From 6c113542c882254c6a9988eaed7145352f288542 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Thu, 28 Jan 2021 11:38:21 -0800 Subject: [PATCH] Fix ecdsa signature verification test. --- kms/pkcs11/pkcs11_test.go | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/kms/pkcs11/pkcs11_test.go b/kms/pkcs11/pkcs11_test.go index 62497549..619d9f23 100644 --- a/kms/pkcs11/pkcs11_test.go +++ b/kms/pkcs11/pkcs11_test.go @@ -392,6 +392,24 @@ func TestPKCS11_CreateSigner(t *testing.T) { data := []byte("buggy-coheir-RUBRIC-rabbet-liberal-eaglet-khartoum-stagger") setupSoftHSM2, setupYubiHSM2 := setupFuncs(t) + // VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the + // public key, pub. Its return value records whether the signature is valid. + verifyASN1 := func(pub *ecdsa.PublicKey, hash, sig []byte) bool { + var ( + r, s = &big.Int{}, &big.Int{} + inner cryptobyte.String + ) + input := cryptobyte.String(sig) + if !input.ReadASN1(&inner, asn1.SEQUENCE) || + !input.Empty() || + !inner.ReadASN1Integer(r) || + !inner.ReadASN1Integer(s) || + !inner.Empty() { + return false + } + return ecdsa.Verify(pub, hash, r, s) + } + type args struct { req *apiv1.CreateSignerRequest } @@ -481,7 +499,7 @@ func TestPKCS11_CreateSigner(t *testing.T) { } case apiv1.ECDSAWithSHA256, apiv1.ECDSAWithSHA384, apiv1.ECDSAWithSHA512: pub := got.Public().(*ecdsa.PublicKey) - if !VerifyASN1(pub, digest, sig) { + if !verifyASN1(pub, digest, sig) { t.Error("ecdsa.VerifyASN1() failed") } default: @@ -645,21 +663,3 @@ func TestPKCS11_StoreCertificate(t *testing.T) { }) } } - -// VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the -// public key, pub. Its return value records whether the signature is valid. -func VerifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool { - var ( - r, s = &big.Int{}, &big.Int{} - inner cryptobyte.String - ) - input := cryptobyte.String(sig) - if !input.ReadASN1(&inner, asn1.SEQUENCE) || - input.Empty() || - inner.ReadASN1Integer(r) || - inner.ReadASN1Integer(s) || - inner.Empty() { - return false - } - return ecdsa.Verify(pub, hash, r, s) -}