Skip to content

Commit 763b25b

Browse files
karel-mkarel-m
committed
Introducing LTC_ECCSIG_RFC7518_RELAXED
1 parent 838feac commit 763b25b

File tree

3 files changed

+24
-29
lines changed

3 files changed

+24
-29
lines changed

src/headers/tomcrypt_pk.h

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -248,10 +248,12 @@ typedef struct {
248248
typedef enum ecc_signature_type_ {
249249
/* ASN.1 encoded, ANSI X9.62 */
250250
LTC_ECCSIG_ANSIX962 = 0x0,
251-
/* raw R, S values */
251+
/* raw R, S values - both values strictly padded to the size of the curve order*/
252252
LTC_ECCSIG_RFC7518 = 0x1,
253+
/* raw R, S values - without strict padding check (used just for verification) */
254+
LTC_ECCSIG_RFC7518_RELAXED = 0x2,
253255
/* raw R, S, V (+27) values */
254-
LTC_ECCSIG_ETH27 = 0x2
256+
LTC_ECCSIG_ETH27 = 0x3
255257
} ecc_signature_type;
256258

257259
/** the ECC params provided */

src/pk/ecc/ecc_verify_hash.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,16 @@ int ecc_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
7676
}
7777
else if (sigformat == LTC_ECCSIG_RFC7518) {
7878
/* RFC7518 format - raw (r,s) */
79+
i = mp_unsigned_bin_size(key->dp.order);
80+
if (siglen != (2 * i)) {
81+
err = CRYPT_INVALID_PACKET;
82+
goto error;
83+
}
84+
if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; }
85+
if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; }
86+
}
87+
else if (sigformat == LTC_ECCSIG_RFC7518_RELAXED) {
88+
/* RFC7518 format - raw (r,s) - without strict length check */
7989
if ((siglen % 2) == 1) {
8090
err = CRYPT_INVALID_PACKET;
8191
goto error;

tests/ecc_test.c

Lines changed: 10 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -153,52 +153,35 @@ static int _ecc_issue108(void)
153153
}
154154

155155
/* https://github.com/libtom/libtomcrypt/issues/443 */
156-
static int _ecc_issue443(void)
156+
/* https://github.com/libtom/libtomcrypt/issues/447 */
157+
static int _ecc_issue443_447(void)
157158
{
158159
const ltc_ecc_curve* cu;
159160
ecc_key key;
160-
int stat = 0;
161+
int err, stat = 0;
161162
unsigned char hash[64];
162163
unsigned long hashlen;
163164
const unsigned char msg[] = { 0x54,0x65,0x73,0x74 };
164165
/* msg+pub1+sig1 test vector is from wycheproof - ecdsa_webcrypto_test (incorrect size of signature) */
165-
const unsigned char pub1[] = {
166+
const unsigned char pub[] = {
166167
0x04,
167168
0x4a,0x03,0xef,0x9f,0x92,0xeb,0x26,0x8c,0xaf,0xa6,0x01,0x07,0x24,0x89,0xa5,0x63,
168169
0x80,0xfa,0x0d,0xc4,0x31,0x71,0xd7,0x71,0x28,0x13,0xb3,0xa1,0x9a,0x1e,0xb5,0xe5,
169170
0x3e,0x21,0x3e,0x28,0xa6,0x08,0xce,0x9a,0x2f,0x4a,0x17,0xfd,0x83,0x0c,0x66,0x54,
170171
0x01,0x8a,0x79,0xb3,0xe0,0x26,0x3d,0x91,0xa8,0xba,0x90,0x62,0x2d,0xf6,0xf2,0xf0
171172
};
172-
const unsigned char sig1[] = { 0x05, 0x01 };
173-
/* msg+pub2+sig2 test vector is from wycheproof - ecdsa_webcrypto_test (incorrect size of signature) */
174-
const unsigned char pub2[] = {
175-
0x04,
176-
0x00,0x5f,0x50,0x59,0x30,0x83,0x49,0xf9,0xeb,0xbb,0x4d,0x1c,0x55,0xc0,0xaf,0xcc,0xf6,0x21,0x62,0xec,0x1d,0xd1,
177-
0x2e,0xf3,0xed,0x90,0x66,0x56,0x92,0x4f,0xfd,0x99,0xca,0xb9,0xf0,0x6b,0x0e,0xb2,0x18,0xcf,0xf0,0x78,0xa4,0x67,
178-
0x7a,0x5c,0xe1,0xcc,0x07,0x65,0x2b,0xc9,0x76,0xae,0xfc,0x73,0x2c,0x28,0xf6,0x7e,0xf0,0x78,0xa4,0x34,0xe9,0x99,
179-
0x00,0xa5,0xd1,0x4d,0xf3,0x10,0x63,0x0d,0x76,0xec,0x03,0xcb,0x6f,0x9b,0x95,0xbf,0x1a,0x22,0x43,0x81,0x05,0xc8,
180-
0x8c,0xd9,0xfd,0x3d,0xac,0x80,0xf8,0x57,0xad,0xd3,0x82,0x71,0xd8,0xba,0x90,0x16,0x84,0xb2,0x6d,0x43,0x6d,0x4a,
181-
0x85,0x9a,0xd4,0xcd,0xa5,0xe9,0x67,0x7b,0x73,0xca,0xb3,0xf3,0xe5,0xe4,0x1a,0x3d,0x79,0x96,0x60,0x72,0x79,0xab
182-
};
183-
const unsigned char sig2[] = { 0x01, 0x01 };
173+
const unsigned char sig[] = { 0x05, 0x01 };
184174

