crypto/ecdsa: implement deterministic and hedged signatures

For the future, some test vectors we should generate and then share through Wycheproof or CCTV: - A private key with a leading zero byte. - A hash longer than the modulus. - A hash longer than the P-521 modulus by a few bits. - Reductions happening in hashToNat and bits2octets. Fixes #64802 Change-Id: Ia0f89781b2c78eedd5103cf0e9720630711c37ad Reviewed-on: https://go-review.googlesource.com/c/go/+/628681 TryBot-Bypass: Filippo Valsorda <filippo@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2024-11-16 23:45:05 +01:00 · 2024-11-16 23:45:05 +01:00 · 548fd92733
commit 548fd92733
parent 0eeabaa9d7
8 changed files with 429 additions and 429 deletions
--- a/testdata/Server-TLSv12-ECDHE-ECDSA-AES
+++ b/testdata/Server-TLSv12-ECDHE-ECDSA-AES
@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 85 01 00 00  81 03 03 83 21 a6 e4 ea  |............!...|
-00000010  e9 7b 3a 7c 72 28 ee 68  c5 c7 fa f1 98 ed 4a be  |.{:|r(.h......J.|
-00000020  b8 42 13 fb d3 ab 63 16  d2 74 c8 00 00 04 c0 0a  |.B....c..t......|
+00000000  16 03 01 00 85 01 00 00  81 03 03 19 8a e1 c7 50  |...............P|
+00000010  ba 63 15 9b d5 85 f1 8c  55 43 d3 ce 9c d6 35 20  |.c......UC....5 |
+00000020  f3 49 3d 55 a5 11 57 6d  db 42 1d 00 00 04 c0 0a  |.I=U..Wm.B......|
 00000030  00 ff 01 00 00 54 00 0b  00 04 03 00 01 02 00 0a  |.....T..........|
 00000040  00 0c 00 0a 00 1d 00 17  00 1e 00 19 00 18 00 16  |................|
 00000050  00 00 00 17 00 00 00 0d  00 30 00 2e 04 03 05 03  |.........0......|
@ -46,39 +46,39 @@
 00000220  c1 33 13 83 0d 94 06 bb  d4 37 7a f6 ec 7a c9 86  |.3.......7z..z..|
 00000230  2e dd d7 11 69 7f 85 7c  56 de fb 31 78 2b e4 c7  |....i..|V..1x+..|
 00000240  78 0d ae cb be 9e 4e 36  24 31 7b 6a 0f 39 95 12  |x.....N6$1{j.9..|
-00000250  07 8f 2a 16 03 03 00 b7  0c 00 00 b3 03 00 1d 20  |..*............ |
+00000250  07 8f 2a 16 03 03 00 b6  0c 00 00 b2 03 00 1d 20  |..*............ |
 00000260  2f e5 7d a3 47 cd 62 43  15 28 da ac 5f bb 29 07  |/.}.G.bC.(.._.).|
 00000270  30 ff f6 84 af c4 cf c2  ed 90 99 5f 58 cb 3b 74  |0.........._X.;t|
-00000280  04 03 00 8b 30 81 88 02  42 00 b9 39 44 59 12 77  |....0...B..9DY.w|
-00000290  8d e2 79 25 01 d1 6a 05  3d 53 ea f3 91 d6 c5 09  |..y%..j.=S......|
-000002a0  24 bd 0c ad 24 cc 1c a7  fb 03 eb 0a 0d f4 30 96  |$...$.........0.|
-000002b0  8d 28 a1 b3 64 ba 30 27  95 29 23 22 91 62 c3 1f  |.(..d.0'.)#".b..|
-000002c0  51 aa c8 be 17 85 31 8e  f5 40 3e 02 42 00 ee a1  |Q.....1..@>.B...|
-000002d0  64 14 a1 52 b3 e5 54 c9  24 53 94 5a 43 d8 4f 79  |d..R..T.$S.ZC.Oy|
-000002e0  69 4b a8 51 ee de b3 b0  f7 1a 57 a3 28 72 d2 13  |iK.Q......W.(r..|
-000002f0  a6 d3 17 0b c4 45 34 7f  10 3b 81 cb 0c 8d 51 b6  |.....E4..;....Q.|
-00000300  0b 86 21 d0 ee 1d 7e 73  6b ea 77 8c 66 dc 65 16  |..!...~sk.w.f.e.|
-00000310  03 03 00 04 0e 00 00 00                           |........|
+00000280  04 03 00 8a 30 81 87 02  42 01 f2 09 77 4a e7 f5  |....0...B...wJ..|
+00000290  a8 35 3b dd 9d 62 5a 07  97 1e 76 93 b6 07 21 3e  |.5;..bZ...v...!>|
+000002a0  c8 fd 99 35 50 8a 8b ad  e5 de 03 07 c8 5e fe 03  |...5P........^..|
+000002b0  c1 99 04 ad 53 b6 76 67  eb 04 99 54 11 4d 4d e9  |....S.vg...T.MM.|
+000002c0  74 3f 89 6e d9 c8 02 98  c5 3c cf 02 41 4e 64 21  |t?.n.....<..ANd!|
