Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix decodeCertify always returning a truncated signature in case of ECDSA signature. #192

Merged
merged 4 commits into from
Jul 28, 2020
Merged

Fix decodeCertify always returning a truncated signature in case of ECDSA signature. #192

merged 4 commits into from
Jul 28, 2020

Conversation

ElMostafaIdrassi
Copy link
Contributor

This PR is a follow up to the issue #191.

The bug is mainly due to the fact that the old code called tpmutil.UnpackBuf on only one element that is signature.
It worked for RSA signatures as their corresponding structure TPMS_SIGNATURE_RSASSA contains only 1 field TPM2B_PUBLIC_KEY_RSA, in addition to TPMI_ALG_HASH field.
However, it failed for ECDSA signatures because their corresponding structure is TPMS_SIGNATURE_ECDSA,
which contains 2 fields R and S - instead of just 1 - which are both TPM2B_ECC_PARAMETER, in addition to TPMI_ALG_HASH field.

All this information can be found here.

Therefore, the bug can be fixed by calling tpmutil.UnpackBuf on 2 elements, that is R followed by S, in the case of ECDSA signature, which results in retrieving the whole signature.

Signed-off-by: El Mostafa IDRASSI mostafa.idrassi@tutanota.com

@ElMostafaIdrassi
Fix decodeCertify always returning a truncated signature in case of…
0196482 
… `ECDSA` signature.

This is mainly due to the fact that the old code called `tpmutil.UnpackBuf` on only one element that is `signature`.
This worked for RSA signatures as their corresponding structure `TPMS_SIGNATURE_RSASSA` contains only 1 field `TPM2B_PUBLIC_KEY_RSA`,
in addition to `TPMI_ALG_HASH` field.
However, it failed for ECDSA signatures because their corresponding structure is `TPMS_SIGNATURE_ECDSA`,
which contains 2 fields R and S - instead of just 1 - which are both `TPM2B_ECC_PARAMETER`, in addition to `TPMI_ALG_HASH` field.

Therefore, this can be fixed by calling `tpmutil.UnpackBuf` on 2 elements, that is R followed by S, which results in retrieving the whole signature.

Signed-off-by: El Mostafa IDRASSI <mostafa.idrassi@tutanota.com>
This was referenced Jul 18, 2020
Merged
Closed
@ElMostafaIdrassi
Copy link
Contributor Author

Any chance this, #190 and #193 can get merged ?

@twitchy-jsonp twitchy-jsonp merged commit fbed0c5 into google:master Jul 28, 2020
@ElMostafaIdrassi ElMostafaIdrassi deleted the fix-ecc-certifycreation-decodeCertify branch July 28, 2020 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twitchy-jsonp twitchy-jsonp twitchy-jsonp approved these changes

@josephlr josephlr Awaiting requested review from josephlr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ElMostafaIdrassi @twitchy-jsonp