arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 12:28:09 +00:00
Code Issues Releases Wiki Activity

feat(crypto): Use strict DER-decoding in ecdsa_sig_from_der().

Browse Source
This commit is contained in:
Andrew Kozlik 2023-11-30 17:08:55 +01:00 committed by matejcik
parent 3a5aecf6cd
commit 8e8f1afa85
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
crypto/ecdsa.c
View File

@ -1204,8 +1204,8 @@ int ecdsa_sig_to_der(const uint8_t *sig, uint8_t *der) {
return *len + 2; return *len + 2;
} }
// Parse a DER-encoded signature. We don't check whether the encoded integers // Parse a DER-encoded signature. We check whether the encoded integers satisfy
// satisfy DER requirements regarding leading zeros. // DER requirements regarding leading zeros.
int ecdsa_sig_from_der(const uint8_t *der, size_t der_len, uint8_t sig[64]) { int ecdsa_sig_from_der(const uint8_t *der, size_t der_len, uint8_t sig[64]) {
memzero(sig, 64); memzero(sig, 64);
@ -1229,10 +1229,20 @@ int ecdsa_sig_from_der(const uint8_t *der, size_t der_len, uint8_t sig[64]) {
return 1; return 1;
} }
// Skip a possible leading zero. // Positive integers must not start with an octet that has bit 8 set to 1.
if (int_len != 0 && der[pos] == 0) { if (int_len == 0 || der[pos] > 0x7f) {
return 1;
}
// Skip a possible leading null octet.
if (int_len > 1 && der[pos] == 0x00) {
int_len--; int_len--;
pos++; pos++;
// Check that integer uses the shortest possible encoding.
if (der[pos] < 0x80) {
return 1;
}
} }
// Copy the integer to the output, making sure it fits. // Copy the integer to the output, making sure it fits.

11
crypto/tests/test_check.c
View File

@ -6776,6 +6776,13 @@ START_TEST(test_ecdsa_der) {
"0000000000000000000000000000000000000000000000000000000000000000", "0000000000000000000000000000000000000000000000000000000000000000",
"3006020100020100", "3006020100020100",
}, },
{NULL, NULL, "3008020200ee020200ff00"},
{NULL, NULL,
"304402207f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1"
"f0220800102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"},
{NULL, NULL,
"30440220007f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1"
"e022000800102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e"},
}; };
uint8_t sig[64]; uint8_t sig[64];
@ -6784,12 +6791,16 @@ START_TEST(test_ecdsa_der) {
for (size_t i = 0; i < (sizeof(vectors) / sizeof(*vectors)); ++i) { for (size_t i = 0; i < (sizeof(vectors) / sizeof(*vectors)); ++i) {
size_t der_len = strlen(vectors[i].der) / 2; size_t der_len = strlen(vectors[i].der) / 2;
memcpy(der, fromhex(vectors[i].der), der_len); memcpy(der, fromhex(vectors[i].der), der_len);
if (vectors[i].r != NULL) {
memcpy(sig, fromhex(vectors[i].r), 32); memcpy(sig, fromhex(vectors[i].r), 32);
memcpy(sig + 32, fromhex(vectors[i].s), 32); memcpy(sig + 32, fromhex(vectors[i].s), 32);
ck_assert_int_eq(ecdsa_sig_to_der(sig, out), der_len); ck_assert_int_eq(ecdsa_sig_to_der(sig, out), der_len);
ck_assert_mem_eq(out, der, der_len); ck_assert_mem_eq(out, der, der_len);
ck_assert_int_eq(ecdsa_sig_from_der(der, der_len, out), 0); ck_assert_int_eq(ecdsa_sig_from_der(der, der_len, out), 0);
ck_assert_mem_eq(out, sig, 64); ck_assert_mem_eq(out, sig, 64);
} else {
ck_assert_int_eq(ecdsa_sig_from_der(der, der_len, out), 1);
}
} }
} }
END_TEST END_TEST