CT: Declassify sig in test instead of at the end of signing#835
CT: Declassify sig in test instead of at the end of signing#835mkannwischer wants to merge 1 commit intomainfrom
Conversation
Alternative to #822 that I hope to be less controversial. Currently the constant time tests for verification rely on the signature being declassified at the end of verification. This is not ideal. This commit moves this declassification to the constant-time test instead. As suggested in #822 (review), there is more work left to clean up the story around declassifications. This PR is a first step towards cleaning up that story to unblock #825 and #821, but there is more work left. Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>
mkannwischer
force-pushed
the
verify-cleanup
branch
from
3040a3f to
51b2d44
Compare
|
@mkannwischer I don't understand why this is blocking #825. Can you elaborate? |
Prior to this PR there is a declassification of z prior to packing it into the signature buffer. |
|
@mkannwischer I'm just trying to understand if the dependency can be avoided. If the intent of the current ( |
Yes, I have already done that - see the last two sentences of my previous comment. |
|
Closing this for now. We should strive for a larger cleanup in #822 - but I am not sure when I will get to it. |
2 participants
Alternative to #822 that I hope to be less controversial.
Currently the constant time tests for verification rely on the signature being declassified at the end of verification. This is not ideal. This commit moves this declassification to the constant-time test instead.
As suggested in
#822 (review), there is more work left to clean up the story around declassifications. This PR is a first step towards cleaning up that story to unblock #825 and #821, but there is more work left.