Fix signature computation for algorithms ES384 and ES512.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-09-20 03:10:10 +00:00 · 2023-08-16 12:39:53 +02:00 · 2023-08-16 12:39:53 +02:00 · ce040a79f5
commit ce040a79f5
parent 8ffd1bfe38
2 changed files with 23 additions and 8 deletions
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@ -574,16 +574,23 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    }

    memcpy(pa, clientDataHash.data, clientDataHash.len);
-    uint8_t hash[32], sig[MBEDTLS_ECDSA_MAX_LEN];
-    ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+    uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
+    const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+    if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
+        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
+    }
+    else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) {
+        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+    }
+    ret = mbedtls_md(md,
                     aut_data,
                     aut_data_len + clientDataHash.len,
                     hash);
    size_t olen = 0;
    ret = mbedtls_ecdsa_write_signature(&ekey,
-                                        MBEDTLS_MD_SHA256,
+                                        mbedtls_md_get_type(md),
                                        hash,
-                                        32,
+                                        mbedtls_md_get_size(md),
                                        sig,
                                        sizeof(sig),
                                        &olen,
--- a/src/fido/cbor_make_credential.c
+++ b/src/fido/cbor_make_credential.c
@ -424,8 +424,15 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
    }

    memcpy(pa, clientDataHash.data, clientDataHash.len);
-    uint8_t hash[32], sig[MBEDTLS_ECDSA_MAX_LEN];
-    ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+    uint8_t hash[64], sig[MBEDTLS_ECDSA_MAX_LEN];
+    const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
+    if (ekey.grp.id == MBEDTLS_ECP_DP_SECP384R1) {
+        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
+    }
+    else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) {
+        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
+    }
+    ret = mbedtls_md(md,
                     aut_data,
                     aut_data_len + clientDataHash.len,
                     hash);
@ -435,12 +442,13 @@ int cbor_make_credential(const uint8_t *data, size_t len) {
        mbedtls_ecdsa_free(&ekey);
        mbedtls_ecdsa_init(&ekey);
        ret = mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, &ekey, file_get_data(ef_keydev), 32);
+        md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
        self_attestation = false;
    }
    ret = mbedtls_ecdsa_write_signature(&ekey,
-                                        MBEDTLS_MD_SHA256,
+                                        mbedtls_md_get_type(md),
                                        hash,
-                                        32,
+                                        mbedtls_md_get_size(md),
                                        sig,
                                        sizeof(sig),
                                        &olen,