commit 20b5ab21a901f0d1536d7d5190eef8a06643a5dd
author Alan Stokes <alanstokes@google.com> Fri May 10 15:40:43 2024 +0100
committer Alan Stokes <alanstokes@google.com> Mon May 13 13:48:34 2024 +0100
tree 76954acbfea756b611e3f70b79f866a682fd1e2c
parent 97011cfed31cae41028e01e5e27f067eb301a253

Make ecdsa_verify_cose testable

Add ecdsa_sign_cose (and rename the existing ecdsa_sign to
ecdsa_sign_der). Implement DER to COSE signature conversion to support
this.

Fix terminology - COSE format rather than NIST format.

Add tests to ensure that signing & verification are compatible.

Note that while I'm adding code to the production bssl library, none
of it is currently used other than in the new tests, so this shouldn't
break anything.

Bug: 338745127
Test: atest libbssl_avf_nostd.test
Change-Id: Ie522f556f90c4515b4f738a23a42c02ff48b073e

libs/bssl/tests/eckey_test.rs

diff --git a/libs/bssl/tests/eckey_test.rs b/libs/bssl/tests/eckey_test.rs
index 00ed6c5..0fc78a1 100644
--- a/libs/bssl/tests/eckey_test.rs
+++ b/libs/bssl/tests/eckey_test.rs
@@ -87,7 +87,7 @@
     let digest = digester.digest(MESSAGE1)?;
     assert_eq!(digest, sha256(MESSAGE1)?);
 
-    let signature = ec_key.ecdsa_sign(&digest)?;
+    let signature = ec_key.ecdsa_sign_der(&digest)?;
     ec_key.ecdsa_verify_der(&signature, &digest)?;
     // Building a `PKey` from a temporary `CoseKey` should work as the lifetime
     // of the `PKey` is not tied to the lifetime of the `CoseKey`.
@@ -102,7 +102,7 @@
     let digester = Digester::sha384();
     let digest = digester.digest(MESSAGE1)?;
 
-    let signature = ec_key.ecdsa_sign(&digest)?;
+    let signature = ec_key.ecdsa_sign_der(&digest)?;
     ec_key.ecdsa_verify_der(&signature, &digest)?;
     let pkey = PKey::from_cose_public_key(&ec_key.cose_public_key()?)?;
     pkey.verify(&signature, MESSAGE1, Some(digester))
@@ -113,7 +113,7 @@
     let mut ec_key1 = EcKey::new_p256()?;
     ec_key1.generate_key()?;
     let digest = sha256(MESSAGE1)?;
-    let signature = ec_key1.ecdsa_sign(&digest)?;
+    let signature = ec_key1.ecdsa_sign_der(&digest)?;
 
     let mut ec_key2 = EcKey::new_p256()?;
     ec_key2.generate_key()?;
@@ -134,7 +134,7 @@
     let mut ec_key = EcKey::new_p256()?;
     ec_key.generate_key()?;
     let digest1 = sha256(MESSAGE1)?;
-    let signature = ec_key.ecdsa_sign(&digest1)?;
+    let signature = ec_key.ecdsa_sign_der(&digest1)?;
     let digest2 = sha256(MESSAGE2)?;
 
     let err = ec_key.ecdsa_verify_der(&signature, &digest2).unwrap_err();
@@ -142,3 +142,42 @@
     assert_eq!(expected_err, err);
     Ok(())
 }
+
+#[test]
+fn ecdsa_cose_signing_and_verification_succeed() -> Result<()> {
+    let digest = sha256(MESSAGE1)?;
+    let mut ec_key = EcKey::new_p256()?;
+    ec_key.generate_key()?;
+
+    let signature = ec_key.ecdsa_sign_cose(&digest)?;
+    ec_key.ecdsa_verify_cose(&signature, &digest)?;
+    assert_eq!(signature.len(), 64);
+    Ok(())
+}
+
+#[test]
+fn verifying_ecdsa_cose_signed_with_a_different_message_fails() -> Result<()> {
+    let digest = sha256(MESSAGE1)?;
+    let mut ec_key = EcKey::new_p256()?;
+    ec_key.generate_key()?;
+
+    let signature = ec_key.ecdsa_sign_cose(&digest)?;
+
+    let err = ec_key.ecdsa_verify_cose(&signature, &sha256(MESSAGE2)?).unwrap_err();
+    let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
+    assert_eq!(expected_err, err);
+    Ok(())
+}
+
+#[test]
+fn verifying_ecdsa_cose_signed_as_der_fails() -> Result<()> {
+    let digest = sha256(MESSAGE1)?;
+    let mut ec_key = EcKey::new_p256()?;
+    ec_key.generate_key()?;
+
+    let signature = ec_key.ecdsa_sign_cose(&digest)?;
+    let err = ec_key.ecdsa_verify_der(&signature, &digest).unwrap_err();
+    let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
+    assert_eq!(expected_err, err);
+    Ok(())
+}