ECC signing + verification sometimes fails

[mjdemilliano]

ECC signing + verification using sign_raw and verify_raw is flaky, it sometimes fails for no reason.

Steps to reproduce:

def test_ecc_sign_verify_raw_many():
    for i in range(10000):
        private_key = EccPrivate.make_key(48)
        public_key = EccPublic()
        qx, qy, _ = private_key.encode_key_raw()
        public_key.decode_key_raw(qx, qy, curve_id=ECC_SECP384R1)

        plaintext = "Everyone gets Friday off."
        r, s = private_key.sign_raw(plaintext)

        assert public_key.verify_raw(r, s, plaintext), f"signature should be valid (iteration {i})"

Add this to test_ciphers.py. Observe that this test always fails, but the iteration number at which it fails varies, mostly within 150 attempts.

Expected behavior: sign + verify of the same data with the same key and signature is always successful.

[anhu]

Hi, my name is Anthony and I am a member of the wolfSSL team. My first job is to reproduce what you are seeing. I will follow the step you outline above and see if I can make it happen. Please stay tuned. I will be printing out the values of qx, qy, r, s.

IN the meantime can you let me know a bit about yourself and how you are using wolfSSL? We love learning about how people are using our source code.

Warm regards, Anthony.

[mjdemilliano]

Dear Anthony, the information you requested has already been shared with your colleagues via private email.

[anhu]

Hello @mjdemilliano , Ah yes, thank you for pointing me in the right direction.

The root cause of the problem is incorrect padding when the values are smaller/shorter than expected. Please stay tuned. I"ll have to discuss with my team of python experts with regarding potential fixes.

[anhu]

Hi @mjdemilliano , I've done a lot of preliminary work on this issue, but I mst admit to not being the expert. I will now assign this to @lealem47. I will discuss my findings with him internally and let him shepherd this issue to closure. Please stay tuned.

Warm regards, Anthony

[sebastian-carpenter]

Hey @mjdemilliano I should have a solution for you. Could you check out this PR (#86) and let me know if it works for you?

[mjdemilliano]

Dear @sebastian-carpenter, thanks for the PR, it looks like a good fix for this issue.