diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 13:15:26 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 13:15:26 +0000 |
commit | 82539ad8d59729fb45b0bb0edda8f2bddb719eb1 (patch) | |
tree | 58f0b58e6f44f0e04d4a6373132cf426fa835fa7 /src/crypto/ed25519/ed25519vectors_test.go | |
parent | Initial commit. (diff) | |
download | golang-1.17-82539ad8d59729fb45b0bb0edda8f2bddb719eb1.tar.xz golang-1.17-82539ad8d59729fb45b0bb0edda8f2bddb719eb1.zip |
Adding upstream version 1.17.13.upstream/1.17.13upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/crypto/ed25519/ed25519vectors_test.go')
-rw-r--r-- | src/crypto/ed25519/ed25519vectors_test.go | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go new file mode 100644 index 0000000..74fcdcd --- /dev/null +++ b/src/crypto/ed25519/ed25519vectors_test.go @@ -0,0 +1,109 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package ed25519_test + +import ( + "crypto/ed25519" + "encoding/hex" + "encoding/json" + "internal/testenv" + "os" + "os/exec" + "path/filepath" + "testing" +) + +// TestEd25519Vectors runs a very large set of test vectors that exercise all +// combinations of low-order points, low-order components, and non-canonical +// encodings. These vectors lock in unspecified and spec-divergent behaviors in +// edge cases that are not security relevant in most contexts, but that can +// cause issues in consensus applications if changed. +// +// Our behavior matches the "classic" unwritten verification rules of the +// "ref10" reference implementation. +// +// Note that although we test for these edge cases, they are not covered by the +// Go 1 Compatibility Promise. Applications that need stable verification rules +// should use github.com/hdevalence/ed25519consensus. +// +// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details. +func TestEd25519Vectors(t *testing.T) { + jsonVectors := downloadEd25519Vectors(t) + var vectors []struct { + A, R, S, M string + Flags []string + } + if err := json.Unmarshal(jsonVectors, &vectors); err != nil { + t.Fatal(err) + } + for i, v := range vectors { + expectedToVerify := true + for _, f := range v.Flags { + switch f { + // We use the simplified verification formula that doesn't multiply + // by the cofactor, so any low order residue will cause the + // signature not to verify. + // + // This is allowed, but not required, by RFC 8032. + case "LowOrderResidue": + expectedToVerify = false + // Our point decoding allows non-canonical encodings (in violation + // of RFC 8032) but R is not decoded: instead, R is recomputed and + // compared bytewise against the canonical encoding. + case "NonCanonicalR": + expectedToVerify = false + } + } + + publicKey := decodeHex(t, v.A) + signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...) + message := []byte(v.M) + + didVerify := ed25519.Verify(publicKey, message, signature) + if didVerify && !expectedToVerify { + t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags) + } + if !didVerify && expectedToVerify { + t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags) + } + } +} + +func downloadEd25519Vectors(t *testing.T) []byte { + testenv.MustHaveExternalNetwork(t) + + // Download the JSON test file from the GOPROXY with `go mod download`, + // pinning the version so test and module caching works as expected. + goTool := testenv.GoToolPath(t) + path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94" + cmd := exec.Command(goTool, "mod", "download", "-json", path) + // TODO: enable the sumdb once the TryBots proxy supports it. + cmd.Env = append(os.Environ(), "GONOSUMDB=*") + output, err := cmd.Output() + if err != nil { + t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output) + } + var dm struct { + Dir string // absolute path to cached source root directory + } + if err := json.Unmarshal(output, &dm); err != nil { + t.Fatal(err) + } + + jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json")) + if err != nil { + t.Fatalf("failed to read ed25519vectors.json: %v", err) + } + return jsonVectors +} + +func decodeHex(t *testing.T, s string) []byte { + t.Helper() + b, err := hex.DecodeString(s) + if err != nil { + t.Errorf("invalid hex: %v", err) + } + return b +} |