Ed25519 verifiers now reject overly long signatures

CryptoLib.Tests/src/Others/Ed25519HigherLevelTests.pas

@@ -229,7 +229,7 @@ var
   kp: IAsymmetricCipherKeyPair;
   privateKey: IEd25519PrivateKeyParameters;
   publicKey: IEd25519PublicKeyParameters;
-  msg, signature: TCryptoLibByteArray;
+  msg, signature, wrongLengthSignature: TCryptoLibByteArray;
   Signer, verifier: ISigner;
   shouldVerify, shouldNotVerify: Boolean;
   algorithmName: String;
@@ -264,6 +264,18 @@ begin
     Fail(Format('Ed25519 (%s) signature failed to verify', [algorithmName]));
   end;
 
+  wrongLengthSignature := TArrayUtils.Prepend(signature, Byte($00));
+
+  verifier.Init(False, publicKey);
+  verifier.BlockUpdate(msg, 0, System.length(msg));
+  shouldNotVerify := verifier.VerifySignature(wrongLengthSignature);
+
+  if (shouldNotVerify) then
+  begin
+    Fail(Format('Ed25519 (%s) wrong length signature incorrectly verified',
+      [algorithmName]));
+  end;
+
   tempRand := FRandom.Next();
   signature[tempRand mod System.length(signature)] :=
     signature[tempRand mod System.length(signature)

CryptoLib/src/Crypto/Signers/ClpEd25519Blake2BSigner.pas

@@ -172,6 +172,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519Blake2B.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   buf := Aggregate();
   count := System.Length(buf);

CryptoLib/src/Crypto/Signers/ClpEd25519CtxBlake2BSigner.pas

@@ -174,6 +174,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519Blake2B.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   buf := Aggregate();
   count := System.Length(buf);

CryptoLib/src/Crypto/Signers/ClpEd25519CtxSigner.pas

@@ -173,6 +173,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   buf := Aggregate();
   count := System.Length(buf);

CryptoLib/src/Crypto/Signers/ClpEd25519PhBlake2BSigner.pas

@@ -165,6 +165,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519Blake2B.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   Result := FEd25519Blake2BInstance.VerifyPrehash(signature, 0, pk, 0, FContext,
     FPreHash);

CryptoLib/src/Crypto/Signers/ClpEd25519PhSigner.pas

@@ -164,6 +164,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   Result := FEd25519Instance.VerifyPrehash(signature, 0, pk, 0, FContext,
     FPreHash);

CryptoLib/src/Crypto/Signers/ClpEd25519Signer.pas

@@ -171,6 +171,11 @@ begin
     raise EInvalidOperationCryptoLibException.CreateRes
       (@SNotInitializedForVerifying);
   end;
+  if (TEd25519.SignatureSize <> System.Length(signature)) then
+  begin
+    Result := false;
+    Exit;
+  end;
   pk := FPublicKey.GetEncoded();
   buf := Aggregate();
   count := System.Length(buf);

CryptoLib/src/Utils/ClpArrayUtils.pas

@@ -74,6 +74,9 @@ type
     class function Prepend(const A: TCryptoLibByteArray; B: Byte)
       : TCryptoLibByteArray; static;
 
+    class function Append(const A: TCryptoLibByteArray; B: Byte)
+      : TCryptoLibByteArray; static;
+
     class function CopyOf(const data: TCryptoLibByteArray; newLength: Int32)
       : TCryptoLibByteArray; static;
 
@@ -420,4 +423,21 @@ begin
   Result[0] := B;
 end;
 
+class function TArrayUtils.Append(const A: TCryptoLibByteArray; B: Byte)
+  : TCryptoLibByteArray;
+var
+  &length: Int32;
+begin
+  if (A = Nil) then
+  begin
+    Result := TCryptoLibByteArray.Create(B);
+    Exit;
+  end;
+
+  Length := System.Length(A);
+  System.SetLength(Result, Length + 1);
+  System.Move(A[0], Result[0], Length * System.SizeOf(Byte));
+  Result[Length] := B;
+end;
+
 end.