From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sat, 23 Jun 2018 17:30:01 +0000 (+0200)
Subject: Added anti-forgery tests for EdDSA
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=1139fd2e6acb1ed61a12f4e2481c8c11bc3e373a;p=Monocypher.git

Added anti-forgery tests for EdDSA

Note how EdDSA fails miserably to reject all-zero signatures.  This is
the first critical vulnerability since 1.0.
---

diff --git a/tests/test.c b/tests/test.c
index 302783b..0f50d13 100644
--- a/tests/test.c
+++ b/tests/test.c
@@ -596,6 +596,12 @@ static int p_eddsa_roundtrip()
         u8 pk       [32]; crypto_sign_public_key(pk, sk);
         u8 signature[64]; crypto_sign(signature, sk, pk, message, i);
         status |= crypto_check(signature, pk, message, i);
+
+        // reject forgeries
+        u8 zero   [64] = {0};
+        u8 forgery[64]; FOR (i, 0, 64) { forgery[i] = signature[i] + 1; }
+        status |= !crypto_check(zero   , pk, message, i);
+        status |= !crypto_check(forgery, pk, message, i);
     }
     printf("%s: EdDSA (roundtrip)\n", status != 0 ? "FAILED" : "OK");
     return status;