fix ecdsa certificate parsing for non explicits parameters certificates

2026-04-05 03:00:53 -04:00 · 2025-01-01 15:04:40 +01:00
parent a1019e77b0
commit 2ddc12f441
3 changed files with 25 additions and 18 deletions
--- a/common/src/utils/certificate_parsing/curves.ts
+++ b/common/src/utils/certificate_parsing/curves.ts
@@ -1,4 +1,3 @@
-
 export interface StandardCurve {
    name: string;
    p: string;
@@ -11,7 +10,7 @@ export interface StandardCurve {

 export const standardCurves: StandardCurve[] = [
    {
-        name: "secp256r1",
+        name: "ECDSA_P256",
        p: "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
        a: "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
        b: "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
@@ -20,7 +19,7 @@ export const standardCurves: StandardCurve[] = [
        h: "01"
    },
    {
-        name: "secp384r1",
+        name: "ECDSA_P384",
        p: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
        a: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
        b: "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
@@ -29,15 +28,14 @@ export const standardCurves: StandardCurve[] = [
        h: "01"
    },
    {
-        name: "secp521r1",
+        name: "ECDSA_P521",
        p: "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
        a: "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
        b: "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
        G: "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
        n: "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
        h: "01"
-    }
-    ,
+    },
    {
        name: "brainpoolP224r1",
        p: "d7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
@@ -108,22 +106,17 @@ export function identifyCurve(params: any): string {

 export function getECDSACurveBits(curveName: string): string {
    const curveBits: { [key: string]: number } = {
-        'secp256r1': 256,
-        'secp384r1': 384,
-        'secp521r1': 521,
+        'ECDSA_P256': 256,
+        'ECDSA_P384': 384,
+        'ECDSA_P521': 521,
        'brainpoolP224r1': 224,
        'brainpoolP256r1': 256,
        'brainpoolP384r1': 384,
-        'brainpoolP512r1': 512,
-        'secp256r1 (NIST P-256)': 256,
-        'secp384r1 (NIST P-384)': 384,
-        'secp521r1 (NIST P-521)': 521,
-
+        'brainpoolP512r1': 512
    };
    if (curveName in curveBits) {
        return curveBits[curveName].toString();
    }
    console.log('\x1b[31m%s\x1b[0m', `curve name ${curveName} not found in curveBits`);
    return "unknown";
-
 }
--- a/common/src/utils/certificate_parsing/parseCertificateSimple.ts
+++ b/common/src/utils/certificate_parsing/parseCertificateSimple.ts
@@ -176,6 +176,20 @@ export function getParamsECDSA(cert: Certificate): PublicKeyDetailsECDSA {
            return { curve: 'Unknown', params: {} as StandardCurve, bits: 'Unknown' };
        }

+        // Add this check for named curves
+        if (algorithmParams instanceof asn1js.ObjectIdentifier) {
+            // Get the curve name from the OID
+            const curveOid = algorithmParams.valueBlock.toString();
+            // You might want to add a mapping of OIDs to curve names
+            const curveName = getFriendlyName(curveOid) || 'secp256k1'; // Default to secp256k1 if unknown
+            return {
+                curve: curveName,
+                params: {} as StandardCurve, // Empty params since we're using a named curve
+                bits: getECDSACurveBits(curveName)
+            };
+        }
+
+        // Original code for explicit parameters
        const params = asn1js.fromBER(algorithmParams.valueBeforeDecodeView).result;
        const valueBlock: any = params.valueBlock;

@@ -221,7 +235,7 @@ export function getParamsECDSA(cert: Certificate): PublicKeyDetailsECDSA {
            else {
                curveParams.h = '01';
            }
-
+            console.log(cert);
            const identifiedCurve = identifyCurve(curveParams);
            return { curve: identifiedCurve, params: curveParams, bits: getECDSACurveBits(identifiedCurve) };
        } else {
--- a/common/src/utils/genMockPassportData.ts
+++ b/common/src/utils/genMockPassportData.ts
@@ -165,10 +165,8 @@ export function genMockPassportData(
      dsc = mock_dsc_sha256_rsapss_65537_4096;
      break;
  }
-  console.log('dsc', dsc);
  const parsedDsc = parseCertificateSimple(dsc);
  const hashAlgorithm = parsedDsc.hashAlgorithm;
-  console.log('parsedDsc:', parsedDsc);


  const mrzHash = hash(hashAlgorithm, formatMrz(mrz));
@@ -227,6 +225,8 @@ function sign(privateKeyPem: string, dsc: string, eContent: number[]): number[]
    md.update(forge.util.binary.raw.encode(new Uint8Array(eContent)));
    const signature = keyPair.sign(md.digest().toHex(), 'hex');
    const signatureBytes = Array.from(Buffer.from(signature.toDER(), 'hex'));
+    console.log('signatureBytes', signatureBytes);
+    console.log('signatureBytesLength', signatureBytes.length);

    return signatureBytes;
  } else {