Fix ecdsa signature verification test.

This commit is contained in:
Mariano Cano 2021-01-28 11:38:21 -08:00
parent 35bf9b787e
commit 6c113542c8

View file

@ -392,6 +392,24 @@ func TestPKCS11_CreateSigner(t *testing.T) {
data := []byte("buggy-coheir-RUBRIC-rabbet-liberal-eaglet-khartoum-stagger")
setupSoftHSM2, setupYubiHSM2 := setupFuncs(t)
// VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
// public key, pub. Its return value records whether the signature is valid.
verifyASN1 := func(pub *ecdsa.PublicKey, hash, sig []byte) bool {
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sig)
if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
!input.Empty() ||
!inner.ReadASN1Integer(r) ||
!inner.ReadASN1Integer(s) ||
!inner.Empty() {
return false
}
return ecdsa.Verify(pub, hash, r, s)
}
type args struct {
req *apiv1.CreateSignerRequest
}
@ -481,7 +499,7 @@ func TestPKCS11_CreateSigner(t *testing.T) {
}
case apiv1.ECDSAWithSHA256, apiv1.ECDSAWithSHA384, apiv1.ECDSAWithSHA512:
pub := got.Public().(*ecdsa.PublicKey)
if !VerifyASN1(pub, digest, sig) {
if !verifyASN1(pub, digest, sig) {
t.Error("ecdsa.VerifyASN1() failed")
}
default:
@ -645,21 +663,3 @@ func TestPKCS11_StoreCertificate(t *testing.T) {
})
}
}
// VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
// public key, pub. Its return value records whether the signature is valid.
func VerifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
var (
r, s = &big.Int{}, &big.Int{}
inner cryptobyte.String
)
input := cryptobyte.String(sig)
if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
input.Empty() ||
inner.ReadASN1Integer(r) ||
inner.ReadASN1Integer(s) ||
inner.Empty() {
return false
}
return ecdsa.Verify(pub, hash, r, s)
}