Hi.
Javier, can you speak to whether there's web platform test coverage for the tricky issues that were discussed on the PR, e.g. the three listed in your last comment?
First of all, the PR is to merge both X25519 and Ed25519 algorithms. This intent is just for the X25519, since the Ed25519 is still not ready and needs more spec work. We all think that this work can be done as part of the new Web Cryptography spec draft.
The dertiveBits interop issue is the only one affecting the X25519 algorithm. There were already tests, but I have added a few more as part of bug fixes on the different browsers (mostly Firefox and Safari). I'm pretty sure we have good coverage on this issue already.
Let me use the email to clarify the other issues that were identified as part of the PR discussion. Regarding the small-order checks, I have added tests cases to cover the most important uses of small-order points. We could add more if we want to be exhaustive.
Finally, the random EdDSA signatures is still not clear enough to define tests, IMHO. We had some in the past, which were useful to detect the interop issue with WebKit. However, since WebKit considers this feature mandatory, we have removed the tests that checked for a deterministic signature. The Secure Curves spec doesn't explicitly states that the signatures must be deterministic; it just refers to theĀ RFC8032 paper where the Ed25519 signing algorithm is specified. The CFRG has discussed this issue and they are considering to take on a -bis document to modify the Ed25519 algorithm, but we reached a consensus in the PR that we can merge the current text, registering the issues about small-order points and randomized signatures, and work on them as part of the Web Crypto spec draft.
-- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com.
