From 848a1b02261c4a4e16db126d157d83ba6c8478dd Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Fri, 14 Apr 2023 17:53:20 +0000
Subject: [PATCH] nist tests: add endomorphism test

---
 test/nist.test.js                        | 13 +++++++++++-
 test/vectors/secp256k1/endomorphism.json | 26 ++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 test/vectors/secp256k1/endomorphism.json

diff --git a/test/nist.test.js b/test/nist.test.js
index aff3e27..ecc1190 100644
--- a/test/nist.test.js
+++ b/test/nist.test.js
@@ -10,6 +10,7 @@ import { hexToBytes, bytesToHex } from '../esm/abstract/utils.js';
 import { default as ecdsa } from './wycheproof/ecdsa_test.json' assert { type: 'json' };
 import { default as ecdh } from './wycheproof/ecdh_test.json' assert { type: 'json' };
 import { default as rfc6979 } from './vectors/rfc6979.json' assert { type: 'json' };
+import { default as endoVectors } from './vectors/secp256k1/endomorphism.json' assert { type: 'json' };
 
 import { default as ecdh_secp224r1_test } from './wycheproof/ecdh_secp224r1_test.json' assert { type: 'json' };
 import { default as ecdh_secp256r1_test } from './wycheproof/ecdh_secp256r1_test.json' assert { type: 'json' };
@@ -438,7 +439,7 @@ describe('RFC6979', () => {
   }
 });
 
-should('DER Leading zero', () => {
+should('properly add leading zero to DER', () => {
   // Valid DER
   deepStrictEqual(
     DER.toSig(
@@ -465,6 +466,16 @@ should('DER Leading zero', () => {
   );
 });
 
+should('have proper GLV endomorphism logic in secp256k1', () => {
+  const Point = secp256k1.ProjectivePoint;
+  for (let item of endoVectors) {
+    const point = Point.fromAffine({ x: BigInt(item.ax), y: BigInt(item.ay) });
+    const c = point.multiplyUnsafe(BigInt(item.scalar)).toAffine();
+    deepStrictEqual(c.x, BigInt(item.cx));
+    deepStrictEqual(c.y, BigInt(item.cy));
+  }
+});
+
 // ESM is broken.
 import url from 'url';
 if (import.meta.url === url.pathToFileURL(process.argv[1]).href) {
diff --git a/test/vectors/secp256k1/endomorphism.json b/test/vectors/secp256k1/endomorphism.json
new file mode 100644
index 0000000..77988fe
--- /dev/null
+++ b/test/vectors/secp256k1/endomorphism.json
@@ -0,0 +1,26 @@
+[
+  {
+    "desc": "k1neg=true, k2neg=false",
+    "ax": "55066263022277343669578718895168534326250603453777594175500187360389116729240",
+    "ay": "32670510020758816978083085130507043184471273380659243275938904335757337482424",
+    "scalar": "2704427838213584814824020837927043695889",
+    "cx": "70912011419250646761259860556624974262679413898110209707622032756145750038852",
+    "cy": "46481114889376149700487001434152190585794282401306514438088690968308506923285"
+  },
+  {
+    "desc": "k1neg=false, k2neg=true",
+    "ax": "55066263022277343669578718895168534326250603453777594175500187360389116729240",
+    "ay": "32670510020758816978083085130507043184471273380659243275938904335757337482424",
+    "scalar": "367917413016453100223835821029139468248",
+    "cx": "10322688129782350538653828383726187034025074756440739323015371090593152139135",
+    "cy": "68793242610611269092604721689053086352541804982835045879816374698216278704126"
+  },
+  {
+    "desc": "k1neg=true, k2neg=true",
+    "ax": "55066263022277343669578718895168534326250603453777594175500187360389116729240",
+    "ay": "32670510020758816978083085130507043184471273380659243275938904335757337482424",
+    "scalar": "3808180077262944115495528301014462100633",
+    "cx": "14215418389480067884450074673878587420586762919133643262861030012154939932102",
+    "cy": "29847359538023735520768762420255189621104408153695873716448888266404867737302"
+  }
+]