Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • pike pike
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 105
    • Issues 105
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • pikelang
  • pikepike
  • Issues
  • #10078
Closed
Open
Issue created Dec 08, 2021 by Joshua Rogers@jrogers

Crypto.ECC.SECP_521R1 does not verify valid signatures.

Hi there,

While conducting some tests of Crypto.ECC.SECP_521R1->ECDSA(), I've come across a testcase which should be successfully verified, but it is not.

The code is as follows:

int main() {
	string x = "00ee030cdb40abf70726866681f7b7fedc534190929c05a650bb928b894a5bbfe9577eea83c6331a796fa27ed9fac95d9ecacdfef6d61c925502b0afddc671463549";
	string y = "0155606dd4cab19330c57c2ee740cd9c7c88bd88d95f840f315d525379dfeb7ea9bd3677b2185b92957f374317cc6124aacc8708075c4c05c95cbbc355bd692c3708";
	string msg = "313233343030";
	string sig = "30818702420090c8d0d718cb9d8d81094e6d068fb13c16b4df8c77bac676dddfe3e68855bed06b9ba8d0f8a80edce03a9fac7da561e24b1cd22d459239a146695a671f81f73aaf02413ee5a0a544b0842134629640adf5f0637087b04a442b1e6a22555dc1d8b93f8784f1ddd0cf90f75944cc2cd7ae373e5c2bac356a60ff9d08adfcdba3fa1b7a9d1d";

	mixed state = Crypto.ECC.SECP_521R1->ECDSA();
   state->set_public_key(Gmp.mpz(x, 16), Gmp.mpz(y, 16));

   if(state->pkcs_verify(String.hex2string(msg), Crypto.SHA3_512, String.hex2string(sig)))
		write("Success!\n");

	return 0;
}

The test codes from https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_secp521r1_sha512_test.json#L4279, and the explanation for the test is as follows: "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission"

Please note: I have not tested this in Nettle itself, because I'm not 100% sure how to use the related functions in the C code.

Thank you.

Edited Dec 09, 2021 by Joshua Rogers
Assignee
Assign to
Time tracking