Closed
Bug 320582
Opened 19 years ago
Closed 2 years ago
ECDSA_SignDigestWithSeed should doublecheck the generated signature.
Categories
(NSS :: Libraries, enhancement, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wtc, Assigned: wtc)
Details
(Whiteboard: ECC)
Attachments
(1 file)
ANSI X9.62, Section 5.3.4 says:
As an optional security check (to guard against
malicious or non-malicious errors in the signature
generation process), the signer may verify that
(r, s) is indeed a valid signature for message M
using the signature verification process described
in Section 5.4 [Signagture Verification].
We may want to implement this optional security check
in ECDSA_SignDigestWithSeed.
For RSA, we have two versions of the private key operation
function: RSA_PrivateKeyOp and RSA_PrivateKeyOpDoubleChecked.
I'm wondering if we should do the same with
ECDSA_SignDigestWithSeed.
Comment 1•19 years ago
|
||
Yes, I agree NSS should do this. I'm surprised it's not a FIPS requirement.
But maybe ECDSA isn't vulnerable in the same way RSA is to this issue. ?
Whiteboard: ECC
Comment 2•19 years ago
|
||
(In reply to comment #1)
> Yes, I agree NSS should do this. I'm surprised it's not a FIPS requirement.
> But maybe ECDSA isn't vulnerable in the same way RSA is to this issue. ?
In our conference call we noted that this would be quite detrimental to performance (more than doubling the time of an ECDSA_SignDigest call, since an ECDSA verification is more expensive than an ECDSA signing. I recommend we close this bug.
Comment 3•19 years ago
|
||
I'd be satisfied even if this test occurred only in Debug builds.
Updated•19 years ago
|
QA Contact: jason.m.reid → libraries
Updated•16 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Attachment #9300092 -
Attachment description: WIP: Bug 320582 - Implementation of the double-signing of the message for the ECDSA. → Bug 320582 - Implementation of the double-signing of the message for the ECDSA.
Updated•2 years ago
|
Attachment #9300092 -
Attachment description: Bug 320582 - Implementation of the double-signing of the message for the ECDSA. → Bug 320582 - Implementation of the double-signing of the message for ECDSA.
Comment 5•2 years ago
|
||
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•