experiment: Fix for signature R+S in OpenPGP R part.

This fix also allows having only OpenPGP R part, and OpenPGP S part == NULL. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-12-21 10:09:57 +01:00 · 2021-12-14 17:59:06 +09:00 · 2021-12-14 17:59:06 +09:00 · aa4b138f4d
commit aa4b138f4d
parent a461eae58d
2 changed files with 14 additions and 7 deletions
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -2378,6 +2378,9 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	    }
 	  if (!sig->data[i])
 	    rc = GPG_ERR_INV_PACKET;
+          if (!pktlen && sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
+            /* Allow the R part only.  */
+            break;
 	}
    }

--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@ -252,12 +252,13 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
    {
      gcry_mpi_t r = data[0];
      gcry_mpi_t s = data[1];
+      unsigned int nbits;
+      const unsigned char *p;

      if (openpgp_oid_is_ed25519 (pkey[0]))
        {
          size_t rlen, slen, n;  /* (bytes) */
          char buf[64];
-          unsigned int nbits;
          unsigned int neededfixedlen = 256 / 8;

          log_assert (neededfixedlen <= sizeof buf);
@ -292,8 +293,6 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
              else if (rlen < neededfixedlen
                       && gcry_mpi_get_flag (r, GCRYMPI_FLAG_OPAQUE))
                {
-                  const unsigned char *p;
-
                  p = gcry_mpi_get_opaque (r, &nbits);
                  n = (nbits+7)/8;
                  memcpy (buf + (neededfixedlen - n), p, n);
@ -312,8 +311,6 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
              else if (slen < neededfixedlen
                       && gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE))
                {
-                  const unsigned char *p;
-
                  p = gcry_mpi_get_opaque (s, &nbits);
                  n = (nbits+7)/8;
                  memcpy (buf + (neededfixedlen - n), p, n);
@ -322,8 +319,15 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
                }
            }
        }
-      else if (!gcry_mpi_cmp_ui (s, 0))
-        /* When data[1] == MPI(0), parse the signature into R and S parts.  */
+      /*
+       * When data[1] is NULL or [0], parse the signature into R and S
+       * parts.
+       */
+      else if (!s
+               || (gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
+                   && ((p = gcry_mpi_get_opaque (s, &nbits)) == NULL
+                       || nbits == 0
+                       || ((nbits+7)/8 == 1 && p[0] == 0))))
        openpgp_ecc_parse_signature (pkalgo, r, &r, &s);
      else
        rc = 0;