Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

additional checks when convering sigs from der to p1363 format #1684

Merged
merged 1 commit into from Nov 29, 2021
Merged

additional checks when convering sigs from der to p1363 format #1684

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 12 additions & 1 deletion libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/Crypto.java
View file
Open in desktop
Expand Up @@ -367,7 +367,18 @@ public static byte[] convertSignatureFromDERToP1363Format(byte[] signature, fina
throw new CryptoException("unknown signature size");
}

ASN1Sequence seq = ASN1Sequence.getInstance(signature);
ASN1Sequence seq;
try {
seq = ASN1Sequence.getInstance(signature);
} catch (Exception ex) {
LOG.error("failed to construct asn1 sequence from signature", ex);
throw new CryptoException("failed to construct asn1 sequence");
}

if (seq.size() != 2) {
LOG.error("asn1 sequence does not have expected 2 integers: {}", seq.size());
throw new CryptoException("invalid asn1sequence size");
}
BigInteger r = ((ASN1Integer) seq.getObjectAt(0)).getValue();
BigInteger s = ((ASN1Integer) seq.getObjectAt(1)).getValue();

Expand Down
31 changes: 29 additions & 2 deletions libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/util/CryptoTest.java
View file
Open in desktop
Expand Up @@ -1291,9 +1291,10 @@ public void testConvertSignatureFromP1363ToDERFormat() {
} catch (CryptoException ex) {
assertTrue(ex.getMessage().contains("unknown signature size"));
}
}

// convert invalid size signature

@Test
public void testConvertSignatureFromP1363ToDERFormatInvalidSize() {
try {
Crypto.convertSignatureFromP1363ToDERFormat("test".getBytes(StandardCharsets.UTF_8), Crypto.SHA256);
fail();
Expand All @@ -1302,6 +1303,32 @@ public void testConvertSignatureFromP1363ToDERFormat() {
}
}

@Test
public void testConvertSignatureFromDERToP1363FormatInvalidData() {
try {
Crypto.convertSignatureFromDERToP1363Format("test".getBytes(StandardCharsets.UTF_8), Crypto.SHA256);
fail();
} catch (CryptoException ex) {
assertTrue(ex.getMessage().contains("failed to construct asn1 sequence"));
}

PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
assertNotNull(privateKey);

byte[] derSignature = Crypto.sign(serviceToken.getBytes(StandardCharsets.UTF_8), privateKey, Crypto.SHA256);
assertNotNull(derSignature);
// make the signature invalid
for (int i = 0; i < derSignature.length / 2; i++) {
derSignature[i] = 1;
}
try {
Crypto.convertSignatureFromDERToP1363Format(derSignature, Crypto.SHA256);
fail();
} catch (CryptoException ex) {
assertTrue(ex.getMessage().contains("failed to construct asn1 sequence"));
}
}

@Test
public void testSignVerifyByteArrayRSAKey() {

Expand Down