gentest.py: test private key edge cases

mmgen/protocol.py

@@ -124,7 +124,8 @@ class BitcoinProtocol(MMGenObject):
 			elif pk == cls.secp256k1_ge: # ditto
 				ydie(3,'Private key == secp256k1_ge!')
 			else:
-				ymsg('Warning: private key is greater than secp256k1 group order!:\n  {}'.format(sec.hex()))
+				if not g.test_suite:
+					ymsg('Warning: private key is greater than secp256k1 group order!:\n  {}'.format(hexpriv))
 				return (pk % cls.secp256k1_ge).to_bytes(cls.privkey_len,'big')
 
 	@classmethod

test/gentest.py

@@ -228,6 +228,20 @@ def compare_test():
 				'\ninput:    {b}\n%-9s {k}\nvkey:     {v}\naddr:     {a}\n')[
 					'viewkey' in addr_type.extra_attrs] % (addr_type.wif_label + ':')
 
+	# test some important private key edge cases:
+	edgecase_sks = (
+		bytes([0x00]*31 + [0x01]), # min
+		bytes([0xff]*32),          # max
+		bytes([0x0f] + [0xff]*31), # same key as above for zcash-z
+		bytes([0x00]*31 + [0xff]), # monero will reduce
+		bytes([0xff]*31 + [0x0f]), # monero will not reduce
+	)
+
+	qmsg(purple('edge cases:'))
+	for i,in_bytes in enumerate(edgecase_sks):
+		do_compare_test(i,len(edgecase_sks),in_bytes)
+	qmsg(green('\rOK            ' if opt.verbose else 'OK'))
+
 	qmsg(purple('random input:'))
 	for i in range(rounds):
 		do_compare_test(i,rounds,os.urandom(32))