signature verification single (correct): false
test aggsig::tests::test_aggsig_fuzz ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 48 filtered out
yeastplume commented 6 years ago

Looks good, will create a new tag now