fix/secp256k1

[mistermoe]

• Account for signatures less than 64 bytes
• add test
• bump version

[codecov]

Codecov Report

Merging #99 (e2d226f) into main (6ceafc5) will increase coverage by 0.18%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main      #99      +/-   ##
==========================================
+ Coverage   69.92%   70.10%   +0.18%     
==========================================
  Files          21       21              
  Lines        1197     1201       +4     
  Branches      135      137       +2     
==========================================
+ Hits          837      842       +5     
  Misses        292      292              
+ Partials       68       67       -1     

Components	Coverage Δ
credentials	67.12% <ø> (ø)
crypto	34.67% <100.00%> (+1.33%)	⬆️
dids	92.81% <ø> (ø)
common	60.83% <ø> (ø)

[KendallWeihe]

TIL you can private a function outside of a class in Kotlin

[KendallWeihe]

Suggested change

	fun fuzz() {
	fun `can verify 10k random payloads`() {

or whatevs, not sure what the intent here is

[mistermoe]

point here is to generate a sufficient number of signatures (aka 2 big ints) across a large enough surface area to suss out any edge cases there may be with signature verification

[mistermoe]

cool with "pressure test signature verification" as the test name?

[KendallWeihe]

yup 👍

[mistermoe]

done - 8049d78

[andresuribe87]

lgtm, smol suggestion

Would have been awesome to identify a test that fails before, but passes now.

[mistermoe]

lgtm, smol suggestion

Would have been awesome to identify a test that fails before, but passes now.

good point @andresuribe87 . will keep this in mind for future PRs! less valuable now but for context:

we were running into intermittent unit test failures on the tbdex side w.r.t. signature verification e.g.

OfferingTest > can parse offering from a json string() FAILED
    java.security.SignatureException: Invalid Signature
        at web5.sdk.crypto.Secp256k1.verify(Secp256k1.kt:280)
        at web5.sdk.crypto.Signer$DefaultImpls.verify$default(Signer.kt:115)
        at web5.sdk.crypto.Crypto.verify(Crypto.kt:144)

@tomdaffurn and i narrowed it down to secp256k1 and wrote the test that we added to this PR to consistently reproduce the issue. we used the failing test to track down and fix the bug.

is this the type of context you were suggesting might be helpful?

[andresuribe87]

@mistermoe I meant more to include a test in this PR that always failed before your fix, but passes after the fix. Sounds like you kinda had it? No big deal.

Context was super useful, thx!