diff options
author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2022-10-27 10:00:04 +0200 |
---|---|---|
committer | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2022-12-21 10:50:48 +0100 |
commit | 620903fa33a3f2f3b2aa5ac0b5d4731251aee157 (patch) | |
tree | 021d4709a26f636490a7929d7f23a9417c128706 | |
parent | 8263f8916a8003671eafcc374f4466a715a6bf97 (diff) |
openpgp: Add tests for correct ordering of Ed/Cv25519.
- Reversing of Cv25519 compared to X25519 and Ed25519 is a common
source of confusion.
- Add unit tests to check for correct secret key byte order.
-rw-r--r-- | openpgp/src/packet/key.rs | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 593b4fe6..83d563f4 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -2210,6 +2210,43 @@ FwPoSAbbsLkNS/iNN2MDGAVYvezYn2QZ Ok(()) } + #[test] + #[cfg(not(windows))] // see: https://gitlab.com/sequoia-pgp/sequoia/-/issues/958 + fn cv25519_secret_is_reversed() { + let private_key: &[u8] = &crate::crypto::SessionKey::new(32); + let key: Key4<_, UnspecifiedRole> = Key4::import_secret_cv25519(private_key, None, None, None).unwrap(); + if let crate::packet::key::SecretKeyMaterial::Unencrypted(key) = key.secret() { + key.map(|secret| { + if let mpi::SecretKeyMaterial::ECDH { scalar } = secret { + let scalar_reversed = private_key.iter().copied().rev().collect::<Vec<u8>>(); + let scalar_actual = &*scalar.value_padded(32); + assert_eq!(scalar_actual, scalar_reversed); + } else { + unreachable!(); + } + }) + } else { + unreachable!(); + } + } + + #[test] + fn ed25519_secret_is_not_reversed() { + let private_key: &[u8] = &crate::crypto::SessionKey::new(32); + let key: Key4<_, UnspecifiedRole> = Key4::import_secret_ed25519(private_key, None).unwrap(); + if let crate::packet::key::SecretKeyMaterial::Unencrypted(key) = key.secret() { + key.map(|secret| { + if let mpi::SecretKeyMaterial::EdDSA { scalar } = secret { + assert_eq!(&*scalar.value_padded(32), private_key); + } else { + unreachable!(); + } + }) + } else { + unreachable!(); + } + } + fn mutate_eq_discriminates_key<P, R>(key: Key<P, R>, i: usize) -> bool where P: KeyParts, R: KeyRole, |