//device/fido: check that EC public keys start with 0x04.

The spec says that they have to, but we weren't checking it from what I
can see.

Bug: 827574
Change-Id: I96f1a7b5078cfc4c5e88647f47e3a60821901848
Reviewed-on: https://chromium-review.googlesource.com/982632
Commit-Queue: Adam Langley <agl@chromium.org>
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548146}

device/fido/ec_public_key.cc

@@ -13,11 +13,12 @@ namespace device {
 
 namespace {
 // The key is located after the first byte of the response
-// (which is a reserved byte).
-// The uncompressed form consists of 65 bytes:
-// - a constant 0x04 prefix
+// (which is a reserved byte). It's in X9.62 format:
+// - a constant 0x04 prefix to indicate an uncompressed key
 // - the 32-byte x coordinate
 // - the 32-byte y coordinate.
+constexpr size_t kKeyCompressionTypeOffset = 1;
+constexpr size_t kUncompressedKey = 0x04;
 constexpr size_t kHeaderLength = 2;  // Account for reserved byte and prefix.
 constexpr size_t kKeyLength = 32;
 }  // namespace
@@ -26,6 +27,10 @@ constexpr size_t kKeyLength = 32;
 std::unique_ptr<ECPublicKey> ECPublicKey::ExtractFromU2fRegistrationResponse(
     std::string algorithm,
     base::span<const uint8_t> u2f_data) {
+  if (u2f_data.size() < kHeaderLength ||
+      u2f_data[kKeyCompressionTypeOffset] != kUncompressedKey)
+    return nullptr;
+
   std::vector<uint8_t> x =
       u2f_parsing_utils::Extract(u2f_data, kHeaderLength, kKeyLength);
 

device/fido/ec_public_key.h

@@ -41,6 +41,7 @@ class COMPONENT_EXPORT(DEVICE_FIDO) ECPublicKey : public PublicKey {
   std::vector<uint8_t> EncodeAsCOSEKey() const override;
 
  private:
+  // Note that these values might not be minimal and might not be on the curve.
   const std::vector<uint8_t> x_coordinate_;
   const std::vector<uint8_t> y_coordinate_;