add assert for curve check to stop API misuse.

Signed-off-by: Yang, Longlong <[email protected]>
intel · Dec 25, 2023 · e30a1f8 · e30a1f8
1 parent 05c41c6
commit e30a1f8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/spdmlib/src/crypto/spdm_ring/asym_verify_impl.rs b/spdmlib/src/crypto/spdm_ring/asym_verify_impl.rs
@@ -120,7 +120,11 @@ fn asym_verify(
 // add ASN.1 for the ECDSA binary signature
 fn ecc_signature_bin_to_der(signature: &[u8], der_signature: &mut [u8]) -> SpdmResult<usize> {
     let sign_size = signature.len();
-    assert_eq!(sign_size % 2, 0);
+    assert!(
+        // prevent API misuse
+        sign_size == crate::protocol::ECDSA_ECC_NIST_P256_KEY_SIZE
+            || sign_size == crate::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE
+    );
     let half_size = sign_size / 2;
 
     let mut r_index = half_size;
@@ -205,15 +209,15 @@ mod tests {
     }
     #[test]
     fn test_case1_ecc_signature_bin_to_der() {
-        let signature = &mut [0x00u8; 32];
+        let signature = &mut [0x00u8; 64];
         for i in 10..signature.len() {
             signature[i] = 0xff;
         }
 
         let der_signature = &mut [0u8; 64];
 
         let der_sign_size = ecc_signature_bin_to_der(signature, der_signature).unwrap();
-        assert_eq!(der_sign_size, 30);
+        assert_eq!(der_sign_size, 62);
     }
     #[test]
     fn test_case2_ecc_signature_bin_to_der() {

diff --git a/spdmlib_crypto_mbedtls/src/asym_verify_impl.rs b/spdmlib_crypto_mbedtls/src/asym_verify_impl.rs
@@ -74,6 +74,11 @@ fn asym_verify(
 // add ASN.1 for the ECDSA binary signature
 fn ecc_signature_bin_to_der(signature: &[u8], der_signature: &mut [u8]) -> SpdmResult<usize> {
     let sign_size = signature.len();
+    assert!(
+        // prevent API misuse
+        sign_size == spdmlib::protocol::ECDSA_ECC_NIST_P256_KEY_SIZE
+            || sign_size == spdmlib::protocol::ECDSA_ECC_NIST_P384_KEY_SIZE
+    );
     let half_size = sign_size / 2;
 
     let mut r_index = half_size;