haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed hash truncation used in ECDSA signature & verification

Browse Source 
The function tHash shifted the hash number to an incorrect number of bits
when the bit string had leading zeros.  This is one of two issues reported
in vincenthz/hs-tls#152.
This commit is contained in:
Olivier Chéron 2016-08-24 18:45:00 +02:00
parent 6e40fa7010
commit c84230c69a
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Crypto/PubKey/ECC/ECDSA.hs
View File

@ -20,12 +20,14 @@ import Crypto.Random.Types
import Data.Bits (shiftR)
import Crypto.Internal.ByteArray (ByteArrayAccess)
import Data.Data
import Crypto.Number.Basic (numBits)
import Crypto.Number.ModArithmetic (inverse)
import Crypto.Number.Serialize
import Crypto.Number.Generate
import Crypto.PubKey.ECC.Types
import Crypto.PubKey.ECC.Prim
import Crypto.Hash
import Crypto.Hash.Types (hashDigestSize)
-- | Represent a ECDSA signature namely R and S.
data Signature = Signature
@ -117,5 +119,4 @@ tHash hashAlg m n
| d > 0 = shiftR e d
| otherwise = e
where e = os2ip $ hashWith hashAlg m
d = log2 e - log2 n
log2 = ceiling . logBase (2 :: Double) . fromIntegral
d = hashDigestSize hashAlg * 8 - numBits n