Closed infinisil closed 2 years ago
Openssl also implements these checks here, which references https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final
As discussed with @ErinvanderVeen:
Integer
fields for ECDSA keys then, instead of ByteString
s)Superseded by #136 for now, which introduces this and other public key checks
This check was accidentally removed in #80 because no specification that we implement mentioned anything of it. This only just came to my attention when stumbling upon this note from the webauthn spec:
I am however still not sure if we actually need to implement this check, and where. I can't find any vulnerability due to this check missing (just for signature verification), but it is clearly mentioned as a check that needs to be performed to validate a public key in documents describing ECDSA, among other checks. I can neither find anything about this check in COSE nor cryptonite. Should this be fixed in cryptonite? Does it need to be fixed? I am not sure yet