+000002d0  1a 01 5f 2e 89 17 cc 65  33 d0 59 ed 17 59 c4 43  |.._....e3.Y..Y.C|
+000002e0  0a fc 68 30 9c e2 c3 86  fb 2a c1 4a ae 32 ef 1d  |..h0.....*.J.2..|
+000002f0  06 27 36 7d d5 cd 68 23  4c e9 7e 64 b8 eb 42 05  |.'6}..h#L.~d..B.|
+00000300  ef 83 36 b2 9e a7 ae 1a  cd b0 3a 17 3a 46 16 03  |..6.......:.:F..|
+00000310  03 00 04 0e 00 00 00                              |.......|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 ed 3e ba a7 43 53  |....%...! .>..CS|
-00000010  5e e4 60 aa 31 3f e1 69  60 32 25 3d fd 8b 32 da  |^.`.1?.i`2%=..2.|
-00000020  f2 c5 db c7 02 e6 4d d0  de 15 14 03 03 00 01 01  |......M.........|
-00000030  16 03 03 00 40 ee 28 f2  27 82 24 9d 17 d1 48 7a  |....@.(.'.$...Hz|
-00000040  74 2d dd 16 18 b7 70 97  2f 2b 91 47 eb c2 1d ae  |t-....p./+.G....|
-00000050  3f 48 52 cd ff e7 9e 0b  35 ad 1f 60 5e 07 b1 5e  |?HR.....5..`^..^|
-00000060  1c ba 6a 85 bb 6b 30 94  41 8a 59 81 cf 37 5f 26  |..j..k0.A.Y..7_&|
-00000070  b1 52 36 5f df                                    |.R6_.|
+00000000  16 03 03 00 25 10 00 00  21 20 73 43 c2 08 92 f5  |....%...! sC....|
+00000010  db bf 2f 8a eb 49 55 f7  5d 6b 80 64 f7 d9 75 1f  |../..IU.]k.d..u.|
+00000020  67 f6 35 21 3c 95 3f 1c  04 1a 14 03 03 00 01 01  |g.5!<.?.........|
+00000030  16 03 03 00 40 59 bb 5a  5d 76 73 a5 30 0e 29 d3  |....@Y.Z]vs.0.).|
+00000040  17 d8 2f 30 e6 ed 02 c6  83 12 44 42 d8 79 86 e0  |../0......DB.y..|
+00000050  78 7b 43 8d 5b 7c 85 42  fb 7c 67 b0 d0 71 03 0e  |x{C.[|.B.|g..q..|
+00000060  d0 6b b6 06 f1 16 72 c0  16 66 cf 53 df ae 62 3b  |.k....r..f.S..b;|
+00000070  f3 57 52 4d 08                                    |.WRM.|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 f5 05 5a a6 22  |.............Z."|
-00000020  90 4e 8d d9 f1 55 c4 78  f2 ec 9d 97 cd fe af ae  |.N...U.x........|
-00000030  b7 62 00 67 2e b2 d9 1e  0c a3 c8 6a bf d2 3c 42  |.b.g.......j..<B|
-00000040  c4 0a d1 08 36 64 8e bd  0a 2f a2 17 03 03 00 40  |....6d.../.....@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 c3 13 7d 0a ed  |.............}..|
+00000020  12 16 0f a5 e9 09 bb 38  9e bb 25 3f d3 36 f2 57  |.......8..%?.6.W|
+00000030  37 2b cf c7 9e d4 ed b6  ee 0e 07 8e a7 ae 71 c9  |7+............q.|
+00000040  1e cb 40 65 8b c5 9c e0  14 c5 f3 17 03 03 00 40  |..@e...........@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  ef 16 5e cb e7 c4 2d a8  76 77 da 18 91 bd cb 78  |..^...-.vw.....x|
-00000070  76 c5 5d 70 e5 ba 57 2a  1f 2b 11 3f 18 18 e6 1b  |v.]p..W*.+.?....|
-00000080  36 78 c9 f1 5e 71 f1 71  f1 01 31 e6 37 fa 76 92  |6x..^q.q..1.7.v.|
+00000060  0d 8e c2 8a a5 5a 8b bc  d8 86 a0 05 cf c6 39 a7  |.....Z........9.|
+00000070  6d 65 f1 a7 bb 74 25 1d  3e 75 fd f8 1f a5 06 b6  |me...t%.>u......|
+00000080  cd 14 5b 4b 0a 7b a2 e6  54 b3 bd 3c f0 eb ca 78  |..[K.{..T..<...x|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 13 3e 42  a5 61 84 ae 49 8b b9 91  |......>B.a..I...|
-000000b0  c2 a3 76 74 1e 4f 53 0a  fc 71 de 0d d2 44 c8 ac  |..vt.OS..q...D..|
-000000c0  2e 09 27 e6 ad                                    |..'..|
+000000a0  00 00 00 00 00 e6 4b 35  cc 69 58 89 49 67 99 f4  |......K5.iX.Ig..|
+000000b0  c2 14 2a bb e7 21 2b fe  fe b5 60 ae b2 2a 96 15  |..*..!+...`..*..|
+000000c0  e0 65 d2 54 0b                                    |.e.T.|