1
0
mirror of https://github.com/golang/go synced 2024-11-26 02:07:57 -07:00

crypto/ed25519: fix TestAllocations in FIPS mode

Change-Id: Ic36e95dba29d43e73ddf105d538c4795bc4ce557
Reviewed-on: https://go-review.googlesource.com/c/go/+/630097
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This commit is contained in:
Filippo Valsorda 2024-11-20 16:11:49 +01:00 committed by Gopher Robot
parent 93fcd8fb18
commit c483fdbfcf

View File

@ -14,19 +14,25 @@ import (
func fipsPCT(k *PrivateKey) error {
return fips.PCT("Ed25519 sign and verify PCT", func() error {
msg := []byte("PCT")
sig := Sign(k, msg)
// Note that this runs pub.a.SetBytes. If we wanted to make key generation
// in FIPS mode faster, we could reuse A from GenerateKey. But another thing
// that could make it faster is just _not doing a useless self-test_.
pub, err := NewPublicKey(k.PublicKey())
if err != nil {
return err
}
return Verify(pub, msg, sig)
return pairwiseTest(k)
})
}
// pairwiseTest needs to be a top-level function declaration to let the calls
// inline and their allocations not escape.
func pairwiseTest(k *PrivateKey) error {
msg := []byte("PCT")
sig := Sign(k, msg)
// Note that this runs pub.a.SetBytes. If we wanted to make key generation
// in FIPS mode faster, we could reuse A from GenerateKey. But another thing
// that could make it faster is just _not doing a useless self-test_.
pub, err := NewPublicKey(k.PublicKey())
if err != nil {
return err
}
return Verify(pub, msg, sig)
}
func signWithoutSelfTest(priv *PrivateKey, message []byte) []byte {
signature := make([]byte, signatureSize)
return signWithDom(signature, priv, message, domPrefixPure, "")