From cd895cf0075cd36f886a9ab062e2dc00fe7bfb07 Mon Sep 17 00:00:00 2001
From: garima-uttam <garimauttam@ibm.com>
Date: Mon, 16 Mar 2026 13:40:26 +0530
Subject: [PATCH] crypto,secp256k1: test SignUnsafe counter behavior

---
 crypto/secp256k1/secp256_test.go | 39 +++++++++++++++++++++++++
 crypto/signature_unsafe_test.go  | 50 ++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 crypto/signature_unsafe_test.go

diff --git a/crypto/secp256k1/secp256_test.go b/crypto/secp256k1/secp256_test.go
index c7485bca08..1a940a0d23 100644
--- a/crypto/secp256k1/secp256_test.go
+++ b/crypto/secp256k1/secp256_test.go
@@ -130,6 +130,45 @@ func TestSignDeterministic(t *testing.T) {
 	}
 }
 
+func TestSignUnsafeCounter(t *testing.T) {
+	pubkey, seckey := generateKeyPair()
+	msg := make([]byte, 32)
+	copy(msg, "hi there")
+
+	sig, err := Sign(msg, seckey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sigUnsafe0, err := SignUnsafe(msg, seckey, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sig, sigUnsafe0) {
+		t.Fatal("counter=0 should match Sign")
+	}
+	sigUnsafe1a, err := SignUnsafe(msg, seckey, 1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sigUnsafe1b, err := SignUnsafe(msg, seckey, 1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sigUnsafe1a, sigUnsafe1b) {
+		t.Fatal("counter=1 signatures not equal")
+	}
+	if bytes.Equal(sig, sigUnsafe1a) {
+		t.Fatal("counter=1 should not match counter=0 signature")
+	}
+	pubkeyRecovered, err := RecoverPubkey(msg, sigUnsafe1a)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(pubkey, pubkeyRecovered) {
+		t.Fatal("recovered pubkey mismatch")
+	}
+}
+
 func TestRandomMessagesWithSameKey(t *testing.T) {
 	pubkey, seckey := generateKeyPair()
 	keys := func() ([]byte, []byte) {
diff --git a/crypto/signature_unsafe_test.go b/crypto/signature_unsafe_test.go
new file mode 100644
index 0000000000..7fc3452873
--- /dev/null
+++ b/crypto/signature_unsafe_test.go
@@ -0,0 +1,50 @@
+package crypto
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"testing"
+)
+
+func TestSignUnsafeCounter(t *testing.T) {
+	key, err := ecdsa.GenerateKey(S256(), rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	hash := make([]byte, 32)
+	copy(hash, "hi there")
+
+	sig, err := Sign(hash, key)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sigUnsafe0, err := SignUnsafe(hash, key, 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sig, sigUnsafe0) {
+		t.Fatal("counter=0 should match Sign")
+	}
+	sigUnsafe1a, err := SignUnsafe(hash, key, 1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	sigUnsafe1b, err := SignUnsafe(hash, key, 1)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(sigUnsafe1a, sigUnsafe1b) {
+		t.Fatal("counter=1 signatures not equal")
+	}
+	if bytes.Equal(sig, sigUnsafe1a) {
+		t.Fatal("counter=1 should not match counter=0 signature")
+	}
+	pub, err := SigToPub(hash, sigUnsafe1a)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if pub.X.Cmp(key.PublicKey.X) != 0 || pub.Y.Cmp(key.PublicKey.Y) != 0 {
+		t.Fatal("recovered pubkey mismatch")
+	}
+}