Home > Blockchain >  Validating a ECDSA P-256 signature
Validating a ECDSA P-256 signature

Time:12-21

The last little while I've been trying to build a Java library to interpret and validate NZ Covid Passes. I've got the code to work for better or worse up until the signature validation (a slightly important part of the process). The code in it's entirety is available here, but it's still pretty rough.

The validator itself is available here, there is an accompying test. Technical specification for the covid pass is here. There are is at least one relevant section.

After working with another developer I think I've nailed it down to interpreting the public key that is provided. Code below (with debug output removed). The public key details come from here

private PublicKey extractPublicKey(PublicKeysDetails publicKeyDetails) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
    byte[] xBytes = Base64.getDecoder().decode(publicKeyDetails.x().replace('-', ' ').replace('_', '/'));
    byte[] yBytes = Base64.getDecoder().decode(publicKeyDetails.y().replace('-', ' ').replace('_', '/'));
    BigInteger x = new BigInteger(xBytes);
    BigInteger y = new BigInteger(yBytes);

    ECPoint ecPoint = new ECPoint(x, y);
    ECGenParameterSpec parameterSpec = new ECGenParameterSpec("secp256r1");//publicKeyDetails.crv() Should always come from the endpoint as "P-256", java wants to know exactly secp256r1, or NIST P-256
    AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");//publicKeyDetails.kty() Should always come from the endpoint as "EC"
    parameters.init(parameterSpec);
    ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
    ECPublicKeySpec pubSpec = new ECPublicKeySpec(ecPoint, ecParameters);

    KeyFactory kf = KeyFactory.getInstance("EC");
    return kf.generatePublic(pubSpec);
}

The bug may exist elsewhere in that file, but I'm pretty lost at this point as to what else it may be.

Please help me stack overflow your my only hope?

CodePudding user response:

Answer going round in circles for several days my problem was specifically in processing the bytes into big integers.

    BigInteger x = new BigInteger(xBytes);
    BigInteger y = new BigInteger(yBytes);

Should have been

    BigInteger x = new BigInteger(1, xBytes);
    BigInteger y = new BigInteger(1, yBytes);

Which says that the number should be positive.

  • Related