Adding test vectors for malformed ECDSA signatures and psychic ECDSA

signatures.

Both Nimbus-Jose and jose4j do not check the size of ECDSA signatures.
The effect is signature malleability.
Sometimes standards are a bit fuzzy about accepting alternative encodings.
Here, RFC 7518, section 3.4 requires that ES256 signatures are exactly 64 bytes
long.

NOKEYCHECK=True
PiperOrigin-RevId: 513222124

3 files changed, 207 insertions, 4 deletions

diff --git a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
index 185bc6a..4f67048 100644
--- a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
+++ b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java
@@ -76,8 +76,11 @@ public class JsonWebSignatureTest {
         "base64_InvalidCharacterInPayload_tcId371",
         "base64_InvalidCharacterInsertedInHeader_tcId372",
         "base64_InvalidCharacterInsertedInPayload_tcId373",
-        "base64_MacOfIncorrectlyEncodedMessage_tcId375"
-    );
+        "base64_MacOfIncorrectlyEncodedMessage_tcId375",
+        // jose4j does not check the size of the signature and accepts signatures with
+        // leading Zeros.
+        "SpecialCaseEs256_SignatureTooLong_tcId379",
+        "SpecialCaseEs256_BufferOverflow_tcId385");
   }
 
   /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */
diff --git a/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java b/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java
index d72cf52..b726de7 100644
--- a/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java
+++ b/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java
@@ -76,7 +76,14 @@ public class NimbusJoseJwsTest {
         "base64_InvalidCharacterInPayload_tcId371",
         "base64_InvalidCharacterInsertedInHeader_tcId372",
         "base64_InvalidCharacterInsertedInPayload_tcId373",
-        "base64_MacOfIncorrectlyEncodedMessage_tcId375");
+        "base64_MacOfIncorrectlyEncodedMessage_tcId375",
+        // NimbusJose does not check the size of the signature and accepts signatures with
+        // leading zeros. This means that signatures are malleable. (Existing signatures
+        // can be modified but the that was signed does not change.) A comparable
+        // bug is for example CVE 2020-13822.
+        // RFC 7518 specifies in section 3.4 that ES256 signatures must be 64 bytes long.
+        "SpecialCaseEs256_SignatureTooLong_tcId379",
+        "SpecialCaseEs256_BufferOverflow_tcId385");
   }
 
   /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */
diff --git a/testvectors/json_web_signature_test.json b/testvectors/json_web_signature_test.json
index c0afad1..ce00264 100644
--- a/testvectors/json_web_signature_test.json
+++ b/testvectors/json_web_signature_test.json
@@ -1,6 +1,6 @@
 {
   "generatorVersion" : "0.3",
-  "numberOfTests" : 375,
+  "numberOfTests" : 401,
   "header" : [
     "Test vectors of type JsonWebSignature are intended for tests that check the ",
     "verification operation of a JSON Web Signature library."
@@ -3717,6 +3717,199 @@
           "result": "valid"
         }
       ]
+    },
+    {
+      "type": "JsonWebSignature",
+      "comment": "SpecialCaseEs256",
+      "private": {
+        "alg": "ES256",
+        "use": "sig",
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "public": {
+        "alg": "ES256",
+        "use": "sig",
+        "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY",
+        "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw",
+        "crv": "P-256",
+        "kid": "kid-ec-sign",
+        "kty": "EC"
+      },
+      "tests": [
+        {
+          "tcId": 378,
+          "comment": "valid",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrppUShFwBW_Qj7IqhFOtNrIXLLKXS5CSZmERxmnjeyoiQ",
+          "result": "valid",
+          "flags": []
+        },
+        {
+          "tcId": 379,
+          "comment": "SignatureTooLong",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 380,
+          "comment": "TrailingZeros",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutroAlq7XuT_qQL7BN1XusUslN2A0MFB41VTrb3KxG252fMgA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 381,
+          "comment": "RisTooBig",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AeXANDd8jD-4s2plHeXPZFeeUhXFGPm1S1ChNFgFkdwLAJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 382,
+          "comment": "SisTooBig",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AZau17g_6kC_wTdV7rFLJTcdGyr-H-zzcGMse95q2aIZ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 383,
+          "comment": "IntegerOverflow",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AeXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 384,
+          "comment": "IntegerOverflow",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AZau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 385,
+          "comment": "BufferOverflow",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutroAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 386,
+          "comment": "rIsZero_sIsZero",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 387,
+          "comment": "rIsZero_sIsOne",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 388,
+          "comment": "rIsZero_sIsNminus1",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_____AAAAAP__________vOb6racXnoTzucrC_GMlUA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 389,
+          "comment": "rIsZero_sIsN",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 390,
+          "comment": "rIsOne_sIsZero",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 391,
+          "comment": "rIsOne_sIsOne",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 392,
+          "comment": "rIsOne_sIsNminus1",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH_____AAAAAP__________vOb6racXnoTzucrC_GMlUA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 393,
+          "comment": "rIsOne_sIsN",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 394,
+          "comment": "rIsNminus1_sIsZero",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 395,
+          "comment": "rIsNminus1_sIsOne",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 396,
+          "comment": "rIsNminus1_sIsNminus1",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVD_____AAAAAP__________vOb6racXnoTzucrC_GMlUA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 397,
+          "comment": "rIsNminus1_sIsN",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVD_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 398,
+          "comment": "rIsN_sIsZero",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 399,
+          "comment": "rIsN_sIsOne",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 400,
+          "comment": "rIsN_sIsNminus1",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVH_____AAAAAP__________vOb6racXnoTzucrC_GMlUA",
+          "result": "invalid",
+          "flags": []
+        },
+        {
+          "tcId": 401,
+          "comment": "rIsN_sIsN",
+          "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVH_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ",
+          "result": "invalid",
+          "flags": []
+        }
+      ]
     }
   ]
 }