Refactor ECDSA signature verification

rarimo · Dec 10, 2024 · 56c62e4 · 56c62e4
1 parent b7b63cd
commit 56c62e4
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 32 deletions.
diff --git a/internal/algorithms/ecdsa.go b/internal/algorithms/ecdsa.go
diff --git a/internal/service/api/requests/register.go b/internal/service/api/requests/register.go
@@ -45,8 +45,7 @@ func validateRegister(r resources.RegisterResponse) error {
 			})),
 		"/data/attributes/document_sod/dg15": validation.Validate(
 			r.Data.Attributes.DocumentSod.Dg15,
-			validation.Required,
-			validation.Length(1, 512),
+			validation.Length(0, 512),
 		),
 		"/data/attributes/document_sod/signed_attributes": validation.Validate(
 			r.Data.Attributes.DocumentSod.SignedAttributes,

diff --git a/internal/types/signature_algorithm.go b/internal/types/signature_algorithm.go
@@ -6,7 +6,6 @@ import (
 	"crypto/rsa"
 	"hash"
 
-	"github.com/rarimo/passport-identity-provider/internal/algorithms"
 	"gitlab.com/distributed_lab/logan/v3/errors"
 )
 
@@ -43,12 +42,20 @@ func GeneralVerify(publicKey interface{}, hash []byte, signature []byte, algo Al
 		if !ok {
 			return ErrInvalidPublicKey{Expected: algo.SignatureAlgorithm}
 		}
-		return algorithms.VerifyECDSA(hash, signature, ecdsaKey)
+		return verifyECDSA(hash, signature, ecdsaKey)
 	default:
 		return errors.New("unsupported signature algorithm")
 	}
 }
 
+func verifyECDSA(data, sig []byte, publicKey *ecdsa.PublicKey) error {
+	if ok := ecdsa.VerifyASN1(publicKey, data, sig); !ok {
+		return errors.New("failed to verify ECDSA signature")
+	}
+
+	return nil
+}
+
 func GeneralHash(algorithm HashAlgorithm) hash.Hash {
 	switch algorithm {
 	case SHA1: