ECPKeypair::ECDSA_sign_hash should be deprecated since not supported by security-critical APIs in Java
#18430
Comments
|
ECDSA_sign_hash and ECDSA_validate_hash_signature are useful in various scenarios such as signing non-contiguous memory blocks without the need to concatenate them all into one, e.g. during firmware update. The Java equivalent is NONEwithECDSA. |
tcarmelveilleux
added a commit
to tcarmelveilleux/connectedhomeip
that referenced
this issue
Jun 28, 2022
- The ECDSA_sign_hash method is a near identical copy of of ECDSA_sign_msg, that takes a raw hash. - This is problematic since some platforms, like Android, cannot directly sign a pre-computed hash with OS-aided APIs, and overall this is not consistent with signature APIs that work on messages, and where a digest is an internal implementation detail. - Overall, the method adds little value and prevents easy transition to different signing algorithms over time if the hash assumption is kept Fixes project-chip#18430 This PR: - Removes the sign_hash API - Replaces its usage throughout the SDK - Updates all tests - Leaves the ECDSA_verify_hash_signature (since it's only used in one place, already in native code, and always against raw public keys) Testing done: - Cert tests still pass, including device attestation during commissioning - Unit tests still pass including updated unit tests
tcarmelveilleux
added a commit
that referenced
this issue
Jun 29, 2022
* Remove duplicate P256Keypair::ECDSA_sign_hash code - The ECDSA_sign_hash method is a near identical copy of of ECDSA_sign_msg, that takes a raw hash. - This is problematic since some platforms, like Android, cannot directly sign a pre-computed hash with OS-aided APIs, and overall this is not consistent with signature APIs that work on messages, and where a digest is an internal implementation detail. - Overall, the method adds little value and prevents easy transition to different signing algorithms over time if the hash assumption is kept Fixes #18430 This PR: - Removes the sign_hash API - Replaces its usage throughout the SDK - Updates all tests - Leaves the ECDSA_verify_hash_signature (since it's only used in one place, already in native code, and always against raw public keys) Testing done: - Cert tests still pass, including device attestation during commissioning - Unit tests still pass including updated unit tests * Restyled by clang-format * Remove missed removals * Apply review comments Co-authored-by: Restyled.io <commits@restyled.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
Crypto_Sign(privateKey, message)primitivejava.security.Signature, including on Android, there is no way to get a signature by providing a pre-computed digest. The API expects digesting to be done by the signing operation.Overall, replacement of this primitive is trivial wherever used, and would reduce reliance on native implementation that prevent going to hardware/OS-aided key storage, especially where Java is concerned.
Proposed Solution
ECDSA_sign_hashas deprecatedECDSA_sign_hashwithECDSA_sign_messagewhere possibleThe text was updated successfully, but these errors were encountered: