Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

String #167

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

String #167

wants to merge 13 commits into from

Conversation

dinosaure
Copy link
Contributor

On top of #166

@dinosaure dinosaure marked this pull request as ready for review April 4, 2024 14:20
@hannesm
Copy link
Member

hannesm commented Apr 4, 2024

The ecdsa_sig stuff is a bit horrible.. I'm unsure whether we should go through Z instead? The downside is that we would construct a Z just to validate (non-negative) and deconstruct it again -- and on the encoding site, just to add or remove some 0x00...

What needs to be done for encoding:

  • if the signature has the high bit set of the first byte, we need to prepend a 0x00 byte (to avoid that being treat as a negative number)
  • if the signature has leading 0x00 bytes, they should be removed (unless the next byte is > 0x7F, where again we need a 0x00 in front) <- this may happen if the signature simply has some leading 0s...

For decoding, the asn.1 integer already takes care of avoiding the redundant form (no superfluous leading 0x00 bytes) -- all we need to check that nobody gave us a negative number (thus first byte must be < 0x80). We cut away a potentially leading 0 since mirage-crypto-ec doesn't like these potentially too long (in terms of too many bytes, although they are 0) values...

@hannesm
Copy link
Member

hannesm commented Apr 8, 2024

Still issues on 32bit architectures and ppc64... need to investigate, will do with some local system to test with.

dinosaure added a commit to dinosaure/mirage-crypto that referenced this pull request Apr 20, 2024
@dinosaure
Set a new bytes used for elliptic curves computations to '\000'
3333de3 
Cstruct.create does this. If we don't initialize bytes with '\000',
Field_element.zero can be something else than '\000'. It's a fix for
mirleft/ocaml-x509#167.
@dinosaure dinosaure mentioned this pull request Apr 20, 2024
Merged
@dinosaure
Copy link
Contributor Author

Tested locally with docker and mirage/mirage-crypto#226 and it's work 🎉.

hannesm added a commit to mirage/mirage-crypto that referenced this pull request Apr 23, 2024
@dinosaure @hannesm
mirage-crypto-ec: Set bytes used for "zero" to '\000' (#226)
38bde3a 
Cstruct.create does this. If we don't initialize bytes with '\000',
Field_element.zero can be something else than '\000'. It's a fix for
mirleft/ocaml-x509#167.

Co-authored-by: Hannes Mehnert <hannes@mehnert.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dinosaure @hannesm