T

docs/utils/p256.md

@@ -89,6 +89,14 @@ Includes the malleability check.
 
 ## Other Operations
 
+### normalized(bytes32)
+
+```solidity
+function normalized(bytes32 s) internal pure returns (bytes32 result)
+```
+
+Returns `s` normalized to the lower half of the curve.
+
 ### tryDecodePoint(bytes)
 
 ```solidity

test/P256.t.sol

@@ -257,8 +257,21 @@ contract P256Test is P256VerifierEtcher {
         }
     }
 
-    function testP256Normalized(uint256 s) public pure {
-        check_P256Normalized(s);
+    function testP256Normalized(uint256 privateKey, bytes32 hash) public {
+        while (privateKey == 0 || privateKey > P256.N) {
+            privateKey = uint256(keccak256(abi.encode(privateKey)));
+        }
+        (uint256 x, uint256 y) = vm.publicKeyP256(privateKey);
+
+        // Note that `vm.signP256` can produce `s` above `N / 2`.
+        (bytes32 r, bytes32 s) = vm.signP256(privateKey, hash);
+
+        if (uint256(s) > P256.N / 2) {
+            assertFalse(P256.verifySignature(hash, r, s, bytes32(x), bytes32(y)));
+            assertTrue(P256.verifySignature(hash, r, P256.normalized(s), bytes32(x), bytes32(y)));
+        } else {
+            assertTrue(P256.verifySignature(hash, r, s, bytes32(x), bytes32(y)));
+        }
     }
 }
 

test/utils/forge-std/Vm.sol

@@ -1651,6 +1651,12 @@ interface VmSafe {
         string calldata language
     ) external pure returns (uint256 privateKey);
 
+    /// Derives secp256r1 public key from the provided `privateKey`.
+    function publicKeyP256(uint256 privateKey)
+        external
+        pure
+        returns (uint256 publicKeyX, uint256 publicKeyY);
+
     /// Gets the label for the specified address.
     function getLabel(address account) external view returns (string memory currentLabel);