Add check on signature length

Author: pennam

src/ECP256Certificate.cpp

@@ -964,6 +964,10 @@ int ECP256Certificate::importCompressedSignature() {
     rLen = result[1] - paddingBytes;
     /* Skip padding and ASN INTEGER sequence 0x02 0xXX */
     result += (2 + paddingBytes);
+    /* Check data length */
+    if (rLen != ECP256_CERT_SIGNATURE_R_LENGTH) {
+      return 0;
+    }
     /* Copy data to compressed slot */
     memcpy(_compressedCert.slot.one.values.signature, result, rLen);
     /* reset padding before importing S sequence */
@@ -977,6 +981,10 @@ int ECP256Certificate::importCompressedSignature() {
     sLen = result[1] - paddingBytes;
     /* Skip padding and ASN INTEGER sequence 0x02 0xXX */
     result += (2 + paddingBytes);
+    /* Check data length */
+    if (sLen != ECP256_CERT_SIGNATURE_S_LENGTH) {
+      return 0;
+    }
     /* Copy data to compressed slot */
     memcpy(&_compressedCert.slot.one.values.signature[rLen], result, sLen);
     return 1;

src/ECP256Certificate.h

@@ -22,10 +22,12 @@
 #define ECP256_CERT_SERIAL_NUMBER_LENGTH            16
 #define ECP256_CERT_AUTHORITY_KEY_ID_LENGTH         20
 #define ECP256_CERT_PUBLIC_KEY_LENGTH               64
-#define ECP256_CERT_SIGNATURE_LENGTH                64
+#define ECP256_CERT_SIGNATURE_R_LENGTH              32
+#define ECP256_CERT_SIGNATURE_S_LENGTH              ECP256_CERT_SIGNATURE_R_LENGTH
+#define ECP256_CERT_SIGNATURE_LENGTH                (ECP256_CERT_SIGNATURE_R_LENGTH + ECP256_CERT_SIGNATURE_S_LENGTH)
 #define ECP256_CERT_DATES_LENGTH                     3
 #define ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH     72
-#define ECP256_CERT_COMPRESSED_CERT_LENGTH         ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH + ECP256_CERT_SERIAL_NUMBER_LENGTH + ECP256_CERT_AUTHORITY_KEY_ID_LENGTH
+#define ECP256_CERT_COMPRESSED_CERT_LENGTH          (ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH + ECP256_CERT_SERIAL_NUMBER_LENGTH + ECP256_CERT_AUTHORITY_KEY_ID_LENGTH)
 
 #include <Arduino.h>