From 56c62e4eef0cd3084e52e5f6e4e38e3a233716ee Mon Sep 17 00:00:00 2001 From: Bohdan Kuchma Date: Tue, 10 Dec 2024 20:56:25 +0200 Subject: [PATCH] Refactor ECDSA signature verification --- internal/algorithms/ecdsa.go | 28 ----------------------- internal/service/api/requests/register.go | 3 +-- internal/types/signature_algorithm.go | 11 +++++++-- 3 files changed, 10 insertions(+), 32 deletions(-) delete mode 100644 internal/algorithms/ecdsa.go diff --git a/internal/algorithms/ecdsa.go b/internal/algorithms/ecdsa.go deleted file mode 100644 index bba11ae..0000000 --- a/internal/algorithms/ecdsa.go +++ /dev/null @@ -1,28 +0,0 @@ -package algorithms - -import ( - "crypto/ecdsa" - "crypto/sha256" - "encoding/asn1" - "math/big" - - "gitlab.com/distributed_lab/logan/v3/errors" -) - -type ECDSASignature struct { - R, S *big.Int -} - -func VerifyECDSA(data, sig []byte, publicKey *ecdsa.PublicKey) error { - var esig ECDSASignature - _, err := asn1.Unmarshal(sig, &esig) - if err != nil { - return errors.New("failed to unmarshal ASN.1 ECDSA signature") - } - hash := sha256.Sum256(data) - if ok := ecdsa.Verify(publicKey, hash[:], esig.R, esig.S); !ok { - return err - } - - return nil -} diff --git a/internal/service/api/requests/register.go b/internal/service/api/requests/register.go index 4b39b3b..d4353b5 100644 --- a/internal/service/api/requests/register.go +++ b/internal/service/api/requests/register.go @@ -45,8 +45,7 @@ func validateRegister(r resources.RegisterResponse) error { })), "/data/attributes/document_sod/dg15": validation.Validate( r.Data.Attributes.DocumentSod.Dg15, - validation.Required, - validation.Length(1, 512), + validation.Length(0, 512), ), "/data/attributes/document_sod/signed_attributes": validation.Validate( r.Data.Attributes.DocumentSod.SignedAttributes, diff --git a/internal/types/signature_algorithm.go b/internal/types/signature_algorithm.go index d85ce4c..973adc8 100644 --- a/internal/types/signature_algorithm.go +++ b/internal/types/signature_algorithm.go @@ -6,7 +6,6 @@ import ( "crypto/rsa" "hash" - "github.com/rarimo/passport-identity-provider/internal/algorithms" "gitlab.com/distributed_lab/logan/v3/errors" ) @@ -43,12 +42,20 @@ func GeneralVerify(publicKey interface{}, hash []byte, signature []byte, algo Al if !ok { return ErrInvalidPublicKey{Expected: algo.SignatureAlgorithm} } - return algorithms.VerifyECDSA(hash, signature, ecdsaKey) + return verifyECDSA(hash, signature, ecdsaKey) default: return errors.New("unsupported signature algorithm") } } +func verifyECDSA(data, sig []byte, publicKey *ecdsa.PublicKey) error { + if ok := ecdsa.VerifyASN1(publicKey, data, sig); !ok { + return errors.New("failed to verify ECDSA signature") + } + + return nil +} + func GeneralHash(algorithm HashAlgorithm) hash.Hash { switch algorithm { case SHA1: