Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hackathon 117: t_cose_sign_verify with T_COSE_OPT_DECODE_ONLY fails #252

Open
dthaler opened this issue Jul 23, 2023 · 1 comment
Open

Comments

@dthaler
Copy link

dthaler commented Jul 23, 2023

In the dev branch, when T_COSE_OPT_DECODE_ONLY is set but T_COSE_OPT_VERIFY_ALL_SIGNATURES is clear, the verification fails when multiple signatures exist and one succeeds and another fails.

The root cause seems to be in
https://github.com/laurencelundblade/t_cose/blob/dev/src/t_cose_sign_verify.c#L284

        if(me->option_flags & (T_COSE_OPT_VERIFY_ALL_SIGNATURES | T_COSE_OPT_DECODE_ONLY)) {
            if(return_value == T_COSE_ERR_DECLINE) {
                /* When verifying all, there can be no declines.
                 * Also only decoding (not verifying) there can be
                 * no declines because every signature must be
                 * decoded so its parameters can be returned.
                 * TODO: is this really true? It might be OK to
                 * only decode some as long as the caller knows
                 * that some weren't decoded. How to indicate this
                 * if it happens? An error code? A special
                 * indicator parameter in the returned list?
                 */
                break;

Specifically, setting T_COSE_OPT_DECODE_ONLY causes it to take the T_COSE_OPT_VERIFY_ALL_SIGNATURES code path and fail unless all succeed, which breaks the ability to compute auxiliary buffer size (by using T_COSE_OPT_DECODE_ONLY) in the just-one-success-needed case.

@laurencelundblade
Copy link
Owner

laurencelundblade commented Aug 4, 2023

Hi Dave, are you setting a kid for the EdDSA verifier?

Can you point me to your repo (if it is public)?

I'm having trouble replicating so far.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants