test: add negative BLS verify and FAV cases

src/state_transition/utils/bls.zig

@@ -22,6 +22,7 @@ pub fn verify(msg: []const u8, pk: *const PublicKey, sig: *const Signature, in_p
     try sig.verify(sig_groupcheck, msg, DST, null, pk, pk_validate);
 }
 
+/// `msg` must be at least 32 bytes; only the first 32 are passed to fast aggregate verification.
 pub fn fastAggregateVerify(msg: []const u8, pks: []const PublicKey, sig: *const Signature, in_pk_validate: ?bool, in_sigs_group_check: ?bool) !bool {
     var pairing_buf: [bls.Pairing.sizeOf()]u8 align(bls.Pairing.buf_align) = undefined;
 
@@ -30,7 +31,6 @@ pub fn fastAggregateVerify(msg: []const u8, pks: []const PublicKey, sig: *const
     return sig.fastAggregateVerify(sigs_groupcheck, &pairing_buf, msg[0..32], DST, pks, pks_validate) catch return false;
 }
 
-// TODO: unit tests
 test "bls - sanity" {
     const ikm: [32]u8 = [_]u8{
         0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a,
@@ -49,3 +49,56 @@ test "bls - sanity" {
     const result = try fastAggregateVerify(&msg, pks_slice[0..], &sig, null, null);
     try std.testing.expect(result);
 }
+
+test "bls - verify fails on wrong message" {
+    const ikm: [32]u8 = [_]u8{
+        0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a,
+        0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56,
+        0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c,
+        0x48, 0x99,
+    };
+    const sk = try SecretKey.keyGen(ikm[0..], null);
+    var msg = [_]u8{1} ** 32;
+    const sig = sign(sk, &msg);
+    const pk = sk.toPublicKey();
+    msg[0] ^= 1;
+    try std.testing.expectError(bls.BlstError.VerifyFail, verify(&msg, &pk, &sig, null, null));
+}
+
+test "bls - verify fails on wrong public key" {
+    const ikm_a: [32]u8 = [_]u8{
+        0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a,
+        0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56,
+        0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c,
+        0x48, 0x99,
+    };
+    const ikm_b: [32]u8 = [_]u8{
+        0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+        0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04,
+        0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+        0x0f, 0x10,
+    };
+    const sk_a = try SecretKey.keyGen(ikm_a[0..], null);
+    const sk_b = try SecretKey.keyGen(ikm_b[0..], null);
+    const msg = [_]u8{1} ** 32;
+    const sig = sign(sk_a, &msg);
+    const pk_b = sk_b.toPublicKey();
+    try std.testing.expectError(bls.BlstError.VerifyFail, verify(&msg, &pk_b, &sig, null, null));
+}
+
+test "bls - fastAggregateVerify false on wrong message" {
+    const ikm: [32]u8 = [_]u8{
+        0x93, 0xad, 0x7e, 0x65, 0xde, 0xad, 0x05, 0x2a, 0x08, 0x3a,
+        0x91, 0x0c, 0x8b, 0x72, 0x85, 0x91, 0x46, 0x4c, 0xca, 0x56,
+        0x60, 0x5b, 0xb0, 0x56, 0xed, 0xfe, 0x2b, 0x60, 0xa6, 0x3c,
+        0x48, 0x99,
+    };
+    const sk = try SecretKey.keyGen(ikm[0..], null);
+    var msg = [_]u8{1} ** 32;
+    const sig = sign(sk, &msg);
+    const pk = sk.toPublicKey();
+    msg[31] ^= 0xff;
+    var pks = [_]PublicKey{pk};
+    const result = try fastAggregateVerify(&msg, pks[0..], &sig, null, null);
+    try std.testing.expect(!result);
+}