diff options
author | Seth Moore <sethmo@google.com> | 2021-09-30 13:05:48 -0700 |
---|---|---|
committer | Seth Moore <sethmo@google.com> | 2021-09-30 13:06:48 -0700 |
commit | 042847e6c2f8d5fafc25a58f56df24ca677c0865 (patch) | |
tree | 90cbdb44137195554fc872c5834216f0b7a46d06 /identity | |
parent | 5cc2211ec77c88c08c0d445888e8176fbacbcdc8 (diff) | |
download | security-042847e6c2f8d5fafc25a58f56df24ca677c0865.tar.gz |
Inform Java BigInteger that the input bytes are positive
The COSE spec requires exact sizes for signatures, so any leading zeros
(which indicate a positive integer) are removed. This causes BigInteger
to assume the input is negative if the leading byte is 0xff, and it strips
that byte off. This breaks conversion from COSE -> DER signatures.
Explicitly tell BigInteger the input is always positive (per the COSE
spec) so that it leaves leading 0xff alone.
Test: identity-credential-util-tests
Fixes: 201574298
Change-Id: Ib2e587964125ea15fedd8a6e3ddb2bc422c211e3
Diffstat (limited to 'identity')
-rw-r--r-- | identity/util/src/java/com/android/security/identity/internal/Util.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/identity/util/src/java/com/android/security/identity/internal/Util.java b/identity/util/src/java/com/android/security/identity/internal/Util.java index b74efb7f..4ec54a72 100644 --- a/identity/util/src/java/com/android/security/identity/internal/Util.java +++ b/identity/util/src/java/com/android/security/identity/internal/Util.java @@ -401,8 +401,10 @@ public class Util { if (signature.length != 64) { throw new RuntimeException("signature.length is " + signature.length + ", expected 64"); } - BigInteger r = new BigInteger(Arrays.copyOfRange(signature, 0, 32)); - BigInteger s = new BigInteger(Arrays.copyOfRange(signature, 32, 64)); + // r and s are always positive and may use all 256 bits so use the constructor which + // parses them as unsigned. + BigInteger r = new BigInteger(1, Arrays.copyOfRange(signature, 0, 32)); + BigInteger s = new BigInteger(1, Arrays.copyOfRange(signature, 32, 64)); byte[] rBytes = encodePositiveBigInteger(r); byte[] sBytes = encodePositiveBigInteger(s); ByteArrayOutputStream baos = new ByteArrayOutputStream(); |