chore(crypto): Add tests that cross-curve keys are rejected with a re…

…asonable error (#3605)
dfinity · Jan 28, 2025 · 376c727 · 376c727
1 parent 3fd22cc
commit 376c727
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/rs/crypto/ecdsa_secp256r1/tests/tests.rs b/rs/crypto/ecdsa_secp256r1/tests/tests.rs
@@ -403,3 +403,42 @@ fn private_derivation_also_works_for_derived_keys() {
         );
     }
 }
+
+#[test]
+fn should_reject_secp256k1_private_key() {
+    let secp256k1 = "-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgtyNDLgx0SPJ/4ME90KL3
+ZkhZuYpPCWyb1DS6ogQaIpChRANCAAS1xlnnfevnaVSeVScuD7U4AIuN9DftUQIh
+SRX0gAHGwZEgbRHaxgEPtpUyCnHhHL/VUmSB6GgerMzD6LzDY6qt
+-----END PRIVATE KEY-----";
+
+    match PrivateKey::deserialize_pkcs8_pem(secp256k1) {
+        Ok(_) => panic!("Unexpectedly accepted a secp256k1 private key as secp256r1"),
+        Err(KeyDecodingError::InvalidKeyEncoding(e)) => {
+            assert_eq!(
+                format!("{:?}", e),
+                "\"PublicKey(OidUnknown { oid: ObjectIdentifier(1.2.840.10045.3.1.7) })\""
+            );
+        }
+        Err(e) => panic!("Unexpected error {:?}", e),
+    }
+}
+
+#[test]
+fn should_reject_secp256k1_public_key() {
+    let secp256k1 = "-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAECQoUIgCFbhoM8kE2zNL0g2pWr42QlK41
+KZh4l7SeYvLtL818ibSx/IXoUHNp4/gMp+x2sxwA/mtWO5PdPg7ksg==
+-----END PUBLIC KEY-----";
+
+    match PublicKey::deserialize_pem(secp256k1) {
+        Ok(_) => panic!("Unexpectedly accepted a secp256k1 public key as secp256r1"),
+        Err(KeyDecodingError::InvalidKeyEncoding(e)) => {
+            assert_eq!(
+                format!("{:?}", e),
+                "\"OidUnknown { oid: ObjectIdentifier(1.2.840.10045.3.1.7) }\""
+            );
+        }
+        Err(e) => panic!("Unexpected error {:?}", e),
+    }
+}
diff --git a/rs/crypto/secp256k1/tests/tests.rs b/rs/crypto/secp256k1/tests/tests.rs
@@ -635,3 +635,42 @@ mod try_recovery_from_digest {
         assert!(!recid.is_x_reduced());
     }
 }
+
+#[test]
+fn should_reject_secp256r1_private_key() {
+    let secp256r1 = "-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgltghITmEVNmrlBy+
+aujQhvgtQltTMa/DyGIMcmVX2QqhRANCAASgJ2vw0zWoiPFnCHigP0GXhWOUaVzH
+tz/anssmxkNaYFHKxkqYb8GWzZHcs6fgz6D13qrBrOguDHJJ0N8mKHet
+-----END PRIVATE KEY-----";
+
+    match PrivateKey::deserialize_pkcs8_pem(secp256r1) {
+        Ok(_) => panic!("Unexpectedly accepted a secp256r1 private key as secp256k1"),
+        Err(KeyDecodingError::InvalidKeyEncoding(e)) => {
+            assert_eq!(
+                format!("{:?}", e),
+                "\"PublicKey(OidUnknown { oid: ObjectIdentifier(1.3.132.0.10) })\""
+            );
+        }
+        Err(e) => panic!("Unexpected error {:?}", e),
+    }
+}
+
+#[test]
+fn should_reject_secp256r1_public_key() {
+    let secp256r1 = "-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcGClpkvFYrljOL+cYogpVpcn/Ueu
+Fuih1ILwOK+Hmr2Q5yPe4k0Kz2se3NM1eQeVaTl5BtwlTTc9IOcky4I7oQ==
+-----END PUBLIC KEY-----";
+
+    match PublicKey::deserialize_pem(secp256r1) {
+        Ok(_) => panic!("Unexpectedly accepted a secp256r1 public key as secp256k1"),
+        Err(KeyDecodingError::InvalidKeyEncoding(e)) => {
+            assert_eq!(
+                format!("{:?}", e),
+                "\"OidUnknown { oid: ObjectIdentifier(1.3.132.0.10) }\""
+            );
+        }
+        Err(e) => panic!("Unexpected error {:?}", e),
+    }
+}