185175
hashlen = sizeof(hash);
186176
DO(hash_memory(find_hash("sha256"), msg, sizeof(msg), hash, &hashlen));
187177
DO(ecc_find_curve("secp256r1", &cu));
188178
DO(ecc_set_curve(cu, &key));
189-
DO(ecc_set_key(pub1, sizeof(pub1), PK_PUBLIC, &key));
190-
DO(ecc_verify_hash_rfc7518(sig1, sizeof(sig1), hash, hashlen, &stat, &key));
191-
ecc_free(&key);
179+
DO(ecc_set_key(pub, sizeof(pub), PK_PUBLIC, &key));
180+
DO(ecc_verify_hash_ex(sig, sizeof(sig), hash, hashlen, LTC_ECCSIG_RFC7518_RELAXED, &stat, &key));
192181
if (stat != 1) return CRYPT_FAIL_TESTVECTOR;
193-
194-
hashlen = sizeof(hash);
195-
DO(hash_memory(find_hash("sha512"), msg, sizeof(msg), hash, &hashlen));
196-
DO(ecc_find_curve("secp521r1", &cu));
197-
DO(ecc_set_curve(cu, &key));
198-
DO(ecc_set_key(pub2, sizeof(pub2), PK_PUBLIC, &key));
199-
DO(ecc_verify_hash_rfc7518(sig2, sizeof(sig2), hash, hashlen, &stat, &key));
182+
err = ecc_verify_hash_rfc7518(sig, sizeof(sig), hash, hashlen, &stat, &key); /* should FAIL */
183+
if (err == CRYPT_OK) return CRYPT_FAIL_TESTVECTOR;
200184
ecc_free(&key);
201-
if (stat != 1) return CRYPT_FAIL_TESTVECTOR;
202185

203186
return CRYPT_OK;
204187
}
@@ -1671,7 +1654,7 @@ int ecc_tests(void)
16711654
DO(_ecc_import_export());
16721655
DO(_ecc_test_mp());
16731656
DO(_ecc_issue108());
1674-
DO(_ecc_issue443());
1657+
DO(_ecc_issue443_447());
16751658
#ifdef LTC_ECC_SHAMIR
16761659
DO(_ecc_test_shamir());
16771660
DO(_ecc_test_recovery());

0 commit comments

Comments
 (0)