[cryptography] Add More Edge Case Testing (#951)

patrick-ogrady · web-flow · commit 0bb0e56130dd · 2025-05-18T20:56:02.000-04:00
diff --git a/cryptography/src/ed25519/scheme.rs b/cryptography/src/ed25519/scheme.rs
@@ -727,4 +727,41 @@ mod tests {
         ));
         assert!(!batch.verify(&mut rand::thread_rng()));
     }
+
+    #[test]
+    fn test_zero_signature_fails() {
+        let (_, public_key, message, _) = vector_1();
+        let zero_sig = Signature::decode(vec![0u8; Signature::SIZE].as_ref()).unwrap();
+        assert!(!Ed25519::verify(None, &message, &public_key, &zero_sig));
+    }
+
+    #[test]
+    fn test_high_s_fails() {
+        let (_, public_key, message, signature) = vector_1();
+        let mut bad_signature = signature.to_vec();
+        bad_signature[63] |= 0x80; // make S non-canonical
+        let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
+        assert!(!Ed25519::verify(
+            None,
+            &message,
+            &public_key,
+            &bad_signature
+        ));
+    }
+
+    #[test]
+    fn test_invalid_r_fails() {
+        let (_, public_key, message, signature) = vector_1();
+        let mut bad_signature = signature.to_vec();
+        for b in bad_signature.iter_mut().take(32) {
+            *b = 0xff; // invalid R component
+        }
+        let bad_signature = Signature::decode(bad_signature.as_ref()).unwrap();
+        assert!(!Ed25519::verify(
+            None,
+            &message,
+            &public_key,
+            &bad_signature
+        ));
+    }
 }
diff --git a/cryptography/src/secp256r1/scheme.rs b/cryptography/src/secp256r1/scheme.rs
@@ -495,6 +495,38 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_decode_zero_signature_fails() {
+        let result = Signature::decode(vec![0u8; SIGNATURE_LENGTH].as_ref());
+        assert!(result.is_err());
+    }
+
+    #[test]
+    fn test_decode_high_s_signature_fails() {
+        let (private_key, _) = vector_keypair_1();
+        let message = b"edge";
+        let mut signer = <Secp256r1 as CommonwareSigner>::from(private_key).unwrap();
+        let signature = signer.sign(None, message);
+        let mut bad_signature = signature.to_vec();
+        bad_signature[32] |= 0x80; // force S into upper range
+        assert!(Signature::decode(bad_signature.as_ref()).is_err());
+    }
+
+    #[test]
+    fn test_decode_zero_r_signature_fails() {
+        let (private_key, _) = vector_keypair_1();
+        let message = b"edge";
+        let mut signer = <Secp256r1 as CommonwareSigner>::from(private_key).unwrap();
+        let signature = signer.sign(None, message);
+        let mut bad_signature = signature.to_vec();
+        for b in bad_signature.iter_mut().take(32) {
+            *b = 0x00;
+        }
+        // ensure S component is non-zero
+        bad_signature[32] = 1;
+        assert!(Signature::decode(bad_signature.as_ref()).is_err());
+    }
+
     // Ensure RFC6979 compliance (should also be tested by underlying library)
     #[test]
     fn test_rfc6979() {
