search

rust-italia / dgc

A parser and validator for the EU Digital Green Certificate (dgc) a.k.a. greenpass
https://github.com/rust-italia/dgc
MIT License
26 stars 11 forks source link

Failing tests with (maybe) wrong data #34

Open dodomorandi opened 2 years ago

dodomorandi commented 2 years ago

There are a few json files that fails for strange reasons.

For instance, as discussed in #33, there are some public keys that use ECDSA-P384 signing algorithm, even if the alg field in the fields indicates a RSA-PSS-SHA256 signature.

Maybe it is something that we cannot really fix, but at least we have a tracking issue to refer.

bfabio commented 2 years ago

The ones that are failing:

Looking at 401.json's COSE data, alg is -7 (Es256, ECDSA w/ SHA-256), while this is its certificate and public key:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 4098 (0x1002)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = ES, ST = Illes Balears, O = Ib-Salut, OU = DTIC, CN = Test CVD CA Intermedio, emailAddress = sergio.juan2@ibsalut.es
        Validity
            Not Before: May  5 08:14:46 2021 GMT
            Not After : May  5 08:14:46 2023 GMT
        Subject: C = ES, ST = Illes Balears, O = Ib-Salut, OU = DTIC, CN = TESTCVD3, emailAddress = sergio.juan2@ibsalut.es
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:a8:9a:a7:09:68:92:5e:7e:91:0a:af:9c:1f:a7:
                    0f:33:98:6b:d9:8b:8f:8c:27:ba:9e:f0:dc:9b:c4:
                    da:b6:92:ec:ec:1b:3a:9c:87:6a:e3:89:d2:4b:dd:
                    33:a9:07:f1:0c:77:55:13:d8:6f:1f:28:0c:89:fc:
                    00:1e:e2:85:81:66:ed:14:c9:47:4f:89:48:47:63:
                    33:32:1e:5e:75:fd:ef:e9:93:17:a6:3c:72:a3:87:
                    a9:b6:90:c9:c5:0e:73
                ASN1 OID: secp384r1
                NIST CURVE: P-384

Now, it looks like ring doesn't have the ECDSA_P384_SHA256_FIXED algorithm, but a quick patch makes those tests pass:

diff --git a/src/ec/suite_b/ecdsa/verification.rs b/src/ec/suite_b/ecdsa/verification.rs
index be551e695..cbfed78eb 100644
--- a/src/ec/suite_b/ecdsa/verification.rs
+++ b/src/ec/suite_b/ecdsa/verification.rs
@@ -43,6 +43,7 @@ enum AlgorithmID {
     ECDSA_P256_SHA256_FIXED,
     ECDSA_P256_SHA384_ASN1,
     ECDSA_P384_SHA256_ASN1,
+    ECDSA_P384_SHA256_FIXED,
     ECDSA_P384_SHA384_ASN1,
     ECDSA_P384_SHA384_FIXED,
 }
@@ -272,6 +273,13 @@ pub static ECDSA_P384_SHA256_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificatio
     id: AlgorithmID::ECDSA_P384_SHA256_ASN1,
 };

+pub static ECDSA_P384_SHA256_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+    ops: &p384::PUBLIC_SCALAR_OPS,
+    digest_alg: &digest::SHA256,
+    split_rs: split_rs_fixed,
+    id: AlgorithmID::ECDSA_P384_SHA256_FIXED,
+};
+
 /// Verification of ASN.1 DER-encoded ECDSA signatures using the P-384 curve
 /// and SHA-384.
 ///
diff --git a/src/signature.rs b/src/signature.rs
index bef92dc4b..93e6a944b 100644
--- a/src/signature.rs
+++ b/src/signature.rs
@@ -271,7 +271,7 @@ pub use crate::ec::{
         verification::{
             EcdsaVerificationAlgorithm, ECDSA_P256_SHA256_ASN1, ECDSA_P256_SHA256_FIXED,
             ECDSA_P256_SHA384_ASN1, ECDSA_P384_SHA256_ASN1, ECDSA_P384_SHA384_ASN1,
-            ECDSA_P384_SHA384_FIXED,
+            ECDSA_P384_SHA384_FIXED, ECDSA_P384_SHA256_FIXED,
         },
     },
 };