ECDSA verification succeeds when it shouldn't

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ECDSA verification succeeds when it shouldn't

GnuPG - Libgcrypt - Dev mailing list
My fuzzer found this:

ecc curve: secp256r1
public key X: 4534198767316794591643245143622298809742628679895448054572722918996032022405
public key Y: 107839128084157537346759045080774377135290251058561962283882310383644151460337
cleartext: {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51} (32 bytes)
signature R: 4534198767316794591643245143622298809742628679895448054572722918996032022405
signature S: 4534198767316794591643245143622298809742628679895448054572722918996032022405

where 'cleartext' is the data passed as-is (unhashed) to the verification function.

gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other libraries return failure.


_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: ECDSA verification succeeds when it shouldn't

NIIBE Yutaka
Guido Vranken via Gcrypt-devel <[hidden email]> wrote:
> My fuzzer found this:
[...]
> gcry_pk_verify() returns GPG_ERR_NO_ERROR for these parameters but other
> libraries return failure.

Thank you.

For some reason which I don't know, perhaps hisotorically, checking
public key was not done (other than for EdDSA).

I created the task:
    https://dev.gnupg.org/T5282

And push a fix commit:
    https://dev.gnupg.org/rC598d0f3e0294a487e01b88cc714a8cd0a47329bb
--

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel