Filippo Valsorda eaa4e03cfe tests: finish parsing and X25519 tests, distinguish HMAC errors ...

If the implementation re-encodes the header before checking the HMAC,
that would mask malleability issues: the HMAC check would fail because
the tests HMAC'd the original header, but an attacker could also produce
the right HMAC. Instead of duplicating every parsing tests (with the
original and re-encoded HMAC), we make the test framework distinguish
HMAC errors, which ensures bad encodings are recognized as such and not
bypassable HMAC errors.

2022-06-18 13:47:00 +02:00

416 B

Raw History

View Raw