bugfix ec sign (#32)

* bugfix ec sign

* checkstyle

* hashed tan is not unique

src/main/java/eu/europa/ec/dgc/issuance/entity/DgciEntity.java

@@ -53,7 +53,7 @@ public class DgciEntity {
     @Column(name = "cert_hash", length = 512)
     private String certHash;
 
-    @Column(name = "hashed_tan", length = 512, unique = true)
+    @Column(name = "hashed_tan", length = 512)
     private String hashedTan;
 
     @Column(name = "green_certificate_type")

src/main/java/eu/europa/ec/dgc/issuance/service/impl/SigningServiceImpl.java

@@ -39,8 +39,8 @@ private byte[] signRsapss(byte[] hashBytes, PrivateKey privateKey) throws Crypto
         Digest mgfDigest = new SHA256Digest();
         RSAPrivateCrtKey k = (RSAPrivateCrtKey) privateKey;
         RSAPrivateCrtKeyParameters keyparam = new RSAPrivateCrtKeyParameters(k.getModulus(),
-                k.getPublicExponent(), k.getPrivateExponent(),
-                k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient());
+            k.getPublicExponent(), k.getPrivateExponent(),
+            k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient());
         RSABlindedEngine rsaBlindedEngine = new RSABlindedEngine();
         rsaBlindedEngine.init(true, keyparam);
         PSSSigner pssSigner = new PSSSigner(rsaBlindedEngine, contentDigest, mgfDigest, 32, (byte) (-68));
@@ -53,16 +53,19 @@ private byte[] signEc(byte[] hash, PrivateKey privateKey) {
         java.security.interfaces.ECPrivateKey privKey = (java.security.interfaces.ECPrivateKey) privateKey;
         ECParameterSpec s = EC5Util.convertSpec(privKey.getParams());
         ECPrivateKeyParameters keyparam = new ECPrivateKeyParameters(
-                privKey.getS(),
-                new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
-        ECDSASigner pssSigner = new ECDSASigner();
-        pssSigner.init(true, keyparam);
-        BigInteger[] result3BI = pssSigner.generateSignature(hash);
+            privKey.getS(),
+            new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed()));
+        ECDSASigner ecdsaSigner = new ECDSASigner();
+        ecdsaSigner.init(true, keyparam);
+        BigInteger[] result3BI = ecdsaSigner.generateSignature(hash);
         byte[] rvarArr = result3BI[0].toByteArray();
         byte[] svarArr = result3BI[1].toByteArray();
+        // we need to convert it to 2*32 bytes array. This can 33 with leading 0 or shorter so padding is needed
         byte[] sig = new byte[64];
-        System.arraycopy(rvarArr, rvarArr.length == 33 ? 1 : 0, sig, 0, 32);
-        System.arraycopy(svarArr, svarArr.length == 33 ? 1 : 0, sig, 32, 32);
+        System.arraycopy(rvarArr, rvarArr.length == 33 ? 1 : 0, sig,
+            Math.max(0, 32 - rvarArr.length), Math.min(32, rvarArr.length));
+        System.arraycopy(svarArr, svarArr.length == 33 ? 1 : 0, sig,
+            32 + Math.max(0, 32 - svarArr.length), Math.min(32, svarArr.length));
 
         return sig;
     }

src/main/resources/db/changelog/init-tables.xml

@@ -18,9 +18,7 @@
       </column>
       <column name="expires_at" type="datetime"/>
       <column name="cert_hash" type="varchar(512)"/>
-      <column name="hashed_tan" type="varchar(512)">
-        <constraints unique="true"/>
-      </column>
+      <column name="hashed_tan" type="varchar(512)"/>
       <column name="green_certificate_type" type="varchar(255)"/>
       <column name="retry_counter" type="integer"/>
       <column name="public_key" type="varchar(1024)"/>

src/test/java/eu/europa/ec/dgc/issuance/service/DgciServiceTest.java

@@ -1,5 +1,7 @@
 package eu.europa.ec.dgc.issuance.service;
 
+import COSE.ASN1;
+import COSE.CoseException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import ehn.techiop.hcert.data.Eudgc;
 import ehn.techiop.hcert.kotlin.chain.SampleData;
@@ -16,13 +18,20 @@
 import eu.europa.ec.dgc.issuance.restapi.dto.PublicKey;
 import eu.europa.ec.dgc.issuance.restapi.dto.SignatureData;
 import java.io.ByteArrayOutputStream;
+import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
 import java.security.Signature;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.Optional;
+import java.util.Random;
 import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.signers.ECDSASigner;
+import org.bouncycastle.crypto.signers.StandardDSAEncoding;
+import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -45,6 +54,9 @@ class DgciServiceTest {
     @Autowired
     EdgcValidator edgcValidator;
 
+    @Autowired
+    CertificateService certificateService;
+
     @Test
     void testDGCIInit() throws Exception {
         DgciInit dgciInit = new DgciInit();
@@ -166,6 +178,40 @@ void computeSignHash() throws Exception {
 
     }
 
+    @Test
+    void signFromHash() throws Exception {
+        String hash64 = "ZALr2hyVD4l5veh7+Auq78TQeS4PKOMAgVyy4GVSi9g=";
+        DgciInit dgciInit = new DgciInit();
+        dgciInit.setGreenCertificateType(GreenCertificateType.Vaccination);
+        DgciIdentifier dgciIdentifier = dgciService.initDgci(dgciInit);
+
+        java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey) certificateService.getPublicKey();
+        AsymmetricKeyParameter keyParameter = ECUtil.generatePublicKeyParameter(pubKey);
+        ECDSASigner ecdsaSigner = new ECDSASigner();
+        ecdsaSigner.init(false, keyParameter);
+        StandardDSAEncoding standardDSAEncoding = new StandardDSAEncoding();
+
+        IssueData issueData = new IssueData();
+        // Try more time to get all possible byte paddings options
+        for (int i = 0;i<1000;i++) {
+            Random rnd = new Random();
+            byte[] hash = new byte[32];
+            rnd.nextBytes(hash);
+            hash64 = Base64.getEncoder().encodeToString(hash);
+            issueData.setHash(hash64);
+            SignatureData signatureData = dgciService.finishDgci(dgciIdentifier.getId(), issueData);
+            BigInteger[] sig = standardDSAEncoding.decode(ecdsaSigner.getOrder(), convertConcatToDer(Base64.getDecoder().decode(signatureData.getSignature())));
+            assertTrue(ecdsaSigner.verifySignature(hash,sig[0],sig[1]));
+        }
+    }
+
+    private static byte[] convertConcatToDer(byte[] concat) throws CoseException {
+        int len = concat.length / 2;
+        byte[] r = Arrays.copyOfRange(concat, 0, len);
+        byte[] s = Arrays.copyOfRange(concat, len, concat.length);
+        return ASN1.EncodeSignature(r, s);
+    }
+
 
 
 }