blob: dbe5c0f4eea9158171b78ef14ee5449da06cab27 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
This file exists in the upstream repository at the commit which
corresponds to the ring-0.16.20 release, but was excluded from the
release tarball.
---
tests/ed25519_verify_tests.txt | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
create mode 100644 tests/ed25519_verify_tests.txt
diff --git a/tests/ed25519_verify_tests.txt b/tests/ed25519_verify_tests.txt
new file mode 100644
index 0000000..74c94b3
--- /dev/null
+++ b/tests/ed25519_verify_tests.txt
@@ -0,0 +1,34 @@
+# BoringSSL TEST(Ed25519Test Malleability)
+
+# Control; S is in range.
+MESSAGE = 54657374
+SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d
+PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa
+Result = P
+
+# Same as above, but with the order L added to S so it is out of range.
+# BoringSSL commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21
+MESSAGE = 54657374
+SIG = 7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce3832c2d76f8f6f5dafc08d9339d4eef676573336a5c51eb6f946b31d
+PUB = 7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa
+Result = F
+
+
+# BoringSSL commit 3094902fcdc2db2cc832fa854b9a6a8be383926c
+MESSAGE = 124e583f8b8eca58bb29c271b41d36986bbc45541f8e51f9cb0133eca447601e
+SIG = dac119d6ca87fc59ae611c157048f4d4fc932a149dbe20ec6effd1436abf83ea05c7df0fef06147241259113909bc71bd3c53ba4464ffcad3c0968f2ffffff0f
+PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86
+Result = P
+
+# Control. Same key as above; same message and signature as below, except S is in range.
+PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86
+MESSAGE = 6a0bc2b0057cedfc0fa2e3f7f7d39279b30f454a69dfd1117c758d86b19d85e0
+SIG = 0971f86d2c9c78582524a103cb9cf949522ae528f8054dc20107d999be673ff4f58ac9d20ec563133cabc6230b1db8625f8446639ede46ad4df4053000000000
+Result = P
+
+# Same key as above, but S is out of range.
+# BoringSSL commit 472ba2c2dd52d06a657a63b7fbf02732a6649d21
+PUB = 100fdf47fb94f1536a4f7c3fda27383fa03375a8f527c537e6f1703c47f94f86
+MESSAGE = 6a0bc2b0057cedfc0fa2e3f7f7d39279b30f454a69dfd1117c758d86b19d85e0
+SIG = 0971f86d2c9c78582524a103cb9cf949522ae528f8054dc20107d999be673ff4e25ebf2f2928766b1248bec6e91697775f8446639ede46ad4df4053000000010
+Result = F
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
|