Handle NIST format signatures
BoringSSL expects EC signatures in DER format, but COSE transports
them in NIST format (bare concatenation of R and S).
Add code to support conversion from NIST to DER, and provide separate
signature verification methods for each format.
Loosely based on aosp/3064203.
Bug: 338745127
Test: atest VmAttestationTestApp
Change-Id: If5dd07e5e5b94a4c7491b2f828cfe73a2492df64
diff --git a/libs/bssl/tests/eckey_test.rs b/libs/bssl/tests/eckey_test.rs
index 3c0e45d..00ed6c5 100644
--- a/libs/bssl/tests/eckey_test.rs
+++ b/libs/bssl/tests/eckey_test.rs
@@ -88,7 +88,7 @@
assert_eq!(digest, sha256(MESSAGE1)?);
let signature = ec_key.ecdsa_sign(&digest)?;
- ec_key.ecdsa_verify(&signature, &digest)?;
+ ec_key.ecdsa_verify_der(&signature, &digest)?;
// Building a `PKey` from a temporary `CoseKey` should work as the lifetime
// of the `PKey` is not tied to the lifetime of the `CoseKey`.
let pkey = PKey::from_cose_public_key(&ec_key.cose_public_key()?)?;
@@ -103,7 +103,7 @@
let digest = digester.digest(MESSAGE1)?;
let signature = ec_key.ecdsa_sign(&digest)?;
- ec_key.ecdsa_verify(&signature, &digest)?;
+ ec_key.ecdsa_verify_der(&signature, &digest)?;
let pkey = PKey::from_cose_public_key(&ec_key.cose_public_key()?)?;
pkey.verify(&signature, MESSAGE1, Some(digester))
}
@@ -117,7 +117,7 @@
let mut ec_key2 = EcKey::new_p256()?;
ec_key2.generate_key()?;
- let err = ec_key2.ecdsa_verify(&signature, &digest).unwrap_err();
+ let err = ec_key2.ecdsa_verify_der(&signature, &digest).unwrap_err();
let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
assert_eq!(expected_err, err);
@@ -137,7 +137,7 @@
let signature = ec_key.ecdsa_sign(&digest1)?;
let digest2 = sha256(MESSAGE2)?;
- let err = ec_key.ecdsa_verify(&signature, &digest2).unwrap_err();
+ let err = ec_key.ecdsa_verify_der(&signature, &digest2).unwrap_err();
let expected_err = Error::CallFailed(ApiName::ECDSA_verify, EcdsaError::BadSignature.into());
assert_eq!(expected_err, err);
Ok(())