Unexpected verification failures w\ YubiHSM2-generated signatures #65
Comments
|
Can you try running |
|
That fixed it, thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been using this crate to test ECDSA over secp256k1 signatures generated by YubiHSM2 hardware devices, and encountering sporadic failures. Not sure exactly where the problem lies, but things seem to be working rather sporadically.
Here are 3 batches of signatures generated by the YubiHSM2, with two signatures over the same message each under a different private key, and whether or not they verify or fail. All of the signatures are ASN.1 DER encoded (verbatim as generated by the HSM).
Test Message
54:68:65:20:45:6c:6c:69:70:74:69:63:20:43:75:72:76:65:20:44:69:67:69:74:61:6c:20:53:69:67:6e:61:74:75:72:65:20:41:6c:67:6f:72:69:74:68:6d:20:28:45:43:44:53:41:29:20:69:73:20:61:20:76:61:72:69:61:6e:74:20:6f:66:20:74:68:65:20:44:69:67:69:74:61:6c:20:53:69:67:6e:61:74:75:72:65:20:41:6c:67:6f:72:69:74:68:6d:20:28:44:53:41:29:20:77:68:69:63:68:20:75:73:65:73:20:65:6c:6c:69:70:74:69:63:20:63:75:72:76:65:20:63:72:79:70:74:6f:67:72:61:70:68:79:2eKey 1
Public Key:
04:48:04:8e:c0:3c:5b:83:cb:25:0b:86:14:d1:ec:ad:5e:1e:ed:2e:78:c7:57:53:95:c7:81:9c:6c:89:1d:41:8a:12:ab:b6:f8:80:cd:f6:c8:5b:93:8c:78:f3:85:82:72:e3:1e:c1:58:39:ab:e1:12:7e:71:9a:87:ab:07:d6:48Sig 1 [OK]
30:45:02:21:00:a5:2c:6e:0e:08:7b:f1:a9:9f:dc:2f:fd:c8:55:a1:20:d6:15:ee:e2:02:6f:f7:ae:e6:0f:ba:17:f0:9f:fe:2c:02:20:78:74:d2:10:a2:37:41:80:34:bb:c1:5c:0f:c0:d6:3f:a9:cd:49:93:83:5e:ce:ef:53:04:e5:cd:a1:47:43:80Sig 2 [OK]
30:45:02:21:00:da:3c:23:b0:ce:80:d5:78:3c:87:fd:5c:fe:ca:ab:11:8d:ab:94:9e:79:46:b3:95:6f:58:27:c3:54:fc:1b:34:02:20:40:6d:a2:0e:a1:2c:66:92:f7:9e:bc:19:83:aa:b2:17:18:bc:66:11:55:55:f5:48:ac:07:a7:49:70:9e:c2:a0Key 2
Public Key:
04:b0:25:84:9f:ad:1a:e5:55:d2:64:a7:b3:2e:8a:fd:0f:69:ba:26:ec:31:1f:c8:ab:bb:86:54:a4:d5:f5:1a:82:33:5d:ff:37:31:e6:c9:93:ee:a5:0c:be:ed:86:fc:e7:a7:58:fb:c6:38:35:1b:70:f9:fc:81:e7:c1:6f:af:15Sig 1 [OK]:
30:45:02:21:00:ef:a4:28:48:af:03:59:61:7e:72:d1:39:e0:e6:e1:8d:a0:7e:39:84:88:4d:4a:d8:e5:85:89:84:e0:c9:f5:1d:02:20:5e:3a:df:15:a2:de:ff:ed:a8:4f:76:62:9a:28:34:a5:a1:b2:f2:0f:25:6d:f8:84:7f:c3:28:86:58:26:b2:6bSig 2 [FAIL]:
30:46:02:21:00:8b:79:67:4d:5d:37:43:ea:22:23:d0:7a:7c:f2:82:d9:67:29:f4:92:53:e6:a6:c7:12:b0:d4:bb:c8:1b:ef:80:02:21:00:b1:21:78:cf:c5:e5:e9:c7:14:3d:e4:c9:81:a5:85:6b:31:21:9a:28:d3:18:8b:c2:b0:32:0d:66:7e:1d:fe:3dKey 3
Public Key:
04:34:c2:a4:a9:e8:b3:e5:30:66:de:48:a5:e3:9f:97:a1:98:5a:3a:10:4a:21:4e:65:57:40:c1:cf:44:e2:48:39:5f:c9:42:d5:8b:00:5c:0d:20:7a:0e:7d:0e:41:bf:fa:92:de:4d:e9:90:1e:f0:a9:26:96:a5:7f:11:c8:75:f0Sig 1 [FAIL]:
30:45:02:20:17:a5:6a:e5:d7:d3:dc:2c:4f:b8:ad:e0:1b:d9:2e:e3:12:46:b4:80:38:e4:c5:9c:12:9e:e3:44:bc:11:1a:9d:02:21:00:e0:56:a4:b1:6a:cb:15:4e:3b:03:61:84:ce:c9:5e:00:d4:54:e3:77:1a:20:43:33:90:ae:87:94:3c:cd:4d:9bSig 2 [FAIL]:
30:45:02:20:12:94:9e:42:cd:54:fb:9f:da:6e:5f:05:b4:1a:c4:ea:c8:1d:4f:81:38:6e:f2:86:fe:96:57:2a:65:80:82:05:02:21:00:9e:a5:3d:e8:bc:3b:0c:8d:d5:7a:1e:94:93:71:cf:b1:28:d2:43:4e:2c:a7:d1:7c:aa:39:66:4b:01:38:d8:f2The text was updated successfully, but these errors were encountered: