Proof and Signaure fail to pass verification

[bafu]

Description

Download the generated Proof and Signature, and the verification utility fails to verify them.

Steps to Reproduce

1. Take a photo.
2. Download Proof and Signature.
3. Run the verification script.

Expected Behavior

• Expected: Pass verification
• Actual: Fail to pass verification

Logs

db8cd5bf86adef5b1669f9ee4725080abc87c25f1dd0bfc37137747caab06604.zip

starling-capture/util/verification $ poetry run pytest
=========================================================================================== test session starts ============================================================================================
platform linux -- Python 3.8.2, pytest-6.1.1, py-1.9.0, pluggy-0.13.1
rootdir: /home/bafu/codes/starling-capture/util/verification
collected 3 items                                                                                                                                                                                          

tests/test_verification.py ..F                                                                                                                                                                       [100%]

================================================================================================= FAILURES =================================================================================================
____________________________________________________________________________________________ test_verify_debug _____________________________________________________________________________________________

    def test_verify_debug():
>       assert verify(DEBUG_INFORMATION_FILENAME, DEBUG_SIGNATURE_FILENAME)

tests/test_verification.py:25: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
verification/verification.py:13: in verify
    verified = verify_ecdsa_with_sha256(
verification/verification.py:29: in verify_ecdsa_with_sha256
    return public_key.verify(
.venv/lib/python3.8/site-packages/ecdsa/keys.py:654: in verify
    return self.verify_digest(signature, digest, sigdecode, allow_truncate)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = VerifyingKey.from_string(b'\x03.\x82(\n\x955\x88\x0e~\xa6j\xaa"\xf0\x06\xcb\x84L\x84\x93\xfc_%jG?F\xcb\x18\x86\xefV', NIST256p, sha256)
signature = b"0F\x02!\x00\xdc\xc8\xf4#\xc2Y\x9c$'\x96Xa;\x19U\x9cB\x02\x87\xec\xb6\x02\xc3/N\xa2\xd0\xee\x91r\xd36\x02!\x00\xc2\x06\xf5\xe1c#m\xd8\xc1\xbfH\xd2\x18~Am\xbfV&Yj\x0f\xa9\xe6\xc5\xdd\x05\xe0Z\xf7\x11\x82"
digest = <memory at 0x7fcf30932880>, sigdecode = <function sigdecode_der at 0x7fcf305b65e0>, allow_truncate = True

    def verify_digest(
        self,
        signature,
        digest,
        sigdecode=sigdecode_string,
        allow_truncate=False,
    ):
        """
        Verify a signature made over provided hash value.

        By default expects signature in :term:`raw encoding`. Can also be used
        to verify signatures in ASN.1 DER encoding by using
        :func:`ecdsa.util.sigdecode_der`
        as the `sigdecode` parameter.

        :param signature: encoding of the signature
        :type signature: sigdecode method dependant
        :param digest: raw hash value that the signature authenticates.
        :type digest: bytes like object
        :param sigdecode: Callable to define the way the signature needs to
            be decoded to an object, needs to handle `signature` as the
            first parameter, the curve order (an int) as the second and return
            a tuple with two integers, "r" as the first one and "s" as the
            second one. See :func:`ecdsa.util.sigdecode_string` and
            :func:`ecdsa.util.sigdecode_der` for examples.
        :type sigdecode: callable
        :param bool allow_truncate: if True, the provided digest can have
            bigger bit-size than the order of the curve, the extra bits (at
            the end of the digest) will be truncated. Use it when verifying
            SHA-384 output using NIST256p or in similar situations.

        :raises BadSignatureError: if the signature is invalid or malformed
        :raises BadDigestError: if the provided digest is too big for the curve
            associated with this VerifyingKey and allow_truncate was not set

        :return: True if the verification was successful
        :rtype: bool
        """
        # signature doesn't have to be a bytes-like-object so don't normalise
        # it, the decoders will do that
        digest = normalise_bytes(digest)
        if allow_truncate:
            digest = digest[: self.curve.baselen]
        if len(digest) > self.curve.baselen:
            raise BadDigestError(
                "this curve (%s) is too short "
                "for your digest (%d)" % (self.curve.name, 8 * len(digest))
            )
        number = string_to_number(digest)
        try:
            r, s = sigdecode(signature, self.pubkey.order)
        except (der.UnexpectedDER, MalformedSignature) as e:
            raise BadSignatureError("Malformed formatting of signature", e)
        sig = ecdsa.Signature(r, s)
        if self.pubkey.verifies(number, sig):
            return True
>       raise BadSignatureError("Signature verification failed")
E       ecdsa.keys.BadSignatureError: Signature verification failed

.venv/lib/python3.8/site-packages/ecdsa/keys.py:712: BadSignatureError
========================================================================================= short test summary info ==========================================================================================
FAILED tests/test_verification.py::test_verify_debug - ecdsa.keys.BadSignatureError: Signature verification failed
======================================================================================= 1 failed, 2 passed in 0.51s ========================================================================================

Environment

• Version: 1.8.0 (app-master-debug.apk)
• OS: Android 8.1.0
• Device: HTC Exodus 1s

[bafu]

Enabled "Sign with Zion" in settings, and the Proof and Signature can pass verification:

a87f081d017323d9cc6f7fc6cbe6b0adabb2f11889d37bcfd56be5918c329200.zip

starling-capture/util/verification $ poetry run pytest
=========================================================================================== test session starts ===========================================================================================
platform linux -- Python 3.8.2, pytest-6.1.1, py-1.9.0, pluggy-0.13.1
rootdir: /home/bafu/codes/starling-capture/util/verification
collected 3 items                                                                                                                                                                                         

tests/test_verification.py ...                                                                                                                                                                      [100%]

============================================================================================ 3 passed in 0.39s ============================================================================================

[bafu]

Session-based Proof and Signature can pass verification:

2a487ceb30dca8a28551bb468e54c3874563c6ff33a6aa20fab167e719242add.zip

starling-capture/util/verification $ poetry run pytest
=================================================================================== test session starts ====================================================================================
platform linux -- Python 3.8.2, pytest-6.1.1, py-1.9.0, pluggy-0.13.1
rootdir: /home/bafu/codes/starling-capture/util/verification
collected 3 items                                                                                                                                                                          

tests/test_verification.py ...                                                                                                                                                       [100%]

==================================================================================== 3 passed in 0.43s =====================================================================================

Session key pair

# public key
3059301306072a8648ce3d020106082a8648ce3d030107034200045f4876d8ae65477b5985484ee9d6fd2a5a78b2bcebdaf090f7c9bb85c89f4de55f909e5663caac8cd6e958d8eff50a029ec4c7245aa1ea1716787c62229a9a34

# private key
308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b020101042022619451d73a16a0c41c3507435948af61f1a8dbbb901d5b18a1cf2ff648cafea144034200045f4876d8ae65477b5985484ee9d6fd2a5a78b2bcebdaf090f7c9bb85c89f4de55f909e5663caac8cd6e958d8eff50a029ec4c7245aa1ea1716787c62229a9a34

# public key signature
d779896950561be2f2532758ba977d1a04280e98c86d7cde4b1b58f570ec4a6530c2c163b997ae3dcaa843e922f0c888e591adde46b84f1b20001ad68d47686b1b

[bafu]

SW key pair signature

$ jq . db8cd5bf86adef5b1669f9ee4725080abc87c25f1dd0bfc37137747caab06604/signature.json 
[
  {
    "proofHash": "db8cd5bf86adef5b1669f9ee4725080abc87c25f1dd0bfc37137747caab06604",
    "provider": "AndroidOpenSSL",
    "signature": "3044022030eeae6967eeace6f3665b846ad39b1199c3697355992ed41d3c7031cd58f95902206a9d9f2947b44c82f32ae2bcf81fd4e292fe7e622f184a4712d6504e166e2ba9",
    "publicKey": "3059301306072a8648ce3d020106082a8648ce3d03010703420004813afd7f6ba95fdebeac7812c7ab5af9ca59547b2a73f5aa75accca4e4ad2eb6849d4948a9fcfb8c2b890ba0dfbe4463bbfe4ac163981a93517bfb34598fc850"
  }
]

Zion key pair signature

jq . a87f081d017323d9cc6f7fc6cbe6b0adabb2f11889d37bcfd56be5918c329200/signature.json 
[
  {
    "proofHash": "a87f081d017323d9cc6f7fc6cbe6b0adabb2f11889d37bcfd56be5918c329200",
    "provider": "AndroidOpenSSL",
    "signature": "3046022100b46bc0b1cc2fed99fd2c14a2c0e505d8e0a16345d4629cda7ce7431bf1ab049b022100a777e4b571de69ffa8082437219d096a2435a538c9be6e6f66b2170af92ba494",
    "publicKey": "3059301306072a8648ce3d020106082a8648ce3d03010703420004813afd7f6ba95fdebeac7812c7ab5af9ca59547b2a73f5aa75accca4e4ad2eb6849d4948a9fcfb8c2b890ba0dfbe4463bbfe4ac163981a93517bfb34598fc850"
  },
  {
    "proofHash": "a87f081d017323d9cc6f7fc6cbe6b0adabb2f11889d37bcfd56be5918c329200",
    "provider": "Zion",
    "signature": "fafcd18803544545cf5d8100b43c7718e780078a28e95cb00dcbdecda2c8fa167f49299f1468566253c41a3ef84e6dc724d8dabc660d0217c4264d29f412ebf91b",
    "publicKey": "Receive:\n03aced43f9dddc120291f5cdf73580fbb592b5b21054ce61eb73cbaf98efcbe82e\n\nSend:\n03aced43f9dddc120291f5cdf73580fbb592b5b21054ce61eb73cbaf98efcbe82e"
  }
]

Zion session-based key pair signature

jq . signature.json 
[
  {
    "proofHash": "2a487ceb30dca8a28551bb468e54c3874563c6ff33a6aa20fab167e719242add",
    "provider": "AndroidOpenSSL",
    "signature": "30450221008d9d1112393f9253e805618970dbb4330b8857608d9d0bc34912687ac5b786b60220390ba1c4cd463b5b4bbf91008c6257cdf48537750e8fcc847c1b2658784fbf8d",
    "publicKey": "3059301306072a8648ce3d020106082a8648ce3d03010703420004813afd7f6ba95fdebeac7812c7ab5af9ca59547b2a73f5aa75accca4e4ad2eb6849d4948a9fcfb8c2b890ba0dfbe4463bbfe4ac163981a93517bfb34598fc850"
  },
  {
    "proofHash": "2a487ceb30dca8a28551bb468e54c3874563c6ff33a6aa20fab167e719242add",
    "provider": "Zion",
    "signature": "3045022100fad0f5b49cd9f44df729c8dda82a852b4fc8535179c6fbc186c4c92b016897f502203d0b895c53518443f8cdfae62993ee2d6b197a7e9a41664f170e88c11fbb7667",
    "publicKey": "Session:\n3059301306072a8648ce3d020106082a8648ce3d030107034200045f4876d8ae65477b5985484ee9d6fd2a5a78b2bcebdaf090f7c9bb85c89f4de55f909e5663caac8cd6e958d8eff50a029ec4c7245aa1ea1716787c62229a9a34\n\nReceive:\n03aced43f9dddc120291f5cdf73580fbb592b5b21054ce61eb73cbaf98efcbe82e\n\nSend:\n03aced43f9dddc120291f5cdf73580fbb592b5b21054ce61eb73cbaf98efcbe82e"
  }
]

[bafu]

Fixed by commit 1272334