23097 – Underspecified behavior of verify() with regards to truncated signature

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23097 - Underspecified behavior of verify() with regards to truncated signature

Summary: Underspecified behavior of verify() with regards to truncated signature

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-08-30 01:19 UTC by Eric Roman
Modified:	2014-02-28 16:17 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Eric Roman 2013-08-30 01:19:13 UTC

If verify() is called with a signature that is smaller than expected:
  - Does it do a truncated comparison?
  - Or does it fail verification

My expectation is that it should fail verification.

Comment 1 Mark Watson 2014-02-28 16:17:57 UTC

With the exception of HMAC, the signature comparison is done in the procedures of referenced specification for each cryptographic operation. So this is out of our scope, but I would be very surprised if any of those specifications did a tuncated comparison.

For HMAC we ask if the provided MAC is 'equal' to the calculated one. Two octet strings of different lengths are not 'equal', so verification would certainly fail if the provided MAC was the wrong length.