Bug #1377: Invalid EC signature encoding (when using smartcards)... - strongSwan

Bug #1377

Invalid EC signature encoding (when using smartcards)...

Added by Luka Logar over 9 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

libstrongswan

Target version:

5.5.0

Start date:

04.04.2016

Due date:

Estimated time:

Affected version:

5.4.0

Resolution:

Fixed

Description

I have noticed occasional

signature validation failed, looking for another key

errors in my logs. After investigating the matter further I have found the following (as I am using smartcard, pkcs11 and openssl modules are used to handle EC signature creation/validation):

On occasion C_Sign() returns r and/or s with a leading 00 byte for example:

r = 00 3D E3 01 D7 D4 BA EA AA 57 6C EB 81 1F 20 37 AF 8B 6A 57 7F E7 F5 B9 F0 3E B2 82 79 24 21 C2 
s = 92 D0 C5 7E 26 04 56 8E DE 34 90 CE 69 C7 12 B6 2C A7 AB 8C 2E 85 0A 2D FB CD 62 62 D9 59 EC B6

strongswan then asn1_wrap() the signature as

30 45 
   02 20 
      00 3D E3 01 D7 D4 BA EA AA 57 6C EB 81 1F 20 37 AF 8B 6A 57 7F E7 F5 B9 F0 3E B2 82 79 24 21 C2 
   02 21 
      00 92 D0 C5 7E 26 04 56 8E DE 34 90 CE 69 C7 12 B6 2C A7 AB 8C 2E 85 0A 2D FB CD 62 62 D9 59 EC B6

keeping the leading 00. ECDSA_verify() however expects the signature to be

30 44 
   02 1F 
      3D E3 01 D7 D4 BA EA AA 57 6C EB 81 1F 20 37 AF 8B 6A 57 7F E7 F5 B9 F0 3E B2 82 79 24 21 C2 
   02 21 
      00 92 D0 C5 7E 26 04 56 8E DE 34 90 CE 69 C7 12 B6 2C A7 AB 8C 2E 85 0A 2D FB CD 62 62 D9 59 EC B6

and the signature validation fails with the above mentioned error.

Kind regards
Luka

History

#1 Updated by Tobias Brunner over 9 years ago

Tracker changed from Issue to Bug
Category set to libstrongswan
Status changed from New to Feedback
Assignee set to Tobias Brunner
Target version set to 5.5.0

Thanks for the report. You're absolutely right. The r and s values returned by C_Sign() are just zero-padded to fill the buffer. We need to remove that padding before creating ASN.1 integers. I pushed a fix to the 1377-pkcs11-ec-signatures branch.

#2 Updated by Luka Logar over 9 years ago

I've applied the patches and so far haven't got any "signature validation failed" errors. I think you can safely close this ticket.
Thanks
Luka

#3 Updated by Tobias Brunner over 9 years ago

Status changed from Feedback to Closed
Resolution set to Fixed

Thanks for testing. I've applied the patches to master.

Project

General

Profile