Check EC point is on curve at Verifier instantiation (#116)

Signed-off-by: Thomas Fossati <[email protected]>

Author: thomas-fossati

testdata/sign1-sign-0000.json

@@ -5,9 +5,9 @@
   "key": {
     "kty": "EC",
     "crv": "P-256",
-    "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
-    "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
-    "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM"
+    "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
+    "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
+    "d": "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"
   },
   "alg": "ES256",
   "sign1::sign": {
@@ -32,4 +32,4 @@
     },
     "fixedOutputLength": 32
   }
-}
+}

verifier.go

@@ -46,6 +46,9 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 		if !ok {
 			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
 		}
+		if !vk.Curve.IsOnCurve(vk.X, vk.Y) {
+			return nil, errors.New("public key point is not on curve")
+		}
 		return &ecdsaVerifier{
 			alg: alg,
 			key: vk,

verifier_test.go

@@ -3,12 +3,32 @@ package cose
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
+	"encoding/base64"
+	"math/big"
 	"reflect"
 	"testing"
 )
 
+func mustBase64ToBigInt(s string) *big.Int {
+	val, err := base64.RawURLEncoding.DecodeString(s)
+	if err != nil {
+		panic(err)
+	}
+	return new(big.Int).SetBytes(val)
+}
+
+func generateBogusECKey() *ecdsa.PublicKey {
+	return &ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		// x-coord is not on curve p-256
+		X: mustBase64ToBigInt("MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqx7D4"),
+		Y: mustBase64ToBigInt("4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM"),
+	}
+}
+
 func TestNewVerifier(t *testing.T) {
 	// generate ecdsa key
 	ecdsaKey := generateTestECDSAKey(t).Public().(*ecdsa.PublicKey)
@@ -25,6 +45,9 @@ func TestNewVerifier(t *testing.T) {
 		rsaKeyLowEntropy = &key.PublicKey
 	}
 
+	// craft an EC public key with the x-coord not on curve
+	ecdsaKeyPointNotOnCurve := generateBogusECKey()
+
 	// run tests
 	tests := []struct {
 		name    string
@@ -88,6 +111,12 @@ func TestNewVerifier(t *testing.T) {
 			alg:     0,
 			wantErr: true,
 		},
+		{
+			name:    "bogus ecdsa public key (point not on curve)",
+			alg:     AlgorithmES256,
+			key:     ecdsaKeyPointNotOnCurve,
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {