danog/phpseclib
1
0
Fork 0
mirror of https://github.com/danog/phpseclib.git synced 2024-12-03 10:08:04 +01:00
Code Issues Projects Releases Wiki Activity

Tests/EC: add a test showing phpseclib's immunity to an EC vuln

Browse Source
This commit is contained in:
terrafrost 2021-11-21 10:24:29 -06:00
parent d20bf291a1
commit ea0e71977e
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tests/Unit/Crypt/EC/CurveTest.php
View File

@ -517,4 +517,18 @@ Private-MAC: b85ca0eb7c612df5d18af85128821bd53faaa3ef');
$signature = $private->sign($message, 'Raw');
$this->assertTrue($public->verify($message, $signature, 'Raw'));
}
public function testBadRSEd25519()
{
// see https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
$public = PublicKeyLoader::load('-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1zY+JIBlt8l+1I2f0ItA6oauDx9bFsm6
hk6TVQ4mP3lH+96p9keQBMRAY1D5znOyPk9107PceO+3kwoat1zKzw==
-----END PUBLIC KEY-----');
$signature = base64_decode('MAYCAQACAQA=');
$message = 'hello, world!';
$this->assertFalse($public->verify($message, $signature));
}
}