rust-crypto
rust-crypto copied to clipboard
ed25519: Using short seed in keypair breaks signature and verify invariants
Hi and thank you for writing this extraordinary crate!
Summary
When using a short seed as input to the function keypair
of ed25519, signature and verification invariants are violated.
Example code
// This test will fail:
#[test]
fn test_rust_crypto_keypair_short_seed() {
let seed: &[u8] = &[1,2,3,4,5];
let (private_key, public_key) = keypair(seed);
let message = b"This is my message!";
let sig = signature(message, &private_key);
assert!(verify(message, &public_key, &sig));
}
// This test will pass:
#[test]
fn test_rust_crypto_keypair_long_seed() {
let seed: &[u8] = &[0x26, 0x27, 0xf6, 0x85, 0x97, 0x15, 0xad, 0x1d, 0xd2, 0x94, 0xdd, 0xc4, 0x76, 0x19, 0x39, 0x31,
0xf1, 0xad, 0xb5, 0x58, 0xf0, 0x93, 0x97, 0x32, 0x19, 0x2b, 0xd1, 0xc0, 0xfd, 0x16, 0x8e, 0x4e];
let (private_key, public_key) = keypair(seed);
let message = b"This is my message!";
let sig = signature(message, &private_key);
assert!(verify(message, &public_key, &sig));
}
Current behaviour: When using a short seed the signing and verification invariants fail. This could lead to unexpected results if the user of the library doesn't know what is the expected size of seed length.
Expected behaviour: I expect that when using a short seed as input to keypair I will get correct sign and verify results, or get some error condition that says I can not continue.
System information
rustc 1.23.0-nightly (bd0e45a32 2017-11-06)
rust-crypto = "0.2.36"
You are right. The seed has to be 32 bytes long. Added the assert to Rust-crypto-maintained. Thanks.